Migrate secret to sealedSecret #3

README.md

@@ -1,6 +1,8 @@
-*TODO: Files with sensitive data; move to Vault*
+*TODO: Files with sensitive data; migrate to SealedSecret*
 ```
-# line 6-8: services/Guacamole/configMap_Guacamole.yml
+# line ??: services/TfState/deploy-TfState.yml
+# line ??: services/Mastodon/deploy-Mastodon.yml
+# line ??: services/PVR/deploy-SpotWeb.yml
 ```
 
 # Kubernetes.K3s.installLog
@@ -179,24 +181,29 @@ kubectl apply -f services/Adminer/sealedSecret-Adminer.yml
 kubectl apply -f services/Bitwarden/deploy-Bitwarden.yml
 kubectl apply -f services/Bitwarden/sealedSecret-Bitwarden.yml
 ```
-##### 4.3) [DroneCI](https://drone.io/)    <small>(contineous delivery)</small>
+##### 4.3) [DDclient](https://github.com/linuxserver/docker-ddclient)	<small>(dynamic dns)</small>
+```shell
+kubectl apply -f services/DDclient/deploy-DDclient.yml
+kubectl apply -f services/DDclient/sealedSecret-DDclient.yml
+```
+##### 4.4) [DroneCI](https://drone.io/)    <small>(contineous delivery)</small>
 ```shell
 kubectl apply -f services/DroneCI/deploy-DroneCI.yml
 kubectl apply -f services/DroneCI/sealedSecret-DroneCI.yml
 ```
-##### 4.4) [Gitea](https://gitea.io/)    <small>(git repository)</small>
+##### 4.5) [Gitea](https://gitea.io/)    <small>(git repository)</small>
 ```shell
 kubectl apply -f services/Gitea/deploy-Gitea.yml
 ```
-##### 4.5) [Gotify](https://gotify.net/)    <small>(notifications)</small>
+##### 4.6) [Gotify](https://gotify.net/)    <small>(notifications)</small>
 ```shell
 kubectl apply -f services/Gotify/deploy-Gotify.yml
 ```
-##### 4.6) [Guacamole](https://guacamole.apache.org/doc/gug/guacamole-docker.html)    <small>(remote desktop gateway)</small>
+##### 4.7) [Guacamole](https://guacamole.apache.org/doc/gug/guacamole-docker.html)    <small>(remote desktop gateway)</small>
 *Requires specifying a `uid` & `gid` in both the `securityContext` of the MySQL container and the `persistentVolume`*
 ```shell
-kubectl apply -f services/Guacamole/configMap-Guacamole.yml
 kubectl apply -f services/Guacamole/deploy-Guacamole.yml
+kubectl apply -f services/Guacamole/sealedSecret-Guacamole.yml
 ```
 Wait for the included containers to start, then perform the following commands to initialize the database:
 ```shell
@@ -205,29 +212,25 @@ kubectl exec -i guacamole-<pod-id> --container mysql -- mysql -uguacamole -pguac
 kubectl rollout restart deployment guacamole
 ```
 
-##### 4.7) [Lighttpd](https://www.lighttpd.net/)    <small>(webserver)</small>
+##### 4.8) [Lighttpd](https://www.lighttpd.net/)    <small>(webserver)</small>
 *Serves various semi-containerized websites; respective webcontent is stored on fileshare*
 ```shell
 kubectl apply -f services/Lighttpd/configMap-Lighttpd.yml
 kubectl apply -f services/Lighttpd/deploy-Lighttpd.yml
 kubectl apply -f services/Lighttpd/cronJob-Spotweb.yml
 ```
-##### 4.8) PVR `namespace`    <small>(automated media management)</small>
+##### 4.9) PVR `namespace`    <small>(automated media management)</small>
 *Containers use shared resources to be able to interact with downloaded files*
 ```shell
 kubectl create secret generic --type=mount/smb smb-secret --from-literal=username=<<omitted>> --from-literal=password=<<omitted>> -n pvr
 kubectl apply -f services/PVR/persistentVolumeClaim-PVR.yml
 kubectl apply -f services/PVR/storageClass-PVR.yml
 ```
-###### 4.8.1) [NZBHydra](https://github.com/theotherp/nzbhydra2)    <small>(index aggregator)</small>
-```shell
-kubectl apply -f services/PVR/deploy-NZBHydra.yml
-```
-###### 4.8.2) [Overseerr](https://overseerr.dev/)    <small>(request management)</small>
+###### 4.9.1) [Overseerr](https://overseerr.dev/)    <small>(request management)</small>
 ```shell
 kubectl apply -f services/PVR/deploy-Overseerr.yml
 ```
-###### 4.8.3) [Plex](https://www.plex.tv/)    <small>(media library)</small>
+###### 4.9.2) [Plex](https://www.plex.tv/)    <small>(media library)</small>
 *Due to usage of symlinks, partially incompatible with SMB-share-backed storage*
 ```shell
 kubectl apply -f services/PVR/deploy-Plex.yml
@@ -237,31 +240,31 @@ After deploying, Plex server needs to be *claimed* (=assigned to Plex-account):
 kubectl get endpoints Plex -n PVR
 ```
 Browse to the respective IP address (http://<nodeipaddress>:32400/web) and follow instructions.
-###### 4.8.4) [Radarr](https://radarr.video/)    <small>(movie management)</small>
+###### 4.9.3) [Prowlarr](https://github.com/Prowlarr/Prowlarr)    <small>(indexer management)</small>
+```shell
+kubectl apply -f services/PVR/deploy-Prowlarr.yml
+```
+###### 4.9.4) [Radarr](https://radarr.video/)    <small>(movie management)</small>
 ```shell
 kubectl apply -f services/PVR/deploy-Radarr.yml
 ```
-###### 4.8.5) [Readarr](https://readarr.com/)    <small>(book management)</small>
+###### 4.9.5) [Readarr](https://readarr.com/)    <small>(book management)</small>
 ```shell
 kubectl apply -f services/PVR/deploy-Readarr.yml
 ```
-###### 4.8.6) [SABnzbd](https://sabnzbd.org/)    <small>(download client)</small>
+###### 4.9.6) [SABnzbd](https://sabnzbd.org/)    <small>(download client)</small>
 ```shell
 kubectl apply -f services/PVR/deploy-SABnzbd.yml
 ```
-###### 4.8.7) [Sonarr](https://sonarr.tv/)    <small>(tv management)</small>
+###### 4.9.7) [Sonarr](https://sonarr.tv/)    <small>(tv management)</small>
 ```shell
 kubectl apply -f services/PVR/deploy-Sonarr.yml
 ```
 
-##### 4.9) [Shaarli](https://github.com/shaarli/Shaarli)    <small>(bookmarks/notes)</small>
+##### 4.10) [Shaarli](https://github.com/shaarli/Shaarli)    <small>(bookmarks/notes)</small>
 ```shell
 kubectl apply -f services/Shaarli/deploy-Shaarli.yml
 ```
-##### 4.10) [Theia](https://theia-ide.org/)    <small>(web IDE)</small>
-```shell
-kubectl apply -f services/Theia/deploy-Theia.yml
-```
 ##### 4.11) [Traefik-Certs-Dumper](https://github.com/ldez/traefik-certs-dumper)    <small>(certificate tooling)</small>
 ```shell
 kubectl apply -f services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml