The great reset, we moved infra into two clusters (sekibanki et seija)

apps/sekibanki/planka/configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: planka-config
+data:
+  BASE_URL: https://kanban.prettysunflower.moe
+  OIDC_ISSUER: https://auth.remilia.ch
+  OIDC_CLIENT_ID: eb200a8b-5b93-4b77-a070-1081481270a1
+  OIDC_IGNORE_ROLES: "true"
+  OIDC_ENFORCED: "true"

apps/sekibanki/planka/deployment.yaml

@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: planka
+  labels:
+    app.kubernetes.io/name: planka
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: planka
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: planka
+    spec:
+      volumes:
+        - name: planka-data
+          persistentVolumeClaim:
+            claimName: planka-data-pvc
+      containers:
+        - name: planka
+          image: ghcr.io/plankanban/planka:2.0.0-rc.3
+          ports:
+            - containerPort: 1337
+              name: http
+          volumeMounts:
+          - name: planka-data
+            subPath: favicons
+            mountPath: "/app/public/favicons/"
+          - name: planka-data
+            subPath: user-avatars
+            mountPath: "/app/public/user-avatars/"
+          - name: planka-data
+            subPath: background-images
+            mountPath: "/app/public/background-images/"
+          - name: planka-data
+            subPath: attachments
+            mountPath: "/app/private/attachments/"
+          envFrom:
+            - configMapRef:
+                name: planka-config
+            - secretRef:
+                name: planka-secrets

apps/sekibanki/planka/kustomization.yaml

@@ -0,0 +1,6 @@
+resources:
+- configmap.yaml
+- deployment.yaml
+- pvc.yaml
+- secrets.yaml
+- svc.yaml

apps/sekibanki/planka/pvc.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: planka-data-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5G
+  storageClassName: nfs-csi

apps/sekibanki/planka/secrets.sops.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: planka-secrets
+type: Opaque
+stringData:
+    DATABASE_URL: ENC[AES256_GCM,data:/P/UTQ5hn4iXostkAQfguXOEgm3i4u4GU2AtXf63Fa5Vj+xphAZIswrVs3A/UYUGsm8pQzc=,iv:Scg5AkeGhBG6k7AoYbsEihOu659Q5g4j8EOp7xYW6Zo=,tag:FBrGgdzW6divFyEAbdZnvQ==,type:str]
+    SECRET_KEY: ENC[AES256_GCM,data:SN8r72D2iLxpGdqEzjQ5I9PHW/P3NwwJOUYbp+Gi9Hg/a0TBZ9QJZnhveGJPh9aV3KiwuzNK8+AT5TWcFkCSwYa33ZlwJeiTxvfombDYWuqvccwl2Vwun52vUYfrdqogDYcaeP9US6GsJd8eaRUO3iyc0A+C039S68jkGt18h8Q=,iv:hlpmq4fGDjnxXmYRhCBTM9RwBWXA1OAF5AMhs7T0IqU=,tag:Soq3gnQQDaTHBBYoQ9l88A==,type:str]
+    OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:PE6qqlsEpAcaZopGVh6y6/S2EuM3ybTpha+Gmhh7krA=,iv:AcS4H21JOOlAtLDDawqpyzdxdSUr3kFtMB6ynxG3Ewg=,tag:WLZ1JfVOOahaJgvP+YYORA==,type:str]
+    DEFAULT_ADMIN_EMAIL: ENC[AES256_GCM,data:0q437f+tid9X9Hj2F+nlEvyD,iv:TR6YBD84MevOic8d/btZdIAJtkiHRPftOIIJQwkc5iQ=,tag:nspH0pSxPMfevqwXz3RYMw==,type:str]
+sops:
+    age:
+        - recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnMVhvdGNYSzBhSWhpTXRY
+            eFU0Y3Z1YXlIUU1tZkhHVTloaEhMbk1rNFNvCnl3d3NSZit3MklkSHBPOFgrL25n
+            d01RbGJlZ3BzN2V4R3lVbUZBZ051VTQKLS0tIFp4c3pRTitISFJOR3JYNjU2TnRI
+            YzAvRHM5cHprbDJCTlNGa3h0MkZxN2sKnlvHgMwqUM3X47+OeRLxJepfEaVvHSag
+            XWVGGhEAtFkXbyW3e59+LygrabU1Eq0BX4sbN404VpSaosCCxREM5A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-07-16T14:35:28Z"
+    mac: ENC[AES256_GCM,data:9rFIGDm44sPYF2a8lYAw5ooMW0U2td8ajclYHoeOHxQNPouXtTLvEyqjYNeXIIpUfpjYe6qz7us3PeuFeCCGAmobQ34qRu87Jd2n9yg70OSyklzMr4lCaeenlU+3q5nhWWyrv0tHuDUgLWR9F674Xl5T4QfbfbfKwzNMskNg7QM=,iv:pIT6NI7ed8EK7FEF6OySSxrN4vurMv0rUl75Y45wUdQ=,tag:rHgn4IWBGq9UH6d3z1lVkw==,type:str]
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2

apps/sekibanki/planka/svc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: planka
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: planka
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: http