From 88f6961dc1a66343640577073a0a35a9f835928a Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Sat, 1 Mar 2025 00:01:28 +0000 Subject: [PATCH 01/74] Update benbusby/whoogle-search Docker digest to 5bbb30f --- apps-kustomized/whoogle/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/whoogle/deploy.yaml b/apps-kustomized/whoogle/deploy.yaml index d193256..a97e95a 100644 --- a/apps-kustomized/whoogle/deploy.yaml +++ b/apps-kustomized/whoogle/deploy.yaml @@ -24,7 +24,7 @@ spec: value: en - name: WHOOGLE_CONFIG_SEARCH_LANGUAGE value: en - image: benbusby/whoogle-search@sha256:ecccdb598f890140bf5564ea0307d3a72871ab3d14fbf22e308b904846e5c590 + image: benbusby/whoogle-search@sha256:5bbb30fc4cf67563b48529c5291813b3d49c290e1e8b9e3aaa5081e9cb6e40c0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 From 7504c4dbb771b534186b42a0a926c6fcffa8133e Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Sun, 2 Mar 2025 00:01:44 +0000 Subject: [PATCH 02/74] Update eclipse-mosquitto Docker tag to v1.6.15 --- apps-kustomized/mosquitto/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/mosquitto/deploy.yaml b/apps-kustomized/mosquitto/deploy.yaml index f54a9d0..b888928 100644 --- a/apps-kustomized/mosquitto/deploy.yaml +++ b/apps-kustomized/mosquitto/deploy.yaml @@ -21,7 +21,7 @@ spec: app.kubernetes.io/name: mosquitto spec: containers: - - image: eclipse-mosquitto:1.6.12 + - image: eclipse-mosquitto:1.6.15 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 From df4641125eed0c987257cc06943550118f7cc23b Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Mon, 3 Mar 2025 00:01:46 +0000 Subject: [PATCH 03/74] Update esphome/esphome Docker tag to v2022.12.8 --- apps-kustomized/esphome/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/esphome/deploy.yaml b/apps-kustomized/esphome/deploy.yaml index cc0864f..0f08b00 100644 --- a/apps-kustomized/esphome/deploy.yaml +++ b/apps-kustomized/esphome/deploy.yaml @@ -17,7 +17,7 @@ spec: - env: - name: ESPHOME_DASHBOARD_USE_PING value: "true" - image: esphome/esphome:2022.12.3 + image: esphome/esphome:2022.12.8 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 From 8987b8d2a0b9878e5bdcf9673f1dc032ef95a82a Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Mon, 3 Mar 2025 00:01:47 +0000 Subject: [PATCH 04/74] Update grafana/grafana Docker tag to v9.5.21 --- apps-kustomized/kube-prometheus/grafana-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/kube-prometheus/grafana-deployment.yaml b/apps-kustomized/kube-prometheus/grafana-deployment.yaml index 7029f06..d4c59f4 100644 --- a/apps-kustomized/kube-prometheus/grafana-deployment.yaml +++ b/apps-kustomized/kube-prometheus/grafana-deployment.yaml @@ -32,7 +32,7 @@ spec: automountServiceAccountToken: false containers: - env: [] - image: grafana/grafana:9.5.3 + image: grafana/grafana:9.5.21 name: grafana ports: - containerPort: 3000 From 52120be95f155cfa2317a1f8936c885217f0c74a Mon Sep 17 00:00:00 2001 From: Martyn Date: Mon, 3 Mar 2025 09:01:31 +0000 Subject: [PATCH 05/74] Upgrade to last old version --- apps-kustomized/forgejo/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/forgejo/deploy.yaml b/apps-kustomized/forgejo/deploy.yaml index cfa7e74..9a247de 100644 --- a/apps-kustomized/forgejo/deploy.yaml +++ b/apps-kustomized/forgejo/deploy.yaml @@ -19,7 +19,7 @@ spec: app: forgejo spec: containers: - - image: codeberg.org/forgejo/forgejo:1.21 + - image: codeberg.org/forgejo/forgejo:1.21.11-2 env: - name: FORGEJO__database__DB_TYPE value: postgres From 6eca7e00e014a40f3b936a3d6340ebf5419048f1 Mon Sep 17 00:00:00 2001 From: Martyn Date: Mon, 3 Mar 2025 09:09:35 +0000 Subject: [PATCH 06/74] One step forward, let's see how this upgrade works --- apps-kustomized/forgejo/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/forgejo/deploy.yaml b/apps-kustomized/forgejo/deploy.yaml index 9a247de..e849137 100644 --- a/apps-kustomized/forgejo/deploy.yaml +++ b/apps-kustomized/forgejo/deploy.yaml @@ -19,7 +19,7 @@ spec: app: forgejo spec: containers: - - image: codeberg.org/forgejo/forgejo:1.21.11-2 + - image: codeberg.org/forgejo/forgejo:7.0.13 env: - name: FORGEJO__database__DB_TYPE value: postgres From 320f75ddc16fd25b8b3ea79c1fb906c66a3144e7 Mon Sep 17 00:00:00 2001 From: martyn Date: Mon, 3 Mar 2025 09:14:23 +0000 Subject: [PATCH 07/74] Only two more major releases to go... --- apps-kustomized/forgejo/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/forgejo/deploy.yaml b/apps-kustomized/forgejo/deploy.yaml index e849137..4a77e37 100644 --- a/apps-kustomized/forgejo/deploy.yaml +++ b/apps-kustomized/forgejo/deploy.yaml @@ -19,7 +19,7 @@ spec: app: forgejo spec: containers: - - image: codeberg.org/forgejo/forgejo:7.0.13 + - image: codeberg.org/forgejo/forgejo:8.0.3 env: - name: FORGEJO__database__DB_TYPE value: postgres From 8caba49f9fb4396eafdc1734abbcd2169741b825 Mon Sep 17 00:00:00 2001 From: martyn Date: Mon, 3 Mar 2025 09:21:03 +0000 Subject: [PATCH 08/74] Nearly up-to-date --- apps-kustomized/forgejo/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/forgejo/deploy.yaml b/apps-kustomized/forgejo/deploy.yaml index 4a77e37..9013b51 100644 --- a/apps-kustomized/forgejo/deploy.yaml +++ b/apps-kustomized/forgejo/deploy.yaml @@ -19,7 +19,7 @@ spec: app: forgejo spec: containers: - - image: codeberg.org/forgejo/forgejo:8.0.3 + - image: codeberg.org/forgejo/forgejo:9.0.3 env: - name: FORGEJO__database__DB_TYPE value: postgres From a1f49f6370c94b31dab016d16807f60a79864afb Mon Sep 17 00:00:00 2001 From: martyn Date: Mon, 3 Mar 2025 09:23:24 +0000 Subject: [PATCH 09/74] Up-to-date forgejo --- apps-kustomized/forgejo/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/forgejo/deploy.yaml b/apps-kustomized/forgejo/deploy.yaml index 9013b51..7829f5f 100644 --- a/apps-kustomized/forgejo/deploy.yaml +++ b/apps-kustomized/forgejo/deploy.yaml @@ -19,7 +19,7 @@ spec: app: forgejo spec: containers: - - image: codeberg.org/forgejo/forgejo:9.0.3 + - image: codeberg.org/forgejo/forgejo:10.0.1 env: - name: FORGEJO__database__DB_TYPE value: postgres From c98cdcee70218c32b541bf56a24d21b5bea8ba7a Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Tue, 4 Mar 2025 00:01:52 +0000 Subject: [PATCH 10/74] Update Helm release csi-driver-smb to v1.17.0 --- everything-app/csi4samba.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/everything-app/csi4samba.yaml b/everything-app/csi4samba.yaml index 69301c8..d7c4c37 100644 --- a/everything-app/csi4samba.yaml +++ b/everything-app/csi4samba.yaml @@ -11,7 +11,7 @@ spec: source: chart: csi-driver-smb repoURL: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts - targetRevision: v1.13.0 + targetRevision: v1.17.0 syncPolicy: automated: selfHeal: true From 29e535cb291436da967d34b096ac34f93d6c894d Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 09:18:45 +0000 Subject: [PATCH 11/74] Allow insecure argo, as its not exposed anyway and would be fronted by ingress-nginx anyway. Allows for http webhooks. Signed-off-by: Martyn Ranyard --- apps-kustomized/argocd/kustomization.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps-kustomized/argocd/kustomization.yaml b/apps-kustomized/argocd/kustomization.yaml index 99df785..0b08989 100644 --- a/apps-kustomized/argocd/kustomization.yaml +++ b/apps-kustomized/argocd/kustomization.yaml @@ -24,3 +24,11 @@ patches: version: v1 kind: ConfigMap name: argocd-cm + + - patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: --insecure=true + target: + kind: Deployment + name: argocd-server From fae5c02ba6f93f400f0dc963ce6da910270a3b3b Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 09:27:37 +0000 Subject: [PATCH 12/74] Remove old oldseries Signed-off-by: Martyn Ranyard --- apps-kustomized/bazarr/pvc-smb.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/apps-kustomized/bazarr/pvc-smb.yaml b/apps-kustomized/bazarr/pvc-smb.yaml index b4044af..b7a1b0a 100644 --- a/apps-kustomized/bazarr/pvc-smb.yaml +++ b/apps-kustomized/bazarr/pvc-smb.yaml @@ -12,18 +12,6 @@ spec: --- apiVersion: v1 kind: PersistentVolumeClaim -metadata: - name: smb-oldseries -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: smb-oldseries ---- -apiVersion: v1 -kind: PersistentVolumeClaim metadata: name: smb-films spec: @@ -32,4 +20,4 @@ spec: resources: requests: storage: 1Gi - storageClassName: smb-films \ No newline at end of file + storageClassName: smb-films From 9d0b2425a92f5e6176a567f4dd4bc18dd7eee055 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 09:29:07 +0000 Subject: [PATCH 13/74] Remove old oldseries Signed-off-by: Martyn Ranyard --- apps-kustomized/bazarr/deploy.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/apps-kustomized/bazarr/deploy.yaml b/apps-kustomized/bazarr/deploy.yaml index 9319442..41ae55e 100644 --- a/apps-kustomized/bazarr/deploy.yaml +++ b/apps-kustomized/bazarr/deploy.yaml @@ -33,8 +33,6 @@ spec: mountPath: /config - name: series mountPath: /series - - name: oldseries - mountPath: /oldseries - name: films mountPath: /films volumes: @@ -44,9 +42,6 @@ spec: - name: series persistentVolumeClaim: claimName: smb-series - - name: oldseries - persistentVolumeClaim: - claimName: smb-oldseries - name: films persistentVolumeClaim: claimName: smb-films From 6369b00e248830df9a47994c031eeb005e210ecd Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 09:31:52 +0000 Subject: [PATCH 14/74] how are these not updated already Signed-off-by: Martyn Ranyard --- .../smb-storageclasses/sc-films.yaml | 2 +- .../smb-storageclasses/sc-oldseries.yaml | 17 ----------------- .../smb-storageclasses/sc-series.yaml | 2 +- 3 files changed, 2 insertions(+), 19 deletions(-) delete mode 100644 apps-kustomized/smb-storageclasses/sc-oldseries.yaml diff --git a/apps-kustomized/smb-storageclasses/sc-films.yaml b/apps-kustomized/smb-storageclasses/sc-films.yaml index 94537c3..f8cbefd 100644 --- a/apps-kustomized/smb-storageclasses/sc-films.yaml +++ b/apps-kustomized/smb-storageclasses/sc-films.yaml @@ -4,7 +4,7 @@ metadata: name: smb-films provisioner: smb.csi.k8s.io parameters: - source: "//172.20.0.125/films" + source: "//172.20.0.70/films" csi.storage.k8s.io/node-stage-secret-name: smb-creds csi.storage.k8s.io/node-stage-secret-namespace: kube-system reclaimPolicy: Retain diff --git a/apps-kustomized/smb-storageclasses/sc-oldseries.yaml b/apps-kustomized/smb-storageclasses/sc-oldseries.yaml deleted file mode 100644 index 2d725b6..0000000 --- a/apps-kustomized/smb-storageclasses/sc-oldseries.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: smb-oldseries -provisioner: smb.csi.k8s.io -parameters: - source: "//hp40l/disk2/oldseries" - csi.storage.k8s.io/node-stage-secret-name: smb-creds - csi.storage.k8s.io/node-stage-secret-namespace: kube-system -reclaimPolicy: Retain -volumeBindingMode: Immediate -mountOptions: - - dir_mode=0777 - - file_mode=0777 - - uid=1001 - - gid=1001 - - noperm diff --git a/apps-kustomized/smb-storageclasses/sc-series.yaml b/apps-kustomized/smb-storageclasses/sc-series.yaml index cd6438b..f30081a 100644 --- a/apps-kustomized/smb-storageclasses/sc-series.yaml +++ b/apps-kustomized/smb-storageclasses/sc-series.yaml @@ -4,7 +4,7 @@ metadata: name: smb-series provisioner: smb.csi.k8s.io parameters: - source: "//hp40l/disk2/series" + source: "//172.20.0.70/series" csi.storage.k8s.io/node-stage-secret-name: smb-creds csi.storage.k8s.io/node-stage-secret-namespace: kube-system reclaimPolicy: Retain From 1152916cc3f3ce0b608151d38a271e448a44b643 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 09:40:59 +0000 Subject: [PATCH 15/74] reconciling reality Signed-off-by: Martyn Ranyard --- apps-kustomized/zigbee2mqtt2/pvc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/zigbee2mqtt2/pvc.yaml b/apps-kustomized/zigbee2mqtt2/pvc.yaml index 29e797d..94e951d 100644 --- a/apps-kustomized/zigbee2mqtt2/pvc.yaml +++ b/apps-kustomized/zigbee2mqtt2/pvc.yaml @@ -8,4 +8,4 @@ spec: storageClassName: longhorn-fast resources: requests: - storage: 128Mi + storage: 1280Mi From a1c4693c7c3bac5c70b5665af42d7fe7a9388bd9 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 09:51:49 +0000 Subject: [PATCH 16/74] Running Drupal in k8s is a fools errand Signed-off-by: Martyn Ranyard --- everything-app/bikerwitch.yaml | 44 ---------------------------------- 1 file changed, 44 deletions(-) delete mode 100644 everything-app/bikerwitch.yaml diff --git a/everything-app/bikerwitch.yaml b/everything-app/bikerwitch.yaml deleted file mode 100644 index a89d89f..0000000 --- a/everything-app/bikerwitch.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: bikerwitch - namespace: argocd -spec: - destination: - namespace: bikerwitch - server: https://kubernetes.default.svc - project: default - source: - helm: - parameters: - - name: service.type - value: LoadBalancer - - name: persistence.enabled - value: "true" - - name: persistence.storageClass - value: "longhorn-fast" - - name: image.repository - value: drupal - - name: image.tag - value: 9.4-php8.0-apache - values: |- - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt - kubernetes.io/ingress.class: nginx - external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin - hosts: - - host: bikerwitch.martyn.berlin - paths: - - / - - host: www.bikerwitch.org.uk - paths: - - / - tls: - - hosts: - - bikerwitch.martyn.berlin - - www.bikerwitch.org.uk - path: apps-helm/drupal - repoURL: https://git.martyn.berlin/martyn/infra4talos.git - targetRevision: HEAD From 6c29998db66934ac3a18c35fd739a3f6836af7f3 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 09:56:09 +0000 Subject: [PATCH 17/74] We might need it in future, but not for now Signed-off-by: Martyn Ranyard --- apps-kustomized/ser2net/ser2net-zigbee.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/ser2net/ser2net-zigbee.yaml b/apps-kustomized/ser2net/ser2net-zigbee.yaml index 1ef318d..c33b61c 100644 --- a/apps-kustomized/ser2net/ser2net-zigbee.yaml +++ b/apps-kustomized/ser2net/ser2net-zigbee.yaml @@ -38,7 +38,7 @@ metadata: annotations: configmap.reloader.stakater.com/reload: "ser2net" spec: - replicas: 1 + replicas: 0 strategy: type: Recreate selector: From eb0b528423fb5759c4564b1d9465cb538c0db25c Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 10:08:08 +0000 Subject: [PATCH 18/74] Let's have a default ingress class, eh? Signed-off-by: Martyn Ranyard --- everything-app/app-ingress-nginx.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index 147f461..78799aa 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -14,6 +14,8 @@ spec: targetRevision: 4.12.0 helm: parameters: + - name: controller.ingressClassResource.default + value: true - name: controller.service.type value: LoadBalancer - name: controller.allowSnippetAnnotations From 6e45ada258ebc4697fe026502281356a06861c58 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 10:09:08 +0000 Subject: [PATCH 19/74] Let's have a default ingress class, eh? (yaml was a mistake) Signed-off-by: Martyn Ranyard --- everything-app/app-ingress-nginx.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index 78799aa..f1dc763 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -15,7 +15,7 @@ spec: helm: parameters: - name: controller.ingressClassResource.default - value: true + value: "true" - name: controller.service.type value: LoadBalancer - name: controller.allowSnippetAnnotations From 7f6b2e43f47542259446a3091e1cac5b94e6cee0 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 10:11:50 +0000 Subject: [PATCH 20/74] Let me shoot myself in the foot if I want to Signed-off-by: Martyn Ranyard --- everything-app/app-ingress-nginx.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index f1dc763..46c39e4 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -16,6 +16,8 @@ spec: parameters: - name: controller.ingressClassResource.default value: "true" + - name: controller.config.annotations-risk-level + value: "Critical" - name: controller.service.type value: LoadBalancer - name: controller.allowSnippetAnnotations From 187db433de5516f49aadc689634c66e2ab93fcc1 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 11:05:40 +0000 Subject: [PATCH 21/74] Preparing for magic Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 40 ++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index 89c5483..d1c57e0 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -14,9 +14,29 @@ spec: labels: app: qbittorrent spec: + initContainers: + - image: ghcr.io/tailscale/tailscale:latest + command: + - /bin/sh + - -c + - mkdir -p /persist/var/lib/tailscale + name: ts-sidecar + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access-t4rzn + readOnly: true + - mountPath: /persist + name: persist containers: - image: qbittorrentofficial/qbittorrent-nox:latest name: qbittorrent + command: + - /bin/sh + - -c + - while sleep 1; do echo '.'; done volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t4rzn @@ -51,14 +71,14 @@ spec: key: TS_AUTHKEY name: tailscale-auth optional: true - livenessProbe: - exec: - command: - - ping - - -c1 - - 100.100.100.100 - initialDelaySeconds: 120 - periodSeconds: 5 +# livenessProbe: +# exec: +# command: +# - ping +# - -c1 +# - 100.100.100.100 +# initialDelaySeconds: 120 +# periodSeconds: 5 image: ghcr.io/tailscale/tailscale:latest name: ts-sidecar securityContext: @@ -68,6 +88,8 @@ spec: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t4rzn readOnly: true + - mountPath: /persist + name: persist preemptionPolicy: PreemptLowerPriority priority: 0 serviceAccountName: tailscale @@ -87,6 +109,8 @@ spec: - name: config persistentVolumeClaim: claimName: q-config + - name: persist + emptyDir: {} - name: kube-api-access-t4rzn projected: sources: From a7597c2b52365c343f231e7a48d5c477496441ec Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 11:06:34 +0000 Subject: [PATCH 22/74] Preparing for magic Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index d1c57e0..10eec90 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -20,7 +20,7 @@ spec: - /bin/sh - -c - mkdir -p /persist/var/lib/tailscale - name: ts-sidecar + name: ts-prep securityContext: runAsGroup: 1000 runAsUser: 1000 From a885f275a6d269c5f70955513f779e4af37829d4 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 11:16:50 +0000 Subject: [PATCH 23/74] This is frustratingly necessary Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index 10eec90..45723fd 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -24,6 +24,7 @@ spec: securityContext: runAsGroup: 1000 runAsUser: 1000 + privileged: true volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t4rzn @@ -84,6 +85,7 @@ spec: securityContext: runAsGroup: 1000 runAsUser: 1000 + privileged: true volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t4rzn From c91aa4c42bc49a8edb1aee4ec4b156961437bdbe Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 11:23:02 +0000 Subject: [PATCH 24/74] This is frustratingly necessary Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index 45723fd..4c296a8 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -19,7 +19,7 @@ spec: command: - /bin/sh - -c - - mkdir -p /persist/var/lib/tailscale + - mkdir -p /persist/var/lib/tailscale; touch /run/xtables.lock name: ts-prep securityContext: runAsGroup: 1000 @@ -31,6 +31,8 @@ spec: readOnly: true - mountPath: /persist name: persist + - mountPath: /run + name: runfolder containers: - image: qbittorrentofficial/qbittorrent-nox:latest name: qbittorrent @@ -92,6 +94,8 @@ spec: readOnly: true - mountPath: /persist name: persist + - mountPath: /run + name: runfolder preemptionPolicy: PreemptLowerPriority priority: 0 serviceAccountName: tailscale @@ -113,6 +117,8 @@ spec: claimName: q-config - name: persist emptyDir: {} + - name: runfolder + emptyDir: {} - name: kube-api-access-t4rzn projected: sources: From 9cd9b6fdfe5bb3cbdf2bbc2c5d44ee54b6735ba0 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 11:25:58 +0000 Subject: [PATCH 25/74] Fix version, renovate has our back Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index 4c296a8..0e8f71e 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -15,7 +15,7 @@ spec: app: qbittorrent spec: initContainers: - - image: ghcr.io/tailscale/tailscale:latest + - image: ghcr.io/tailscale/tailscale:v1.80.3 command: - /bin/sh - -c @@ -82,7 +82,7 @@ spec: # - 100.100.100.100 # initialDelaySeconds: 120 # periodSeconds: 5 - image: ghcr.io/tailscale/tailscale:latest + image: ghcr.io/tailscale/tailscale:v1.80.3 name: ts-sidecar securityContext: runAsGroup: 1000 From 3c3107b02137c1dfa1c41b763fba45bfd6d84f09 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 11:27:13 +0000 Subject: [PATCH 26/74] This is frustratingly necessary Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index 0e8f71e..ce0b2c5 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -22,8 +22,8 @@ spec: - mkdir -p /persist/var/lib/tailscale; touch /run/xtables.lock name: ts-prep securityContext: - runAsGroup: 1000 - runAsUser: 1000 + runAsGroup: 0 + runAsUser: 0 privileged: true volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount @@ -85,8 +85,8 @@ spec: image: ghcr.io/tailscale/tailscale:v1.80.3 name: ts-sidecar securityContext: - runAsGroup: 1000 - runAsUser: 1000 + runAsGroup: 0 + runAsUser: 0 privileged: true volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount From f709eec878673141c9132d09056e19beeaa876c9 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 11:41:43 +0000 Subject: [PATCH 27/74] Real sidecar perhaps with manual start Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 53 ++++++++++------------------ 1 file changed, 19 insertions(+), 34 deletions(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index ce0b2c5..5dfaf33 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -16,10 +16,28 @@ spec: spec: initContainers: - image: ghcr.io/tailscale/tailscale:v1.80.3 + restartPolicy: Always # Sidecar + env: + - name: TS_KUBE_SECRET + value: tailscale + - name: TS_USERSPACE + value: "false" + - name: TS_OUTBOUND_HTTP_PROXY_LISTEN + value: "localhost:1055" + - name: TS_SOCKS5_SERVER + value: "localhost:1055" + - name: TS_EXTRA_ARGS + value: "--exit-node=100.90.55.121" + - name: TS_AUTHKEY + valueFrom: + secretKeyRef: + key: TS_AUTHKEY + name: tailscale-auth + optional: true command: - /bin/sh - -c - - mkdir -p /persist/var/lib/tailscale; touch /run/xtables.lock + - while sleep 1; do echo '.'; done name: ts-prep securityContext: runAsGroup: 0 @@ -31,8 +49,6 @@ spec: readOnly: true - mountPath: /persist name: persist - - mountPath: /run - name: runfolder containers: - image: qbittorrentofficial/qbittorrent-nox:latest name: qbittorrent @@ -57,23 +73,6 @@ spec: value: "/config" - name: QBT_DOWNLOADS value: "/downloads" - - env: - - name: TS_KUBE_SECRET - value: tailscale - - name: TS_USERSPACE - value: "false" - - name: TS_OUTBOUND_HTTP_PROXY_LISTEN - value: "localhost:1055" - - name: TS_SOCKS5_SERVER - value: "localhost:1055" - - name: TS_EXTRA_ARGS - value: "--exit-node=100.90.55.121" - - name: TS_AUTHKEY - valueFrom: - secretKeyRef: - key: TS_AUTHKEY - name: tailscale-auth - optional: true # livenessProbe: # exec: # command: @@ -82,20 +81,6 @@ spec: # - 100.100.100.100 # initialDelaySeconds: 120 # periodSeconds: 5 - image: ghcr.io/tailscale/tailscale:v1.80.3 - name: ts-sidecar - securityContext: - runAsGroup: 0 - runAsUser: 0 - privileged: true - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access-t4rzn - readOnly: true - - mountPath: /persist - name: persist - - mountPath: /run - name: runfolder preemptionPolicy: PreemptLowerPriority priority: 0 serviceAccountName: tailscale From 020d13ada2ebcb77689e7fc163a9663a924d1f71 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 11:49:46 +0000 Subject: [PATCH 28/74] Not optional lol Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index 5dfaf33..c8963ba 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -33,7 +33,6 @@ spec: secretKeyRef: key: TS_AUTHKEY name: tailscale-auth - optional: true command: - /bin/sh - -c From 7a57c678c26edc73b4fdee498827f3d80687e1f0 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 16:26:53 +0000 Subject: [PATCH 29/74] Move TS to a separate deploy Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 45 ---------------------------- 1 file changed, 45 deletions(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index c8963ba..d843058 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -15,39 +15,6 @@ spec: app: qbittorrent spec: initContainers: - - image: ghcr.io/tailscale/tailscale:v1.80.3 - restartPolicy: Always # Sidecar - env: - - name: TS_KUBE_SECRET - value: tailscale - - name: TS_USERSPACE - value: "false" - - name: TS_OUTBOUND_HTTP_PROXY_LISTEN - value: "localhost:1055" - - name: TS_SOCKS5_SERVER - value: "localhost:1055" - - name: TS_EXTRA_ARGS - value: "--exit-node=100.90.55.121" - - name: TS_AUTHKEY - valueFrom: - secretKeyRef: - key: TS_AUTHKEY - name: tailscale-auth - command: - - /bin/sh - - -c - - while sleep 1; do echo '.'; done - name: ts-prep - securityContext: - runAsGroup: 0 - runAsUser: 0 - privileged: true - volumeMounts: - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: kube-api-access-t4rzn - readOnly: true - - mountPath: /persist - name: persist containers: - image: qbittorrentofficial/qbittorrent-nox:latest name: qbittorrent @@ -72,14 +39,6 @@ spec: value: "/config" - name: QBT_DOWNLOADS value: "/downloads" -# livenessProbe: -# exec: -# command: -# - ping -# - -c1 -# - 100.100.100.100 -# initialDelaySeconds: 120 -# periodSeconds: 5 preemptionPolicy: PreemptLowerPriority priority: 0 serviceAccountName: tailscale @@ -99,10 +58,6 @@ spec: - name: config persistentVolumeClaim: claimName: q-config - - name: persist - emptyDir: {} - - name: runfolder - emptyDir: {} - name: kube-api-access-t4rzn projected: sources: From 440682a8ff8c31d6cd5735992aeb0d90063bbfa9 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 17:34:34 +0000 Subject: [PATCH 30/74] Add the tailscale proxy for use by ISO downloaders Signed-off-by: Martyn Ranyard --- .../tailscale-proxy/configmap.yaml | 13 +++ apps-kustomized/tailscale-proxy/deploy.yaml | 102 ++++++++++++++++++ apps-kustomized/tailscale-proxy/sa.yaml | 4 + everything-app/tailscale-proxy.yaml | 17 +++ 4 files changed, 136 insertions(+) create mode 100644 apps-kustomized/tailscale-proxy/configmap.yaml create mode 100644 apps-kustomized/tailscale-proxy/deploy.yaml create mode 100644 apps-kustomized/tailscale-proxy/sa.yaml create mode 100644 everything-app/tailscale-proxy.yaml diff --git a/apps-kustomized/tailscale-proxy/configmap.yaml b/apps-kustomized/tailscale-proxy/configmap.yaml new file mode 100644 index 0000000..18e2296 --- /dev/null +++ b/apps-kustomized/tailscale-proxy/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tailscale-script +data: + script.sh: | + tailscaled --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --tun=userspace-networking & + tailscale up --authkey=$TS_AUTHKEY --advertise-tags=tag:k8s --hostname k8s-tailscale-proxy & + sleep 3 + echo "Waiting for $COUNTRY to do something" + while ! tailscale exit-node list 2>/dev/null | grep $COUNTRY >/dev/null; do echo -n . ;sleep 5; done + tailscale set --exit-node $(tailscale exit-node list | grep $COUNTRY | cut -f2 -d' ' | shuf | head -n1) + while true; do sleep 1; done diff --git a/apps-kustomized/tailscale-proxy/deploy.yaml b/apps-kustomized/tailscale-proxy/deploy.yaml new file mode 100644 index 0000000..de04c99 --- /dev/null +++ b/apps-kustomized/tailscale-proxy/deploy.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "20" + labels: + app: tailscale-proxy + name: tailscale-proxy +spec: + replicas: 1 + selector: + matchLabels: + app: tailscale-proxy + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: tailscale-proxy + spec: + containers: + - command: + - /bin/sh + - -c + - 'sh /script/script.sh' + env: + - name: TS_KUBE_SECRET + value: tailscale + - name: COUNTRY + value: Switzerland + - name: TS_AUTHKEY + valueFrom: + secretKeyRef: + key: TS_AUTHKEY + name: tailscale-auth + image: ghcr.io/tailscale/tailscale:v1.80.3 + imagePullPolicy: IfNotPresent + startupProbe: + exec: + command: + - /bin/sh + - -c + - tailscale ip | grep ^100 > /dev/null + periodSeconds: 30 + failureThreshold: 30 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - tailscale ip | grep ^100 > /dev/null + periodSeconds: 30 + failureThreshold: 2 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - http_proxy=127.0.0.1:1055 wget -O- ifconfig.co/country 2>&1 | grep $COUNTRY > /dev/null + initialDelaySeconds: 60 + periodSeconds: 60 + failureThreshold: 3 + name: tailscale + securityContext: + privileged: true + runAsGroup: 0 + runAsUser: 0 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access-t4rzn + readOnly: true + - mountPath: /script + name: script + serviceAccount: tailscale + serviceAccountName: tailscale + volumes: + - name: script + configMap: + name: tailscale-script + - name: kube-api-access-t4rzn + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace diff --git a/apps-kustomized/tailscale-proxy/sa.yaml b/apps-kustomized/tailscale-proxy/sa.yaml new file mode 100644 index 0000000..84dfe93 --- /dev/null +++ b/apps-kustomized/tailscale-proxy/sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tailscale diff --git a/everything-app/tailscale-proxy.yaml b/everything-app/tailscale-proxy.yaml new file mode 100644 index 0000000..f85396f --- /dev/null +++ b/everything-app/tailscale-proxy.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tailscale-proxy + namespace: argocd +spec: + destination: + namespace: tailscale-proxy + server: https://kubernetes.default.svc + project: apps + source: + path: apps-kustomized/tailscale-proxy + repoURL: https://git.martyn.berlin/martyn/infra4talos + targetRevision: HEAD + syncPolicy: + automated: + selfHeal: true From 13a005f6b5638a9ee520c3b06b8dcc0452696c2c Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 17:36:37 +0000 Subject: [PATCH 31/74] Calm argo tf down Signed-off-by: Martyn Ranyard --- apps-kustomized/tailscale-proxy/deploy.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/apps-kustomized/tailscale-proxy/deploy.yaml b/apps-kustomized/tailscale-proxy/deploy.yaml index de04c99..0ee2f41 100644 --- a/apps-kustomized/tailscale-proxy/deploy.yaml +++ b/apps-kustomized/tailscale-proxy/deploy.yaml @@ -1,8 +1,6 @@ apiVersion: apps/v1 kind: Deployment metadata: - annotations: - deployment.kubernetes.io/revision: "20" labels: app: tailscale-proxy name: tailscale-proxy From 83b0b4be5915490c257ce473b70e71977f62571f Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 17:38:08 +0000 Subject: [PATCH 32/74] Expose so I can use if needed in-house Signed-off-by: Martyn Ranyard --- apps-kustomized/svc.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 apps-kustomized/svc.yaml diff --git a/apps-kustomized/svc.yaml b/apps-kustomized/svc.yaml new file mode 100644 index 0000000..b09f798 --- /dev/null +++ b/apps-kustomized/svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: tailscale-proxy + app.kubernetes.io/instance: tailscale-proxy + name: tailscale-proxy +spec: + ports: + - port: 1055 + protocol: TCP + targetPort: 1055 + selector: + app: tailscale-proxy + type: LoadBalancer From 2b39418104c51d68172b1bdd3d87e52e5a04c14f Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 17:39:10 +0000 Subject: [PATCH 33/74] Oops wrong directory Signed-off-by: Martyn Ranyard --- apps-kustomized/{ => tailscale-proxy}/svc.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename apps-kustomized/{ => tailscale-proxy}/svc.yaml (100%) diff --git a/apps-kustomized/svc.yaml b/apps-kustomized/tailscale-proxy/svc.yaml similarity index 100% rename from apps-kustomized/svc.yaml rename to apps-kustomized/tailscale-proxy/svc.yaml From a70b28c90508bd7cb25b854a3547a7f036090399 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 17:39:55 +0000 Subject: [PATCH 34/74] Let it go Signed-off-by: Martyn Ranyard --- apps-kustomized/torrents/deploy.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/apps-kustomized/torrents/deploy.yaml b/apps-kustomized/torrents/deploy.yaml index d843058..f33fe7c 100644 --- a/apps-kustomized/torrents/deploy.yaml +++ b/apps-kustomized/torrents/deploy.yaml @@ -18,10 +18,6 @@ spec: containers: - image: qbittorrentofficial/qbittorrent-nox:latest name: qbittorrent - command: - - /bin/sh - - -c - - while sleep 1; do echo '.'; done volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-t4rzn From dd6202a26f7558ab80383f8c84c6114288c1942c Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Wed, 5 Mar 2025 18:09:11 +0000 Subject: [PATCH 35/74] Bump some versions Signed-off-by: Martyn Ranyard --- apps-kustomized/lidarr/deploy.yaml | 2 +- apps-kustomized/prowlarr/deploy.yaml | 2 +- apps-kustomized/radarr/deploy.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps-kustomized/lidarr/deploy.yaml b/apps-kustomized/lidarr/deploy.yaml index cad8b6e..49cce80 100644 --- a/apps-kustomized/lidarr/deploy.yaml +++ b/apps-kustomized/lidarr/deploy.yaml @@ -18,7 +18,7 @@ spec: app: lidarr spec: containers: - - image: hotio/lidarr:release + - image: hotio/lidarr:release-2.9.6.4552 name: lidarr resources: requests: diff --git a/apps-kustomized/prowlarr/deploy.yaml b/apps-kustomized/prowlarr/deploy.yaml index f7b7168..962e8db 100644 --- a/apps-kustomized/prowlarr/deploy.yaml +++ b/apps-kustomized/prowlarr/deploy.yaml @@ -16,7 +16,7 @@ spec: app: prowlarr spec: containers: - - image: hotio/prowlarr:release-1.26.1.4844 + - image: hotio/prowlarr:release-1.31.2.4975 imagePullPolicy: Always name: prowlarr ports: diff --git a/apps-kustomized/radarr/deploy.yaml b/apps-kustomized/radarr/deploy.yaml index c8353fc..cf95c71 100644 --- a/apps-kustomized/radarr/deploy.yaml +++ b/apps-kustomized/radarr/deploy.yaml @@ -18,7 +18,7 @@ spec: app: radarr spec: containers: - - image: hotio/radarr:release-5.18.4.9674 + - image: hotio/radarr:release-5.19.3.9730 imagePullPolicy: IfNotPresent name: radarr ports: From c95ee6719102a7145ebb185905d65366b3649016 Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Thu, 6 Mar 2025 00:02:21 +0000 Subject: [PATCH 36/74] Update Helm release node-red to v5.4.0 --- everything-app/nodered.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/everything-app/nodered.yaml b/everything-app/nodered.yaml index fe17f06..10fd9e3 100644 --- a/everything-app/nodered.yaml +++ b/everything-app/nodered.yaml @@ -31,7 +31,7 @@ spec: annotations: external-dns.alpha.kubernetes.io/hostname: nodered.martyn.berlin repoURL: https://k8s-at-home.com/charts/ - targetRevision: 5.3.1 + targetRevision: 5.4.0 syncPolicy: automated: selfHeal: true From 4efb41b584a15fd51687184474feb1aafaea9bd9 Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Thu, 6 Mar 2025 00:02:23 +0000 Subject: [PATCH 37/74] Update Helm release paperless-ngx to v0.24.1 --- everything-app/paperless-ngx.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index 63c55f8..1c87d7e 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -59,7 +59,7 @@ spec: - name: resources.requests.memory value: "511772986" repoURL: https://charts.gabe565.com - targetRevision: 0.7.8 + targetRevision: 0.24.1 syncPolicy: automated: selfHeal: true From 4c6a97e52a5d8e37dd7b1fa732c12bd5e75762e2 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 17:05:12 +0000 Subject: [PATCH 38/74] Prep for having yet another s3 Signed-off-by: Martyn Ranyard --- everything-app/samba-longhorn-ssd.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/everything-app/samba-longhorn-ssd.yaml b/everything-app/samba-longhorn-ssd.yaml index 689537c..edc5521 100644 --- a/everything-app/samba-longhorn-ssd.yaml +++ b/everything-app/samba-longhorn-ssd.yaml @@ -44,6 +44,9 @@ spec: - name: scans size: 1Gi storageClass: longhorn-fast + - name: s3 + size: 20Gi + storageClass: longhorn-fast path: apps-helm/samba4 repoURL: https://git.martyn.berlin/martyn/infra4talos.git targetRevision: HEAD From 838c4acc41ff3815d03cf1e03c1ffd8020d91344 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 17:50:16 +0000 Subject: [PATCH 39/74] Allow mounting the s3 storage via smb Signed-off-by: Martyn Ranyard --- apps-kustomized/smb-storageclasses/sc-s3.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 apps-kustomized/smb-storageclasses/sc-s3.yaml diff --git a/apps-kustomized/smb-storageclasses/sc-s3.yaml b/apps-kustomized/smb-storageclasses/sc-s3.yaml new file mode 100644 index 0000000..2496b57 --- /dev/null +++ b/apps-kustomized/smb-storageclasses/sc-s3.yaml @@ -0,0 +1,17 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: smb-music +provisioner: smb.csi.k8s.io +parameters: + source: "//172.20.0.69/s3" + csi.storage.k8s.io/node-stage-secret-name: smb-creds + csi.storage.k8s.io/node-stage-secret-namespace: kube-system +reclaimPolicy: Retain +volumeBindingMode: Immediate +mountOptions: + - dir_mode=0777 + - file_mode=0777 + - uid=1001 + - gid=1001 + - noperm From 261c7ccd4d60983824dcc43d927a54b0c15d5817 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 17:55:40 +0000 Subject: [PATCH 40/74] OOps copypasta Signed-off-by: Martyn Ranyard --- apps-kustomized/smb-storageclasses/sc-s3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/smb-storageclasses/sc-s3.yaml b/apps-kustomized/smb-storageclasses/sc-s3.yaml index 2496b57..22eda02 100644 --- a/apps-kustomized/smb-storageclasses/sc-s3.yaml +++ b/apps-kustomized/smb-storageclasses/sc-s3.yaml @@ -1,7 +1,7 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: - name: smb-music + name: smb-s3 provisioner: smb.csi.k8s.io parameters: source: "//172.20.0.69/s3" From 9605f2baeb7e756a924d4b605569f86cfaaa6dad Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 18:24:09 +0000 Subject: [PATCH 41/74] Move out of the way please Signed-off-by: Martyn Ranyard --- everything-app/garage.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/everything-app/garage.yaml b/everything-app/garage.yaml index 2a192ad..e984c8e 100644 --- a/everything-app/garage.yaml +++ b/everything-app/garage.yaml @@ -54,9 +54,9 @@ spec: cert-manager.io/cluster-issuer: letsencrypt tls: - hosts: - - "files.martyn.berlin" + - "oldfiles.martyn.berlin" hosts: - - host: files.martyn.berlin + - host: oldfiles.martyn.berlin paths: - path: / pathType: Prefix From 41ae6765f4cccd9729dddd16de19705e9ae69252 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 18:24:35 +0000 Subject: [PATCH 42/74] Add nginx hosting my smb bucket Signed-off-by: Martyn Ranyard --- apps-kustomized/versity/ing.yaml | 26 ++++++++++++++++++++++++++ apps-kustomized/versity/nginx.yaml | 27 +++++++++++++++++++++++++++ apps-kustomized/versity/pvc.yaml | 11 +++++++++++ apps-kustomized/versity/svc.yaml | 12 ++++++++++++ 4 files changed, 76 insertions(+) create mode 100644 apps-kustomized/versity/ing.yaml create mode 100644 apps-kustomized/versity/nginx.yaml create mode 100644 apps-kustomized/versity/pvc.yaml create mode 100644 apps-kustomized/versity/svc.yaml diff --git a/apps-kustomized/versity/ing.yaml b/apps-kustomized/versity/ing.yaml new file mode 100644 index 0000000..1a00444 --- /dev/null +++ b/apps-kustomized/versity/ing.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +items: +- apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + annotations: + external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin + nginx.ingress.kubernetes.io/proxy-body-size: 700m + labels: + name: web-s3 + spec: + ingressClassName: nginx + rules: + - host: files.martyn.berlin + http: + paths: + - backend: + service: + name: s3-nginx + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - files.martyn.berlin diff --git a/apps-kustomized/versity/nginx.yaml b/apps-kustomized/versity/nginx.yaml new file mode 100644 index 0000000..f58d09c --- /dev/null +++ b/apps-kustomized/versity/nginx.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: s3-nginx + name: s3-nginx +spec: + replicas: 1 + selector: + matchLabels: + app: s3-nginx + template: + metadata: + creationTimestamp: null + labels: + app: s3-nginx + spec: + containers: + - image: nginx:1.27.4 + name: nginx + volumeMounts: + - mountPath: /usr/share/nginx/html + name: s3 + volumes: + - name: s3 + persistentVolumeClaim: + claimName: smb-s3 diff --git a/apps-kustomized/versity/pvc.yaml b/apps-kustomized/versity/pvc.yaml new file mode 100644 index 0000000..f648e20 --- /dev/null +++ b/apps-kustomized/versity/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: smb-s3 +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: smb-s3 diff --git a/apps-kustomized/versity/svc.yaml b/apps-kustomized/versity/svc.yaml new file mode 100644 index 0000000..42f9f5b --- /dev/null +++ b/apps-kustomized/versity/svc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: s3-nginx + name: s3-nginx +spec: + internalTrafficPolicy: Cluster + ports: + - port: 80 + selector: + app: s3-nginx From 6019477cda2cbcc97370d70c2c089e08951c5030 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 18:26:36 +0000 Subject: [PATCH 43/74] nginx ftw Signed-off-by: Martyn Ranyard --- apps-kustomized/{versity => files-web}/ing.yaml | 0 .../{versity => files-web}/nginx.yaml | 0 apps-kustomized/{versity => files-web}/pvc.yaml | 0 apps-kustomized/{versity => files-web}/svc.yaml | 0 everything-app/files-web.yaml | 17 +++++++++++++++++ 5 files changed, 17 insertions(+) rename apps-kustomized/{versity => files-web}/ing.yaml (100%) rename apps-kustomized/{versity => files-web}/nginx.yaml (100%) rename apps-kustomized/{versity => files-web}/pvc.yaml (100%) rename apps-kustomized/{versity => files-web}/svc.yaml (100%) create mode 100644 everything-app/files-web.yaml diff --git a/apps-kustomized/versity/ing.yaml b/apps-kustomized/files-web/ing.yaml similarity index 100% rename from apps-kustomized/versity/ing.yaml rename to apps-kustomized/files-web/ing.yaml diff --git a/apps-kustomized/versity/nginx.yaml b/apps-kustomized/files-web/nginx.yaml similarity index 100% rename from apps-kustomized/versity/nginx.yaml rename to apps-kustomized/files-web/nginx.yaml diff --git a/apps-kustomized/versity/pvc.yaml b/apps-kustomized/files-web/pvc.yaml similarity index 100% rename from apps-kustomized/versity/pvc.yaml rename to apps-kustomized/files-web/pvc.yaml diff --git a/apps-kustomized/versity/svc.yaml b/apps-kustomized/files-web/svc.yaml similarity index 100% rename from apps-kustomized/versity/svc.yaml rename to apps-kustomized/files-web/svc.yaml diff --git a/everything-app/files-web.yaml b/everything-app/files-web.yaml new file mode 100644 index 0000000..92edf93 --- /dev/null +++ b/everything-app/files-web.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: files-web + namespace: argocd +spec: + destination: + namespace: files-web + server: https://kubernetes.default.svc + project: apps + source: + path: apps-kustomized/files-web + repoURL: https://git.martyn.berlin/martyn/infra4talos + targetRevision: HEAD + syncPolicy: + automated: + selfHeal: true From d52f8c147bdb2473bad41e491cd260238d4a5f5e Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 18:28:35 +0000 Subject: [PATCH 44/74] not a list huh Signed-off-by: Martyn Ranyard --- apps-kustomized/files-web/ing.yaml | 48 ++++++++++++++---------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/apps-kustomized/files-web/ing.yaml b/apps-kustomized/files-web/ing.yaml index 1a00444..e183d59 100644 --- a/apps-kustomized/files-web/ing.yaml +++ b/apps-kustomized/files-web/ing.yaml @@ -1,26 +1,24 @@ -apiVersion: v1 -items: -- apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - annotations: - external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin - nginx.ingress.kubernetes.io/proxy-body-size: 700m - labels: +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin + nginx.ingress.kubernetes.io/proxy-body-size: 700m + labels: name: web-s3 - spec: - ingressClassName: nginx - rules: - - host: files.martyn.berlin - http: - paths: - - backend: - service: - name: s3-nginx - port: - number: 80 - path: / - pathType: Prefix - tls: - - hosts: - - files.martyn.berlin +spec: + ingressClassName: nginx + rules: + - host: files.martyn.berlin + http: + paths: + - backend: + service: + name: s3-nginx + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - files.martyn.berlin From d4e4e4354d38438c59fd39ae054616b60fee2df2 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 18:29:40 +0000 Subject: [PATCH 45/74] YAML was a mistake Signed-off-by: Martyn Ranyard --- apps-kustomized/files-web/ing.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apps-kustomized/files-web/ing.yaml b/apps-kustomized/files-web/ing.yaml index e183d59..aef4789 100644 --- a/apps-kustomized/files-web/ing.yaml +++ b/apps-kustomized/files-web/ing.yaml @@ -4,8 +4,7 @@ metadata: annotations: external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin nginx.ingress.kubernetes.io/proxy-body-size: 700m - labels: - name: web-s3 + name: web-s3 spec: ingressClassName: nginx rules: From 1610d111120ed8abdc71a597b3194a374843a4ba Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Thu, 6 Mar 2025 18:32:11 +0000 Subject: [PATCH 46/74] If you won't play nice, don't play. Signed-off-by: Martyn Ranyard --- everything-app/garage.yaml | 65 -------------------------------------- 1 file changed, 65 deletions(-) delete mode 100644 everything-app/garage.yaml diff --git a/everything-app/garage.yaml b/everything-app/garage.yaml deleted file mode 100644 index e984c8e..0000000 --- a/everything-app/garage.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: garage - namespace: argocd -spec: - destination: - namespace: garage - server: https://kubernetes.default.svc - project: infra - source: - helm: - valuesObject: - service: - type: LoadBalancer - persistence: - enabled: "true" - meta: - storageClass: longhorn-fast - data: - storageClass: longhorn-spinny - size: "1Gi" - deployment: - replicaCount: "1" - garage: - replicationMode: "1" - s3: - api: - rootDomain: ".s3.files.martyn.berlin" - web: - rootDomain: ".martyn.berlin" - ingress: - s3: - api: - className: "nginx" - enabled: "true" - annotations: - external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/proxy-body-size: "700m" - tls: - - hosts: - - "s3.files.martyn.berlin" - hosts: - - host: s3.files.martyn.berlin - paths: - - path: / - pathType: Prefix - web: - className: "nginx" - enabled: "true" - annotations: - external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin - cert-manager.io/cluster-issuer: letsencrypt - tls: - - hosts: - - "oldfiles.martyn.berlin" - hosts: - - host: oldfiles.martyn.berlin - paths: - - path: / - pathType: Prefix - path: script/helm/garage - repoURL: https://git.deuxfleurs.fr/Deuxfleurs/garage - targetRevision: HEAD From 6dab365801df35b4f187e903403d60a2f9934954 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Fri, 7 Mar 2025 13:07:48 +0000 Subject: [PATCH 47/74] New container, new path. irritating. Oh well, cleanup too. Signed-off-by: Martyn Ranyard --- apps-kustomized/lms/pvc.yaml | 12 ------------ apps-kustomized/lms/statefulset.yaml | 28 ++++++---------------------- 2 files changed, 6 insertions(+), 34 deletions(-) diff --git a/apps-kustomized/lms/pvc.yaml b/apps-kustomized/lms/pvc.yaml index 2fd6541..7f97a01 100644 --- a/apps-kustomized/lms/pvc.yaml +++ b/apps-kustomized/lms/pvc.yaml @@ -12,18 +12,6 @@ spec: --- apiVersion: v1 kind: PersistentVolumeClaim -metadata: - name: smb-oldmusic -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: smb-oldmusic ---- -apiVersion: v1 -kind: PersistentVolumeClaim metadata: name: logitech-media-server-config spec: diff --git a/apps-kustomized/lms/statefulset.yaml b/apps-kustomized/lms/statefulset.yaml index 1fe788f..0f64296 100644 --- a/apps-kustomized/lms/statefulset.yaml +++ b/apps-kustomized/lms/statefulset.yaml @@ -61,27 +61,14 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - - mountPath: /srv/squeezebox - name: config - - mountPath: /smbmusic - name: smbmusic - - mountPath: /smboldmusic - name: smboldmusic - dnsPolicy: ClusterFirst - initContainers: - - command: - - sh - - -c - - mkdir /smbmusic; mkdir -pv /config/playlists /config/config; chown -Rc 1000:1000 - /config - image: doliana/logitech-media-server:2023_04_15-8.3.1 - imagePullPolicy: IfNotPresent - name: init-config - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - mountPath: /config name: config + - mountPath: /music + name: smbmusic + - mountPath: /playlist + name: config + subPath: playlist + dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler terminationGracePeriodSeconds: 30 @@ -92,9 +79,6 @@ spec: - name: smbmusic persistentVolumeClaim: claimName: smb-music - - name: smboldmusic - persistentVolumeClaim: - claimName: smb-oldmusic updateStrategy: rollingUpdate: partition: 0 From 86ce1aa807e5b1d7414f7b2bd70e8b0466bd3cf2 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Sat, 8 Mar 2025 08:59:02 +0000 Subject: [PATCH 48/74] Alexa, die in a fire. Signed-off-by: Martyn Ranyard --- everything-app/app-ingress-nginx.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index 46c39e4..67fad93 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -37,6 +37,7 @@ spec: more_set_headers -a "X-Robots-Tag: anthropic-ai: none"; more_set_headers -a "X-Robots-Tag: CCBot: none"; more_set_headers -a "X-Robots-Tag: semrushbot: none"; + more_set_headers -a "X-Robots-Tag: Amazonbot: none" syncPolicy: automated: selfHeal: true From dbf06a7347aaeca773b76fab963d908449afd966 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Sat, 8 Mar 2025 09:11:44 +0000 Subject: [PATCH 49/74] Alexa, die in a fire. Signed-off-by: Martyn Ranyard --- everything-app/app-ingress-nginx.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index 67fad93..04e95ec 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -37,7 +37,9 @@ spec: more_set_headers -a "X-Robots-Tag: anthropic-ai: none"; more_set_headers -a "X-Robots-Tag: CCBot: none"; more_set_headers -a "X-Robots-Tag: semrushbot: none"; - more_set_headers -a "X-Robots-Tag: Amazonbot: none" + more_set_headers -a "X-Robots-Tag: Amazonbot: none"; + - name: controller.config.block-user-agents: + value: ".*Amazonbot/.*" syncPolicy: automated: selfHeal: true From 162fb3f01312752b7fcfd127eaa5955bc33f327d Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Sat, 8 Mar 2025 09:14:42 +0000 Subject: [PATCH 50/74] Alexa, die in a fire. Signed-off-by: Martyn Ranyard --- everything-app/app-ingress-nginx.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index 04e95ec..01f0947 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -38,7 +38,7 @@ spec: more_set_headers -a "X-Robots-Tag: CCBot: none"; more_set_headers -a "X-Robots-Tag: semrushbot: none"; more_set_headers -a "X-Robots-Tag: Amazonbot: none"; - - name: controller.config.block-user-agents: + - name: controller.config.block-user-agents value: ".*Amazonbot/.*" syncPolicy: automated: From 700194f3bb8e5f514ec161223a3f0ddeb93f47fe Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Sat, 8 Mar 2025 09:26:12 +0000 Subject: [PATCH 51/74] nginx specific regex, because of course Signed-off-by: Martyn Ranyard --- everything-app/app-ingress-nginx.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index 01f0947..34dea80 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -39,7 +39,7 @@ spec: more_set_headers -a "X-Robots-Tag: semrushbot: none"; more_set_headers -a "X-Robots-Tag: Amazonbot: none"; - name: controller.config.block-user-agents - value: ".*Amazonbot/.*" + value: "~*Amazonbot" syncPolicy: automated: selfHeal: true From 6162a7ef8552d6d4b59c675aad8e994ba4347818 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Sat, 8 Mar 2025 09:38:01 +0000 Subject: [PATCH 52/74] Welcome to my block list Signed-off-by: Martyn Ranyard --- everything-app/app-ingress-nginx.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/everything-app/app-ingress-nginx.yaml b/everything-app/app-ingress-nginx.yaml index 34dea80..5079ab2 100644 --- a/everything-app/app-ingress-nginx.yaml +++ b/everything-app/app-ingress-nginx.yaml @@ -38,8 +38,10 @@ spec: more_set_headers -a "X-Robots-Tag: CCBot: none"; more_set_headers -a "X-Robots-Tag: semrushbot: none"; more_set_headers -a "X-Robots-Tag: Amazonbot: none"; + more_set_headers -a "X-Robots-Tag: dotbot: none"; + more_set_headers -a "X-Robots-Tag: AhrefsBot: none"; - name: controller.config.block-user-agents - value: "~*Amazonbot" + value: "~*Amazonbot,~*SemrushBot,~*DotBot,~*Ahrefsbot,~*GPT" syncPolicy: automated: selfHeal: true From ed320ab06055fb7008de6f933a2f9cdfdf9b2d91 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Sat, 8 Mar 2025 21:13:23 +0000 Subject: [PATCH 53/74] move back for now Signed-off-by: Martyn Ranyard --- apps-kustomized/jellyfin/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/jellyfin/deployment.yaml b/apps-kustomized/jellyfin/deployment.yaml index 4fff4fd..9c94b90 100644 --- a/apps-kustomized/jellyfin/deployment.yaml +++ b/apps-kustomized/jellyfin/deployment.yaml @@ -66,7 +66,7 @@ spec: dnsPolicy: ClusterFirst nodeSelector: intel.feature.node.kubernetes.io/gpu: "true" - kubernetes.io/hostname: talos-llu-kx3 + kubernetes.io/hostname: talos-e48-wv7 terminationGracePeriodSeconds: 30 volumes: - name: jellyfin-config From beb22c8bc6c42af4b96bf08f09f69a9a967330a2 Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Tue, 11 Mar 2025 00:01:26 +0000 Subject: [PATCH 54/74] Update Helm release external-dns to v8 --- apps-kustomized/external-dns/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 6361fa5..b815164 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization helmCharts: - name: external-dns repo: https://charts.bitnami.com/bitnami - version: 6.28.4 + version: 8.7.7 releaseName: external-dns namespace: external-dns valuesInline: From 5cfb35e557891b497d5bebf67b0ee79e6d5f0989 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 13:18:01 +0000 Subject: [PATCH 55/74] pin the container version for the helm upgrade Signed-off-by: Martyn Ranyard --- apps-kustomized/external-dns/kustomization.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 6361fa5..a7ef9c7 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -12,3 +12,5 @@ helmCharts: txtPrefix: armnleg sources: [service,ingress] extraEnvVarsSecret: dnsimple-auth + image: + tag: 0.14.0-debian-11-r1 From 392f2491cd2e8eea266dd7ecfcfaf84d669c32ce Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 13:24:16 +0000 Subject: [PATCH 56/74] Renovate got confused I think! Signed-off-by: Martyn Ranyard --- apps-kustomized/external-dns/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 67aa8bb..58338ca 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization helmCharts: - name: external-dns repo: https://charts.bitnami.com/bitnami - version: 8.7.7 + version: 1.15.2 releaseName: external-dns namespace: external-dns valuesInline: From 5aa80a41597d12f33e143c762d20a86f78944ce0 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 13:27:06 +0000 Subject: [PATCH 57/74] wut, no... Signed-off-by: Martyn Ranyard --- apps-kustomized/external-dns/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 58338ca..67aa8bb 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization helmCharts: - name: external-dns repo: https://charts.bitnami.com/bitnami - version: 1.15.2 + version: 8.7.7 releaseName: external-dns namespace: external-dns valuesInline: From 5a9c412272fc9c92383f1409b7e86ffd7ed54e55 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 13:32:13 +0000 Subject: [PATCH 58/74] Oh great, this is now completely broken by bitnami, we can _try_ oci Signed-off-by: Martyn Ranyard --- apps-kustomized/external-dns/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 67aa8bb..8cc0f3d 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization helmCharts: - name: external-dns - repo: https://charts.bitnami.com/bitnami + repo: oci://charts.bitnami.com/bitnami version: 8.7.7 releaseName: external-dns namespace: external-dns From 8e16be8a298cf8586a32f8ad9f82bdc30a87d5b6 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 13:35:29 +0000 Subject: [PATCH 59/74] Well... will this work? Signed-off-by: Martyn Ranyard --- apps-kustomized/external-dns/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 8cc0f3d..07ea702 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization helmCharts: - name: external-dns - repo: oci://charts.bitnami.com/bitnami + repo: oci://registry-1.docker.io/bitnamicharts version: 8.7.7 releaseName: external-dns namespace: external-dns From 6486a1148b46abd2b0b473af87bc89ca1c2199c7 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 14:34:02 +0000 Subject: [PATCH 60/74] Switch from bitnami to official chart Signed-off-by: Martyn Ranyard --- apps-kustomized/external-dns/deploy.yaml | 12 ++++++++++++ apps-kustomized/external-dns/kustomization.yaml | 14 +++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 apps-kustomized/external-dns/deploy.yaml diff --git a/apps-kustomized/external-dns/deploy.yaml b/apps-kustomized/external-dns/deploy.yaml new file mode 100644 index 0000000..c423ba6 --- /dev/null +++ b/apps-kustomized/external-dns/deploy.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns +spec: + template: + spec: + containers: + - name: external-dns + envFrom: + - secretRef: + name: dnsimple-auth diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 07ea702..045943d 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -3,14 +3,18 @@ kind: Kustomization helmCharts: - name: external-dns - repo: oci://registry-1.docker.io/bitnamicharts - version: 8.7.7 + repo: https://kubernetes-sigs.github.io/external-dns + version: 1.15.0 releaseName: external-dns namespace: external-dns valuesInline: - provider: dnsimple + provider: + name: dnsimple txtPrefix: armnleg - sources: [service,ingress] - extraEnvVarsSecret: dnsimple-auth image: tag: 0.14.0-debian-11-r1 +patches: +- path: deploy.yaml + target: + kind: Deployment + name: external-dns From eeab5971868480af613a47fc3c7908a83b9b276d Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 14:45:23 +0000 Subject: [PATCH 61/74] Image switch too Signed-off-by: Martyn Ranyard --- apps-kustomized/external-dns/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 045943d..53153c9 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -12,7 +12,7 @@ helmCharts: name: dnsimple txtPrefix: armnleg image: - tag: 0.14.0-debian-11-r1 + tag: v0.14.0 patches: - path: deploy.yaml target: From 1bf3f22d61cc58f176709057f68ce55ff15c0e28 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 14:48:07 +0000 Subject: [PATCH 62/74] now we get the latest via the helm chart, why not Signed-off-by: Martyn Ranyard --- apps-kustomized/external-dns/kustomization.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index 53153c9..bbb309a 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -11,8 +11,6 @@ helmCharts: provider: name: dnsimple txtPrefix: armnleg - image: - tag: v0.14.0 patches: - path: deploy.yaml target: From cb118ff57ab786312600f2f0f865b65acecf0373 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 16:12:41 +0000 Subject: [PATCH 63/74] port 80 and alias Signed-off-by: Martyn Ranyard --- everything-app/paperless-ngx.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index 1c87d7e..02ab7a2 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -58,6 +58,10 @@ spec: value: "25m" - name: resources.requests.memory value: "511772986" + - name: service.main.ports.http.port + value: "80" + - name: "service.main.annotations[0].external-dns.alpha.kubernetes.io/hostname" + value: "paperless.martyn.berlin" repoURL: https://charts.gabe565.com targetRevision: 0.24.1 syncPolicy: From 4831ec4212f2eb31480c420713c2529c332cedd3 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 16:17:09 +0000 Subject: [PATCH 64/74] try the other way Signed-off-by: Martyn Ranyard --- everything-app/paperless-ngx.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index 02ab7a2..578ff2a 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -60,8 +60,11 @@ spec: value: "511772986" - name: service.main.ports.http.port value: "80" - - name: "service.main.annotations[0].external-dns.alpha.kubernetes.io/hostname" - value: "paperless.martyn.berlin" + valuesObject: + service: + main: + annotations: + external-dns.alpha.kubernetes.io/hostname: "paperless.martyn.berlin" repoURL: https://charts.gabe565.com targetRevision: 0.24.1 syncPolicy: From 1d56b4636cd3b4b987af75b55bd7bd468832157a Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 16:21:17 +0000 Subject: [PATCH 65/74] TargetPort and move port to object Signed-off-by: Martyn Ranyard --- everything-app/paperless-ngx.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index 578ff2a..1c8c378 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -58,13 +58,15 @@ spec: value: "25m" - name: resources.requests.memory value: "511772986" - - name: service.main.ports.http.port - value: "80" valuesObject: service: main: annotations: external-dns.alpha.kubernetes.io/hostname: "paperless.martyn.berlin" + ports: + http: + port: 80 + targetPort: 8000 repoURL: https://charts.gabe565.com targetRevision: 0.24.1 syncPolicy: From 3fc6869c51e6d024a535c463acfa302859f968ad Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 16:25:15 +0000 Subject: [PATCH 66/74] seems to be listening on 80 as well... Signed-off-by: Martyn Ranyard --- everything-app/paperless-ngx.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index 1c8c378..a927259 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -66,7 +66,7 @@ spec: ports: http: port: 80 - targetPort: 8000 + targetPort: 80 repoURL: https://charts.gabe565.com targetRevision: 0.24.1 syncPolicy: From 90ca469ba4bdc4f324d050a0575dd0fc07b54fb0 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 16:28:30 +0000 Subject: [PATCH 67/74] rootless 80 Signed-off-by: Martyn Ranyard --- everything-app/paperless-ngx.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index a927259..efe4b90 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -59,6 +59,10 @@ spec: - name: resources.requests.memory value: "511772986" valuesObject: + securityContext: + sysctls: + - name: "net.ipv4.ip_unprivileged_port_start" + value: "0" service: main: annotations: From 896c5cda02abb39b80cadac7cead2e6788c96fd9 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 16:33:30 +0000 Subject: [PATCH 68/74] rootless 80 another way Signed-off-by: Martyn Ranyard --- everything-app/paperless-ngx.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index efe4b90..e972c4a 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -60,9 +60,11 @@ spec: value: "511772986" valuesObject: securityContext: - sysctls: - - name: "net.ipv4.ip_unprivileged_port_start" - value: "0" + capabilities: + drop: + - "ALL" + add: + - "NET_BIND_SERVICE" service: main: annotations: From 03d60de00cdf9c220f8087f136b0bbc42326663b Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 16:36:51 +0000 Subject: [PATCH 69/74] allow drop privs lol Signed-off-by: Martyn Ranyard --- everything-app/paperless-ngx.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index e972c4a..4668a1f 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -65,6 +65,7 @@ spec: - "ALL" add: - "NET_BIND_SERVICE" + - "SETUID" service: main: annotations: From 7197ab2ae9a1d374f1783176a49b223deb58bc4a Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 16:37:40 +0000 Subject: [PATCH 70/74] allow drop privs lol Signed-off-by: Martyn Ranyard --- everything-app/paperless-ngx.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index 4668a1f..dd84342 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -66,6 +66,7 @@ spec: add: - "NET_BIND_SERVICE" - "SETUID" + - "CHOWN" service: main: annotations: From dfaf780995187b6c63d62ec84ccd5c340c901ef3 Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 17:12:40 +0000 Subject: [PATCH 71/74] Move to kustomize+helm because omg that is one annoying chart Signed-off-by: Martyn Ranyard --- .../paperless-ngx/kustomization.yaml | 59 +++++++++++++++ apps-kustomized/paperless-ngx/svc.yaml | 8 +++ everything-app/paperless-ngx.yaml | 71 +------------------ 3 files changed, 70 insertions(+), 68 deletions(-) create mode 100644 apps-kustomized/paperless-ngx/kustomization.yaml create mode 100644 apps-kustomized/paperless-ngx/svc.yaml diff --git a/apps-kustomized/paperless-ngx/kustomization.yaml b/apps-kustomized/paperless-ngx/kustomization.yaml new file mode 100644 index 0000000..ff505e1 --- /dev/null +++ b/apps-kustomized/paperless-ngx/kustomization.yaml @@ -0,0 +1,59 @@ + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: +- name: paperless-ngx + repo: https://charts.gabe565.com + version: 0.24.1 + releaseName: paperless-ngx + namespace: paperless-ngx + valuesInline: + persistence: + data: + enabled: "true" + size: "1Gi" + accessMode: ReadWriteOnce + storageClass: "longhorn-fast" + media: + enabled: "true" + size: "8Gi" + accessMode: ReadWriteOnce + storageClass: "longhorn-fast" + export: + enabled: "true" + size: "1Gi" + accessMode: ReadWriteOnce + storageClass: "longhorn-fast" + consume: + enabled: "true" + size: "1Gi" + accessMode: ReadWriteOnce + storageClass: "smb-scans" + service: + main: + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: "paperless.martyn.berlin" + ports: + http: + port: 8080 + postgresql: + enabled: "true" + primary: + persistence: + enabled: "true" + storageClass: "longhorn-fast" + env: + TZ: "Europe/Berlin" + resources: + requests: + cpu: "25m" + memory: "511772986" + + +patches: +- path: svc.yaml + target: + kind: Service + name: paperless-ngx diff --git a/apps-kustomized/paperless-ngx/svc.yaml b/apps-kustomized/paperless-ngx/svc.yaml new file mode 100644 index 0000000..5806965 --- /dev/null +++ b/apps-kustomized/paperless-ngx/svc.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Service +metadata: + name: external-dns-paperless-ngx +spec: + ports: + - name: http + port: 80 diff --git a/everything-app/paperless-ngx.yaml b/everything-app/paperless-ngx.yaml index dd84342..ec9b2b2 100644 --- a/everything-app/paperless-ngx.yaml +++ b/everything-app/paperless-ngx.yaml @@ -9,74 +9,9 @@ spec: server: https://kubernetes.default.svc project: apps source: - chart: paperless-ngx - helm: - parameters: - - name: service.main.type - value: "LoadBalancer" - - name: persistence.data.enabled - value: "true" - - name: persistence.data.size - value: "1Gi" - - name: persistence.data.accessMode - value: ReadWriteOnce - - name: persistence.data.storageClass - value: "longhorn-fast" - - name: persistence.media.enabled - value: "true" - - name: persistence.media.size - value: "8Gi" - - name: persistence.media.accessMode - value: ReadWriteOnce - - name: persistence.media.storageClass - value: "longhorn-fast" - - name: persistence.export.enabled - value: "true" - - name: persistence.export.size - value: "1Gi" - - name: persistence.export.accessMode - value: ReadWriteOnce - - name: persistence.export.storageClass - value: "longhorn-fast" - - name: persistence.consume.enabled - value: "true" - - name: persistence.consume.size - value: "1Gi" - - name: persistence.consume.accessMode - value: ReadWriteOnce - - name: persistence.consume.storageClass - value: "smb-scans" - - name: postgresql.enabled - value: "true" - - name: postgresql.primary.persistence.enabled - value: "true" - - name: postgresql.primary.persistence.storageClass - value: "longhorn-fast" - - name: env.TZ - value: "Europe/Berlin" - - name: resources.requests.cpu - value: "25m" - - name: resources.requests.memory - value: "511772986" - valuesObject: - securityContext: - capabilities: - drop: - - "ALL" - add: - - "NET_BIND_SERVICE" - - "SETUID" - - "CHOWN" - service: - main: - annotations: - external-dns.alpha.kubernetes.io/hostname: "paperless.martyn.berlin" - ports: - http: - port: 80 - targetPort: 80 - repoURL: https://charts.gabe565.com - targetRevision: 0.24.1 + path: apps-kustomized/paperless-ngx + repoURL: https://git.martyn.berlin/martyn/infra4talos + targetRevision: HEAD syncPolicy: automated: selfHeal: true From ac77a5926067dc9a05c225e00e77d8e97aec770a Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Tue, 11 Mar 2025 17:16:44 +0000 Subject: [PATCH 72/74] f it, this works Signed-off-by: Martyn Ranyard --- apps-kustomized/paperless-ngx/kustomization.yaml | 11 +++++++---- apps-kustomized/paperless-ngx/svc.yaml | 8 -------- 2 files changed, 7 insertions(+), 12 deletions(-) delete mode 100644 apps-kustomized/paperless-ngx/svc.yaml diff --git a/apps-kustomized/paperless-ngx/kustomization.yaml b/apps-kustomized/paperless-ngx/kustomization.yaml index ff505e1..5c3957e 100644 --- a/apps-kustomized/paperless-ngx/kustomization.yaml +++ b/apps-kustomized/paperless-ngx/kustomization.yaml @@ -53,7 +53,10 @@ helmCharts: patches: -- path: svc.yaml - target: - kind: Service - name: paperless-ngx + - target: + kind: Service + name: paperless-ngx + patch: |- + - op: replace + path: /spec/ports + value: [{"name":"http","port":80,"targetPort":"http","protocol":"TCP"}] diff --git a/apps-kustomized/paperless-ngx/svc.yaml b/apps-kustomized/paperless-ngx/svc.yaml deleted file mode 100644 index 5806965..0000000 --- a/apps-kustomized/paperless-ngx/svc.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: external-dns-paperless-ngx -spec: - ports: - - name: http - port: 80 From 71da7530d741a007d67b1ff97cfb8576e41d3381 Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Wed, 12 Mar 2025 00:01:30 +0000 Subject: [PATCH 73/74] Update Helm release external-dns to v1.15.2 --- apps-kustomized/external-dns/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps-kustomized/external-dns/kustomization.yaml b/apps-kustomized/external-dns/kustomization.yaml index bbb309a..837207a 100644 --- a/apps-kustomized/external-dns/kustomization.yaml +++ b/apps-kustomized/external-dns/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization helmCharts: - name: external-dns repo: https://kubernetes-sigs.github.io/external-dns - version: 1.15.0 + version: 1.15.2 releaseName: external-dns namespace: external-dns valuesInline: From c1990ed1110e5dc0e8043b7c992468bc92df8f76 Mon Sep 17 00:00:00 2001 From: Renovate bot Date: Thu, 13 Mar 2025 00:01:32 +0000 Subject: [PATCH 74/74] Update Helm release secrets-store-csi-driver to v1.4.8 --- everything-app/app-secrets-store-csi-driver.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/everything-app/app-secrets-store-csi-driver.yaml b/everything-app/app-secrets-store-csi-driver.yaml index 6008171..408fbae 100644 --- a/everything-app/app-secrets-store-csi-driver.yaml +++ b/everything-app/app-secrets-store-csi-driver.yaml @@ -11,7 +11,7 @@ spec: source: chart: secrets-store-csi-driver repoURL: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts - targetRevision: 1.3.4 + targetRevision: 1.4.8 syncPolicy: automated: selfHeal: true