From 76dad5b6d6b5a90c25b5f0598878fd025b346e38 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sat, 25 Oct 2025 17:37:26 +0530 Subject: [PATCH 001/154] manifests for updating k3s version --- clusters/default/system-upgrade/crd.yaml | 1222 +++++++++++++++++ clusters/default/system-upgrade/namespace.yml | 7 + .../system-upgrade-controller.yaml | 322 +++++ .../system-upgrade/system-upgrade-plan.yml | 42 + 4 files changed, 1593 insertions(+) create mode 100644 clusters/default/system-upgrade/crd.yaml create mode 100644 clusters/default/system-upgrade/namespace.yml create mode 100644 clusters/default/system-upgrade/system-upgrade-controller.yaml create mode 100644 clusters/default/system-upgrade/system-upgrade-plan.yml diff --git a/clusters/default/system-upgrade/crd.yaml b/clusters/default/system-upgrade/crd.yaml new file mode 100644 index 0000000..44f3e25 --- /dev/null +++ b/clusters/default/system-upgrade/crd.yaml @@ -0,0 +1,1222 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.3 + name: plans.upgrade.cattle.io +spec: + group: upgrade.cattle.io + names: + kind: Plan + listKind: PlanList + plural: plans + singular: plan + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.upgrade.image + name: Image + type: string + - jsonPath: .spec.channel + name: Channel + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=='Complete')].status + name: Complete + type: string + - jsonPath: .status.conditions[?(@.message!='')].message + name: Message + type: string + - jsonPath: .status.applying + name: Applying + priority: 10 + type: string + name: v1 + schema: + openAPIV3Schema: + description: Plan represents a set of Jobs to apply an upgrade (or other operation) + to set of Nodes. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PlanSpec represents the user-configurable details of a Plan. + properties: + channel: + description: A URL that returns HTTP 302 with the last path element + of the value returned in the Location header assumed to be an image + tag (after munging "+" to "-"). + type: string + concurrency: + description: The maximum number of concurrent nodes to apply this + update on. + format: int64 + type: integer + cordon: + description: |- + If Cordon is true, the node is cordoned before the upgrade container is run. + If drain is specified, the value for cordon is ignored, and the node is cordoned. + If neither drain nor cordon are specified and the node is marked as schedulable=false it will not be marked as schedulable=true when the Job completes. + type: boolean + drain: + description: Configuration for draining nodes prior to upgrade. If + left unspecified, no drain will be performed. + properties: + deleteEmptydirData: + type: boolean + deleteLocalData: + type: boolean + disableEviction: + type: boolean + force: + type: boolean + gracePeriod: + format: int32 + type: integer + ignoreDaemonSets: + type: boolean + podSelector: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + skipWaitForDeleteTimeout: + type: integer + timeout: + anyOf: + - type: integer + - type: string + description: |- + If a string, this is passed through directly to the `kubectl drain` command. + If an int, this represents the duration as a count of nanoseconds, and will be converted to a duration string when passed to the `kubectl drain` command. + x-kubernetes-int-or-string: true + type: object + exclusive: + description: Jobs for exclusive plans cannot be run alongside any + other exclusive plan. + type: boolean + imagePullSecrets: + description: Image Pull Secrets, used to pull images for the Job. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + jobActiveDeadlineSecs: + description: |- + Sets ActiveDeadlineSeconds on Jobs generated to apply this Plan. + If the Job does not complete within this time, the Plan will stop processing until it is updated to trigger a redeploy. + If set to 0, Jobs have no deadline. If not set, the controller default value is used. + format: int64 + type: integer + nodeSelector: + description: Select which nodes this plan can be applied to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + postCompleteDelay: + description: Time after a Job for one Node is complete before a new + Job will be created for the next Node. + type: string + prepare: + description: The prepare init container, if specified, is run before + cordon/drain which is run before the upgrade container. + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + envFrom: + items: + description: EnvFromSource represents the source of a set of + ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: Optional text to prepend to the name of each + environment variable. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + envs: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image name. If the tag is omitted, the value from + .status.latestVersion will be used. + type: string + securityContext: + description: |- + SecurityContext holds security configuration that will be applied to a container. + Some fields are present in both SecurityContext and PodSecurityContext. When both + are set, the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumes: + items: + description: HostPath volume to mount into the pod + properties: + destination: + description: Path to mount the Volume at within the Pod. + type: string + name: + description: Name of the Volume as it will appear within + the Pod spec. + type: string + source: + description: Path on the host to mount. + type: string + required: + - destination + - name + - source + type: object + type: array + required: + - image + type: object + priorityClassName: + description: Priority Class Name of Job, if specified. + type: string + secrets: + description: Secrets to be mounted into the Job Pod. + items: + description: SecretSpec describes a Secret to be mounted for prepare/upgrade + containers. + properties: + defaultMode: + description: Mode to mount the Secret volume with. + format: int32 + type: integer + ignoreUpdates: + description: If set to true, the Secret contents will not be + hashed, and changes to the Secret will not trigger new application + of the Plan. + type: boolean + name: + description: Secret name + type: string + path: + description: Path to mount the Secret volume within the Pod. + type: string + required: + - name + - path + type: object + type: array + serviceAccountName: + description: The service account for the pod to use. As with normal + pods, if not specified the default service account from the namespace + will be assigned. + type: string + tolerations: + description: |- + Specify which node taints should be tolerated by pods applying the upgrade. + Anything specified here is appended to the default of: + - `{key: node.kubernetes.io/unschedulable, effect: NoSchedule, operator: Exists}` + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + upgrade: + description: The upgrade container; must be specified. + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + envFrom: + items: + description: EnvFromSource represents the source of a set of + ConfigMaps or Secrets + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: Optional text to prepend to the name of each + environment variable. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + envs: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image name. If the tag is omitted, the value from + .status.latestVersion will be used. + type: string + securityContext: + description: |- + SecurityContext holds security configuration that will be applied to a container. + Some fields are present in both SecurityContext and PodSecurityContext. When both + are set, the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumes: + items: + description: HostPath volume to mount into the pod + properties: + destination: + description: Path to mount the Volume at within the Pod. + type: string + name: + description: Name of the Volume as it will appear within + the Pod spec. + type: string + source: + description: Path on the host to mount. + type: string + required: + - destination + - name + - source + type: object + type: array + required: + - image + type: object + version: + description: Providing a value for version will prevent polling/resolution + of the channel if specified. + type: string + window: + description: |- + A time window in which to execute Jobs for this Plan. + Jobs will not be generated outside this time window, but may continue executing into the window once started. + properties: + days: + description: Days that this time window is valid for + items: + enum: + - "0" + - su + - sun + - sunday + - "1" + - mo + - mon + - monday + - "2" + - tu + - tue + - tuesday + - "3" + - we + - wed + - wednesday + - "4" + - th + - thu + - thursday + - "5" + - fr + - fri + - friday + - "6" + - sa + - sat + - saturday + type: string + minItems: 1 + type: array + endTime: + description: End of the time window. + type: string + startTime: + description: Start of the time window. + type: string + timeZone: + description: Time zone for the time window; if not specified UTC + will be used. + type: string + type: object + required: + - upgrade + type: object + status: + description: PlanStatus represents the resulting state from processing + Plan events. + properties: + applying: + description: List of Node names that the Plan is currently being applied + on. + items: + type: string + type: array + conditions: + description: |- + `LatestResolved` indicates that the latest version as per the spec has been determined. + `Validated` indicates that the plan spec has been validated. + `Complete` indicates that the latest version of the plan has completed on all selected nodes. If any Jobs for the Plan fail to complete, this condition will remain false, and the reason and message will reflect the source of the error. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + lastUpdateTime: + description: The last time this condition was updated. + type: string + message: + description: Human-readable message indicating details about + last transition + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of cluster condition. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + latestHash: + description: The hash of the most recently applied plan .spec. + type: string + latestVersion: + description: The latest version, as resolved from .spec.version, or + the channel server. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/clusters/default/system-upgrade/namespace.yml b/clusters/default/system-upgrade/namespace.yml new file mode 100644 index 0000000..1e6c002 --- /dev/null +++ b/clusters/default/system-upgrade/namespace.yml @@ -0,0 +1,7 @@ +--- +kind: Namespace +apiVersion: v1 +metadata: + name: system-upgrade + labels: + name: system-upgrade diff --git a/clusters/default/system-upgrade/system-upgrade-controller.yaml b/clusters/default/system-upgrade/system-upgrade-controller.yaml new file mode 100644 index 0000000..3a178e3 --- /dev/null +++ b/clusters/default/system-upgrade/system-upgrade-controller.yaml @@ -0,0 +1,322 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + pod-security.kubernetes.io/enforce: privileged + name: system-upgrade +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: system-upgrade + namespace: system-upgrade +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: system-upgrade-controller + namespace: system-upgrade +rules: +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - deletecollection + - patch + - update + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system-upgrade-controller +rules: +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - patch + - update +- apiGroups: + - "" + resources: + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - create + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - system-upgrade-controller + resources: + - leases + verbs: + - get + - update +- apiGroups: + - upgrade.cattle.io + resources: + - plans + - plans/status + verbs: + - get + - list + - watch + - create + - patch + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system-upgrade-controller-drainer +rules: +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - patch +- apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - replicasets + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: system-upgrade + namespace: system-upgrade +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: system-upgrade-controller +subjects: +- kind: ServiceAccount + name: system-upgrade + namespace: system-upgrade +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system-upgrade-controller +subjects: +- kind: ServiceAccount + name: system-upgrade + namespace: system-upgrade +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade-drainer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system-upgrade-controller-drainer +subjects: +- kind: ServiceAccount + name: system-upgrade + namespace: system-upgrade +--- +apiVersion: v1 +data: + SYSTEM_UPGRADE_CONTROLLER_DEBUG: "false" + SYSTEM_UPGRADE_CONTROLLER_LEADER_ELECT: "true" + SYSTEM_UPGRADE_CONTROLLER_THREADS: "2" + SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: "900" + SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: "99" + SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: Always + SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: rancher/kubectl:v1.30.3 + SYSTEM_UPGRADE_JOB_PRIVILEGED: "true" + SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: "900" + SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m +kind: ConfigMap +metadata: + name: default-controller-env + namespace: system-upgrade +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: system-upgrade-controller + namespace: system-upgrade +spec: + selector: + matchLabels: + upgrade.cattle.io/controller: system-upgrade-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: system-upgrade-controller + upgrade.cattle.io/controller: system-upgrade-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - key: kubernetes.io/os + operator: In + values: + - linux + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - system-upgrade-controller + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: SYSTEM_UPGRADE_CONTROLLER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['upgrade.cattle.io/controller'] + - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SYSTEM_UPGRADE_CONTROLLER_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + envFrom: + - configMapRef: + name: default-controller-env + image: rancher/system-upgrade-controller:v0.16.3 + imagePullPolicy: IfNotPresent + name: system-upgrade-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/ssl + name: etc-ssl + readOnly: true + - mountPath: /etc/pki + name: etc-pki + readOnly: true + - mountPath: /etc/ca-certificates + name: etc-ca-certificates + readOnly: true + - mountPath: /tmp + name: tmp + serviceAccountName: system-upgrade + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/controlplane + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + key: node-role.kubernetes.io/etcd + operator: Exists + volumes: + - hostPath: + path: /etc/ssl + type: DirectoryOrCreate + name: etc-ssl + - hostPath: + path: /etc/pki + type: DirectoryOrCreate + name: etc-pki + - hostPath: + path: /etc/ca-certificates + type: DirectoryOrCreate + name: etc-ca-certificates + - emptyDir: {} + name: tmp diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yml b/clusters/default/system-upgrade/system-upgrade-plan.yml new file mode 100644 index 0000000..cbf64b5 --- /dev/null +++ b/clusters/default/system-upgrade/system-upgrade-plan.yml @@ -0,0 +1,42 @@ +# Server plan +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: server-plan + namespace: system-upgrade +spec: + concurrency: 1 + cordon: true + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: In + values: + - "true" + serviceAccountName: system-upgrade + upgrade: + image: rancher/k3s-upgrade + channel: https://update.k3s.io/v1-release/channels/stable +--- +# Agent plan +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: agent-plan + namespace: system-upgrade +spec: + concurrency: 1 + cordon: true + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: DoesNotExist + prepare: + args: + - prepare + - server-plan + image: rancher/k3s-upgrade + serviceAccountName: system-upgrade + upgrade: + image: rancher/k3s-upgrade + channel: https://update.k3s.io/v1-release/channels/stable From 2a9187d81901bd39e3b3e0f92d0c6d42c1ed3898 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sat, 25 Oct 2025 17:39:59 +0530 Subject: [PATCH 002/154] delete duplicate ns definition --- clusters/default/system-upgrade/namespace.yml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 clusters/default/system-upgrade/namespace.yml diff --git a/clusters/default/system-upgrade/namespace.yml b/clusters/default/system-upgrade/namespace.yml deleted file mode 100644 index 1e6c002..0000000 --- a/clusters/default/system-upgrade/namespace.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -kind: Namespace -apiVersion: v1 -metadata: - name: system-upgrade - labels: - name: system-upgrade From c16bc1a95dd7cd55b2864607bf6d4560f1b9223d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 26 Oct 2025 00:02:54 +0000 Subject: [PATCH 003/154] Update searxng/searxng Docker digest to 7a8b6b6 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index f554553..0988324 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:f987b3bab09e8921c12caea48ab41716ed153b7e27799df4acba808dc03f0f0a + image: searxng/searxng@sha256:7a8b6b67a98a3ca372d9057e09adb99137ed31ca62f3a4a29802e9f873f80bc9 ports: - containerPort: 8080 env: From dfe1d18f3362a46f4d953da8f4b12e21d07b9fe9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 26 Oct 2025 14:32:15 +0000 Subject: [PATCH 004/154] Update jasongdove/ersatztv Docker tag to v25.8.0 --- clusters/default/media/ersatztv/ersatztv.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/ersatztv/ersatztv.yml b/clusters/default/media/ersatztv/ersatztv.yml index 9ed86bc..39b6ca3 100644 --- a/clusters/default/media/ersatztv/ersatztv.yml +++ b/clusters/default/media/ersatztv/ersatztv.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: ersatztv - image: jasongdove/ersatztv:v25.7.1 + image: jasongdove/ersatztv:v25.8.0 ports: - containerPort: 8409 volumeMounts: From 81dd694de029e165c466540d753cc1d10b482586 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 26 Oct 2025 14:32:18 +0000 Subject: [PATCH 005/154] Update lscr.io/linuxserver/prowlarr Docker tag to v2.1.5 --- clusters/default/arr-stack/prowlarr/prowlarr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/arr-stack/prowlarr/prowlarr.yml b/clusters/default/arr-stack/prowlarr/prowlarr.yml index 1eaff7c..357a42b 100644 --- a/clusters/default/arr-stack/prowlarr/prowlarr.yml +++ b/clusters/default/arr-stack/prowlarr/prowlarr.yml @@ -40,7 +40,7 @@ spec: key: OPENVPN_USER containers: - name: prowlarr - image: lscr.io/linuxserver/prowlarr:2.0.5 + image: lscr.io/linuxserver/prowlarr:2.1.5 volumeMounts: - name: config mountPath: /config From 57d29152e93f5861ae395e7f904005bd90add51e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 26 Oct 2025 15:10:55 +0000 Subject: [PATCH 006/154] Update actions/checkout action to v5 --- .gitea/workflows/renovate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml index 3d931a5..f8f14be 100644 --- a/.gitea/workflows/renovate.yml +++ b/.gitea/workflows/renovate.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Run Renovate env: From 6f938d573cc2ad2cc34f56d5909a5d15e1f5b413 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sun, 26 Oct 2025 21:40:23 +0530 Subject: [PATCH 007/154] use shared-ip --- clusters/default/arr-stack/bazarr/bazarr-svc.yml | 3 +++ clusters/default/arr-stack/jellyseerr/jellyseerr-svc.yml | 3 +++ clusters/default/arr-stack/prowlarr/prowlarr-svc.yml | 3 +++ clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml | 3 +++ clusters/default/arr-stack/radarr/radarr-svc.yml | 3 +++ clusters/default/arr-stack/sonarr/sonarr-svc.yml | 3 +++ clusters/default/git-ops/gitea/gitea-svc.yml | 3 +++ clusters/default/git-ops/semaphore/semaphore-svc.yml | 3 +++ clusters/default/media/ersatztv/ersatztv-svc.yml | 3 +++ clusters/default/media/immich/immich-svc.yml | 6 ++++++ clusters/default/media/invidious/invidious-svc.yml | 3 +++ clusters/default/media/jellyfin/jellyfin-svc.yml | 3 +++ clusters/default/monitoring/homepage/homepage-svc.yml | 3 +++ clusters/default/monitoring/jellystat/jellystat-svc.yml | 3 +++ clusters/default/monitoring/pulse/pulse-svc.yml | 3 +++ clusters/default/monitoring/speedtest/speedtest-svc.yml | 3 +++ clusters/default/tools/code-server/code-server-svc.yml | 3 +++ clusters/default/tools/nextcloud/nextcloud-svc.yml | 6 ++++++ clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml | 3 +++ clusters/default/tools/searxng/searxng-svc.yml | 3 +++ clusters/default/tools/vaultwarden/vaultwarden-svc.yml | 3 +++ 21 files changed, 69 insertions(+) diff --git a/clusters/default/arr-stack/bazarr/bazarr-svc.yml b/clusters/default/arr-stack/bazarr/bazarr-svc.yml index 92fe098..b965c62 100644 --- a/clusters/default/arr-stack/bazarr/bazarr-svc.yml +++ b/clusters/default/arr-stack/bazarr/bazarr-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: bazarr-service namespace: arr-stack + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: bazarr diff --git a/clusters/default/arr-stack/jellyseerr/jellyseerr-svc.yml b/clusters/default/arr-stack/jellyseerr/jellyseerr-svc.yml index 69a2430..b2ad0ab 100644 --- a/clusters/default/arr-stack/jellyseerr/jellyseerr-svc.yml +++ b/clusters/default/arr-stack/jellyseerr/jellyseerr-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: jellyseerr-service namespace: arr-stack + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: jellyseerr diff --git a/clusters/default/arr-stack/prowlarr/prowlarr-svc.yml b/clusters/default/arr-stack/prowlarr/prowlarr-svc.yml index 9a8848b..d464254 100644 --- a/clusters/default/arr-stack/prowlarr/prowlarr-svc.yml +++ b/clusters/default/arr-stack/prowlarr/prowlarr-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: prowlarr-service namespace: arr-stack + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: prowlarr diff --git a/clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml b/clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml index 1466038..7dba739 100644 --- a/clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml +++ b/clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: qbittorrent-service namespace: arr-stack + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: qbittorrent diff --git a/clusters/default/arr-stack/radarr/radarr-svc.yml b/clusters/default/arr-stack/radarr/radarr-svc.yml index f1a8a02..03014ea 100644 --- a/clusters/default/arr-stack/radarr/radarr-svc.yml +++ b/clusters/default/arr-stack/radarr/radarr-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: radarr-service namespace: arr-stack + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: radarr diff --git a/clusters/default/arr-stack/sonarr/sonarr-svc.yml b/clusters/default/arr-stack/sonarr/sonarr-svc.yml index 3b27008..af3dab9 100644 --- a/clusters/default/arr-stack/sonarr/sonarr-svc.yml +++ b/clusters/default/arr-stack/sonarr/sonarr-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: sonarr-service namespace: arr-stack + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: sonarr diff --git a/clusters/default/git-ops/gitea/gitea-svc.yml b/clusters/default/git-ops/gitea/gitea-svc.yml index cc6a5ea..1da6cfa 100644 --- a/clusters/default/git-ops/gitea/gitea-svc.yml +++ b/clusters/default/git-ops/gitea/gitea-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: gitea-service namespace: git-ops + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: gitea-app diff --git a/clusters/default/git-ops/semaphore/semaphore-svc.yml b/clusters/default/git-ops/semaphore/semaphore-svc.yml index 50b82df..0b3b54a 100644 --- a/clusters/default/git-ops/semaphore/semaphore-svc.yml +++ b/clusters/default/git-ops/semaphore/semaphore-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: semaphore-service namespace: git-ops + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: semaphore diff --git a/clusters/default/media/ersatztv/ersatztv-svc.yml b/clusters/default/media/ersatztv/ersatztv-svc.yml index 32b2182..52253f0 100644 --- a/clusters/default/media/ersatztv/ersatztv-svc.yml +++ b/clusters/default/media/ersatztv/ersatztv-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: ersatztv-service namespace: media + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: ersatztv diff --git a/clusters/default/media/immich/immich-svc.yml b/clusters/default/media/immich/immich-svc.yml index 4152f08..5c6b54f 100644 --- a/clusters/default/media/immich/immich-svc.yml +++ b/clusters/default/media/immich/immich-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: immich-service namespace: media + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: immich-app @@ -18,7 +21,10 @@ kind: Service metadata: name: immich-machine-learning-service namespace: media + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: immich-ml diff --git a/clusters/default/media/invidious/invidious-svc.yml b/clusters/default/media/invidious/invidious-svc.yml index 6d2bc85..7c68d2a 100644 --- a/clusters/default/media/invidious/invidious-svc.yml +++ b/clusters/default/media/invidious/invidious-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: invidious-service namespace: media + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: invidious diff --git a/clusters/default/media/jellyfin/jellyfin-svc.yml b/clusters/default/media/jellyfin/jellyfin-svc.yml index 21f224f..8cfeaf0 100644 --- a/clusters/default/media/jellyfin/jellyfin-svc.yml +++ b/clusters/default/media/jellyfin/jellyfin-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: jellyfin-service namespace: media + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: jellyfin diff --git a/clusters/default/monitoring/homepage/homepage-svc.yml b/clusters/default/monitoring/homepage/homepage-svc.yml index 59d57c7..8095b21 100644 --- a/clusters/default/monitoring/homepage/homepage-svc.yml +++ b/clusters/default/monitoring/homepage/homepage-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: homepage-service namespace: monitoring + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app.kubernetes.io/name: homepage diff --git a/clusters/default/monitoring/jellystat/jellystat-svc.yml b/clusters/default/monitoring/jellystat/jellystat-svc.yml index 8b20491..4addd04 100644 --- a/clusters/default/monitoring/jellystat/jellystat-svc.yml +++ b/clusters/default/monitoring/jellystat/jellystat-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: jellystat-service namespace: monitoring + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: jellystat diff --git a/clusters/default/monitoring/pulse/pulse-svc.yml b/clusters/default/monitoring/pulse/pulse-svc.yml index ff98d1e..64aa162 100644 --- a/clusters/default/monitoring/pulse/pulse-svc.yml +++ b/clusters/default/monitoring/pulse/pulse-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: pulse-service namespace: monitoring + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: pulse diff --git a/clusters/default/monitoring/speedtest/speedtest-svc.yml b/clusters/default/monitoring/speedtest/speedtest-svc.yml index 02727cc..91ed33d 100644 --- a/clusters/default/monitoring/speedtest/speedtest-svc.yml +++ b/clusters/default/monitoring/speedtest/speedtest-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: speedtest-service namespace: monitoring + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: speedtest diff --git a/clusters/default/tools/code-server/code-server-svc.yml b/clusters/default/tools/code-server/code-server-svc.yml index f3f4fca..ab0babd 100644 --- a/clusters/default/tools/code-server/code-server-svc.yml +++ b/clusters/default/tools/code-server/code-server-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: code-server-service namespace: tools + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 selector: app: code-server type: LoadBalancer diff --git a/clusters/default/tools/nextcloud/nextcloud-svc.yml b/clusters/default/tools/nextcloud/nextcloud-svc.yml index df37926..6f1eea4 100644 --- a/clusters/default/tools/nextcloud/nextcloud-svc.yml +++ b/clusters/default/tools/nextcloud/nextcloud-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: nextcloud-service namespace: tools + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: nextcloud @@ -19,7 +22,10 @@ kind: Service metadata: name: collabora-service namespace: tools + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: collabora diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml b/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml index 8c4b718..931f156 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: paperless-ngx-service namespace: tools + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: paperless-ngx diff --git a/clusters/default/tools/searxng/searxng-svc.yml b/clusters/default/tools/searxng/searxng-svc.yml index a2edf76..da269a8 100644 --- a/clusters/default/tools/searxng/searxng-svc.yml +++ b/clusters/default/tools/searxng/searxng-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: searxng-service namespace: tools + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 selector: app: searxng type: LoadBalancer diff --git a/clusters/default/tools/vaultwarden/vaultwarden-svc.yml b/clusters/default/tools/vaultwarden/vaultwarden-svc.yml index 7ae35d3..6945fa4 100644 --- a/clusters/default/tools/vaultwarden/vaultwarden-svc.yml +++ b/clusters/default/tools/vaultwarden/vaultwarden-svc.yml @@ -4,7 +4,10 @@ kind: Service metadata: name: vaultwarden-service namespace: tools + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" spec: + loadBalancerIP: 192.168.1.230 type: LoadBalancer selector: app: vaultwarden From d37a6cac3f3cb5cf3b75b55563af9d929585bf7b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 28 Oct 2025 10:18:25 +0000 Subject: [PATCH 008/154] Update quay.io/invidious/invidious-companion Docker digest to 4320469 --- clusters/default/media/invidious/invidious.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index fb72c07..bd4b0ae 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -66,7 +66,7 @@ spec: - name: postgres-data mountPath: /var/lib/postgresql/data - name: inv-companion - image: quay.io/invidious/invidious-companion@sha256:e9d860b2ac15d188f4b94204a191c4adbd66c79544bac07e90d4a5ed613e5ba1 + image: quay.io/invidious/invidious-companion@sha256:4320469a01fd3e7f554c8a7ad8d0fd388f325b27cc39a760c64edb36914f06ea restartPolicy: Always env: - name: SERVER_SECRET_KEY From b503dfbe1352d5bfd6b03545587534e5d0f46d19 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 28 Oct 2025 10:18:29 +0000 Subject: [PATCH 009/154] Update jellyfin/jellyfin Docker tag to v10.11.1 --- clusters/default/media/jellyfin/jellyfin.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/jellyfin/jellyfin.yml b/clusters/default/media/jellyfin/jellyfin.yml index 09af5d6..263fb45 100644 --- a/clusters/default/media/jellyfin/jellyfin.yml +++ b/clusters/default/media/jellyfin/jellyfin.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: jellyfin - image: jellyfin/jellyfin:10.11.0 + image: jellyfin/jellyfin:10.11.1 ports: - containerPort: 8096 volumeMounts: From eee3e83b682a97a89178c17d5232d3861ae00412 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 29 Oct 2025 16:44:07 +0000 Subject: [PATCH 010/154] Update searxng/searxng Docker digest to a943cb1 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 0988324..9a356b4 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:7a8b6b67a98a3ca372d9057e09adb99137ed31ca62f3a4a29802e9f873f80bc9 + image: searxng/searxng@sha256:a943cb1111c2a61ef74162359de687cca94f5472d336e0a2dfef7be2259a4e8f ports: - containerPort: 8080 env: From 446896145e17a6c517158b0e334cce7f675c6a10 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 29 Oct 2025 16:44:14 +0000 Subject: [PATCH 011/154] Update dependency fluxcd/flux2 to v2.7.3 --- .../default/flux-system/gotk-components.yaml | 82 +++++++++---------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/clusters/default/flux-system/gotk-components.yaml b/clusters/default/flux-system/gotk-components.yaml index 7d61311..518c7e9 100644 --- a/clusters/default/flux-system/gotk-components.yaml +++ b/clusters/default/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.7.2 +# Flux Version: v2.7.3 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: crd-controller-flux-system rules: - apiGroups: @@ -204,7 +204,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -230,7 +230,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -255,7 +255,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -275,7 +275,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -313,7 +313,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1084,7 +1084,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: externalartifacts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1280,7 +1280,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2234,7 +2234,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2960,7 +2960,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3591,7 +3591,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -4417,7 +4417,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: source-controller namespace: flux-system --- @@ -4428,7 +4428,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 control-plane: controller name: source-controller namespace: flux-system @@ -4449,7 +4449,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 control-plane: controller name: source-controller namespace: flux-system @@ -4470,7 +4470,7 @@ spec: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 spec: containers: - args: @@ -4493,7 +4493,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.7.2 + image: ghcr.io/fluxcd/source-controller:v1.7.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4557,7 +4557,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5927,7 +5927,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: kustomize-controller namespace: flux-system --- @@ -5938,7 +5938,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5957,7 +5957,7 @@ spec: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 spec: containers: - args: @@ -5976,7 +5976,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.7.1 + image: ghcr.io/fluxcd/kustomize-controller:v1.7.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6033,7 +6033,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -8664,7 +8664,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: helm-controller namespace: flux-system --- @@ -8675,7 +8675,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 control-plane: controller name: helm-controller namespace: flux-system @@ -8694,7 +8694,7 @@ spec: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 spec: containers: - args: @@ -8713,7 +8713,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.4.2 + image: ghcr.io/fluxcd/helm-controller:v1.4.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8770,7 +8770,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9160,7 +9160,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9572,7 +9572,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -10049,7 +10049,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 name: notification-controller namespace: flux-system --- @@ -10060,7 +10060,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 control-plane: controller name: notification-controller namespace: flux-system @@ -10081,7 +10081,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 control-plane: controller name: webhook-receiver namespace: flux-system @@ -10102,7 +10102,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 control-plane: controller name: notification-controller namespace: flux-system @@ -10121,7 +10121,7 @@ spec: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.2 + app.kubernetes.io/version: v2.7.3 spec: containers: - args: @@ -10139,7 +10139,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.7.3 + image: ghcr.io/fluxcd/notification-controller:v1.7.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: From e9028921b353f0f26ed51d7fdc65d4283d3fd8d8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 29 Oct 2025 16:44:21 +0000 Subject: [PATCH 012/154] Update public.ecr.aws/semaphore/pro/server Docker tag to v2.16.36 --- clusters/default/git-ops/semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/semaphore/semaphore.yml b/clusters/default/git-ops/semaphore/semaphore.yml index af5640e..4c548b0 100644 --- a/clusters/default/git-ops/semaphore/semaphore.yml +++ b/clusters/default/git-ops/semaphore/semaphore.yml @@ -40,7 +40,7 @@ spec: subPath: db containers: - name: semaphore - image: public.ecr.aws/semaphore/pro/server:v2.16.34 + image: public.ecr.aws/semaphore/pro/server:v2.16.36 ports: - containerPort: 3000 envFrom: From 6f56a9a3b2796c070b4a624499ce4841beb7e45f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 29 Oct 2025 16:44:30 +0000 Subject: [PATCH 013/154] Update renovate/renovate Docker tag to v41.165.2 --- .gitea/workflows/renovate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml index f8f14be..59ee288 100644 --- a/.gitea/workflows/renovate.yml +++ b/.gitea/workflows/renovate.yml @@ -9,7 +9,7 @@ jobs: renovate: runs-on: ubuntu-latest container: - image: renovate/renovate:41.97.7 + image: renovate/renovate:41.165.2 steps: - name: Checkout repository From 68e7da4a1d7f0727f69752dac0ebc941e07cc4c6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 30 Oct 2025 16:57:25 +0000 Subject: [PATCH 014/154] Update searxng/searxng Docker digest to 41b98d7 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 9a356b4..eda5340 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:a943cb1111c2a61ef74162359de687cca94f5472d336e0a2dfef7be2259a4e8f + image: searxng/searxng@sha256:41b98d7f04bc0ffd37e98a2af5de38a628f1cc4c6374b39ee8eacbc209bf75be ports: - containerPort: 8080 env: From d8380f9e7018977344f2908da1d33400ecf6064a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 30 Oct 2025 16:57:27 +0000 Subject: [PATCH 015/154] Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.19.3 --- clusters/default/tools/paperless-ngx/paperless-ngx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index e8f181f..b9920af 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -27,7 +27,7 @@ spec: subPath: redis containers: - name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:2.19.2 + image: ghcr.io/paperless-ngx/paperless-ngx:2.19.3 ports: - containerPort: 8000 env: From 83300f67ad084e2f1c05a790ff881a40156bfbe9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 30 Oct 2025 16:57:33 +0000 Subject: [PATCH 016/154] Update Helm release prometheus to v27.42.1 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index 23895a5..1037fe8 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.42.0" + version: "27.42.1" sourceRef: kind: HelmRepository name: prometheus-community From d8f77cacb60fbb884b4a14c100d12fa1f2d9f751 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 30 Oct 2025 16:58:11 +0000 Subject: [PATCH 017/154] Update public.ecr.aws/semaphore/pro/server Docker tag to v2.16.37 --- clusters/default/git-ops/semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/semaphore/semaphore.yml b/clusters/default/git-ops/semaphore/semaphore.yml index 4c548b0..dc471fb 100644 --- a/clusters/default/git-ops/semaphore/semaphore.yml +++ b/clusters/default/git-ops/semaphore/semaphore.yml @@ -40,7 +40,7 @@ spec: subPath: db containers: - name: semaphore - image: public.ecr.aws/semaphore/pro/server:v2.16.36 + image: public.ecr.aws/semaphore/pro/server:v2.16.37 ports: - containerPort: 3000 envFrom: From ebd1ca98fc48df210b2fc76fa613ff0a3612ed7a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 30 Oct 2025 17:01:22 +0000 Subject: [PATCH 018/154] Update gitea/gitea Docker tag to v1.25.0 --- clusters/default/git-ops/gitea/gitea.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea/gitea.yml b/clusters/default/git-ops/gitea/gitea.yml index b32a6b4..3832504 100644 --- a/clusters/default/git-ops/gitea/gitea.yml +++ b/clusters/default/git-ops/gitea/gitea.yml @@ -29,7 +29,7 @@ spec: done containers: - name: gitea - image: gitea/gitea:1.24.7 + image: gitea/gitea:1.25.0 ports: - containerPort: 22 name: ssh From 72608dc3d1bb47110dad2d69a322edd87156ce13 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 31 Oct 2025 16:26:33 +0530 Subject: [PATCH 019/154] update db to postgres:18 --- clusters/default/git-ops/gitea/gitea-db.yml | 16 ++++++++-------- clusters/default/git-ops/gitea/gitea-pvc.yml | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/clusters/default/git-ops/gitea/gitea-db.yml b/clusters/default/git-ops/gitea/gitea-db.yml index e099b0d..10f5476 100644 --- a/clusters/default/git-ops/gitea/gitea-db.yml +++ b/clusters/default/git-ops/gitea/gitea-db.yml @@ -18,13 +18,13 @@ spec: initContainers: - name: init-cleanup image: busybox - command: ["rm", "-rf", "/var/lib/postgresql/data/lost+found"] + command: ["rm", "-rf", "/var/lib/postgresql/lost+found"] volumeMounts: - - name: db - mountPath: /var/lib/postgresql/data + - name: gitea-db + mountPath: /var/lib/postgresql containers: - name: gitea-db - image: postgres:15.14 + image: postgres:18 ports: - containerPort: 5432 env: @@ -38,9 +38,9 @@ spec: - name: POSTGRES_DB value: "gitea" volumeMounts: - - name: db - mountPath: /var/lib/postgresql/data + - name: gitea-db + mountPath: /var/lib/postgresql volumes: - - name: db + - name: gitea-db persistentVolumeClaim: - claimName: gitea-db-longhorn + claimName: gitea-db-new-longhorn diff --git a/clusters/default/git-ops/gitea/gitea-pvc.yml b/clusters/default/git-ops/gitea/gitea-pvc.yml index bc56b61..747378a 100644 --- a/clusters/default/git-ops/gitea/gitea-pvc.yml +++ b/clusters/default/git-ops/gitea/gitea-pvc.yml @@ -17,7 +17,7 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: gitea-db-longhorn + name: gitea-db-new-longhorn namespace: git-ops spec: accessModes: @@ -25,5 +25,5 @@ spec: volumeMode: Filesystem resources: requests: - storage: 5Gi + storage: 2Gi storageClassName: longhorn From cf503ba794cb84566640d5a198f97645c5685709 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 1 Nov 2025 00:02:23 +0000 Subject: [PATCH 020/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.6.10 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index 492ee6b..d4841c2 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.6.9 + image: lscr.io/linuxserver/speedtest-tracker:1.6.10 ports: - containerPort: 80 env: From 6aea6805f15cb84c26121407e22691cfae920af4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 1 Nov 2025 00:02:27 +0000 Subject: [PATCH 021/154] Update ghcr.io/immich-app/immich-machine-learning Docker tag to v2.2.1 --- clusters/default/media/immich/immich-ml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich-ml.yml b/clusters/default/media/immich/immich-ml.yml index cc387e7..c5c3bb7 100644 --- a/clusters/default/media/immich/immich-ml.yml +++ b/clusters/default/media/immich/immich-ml.yml @@ -19,7 +19,7 @@ spec: runtimeClassName: nvidia containers: - name: immich-machine-learning - image: ghcr.io/immich-app/immich-machine-learning:v2.1.0-cuda + image: ghcr.io/immich-app/immich-machine-learning:v2.2.1-cuda ports: - containerPort: 3003 env: From b270484c5a4ea37034401e669435de0c46d97e9e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 1 Nov 2025 00:02:36 +0000 Subject: [PATCH 022/154] Update ghcr.io/immich-app/immich-server Docker tag to v2.2.1 --- clusters/default/media/immich/immich.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich.yml b/clusters/default/media/immich/immich.yml index 69cee3a..b010832 100644 --- a/clusters/default/media/immich/immich.yml +++ b/clusters/default/media/immich/immich.yml @@ -39,7 +39,7 @@ spec: done containers: - name: immich-server - image: ghcr.io/immich-app/immich-server:v2.1.0 + image: ghcr.io/immich-app/immich-server:v2.2.1 ports: - containerPort: 2283 env: From 022c27c179d1f1911dedd22f22e75f386fccff33 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 1 Nov 2025 16:41:42 +0000 Subject: [PATCH 023/154] Update searxng/searxng Docker digest to 50a94da --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index eda5340..e4814a1 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:41b98d7f04bc0ffd37e98a2af5de38a628f1cc4c6374b39ee8eacbc209bf75be + image: searxng/searxng@sha256:50a94dae025ba1d9732bb354d23d0a61cdbfbc7f5a6ee538ef7f692c999ee8e5 ports: - containerPort: 8080 env: From 6e542b339bcaf0dc7ecc93bbcd29157f56812afe Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sat, 1 Nov 2025 22:24:50 +0530 Subject: [PATCH 024/154] update to postgres:18 --- clusters/default/media/invidious/invidious.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index bd4b0ae..8084f21 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -39,12 +39,12 @@ spec: - sh - -c - | - rm -rf /var/lib/postgresql/data/lost+found + rm -rf /var/lib/postgresql/lost+found volumeMounts: - name: postgres-data - mountPath: /var/lib/postgresql/data + mountPath: /var/lib/postgresql - name: postgres - image: postgres:15.14 + image: postgres:18 restartPolicy: Always env: - name: POSTGRES_DB @@ -64,7 +64,7 @@ spec: key: postgres-password volumeMounts: - name: postgres-data - mountPath: /var/lib/postgresql/data + mountPath: /var/lib/postgresql - name: inv-companion image: quay.io/invidious/invidious-companion@sha256:4320469a01fd3e7f554c8a7ad8d0fd388f325b27cc39a760c64edb36914f06ea restartPolicy: Always From 0f4b3be49d9ec4ae15f9b59693bba045fa48465b Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sat, 1 Nov 2025 22:57:01 +0530 Subject: [PATCH 025/154] set MARIADB_AUTO_UPGRADE=1 --- clusters/default/tools/nextcloud/nextcloud-db.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/clusters/default/tools/nextcloud/nextcloud-db.yml b/clusters/default/tools/nextcloud/nextcloud-db.yml index 29be29c..05175d2 100644 --- a/clusters/default/tools/nextcloud/nextcloud-db.yml +++ b/clusters/default/tools/nextcloud/nextcloud-db.yml @@ -15,7 +15,7 @@ spec: spec: containers: - name: nextcloud-db - image: mariadb:11.8.3 + image: mariadb:12.0.2 ports: - containerPort: 3306 env: @@ -33,6 +33,8 @@ spec: value: "nextcloud" - name: MYSQL_USER value: "nextcloud" + - name: MARIADB_AUTO_UPGRADE + value: "1" volumeMounts: - name: nextcloud-db-storage mountPath: /var/lib/mysql From a50f2ef43f101fb57f2d5ec89d273e5346b1c8b7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 1 Nov 2025 22:28:45 +0000 Subject: [PATCH 026/154] Update Helm release prometheus to v27.42.2 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index 1037fe8..d8eeba7 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.42.1" + version: "27.42.2" sourceRef: kind: HelmRepository name: prometheus-community From 1fea43c3c887c8844ca45640c9f6ba926e2d6fc4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 00:03:57 +0000 Subject: [PATCH 027/154] Update quay.io/invidious/invidious-companion Docker digest to 4f589b8 --- clusters/default/media/invidious/invidious.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index 8084f21..28a97be 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -66,7 +66,7 @@ spec: - name: postgres-data mountPath: /var/lib/postgresql - name: inv-companion - image: quay.io/invidious/invidious-companion@sha256:4320469a01fd3e7f554c8a7ad8d0fd388f325b27cc39a760c64edb36914f06ea + image: quay.io/invidious/invidious-companion@sha256:4f589b8eedf3c2d49de4a256ee018d7e4ff54fcce683f9005a31dbb7d1bf870f restartPolicy: Always env: - name: SERVER_SECRET_KEY From e015d59345070570ced82155c29ddfabda52a44b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 00:04:28 +0000 Subject: [PATCH 028/154] Update searxng/searxng Docker digest to e479206 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index e4814a1..7567d26 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:50a94dae025ba1d9732bb354d23d0a61cdbfbc7f5a6ee538ef7f692c999ee8e5 + image: searxng/searxng@sha256:e479206b72bc16054000c06d04574bc93f4abe1adbaa6432037bd806c0acabed ports: - containerPort: 8080 env: From b507356621d7843e69dcc85fb6e8045a4d81cbda Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 00:04:29 +0000 Subject: [PATCH 029/154] Update ghcr.io/immich-app/immich-machine-learning Docker tag to v2.2.2 --- clusters/default/media/immich/immich-ml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich-ml.yml b/clusters/default/media/immich/immich-ml.yml index c5c3bb7..2325960 100644 --- a/clusters/default/media/immich/immich-ml.yml +++ b/clusters/default/media/immich/immich-ml.yml @@ -19,7 +19,7 @@ spec: runtimeClassName: nvidia containers: - name: immich-machine-learning - image: ghcr.io/immich-app/immich-machine-learning:v2.2.1-cuda + image: ghcr.io/immich-app/immich-machine-learning:v2.2.2-cuda ports: - containerPort: 3003 env: From 6629af9fb8992280a64a2d7e27cb916b75d382b0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 00:04:37 +0000 Subject: [PATCH 030/154] Update ghcr.io/immich-app/immich-server Docker tag to v2.2.2 --- clusters/default/media/immich/immich.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich.yml b/clusters/default/media/immich/immich.yml index b010832..2d1ee31 100644 --- a/clusters/default/media/immich/immich.yml +++ b/clusters/default/media/immich/immich.yml @@ -39,7 +39,7 @@ spec: done containers: - name: immich-server - image: ghcr.io/immich-app/immich-server:v2.2.1 + image: ghcr.io/immich-app/immich-server:v2.2.2 ports: - containerPort: 2283 env: From 781716c074cbe4b0a2c57ab49616c096b7814b2c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 00:05:13 +0000 Subject: [PATCH 031/154] Update jellyfin/jellyfin Docker tag to v10.11.2 --- clusters/default/media/jellyfin/jellyfin.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/jellyfin/jellyfin.yml b/clusters/default/media/jellyfin/jellyfin.yml index 263fb45..985c73e 100644 --- a/clusters/default/media/jellyfin/jellyfin.yml +++ b/clusters/default/media/jellyfin/jellyfin.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: jellyfin - image: jellyfin/jellyfin:10.11.1 + image: jellyfin/jellyfin:10.11.2 ports: - containerPort: 8096 volumeMounts: From ae9adac4ad9adb95c2dea53fcbc3953ab8d00417 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 00:05:50 +0000 Subject: [PATCH 032/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.6.11 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index d4841c2..6cebb80 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.6.10 + image: lscr.io/linuxserver/speedtest-tracker:1.6.11 ports: - containerPort: 80 env: From a7f736414d4f8b320f36a0a431e9982c19586660 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 4 Nov 2025 07:58:26 +0530 Subject: [PATCH 033/154] enable pihole --- {disabled => clusters/default/tools}/pihole/pihole-pvc.yml | 0 {disabled => clusters/default/tools}/pihole/pihole-svc.yml | 3 ++- {disabled => clusters/default/tools}/pihole/pihole.yml | 0 3 files changed, 2 insertions(+), 1 deletion(-) rename {disabled => clusters/default/tools}/pihole/pihole-pvc.yml (100%) rename {disabled => clusters/default/tools}/pihole/pihole-svc.yml (81%) rename {disabled => clusters/default/tools}/pihole/pihole.yml (100%) diff --git a/disabled/pihole/pihole-pvc.yml b/clusters/default/tools/pihole/pihole-pvc.yml similarity index 100% rename from disabled/pihole/pihole-pvc.yml rename to clusters/default/tools/pihole/pihole-pvc.yml diff --git a/disabled/pihole/pihole-svc.yml b/clusters/default/tools/pihole/pihole-svc.yml similarity index 81% rename from disabled/pihole/pihole-svc.yml rename to clusters/default/tools/pihole/pihole-svc.yml index 486de08..c58b64a 100644 --- a/disabled/pihole/pihole-svc.yml +++ b/clusters/default/tools/pihole/pihole-svc.yml @@ -6,10 +6,11 @@ metadata: namespace: tools spec: type: LoadBalancer + loadBalancerIP: 192.168.1.229 selector: app: pihole ports: - - port: 8585 + - port: 80 targetPort: 80 protocol: TCP name: web diff --git a/disabled/pihole/pihole.yml b/clusters/default/tools/pihole/pihole.yml similarity index 100% rename from disabled/pihole/pihole.yml rename to clusters/default/tools/pihole/pihole.yml From 70af954d97901a2e090f307aba0cdb1911660b1e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 22:03:43 +0000 Subject: [PATCH 034/154] Update pihole/pihole Docker digest to 7f2dff3 --- clusters/default/tools/pihole/pihole.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/pihole/pihole.yml b/clusters/default/tools/pihole/pihole.yml index 788a18a..cccfd3e 100644 --- a/clusters/default/tools/pihole/pihole.yml +++ b/clusters/default/tools/pihole/pihole.yml @@ -30,7 +30,7 @@ spec: - kube-05 containers: - name: pihole - image: pihole/pihole@sha256:90a1412b3d3037d1c22131402bde19180d898255b584d685c84d943cf9c14821 + image: pihole/pihole@sha256:7f2dff3f60615e1b9982824cab30e10d399bd1178691e13a96359ea50323db69 securityContext: capabilities: add: From 536bb51ff7bca60a2865e862a941859381b37193 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 22:03:52 +0000 Subject: [PATCH 035/154] Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.19.4 --- clusters/default/tools/paperless-ngx/paperless-ngx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index b9920af..04e44f9 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -27,7 +27,7 @@ spec: subPath: redis containers: - name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:2.19.3 + image: ghcr.io/paperless-ngx/paperless-ngx:2.19.4 ports: - containerPort: 8000 env: From d3c6c0606bcbe57887d1101fa0a2ae11ad968136 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 22:04:09 +0000 Subject: [PATCH 036/154] Update gitea/gitea Docker tag to v1.25.1 --- clusters/default/git-ops/gitea/gitea.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea/gitea.yml b/clusters/default/git-ops/gitea/gitea.yml index 3832504..40ee035 100644 --- a/clusters/default/git-ops/gitea/gitea.yml +++ b/clusters/default/git-ops/gitea/gitea.yml @@ -29,7 +29,7 @@ spec: done containers: - name: gitea - image: gitea/gitea:1.25.0 + image: gitea/gitea:1.25.1 ports: - containerPort: 22 name: ssh From b7a51a8a8e2f6831007c10139465055761914175 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 22:04:29 +0000 Subject: [PATCH 037/154] Update ghcr.io/gethomepage/homepage Docker tag to v1.6.0 --- clusters/default/monitoring/homepage/homepage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/homepage/homepage.yml b/clusters/default/monitoring/homepage/homepage.yml index dfea017..0b97949 100644 --- a/clusters/default/monitoring/homepage/homepage.yml +++ b/clusters/default/monitoring/homepage/homepage.yml @@ -41,7 +41,7 @@ spec: subPath: services.yaml containers: - name: homepage - image: "ghcr.io/gethomepage/homepage:v1.5.0" + image: "ghcr.io/gethomepage/homepage:v1.6.0" imagePullPolicy: IfNotPresent env: - name: HOMEPAGE_ALLOWED_HOSTS From 2aaefecc2a9e2b293a155af524c1848e88154419 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Nov 2025 22:04:56 +0000 Subject: [PATCH 038/154] Update Helm release prometheus to v27.44.0 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index d8eeba7..9559748 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.42.2" + version: "27.44.0" sourceRef: kind: HelmRepository name: prometheus-community From 9c25af500f068a1b5943f45726bf5a49772370aa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 5 Nov 2025 00:05:21 +0000 Subject: [PATCH 039/154] Update collabora/code Docker tag to v25.04.7.1.1 --- clusters/default/tools/nextcloud/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/nextcloud/collabora.yml b/clusters/default/tools/nextcloud/collabora.yml index 3eca889..dc33f52 100644 --- a/clusters/default/tools/nextcloud/collabora.yml +++ b/clusters/default/tools/nextcloud/collabora.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: collabora - image: collabora/code:25.04.6.2.1 + image: collabora/code:25.04.7.1.1 ports: - containerPort: 9980 env: From 329a0768c8cf59d9acc6c2036f4cd9ad5996dab2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 6 Nov 2025 00:05:54 +0000 Subject: [PATCH 040/154] Update pihole/pihole Docker digest to e28e239 --- clusters/default/tools/pihole/pihole.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/pihole/pihole.yml b/clusters/default/tools/pihole/pihole.yml index cccfd3e..ac28c79 100644 --- a/clusters/default/tools/pihole/pihole.yml +++ b/clusters/default/tools/pihole/pihole.yml @@ -30,7 +30,7 @@ spec: - kube-05 containers: - name: pihole - image: pihole/pihole@sha256:7f2dff3f60615e1b9982824cab30e10d399bd1178691e13a96359ea50323db69 + image: pihole/pihole@sha256:e28e239f55e648a9d32c8f065650acfe987ddebf1cd5f64f1c071e8716156ceb securityContext: capabilities: add: From a36897e5793730cf22cc40b7d6de69589477d030 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 6 Nov 2025 00:06:03 +0000 Subject: [PATCH 041/154] Update searxng/searxng Docker digest to 0bdb133 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 7567d26..1076ffe 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:e479206b72bc16054000c06d04574bc93f4abe1adbaa6432037bd806c0acabed + image: searxng/searxng@sha256:0bdb1336bc866df7682b88cc2372f576c5f7984a765f63467a89ed7a6fc57d29 ports: - containerPort: 8080 env: From 9bbbd4ca86fe27fd057a3355c4be937c46c6298e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 6 Nov 2025 00:06:12 +0000 Subject: [PATCH 042/154] Update docker Docker tag to v28.5.2 --- clusters/default/git-ops/gitea-act/gitea-act.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index 5d50a03..2a8a11d 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -67,7 +67,7 @@ spec: - name: runner-data mountPath: /data - name: daemon - image: docker:28.5.1-dind + image: docker:28.5.2-dind env: - name: DOCKER_TLS_CERTDIR value: /certs From d423484486285b7e235cc4fb677bdbe41b54d03a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 6 Nov 2025 00:06:22 +0000 Subject: [PATCH 043/154] Update ghcr.io/gethomepage/homepage Docker tag to v1.6.1 --- clusters/default/monitoring/homepage/homepage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/homepage/homepage.yml b/clusters/default/monitoring/homepage/homepage.yml index 0b97949..a840ffe 100644 --- a/clusters/default/monitoring/homepage/homepage.yml +++ b/clusters/default/monitoring/homepage/homepage.yml @@ -41,7 +41,7 @@ spec: subPath: services.yaml containers: - name: homepage - image: "ghcr.io/gethomepage/homepage:v1.6.0" + image: "ghcr.io/gethomepage/homepage:v1.6.1" imagePullPolicy: IfNotPresent env: - name: HOMEPAGE_ALLOWED_HOSTS From d08b3fa337785d51f804a8d9cc4236e445aa9819 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 6 Nov 2025 00:06:38 +0000 Subject: [PATCH 044/154] Update ghcr.io/immich-app/immich-machine-learning Docker tag to v2.2.3 --- clusters/default/media/immich/immich-ml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich-ml.yml b/clusters/default/media/immich/immich-ml.yml index 2325960..e0812cf 100644 --- a/clusters/default/media/immich/immich-ml.yml +++ b/clusters/default/media/immich/immich-ml.yml @@ -19,7 +19,7 @@ spec: runtimeClassName: nvidia containers: - name: immich-machine-learning - image: ghcr.io/immich-app/immich-machine-learning:v2.2.2-cuda + image: ghcr.io/immich-app/immich-machine-learning:v2.2.3-cuda ports: - containerPort: 3003 env: From 7583b49d988528029d97cb89147d6d339b2b4e75 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 6 Nov 2025 00:06:58 +0000 Subject: [PATCH 045/154] Update ghcr.io/immich-app/immich-server Docker tag to v2.2.3 --- clusters/default/media/immich/immich.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich.yml b/clusters/default/media/immich/immich.yml index 2d1ee31..b1078e1 100644 --- a/clusters/default/media/immich/immich.yml +++ b/clusters/default/media/immich/immich.yml @@ -39,7 +39,7 @@ spec: done containers: - name: immich-server - image: ghcr.io/immich-app/immich-server:v2.2.2 + image: ghcr.io/immich-app/immich-server:v2.2.3 ports: - containerPort: 2283 env: From 5fd6a19e2f0ecd94209708e29a386e128aa9bfca Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 6 Nov 2025 00:07:04 +0000 Subject: [PATCH 046/154] Update lscr.io/linuxserver/sonarr Docker tag to v4.0.16 --- clusters/default/arr-stack/sonarr/sonarr-deployment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/arr-stack/sonarr/sonarr-deployment.yml b/clusters/default/arr-stack/sonarr/sonarr-deployment.yml index bd7cef7..b315a14 100644 --- a/clusters/default/arr-stack/sonarr/sonarr-deployment.yml +++ b/clusters/default/arr-stack/sonarr/sonarr-deployment.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: sonarr - image: lscr.io/linuxserver/sonarr:4.0.15 + image: lscr.io/linuxserver/sonarr:4.0.16 ports: - containerPort: 8989 env: From 64cf6eb9ccb07a7c62ab2f18b6d350f5a63d197e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 7 Nov 2025 00:06:52 +0000 Subject: [PATCH 047/154] Update searxng/searxng Docker digest to 7f7e3d8 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 1076ffe..278f9cf 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:0bdb1336bc866df7682b88cc2372f576c5f7984a765f63467a89ed7a6fc57d29 + image: searxng/searxng@sha256:7f7e3d85b9fc38cc99e8f7c715e3ae1b74ed11971d24987d6fa7b7f360a108be ports: - containerPort: 8080 env: From 8bd999712c9ab4bde17072cfc624ac3eca3d2d4c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 7 Nov 2025 00:07:01 +0000 Subject: [PATCH 048/154] Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.19.5 --- clusters/default/tools/paperless-ngx/paperless-ngx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index 04e44f9..bff7673 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -27,7 +27,7 @@ spec: subPath: redis containers: - name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:2.19.4 + image: ghcr.io/paperless-ngx/paperless-ngx:2.19.5 ports: - containerPort: 8000 env: From dc6b4ceb887f4e90c3419bc8a23595da9bc2867e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 7 Nov 2025 00:07:19 +0000 Subject: [PATCH 049/154] Update public.ecr.aws/semaphore/pro/server Docker tag to v2.16.43 --- clusters/default/git-ops/semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/semaphore/semaphore.yml b/clusters/default/git-ops/semaphore/semaphore.yml index dc471fb..80aa7cb 100644 --- a/clusters/default/git-ops/semaphore/semaphore.yml +++ b/clusters/default/git-ops/semaphore/semaphore.yml @@ -40,7 +40,7 @@ spec: subPath: db containers: - name: semaphore - image: public.ecr.aws/semaphore/pro/server:v2.16.37 + image: public.ecr.aws/semaphore/pro/server:v2.16.43 ports: - containerPort: 3000 envFrom: From 4f36e3be1a3ab72c91aa0d16db6c9c8ddbebad0a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 7 Nov 2025 00:07:49 +0000 Subject: [PATCH 050/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.7.1 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index 6cebb80..855a63a 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.6.11 + image: lscr.io/linuxserver/speedtest-tracker:1.7.1 ports: - containerPort: 80 env: From c609da97610d871b5c89123aeb73dd03d34d3a77 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 7 Nov 2025 00:08:01 +0000 Subject: [PATCH 051/154] Update rcourtman/pulse Docker tag to v4.26.4 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 8234a09..dae6b02 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:v4.25.0 + image: rcourtman/pulse:4.26.4 volumeMounts: - name: pulse-data mountPath: /data From 7197cb59ccf748c8485681f4756a071ecb4622f7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 7 Nov 2025 19:21:54 +0000 Subject: [PATCH 052/154] Update searxng/searxng Docker digest to 5a5d0e6 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 278f9cf..58911c2 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:7f7e3d85b9fc38cc99e8f7c715e3ae1b74ed11971d24987d6fa7b7f360a108be + image: searxng/searxng@sha256:5a5d0e69819757e3fa23392a687c63851250bc13d2486a1f1711804b1691dc12 ports: - containerPort: 8080 env: From e58de01d80f6308f3695983cc590b21d661c7758 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 7 Nov 2025 19:22:03 +0000 Subject: [PATCH 053/154] Update public.ecr.aws/semaphore/pro/server Docker tag to v2.16.45 --- clusters/default/git-ops/semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/semaphore/semaphore.yml b/clusters/default/git-ops/semaphore/semaphore.yml index 80aa7cb..a4e62ef 100644 --- a/clusters/default/git-ops/semaphore/semaphore.yml +++ b/clusters/default/git-ops/semaphore/semaphore.yml @@ -40,7 +40,7 @@ spec: subPath: db containers: - name: semaphore - image: public.ecr.aws/semaphore/pro/server:v2.16.43 + image: public.ecr.aws/semaphore/pro/server:v2.16.45 ports: - containerPort: 3000 envFrom: From 91468ce7b36a4e3ebde69d8d99fe805f774ed764 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 7 Nov 2025 19:22:22 +0000 Subject: [PATCH 054/154] Update rcourtman/pulse Docker tag to v4.26.5 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index dae6b02..832ed1e 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.26.4 + image: rcourtman/pulse:4.26.5 volumeMounts: - name: pulse-data mountPath: /data From d55cda74da789ac67d8008e0b0a98d5f25159be2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 9 Nov 2025 00:05:22 +0000 Subject: [PATCH 055/154] Update Helm release prometheus to v27.45.0 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index 9559748..b099cb1 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.44.0" + version: "27.45.0" sourceRef: kind: HelmRepository name: prometheus-community From 6bdb4500efe5f4bf7acc757df53697e9d3f87166 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 11 Nov 2025 00:06:05 +0000 Subject: [PATCH 056/154] Update searxng/searxng Docker digest to d477c04 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 58911c2..225f5c9 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:5a5d0e69819757e3fa23392a687c63851250bc13d2486a1f1711804b1691dc12 + image: searxng/searxng@sha256:d477c0460cc06afa57541f24c7adcae3846303a125c3ae785b9893c9c2c2186f ports: - containerPort: 8080 env: From 5ea723277f1198d21c767667512595aeb2900742 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 12 Nov 2025 00:05:47 +0000 Subject: [PATCH 057/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.7.3 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index 855a63a..db29fe2 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.7.1 + image: lscr.io/linuxserver/speedtest-tracker:1.7.3 ports: - containerPort: 80 env: From 09108669409025d39ffc8d2928f1cdb826b034f0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 12 Nov 2025 00:06:03 +0000 Subject: [PATCH 058/154] Update ghcr.io/gethomepage/homepage Docker tag to v1.7.0 --- clusters/default/monitoring/homepage/homepage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/homepage/homepage.yml b/clusters/default/monitoring/homepage/homepage.yml index a840ffe..c9b462e 100644 --- a/clusters/default/monitoring/homepage/homepage.yml +++ b/clusters/default/monitoring/homepage/homepage.yml @@ -41,7 +41,7 @@ spec: subPath: services.yaml containers: - name: homepage - image: "ghcr.io/gethomepage/homepage:v1.6.1" + image: "ghcr.io/gethomepage/homepage:v1.7.0" imagePullPolicy: IfNotPresent env: - name: HOMEPAGE_ALLOWED_HOSTS From cb0a5a1ff875e584fcfa6866a579446a2a13d3d0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 12 Nov 2025 00:07:16 +0000 Subject: [PATCH 059/154] Update rcourtman/pulse Docker tag to v4.29.0 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 832ed1e..999fbc3 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.26.5 + image: rcourtman/pulse:v4.29.0 volumeMounts: - name: pulse-data mountPath: /data From 1ad2f85b5b3e52c63e23d2f2f88f3ccb53db3fa3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 12 Nov 2025 00:07:37 +0000 Subject: [PATCH 060/154] Update docker Docker tag to v29 --- clusters/default/git-ops/gitea-act/gitea-act.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index 2a8a11d..48e39dd 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -67,7 +67,7 @@ spec: - name: runner-data mountPath: /data - name: daemon - image: docker:28.5.2-dind + image: docker:29.0.0-dind env: - name: DOCKER_TLS_CERTDIR value: /certs From c8663008228f1c927b43c139a6b816b80bbd4419 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 13 Nov 2025 00:02:51 +0000 Subject: [PATCH 061/154] Update Helm release longhorn to v1.10.1 --- clusters/default/helm/longhorn/longhorn-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/longhorn/longhorn-release.yml b/clusters/default/helm/longhorn/longhorn-release.yml index 52f0dcb..f829f92 100644 --- a/clusters/default/helm/longhorn/longhorn-release.yml +++ b/clusters/default/helm/longhorn/longhorn-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: longhorn - version: "1.10.0" + version: "1.10.1" sourceRef: kind: HelmRepository name: longhorn From 04b9a0d40547cdfddb76649129d1998e07e4f9a8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 13 Nov 2025 00:02:55 +0000 Subject: [PATCH 062/154] Update rcourtman/pulse Docker tag to v4.29.6 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 999fbc3..8ff01d8 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:v4.29.0 + image: rcourtman/pulse:4.29.6 volumeMounts: - name: pulse-data mountPath: /data From 5ec99a3bf60678acdbec580804ed8e0d13bbd4e1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 14 Nov 2025 00:03:47 +0000 Subject: [PATCH 063/154] Update quay.io/invidious/invidious-companion Docker digest to a445ef2 --- clusters/default/media/invidious/invidious.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index 28a97be..5a3f6b9 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -66,7 +66,7 @@ spec: - name: postgres-data mountPath: /var/lib/postgresql - name: inv-companion - image: quay.io/invidious/invidious-companion@sha256:4f589b8eedf3c2d49de4a256ee018d7e4ff54fcce683f9005a31dbb7d1bf870f + image: quay.io/invidious/invidious-companion@sha256:a445ef2390360a491c6e4ebee9e53588792ebdbfebf505a6b5df45cffaa8f554 restartPolicy: Always env: - name: SERVER_SECRET_KEY From b992e5e31c1d9b0b51f12775e96946d64febbfc7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 14 Nov 2025 00:03:51 +0000 Subject: [PATCH 064/154] Update rcourtman/pulse Docker tag to v4.30.0 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 8ff01d8..2eefde6 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.29.6 + image: rcourtman/pulse:4.30.0 volumeMounts: - name: pulse-data mountPath: /data From 5d02eca536c6f579fdddc2edcf2deca42ee60ea3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 14 Nov 2025 11:25:50 +0000 Subject: [PATCH 065/154] Update searxng/searxng Docker digest to 7b763e6 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 225f5c9..5fe153f 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:d477c0460cc06afa57541f24c7adcae3846303a125c3ae785b9893c9c2c2186f + image: searxng/searxng@sha256:7b763e6a95da4c5d320ba48c886fa0cae8745337f7510cdf216e96eabdbe0e65 ports: - containerPort: 8080 env: From fef1ce4a7a73b77c22891dc11a488c161764a61e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 14 Nov 2025 11:25:51 +0000 Subject: [PATCH 066/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.7.4 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index db29fe2..ad3e24f 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.7.3 + image: lscr.io/linuxserver/speedtest-tracker:1.7.4 ports: - containerPort: 80 env: From f6572568a39a45842b5a7b4a21a42a60d705bb89 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 14 Nov 2025 11:25:59 +0000 Subject: [PATCH 067/154] Update rcourtman/pulse Docker tag to v4.31.0 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 2eefde6..08e91cb 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.30.0 + image: rcourtman/pulse:4.31.0 volumeMounts: - name: pulse-data mountPath: /data From de49438b4e8451ac66e7ee2c74939a0a50007060 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 15 Nov 2025 00:01:42 +0000 Subject: [PATCH 068/154] Update docker Docker tag to v29.0.1 --- clusters/default/git-ops/gitea-act/gitea-act.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index 48e39dd..9d4e577 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -67,7 +67,7 @@ spec: - name: runner-data mountPath: /data - name: daemon - image: docker:29.0.0-dind + image: docker:29.0.1-dind env: - name: DOCKER_TLS_CERTDIR value: /certs From 419207bc732bc8328df26ec8a0d50b14a53ffc7a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 16 Nov 2025 00:01:36 +0000 Subject: [PATCH 069/154] Update searxng/searxng Docker digest to d5a54dd --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 5fe153f..0e7869d 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:7b763e6a95da4c5d320ba48c886fa0cae8745337f7510cdf216e96eabdbe0e65 + image: searxng/searxng@sha256:d5a54dde3968851d6a15f394bd1d64e0ac5e440e6b21c73bddf215dfcd82fe16 ports: - containerPort: 8080 env: From 8bcfd4d2e312ae166af86e1ff86e253ea13dbd90 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 16 Nov 2025 00:01:39 +0000 Subject: [PATCH 070/154] Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.19.6 --- clusters/default/tools/paperless-ngx/paperless-ngx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index bff7673..fd039a7 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -27,7 +27,7 @@ spec: subPath: redis containers: - name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:2.19.5 + image: ghcr.io/paperless-ngx/paperless-ngx:2.19.6 ports: - containerPort: 8000 env: From 7a14cc2d670c3a22faf13c95240b0a4f76ccdbaa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 16 Nov 2025 00:01:45 +0000 Subject: [PATCH 071/154] Update qmcgaw/gluetun Docker tag to v3.40.1 --- clusters/default/arr-stack/jellyseerr/jellyseerr.yml | 2 +- clusters/default/arr-stack/prowlarr/prowlarr.yml | 2 +- clusters/default/arr-stack/qbittorrent/qbittorrent.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/clusters/default/arr-stack/jellyseerr/jellyseerr.yml b/clusters/default/arr-stack/jellyseerr/jellyseerr.yml index 9f8a88a..bc5908c 100644 --- a/clusters/default/arr-stack/jellyseerr/jellyseerr.yml +++ b/clusters/default/arr-stack/jellyseerr/jellyseerr.yml @@ -18,7 +18,7 @@ spec: spec: initContainers: - name: gluetun - image: qmcgaw/gluetun:v3.40.0 + image: qmcgaw/gluetun:v3.40.1 restartPolicy: Always securityContext: capabilities: diff --git a/clusters/default/arr-stack/prowlarr/prowlarr.yml b/clusters/default/arr-stack/prowlarr/prowlarr.yml index 357a42b..c839832 100644 --- a/clusters/default/arr-stack/prowlarr/prowlarr.yml +++ b/clusters/default/arr-stack/prowlarr/prowlarr.yml @@ -18,7 +18,7 @@ spec: spec: initContainers: - name: gluetun - image: qmcgaw/gluetun:v3.40.0 + image: qmcgaw/gluetun:v3.40.1 restartPolicy: Always securityContext: capabilities: diff --git a/clusters/default/arr-stack/qbittorrent/qbittorrent.yml b/clusters/default/arr-stack/qbittorrent/qbittorrent.yml index 54cd496..5c52d19 100644 --- a/clusters/default/arr-stack/qbittorrent/qbittorrent.yml +++ b/clusters/default/arr-stack/qbittorrent/qbittorrent.yml @@ -18,7 +18,7 @@ spec: spec: initContainers: - name: gluetun - image: qmcgaw/gluetun:v3.40.0 + image: qmcgaw/gluetun:v3.40.1 restartPolicy: Always securityContext: capabilities: From 8f68ae76aae70364a45b17e663ac400847ce7d5b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 17 Nov 2025 00:03:01 +0000 Subject: [PATCH 072/154] Update jellyfin/jellyfin Docker tag to v10.11.3 --- clusters/default/media/jellyfin/jellyfin.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/jellyfin/jellyfin.yml b/clusters/default/media/jellyfin/jellyfin.yml index 985c73e..61084a3 100644 --- a/clusters/default/media/jellyfin/jellyfin.yml +++ b/clusters/default/media/jellyfin/jellyfin.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: jellyfin - image: jellyfin/jellyfin:10.11.2 + image: jellyfin/jellyfin:10.11.3 ports: - containerPort: 8096 volumeMounts: From 7b81434fcf4ab4423ab3c3f5ab82e7de29aaab55 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 17 Nov 2025 00:03:05 +0000 Subject: [PATCH 073/154] Update gotenberg/gotenberg Docker tag to v8.25 --- clusters/default/tools/gotenberg/gotenberg.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/gotenberg/gotenberg.yml b/clusters/default/tools/gotenberg/gotenberg.yml index ce35e30..daebdf7 100644 --- a/clusters/default/tools/gotenberg/gotenberg.yml +++ b/clusters/default/tools/gotenberg/gotenberg.yml @@ -16,7 +16,7 @@ spec: runAsUser: 1001 containers: - name: gotenberg - image: gotenberg/gotenberg:8.24 + image: gotenberg/gotenberg:8.25 command: - sh - -c From 2ccd0a3d309fb356521c6e52bb065094c0b1bb10 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 17 Nov 2025 00:03:12 +0000 Subject: [PATCH 074/154] Update lscr.io/linuxserver/prowlarr Docker tag to v2.3.0 --- clusters/default/arr-stack/prowlarr/prowlarr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/arr-stack/prowlarr/prowlarr.yml b/clusters/default/arr-stack/prowlarr/prowlarr.yml index c839832..773c35e 100644 --- a/clusters/default/arr-stack/prowlarr/prowlarr.yml +++ b/clusters/default/arr-stack/prowlarr/prowlarr.yml @@ -40,7 +40,7 @@ spec: key: OPENVPN_USER containers: - name: prowlarr - image: lscr.io/linuxserver/prowlarr:2.1.5 + image: lscr.io/linuxserver/prowlarr:2.3.0 volumeMounts: - name: config mountPath: /config From 7a5f690e6a400bd906a82029dc47729dc6a69785 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 17 Nov 2025 00:03:39 +0000 Subject: [PATCH 075/154] Update lscr.io/linuxserver/radarr Docker tag to v6 --- clusters/default/arr-stack/radarr/radarr-deployment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/arr-stack/radarr/radarr-deployment.yml b/clusters/default/arr-stack/radarr/radarr-deployment.yml index a33f46d..d9dab7b 100644 --- a/clusters/default/arr-stack/radarr/radarr-deployment.yml +++ b/clusters/default/arr-stack/radarr/radarr-deployment.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: radarr - image: lscr.io/linuxserver/radarr:5.28.0 + image: lscr.io/linuxserver/radarr:6.0.4 ports: - containerPort: 7878 env: From b8d94df6f84026e5ffcc25e6ce313d0ab068883f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 18 Nov 2025 00:01:46 +0000 Subject: [PATCH 076/154] Update collabora/code Docker tag to v25.04.7.2.1 --- clusters/default/tools/nextcloud/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/nextcloud/collabora.yml b/clusters/default/tools/nextcloud/collabora.yml index dc33f52..1a31d40 100644 --- a/clusters/default/tools/nextcloud/collabora.yml +++ b/clusters/default/tools/nextcloud/collabora.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: collabora - image: collabora/code:25.04.7.1.1 + image: collabora/code:25.04.7.2.1 ports: - containerPort: 9980 env: From 241fffbf69f14b284b9f3146600e288011f86834 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 18 Nov 2025 00:02:23 +0000 Subject: [PATCH 077/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.8.0 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index ad3e24f..d60d8d2 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.7.4 + image: lscr.io/linuxserver/speedtest-tracker:1.8.0 ports: - containerPort: 80 env: From 769045049bc7734d6be075508ec357612f581fc2 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Tue, 18 Nov 2025 22:21:10 +0530 Subject: [PATCH 078/154] disable pihole --- {clusters/default/tools => disabled}/pihole/pihole-pvc.yml | 0 {clusters/default/tools => disabled}/pihole/pihole-svc.yml | 0 {clusters/default/tools => disabled}/pihole/pihole.yml | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename {clusters/default/tools => disabled}/pihole/pihole-pvc.yml (100%) rename {clusters/default/tools => disabled}/pihole/pihole-svc.yml (100%) rename {clusters/default/tools => disabled}/pihole/pihole.yml (100%) diff --git a/clusters/default/tools/pihole/pihole-pvc.yml b/disabled/pihole/pihole-pvc.yml similarity index 100% rename from clusters/default/tools/pihole/pihole-pvc.yml rename to disabled/pihole/pihole-pvc.yml diff --git a/clusters/default/tools/pihole/pihole-svc.yml b/disabled/pihole/pihole-svc.yml similarity index 100% rename from clusters/default/tools/pihole/pihole-svc.yml rename to disabled/pihole/pihole-svc.yml diff --git a/clusters/default/tools/pihole/pihole.yml b/disabled/pihole/pihole.yml similarity index 100% rename from clusters/default/tools/pihole/pihole.yml rename to disabled/pihole/pihole.yml From a1fb58fc93a6cc23499d6f77fed6c0a2f3374659 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 19 Nov 2025 00:03:03 +0000 Subject: [PATCH 079/154] Update searxng/searxng Docker digest to 91da344 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 0e7869d..e6110f6 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:d5a54dde3968851d6a15f394bd1d64e0ac5e440e6b21c73bddf215dfcd82fe16 + image: searxng/searxng@sha256:91da34403fc1d2c7ac23d1459af87870d87810b7d50b0c6a4585ab78846cb534 ports: - containerPort: 8080 env: From 2a5b20d3bc4df96c6af8949b9b82faa70d7b8f6c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 19 Nov 2025 00:03:04 +0000 Subject: [PATCH 080/154] Update docker Docker tag to v29.0.2 --- clusters/default/git-ops/gitea-act/gitea-act.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index 9d4e577..48a6f48 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -67,7 +67,7 @@ spec: - name: runner-data mountPath: /data - name: daemon - image: docker:29.0.1-dind + image: docker:29.0.2-dind env: - name: DOCKER_TLS_CERTDIR value: /certs From 158cbde636e3753ccb1c4f968084aa29bb110232 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 19 Nov 2025 00:03:06 +0000 Subject: [PATCH 081/154] Update qmcgaw/gluetun Docker tag to v3.40.3 --- clusters/default/arr-stack/jellyseerr/jellyseerr.yml | 2 +- clusters/default/arr-stack/prowlarr/prowlarr.yml | 2 +- clusters/default/arr-stack/qbittorrent/qbittorrent.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/clusters/default/arr-stack/jellyseerr/jellyseerr.yml b/clusters/default/arr-stack/jellyseerr/jellyseerr.yml index bc5908c..82ec10e 100644 --- a/clusters/default/arr-stack/jellyseerr/jellyseerr.yml +++ b/clusters/default/arr-stack/jellyseerr/jellyseerr.yml @@ -18,7 +18,7 @@ spec: spec: initContainers: - name: gluetun - image: qmcgaw/gluetun:v3.40.1 + image: qmcgaw/gluetun:v3.40.3 restartPolicy: Always securityContext: capabilities: diff --git a/clusters/default/arr-stack/prowlarr/prowlarr.yml b/clusters/default/arr-stack/prowlarr/prowlarr.yml index 773c35e..d44de48 100644 --- a/clusters/default/arr-stack/prowlarr/prowlarr.yml +++ b/clusters/default/arr-stack/prowlarr/prowlarr.yml @@ -18,7 +18,7 @@ spec: spec: initContainers: - name: gluetun - image: qmcgaw/gluetun:v3.40.1 + image: qmcgaw/gluetun:v3.40.3 restartPolicy: Always securityContext: capabilities: diff --git a/clusters/default/arr-stack/qbittorrent/qbittorrent.yml b/clusters/default/arr-stack/qbittorrent/qbittorrent.yml index 5c52d19..3224472 100644 --- a/clusters/default/arr-stack/qbittorrent/qbittorrent.yml +++ b/clusters/default/arr-stack/qbittorrent/qbittorrent.yml @@ -18,7 +18,7 @@ spec: spec: initContainers: - name: gluetun - image: qmcgaw/gluetun:v3.40.1 + image: qmcgaw/gluetun:v3.40.3 restartPolicy: Always securityContext: capabilities: From b88861408bc837774e8deeed76315112abe8b186 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 20 Nov 2025 00:02:27 +0000 Subject: [PATCH 082/154] Update ghcr.io/immich-app/immich-machine-learning Docker tag to v2.3.0 --- clusters/default/media/immich/immich-ml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich-ml.yml b/clusters/default/media/immich/immich-ml.yml index e0812cf..01bc620 100644 --- a/clusters/default/media/immich/immich-ml.yml +++ b/clusters/default/media/immich/immich-ml.yml @@ -19,7 +19,7 @@ spec: runtimeClassName: nvidia containers: - name: immich-machine-learning - image: ghcr.io/immich-app/immich-machine-learning:v2.2.3-cuda + image: ghcr.io/immich-app/immich-machine-learning:v2.3.0-cuda ports: - containerPort: 3003 env: From b60df30ecdd74f471e327c77dff3165c2568ae5a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 20 Nov 2025 00:02:35 +0000 Subject: [PATCH 083/154] Update ghcr.io/immich-app/immich-server Docker tag to v2.3.0 --- clusters/default/media/immich/immich.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich.yml b/clusters/default/media/immich/immich.yml index b1078e1..6fae02f 100644 --- a/clusters/default/media/immich/immich.yml +++ b/clusters/default/media/immich/immich.yml @@ -39,7 +39,7 @@ spec: done containers: - name: immich-server - image: ghcr.io/immich-app/immich-server:v2.2.3 + image: ghcr.io/immich-app/immich-server:v2.3.0 ports: - containerPort: 2283 env: From f0f1b2e516023909ef4ae2a516237327cf805e96 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 20 Nov 2025 00:02:39 +0000 Subject: [PATCH 084/154] Update lscr.io/linuxserver/code-server Docker tag to v4.106.0 --- clusters/default/tools/code-server/code-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/code-server/code-server.yml b/clusters/default/tools/code-server/code-server.yml index ced1dc5..37b8549 100644 --- a/clusters/default/tools/code-server/code-server.yml +++ b/clusters/default/tools/code-server/code-server.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: code-server - image: lscr.io/linuxserver/code-server:4.105.1 + image: lscr.io/linuxserver/code-server:4.106.0 ports: - containerPort: 8443 env: From 076b79a897f56a54985ffe639c7feb2a851a32e8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 00:01:45 +0000 Subject: [PATCH 085/154] Update quay.io/invidious/invidious-companion Docker digest to 4f2902d --- clusters/default/media/invidious/invidious.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index 5a3f6b9..aad1140 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -66,7 +66,7 @@ spec: - name: postgres-data mountPath: /var/lib/postgresql - name: inv-companion - image: quay.io/invidious/invidious-companion@sha256:a445ef2390360a491c6e4ebee9e53588792ebdbfebf505a6b5df45cffaa8f554 + image: quay.io/invidious/invidious-companion@sha256:4f2902d95ed38569533812f2956ce2b07dd883562ebc735260ad82513fac6598 restartPolicy: Always env: - name: SERVER_SECRET_KEY From 14f6c85e2d85d5e7daa4d24a85e7ee1ad8e10506 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 00:01:47 +0000 Subject: [PATCH 086/154] Update searxng/searxng Docker digest to 31c349e --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index e6110f6..dfd8e1f 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:91da34403fc1d2c7ac23d1459af87870d87810b7d50b0c6a4585ab78846cb534 + image: searxng/searxng@sha256:31c349e2231179d5a13c025a980e6d5b32c148de828b599d339d5dc67f2957cb ports: - containerPort: 8080 env: From 2553847cd5402de56ea7be3ce959ae3753c6e240 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 00:01:48 +0000 Subject: [PATCH 087/154] Update ghcr.io/immich-app/immich-machine-learning Docker tag to v2.3.1 --- clusters/default/media/immich/immich-ml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich-ml.yml b/clusters/default/media/immich/immich-ml.yml index 01bc620..5b66598 100644 --- a/clusters/default/media/immich/immich-ml.yml +++ b/clusters/default/media/immich/immich-ml.yml @@ -19,7 +19,7 @@ spec: runtimeClassName: nvidia containers: - name: immich-machine-learning - image: ghcr.io/immich-app/immich-machine-learning:v2.3.0-cuda + image: ghcr.io/immich-app/immich-machine-learning:v2.3.1-cuda ports: - containerPort: 3003 env: From 1de363eba0282bb9c58ca93637ed88b6dc51fd91 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 00:01:58 +0000 Subject: [PATCH 088/154] Update ghcr.io/immich-app/immich-server Docker tag to v2.3.1 --- clusters/default/media/immich/immich.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/immich/immich.yml b/clusters/default/media/immich/immich.yml index 6fae02f..9d33892 100644 --- a/clusters/default/media/immich/immich.yml +++ b/clusters/default/media/immich/immich.yml @@ -39,7 +39,7 @@ spec: done containers: - name: immich-server - image: ghcr.io/immich-app/immich-server:v2.3.0 + image: ghcr.io/immich-app/immich-server:v2.3.1 ports: - containerPort: 2283 env: From 617e5b2b359626f6b8ade67d0e32befaa53a5146 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 00:02:00 +0000 Subject: [PATCH 089/154] Update lscr.io/linuxserver/code-server Docker tag to v4.106.2 --- clusters/default/tools/code-server/code-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/code-server/code-server.yml b/clusters/default/tools/code-server/code-server.yml index 37b8549..9392b3d 100644 --- a/clusters/default/tools/code-server/code-server.yml +++ b/clusters/default/tools/code-server/code-server.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: code-server - image: lscr.io/linuxserver/code-server:4.106.0 + image: lscr.io/linuxserver/code-server:4.106.2 ports: - containerPort: 8443 env: From 1e11c5d835629ecde05cf1d329eb2de2ab55b1aa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 00:02:07 +0000 Subject: [PATCH 090/154] Update lscr.io/linuxserver/nextcloud Docker tag to v32.0.2 --- clusters/default/tools/nextcloud/nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/nextcloud/nextcloud.yml b/clusters/default/tools/nextcloud/nextcloud.yml index 49f0cd4..fd192cc 100644 --- a/clusters/default/tools/nextcloud/nextcloud.yml +++ b/clusters/default/tools/nextcloud/nextcloud.yml @@ -28,7 +28,7 @@ spec: done containers: - name: nextcloud - image: lscr.io/linuxserver/nextcloud:32.0.1 + image: lscr.io/linuxserver/nextcloud:32.0.2 ports: - containerPort: 443 env: From 5a97901dedfa596a7d11c886eae82cc5af8a2815 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 00:02:23 +0000 Subject: [PATCH 091/154] Update rcourtman/pulse Docker tag to v4.32.2 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 08e91cb..0bf43db 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.31.0 + image: rcourtman/pulse:4.32.2 volumeMounts: - name: pulse-data mountPath: /data From 2a81a43f265ea9a9ca5547246dc535f293019959 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 15:17:18 +0000 Subject: [PATCH 092/154] Update searxng/searxng Docker digest to 6a4ca30 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index dfd8e1f..e491639 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:31c349e2231179d5a13c025a980e6d5b32c148de828b599d339d5dc67f2957cb + image: searxng/searxng@sha256:6a4ca3058a439d96805b7340ae84dacce6ade5456c24a1dde0bc6415ad76c1c6 ports: - containerPort: 8080 env: From a6e91574f8661bcb499419ed2ac20078b6c65583 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 15:17:19 +0000 Subject: [PATCH 093/154] Update rcourtman/pulse Docker tag to v4.32.3 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 0bf43db..48d5904 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.32.2 + image: rcourtman/pulse:4.32.3 volumeMounts: - name: pulse-data mountPath: /data From a4ad288a15fea002d69601a007145e80b5c391ae Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 21 Nov 2025 15:17:28 +0000 Subject: [PATCH 094/154] Update mariadb Docker tag to v12.1.2 --- clusters/default/tools/nextcloud/nextcloud-db.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/nextcloud/nextcloud-db.yml b/clusters/default/tools/nextcloud/nextcloud-db.yml index 05175d2..40c48df 100644 --- a/clusters/default/tools/nextcloud/nextcloud-db.yml +++ b/clusters/default/tools/nextcloud/nextcloud-db.yml @@ -15,7 +15,7 @@ spec: spec: containers: - name: nextcloud-db - image: mariadb:12.0.2 + image: mariadb:12.1.2 ports: - containerPort: 3306 env: From e5495de524cd4a3f66c2f20edb5b40df8913f2fb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 22 Nov 2025 00:01:57 +0000 Subject: [PATCH 095/154] Update Helm release prometheus to v27.46.0 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index b099cb1..b8bf8ce 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.45.0" + version: "27.46.0" sourceRef: kind: HelmRepository name: prometheus-community From 8f59b434189036c4ef0bd2d7bb673d99099bcd07 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 23 Nov 2025 00:01:33 +0000 Subject: [PATCH 096/154] Update searxng/searxng Docker digest to 7914267 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index e491639..12827ae 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:6a4ca3058a439d96805b7340ae84dacce6ade5456c24a1dde0bc6415ad76c1c6 + image: searxng/searxng@sha256:7914267d4a3b91132aa888b889dbe0657bdb9e1af5a13eb6fbab99a94990c235 ports: - containerPort: 8080 env: From f8a6d7000853652bc6aee005cfb84078cb8aa99d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 23 Nov 2025 00:01:34 +0000 Subject: [PATCH 097/154] Update gitea/gitea Docker tag to v1.25.2 --- clusters/default/git-ops/gitea/gitea.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea/gitea.yml b/clusters/default/git-ops/gitea/gitea.yml index 40ee035..8d8d5bf 100644 --- a/clusters/default/git-ops/gitea/gitea.yml +++ b/clusters/default/git-ops/gitea/gitea.yml @@ -29,7 +29,7 @@ spec: done containers: - name: gitea - image: gitea/gitea:1.25.1 + image: gitea/gitea:1.25.2 ports: - containerPort: 22 name: ssh From b6d45999e14fecca3869c4eefe32d3571c34e464 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 23 Nov 2025 00:01:43 +0000 Subject: [PATCH 098/154] Update linuxserver/qbittorrent Docker tag to v5.1.4 --- clusters/default/arr-stack/qbittorrent/qbittorrent.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/arr-stack/qbittorrent/qbittorrent.yml b/clusters/default/arr-stack/qbittorrent/qbittorrent.yml index 3224472..cda08ea 100644 --- a/clusters/default/arr-stack/qbittorrent/qbittorrent.yml +++ b/clusters/default/arr-stack/qbittorrent/qbittorrent.yml @@ -40,7 +40,7 @@ spec: key: OPENVPN_USER containers: - name: qbittorrent - image: linuxserver/qbittorrent:5.1.2 + image: linuxserver/qbittorrent:5.1.4 ports: - containerPort: 8080 env: From dd12a7eba7c4bb4fbd9eb9633bd1811719547880 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 23 Nov 2025 00:01:55 +0000 Subject: [PATCH 099/154] Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.20.0 --- clusters/default/tools/paperless-ngx/paperless-ngx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index fd039a7..d1904c5 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -27,7 +27,7 @@ spec: subPath: redis containers: - name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:2.19.6 + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.0 ports: - containerPort: 8000 env: From d7024de63df16e36ae695bab063be6e14a89d8fb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 25 Nov 2025 00:01:52 +0000 Subject: [PATCH 100/154] Update dependency fluxcd/flux2 to v2.7.4 --- .../default/flux-system/gotk-components.yaml | 84 ++++++++++--------- 1 file changed, 43 insertions(+), 41 deletions(-) diff --git a/clusters/default/flux-system/gotk-components.yaml b/clusters/default/flux-system/gotk-components.yaml index 518c7e9..a44bc77 100644 --- a/clusters/default/flux-system/gotk-components.yaml +++ b/clusters/default/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.7.3 +# Flux Version: v2.7.4 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: crd-controller-flux-system rules: - apiGroups: @@ -204,7 +204,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -212,6 +212,7 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -230,7 +231,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -239,6 +240,7 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -255,7 +257,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -275,7 +277,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -313,7 +315,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1084,7 +1086,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: externalartifacts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1280,7 +1282,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2234,7 +2236,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2960,7 +2962,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3591,7 +3593,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -4417,7 +4419,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: source-controller namespace: flux-system --- @@ -4428,7 +4430,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 control-plane: controller name: source-controller namespace: flux-system @@ -4449,7 +4451,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 control-plane: controller name: source-controller namespace: flux-system @@ -4470,7 +4472,7 @@ spec: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 spec: containers: - args: @@ -4493,7 +4495,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.7.3 + image: ghcr.io/fluxcd/source-controller:v1.7.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4557,7 +4559,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5927,7 +5929,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: kustomize-controller namespace: flux-system --- @@ -5938,7 +5940,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5957,7 +5959,7 @@ spec: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 spec: containers: - args: @@ -5976,7 +5978,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.7.2 + image: ghcr.io/fluxcd/kustomize-controller:v1.7.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6033,7 +6035,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -8664,7 +8666,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: helm-controller namespace: flux-system --- @@ -8675,7 +8677,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 control-plane: controller name: helm-controller namespace: flux-system @@ -8694,7 +8696,7 @@ spec: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 spec: containers: - args: @@ -8713,7 +8715,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.4.3 + image: ghcr.io/fluxcd/helm-controller:v1.4.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8770,7 +8772,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9160,7 +9162,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9572,7 +9574,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -10049,7 +10051,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 name: notification-controller namespace: flux-system --- @@ -10060,7 +10062,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 control-plane: controller name: notification-controller namespace: flux-system @@ -10081,7 +10083,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 control-plane: controller name: webhook-receiver namespace: flux-system @@ -10102,7 +10104,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 control-plane: controller name: notification-controller namespace: flux-system @@ -10121,7 +10123,7 @@ spec: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.3 + app.kubernetes.io/version: v2.7.4 spec: containers: - args: @@ -10139,7 +10141,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.7.4 + image: ghcr.io/fluxcd/notification-controller:v1.7.5 imagePullPolicy: IfNotPresent livenessProbe: httpGet: From 2de654d80438d6ea30ec71d28f2741d85939f3de Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 25 Nov 2025 00:01:56 +0000 Subject: [PATCH 101/154] Update rcourtman/pulse Docker tag to v4.32.7 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 48d5904..632eda3 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.32.3 + image: rcourtman/pulse:4.32.7 volumeMounts: - name: pulse-data mountPath: /data From b85a042a86c91e9ca98acde008f5251e03329d6d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 25 Nov 2025 00:02:07 +0000 Subject: [PATCH 102/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.9.0 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index d60d8d2..eb5822b 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.8.0 + image: lscr.io/linuxserver/speedtest-tracker:1.9.0 ports: - containerPort: 80 env: From 1a9cccff64a5598719e94e5c92c28a3bf1d85f30 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 25 Nov 2025 18:34:12 +0000 Subject: [PATCH 103/154] Update quay.io/invidious/invidious-companion Docker digest to 9c6039e --- clusters/default/media/invidious/invidious.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/invidious/invidious.yml b/clusters/default/media/invidious/invidious.yml index aad1140..f6860d8 100644 --- a/clusters/default/media/invidious/invidious.yml +++ b/clusters/default/media/invidious/invidious.yml @@ -66,7 +66,7 @@ spec: - name: postgres-data mountPath: /var/lib/postgresql - name: inv-companion - image: quay.io/invidious/invidious-companion@sha256:4f2902d95ed38569533812f2956ce2b07dd883562ebc735260ad82513fac6598 + image: quay.io/invidious/invidious-companion@sha256:9c6039ebe1691e70c76aefd207b1ea2784a4d8d1a7c531cdb18e6d1317c468e9 restartPolicy: Always env: - name: SERVER_SECRET_KEY From e07819e09c60a5be901bb48bfe80d754f94979e0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 25 Nov 2025 18:34:14 +0000 Subject: [PATCH 104/154] Update searxng/searxng Docker digest to fc07635 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 12827ae..8c0aa9a 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:7914267d4a3b91132aa888b889dbe0657bdb9e1af5a13eb6fbab99a94990c235 + image: searxng/searxng@sha256:fc076352d72154feb1d8c0eb42dd5570a3ebc9ca8c6b9c8318ce545a8dfd1ea4 ports: - containerPort: 8080 env: From f8b0657ae904ec4103d1e11ca5abd738835ff073 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 25 Nov 2025 18:34:19 +0000 Subject: [PATCH 105/154] Update docker Docker tag to v29.0.4 --- clusters/default/git-ops/gitea-act/gitea-act.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index 48a6f48..a0011f4 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -67,7 +67,7 @@ spec: - name: runner-data mountPath: /data - name: daemon - image: docker:29.0.2-dind + image: docker:29.0.4-dind env: - name: DOCKER_TLS_CERTDIR value: /certs From d4917f2dc06f412f25e2ec9f4b67094617fa335e Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 26 Nov 2025 15:57:31 +0530 Subject: [PATCH 106/154] disable qbittorrent --- .../arr-stack => disabled}/qbittorrent/qbittorrent-pvc.yml | 0 .../arr-stack => disabled}/qbittorrent/qbittorrent-svc.yml | 0 .../default/arr-stack => disabled}/qbittorrent/qbittorrent.yml | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename {clusters/default/arr-stack => disabled}/qbittorrent/qbittorrent-pvc.yml (100%) rename {clusters/default/arr-stack => disabled}/qbittorrent/qbittorrent-svc.yml (100%) rename {clusters/default/arr-stack => disabled}/qbittorrent/qbittorrent.yml (100%) diff --git a/clusters/default/arr-stack/qbittorrent/qbittorrent-pvc.yml b/disabled/qbittorrent/qbittorrent-pvc.yml similarity index 100% rename from clusters/default/arr-stack/qbittorrent/qbittorrent-pvc.yml rename to disabled/qbittorrent/qbittorrent-pvc.yml diff --git a/clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml b/disabled/qbittorrent/qbittorrent-svc.yml similarity index 100% rename from clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml rename to disabled/qbittorrent/qbittorrent-svc.yml diff --git a/clusters/default/arr-stack/qbittorrent/qbittorrent.yml b/disabled/qbittorrent/qbittorrent.yml similarity index 100% rename from clusters/default/arr-stack/qbittorrent/qbittorrent.yml rename to disabled/qbittorrent/qbittorrent.yml From c6712de3ca04561698d26050f2be5711c0e609cf Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 26 Nov 2025 15:57:40 +0530 Subject: [PATCH 107/154] Add Kubernetes manifests for sabnzbd deployment, service, and persistent volume claim --- .../default/arr-stack/sabnzbd/sabnzbd-pvc.yml | 14 +++++++ .../default/arr-stack/sabnzbd/sabnzbd-svc.yml | 16 ++++++++ .../default/arr-stack/sabnzbd/sabnzbd.yml | 40 +++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 clusters/default/arr-stack/sabnzbd/sabnzbd-pvc.yml create mode 100644 clusters/default/arr-stack/sabnzbd/sabnzbd-svc.yml create mode 100644 clusters/default/arr-stack/sabnzbd/sabnzbd.yml diff --git a/clusters/default/arr-stack/sabnzbd/sabnzbd-pvc.yml b/clusters/default/arr-stack/sabnzbd/sabnzbd-pvc.yml new file mode 100644 index 0000000..0133026 --- /dev/null +++ b/clusters/default/arr-stack/sabnzbd/sabnzbd-pvc.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sabnzbd-longhorn + namespace: arr-stack +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi + storageClassName: longhorn diff --git a/clusters/default/arr-stack/sabnzbd/sabnzbd-svc.yml b/clusters/default/arr-stack/sabnzbd/sabnzbd-svc.yml new file mode 100644 index 0000000..fa477b6 --- /dev/null +++ b/clusters/default/arr-stack/sabnzbd/sabnzbd-svc.yml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: sabnzbd-service + namespace: arr-stack + annotations: + metallb.io/allow-shared-ip: "shared-ip-1" +spec: + loadBalancerIP: 192.168.1.230 + type: LoadBalancer + selector: + app: sabnzbd + ports: + - port: 8080 + targetPort: 8080 diff --git a/clusters/default/arr-stack/sabnzbd/sabnzbd.yml b/clusters/default/arr-stack/sabnzbd/sabnzbd.yml new file mode 100644 index 0000000..48c3d00 --- /dev/null +++ b/clusters/default/arr-stack/sabnzbd/sabnzbd.yml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sabnzbd + namespace: arr-stack +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: sabnzbd + template: + metadata: + labels: + app: sabnzbd + spec: + containers: + - name: sabnzbd + image: lscr.io/linuxserver/sabnzbd:latest + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: TZ + value: "Asia/Kolkata" + volumeMounts: + - name: sabnzbd-config + mountPath: /config + - name: downloads + mountPath: /downloads + volumes: + - name: sabnzbd-config + persistentVolumeClaim: + claimName: sabnzbd-longhorn + - name: downloads + nfs: + server: 10.0.0.123 + path: /merge/downloads From e84577dfca3bd761f0ca6ead0c10574cb899786d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 27 Nov 2025 00:03:27 +0000 Subject: [PATCH 108/154] Update rcourtman/pulse Docker tag to v4.33.1 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 632eda3..111b72f 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.32.7 + image: rcourtman/pulse:v4.33.1 volumeMounts: - name: pulse-data mountPath: /data From 75f9270afcf659504594b0ce3d93c9ce25b45f5b Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 27 Nov 2025 14:31:56 +0530 Subject: [PATCH 109/154] enable newt --- {disabled => clusters/default/helm}/newt/newt-creds.yml | 0 {disabled => clusters/default/helm}/newt/newt-release.yml | 3 +++ {disabled => clusters/default/helm}/newt/newt-repo.yml | 0 3 files changed, 3 insertions(+) rename {disabled => clusters/default/helm}/newt/newt-creds.yml (100%) rename {disabled => clusters/default/helm}/newt/newt-release.yml (91%) rename {disabled => clusters/default/helm}/newt/newt-repo.yml (100%) diff --git a/disabled/newt/newt-creds.yml b/clusters/default/helm/newt/newt-creds.yml similarity index 100% rename from disabled/newt/newt-creds.yml rename to clusters/default/helm/newt/newt-creds.yml diff --git a/disabled/newt/newt-release.yml b/clusters/default/helm/newt/newt-release.yml similarity index 91% rename from disabled/newt/newt-release.yml rename to clusters/default/helm/newt/newt-release.yml index e48e3fa..d5d4dce 100644 --- a/disabled/newt/newt-release.yml +++ b/clusters/default/helm/newt/newt-release.yml @@ -27,3 +27,6 @@ spec: enabled: true auth: existingSecretName: newt-cred + global: + image: + tag: "1.6.0" diff --git a/disabled/newt/newt-repo.yml b/clusters/default/helm/newt/newt-repo.yml similarity index 100% rename from disabled/newt/newt-repo.yml rename to clusters/default/helm/newt/newt-repo.yml From 14d2c230e62a95738918d479f4a61e4bbd406959 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 27 Nov 2025 16:15:21 +0530 Subject: [PATCH 110/154] change qbittorrent port to 7070 and add sabnzbd --- .../monitoring/homepage/homepage-config.yml | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/clusters/default/monitoring/homepage/homepage-config.yml b/clusters/default/monitoring/homepage/homepage-config.yml index e95dc5b..18e62c6 100644 --- a/clusters/default/monitoring/homepage/homepage-config.yml +++ b/clusters/default/monitoring/homepage/homepage-config.yml @@ -118,7 +118,18 @@ data: type: qbittorrent username: admin password: "${QBITTORRENT_PASSWORD}" - url: http://qbittorrent-service.arr-stack.svc.cluster.local:8080 + url: http://qbittorrent-service.arr-stack.svc.cluster.local:7070 + - Sabnzbd: + href: https://sabnzbd.${DOMAIN} + description: nzb client + icon: sabnzbd.png + namespace: arr-stack + podSelector: app=sabnzbd + app: sabnzbd + widget: + type: sabnzbd + url: http://sabnzbd-service.arr-stack.svc.cluster.local:8080 + key: "${SABNZBD_API_KEY}" - Jellyseerr: href: https://jellyseerr.${DOMAIN} description: request movies and shows @@ -258,6 +269,13 @@ data: namespace: tools podSelector: app=searxng app: searxng + - Pulse: + icon: proxmox.png + description: Proxmox monitoring + href: https://pulse.${DOMAIN} + namespace: monitoring + podSelector: app=pulse + app: pulse - Open Media Vault: href: http://192.168.1.4 description: NAS From 6578fd6b4323ce8005a66370bcf928cc2f8b06be Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 27 Nov 2025 16:15:40 +0530 Subject: [PATCH 111/154] add sabnzbd api key --- .../monitoring/homepage/home-secrets.yml | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/clusters/default/monitoring/homepage/home-secrets.yml b/clusters/default/monitoring/homepage/home-secrets.yml index 2f59719..3deaf3d 100644 --- a/clusters/default/monitoring/homepage/home-secrets.yml +++ b/clusters/default/monitoring/homepage/home-secrets.yml @@ -6,21 +6,22 @@ metadata: namespace: monitoring spec: encryptedData: - ALLOWED_HOSTS: AgCyRYkyN6jBUOle+ezAJNEetq5FsaAQepIUuVgofjbksG+XmnZaIchXp+r5AmgrZMg0ZTKFXNE1Y1TewoYinASFhFEG5yFLHVBB4dO+0qOTum209gwZwlW4q346Y+gh3uZ7uk2PR3hCB9WYka6gPbzKWUwux+IrJsoUXiJSbIaXWftqob3vVMdKBAjEUZXkAl5QRaInhvlGgCp8pZV7o23g+7l1pNO1HEiuLCPhLFOgRNQvM99U2WsXIuSp7o5u7tqZKM1SELXY/ITL3OVrolJVABedcjvC5cS6ag55usO1/O+smvaHlqpoeshp3RM5FPIA0sEfhsvYkB9bVvfRio+DToWFyBUktbXHPpw01nLDUuMuRe+wl/Up7zIP4aLTH87zOLEeWiI0/vT4C3B5eNVEm4vljU6+pOavFVrJiJ4jurH9qHWpa2wy3TKvhw6VEehi6V/RBkQ6vAUPzok7c9LY2WFA/K0wvY6cvIUN1o/vkZtuTKTvrKGDJZhtQnUjTP8DO2O5Rd2i9IEc8zE5nwwfqqMy/JqAoBk8MY9xVkdyChdDYtkhiEtT0U5Zu4y4EIvoJMAZnjUOPV5kTK0YqDUh48H16BtvihOnFAwPGPIjBdAZYlggH/AE5gkdZR+zwW9iuMz8AFp3qccDB+yAFCLURyoBdi779Yz4HxCXtmCh0LYOPNeUoIKRHTe6ttySZfTuSBe2z4lxS9X4xMl2l/a8lio= - BAZARR_API_KEY: AgCUuUvh/1V+pOnehjOh/aJ3QgbS/dPsdFYZ6pAvFG9hS3VvLmuBTvRD3s+uysqxn/yFgvmCpjZD3Y57ahPOXoBwNrO6veXX8xl7PcECdsqfzWVD2p0koJt7Ci/ezPYJrFH8vY7PgYAti3GlK4y38g3JqRz9iAF2vCj4KosDPL1s8xVIVg+eGV7uHPZtjMMCOXLyYZ7SKblEdaicZYck2O3iUZpB7jTlug9Vn1Kht0LxgSlWcgrauGGrr+CjpdfnZsiT+0CBiaAwJfG6wyXh7vb3HbrSCQHTjHt8/Z2vqSuC8l60VfF5ONwgbOGMCNxSqW4szW8Cg4nF0VBPBZhltiWQ5h48iUkFEgNGFh9kW9DslU6JQkppa8GbPffSDc5RB27djoY9O/aqtygNHp/S+ZiHpShAfVROFDBRrLT4UHcVtZgJ+99NHrZBkQXieuyMmvAUNwdvi0AjmvqwiJW/vCt+LE4mPbPioLTh0sO7ThSyqp7NITq7bZm/EbxLuE9tQdMJI7xXt1Qff6g/Gxx4ykMyZ+LC0HS43YtLysJ/jyF66ZFzTHb5cf/dACERUxs/k5Zh3N4/0SQTqOO8EX4XXJzMz8rr9ZKpBkDPaQqhaKPwHi/OHyUUikDVCDKks1i190S4stbJ3JtZv8XTDTIO2XY27gyoSuP3fOTcmKdpCwZ28LkwwKSb9JFm14MSm/w1+8eewPsLqNoeKPsuhXj5i+wN/JjgMrEvh26mifDTSj+EBA== - DOMAIN: AgCJ5tcgzz2DqiHR8P8fzUE1/zz+8J/jW5/DMlrCJp9y/zSD1H2H4asGd/txOREfZXHbH7pWOe+MUjYtTB7tlMSs6nRY+Ng7Eow5MbToS8r2US67dk+d6ZYMZTCwEHtnubBD77wSHAx319CXyB5YIA7OBQ5iYMLwT0QYYWlfo/m1sG/sbHQYKJ239IwYInE9fonWOTw/7BxteXyyStpPSbxnZd9BfcjUhjh5pNv5Js+ip4LKVE9CMHqxou2cgqIfiQq6ul9l6mzB6D0IXXnaU4KUxY7utHZVGVjqZ/mefjtShgJ6zJYhOD9GUqA2VxvVf9aioHqHfY4rsqVgNLJ6w9gDf1XW9K4cvz3+ays0BhqeqRLLc8lVd51Q3lPs2R78MR7g5b6gryLKO87fGheY+WtqEAOhlq9GgrBmXSelWjVc0NvTY3S/MJJLooG6ruhTnOxEBO4wrQzNjdZ6iGUUZfsI2pJOREcng+85sUDrAlfLZXT6KG2m8HjnEKXYz52rDEcasOfuKxFsi3G4vk/YP7RFIlw7bMJujFiCtCuEXeJ/pZmSwUU4ikAGo70Ha9X52O2xevXDayVxnyN/ARXnex8NaD3BAKUcOt/tLtg9L1X2is4qlkUIYOV6SuRtGtXqZq+2uOiyWCFSUXSl7STjAifl7dmQXOVFNBzTRHP+sre4Mc58rXpxvi3qneZupUX1qV0S8FfA4qzvjptXThiJ - GITEA_API_KEY: AgBoVWmdNBwzRUp1CTplE7VSJZc+VTGv191G9UqeQKGeV5HIUyF9Bcd7+49uQ/0PfXJkRJFLn8vBEm+2CdHElvDn72JwhFO4QNklCtkQAecVAcHu+mHhU4JF4xoJzpjiajT64yBKiJpyNf05yvBmaByArAcMVfRkp57E6KpiVDQ67VNTF80qV+Bwr8wXYdgb9YFpPVvQAGg7n1Sw7M5xXk0YHQrLAAUcm5UF4FrvOY4FiG5evPvNsoVn8utRkOYUfgAYk95NilLjgZpC0v+sgX746PLODwKic+98dzzMeGCawTWLiHsQWIll5OOVjpGi1zVql0dUM2uJcOKSOStGFEqt8CrIqKI3JhA1k1fB6ro5i+WjW8cAf23FnyKzv7EsVGSkUfi2ilZVDUgK0h1IEAjy11iCjIkv0S4/muD7RWU+o13ExUUgViHQFj9ZgRCD0qF9t902bf4o0ZDn5hUNFGW0PgvltU3LYT1llNt/CZePkEtJNUkBO9GS1igri1vZo4V2ZXyjD47XqfWYIXx24oUAfSLPV8DorjorsWo50YqSNoqXoVyVr+oAuCiJQZGJ61HMFZggy0nRFyZfMZE9F6XHML4SdxW2u+m5teq4NTwnGqoowubgxn+9nasKw27oPPAcs3Bk4bzlnaQGdV5FgCt0yQqDtLTO/yG0CatuQ/WIXj1FsxpCwYL15hXmXwR2jkGpRrDOWxVXrtWUupXxzHRc+5GOSk/TNDI547gTwa0Z5Ez5Rkm6U+fY - IMMICH_API_KEY: AgA5J7L36M1XYLuwpRsdLGxLWh2SPdHewfueOLxlRoSL7ROz+PfXxkLtOzZVuu3dZ7op/QRL/yHt4YimIVHuerPCePmPxGovxX6a47BNkbe6kN+1yG0kc/t/EoAuwQqf7tGg3bBSIBf/opm7cy4Av83imbCsktwbjfiiu+omdTgiqB92bizWu/Av9FuG3f9i1WMX3L8jJWg9KE/IuONhfRzciE4K3r8ci6G5dIMGKk1WHGDGZGkquw0NWFk2dnRIMWKKB70QynfNcXdc6FRZRx2mZtXRNyWcbu+kvmC9LlcKWbrsrMW1HtN/+3CuUQvkUZjbQo2V97b5/zITe3aJGoC/Pjxk+uvwklhUD346Z//8tZEw/Z4FlZXOjyONIqs9DPx76bd5n2fc0mk8FbEZ2Bgj2HLtq6ZrCR0V6R0KwF4gIhV8YTMc0lYAWBNhckK2EEb+lN9etEDS8PJH7PI46QuFhi1xrP5W811wnzcqf3vs9O3JeFsX13/m2IokbPhc3hGVFyVGfNHCGENT4lfirN2Yct9EGkuHYMNWVpVKTsSQWdT03dJmCB84eKyskruz0XGukJIt9OFh79R3aeXVZB1JIyJX5u0Z6lFa4XGqGFKovry3JP7hGG98UNPMTBxqF2Ngu4Ei5jJ9azifF3oup80lq9bS1Zvin1AhAnrxW5m8Q2z4IKdVXWO3w80/qOBDmVzlUMuIjaEVj/zTZMZhP9QmXax7c8RO5nwW5J4x/yFxKNbnwF3PgsndMV0= - JELLYFIN_API_KEY: AgA7AncQWkgYfnBTLUj67lAYERi9AeKOt+UY5sk0pyVVIzrF62qZ6X8T3owLMFpDqYNDbRKMlqHNgbMjyo6O1Vj0mjMB1y9bPOfjjNKUEB/iI0Cxk9ZpoArEqjj0u0Yyts6Od7ASQ1JK0arkhT47FxQPBAqK/MMV9b8QOICb4/L6Tv5ciboBJHsiEaJnXrF2DHnc3A2ongsSZIYbOBvR6s7r7t17MNrOuidO7DHF+dw6gtIn07c3cKKmlCbQ5nDeXkRBk7fGR4jx5VDs8DdbaHxMCDeRXNTCT2jZawijyqBt8M/IE7CpRDeY4XKIVY3i59k9IiD5J/mfRSGmlhQeHvQQ+KbrumbVd+acNdABM3Gcc6qWPjZOJmmnl3BYET3uZm3yWAxU3FbKMhqyH27fySV8b+Eep+HqshiSTekwc6iphdHqPo1aW17xIxR9WJyrQycYH4N1KsDOlbI+T4HbAbXoR3obPpEbm9LyfXGp82/cnmxX5Sr3bbeBzjQ9BjtPTjsbvqR78nGktTVjwxi2fOdArx40IGI9dU3MEbxG6KP3nUHosAmHGcgpeX2tnKxCGChoEDB1AoxD2DfNiLK/WaqmiH2161X/+zEtki4tboCopO7Eb/dASJb43ix+5RlvxC7wS3MhLrzpHRTJogGdfN8OQtpCkkxUkWa4J1uEht6hqeDTagRXsP//SEJLFCt7ovuvIJrd37upn0wnEE/DfO6b/i97BcW3z+DQkqsW6nCAAA== - JELLYSEERR_API_KEY: AgCm/zo3jsGo4d7aWb7q07jfMnpwpdNiyp6Wpc4FsIhLmnaclr2+yrNC4N3nFvRK6h/s9nJaRC9fDXUQ673AcNcSujXQ8XzQ8SiS/47T3925ZZ1ni7ZJkpaxV1bJK4X8puq17NZ2XEUntdTNUtXywnMlAw0E/jEFF+um5BJuvwAo+cvKLY51eHR9sjxWCzrJIM3Ty6CjX2sixu/r+v9mtFxI3gnSvg3yw/bUXKBhYK7REPiIdlAnzX3Muh6IxB1Ag5tbSJJFMeJnoMXkvoEDfD7aCC256SbuPxr2skzQtL/Ai+glFPy8xVo2obgj03I7hHUJVLqi5lbYjO+gLTjIGPHSEmr0nv3/IKlxJDJDy/xzMwJbnCa40vtKmfvQLCR0e0jNfM0PZ7qcxx1UZTTE6Yvku0wWDgda/26fS4UNV/0MXmT9tjDK86ubJZwwuIDqMPi7H+HOFF7t+0O4OK4avPxF0G8xtejF1nhvAyGA0176qjeqEbo2MisNroc//F+lH3uSSaMa2G3BymIqjdVfBuI/RhEYpad8gFyu+/oBiGppfzjrz9qWLL+EcUyyarRMGNUPWAxgCn6wKbLc/OurfIBoXvZINucavo58S5OY4Yw4n2Fvff29GTszl0pzrOKuN1GisxdqsMvUsUxQjuf/HAazow1NAcKmj8pzVxlKvRDYcNzzkuvXI0FEoSB8mp+z2QAnzdHVvSHJlKZn5PBSKfQU8B4LKcZ3FTB1OETetqgIbB6G5Nfxk/Ibc/BD2jdbpf/olLQjH9zm8+UGFsgdX/ILRaZRHA== - NEXTCLOUD_PASSWORD: AgAQPkQEKvy8CzRTrpfxqz5YswiZSLkkzxf8H6k9KrNJFRim/qEbmAyyC+JdMdnuJMT84j5XuDcehPc42d6vfm+YaYF+cRA3xP/xkyyAB17UhLSJu8Go/JFqPLNcxEBmSsogh1MXUU2TFYl1uCQwBn0BoLjdBffEKTw9yL0Izizd9VbwBCNJFHWv5PMkcdquBhnfjNhb6fH7667YdCMBY++TVQ94X5AwgJrZgV2+C2b+7BR4QNmcCzevS3ahBfZFvQCVAnPuZ1Bzs2xKZw0eg77soGCXCh2KG6sjjYIx7+bPPMjRSxBOJYb/e4HdpDDscH27F7RYbSPdQx/+Xd3cwu7BU6S8+px/1RrX4w3HvpxjuSrelBje5qD9ezEx8+4OqQc/sd003j0pKJdv8U0V8qDgSjenmd/xujkgY3ooKwgj3cvdotR3RherUMYrfKtz2KEO0nfRH0nlwwkg+X2gfwTHRnM2ONWyLhuomwHRHlKH5XgPvjqQxm3wMGsShEXBJdQiNOHwyfcLG352dOFP6q2wRr98h/7vWZh0b5eR7d5rJmy4k5XF5R8auYkfzHGAUnDmWIhJweHmQJ/Xto2p3QjJVUm8ToPOYx/FDdHCHwf11Kz4qJIk48B4KKkr/7llwmw5/iQzvTyH/U04TBnltXosSbrndmWYm6fee+QbB9vVGOGdVYvCcISdmmjMzNuuXgoHpEknDE+O1P4SNA== - PIHOLE_PASSWORD: AgAFZHwzPUmNfWBDKHjdhmGJy4l+JzvYAKZ/95dmmNl4lFe9t8kwixy1gAoyoYHMUywTwSoD7HZkRqQigDrac0xyS2B/zglKg6MoIfGsMQ/WWGsHCZZLEt4E6FhSdz8BZYuT6aBtfRlGVI2Uwx1jfoO414LClNiYXv5mO4JvitQYOMo2tPxU7z02RZq5ZAA10bfC5yU6bbvNH+tnSWbmVVchptaYk9ssbk6TWtOu9oMYY9+Vkhyyg0UgVRTnTeBW8pA/HB6JsgCxwnXwzs+wD2LtO46Ev+aBrWtYAN3MyyeevGd41JqjCXowjCwVzT6SzCDcsN2NZT0EtHc7DwHYbrly1ZzMmSxRFhvMSDUht8Cfl+C36aBXz685rdj/+guzH+URxmMNXkUsoFXEnyvrrKbQnfBpeMsT//3YdO7Pd5MlkDwvqiNMSbNuZh5REk1f5XYDY5hubGQ1KMDxAPgEfPKOQSh+kbLLE5LOe9OngVrdEgY25nYYceJNZEE1z07biMQAS582QAyZjUWd2X1tzPyKLCLxkm8DC/FSkO86VTjkN3egJg+8F8Jn+w7mCyRlfYHVNzWxQ1Jt4sw7x9slH7Py03GeGGEoBsxG100RWMQqdiBcrZcow/psYzFaGeGvwDZHgQkzFpSAJTYcWoEoowfoFdAfxwEXEbkKf9FD+HQom5rrm/a1diPQZ/U3uqLmNffo2oaXGwad6jAOEQ== - PROWLARR_API_KEY: AgCj9aH1N2xav3cZzpdX7yrudiiwr6+k0bJwbUln3qkIviT2XrnjNOeCk4mridm25waYzIMGaoXe2qOsMX7xqASiSCkYTpP71RkC8XWme7SZGkpcuG3VZWr7PKhxHtSTKFxiHp+Dh0NfIFlaqm5bVRZMCfBVjjkaJgqOg06puyQ89ILsFvKkjLjBhYWfNQ9+exaFoAt6aZEbTjyENvjMnMdndfMcbM1UhWAVVmM6HAChlpg7nbrG4/RIL8I0Xu53vUF6WKslZ7sInNVFm8xakUn8oPBk+2quD8BqYgxp7jAO9IJUOskCkJYCG9Wa91Bn87iI7YYti1cdtFH6xYgx0tPWXZ6A6fShSB5ItWVvoZb2krTbdMC5W97yV9uQ+PBRhOzYslwLA1Wl3oYYfd6HUFi0i22UCG4YiZH9wSKBKKSxHVB/5IIDIMHhEl3kFVv4U2IP+UkQf14g5bIAbm8XZwKBlIKNDAjKjHHT0YQemmnQeRT1V8rb2bk6XLrhOAs2zE0hyjcYc6UvIz54a7Yrsxnu0qOauIaWtea7nNLCJoOoloYaBN8dsOxC3cElHVnay78psouaheMTkl4bd/raxoQjB5MeNXJgg+i57NC6XAYQOs+2HXrpRPkcWNn+SK0P/nYG9H/YOC8luB1CI76iNxETp59B/rsQmS99SNdT+pMd6NyuQ1LV83TPbK+N+GRUEAFk3PpvO2lErVbV860fXtMPrfzzBKlBxhh0gSIa1wcmNw== - PROXMOX_BACKUP_SERVER_PASSWORD: AgCVMXSjbcMi33l/lAvSpfK0hZIiem/BsAsytKLAgdCkhidl226OWm8zaecQdkE2lCLIJ9TBvk298QO7vK6Nh0snTTfJwTLDgMM6P5HnzwjmVG0zAYq0k8ilORC84IP5tKxvoK/9z3S7NNOi95aU17aMpugHRQKyAYEdnn6Qz6Le3cMc/asXaqdwxN3/jF8AjWcGP9kve+9sayiQDxeCoZD7HP+zN8UW1ts40SUM01wLvoMMVFWp9L+tzbxP+QogMIn75/SPhymRNK5YZg4Nb6NulJ2iQj7K8qPp1cwuaul3kJO6RD9QcSV0mvlIafFkzoISGSq6VFsPIMOvfGWS37u2aaBi7v7qiC4kudM2N3ArXyDA5aIWTbKG41QgVRxzwxkKSBHJWnUx7ZXyzldcAr9Sl+U6RQCATw93/o9JwAo2D36yvn5++SurfBP5GImGgI1aVNX6FbBeKUAte8sF7VV4usoeTdDQ/BQgEdaqtTtbc9+jv7G+6KacQcDvmEXN2L5cvw6C+KShEX0F8CnjjIoDg2RhzmGzJp4aWRaj8KXnqVJnlhpBVevoyNb651/eGc6c4ekj70drC/qvyM7EHPq4Lj/c/slsN9VxoZ+hjBNTM4G3eUBm2TsIfcmw03YRTd8Rl1iSDF41zb3oZe2167OGFPdxMqahZ1yqSSrw633mJBIz7DMLMbr2Bpt/Vb/8+8IJlBjhwOH6EViuQXuBDH+c06GWj7qzrG2mle7ZPOWDXzpo/74= - PROXMOX_PASSWORD: AgBQo8cxn6yQ/l6OyQBc6LJlvY46ddDIDVc8UcY210eGpUbmF7apcYp7uf62b/Z3qgZCTcfimlOeMTWnLqlWAHkp5ARE1H6ou8Z/X8kH7aaYoGR4mTlIaIASvkn5WAUfsnW/+AZRoMkwJc0l1Ns4XATbn7sMTexVqZei407iW8/yDshVsIbnv2en0np9vBB+cHwkjfCrJViLxc8vKhXuxNeJYG/w2qsnbQQeiAYFQ8KtC4J3J6xylVSLA5Qpur5r+XsElDSbxuB1V2R9BPRIz6pIutk99RhFeU1xkDrcyxYUBbiWg2w0c6c6Alp5GtkEQs+pOSpoaXbpBUcRJq4FEWPRt9mFIdtCtP1LK31lAL9K/Be+i5pHr1glCvtGM/IaFtgdU+LF7V1SxEHB37sRvInbsf00RN3rUUFy3lOsYVx9RzsrFLjFufJ/uZlYjiMoOUQV93v05LtBqSQhLj8IHGLuPUSp4c81sGKnyRj+j2Mp2gVdxmg0mDYZPopOpE7rh1s6F35hr/dYzaKVKCUo02XcmextvOEbmdHvJwsDeqmntbUh1C7aXN5wG4XXtTJkvyTvOA81wZxlkMuQHRnB1w6lUo8pGAbdTd+QIzibvnHbqpOEi5Z69GYfF8F5lPEEFSsidobu9ybRAGfKyAM/F3RQa5t515UDNJZxRAiEwaNukS6bI2/i9P+lj5EEisO3vf533cgpuDoersEHFaByr60vAz0P1/0WbfFnVs2ckBOlBq0JJ0I= - QBITTORRENT_PASSWORD: AgAwLB/GGtFpjQKwRdlxFjp5+r3J7UKNAnz86KaxEEDUyBrmed0KjdXskX5HUn2lbzktDD94MRCbez4mVODr2XjXunzNW+kY96qG1+Z632eC19FTRv/Ve4TVOOx75DVsjWp+UaPUHPJUuh+ojPER8IhhFNi1Yrr6EwljnBGSP9aKjazi6cAIYgcYm+n0UgMWOwVJ1sJiPB/EqJY7nh8QbnwxPIDL1lSuSq2VAcAUIAKDzT1GUYDux1BVM6qVaHEt+JVS6pa4Gyi3ArzfTYvX1Ph5e67BdTpjXoNOBeiQLLcrBRtqx7Q7WmoC1jsyReZRtIOvJzbA3IFYUuHgqMYD/sd1roW529Z7IHWmc38pEdbPS+VuTLw0Za1Oh1mFKTDVFepvIa97+aBOK1P1JJA+oFy3YSdk0pcjdRQ88jFLYUcS3IKnTi1oFNPjP5Y0PDUDTIDFA/26lTgEfraaHmCeEZ5vZaQr8uFQ8bsghpbiQAmIzLhg7+XlcGMcOaTWFtPuui8XVgmoStF7pCoIDZ+/RDXqAJ4YDZCW/Aw8BrIh8H3tbFGn+9xt4XDmoD/ORcwXn4PhAo8QTajnrsRd2z7zhK2EO7vJND2YzJ7Yi2E7wbBddUQApg4gTt3h+IO4doxNiRH+1SL/fR129Ofh2icofeQa4AugJERJBXz5ySOJkGz2iwrgQKFK6nYGkJQIqwZRV9nuYy7uq47NigSB - RADARR_API_KEY: AgC9iADuhEDNFW8tW9yl/Mut43g98t6xGe2TwxDubHRYUgAloJXbWvSh5LYW/O5UytjXoXC7XqLntqKDm2JOl1iKjtsXsHFM4Gyt9oPebfYdgMD2S8UZR5RI/O1gS81nerOZprO4ad6jzP0i5+wFf5q/7UaYRQuhaqPrDy5ecBwgdTHJTXbiw1UVzeWcidiyuTI7rKeUW7oBHbRFWY+7fb1M4kv+NWJA/BozzlA4NvtRLoaXQkPpqj4BqYJF5jdL9jvj6TuFZd5uBFKY5urM4jvbPM+ZrpRx6QM3BdzG7O4rnaVPUm1+O1Zkv3UJn3mx+7+h6HRzaCti8i2HklB8Qo6kAS/geBdnPwP/bBMfdfIhvpA4WUeGJ+Fsr3pmrrB07O2RtNfnrtAq4gy7Zx/e5TbxZm2QUNcWDTKHkgFd4UZQMDDZL0BTNOYCW+970Ozljh9Q+TlMwboH8fLwllvcjomkINKEt/ljwJ1gJqh2ioAe9SuGFw0X89pR7tP8CAWo5piJPZ1f/CbjJmL4frjE7NFCH4hWTQMV6x9Z5uDnu3zEuQDIlV692Gkrh3XFnQsBmWheR3ASoApP64gb/HVg5V/rZM2bP7+HUKR9S1A8ipn9M/chIbb5r07Q42iPsoJ9KjMB5v+IJgZX0xkX2API16l6rGib4/phFbCj+Yvl37EEwyPVvVlYi6G/PyIH/sAk5QAGVUteh1xENpG/1MM91xMxCSwaVN/1XK2HgFIrx04jJQ== - SONARR_API_KEY: AgAOgN6pcsz+r8JD+LCeytbSN3MM6qu+fJlfBWV/CHIoqap7HKTpny4jf9P5/sCXRuoNvqhECnGic6cn5HTukR6nbt+/J21hBYs1rQ99l1/QwF69x5K/6N0tG1gB8dD5B/ELsJO0bOask9yl0Bg5xj2gmZLXVRXMvyZZLG4j4+yxcgdaZbv7JbIAPQVxLkR7ijL7ZCir3rjcQ7DDDvjTNFpqYLgLRAhZ82rlMH3UB/pXpNu/44bnJ20jzwxwqjym1aVTL7YjdBg0w2Po03TnAOnX52Cesug1Q0MRwInrgWF7xPOqufd3BZOSFC5LGVVYyhc3wW/ZfvlY4U+bxy+WNUoJdsoWErW8MkmV7C9qN9v7b8jP6JR5r+gAVvw7reLo45KilxGek3ZHtzzbi8t+9KXJmyFVLhrrERhO4qQTFZKOR+6C61zSg1C1hTZ9OxRVbGsvHABo6TB2BOcctMLZBwh7AukPqBp4JfHWxmXEBpZhzeKKw/+x01c79V73BbowweKrfTrVrD/i9SW/veHsG1aosLSLkJhTNvH1iyQC+Kf5HJgQKL54yJWbS0dd9a7cNzo6gCOdUTsemGRK7/kA2WbOK++zJ+/j804K3JLBKsmG9qb+xZ22KJFsWg8A+Mx17CbAE7DP0AKhPxkOFx9b8ud5IhwKTQRt4JiLMpPpSa1Q2lhXEjGtyL0piBKOqkqBCxPPUJwHdEa4y0y+tGXshV9khpSb6hyHXiHdFzbXWDI7NA== + ALLOWED_HOSTS: AgAUKCAFKds1pbbKlF45HLQC238Ueg2kaS83tp23uE7MCUrzFDMF8OrRwVg79cLFcQlKVMNj4FYHqMpkRHfueOAN9shIXMPfEK+IzQvzl4r0cMopuuBRumq2/ObGOLudeK3JWQm5CygmRFGi3auJS8EBD+a3xGPJPlgb6b7J7SrMka0DjIUZxLAknSVLP6fI05ZUQjnP4M0Rv1FaO63VrXOhQ+1boReiuc0mSFA0HR1M+Jv3NscUhxx9KwWdJL3igH+84PUC6JfvFyrY5E+V+HVCf//W4yIT+tTiWIQ03ySCA3+Fpdsm+RqvUC3Hqpf/CC/HpTx8pSLeVYFT3Bak5OgQNen4HBANwBuns8CJLMKKLe7OQfluzc81EnGjcBOYJRjZTXIyrkvLBsRdNodK/ho+YeO65f1ZOZVVL1XsCa2R/YemvPiRYhjyIiCNNi+HSzDUwc8hSuO8JHIO6NK+pswQgL0IqbGudl7JOJzcbEfpFwV4NUZLbO/McWpr5h/L0ZHmjf8weD52YKkoppjLbr9SXPRqGsHQkURoVQcGEerd/+IWWeV/6dT7Do6GRZGUWBuiCuxnXFgVnkUx3FnDSZ9Pd5nj5oGKrhzs3F89aeD50FkVEoXhW9FTXh+WPwfzyRfj6UyhthUE/sjs93aghjXqKrdEcNE3aUEQee2FTEQ0HC7XpEXmYnjqoD15kD/+azBaCeyddbVpfZJ9eovy+ribwWg= + BAZARR_API_KEY: AgDFkohbhrDZ2yYGHRCmu29+jqwxjp+KVIivRMiCMoFGglFA6HZYvGuwpNtYH8uFCmRmOx9ew8/xzhGLfsjye7Flnrt8FZ9l9MvgVVkSa4YaQBlM9mFx+esM4Q0B4LUoswKD4+jdvqAlEB427TZLYUgeZ4EMNJnhIfT+HtlRTIZdSA9i8GzFu0W1FyLf/KyF9IUtn+6sUAuHBpj0aqiYxyhkW6jXFIQ8suG8PpQPWsXKBotdGu3tei0dCsCs76phqDFONEWlhhpLdPGEFtkfF+HXaf4mZnOUhqguKVMPsmjEfUWOm7KWUqF/ya80k2eSXu/GT5FtofISNAsyth5iU5F/f4QdJaQb1T0ZMOzVvBURD4ddCEAWI1v+Ea+P/dvOEULpi2QN6VSLSkUagXgKJV5CKEDKHJayw3lY2t/8wCO3qvuNgl8029asuAML6MYSnI5c3aKcDbIRyEgu2j1yJdWlS4RI/2u+Ga0pWr5sC6E9ehufUI8hdcMe5dxlTfySp/rgZ9wV7c42MgyDsIKsUef/8fN2WlqVMbiocS8eUYxVrjTgUhoaDYgaGIl+ex48Tz14OH9wCNtUfL39p6sxKl1XW5slUz0mdtnQoOajdSwGRfVCVeACiKs/jTnsAM4DEy0Uuz/q0l7SH53gN/8oQNAqEgJbVwofsC3Ka5EnjZEv54zcLQuya2VojsR6IdwRK6ju2oTa7kvQZiL6GrF9yz0UDLYo7iEJsk9Bw2J5fAGxQw== + DOMAIN: AgAKkN95LerXHe/p1CS3O/foK+ouRxBVwgOpinqC5Rk5shz2CQ8YYR0AsTeh2mN2zHYB5jyrAdCTxsSGbe/ZbwdwWm9MiDKHwYZKiHI8UazXfIKm4sFLlDtyi57ChdkQLzHALvnAILygMzSGz8uZjJDan88ByeFW2rTqYYQnylbHJi0TTIeOAGoYWbxD6FdQQbG07DYLLb/1gSDtDoAV/omD2xIOttii8m54ZzTzJpThCZWVige4Bjdl+h+BRCkZJ6AwMRrXZ7hyb/0Qzo0LDYog+TYVKaX8jDnIsszudGlOikVtdVhhu1OeLYB+ma7+zYRC0tq87LryFvSc7lR7gMh2QwHnkNmqsWK0MuXvg+F04i+xJFcj8wpEUKH4DvcApGRG7AbYi9CCk29O+jZzvbaEVvO571cIaJd1SP/CtBjiuArVU826IW3wNxu9Wz0bOtZEkcMMqdst41Q2d5ESm0LDFlrrHZZG5Bc/2NCCAVMjiOgsRRaGLvLWUwaDoZO2rrmx7q5d6plmTplmNS2AP/TVITdpG4MIKe+VtZ842uF3tXbeQt7y624c9db+R8wSun5QPZ1nS7c9m9SRi+dIe9liTnaeNRw/HQDawwwxeHpYWEfMKjRYon7JicBV0EL5/HAXlrhOEKSGgGLT8U3zeLT8uvIcBpU8AcMWJZoGOSi/XTgsI5jy7H0JO6B6OBd4nGlW5N0Mrg1B9RH1Dp0X + GITEA_API_KEY: AgBDJSM/3KOBDpL2u3aBUWP4Dczx0X669QmNb7bMDft7UY4P07MDIZGgLe19Gu39nsFvp0La9SGv7xPz42jSwM4dB4vEifnD98b86fD2GdVMTUwfScH2E6KatNuI4f713kLFryYqBGxcFQ1ka/2MmXUHaEwo//MhL+pcVzaK/WDej6coGb11Cp51W8R2OOxSHr1wToErtfOEn/0ucVop01QrMbEmj3dnuGGAXPZthmZ00vTzuUfNFJQqKEboNE0kt0EsqiAdHCTdYyRVFOEMMjSgxYecfnn/nJ3feXRimVdspzRAm9pOclbASrq3KUOmdyRyABAfHW2HZq3tt8O2nAE2ZkQ7o3+g0uZkgclq6Duhnehn0cvcUzfDkVKuzz6SAMVo550VsvtFVbmyu3RgzLJXZDA1UYooV7f1PzEL8ejO6Y7FTfr6b+0sGzLGiwBDpjJsmVFSdMvVnJ38bvwmyOQxp1CFsmNxY5zlQk6vjQv6A0M/hZ8K7/E/9oVw9asfDeO9Tiy43IQiyn7egTty6loOSXrNwb3shcndctLyYNAt0wtmyfWUmoQnbpd6ME73VSf+KIpgp4ypiKMY/Ec6bUPYxCl0GM126pg8UPVPvBcB0JEL6+8x6fsB9z+kqfIohT6gzekdPN2FArDWBfoBg0Tro2uKAqEcpXROGfjSDe+NMWxGeTPCto5bBCs2z5VM6IiDLe6QItfy2BOsAqIaYxgrhvHdQK36Y/KvhxTpqLtyeHVe7RhVwIvF + IMMICH_API_KEY: AgB302QdlUawaxR6aVH5HhOlHWRIHtievkVaeFecOWwH0+N2hUvSFt0N7IQQD4G+cZFjoIgStHuAuaFFvYmDI8iw5523ui94nXFKXJ04Dz+/4IIwl/rzqEWBVLI/GP/XWsknh9hnZtaPTCSp8IpXji6+k4ZU8vPBQFVr9IgdXO/Raz7yzGTEwP1rNu3mkizVn6RWuy4LwLrPxq4tdJ2mVN0zqfaSpQZTPBs0AbMvtN7EBfNTnnxqHFMn+Zqt/EfUHkhMwHd9bAop+XMDyc7eoFgwCtGZATV7Z1NmQX5+HKGIfIONf7HVvygCWqhKRTn7fShQj5W9/kAkKm98WfyPrCerF21fid9sCYJ4u6p4Jhzi/sqKV5YPhNTBD4d8p7dRvo3f9U/aPj/y8IpIrsXDhdquXOypN69YNKv98R7bqdcuZ7BMd/B447byR2MCe3F40SsQwmUr7jHAql75q1F4CMjcUMIUGwN4pxLTdOTmHKSdHaN9VnmDK4rmfawph1iE8Spx7NS8fxQ5oLUPat+VTENHv7agVNvrowcxZIAtT1t7EMe5i5Gqr8pzddg0HiH4DfmbKtioUxfrGDr7rVpHHgirm2S/KFGEJD78hc17QYUQIYtXYL6DB6PZ3cZ6nDq9R5Y1QuTP/cieYfLVtPsmBq85WscFWzzB7cc3mKvmd6gHrNZ0ldxpQZhsfEQohRAjEF3GQKhglbeY8FIIBOAOaDoch/qCr7dmDJ6ARz81x5wBwAajmScHHD5bdTg= + JELLYFIN_API_KEY: AgC2gPgvLMIxZkyvGJvLXqFOTDOiz3PZyt2JVAlQaqZpDJf7gsZ0vQ5u4CeFqgB5xLYYOuds7ShaRhqopFC7PO/YOVRRthU84AGYBBer51y3Ind7SwHzJVfjqcexkuqh/an4wqWvsgl2ESu5kisii5FIgMEdAXrnq77/E3Qnlv5Fw6HSl+MGAX5rw0sGzAhpRMCCDJFoYBcECXIhCKnZKfTxE1TQne+NPmj/oymvQGCY3eKnv0LbjdbFzRHWWmfK4QbiC2L8fnrZ3Iuumhorjb2u/aa++21JwL9UfvAhaioZn/KAbVTgWphQMARpOZBw9kfvU+GLW3I+Jkzt39KYFhgT4euce0LwgLwdnYjw81o+CsS8U5IaVRAuLNCwlcYkWLmg/R9JcwyjznbNt+mYP1iUPhpiLD7n/iV7JtLI0GvqSZHohBa9Pu5gNQ/+NN4XG3ujaDRvjVSdfb/ZTxnxWFgpbEjkLDs6aLnjRkGa1aMOczli5GRJPJ65N4oBT2kTSz14Z9LqF3eeiEb0HMZcvbIe/WGguPWM/5y3jcCH82JDUJNBeEOtgm4UT8zWnrFRce8p1CKy/CPeAjTkoVyQJ8hRRv6SsKUNd2Vqs4FP/PrvfdmQxNZcUEithuZ2afrXEshg01KORBm0g8eWoSXTrKUFL0mdsoHGLrzB6U56FJN1+L9FE6w//qbuxkP703NmWeSiHLWfk0hLrEt7ntczt/ZCOopu4FX/FKKnhyN7Usp9oA== + JELLYSEERR_API_KEY: AgAt/JMmEK2igQQmQYF3/eCmoRTh58GUmA7F7jfkzmjyswSljX2kyRSC6SouxNQ+NxtqoQ3toJnuc2twN4g1uWZabRZf9nNxlFYswItex7hWQela5YMGXzvkhk+peStfn3chrWqrvUuFDswK907tf9T5jf0xA4ZIglDocckLH58zqFYSPin+i7Dl3xN9R1Y7fpFDMKjFlnZ/6NvWBLd7kOBJtEfxxFiBIPpBc0X8ygQWv5v31DTVjaXOxglAtS2rtf4DUZYadjAGFCZ6M1NIUHg2Uwga/C/uDAMBjN/umnsrDDjS9Zug/n9D5WKpLzAwiLs3JbXVvfbpbJKUJEI2GpPh4msokFR+NmXwT2HhA4pFpzoOQxS2SFT6Jx2AQs8fVNGazEP+PrOXw+L8MM0Z3NDP5gqFwasgu6kopCK+2hOObZq9GBEXcb2OJmg/xVWHL+IAJTf5afVAIEuu6k//I/W8VVn2VlfTnwDLPrxbr3ILHILaMZbuZR9nY8zQ1TL+4vvji9RLQ3E3fTSeqvhu8+dvCRg2oG8nPSLD5BRrmiV8jHh3fT410RKzXmWJTgN9mNADSePsOH760KsfB25U+4xUBvqYuab08/NvYkrSrn87SpZ2rS3IebKSyLjyK6rqhzHLzR9iNBlC/YCdyYxVBN7WHPevZBCxEr9uPSxt557n8JY8qpDTPncr7y5yeNnPs9gHCLbgoaFL9TKAHux40sdQRA6LwhD5MraKwxrNHqjch8hP8gqiWo5klwYnrA+NMTXhjCh/zn3YG6V6JCEv2HFvkwoJ1A== + NEXTCLOUD_PASSWORD: AgC1Qd25JG72huqwQQquQ+J3pzdRwdKA5SmJr2apSCwSp/CDgj3J+du7HdcOv0e72xbf87cKyfG3bKJibYhsLvem4bg3fd6nMd9JghC38gAC+QEQ+eXb1sFcAuMk8pfHC0RKuZYhvi1o3TO7KOPID3uAPD3zscM0AczSREzqHSn1nei7jSQ0+fT9ZmmHC+nO1iWJdahlgWNVYCqrd5lO3zJjVpRjDH3nnz7zAyle7lEx6CWJDkLPS6sDaRYw2wepqRcYZ4rbC+91Nh5qr9Fphnf3S38VZDkkfiYLZY6o9Baqz2I8Wj2XCz1oIV7Ui6hkc5zVVDLmQGqZSED9zMV0YznCU7c5HNglYCrWUWiEu+kBetGPeiUQjx444PWoQYxTOgBoBAQD4EM8QeK5O+pjBfhrOrTLO3S2nmf3bSJVp5VA6JE8FfG0zuPQOJU4cbLdZ7HKyLaHsTvrKxz4KI6jo9Ic4bN7jC0pLNWFloSOFTfd4qwl7Sd5TK8Yf9lNFDLJFIErN4j4D9OOh1SMp5jA3/2KJsYu0yOtbNdNOetvoWSot0FCTsA7IdXL0fLLfo9LvAUlsRKehyow+cRg7c/MrRz34WZCMBDiDu4vXJp8L+8kA7yepUfdvrt/VqpblZisqspdJWPkUxfuMWIzT/bu6bd0nkWaxZjM46n9KMgkD9SMDqIdUlZaKQKrXLJWojMMtpaad9GmOREig6T+7A== + PIHOLE_PASSWORD: AgAeo1207dqEPIRKom8exZkq3gZfN4//avKzparh7fZ1SrvmzuU/cnPwvhMJrUnjziuq6mssFmMppUHLDqdNL/jkHHBfwyacI5ZWJJ0YL9/oMKhs5ujlsOOlgJcUBm6FZZ2YOX47uuBrF+OPYNzDSyVALJiRAdKGnRNEc1HiQ4LBHjuGqVvEeFmv4XXpyF6D/67lFRm3TSt8gTWtddSBlVDLZxAv/IunTpsgC+q1n7EiYCFTwqbhN09MnT9bVy5UVQ4cGiGIpZyZoJA/+7I1HkRxzOi14ZcEy12qcEhQUdaMkBxjUN8aUjm5tiwl47H+6ChPzakK2IWF1FVJseGTTthXKjXZwIRwy5h4ujEQ9kyPpeUTIz6T9xk9npFU4BmKpdtSdq39NyWtiuO/kJRbd38iNWdjQkcr50Ycc0HYbH2EuzmUJvK92RnsiFDkT+UppI/rAu3Uvl8OFdfnZp59gOEEuIdQmNDhP31KfCWp8A8Wqt/lX4AKwaQdXzv5jTZQMm0hhQttt0QuEnS12/hwJoC4O6Cu3gCAjlAxAUVrTye//8Lf7pd+/ZxxB1gLtWDMy45AXQOQvm/g0t5OLhb/3Ib9uH4im6dPlSo8EqX6UGcDcCbROxNOytZkpgaslsEpSese8q8lgbEE7j8UIkOof+UbsikzPslyLqdtO7GVINWkQw3SpdUlu5dybqlXk0cgQusCZ72BRjut23l3vQ== + PROWLARR_API_KEY: AgB6vNTTovXWjFCFxtZinPT2iEcesapI9iHEXVAmvYjzz+14BDNHisskMkToVg4wa1gLrF1bSWjKvYSI6Sb5LWlu8qyjjjvcpzQtFTL4VseXaDtm/hkgz/w0RwDwmkASphgJ4tMEW3noCzENZCldNlAgnAUsy829CDRqgdfyHU9SnXYe/X+LyNql+JkswvK4YoEntk79E3hl4c9wUc6PnRUV3bfs51I8vkUlPkDxwg5xKTl5eWk2ZcrJv9NXaO+C808RKjNlQAdN5Nx3j/PWgrSA40j+YW90WYjds32Gqtxo7Jh1KSevjQaLul2C4zcMcSJU+6XtYRNlKsgdfD8luDm22zW6fGIfS3TZV+TlXF8haJSmKQEle9dm0bCdbff/wAHcyudTesv314UnI4Ff5zGKfHRL6vvzsLa6WQ+W16qx18WzLXuLJV3AduzAXCAKPswcY6r/xGpse6KmTi9g10wf0zJ7v8Fj8QYXIcU594a1As4Cg8aVxCTHiZrKTdiBkV/HvHu+dFUi1J4tWDE93BKCFtDRFtpv67FZyQ1jd2CcI9t7lJGtfJqVoVcPCvEczLu9vNAiGyp6pQt0MEOP053ndHmhjL8kQz35dXQeV5qGT8yVBPXaP4m6ib5OV+zVhQEQuqlnd/hQ1IrD28Gh0yNw7mdwVxUTCUdFZYX6VuKkDm66QxQqyW1vAy2JKewTbjQW2vhlj3EPleIETi5fSVbKrOwioM7qlpAUxDkmr1FXbA== + PROXMOX_BACKUP_SERVER_PASSWORD: AgBtWazeVChipqazWVp5IDp3u2KY+4uGCjxjhydZ0thfptGhegppNEfaqqYFT2+F1bHYXDEZFQwuuVHLBRD5ArT89jib/xks92/pBR4SDVf5kfkGiUKAz1n8R8os+YIN3XfQ9nxCoePpmfCVkmJnz3iFYM47shNYc8r39YVBAsMYV7WH2au1xbIwj1sQ4E6azwCo6/Scl9Cb0z/voHlwGxo92KXcryHSQNjDQM4o6NlzniJ0MK0OpFMPy78JB7G/VpS0wQFC7J234Xjc1vqW0gSqjadoThTirVhBGqRGcIY95I4ogb8lNBErcwvBvUx7k11of1978v5R7DcYV8mD0ef40fxVE0UECARnAz7c+zoTvqqAUmjGw/znHbuKECEdLEFUd+ogu6zgH0euik0wmoBwvAwOmTSgvKdKogJQee7swOnYoI7ytQixZv42f9K7HSd7QrRKLZNNMSHkcQ5sSQIT+2KPCj9vpZWT7b0gD6w5HxEFc5FUQW9a4XuNw4TX4HSz1tTKJGhLha+7ulmknsDnmsQl7lrkCG+6B33EMsteoBUro/4AuLwwjgp27hoTG/RmW3hA26UaJkujXpSzurkclKrHfcpUP3RmrFYGYGv+eH2vx3hNkuZgfEslCuOu4H+i3zslNsbwy2x1MtqRQsjNQ+guKJTEVsYcN/QT9tR2PnHpJu1IdH8/ZALHYNYaKHxXAzgPwyioeBFtQz/8pT9E+TMKZjam+3nPoA+2EaWLEA3L3Gc= + PROXMOX_PASSWORD: AgDAyutvM9QB3MoZYUrEuqnG7HthwshmDaDA4hV2zyURkzk72u9LjpFwKicvFf4+2lVocDfYebqU9mWEVRjnNBHELaN1xSWXSd4jwOndlIrNMJVGeuhi/ohMIYN0MgRGw0FkvdpN2//akgmLdaP4ugZ3N8QV19qCYAi6QyjMJE8U1ASuJDdkAZddOgqmLwamEk2ss32gTj0cHsw4P7VTtKhBCTctoPZzC6hfuaOI8Gn2k0eRHgh+yLgZzXxzQDUUx2I8n3iEuTq8j0hTxZ0D0BZRnsLVRE7CTlT9eWMud6vHLCbqlTUwA8f54t7eB6eFbADHsBbreDImDyzLW76FYo9OtcVYZ+LEDRplh9LYQjlvStvHDRsG/H4GbkQNZRUkUUwiDbAVvNClxC3kk6WzsX/TvJErDDV+1fKxdEYLowlDR3/w/T1h59zjgOw3ZUU+CUZIqXsOwFNd5/JWxqwdHZaSJe17OxsNUFx9ARyLkFAm8tZvgyfiw5SzMUaPEZrQNcjwDnf960OhUKaeWHory99StqOfnbB5HqROltnlWZDdoxzKwzkdkSYrWv6OhUR5WvwDKW5I3biVMYflwXrFSvH0+q3DMB3hQ8ydx/JTUmjMB5vVntRBjiiofyUGkG5jjL3I2kcAPEJKCEsng3PPhaNzR8KqaAEdPixAArNPmL/KkZetNpUFR1EPppwSfh5BspP0cg5n05V2mv09XOT1J8J9Urt2mJ4fQON++LxfPHQcvNqFans= + QBITTORRENT_PASSWORD: AgCCcxImOsReceVf9/euw4xQZXwnJbT1ete2Vmcxbqk3859SMKDWi/KZzGsbsnI8fbljdmxxBIODf4VBOsNs8Jxv5ciQLJmZa6VNAxqNXOFWZ7urVb33dwwQqUyLFJ9UhdAXeWFPbz4vkK6Mr4x+kn6UBYyI20xos3AqDHCbdih4N1foy+aW874xZZ13kH7rxAiF537MkZZPc2VVQMMovphJuKTDXctPzjRHTsGZb3YmUnjbGCRkQGwJqxMr1CincgPyrI9EHFCnj8+xZpWd6CNgFgADNaNTquOtb6W4od6SVGw78/xUd/TNM3KRscH9wnU8nsrJumMslqGPSy2Btu6uFjAfDJo3DC5bh1ZB/kIlMz64r6fI8V5hogl6Iq8C4QBZA0jwyfeHVP9pZmityLDADvwFlnNUd1yfCskp6lfrDd3vobHslLeelIQBsYNDqd05AYwg4tOpvjtIt3jUOYGNo09Rx8DyzJ4fOS9oU6tX8Ut+bB0RKV+k3fKmQx8oYtR8gXxtApILzLRqReRTO0S9PNdCKPR7kA+QBdc78DDhgJECJCEPZMwtAWff6UnEzh48+PYfcf/R6aljw15LpyR2eQk/LYmaLk1Wupuyu/kWhQYakzjWfoEoKs+K8DyKkR8D2ihNlCJx8/hjNZ4QodBBeIQJ1D/Sc7xScpkY1B5bItXDGj6y89GjHH3pfvFcMpmi8eEVEVk7+9xL + RADARR_API_KEY: AgCYpnUSNjkjnAE54Z+2TmK4OtiukA5r2BAHUpD6C2d8lrduH1xw/WZ+omnB1qAGG4U/zDw/3PwqyumpTn7Iryq0ZmxVuS+2aaYKeK5LNVpV1I1eGTPrVnjdAZ+t8xdm13Qq/+uqu/yUbn7+yoqD5lfV63LEgqUQNWyZRFdAc2qbg87ETyElNv1NDqT3X06A7byANILETAzktOuWcB/zqPi4hsPpyeFrIESaOiuJMZUi2UIzbKbfoVzpW2ksSspm3Qga855HmnhKEiCQIEuUSMxUaECRwZbKrPjrmTcJGiUV+CQXNz6MKYT284TURtOs3Q9CpRAfLfgIXSDopi33bBl+6IczJYXqCnzQOe0X+2dAomfvC1F2suW5nabgfU2D4wGzjPJFXSys7t9q1wDCNvxvx1gG1euh/Uhb1/xhFstXA4ZKqK1wb/va1wt6ZfAbt2kXhqYv6bAEiU50XebNtxKw4o+DPPfoa58sfBkd3NgODCgHFxbExw1LVBBh5bcJzncHGeK+F2xSpZfERNWrbXdPdeDqRocyOT3N/GGaMWEBZmYYMpoGzlkbB26eYQRUsihXB91OfMSTfDJ+uVgbE7qZde9Oyt87q7Il3FT7F7GektHgcllmeOPTZa4JS2RyhEPU25+0jQlkWKmj6Cd+9qyLJ0+Xxkhs0wmutfWcDIvBKbgeq0ygIdzb+PffCm8mWxR1Nf0fnapX8oQ0q0SDfSUIWuy4o1D8fGvioowlTZmbmQ== + SABNZBD_API_KEY: AgAna64TkVRcAbxKt1lgnxVzpUHrdxey0qOIF3H4VEcX4o5fGPOBukuUaU4RPeM20fOaqAlllKIQKISUZbKEioPey5CY663SM5pTys1HhicMQUlfPNhUejzYgewJ85cWsHlsF5MdjNd+rMZnW6JGGbVoDfDnU1wmi5YEr5KzalSyWwxGUH641xhwHN+itG9n4+254RAX3Jq5ijWwyO3zmagDEEv3+MgVdChPmzMh580Ugdi8O3PNE9O6kalXslDcs6QnndNqXJVJfuClREu9QYXQSugSjkcD8hRS26pnIr6RMjZQW7n0aR5wSgfLCT2CIAB9AGzP9Pltn/98kBJgsgFTJpWnQvh9yNbIDMeF1C2MhAxKn1kQg6TPNGBRosI6mxuOXMqUmTAN6oMr5lTuciIOQQdL7s08pmNISZtCT9QT/kiIth/MBei3R2pJGRUDHJ3xFlMZjbXv125zKIoIkSf2bcvPI9HJG5QUbyEh9q5tEwpBHLqg+ftMxlCbBxBednCV4Rtg/nKTs8BP+KZhkBpqsDLJdFRmFRsedSndbpRKIEGvQCqBGdmu9817mZXOU/yjboLLDloWk4Yw142sGEzsq/YlQqmQer4QKdxc8j/gQICSiGFAGdDhnIVy7pnOsAKpIxNHWXb7wjGgU9yp/jTBolyLJ3TxDPDkM1d2ZNmTWHvKWBniTnJr1v44qoPwJ2Gx53iiN8WhDFCfY6TIAtLNVfApKT5vdUbYs/uq6/rnrg== + SONARR_API_KEY: AgA4+fLrXQkajYR1t0bSJ7g4C+EfnxmapbTFehIf5tFmqyxtLj5JeixrZ+Gfb5v4x0NGb9q68ahP+6VWhrjRCZsWMNQ71fuySk6069AG4P1JFyaNOCrTmSb+HGh6+L2FEd/IUK5QW8a0j7NiEfmhFuiippEYeLkv4XYtDDXs9z8qNIrJGzRBibVupRTkgvMmvt7z+BnzW7Y/rSr7yNth6n9APXzhhcPMOZCy2tmvGLMmdsfhRI/t9PmAmyfcgYWi4ntDYPZfqNTRsj70fEDn2rK1Ts6TyIX+GBcpQW9qn3WPpoNYfUcTwfsUQRwZOOub63eMt/wM6xVMY0AuSmRBMj8HKh+aXtMgqiu5PtPJlj/Pp4bdtiY380uYjHxh2The6LaWY0Nobr6VRL4lqrfWo9tNajGSBx9uQmHU8oa+l9ISXpuigMQ7HGtoKbZSkE+8AycB3d4Wd22GoEDZQnx4uhbaPpeN53OnsDTV0sTU7pHxdZEGmN52DFcl5aEcoogz8PzRpbZwNqD4vVecCua7wHE4mskuVAHElltD0TN9yCnX+mEcECNgKx+diwginwMgrj2DCAbUPZwOoEh5ITzZiqatOP/yk848sigvLo7S2h1Sc0geJH1O7ddw50pBvLx+4S6eS1DdUe/BIt9B4SkhfxJRMavrkVvsRJbaWfzOiKq39FkqShMgH62QewFl8w13XvujaVGdNqgpLasRJl5pb4ch3GHs2KpNM9fDKjfIkD22lQ== template: metadata: name: homepage-secrets From 46f673fb29232a3804775d9ecbfc2493bd581550 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 27 Nov 2025 16:15:52 +0530 Subject: [PATCH 112/154] enable qbittorrent --- .../default/arr-stack}/qbittorrent/qbittorrent-pvc.yml | 0 .../default/arr-stack}/qbittorrent/qbittorrent-svc.yml | 4 ++-- .../default/arr-stack}/qbittorrent/qbittorrent.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) rename {disabled => clusters/default/arr-stack}/qbittorrent/qbittorrent-pvc.yml (100%) rename {disabled => clusters/default/arr-stack}/qbittorrent/qbittorrent-svc.yml (87%) rename {disabled => clusters/default/arr-stack}/qbittorrent/qbittorrent.yml (96%) diff --git a/disabled/qbittorrent/qbittorrent-pvc.yml b/clusters/default/arr-stack/qbittorrent/qbittorrent-pvc.yml similarity index 100% rename from disabled/qbittorrent/qbittorrent-pvc.yml rename to clusters/default/arr-stack/qbittorrent/qbittorrent-pvc.yml diff --git a/disabled/qbittorrent/qbittorrent-svc.yml b/clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml similarity index 87% rename from disabled/qbittorrent/qbittorrent-svc.yml rename to clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml index 7dba739..c233395 100644 --- a/disabled/qbittorrent/qbittorrent-svc.yml +++ b/clusters/default/arr-stack/qbittorrent/qbittorrent-svc.yml @@ -12,5 +12,5 @@ spec: selector: app: qbittorrent ports: - - port: 8080 - targetPort: 8080 + - port: 7070 + targetPort: 7070 diff --git a/disabled/qbittorrent/qbittorrent.yml b/clusters/default/arr-stack/qbittorrent/qbittorrent.yml similarity index 96% rename from disabled/qbittorrent/qbittorrent.yml rename to clusters/default/arr-stack/qbittorrent/qbittorrent.yml index cda08ea..cb03da5 100644 --- a/disabled/qbittorrent/qbittorrent.yml +++ b/clusters/default/arr-stack/qbittorrent/qbittorrent.yml @@ -41,8 +41,6 @@ spec: containers: - name: qbittorrent image: linuxserver/qbittorrent:5.1.4 - ports: - - containerPort: 8080 env: - name: PUID value: "1000" @@ -50,6 +48,8 @@ spec: value: "1000" - name: TZ value: "Asia/Kolkata" + - name: WEBUI_PORT + value: "7070" volumeMounts: - name: downloads mountPath: /downloads From e7b48a8f1801fe0b09a783a0ed252d7805d3789e Mon Sep 17 00:00:00 2001 From: Flux <> Date: Thu, 27 Nov 2025 17:04:20 +0530 Subject: [PATCH 113/154] Add Flux v2.7.0 component manifests --- .../default/flux-system/gotk-components.yaml | 90 +++++++++---------- 1 file changed, 44 insertions(+), 46 deletions(-) diff --git a/clusters/default/flux-system/gotk-components.yaml b/clusters/default/flux-system/gotk-components.yaml index a44bc77..915ae88 100644 --- a/clusters/default/flux-system/gotk-components.yaml +++ b/clusters/default/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.7.4 +# Flux Version: v2.7.0 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: crd-controller-flux-system rules: - apiGroups: @@ -204,7 +204,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -212,7 +212,6 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io - - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -231,7 +230,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -240,7 +239,6 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io - - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -257,7 +255,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -277,7 +275,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -315,7 +313,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1086,7 +1084,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: externalartifacts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1282,7 +1280,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2236,7 +2234,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2962,7 +2960,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3593,7 +3591,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -4419,7 +4417,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: source-controller namespace: flux-system --- @@ -4430,7 +4428,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: source-controller namespace: flux-system @@ -4451,7 +4449,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: source-controller namespace: flux-system @@ -4472,11 +4470,11 @@ spec: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 spec: containers: - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -4495,7 +4493,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.7.4 + image: ghcr.io/fluxcd/source-controller:v1.7.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4559,7 +4557,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5929,7 +5927,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: kustomize-controller namespace: flux-system --- @@ -5940,7 +5938,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5959,11 +5957,11 @@ spec: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 spec: containers: - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5978,7 +5976,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.7.3 + image: ghcr.io/fluxcd/kustomize-controller:v1.7.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6035,7 +6033,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -8666,7 +8664,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: helm-controller namespace: flux-system --- @@ -8677,7 +8675,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: helm-controller namespace: flux-system @@ -8696,11 +8694,11 @@ spec: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 spec: containers: - args: - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ + - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -8715,7 +8713,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.4.4 + image: ghcr.io/fluxcd/helm-controller:v1.4.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8772,7 +8770,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9162,7 +9160,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9574,7 +9572,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -10051,7 +10049,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 name: notification-controller namespace: flux-system --- @@ -10062,7 +10060,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: notification-controller namespace: flux-system @@ -10083,7 +10081,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: webhook-receiver namespace: flux-system @@ -10104,7 +10102,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 control-plane: controller name: notification-controller namespace: flux-system @@ -10123,7 +10121,7 @@ spec: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.4 + app.kubernetes.io/version: v2.7.0 spec: containers: - args: @@ -10141,7 +10139,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.7.5 + image: ghcr.io/fluxcd/notification-controller:v1.7.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: From 7090fd445edb43153472e46a1547ef5e1919e402 Mon Sep 17 00:00:00 2001 From: Flux <> Date: Thu, 27 Nov 2025 17:04:37 +0530 Subject: [PATCH 114/154] Add Flux sync manifests --- clusters/default/flux-system/gotk-sync.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/flux-system/gotk-sync.yaml b/clusters/default/flux-system/gotk-sync.yaml index 9a01df6..67b8838 100644 --- a/clusters/default/flux-system/gotk-sync.yaml +++ b/clusters/default/flux-system/gotk-sync.yaml @@ -11,7 +11,7 @@ spec: branch: main secretRef: name: flux-system - url: ssh://git@gitea.akshun-lab.cc:222/aggarwalakshun/k3s + url: ssh://git@gitea.akshun-lab.cc/aggarwalakshun/k3s --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization From 5f52ace2959a6b63ea79e35693264745b6a36292 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 27 Nov 2025 17:06:11 +0530 Subject: [PATCH 115/154] change ssh port --- clusters/default/git-ops/gitea/gitea-svc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea/gitea-svc.yml b/clusters/default/git-ops/gitea/gitea-svc.yml index 1da6cfa..8173392 100644 --- a/clusters/default/git-ops/gitea/gitea-svc.yml +++ b/clusters/default/git-ops/gitea/gitea-svc.yml @@ -16,7 +16,7 @@ spec: targetPort: 3000 protocol: TCP name: http - - port: 222 + - port: 22 targetPort: 22 name: ssh From 2219b86f01c44bf5a35bb3eb18c0bd0bd9b7f776 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 28 Nov 2025 00:04:15 +0000 Subject: [PATCH 116/154] Update dependency fluxcd/flux2 to v2.7.5 --- .../default/flux-system/gotk-components.yaml | 90 ++++++++++--------- 1 file changed, 46 insertions(+), 44 deletions(-) diff --git a/clusters/default/flux-system/gotk-components.yaml b/clusters/default/flux-system/gotk-components.yaml index 915ae88..0c34642 100644 --- a/clusters/default/flux-system/gotk-components.yaml +++ b/clusters/default/flux-system/gotk-components.yaml @@ -1,6 +1,6 @@ --- # This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.7.0 +# Flux Version: v2.7.5 # Components: source-controller,kustomize-controller,helm-controller,notification-controller apiVersion: v1 kind: Namespace @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 pod-security.kubernetes.io/warn: restricted pod-security.kubernetes.io/warn-version: latest name: flux-system @@ -19,7 +19,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: allow-egress namespace: flux-system spec: @@ -39,7 +39,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: allow-scraping namespace: flux-system spec: @@ -59,7 +59,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: allow-webhooks namespace: flux-system spec: @@ -78,7 +78,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: critical-pods-flux-system namespace: flux-system spec: @@ -98,7 +98,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: crd-controller-flux-system rules: - apiGroups: @@ -204,7 +204,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: flux-edit-flux-system @@ -212,6 +212,7 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -230,7 +231,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -239,6 +240,7 @@ rules: - apiGroups: - notification.toolkit.fluxcd.io - source.toolkit.fluxcd.io + - source.extensions.fluxcd.io - helm.toolkit.fluxcd.io - image.toolkit.fluxcd.io - kustomize.toolkit.fluxcd.io @@ -255,7 +257,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: cluster-reconciler-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -275,7 +277,7 @@ metadata: labels: app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: crd-controller-flux-system roleRef: apiGroup: rbac.authorization.k8s.io @@ -313,7 +315,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1084,7 +1086,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: externalartifacts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -1280,7 +1282,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2234,7 +2236,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -2960,7 +2962,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -3591,7 +3593,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -4417,7 +4419,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: source-controller namespace: flux-system --- @@ -4428,7 +4430,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: source-controller namespace: flux-system @@ -4449,7 +4451,7 @@ metadata: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: source-controller namespace: flux-system @@ -4470,11 +4472,11 @@ spec: app.kubernetes.io/component: source-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -4493,7 +4495,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/source-controller:v1.7.0 + image: ghcr.io/fluxcd/source-controller:v1.7.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4557,7 +4559,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: kustomizations.kustomize.toolkit.fluxcd.io spec: group: kustomize.toolkit.fluxcd.io @@ -5927,7 +5929,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: kustomize-controller namespace: flux-system --- @@ -5938,7 +5940,7 @@ metadata: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: kustomize-controller namespace: flux-system @@ -5957,11 +5959,11 @@ spec: app.kubernetes.io/component: kustomize-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -5976,7 +5978,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/kustomize-controller:v1.7.0 + image: ghcr.io/fluxcd/kustomize-controller:v1.7.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6033,7 +6035,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -8664,7 +8666,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: helm-controller namespace: flux-system --- @@ -8675,7 +8677,7 @@ metadata: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: helm-controller namespace: flux-system @@ -8694,11 +8696,11 @@ spec: app.kubernetes.io/component: helm-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 spec: containers: - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local./ - --watch-all-namespaces=true - --log-level=info - --log-encoding=json @@ -8713,7 +8715,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/helm-controller:v1.4.0 + image: ghcr.io/fluxcd/helm-controller:v1.4.5 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8770,7 +8772,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: alerts.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9160,7 +9162,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: providers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -9572,7 +9574,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: receivers.notification.toolkit.fluxcd.io spec: group: notification.toolkit.fluxcd.io @@ -10049,7 +10051,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 name: notification-controller namespace: flux-system --- @@ -10060,7 +10062,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: notification-controller namespace: flux-system @@ -10081,7 +10083,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: webhook-receiver namespace: flux-system @@ -10102,7 +10104,7 @@ metadata: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 control-plane: controller name: notification-controller namespace: flux-system @@ -10121,7 +10123,7 @@ spec: app.kubernetes.io/component: notification-controller app.kubernetes.io/instance: flux-system app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.7.0 + app.kubernetes.io/version: v2.7.5 spec: containers: - args: @@ -10139,7 +10141,7 @@ spec: resourceFieldRef: containerName: manager resource: limits.memory - image: ghcr.io/fluxcd/notification-controller:v1.7.1 + image: ghcr.io/fluxcd/notification-controller:v1.7.5 imagePullPolicy: IfNotPresent livenessProbe: httpGet: From 8d4c271215fcb24d5081fba3c380ca3c447ddfc9 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 28 Nov 2025 05:59:28 +0530 Subject: [PATCH 117/154] delete old pihole config --- disabled/pihole/pihole-pvc.yml | 14 ---------- disabled/pihole/pihole-svc.yml | 16 ----------- disabled/pihole/pihole.yml | 49 ---------------------------------- 3 files changed, 79 deletions(-) delete mode 100644 disabled/pihole/pihole-pvc.yml delete mode 100644 disabled/pihole/pihole-svc.yml delete mode 100644 disabled/pihole/pihole.yml diff --git a/disabled/pihole/pihole-pvc.yml b/disabled/pihole/pihole-pvc.yml deleted file mode 100644 index b744f57..0000000 --- a/disabled/pihole/pihole-pvc.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pihole-longhorn - namespace: tools -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 1Gi - storageClassName: longhorn diff --git a/disabled/pihole/pihole-svc.yml b/disabled/pihole/pihole-svc.yml deleted file mode 100644 index c58b64a..0000000 --- a/disabled/pihole/pihole-svc.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: pihole-tcp-service - namespace: tools -spec: - type: LoadBalancer - loadBalancerIP: 192.168.1.229 - selector: - app: pihole - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: web diff --git a/disabled/pihole/pihole.yml b/disabled/pihole/pihole.yml deleted file mode 100644 index ac28c79..0000000 --- a/disabled/pihole/pihole.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pihole - namespace: tools -spec: - strategy: - type: Recreate - selector: - matchLabels: - app: pihole - template: - metadata: - labels: - app: pihole - spec: - hostNetwork: true - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - kube-02 - - kube-03 - - kube-04 - - kube-05 - containers: - - name: pihole - image: pihole/pihole@sha256:e28e239f55e648a9d32c8f065650acfe987ddebf1cd5f64f1c071e8716156ceb - securityContext: - capabilities: - add: - - NET_ADMIN - env: - - name: TZ - value: "Asia/Kolkata" - - name: FTLCONF_dns_listeningMode - value: "all" - volumeMounts: - - name: pihole-data - mountPath: /etc/pihole - volumes: - - name: pihole-data - persistentVolumeClaim: - claimName: pihole-longhorn From ecf14d6aad9f9f79b58566c8e6b248895e2b5c34 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Fri, 28 Nov 2025 05:59:51 +0530 Subject: [PATCH 118/154] add pihole with keepalived for backup --- clusters/default/tools/pihole/pihole-cm.yml | 18 +++++ clusters/default/tools/pihole/pihole-pvc.yml | 14 ++++ clusters/default/tools/pihole/pihole.yml | 81 ++++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 clusters/default/tools/pihole/pihole-cm.yml create mode 100644 clusters/default/tools/pihole/pihole-pvc.yml create mode 100644 clusters/default/tools/pihole/pihole.yml diff --git a/clusters/default/tools/pihole/pihole-cm.yml b/clusters/default/tools/pihole/pihole-cm.yml new file mode 100644 index 0000000..e862224 --- /dev/null +++ b/clusters/default/tools/pihole/pihole-cm.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: keepalived-config + namespace: tools +data: + keepalived.conf: | + vrrp_instance PIHOLE_VIP { + state BACKUP + interface eth0 + virtual_router_id 212 + priority 100 + advert_int 1 + + virtual_ipaddress { + 192.168.1.212/24 + } + } diff --git a/clusters/default/tools/pihole/pihole-pvc.yml b/clusters/default/tools/pihole/pihole-pvc.yml new file mode 100644 index 0000000..eb0dc16 --- /dev/null +++ b/clusters/default/tools/pihole/pihole-pvc.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pihole-longhorn + namespace: tools +spec: + accessModes: + - ReadWriteMany + volumeMode: Filesystem + resources: + requests: + storage: 1Gi + storageClassName: longhorn diff --git a/clusters/default/tools/pihole/pihole.yml b/clusters/default/tools/pihole/pihole.yml new file mode 100644 index 0000000..ab2e5c3 --- /dev/null +++ b/clusters/default/tools/pihole/pihole.yml @@ -0,0 +1,81 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: pihole-backup + namespace: tools +spec: + selector: + matchLabels: + app: pihole + template: + metadata: + labels: + app: pihole + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + + initContainers: + - name: init-keepalived + image: osixia/keepalived:2.0.20 + command: + - sh + - -c + - | + cp -r /container/service/keepalived/assets/* /etc/keepalived/ + cp /config/keepalived.conf /etc/keepalived/keepalived.conf + volumeMounts: + - name: keepalived-config + mountPath: /config + - name: keepalived-runtime + mountPath: /etc/keepalived + + containers: + - name: pihole + image: pihole/pihole:latest + securityContext: + capabilities: + add: ["NET_ADMIN"] + env: + - name: TZ + value: "Asia/Kolkata" + - name: FTLCONF_webserver_api_password + valueFrom: + secretKeyRef: + name: pihole-webpassword + key: password + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + - containerPort: 67 + protocol: UDP + - containerPort: 80 + protocol: TCP + volumeMounts: + - name: pihole-data + mountPath: /etc/pihole + + - name: keepalived + image: osixia/keepalived:2.0.20 + securityContext: + capabilities: + add: ["NET_ADMIN", "NET_BROADCAST", "NET_RAW"] + + volumeMounts: + - name: keepalived-runtime + mountPath: /container/service/keepalived/assets + + volumes: + - name: keepalived-config + configMap: + name: keepalived-config + + - name: keepalived-runtime + emptyDir: {} + + - name: pihole-data + persistentVolumeClaim: + claimName: pihole-longhorn From 182845f247f49d22f0d86ac187f711f45db8b764 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 29 Nov 2025 00:02:48 +0000 Subject: [PATCH 119/154] Update searxng/searxng Docker digest to 7f816e1 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 8c0aa9a..a74b498 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:fc076352d72154feb1d8c0eb42dd5570a3ebc9ca8c6b9c8318ce545a8dfd1ea4 + image: searxng/searxng@sha256:7f816e11561d5ef0c9425df04a7192c8b25cb5e9843099a77b58338e9c9a34cc ports: - containerPort: 8080 env: From 3f70e2e33706d2a279098410b370a69b77fad2f9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 29 Nov 2025 00:02:52 +0000 Subject: [PATCH 120/154] Update collabora/code Docker tag to v25.04.7.3.1 --- clusters/default/tools/nextcloud/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/nextcloud/collabora.yml b/clusters/default/tools/nextcloud/collabora.yml index 1a31d40..be50d65 100644 --- a/clusters/default/tools/nextcloud/collabora.yml +++ b/clusters/default/tools/nextcloud/collabora.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: collabora - image: collabora/code:25.04.7.2.1 + image: collabora/code:25.04.7.3.1 ports: - containerPort: 9980 env: From 34e987d6b9b3637db7b677bf1dc19d385b69c68a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 29 Nov 2025 00:03:02 +0000 Subject: [PATCH 121/154] Update Helm release prometheus to v27.47.0 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index b8bf8ce..758f062 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.46.0" + version: "27.47.0" sourceRef: kind: HelmRepository name: prometheus-community From e09d747dacf16080126e773e78c38141b1ce355e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 29 Nov 2025 00:03:43 +0000 Subject: [PATCH 122/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.10.2 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index eb5822b..8cabd66 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.9.0 + image: lscr.io/linuxserver/speedtest-tracker:1.10.2 ports: - containerPort: 80 env: From 421d3dc8f588e0c59ad92d988d525b8f1cc2e8bc Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 29 Nov 2025 00:03:50 +0000 Subject: [PATCH 123/154] Update rcourtman/pulse Docker tag to v4.34.0 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 111b72f..049c344 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:v4.33.1 + image: rcourtman/pulse:4.34.0 volumeMounts: - name: pulse-data mountPath: /data From caf4cae75bd7018375574a923a8bcbcc238b6aba Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 29 Nov 2025 00:03:56 +0000 Subject: [PATCH 124/154] Update renovate/renovate Docker tag to v42 --- .gitea/workflows/renovate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml index 59ee288..bc344ce 100644 --- a/.gitea/workflows/renovate.yml +++ b/.gitea/workflows/renovate.yml @@ -9,7 +9,7 @@ jobs: renovate: runs-on: ubuntu-latest container: - image: renovate/renovate:41.165.2 + image: renovate/renovate:42.26.11 steps: - name: Checkout repository From 99c7c904b0996e91b7652e6f2cfb37c6052a2c7c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 30 Nov 2025 00:02:43 +0000 Subject: [PATCH 125/154] Update searxng/searxng Docker digest to 0124d32 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index a74b498..2fb6a5e 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:7f816e11561d5ef0c9425df04a7192c8b25cb5e9843099a77b58338e9c9a34cc + image: searxng/searxng@sha256:0124d32d77e0c7360d0b85f5d91882d1837e6ceb243c82e190f5d7e9f1401334 ports: - containerPort: 8080 env: From 6aec534081ebc9662db63dc6632a1bafe26cbf88 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 30 Nov 2025 00:02:49 +0000 Subject: [PATCH 126/154] Update jasongdove/ersatztv Docker tag to v25.9.0 --- clusters/default/media/ersatztv/ersatztv.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/ersatztv/ersatztv.yml b/clusters/default/media/ersatztv/ersatztv.yml index 39b6ca3..1e4084b 100644 --- a/clusters/default/media/ersatztv/ersatztv.yml +++ b/clusters/default/media/ersatztv/ersatztv.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: ersatztv - image: jasongdove/ersatztv:v25.8.0 + image: jasongdove/ersatztv:v25.9.0 ports: - containerPort: 8409 volumeMounts: From dc2a80cdf5e16cacf203897c7162617229360e04 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 1 Dec 2025 00:03:00 +0000 Subject: [PATCH 127/154] Update lscr.io/linuxserver/speedtest-tracker Docker tag to v1.10.3 --- clusters/default/monitoring/speedtest/speedtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/speedtest/speedtest.yml b/clusters/default/monitoring/speedtest/speedtest.yml index 8cabd66..b96d9a4 100644 --- a/clusters/default/monitoring/speedtest/speedtest.yml +++ b/clusters/default/monitoring/speedtest/speedtest.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: speedtest - image: lscr.io/linuxserver/speedtest-tracker:1.10.2 + image: lscr.io/linuxserver/speedtest-tracker:1.10.3 ports: - containerPort: 80 env: From bb3764a784cd0eb4c269db9e0b46f84a56c89506 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 1 Dec 2025 00:03:07 +0000 Subject: [PATCH 128/154] Update rcourtman/pulse Docker tag to v4.34.1 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index 049c344..fe771ce 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:4.34.0 + image: rcourtman/pulse:v4.34.1 volumeMounts: - name: pulse-data mountPath: /data From 08dd0dbbff99b1148b68e6c603cc3e16cc6bd0ae Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 1 Dec 2025 00:03:13 +0000 Subject: [PATCH 129/154] Update Helm release prometheus to v27.48.0 --- clusters/default/helm/prometheus/prometheus-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/helm/prometheus/prometheus-release.yml b/clusters/default/helm/prometheus/prometheus-release.yml index 758f062..378d3e4 100644 --- a/clusters/default/helm/prometheus/prometheus-release.yml +++ b/clusters/default/helm/prometheus/prometheus-release.yml @@ -9,7 +9,7 @@ spec: chart: spec: chart: prometheus - version: "27.47.0" + version: "27.48.0" sourceRef: kind: HelmRepository name: prometheus-community From 7ea6643549d7c933d3c19d1c3f31b578ad3f4e27 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 1 Dec 2025 06:28:09 +0000 Subject: [PATCH 130/154] Update jellyfin/jellyfin Docker tag to v10.11.4 --- clusters/default/media/jellyfin/jellyfin.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/media/jellyfin/jellyfin.yml b/clusters/default/media/jellyfin/jellyfin.yml index 61084a3..1058724 100644 --- a/clusters/default/media/jellyfin/jellyfin.yml +++ b/clusters/default/media/jellyfin/jellyfin.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: jellyfin - image: jellyfin/jellyfin:10.11.3 + image: jellyfin/jellyfin:10.11.4 ports: - containerPort: 8096 volumeMounts: From 9d715e1ca4cb9852cfa0b090b40bea20e6f94090 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Mon, 1 Dec 2025 18:49:31 +0530 Subject: [PATCH 131/154] add nodeAffinity and make k3s pihole master --- clusters/default/tools/pihole/pihole-cm.yml | 4 ++-- clusters/default/tools/pihole/pihole.yml | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/clusters/default/tools/pihole/pihole-cm.yml b/clusters/default/tools/pihole/pihole-cm.yml index e862224..7fe7b01 100644 --- a/clusters/default/tools/pihole/pihole-cm.yml +++ b/clusters/default/tools/pihole/pihole-cm.yml @@ -6,10 +6,10 @@ metadata: data: keepalived.conf: | vrrp_instance PIHOLE_VIP { - state BACKUP + state MASTER interface eth0 virtual_router_id 212 - priority 100 + priority 50 advert_int 1 virtual_ipaddress { diff --git a/clusters/default/tools/pihole/pihole.yml b/clusters/default/tools/pihole/pihole.yml index ab2e5c3..713efd4 100644 --- a/clusters/default/tools/pihole/pihole.yml +++ b/clusters/default/tools/pihole/pihole.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: pihole-backup + name: pihole namespace: tools spec: selector: @@ -14,7 +14,18 @@ spec: app: pihole spec: hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet + + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - kube-02 + - kube-03 + - kube-04 + - kube-05 initContainers: - name: init-keepalived From d8f590a1990274ee477c1e517d5f9f41191a4694 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Mon, 1 Dec 2025 19:01:01 +0530 Subject: [PATCH 132/154] correction --- clusters/default/tools/pihole/pihole.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/clusters/default/tools/pihole/pihole.yml b/clusters/default/tools/pihole/pihole.yml index 713efd4..90bd439 100644 --- a/clusters/default/tools/pihole/pihole.yml +++ b/clusters/default/tools/pihole/pihole.yml @@ -15,18 +15,16 @@ spec: spec: hostNetwork: true - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname - operator: In + operator: NotIn values: - - kube-02 - - kube-03 - - kube-04 - - kube-05 - + - "kube-01" + initContainers: - name: init-keepalived image: osixia/keepalived:2.0.20 From 52f74aff187a2b0e40a8036c45ccf1df6ce7ba7d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 2 Dec 2025 00:02:59 +0000 Subject: [PATCH 133/154] Update searxng/searxng Docker digest to faa7118 --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 2fb6a5e..2f7a820 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:0124d32d77e0c7360d0b85f5d91882d1837e6ceb243c82e190f5d7e9f1401334 + image: searxng/searxng@sha256:faa7118f9167c2c1e09a3fbb9bd87eee0905d76456d297e62e815646afc97037 ports: - containerPort: 8080 env: From 1e9c52c1fbf6cfa7d77222094c55369b63ec5c2a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 2 Dec 2025 00:03:02 +0000 Subject: [PATCH 134/154] Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.20.1 --- clusters/default/tools/paperless-ngx/paperless-ngx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml index d1904c5..3543111 100644 --- a/clusters/default/tools/paperless-ngx/paperless-ngx.yml +++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml @@ -27,7 +27,7 @@ spec: subPath: redis containers: - name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:2.20.0 + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.1 ports: - containerPort: 8000 env: From af988af0fe069cd09826abc6f88a24943cc048f1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 2 Dec 2025 00:03:12 +0000 Subject: [PATCH 135/154] Update lscr.io/linuxserver/code-server Docker tag to v4.106.3 --- clusters/default/tools/code-server/code-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/code-server/code-server.yml b/clusters/default/tools/code-server/code-server.yml index 9392b3d..b71727b 100644 --- a/clusters/default/tools/code-server/code-server.yml +++ b/clusters/default/tools/code-server/code-server.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: code-server - image: lscr.io/linuxserver/code-server:4.106.2 + image: lscr.io/linuxserver/code-server:4.106.3 ports: - containerPort: 8443 env: From 97f2006c849375960257ad065a134dff2bffa236 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 2 Dec 2025 00:03:24 +0000 Subject: [PATCH 136/154] Update rcourtman/pulse Docker tag to v4.35.0 --- clusters/default/monitoring/pulse/pulse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/monitoring/pulse/pulse.yml b/clusters/default/monitoring/pulse/pulse.yml index fe771ce..a87cc46 100644 --- a/clusters/default/monitoring/pulse/pulse.yml +++ b/clusters/default/monitoring/pulse/pulse.yml @@ -17,7 +17,7 @@ spec: spec: containers: - name: pulse - image: rcourtman/pulse:v4.34.1 + image: rcourtman/pulse:4.35.0 volumeMounts: - name: pulse-data mountPath: /data From af81bd1588426d35e124123623bd5faa5e3cccee Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 3 Dec 2025 00:02:56 +0000 Subject: [PATCH 137/154] Update searxng/searxng Docker digest to 277cb4b --- clusters/default/tools/searxng/searxng.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/tools/searxng/searxng.yml b/clusters/default/tools/searxng/searxng.yml index 2f7a820..26a686d 100644 --- a/clusters/default/tools/searxng/searxng.yml +++ b/clusters/default/tools/searxng/searxng.yml @@ -18,7 +18,7 @@ spec: spec: containers: - name: searxng - image: searxng/searxng@sha256:faa7118f9167c2c1e09a3fbb9bd87eee0905d76456d297e62e815646afc97037 + image: searxng/searxng@sha256:277cb4b82fbdd69d88812089a5755860d379de907f09fb511443ff03d35191af ports: - containerPort: 8080 env: From b406a80e0414baf5721e40073f4ebdaf6e6a5a55 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 3 Dec 2025 00:02:59 +0000 Subject: [PATCH 138/154] Update docker Docker tag to v29.1.1 --- clusters/default/git-ops/gitea-act/gitea-act.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/default/git-ops/gitea-act/gitea-act.yml b/clusters/default/git-ops/gitea-act/gitea-act.yml index a0011f4..6162f70 100644 --- a/clusters/default/git-ops/gitea-act/gitea-act.yml +++ b/clusters/default/git-ops/gitea-act/gitea-act.yml @@ -67,7 +67,7 @@ spec: - name: runner-data mountPath: /data - name: daemon - image: docker:29.0.4-dind + image: docker:29.1.1-dind env: - name: DOCKER_TLS_CERTDIR value: /certs From cbda7f9a797c8308db6b6b6f5998e26118cd2276 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 12:05:05 +0530 Subject: [PATCH 139/154] add kubeconform action --- .gitea/workflows/kubeconform.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .gitea/workflows/kubeconform.yml diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml new file mode 100644 index 0000000..3dc16c1 --- /dev/null +++ b/.gitea/workflows/kubeconform.yml @@ -0,0 +1,18 @@ +name: Validate Kubernetes Manifests + +on: + pull_request: + branches: [ main] + +jobs: + kubeconform: + runs-on: ubuntu-latest + container: + image: ghcr.io/yannh/kubeconform:latest + steps: + - name: Checkout code + run: | + git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt + - name: Validate Manifests + run: | + /kubeconform -verbose -summary -schema-location default -kinds '*' /mnt/**/*.yml From fec651cc0aebbf1c038351b52639b99f08b5e572 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 12:11:35 +0530 Subject: [PATCH 140/154] update kubeconform workflow to use Arch Linux container and install kubeconform --- .gitea/workflows/kubeconform.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 3dc16c1..1f0c34f 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -8,11 +8,14 @@ jobs: kubeconform: runs-on: ubuntu-latest container: - image: ghcr.io/yannh/kubeconform:latest + image: docker.io/archlinux/archlinux:latest steps: + - name: Setup environment + run: | + pacman -Syu --noconfirm kubeconform git - name: Checkout code run: | git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt - name: Validate Manifests run: | - /kubeconform -verbose -summary -schema-location default -kinds '*' /mnt/**/*.yml + kubeconform -verbose -summary -schema-location default -kinds '*' /mnt/**/*.yml From 6700fd5efca8e47c7f880e696d4136da88ac6036 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 12:17:07 +0530 Subject: [PATCH 141/154] remove -kinds --- .gitea/workflows/kubeconform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 1f0c34f..027450e 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -18,4 +18,4 @@ jobs: git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt - name: Validate Manifests run: | - kubeconform -verbose -summary -schema-location default -kinds '*' /mnt/**/*.yml + kubeconform -verbose -summary -schema-location default /mnt/**/*.yml From 8cf09a25a3acda7e1ab1146e9eb825f898c372da Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 12:22:47 +0530 Subject: [PATCH 142/154] update kubeconform workflow to install findutils and improve manifest validation command --- .gitea/workflows/kubeconform.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 027450e..feec6b6 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -12,10 +12,10 @@ jobs: steps: - name: Setup environment run: | - pacman -Syu --noconfirm kubeconform git + pacman -Syu --noconfirm kubeconform git findutils - name: Checkout code run: | git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt - name: Validate Manifests run: | - kubeconform -verbose -summary -schema-location default /mnt/**/*.yml + find /mnt -type f \( -iname "*.yml" -o -iname "*.yaml" \) -print0 | xargs -0 --no-run-if-empty kubeconform -verbose -summary -schema-location default From 4b10b0cda6715f028edf8bbafb2f9a001dcc0b02 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 12:31:09 +0530 Subject: [PATCH 143/154] remove '*.yaml' and add schemas --- .gitea/workflows/kubeconform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index feec6b6..0f34633 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -18,4 +18,4 @@ jobs: git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt - name: Validate Manifests run: | - find /mnt -type f \( -iname "*.yml" -o -iname "*.yaml" \) -print0 | xargs -0 --no-run-if-empty kubeconform -verbose -summary -schema-location default + find /mnt -type f \( -iname "*.yml" \) -print0 | xargs -0 --no-run-if-empty kubeconform -verbose -summary -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json' -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json' From dad9ac0a27719a988d2d5d04076d7b9220098b54 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 12:46:53 +0530 Subject: [PATCH 144/154] add more schemas --- .gitea/workflows/kubeconform.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 0f34633..bf441b2 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -18,4 +18,11 @@ jobs: git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt - name: Validate Manifests run: | - find /mnt -type f \( -iname "*.yml" \) -print0 | xargs -0 --no-run-if-empty kubeconform -verbose -summary -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json' -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json' + find /mnt -type f \( -iname "*.yml" \) -print0 \ + | xargs -0 --no-run-if-empty kubeconform -verbose -summary \ + -schema-location default \ + -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json' \ + -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json' + -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json' \ + -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json' \ + -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json' From 6ab97bba0cfbf9c568f7f7c61addc40f5650d7ee Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 12:47:21 +0530 Subject: [PATCH 145/154] update system-upgrade-plan to use yaml instead of yml --- .../{system-upgrade-plan.yml => system-upgrade-plan.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename clusters/default/system-upgrade/{system-upgrade-plan.yml => system-upgrade-plan.yaml} (100%) diff --git a/clusters/default/system-upgrade/system-upgrade-plan.yml b/clusters/default/system-upgrade/system-upgrade-plan.yaml similarity index 100% rename from clusters/default/system-upgrade/system-upgrade-plan.yml rename to clusters/default/system-upgrade/system-upgrade-plan.yaml From f3996fc6325e252143106f7b255f4363f515647c Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 12:59:11 +0530 Subject: [PATCH 146/154] exclude actions folder and add missing \ --- .gitea/workflows/kubeconform.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index bf441b2..a8374d3 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -18,11 +18,14 @@ jobs: git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt - name: Validate Manifests run: | - find /mnt -type f \( -iname "*.yml" \) -print0 \ - | xargs -0 --no-run-if-empty kubeconform -verbose -summary \ + find /mnt -type f \( -name "*.yml" -o -name "*.yaml" \) \ + -not -path "*/.gitea/*" \ + -print0 | xargs -0 --no-run-if-empty kubeconform \ + -verbose \ + -summary \ -schema-location default \ -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json' + -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json' \ -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json' \ -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json' \ -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json' From bb6b1680ec245da71b003db1291d256868458843 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 13:01:24 +0530 Subject: [PATCH 147/154] exclude .yaml files --- .gitea/workflows/kubeconform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index a8374d3..3e760a7 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -18,7 +18,7 @@ jobs: git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt - name: Validate Manifests run: | - find /mnt -type f \( -name "*.yml" -o -name "*.yaml" \) \ + find /mnt -type f \( -name "*.yml" \) \ -not -path "*/.gitea/*" \ -print0 | xargs -0 --no-run-if-empty kubeconform \ -verbose \ From c65fef70ff8da4f16ab103a123e1a842b27dc46a Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 13:07:22 +0530 Subject: [PATCH 148/154] refactor --- .gitea/workflows/kubeconform.yml | 76 ++++++++++++++++++++++++++------ 1 file changed, 62 insertions(+), 14 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 3e760a7..ee0cb9e 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -2,7 +2,7 @@ name: Validate Kubernetes Manifests on: pull_request: - branches: [ main] + branches: [main] jobs: kubeconform: @@ -12,20 +12,68 @@ jobs: steps: - name: Setup environment run: | - pacman -Syu --noconfirm kubeconform git findutils + pacman -Syu --noconfirm kubeconform git yq nodejs npm + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Create kubeconform configuration run: | - git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt + cat > /tmp/kubeconform-config.yaml << 'EOF' + schema_location: + - default + - "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json" + EOF + - name: Validate Manifests run: | - find /mnt -type f \( -name "*.yml" \) \ - -not -path "*/.gitea/*" \ - -print0 | xargs -0 --no-run-if-empty kubeconform \ - -verbose \ - -summary \ - -schema-location default \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json' \ - -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json' + # Create a cache directory for schemas + mkdir -p /tmp/kubeconform-cache + + # Validate manifests with proper schema resolution + find . -type f \( -name "*.yml" \) \ + -not -path "./.gitea/*" \ + -exec sh -c ' + for file do + echo "=== Validating: $file ===" + if yq -e "select(.kind == \"HelmRelease\")" "$file" >/dev/null 2>&1; then + echo "Found HelmRelease - using fluxcd schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json" \ + -output json \ + "$file" + elif yq -e "select(.kind == \"HelmRepository\")" "$file" >/dev/null 2>&1; then + echo "Found HelmRepository - using fluxcd schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json" \ + -output json \ + "$file" + elif yq -e "select(.kind == \"L2Advertisement\")" "$file" >/dev/null 2>&1; then + echo "Found L2Advertisement - using metallb schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json" \ + -output json \ + "$file" + elif yq -e "select(.kind == \"IPAddressPool\")" "$file" >/dev/null 2>&1; then + echo "Found IPAddressPool - using metallb schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json" \ + -output json \ + "$file" + elif yq -e "select(.kind == \"SealedSecret\")" "$file" >/dev/null 2>&1; then + echo "Found SealedSecret - using bitnami schema" + kubeconform \ + -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json" \ + -output json \ + "$file" + else + echo "Validating with default schemas" + kubeconform \ + -schema-location default \ + -output json \ + "$file" + fi + done + ' sh {} + From 60a0827608fb6c295048ccd555523b8af3c2a640 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 13:11:45 +0530 Subject: [PATCH 149/154] exclude system-upgrade --- .gitea/workflows/kubeconform.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index ee0cb9e..2225880 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -35,6 +35,7 @@ jobs: # Validate manifests with proper schema resolution find . -type f \( -name "*.yml" \) \ -not -path "./.gitea/*" \ + -not -path "./clusters/default/system-upgrade/*" \ -exec sh -c ' for file do echo "=== Validating: $file ===" From 9ccf1ae286cf3ba5a2fc55984bd0cc3355806986 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 13:22:23 +0530 Subject: [PATCH 150/154] ignore .gitea/workflows/ for renovate --- renovate.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 4ce48a5..fe210d7 100644 --- a/renovate.json +++ b/renovate.json @@ -5,7 +5,8 @@ ], "prHourlyLimit": 0, "ignorePaths": [ - "**/disabled/**" + "**/disabled/**", + "**/.gitea/workflows/**" ], "flux": { "managerFilePatterns": [ From 26d23292cfe9695338c1e4d38dd7a8823de16cd7 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 20:13:49 +0530 Subject: [PATCH 151/154] use ghcr.io/yannh/kubeconform:v0.7.0-alpine image --- .gitea/workflows/kubeconform.yml | 120 +++++++++++++++++-------------- 1 file changed, 65 insertions(+), 55 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 2225880..e1ef161 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -8,17 +8,21 @@ jobs: kubeconform: runs-on: ubuntu-latest container: - image: docker.io/archlinux/archlinux:latest + image: ghcr.io/yannh/kubeconform:v0.7.0-alpine steps: - - name: Setup environment - run: | - pacman -Syu --noconfirm kubeconform git yq nodejs npm - - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 + - name: Install dependencies + run: | + apk add --no-cache \ + yq \ + findutils \ + curl \ + jq + - name: Create kubeconform configuration run: | cat > /tmp/kubeconform-config.yaml << 'EOF' @@ -26,55 +30,61 @@ jobs: - default - "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json" EOF - + - name: Validate Manifests run: | - # Create a cache directory for schemas - mkdir -p /tmp/kubeconform-cache + # Define schema mappings + declare -A SCHEMA_MAP=( + ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json" + ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json" + ["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json" + ["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json" + ["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json" + ) - # Validate manifests with proper schema resolution - find . -type f \( -name "*.yml" \) \ - -not -path "./.gitea/*" \ - -not -path "./clusters/default/system-upgrade/*" \ - -exec sh -c ' - for file do - echo "=== Validating: $file ===" - if yq -e "select(.kind == \"HelmRelease\")" "$file" >/dev/null 2>&1; then - echo "Found HelmRelease - using fluxcd schema" - kubeconform \ - -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json" \ - -output json \ - "$file" - elif yq -e "select(.kind == \"HelmRepository\")" "$file" >/dev/null 2>&1; then - echo "Found HelmRepository - using fluxcd schema" - kubeconform \ - -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json" \ - -output json \ - "$file" - elif yq -e "select(.kind == \"L2Advertisement\")" "$file" >/dev/null 2>&1; then - echo "Found L2Advertisement - using metallb schema" - kubeconform \ - -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json" \ - -output json \ - "$file" - elif yq -e "select(.kind == \"IPAddressPool\")" "$file" >/dev/null 2>&1; then - echo "Found IPAddressPool - using metallb schema" - kubeconform \ - -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json" \ - -output json \ - "$file" - elif yq -e "select(.kind == \"SealedSecret\")" "$file" >/dev/null 2>&1; then - echo "Found SealedSecret - using bitnami schema" - kubeconform \ - -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json" \ - -output json \ - "$file" - else - echo "Validating with default schemas" - kubeconform \ - -schema-location default \ - -output json \ - "$file" - fi - done - ' sh {} + + # Create cache directory + export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache" + mkdir -p "$KUBECONFORM_CACHE_DIR" + + # Exit code tracking + EXIT_CODE=0 + + # Process all YAML files + while IFS= read -r file; do + echo "=== Validating: $file ===" + + # Skip excluded paths + if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then + echo "Skipping excluded file" + continue + fi + + # Detect resource kind + KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "") + + if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then + echo "Found $KIND - using custom schema" + SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" + + if ! kubeconform \ + -schema-location "$SCHEMA_URL" \ + -cache "$KUBECONFORM_CACHE_DIR" \ + -output json \ + "$file"; then + EXIT_CODE=1 + fi + else + echo "Validating with default schemas" + if ! kubeconform \ + -schema-location default \ + -cache "$KUBECONFORM_CACHE_DIR" \ + -output json \ + "$file"; then + EXIT_CODE=1 + fi + fi + + echo "" + done < <(find . -type f \( -name "*.yml" \) -print) + + exit $EXIT_CODE From df575e0fa2abfd0d612dae8bbc6c4426daa3d79b Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 20:15:46 +0530 Subject: [PATCH 152/154] add nodejs and npm deps --- .gitea/workflows/kubeconform.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index e1ef161..82cd0b9 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -10,10 +10,6 @@ jobs: container: image: ghcr.io/yannh/kubeconform:v0.7.0-alpine steps: - - name: Checkout code - uses: actions/checkout@v6 - with: - fetch-depth: 0 - name: Install dependencies run: | @@ -21,7 +17,14 @@ jobs: yq \ findutils \ curl \ - jq + jq \ + npm \ + nodejs + + - name: Checkout code + uses: actions/checkout@v6 + with: + fetch-depth: 0 - name: Create kubeconform configuration run: | From 47ddd8e4b403e45aa1827e65349a2ea015cd4754 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 20:20:09 +0530 Subject: [PATCH 153/154] add bash as dep --- .gitea/workflows/kubeconform.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index 82cd0b9..beda49c 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -19,7 +19,8 @@ jobs: curl \ jq \ npm \ - nodejs + nodejs \ + bash - name: Checkout code uses: actions/checkout@v6 @@ -35,6 +36,7 @@ jobs: EOF - name: Validate Manifests + shell: bash run: | # Define schema mappings declare -A SCHEMA_MAP=( From 882d9f78fb4104bd5f4463dced69aedb80d9dba8 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 3 Dec 2025 20:22:07 +0530 Subject: [PATCH 154/154] use absolute path for kubeconform --- .gitea/workflows/kubeconform.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index beda49c..c023e1d 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -71,7 +71,7 @@ jobs: echo "Found $KIND - using custom schema" SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" - if ! kubeconform \ + if ! /kubeconform \ -schema-location "$SCHEMA_URL" \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \ @@ -80,7 +80,7 @@ jobs: fi else echo "Validating with default schemas" - if ! kubeconform \ + if ! /kubeconform \ -schema-location default \ -cache "$KUBECONFORM_CACHE_DIR" \ -output json \