Update renovate/renovate Docker tag to v41.28.2

2025-07-10 00:01:29 +00:00
32 changed files with 89 additions and 13387 deletions
--- a/cluster/apps/ghostfolio/ghostfolio.yml
+++ b/cluster/apps/ghostfolio/ghostfolio.yml
@@ -76,7 +76,7 @@ spec:
              key: postgres-password
      containers:
      - name: ghostfolio
-        image: docker.io/ghostfolio/ghostfolio:2.180.0
+        image: docker.io/ghostfolio/ghostfolio:2.178.0
        securityContext:
          capabilities:
            drop:
--- a/cluster/apps/renovate/renovate-job.yml
+++ b/cluster/apps/renovate/renovate-job.yml
@@ -7,15 +7,13 @@ metadata:
 spec:
  schedule: '@daily'
  concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 0
-  failedJobsHistoryLimit: 0
  jobTemplate:
    spec:
      template:
        spec:
          hostNetwork: true
          containers:
-            - image: renovate/renovate:41.30.3
+            - image: renovate/renovate:41.28.2
              name: renovate-bot
              env:
                - name: RENOVATE_TOKEN
--- a/cluster/apps/semaphore/semaphore-configmap.yml
+++ b/cluster/apps/semaphore/semaphore-configmap.yml
@@ -15,3 +15,4 @@ data:
  SEMAPHORE_ADMIN_EMAIL: "aggarwalakshun@gmail.com"
  SEMAPHORE_ADMIN: "admin"
  SEMAPHORE_LDAP_ACTIVATED: "'no'"
+  SEMAPHORE_SSH_PATH: /home/semaphore/.ssh/config
--- a/cluster/apps/semaphore/semaphore.yml
+++ b/cluster/apps/semaphore/semaphore.yml
@@ -60,6 +60,10 @@ spec:
            secretKeyRef:
              name: semaphore-secrets
              key: key
+        volumeMounts:
+        - name: db
+          mountPath: /home/semaphore/.ssh/
+          subPath: ssh
      volumes:
      - name: db
        persistentVolumeClaim:
--- a/cluster/config/namespaces/namespaces.yml
+++ b/cluster/config/namespaces/namespaces.yml
@@ -6,6 +6,14 @@ metadata:
  labels:
    name: gpu-operator

+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: cattle-system
+  labels:
+    name: cattle-system
+
 ---
 kind: Namespace
 apiVersion: v1
--- a/cluster/flux-system/gotk-components.yaml
+++ b/cluster/flux-system/gotk-components.yaml
--- a/cluster/flux-system/gotk-sync.yaml
+++ b/cluster/flux-system/gotk-sync.yaml
@@ -1,27 +0,0 @@
-# This manifest was generated by flux. DO NOT EDIT.
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: flux-system
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  ref:
-    branch: main
-  secretRef:
-    name: flux-system
-  url: ssh://git@gitea.akshun-lab.uk:222/akshun/public-k3s
---
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: flux-system
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  path: ./cluster
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
--- a/cluster/flux-system/kustomization.yaml
+++ b/cluster/flux-system/kustomization.yaml
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- gotk-components.yaml
- gotk-sync.yaml
--- a/cluster/helm/cert-manager/cert-manager-release.yml
+++ b/cluster/helm/cert-manager/cert-manager-release.yml
@@ -1,27 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cert-manager
-  namespace: cert-manager
-spec:
-  interval: 24h
-  chart:
-    spec:
-      chart: cert-manager
-      version: "v1.18.2"
-      sourceRef:
-        kind: HelmRepository
-        name: jetstack
-        namespace: flux-system
-      interval: 24h
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    remediation:
-      retries: 3
-  values:
-    crds:
-      enabled: true
-      keep: true
--- a/cluster/helm/cert-manager/cert-manager-repo.yml
+++ b/cluster/helm/cert-manager/cert-manager-repo.yml
@@ -1,9 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: jetstack
-  namespace: flux-system
-spec:
-  interval: 24h
-  url: https://charts.jetstack.io
--- a/cluster/helm/cert-manager/values.yml
+++ b/cluster/helm/cert-manager/values.yml
@@ -0,0 +1,5 @@
+# https://charts.jetstack.io
+
+crds:
+  enabled: true
+  keep: true
--- a/cluster/helm/csi-driver-smb/csi-driver-smb-release.yml
+++ b/cluster/helm/csi-driver-smb/csi-driver-smb-release.yml
@@ -1,22 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: csi-driver-smb
-  namespace: kube-system
-spec:
-  interval: 24h
-  chart:
-    spec:
-      chart: csi-driver-smb
-      version: "1.18.0"
-      sourceRef:
-        kind: HelmRepository
-        name: csi-driver-smb
-        namespace: flux-system
-      interval: 24h
-  install:
-    createNamespace: true
-  upgrade:
-    remediation:
-      remediateLastFailure: true
--- a/cluster/helm/csi-driver-smb/csi-driver-smb-repo.yml
+++ b/cluster/helm/csi-driver-smb/csi-driver-smb-repo.yml
@@ -1,9 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: csi-driver-smb
-  namespace: flux-system
-spec:
-  interval: 24h
-  url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
--- a/cluster/helm/csi-driver-smb/values.yml
+++ b/cluster/helm/csi-driver-smb/values.yml
@@ -0,0 +1 @@
+# https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
--- a/cluster/helm/gpu-operator/gpu-operator-release.yml
+++ b/cluster/helm/gpu-operator/gpu-operator-release.yml
@@ -1,31 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: gpu-operator
-  namespace: gpu-operator
-spec:
-  interval: 24h
-  chart:
-    spec:
-      chart: gpu-operator
-      version: "v25.3.1"
-      sourceRef:
-        kind: HelmRepository
-        name: nvidia
-        namespace: flux-system
-      interval: 24h
-  install:
-    createNamespace: true
-  upgrade:
-    remediation:
-      remediateLastFailure: true
-  values:
-    driver:
-      enabled: false
-    toolkit:
-      env:
-      - name: CONTAINERD_SOCKET
-        value: /run/k3s/containerd/containerd.sock
-      - name: CONTAINERD_CONFIG
-        value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml
--- a/cluster/helm/gpu-operator/gpu-operator-repo.yml
+++ b/cluster/helm/gpu-operator/gpu-operator-repo.yml
@@ -1,9 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: nvidia
-  namespace: flux-system
-spec:
-  interval: 24h
-  url: https://helm.ngc.nvidia.com/nvidia
--- a/cluster/helm/gpu-operator/values.yml
+++ b/cluster/helm/gpu-operator/values.yml
@@ -0,0 +1,9 @@
+# https://helm.ngc.nvidia.com/nvidia
+driver:
+  enabled: false
+toolkit:
+  env:
+  - name: CONTAINERD_SOCKET
+    value: /run/k3s/containerd/containerd.sock
+  - name: CONTAINERD_CONFIG
+    value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml
--- a/cluster/helm/longhorn/values.yml
+++ b/cluster/helm/longhorn/values.yml
@@ -0,0 +1,11 @@
+# https://charts.longhorn.io
+
+persistence:
+  defaultClass: true
+  reclaimPolicy: Retain
+ingress:
+  enabled: false
+service:
+  ui:
+    type: LoadBalancer
+    port: 85
--- a/cluster/helm/ollama/ollama-release.yml
+++ b/cluster/helm/ollama/ollama-release.yml
@@ -1,42 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: ollama
-  namespace: default
-spec:
-  interval: 24h
-  chart:
-    spec:
-      chart: ollama
-      version: "1.22.0"
-      sourceRef:
-        kind: HelmRepository
-        name: ollama
-        namespace: flux-system
-      interval: 24h
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    remediation:
-      retries: 3
-  values:
-    ollama:
-      gpu:
-        enabled: true
-        type: nvidia
-      models:
-        pull:
-          - gemma3:4b
-        run:
-          - gemma3:4b
-    nodeSelector:
-      type: immich
-    service:
-      type: LoadBalancer
-      port: 3210
-    runtimeClassName: nvidia
-    persistentVolume:
-      enabled: true
-      existingClaim: ollama-pvc
--- a/cluster/helm/ollama/ollama-repo.yml
+++ b/cluster/helm/ollama/ollama-repo.yml
@@ -1,9 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: ollama
-  namespace: flux-system
-spec:
-  interval: 24h
-  url: https://otwld.github.io/ollama-helm/
--- a/cluster/helm/ollama/values.yml
+++ b/cluster/helm/ollama/values.yml
@@ -0,0 +1,20 @@
+# https://otwld.github.io/ollama-helm/
+
+ollama:
+  gpu:
+    enabled: true
+    type: nvidia
+  models:
+    pull:
+      - gemma3:4b
+    run:
+      - gemma3:4b
+nodeSelector:
+  gpu: nvidia
+service:
+  type: LoadBalancer
+  port: 3210
+runtimeClassName: nvidia
+persistentVolume:
+  enabled: true
+  existingClaim: ollama-pvc
--- a/cluster/helm/sealed-secrets/sealed-secrets-release.yaml
+++ b/cluster/helm/sealed-secrets/sealed-secrets-release.yaml
@@ -1,28 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: sealed-secrets
-  namespace: flux-system
-spec:
-  chart:
-    spec:
-      chart: sealed-secrets
-      reconcileStrategy: ChartVersion
-      sourceRef:
-        kind: HelmRepository
-        name: sealed-secrets
-      version: '>=1.15.0-0'
-  install:
-    crds: Create
-  interval: 24h
-  releaseName: sealed-secrets
-  targetNamespace: flux-system
-  upgrade:
-    crds: CreateReplace
-  values:
-    service:
-      type: LoadBalancer
-      nodePort: 30081
-    networkPolicy:
-      enabled: true
--- a/cluster/helm/sealed-secrets/sealed-secrets-repo.yml
+++ b/cluster/helm/sealed-secrets/sealed-secrets-repo.yml
@@ -1,9 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: sealed-secrets
-  namespace: flux-system
-spec:
-  interval: 24h
-  url: https://bitnami-labs.github.io/sealed-secrets
--- a/cluster/helm/sealed-secrets/values.yml
+++ b/cluster/helm/sealed-secrets/values.yml
@@ -0,0 +1,7 @@
+# https://bitnami-labs.github.io/sealed-secrets
+
+service:
+  type: NodePort
+  nodePort: 30081
+networkPolicy:
+  enabled: true
--- a/disabled/helm/longhorn/longhorn-release.yml
+++ b/disabled/helm/longhorn/longhorn-release.yml
@@ -1,32 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: longhorn
-  namespace: longhorn-system
-spec:
-  interval: 24h
-  chart:
-    spec:
-      chart: longhorn
-      version: "1.9.0"
-      sourceRef:
-        kind: HelmRepository
-        name: longhorn
-        namespace: flux-system
-      interval: 24h
-  install:
-    createNamespace: true
-  upgrade:
-    remediation:
-      remediateLastFailure: true
-  values:
-    persistence:
-      defaultClass: true
-      reclaimPolicy: Retain
-    ingress:
-      enabled: false
-    service:
-      ui:
-        type: LoadBalancer
-        port: 85
--- a/disabled/helm/longhorn/longhorn-repo.yml
+++ b/disabled/helm/longhorn/longhorn-repo.yml
@@ -1,9 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: longhorn
-  namespace: flux-system
-spec:
-  interval: 24h
-  url: https://charts.longhorn.io
--- a/disabled/helm/portainer/portainer-release.yml
+++ b/disabled/helm/portainer/portainer-release.yml
@@ -1,33 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: portainer
-  namespace: default
-spec:
-  interval: 24h
-  chart:
-    spec:
-      chart: portainer
-      version: "1.0.69"
-      sourceRef:
-        kind: HelmRepository
-        name: portainer
-        namespace: flux-system
-      interval: 24h
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    remediation:
-      retries: 3
-  values:
-    service:
-      type: LoadBalancer
-      httpPort: 9000
-    persistence:
-      enabled: true
-      storageClass: longhorn-static
-      accessModes:
-        - ReadWriteMany
-      size: 500Mi
--- a/disabled/helm/portainer/portainer-repo.yml
+++ b/disabled/helm/portainer/portainer-repo.yml
@@ -1,9 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: portainer
-  namespace: flux-system
-spec:
-  interval: 24h
-  url: https://portainer.github.io/k8s/
--- a/disabled/helm/portainer/values.yml
+++ b/disabled/helm/portainer/values.yml
@@ -0,0 +1,11 @@
+# https://portainer.github.io/k8s/
+
+service:
+  type: LoadBalancer
+  httpPort: 9000
+persistence:
+  enabled: true
+  storageClass: longhorn-static
+  accessModes:
+    - ReadWriteMany
+  size: 500Mi
--- a/disabled/helm/rancher/rancher-release.yml
+++ b/disabled/helm/rancher/rancher-release.yml
@@ -1,32 +0,0 @@
---
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: rancher-stable
-  namespace: cattle-system
-spec:
-  interval: 24h
-  chart:
-    spec:
-      chart: rancher
-      version: "2.11.3"
-      sourceRef:
-        kind: HelmRepository
-        name: rancher-stable
-        namespace: flux-system
-      interval: 24h
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    remediation:
-      retries: 3
-  values:
-    hostname: rancher.akshun-lab.uk
-    service:
-      type: LoadBalancer
-  valuesFrom:
-  - kind: Secret
-    name: rancher-bootstrap-secret
-    valuesKey: bootstrapPassword
-    targetPath: bootstrapPassword
--- a/disabled/helm/rancher/rancher-repo.yml
+++ b/disabled/helm/rancher/rancher-repo.yml
@@ -1,9 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: rancher-stable
-  namespace: flux-system
-spec:
-  interval: 24h
-  url: https://releases.rancher.com/server-charts/latest
--- a/disabled/helm/rancher/values.yml
+++ b/disabled/helm/rancher/values.yml
@@ -0,0 +1,10 @@
+# https://releases.rancher.com/server-charts/latest
+
+hostname: rancher.akshun-lab.uk
+service:
+  type: LoadBalancer
+valuesFrom:
+  - kind: Secret
+    name: rancher-bootstrap-secret
+    valuesKey: bootstrapPassword
+    targetPath: bootstrapPassword
				`@@ -0,0 +1 @@`
				`# https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts`