feat(helm): update chart vpa to 4.7.1 #700
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
--- kubernetes/apps/observability/goldilocks/app Kustomization: flux-system/goldilocks HelmRelease: observability/vpa
+++ kubernetes/apps/observability/goldilocks/app Kustomization: flux-system/goldilocks HelmRelease: observability/vpa
@@ -14,13 +14,13 @@
chart: vpa
interval: 15m
sourceRef:
kind: HelmRepository
name: fairwinds
namespace: flux-system
- version: 4.6.0
+ version: 4.7.1
driftDetection:
ignore:
- paths:
- /spec/containers/resources/limits
target:
kind: Pod
@@ -42,12 +42,15 @@
enabled: true
enabled: false
annotations:
reloader.stakater.com/search: 'true'
recommender:
enabled: true
+ extraArgs:
+ prometheus-address: http://vmselect-victoria-metrics.observability.svc.cluster.local:8481/select/0/prometheus
+ storage: prometheus
image:
repository: registry.k8s.io/autoscaling/vpa-recommender
resources:
limits:
memory: 105Mi
requests:
--- kubernetes/apps/home/home-assistant/code Kustomization: flux-system/home-assistant-code HelmRelease: home/home-assistant-code
+++ kubernetes/apps/home/home-assistant/code Kustomization: flux-system/home-assistant-code HelmRelease: home/home-assistant-code
@@ -46,13 +46,13 @@
- '80'
- /config
env:
TZ: Europe/Simferopol
image:
repository: ghcr.io/coder/code-server
- tag: 4.95.2
+ tag: 4.93.1
resources:
requests:
cpu: 15m
memory: 105M
pod:
affinity:
--- kubernetes/apps/home/home-assistant/code Kustomization: flux-system/home-assistant-code ConfigMap: home/home-assistant-code-gatus-ep
+++ kubernetes/apps/home/home-assistant/code Kustomization: flux-system/home-assistant-code ConfigMap: home/home-assistant-code-gatus-ep
@@ -8,13 +8,13 @@
url: "https://hass-code...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/storage/harbor/init Kustomization: flux-system/harbor-init HelmRelease: storage/harbor-init-cronjob
+++ kubernetes/apps/storage/harbor/init Kustomization: flux-system/harbor-init HelmRelease: storage/harbor-init-cronjob
@@ -1,57 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: harbor-init
- kustomize.toolkit.fluxcd.io/name: harbor-init
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor-init-cronjob
- namespace: storage
-spec:
- chart:
- spec:
- chart: app-template
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- version: 3.5.1
- install:
- remediation:
- retries: 3
- interval: 30m
- uninstall:
- keepHistory: false
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- values:
- controllers:
- init:
- containers:
- init:
- envFrom:
- - secretRef:
- name: harbor-init-secret
- image:
- repository: ghcr.io/onedr0p/postgres-init
- tag: 16
- job:
- completions: 1
- parallelism: 1
- pod:
- restartPolicy: OnFailure
- securityContext:
- runAsGroup: 568
- runAsNonRoot: true
- runAsUser: 568
- type: job
- main:
- enabled: false
- service:
- main:
- controller: main
- enabled: false
-
--- kubernetes/apps/service/hajimari/app Kustomization: flux-system/hajimari ConfigMap: service/hajimari-gatus-ep
+++ kubernetes/apps/service/hajimari/app Kustomization: flux-system/hajimari ConfigMap: service/hajimari-gatus-ep
@@ -8,13 +8,13 @@
url: "https://dash...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/home/home-assistant/app Kustomization: flux-system/home-assistant HelmRelease: home/home-assistant
+++ kubernetes/apps/home/home-assistant/app Kustomization: flux-system/home-assistant HelmRelease: home/home-assistant
@@ -37,20 +37,19 @@
main:
annotations:
reloader.stakater.com/auto: 'true'
containers:
main:
env:
- PYTHONPATH: /config/deps
TZ: Europe/Simferopol
envFrom:
- secretRef:
name: hass-secrets
image:
repository: ghcr.io/onedr0p/home-assistant
- tag: 2024.11.1@sha256:a3dd7577c28771702b21f817ad86600056467c2c7f45d261a1e7241910ddc2e2
+ tag: 2024.10.3@sha256:59cb3b01ea4695c5df8f4cc1e4d01fa7e22090caa3fd3f000a96b6a5de909f91
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
@@ -147,18 +146,12 @@
defaultMode: 256
globalMounts:
- path: /root/.ssh/known_hosts
subPath: GITHUB_KNOWN_HOSTS
name: hass-secrets-gh
type: secret
- snd:
- enabled: true
- globalMounts:
- - path: /dev/snd
- hostPath: /dev/snd
- type: hostPath
tmp:
type: emptyDir
service:
main:
annotations:
io.cilium/lb-ipam-ips: 192.168.108.44
--- kubernetes/apps/home/frigate/app Kustomization: flux-system/frigate ConfigMap: home/frigate-gatus-ep
+++ kubernetes/apps/home/frigate/app Kustomization: flux-system/frigate ConfigMap: home/frigate-gatus-ep
@@ -8,13 +8,13 @@
url: "https://frigate...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/home/frigate/app Kustomization: flux-system/frigate ConfigMap: home/frigate-configmap
+++ kubernetes/apps/home/frigate/app Kustomization: flux-system/frigate ConfigMap: home/frigate-configmap
@@ -109,44 +109,44 @@
quality: 90
go2rtc:
streams:
gates_hq:
- rtsp://admin:[email protected]:554/stream1
- - "ffmpeg:gates_hq#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:gates_hq#audio=copy#audio=aac"
gates_lq:
- rtsp://admin:[email protected]:554/stream2
- - "ffmpeg:gates_lq#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:gates_lq#audio=copy#audio=aac"
door_hq:
- rtsp://admin:[email protected]:554/stream1
- - "ffmpeg:door_hq#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:door_hq#audio=copy#audio=aac"
door_lq:
- rtsp://admin:[email protected]:554/stream2
- - "ffmpeg:door_lq#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:door_lq#audio=copy#audio=aac"
dvor_gates_hq:
- rtsp://admin:[email protected]:554/stream1
- - "ffmpeg:dvor_gates_hq#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:dvor_gates_hq#audio=copy#audio=aac"
dvor_gates_lq:
- rtsp://admin:[email protected]:554/stream2
- - "ffmpeg:dvor_gates_lq#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:dvor_gates_lq#audio=copy#audio=aac"
dom2_hq:
- rtsp://admin:[email protected]:554/stream1
- - "ffmpeg:dom2_hq#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:dom2_hq#audio=copy#audio=aac"
dom2_lq:
- rtsp://admin:[email protected]:554/stream2
- - "ffmpeg:dom2_lq#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:dom2_lq#audio=copy#audio=aac"
street_hq:
- rtsp://admin:[email protected]:8554/Streaming/Channels/101
- - "ffmpeg:street_hq#video=copy#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:street_hq#video=copy#audio=copy#audio=aac"
street_lq:
- rtsp://admin:[email protected]:8554/Streaming/Channels/102
- - "ffmpeg:street_lq#video=copy#audio=copy#audio=aac#audio=opus"
+ - "ffmpeg:street_lq#video=copy#audio=copy#audio=aac"
webrtc:
candidates:
- 192.168.108.55:8555
- - 192.168.108.11:3478
+ # - headless-gateway.service.svc:3478
cameras:
gates:
enabled: True
ffmpeg:
inputs:
- path: rtsp://localhost:8554/gates_hq
--- kubernetes/apps/home/music-assistant/app Kustomization: flux-system/music-assistant HelmRelease: home/music-assistant
+++ kubernetes/apps/home/music-assistant/app Kustomization: flux-system/music-assistant HelmRelease: home/music-assistant
@@ -1,95 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: music-assistant
- kustomize.toolkit.fluxcd.io/name: music-assistant
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: music-assistant
- namespace: home
-spec:
- chart:
- spec:
- chart: app-template
- interval: 30m
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- version: 3.4.0
- interval: 30m
- values:
- controllers:
- music-assistant:
- annotations:
- reloader.stakater.com/auto: 'true'
- containers:
- app:
- image:
- repository: ghcr.io/music-assistant/server
- tag: 2.3.2
- probes:
- liveness:
- enabled: true
- readiness:
- enabled: true
- startup:
- enabled: true
- spec:
- failureThreshold: 30
- periodSeconds: 5
- resources:
- limits:
- memory: 1024Mi
- requests:
- cpu: 47m
- memory: 512Mi
- pod:
- securityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 0
- runAsUser: 0
- defaultPodOptions:
- hostNetwork: true
- ingress:
- app:
- className: internal
- hosts:
- - host: mass...PLACEHOLDER_SECRET_DOMAIN..
- paths:
- - path: /
- service:
- identifier: app
- port: http
- persistence:
- addons-hass:
- advancedMounts:
- music-assistant:
- app:
- - path: /usr/local/lib/python3.12/site-packages/hass_client
- existingClaim: music-assistant-addons-hass
- data:
- advancedMounts:
- music-assistant:
- app:
- - path: /data
- existingClaim: music-assistant-config
- temp:
- enabled: true
- globalMounts:
- - path: /tmp
- medium: Memory
- sizeLimit: 2Gi
- type: emptyDir
- service:
- app:
- annotations:
- io.cilium/lb-ipam-ips: 192.168.108.22
- controller: music-assistant
- ports:
- http:
- port: 8095
- type: LoadBalancer
-
--- kubernetes/apps/home/music-assistant/app Kustomization: flux-system/music-assistant PersistentVolumeClaim: home/music-assistant-config
+++ kubernetes/apps/home/music-assistant/app Kustomization: flux-system/music-assistant PersistentVolumeClaim: home/music-assistant-config
@@ -1,18 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app.kubernetes.io/name: music-assistant
- kustomize.toolkit.fluxcd.io/name: music-assistant
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: music-assistant-config
- namespace: home
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- storageClassName: longhorn-fast
-
--- kubernetes/apps/home/music-assistant/app Kustomization: flux-system/music-assistant PersistentVolumeClaim: home/music-assistant-addons-hass
+++ kubernetes/apps/home/music-assistant/app Kustomization: flux-system/music-assistant PersistentVolumeClaim: home/music-assistant-addons-hass
@@ -1,18 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app.kubernetes.io/name: music-assistant
- kustomize.toolkit.fluxcd.io/name: music-assistant
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: music-assistant-addons-hass
- namespace: home
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 256Mi
- storageClassName: longhorn-fast
-
--- kubernetes/apps/kube-system/node-feature-discovery/app Kustomization: flux-system/node-feature-discovery HelmRelease: kube-system/node-feature-discovery
+++ kubernetes/apps/kube-system/node-feature-discovery/app Kustomization: flux-system/node-feature-discovery HelmRelease: kube-system/node-feature-discovery
@@ -13,13 +13,13 @@
spec:
chart: node-feature-discovery
sourceRef:
kind: HelmRepository
name: node-feature-discovery
namespace: flux-system
- version: 0.16.6
+ version: 0.16.5
install:
crds: CreateReplace
remediation:
retries: 3
interval: 30m
uninstall:
--- kubernetes/flux Kustomization: flux-system/cluster HelmRepository: flux-system/angelnu-helm-charts
+++ kubernetes/flux Kustomization: flux-system/cluster HelmRepository: flux-system/angelnu-helm-charts
@@ -1,14 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: angelnu-helm-charts
- namespace: flux-system
-spec:
- interval: 1h
- timeout: 15m
- url: https://angelnu.github.io/helm-charts
-
--- kubernetes/apps/kube-system/nvidia-gpu-operator/app Kustomization: flux-system/nvidia-gpu-operator HelmRelease: kube-system/nvidia-gpu-operator
+++ kubernetes/apps/kube-system/nvidia-gpu-operator/app Kustomization: flux-system/nvidia-gpu-operator HelmRelease: kube-system/nvidia-gpu-operator
@@ -12,13 +12,13 @@
spec:
chart: gpu-operator
sourceRef:
kind: HelmRepository
name: nvidia-operator
namespace: flux-system
- version: v24.9.0
+ version: v24.6.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
--- kubernetes/apps/database/redis/app Kustomization: flux-system/redis HelmRelease: database/redis
+++ kubernetes/apps/database/redis/app Kustomization: flux-system/redis HelmRelease: database/redis
@@ -52,13 +52,13 @@
fullnameOverride: redis-sentinel
metrics:
enabled: false
image:
redisTargetHost: redis-sentinel
repository: bitnami/redis-exporter
- tag: 1.66.0-debian-12-r2
+ tag: 1.65.0-debian-12-r2
serviceMonitor:
enabled: true
interval: 20s
networkPolicy:
enabled: false
rbac:
--- kubernetes/apps/service/stunner/operator Kustomization: flux-system/stunner-gateway HelmRelease: service/stunner
+++ kubernetes/apps/service/stunner/operator Kustomization: flux-system/stunner-gateway HelmRelease: service/stunner
@@ -13,13 +13,13 @@
spec:
chart: stunner-gateway-operator
sourceRef:
kind: HelmRepository
name: stunner
namespace: flux-system
- version: 1.0.0
+ version: 0.21.0
install:
createNamespace: true
remediation:
retries: 3
interval: 30m
maxHistory: 2
--- kubernetes/apps/service/stunner/operator Kustomization: flux-system/stunner-gateway ConfigMap: service/stunner-gateway-gatus-ep
+++ kubernetes/apps/service/stunner/operator Kustomization: flux-system/stunner-gateway ConfigMap: service/stunner-gateway-gatus-ep
@@ -8,13 +8,13 @@
url: "https://stunner-gateway...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/service/stunner/app Kustomization: flux-system/stunner Gateway: service/frigate-udp-gateway
+++ kubernetes/apps/service/stunner/app Kustomization: flux-system/stunner Gateway: service/frigate-udp-gateway
@@ -6,15 +6,12 @@
app.kubernetes.io/name: stunner
kustomize.toolkit.fluxcd.io/name: stunner
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: frigate-udp-gateway
namespace: service
spec:
- addresses:
- - type: IPAddress
- value: 192.168.108.11
gatewayClassName: stunner-gatewayclass
listeners:
- name: udp-listener
port: 3478
protocol: TURN-UDP
--- kubernetes/apps/service/stunner/app Kustomization: flux-system/stunner Gateway: service/headless-gateway
+++ kubernetes/apps/service/stunner/app Kustomization: flux-system/stunner Gateway: service/headless-gateway
@@ -6,15 +6,12 @@
app.kubernetes.io/name: stunner
kustomize.toolkit.fluxcd.io/name: stunner
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: headless-gateway
namespace: service
spec:
- addresses:
- - type: IPAddress
- value: 192.168.108.78
gatewayClassName: stunner-gatewayclass
listeners:
- name: tcp-listener
port: 3478
protocol: TURN-TCP
--- kubernetes/apps/service/stunner/app Kustomization: flux-system/stunner ConfigMap: service/stunner-gatus-ep
+++ kubernetes/apps/service/stunner/app Kustomization: flux-system/stunner ConfigMap: service/stunner-gatus-ep
@@ -8,13 +8,13 @@
url: "https://stunner...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/media/qbittorrent/tools Kustomization: flux-system/qbittorrent-tools HelmRelease: media/qbtools
+++ kubernetes/apps/media/qbittorrent/tools Kustomization: flux-system/qbittorrent-tools HelmRelease: media/qbtools
@@ -48,13 +48,13 @@
- --port
- '8049'
env:
TZ: Europe/Simferopol
image:
repository: ghcr.io/buroa/qbtools
- tag: v0.19.7@sha256:ceb38f6794b10a8f1147dbc8a4df24857e0dae72341eaf2d435796937d77ba3a
+ tag: v0.19.5@sha256:e9482d3d40c1ab58f50664ad3a24f2d5627d210f1ea140c7f44f516d0bf5f204
resources:
limits:
cpu: 31m
memory: 105M
requests:
cpu: 15m
@@ -93,13 +93,13 @@
- --port
- '8049'
env:
TZ: Europe/Simferopol
image:
repository: ghcr.io/buroa/qbtools
- tag: v0.19.7@sha256:ceb38f6794b10a8f1147dbc8a4df24857e0dae72341eaf2d435796937d77ba3a
+ tag: v0.19.5@sha256:e9482d3d40c1ab58f50664ad3a24f2d5627d210f1ea140c7f44f516d0bf5f204
resources:
limits:
cpu: 31m
memory: 105M
requests:
cpu: 15m
@@ -130,13 +130,13 @@
- --port
- '8049'
env:
TZ: Europe/Simferopol
image:
repository: ghcr.io/buroa/qbtools
- tag: v0.19.7@sha256:ceb38f6794b10a8f1147dbc8a4df24857e0dae72341eaf2d435796937d77ba3a
+ tag: v0.19.5@sha256:e9482d3d40c1ab58f50664ad3a24f2d5627d210f1ea140c7f44f516d0bf5f204
resources:
limits:
cpu: 31m
memory: 105M
requests:
cpu: 15m
@@ -156,13 +156,13 @@
- --port
- '8049'
env:
TZ: Europe/Simferopol
image:
repository: ghcr.io/buroa/qbtools
- tag: v0.19.7@sha256:ceb38f6794b10a8f1147dbc8a4df24857e0dae72341eaf2d435796937d77ba3a
+ tag: v0.19.5@sha256:e9482d3d40c1ab58f50664ad3a24f2d5627d210f1ea140c7f44f516d0bf5f204
resources:
limits:
cpu: 31m
memory: 105M
requests:
cpu: 15m
@@ -190,13 +190,13 @@
- --config
- /config/config.yaml
env:
TZ: Europe/Simferopol
image:
repository: ghcr.io/buroa/qbtools
- tag: v0.19.7@sha256:ceb38f6794b10a8f1147dbc8a4df24857e0dae72341eaf2d435796937d77ba3a
+ tag: v0.19.5@sha256:e9482d3d40c1ab58f50664ad3a24f2d5627d210f1ea140c7f44f516d0bf5f204
resources:
limits:
cpu: 31m
memory: 105M
requests:
cpu: 15m
--- kubernetes/apps/observability/smartctl-exporter/app Kustomization: flux-system/smartctl-exporter HelmRelease: observability/smartctl-exporter
+++ kubernetes/apps/observability/smartctl-exporter/app Kustomization: flux-system/smartctl-exporter HelmRelease: observability/smartctl-exporter
@@ -13,13 +13,13 @@
spec:
chart: prometheus-smartctl-exporter
sourceRef:
kind: HelmRepository
name: prometheus-community
namespace: flux-system
- version: 0.11.0
+ version: 0.10.0
install:
remediation:
retries: 3
interval: 30m
uninstall:
keepHistory: false
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/music-assistant
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/music-assistant
@@ -1,42 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: music-assistant
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: music-assistant
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 10m
- path: ./kubernetes/apps/home/music-assistant/app
- postBuild:
- substitute:
- APP: music-assistant
- APP_GID: '1000'
- APP_UID: '1000'
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- - kind: Secret
- name: cluster-secrets
- - kind: ConfigMap
- name: cluster-settings-user
- optional: true
- - kind: Secret
- name: cluster-secrets-user
- optional: true
- prune: true
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- targetNamespace: home
- wait: false
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/harbor-init
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/harbor-init
@@ -1,42 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor-init
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: harbor-init
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 30m
- path: ./kubernetes/apps/storage/harbor/init
- postBuild:
- substitute:
- APP: harbor-init
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- - kind: Secret
- name: cluster-secrets
- - kind: ConfigMap
- name: cluster-settings-user
- optional: true
- - kind: Secret
- name: cluster-secrets-user
- optional: true
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- targetNamespace: storage
- timeout: 25m
- wait: false
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/harbor
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/harbor
@@ -1,44 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: harbor
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- dependsOn:
- - name: harbor-init
- interval: 30m
- path: ./kubernetes/apps/storage/harbor/app
- postBuild:
- substitute:
- APP: harbor
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- - kind: Secret
- name: cluster-secrets
- - kind: ConfigMap
- name: cluster-settings-user
- optional: true
- - kind: Secret
- name: cluster-secrets-user
- optional: true
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- targetNamespace: storage
- timeout: 5m
- wait: false
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/harbor-webhook
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/harbor-webhook
@@ -1,44 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor-webhook
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: harbor-webhook
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- dependsOn:
- - name: harbor
- interval: 30m
- path: ./kubernetes/apps/storage/harbor/webhook
- postBuild:
- substitute:
- APP: harbor-webhook
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- - kind: Secret
- name: cluster-secrets
- - kind: ConfigMap
- name: cluster-settings-user
- optional: true
- - kind: Secret
- name: cluster-secrets-user
- optional: true
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- targetNamespace: storage
- timeout: 5m
- wait: false
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/system-upgrade-k3s
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/system-upgrade-k3s
@@ -18,13 +18,13 @@
dependsOn:
- name: system-upgrade-controller
interval: 30m
path: ./kubernetes/apps/system-upgrade/k3s/app
postBuild:
substitute:
- KUBE_VERSION: v1.31.2+k3s1
+ KUBE_VERSION: v1.31.1+k3s1
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
- kind: ConfigMap
--- kubernetes/apps/home/scrypted/app Kustomization: flux-system/scrypted HelmRelease: home/scrypted
+++ kubernetes/apps/home/scrypted/app Kustomization: flux-system/scrypted HelmRelease: home/scrypted
@@ -40,13 +40,13 @@
containers:
app:
env:
TZ: Europe/Simferopol
image:
repository: ghcr.io/koush/scrypted
- tag: v0.123.1-jammy-full
+ tag: v0.121.0-jammy-full
probes:
liveness:
enabled: true
readiness:
enabled: true
startup:
--- kubernetes/apps/observability/victoria-logs/app Kustomization: flux-system/victoria-logs HelmRelease: observability/victoria-logs
+++ kubernetes/apps/observability/victoria-logs/app Kustomization: flux-system/victoria-logs HelmRelease: observability/victoria-logs
@@ -13,13 +13,13 @@
spec:
chart: victoria-logs-single
sourceRef:
kind: HelmRepository
name: victoriametrics-charts
namespace: flux-system
- version: 0.8.1
+ version: 0.7.1
interval: 1h
values:
fluent-bit:
config:
filters: |-
[FILTER]
--- kubernetes/apps/network/cloudflared/app Kustomization: flux-system/cloudflared HelmRelease: network/cloudflared
+++ kubernetes/apps/network/cloudflared/app Kustomization: flux-system/cloudflared HelmRelease: network/cloudflared
@@ -50,13 +50,13 @@
TUNNEL_ORIGIN_ENABLE_HTTP2: true
TUNNEL_POST_QUANTUM: true
TUNNEL_TRANSPORT_PROTOCOL: quic
TZ: Europe/Simferopol
image:
repository: docker.io/cloudflare/cloudflared
- tag: 2024.11.0
+ tag: 2024.10.1
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 3
--- kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: storage/harbor-registry
+++ kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: storage/harbor-registry
@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app.kubernetes.io/instance: harbor
- app.kubernetes.io/name: harbor
- kustomize.toolkit.fluxcd.io/name: harbor
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor-registry
- namespace: storage
-spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 10Gi
- storageClassName: longhorn-fast
-
--- kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: storage/harbor-trivy
+++ kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: storage/harbor-trivy
@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app.kubernetes.io/instance: harbor
- app.kubernetes.io/name: harbor
- kustomize.toolkit.fluxcd.io/name: harbor
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor-trivy
- namespace: storage
-spec:
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 10Gi
- storageClassName: longhorn-fast
-
--- kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: storage/harbor-jobservice
+++ kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: storage/harbor-jobservice
@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app.kubernetes.io/instance: harbor
- app.kubernetes.io/name: harbor
- kustomize.toolkit.fluxcd.io/name: harbor
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor-jobservice
- namespace: storage
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 10Gi
- storageClassName: longhorn-fast
-
--- kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: storage/harbor-jobservice-scandata
+++ kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: storage/harbor-jobservice-scandata
@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app.kubernetes.io/instance: harbor
- app.kubernetes.io/name: harbor
- kustomize.toolkit.fluxcd.io/name: harbor
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor-jobservice-scandata
- namespace: storage
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 10Gi
- storageClassName: longhorn-fast
-
--- kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor HelmRelease: storage/harbor
+++ kubernetes/apps/storage/harbor/app Kustomization: flux-system/harbor HelmRelease: storage/harbor
@@ -1,316 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: harbor
- kustomize.toolkit.fluxcd.io/name: harbor
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor
- namespace: storage
-spec:
- chart:
- spec:
- chart: harbor
- sourceRef:
- kind: HelmRepository
- name: harbor
- namespace: flux-system
- version: 1.15.1
- install:
- remediation:
- retries: 3
- interval: 30m
- maxHistory: 2
- timeout: 15m
- uninstall:
- keepHistory: false
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- values:
- cache:
- enabled: true
- expireHours: 4
- containerSecurityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- privileged: false
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- core:
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: core
- topologyKey: kubernetes.io/hostname
- weight: 100
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: core
- topologyKey: topology.kubernetes.io/zone
- weight: 90
- gdpr:
- deleteUser: true
- replicas: 2
- resources:
- requests:
- cpu: 10m
- memory: 1Gi
- revisionHistoryLimit: 3
- serviceAccountName: ''
- startupProbe:
- enabled: true
- initialDelaySeconds: 10
- database:
- external:
- coreDatabase: harbor
- existingSecret: harbor-secret
- host: postgres16-rw.database.svc.cluster.local
- port: '5432'
- sslmode: disable
- username: harborpg
- type: external
- existingSecretAdminPassword: harbor-secret
- existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
- exporter:
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: exporter
- topologyKey: kubernetes.io/hostname
- weight: 100
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: exporter
- topologyKey: topology.kubernetes.io/zone
- weight: 90
- cacheCleanInterval: 14400
- cacheDuration: 30
- podAnnotations: {}
- replicas: 1
- resources:
- requests:
- cpu: 10m
- memory: 256Mi
- revisionHistoryLimit: 1
- serviceAccountName: ''
- expose:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: '0'
- nginx.ingress.kubernetes.io/proxy-buffering: 'off'
- nginx.ingress.kubernetes.io/proxy-connect-timeout: '25'
- nginx.ingress.kubernetes.io/proxy-read-timeout: '1800'
- nginx.ingress.kubernetes.io/proxy-request-buffering: 'off'
- nginx.ingress.kubernetes.io/proxy-send-timeout: '1800'
- nginx.ingress.kubernetes.io/ssl-redirect: 'true'
- className: internal
- hosts:
- core: harbor...PLACEHOLDER_SECRET_DOMAIN..
- loadBalancer:
- IP: 192.168.108.88
- annotations: {}
- labels: {}
- name: harbor
- ports:
- httpPort: 80
- httpsPort: 443
- tls:
- certSource: none
- enabled: true
- type: ingress
- externalURL: https://harbor...PLACEHOLDER_SECRET_DOMAIN..
- imagePullPolicy: IfNotPresent
- ipFamily:
- ipv6:
- enabled: false
- jobservice:
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: jobservice
- topologyKey: kubernetes.io/hostname
- weight: 100
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: jobservice
- topologyKey: topology.kubernetes.io/zone
- weight: 90
- jobLoggers:
- - file
- loggerSweeperDuration: 2
- maxJobWorkers: 30
- reaper:
- max_dangling_hours: 48
- max_update_hours: 24
- replicas: 1
- resources:
- limits:
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- revisionHistoryLimit: 3
- logLevel: debug
- metrics:
- core:
- path: /metrics
- port: 8001
- enabled: true
- exporter:
- path: /metrics
- port: 8001
- jobservice:
- path: /metrics
- port: 8001
- registry:
- path: /metrics
- port: 8001
- serviceMonitor:
- enabled: true
- interval: 60s
- metricRelabelings: []
- relabelings: []
- notary:
- enabled: false
- persistence:
- enabled: true
- imageChartStorage:
- disableredirect: true
- s3:
- bucket: harbor
- chunksize: '33554432'
- encrypt: false
- existingSecret: harbor-secret
- multipartcopychunksize: '335544320'
- multipartcopymaxconcurrency: 32
- multipartcopythresholdsize: '1073741824'
- region: us-east-1
- regionendpoint: http://s3.casa
- secure: false
- storageclass: STANDARD
- v4auth: true
- type: s3
- persistentVolumeClaim:
- jobservice:
- jobLog:
- existingClaim: harbor-jobservice
- scanDataExports:
- existingClaim: harbor-jobservice-scandata
- registry:
- existingClaim: harbor-registry
- trivy:
- existingClaim: harbor-trivy
- portal:
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: portal
- topologyKey: kubernetes.io/hostname
- weight: 100
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: portal
- topologyKey: topology.kubernetes.io/zone
- weight: 90
- replicas: 2
- resources:
- requests:
- cpu: 20m
- memory: 256Mi
- revisionHistoryLimit: 3
- redis:
- external:
- addr: redis-sentinel-master.database.svc.cluster.local:6379
- cacheLayerDatabaseIndex: '64'
- coreDatabaseIndex: '69'
- harborDatabaseIndex: '65'
- jobserviceDatabaseIndex: '68'
- password: ''
- registryDatabaseIndex: '67'
- sentinelMasterSet: ''
- trivyAdapterIndex: '66'
- username: ''
- type: external
- registry:
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: registry
- topologyKey: kubernetes.io/hostname
- weight: 100
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: registry
- topologyKey: topology.kubernetes.io/zone
- weight: 90
- controller:
- resources:
- requests:
- cpu: 50m
- memory: 256Mi
- registry:
- resources:
- requests:
- cpu: 20m
- memory: 2Gi
- replicas: 2
- revisionHistoryLimit: 3
- serviceAccountName: ''
- upload_purging:
- age: 6h
- enabled: true
- interval: 1h
- trivy:
- affinity:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - podAffinityTerm:
- labelSelector:
- matchLabels:
- component: trivy
- topologyKey: kubernetes.io/hostname
- weight: 100
- enabled: true
- gitHubToken: null
- ignoreUnfixed: true
- insecure: true
- offlineScan: true
- replicas: 2
- resources:
- limits:
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 2Gi
- severity: HIGH,CRITICAL
- skipUpdate: false
- vulnType: os,library
- updateStrategy:
- type: Recreate
-
--- kubernetes/apps/system-upgrade/k3s/app Kustomization: flux-system/system-upgrade-k3s Plan: system-upgrade/controllers
+++ kubernetes/apps/system-upgrade/k3s/app Kustomization: flux-system/system-upgrade-k3s Plan: system-upgrade/controllers
@@ -31,8 +31,8 @@
key: node-role.kubernetes.io/etcd
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
upgrade:
image: rancher/k3s-upgrade
- version: v1.31.2+k3s1
+ version: v1.31.1+k3s1
--- kubernetes/apps/system-upgrade/k3s/app Kustomization: flux-system/system-upgrade-k3s Plan: system-upgrade/workers
+++ kubernetes/apps/system-upgrade/k3s/app Kustomization: flux-system/system-upgrade-k3s Plan: system-upgrade/workers
@@ -19,8 +19,8 @@
- prepare
- controllers
image: rancher/k3s-upgrade
serviceAccountName: system-upgrade
upgrade:
image: rancher/k3s-upgrade
- version: v1.31.2+k3s1
+ version: v1.31.1+k3s1
--- kubernetes/apps/observability/victoria-metrics/app Kustomization: flux-system/victoriametrics HelmRelease: observability/victoria-metrics-stack
+++ kubernetes/apps/observability/victoria-metrics/app Kustomization: flux-system/victoriametrics HelmRelease: observability/victoria-metrics-stack
@@ -12,13 +12,13 @@
spec:
chart: victoria-metrics-k8s-stack
sourceRef:
kind: HelmRepository
name: victoriametrics-charts
namespace: flux-system
- version: 0.28.3
+ version: 0.27.6
driftDetection:
mode: enabled
install:
createNamespace: true
remediation:
retries: 3
@@ -38,14 +38,12 @@
hosts:
- alertmanager...PLACEHOLDER_SECRET_DOMAIN..
ingressClassName: internal
tls:
- hosts:
- alertmanager...PLACEHOLDER_SECRET_DOMAIN..
- monzoTemplate:
- enabled: false
spec:
configSecret: alertmanager-secret
externalURL: https://alertmanager...PLACEHOLDER_SECRET_DOMAIN..
replicaCount: 2
securityContext:
fsGroup: 2000
@@ -72,185 +70,78 @@
targetPort: 9153
vmScrape:
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
port: http-metrics
- jobLabel: jobLabel
- namespaceSelector:
- matchNames:
- - kube-system
+ jobLabel: kube-dns
crds:
enabled: true
- defaultDashboards:
- annotations: {}
- dashboards:
- node-exporter-full:
- enabled: true
- victoriametrics-operator:
- enabled: true
- victoriametrics-vmalert:
- enabled: true
- defaultTimezone: utc+3
- enabled: true
- grafanaOperator:
- enabled: false
- spec:
- allowCrossNamespaceImport: false
- instanceSelector:
- matchLabels:
- dashboards: grafana
- labels: {}
defaultRules:
create: true
- groups:
- alertmanager:
- create: true
- etcd:
- create: true
- general:
- create: true
- k8sContainerCpuUsageSecondsTotal:
- create: true
- k8sContainerMemoryCache:
- create: true
- k8sContainerMemoryRss:
- create: true
- k8sContainerMemorySwap:
- create: true
- k8sContainerMemoryWorkingSetBytes:
- create: true
- k8sContainerResource:
- create: true
- k8sPodOwner:
- create: true
- kubeApiserver:
- create: true
- kubeApiserverAvailability:
- create: true
- kubeApiserverBurnrate:
- create: true
- kubeApiserverHistogram:
- create: true
- kubeApiserverSlos:
- create: true
- kubePrometheusGeneral:
- create: true
- kubePrometheusNodeRecording:
- create: true
- kubeScheduler:
- create: true
- kubeStateMetrics:
- create: true
- kubelet:
- create: true
- kubernetesApps:
- create: true
- targetNamespace: .*
- kubernetesResources:
- create: true
- kubernetesStorage:
- create: true
- targetNamespace: .*
- kubernetesSystem:
- create: true
- kubernetesSystemApiserver:
- create: true
- kubernetesSystemControllerManager:
- create: true
- kubernetesSystemKubelet:
- create: true
- kubernetesSystemScheduler:
- create: true
- node:
- create: true
- nodeNetwork:
- create: true
- vmHealth:
- create: true
- vmagent:
- create: true
- vmcluster:
- create: true
- vmoperator:
- create: true
- vmsingle:
- create: true
- runbookUrl: https://runbooks.prometheus-operator.dev/runbooks
+ rules:
+ alertmanager: true
+ etcd: true
+ general: true
+ k8s: true
+ kubeApiserver: true
+ kubeApiserverAvailability: true
+ kubeApiserverBurnrate: true
+ kubeApiserverHistogram: true
+ kubeApiserverSlos: true
+ kubePrometheusGeneral: true
+ kubePrometheusNodeRecording: true
+ kubeScheduler: true
+ kubeStateMetrics: true
+ kubelet: true
+ kubernetesApps: true
+ kubernetesResources: true
+ kubernetesStorage: true
+ kubernetesSystem: true
+ network: true
+ node: true
+ vmagent: true
+ vmhealth: true
+ vmsingle: true
fullnameOverride: victoria-metrics
- global:
- cluster:
- dnsDomain: cluster.local.
- clusterLabel: ark
grafana:
enabled: false
kube-state-metrics:
enabled: true
- vmScrape:
- enabled: true
- spec:
- endpoints:
- - honorLabels: true
- metricRelabelConfigs:
- - action: labeldrop
- regex: (uid|container_id|image_id)
- port: http
- jobLabel: app.kubernetes.io/name
- selector:
- matchLabels:
- app.kubernetes.io/instance: '{{ include "vm.release" . }}'
- app.kubernetes.io/name: '{{ include "kube-state-metrics.name" (index
- .Subcharts "kube-state-metrics") }}'
+ resources:
+ requests:
+ cpu: 10m
+ memory: 128Mi
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ operator: Equal
+ value: ''
kubeApiServer:
enabled: true
- vmScrape:
- spec:
- endpoints:
- - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
- port: https
- scheme: https
- tlsConfig:
- caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- insecureSkipVerify: true
- serverName: kubernetes
- jobLabel: component
- namespaceSelector:
- matchNames:
- - default
- selector:
- matchLabels:
- component: apiserver
- provider: kubernetes
kubeControllerManager:
enabled: true
endpoints:
- 192.168.108.149
- 192.168.108.209
- 192.168.108.238
service:
enabled: true
- port: 10257
- selector:
- component: kube-controller-manager
- targetPort: 10257
+ port: 10259
+ targetPort: 10259
vmScrape:
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
port: http-metrics
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
serverName: kubernetes
- jobLabel: jobLabel
- namespaceSelector:
- matchNames:
- - kube-system
- kubeDns:
- enabled: false
+ jobLabel: component
kubeEtcd:
enabled: true
endpoints:
- 192.168.108.149
- 192.168.108.209
- 192.168.108.238
@@ -283,66 +174,52 @@
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
port: http-metrics
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
- jobLabel: jobLabel
- namespaceSelector:
- matchNames:
- - kube-system
kubelet:
- enabled: true
- vmScrape:
- kind: VMNodeScrape
- spec:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
- honorLabels: true
- honorTimestamps: false
- interval: 30s
- metricRelabelConfigs:
- - action: labeldrop
- regex: (uid)
- - action: labeldrop
- regex: (id|name)
- - action: drop
- regex: (rest_client_request_duration_seconds_bucket|rest_client_request_duration_seconds_sum|rest_client_request_duration_seconds_count)
- source_labels:
- - __name__
- relabelConfigs:
- - action: labelmap
- regex: __meta_kubernetes_node_label_(.+)
- - sourceLabels:
- - __metrics_path__
- targetLabel: metrics_path
- - replacement: kubelet
- targetLabel: job
- scheme: https
- scrapeTimeout: 5s
- tlsConfig:
- caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- insecureSkipVerify: true
- vmScrapes:
- cadvisor:
- enabled: true
- spec:
- path: /metrics/cadvisor
- kubelet:
- spec: {}
- probes:
- enabled: true
- spec:
- path: /metrics/probes
+ cadvisor: true
+ enabled: true
+ probes: true
+ spec:
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ honorLabels: true
+ honorTimestamps: false
+ interval: 30s
+ metricRelabelConfigs:
+ - action: keep
[Diff truncated by flux-local]
--- kubernetes/apps/storage/harbor/webhook Kustomization: flux-system/harbor-webhook HelmRelease: storage/harbor-webhook
+++ kubernetes/apps/storage/harbor/webhook Kustomization: flux-system/harbor-webhook HelmRelease: storage/harbor-webhook
@@ -1,78 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: harbor-webhook
- kustomize.toolkit.fluxcd.io/name: harbor-webhook
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: harbor-webhook
- namespace: storage
-spec:
- chart:
- spec:
- chart: harbor-container-webhook
- sourceRef:
- kind: HelmRepository
- name: harbor-webhook
- namespace: flux-system
- version: 0.7.0
- install:
- remediation:
- retries: 3
- interval: 30m
- uninstall:
- keepHistory: false
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- values:
- certDir: ./hack/certs
- healthAddr: :8080
- metricsAddr: :8081
- port: 9443
- rules:
- - checkUpstream: false
- excludes:
- - .*goharbor.*
- matches:
- - ^docker.io
- name: docker.io rewrite rule
- replace: harbor.skynerv.com/local-docker
- - checkUpstream: false
- excludes:
- - .*goharbor.*
- matches:
- - ^hub.docker.com
- name: hub.docker.com rewrite rule
- replace: harbor.skynerv.com/local-docker
- - checkUpstream: false
- excludes:
- - .*goharbor.*
- matches:
- - ^ghcr.io
- name: ghcr.io rewrite rule
- replace: harbor.skynerv.com/local-github
- - checkUpstream: false
- excludes:
- - .*goharbor.*
- matches:
- - ^quay.io
- name: quay.io rewrite rule
- replace: harbor.skynerv.com/local-quay
- - checkUpstream: false
- excludes:
- - .*goharbor.*
- matches:
- - ^gcr.io
- name: gcr.io rewrite rule
- replace: harbor.skynerv.com/local-gcr
- - checkUpstream: false
- excludes:
- - .*goharbor.*
- matches:
- - ^k8s.gcr.io
- name: k8s.gcr.io rewrite rule
- replace: harbor.skynerv.com/local-gcr-k8s
-
--- kubernetes/apps/security/authentik/app Kustomization: flux-system/authentik HelmRelease: security/authentik
+++ kubernetes/apps/security/authentik/app Kustomization: flux-system/authentik HelmRelease: security/authentik
@@ -14,13 +14,13 @@
chart: authentik
interval: 5m
sourceRef:
kind: HelmRepository
name: authentik-charts
namespace: flux-system
- version: 2024.10.1
+ version: 2024.8.3
dependsOn:
- name: redis
namespace: database
- name: cloudnative-pg
namespace: database
install:
@@ -60,13 +60,13 @@
global:
deploymentAnnotations:
secret.reloader.stakater.com/reload: authentik-secret
fullnameOverride: authentik
image:
repository: ghcr.io/goauthentik/server
- tag: 2024.10.1
+ tag: 2024.8.3
postgresql:
enabled: false
redis:
enabled: false
server:
ingress:
@@ -85,13 +85,13 @@
- hosts:
- id...PLACEHOLDER_SECRET_DOMAIN..
initContainers:
- envFrom:
- secretRef:
name: authentik-secret
- image: ghcr.io/onedr0p/postgres-init:16.4
+ image: ghcr.io/onedr0p/postgres-init:16.3
name: init-db
metrics:
serviceMonitor:
enabled: true
pdb:
enabled: true
--- kubernetes/apps/media/jellyfin/app Kustomization: flux-system/jellyfin HelmRelease: media/jellyfin
+++ kubernetes/apps/media/jellyfin/app Kustomization: flux-system/jellyfin HelmRelease: media/jellyfin
@@ -32,21 +32,21 @@
JELLYFIN_FFmpeg__probesize: 1G
NVIDIA_DRIVER_CAPABILITIES: all
NVIDIA_VISIBLE_DEVICES: all
TZ: Europe/Simferopol
image:
repository: jellyfin/jellyfin
- tag: 2024110405@sha256:ff112e2e28b66ef2ce8ee7228f6457b37313cb7e7f09358e90f2f13873e2cf31
+ tag: 2024101405@sha256:87ddeb24e3a45bb8167f602331232bcc8f0c0009568683663a5514ee1969a5ef
resources:
limits:
- cpu: 1900m
- memory: 14G
+ cpu: 619m
+ memory: 16G
nvidia.com/gpu: 1
requests:
- cpu: 1900m
- memory: 14G
+ cpu: 15m
+ memory: 7101M
pod:
enableServiceLinks: false
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
--- kubernetes/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent HelmRelease: media/qbittorrent
+++ kubernetes/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent HelmRelease: media/qbittorrent
@@ -53,13 +53,13 @@
192.168.0.0/16
QBT_Preferences__WebUI__AuthSubnetWhitelistEnabled: true
QBT_Preferences__WebUI__LocalHostAuth: false
TZ: Europe/Simferopol
image:
repository: ghcr.io/onedr0p/qbittorrent-beta
- tag: 5.0.1@sha256:684422cab9fe3cba04812cf4207398bb72aa0f0283c92fddecd833648ac3f7bf
+ tag: 5.0.0@sha256:042a856a25d130385bd57845646a75a2130dda4895c9be0306fcd7a62ed12801
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 3
--- kubernetes/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent ConfigMap: media/qbittorrent-gatus-ep
+++ kubernetes/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent ConfigMap: media/qbittorrent-gatus-ep
@@ -8,13 +8,13 @@
url: "https://qb...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/media/immich/app Kustomization: flux-system/immich HelmRelease: media/immich-machine-learning
+++ kubernetes/apps/media/immich/app Kustomization: flux-system/immich HelmRelease: media/immich-machine-learning
@@ -44,13 +44,13 @@
- configMapRef:
name: immich-configmap
- secretRef:
name: immich
image:
repository: ghcr.io/immich-app/immich-machine-learning
- tag: v1.120.2@sha256:3cca923bc8eaa3616c48fc6088005e08d574cf1acf6c1253c92393ae11e4788d
+ tag: v1.118.2@sha256:4d89a309fd08a93649f1ae4a7572ae98f09d66b4c1dfb7916b71d31dec7eda38
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 5
--- kubernetes/apps/media/immich/app Kustomization: flux-system/immich HelmRelease: media/immich-microservices
+++ kubernetes/apps/media/immich/app Kustomization: flux-system/immich HelmRelease: media/immich-microservices
@@ -43,13 +43,13 @@
- configMapRef:
name: immich-configmap
- secretRef:
name: immich
image:
repository: ghcr.io/immich-app/immich-server
- tag: v1.120.2@sha256:99f97cb61cd1b49c23fbee46a0ed067f171970518d8834c7e8b2dd3ac0d39c63
+ tag: v1.118.2@sha256:f158810c90f80162f9b08729bbaec963731f12662960be38ff93093b78a0bbdf
resources:
limits:
gpu.intel.com/i915: 1
requests:
cpu: 15m
memory: 298M
--- kubernetes/apps/media/immich/app Kustomization: flux-system/immich HelmRelease: media/immich-server
+++ kubernetes/apps/media/immich/app Kustomization: flux-system/immich HelmRelease: media/immich-server
@@ -41,13 +41,13 @@
- configMapRef:
name: immich-configmap
- secretRef:
name: immich
image:
repository: ghcr.io/immich-app/immich-server
- tag: v1.120.2@sha256:99f97cb61cd1b49c23fbee46a0ed067f171970518d8834c7e8b2dd3ac0d39c63
+ tag: v1.118.2@sha256:f158810c90f80162f9b08729bbaec963731f12662960be38ff93093b78a0bbdf
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 5
@@ -86,13 +86,13 @@
- configMapRef:
name: immich-configmap
- secretRef:
name: immich
image:
repository: ghcr.io/onedr0p/postgres-init
- tag: '16.4'
+ tag: '16.3'
pod:
enableServiceLinks: false
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
--- kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr HelmRelease: media/prowlarr
+++ kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr HelmRelease: media/prowlarr
@@ -34,13 +34,13 @@
PROWLARR__LOG_LEVEL: info
PROWLARR__PORT: 9696
PROWLARR__THEME: dark
TZ: Europe/Simferopol
image:
repository: ghcr.io/onedr0p/prowlarr-nightly
- tag: 1.26.1.4838@sha256:0cf35cf97fb97437752cba9701fba526d2caecf16c62974e6c1a8c9f2b7c431e
+ tag: 1.26.0.4820@sha256:2356ce5296597f354ffa263fc0681319dba8d534905ea8b60436a57786992a47
probes:
liveness:
enabled: true
readiness:
enabled: true
startup:
--- kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr ConfigMap: media/prowlarr-gatus-ep
+++ kubernetes/apps/media/prowlarr/app Kustomization: flux-system/prowlarr ConfigMap: media/prowlarr-gatus-ep
@@ -8,13 +8,13 @@
url: "https://prowlarr...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr HelmRelease: media/sonarr
+++ kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr HelmRelease: media/sonarr
@@ -51,13 +51,13 @@
TZ: Europe/Simferopol
envFrom:
- secretRef:
name: sonarr-secret
image:
repository: ghcr.io/onedr0p/sonarr-develop
- tag: 4.0.10.2624@sha256:550d8206663585710556de32e8656b4838e83c9dd79ec271af567b85fa724912
+ tag: 4.0.9.2513@sha256:31c0f7881c18d496a45616bad4b02ab6588b95836615122042c8709d5edb0241
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 3
--- kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr ConfigMap: media/sonarr-gatus-ep
+++ kubernetes/apps/media/sonarr/app Kustomization: flux-system/sonarr ConfigMap: media/sonarr-gatus-ep
@@ -8,13 +8,13 @@
url: "https://sonarr...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/observability/gatus/app Kustomization: flux-system/gatus HelmRelease: observability/gatus
+++ kubernetes/apps/observability/gatus/app Kustomization: flux-system/gatus HelmRelease: observability/gatus
@@ -40,13 +40,13 @@
TZ: America/Los_Angeles
envFrom:
- secretRef:
name: gatus-secret
image:
repository: ghcr.io/twin/gatus
- tag: v5.13.1@sha256:24842a8adebd3dd4bd04a4038ffa27cb2fe72bb50631415e0fb2915063fc1993
+ tag: v5.13.0@sha256:cac86b023cf61bf18b688532b4496f8703d15df935b0b6c9bbf85c3e3e18d218
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 3
--- kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr HelmRelease: media/radarr
+++ kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr HelmRelease: media/radarr
@@ -51,13 +51,13 @@
TZ: Europe/Simferopol
envFrom:
- secretRef:
name: radarr-secret
image:
repository: ghcr.io/onedr0p/radarr-develop
- tag: 5.15.0.9412@sha256:3d922f5f80935c1aadbe49597cb4cd509e2890ca0c01d6778ac54825012fdde4
+ tag: 5.14.0.9383@sha256:ddb3e22f946094cce54ccadcafb6a3ac0917501f2cdb5cf9c7e6466b980fa92a
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 3
--- kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr ConfigMap: media/radarr-gatus-ep
+++ kubernetes/apps/media/radarr/app Kustomization: flux-system/radarr ConfigMap: media/radarr-gatus-ep
@@ -8,13 +8,13 @@
url: "https://radarr...PLACEHOLDER_SECRET_DOMAIN../"
interval: 1m
ui:
hide-hostname: true
hide-url: true
client:
- dns-resolver: tcp://192.168.108.1:53
+ dns-resolver: tcp://192.168.8.1:53
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover
kind: ConfigMap
metadata:
--- kubernetes/apps/observability/grafana/app Kustomization: flux-system/grafana HelmRelease: observability/grafana
+++ kubernetes/apps/observability/grafana/app Kustomization: flux-system/grafana HelmRelease: observability/grafana
@@ -14,13 +14,13 @@
chart: grafana
interval: 15m
sourceRef:
kind: HelmRepository
name: grafana
namespace: flux-system
- version: 8.6.0
+ version: 8.5.8
driftDetection:
mode: enabled
install:
createNamespace: true
remediation:
retries: 3
@@ -356,13 +356,13 @@
ver=$(curl -s -L https://api.github.com/repos/VictoriaMetrics/victoriametrics-datasource/releases/latest | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -1)
curl -L https://github.com/VictoriaMetrics/victoriametrics-datasource/releases/download/$ver/victoriametrics-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vm-plugin.tar.gz
tar -xf /var/lib/grafana/plugins/vm-plugin.tar.gz -C /var/lib/grafana/plugins/
rm /var/lib/grafana/plugins/vm-plugin.tar.gz
command:
- /bin/sh
- image: curlimages/curl:8.11.0
+ image: curlimages/curl:7.85.0
name: load-vm-ds-plugin
securityContext:
runAsGroup: 472
runAsNonRoot: true
runAsUser: 472
volumeMounts:
--- kubernetes/apps/media/recyclarr/app Kustomization: flux-system/recyclarr HelmRelease: media/recyclarr
+++ kubernetes/apps/media/recyclarr/app Kustomization: flux-system/recyclarr HelmRelease: media/recyclarr
@@ -36,13 +36,13 @@
TZ: Europe/Simferopol
envFrom:
- secretRef:
name: recyclarr-secret
image:
repository: ghcr.io/recyclarr/recyclarr
- tag: 7.4.0@sha256:619c3b8920a179f2c578acd0f54e9a068f57c049aff840469eed66e93a4be2cf
+ tag: 7.2.4@sha256:1bf2436ed4749a4309765dd21643aac858dd436a536e37c25bb463513601e962
resources:
limits:
memory: 128Mi
requests:
cpu: 10m
securityContext: |
renovate
bot
force-pushed
the
renovate/vpa-4.x
branch
from
568203c
to
5c8f54a
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.6.0->4.7.1Configuration
📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.