From 1106456777cd924139200998b3fb2fd895f84725 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Wed, 25 Mar 2026 01:40:13 +0000 Subject: [PATCH] chore: Update manifests after change --- .../code-server/Deployment-code-server.yaml | 8 +++-- ...rnalSecret-codeserver-password-secret.yaml | 6 ---- .../code-server/HTTPRoute-code-server.yaml | 2 +- ...sistentVolumeClaim-code-server-config.yaml | 2 -- .../manifests/coredns/ConfigMap-coredns.yaml | 2 ++ .../manifests/coredns/Deployment-coredns.yaml | 14 ++++---- .../dawarich/Deployment-dawarich.yaml | 34 ++++++++++++++----- .../ExternalSecret-dawarich-key-secret.yaml | 3 -- .../ExternalSecret-dawarich-oidc-secret.yaml | 6 ---- .../dawarich/HTTPRoute-dawarich.yaml | 2 +- ...PersistentVolumeClaim-dawarich-public.yaml | 2 -- ...ersistentVolumeClaim-dawarich-storage.yaml | 2 -- ...ersistentVolumeClaim-dawarich-watched.yaml | 2 -- 13 files changed, 40 insertions(+), 45 deletions(-) diff --git a/clusters/cl01tl/manifests/code-server/Deployment-code-server.yaml b/clusters/cl01tl/manifests/code-server/Deployment-code-server.yaml index 4e30f6b05..aba86bf37 100644 --- a/clusters/cl01tl/manifests/code-server/Deployment-code-server.yaml +++ b/clusters/cl01tl/manifests/code-server/Deployment-code-server.yaml @@ -29,6 +29,9 @@ spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch hostIPC: false hostNetwork: false hostPID: false @@ -36,7 +39,7 @@ spec: containers: - env: - name: TZ - value: US/Central + value: America/Chicago - name: PUID value: "1000" - name: PGID @@ -47,12 +50,11 @@ spec: - secretRef: name: codeserver-password-secret image: ghcr.io/linuxserver/code-server:4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b - imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m - memory: 128Mi + memory: 80Mi volumeMounts: - mountPath: /config name: config diff --git a/clusters/cl01tl/manifests/code-server/ExternalSecret-codeserver-password-secret.yaml b/clusters/cl01tl/manifests/code-server/ExternalSecret-codeserver-password-secret.yaml index 3a77f1f61..f58e308ac 100644 --- a/clusters/cl01tl/manifests/code-server/ExternalSecret-codeserver-password-secret.yaml +++ b/clusters/cl01tl/manifests/code-server/ExternalSecret-codeserver-password-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/code-server/auth - metadataPolicy: None property: PASSWORD - secretKey: SUDO_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/code-server/auth - metadataPolicy: None property: SUDO_PASSWORD diff --git a/clusters/cl01tl/manifests/code-server/HTTPRoute-code-server.yaml b/clusters/cl01tl/manifests/code-server/HTTPRoute-code-server.yaml index 185d6fb2e..c88c186c4 100644 --- a/clusters/cl01tl/manifests/code-server/HTTPRoute-code-server.yaml +++ b/clusters/cl01tl/manifests/code-server/HTTPRoute-code-server.yaml @@ -23,7 +23,7 @@ spec: name: code-server namespace: code-server port: 8443 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/code-server/PersistentVolumeClaim-code-server-config.yaml b/clusters/cl01tl/manifests/code-server/PersistentVolumeClaim-code-server-config.yaml index 255066530..f913f54fd 100644 --- a/clusters/cl01tl/manifests/code-server/PersistentVolumeClaim-code-server-config.yaml +++ b/clusters/cl01tl/manifests/code-server/PersistentVolumeClaim-code-server-config.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: code-server helm.sh/chart: code-server-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: code-server spec: accessModes: diff --git a/clusters/cl01tl/manifests/coredns/ConfigMap-coredns.yaml b/clusters/cl01tl/manifests/coredns/ConfigMap-coredns.yaml index 6dbfd6fa1..91bb11c23 100644 --- a/clusters/cl01tl/manifests/coredns/ConfigMap-coredns.yaml +++ b/clusters/cl01tl/manifests/coredns/ConfigMap-coredns.yaml @@ -34,10 +34,12 @@ data: dns://alexlebens.net:53 { errors cache 30 + prometheus :9153 forward . 10.111.232.172 } dns://ts.net:53 { errors cache 30 + prometheus :9153 forward . 10.97.20.219 } diff --git a/clusters/cl01tl/manifests/coredns/Deployment-coredns.yaml b/clusters/cl01tl/manifests/coredns/Deployment-coredns.yaml index 610d81286..a5dda5c9a 100644 --- a/clusters/cl01tl/manifests/coredns/Deployment-coredns.yaml +++ b/clusters/cl01tl/manifests/coredns/Deployment-coredns.yaml @@ -11,7 +11,7 @@ metadata: kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" app.kubernetes.io/name: coredns - app.kubernetes.io/version: "v1.14.2" + app.kubernetes.io/version: "v1.14.2_sha256-e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12a" spec: replicas: 3 strategy: @@ -31,7 +31,7 @@ spec: app.kubernetes.io/name: coredns app.kubernetes.io/instance: "coredns" annotations: - checksum/config: f4a6d6c3e35774362e3a63510747807812b072d700356d5e5fe19ecdf9da07b1 + checksum/config: 8dba01057be851fa708634bf93eaecce2bd62f631b46a5c007707c1cefd6dce3 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: terminationGracePeriodSeconds: 30 @@ -49,19 +49,17 @@ spec: kubernetes.io/os: linux containers: - name: "coredns" - image: "registry.k8s.io/coredns/coredns:v1.14.2" + image: "registry.k8s.io/coredns/coredns:v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9" imagePullPolicy: IfNotPresent args: ["-conf", "/etc/coredns/Corefile"] volumeMounts: - name: config-volume mountPath: /etc/coredns resources: - limits: - cpu: 100m - memory: 128Mi + limits: {} requests: - cpu: 50m - memory: 128Mi + cpu: 20m + memory: 32Mi ports: - {"containerPort": 53, "name": "udp-53", "protocol": "UDP"} - {"containerPort": 53, "name": "tcp-53", "protocol": "TCP"} diff --git a/clusters/cl01tl/manifests/dawarich/Deployment-dawarich.yaml b/clusters/cl01tl/manifests/dawarich/Deployment-dawarich.yaml index 2ac343eeb..38c71da8d 100644 --- a/clusters/cl01tl/manifests/dawarich/Deployment-dawarich.yaml +++ b/clusters/cl01tl/manifests/dawarich/Deployment-dawarich.yaml @@ -114,13 +114,23 @@ spec: value: "true" - name: STORE_GEODATA value: "true" - image: freikin/dawarich:1.4.0 - imagePullPolicy: IfNotPresent + image: freikin/dawarich:1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '"status"\s*:\s*"ok"' + failureThreshold: 5 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 name: main resources: requests: cpu: 10m - memory: 128Mi + memory: 750Mi volumeMounts: - mountPath: /var/app/public name: public @@ -205,13 +215,19 @@ spec: value: "true" - name: STORE_GEODATA value: "true" - image: freikin/dawarich:1.4.0 - imagePullPolicy: IfNotPresent + image: freikin/dawarich:1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8 + livenessProbe: + exec: + command: + - pgrep + - -f + - sidekiq + failureThreshold: 5 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 name: sidekiq - resources: - requests: - cpu: 10m - memory: 128Mi volumeMounts: - mountPath: /var/app/public name: public diff --git a/clusters/cl01tl/manifests/dawarich/ExternalSecret-dawarich-key-secret.yaml b/clusters/cl01tl/manifests/dawarich/ExternalSecret-dawarich-key-secret.yaml index 4ff36b3e1..4e2b0dcce 100644 --- a/clusters/cl01tl/manifests/dawarich/ExternalSecret-dawarich-key-secret.yaml +++ b/clusters/cl01tl/manifests/dawarich/ExternalSecret-dawarich-key-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/dawarich/key - metadataPolicy: None property: key diff --git a/clusters/cl01tl/manifests/dawarich/ExternalSecret-dawarich-oidc-secret.yaml b/clusters/cl01tl/manifests/dawarich/ExternalSecret-dawarich-oidc-secret.yaml index f70c0ee20..fd2fac1dc 100644 --- a/clusters/cl01tl/manifests/dawarich/ExternalSecret-dawarich-oidc-secret.yaml +++ b/clusters/cl01tl/manifests/dawarich/ExternalSecret-dawarich-oidc-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: client remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/dawarich - metadataPolicy: None property: client - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/dawarich - metadataPolicy: None property: secret diff --git a/clusters/cl01tl/manifests/dawarich/HTTPRoute-dawarich.yaml b/clusters/cl01tl/manifests/dawarich/HTTPRoute-dawarich.yaml index ce57b6320..451b31f52 100644 --- a/clusters/cl01tl/manifests/dawarich/HTTPRoute-dawarich.yaml +++ b/clusters/cl01tl/manifests/dawarich/HTTPRoute-dawarich.yaml @@ -23,7 +23,7 @@ spec: name: dawarich namespace: dawarich port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-public.yaml b/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-public.yaml index f79214f04..8a26889c8 100644 --- a/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-public.yaml +++ b/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-public.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: dawarich helm.sh/chart: dawarich-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: dawarich spec: accessModes: diff --git a/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-storage.yaml b/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-storage.yaml index e69cd8151..6d6b3b01c 100644 --- a/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-storage.yaml +++ b/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-storage.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: dawarich helm.sh/chart: dawarich-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: dawarich spec: accessModes: diff --git a/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-watched.yaml b/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-watched.yaml index b14032ca7..89547326f 100644 --- a/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-watched.yaml +++ b/clusters/cl01tl/manifests/dawarich/PersistentVolumeClaim-dawarich-watched.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: dawarich helm.sh/chart: dawarich-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: dawarich spec: accessModes: