From 14ec2f7ddd9fd6e56bf45ecbc555e65e6a1a0770 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Thu, 26 Mar 2026 01:39:36 +0000 Subject: [PATCH] Automated Manifest Update (#5140) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. ### Details - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `5c9cfc0` (on `5c9cfc0c8948631232da6b34fd2422cd6a6b6aeb`) - **Charts Updated**: `actual,argo-workflows,argocd,audiobookshelf,authentik,backrest,bazarr,blocky,cloudnative-pg,code-server,coredns,dawarich,democratic-csi-synology-iscsi,descheduler` Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5140 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- .../manifests/actual/Deployment-actual.yaml | 4 ++-- ...orkflows-argo-events-controller-manager.yaml | 2 +- ...ment-argo-workflows-workflow-controller.yaml | 4 ++-- .../Deployment-events-webhook.yaml | 4 ++-- ...oyment-argocd-applicationset-controller.yaml | 2 +- .../argocd/Deployment-argocd-dex-server.yaml | 4 ++-- ...loyment-argocd-notifications-controller.yaml | 4 ++-- .../Deployment-argocd-redis-ha-haproxy.yaml | 4 ++-- .../argocd/Deployment-argocd-repo-server.yaml | 8 ++++---- .../argocd/Deployment-argocd-server.yaml | 4 ++-- ...atefulSet-argocd-application-controller.yaml | 2 +- .../StatefulSet-argocd-redis-ha-server.yaml | 2 +- .../Deployment-audiobookshelf.yaml | 2 +- .../authentik/Deployment-authentik-server.yaml | 2 +- .../authentik/Deployment-authentik-worker.yaml | 4 ++-- .../manifests/backrest/Deployment-backrest.yaml | 4 ++-- .../manifests/bazarr/Deployment-bazarr.yaml | 6 ++++-- .../manifests/blocky/Deployment-blocky.yaml | 2 +- ...ment-cloudnative-pg-plugin-barman-cloud.yaml | 4 ++-- .../Deployment-cloudnative-pg.yaml | 2 +- .../code-server/Deployment-code-server.yaml | 4 ++-- .../manifests/coredns/Deployment-coredns.yaml | 4 ++-- .../manifests/dawarich/Deployment-dawarich.yaml | 2 +- ...rnalSecret-synology-iscsi-config-secret.yaml | 3 --- .../descheduler/ClusterRole-descheduler.yaml | 7 +++++++ .../descheduler/ConfigMap-descheduler.yaml | 12 ++++++------ .../descheduler/Deployment-descheduler.yaml | 17 +++++++++++------ 27 files changed, 65 insertions(+), 54 deletions(-) diff --git a/clusters/cl01tl/manifests/actual/Deployment-actual.yaml b/clusters/cl01tl/manifests/actual/Deployment-actual.yaml index 6a0970363..1ff6bc0c1 100644 --- a/clusters/cl01tl/manifests/actual/Deployment-actual.yaml +++ b/clusters/cl01tl/manifests/actual/Deployment-actual.yaml @@ -53,8 +53,8 @@ spec: name: main resources: requests: - cpu: 25m - memory: 64Mi + cpu: 10m + memory: 50Mi volumeMounts: - mountPath: /data name: data diff --git a/clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-argo-events-controller-manager.yaml b/clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-argo-events-controller-manager.yaml index 5874c14c9..6797788db 100644 --- a/clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-argo-events-controller-manager.yaml +++ b/clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-argo-events-controller-manager.yaml @@ -74,7 +74,7 @@ spec: failureThreshold: 3 resources: requests: - cpu: 10m + cpu: 1m memory: 32Mi serviceAccountName: argo-workflows-argo-events-controller-manager volumes: diff --git a/clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-workflow-controller.yaml b/clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-workflow-controller.yaml index 24dc89a62..04f9f2be8 100644 --- a/clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-workflow-controller.yaml +++ b/clusters/cl01tl/manifests/argo-workflows/Deployment-argo-workflows-workflow-controller.yaml @@ -78,8 +78,8 @@ spec: value: "true" resources: requests: - cpu: 10m - memory: 32Mi + cpu: 1m + memory: 20Mi ports: - name: metrics containerPort: 9090 diff --git a/clusters/cl01tl/manifests/argo-workflows/Deployment-events-webhook.yaml b/clusters/cl01tl/manifests/argo-workflows/Deployment-events-webhook.yaml index dd7bc1c9e..2354b774b 100644 --- a/clusters/cl01tl/manifests/argo-workflows/Deployment-events-webhook.yaml +++ b/clusters/cl01tl/manifests/argo-workflows/Deployment-events-webhook.yaml @@ -64,6 +64,6 @@ spec: failureThreshold: 3 resources: requests: - cpu: 10m - memory: 32Mi + cpu: 1m + memory: 20Mi serviceAccountName: argo-workflows-argo-events-events-webhook diff --git a/clusters/cl01tl/manifests/argocd/Deployment-argocd-applicationset-controller.yaml b/clusters/cl01tl/manifests/argocd/Deployment-argocd-applicationset-controller.yaml index ceff90d06..4e036c1af 100644 --- a/clusters/cl01tl/manifests/argocd/Deployment-argocd-applicationset-controller.yaml +++ b/clusters/cl01tl/manifests/argocd/Deployment-argocd-applicationset-controller.yaml @@ -239,7 +239,7 @@ spec: resources: requests: cpu: 10m - memory: 64Mi + memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/argocd/Deployment-argocd-dex-server.yaml b/clusters/cl01tl/manifests/argocd/Deployment-argocd-dex-server.yaml index c77fd3f01..29030708b 100644 --- a/clusters/cl01tl/manifests/argocd/Deployment-argocd-dex-server.yaml +++ b/clusters/cl01tl/manifests/argocd/Deployment-argocd-dex-server.yaml @@ -100,7 +100,7 @@ spec: failureThreshold: 3 resources: requests: - cpu: 10m + cpu: 1m memory: 64Mi securityContext: allowPrivilegeEscalation: false @@ -135,7 +135,7 @@ spec: name: dexconfig resources: requests: - cpu: 10m + cpu: 1m memory: 64Mi securityContext: allowPrivilegeEscalation: false diff --git a/clusters/cl01tl/manifests/argocd/Deployment-argocd-notifications-controller.yaml b/clusters/cl01tl/manifests/argocd/Deployment-argocd-notifications-controller.yaml index 35cd062ba..f03b05028 100644 --- a/clusters/cl01tl/manifests/argocd/Deployment-argocd-notifications-controller.yaml +++ b/clusters/cl01tl/manifests/argocd/Deployment-argocd-notifications-controller.yaml @@ -105,8 +105,8 @@ spec: failureThreshold: 3 resources: requests: - cpu: 10m - memory: 64Mi + cpu: 2m + memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/argocd/Deployment-argocd-redis-ha-haproxy.yaml b/clusters/cl01tl/manifests/argocd/Deployment-argocd-redis-ha-haproxy.yaml index fc96c0426..962a720c2 100644 --- a/clusters/cl01tl/manifests/argocd/Deployment-argocd-redis-ha-haproxy.yaml +++ b/clusters/cl01tl/manifests/argocd/Deployment-argocd-redis-ha-haproxy.yaml @@ -105,8 +105,8 @@ spec: containerPort: 9101 resources: requests: - cpu: 10m - memory: 128Mi + cpu: 5m + memory: 90Mi volumeMounts: - name: data mountPath: /usr/local/etc/haproxy diff --git a/clusters/cl01tl/manifests/argocd/Deployment-argocd-repo-server.yaml b/clusters/cl01tl/manifests/argocd/Deployment-argocd-repo-server.yaml index 99ad02af8..f7aecfd6b 100644 --- a/clusters/cl01tl/manifests/argocd/Deployment-argocd-repo-server.yaml +++ b/clusters/cl01tl/manifests/argocd/Deployment-argocd-repo-server.yaml @@ -348,8 +348,8 @@ spec: failureThreshold: 3 resources: requests: - cpu: 10m - memory: 64Mi + cpu: 1m + memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: @@ -370,8 +370,8 @@ spec: name: copyutil resources: requests: - cpu: 10m - memory: 64Mi + cpu: 1m + memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/argocd/Deployment-argocd-server.yaml b/clusters/cl01tl/manifests/argocd/Deployment-argocd-server.yaml index 0a1fdb61f..f3641cc8e 100644 --- a/clusters/cl01tl/manifests/argocd/Deployment-argocd-server.yaml +++ b/clusters/cl01tl/manifests/argocd/Deployment-argocd-server.yaml @@ -396,8 +396,8 @@ spec: failureThreshold: 3 resources: requests: - cpu: 10m - memory: 64Mi + cpu: 20m + memory: 80Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/argocd/StatefulSet-argocd-application-controller.yaml b/clusters/cl01tl/manifests/argocd/StatefulSet-argocd-application-controller.yaml index c766fff9e..2119964b3 100644 --- a/clusters/cl01tl/manifests/argocd/StatefulSet-argocd-application-controller.yaml +++ b/clusters/cl01tl/manifests/argocd/StatefulSet-argocd-application-controller.yaml @@ -341,7 +341,7 @@ spec: failureThreshold: 3 resources: requests: - cpu: 15m + cpu: 100m memory: 1Gi securityContext: allowPrivilegeEscalation: false diff --git a/clusters/cl01tl/manifests/argocd/StatefulSet-argocd-redis-ha-server.yaml b/clusters/cl01tl/manifests/argocd/StatefulSet-argocd-redis-ha-server.yaml index e6d78b1f3..857ec621b 100644 --- a/clusters/cl01tl/manifests/argocd/StatefulSet-argocd-redis-ha-server.yaml +++ b/clusters/cl01tl/manifests/argocd/StatefulSet-argocd-redis-ha-server.yaml @@ -131,7 +131,7 @@ spec: resources: requests: cpu: 1000m - memory: 64Mi + memory: 50Mi ports: - name: redis containerPort: 6379 diff --git a/clusters/cl01tl/manifests/audiobookshelf/Deployment-audiobookshelf.yaml b/clusters/cl01tl/manifests/audiobookshelf/Deployment-audiobookshelf.yaml index 7a34c7177..cc9bd19d3 100644 --- a/clusters/cl01tl/manifests/audiobookshelf/Deployment-audiobookshelf.yaml +++ b/clusters/cl01tl/manifests/audiobookshelf/Deployment-audiobookshelf.yaml @@ -64,7 +64,7 @@ spec: name: main resources: requests: - cpu: 10m + cpu: 1m memory: 200Mi volumeMounts: - mountPath: /mnt/store/Audiobooks diff --git a/clusters/cl01tl/manifests/authentik/Deployment-authentik-server.yaml b/clusters/cl01tl/manifests/authentik/Deployment-authentik-server.yaml index 768b2cbfa..4fd914b72 100644 --- a/clusters/cl01tl/manifests/authentik/Deployment-authentik-server.yaml +++ b/clusters/cl01tl/manifests/authentik/Deployment-authentik-server.yaml @@ -113,7 +113,7 @@ spec: timeoutSeconds: 3 resources: requests: - cpu: 100m + cpu: 20m memory: 700Mi affinity: podAntiAffinity: diff --git a/clusters/cl01tl/manifests/authentik/Deployment-authentik-worker.yaml b/clusters/cl01tl/manifests/authentik/Deployment-authentik-worker.yaml index 8bad4b793..ece5a768b 100644 --- a/clusters/cl01tl/manifests/authentik/Deployment-authentik-worker.yaml +++ b/clusters/cl01tl/manifests/authentik/Deployment-authentik-worker.yaml @@ -112,8 +112,8 @@ spec: timeoutSeconds: 3 resources: requests: - cpu: 100m - memory: 512Mi + cpu: 80m + memory: 650Mi affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: diff --git a/clusters/cl01tl/manifests/backrest/Deployment-backrest.yaml b/clusters/cl01tl/manifests/backrest/Deployment-backrest.yaml index 11a267ec5..754a73387 100644 --- a/clusters/cl01tl/manifests/backrest/Deployment-backrest.yaml +++ b/clusters/cl01tl/manifests/backrest/Deployment-backrest.yaml @@ -49,8 +49,8 @@ spec: name: main resources: requests: - cpu: 10m - memory: 80Mi + cpu: 1m + memory: 30Mi volumeMounts: - mountPath: /cache name: cache diff --git a/clusters/cl01tl/manifests/bazarr/Deployment-bazarr.yaml b/clusters/cl01tl/manifests/bazarr/Deployment-bazarr.yaml index 5d989d093..ed86d46cf 100644 --- a/clusters/cl01tl/manifests/bazarr/Deployment-bazarr.yaml +++ b/clusters/cl01tl/manifests/bazarr/Deployment-bazarr.yaml @@ -49,9 +49,11 @@ spec: image: ghcr.io/linuxserver/bazarr:1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa name: main resources: + limits: + cpu: 100m requests: - cpu: 10m - memory: 256Mi + cpu: 1m + memory: 250Mi volumeMounts: - mountPath: /config name: config diff --git a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml index a48af11aa..7a8e9b4d5 100644 --- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml @@ -44,7 +44,7 @@ spec: resources: requests: cpu: 10m - memory: 90Mi + memory: 100Mi volumeMounts: - mountPath: /app/config.yml mountPropagation: None diff --git a/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg-plugin-barman-cloud.yaml b/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg-plugin-barman-cloud.yaml index f310101bb..914df3648 100644 --- a/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg-plugin-barman-cloud.yaml +++ b/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg-plugin-barman-cloud.yaml @@ -50,8 +50,8 @@ spec: port: 9090 resources: requests: - cpu: 10m - memory: 64Mi + cpu: 1m + memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml b/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml index b34c36467..589b0dd13 100644 --- a/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml +++ b/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml @@ -68,7 +68,7 @@ spec: resources: requests: cpu: 10m - memory: 64Mi + memory: 100Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/code-server/Deployment-code-server.yaml b/clusters/cl01tl/manifests/code-server/Deployment-code-server.yaml index aba86bf37..8b199f727 100644 --- a/clusters/cl01tl/manifests/code-server/Deployment-code-server.yaml +++ b/clusters/cl01tl/manifests/code-server/Deployment-code-server.yaml @@ -53,8 +53,8 @@ spec: name: main resources: requests: - cpu: 10m - memory: 80Mi + cpu: 1m + memory: 50Mi volumeMounts: - mountPath: /config name: config diff --git a/clusters/cl01tl/manifests/coredns/Deployment-coredns.yaml b/clusters/cl01tl/manifests/coredns/Deployment-coredns.yaml index a5dda5c9a..4496980fd 100644 --- a/clusters/cl01tl/manifests/coredns/Deployment-coredns.yaml +++ b/clusters/cl01tl/manifests/coredns/Deployment-coredns.yaml @@ -58,8 +58,8 @@ spec: resources: limits: {} requests: - cpu: 20m - memory: 32Mi + cpu: 30m + memory: 30Mi ports: - {"containerPort": 53, "name": "udp-53", "protocol": "UDP"} - {"containerPort": 53, "name": "tcp-53", "protocol": "TCP"} diff --git a/clusters/cl01tl/manifests/dawarich/Deployment-dawarich.yaml b/clusters/cl01tl/manifests/dawarich/Deployment-dawarich.yaml index 38c71da8d..0700dde25 100644 --- a/clusters/cl01tl/manifests/dawarich/Deployment-dawarich.yaml +++ b/clusters/cl01tl/manifests/dawarich/Deployment-dawarich.yaml @@ -129,7 +129,7 @@ spec: name: main resources: requests: - cpu: 10m + cpu: 20m memory: 750Mi volumeMounts: - mountPath: /var/app/public diff --git a/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/ExternalSecret-synology-iscsi-config-secret.yaml b/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/ExternalSecret-synology-iscsi-config-secret.yaml index 0b7dc78c1..308f062de 100644 --- a/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/ExternalSecret-synology-iscsi-config-secret.yaml +++ b/clusters/cl01tl/manifests/democratic-csi-synology-iscsi/ExternalSecret-synology-iscsi-config-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: driver-config-file.yaml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/democratic-csi-synology-iscsi/config - metadataPolicy: None property: driver-config-file.yaml diff --git a/clusters/cl01tl/manifests/descheduler/ClusterRole-descheduler.yaml b/clusters/cl01tl/manifests/descheduler/ClusterRole-descheduler.yaml index 9b98eeac8..2d4ea7631 100644 --- a/clusters/cl01tl/manifests/descheduler/ClusterRole-descheduler.yaml +++ b/clusters/cl01tl/manifests/descheduler/ClusterRole-descheduler.yaml @@ -30,6 +30,13 @@ rules: - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] verbs: ["get", "watch", "list"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["descheduler"] + verbs: ["get", "patch", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "watch", "list"] diff --git a/clusters/cl01tl/manifests/descheduler/ConfigMap-descheduler.yaml b/clusters/cl01tl/manifests/descheduler/ConfigMap-descheduler.yaml index efa3cff23..7c26e01e1 100644 --- a/clusters/cl01tl/manifests/descheduler/ConfigMap-descheduler.yaml +++ b/clusters/cl01tl/manifests/descheduler/ConfigMap-descheduler.yaml @@ -42,13 +42,13 @@ data: name: HighNodeUtilization - args: targetThresholds: - cpu: 60 - memory: 40 - pods: 80 + cpu: 50 + memory: 50 + pods: 60 thresholds: - cpu: 30 - memory: 30 - pods: 50 + cpu: 20 + memory: 20 + pods: 20 name: LowNodeUtilization plugins: balance: diff --git a/clusters/cl01tl/manifests/descheduler/Deployment-descheduler.yaml b/clusters/cl01tl/manifests/descheduler/Deployment-descheduler.yaml index d07f133c6..f3c50627b 100644 --- a/clusters/cl01tl/manifests/descheduler/Deployment-descheduler.yaml +++ b/clusters/cl01tl/manifests/descheduler/Deployment-descheduler.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/version: "0.35.1" app.kubernetes.io/managed-by: Helm spec: - replicas: 1 + replicas: 3 selector: matchLabels: app.kubernetes.io/name: descheduler @@ -21,7 +21,7 @@ spec: app.kubernetes.io/name: descheduler app.kubernetes.io/instance: descheduler annotations: - checksum/config: 52cdde3aae105c8d407cdec96dbaf5f9d630289083aa3d4fbf77f0d5962eda6d + checksum/config: b8b492edc39a8750e56e18b3d9ef6a7fee693fd63dd0d63b55b4336e63ae8dcb spec: priorityClassName: system-cluster-critical serviceAccountName: descheduler @@ -35,6 +35,13 @@ spec: - --policy-config-file=/policy-dir/policy.yaml - --descheduling-interval=5m - --v=3 + - --leader-elect=true + - --leader-elect-lease-duration=15s + - --leader-elect-renew-deadline=10s + - --leader-elect-retry-period=2s + - --leader-elect-resource-lock=leases + - --leader-elect-resource-name=descheduler + - --leader-elect-resource-namespace=descheduler ports: - containerPort: 10258 protocol: TCP @@ -48,12 +55,10 @@ spec: periodSeconds: 20 timeoutSeconds: 5 resources: - limits: - cpu: 500m - memory: 256Mi + limits: {} requests: cpu: 10m - memory: 64Mi + memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: