diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml index 9d50cbaf4..85a7b378a 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml @@ -42,7 +42,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80 + image: ghcr.io/external-secrets/external-secrets:v2.4.0@sha256:d2b74514f63f5b55360d08351f1fe5af3b1db794a81fa10389abe2ff2999c566 imagePullPolicy: IfNotPresent args: - certcontroller diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml index b3170d42a..c2038b52e 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml @@ -42,7 +42,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80 + image: ghcr.io/external-secrets/external-secrets:v2.4.0@sha256:d2b74514f63f5b55360d08351f1fe5af3b1db794a81fa10389abe2ff2999c566 imagePullPolicy: IfNotPresent args: - webhook diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml index 61805c3e2..c270b53f6 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml @@ -40,7 +40,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80 + image: ghcr.io/external-secrets/external-secrets:v2.4.0@sha256:d2b74514f63f5b55360d08351f1fe5af3b1db794a81fa10389abe2ff2999c566 imagePullPolicy: IfNotPresent args: - --enable-leader-election=true diff --git a/clusters/cl01tl/manifests/grimmory/Deployment-grimmory.yaml b/clusters/cl01tl/manifests/grimmory/Deployment-grimmory.yaml index b08024bdf..a6d9457d3 100644 --- a/clusters/cl01tl/manifests/grimmory/Deployment-grimmory.yaml +++ b/clusters/cl01tl/manifests/grimmory/Deployment-grimmory.yaml @@ -57,7 +57,7 @@ spec: value: "6060" - name: SWAGGER_ENABLED value: "false" - image: ghcr.io/grimmory-tools/grimmory:v2.3.0@sha256:9014247f591074529894f81115ca40f899db697e89f72c2fe91ec530e3f19597 + image: ghcr.io/grimmory-tools/grimmory:v3.0.0@sha256:0130c338d4c1186f2f6b6acdc4a7ee56388dfdab9cb0b9a23ac0fc91b79e7d75 name: main resources: requests: diff --git a/clusters/cl01tl/manifests/home-assistant/Deployment-home-assistant.yaml b/clusters/cl01tl/manifests/home-assistant/Deployment-home-assistant.yaml index cac602fb4..bd97f8d80 100644 --- a/clusters/cl01tl/manifests/home-assistant/Deployment-home-assistant.yaml +++ b/clusters/cl01tl/manifests/home-assistant/Deployment-home-assistant.yaml @@ -49,7 +49,7 @@ spec: envFrom: - secretRef: name: home-assistant-code-server-password - image: ghcr.io/linuxserver/code-server:4.116.0-ls333@sha256:4620adace18935dd6ca79d77e3bc1c379e21875392192f970cf5d6b0fb4aefcd + image: ghcr.io/linuxserver/code-server:4.117.0-ls334@sha256:1f384394d473c43ab6a39b2227ba3aa9c95af648ce3a67e1b4da1969c16c7c0d name: code-server volumeMounts: - mountPath: /config/home-assistant diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/Secret-alertmanager-kube-prometheus-stack-alertmanager.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/Secret-alertmanager-kube-prometheus-stack-alertmanager.yaml index 41364e9b3..ce3affc60 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/Secret-alertmanager-kube-prometheus-stack-alertmanager.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/Secret-alertmanager-kube-prometheus-stack-alertmanager.yaml @@ -13,4 +13,4 @@ metadata: release: "kube-prometheus-stack" heritage: "Helm" data: - alertmanager.yaml: "Z2xvYmFsOgogIHJlc29sdmVfdGltZW91dDogNW0KaW5oaWJpdF9ydWxlczoKLSBlcXVhbDoKICAtIG5hbWVzcGFjZQogIC0gYWxlcnRuYW1lCiAgc291cmNlX21hdGNoZXJzOgogIC0gc2V2ZXJpdHkgPSBjcml0aWNhbAogIHRhcmdldF9tYXRjaGVyczoKICAtIHNldmVyaXR5ID1+IHdhcm5pbmd8aW5mbwotIGVxdWFsOgogIC0gbmFtZXNwYWNlCiAgLSBhbGVydG5hbWUKICBzb3VyY2VfbWF0Y2hlcnM6CiAgLSBzZXZlcml0eSA9IHdhcm5pbmcKICB0YXJnZXRfbWF0Y2hlcnM6CiAgLSBzZXZlcml0eSA9IGluZm8KLSBlcXVhbDoKICAtIG5hbWVzcGFjZQogIHNvdXJjZV9tYXRjaGVyczoKICAtIGFsZXJ0bmFtZSA9IEluZm9JbmhpYml0b3IKICB0YXJnZXRfbWF0Y2hlcnM6CiAgLSBzZXZlcml0eSA9IGluZm8KLSB0YXJnZXRfbWF0Y2hlcnM6CiAgLSBhbGVydG5hbWUgPSBJbmZvSW5oaWJpdG9yCnJlY2VpdmVyczoKLSBuYW1lOiBudGZ5CiAgd2ViaG9va19jb25maWdzOgogIC0gaHR0cF9jb25maWc6CiAgICAgIGJhc2ljX2F1dGg6CiAgICAgICAgcGFzc3dvcmRfZmlsZTogL2V0Yy9hbGVydG1hbmFnZXIvc2VjcmV0cy9hbGVydG1hbmFnZXItY29uZmlnLWNvbmZpZy9udGZ5X3Bhc3N3b3JkCiAgICAgICAgdXNlcm5hbWU6IG50ZnktYWxlcnRtYW5hZ2VyCiAgICB1cmw6IGh0dHA6Ly9udGZ5LWFsZXJ0bWFuYWdlci5rdWJlLXByb21ldGhldXMtc3RhY2s6ODAKcm91dGU6CiAgZ3JvdXBfYnk6CiAgLSBuYW1lc3BhY2UKICAtIGFsZXJ0bmFtZQogIGdyb3VwX2ludGVydmFsOiA1bQogIGdyb3VwX3dhaXQ6IDMwcwogIHJlY2VpdmVyOiBudGZ5CiAgcmVwZWF0X2ludGVydmFsOiAyNGgKICByb3V0ZXM6CiAgLSBncm91cF9pbnRlcnZhbDogNW0KICAgIGdyb3VwX3dhaXQ6IDEwcwogICAgcmVjZWl2ZXI6IG50ZnkKICAgIHJlcGVhdF9pbnRlcnZhbDogMjRoCnRlbXBsYXRlczoKLSAvZXRjL2FsZXJ0bWFuYWdlci9jb25maWcvKi50bXBs" + alertmanager.yaml: "Z2xvYmFsOgogIHJlc29sdmVfdGltZW91dDogNW0KaW5oaWJpdF9ydWxlczoKLSBlcXVhbDoKICAtIG5hbWVzcGFjZQogIC0gYWxlcnRuYW1lCiAgc291cmNlX21hdGNoZXJzOgogIC0gc2V2ZXJpdHkgPSBjcml0aWNhbAogIHRhcmdldF9tYXRjaGVyczoKICAtIHNldmVyaXR5ID1+IHdhcm5pbmd8aW5mbwotIGVxdWFsOgogIC0gbmFtZXNwYWNlCiAgLSBhbGVydG5hbWUKICBzb3VyY2VfbWF0Y2hlcnM6CiAgLSBzZXZlcml0eSA9IHdhcm5pbmcKICB0YXJnZXRfbWF0Y2hlcnM6CiAgLSBzZXZlcml0eSA9IGluZm8KLSBlcXVhbDoKICAtIG5hbWVzcGFjZQogIHNvdXJjZV9tYXRjaGVyczoKICAtIGFsZXJ0bmFtZSA9IEluZm9JbmhpYml0b3IKICB0YXJnZXRfbWF0Y2hlcnM6CiAgLSBzZXZlcml0eSA9IGluZm8KLSB0YXJnZXRfbWF0Y2hlcnM6CiAgLSBhbGVydG5hbWUgPSBJbmZvSW5oaWJpdG9yCnJlY2VpdmVyczoKLSBuYW1lOiBudGZ5CiAgd2ViaG9va19jb25maWdzOgogIC0gaHR0cF9jb25maWc6CiAgICAgIGJhc2ljX2F1dGg6CiAgICAgICAgcGFzc3dvcmRfZmlsZTogL2V0Yy9hbGVydG1hbmFnZXIvc2VjcmV0cy9hbGVydG1hbmFnZXItbnRmeS1jb25maWcvbnRmeV9wYXNzd29yZAogICAgICAgIHVzZXJuYW1lOiBudGZ5LWFsZXJ0bWFuYWdlcgogICAgdXJsOiBodHRwOi8vbnRmeS1hbGVydG1hbmFnZXIua3ViZS1wcm9tZXRoZXVzLXN0YWNrOjgwCnJvdXRlOgogIGdyb3VwX2J5OgogIC0gbmFtZXNwYWNlCiAgLSBhbGVydG5hbWUKICBncm91cF9pbnRlcnZhbDogNW0KICBncm91cF93YWl0OiAzMHMKICByZWNlaXZlcjogbnRmeQogIHJlcGVhdF9pbnRlcnZhbDogMjRoCiAgcm91dGVzOgogIC0gZ3JvdXBfaW50ZXJ2YWw6IDVtCiAgICBncm91cF93YWl0OiAxMHMKICAgIHJlY2VpdmVyOiBudGZ5CiAgICByZXBlYXRfaW50ZXJ2YWw6IDI0aAp0ZW1wbGF0ZXM6Ci0gL2V0Yy9hbGVydG1hbmFnZXIvY29uZmlnLyoudG1wbA==" diff --git a/clusters/cl01tl/manifests/ntfy/Deployment-ntfy.yaml b/clusters/cl01tl/manifests/ntfy/Deployment-ntfy.yaml index aa077ae1f..0e4b50b21 100644 --- a/clusters/cl01tl/manifests/ntfy/Deployment-ntfy.yaml +++ b/clusters/cl01tl/manifests/ntfy/Deployment-ntfy.yaml @@ -75,7 +75,7 @@ spec: value: :9090 - name: NTFY_LOG_LEVEL value: info - image: binwiederhier/ntfy:v2.21.0@sha256:2b9e12d56a538f4402da51328eeca02696c4b207ab7fbe031c27e51a22ca9b86 + image: binwiederhier/ntfy:v2.22.0@sha256:d8b3408c75d5ae78e03339af6103e7e6195e56573eea6f1ad34bb4dc4f44f340 livenessProbe: httpGet: path: /v1/health diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml index fc3d0518a..6c169e3d9 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml @@ -98,7 +98,7 @@ spec: value: "off" - name: SHADOWSOCKS value: "off" - image: ghcr.io/qdm12/gluetun:v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab + image: ghcr.io/qdm12/gluetun:latest@sha256:725d3e51091dde4ca43e3e3f26e2e6d3d0ccc66821e92d505c3da04958f7d472 lifecycle: postStart: exec: diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml index fac57957e..2373de03f 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml @@ -29,7 +29,7 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: talos-backup-secrets automountServiceAccountToken: true hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml index 6a481f16c..1cb48ce5c 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml @@ -29,7 +29,7 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: talos-backup-secrets automountServiceAccountToken: true hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml index d48c6084a..20ec16056 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml @@ -29,7 +29,7 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: talos-backup-secrets automountServiceAccountToken: true hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-ingressroutes.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-ingressroutes.traefik.io.yaml index 1c483bc60..e6c9a2001 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-ingressroutes.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-ingressroutes.traefik.io.yaml @@ -336,6 +336,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-middlewares.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-middlewares.traefik.io.yaml index c7810ec5f..11ccc7cc6 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-middlewares.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-middlewares.traefik.io.yaml @@ -483,6 +483,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). @@ -606,7 +609,10 @@ spec: type: boolean type: object trustForwardHeader: - description: 'TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.' + description: |- + TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers. + + Deprecated: Use forwardedHeaders.trustedIPs at the EntryPoint level instead, and set trustForwardHeader to true on this middleware. type: boolean type: object grpcWeb: diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-traefikservices.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-traefikservices.traefik.io.yaml index daf886bfe..67db86e8e 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-traefikservices.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-traefikservices.traefik.io.yaml @@ -262,6 +262,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). @@ -486,6 +489,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). @@ -720,6 +726,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). @@ -1052,6 +1061,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). @@ -1190,6 +1202,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). @@ -1419,6 +1434,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). @@ -1486,6 +1504,9 @@ spec: - none - lax - strict + - None + - Lax + - Strict type: string secure: description: Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).