diff --git a/clusters/cl01tl/manifests/harbor/Cluster-harbor-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/harbor/Cluster-harbor-postgresql-18-cluster.yaml index 0abeed0cc..6e377610b 100644 --- a/clusters/cl01tl/manifests/harbor/Cluster-harbor-postgresql-18-cluster.yaml +++ b/clusters/cl01tl/manifests/harbor/Cluster-harbor-postgresql-18-cluster.yaml @@ -5,10 +5,10 @@ metadata: namespace: harbor labels: app.kubernetes.io/name: harbor-postgresql-18-cluster - helm.sh/chart: postgres-18-cluster-7.11.1 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: harbor app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "7.11.1" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: instances: 3 diff --git a/clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-postgresql-18-backup-garage-local-secret.yaml index ba4a77d36..e12b9d2fe 100644 --- a/clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-postgresql-18-backup-garage-local-secret.yaml +++ b/clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-postgresql-18-backup-garage-local-secret.yaml @@ -5,10 +5,10 @@ metadata: namespace: harbor labels: app.kubernetes.io/name: harbor-postgresql-18-backup-garage-local-secret - helm.sh/chart: postgres-18-cluster-7.11.1 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: harbor app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "7.11.1" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: secretStoreRef: diff --git a/clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-postgresql-18-recovery-secret.yaml index ddde1be76..7c99d02dc 100644 --- a/clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-postgresql-18-recovery-secret.yaml +++ b/clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-postgresql-18-recovery-secret.yaml @@ -4,10 +4,10 @@ metadata: name: harbor-postgresql-18-recovery-secret namespace: harbor labels: - helm.sh/chart: postgres-18-cluster-7.11.1 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: harbor app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "7.11.1" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: harbor-postgresql-18-recovery-secret spec: diff --git a/clusters/cl01tl/manifests/harbor/ObjectStore-harbor-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/harbor/ObjectStore-harbor-postgresql-18-backup-garage-local.yaml index 7d8caf143..26e93422a 100644 --- a/clusters/cl01tl/manifests/harbor/ObjectStore-harbor-postgresql-18-backup-garage-local.yaml +++ b/clusters/cl01tl/manifests/harbor/ObjectStore-harbor-postgresql-18-backup-garage-local.yaml @@ -5,10 +5,10 @@ metadata: namespace: harbor labels: app.kubernetes.io/name: harbor-postgresql-18-backup-garage-local - helm.sh/chart: postgres-18-cluster-7.11.1 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: harbor app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "7.11.1" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: retentionPolicy: 7d diff --git a/clusters/cl01tl/manifests/harbor/ObjectStore-harbor-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/harbor/ObjectStore-harbor-postgresql-18-recovery.yaml index aaf015210..6d1f616a4 100644 --- a/clusters/cl01tl/manifests/harbor/ObjectStore-harbor-postgresql-18-recovery.yaml +++ b/clusters/cl01tl/manifests/harbor/ObjectStore-harbor-postgresql-18-recovery.yaml @@ -4,10 +4,10 @@ metadata: name: "harbor-postgresql-18-recovery" namespace: harbor labels: - helm.sh/chart: postgres-18-cluster-7.11.1 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: harbor app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "7.11.1" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: "harbor-postgresql-18-recovery" spec: diff --git a/clusters/cl01tl/manifests/harbor/PrometheusRule-harbor-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/harbor/PrometheusRule-harbor-postgresql-18-alert-rules.yaml index d75d3f84b..6cfc3a192 100644 --- a/clusters/cl01tl/manifests/harbor/PrometheusRule-harbor-postgresql-18-alert-rules.yaml +++ b/clusters/cl01tl/manifests/harbor/PrometheusRule-harbor-postgresql-18-alert-rules.yaml @@ -5,10 +5,10 @@ metadata: namespace: harbor labels: app.kubernetes.io/name: harbor-postgresql-18-alert-rules - helm.sh/chart: postgres-18-cluster-7.11.1 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: harbor app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "7.11.1" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: groups: diff --git a/clusters/cl01tl/manifests/harbor/ScheduledBackup-harbor-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/harbor/ScheduledBackup-harbor-postgresql-18-scheduled-backup-live-backup.yaml index 0de389377..cabf21ebf 100644 --- a/clusters/cl01tl/manifests/harbor/ScheduledBackup-harbor-postgresql-18-scheduled-backup-live-backup.yaml +++ b/clusters/cl01tl/manifests/harbor/ScheduledBackup-harbor-postgresql-18-scheduled-backup-live-backup.yaml @@ -5,10 +5,10 @@ metadata: namespace: harbor labels: app.kubernetes.io/name: "harbor-postgresql-18-scheduled-backup-live-backup" - helm.sh/chart: postgres-18-cluster-7.11.1 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: harbor app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "7.11.1" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: immediate: true diff --git a/clusters/cl01tl/manifests/tdarr/Deployment-tdarr-server.yaml b/clusters/cl01tl/manifests/tdarr/Deployment-tdarr-server.yaml index 123cb9fdf..9cc680f2c 100644 --- a/clusters/cl01tl/manifests/tdarr/Deployment-tdarr-server.yaml +++ b/clusters/cl01tl/manifests/tdarr/Deployment-tdarr-server.yaml @@ -60,7 +60,7 @@ spec: value: "8266" - name: webUIPort value: "8265" - image: ghcr.io/haveagitgat/tdarr:2.67.01@sha256:dc23becc667f77d2489b1042bd3af87fdd2fd85c2802e126928ef2ced9a8f560 + image: ghcr.io/haveagitgat/tdarr:2.67.01@sha256:048ae8ed4de8e9f0de51ad739b2105bee3e4d1a8575120df468cec5f6ef2b1da name: main resources: requests: diff --git a/clusters/cl01tl/manifests/tdarr/StatefulSet-tdarr-node.yaml b/clusters/cl01tl/manifests/tdarr/StatefulSet-tdarr-node.yaml index 53053d224..76b3cbff6 100644 --- a/clusters/cl01tl/manifests/tdarr/StatefulSet-tdarr-node.yaml +++ b/clusters/cl01tl/manifests/tdarr/StatefulSet-tdarr-node.yaml @@ -69,7 +69,7 @@ spec: value: tdarr-api - name: serverPort value: "8266" - image: ghcr.io/haveagitgat/tdarr_node:2.67.01@sha256:048ae8ed4de8e9f0de51ad739b2105bee3e4d1a8575120df468cec5f6ef2b1da + image: ghcr.io/haveagitgat/tdarr_node:2.67.01@sha256:dc23becc667f77d2489b1042bd3af87fdd2fd85c2802e126928ef2ced9a8f560 name: main resources: limits: diff --git a/clusters/cl01tl/manifests/unpackerr/Deployment-unpackerr.yaml b/clusters/cl01tl/manifests/unpackerr/Deployment-unpackerr.yaml index ba731be22..f98f461d5 100644 --- a/clusters/cl01tl/manifests/unpackerr/Deployment-unpackerr.yaml +++ b/clusters/cl01tl/manifests/unpackerr/Deployment-unpackerr.yaml @@ -29,6 +29,9 @@ spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch hostIPC: false hostNetwork: false hostPID: false @@ -36,7 +39,7 @@ spec: containers: - env: - name: TZ - value: US/Central + value: America/Chicago - name: UN_WEBSERVER_METRICS value: "true" - name: UN_SONARR_0_URL @@ -74,13 +77,12 @@ spec: envFrom: - secretRef: name: unpackerr-key-secret - image: golift/unpackerr:0.15.2 - imagePullPolicy: IfNotPresent + image: golift/unpackerr:0.15.2@sha256:057e34740d26c34d81ec8e2faf8ec11f8dbfc77489b7a42826f52b37e5ee1b6c name: main resources: requests: cpu: 10m - memory: 128Mi + memory: 10Mi volumeMounts: - mountPath: /mnt/store name: storage diff --git a/clusters/cl01tl/manifests/unpackerr/ExternalSecret-unpackerr-key-secret.yaml b/clusters/cl01tl/manifests/unpackerr/ExternalSecret-unpackerr-key-secret.yaml index 605d0e07e..b3a2136fb 100644 --- a/clusters/cl01tl/manifests/unpackerr/ExternalSecret-unpackerr-key-secret.yaml +++ b/clusters/cl01tl/manifests/unpackerr/ExternalSecret-unpackerr-key-secret.yaml @@ -14,57 +14,33 @@ spec: data: - secretKey: UN_SONARR_0_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/sonarr4/key - metadataPolicy: None property: key - secretKey: UN_SONARR_1_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/sonarr4-4k/key - metadataPolicy: None property: key - secretKey: UN_SONARR_2_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/sonarr4-anime/key - metadataPolicy: None property: key - secretKey: UN_RADARR_0_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/radarr5/key - metadataPolicy: None property: key - secretKey: UN_RADARR_1_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/radarr5-4k/key - metadataPolicy: None property: key - secretKey: UN_RADARR_2_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/radarr5-anime/key - metadataPolicy: None property: key - secretKey: UN_RADARR_3_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/radarr5-standup/key - metadataPolicy: None property: key - secretKey: UN_LIDARR_0_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/lidarr2/key - metadataPolicy: None property: key diff --git a/clusters/cl01tl/manifests/unpoller/Deployment-unpoller.yaml b/clusters/cl01tl/manifests/unpoller/Deployment-unpoller.yaml index 419f013db..6d94d3073 100644 --- a/clusters/cl01tl/manifests/unpoller/Deployment-unpoller.yaml +++ b/clusters/cl01tl/manifests/unpoller/Deployment-unpoller.yaml @@ -36,7 +36,7 @@ spec: containers: - env: - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS - value: "false" + value: "true" - name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES value: "false" - name: UP_UNIFI_CONTROLLER_0_SAVE_DPI @@ -44,7 +44,7 @@ spec: - name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS value: "false" - name: UP_UNIFI_CONTROLLER_0_SAVE_IDS - value: "false" + value: "true" - name: UP_UNIFI_CONTROLLER_0_SAVE_SITES value: "true" - name: UP_UNIFI_CONTROLLER_0_URL @@ -64,10 +64,9 @@ spec: envFrom: - secretRef: name: unpoller-unifi-secret - image: ghcr.io/unpoller/unpoller:v2.39.0 - imagePullPolicy: IfNotPresent + image: ghcr.io/unpoller/unpoller:v2.39.0@sha256:1cf63ad43121acc6995da1bd636063de9023b4bfc16599a4297951a6fb6b7fd2 name: main resources: requests: cpu: 10m - memory: 64Mi + memory: 20Mi diff --git a/clusters/cl01tl/manifests/unpoller/ExternalSecret-unpoller-unifi-secret.yaml b/clusters/cl01tl/manifests/unpoller/ExternalSecret-unpoller-unifi-secret.yaml index 4834bb2b0..953434ec2 100644 --- a/clusters/cl01tl/manifests/unpoller/ExternalSecret-unpoller-unifi-secret.yaml +++ b/clusters/cl01tl/manifests/unpoller/ExternalSecret-unpoller-unifi-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: UP_UNIFI_CONTROLLER_0_USER remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /unifi/auth/cl01tl - metadataPolicy: None property: user - secretKey: UP_UNIFI_CONTROLLER_0_PASS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /unifi/auth/cl01tl - metadataPolicy: None property: password diff --git a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml index 63127b443..fffb35733 100644 --- a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml +++ b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml @@ -12,11 +12,11 @@ metadata: spec: suspend: false concurrencyPolicy: Forbid - startingDeadlineSeconds: 90 - timeZone: US/Central + startingDeadlineSeconds: 30 + timeZone: America/Chicago schedule: "0 4 * * *" successfulJobsHistoryLimit: 1 - failedJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 jobTemplate: spec: parallelism: 1 @@ -48,8 +48,7 @@ spec: envFrom: - secretRef: name: vault-snapshot-agent-token - image: hashicorp/vault:1.21.4 - imagePullPolicy: IfNotPresent + image: hashicorp/vault:1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 name: snapshot volumeMounts: - mountPath: /opt/backup diff --git a/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-1.yaml b/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-1.yaml index 9bf0edc2e..0ede8bad1 100644 --- a/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-1.yaml +++ b/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-1.yaml @@ -37,10 +37,9 @@ spec: - envFrom: - secretRef: name: vault-unseal-config-1 - image: ghcr.io/lrstanley/vault-unseal:0.7.2 - imagePullPolicy: IfNotPresent + image: ghcr.io/lrstanley/vault-unseal:0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c name: main resources: requests: - cpu: 10m - memory: 24Mi + cpu: 1m + memory: 10Mi diff --git a/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-2.yaml b/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-2.yaml index 7b79fb1b4..1afb6e720 100644 --- a/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-2.yaml +++ b/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-2.yaml @@ -37,10 +37,9 @@ spec: - envFrom: - secretRef: name: vault-unseal-config-2 - image: ghcr.io/lrstanley/vault-unseal:0.7.2 - imagePullPolicy: IfNotPresent + image: ghcr.io/lrstanley/vault-unseal:0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c name: main resources: requests: - cpu: 10m - memory: 24Mi + cpu: 1m + memory: 10Mi diff --git a/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-3.yaml b/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-3.yaml index b10cb556a..8ea635af8 100644 --- a/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-3.yaml +++ b/clusters/cl01tl/manifests/vault/Deployment-vault-unseal-unseal-3.yaml @@ -37,10 +37,9 @@ spec: - envFrom: - secretRef: name: vault-unseal-config-3 - image: ghcr.io/lrstanley/vault-unseal:0.7.2 - imagePullPolicy: IfNotPresent + image: ghcr.io/lrstanley/vault-unseal:0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c name: main resources: requests: - cpu: 10m - memory: 24Mi + cpu: 1m + memory: 10Mi diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-ntfy-secret.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-ntfy-secret.yaml index 248bb6cc9..b04f59d87 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-ntfy-secret.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-ntfy-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: NTFY_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /ntfy/user/cl01tl - metadataPolicy: None property: token - secretKey: NTFY_ENDPOINT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /ntfy/user/cl01tl - metadataPolicy: None property: endpoint - secretKey: NTFY_TOPIC remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/snapshot - metadataPolicy: None property: NTFY_TOPIC diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-external-config.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-external-config.yaml index 8401592c2..1005b7a14 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-external-config.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-external-config.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None property: s3cfg - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None property: BUCKET diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-local-config.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-local-config.yaml index 3dc60610e..84c49f70e 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-local-config.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-local-config.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/vault-backups - metadataPolicy: None property: s3cfg-local - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/vault-backups - metadataPolicy: None property: BUCKET diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-remote-config.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-remote-config.yaml index d7e371ed1..57bab6033 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-remote-config.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-s3cmd-remote-config.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/vault-backups - metadataPolicy: None property: s3cfg-remote - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/vault-backups - metadataPolicy: None property: BUCKET diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-snapshot-agent-token.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-snapshot-agent-token.yaml index 7afebbb5e..74c70efae 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-snapshot-agent-token.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-snapshot-agent-token.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: VAULT_APPROLE_ROLE_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/snapshot - metadataPolicy: None property: VAULT_APPROLE_ROLE_ID - secretKey: VAULT_APPROLE_SECRET_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/snapshot - metadataPolicy: None property: VAULT_APPROLE_SECRET_ID diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-token.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-token.yaml index 7d7ef8483..526c2adc7 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-token.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-token.yaml @@ -14,43 +14,25 @@ spec: data: - secretKey: token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: token - secretKey: unseal_key_1 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_1 - secretKey: unseal_key_2 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_2 - secretKey: unseal_key_3 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_3 - secretKey: unseal_key_4 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_4 - secretKey: unseal_key_5 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_5 diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-1.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-1.yaml index b8fd7d78f..9810dfd95 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-1.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-1.yaml @@ -14,64 +14,37 @@ spec: data: - secretKey: ENVIRONMENT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: NOTIFY_QUEUE_DELAY diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-2.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-2.yaml index d4ecceea4..6c38b1995 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-2.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-2.yaml @@ -14,64 +14,37 @@ spec: data: - secretKey: ENVIRONMENT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: NOTIFY_QUEUE_DELAY diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-3.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-3.yaml index e962373ae..6f5fe4a3d 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-3.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-unseal-config-3.yaml @@ -14,64 +14,37 @@ spec: data: - secretKey: ENVIRONMENT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: NOTIFY_QUEUE_DELAY diff --git a/clusters/cl01tl/manifests/vault/HTTPRoute-vault.yaml b/clusters/cl01tl/manifests/vault/HTTPRoute-vault.yaml index ce0fad322..c67d79b66 100644 --- a/clusters/cl01tl/manifests/vault/HTTPRoute-vault.yaml +++ b/clusters/cl01tl/manifests/vault/HTTPRoute-vault.yaml @@ -25,4 +25,3 @@ spec: kind: Service name: vault-active port: 8200 - weight: 100 diff --git a/clusters/cl01tl/manifests/vault/Pod-vault-server-test.yaml b/clusters/cl01tl/manifests/vault/Pod-vault-server-test.yaml index ecb4a3711..0aecd1550 100644 --- a/clusters/cl01tl/manifests/vault/Pod-vault-server-test.yaml +++ b/clusters/cl01tl/manifests/vault/Pod-vault-server-test.yaml @@ -8,7 +8,7 @@ metadata: spec: containers: - name: vault-server-test - image: hashicorp/vault:1.21.4 + image: hashicorp/vault:1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 imagePullPolicy: IfNotPresent env: - name: VAULT_ADDR diff --git a/clusters/cl01tl/manifests/vault/Service-vault-active.yaml b/clusters/cl01tl/manifests/vault/Service-vault-active.yaml index e842e7542..eca12f7cb 100644 --- a/clusters/cl01tl/manifests/vault/Service-vault-active.yaml +++ b/clusters/cl01tl/manifests/vault/Service-vault-active.yaml @@ -11,7 +11,6 @@ metadata: vault-active: "true" annotations: spec: - type: ClusterIP publishNotReadyAddresses: true ports: - name: http diff --git a/clusters/cl01tl/manifests/vault/Service-vault-ui.yaml b/clusters/cl01tl/manifests/vault/Service-vault-standby.yaml similarity index 70% rename from clusters/cl01tl/manifests/vault/Service-vault-ui.yaml rename to clusters/cl01tl/manifests/vault/Service-vault-standby.yaml index 70a59dcf9..ba770a818 100644 --- a/clusters/cl01tl/manifests/vault/Service-vault-ui.yaml +++ b/clusters/cl01tl/manifests/vault/Service-vault-standby.yaml @@ -1,21 +1,25 @@ apiVersion: v1 kind: Service metadata: - name: vault-ui + name: vault-standby namespace: vault labels: helm.sh/chart: vault-0.32.0 - app.kubernetes.io/name: vault-ui - app.kubernetes.io/instance: vault - app.kubernetes.io/managed-by: Helm -spec: - selector: app.kubernetes.io/name: vault app.kubernetes.io/instance: vault - component: server + app.kubernetes.io/managed-by: Helm + annotations: +spec: publishNotReadyAddresses: true ports: - name: http port: 8200 targetPort: 8200 - type: ClusterIP + - name: https-internal + port: 8201 + targetPort: 8201 + selector: + app.kubernetes.io/name: vault + app.kubernetes.io/instance: vault + component: server + vault-active: "false" diff --git a/clusters/cl01tl/manifests/vault/Service-vault.yaml b/clusters/cl01tl/manifests/vault/Service-vault.yaml index ce7dc7d6b..6d138f331 100644 --- a/clusters/cl01tl/manifests/vault/Service-vault.yaml +++ b/clusters/cl01tl/manifests/vault/Service-vault.yaml @@ -10,7 +10,6 @@ metadata: app.kubernetes.io/managed-by: Helm annotations: spec: - type: ClusterIP publishNotReadyAddresses: true ports: - name: http diff --git a/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml b/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml index eeacbe1de..840b0957e 100644 --- a/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml +++ b/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml @@ -58,8 +58,8 @@ spec: resources: requests: cpu: 50m - memory: 512Mi - image: hashicorp/vault:1.21.4 + memory: 90Mi + image: hashicorp/vault:1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 imagePullPolicy: IfNotPresent command: - "/bin/sh" @@ -101,11 +101,9 @@ spec: value: "https://$(HOSTNAME).vault-internal:8201" - name: HOME value: "/home/vault" - - name: VAULT_LOG_LEVEL - value: "debug" - - name: VAULT_LOG_FORMAT - value: "standard" volumeMounts: + - name: audit + mountPath: /vault/audit - name: data mountPath: /vault/data - name: config @@ -148,3 +146,15 @@ spec: resources: requests: storage: 1Gi + storageClassName: ceph-block + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: audit + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: ceph-block diff --git a/clusters/cl01tl/manifests/vaultwarden/Cluster-vaultwarden-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/vaultwarden/Cluster-vaultwarden-postgresql-18-cluster.yaml index 14b1d0639..e397af5cd 100644 --- a/clusters/cl01tl/manifests/vaultwarden/Cluster-vaultwarden-postgresql-18-cluster.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/Cluster-vaultwarden-postgresql-18-cluster.yaml @@ -5,10 +5,10 @@ metadata: namespace: vaultwarden labels: app.kubernetes.io/name: vaultwarden-postgresql-18-cluster - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: instances: 3 @@ -26,8 +26,8 @@ spec: limits: hugepages-2Mi: 256Mi requests: - cpu: 100m - memory: 256Mi + cpu: 20m + memory: 80Mi affinity: enablePodAntiAffinity: true topologyKey: kubernetes.io/hostname diff --git a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml index d72584a8d..88898c881 100644 --- a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml @@ -64,13 +64,12 @@ spec: secretKeyRef: key: secret name: vaultwarden-oidc-secret - image: vaultwarden/server:1.35.4 - imagePullPolicy: IfNotPresent + image: ghcr.io/vaultwarden/server:1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664 name: main resources: requests: cpu: 10m - memory: 128Mi + memory: 30Mi volumeMounts: - mountPath: /data name: config diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-oidc-secret.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-oidc-secret.yaml index 42a89aa54..c8f939be0 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-oidc-secret.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-oidc-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: client remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/vaultwarden - metadataPolicy: None property: client - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/vaultwarden - metadataPolicy: None property: secret diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-postgresql-18-backup-garage-local-secret.yaml index 89b722722..7a4eade02 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-postgresql-18-backup-garage-local-secret.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-postgresql-18-backup-garage-local-secret.yaml @@ -5,10 +5,10 @@ metadata: namespace: vaultwarden labels: app.kubernetes.io/name: vaultwarden-postgresql-18-backup-garage-local-secret - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: secretStoreRef: diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-postgresql-18-recovery-secret.yaml index 998456a6e..0b5bf669f 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-postgresql-18-recovery-secret.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-postgresql-18-recovery-secret.yaml @@ -4,10 +4,10 @@ metadata: name: vaultwarden-postgresql-18-recovery-secret namespace: vaultwarden labels: - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden-postgresql-18-recovery-secret spec: diff --git a/clusters/cl01tl/manifests/vaultwarden/ObjectStore-vaultwarden-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/vaultwarden/ObjectStore-vaultwarden-postgresql-18-backup-garage-local.yaml index 67f525ea3..1a270bc3f 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ObjectStore-vaultwarden-postgresql-18-backup-garage-local.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ObjectStore-vaultwarden-postgresql-18-backup-garage-local.yaml @@ -5,10 +5,10 @@ metadata: namespace: vaultwarden labels: app.kubernetes.io/name: vaultwarden-postgresql-18-backup-garage-local - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: retentionPolicy: 7d diff --git a/clusters/cl01tl/manifests/vaultwarden/ObjectStore-vaultwarden-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/vaultwarden/ObjectStore-vaultwarden-postgresql-18-recovery.yaml index 366ca7ccd..77a2a7ec6 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ObjectStore-vaultwarden-postgresql-18-recovery.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ObjectStore-vaultwarden-postgresql-18-recovery.yaml @@ -4,10 +4,10 @@ metadata: name: "vaultwarden-postgresql-18-recovery" namespace: vaultwarden labels: - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: "vaultwarden-postgresql-18-recovery" spec: diff --git a/clusters/cl01tl/manifests/vaultwarden/PersistentVolumeClaim-vaultwarden-data.yaml b/clusters/cl01tl/manifests/vaultwarden/PersistentVolumeClaim-vaultwarden-data.yaml index d2729beb2..4f0bba5b4 100644 --- a/clusters/cl01tl/manifests/vaultwarden/PersistentVolumeClaim-vaultwarden-data.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/PersistentVolumeClaim-vaultwarden-data.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden helm.sh/chart: vaultwarden-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: vaultwarden spec: accessModes: diff --git a/clusters/cl01tl/manifests/vaultwarden/PrometheusRule-vaultwarden-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/vaultwarden/PrometheusRule-vaultwarden-postgresql-18-alert-rules.yaml index 16893b151..8b3255241 100644 --- a/clusters/cl01tl/manifests/vaultwarden/PrometheusRule-vaultwarden-postgresql-18-alert-rules.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/PrometheusRule-vaultwarden-postgresql-18-alert-rules.yaml @@ -5,10 +5,10 @@ metadata: namespace: vaultwarden labels: app.kubernetes.io/name: vaultwarden-postgresql-18-alert-rules - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: groups: diff --git a/clusters/cl01tl/manifests/vaultwarden/ScheduledBackup-vaultwarden-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/vaultwarden/ScheduledBackup-vaultwarden-postgresql-18-scheduled-backup-live-backup.yaml index 8355f1d5c..b3ffa79ad 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ScheduledBackup-vaultwarden-postgresql-18-scheduled-backup-live-backup.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ScheduledBackup-vaultwarden-postgresql-18-scheduled-backup-live-backup.yaml @@ -5,10 +5,10 @@ metadata: namespace: vaultwarden labels: app.kubernetes.io/name: "vaultwarden-postgresql-18-scheduled-backup-live-backup" - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: immediate: true diff --git a/clusters/cl01tl/manifests/version-checker/Deployment-version-checker.yaml b/clusters/cl01tl/manifests/version-checker/Deployment-version-checker.yaml index df1d769dd..72156cb60 100644 --- a/clusters/cl01tl/manifests/version-checker/Deployment-version-checker.yaml +++ b/clusters/cl01tl/manifests/version-checker/Deployment-version-checker.yaml @@ -45,7 +45,7 @@ spec: resources: requests: cpu: 1m - memory: 40Mi + memory: 400Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/version-checker/ServiceMonitor-version-checker.yaml b/clusters/cl01tl/manifests/version-checker/ServiceMonitor-version-checker.yaml new file mode 100644 index 000000000..9d7610727 --- /dev/null +++ b/clusters/cl01tl/manifests/version-checker/ServiceMonitor-version-checker.yaml @@ -0,0 +1,16 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: version-checker + namespace: version-checker + labels: + app.kubernetes.io/name: version-checker + app.kubernetes.io/instance: version-checker + app.kubernetes.io/part-of: version-checker +spec: + selector: + matchLabels: + app: version-checker + endpoints: + - port: web + path: /metrics diff --git a/clusters/cl01tl/manifests/volsync/Deployment-volsync.yaml b/clusters/cl01tl/manifests/volsync/Deployment-volsync.yaml index 0966156e7..760bac087 100644 --- a/clusters/cl01tl/manifests/volsync/Deployment-volsync.yaml +++ b/clusters/cl01tl/manifests/volsync/Deployment-volsync.yaml @@ -47,7 +47,7 @@ spec: - --metrics-require-rbac=false command: - /manager - image: "quay.io/backube/volsync:0.15.0" + image: "0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4" imagePullPolicy: IfNotPresent env: - name: VOLSYNC_NAMESPACE @@ -67,12 +67,10 @@ spec: initialDelaySeconds: 5 periodSeconds: 10 resources: - limits: - cpu: 1000m - memory: 1Gi + limits: {} requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 80Mi securityContext: allowPrivilegeEscalation: false capabilities: