From 81368dbe1aa106c090414338a4e4f103bbefa3a4 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Fri, 27 Mar 2026 01:08:44 +0000 Subject: [PATCH] chore: Update manifests after change --- .../foldergram/Deployment-foldergram.yaml | 6 +- .../foldergram/HTTPRoute-foldergram.yaml | 2 +- .../freshrss/Deployment-freshrss.yaml | 84 +------------------ ...xternalSecret-freshrss-install-secret.yaml | 9 -- .../ExternalSecret-freshrss-oidc-secret.yaml | 9 -- .../PersistentVolumeClaim-freshrss-data.yaml | 2 - ...istentVolumeClaim-freshrss-extensions.yaml | 19 ----- ...-freshrss-data-backup-source-external.yaml | 5 -- ...rce-freshrss-data-backup-source-local.yaml | 5 -- ...ce-freshrss-data-backup-source-remote.yaml | 5 -- .../garage/Deployment-garage-server-1.yaml | 25 +----- .../garage/Deployment-garage-server-2.yaml | 5 +- .../garage/Deployment-garage-server-3.yaml | 5 +- .../garage/Deployment-garage-webui.yaml | 7 +- .../ExternalSecret-garage-token-secret.yaml | 9 -- .../manifests/garage/HTTPRoute-garage-s3.yaml | 2 +- .../garage/HTTPRoute-garage-webui.yaml | 2 +- .../PersistentVolumeClaim-garage-data.yaml | 2 - .../PersistentVolumeClaim-garage-db-1.yaml | 2 - .../PersistentVolumeClaim-garage-db-2.yaml | 2 - .../PersistentVolumeClaim-garage-db-3.yaml | 2 - 21 files changed, 17 insertions(+), 192 deletions(-) delete mode 100644 clusters/cl01tl/manifests/freshrss/PersistentVolumeClaim-freshrss-extensions.yaml diff --git a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml index 8ef0d5ed2..0317ec102 100644 --- a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml +++ b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml @@ -45,13 +45,13 @@ spec: value: /gallery - name: CSRF_TRUSTED_ORIGINS value: https://foldergram.alexlebens.net - image: ghcr.io/foldergram/foldergram:1.0.6 + image: ghcr.io/foldergram/foldergram:1.0.8@sha256:3546dc1da4ec12cb27aaecbf77896d708ac7601eb0225e0f6e181d7ef35273f9 imagePullPolicy: IfNotPresent name: main resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 230Mi volumeMounts: - mountPath: /app/data name: cache diff --git a/clusters/cl01tl/manifests/foldergram/HTTPRoute-foldergram.yaml b/clusters/cl01tl/manifests/foldergram/HTTPRoute-foldergram.yaml index f5fb0e6a9..c7eba8b09 100644 --- a/clusters/cl01tl/manifests/foldergram/HTTPRoute-foldergram.yaml +++ b/clusters/cl01tl/manifests/foldergram/HTTPRoute-foldergram.yaml @@ -23,7 +23,7 @@ spec: name: foldergram namespace: foldergram port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml b/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml index cee6a9756..6514d552e 100644 --- a/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml +++ b/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml @@ -33,80 +33,6 @@ spec: hostNetwork: false hostPID: false dnsPolicy: ClusterFirst - initContainers: - - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git; - cd cntools_FreshRssExtensions; - git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed - image: alpine:3.23.3 - imagePullPolicy: IfNotPresent - name: init-download-extension-1 - resources: - requests: - cpu: 10m - memory: 128Mi - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /var/www/FreshRSS/extensions - name: extensions - - command: - - /bin/sh - - -ec - - | - apk add --no-cache git; - cd /tmp; - git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git; - cd Extensions; - git sparse-checkout set --no-cone /xExtension-ImageProxy; - git checkout; - rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy - cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy - image: alpine:3.23.3 - imagePullPolicy: IfNotPresent - name: init-download-extension-2 - resources: - requests: - cpu: 10m - memory: 128Mi - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /var/www/FreshRSS/extensions - name: extensions - - command: - - /bin/sh - - -ec - - | - cd /tmp; - wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz; - tar -xvzf *.tar.gz; - rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button - mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button - cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button - chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button - image: alpine:3.23.3 - imagePullPolicy: IfNotPresent - name: init-download-extension-3 - resources: - requests: - cpu: 10m - memory: 128Mi - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /var/www/FreshRSS/extensions - name: extensions containers: - env: - name: PGID @@ -175,22 +101,16 @@ spec: name: freshrss-oidc-secret - secretRef: name: freshrss-install-secret - image: freshrss/freshrss:1.28.1 - imagePullPolicy: IfNotPresent + image: freshrss/freshrss:1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522 name: main resources: requests: - cpu: 10m + cpu: 1m memory: 128Mi volumeMounts: - mountPath: /var/www/FreshRSS/data name: data - - mountPath: /var/www/FreshRSS/extensions - name: extensions volumes: - name: data persistentVolumeClaim: claimName: freshrss-data - - name: extensions - persistentVolumeClaim: - claimName: freshrss-extensions diff --git a/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-install-secret.yaml b/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-install-secret.yaml index 58ed475d5..8ee4be52e 100644 --- a/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-install-secret.yaml +++ b/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-install-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: ADMIN_EMAIL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/freshrss/config - metadataPolicy: None property: ADMIN_EMAIL - secretKey: ADMIN_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/freshrss/config - metadataPolicy: None property: ADMIN_PASSWORD - secretKey: ADMIN_API_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/freshrss/config - metadataPolicy: None property: ADMIN_API_PASSWORD diff --git a/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-oidc-secret.yaml b/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-oidc-secret.yaml index f6253d9a9..3dd8974a8 100644 --- a/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-oidc-secret.yaml +++ b/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-oidc-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: OIDC_CLIENT_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/freshrss - metadataPolicy: None property: client - secretKey: OIDC_CLIENT_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/freshrss - metadataPolicy: None property: secret - secretKey: OIDC_CLIENT_CRYPTO_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/freshrss - metadataPolicy: None property: crypto-key diff --git a/clusters/cl01tl/manifests/freshrss/PersistentVolumeClaim-freshrss-data.yaml b/clusters/cl01tl/manifests/freshrss/PersistentVolumeClaim-freshrss-data.yaml index 9c4623ed5..41670cc80 100644 --- a/clusters/cl01tl/manifests/freshrss/PersistentVolumeClaim-freshrss-data.yaml +++ b/clusters/cl01tl/manifests/freshrss/PersistentVolumeClaim-freshrss-data.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: freshrss helm.sh/chart: freshrss-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: freshrss spec: accessModes: diff --git a/clusters/cl01tl/manifests/freshrss/PersistentVolumeClaim-freshrss-extensions.yaml b/clusters/cl01tl/manifests/freshrss/PersistentVolumeClaim-freshrss-extensions.yaml deleted file mode 100644 index 9f2fe81ef..000000000 --- a/clusters/cl01tl/manifests/freshrss/PersistentVolumeClaim-freshrss-extensions.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: freshrss-extensions - labels: - app.kubernetes.io/instance: freshrss - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: freshrss - helm.sh/chart: freshrss-4.6.2 - annotations: - helm.sh/resource-policy: keep - namespace: freshrss -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml index a0a6c89ee..af0915602 100644 --- a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml +++ b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-external.yaml @@ -28,11 +28,6 @@ spec: fsGroupChangePolicy: OnRootMismatch runAsGroup: 568 runAsUser: 568 - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-local.yaml b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-local.yaml index acaa8f2a6..f8d5aa5cf 100644 --- a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-local.yaml +++ b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-local.yaml @@ -28,11 +28,6 @@ spec: fsGroupChangePolicy: OnRootMismatch runAsGroup: 568 runAsUser: 568 - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-remote.yaml index c58f9f79b..c24d51d44 100644 --- a/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-remote.yaml +++ b/clusters/cl01tl/manifests/freshrss/ReplicationSource-freshrss-data-backup-source-remote.yaml @@ -28,11 +28,6 @@ spec: fsGroupChangePolicy: OnRootMismatch runAsGroup: 568 runAsUser: 568 - supplementalGroups: - - 44 - - 100 - - 109 - - 65539 copyMethod: Snapshot storageClassName: ceph-block volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/manifests/garage/Deployment-garage-server-1.yaml b/clusters/cl01tl/manifests/garage/Deployment-garage-server-1.yaml index b941bc54b..9129c018d 100644 --- a/clusters/cl01tl/manifests/garage/Deployment-garage-server-1.yaml +++ b/clusters/cl01tl/manifests/garage/Deployment-garage-server-1.yaml @@ -47,36 +47,15 @@ spec: - server topologyKey: kubernetes.io/hostname containers: - - command: - - sleep - - infinity - image: ubuntu:resolute-20260312 - imagePullPolicy: IfNotPresent - name: debug - resources: - requests: - cpu: 10m - memory: 32Mi - volumeMounts: - - mountPath: /etc/garage.toml - mountPropagation: None - name: config - readOnly: true - subPath: garage-1.toml - - mountPath: /var/lib/garage/data - name: data-1 - - mountPath: /var/lib/garage/meta - name: db-1 - envFrom: - secretRef: name: garage-token-secret - image: dxflrs/garage:v2.2.0 - imagePullPolicy: IfNotPresent + image: dxflrs/garage:v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 name: main resources: requests: cpu: 10m - memory: 128Mi + memory: 400Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None diff --git a/clusters/cl01tl/manifests/garage/Deployment-garage-server-2.yaml b/clusters/cl01tl/manifests/garage/Deployment-garage-server-2.yaml index 641c50e65..e451d60aa 100644 --- a/clusters/cl01tl/manifests/garage/Deployment-garage-server-2.yaml +++ b/clusters/cl01tl/manifests/garage/Deployment-garage-server-2.yaml @@ -50,13 +50,12 @@ spec: - envFrom: - secretRef: name: garage-token-secret - image: dxflrs/garage:v2.2.0 - imagePullPolicy: IfNotPresent + image: dxflrs/garage:v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 name: main resources: requests: cpu: 10m - memory: 128Mi + memory: 400Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None diff --git a/clusters/cl01tl/manifests/garage/Deployment-garage-server-3.yaml b/clusters/cl01tl/manifests/garage/Deployment-garage-server-3.yaml index 6c1440f23..64694441f 100644 --- a/clusters/cl01tl/manifests/garage/Deployment-garage-server-3.yaml +++ b/clusters/cl01tl/manifests/garage/Deployment-garage-server-3.yaml @@ -50,13 +50,12 @@ spec: - envFrom: - secretRef: name: garage-token-secret - image: dxflrs/garage:v2.2.0 - imagePullPolicy: IfNotPresent + image: dxflrs/garage:v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 name: main resources: requests: cpu: 10m - memory: 128Mi + memory: 400Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None diff --git a/clusters/cl01tl/manifests/garage/Deployment-garage-webui.yaml b/clusters/cl01tl/manifests/garage/Deployment-garage-webui.yaml index 80e8b79b8..3d7c0e355 100644 --- a/clusters/cl01tl/manifests/garage/Deployment-garage-webui.yaml +++ b/clusters/cl01tl/manifests/garage/Deployment-garage-webui.yaml @@ -46,13 +46,12 @@ spec: secretKeyRef: key: GARAGE_ADMIN_TOKEN name: garage-token-secret - image: khairul169/garage-webui:1.1.0 - imagePullPolicy: IfNotPresent + image: khairul169/garage-webui:1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c name: main resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 10Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None diff --git a/clusters/cl01tl/manifests/garage/ExternalSecret-garage-token-secret.yaml b/clusters/cl01tl/manifests/garage/ExternalSecret-garage-token-secret.yaml index d1f6ad07e..e77744970 100644 --- a/clusters/cl01tl/manifests/garage/ExternalSecret-garage-token-secret.yaml +++ b/clusters/cl01tl/manifests/garage/ExternalSecret-garage-token-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: GARAGE_RPC_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/garage/token - metadataPolicy: None property: rpc - secretKey: GARAGE_ADMIN_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/garage/token - metadataPolicy: None property: admin - secretKey: GARAGE_METRICS_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/garage/token - metadataPolicy: None property: metric diff --git a/clusters/cl01tl/manifests/garage/HTTPRoute-garage-s3.yaml b/clusters/cl01tl/manifests/garage/HTTPRoute-garage-s3.yaml index 9c3809f9d..1bb3373e5 100644 --- a/clusters/cl01tl/manifests/garage/HTTPRoute-garage-s3.yaml +++ b/clusters/cl01tl/manifests/garage/HTTPRoute-garage-s3.yaml @@ -23,7 +23,7 @@ spec: name: garage-main namespace: garage port: 3900 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/garage/HTTPRoute-garage-webui.yaml b/clusters/cl01tl/manifests/garage/HTTPRoute-garage-webui.yaml index 263427aeb..178f8442e 100644 --- a/clusters/cl01tl/manifests/garage/HTTPRoute-garage-webui.yaml +++ b/clusters/cl01tl/manifests/garage/HTTPRoute-garage-webui.yaml @@ -23,7 +23,7 @@ spec: name: garage-webui namespace: garage port: 3909 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-data.yaml b/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-data.yaml index c5d942639..ff34795cc 100644 --- a/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-data.yaml +++ b/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-data.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: garage spec: accessModes: diff --git a/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-1.yaml b/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-1.yaml index 2aed798e1..e2663e5be 100644 --- a/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-1.yaml +++ b/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-1.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: garage spec: accessModes: diff --git a/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-2.yaml b/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-2.yaml index 92f2e88e2..650124ea2 100644 --- a/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-2.yaml +++ b/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-2.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: garage spec: accessModes: diff --git a/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-3.yaml b/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-3.yaml index a09c6fb2f..5337295ad 100644 --- a/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-3.yaml +++ b/clusters/cl01tl/manifests/garage/PersistentVolumeClaim-garage-db-3.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: garage spec: accessModes: