diff --git a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-meilisearch.yaml b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-meilisearch.yaml index cdc22c992..c9095f159 100644 --- a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-meilisearch.yaml +++ b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-meilisearch.yaml @@ -91,5 +91,5 @@ spec: timeoutSeconds: 10 resources: requests: - cpu: 1m - memory: 160Mi + cpu: 10m + memory: 150Mi diff --git a/clusters/cl01tl/manifests/houndarr/Deployment-houndarr.yaml b/clusters/cl01tl/manifests/houndarr/Deployment-houndarr.yaml index aadb385e6..78ebbe11c 100644 --- a/clusters/cl01tl/manifests/houndarr/Deployment-houndarr.yaml +++ b/clusters/cl01tl/manifests/houndarr/Deployment-houndarr.yaml @@ -45,13 +45,12 @@ spec: value: "true" - name: HOUNDARR_TRUSTED_PROXIES value: 10.96.0.0/12 - image: ghcr.io/av1155/houndarr:v1.6.5 - imagePullPolicy: IfNotPresent + image: ghcr.io/av1155/houndarr:v1.6.5@sha256:f3adbd745094919166bafcd9b428738d1087f651b1562adeaba44ff975827d87 name: main resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 60Mi volumeMounts: - mountPath: /data name: data diff --git a/clusters/cl01tl/manifests/houndarr/HTTPRoute-houndarr.yaml b/clusters/cl01tl/manifests/houndarr/HTTPRoute-houndarr.yaml index c68e3ac13..62ae196e1 100644 --- a/clusters/cl01tl/manifests/houndarr/HTTPRoute-houndarr.yaml +++ b/clusters/cl01tl/manifests/houndarr/HTTPRoute-houndarr.yaml @@ -23,7 +23,7 @@ spec: name: houndarr namespace: houndarr port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/immich/Cluster-immich-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/immich/Cluster-immich-postgresql-18-cluster.yaml index 8f8f22a25..225a7708c 100644 --- a/clusters/cl01tl/manifests/immich/Cluster-immich-postgresql-18-cluster.yaml +++ b/clusters/cl01tl/manifests/immich/Cluster-immich-postgresql-18-cluster.yaml @@ -5,10 +5,10 @@ metadata: namespace: immich labels: app.kubernetes.io/name: immich-postgresql-18-cluster - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: immich app.kubernetes.io/part-of: immich - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: instances: 3 @@ -26,8 +26,8 @@ spec: limits: hugepages-2Mi: 256Mi requests: - cpu: 100m - memory: 256Mi + cpu: 20m + memory: 80Mi affinity: enablePodAntiAffinity: true topologyKey: kubernetes.io/hostname diff --git a/clusters/cl01tl/manifests/immich/Deployment-immich.yaml b/clusters/cl01tl/manifests/immich/Deployment-immich.yaml index 17a79866a..908085eaa 100644 --- a/clusters/cl01tl/manifests/immich/Deployment-immich.yaml +++ b/clusters/cl01tl/manifests/immich/Deployment-immich.yaml @@ -36,7 +36,7 @@ spec: containers: - env: - name: TZ - value: US/Central + value: America/Chicago - name: IMMICH_TELEMETRY_INCLUDE value: all - name: IMMICH_CONFIG_FILE @@ -70,8 +70,7 @@ spec: secretKeyRef: key: password name: immich-postgresql-18-cluster-app - image: ghcr.io/immich-app/immich-server:v2.6.3 - imagePullPolicy: IfNotPresent + image: ghcr.io/immich-app/immich-server:v2.6.3@sha256:0cc1f82953d9598eb9e9dd11cbde1f50fe54f9c46c4506b089e8ad7bfc9d1f0c livenessProbe: failureThreshold: 3 httpGet: @@ -95,7 +94,7 @@ spec: requests: cpu: 10m gpu.intel.com/i915: 1 - memory: 512Mi + memory: 500Mi startupProbe: failureThreshold: 30 httpGet: diff --git a/clusters/cl01tl/manifests/immich/ExternalSecret-immich-config-secret.yaml b/clusters/cl01tl/manifests/immich/ExternalSecret-immich-config-secret.yaml index 58410a93d..c2aa80b10 100644 --- a/clusters/cl01tl/manifests/immich/ExternalSecret-immich-config-secret.yaml +++ b/clusters/cl01tl/manifests/immich/ExternalSecret-immich-config-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: immich.json remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/immich/config - metadataPolicy: None property: immich.json diff --git a/clusters/cl01tl/manifests/immich/ExternalSecret-immich-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/immich/ExternalSecret-immich-postgresql-18-backup-garage-local-secret.yaml index 3778022d2..c4c550827 100644 --- a/clusters/cl01tl/manifests/immich/ExternalSecret-immich-postgresql-18-backup-garage-local-secret.yaml +++ b/clusters/cl01tl/manifests/immich/ExternalSecret-immich-postgresql-18-backup-garage-local-secret.yaml @@ -5,10 +5,10 @@ metadata: namespace: immich labels: app.kubernetes.io/name: immich-postgresql-18-backup-garage-local-secret - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: immich app.kubernetes.io/part-of: immich - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: secretStoreRef: diff --git a/clusters/cl01tl/manifests/immich/ExternalSecret-immich-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/immich/ExternalSecret-immich-postgresql-18-recovery-secret.yaml index ae0e9975e..3ee62d133 100644 --- a/clusters/cl01tl/manifests/immich/ExternalSecret-immich-postgresql-18-recovery-secret.yaml +++ b/clusters/cl01tl/manifests/immich/ExternalSecret-immich-postgresql-18-recovery-secret.yaml @@ -4,10 +4,10 @@ metadata: name: immich-postgresql-18-recovery-secret namespace: immich labels: - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: immich app.kubernetes.io/part-of: immich - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: immich-postgresql-18-recovery-secret spec: diff --git a/clusters/cl01tl/manifests/immich/HTTPRoute-immich.yaml b/clusters/cl01tl/manifests/immich/HTTPRoute-immich.yaml index 70c15a3d4..b8475cbe9 100644 --- a/clusters/cl01tl/manifests/immich/HTTPRoute-immich.yaml +++ b/clusters/cl01tl/manifests/immich/HTTPRoute-immich.yaml @@ -23,7 +23,7 @@ spec: name: immich namespace: immich port: 2283 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/immich/ObjectStore-immich-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/immich/ObjectStore-immich-postgresql-18-backup-garage-local.yaml index 09b1b8e26..f131313af 100644 --- a/clusters/cl01tl/manifests/immich/ObjectStore-immich-postgresql-18-backup-garage-local.yaml +++ b/clusters/cl01tl/manifests/immich/ObjectStore-immich-postgresql-18-backup-garage-local.yaml @@ -5,10 +5,10 @@ metadata: namespace: immich labels: app.kubernetes.io/name: immich-postgresql-18-backup-garage-local - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: immich app.kubernetes.io/part-of: immich - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: retentionPolicy: 7d diff --git a/clusters/cl01tl/manifests/immich/ObjectStore-immich-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/immich/ObjectStore-immich-postgresql-18-recovery.yaml index d5ba0858d..d88e96b14 100644 --- a/clusters/cl01tl/manifests/immich/ObjectStore-immich-postgresql-18-recovery.yaml +++ b/clusters/cl01tl/manifests/immich/ObjectStore-immich-postgresql-18-recovery.yaml @@ -4,10 +4,10 @@ metadata: name: "immich-postgresql-18-recovery" namespace: immich labels: - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: immich app.kubernetes.io/part-of: immich - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: "immich-postgresql-18-recovery" spec: diff --git a/clusters/cl01tl/manifests/immich/PrometheusRule-immich-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/immich/PrometheusRule-immich-postgresql-18-alert-rules.yaml index eaae3791f..1b2f3d453 100644 --- a/clusters/cl01tl/manifests/immich/PrometheusRule-immich-postgresql-18-alert-rules.yaml +++ b/clusters/cl01tl/manifests/immich/PrometheusRule-immich-postgresql-18-alert-rules.yaml @@ -5,10 +5,10 @@ metadata: namespace: immich labels: app.kubernetes.io/name: immich-postgresql-18-alert-rules - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: immich app.kubernetes.io/part-of: immich - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: groups: diff --git a/clusters/cl01tl/manifests/immich/ScheduledBackup-immich-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/immich/ScheduledBackup-immich-postgresql-18-scheduled-backup-live-backup.yaml index d3fb541bf..9e29eb6b8 100644 --- a/clusters/cl01tl/manifests/immich/ScheduledBackup-immich-postgresql-18-scheduled-backup-live-backup.yaml +++ b/clusters/cl01tl/manifests/immich/ScheduledBackup-immich-postgresql-18-scheduled-backup-live-backup.yaml @@ -5,10 +5,10 @@ metadata: namespace: immich labels: app.kubernetes.io/name: "immich-postgresql-18-scheduled-backup-live-backup" - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: immich app.kubernetes.io/part-of: immich - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: immediate: true diff --git a/clusters/cl01tl/manifests/immich/StatefulSet-immich-valkey.yaml b/clusters/cl01tl/manifests/immich/StatefulSet-immich-valkey.yaml index 37b437aab..6431f4275 100644 --- a/clusters/cl01tl/manifests/immich/StatefulSet-immich-valkey.yaml +++ b/clusters/cl01tl/manifests/immich/StatefulSet-immich-valkey.yaml @@ -95,7 +95,7 @@ spec: resources: requests: cpu: 10m - memory: 128Mi + memory: 20Mi volumeMounts: - name: valkey-data mountPath: /data @@ -117,8 +117,8 @@ spec: port: metrics resources: requests: - cpu: 10m - memory: 64M + cpu: 1m + memory: 10M env: - name: REDIS_ALIAS value: immich-valkey diff --git a/clusters/cl01tl/manifests/intel-device-plugin/Deployment-inteldeviceplugins-controller-manager.yaml b/clusters/cl01tl/manifests/intel-device-plugin/Deployment-inteldeviceplugins-controller-manager.yaml index fbc0e751b..1dc119a1b 100644 --- a/clusters/cl01tl/manifests/intel-device-plugin/Deployment-inteldeviceplugins-controller-manager.yaml +++ b/clusters/cl01tl/manifests/intel-device-plugin/Deployment-inteldeviceplugins-controller-manager.yaml @@ -26,7 +26,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: "intel/intel-deviceplugin-operator:0.35.0" + image: "intel/intel-deviceplugin-operator:0.35.0@sha256:d7eeac081bd17e58d8d4d542f3cb33d67cc1bdab314b09ad591e8eacb51dd5ec" imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -46,12 +46,10 @@ spec: name: webhook-server protocol: TCP resources: - limits: - cpu: 100m - memory: 120Mi + limits: {} requests: - cpu: 100m - memory: 100Mi + cpu: 10m + memory: 50Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/intel-device-plugin/GpuDevicePlugin-gpudeviceplugin.yaml b/clusters/cl01tl/manifests/intel-device-plugin/GpuDevicePlugin-gpudeviceplugin.yaml index e42d4ac8f..97a3c7f74 100644 --- a/clusters/cl01tl/manifests/intel-device-plugin/GpuDevicePlugin-gpudeviceplugin.yaml +++ b/clusters/cl01tl/manifests/intel-device-plugin/GpuDevicePlugin-gpudeviceplugin.yaml @@ -4,7 +4,7 @@ metadata: name: gpudeviceplugin annotations: null spec: - image: "intel/intel-gpu-plugin:0.35.0" + image: "intel/intel-gpu-plugin:0.35.0@sha256:34697f9c286857da986381595ac2a693524a83c831955247dae47dfda4d2f526" logLevel: 2 sharedDevNum: 5 enableMonitoring: true diff --git a/clusters/cl01tl/manifests/intel-device-plugin/NodeFeatureRule-intel-dp-gpu-device.yaml b/clusters/cl01tl/manifests/intel-device-plugin/NodeFeatureRule-intel-dp-gpu-device.yaml new file mode 100644 index 000000000..bdb1c31ca --- /dev/null +++ b/clusters/cl01tl/manifests/intel-device-plugin/NodeFeatureRule-intel-dp-gpu-device.yaml @@ -0,0 +1,31 @@ +apiVersion: nfd.k8s-sigs.io/v1alpha1 +kind: NodeFeatureRule +metadata: + name: intel-dp-gpu-device +spec: + rules: + - name: "intel.gpu" + labels: + "intel.feature.node.kubernetes.io/gpu": "true" + matchFeatures: + - feature: pci.device + matchExpressions: + vendor: {op: In, value: ["8086"]} + class: {op: In, value: ["0300", "0380"]} + matchAny: + - matchFeatures: + - feature: kernel.loadedmodule + matchExpressions: + i915: {op: Exists} + - matchFeatures: + - feature: kernel.enabledmodule + matchExpressions: + i915: {op: Exists} + - matchFeatures: + - feature: kernel.loadedmodule + matchExpressions: + xe: {op: Exists} + - matchFeatures: + - feature: kernel.enabledmodule + matchExpressions: + xe: {op: Exists} diff --git a/clusters/cl01tl/manifests/intel-device-plugin/NodeFeatureRule-intel-gpu-platform-labeling.yaml b/clusters/cl01tl/manifests/intel-device-plugin/NodeFeatureRule-intel-gpu-platform-labeling.yaml new file mode 100644 index 000000000..3f9956996 --- /dev/null +++ b/clusters/cl01tl/manifests/intel-device-plugin/NodeFeatureRule-intel-gpu-platform-labeling.yaml @@ -0,0 +1,190 @@ +apiVersion: nfd.k8s-sigs.io/v1alpha1 +kind: NodeFeatureRule +metadata: + name: intel-gpu-platform-labeling +spec: + rules: + - labelsTemplate: | + {{ range .pci.device }}gpu.intel.com/device-id.{{ .class }}-{{ .device }}.present=true + {{ end }} + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0300" + - "0380" + vendor: + op: In + value: + - "8086" + name: intel.gpu.generic.deviceid + - labelsTemplate: gpu.intel.com/device-id.0300-{{ (index .pci.device 0).device }}.count={{ len .pci.device }} + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0300" + vendor: + op: In + value: + - "8086" + name: intel.gpu.generic.count.300 + - labelsTemplate: gpu.intel.com/device-id.0380-{{ (index .pci.device 0).device }}.count={{ len .pci.device }} + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0380" + vendor: + op: In + value: + - "8086" + name: intel.gpu.generic.count.380 + - labels: + gpu.intel.com/product: "Max_1100" + labelsTemplate: "gpu.intel.com/device.count={{ len .pci.device }}" + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0380" + vendor: + op: In + value: + - "8086" + device: + op: In + value: + - "0bda" + name: intel.gpu.max.1100 + - labels: + gpu.intel.com/product: "Max_1550" + labelsTemplate: "gpu.intel.com/device.count={{ len .pci.device }}" + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0380" + vendor: + op: In + value: + - "8086" + device: + op: In + value: + - "0bd5" + name: intel.gpu.max.1550 + - labels: + gpu.intel.com/family: "Max_Series" + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0380" + vendor: + op: In + value: + - "8086" + device: + op: In + value: + - "0bda" + - "0bd5" + - "0bd9" + - "0bdb" + - "0bd7" + - "0bd6" + - "0bd0" + name: intel.gpu.max.series + - labels: + gpu.intel.com/family: "Flex_Series" + gpu.intel.com/product: "Flex_170" + labelsTemplate: "gpu.intel.com/device.count={{ len .pci.device }}" + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0380" + vendor: + op: In + value: + - "8086" + device: + op: In + value: + - "56c0" + name: intel.gpu.flex.170 + - labels: + gpu.intel.com/family: "Flex_Series" + gpu.intel.com/product: "Flex_140" + labelsTemplate: "gpu.intel.com/device.count={{ len .pci.device }}" + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0380" + vendor: + op: In + value: + - "8086" + device: + op: In + value: + - "56c1" + name: intel.gpu.flex.140 + - labels: + gpu.intel.com/family: "A_Series" + matchFeatures: + - feature: pci.device + matchExpressions: + class: + op: In + value: + - "0300" + vendor: + op: In + value: + - "8086" + device: + op: In + value: + - "56a6" + - "56a5" + - "56a1" + - "56a0" + - "5694" + - "5693" + - "5692" + - "5691" + - "5690" + - "56b3" + - "56b2" + - "56a4" + - "56a3" + - "5697" + - "5696" + - "5695" + - "56b1" + - "56b0" + - "56a2" + - "56ba" + - "56bc" + - "56bd" + - "56bb" + name: intel.gpu.a.series diff --git a/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin.yaml b/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin.yaml index ec74a85da..89fe7ea33 100644 --- a/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin.yaml +++ b/clusters/cl01tl/manifests/jellyfin/Deployment-jellyfin.yaml @@ -43,18 +43,16 @@ spec: secretKeyRef: key: token name: jellyfin-exporter-secret - image: rebelcore/jellyfin-exporter:v1.4.0 - imagePullPolicy: IfNotPresent + image: rebelcore/jellyfin-exporter:v1.4.0@sha256:dd35d901df663141025670b4b44a62a178b331e9fa084b17016f6fba46343ce9 name: exporter - env: - name: TZ - value: US/Central + value: America/Chicago - name: JELLYFIN_hostwebclient value: "true" - name: JELLYFIN_PublishedServerUrl value: https://jellyfin.alexlebens.net/ - image: ghcr.io/jellyfin/jellyfin:10.11.7 - imagePullPolicy: IfNotPresent + image: ghcr.io/jellyfin/jellyfin:10.11.7@sha256:2b93aa3830dcd0aab7185c635e20edef1f8dc5d2e999768baf1724e88c078004 name: main resources: limits: @@ -62,7 +60,7 @@ spec: requests: cpu: 1 gpu.intel.com/i915: 1 - memory: 2Gi + memory: 1Gi volumeMounts: - mountPath: /cache name: cache @@ -74,8 +72,9 @@ spec: name: youtube readOnly: true volumes: - - emptyDir: {} - name: cache + - name: cache + persistentVolumeClaim: + claimName: jellyfin-cache - name: config persistentVolumeClaim: claimName: jellyfin-config diff --git a/clusters/cl01tl/manifests/jellyfin/ExternalSecret-jellyfin-exporter-secret.yaml b/clusters/cl01tl/manifests/jellyfin/ExternalSecret-jellyfin-exporter-secret.yaml index 26954d503..30d0d989e 100644 --- a/clusters/cl01tl/manifests/jellyfin/ExternalSecret-jellyfin-exporter-secret.yaml +++ b/clusters/cl01tl/manifests/jellyfin/ExternalSecret-jellyfin-exporter-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellyfin/exporter - metadataPolicy: None property: token diff --git a/clusters/cl01tl/manifests/jellyfin/ExternalSecret-jellyfin-meilisearch-master-key-secret.yaml b/clusters/cl01tl/manifests/jellyfin/ExternalSecret-jellyfin-meilisearch-master-key-secret.yaml index 5b7e8b889..b353af943 100644 --- a/clusters/cl01tl/manifests/jellyfin/ExternalSecret-jellyfin-meilisearch-master-key-secret.yaml +++ b/clusters/cl01tl/manifests/jellyfin/ExternalSecret-jellyfin-meilisearch-master-key-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: MEILI_MASTER_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellyfin/meilisearch - metadataPolicy: None property: MEILI_MASTER_KEY diff --git a/clusters/cl01tl/manifests/jellyfin/HTTPRoute-jellyfin.yaml b/clusters/cl01tl/manifests/jellyfin/HTTPRoute-jellyfin.yaml index b00a32241..5d5d2b096 100644 --- a/clusters/cl01tl/manifests/jellyfin/HTTPRoute-jellyfin.yaml +++ b/clusters/cl01tl/manifests/jellyfin/HTTPRoute-jellyfin.yaml @@ -23,7 +23,7 @@ spec: name: jellyfin namespace: jellyfin port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-cache.yaml b/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-cache.yaml new file mode 100644 index 000000000..13b16d33e --- /dev/null +++ b/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-cache.yaml @@ -0,0 +1,17 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: jellyfin-cache + labels: + app.kubernetes.io/instance: jellyfin + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: jellyfin + helm.sh/chart: jellyfin-4.6.2 + namespace: jellyfin +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "20Gi" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-config.yaml b/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-config.yaml index adac5c130..776ec70fd 100644 --- a/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-config.yaml +++ b/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-config.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellyfin helm.sh/chart: jellyfin-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: jellyfin spec: accessModes: diff --git a/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-meilisearch.yaml b/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-meilisearch.yaml index 16977cc33..094e3317b 100644 --- a/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-meilisearch.yaml +++ b/clusters/cl01tl/manifests/jellyfin/PersistentVolumeClaim-jellyfin-meilisearch.yaml @@ -16,4 +16,4 @@ spec: resources: requests: storage: "5Gi" - storageClassName: "local-path" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/jellyfin/StatefulSet-jellyfin-meilisearch.yaml b/clusters/cl01tl/manifests/jellyfin/StatefulSet-jellyfin-meilisearch.yaml index 031c36eca..d7d0baf17 100644 --- a/clusters/cl01tl/manifests/jellyfin/StatefulSet-jellyfin-meilisearch.yaml +++ b/clusters/cl01tl/manifests/jellyfin/StatefulSet-jellyfin-meilisearch.yaml @@ -92,4 +92,4 @@ spec: resources: requests: cpu: 10m - memory: 128Mi + memory: 1Gi diff --git a/clusters/cl01tl/manifests/jellystat/Cluster-jellystat-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/jellystat/Cluster-jellystat-postgresql-18-cluster.yaml index 0b3fa14fa..12db48253 100644 --- a/clusters/cl01tl/manifests/jellystat/Cluster-jellystat-postgresql-18-cluster.yaml +++ b/clusters/cl01tl/manifests/jellystat/Cluster-jellystat-postgresql-18-cluster.yaml @@ -5,10 +5,10 @@ metadata: namespace: jellystat labels: app.kubernetes.io/name: jellystat-postgresql-18-cluster - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: jellystat app.kubernetes.io/part-of: jellystat - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: instances: 3 @@ -26,8 +26,8 @@ spec: limits: hugepages-2Mi: 256Mi requests: - cpu: 100m - memory: 256Mi + cpu: 20m + memory: 80Mi affinity: enablePodAntiAffinity: true topologyKey: kubernetes.io/hostname diff --git a/clusters/cl01tl/manifests/jellystat/Deployment-jellystat.yaml b/clusters/cl01tl/manifests/jellystat/Deployment-jellystat.yaml index 698af1359..a7838f563 100644 --- a/clusters/cl01tl/manifests/jellystat/Deployment-jellystat.yaml +++ b/clusters/cl01tl/manifests/jellystat/Deployment-jellystat.yaml @@ -36,7 +36,7 @@ spec: containers: - env: - name: TZ - value: US/Central + value: America/Chicago - name: JWT_SECRET valueFrom: secretKeyRef: @@ -77,13 +77,12 @@ spec: secretKeyRef: key: port name: jellystat-postgresql-18-cluster-app - image: cyfershepard/jellystat:1.1.8 - imagePullPolicy: IfNotPresent + image: ghcr.io/cyfershepard/jellystat:1.1.8@sha256:c8c451704ba7985340142cd047e2364cabaf41b613669b6c5340688ed217f82a name: main resources: requests: cpu: 10m - memory: 256Mi + memory: 400Mi volumeMounts: - mountPath: /app/backend/backup-data name: data diff --git a/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-postgresql-18-backup-garage-local-secret.yaml index 81d90d804..b0891b1b7 100644 --- a/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-postgresql-18-backup-garage-local-secret.yaml +++ b/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-postgresql-18-backup-garage-local-secret.yaml @@ -5,10 +5,10 @@ metadata: namespace: jellystat labels: app.kubernetes.io/name: jellystat-postgresql-18-backup-garage-local-secret - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: jellystat app.kubernetes.io/part-of: jellystat - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: secretStoreRef: diff --git a/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-postgresql-18-recovery-secret.yaml index 9680712be..f35a6abd8 100644 --- a/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-postgresql-18-recovery-secret.yaml +++ b/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-postgresql-18-recovery-secret.yaml @@ -4,10 +4,10 @@ metadata: name: jellystat-postgresql-18-recovery-secret namespace: jellystat labels: - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: jellystat app.kubernetes.io/part-of: jellystat - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellystat-postgresql-18-recovery-secret spec: diff --git a/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-secret.yaml b/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-secret.yaml index b7aab30ea..572a849d9 100644 --- a/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-secret.yaml +++ b/clusters/cl01tl/manifests/jellystat/ExternalSecret-jellystat-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: secret-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellystat/auth - metadataPolicy: None property: secret-key - secretKey: user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellystat/auth - metadataPolicy: None property: user - secretKey: password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/jellystat/auth - metadataPolicy: None property: password diff --git a/clusters/cl01tl/manifests/jellystat/HTTPRoute-jellystat.yaml b/clusters/cl01tl/manifests/jellystat/HTTPRoute-jellystat.yaml index f696b4cdb..c8c409790 100644 --- a/clusters/cl01tl/manifests/jellystat/HTTPRoute-jellystat.yaml +++ b/clusters/cl01tl/manifests/jellystat/HTTPRoute-jellystat.yaml @@ -23,7 +23,7 @@ spec: name: jellystat namespace: jellystat port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/jellystat/ObjectStore-jellystat-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/jellystat/ObjectStore-jellystat-postgresql-18-backup-garage-local.yaml index aff9132f1..af7dc454d 100644 --- a/clusters/cl01tl/manifests/jellystat/ObjectStore-jellystat-postgresql-18-backup-garage-local.yaml +++ b/clusters/cl01tl/manifests/jellystat/ObjectStore-jellystat-postgresql-18-backup-garage-local.yaml @@ -5,10 +5,10 @@ metadata: namespace: jellystat labels: app.kubernetes.io/name: jellystat-postgresql-18-backup-garage-local - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: jellystat app.kubernetes.io/part-of: jellystat - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: retentionPolicy: 7d diff --git a/clusters/cl01tl/manifests/jellystat/ObjectStore-jellystat-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/jellystat/ObjectStore-jellystat-postgresql-18-recovery.yaml index 0f24bd871..8ede8f578 100644 --- a/clusters/cl01tl/manifests/jellystat/ObjectStore-jellystat-postgresql-18-recovery.yaml +++ b/clusters/cl01tl/manifests/jellystat/ObjectStore-jellystat-postgresql-18-recovery.yaml @@ -4,10 +4,10 @@ metadata: name: "jellystat-postgresql-18-recovery" namespace: jellystat labels: - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: jellystat app.kubernetes.io/part-of: jellystat - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: "jellystat-postgresql-18-recovery" spec: diff --git a/clusters/cl01tl/manifests/jellystat/PersistentVolumeClaim-jellystat-data.yaml b/clusters/cl01tl/manifests/jellystat/PersistentVolumeClaim-jellystat-data.yaml index 8c637f3eb..b386d6ce0 100644 --- a/clusters/cl01tl/manifests/jellystat/PersistentVolumeClaim-jellystat-data.yaml +++ b/clusters/cl01tl/manifests/jellystat/PersistentVolumeClaim-jellystat-data.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: jellystat helm.sh/chart: jellystat-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: jellystat spec: accessModes: diff --git a/clusters/cl01tl/manifests/jellystat/PrometheusRule-jellystat-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/jellystat/PrometheusRule-jellystat-postgresql-18-alert-rules.yaml index 45b49338b..f7fb67fcd 100644 --- a/clusters/cl01tl/manifests/jellystat/PrometheusRule-jellystat-postgresql-18-alert-rules.yaml +++ b/clusters/cl01tl/manifests/jellystat/PrometheusRule-jellystat-postgresql-18-alert-rules.yaml @@ -5,10 +5,10 @@ metadata: namespace: jellystat labels: app.kubernetes.io/name: jellystat-postgresql-18-alert-rules - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: jellystat app.kubernetes.io/part-of: jellystat - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: groups: diff --git a/clusters/cl01tl/manifests/jellystat/ScheduledBackup-jellystat-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/jellystat/ScheduledBackup-jellystat-postgresql-18-scheduled-backup-live-backup.yaml index 8540e3582..015fd95c8 100644 --- a/clusters/cl01tl/manifests/jellystat/ScheduledBackup-jellystat-postgresql-18-scheduled-backup-live-backup.yaml +++ b/clusters/cl01tl/manifests/jellystat/ScheduledBackup-jellystat-postgresql-18-scheduled-backup-live-backup.yaml @@ -5,10 +5,10 @@ metadata: namespace: jellystat labels: app.kubernetes.io/name: "jellystat-postgresql-18-scheduled-backup-live-backup" - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.1 app.kubernetes.io/instance: jellystat app.kubernetes.io/part-of: jellystat - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.1" app.kubernetes.io/managed-by: Helm spec: immediate: true diff --git a/clusters/cl01tl/manifests/karakeep/Deployment-karakeep.yaml b/clusters/cl01tl/manifests/karakeep/Deployment-karakeep.yaml index b3fe519e6..6c5a05d80 100644 --- a/clusters/cl01tl/manifests/karakeep/Deployment-karakeep.yaml +++ b/clusters/cl01tl/manifests/karakeep/Deployment-karakeep.yaml @@ -41,13 +41,8 @@ spec: - --remote-debugging-address=0.0.0.0 - --remote-debugging-port=9222 - --hide-scrollbars - image: gcr.io/zenika-hub/alpine-chrome:124 - imagePullPolicy: IfNotPresent + image: gcr.io/zenika-hub/alpine-chrome:124@sha256:1a0046448e0bb6c275c88f86e01faf0de62b02ec8572901256ada0a8c08be23f name: chrome - resources: - requests: - cpu: 10m - memory: 128Mi - env: - name: DATA_DIR value: /data @@ -125,13 +120,12 @@ spec: value: mxbai-embed-large - name: INFERENCE_JOB_TIMEOUT_SEC value: "720" - image: ghcr.io/karakeep-app/karakeep:0.31.0 - imagePullPolicy: IfNotPresent + image: ghcr.io/karakeep-app/karakeep:0.31.0@sha256:20754dbdafb11dfe288bbb1c2342a7855081b08ea069e86fcf2d4a2d945d3653 name: main resources: requests: cpu: 10m - memory: 256Mi + memory: 500Mi volumeMounts: - mountPath: /data name: data diff --git a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-bucket-garage.yaml b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-bucket-garage.yaml index ad8724b8b..797032b89 100644 --- a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-bucket-garage.yaml +++ b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-bucket-garage.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: ACCESS_KEY_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/karakeep-assets - metadataPolicy: None property: ACCESS_KEY_ID - secretKey: ACCESS_SECRET_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/karakeep-assets - metadataPolicy: None property: ACCESS_SECRET_KEY - secretKey: ACCESS_REGION remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/karakeep-assets - metadataPolicy: None property: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-key-secret.yaml b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-key-secret.yaml index 96dae6284..f76ede6e2 100644 --- a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-key-secret.yaml +++ b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-key-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/karakeep/key - metadataPolicy: None property: key - secretKey: prometheus-token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/karakeep/key - metadataPolicy: None property: prometheus-token diff --git a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-meilisearch-master-key-secret.yaml b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-meilisearch-master-key-secret.yaml index 15dc90fd3..a7c052ec6 100644 --- a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-meilisearch-master-key-secret.yaml +++ b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-meilisearch-master-key-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: MEILI_MASTER_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/karakeep/meilisearch - metadataPolicy: None property: MEILI_MASTER_KEY diff --git a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-oidc-secret.yaml b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-oidc-secret.yaml index 77b829517..8cb846f8d 100644 --- a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-oidc-secret.yaml +++ b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-oidc-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: AUTHENTIK_CLIENT_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/karakeep - metadataPolicy: None property: client - secretKey: AUTHENTIK_CLIENT_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/karakeep - metadataPolicy: None property: secret diff --git a/clusters/cl01tl/manifests/karakeep/PersistentVolumeClaim-karakeep.yaml b/clusters/cl01tl/manifests/karakeep/PersistentVolumeClaim-karakeep.yaml index 2c9b35cd7..4460afe81 100644 --- a/clusters/cl01tl/manifests/karakeep/PersistentVolumeClaim-karakeep.yaml +++ b/clusters/cl01tl/manifests/karakeep/PersistentVolumeClaim-karakeep.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: karakeep helm.sh/chart: karakeep-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: karakeep spec: accessModes: diff --git a/clusters/cl01tl/manifests/karakeep/StatefulSet-karakeep-meilisearch.yaml b/clusters/cl01tl/manifests/karakeep/StatefulSet-karakeep-meilisearch.yaml index 30f388a9e..ed9b119b1 100644 --- a/clusters/cl01tl/manifests/karakeep/StatefulSet-karakeep-meilisearch.yaml +++ b/clusters/cl01tl/manifests/karakeep/StatefulSet-karakeep-meilisearch.yaml @@ -92,4 +92,4 @@ spec: resources: requests: cpu: 10m - memory: 128Mi + memory: 50Mi