From bd11b621440b550a511fa14ad2315b1c854a64d8 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Mon, 6 Apr 2026 23:23:45 +0000 Subject: [PATCH] chore: Update manifests after change --- .../searxng/Deployment-searxng-api.yaml | 5 ++--- .../searxng/Deployment-searxng-browser.yaml | 12 +++-------- ...ernalSecret-searxng-api-config-secret.yaml | 6 ------ ...alSecret-searxng-browser-metrics-auth.yaml | 6 ------ .../manifests/searxng/HTTPRoute-searxng.yaml | 2 +- .../manifests/searxng/Namespace-searxng.yaml | 11 ---------- .../seerr/StatefulSet-seerr-seerr-chart.yaml | 18 +++++++---------- .../shelfmark/Deployment-shelfmark.yaml | 20 +++++++++---------- ...xternalSecret-shelfmark-config-secret.yaml | 9 --------- .../shelfmark/HTTPRoute-shelfmark.yaml | 2 +- .../PersistentVolumeClaim-shelfmark.yaml | 2 -- 11 files changed, 24 insertions(+), 69 deletions(-) delete mode 100644 clusters/cl01tl/manifests/searxng/Namespace-searxng.yaml diff --git a/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml b/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml index 66e5514c6..989d2fa11 100644 --- a/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml +++ b/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml @@ -50,12 +50,11 @@ spec: - name: RAG_WEB_SEARCH_CONCURRENT_REQUESTS value: "10" image: searxng/searxng:latest@sha256:7b924c76c2cd9e960cc6b522eed5faf57ea3e6796020878455d86fcc3e7c26a3 - imagePullPolicy: IfNotPresent name: main resources: requests: - cpu: 10m - memory: 256Mi + cpu: 1m + memory: 120Mi volumeMounts: - mountPath: /etc/searxng name: api-data diff --git a/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml b/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml index ee4a3a181..0de83133f 100644 --- a/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml +++ b/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml @@ -42,28 +42,22 @@ spec: - name: SEARXNG_HOSTNAME value: searxng.alexlebens.net - name: SEARXNG_VALKEY_URL - value: valkey://127.0.0.1:6379/0 + value: valkey://localhost:6379/0 - name: GRANIAN_HOST value: 0.0.0.0 - name: GRANIAN_PORT value: "8080" image: searxng/searxng:latest@sha256:7b924c76c2cd9e960cc6b522eed5faf57ea3e6796020878455d86fcc3e7c26a3 - imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m - memory: 256Mi + memory: 250Mi volumeMounts: - mountPath: /etc/searxng name: browser-data - - image: valkey/valkey:9.0.0-alpine3.22 - imagePullPolicy: IfNotPresent + - image: valkey/valkey:9.0.0-alpine@sha256:bef37d06d4856710973ee31dd1eac1482e4c8e6e7b847f999ad25433e646587b name: valkey - resources: - requests: - cpu: 10m - memory: 128Mi volumeMounts: - mountPath: /data name: valkey-data diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml index 5176b5eab..d794d3303 100644 --- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml +++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: settings.yml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/searxng/api/config - metadataPolicy: None property: settings.yml - secretKey: limiter.toml remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/searxng/api/config - metadataPolicy: None property: limiter.toml diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-metrics-auth.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-metrics-auth.yaml index b033cae77..b02426e53 100644 --- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-metrics-auth.yaml +++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-metrics-auth.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: metrics-password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: cl01tl/searxng/browser - metadataPolicy: None property: metrics-password - secretKey: metrics-username remoteRef: - conversionStrategy: Default - decodingStrategy: None key: cl01tl/searxng/browser - metadataPolicy: None property: metrics-username diff --git a/clusters/cl01tl/manifests/searxng/HTTPRoute-searxng.yaml b/clusters/cl01tl/manifests/searxng/HTTPRoute-searxng.yaml index def8c1145..4047148fc 100644 --- a/clusters/cl01tl/manifests/searxng/HTTPRoute-searxng.yaml +++ b/clusters/cl01tl/manifests/searxng/HTTPRoute-searxng.yaml @@ -23,7 +23,7 @@ spec: name: searxng-browser namespace: searxng port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/searxng/Namespace-searxng.yaml b/clusters/cl01tl/manifests/searxng/Namespace-searxng.yaml deleted file mode 100644 index 56f2a06cb..000000000 --- a/clusters/cl01tl/manifests/searxng/Namespace-searxng.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: searxng - labels: - app.kubernetes.io/name: searxng - app.kubernetes.io/instance: searxng - app.kubernetes.io/part-of: searxng - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/seerr/StatefulSet-seerr-seerr-chart.yaml b/clusters/cl01tl/manifests/seerr/StatefulSet-seerr-seerr-chart.yaml index 97d41f9d0..40fc1c3a5 100644 --- a/clusters/cl01tl/manifests/seerr/StatefulSet-seerr-seerr-chart.yaml +++ b/clusters/cl01tl/manifests/seerr/StatefulSet-seerr-seerr-chart.yaml @@ -43,7 +43,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: "ghcr.io/seerr-team/seerr:v3.1.0" + image: "ghcr.io/seerr-team/seerr:v3.1.0@sha256:sha256:b35ba0461c4a1033d117ac1e5968fd4cbe777899e4cbfbdeaf3d10a42a0eb7e9" imagePullPolicy: IfNotPresent ports: - name: http @@ -53,24 +53,20 @@ spec: httpGet: path: /api/v1/status port: http - initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 15 + timeoutSeconds: 3 readinessProbe: httpGet: path: /api/v1/status port: http initialDelaySeconds: 60 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 + periodSeconds: 15 + timeoutSeconds: 3 resources: requests: cpu: 10m - memory: 128Mi + memory: 500Mi volumeMounts: - name: config mountPath: /app/config diff --git a/clusters/cl01tl/manifests/shelfmark/Deployment-shelfmark.yaml b/clusters/cl01tl/manifests/shelfmark/Deployment-shelfmark.yaml index ad3e88053..b6c7650f2 100644 --- a/clusters/cl01tl/manifests/shelfmark/Deployment-shelfmark.yaml +++ b/clusters/cl01tl/manifests/shelfmark/Deployment-shelfmark.yaml @@ -29,6 +29,9 @@ spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch hostIPC: false hostNetwork: false hostPID: false @@ -106,24 +109,21 @@ spec: value: "true" - name: USE_CF_BYPASS value: "true" - image: ghcr.io/calibrain/shelfmark:v1.2.1 - imagePullPolicy: IfNotPresent + image: ghcr.io/calibrain/shelfmark:v1.2.1@sha256:5e00d47cccaa3b67234855d950d016c50691b78197a68adf15a624f6c08acee2 livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl -sf http://localhost:8084/api/health failureThreshold: 5 - initialDelaySeconds: 60 + httpGet: + path: /api/health + port: 8084 + initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 - timeoutSeconds: 30 + timeoutSeconds: 5 name: main resources: requests: cpu: 10m - memory: 256Mi + memory: 140Mi volumeMounts: - mountPath: /audiobooks name: audiobooks diff --git a/clusters/cl01tl/manifests/shelfmark/ExternalSecret-shelfmark-config-secret.yaml b/clusters/cl01tl/manifests/shelfmark/ExternalSecret-shelfmark-config-secret.yaml index f35794ec0..feb6847d1 100644 --- a/clusters/cl01tl/manifests/shelfmark/ExternalSecret-shelfmark-config-secret.yaml +++ b/clusters/cl01tl/manifests/shelfmark/ExternalSecret-shelfmark-config-secret.yaml @@ -14,22 +14,13 @@ spec: data: - secretKey: grimmory-user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/shelfmark/booklore - metadataPolicy: None property: user - secretKey: grimmory-password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/shelfmark/booklore - metadataPolicy: None property: password - secretKey: prowlarr-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/prowlarr/key - metadataPolicy: None property: key diff --git a/clusters/cl01tl/manifests/shelfmark/HTTPRoute-shelfmark.yaml b/clusters/cl01tl/manifests/shelfmark/HTTPRoute-shelfmark.yaml index fc826443b..5ef923635 100644 --- a/clusters/cl01tl/manifests/shelfmark/HTTPRoute-shelfmark.yaml +++ b/clusters/cl01tl/manifests/shelfmark/HTTPRoute-shelfmark.yaml @@ -23,7 +23,7 @@ spec: name: shelfmark namespace: shelfmark port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/shelfmark/PersistentVolumeClaim-shelfmark.yaml b/clusters/cl01tl/manifests/shelfmark/PersistentVolumeClaim-shelfmark.yaml index f872dfa69..69e4d49b8 100644 --- a/clusters/cl01tl/manifests/shelfmark/PersistentVolumeClaim-shelfmark.yaml +++ b/clusters/cl01tl/manifests/shelfmark/PersistentVolumeClaim-shelfmark.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: shelfmark helm.sh/chart: shelfmark-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: shelfmark spec: accessModes: