From cbef5c4150e7ae17b1a3feafa84380c2e4c62ee0 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Sat, 20 Dec 2025 01:22:33 +0000 Subject: [PATCH] Automated Manifest Update (#2740) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2740 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- .../booklore/Deployment-booklore.yaml | 2 +- ...Role-external-secrets-cert-controller.yaml | 4 +- ...usterRole-external-secrets-controller.yaml | 4 +- .../ClusterRole-external-secrets-edit.yaml | 4 +- ...Role-external-secrets-servicebindings.yaml | 4 +- .../ClusterRole-external-secrets-view.yaml | 4 +- ...ding-external-secrets-cert-controller.yaml | 4 +- ...leBinding-external-secrets-controller.yaml | 4 +- ...ustersecretstores.external-secrets.io.yaml | 148 +++++++++++++++++- ...tion-secretstores.external-secrets.io.yaml | 148 +++++++++++++++++- ...ment-external-secrets-cert-controller.yaml | 10 +- .../Deployment-external-secrets-webhook.yaml | 10 +- .../Deployment-external-secrets.yaml | 10 +- .../Role-external-secrets-leaderelection.yaml | 4 +- ...nding-external-secrets-leaderelection.yaml | 4 +- .../Secret-external-secrets-webhook.yaml | 4 +- .../Service-external-secrets-webhook.yaml | 4 +- ...ount-external-secrets-cert-controller.yaml | 4 +- ...rviceAccount-external-secrets-webhook.yaml | 4 +- .../ServiceAccount-external-secrets.yaml | 4 +- ...Configuration-externalsecret-validate.yaml | 4 +- ...ookConfiguration-secretstore-validate.yaml | 4 +- .../manifests/immich/Deployment-immich.yaml | 2 +- .../Deployment-qbittorrent-qui.yaml | 2 +- 24 files changed, 338 insertions(+), 58 deletions(-) diff --git a/clusters/cl01tl/manifests/booklore/Deployment-booklore.yaml b/clusters/cl01tl/manifests/booklore/Deployment-booklore.yaml index 15192c330..0c046561f 100644 --- a/clusters/cl01tl/manifests/booklore/Deployment-booklore.yaml +++ b/clusters/cl01tl/manifests/booklore/Deployment-booklore.yaml @@ -50,7 +50,7 @@ spec: value: "6060" - name: SWAGGER_ENABLED value: "false" - image: ghcr.io/booklore-app/booklore:v1.14.1 + image: ghcr.io/booklore-app/booklore:v1.15.0 imagePullPolicy: IfNotPresent name: main resources: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml index 3ff6b132e..712d36663 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-cert-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml index 4af0f5ab9..1f15cc319 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-controller labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml index bfbd225da..6fadacaac 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-edit.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-edit labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml index d7d28e782..98a3bdbda 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-servicebindings.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-servicebindings labels: servicebinding.io/controller: "true" - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml index 96e8af49c..c01996d50 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRole-external-secrets-view.yaml @@ -3,10 +3,10 @@ kind: ClusterRole metadata: name: external-secrets-view labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml index 33f258b8d..12fb51334 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-cert-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRoleBinding metadata: name: external-secrets-cert-controller labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml index 296197b42..d11893893 100644 --- a/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ClusterRoleBinding-external-secrets-controller.yaml @@ -3,10 +3,10 @@ kind: ClusterRoleBinding metadata: name: external-secrets-controller labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml index b2e3df1b5..e25b99f4f 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-clustersecretstores.external-secrets.io.yaml @@ -765,8 +765,11 @@ spec: type: string customCloudConfig: description: |- - CustomCloudConfig defines custom Azure Stack Hub or Azure Stack Edge endpoints. + CustomCloudConfig defines custom Azure endpoints for non-standard clouds. Required when EnvironmentType is AzureStackCloud. + Optional for other environment types - useful for Azure China when using Workload Identity + with AKS, where the OIDC issuer (login.partner.microsoftonline.cn) differs from the + standard China Cloud endpoint (login.chinacloudapi.cn). IMPORTANT: This feature REQUIRES UseAzureSDK to be set to true. Custom cloud configuration is not supported with the legacy go-autorest SDK. properties: @@ -850,6 +853,97 @@ spec: required: - vaultUrl type: object + barbican: + description: Barbican configures this store to sync secrets using the OpenStack Barbican provider + properties: + auth: + description: BarbicanAuth contains the authentication information for Barbican. + properties: + password: + description: BarbicanProviderPasswordRef defines a reference to a secret containing password for the Barbican provider. + properties: + secretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - secretRef + type: object + username: + description: BarbicanProviderUsernameRef defines a reference to a secret containing username for the Barbican provider. + maxProperties: 1 + minProperties: 1 + properties: + secretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + value: + type: string + type: object + required: + - password + - username + type: object + authURL: + type: string + domainName: + type: string + region: + type: string + tenantName: + type: string + required: + - auth + type: object beyondtrust: description: Beyondtrust configures this store to sync secrets using Password Safe provider. properties: @@ -1607,8 +1701,53 @@ spec: auth: description: Auth configures how the Operator authenticates with the Doppler API properties: + oidcConfig: + description: OIDCConfig authenticates using Kubernetes ServiceAccount tokens via OIDC. + properties: + expirationSeconds: + default: 600 + description: |- + ExpirationSeconds sets the ServiceAccount token validity duration. + Defaults to 10 minutes. + format: int64 + type: integer + identity: + description: Identity is the Doppler Service Account Identity ID configured for OIDC authentication. + type: string + serviceAccountRef: + description: ServiceAccountRef specifies the Kubernetes ServiceAccount to use for authentication. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + required: + - identity + - serviceAccountRef + type: object secretRef: - description: DopplerAuthSecretRef contains the secret reference for accessing the Doppler API. + description: SecretRef authenticates using a Doppler service token stored in a Kubernetes Secret. properties: dopplerToken: description: |- @@ -1642,9 +1781,10 @@ spec: required: - dopplerToken type: object - required: - - secretRef type: object + x-kubernetes-validations: + - message: Exactly one of 'secretRef' or 'oidcConfig' must be specified + rule: (has(self.secretRef) && !has(self.oidcConfig)) || (!has(self.secretRef) && has(self.oidcConfig)) config: description: Doppler config (required if not using a Service Token) type: string diff --git a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml index 9cdbedbb9..6a2c52f9c 100644 --- a/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml +++ b/clusters/cl01tl/manifests/external-secrets/CustomResourceDefinition-secretstores.external-secrets.io.yaml @@ -765,8 +765,11 @@ spec: type: string customCloudConfig: description: |- - CustomCloudConfig defines custom Azure Stack Hub or Azure Stack Edge endpoints. + CustomCloudConfig defines custom Azure endpoints for non-standard clouds. Required when EnvironmentType is AzureStackCloud. + Optional for other environment types - useful for Azure China when using Workload Identity + with AKS, where the OIDC issuer (login.partner.microsoftonline.cn) differs from the + standard China Cloud endpoint (login.chinacloudapi.cn). IMPORTANT: This feature REQUIRES UseAzureSDK to be set to true. Custom cloud configuration is not supported with the legacy go-autorest SDK. properties: @@ -850,6 +853,97 @@ spec: required: - vaultUrl type: object + barbican: + description: Barbican configures this store to sync secrets using the OpenStack Barbican provider + properties: + auth: + description: BarbicanAuth contains the authentication information for Barbican. + properties: + password: + description: BarbicanProviderPasswordRef defines a reference to a secret containing password for the Barbican provider. + properties: + secretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - secretRef + type: object + username: + description: BarbicanProviderUsernameRef defines a reference to a secret containing username for the Barbican provider. + maxProperties: 1 + minProperties: 1 + properties: + secretRef: + description: |- + SecretKeySelector is a reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + value: + type: string + type: object + required: + - password + - username + type: object + authURL: + type: string + domainName: + type: string + region: + type: string + tenantName: + type: string + required: + - auth + type: object beyondtrust: description: Beyondtrust configures this store to sync secrets using Password Safe provider. properties: @@ -1607,8 +1701,53 @@ spec: auth: description: Auth configures how the Operator authenticates with the Doppler API properties: + oidcConfig: + description: OIDCConfig authenticates using Kubernetes ServiceAccount tokens via OIDC. + properties: + expirationSeconds: + default: 600 + description: |- + ExpirationSeconds sets the ServiceAccount token validity duration. + Defaults to 10 minutes. + format: int64 + type: integer + identity: + description: Identity is the Doppler Service Account Identity ID configured for OIDC authentication. + type: string + serviceAccountRef: + description: ServiceAccountRef specifies the Kubernetes ServiceAccount to use for authentication. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + required: + - identity + - serviceAccountRef + type: object secretRef: - description: DopplerAuthSecretRef contains the secret reference for accessing the Doppler API. + description: SecretRef authenticates using a Doppler service token stored in a Kubernetes Secret. properties: dopplerToken: description: |- @@ -1642,9 +1781,10 @@ spec: required: - dopplerToken type: object - required: - - secretRef type: object + x-kubernetes-validations: + - message: Exactly one of 'secretRef' or 'oidcConfig' must be specified + rule: (has(self.secretRef) && !has(self.oidcConfig)) || (!has(self.secretRef) && has(self.oidcConfig)) config: description: Doppler config (required if not using a Service Token) type: string diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml index 68c2e66bc..32d0afe89 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-cert-controller namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -19,10 +19,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets-cert-controller @@ -40,7 +40,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v1.1.1 + image: ghcr.io/external-secrets/external-secrets:v1.2.0 imagePullPolicy: IfNotPresent args: - certcontroller diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml index 2dfdff477..14c0884d4 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -19,10 +19,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm spec: hostNetwork: false @@ -40,7 +40,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v1.1.1 + image: ghcr.io/external-secrets/external-secrets:v1.2.0 imagePullPolicy: IfNotPresent args: - webhook diff --git a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml index 1a6f42beb..29601b322 100644 --- a/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -19,10 +19,10 @@ spec: template: metadata: labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm spec: serviceAccountName: external-secrets @@ -40,7 +40,7 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault - image: ghcr.io/external-secrets/external-secrets:v1.1.1 + image: ghcr.io/external-secrets/external-secrets:v1.2.0 imagePullPolicy: IfNotPresent args: - --concurrent=1 diff --git a/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml b/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml index c35b6d3be..5e0379b11 100644 --- a/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Role-external-secrets-leaderelection.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-leaderelection namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml b/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml index b9ad866ee..07c43b72b 100644 --- a/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml +++ b/clusters/cl01tl/manifests/external-secrets/RoleBinding-external-secrets-leaderelection.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-leaderelection namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml index e368c4370..788257563 100644 --- a/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Secret-external-secrets-webhook.yaml @@ -4,9 +4,9 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook diff --git a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml index 35c3472a7..bcbde1074 100644 --- a/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/Service-external-secrets-webhook.yaml @@ -4,10 +4,10 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook spec: diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml index 3e1781573..0c515b021 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-cert-controller.yaml @@ -4,8 +4,8 @@ metadata: name: external-secrets-cert-controller namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-cert-controller app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml index d26445b71..671a6f7ea 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets-webhook.yaml @@ -4,8 +4,8 @@ metadata: name: external-secrets-webhook namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm diff --git a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml index c0918b67d..6584b4a2e 100644 --- a/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ServiceAccount-external-secrets.yaml @@ -4,8 +4,8 @@ metadata: name: external-secrets namespace: external-secrets labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm diff --git a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml index 187d800ce..c749d5969 100644 --- a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-externalsecret-validate.yaml @@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration metadata: name: externalsecret-validate labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook webhooks: diff --git a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml index 40f253c1c..a2c5999f9 100644 --- a/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml +++ b/clusters/cl01tl/manifests/external-secrets/ValidatingWebhookConfiguration-secretstore-validate.yaml @@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration metadata: name: secretstore-validate labels: - helm.sh/chart: external-secrets-1.1.1 + helm.sh/chart: external-secrets-1.2.0 app.kubernetes.io/name: external-secrets-webhook app.kubernetes.io/instance: external-secrets - app.kubernetes.io/version: "v1.1.1" + app.kubernetes.io/version: "v1.2.0" app.kubernetes.io/managed-by: Helm external-secrets.io/component: webhook webhooks: diff --git a/clusters/cl01tl/manifests/immich/Deployment-immich.yaml b/clusters/cl01tl/manifests/immich/Deployment-immich.yaml index 1c4a4a98d..62e3fb3da 100644 --- a/clusters/cl01tl/manifests/immich/Deployment-immich.yaml +++ b/clusters/cl01tl/manifests/immich/Deployment-immich.yaml @@ -70,7 +70,7 @@ spec: secretKeyRef: key: password name: immich-postgresql-18-cluster-app - image: ghcr.io/immich-app/immich-server:v2.3.1 + image: ghcr.io/immich-app/immich-server:v2.4.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml index ad28fa9d0..f71ef14b1 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml @@ -59,7 +59,7 @@ spec: value: https://qui.alexlebens.net/api/auth/oidc/callback - name: QUI__OIDC_DISABLE_BUILT_IN_LOGIN value: "false" - image: ghcr.io/autobrr/qui:v1.10.0 + image: ghcr.io/autobrr/qui:v1.11.0 imagePullPolicy: IfNotPresent name: qui resources: