Update ghcr.io/moghtech/komodo-core Docker tag to v1.18.0

Reviewed-on: #535

clusters/cl01tl/applications/homepage-dev/values.yaml

@@ -11,7 +11,7 @@ homepage:
         main:
           image:
             repository: ghcr.io/gethomepage/homepage
-            tag: v1.2.0
+            tag: v1.3.2
             pullPolicy: IfNotPresent
           env:
             - name: HOMEPAGE_ALLOWED_HOSTS

clusters/cl01tl/applications/homepage/values.yaml

@@ -15,7 +15,7 @@ homepage:
         main:
           image:
             repository: ghcr.io/gethomepage/homepage
-            tag: v1.2.0
+            tag: v1.3.2
             pullPolicy: IfNotPresent
           env:
             - name: HOMEPAGE_ALLOWED_HOSTS

clusters/cl01tl/deployment/argocd/templates/external-secret.yaml

@@ -27,6 +27,29 @@ spec:
         metadataPolicy: None
         property: client
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: argocd-notifications-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: argocd-notifications-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ntfy-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /ntfy/user/cl01tl
+        metadataPolicy: None
+        property: token
+
 # ---
 # apiVersion: external-secrets.io/v1
 # kind: ExternalSecret

clusters/cl01tl/deployment/argocd/values.yaml

@@ -23,11 +23,44 @@ argo-cd:
           name: authentik
           type: oidc
           id: authentik
+    params:
+      server.insecure: true
     rbac:
       policy.csv: |
         g, ArgoCD Admins, role:admin
-    params:
+    cmp:
-      server.insecure: true
+      create: true
+      plugins:
+        cdk8s:
+          init:
+            command: [cdk8s]
+            args: [import]
+          generate:
+            command: [cdk8s, synth]
+            args: [--stdout]
+          discover:
+            fileName: "*.go"
+  controller:
+    replicas: 1
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+  dex:
+    enabled: true
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+    livenessProbe:
+      enabled: true
+    readinessProbe:
+      enabled: true
+  redis-ha:
+    enabled: true
+    auth: false
+  redisSecretInit:
+    enabled: true
   server:
     replicas: 2
     ingress:
@@ -36,21 +69,32 @@ argo-cd:
       enabled: true
       serviceMonitor:
         enabled: true
-  dex:
-    enabled: true
-  redis-ha:
-    enabled: true
-    auth: false
-  redisSecretInit:
-    enabled: true
-  controller:
-    replicas: 1
-    metrics:
-      enabled: true
-      serviceMonitor:
-        enabled: true
   repoServer:
     replicas: 2
+    extraContainers:
+      - name: cmp-cdk8s
+        command:
+          - /var/run/argocd/argocd-cmp-server
+        image: ghcr.io/akuity/cdk8s-cmp-typescript:1.0
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 999
+        volumeMounts:
+          - mountPath: /var/run/argocd
+            name: var-files
+          - mountPath: /home/argocd/cmp-server/plugins
+            name: plugins
+          - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+            subPath: cdk8s.yaml
+            name: argocd-cmp-cm
+          - mountPath: /tmp
+            name: cmp-tmp
+    volumes:
+      - name: argocd-cmp-cm
+        configMap:
+          name: argocd-cmp-cm
+      - name: cmp-tmp
+        emptyDir: {}
     metrics:
       enabled: true
       serviceMonitor:
@@ -61,3 +105,189 @@ argo-cd:
       enabled: true
       serviceMonitor:
         enabled: true
+    livenessProbe:
+      enabled: true
+    readinessProbe:
+      enabled: true
+  notifications:
+    enabled: true
+    context:
+      argocdUrl: https://argocd.alexlebens.net
+    secret:
+      create: false
+      name: argocd-notifications-secret
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+    notifiers:
+      service.webhook.ntfy: |
+        url: http://ntfy.ntfy/
+        headers:
+          - name: Authorization
+            value: Bearer $ntfy-token
+    livenessProbe:
+      enabled: true
+    readinessProbe:
+      enabled: true
+    subscriptions:
+      - recipients:
+          - ntfy
+        triggers:
+          - on-created
+          - on-deleted
+          - on-deployed
+          - on-health-degraded
+          - on-sync-failed
+          - on-sync-running
+          - on-sync-status-unknown
+          - on-sync-succeeded
+    templates:
+      template.app-created: |
+        webhook:
+          ntfy:
+            method: POST
+            body: |
+              {
+                "topic": "argocd",
+                "message": "{{.app.metadata.name}} has been created.",
+                "title": "Created: {{.app.metadata.name}}",
+                "tags": ["building_construction"],
+                "priority": 4,
+                "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
+              }
+      template.app-deleted: |
+        webhook:
+          ntfy:
+            method: POST
+            body: |
+              {
+                "topic": "argocd",
+                "message": "{{.app.metadata.name}} has been deleted",
+                "title": "Deleted: {{.app.metadata.name}}",
+                "tags": ["warning"],
+                "priority": 4,
+                "click": "{{.context.argocdUrl}}"
+              }
+      template.app-deployed: |
+        webhook:
+          ntfy:
+            method: POST
+            body: |
+              {
+                "topic": "argocd",
+                "message": "{{.app.metadata.name}} is now running new version of deployments manifests",
+                "title": "Deployed: {{.app.metadata.name}}",
+                "tags": ["+1"],
+                "priority": 3,
+                "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
+              }
+      template.app-health-degraded: |
+        webhook:
+          ntfy:
+            method: POST
+            body: |
+              {
+                "topic": "argocd",
+                "message": "{{.app.metadata.name}} health has degraded",
+                "title": "Degraded: {{.app.metadata.name}}",
+                "tags": ["rotating_light"],
+                "priority": 5,
+                "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
+              }
+      template.app-sync-failed: |
+        webhook:
+          ntfy:
+            method: POST
+            body: |
+              {
+                "topic": "argocd",
+                "message": "{{.app.metadata.name}} sync has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}",
+                "title": "Sync Failed: {{.app.metadata.name}}",
+                "tags": ["rotating_light"],
+                "priority": 5,
+                "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
+              }
+      template.app-sync-running: |
+        webhook:
+          ntfy:
+            method: POST
+            body: |
+              {
+                "topic": "argocd",
+                "message": "{{.app.metadata.name}} sync has started at {{.app.status.operationState.startedAt}}",
+                "title": "Sync Running: {{.app.metadata.name}}",
+                "tags": ["runner"],
+                "priority": 3,
+                "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
+              }
+      template.app-sync-status-unknown: |
+        webhook:
+          ntfy:
+            method: POST
+            body: |
+              {
+                "topic": "argocd",
+                "message": "{{.app.metadata.name}} sync status is unknown",
+                "title": "Sync Unknown: {{.app.metadata.name}}",
+                "tags": ["question"],
+                "priority": 5,
+                "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}"
+              }
+      template.app-sync-succeeded: |
+        webhook:
+          ntfy:
+            method: POST
+            body: |
+              {
+                "topic": "argocd",
+                "message": "{{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}",
+                "title": "Sync Succeeded: {{.app.metadata.name}}",
+                "tags": ["+1"],
+                "priority": 3,
+                "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
+              }
+    triggers:
+      trigger.on-created: |
+        - description: Application {{.app.metadata.name}} has been created.
+          oncePer: app.metadata.name
+          send:
+            - app-created
+          when: "true"
+      trigger.on-deleted: |
+        - description: Application {{.app.metadata.name}} has been deleted.
+          oncePer: app.metadata.name
+          send:
+            - app-deleted
+          when: app.metadata.deletionTimestamp != nil
+      trigger.on-deployed: |
+        - description: Application is synced and healthy. Triggered once per commit.
+          oncePer: app.status.operationState.syncResult.revision
+          send:
+            - app-deployed
+          when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
+      trigger.on-health-degraded: |
+        - description: Application has degraded
+          send:
+            - app-health-degraded
+          when: app.status.health.status == 'Degraded'
+      trigger.on-sync-failed: |
+        - description: Application syncing has failed
+          send:
+            - app-sync-failed
+          when: app.status.operationState.phase in ['Error', 'Failed']
+      trigger.on-sync-running: |
+        - description: Application is being synced
+          send:
+           - app-sync-running
+          when: app.status.operationState.phase in ['Running']
+      trigger.on-sync-status-unknown: |
+        - description: Application status is 'Unknown'
+          send:
+            - app-sync-status-unknown
+          when: app.status.sync.status == 'Unknown'
+      trigger.on-sync-succeeded: |
+        - description: Application syncing has succeeded
+          send:
+            - app-sync-succeeded
+          when: app.status.operationState.phase in ['Succeeded']

clusters/cl01tl/platform/n8n/values.yaml

@@ -9,7 +9,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.95.2
+            tag: 1.97.0
             pullPolicy: IfNotPresent
           env:
             - name: GENERIC_TIMEZONE
@@ -93,7 +93,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.95.2
+            tag: 1.97.0
             pullPolicy: IfNotPresent
           command:
             - n8n
@@ -182,7 +182,7 @@ n8n:
         main:
           image:
             repository: ghcr.io/n8n-io/n8n
-            tag: 1.95.2
+            tag: 1.97.0
             pullPolicy: IfNotPresent
           command:
             - n8n

clusters/cl01tl/storage/rook-ceph/Chart.yaml

@@ -19,7 +19,7 @@ dependencies:
     version: v1.17.3
     repository: https://charts.rook.io/release
   - name: rook-ceph-cluster
-    version: v1.17.2
+    version: v1.17.3
     repository: https://charts.rook.io/release
   - name: cloudflared
     alias: cloudflared-rgw

hosts/ps10rp/homepage/compose.yaml

@@ -32,7 +32,7 @@ services:
             - /var/run/docker.sock:/var/run/docker.sock:ro
 
     homepage:
-        image: ghcr.io/gethomepage/homepage:v1.2.0
+        image: ghcr.io/gethomepage/homepage:v1.3.2
         container_name: homepage
         labels:
             traefik.enable: true