alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:32f2cffa030dd24995680e4cf48f79f906f6e49c
Branches Tags
alexlebens:main alexlebens:renovate/cilium-1.x alexlebens:manifests
..
compare: alexlebens:main
Branches Tags
alexlebens:renovate/cilium-1.x alexlebens:manifests alexlebens:main

26 Commits
32f2cffa03 ... main

Author SHA1 Message Date
Alex Lebens
66ea9f6e9d feat: fix service
All checks were successful
lint-test-helm / lint-helm (push) Successful in 26s
Details
render-manifests-push / render-manifests-push (push) Successful in 39s
Details
renovate / renovate (push) Successful in 1m45s
Details
2026-03-10 16:21:08 -05:00
Alex Lebens
bb2eb87f04 feat: add movie-routelette
All checks were successful
lint-test-docker / lint-docker-compose (push) Successful in 18s
Details
lint-test-helm / lint-helm (push) Successful in 29s
Details
render-manifests-push / render-manifests-push (push) Successful in 51s
Details
renovate / renovate (push) Successful in 2m46s
Details
2026-03-10 16:05:21 -05:00
Renovate Bot
fc4489c280 chore(deps): update goharbor/harbor-exporter docker tag to v2.14.3 (#4605)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 22s
Details
renovate / renovate (push) Successful in 2m5s
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| goharbor/harbor-exporter | patch | `v2.14.2` → `v2.14.3` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->

Reviewed-on: #4605
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-03-10 20:15:39 +00:00
Renovate Bot
bba5b244a4 chore(deps): update goharbor/registry-photon docker tag to v2.14.3 (#4610)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 28s
Details
renovate / renovate (push) Successful in 2m12s
Details
2026-03-10 20:12:04 +00:00
Renovate Bot
a9222afe69 chore(deps): update goharbor/harbor-registryctl docker tag to v2.14.3 (#4609)
Some checks failed
lint-test-helm / lint-helm (push) Has been cancelled
Details
render-manifests-push / render-manifests-push (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 20:12:00 +00:00
Renovate Bot
b5984a21c3 chore(deps): update goharbor/harbor-portal docker tag to v2.14.3 (#4608)
Some checks failed
lint-test-helm / lint-helm (push) Has been cancelled
Details
render-manifests-push / render-manifests-push (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 20:11:36 +00:00
Renovate Bot
4083a71d11 chore(deps): update goharbor/harbor-jobservice docker tag to v2.14.3 (#4607)
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-03-10 20:11:28 +00:00
Renovate Bot
d909ba3edd chore(deps): update goharbor/harbor-jobservice docker tag to v2.14.3 (#4607)
Some checks failed
lint-test-helm / lint-helm (push) Has been cancelled
Details
render-manifests-push / render-manifests-push (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 20:11:21 +00:00
Renovate Bot
f95e1987cf chore(deps): update goharbor/harbor-core docker tag to v2.14.3 (#4604)
Some checks failed
lint-test-helm / lint-helm (push) Has been cancelled
Details
render-manifests-push / render-manifests-push (push) Has been skipped
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 20:10:59 +00:00
Renovate Bot
9a9198fa40 chore(deps): update ghcr.io/siderolabs/talosctl docker tag to v1.12.5 (#4603)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 20:10:45 +00:00
Renovate Bot
fd4e5349f8 chore(deps): update dependency goharbor/harbor to v2.14.3 (#4602)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 15s
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 20:10:18 +00:00
Renovate Bot
b5ecdf7cc9 chore(deps): update gitroomhq/postiz-app to v2.20.2 (#4600)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 26s
Details
renovate / renovate (push) Successful in 2m23s
Details
2026-03-10 19:27:38 +00:00
Renovate Bot
def594a753 chore(deps): update vectorim/element-web docker tag to v1.12.12 (#4596)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 14s
Details
renovate / renovate (push) Has been cancelled
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [vectorim/element-web](https://github.com/element-hq/element-web) | patch | `v1.12.11` → `v1.12.12` |

---

### Release Notes

<details>
<summary>element-hq/element-web (vectorim/element-web)</summary>

### [`v1.12.12`](https://github.com/element-hq/element-web/releases/tag/v1.12.12)

[Compare Source](https://github.com/element-hq/element-web/compare/v1.12.11...v1.12.12)

####  Features

- Add stable support for MSC4380 invite blocking ([#&#8203;31966](https://github.com/element-hq/element-web/pull/31966)). Contributed by [@&#8203;richvdh](https://github.com/richvdh).
- Hide the names of banned users behind a spoiler tag ([#&#8203;32424](https://github.com/element-hq/element-web/pull/32424)). Contributed by [@&#8203;andybalaam](https://github.com/andybalaam).
- Room list: remove bold effect on selected room ([#&#8203;32593](https://github.com/element-hq/element-web/pull/32593)). Contributed by [@&#8203;florianduros](https://github.com/florianduros).
- Use Compound buttons in auth screens ([#&#8203;32562](https://github.com/element-hq/element-web/pull/32562)). Contributed by [@&#8203;t3chguy](https://github.com/t3chguy).
- Track room list sorting algorithm changes ([#&#8203;32556](https://github.com/element-hq/element-web/pull/32556)). Contributed by [@&#8203;MidhunSureshR](https://github.com/MidhunSureshR).
- Update `sso_redirect_options` to work for Native OIDC ([#&#8203;32537](https://github.com/element-hq/element-web/pull/32537)). Contributed by [@&#8203;t3chguy](https://github.com/t3chguy).

#### 🐛 Bug Fixes

- Room list: avoid excessive re-renders on room list store update or filter change ([#&#8203;32663](https://github.com/element-hq/element-web/pull/32663)). Contributed by [@&#8203;florianduros](https://github.com/florianduros).
- Room list: listen to call event to check number of participants ([#&#8203;32677](https://github.com/element-hq/element-web/pull/32677)). Contributed by [@&#8203;florianduros](https://github.com/florianduros).
- Fix invite-specific join errors not being shown ([#&#8203;32621](https://github.com/element-hq/element-web/pull/32621)). Contributed by [@&#8203;Half-Shot](https://github.com/Half-Shot).
- Prevent logging lots of "Browser unsupported" lines ([#&#8203;32647](https://github.com/element-hq/element-web/pull/32647)). Contributed by [@&#8203;Half-Shot](https://github.com/Half-Shot).
- Update critical gradient for room status bar ([#&#8203;32575](https://github.com/element-hq/element-web/pull/32575)). Contributed by [@&#8203;Half-Shot](https://github.com/Half-Shot).
- Room list: avoid header overflowing when too long ([#&#8203;32645](https://github.com/element-hq/element-web/pull/32645)). Contributed by [@&#8203;florianduros](https://github.com/florianduros).
- Room list: center focus outline of room list item ([#&#8203;32637](https://github.com/element-hq/element-web/pull/32637)). Contributed by [@&#8203;florianduros](https://github.com/florianduros).
- Fix misaligned cross in complete security dialog ([#&#8203;32614](https://github.com/element-hq/element-web/pull/32614)). Contributed by [@&#8203;dbkr](https://github.com/dbkr).
- Room list: fix keyboard navigation ([#&#8203;32585](https://github.com/element-hq/element-web/pull/32585)). Contributed by [@&#8203;florianduros](https://github.com/florianduros).
- Don't show empty privacy section ([#&#8203;32582](https://github.com/element-hq/element-web/pull/32582)). Contributed by [@&#8203;dbkr](https://github.com/dbkr).
- Disable room list image dragging ([#&#8203;32590](https://github.com/element-hq/element-web/pull/32590)). Contributed by [@&#8203;florianduros](https://github.com/florianduros).
- Update UserMenu theme toggle to use IconButton ([#&#8203;32591](https://github.com/element-hq/element-web/pull/32591)). Contributed by [@&#8203;t3chguy](https://github.com/t3chguy).
- Room list: make room list item scales with large font size ([#&#8203;32523](https://github.com/element-hq/element-web/pull/32523)). Contributed by [@&#8203;florianduros](https://github.com/florianduros).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->

Reviewed-on: #4596
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-03-10 19:24:51 +00:00
Renovate Bot
3ed423c486 chore(deps): update dependency rancher/local-path-provisioner to v0.0.35 (#4585)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 13s
Details
renovate / renovate (push) Has been cancelled
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [rancher/local-path-provisioner](https://github.com/rancher/local-path-provisioner) | patch | `v0.0.34` → `v0.0.35` |

---

### Release Notes

<details>
<summary>rancher/local-path-provisioner (rancher/local-path-provisioner)</summary>

### [`v0.0.35`](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35): Local Path Provisioner v0.0.35

[Compare Source](https://github.com/rancher/local-path-provisioner/compare/v0.0.34...v0.0.35)

#### What's Changed

- Add FOSSA scanning workflow by [@&#8203;macedogm](https://github.com/macedogm) in [#&#8203;551](https://github.com/rancher/local-path-provisioner/pull/551)
- Build linux/ppc64le images through build on GitHub Actions by [@&#8203;kishen-v](https://github.com/kishen-v) in [#&#8203;554](https://github.com/rancher/local-path-provisioner/pull/554)
- updated golang to 1.26.0 by [@&#8203;jgoodall](https://github.com/jgoodall) in [#&#8203;557](https://github.com/rancher/local-path-provisioner/pull/557)
- feat: Allow custom node affinity keys by [@&#8203;ipantchev](https://github.com/ipantchev) in [#&#8203;559](https://github.com/rancher/local-path-provisioner/pull/559)
- chore: update golang to 1.26.1 by [@&#8203;derekbit](https://github.com/derekbit) in [#&#8203;561](https://github.com/rancher/local-path-provisioner/pull/561)
- chore(release): bump to v0.0.35 by [@&#8203;derekbit](https://github.com/derekbit) in [#&#8203;562](https://github.com/rancher/local-path-provisioner/pull/562)

#### New Contributors

- [@&#8203;macedogm](https://github.com/macedogm) made their first contribution in [#&#8203;551](https://github.com/rancher/local-path-provisioner/pull/551)
- [@&#8203;jgoodall](https://github.com/jgoodall) made their first contribution in [#&#8203;557](https://github.com/rancher/local-path-provisioner/pull/557)
- [@&#8203;ipantchev](https://github.com/ipantchev) made their first contribution in [#&#8203;559](https://github.com/rancher/local-path-provisioner/pull/559)

**Full Changelog**: <https://github.com/rancher/local-path-provisioner/compare/v0.0.34...v0.0.35>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->

Reviewed-on: #4585
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-03-10 19:24:26 +00:00
Renovate Bot
4f5ee67cad chore(deps): update kube-prometheus-stack docker tag to v82.10.3 (#4595)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 39s
Details
renovate / renovate (push) Successful in 2m16s
Details
2026-03-10 19:03:26 +00:00
Renovate Bot
87e5e348e9 chore(deps): update helm release local-path-provisioner to v0.0.36 (#4593)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 15s
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 19:00:55 +00:00
Renovate Bot
89d2cc51e2 chore(deps): update helm release argo-cd to v9.4.10 (#4591)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 9s
Details
renovate / renovate (push) Successful in 2m43s
Details
2026-03-10 18:58:52 +00:00
Renovate Bot
63c72c1384 chore(deps): update helm release alloy to v1.6.2 (#4589)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 30s
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 18:57:08 +00:00
Renovate Bot
a6cc4bbb91 chore(deps): update g33kphr33k/musicgrabber docker tag to v2.3.5 (#4586)
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2026-03-10 18:54:15 +00:00
Renovate Bot
07fd0da730 chore(deps): update g33kphr33k/musicgrabber docker tag to v2.3.5 (#4586)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 14s
Details
renovate / renovate (push) Successful in 2m18s
Details
2026-03-10 18:54:06 +00:00
Renovate Bot
0deb5b636a chore(deps): update dependency element-hq/element-web to v1.12.12 (#4584)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 9s
Details
renovate / renovate (push) Has been cancelled
Details
2026-03-10 18:51:52 +00:00
Renovate Bot
9c88efb755 chore(deps): update helm release cert-manager to v1.20.0 (#4582)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 16s
Details
renovate / renovate (push) Has been cancelled
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://cert-manager.io) ([source](https://github.com/cert-manager/cert-manager)) | minor | `v1.19.4` → `v1.20.0` |

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

### [`v1.20.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0)

[Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.20.0)

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.0 adds support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.

#### Changes by Kind

##### Feature

- Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. ([#&#8203;8370](https://github.com/cert-manager/cert-manager/issues/8370), [@&#8203;jcpunk](https://github.com/jcpunk))
- Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} ([#&#8203;8256](https://github.com/cert-manager/cert-manager/issues/8256), [@&#8203;tareksha](https://github.com/tareksha))
- Added support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([#&#8203;8186](https://github.com/cert-manager/cert-manager/issues/8186), [@&#8203;mathieu-clnk](https://github.com/mathieu-clnk))
- Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. ([#&#8203;8355](https://github.com/cert-manager/cert-manager/issues/8355), [@&#8203;dancmeyers](https://github.com/dancmeyers))
- Added `parentRef` override annotations on the Certificate resource. ([#&#8203;8518](https://github.com/cert-manager/cert-manager/issues/8518), [@&#8203;hjoshi123](https://github.com/hjoshi123))
- Added support for azure private zones for dns01 issuer. ([#&#8203;8494](https://github.com/cert-manager/cert-manager/issues/8494), [@&#8203;hjoshi123](https://github.com/hjoshi123))
- Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. ([#&#8203;7642](https://github.com/cert-manager/cert-manager/issues/7642), [@&#8203;robertlestak](https://github.com/robertlestak))
- Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget ([#&#8203;7728](https://github.com/cert-manager/cert-manager/issues/7728), [@&#8203;jcpunk](https://github.com/jcpunk))
- For Venafi provider, read `venafi.cert-manager.io/custom-fields` annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. ([#&#8203;8301](https://github.com/cert-manager/cert-manager/issues/8301), [@&#8203;k0da](https://github.com/k0da))
- Improve error message when CA issuers are misconfigured to use a clashing secret name ([#&#8203;8374](https://github.com/cert-manager/cert-manager/issues/8374), [@&#8203;majiayu000](https://github.com/majiayu000))
- Introduce a new Ingress annotation `acme.cert-manager.io/http01-ingress-ingressclassname` to override `http01.ingress.ingressClassName` field in HTTP-01 challenge solvers. ([#&#8203;8244](https://github.com/cert-manager/cert-manager/issues/8244), [@&#8203;lunarwhite](https://github.com/lunarwhite))
- Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#&#8203;8195](https://github.com/cert-manager/cert-manager/issues/8195), [@&#8203;StingRayZA](https://github.com/StingRayZA))
- Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. ([#&#8203;8228](https://github.com/cert-manager/cert-manager/issues/8228), [@&#8203;terinjokes](https://github.com/terinjokes))
- Added experimental `XListenerSet` feature gate ([#&#8203;8394](https://github.com/cert-manager/cert-manager/issues/8394), [@&#8203;hjoshi123](https://github.com/hjoshi123))

##### Documentation

- Add GWAPI documentation to NOTES.TXT in helm chart ([#&#8203;8353](https://github.com/cert-manager/cert-manager/issues/8353), [@&#8203;jaxels10](https://github.com/jaxels10))

##### Bug or Regression

- Adds logs for cases when acme server returns us a fatal error in the order controller ([#&#8203;8199](https://github.com/cert-manager/cert-manager/issues/8199), [@&#8203;Peac36](https://github.com/Peac36))
- Fixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#&#8203;8160](https://github.com/cert-manager/cert-manager/issues/8160), [@&#8203;inteon](https://github.com/inteon))
- Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. ([#&#8203;8232](https://github.com/cert-manager/cert-manager/issues/8232), [@&#8203;eleanor-merry](https://github.com/eleanor-merry))
- Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. ([#&#8203;8456](https://github.com/cert-manager/cert-manager/issues/8456), [@&#8203;tkna](https://github.com/tkna))
- Fix unregulated retries with the DigitalOcean DNS-01 solver
  Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([#&#8203;8221](https://github.com/cert-manager/cert-manager/issues/8221), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#&#8203;8403](https://github.com/cert-manager/cert-manager/issues/8403), [@&#8203;calm329](https://github.com/calm329))
- Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#&#8203;8424](https://github.com/cert-manager/cert-manager/issues/8424), [@&#8203;SlashNephy](https://github.com/SlashNephy))
- Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. ([#&#8203;8443](https://github.com/cert-manager/cert-manager/issues/8443), [@&#8203;alviss7](https://github.com/alviss7))
- Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#&#8203;8173](https://github.com/cert-manager/cert-manager/issues/8173), [@&#8203;erikgb](https://github.com/erikgb))
- Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#&#8203;8469](https://github.com/cert-manager/cert-manager/issues/8469), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
- Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#&#8203;8290](https://github.com/cert-manager/cert-manager/issues/8290), [@&#8203;octo-sts](https://github.com/octo-sts)\[bot])
- When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([#&#8203;8162](https://github.com/cert-manager/cert-manager/issues/8162), [@&#8203;LiquidPL](https://github.com/LiquidPL))

##### Other (Cleanup or Flake)

- Promoted the OtherNames feature to Beta and enabled it by default ([#&#8203;8288](https://github.com/cert-manager/cert-manager/issues/8288), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- Promoting `xlistenerset` feature gate to `listenerset` ([#&#8203;8501](https://github.com/cert-manager/cert-manager/issues/8501), [@&#8203;hjoshi123](https://github.com/hjoshi123))
- Rebranding of the Venafi Issuer to CyberArk ([#&#8203;8215](https://github.com/cert-manager/cert-manager/issues/8215), [@&#8203;iossifbenbassat123](https://github.com/iossifbenbassat123))
- Switched to SSA for challenge finalizer updates ([#&#8203;8519](https://github.com/cert-manager/cert-manager/issues/8519), [@&#8203;inteon](https://github.com/inteon))
- The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) ([#&#8203;8408](https://github.com/cert-manager/cert-manager/issues/8408), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. ([#&#8203;8287](https://github.com/cert-manager/cert-manager/issues/8287), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- Update cert-manager's ACME client, forked from golang/x/crypto ([#&#8203;8268](https://github.com/cert-manager/cert-manager/issues/8268), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
- Use the latest version of Kyverno (1.16.2) in the best-practice installation tests ([#&#8203;8389](https://github.com/cert-manager/cert-manager/issues/8389), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. ([#&#8203;8426](https://github.com/cert-manager/cert-manager/issues/8426), [@&#8203;hjoshi123](https://github.com/hjoshi123))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhcnQiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4582
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-03-10 18:49:17 +00:00
Renovate Bot
b108a9702c chore(deps): update dependency cert-manager/cert-manager to v1.20.0 (#4581)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 8s
Details
renovate / renovate (push) Has been cancelled
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | minor | `v1.19.4` → `v1.20.0` |

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager/cert-manager)</summary>

### [`v1.20.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0)

[Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.20.0)

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.0 adds support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.

#### Changes by Kind

##### Feature

- Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. ([#&#8203;8370](https://github.com/cert-manager/cert-manager/issues/8370), [@&#8203;jcpunk](https://github.com/jcpunk))
- Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} ([#&#8203;8256](https://github.com/cert-manager/cert-manager/issues/8256), [@&#8203;tareksha](https://github.com/tareksha))
- Added support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([#&#8203;8186](https://github.com/cert-manager/cert-manager/issues/8186), [@&#8203;mathieu-clnk](https://github.com/mathieu-clnk))
- Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. ([#&#8203;8355](https://github.com/cert-manager/cert-manager/issues/8355), [@&#8203;dancmeyers](https://github.com/dancmeyers))
- Added `parentRef` override annotations on the Certificate resource. ([#&#8203;8518](https://github.com/cert-manager/cert-manager/issues/8518), [@&#8203;hjoshi123](https://github.com/hjoshi123))
- Added support for azure private zones for dns01 issuer. ([#&#8203;8494](https://github.com/cert-manager/cert-manager/issues/8494), [@&#8203;hjoshi123](https://github.com/hjoshi123))
- Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. ([#&#8203;7642](https://github.com/cert-manager/cert-manager/issues/7642), [@&#8203;robertlestak](https://github.com/robertlestak))
- Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget ([#&#8203;7728](https://github.com/cert-manager/cert-manager/issues/7728), [@&#8203;jcpunk](https://github.com/jcpunk))
- For Venafi provider, read `venafi.cert-manager.io/custom-fields` annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. ([#&#8203;8301](https://github.com/cert-manager/cert-manager/issues/8301), [@&#8203;k0da](https://github.com/k0da))
- Improve error message when CA issuers are misconfigured to use a clashing secret name ([#&#8203;8374](https://github.com/cert-manager/cert-manager/issues/8374), [@&#8203;majiayu000](https://github.com/majiayu000))
- Introduce a new Ingress annotation `acme.cert-manager.io/http01-ingress-ingressclassname` to override `http01.ingress.ingressClassName` field in HTTP-01 challenge solvers. ([#&#8203;8244](https://github.com/cert-manager/cert-manager/issues/8244), [@&#8203;lunarwhite](https://github.com/lunarwhite))
- Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#&#8203;8195](https://github.com/cert-manager/cert-manager/issues/8195), [@&#8203;StingRayZA](https://github.com/StingRayZA))
- Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. ([#&#8203;8228](https://github.com/cert-manager/cert-manager/issues/8228), [@&#8203;terinjokes](https://github.com/terinjokes))
- Added experimental `XListenerSet` feature gate ([#&#8203;8394](https://github.com/cert-manager/cert-manager/issues/8394), [@&#8203;hjoshi123](https://github.com/hjoshi123))

##### Documentation

- Add GWAPI documentation to NOTES.TXT in helm chart ([#&#8203;8353](https://github.com/cert-manager/cert-manager/issues/8353), [@&#8203;jaxels10](https://github.com/jaxels10))

##### Bug or Regression

- Adds logs for cases when acme server returns us a fatal error in the order controller ([#&#8203;8199](https://github.com/cert-manager/cert-manager/issues/8199), [@&#8203;Peac36](https://github.com/Peac36))
- Fixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#&#8203;8160](https://github.com/cert-manager/cert-manager/issues/8160), [@&#8203;inteon](https://github.com/inteon))
- Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. ([#&#8203;8232](https://github.com/cert-manager/cert-manager/issues/8232), [@&#8203;eleanor-merry](https://github.com/eleanor-merry))
- Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. ([#&#8203;8456](https://github.com/cert-manager/cert-manager/issues/8456), [@&#8203;tkna](https://github.com/tkna))
- Fix unregulated retries with the DigitalOcean DNS-01 solver
  Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([#&#8203;8221](https://github.com/cert-manager/cert-manager/issues/8221), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#&#8203;8403](https://github.com/cert-manager/cert-manager/issues/8403), [@&#8203;calm329](https://github.com/calm329))
- Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#&#8203;8424](https://github.com/cert-manager/cert-manager/issues/8424), [@&#8203;SlashNephy](https://github.com/SlashNephy))
- Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. ([#&#8203;8443](https://github.com/cert-manager/cert-manager/issues/8443), [@&#8203;alviss7](https://github.com/alviss7))
- Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#&#8203;8173](https://github.com/cert-manager/cert-manager/issues/8173), [@&#8203;erikgb](https://github.com/erikgb))
- Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#&#8203;8469](https://github.com/cert-manager/cert-manager/issues/8469), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
- Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#&#8203;8290](https://github.com/cert-manager/cert-manager/issues/8290), [@&#8203;octo-sts](https://github.com/octo-sts)\[bot])
- When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([#&#8203;8162](https://github.com/cert-manager/cert-manager/issues/8162), [@&#8203;LiquidPL](https://github.com/LiquidPL))

##### Other (Cleanup or Flake)

- Promoted the OtherNames feature to Beta and enabled it by default ([#&#8203;8288](https://github.com/cert-manager/cert-manager/issues/8288), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- Promoting `xlistenerset` feature gate to `listenerset` ([#&#8203;8501](https://github.com/cert-manager/cert-manager/issues/8501), [@&#8203;hjoshi123](https://github.com/hjoshi123))
- Rebranding of the Venafi Issuer to CyberArk ([#&#8203;8215](https://github.com/cert-manager/cert-manager/issues/8215), [@&#8203;iossifbenbassat123](https://github.com/iossifbenbassat123))
- Switched to SSA for challenge finalizer updates ([#&#8203;8519](https://github.com/cert-manager/cert-manager/issues/8519), [@&#8203;inteon](https://github.com/inteon))
- The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) ([#&#8203;8408](https://github.com/cert-manager/cert-manager/issues/8408), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. ([#&#8203;8287](https://github.com/cert-manager/cert-manager/issues/8287), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- Update cert-manager's ACME client, forked from golang/x/crypto ([#&#8203;8268](https://github.com/cert-manager/cert-manager/issues/8268), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
- Use the latest version of Kyverno (1.16.2) in the best-practice installation tests ([#&#8203;8389](https://github.com/cert-manager/cert-manager/issues/8389), [@&#8203;wallrj-cyberark](https://github.com/wallrj-cyberark))
- We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. ([#&#8203;8426](https://github.com/cert-manager/cert-manager/issues/8426), [@&#8203;hjoshi123](https://github.com/hjoshi123))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4581
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-03-10 18:46:58 +00:00
Renovate Bot
159eef86a8 chore(deps): update dependency element-hq/synapse to v1.149.0 (#4580)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 10s
Details
renovate / renovate (push) Has been cancelled
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [element-hq/synapse](https://github.com/element-hq/synapse) | minor | `v1.148.0` → `v1.149.0` |

---

### Release Notes

<details>
<summary>element-hq/synapse (element-hq/synapse)</summary>

### [`v1.149.0`](https://github.com/element-hq/synapse/releases/tag/v1.149.0)

[Compare Source](https://github.com/element-hq/synapse/compare/v1.148.0...v1.149.0)

### Synapse 1.149.0 (2026-03-10)

No significant changes since 1.149.0rc1.

### Synapse 1.149.0rc1 (2026-03-03)

#### Features

- Add experimental support for [MSC4388: Secure out-of-band channel for sign in with QR](https://github.com/matrix-org/matrix-spec-proposals/pull/4388). ([#&#8203;19127](https://github.com/element-hq/synapse/issues/19127))
- Add stable support for [MSC4380](https://github.com/matrix-org/matrix-spec-proposals/pull/4380) invite blocking. ([#&#8203;19431](https://github.com/element-hq/synapse/issues/19431))

#### Bugfixes

- Fix the 'Login as a user' Admin API not checking if the user exists before issuing an access token. ([#&#8203;18518](https://github.com/element-hq/synapse/issues/18518))
- Fix `/sync` missing membership event in `state_after` (experimental [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222) implementation) in some scenarios. ([#&#8203;19460](https://github.com/element-hq/synapse/issues/19460))

#### Internal Changes

- Add log to explain when and why we freeze objects in the garbage collector. ([#&#8203;19440](https://github.com/element-hq/synapse/issues/19440))
- Better instrument `JoinRoomAliasServlet` with tracing. ([#&#8203;19461](https://github.com/element-hq/synapse/issues/19461))
- Fix Complement CI not running against the code from our PRs. ([#&#8203;19475](https://github.com/element-hq/synapse/issues/19475))
- Log `docker system info` in CI so we have a plain record of how GitHub runners evolve over time. ([#&#8203;19480](https://github.com/element-hq/synapse/issues/19480))
- Rename the `test_disconnect` test helper so that pytest doesn't see it as a test. ([#&#8203;19486](https://github.com/element-hq/synapse/issues/19486))
- Add a log line when we delete devices. Contributed by [@&#8203;bradtgmurray](https://github.com/bradtgmurray) @&#8203; Beeper. ([#&#8203;19496](https://github.com/element-hq/synapse/issues/19496))
- Pre-allocate the buffer based on the expected `Content-Length` with the Rust HTTP client. ([#&#8203;19498](https://github.com/element-hq/synapse/issues/19498))
- Cancel long-running sync requests if the client has gone away. ([#&#8203;19499](https://github.com/element-hq/synapse/issues/19499))
- Try and reduce reactor tick times when under heavy load. ([#&#8203;19507](https://github.com/element-hq/synapse/issues/19507))
- Simplify Rust HTTP client response streaming and limiting. ([#&#8203;19510](https://github.com/element-hq/synapse/issues/19510))
- Replace deprecated collection import locations with current locations. ([#&#8203;19515](https://github.com/element-hq/synapse/issues/19515))
- Bump most locked Python dependencies to their latest versions. ([#&#8203;19519](https://github.com/element-hq/synapse/issues/19519))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4580
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-03-10 18:45:40 +00:00
Renovate Bot
2c9310f8d1 chore(deps): update searxng/searxng:latest docker digest to 943c899 (#4578)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 21s
Details
renovate / renovate (push) Successful in 3m44s
Details
2026-03-10 09:05:29 +00:00
Renovate Bot
38f5fccfec chore(deps): update valkey docker tag to v0.4.0 (#4572)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 15s
Details
render-manifests-dispatch / render-manifests-dispatch (push) Successful in 26m24s
Details
renovate / renovate (push) Successful in 5m9s
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [valkey](https://github.com/valkey-io/valkey) | minor | `0.3.0` → `0.4.0` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4yIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: #4572
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-03-10 02:32:01 +00:00
30 changed files with 250 additions and 41 deletions
Expand all files Collapse all files

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.4.9
digest: sha256:5dbcd4491181bcedd914c0bb0dfa80af521703062898822b60a85e2a0a96e126
generated: "2026-03-09T17:01:48.010446725Z"
version: 9.4.10
digest: sha256:795aad956acef3f5efb8160390caf9b9792b7b4150d3a7984f1c5edbad92dfaa
generated: "2026-03-10T18:58:35.720448421Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.4.9
version: 9.4.10
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

1
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -135,6 +135,7 @@ blocky:
komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.19.4
digest: sha256:5c4a0a0568677bfcf4529e6ec6a005957cd1820fd5f1d1f108e74370d409fe88
generated: "2026-02-24T19:30:44.415585645Z"
version: v1.20.0
digest: sha256:1543bd17649cb32982de3cce017fcbed1b44c41d50b76c6471b266f33e261c29
generated: "2026-03-10T16:06:49.332999536Z"

4
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: cert-manager
version: v1.19.4
version: v1.20.0
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.19.4
appVersion: v1.20.0

2
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.11
appVersion: v1.12.12

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1
image:
repository: vectorim/element-web
tag: v1.12.11
tag: v1.12.12
pullPolicy: IfNotPresent
defaultServer:
url: https://matrix.alexlebens.dev

3
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -137,6 +137,9 @@ gatus:
- name: yamtrack
url: https://yamtrack.alexlebens.net
<<: *defaults
- name: movie-roulette
url: https://movie-roulette.alexlebens.net
<<: *defaults
- name: jellyfin
url: https://jellyfin.alexlebens.net
<<: *defaults

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.14.2
appVersion: v2.14.3

12
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -41,12 +41,12 @@ harbor:
portal:
image:
repository: goharbor/harbor-portal
tag: v2.14.2
tag: v2.14.3
replicas: 2
core:
image:
repository: goharbor/harbor-core
tag: v2.14.2
tag: v2.14.3
replicas: 2
existingSecret: harbor-secret
secretName: harbor-secret
@@ -54,7 +54,7 @@ harbor:
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: v2.14.2
tag: v2.14.3
replicas: 2
jobLoggers:
- stdout
@@ -63,11 +63,11 @@ harbor:
registry:
image:
repository: goharbor/registry-photon
tag: v2.14.2
tag: v2.14.3
controller:
image:
repository: goharbor/harbor-registryctl
tag: v2.14.2
tag: v2.14.3
existingSecret: harbor-secret
relativeurls: true
credentials:
@@ -94,7 +94,7 @@ harbor:
exporter:
image:
repository: goharbor/harbor-exporter
tag: v2.14.2
tag: v2.14.3
replicas: 2
postgres-18-cluster:
mode: recovery

6
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -160,6 +160,12 @@ homepage:
href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot
- Movie Roulette:
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
description: Movie Roulette
href: https://movie-roulette.alexlebens.net
siteMonitor: http://movie-roulette.movie-roulette:80
statusStyle: dot
- Movies and TV:
icon: sh-jellyfin.webp
description: Jellyfin

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.10.2
version: 82.10.3
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:9019f0e0bcbe5033457c9d402590b51a1b27e2e6141bfd5d84b9b30a5f666c98
generated: "2026-03-09T23:07:53.50141436Z"
digest: sha256:37ffa4a21ed29703cae9c9f3fb029566a1dd6af6e0fe8cc3862a2226d6644114
generated: "2026-03-10T19:02:41.11005238Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.10.2
version: 82.10.3
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager

6
clusters/cl01tl/helm/local-path-provisioner/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: local-path-provisioner
repository: https://charts.containeroo.ch
version: 0.0.35
digest: sha256:c59cc5a81e797a9e2ab0f8e6bf03cb3e4dfc740555631aa1d41b7def1d2c60c8
generated: "2026-01-10T19:01:45.394965495Z"
version: 0.0.36
digest: sha256:ac212733a0ba2046767ad1718ca740d5aad3d1bfc49c5e7a5056c8414c1d65d4
generated: "2026-03-10T19:00:30.739038561Z"

4
clusters/cl01tl/helm/local-path-provisioner/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: local-path-provisioner
version: 0.0.35
version: 0.0.36
repository: https://charts.containeroo.ch
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=rancher/local-path-provisioner
appVersion: v0.0.34
appVersion: v0.0.35

2
clusters/cl01tl/helm/local-path-provisioner/values.yaml
View File

@@ -1,7 +1,7 @@
local-path-provisioner:
image:
repository: rancher/local-path-provisioner
tag: v0.0.34
tag: v0.0.35
helperImage:
repository: busybox
tag: 1.37.0

6
clusters/cl01tl/helm/loki/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 6.53.0
- name: alloy
repository: https://grafana.github.io/helm-charts
version: 1.6.1
digest: sha256:ec17a816dcdc476ad67cd056556d9a42a9fb8057ef75a928f8604939006e3416
generated: "2026-03-02T15:18:56.219024346Z"
version: 1.6.2
digest: sha256:88b8ace6bcbcbff4b04727499705fbe94de7fe4b8f0b8aa254a1e7d1d2c65fac
generated: "2026-03-10T18:56:19.38475079Z"

2
clusters/cl01tl/helm/loki/Chart.yaml
View File

@@ -19,7 +19,7 @@ dependencies:
version: 6.53.0
repository: https://grafana.github.io/helm-charts
- name: alloy
version: 1.6.1
version: 1.6.2
repository: https://grafana.github.io/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/loki.png
# renovate: datasource=github-releases depName=grafana/loki

2
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -81,4 +81,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
# renovate: datasource=github-releases depName=element-hq/synapse
appVersion: v1.148.0
appVersion: v1.149.0

6
clusters/cl01tl/helm/movie-roulette/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:faa35ccfc18b2d47fad558e168bd3c68e64790fe2b1356881452ae4f5cd8b443
generated: "2026-03-10T16:01:13.738843-05:00"

22
clusters/cl01tl/helm/movie-roulette/Chart.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v2
name: movie-roulette
version: 1.0.0
description: Movie Roulette
keywords:
- movie-roulette
- jellyfin
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/sahara101/Movie-Roulette
- https://github.com/sahara101/Movie-Roulette/pkgs/container/movie-roulette
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: movie-roulette
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
# renovate: datasource=github-releases depName=sahara101/Movie-Roulette
appVersion: v5.2.1

42
clusters/cl01tl/helm/movie-roulette/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: movie-roulette-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: movie-roulette-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/movie-roulette/key
metadataPolicy: None
property: secret-key
- secretKey: jellyfin-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/movie-roulette
metadataPolicy: None
property: jellyfin-key
- secretKey: jellyfin-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/movie-roulette
metadataPolicy: None
property: user
- secretKey: seerr-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/seerr/key
metadataPolicy: None
property: key

127
clusters/cl01tl/helm/movie-roulette/values.yaml Normal file
View File

@@ -0,0 +1,127 @@
movie-roulette:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/sahara101/movie-roulette
tag: v5.2.1
pullPolicy: IfNotPresent
env:
- name: FLASK_SECRET_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: secret-key
- name: CORS_ALLOWED_ORIGINS
value: movie-roulette.alexlebens.net
- name: DISABLE_SETTINGS
value: "TRUE"
- name: AUTH_ENABLED
value: "TRUE"
- name: AUTH_SESSION_LIFETIME
value: "86400"
- name: JELLYFIN_URL
value: http://jellyfin.alexlebens.net
- name: JELLYFIN_API_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: jellyfin-key
- name: JELLYFIN_USER_ID
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: jellyfin-user
- name: LOGIN_BACKDROP_ENABLED
value: "TRUE"
- name: HOMEPAGE_MODE
value: "FALSE"
- name: USE_LINKS
value: "TRUE"
- name: USE_FILTER
value: "TRUE"
- name: USE_WATCH_BUTTON
value: "TRUE"
- name: USE_NEXT_BUTTON
value: "TRUE"
- name: USE_GRID_VIEW
value: "true"
- name: ENABLE_MOBILE_TRUNCATION
value: "TRUE"
- name: SHOW_NOW_WATCHING_CARD
value: "FALSE"
- name: USE_HEROUI_THEME
value: "FALSE"
- name: ENABLE_MOVIE_LOGOS
value: "TRUE"
- name: LOAD_MOVIE_ON_START
value: "FALSE"
- name: SEERR_URL
value: http://seerr.alexlebens.net
- name: SEERR_API_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: seerr-key
- name: REQUEST_SERVICE_DEFAULT
value: "seerr"
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 4000
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- movie-roulette.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: movie-roulette
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: movie-roulette-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
volsync-target-data:
pvcTarget: movie-roulette-data
local:
enabled: true
schedule: 44 11 * * *
remote:
enabled: false
external:
enabled: true
schedule: 44 12 * * *

2
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -9,7 +9,7 @@ music-grabber:
main:
image:
repository: g33kphr33k/musicgrabber
tag: 2.3.4
tag: 2.3.5
pullPolicy: IfNotPresent
env:
- name: MUSIC_DIR

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -42,4 +42,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
# renovate: datasource=github-releases depName=gitroomhq/postiz-app
appVersion: v2.20.1
appVersion: v2.20.2

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main:
image:
repository: ghcr.io/gitroomhq/postiz-app
tag: v2.20.1
tag: v2.20.2
pullPolicy: IfNotPresent
env:
- name: MAIN_URL

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:a973f277a9025be36675ee803039d5f309c57e8521a500b5edee4cdba01c316a
tag: latest@sha256:943c8997857aa050ef405779df2fd809960b0e230707f0c45d8e1f0d6a5bb4b7
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:a973f277a9025be36675ee803039d5f309c57e8521a500b5edee4cdba01c316a
tag: latest@sha256:943c8997857aa050ef405779df2fd809960b0e230707f0c45d8e1f0d6a5bb4b7
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

6
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -405,7 +405,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.4
tag: v1.12.5
pullPolicy: IfNotPresent
args:
- etcd
@@ -438,7 +438,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.4
tag: v1.12.5
pullPolicy: IfNotPresent
args:
- etcd
@@ -471,7 +471,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.4
tag: v1.12.5
pullPolicy: IfNotPresent
args:
- etcd

1
hosts/ps08rp/blocky/config.yml
View File

@@ -110,6 +110,7 @@ customDNS:
komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl

1
hosts/ps09rp/blocky/config.yml
View File

@@ -131,6 +131,7 @@ customDNS:
komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl