Update ghcr.io/moghtech/komodo-core Docker tag to v1.18.0

clusters/cl01tl/applications/libation/values.yaml

@@ -6,7 +6,7 @@ libation:
         suspend: false
         concurrencyPolicy: Forbid
         timeZone: US/Central
-        schedule: "30 4 * * *"
+        schedule: "0 * * * *"
         startingDeadlineSeconds: 90
         successfulJobsHistory: 3
         failedJobsHistory: 3

clusters/cl01tl/applications/roundcube/values.yaml

@@ -75,7 +75,7 @@ roundcube:
         suspend: false
         concurrencyPolicy: Forbid
         timeZone: US/Central
-        schedule: 30 4 * * *
+        schedule: 0 4 * * *
         startingDeadlineSeconds: 90
         successfulJobsHistory: 3
         failedJobsHistory: 3

clusters/cl01tl/monitoring/trivy/Chart.yaml

@@ -1,22 +0,0 @@
-apiVersion: v2
-name: trivy
-version: 1.0.0
-description: Trivy
-keywords:
-  - trivy
-  - vulnerability
-  - monitoring
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/5cffa529-4c2e-4126-99eb-cc4aeb5a49b3
-sources:
-  - https://github.com/aquasecurity/trivy
-  - https://github.com/aquasecurity/trivy-operator
-  - https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: trivy-operator
-    version: 0.28.1
-    repository: https://aquasecurity.github.io/helm-charts/
-icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png
-appVersion: v0.26.1

clusters/cl01tl/monitoring/trivy/values.yaml

@@ -1,113 +0,0 @@
-trivy-operator:
-  targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
-  operator:
-    replicas: 1
-    vulnerabilityScannerEnabled: true
-    sbomGenerationEnabled: false
-    clusterSbomCacheEnabled: false
-    configAuditScannerEnabled: false
-    rbacAssessmentScannerEnabled: false
-    infraAssessmentScannerEnabled: false
-    clusterComplianceEnabled: false
-  serviceMonitor:
-    enabled: true
-  trivy:
-    createConfig: true
-    image:
-      registry: mirror.gcr.io
-      repository: aquasec/trivy
-      tag: 0.62.1
-    storageClassEnabled: true
-    storageClassName: ceph-block
-    storageSize: "5Gi"
-    registry:
-      mirror:
-        "registry-1.docker.io": proxy-registry-1.docker.io
-        "quay.io": proxy-quay.io
-        "registry.k8s.io": proxy-registry.k8s
-        "gcr.io": proxy-gcr.io
-        "ghcr.io": proxy-ghcr.io
-        "hub.docker": proxy-hub.docker
-    severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-    slow: true
-    resources:
-      requests:
-        cpu: 100m
-        memory: 128M
-    supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
-    server:
-      resources:
-        requests:
-          cpu: 200m
-          memory: 512Mi
-      replicas: 1
-  compliance:
-    reportType: summary
-    cron: 0 5 * * *
-    specs:
-      - k8s-cis-1.23
-      - k8s-nsa-1.0
-      - k8s-pss-baseline-0.1
-      - k8s-pss-restricted-0.1
-  volumeMounts:
-    - mountPath: /tmp
-      name: cache-policies
-      readOnly: false
-  volumes:
-    - name: cache-policies
-      emptyDir: {}
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-  nodeCollector:
-    volumeMounts:
-      - name: var-lib-etcd
-        mountPath: /var/lib/etcd
-        readOnly: true
-      - name: var-lib-kubelet
-        mountPath: /var/lib/kubelet
-        readOnly: true
-      - name: var-lib-kube-scheduler
-        mountPath: /var/lib/kube-scheduler
-        readOnly: true
-      - name: var-lib-kube-controller-manager
-        mountPath: /var/lib/kube-controller-manager
-        readOnly: true
-      - name: etc-systemd
-        mountPath: /etc/systemd
-        readOnly: true
-      - name: lib-systemd
-        mountPath: /lib/systemd/
-        readOnly: true
-      - name: etc-kubernetes
-        mountPath: /etc/kubernetes
-        readOnly: true
-      - name: etc-cni-netd
-        mountPath: /etc/cni/net.d/
-        readOnly: true
-    volumes:
-      - name: var-lib-etcd
-        hostPath:
-          path: /var/lib/etcd
-      - name: var-lib-kubelet
-        hostPath:
-          path: /var/lib/kubelet
-      - name: var-lib-kube-scheduler
-        hostPath:
-          path: /var/lib/kube-scheduler
-      - name: var-lib-kube-controller-manager
-        hostPath:
-          path: /var/lib/kube-controller-manager
-      - name: etc-systemd
-        hostPath:
-          path: /etc/systemd
-      - name: lib-systemd
-        hostPath:
-          path: /lib/systemd
-      - name: etc-kubernetes
-        hostPath:
-          path: /etc/kubernetes
-      - name: etc-cni-netd
-        hostPath:
-          path: /etc/cni/net.d/

clusters/cl01tl/platform/gitea/values.yaml

@@ -151,6 +151,80 @@ gitea:
     enabled: false
   mariadb:
     enabled: false
+# renovate:
+#   global:
+#     fullnameOverride: gitea-renovate
+#   controllers:
+#     renovate:
+#       type: cronjob
+#       cronjob:
+#         suspend: false
+#         concurrencyPolicy: Forbid
+#         timeZone: US/Central
+#         schedule: "0 4 * * *"
+#         startingDeadlineSeconds: 90
+#         successfulJobsHistory: 3
+#         failedJobsHistory: 3
+#         backoffLimit: 3
+#         parallelism: 1
+#       containers:
+#         main:
+#           image:
+#             repository: renovate/renovate
+#             tag: 40
+#             pullPolicy: IfNotPresent
+#           env:
+#             - name: RENOVATE_PLATFORM
+#               value: gitea
+#             - name: RENOVATE_AUTODISCOVER
+#               value: 'true'
+#             - name: RENOVATE_ONBOARDING
+#               value: 'true'
+#             - name: RENOVATE_BASE_DIR
+#               value: /tmp/renovate
+#             - name: RENOVATE_PERSIST_REPO_DATA
+#               value: true
+#             - name: RENOVATE_REPOSITORY_CACHE
+#               value: true
+#             - name: RENOVATE_REDIS_URL
+#               value: redis://gitea-renovate-valkey-primary.gitea:6379
+#             - name: LOG_LEVEL
+#               value: info
+#           envFrom:
+#             - secretRef:
+#                 name: gitea-renovate-secret
+#           resources:
+#             requests:
+#               cpu: 100m
+#               memory: 128Mi
+#   persistence:
+#     base:
+#       storageClass: ceph-block
+#       accessMode: ReadWriteOnce
+#       size: 5Gi
+#       retain: true
+#       advancedMounts:
+#         renovate:
+#           main:
+#             - path: /tmp/renovate
+#               readOnly: false
+#     ssh:
+#       enabled: true
+#       type: secret
+#       name: gitea-renovate-ssh-secret
+#       advancedMounts:
+#         renovate:
+#           main:
+#             - path: /home/ubuntu/.ssh
+#               readOnly: true
+#               mountPropagation: None
+#     cache:
+#       type: emptyDir
+#       advancedMounts:
+#         renovate:
+#           main:
+#             - path: /tmp/renovate/cache
+#               readOnly: false
 backup:
   global:
     fullnameOverride: gitea-backup

clusters/cl01tl/services/kubernetes-cloudflare-ddns/values.yaml

@@ -6,7 +6,7 @@ kubernetes-cloudflare-ddns:
         suspend: false
         concurrencyPolicy: Forbid
         timeZone: US/Central
-        schedule: "30 4 * * *"
+        schedule: "0 0 * * *"
         startingDeadlineSeconds: 90
         successfulJobsHistory: 3
         failedJobsHistory: 3

clusters/cl01tl/services/talos/values.yaml

@@ -13,7 +13,7 @@ etcd-backup:
         suspend: false
         concurrencyPolicy: Forbid
         timeZone: US/Central
-        schedule: "0 2 * * *"
+        schedule: "0 0 * * *"
         startingDeadlineSeconds: 90
         successfulJobsHistory: 3
         failedJobsHistory: 3