From 55c891b33226488128ab63eae906b95f08f08a81 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 15 Mar 2026 17:47:45 -0500 Subject: [PATCH 01/17] feat: remove systemd mounts --- clusters/cl01tl/helm/trivy/values.yaml | 40 ++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/clusters/cl01tl/helm/trivy/values.yaml b/clusters/cl01tl/helm/trivy/values.yaml index 5d6cce425..fd4220dd4 100644 --- a/clusters/cl01tl/helm/trivy/values.yaml +++ b/clusters/cl01tl/helm/trivy/values.yaml @@ -2,6 +2,7 @@ trivy-operator: targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job" operator: replicas: 1 + scanJobsConcurrentLimit: 3 vulnerabilityScannerEnabled: true sbomGenerationEnabled: true clusterSbomCacheEnabled: true @@ -45,3 +46,42 @@ trivy-operator: cpu: 200m memory: 512Mi replicas: 1 +nodeCollector: + volumeMounts: + - name: var-lib-etcd + mountPath: /var/lib/etcd + readOnly: true + - name: var-lib-kubelet + mountPath: /var/lib/kubelet + readOnly: true + - name: var-lib-kube-scheduler + mountPath: /var/lib/kube-scheduler + readOnly: true + - name: var-lib-kube-controller-manager + mountPath: /var/lib/kube-controller-manager + readOnly: true + - name: etc-kubernetes + mountPath: /etc/kubernetes + readOnly: true + - name: etc-cni-netd + mountPath: /etc/cni/net.d/ + readOnly: true + volumes: + - name: var-lib-etcd + hostPath: + path: /var/lib/etcd + - name: var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: var-lib-kube-scheduler + hostPath: + path: /var/lib/kube-scheduler + - name: var-lib-kube-controller-manager + hostPath: + path: /var/lib/kube-controller-manager + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: etc-cni-netd + hostPath: + path: /etc/cni/net.d/ -- 2.49.1 From 773dbadfdf62091a802ca60f6ce0c538b7d04866 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 15 Mar 2026 22:34:42 +0000 Subject: [PATCH 02/17] chore(deps): update ghcr.io/linuxserver/plex:1.43.0 docker digest to 84f8646 (#4773) --- clusters/cl01tl/helm/plex/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/plex/values.yaml b/clusters/cl01tl/helm/plex/values.yaml index e8683b332..1ee25cfd4 100644 --- a/clusters/cl01tl/helm/plex/values.yaml +++ b/clusters/cl01tl/helm/plex/values.yaml @@ -9,7 +9,7 @@ plex: main: image: repository: ghcr.io/linuxserver/plex - tag: 1.43.0@sha256:79dfc89947410ec120a3e34cf68f746f6f154de20772e6f27b9998ca9bd65a5e + tag: 1.43.0@sha256:84f8646e799f6636876ab4f283d9fc8f6c51d56098ea74cba82bfb85074b68df pullPolicy: IfNotPresent env: - name: TZ -- 2.49.1 From c63c3b73d3c34226434ff36b26ea80f7dc242923 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 15 Mar 2026 22:50:30 +0000 Subject: [PATCH 03/17] chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.3.0 (#4775) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [harbor.alexlebens.net/images/site-documentation](https://gitea.alexlebens.dev/alexlebens/site-documentation) | minor | `0.2.0` → `0.3.0` | --- ### Release Notes
alexlebens/site-documentation (harbor.alexlebens.net/images/site-documentation) ### [`v0.3.0`](https://gitea.alexlebens.dev/alexlebens/site-documentation/blob/HEAD/CHANGELOG.md#030-2026-03-15) [Compare Source](https://gitea.alexlebens.dev/alexlebens/site-documentation/compare/0.2.0...0.3.0) ##### Features - add and update pre-commit ([972bbff](http://gitea-http.gitea:3000/alexlebens/site-documentation/commit/972bbffb41020489508660c261559b0e6c806ca6))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4775 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/site-documentation/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/site-documentation/values.yaml b/clusters/cl01tl/helm/site-documentation/values.yaml index 1f0fd561c..f7e9b9b9b 100644 --- a/clusters/cl01tl/helm/site-documentation/values.yaml +++ b/clusters/cl01tl/helm/site-documentation/values.yaml @@ -11,7 +11,7 @@ site-documentation: main: image: repository: harbor.alexlebens.net/images/site-documentation - tag: 0.2.0 + tag: 0.3.0 pullPolicy: IfNotPresent resources: requests: -- 2.49.1 From b767fc5dfad409fe488f562faddaad74de01f7ec Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Mon, 16 Mar 2026 00:14:44 -0500 Subject: [PATCH 04/17] feat: specificy branch --- renovate.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/renovate.json b/renovate.json index e823b962d..63c84223f 100644 --- a/renovate.json +++ b/renovate.json @@ -57,6 +57,9 @@ "labels": [], "prHourlyLimit": 0, "prConcurrentLimit": 0, + "baseBranches": [ + "main" + ], "packageRules": [ { "description": "Label charts", -- 2.49.1 From b72487e6147d621843f62a43bf741c68a763fbc9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 16 Mar 2026 15:27:26 +0000 Subject: [PATCH 05/17] chore(config): migrate Renovate config (#4786) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Renovate config in this repository needs migrating. Typically this is because one or more configuration options you are using have been renamed. You don't need to merge this PR right away, because Renovate will continue to migrate these fields internally each time it runs. But later some of these fields may be fully deprecated and the migrations removed. So it's a good idea to merge this migration PR soon. 🔕 **Ignore**: Close this PR and you won't be reminded about config migration again, but one day your current config may no longer be valid. ❓ Got questions? Does something look wrong to you? Please don't hesitate to [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4786 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- renovate.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 63c84223f..83e8cbc38 100644 --- a/renovate.json +++ b/renovate.json @@ -57,7 +57,7 @@ "labels": [], "prHourlyLimit": 0, "prConcurrentLimit": 0, - "baseBranches": [ + "baseBranchPatterns": [ "main" ], "packageRules": [ -- 2.49.1 From 462f9178be4a21686daef7a2248ceb3e0af2172e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 16 Mar 2026 15:54:02 +0000 Subject: [PATCH 06/17] chore(deps): update helm release traefik-crds to v1.15.0 (#4787) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [traefik-crds](https://traefik.io/) ([source](https://github.com/traefik/traefik-helm-chart)) | minor | `1.14.0` → `1.15.0` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4787 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/traefik/Chart.lock | 6 +++--- clusters/cl01tl/helm/traefik/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/clusters/cl01tl/helm/traefik/Chart.lock b/clusters/cl01tl/helm/traefik/Chart.lock index f3c0d1298..bd8f34ba3 100644 --- a/clusters/cl01tl/helm/traefik/Chart.lock +++ b/clusters/cl01tl/helm/traefik/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 39.0.5 - name: traefik-crds repository: https://traefik.github.io/charts - version: 1.14.0 -digest: sha256:8ae6a524708becb7af3a30d2ca4e671c92b7627842f6c6917656526298e2eba5 -generated: "2026-03-09T17:04:21.522089828Z" + version: 1.15.0 +digest: sha256:8edf8d2dcabdba2c2b8d6a9508f001ba5ef4bec205423f864b92f2adedd73b60 +generated: "2026-03-16T15:32:49.364653199Z" diff --git a/clusters/cl01tl/helm/traefik/Chart.yaml b/clusters/cl01tl/helm/traefik/Chart.yaml index b01f3d230..358a2d8c9 100644 --- a/clusters/cl01tl/helm/traefik/Chart.yaml +++ b/clusters/cl01tl/helm/traefik/Chart.yaml @@ -18,7 +18,7 @@ dependencies: version: 39.0.5 repository: https://traefik.github.io/charts - name: traefik-crds - version: 1.14.0 + version: 1.15.0 repository: https://traefik.github.io/charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp # renovate: datasource=github-releases depName=traefik/traefik -- 2.49.1 From e0c2df0a32e5f08302b915475b3b557be68455e7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 16 Mar 2026 16:03:10 +0000 Subject: [PATCH 07/17] chore(deps): update helm release meilisearch to v0.28.0 (#4788) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [meilisearch](https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch) ([source](https://github.com/meilisearch/meilisearch-kubernetes)) | minor | `0.27.0` → `0.28.0` | --- ### Release Notes
meilisearch/meilisearch-kubernetes (meilisearch) ### [`v0.28.0`](https://github.com/meilisearch/meilisearch-kubernetes/releases/tag/meilisearch-0.28.0) [Compare Source](https://github.com/meilisearch/meilisearch-kubernetes/compare/meilisearch-0.27.0...meilisearch-0.28.0) A Helm chart for the Meilisearch search engine
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4788 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/gitea/Chart.lock | 6 +++--- clusters/cl01tl/helm/gitea/Chart.yaml | 2 +- clusters/cl01tl/helm/jellyfin/Chart.lock | 6 +++--- clusters/cl01tl/helm/jellyfin/Chart.yaml | 2 +- clusters/cl01tl/helm/karakeep/Chart.lock | 6 +++--- clusters/cl01tl/helm/karakeep/Chart.yaml | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/clusters/cl01tl/helm/gitea/Chart.lock b/clusters/cl01tl/helm/gitea/Chart.lock index 8ac69c04c..dcc4338b6 100644 --- a/clusters/cl01tl/helm/gitea/Chart.lock +++ b/clusters/cl01tl/helm/gitea/Chart.lock @@ -7,7 +7,7 @@ dependencies: version: 0.0.3 - name: meilisearch repository: https://meilisearch.github.io/meilisearch-kubernetes - version: 0.27.0 + version: 0.28.0 - name: cloudflared repository: oci://harbor.alexlebens.net/helm-charts version: 2.4.0 @@ -23,5 +23,5 @@ dependencies: - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:095caf06888cd4663eb5d389399ebad167861007b604016fc4907308474558ab -generated: "2026-03-15T20:05:41.388335307Z" +digest: sha256:238b7653c9d12c4886a56350b6d66217dbe7ecbb76078a846c7cc2c8cb450eb3 +generated: "2026-03-16T15:56:55.197735783Z" diff --git a/clusters/cl01tl/helm/gitea/Chart.yaml b/clusters/cl01tl/helm/gitea/Chart.yaml index 10304f3d3..0de26770d 100644 --- a/clusters/cl01tl/helm/gitea/Chart.yaml +++ b/clusters/cl01tl/helm/gitea/Chart.yaml @@ -33,7 +33,7 @@ dependencies: repository: https://dl.gitea.com/charts/ version: 0.0.3 - name: meilisearch - version: 0.27.0 + version: 0.28.0 repository: https://meilisearch.github.io/meilisearch-kubernetes - name: cloudflared repository: oci://harbor.alexlebens.net/helm-charts diff --git a/clusters/cl01tl/helm/jellyfin/Chart.lock b/clusters/cl01tl/helm/jellyfin/Chart.lock index 36d33fb9e..7fc992ac7 100644 --- a/clusters/cl01tl/helm/jellyfin/Chart.lock +++ b/clusters/cl01tl/helm/jellyfin/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 4.6.2 - name: meilisearch repository: https://meilisearch.github.io/meilisearch-kubernetes - version: 0.27.0 + version: 0.28.0 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:ca384647a640ae717ac874a2627f00ac9a1e5c97ff5eeb8f326ebdd471ab1623 -generated: "2026-03-09T15:04:08.648165537Z" +digest: sha256:57b007c6e19dda1300f5025332d9e8104bfb9a50cd7124260bfa68ce2432628b +generated: "2026-03-16T15:57:13.466372254Z" diff --git a/clusters/cl01tl/helm/jellyfin/Chart.yaml b/clusters/cl01tl/helm/jellyfin/Chart.yaml index f976293c0..93468db7c 100644 --- a/clusters/cl01tl/helm/jellyfin/Chart.yaml +++ b/clusters/cl01tl/helm/jellyfin/Chart.yaml @@ -25,7 +25,7 @@ dependencies: repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 - name: meilisearch - version: 0.27.0 + version: 0.28.0 repository: https://meilisearch.github.io/meilisearch-kubernetes - name: volsync-target alias: volsync-target-config diff --git a/clusters/cl01tl/helm/karakeep/Chart.lock b/clusters/cl01tl/helm/karakeep/Chart.lock index 4097cdd66..663233b8d 100644 --- a/clusters/cl01tl/helm/karakeep/Chart.lock +++ b/clusters/cl01tl/helm/karakeep/Chart.lock @@ -4,12 +4,12 @@ dependencies: version: 4.6.2 - name: meilisearch repository: https://meilisearch.github.io/meilisearch-kubernetes - version: 0.27.0 + version: 0.28.0 - name: cloudflared repository: oci://harbor.alexlebens.net/helm-charts version: 2.4.0 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:75f92316d4b6229d00e3dfa39ed5026ad39a28f833321cd3887a2048cdac34c7 -generated: "2026-03-09T22:04:48.630821646Z" +digest: sha256:49e37e17dc859927048c6474ce27cb063a020f291d6d2d24876d0427eddc3656 +generated: "2026-03-16T15:57:28.156797159Z" diff --git a/clusters/cl01tl/helm/karakeep/Chart.yaml b/clusters/cl01tl/helm/karakeep/Chart.yaml index 841555c6b..bddad6656 100644 --- a/clusters/cl01tl/helm/karakeep/Chart.yaml +++ b/clusters/cl01tl/helm/karakeep/Chart.yaml @@ -22,7 +22,7 @@ dependencies: repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 - name: meilisearch - version: 0.27.0 + version: 0.28.0 repository: https://meilisearch.github.io/meilisearch-kubernetes - name: cloudflared repository: oci://harbor.alexlebens.net/helm-charts -- 2.49.1 From f274feee039c29b1e50625bc4242633892b2af1b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 16 Mar 2026 17:59:28 +0000 Subject: [PATCH 08/17] chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.13.0 (#4791) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [harbor.alexlebens.net/images/site-profile](https://gitea.alexlebens.dev/alexlebens/site-profile) | minor | `3.12.1` → `3.13.0` | --- ### Release Notes
alexlebens/site-profile (harbor.alexlebens.net/images/site-profile) ### [`v3.13.0`](https://gitea.alexlebens.dev/alexlebens/site-profile/releases/tag/3.13.0) [Compare Source](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/3.12.1...3.13.0) ##### Bug Fixes - change execution mode ([a6c889f](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/a6c889f76a2e55e2efe8a19ffdacdb7327dd0116)) ##### Features - add and update pre-commit ([148fe8e](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/148fe8eeffeb377ce8006c5126625e7d338a4db7)) - add fallback ([787479e](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/787479e077e3608112f6ddad41d6d5e686c0166f)) - add fallback ([220c29f](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/220c29f4f766ff78967c8198e0e1605067404551)) - add fallback to run animations on switch ([954112e](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/954112e30e1ce912ca7098455555f675a49f9841)) - add semantic-release/npm ([91c9a4b](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/91c9a4bb91eea9baea5fadcebbc280f416555e23)) - change paths ([9319228](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/9319228ef6df0039dc8ee6ab88882f2e5e044d14)) - consolidate css into tailwind ([dfeb181](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/dfeb181a1d781d5bcdcf7240a67e594f3a170e50)) - downgrade to astro 5 ([f35c73b](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/f35c73b02873405b8ab350b6b5a8385339ff2329)) - move scripts to script folder ([641c7cb](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/641c7cb33feec65b185d307a7cf1c9879b884a03)) - refactor static paths and photoswipe on blog page, move script to base layout ([93a53ca](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/93a53cab3d6e1cb6395a60537d07de22686f21f6)) - remove react ([e3179b0](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/e3179b0480a56d173439fafddca7d75f96fb1b42)) - revert shiki css changes ([c4104a5](https://gitea.alexlebens.dev/alexlebens/site-profile/commit/c4104a52d170cef2da0a087f7252caa5bc3a19db))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4791 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/site-profile/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/site-profile/values.yaml b/clusters/cl01tl/helm/site-profile/values.yaml index b217c9aca..14da491a7 100644 --- a/clusters/cl01tl/helm/site-profile/values.yaml +++ b/clusters/cl01tl/helm/site-profile/values.yaml @@ -11,7 +11,7 @@ site-profile: main: image: repository: harbor.alexlebens.net/images/site-profile - tag: 3.12.1 + tag: 3.13.0 pullPolicy: IfNotPresent resources: requests: -- 2.49.1 From 0a7e9d8a2206ddeb39ab1907f19bd26d0046b455 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 16 Mar 2026 23:02:46 +0000 Subject: [PATCH 09/17] chore(deps): update searxng/searxng:latest docker digest to 9206e4c (#4793) --- clusters/cl01tl/helm/searxng/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/cl01tl/helm/searxng/values.yaml b/clusters/cl01tl/helm/searxng/values.yaml index 5c2b17c1a..91fe76c29 100644 --- a/clusters/cl01tl/helm/searxng/values.yaml +++ b/clusters/cl01tl/helm/searxng/values.yaml @@ -9,7 +9,7 @@ searxng: main: image: repository: searxng/searxng - tag: latest@sha256:174f6a8498d88d2d98c265a952c2d552859bf315cd505746d1c0d4fbec37952f + tag: latest@sha256:9206e4c2de22ea36274a67eb961afd90f51d2a9df2f8242b00c94e6c6692a946 pullPolicy: IfNotPresent env: - name: SEARXNG_BASE_URL @@ -39,7 +39,7 @@ searxng: main: image: repository: searxng/searxng - tag: latest@sha256:174f6a8498d88d2d98c265a952c2d552859bf315cd505746d1c0d4fbec37952f + tag: latest@sha256:9206e4c2de22ea36274a67eb961afd90f51d2a9df2f8242b00c94e6c6692a946 pullPolicy: IfNotPresent env: - name: SEARXNG_BASE_URL -- 2.49.1 From d503b5cb6e63a897816d6cba7f1ba5e8e1e9bb08 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Mar 2026 00:54:53 +0000 Subject: [PATCH 10/17] chore(deps): update goharbor/harbor-core docker tag to v2.15.0 (#4779) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | goharbor/harbor-core | minor | `v2.14.3` → `v2.15.0` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4779 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/harbor/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index 6cdc5be97..0d3b04016 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -46,7 +46,7 @@ harbor: core: image: repository: goharbor/harbor-core - tag: v2.14.3 + tag: v2.15.0 replicas: 2 existingSecret: harbor-secret secretName: harbor-secret -- 2.49.1 From e35624c2368ca4b7168f4985055df1d36cdcb142 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Mar 2026 01:00:43 +0000 Subject: [PATCH 11/17] chore(deps): update goharbor/harbor-exporter docker tag to v2.15.0 (#4780) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | goharbor/harbor-exporter | minor | `v2.14.3` → `v2.15.0` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4780 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/harbor/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index 0d3b04016..00aed5416 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -94,7 +94,7 @@ harbor: exporter: image: repository: goharbor/harbor-exporter - tag: v2.14.3 + tag: v2.15.0 replicas: 2 postgres-18-cluster: mode: recovery -- 2.49.1 From 4a321e9718b4ae627be2031057a8636a7bb50bb8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Mar 2026 01:05:15 +0000 Subject: [PATCH 12/17] chore(deps): update goharbor/harbor-jobservice docker tag to v2.15.0 (#4781) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | goharbor/harbor-jobservice | minor | `v2.14.3` → `v2.15.0` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4781 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/harbor/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index 00aed5416..467f4d4c1 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -54,7 +54,7 @@ harbor: jobservice: image: repository: goharbor/harbor-jobservice - tag: v2.14.3 + tag: v2.15.0 replicas: 2 jobLoggers: - stdout -- 2.49.1 From ea06b27898230f559f770c656c1b409a34f9fff0 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Mon, 16 Mar 2026 20:06:53 -0500 Subject: [PATCH 13/17] fix: key indentation --- clusters/cl01tl/helm/trivy/values.yaml | 78 +++++++++++++------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/clusters/cl01tl/helm/trivy/values.yaml b/clusters/cl01tl/helm/trivy/values.yaml index fd4220dd4..f0a4a29ac 100644 --- a/clusters/cl01tl/helm/trivy/values.yaml +++ b/clusters/cl01tl/helm/trivy/values.yaml @@ -46,42 +46,42 @@ trivy-operator: cpu: 200m memory: 512Mi replicas: 1 -nodeCollector: - volumeMounts: - - name: var-lib-etcd - mountPath: /var/lib/etcd - readOnly: true - - name: var-lib-kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: var-lib-kube-scheduler - mountPath: /var/lib/kube-scheduler - readOnly: true - - name: var-lib-kube-controller-manager - mountPath: /var/lib/kube-controller-manager - readOnly: true - - name: etc-kubernetes - mountPath: /etc/kubernetes - readOnly: true - - name: etc-cni-netd - mountPath: /etc/cni/net.d/ - readOnly: true - volumes: - - name: var-lib-etcd - hostPath: - path: /var/lib/etcd - - name: var-lib-kubelet - hostPath: - path: /var/lib/kubelet - - name: var-lib-kube-scheduler - hostPath: - path: /var/lib/kube-scheduler - - name: var-lib-kube-controller-manager - hostPath: - path: /var/lib/kube-controller-manager - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - - name: etc-cni-netd - hostPath: - path: /etc/cni/net.d/ + nodeCollector: + volumeMounts: + - name: var-lib-etcd + mountPath: /var/lib/etcd + readOnly: true + - name: var-lib-kubelet + mountPath: /var/lib/kubelet + readOnly: true + - name: var-lib-kube-scheduler + mountPath: /var/lib/kube-scheduler + readOnly: true + - name: var-lib-kube-controller-manager + mountPath: /var/lib/kube-controller-manager + readOnly: true + - name: etc-kubernetes + mountPath: /etc/kubernetes + readOnly: true + - name: etc-cni-netd + mountPath: /etc/cni/net.d/ + readOnly: true + volumes: + - name: var-lib-etcd + hostPath: + path: /var/lib/etcd + - name: var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: var-lib-kube-scheduler + hostPath: + path: /var/lib/kube-scheduler + - name: var-lib-kube-controller-manager + hostPath: + path: /var/lib/kube-controller-manager + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: etc-cni-netd + hostPath: + path: /etc/cni/net.d/ -- 2.49.1 From 82cf4701b404f8f115ff51d2b69872ab35351934 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Mar 2026 01:07:47 +0000 Subject: [PATCH 14/17] chore(deps): update goharbor/harbor-portal docker tag to v2.15.0 (#4782) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | goharbor/harbor-portal | minor | `v2.14.3` → `v2.15.0` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4782 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/harbor/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index 467f4d4c1..810e64897 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -41,7 +41,7 @@ harbor: portal: image: repository: goharbor/harbor-portal - tag: v2.14.3 + tag: v2.15.0 replicas: 2 core: image: -- 2.49.1 From 36cb38642407ba850555790a5554bac7642bf365 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Mar 2026 01:09:23 +0000 Subject: [PATCH 15/17] chore(deps): update goharbor/harbor-registryctl docker tag to v2.15.0 (#4783) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | goharbor/harbor-registryctl | minor | `v2.14.3` → `v2.15.0` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4783 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/harbor/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index 810e64897..ffd0dd429 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -67,7 +67,7 @@ harbor: controller: image: repository: goharbor/harbor-registryctl - tag: v2.14.3 + tag: v2.15.0 existingSecret: harbor-secret relativeurls: true credentials: -- 2.49.1 From 7e8d73d4e471cc2be5ad44ca2d6b26f8d07f88a3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 17 Mar 2026 01:12:51 +0000 Subject: [PATCH 16/17] chore(deps): update goharbor/registry-photon docker tag to v2.15.0 (#4784) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | goharbor/registry-photon | minor | `v2.14.3` → `v2.15.0` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2) for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4784 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- clusters/cl01tl/helm/harbor/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index ffd0dd429..d810ce3e7 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -63,7 +63,7 @@ harbor: registry: image: repository: goharbor/registry-photon - tag: v2.14.3 + tag: v2.15.0 controller: image: repository: goharbor/harbor-registryctl -- 2.49.1 From 3cb58f24155098b1ccc6cfc53c8f4d838427cc83 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Mon, 16 Mar 2026 20:06:53 -0500 Subject: [PATCH 17/17] fix: key indentation --- clusters/cl01tl/helm/trivy/values.yaml | 78 +++++++++++++------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/clusters/cl01tl/helm/trivy/values.yaml b/clusters/cl01tl/helm/trivy/values.yaml index fd4220dd4..f0a4a29ac 100644 --- a/clusters/cl01tl/helm/trivy/values.yaml +++ b/clusters/cl01tl/helm/trivy/values.yaml @@ -46,42 +46,42 @@ trivy-operator: cpu: 200m memory: 512Mi replicas: 1 -nodeCollector: - volumeMounts: - - name: var-lib-etcd - mountPath: /var/lib/etcd - readOnly: true - - name: var-lib-kubelet - mountPath: /var/lib/kubelet - readOnly: true - - name: var-lib-kube-scheduler - mountPath: /var/lib/kube-scheduler - readOnly: true - - name: var-lib-kube-controller-manager - mountPath: /var/lib/kube-controller-manager - readOnly: true - - name: etc-kubernetes - mountPath: /etc/kubernetes - readOnly: true - - name: etc-cni-netd - mountPath: /etc/cni/net.d/ - readOnly: true - volumes: - - name: var-lib-etcd - hostPath: - path: /var/lib/etcd - - name: var-lib-kubelet - hostPath: - path: /var/lib/kubelet - - name: var-lib-kube-scheduler - hostPath: - path: /var/lib/kube-scheduler - - name: var-lib-kube-controller-manager - hostPath: - path: /var/lib/kube-controller-manager - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - - name: etc-cni-netd - hostPath: - path: /etc/cni/net.d/ + nodeCollector: + volumeMounts: + - name: var-lib-etcd + mountPath: /var/lib/etcd + readOnly: true + - name: var-lib-kubelet + mountPath: /var/lib/kubelet + readOnly: true + - name: var-lib-kube-scheduler + mountPath: /var/lib/kube-scheduler + readOnly: true + - name: var-lib-kube-controller-manager + mountPath: /var/lib/kube-controller-manager + readOnly: true + - name: etc-kubernetes + mountPath: /etc/kubernetes + readOnly: true + - name: etc-cni-netd + mountPath: /etc/cni/net.d/ + readOnly: true + volumes: + - name: var-lib-etcd + hostPath: + path: /var/lib/etcd + - name: var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: var-lib-kube-scheduler + hostPath: + path: /var/lib/kube-scheduler + - name: var-lib-kube-controller-manager + hostPath: + path: /var/lib/kube-controller-manager + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: etc-cni-netd + hostPath: + path: /etc/cni/net.d/ -- 2.49.1