From 643c581ca9951ba35306c9642be3c42cc51eac18 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Wed, 8 Apr 2026 02:07:40 +0000 Subject: [PATCH] chore: Update manifests after change --- .../manifests/vault/StatefulSet-vault.yaml | 15 +------ .../vaultwarden/Deployment-vaultwarden.yaml | 2 +- .../manifests/volsync/Deployment-volsync.yaml | 2 +- .../manifests/whodb/Deployment-whodb.yaml | 7 ++-- .../manifests/whodb/HTTPRoute-whodb.yaml | 2 +- ...luster-yamtrack-postgresql-18-cluster.yaml | 8 ++-- .../yamtrack/Deployment-yamtrack.yaml | 7 ++-- ...ExternalSecret-yamtrack-config-secret.yaml | 3 -- .../ExternalSecret-yamtrack-oidc-secret.yaml | 3 -- ...tgresql-18-backup-garage-local-secret.yaml | 4 +- ...amtrack-postgresql-18-recovery-secret.yaml | 4 +- .../yamtrack/HTTPRoute-yamtrack.yaml | 2 +- ...ack-postgresql-18-backup-garage-local.yaml | 4 +- ...Store-yamtrack-postgresql-18-recovery.yaml | 4 +- ...le-yamtrack-postgresql-18-alert-rules.yaml | 4 +- ...resql-18-scheduled-backup-live-backup.yaml | 4 +- .../yamtrack/StatefulSet-yamtrack-valkey.yaml | 6 +-- .../manifests/yubal/Deployment-yubal.yaml | 4 +- .../ExternalSecret-yubal-wireguard-conf.yaml | 42 ------------------- .../manifests/yubal/HTTPRoute-yubal.yaml | 2 +- .../manifests/yubal/Namespace-yubal.yaml | 11 ----- .../yubal/PersistentVolumeClaim-yubal.yaml | 2 - 22 files changed, 33 insertions(+), 109 deletions(-) delete mode 100644 clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml delete mode 100644 clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml diff --git a/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml b/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml index 840b0957e..596e2406c 100644 --- a/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml +++ b/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml @@ -58,7 +58,7 @@ spec: resources: requests: cpu: 50m - memory: 90Mi + memory: 512Mi image: hashicorp/vault:1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 imagePullPolicy: IfNotPresent command: @@ -102,8 +102,6 @@ spec: - name: HOME value: "/home/vault" volumeMounts: - - name: audit - mountPath: /vault/audit - name: data mountPath: /vault/data - name: config @@ -147,14 +145,3 @@ spec: requests: storage: 1Gi storageClassName: ceph-block - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: audit - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: ceph-block diff --git a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml index 88898c881..3c4ba6257 100644 --- a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml @@ -64,7 +64,7 @@ spec: secretKeyRef: key: secret name: vaultwarden-oidc-secret - image: ghcr.io/vaultwarden/server:1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664 + image: ghcr.io/dani-garcia/vaultwarden:1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664 name: main resources: requests: diff --git a/clusters/cl01tl/manifests/volsync/Deployment-volsync.yaml b/clusters/cl01tl/manifests/volsync/Deployment-volsync.yaml index 760bac087..86ca03d15 100644 --- a/clusters/cl01tl/manifests/volsync/Deployment-volsync.yaml +++ b/clusters/cl01tl/manifests/volsync/Deployment-volsync.yaml @@ -47,7 +47,7 @@ spec: - --metrics-require-rbac=false command: - /manager - image: "0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4" + image: "quay.io/backube/volsync:0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4" imagePullPolicy: IfNotPresent env: - name: VOLSYNC_NAMESPACE diff --git a/clusters/cl01tl/manifests/whodb/Deployment-whodb.yaml b/clusters/cl01tl/manifests/whodb/Deployment-whodb.yaml index 1d3193a30..f390b225d 100644 --- a/clusters/cl01tl/manifests/whodb/Deployment-whodb.yaml +++ b/clusters/cl01tl/manifests/whodb/Deployment-whodb.yaml @@ -39,10 +39,9 @@ spec: value: ollama-server-2.ollama - name: WHODB_OLLAMA_PORT value: "11434" - image: clidey/whodb:0.104.0 - imagePullPolicy: IfNotPresent + image: clidey/whodb:0.104.0@sha256:ab485c021b862aac50bb88658f3342ca01d3eba33e933353692bc9989b2912c4 name: main resources: requests: - cpu: 10m - memory: 256Mi + cpu: 1m + memory: 20Mi diff --git a/clusters/cl01tl/manifests/whodb/HTTPRoute-whodb.yaml b/clusters/cl01tl/manifests/whodb/HTTPRoute-whodb.yaml index 0f841bf7b..cbb3f60a6 100644 --- a/clusters/cl01tl/manifests/whodb/HTTPRoute-whodb.yaml +++ b/clusters/cl01tl/manifests/whodb/HTTPRoute-whodb.yaml @@ -23,7 +23,7 @@ spec: name: whodb namespace: whodb port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/yamtrack/Cluster-yamtrack-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/yamtrack/Cluster-yamtrack-postgresql-18-cluster.yaml index 14bb0db74..05f1d3174 100644 --- a/clusters/cl01tl/manifests/yamtrack/Cluster-yamtrack-postgresql-18-cluster.yaml +++ b/clusters/cl01tl/manifests/yamtrack/Cluster-yamtrack-postgresql-18-cluster.yaml @@ -5,10 +5,10 @@ metadata: namespace: yamtrack labels: app.kubernetes.io/name: yamtrack-postgresql-18-cluster - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: yamtrack app.kubernetes.io/part-of: yamtrack - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: instances: 3 @@ -26,8 +26,8 @@ spec: limits: hugepages-2Mi: 256Mi requests: - cpu: 100m - memory: 256Mi + cpu: 20m + memory: 80Mi affinity: enablePodAntiAffinity: true topologyKey: kubernetes.io/hostname diff --git a/clusters/cl01tl/manifests/yamtrack/Deployment-yamtrack.yaml b/clusters/cl01tl/manifests/yamtrack/Deployment-yamtrack.yaml index 3e2a8efdf..889b16f4f 100644 --- a/clusters/cl01tl/manifests/yamtrack/Deployment-yamtrack.yaml +++ b/clusters/cl01tl/manifests/yamtrack/Deployment-yamtrack.yaml @@ -36,7 +36,7 @@ spec: containers: - env: - name: TZ - value: US/Central + value: America/Chicago - name: URLS value: https://yamtrack.alexlebens.net - name: REGISTRATION @@ -80,10 +80,9 @@ spec: secretKeyRef: key: port name: yamtrack-postgresql-18-cluster-app - image: ghcr.io/fuzzygrim/yamtrack:0.25.0 - imagePullPolicy: IfNotPresent + image: ghcr.io/fuzzygrim/yamtrack:0.25.0@sha256:df76008258452a6cda73d971dc4ffbcbca96c5220154a02c9b70bf0bb0e24931 name: main resources: requests: cpu: 10m - memory: 256Mi + memory: 380Mi diff --git a/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-config-secret.yaml b/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-config-secret.yaml index 4745822f4..3985041e7 100644 --- a/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-config-secret.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-config-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/yamtrack/config - metadataPolicy: None property: SECRET diff --git a/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-oidc-secret.yaml b/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-oidc-secret.yaml index e628fee88..a2082c639 100644 --- a/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-oidc-secret.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-oidc-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: SOCIALACCOUNT_PROVIDERS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/yamtrack - metadataPolicy: None property: SOCIALACCOUNT_PROVIDERS diff --git a/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-postgresql-18-backup-garage-local-secret.yaml index 22f329353..fd3485052 100644 --- a/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-postgresql-18-backup-garage-local-secret.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-postgresql-18-backup-garage-local-secret.yaml @@ -5,10 +5,10 @@ metadata: namespace: yamtrack labels: app.kubernetes.io/name: yamtrack-postgresql-18-backup-garage-local-secret - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: yamtrack app.kubernetes.io/part-of: yamtrack - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: secretStoreRef: diff --git a/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-postgresql-18-recovery-secret.yaml index 00294b279..3a4ccedb6 100644 --- a/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-postgresql-18-recovery-secret.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ExternalSecret-yamtrack-postgresql-18-recovery-secret.yaml @@ -4,10 +4,10 @@ metadata: name: yamtrack-postgresql-18-recovery-secret namespace: yamtrack labels: - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: yamtrack app.kubernetes.io/part-of: yamtrack - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: yamtrack-postgresql-18-recovery-secret spec: diff --git a/clusters/cl01tl/manifests/yamtrack/HTTPRoute-yamtrack.yaml b/clusters/cl01tl/manifests/yamtrack/HTTPRoute-yamtrack.yaml index 5a0146919..0a8998409 100644 --- a/clusters/cl01tl/manifests/yamtrack/HTTPRoute-yamtrack.yaml +++ b/clusters/cl01tl/manifests/yamtrack/HTTPRoute-yamtrack.yaml @@ -23,7 +23,7 @@ spec: name: yamtrack namespace: yamtrack port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/yamtrack/ObjectStore-yamtrack-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/yamtrack/ObjectStore-yamtrack-postgresql-18-backup-garage-local.yaml index 789f77f6e..0fe404881 100644 --- a/clusters/cl01tl/manifests/yamtrack/ObjectStore-yamtrack-postgresql-18-backup-garage-local.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ObjectStore-yamtrack-postgresql-18-backup-garage-local.yaml @@ -5,10 +5,10 @@ metadata: namespace: yamtrack labels: app.kubernetes.io/name: yamtrack-postgresql-18-backup-garage-local - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: yamtrack app.kubernetes.io/part-of: yamtrack - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: retentionPolicy: 7d diff --git a/clusters/cl01tl/manifests/yamtrack/ObjectStore-yamtrack-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/yamtrack/ObjectStore-yamtrack-postgresql-18-recovery.yaml index fcf55df8a..80e9b7e3d 100644 --- a/clusters/cl01tl/manifests/yamtrack/ObjectStore-yamtrack-postgresql-18-recovery.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ObjectStore-yamtrack-postgresql-18-recovery.yaml @@ -4,10 +4,10 @@ metadata: name: "yamtrack-postgresql-18-recovery" namespace: yamtrack labels: - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: yamtrack app.kubernetes.io/part-of: yamtrack - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: "yamtrack-postgresql-18-recovery" spec: diff --git a/clusters/cl01tl/manifests/yamtrack/PrometheusRule-yamtrack-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/yamtrack/PrometheusRule-yamtrack-postgresql-18-alert-rules.yaml index db2b04c7a..da8bfc3d4 100644 --- a/clusters/cl01tl/manifests/yamtrack/PrometheusRule-yamtrack-postgresql-18-alert-rules.yaml +++ b/clusters/cl01tl/manifests/yamtrack/PrometheusRule-yamtrack-postgresql-18-alert-rules.yaml @@ -5,10 +5,10 @@ metadata: namespace: yamtrack labels: app.kubernetes.io/name: yamtrack-postgresql-18-alert-rules - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: yamtrack app.kubernetes.io/part-of: yamtrack - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: groups: diff --git a/clusters/cl01tl/manifests/yamtrack/ScheduledBackup-yamtrack-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/yamtrack/ScheduledBackup-yamtrack-postgresql-18-scheduled-backup-live-backup.yaml index 5735cd19e..ff5c7e972 100644 --- a/clusters/cl01tl/manifests/yamtrack/ScheduledBackup-yamtrack-postgresql-18-scheduled-backup-live-backup.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ScheduledBackup-yamtrack-postgresql-18-scheduled-backup-live-backup.yaml @@ -5,10 +5,10 @@ metadata: namespace: yamtrack labels: app.kubernetes.io/name: "yamtrack-postgresql-18-scheduled-backup-live-backup" - helm.sh/chart: postgres-18-cluster-7.10.0 + helm.sh/chart: postgres-18-cluster-7.11.2 app.kubernetes.io/instance: yamtrack app.kubernetes.io/part-of: yamtrack - app.kubernetes.io/version: "7.10.0" + app.kubernetes.io/version: "7.11.2" app.kubernetes.io/managed-by: Helm spec: immediate: true diff --git a/clusters/cl01tl/manifests/yamtrack/StatefulSet-yamtrack-valkey.yaml b/clusters/cl01tl/manifests/yamtrack/StatefulSet-yamtrack-valkey.yaml index 80389c496..89d8dd3da 100644 --- a/clusters/cl01tl/manifests/yamtrack/StatefulSet-yamtrack-valkey.yaml +++ b/clusters/cl01tl/manifests/yamtrack/StatefulSet-yamtrack-valkey.yaml @@ -95,7 +95,7 @@ spec: resources: requests: cpu: 10m - memory: 128Mi + memory: 20Mi volumeMounts: - name: valkey-data mountPath: /data @@ -117,8 +117,8 @@ spec: port: metrics resources: requests: - cpu: 10m - memory: 64M + cpu: 1m + memory: 10M env: - name: REDIS_ALIAS value: yamtrack-valkey diff --git a/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml b/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml index a26e72196..b0ed9f0ff 100644 --- a/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml +++ b/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml @@ -31,6 +31,7 @@ spec: automountServiceAccountToken: true securityContext: fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch runAsGroup: 1000 runAsUser: 1000 hostIPC: false @@ -48,12 +49,11 @@ spec: - name: YUBAL_LOG_LEVEL value: INFO image: ghcr.io/guillevc/yubal:0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be - imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m - memory: 128Mi + memory: 200Mi volumeMounts: - mountPath: /app/config name: config diff --git a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml deleted file mode 100644 index ff099a205..000000000 --- a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: yubal-wireguard-conf - namespace: yubal - labels: - app.kubernetes.io/name: yubal-wireguard-conf - app.kubernetes.io/instance: yubal - app.kubernetes.io/part-of: yubal -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: private-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /airvpn/conf/cl01tl - metadataPolicy: None - property: private-key - - secretKey: preshared-key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /airvpn/conf/cl01tl - metadataPolicy: None - property: preshared-key - - secretKey: addresses - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /airvpn/conf/cl01tl - metadataPolicy: None - property: addresses - - secretKey: input-ports - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /airvpn/conf/cl01tl - metadataPolicy: None - property: input-ports diff --git a/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml b/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml index 2e29e337a..ea6bb3dad 100644 --- a/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml +++ b/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml @@ -23,7 +23,7 @@ spec: name: yubal namespace: yubal port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml b/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml deleted file mode 100644 index fc638f502..000000000 --- a/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: yubal - labels: - app.kubernetes.io/name: yubal - app.kubernetes.io/instance: yubal - app.kubernetes.io/part-of: yubal - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal.yaml b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal.yaml index d8143807e..1ef2424ad 100644 --- a/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal.yaml +++ b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal.yaml @@ -7,8 +7,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: yubal helm.sh/chart: yubal-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: yubal spec: accessModes: -- 2.49.1