diff --git a/clusters/cl01tl/manifests/authentik/ConfigMap-authentik-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/authentik/ConfigMap-authentik-valkey-init-scripts.yaml index 8dc6c5d6f..2d1fd9b07 100644 --- a/clusters/cl01tl/manifests/authentik/ConfigMap-authentik-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/authentik/ConfigMap-authentik-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: authentik-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/PodMonitor-authentik-valkey.yaml b/clusters/cl01tl/manifests/authentik/PodMonitor-authentik-valkey.yaml index 622b7fdaa..c50f17b61 100644 --- a/clusters/cl01tl/manifests/authentik/PodMonitor-authentik-valkey.yaml +++ b/clusters/cl01tl/manifests/authentik/PodMonitor-authentik-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: authentik-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/PrometheusRule-authentik-valkey.yaml b/clusters/cl01tl/manifests/authentik/PrometheusRule-authentik-valkey.yaml index 3524a45d8..4c927faa6 100644 --- a/clusters/cl01tl/manifests/authentik/PrometheusRule-authentik-valkey.yaml +++ b/clusters/cl01tl/manifests/authentik/PrometheusRule-authentik-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: authentik-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-headless.yaml b/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-headless.yaml index ca4f31256..5f2841d83 100644 --- a/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: authentik-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-metrics.yaml b/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-metrics.yaml index fc4595dad..dd1f381e1 100644 --- a/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: authentik-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-read.yaml b/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-read.yaml index 56970d29d..7365a5c0d 100644 --- a/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-read.yaml +++ b/clusters/cl01tl/manifests/authentik/Service-authentik-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: authentik-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/Service-authentik-valkey.yaml b/clusters/cl01tl/manifests/authentik/Service-authentik-valkey.yaml index b460d3a71..1e7708acf 100644 --- a/clusters/cl01tl/manifests/authentik/Service-authentik-valkey.yaml +++ b/clusters/cl01tl/manifests/authentik/Service-authentik-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: authentik-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/ServiceAccount-authentik-valkey.yaml b/clusters/cl01tl/manifests/authentik/ServiceAccount-authentik-valkey.yaml index 23a453bf7..1b2d48389 100644 --- a/clusters/cl01tl/manifests/authentik/ServiceAccount-authentik-valkey.yaml +++ b/clusters/cl01tl/manifests/authentik/ServiceAccount-authentik-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: authentik-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/ServiceMonitor-authentik-valkey.yaml b/clusters/cl01tl/manifests/authentik/ServiceMonitor-authentik-valkey.yaml index 41797bde3..11b8af3a6 100644 --- a/clusters/cl01tl/manifests/authentik/ServiceMonitor-authentik-valkey.yaml +++ b/clusters/cl01tl/manifests/authentik/ServiceMonitor-authentik-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: authentik-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/authentik/StatefulSet-authentik-valkey.yaml b/clusters/cl01tl/manifests/authentik/StatefulSet-authentik-valkey.yaml index 7de01a22d..6bab23f6d 100644 --- a/clusters/cl01tl/manifests/authentik/StatefulSet-authentik-valkey.yaml +++ b/clusters/cl01tl/manifests/authentik/StatefulSet-authentik-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: authentik-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: authentik annotations: - checksum/initconfig: "07891dc8f81b4fb3516e2993c6e827b1" + checksum/initconfig: "5891897632e2eabc8b0c61cc49fea0f6" spec: automountServiceAccountToken: false serviceAccountName: authentik-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: authentik-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky-valkey-init-scripts.yaml index de5d0d775..af65d5ab8 100644 --- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: blocky-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/PodMonitor-blocky-valkey.yaml b/clusters/cl01tl/manifests/blocky/PodMonitor-blocky-valkey.yaml index 6b20279c4..1f7e0b8ac 100644 --- a/clusters/cl01tl/manifests/blocky/PodMonitor-blocky-valkey.yaml +++ b/clusters/cl01tl/manifests/blocky/PodMonitor-blocky-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: blocky-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/PrometheusRule-blocky-valkey.yaml b/clusters/cl01tl/manifests/blocky/PrometheusRule-blocky-valkey.yaml index 688d8c38b..4ac677af7 100644 --- a/clusters/cl01tl/manifests/blocky/PrometheusRule-blocky-valkey.yaml +++ b/clusters/cl01tl/manifests/blocky/PrometheusRule-blocky-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: blocky-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-headless.yaml b/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-headless.yaml index cb80c52b4..91fe0d5bd 100644 --- a/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: blocky-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-metrics.yaml b/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-metrics.yaml index 7f4a7bd9e..a1054caff 100644 --- a/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: blocky-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-read.yaml b/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-read.yaml index 9f76c0c7e..132698650 100644 --- a/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-read.yaml +++ b/clusters/cl01tl/manifests/blocky/Service-blocky-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: blocky-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/Service-blocky-valkey.yaml b/clusters/cl01tl/manifests/blocky/Service-blocky-valkey.yaml index 981739fc6..e849131fc 100644 --- a/clusters/cl01tl/manifests/blocky/Service-blocky-valkey.yaml +++ b/clusters/cl01tl/manifests/blocky/Service-blocky-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: blocky-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/ServiceAccount-blocky-valkey.yaml b/clusters/cl01tl/manifests/blocky/ServiceAccount-blocky-valkey.yaml index ff779194d..62c3a340b 100644 --- a/clusters/cl01tl/manifests/blocky/ServiceAccount-blocky-valkey.yaml +++ b/clusters/cl01tl/manifests/blocky/ServiceAccount-blocky-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: blocky-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/ServiceMonitor-blocky-valkey.yaml b/clusters/cl01tl/manifests/blocky/ServiceMonitor-blocky-valkey.yaml index 63d8682df..0e48c29af 100644 --- a/clusters/cl01tl/manifests/blocky/ServiceMonitor-blocky-valkey.yaml +++ b/clusters/cl01tl/manifests/blocky/ServiceMonitor-blocky-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: blocky-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/blocky/StatefulSet-blocky-valkey.yaml b/clusters/cl01tl/manifests/blocky/StatefulSet-blocky-valkey.yaml index 9b5ef10f1..1b68dfe27 100644 --- a/clusters/cl01tl/manifests/blocky/StatefulSet-blocky-valkey.yaml +++ b/clusters/cl01tl/manifests/blocky/StatefulSet-blocky-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: blocky-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: blocky annotations: - checksum/initconfig: "b997c0967aeeee370412add1d41691a1" + checksum/initconfig: "ce6e499ac7fd3ad6706c10e5616c511c" spec: automountServiceAccountToken: false serviceAccountName: blocky-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: blocky-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/dawarich/ConfigMap-dawarich-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/dawarich/ConfigMap-dawarich-valkey-init-scripts.yaml index 945066e5b..7c1c8a86f 100644 --- a/clusters/cl01tl/manifests/dawarich/ConfigMap-dawarich-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/dawarich/ConfigMap-dawarich-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: dawarich-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/PodMonitor-dawarich-valkey.yaml b/clusters/cl01tl/manifests/dawarich/PodMonitor-dawarich-valkey.yaml index f484bf5f9..a763abb64 100644 --- a/clusters/cl01tl/manifests/dawarich/PodMonitor-dawarich-valkey.yaml +++ b/clusters/cl01tl/manifests/dawarich/PodMonitor-dawarich-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: dawarich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/PrometheusRule-dawarich-valkey.yaml b/clusters/cl01tl/manifests/dawarich/PrometheusRule-dawarich-valkey.yaml index b136b469e..a90ee71ba 100644 --- a/clusters/cl01tl/manifests/dawarich/PrometheusRule-dawarich-valkey.yaml +++ b/clusters/cl01tl/manifests/dawarich/PrometheusRule-dawarich-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: dawarich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-headless.yaml b/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-headless.yaml index 21607359e..e94006e6e 100644 --- a/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: dawarich-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-metrics.yaml b/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-metrics.yaml index 6116d613c..e126a4779 100644 --- a/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: dawarich-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-read.yaml b/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-read.yaml index 5a9287b67..36f3ff20e 100644 --- a/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-read.yaml +++ b/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: dawarich-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey.yaml b/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey.yaml index c31d172bd..b6bf409fa 100644 --- a/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey.yaml +++ b/clusters/cl01tl/manifests/dawarich/Service-dawarich-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: dawarich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/ServiceAccount-dawarich-valkey.yaml b/clusters/cl01tl/manifests/dawarich/ServiceAccount-dawarich-valkey.yaml index d66aa63d2..01297ac23 100644 --- a/clusters/cl01tl/manifests/dawarich/ServiceAccount-dawarich-valkey.yaml +++ b/clusters/cl01tl/manifests/dawarich/ServiceAccount-dawarich-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: dawarich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/ServiceMonitor-dawarich-valkey.yaml b/clusters/cl01tl/manifests/dawarich/ServiceMonitor-dawarich-valkey.yaml index 6cc8d0a17..999237cb2 100644 --- a/clusters/cl01tl/manifests/dawarich/ServiceMonitor-dawarich-valkey.yaml +++ b/clusters/cl01tl/manifests/dawarich/ServiceMonitor-dawarich-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: dawarich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/dawarich/StatefulSet-dawarich-valkey.yaml b/clusters/cl01tl/manifests/dawarich/StatefulSet-dawarich-valkey.yaml index ded8ab4c9..e75d81071 100644 --- a/clusters/cl01tl/manifests/dawarich/StatefulSet-dawarich-valkey.yaml +++ b/clusters/cl01tl/manifests/dawarich/StatefulSet-dawarich-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: dawarich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: dawarich annotations: - checksum/initconfig: "b1e9c56c9439a06e231c05897dbd90b9" + checksum/initconfig: "53d07c776effa0dea3178b0b46d98f22" spec: automountServiceAccountToken: false serviceAccountName: dawarich-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: dawarich-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/directus/ConfigMap-directus-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/directus/ConfigMap-directus-valkey-init-scripts.yaml index 0a32a8443..a1c2a2082 100644 --- a/clusters/cl01tl/manifests/directus/ConfigMap-directus-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/directus/ConfigMap-directus-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: directus-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: directus app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/directus/Pod-directus-valkey-test-auth-existing.yaml b/clusters/cl01tl/manifests/directus/Pod-directus-valkey-test-auth-existing.yaml index 2e779057d..3268b8d5b 100644 --- a/clusters/cl01tl/manifests/directus/Pod-directus-valkey-test-auth-existing.yaml +++ b/clusters/cl01tl/manifests/directus/Pod-directus-valkey-test-auth-existing.yaml @@ -3,7 +3,7 @@ kind: Pod metadata: name: directus-valkey-test-auth-existing labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: directus app.kubernetes.io/version: "9.0.3" @@ -15,7 +15,7 @@ spec: restartPolicy: Never containers: - name: test-auth - image: "valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9" + image: "docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9" command: - sh - -c diff --git a/clusters/cl01tl/manifests/directus/Service-directus-valkey-headless.yaml b/clusters/cl01tl/manifests/directus/Service-directus-valkey-headless.yaml index 2bdf5c1e4..9d596998f 100644 --- a/clusters/cl01tl/manifests/directus/Service-directus-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/directus/Service-directus-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: directus-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: directus app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/directus/Service-directus-valkey-read.yaml b/clusters/cl01tl/manifests/directus/Service-directus-valkey-read.yaml index fd622933f..48482b101 100644 --- a/clusters/cl01tl/manifests/directus/Service-directus-valkey-read.yaml +++ b/clusters/cl01tl/manifests/directus/Service-directus-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: directus-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: directus app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/directus/Service-directus-valkey.yaml b/clusters/cl01tl/manifests/directus/Service-directus-valkey.yaml index 693d51f71..dde1f885a 100644 --- a/clusters/cl01tl/manifests/directus/Service-directus-valkey.yaml +++ b/clusters/cl01tl/manifests/directus/Service-directus-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: directus-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: directus app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/directus/ServiceAccount-directus-valkey.yaml b/clusters/cl01tl/manifests/directus/ServiceAccount-directus-valkey.yaml index 766d534bd..db92ba0c1 100644 --- a/clusters/cl01tl/manifests/directus/ServiceAccount-directus-valkey.yaml +++ b/clusters/cl01tl/manifests/directus/ServiceAccount-directus-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: directus-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: directus app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/directus/StatefulSet-directus-valkey.yaml b/clusters/cl01tl/manifests/directus/StatefulSet-directus-valkey.yaml index 40215c754..8bcc6729a 100644 --- a/clusters/cl01tl/manifests/directus/StatefulSet-directus-valkey.yaml +++ b/clusters/cl01tl/manifests/directus/StatefulSet-directus-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: directus-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: directus app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: directus annotations: - checksum/initconfig: "6307ecb287c2f05dc09ba3cf7cdfd155" + checksum/initconfig: "f2c110c848eac7a2ffdbe72ea52f43de" spec: automountServiceAccountToken: false serviceAccountName: directus-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: directus-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -74,6 +77,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-init-scripts.yaml index 5bc508353..cf1edc7c1 100644 --- a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: gitea-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-renovate-init-scripts.yaml b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-renovate-init-scripts.yaml index 08d86c3c4..c8961f772 100644 --- a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-renovate-init-scripts.yaml +++ b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-renovate-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: gitea-valkey-renovate-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/Deployment-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/Deployment-gitea-valkey-renovate.yaml index 87042c675..0afacf8a5 100644 --- a/clusters/cl01tl/manifests/gitea/Deployment-gitea-valkey-renovate.yaml +++ b/clusters/cl01tl/manifests/gitea/Deployment-gitea-valkey-renovate.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: gitea-valkey-renovate labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" @@ -22,7 +22,7 @@ spec: app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea annotations: - checksum/initconfig: f77fc408ed818f9e2bd789f0e95a4172 + checksum/initconfig: 94157ae544275da50867d4d0da0722fc spec: automountServiceAccountToken: false serviceAccountName: gitea-valkey-renovate @@ -30,11 +30,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: gitea-valkey-renovate-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -54,6 +57,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-valkey-renovate.yaml index a273a5925..cd122c033 100644 --- a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-valkey-renovate.yaml +++ b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-valkey-renovate.yaml @@ -3,7 +3,7 @@ kind: PersistentVolumeClaim metadata: name: gitea-valkey-renovate labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey-renovate.yaml index 31de7bcf1..94e637f7e 100644 --- a/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey-renovate.yaml +++ b/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey-renovate.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: gitea-valkey-renovate labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey.yaml index a9ccb4943..bb8235077 100644 --- a/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey.yaml +++ b/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: gitea-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey-renovate.yaml index 1ed65d3ec..3bacc52f8 100644 --- a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey-renovate.yaml +++ b/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey-renovate.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: gitea-valkey-renovate labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey.yaml index 5102cbf1f..d2f4fe599 100644 --- a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey.yaml +++ b/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: gitea-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-headless.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-headless.yaml index 5dda6d126..dc79b32b1 100644 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: gitea-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-metrics.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-metrics.yaml index 842d9a42c..d4811622d 100644 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: gitea-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-read.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-read.yaml index 880c07365..76989f748 100644 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-read.yaml +++ b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: gitea-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate-metrics.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate-metrics.yaml index f9bde3047..43252b93f 100644 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate-metrics.yaml +++ b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: gitea-valkey-renovate-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate.yaml index 2fe593bb2..ec9a465f5 100644 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate.yaml +++ b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: gitea-valkey-renovate labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey.yaml index efa07de54..31eceed5a 100644 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey.yaml +++ b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: gitea-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey-renovate.yaml index fe9bd8cbd..c58e9280b 100644 --- a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey-renovate.yaml +++ b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey-renovate.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: gitea-valkey-renovate labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey.yaml index 0c12e4333..2cfb13516 100644 --- a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey.yaml +++ b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: gitea-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey-renovate.yaml index 42a557a65..ac34dbcb7 100644 --- a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey-renovate.yaml +++ b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey-renovate.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: gitea-valkey-renovate labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-renovate app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey.yaml index aef089846..6173145f4 100644 --- a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey.yaml +++ b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: gitea-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-valkey.yaml index ddb074b28..75fab769e 100644 --- a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-valkey.yaml +++ b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: gitea-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: gitea annotations: - checksum/initconfig: "b82939dee80151a39606083af0d5422a" + checksum/initconfig: "9bf6424ee2956d21b52e5c3831aecefa" spec: automountServiceAccountToken: false serviceAccountName: gitea-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: gitea-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/grafana-operator/ConfigMap-grafana-operator-valkey-remote-cache-init-scripts.yaml b/clusters/cl01tl/manifests/grafana-operator/ConfigMap-grafana-operator-valkey-remote-cache-init-scripts.yaml index 812146530..f64e49ac4 100644 --- a/clusters/cl01tl/manifests/grafana-operator/ConfigMap-grafana-operator-valkey-remote-cache-init-scripts.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/ConfigMap-grafana-operator-valkey-remote-cache-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: grafana-operator-valkey-remote-cache-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/ConfigMap-grafana-operator-valkey-unified-alerting-init-scripts.yaml b/clusters/cl01tl/manifests/grafana-operator/ConfigMap-grafana-operator-valkey-unified-alerting-init-scripts.yaml index e5f33a88f..471d6fa39 100644 --- a/clusters/cl01tl/manifests/grafana-operator/ConfigMap-grafana-operator-valkey-unified-alerting-init-scripts.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/ConfigMap-grafana-operator-valkey-unified-alerting-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: grafana-operator-valkey-unified-alerting-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/Deployment-grafana-operator-valkey-remote-cache.yaml b/clusters/cl01tl/manifests/grafana-operator/Deployment-grafana-operator-valkey-remote-cache.yaml index b65e9b9f1..1ab60e63a 100644 --- a/clusters/cl01tl/manifests/grafana-operator/Deployment-grafana-operator-valkey-remote-cache.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/Deployment-grafana-operator-valkey-remote-cache.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: name: grafana-operator-valkey-remote-cache labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" @@ -22,7 +22,7 @@ spec: app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator annotations: - checksum/initconfig: d790dfe3185267fe6c217c9572cfa9fb + checksum/initconfig: 03f75947107472ad2dcec0779776b688 spec: automountServiceAccountToken: false serviceAccountName: grafana-operator-valkey-remote-cache @@ -30,11 +30,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: grafana-operator-valkey-remote-cache-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -54,6 +57,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/grafana-operator/PersistentVolumeClaim-grafana-operator-valkey-remote-cache.yaml b/clusters/cl01tl/manifests/grafana-operator/PersistentVolumeClaim-grafana-operator-valkey-remote-cache.yaml index d8239d96f..ad34329f2 100644 --- a/clusters/cl01tl/manifests/grafana-operator/PersistentVolumeClaim-grafana-operator-valkey-remote-cache.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/PersistentVolumeClaim-grafana-operator-valkey-remote-cache.yaml @@ -3,7 +3,7 @@ kind: PersistentVolumeClaim metadata: name: grafana-operator-valkey-remote-cache labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/PodMonitor-grafana-operator-valkey-remote-cache.yaml b/clusters/cl01tl/manifests/grafana-operator/PodMonitor-grafana-operator-valkey-remote-cache.yaml index c39ca3174..162fd9cca 100644 --- a/clusters/cl01tl/manifests/grafana-operator/PodMonitor-grafana-operator-valkey-remote-cache.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/PodMonitor-grafana-operator-valkey-remote-cache.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: grafana-operator-valkey-remote-cache labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/PodMonitor-grafana-operator-valkey-unified-alerting.yaml b/clusters/cl01tl/manifests/grafana-operator/PodMonitor-grafana-operator-valkey-unified-alerting.yaml index 78761545c..bc79364b8 100644 --- a/clusters/cl01tl/manifests/grafana-operator/PodMonitor-grafana-operator-valkey-unified-alerting.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/PodMonitor-grafana-operator-valkey-unified-alerting.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: grafana-operator-valkey-unified-alerting labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/PrometheusRule-grafana-operator-valkey-remote-cache.yaml b/clusters/cl01tl/manifests/grafana-operator/PrometheusRule-grafana-operator-valkey-remote-cache.yaml index aa2071643..75c227429 100644 --- a/clusters/cl01tl/manifests/grafana-operator/PrometheusRule-grafana-operator-valkey-remote-cache.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/PrometheusRule-grafana-operator-valkey-remote-cache.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: grafana-operator-valkey-remote-cache labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/PrometheusRule-grafana-operator-valkey-unified-alerting.yaml b/clusters/cl01tl/manifests/grafana-operator/PrometheusRule-grafana-operator-valkey-unified-alerting.yaml index 77a59738a..0d67de390 100644 --- a/clusters/cl01tl/manifests/grafana-operator/PrometheusRule-grafana-operator-valkey-unified-alerting.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/PrometheusRule-grafana-operator-valkey-unified-alerting.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: grafana-operator-valkey-unified-alerting labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-remote-cache-metrics.yaml b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-remote-cache-metrics.yaml index 71e3c3bb6..e84e95bb7 100644 --- a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-remote-cache-metrics.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-remote-cache-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: grafana-operator-valkey-remote-cache-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-remote-cache.yaml b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-remote-cache.yaml index 86f7da52b..90252d1fb 100644 --- a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-remote-cache.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-remote-cache.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: grafana-operator-valkey-remote-cache labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-headless.yaml b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-headless.yaml index b26d55a10..b2e26ab20 100644 --- a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-headless.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: grafana-operator-valkey-unified-alerting-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-metrics.yaml b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-metrics.yaml index 9b13b781e..0de40a840 100644 --- a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-metrics.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: grafana-operator-valkey-unified-alerting-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-read.yaml b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-read.yaml index 2131774f1..3dacede91 100644 --- a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-read.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: grafana-operator-valkey-unified-alerting-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting.yaml b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting.yaml index 03663b4b5..5658cc18c 100644 --- a/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/Service-grafana-operator-valkey-unified-alerting.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: grafana-operator-valkey-unified-alerting labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/ServiceAccount-grafana-operator-valkey-remote-cache.yaml b/clusters/cl01tl/manifests/grafana-operator/ServiceAccount-grafana-operator-valkey-remote-cache.yaml index 9c8f4382c..7df5ae452 100644 --- a/clusters/cl01tl/manifests/grafana-operator/ServiceAccount-grafana-operator-valkey-remote-cache.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/ServiceAccount-grafana-operator-valkey-remote-cache.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: grafana-operator-valkey-remote-cache labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/ServiceAccount-grafana-operator-valkey-unified-alerting.yaml b/clusters/cl01tl/manifests/grafana-operator/ServiceAccount-grafana-operator-valkey-unified-alerting.yaml index d4b183f4a..f37d0e42e 100644 --- a/clusters/cl01tl/manifests/grafana-operator/ServiceAccount-grafana-operator-valkey-unified-alerting.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/ServiceAccount-grafana-operator-valkey-unified-alerting.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: grafana-operator-valkey-unified-alerting labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/ServiceMonitor-grafana-operator-valkey-remote-cache.yaml b/clusters/cl01tl/manifests/grafana-operator/ServiceMonitor-grafana-operator-valkey-remote-cache.yaml index b5b260e05..f69d484e2 100644 --- a/clusters/cl01tl/manifests/grafana-operator/ServiceMonitor-grafana-operator-valkey-remote-cache.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/ServiceMonitor-grafana-operator-valkey-remote-cache.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: grafana-operator-valkey-remote-cache labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-remote-cache app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/ServiceMonitor-grafana-operator-valkey-unified-alerting.yaml b/clusters/cl01tl/manifests/grafana-operator/ServiceMonitor-grafana-operator-valkey-unified-alerting.yaml index 6d4007809..87d4ff05c 100644 --- a/clusters/cl01tl/manifests/grafana-operator/ServiceMonitor-grafana-operator-valkey-unified-alerting.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/ServiceMonitor-grafana-operator-valkey-unified-alerting.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: grafana-operator-valkey-unified-alerting labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/grafana-operator/StatefulSet-grafana-operator-valkey-unified-alerting.yaml b/clusters/cl01tl/manifests/grafana-operator/StatefulSet-grafana-operator-valkey-unified-alerting.yaml index 5fa7ec661..9100ea5e3 100644 --- a/clusters/cl01tl/manifests/grafana-operator/StatefulSet-grafana-operator-valkey-unified-alerting.yaml +++ b/clusters/cl01tl/manifests/grafana-operator/StatefulSet-grafana-operator-valkey-unified-alerting.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: grafana-operator-valkey-unified-alerting labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey-unified-alerting app.kubernetes.io/instance: grafana-operator annotations: - checksum/initconfig: "cc97af05b1fa8109e641f83996efbf01" + checksum/initconfig: "f2c07fdbfee73b9f6c6172633a43e334" spec: automountServiceAccountToken: false serviceAccountName: grafana-operator-valkey-unified-alerting @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: grafana-operator-valkey-unified-alerting-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/harbor/ConfigMap-harbor-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/harbor/ConfigMap-harbor-valkey-init-scripts.yaml index bb39d138d..d2aa3186a 100644 --- a/clusters/cl01tl/manifests/harbor/ConfigMap-harbor-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/harbor/ConfigMap-harbor-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: harbor-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/PodMonitor-harbor-valkey.yaml b/clusters/cl01tl/manifests/harbor/PodMonitor-harbor-valkey.yaml index 78a85264c..2f7374fcf 100644 --- a/clusters/cl01tl/manifests/harbor/PodMonitor-harbor-valkey.yaml +++ b/clusters/cl01tl/manifests/harbor/PodMonitor-harbor-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: harbor-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/PrometheusRule-harbor-valkey.yaml b/clusters/cl01tl/manifests/harbor/PrometheusRule-harbor-valkey.yaml index 207953012..d586b4a30 100644 --- a/clusters/cl01tl/manifests/harbor/PrometheusRule-harbor-valkey.yaml +++ b/clusters/cl01tl/manifests/harbor/PrometheusRule-harbor-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: harbor-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-headless.yaml b/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-headless.yaml index a29eb4a35..1f289d3d3 100644 --- a/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: harbor-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-metrics.yaml b/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-metrics.yaml index 81bd7e31d..d6e735072 100644 --- a/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: harbor-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-read.yaml b/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-read.yaml index 39e14fcf4..c058161c9 100644 --- a/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-read.yaml +++ b/clusters/cl01tl/manifests/harbor/Service-harbor-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: harbor-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/Service-harbor-valkey.yaml b/clusters/cl01tl/manifests/harbor/Service-harbor-valkey.yaml index 4b6d120a2..d7edd0721 100644 --- a/clusters/cl01tl/manifests/harbor/Service-harbor-valkey.yaml +++ b/clusters/cl01tl/manifests/harbor/Service-harbor-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: harbor-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/ServiceAccount-harbor-valkey.yaml b/clusters/cl01tl/manifests/harbor/ServiceAccount-harbor-valkey.yaml index c266f2b73..1be95c0f5 100644 --- a/clusters/cl01tl/manifests/harbor/ServiceAccount-harbor-valkey.yaml +++ b/clusters/cl01tl/manifests/harbor/ServiceAccount-harbor-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: harbor-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/ServiceMonitor-harbor-valkey.yaml b/clusters/cl01tl/manifests/harbor/ServiceMonitor-harbor-valkey.yaml index d2add91a5..33079e875 100644 --- a/clusters/cl01tl/manifests/harbor/ServiceMonitor-harbor-valkey.yaml +++ b/clusters/cl01tl/manifests/harbor/ServiceMonitor-harbor-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: harbor-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/harbor/StatefulSet-harbor-valkey.yaml b/clusters/cl01tl/manifests/harbor/StatefulSet-harbor-valkey.yaml index 5d8dbe5d7..7854d2d39 100644 --- a/clusters/cl01tl/manifests/harbor/StatefulSet-harbor-valkey.yaml +++ b/clusters/cl01tl/manifests/harbor/StatefulSet-harbor-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: harbor-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: harbor annotations: - checksum/initconfig: "0cad4b394241164de6b4d658a977be16" + checksum/initconfig: "30d64a67a8ff4d8b0ca948233a5563e0" spec: automountServiceAccountToken: false serviceAccountName: harbor-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: harbor-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/immich/ConfigMap-immich-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/immich/ConfigMap-immich-valkey-init-scripts.yaml index ea9cd9504..6eff7c092 100644 --- a/clusters/cl01tl/manifests/immich/ConfigMap-immich-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/immich/ConfigMap-immich-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: immich-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/PodMonitor-immich-valkey.yaml b/clusters/cl01tl/manifests/immich/PodMonitor-immich-valkey.yaml index 74c2607db..de18b8537 100644 --- a/clusters/cl01tl/manifests/immich/PodMonitor-immich-valkey.yaml +++ b/clusters/cl01tl/manifests/immich/PodMonitor-immich-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: immich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/PrometheusRule-immich-valkey.yaml b/clusters/cl01tl/manifests/immich/PrometheusRule-immich-valkey.yaml index 914f6d00c..bc042f70f 100644 --- a/clusters/cl01tl/manifests/immich/PrometheusRule-immich-valkey.yaml +++ b/clusters/cl01tl/manifests/immich/PrometheusRule-immich-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: immich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/Service-immich-valkey-headless.yaml b/clusters/cl01tl/manifests/immich/Service-immich-valkey-headless.yaml index 494d670eb..1b5dcb00a 100644 --- a/clusters/cl01tl/manifests/immich/Service-immich-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/immich/Service-immich-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: immich-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/Service-immich-valkey-metrics.yaml b/clusters/cl01tl/manifests/immich/Service-immich-valkey-metrics.yaml index 330a95874..ff6de0460 100644 --- a/clusters/cl01tl/manifests/immich/Service-immich-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/immich/Service-immich-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: immich-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/Service-immich-valkey-read.yaml b/clusters/cl01tl/manifests/immich/Service-immich-valkey-read.yaml index e8acedc0a..e91c2856b 100644 --- a/clusters/cl01tl/manifests/immich/Service-immich-valkey-read.yaml +++ b/clusters/cl01tl/manifests/immich/Service-immich-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: immich-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/Service-immich-valkey.yaml b/clusters/cl01tl/manifests/immich/Service-immich-valkey.yaml index 679ab016c..1f4852319 100644 --- a/clusters/cl01tl/manifests/immich/Service-immich-valkey.yaml +++ b/clusters/cl01tl/manifests/immich/Service-immich-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: immich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/ServiceAccount-immich-valkey.yaml b/clusters/cl01tl/manifests/immich/ServiceAccount-immich-valkey.yaml index cd7ceaa53..d1e7d95df 100644 --- a/clusters/cl01tl/manifests/immich/ServiceAccount-immich-valkey.yaml +++ b/clusters/cl01tl/manifests/immich/ServiceAccount-immich-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: immich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/ServiceMonitor-immich-valkey.yaml b/clusters/cl01tl/manifests/immich/ServiceMonitor-immich-valkey.yaml index 11602c1a0..631397d43 100644 --- a/clusters/cl01tl/manifests/immich/ServiceMonitor-immich-valkey.yaml +++ b/clusters/cl01tl/manifests/immich/ServiceMonitor-immich-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: immich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/immich/StatefulSet-immich-valkey.yaml b/clusters/cl01tl/manifests/immich/StatefulSet-immich-valkey.yaml index 0ed8011b9..6270ffbb3 100644 --- a/clusters/cl01tl/manifests/immich/StatefulSet-immich-valkey.yaml +++ b/clusters/cl01tl/manifests/immich/StatefulSet-immich-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: immich-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: immich annotations: - checksum/initconfig: "56fd0449d1eea259ddd955cd82dc8344" + checksum/initconfig: "2d8432be19db9efa32b993becf4e58d4" spec: automountServiceAccountToken: false serviceAccountName: immich-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: immich-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/ConfigMap-kube-prometheus-stack-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/ConfigMap-kube-prometheus-stack-valkey-init-scripts.yaml index 871c94040..6e4ffeb05 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/ConfigMap-kube-prometheus-stack-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/ConfigMap-kube-prometheus-stack-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: kube-prometheus-stack-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/PodMonitor-kube-prometheus-stack-valkey.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/PodMonitor-kube-prometheus-stack-valkey.yaml index f358f3747..9ac2cc58f 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/PodMonitor-kube-prometheus-stack-valkey.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/PodMonitor-kube-prometheus-stack-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: kube-prometheus-stack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/PrometheusRule-kube-prometheus-stack-valkey.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/PrometheusRule-kube-prometheus-stack-valkey.yaml index 9364571ec..294cb33ac 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/PrometheusRule-kube-prometheus-stack-valkey.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/PrometheusRule-kube-prometheus-stack-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: kube-prometheus-stack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-headless.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-headless.yaml index ccfff1696..521b7cdf6 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: kube-prometheus-stack-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-metrics.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-metrics.yaml index 62da3044f..54ffaef8a 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: kube-prometheus-stack-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-read.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-read.yaml index 1650f0d3f..41b58828b 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-read.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: kube-prometheus-stack-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey.yaml index 723c9aa5e..405ca7639 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/Service-kube-prometheus-stack-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: kube-prometheus-stack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceAccount-kube-prometheus-stack-valkey.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceAccount-kube-prometheus-stack-valkey.yaml index 0a5ed3f88..964f8ccc3 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceAccount-kube-prometheus-stack-valkey.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceAccount-kube-prometheus-stack-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: kube-prometheus-stack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceMonitor-kube-prometheus-stack-valkey.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceMonitor-kube-prometheus-stack-valkey.yaml index 6f91fb899..3cf3d1801 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceMonitor-kube-prometheus-stack-valkey.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceMonitor-kube-prometheus-stack-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: kube-prometheus-stack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/StatefulSet-kube-prometheus-stack-valkey.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/StatefulSet-kube-prometheus-stack-valkey.yaml index 5a4d8bd09..5271f67b5 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/StatefulSet-kube-prometheus-stack-valkey.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/StatefulSet-kube-prometheus-stack-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: kube-prometheus-stack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: kube-prometheus-stack annotations: - checksum/initconfig: "19aa72242c390a2a3c03b27433fec083" + checksum/initconfig: "2a33cd92aa2d695fd0f7ee05ae681790" spec: automountServiceAccountToken: false serviceAccountName: kube-prometheus-stack-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: kube-prometheus-stack-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse-valkey-hookshot-init-scripts.yaml b/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse-valkey-hookshot-init-scripts.yaml index 7a4770739..8ae060e14 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse-valkey-hookshot-init-scripts.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse-valkey-hookshot-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: matrix-synapse-valkey-hookshot-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse-valkey-init-scripts.yaml index 108ef20f0..b6f644738 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ConfigMap-matrix-synapse-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: matrix-synapse-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Pod-matrix-synapse-valkey-test-auth-existing.yaml b/clusters/cl01tl/manifests/matrix-synapse/Pod-matrix-synapse-valkey-test-auth-existing.yaml index 591212956..aabae496c 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Pod-matrix-synapse-valkey-test-auth-existing.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Pod-matrix-synapse-valkey-test-auth-existing.yaml @@ -3,7 +3,7 @@ kind: Pod metadata: name: matrix-synapse-valkey-test-auth-existing labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" @@ -15,7 +15,7 @@ spec: restartPolicy: Never containers: - name: test-auth - image: "valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9" + image: "docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9" command: - sh - -c diff --git a/clusters/cl01tl/manifests/matrix-synapse/PodMonitor-matrix-synapse-valkey-hookshot.yaml b/clusters/cl01tl/manifests/matrix-synapse/PodMonitor-matrix-synapse-valkey-hookshot.yaml index fa0024771..d7b1bb4cf 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/PodMonitor-matrix-synapse-valkey-hookshot.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/PodMonitor-matrix-synapse-valkey-hookshot.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: matrix-synapse-valkey-hookshot labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/PrometheusRule-matrix-synapse-valkey-hookshot.yaml b/clusters/cl01tl/manifests/matrix-synapse/PrometheusRule-matrix-synapse-valkey-hookshot.yaml index 2fa44091a..6e5dd36d7 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/PrometheusRule-matrix-synapse-valkey-hookshot.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/PrometheusRule-matrix-synapse-valkey-hookshot.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: matrix-synapse-valkey-hookshot labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-headless.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-headless.yaml index 9eabbb6b0..56befdf4b 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: matrix-synapse-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-headless.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-headless.yaml index 9f1d3debe..54b446b46 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-headless.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: matrix-synapse-valkey-hookshot-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-metrics.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-metrics.yaml index af1fa4d47..da4af0286 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-metrics.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: matrix-synapse-valkey-hookshot-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-read.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-read.yaml index 2e525b069..c211b13ea 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-read.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: matrix-synapse-valkey-hookshot-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot.yaml index fc17f171c..dc03f17ca 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-hookshot.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: matrix-synapse-valkey-hookshot labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-read.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-read.yaml index 224661c98..868b5d78b 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-read.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: matrix-synapse-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey.yaml index 542727392..35a3a956e 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: matrix-synapse-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-valkey-hookshot.yaml b/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-valkey-hookshot.yaml index b0c6ae391..9a443a0dd 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-valkey-hookshot.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-valkey-hookshot.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: matrix-synapse-valkey-hookshot labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-valkey.yaml b/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-valkey.yaml index 81f45a1f7..0efbd7fcb 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-valkey.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: matrix-synapse-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-valkey-hookshot.yaml b/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-valkey-hookshot.yaml index 032a23ce1..598cfb5cb 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-valkey-hookshot.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-valkey-hookshot.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: matrix-synapse-valkey-hookshot labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-matrix-synapse-valkey-hookshot.yaml b/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-matrix-synapse-valkey-hookshot.yaml index 2292de86d..abf0f13dd 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-matrix-synapse-valkey-hookshot.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-matrix-synapse-valkey-hookshot.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: matrix-synapse-valkey-hookshot labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey-hookshot app.kubernetes.io/instance: matrix-synapse annotations: - checksum/initconfig: "be330f0cfd3ac6b10c6beb9aa42e308a" + checksum/initconfig: "aae826beaee4a88b18f654c578fef5d8" spec: automountServiceAccountToken: false serviceAccountName: matrix-synapse-valkey-hookshot @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: matrix-synapse-valkey-hookshot-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-matrix-synapse-valkey.yaml b/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-matrix-synapse-valkey.yaml index de81b83ec..b1857e4c3 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-matrix-synapse-valkey.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/StatefulSet-matrix-synapse-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: matrix-synapse-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: matrix-synapse annotations: - checksum/initconfig: "fb8ae470a9464112ac420b4e06117ac5" + checksum/initconfig: "cc7e33d661e37e2f4bd1e87887270f67" spec: automountServiceAccountToken: false serviceAccountName: matrix-synapse-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: matrix-synapse-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -74,6 +77,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/outline/ConfigMap-outline-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/outline/ConfigMap-outline-valkey-init-scripts.yaml index c33e6b4c7..77a4b9e4a 100644 --- a/clusters/cl01tl/manifests/outline/ConfigMap-outline-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/outline/ConfigMap-outline-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: outline-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/PodMonitor-outline-valkey.yaml b/clusters/cl01tl/manifests/outline/PodMonitor-outline-valkey.yaml index 10a95ee38..e06df64fe 100644 --- a/clusters/cl01tl/manifests/outline/PodMonitor-outline-valkey.yaml +++ b/clusters/cl01tl/manifests/outline/PodMonitor-outline-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: outline-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/PrometheusRule-outline-valkey.yaml b/clusters/cl01tl/manifests/outline/PrometheusRule-outline-valkey.yaml index f736e81a7..d36aa2223 100644 --- a/clusters/cl01tl/manifests/outline/PrometheusRule-outline-valkey.yaml +++ b/clusters/cl01tl/manifests/outline/PrometheusRule-outline-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: outline-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/Service-outline-valkey-headless.yaml b/clusters/cl01tl/manifests/outline/Service-outline-valkey-headless.yaml index 4e3a956f3..1a2c77c1c 100644 --- a/clusters/cl01tl/manifests/outline/Service-outline-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/outline/Service-outline-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: outline-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/Service-outline-valkey-metrics.yaml b/clusters/cl01tl/manifests/outline/Service-outline-valkey-metrics.yaml index 3f4f8a70a..cff898148 100644 --- a/clusters/cl01tl/manifests/outline/Service-outline-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/outline/Service-outline-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: outline-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/Service-outline-valkey-read.yaml b/clusters/cl01tl/manifests/outline/Service-outline-valkey-read.yaml index 5768ec7be..531bd0a38 100644 --- a/clusters/cl01tl/manifests/outline/Service-outline-valkey-read.yaml +++ b/clusters/cl01tl/manifests/outline/Service-outline-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: outline-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/Service-outline-valkey.yaml b/clusters/cl01tl/manifests/outline/Service-outline-valkey.yaml index 099c28f27..c35a018ba 100644 --- a/clusters/cl01tl/manifests/outline/Service-outline-valkey.yaml +++ b/clusters/cl01tl/manifests/outline/Service-outline-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: outline-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/ServiceAccount-outline-valkey.yaml b/clusters/cl01tl/manifests/outline/ServiceAccount-outline-valkey.yaml index a4d203a1b..8823219c2 100644 --- a/clusters/cl01tl/manifests/outline/ServiceAccount-outline-valkey.yaml +++ b/clusters/cl01tl/manifests/outline/ServiceAccount-outline-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: outline-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/ServiceMonitor-outline-valkey.yaml b/clusters/cl01tl/manifests/outline/ServiceMonitor-outline-valkey.yaml index 9152a6771..c1d63e9f5 100644 --- a/clusters/cl01tl/manifests/outline/ServiceMonitor-outline-valkey.yaml +++ b/clusters/cl01tl/manifests/outline/ServiceMonitor-outline-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: outline-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/outline/StatefulSet-outline-valkey.yaml b/clusters/cl01tl/manifests/outline/StatefulSet-outline-valkey.yaml index e809a8e6d..99ccc7de0 100644 --- a/clusters/cl01tl/manifests/outline/StatefulSet-outline-valkey.yaml +++ b/clusters/cl01tl/manifests/outline/StatefulSet-outline-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: outline-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: outline annotations: - checksum/initconfig: "3b9de9687ce0791285b591450baf7ecf" + checksum/initconfig: "0a5b3b29bae26fff2ec6bf40b597d4a8" spec: automountServiceAccountToken: false serviceAccountName: outline-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: outline-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/paperless-ngx/ConfigMap-paperless-ngx-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/paperless-ngx/ConfigMap-paperless-ngx-valkey-init-scripts.yaml index 32e8ee256..b4aa258a7 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/ConfigMap-paperless-ngx-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/ConfigMap-paperless-ngx-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: paperless-ngx-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/PodMonitor-paperless-ngx-valkey.yaml b/clusters/cl01tl/manifests/paperless-ngx/PodMonitor-paperless-ngx-valkey.yaml index 535ad8827..5d5458266 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/PodMonitor-paperless-ngx-valkey.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/PodMonitor-paperless-ngx-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: paperless-ngx-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/PrometheusRule-paperless-ngx-valkey.yaml b/clusters/cl01tl/manifests/paperless-ngx/PrometheusRule-paperless-ngx-valkey.yaml index 8839c3863..63febdb0a 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/PrometheusRule-paperless-ngx-valkey.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/PrometheusRule-paperless-ngx-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: paperless-ngx-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-headless.yaml b/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-headless.yaml index efdd94614..4d33db674 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: paperless-ngx-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-metrics.yaml b/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-metrics.yaml index ba7622b75..e710a7259 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: paperless-ngx-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-read.yaml b/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-read.yaml index 7c87418c9..0073ff06e 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-read.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: paperless-ngx-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey.yaml b/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey.yaml index 0d0a6f039..2275d4ff2 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/Service-paperless-ngx-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: paperless-ngx-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/ServiceAccount-paperless-ngx-valkey.yaml b/clusters/cl01tl/manifests/paperless-ngx/ServiceAccount-paperless-ngx-valkey.yaml index 481d2dfcc..a99315688 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/ServiceAccount-paperless-ngx-valkey.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/ServiceAccount-paperless-ngx-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: paperless-ngx-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/ServiceMonitor-paperless-ngx-valkey.yaml b/clusters/cl01tl/manifests/paperless-ngx/ServiceMonitor-paperless-ngx-valkey.yaml index 1aad6e265..d55ce5f21 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/ServiceMonitor-paperless-ngx-valkey.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/ServiceMonitor-paperless-ngx-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: paperless-ngx-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/paperless-ngx/StatefulSet-paperless-ngx-valkey.yaml b/clusters/cl01tl/manifests/paperless-ngx/StatefulSet-paperless-ngx-valkey.yaml index b00f98df9..969e97dcb 100644 --- a/clusters/cl01tl/manifests/paperless-ngx/StatefulSet-paperless-ngx-valkey.yaml +++ b/clusters/cl01tl/manifests/paperless-ngx/StatefulSet-paperless-ngx-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: paperless-ngx-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: paperless-ngx annotations: - checksum/initconfig: "a1d6929543a3ab299e8e2250e7b7375b" + checksum/initconfig: "39160ec19ae7b7bd50ddcfc5cb845f8f" spec: automountServiceAccountToken: false serviceAccountName: paperless-ngx-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: paperless-ngx-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/postiz/ConfigMap-postiz-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/postiz/ConfigMap-postiz-valkey-init-scripts.yaml index 8024a54a7..634f7b2c4 100644 --- a/clusters/cl01tl/manifests/postiz/ConfigMap-postiz-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/postiz/ConfigMap-postiz-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: postiz-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: postiz app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/postiz/Pod-postiz-valkey-test-auth-existing.yaml b/clusters/cl01tl/manifests/postiz/Pod-postiz-valkey-test-auth-existing.yaml index 6e026e36d..e87dcfca4 100644 --- a/clusters/cl01tl/manifests/postiz/Pod-postiz-valkey-test-auth-existing.yaml +++ b/clusters/cl01tl/manifests/postiz/Pod-postiz-valkey-test-auth-existing.yaml @@ -3,7 +3,7 @@ kind: Pod metadata: name: postiz-valkey-test-auth-existing labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: postiz app.kubernetes.io/version: "9.0.3" @@ -15,7 +15,7 @@ spec: restartPolicy: Never containers: - name: test-auth - image: "valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9" + image: "docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9" command: - sh - -c diff --git a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-headless.yaml b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-headless.yaml index 194a1d9a0..93265442c 100644 --- a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: postiz-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: postiz app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-read.yaml b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-read.yaml index cc4556a25..3f13d7e89 100644 --- a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-read.yaml +++ b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: postiz-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: postiz app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey.yaml index 660ddb312..071e0ca02 100644 --- a/clusters/cl01tl/manifests/postiz/Service-postiz-valkey.yaml +++ b/clusters/cl01tl/manifests/postiz/Service-postiz-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: postiz-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: postiz app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-valkey.yaml index 480c1718f..b259acdde 100644 --- a/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-valkey.yaml +++ b/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: postiz-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: postiz app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/postiz/StatefulSet-postiz-valkey.yaml b/clusters/cl01tl/manifests/postiz/StatefulSet-postiz-valkey.yaml index 88f7af502..44cef5a82 100644 --- a/clusters/cl01tl/manifests/postiz/StatefulSet-postiz-valkey.yaml +++ b/clusters/cl01tl/manifests/postiz/StatefulSet-postiz-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: postiz-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: postiz app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: postiz annotations: - checksum/initconfig: "fe93fb7000602d0fb3b36b111a77c4a3" + checksum/initconfig: "44286185ea84e0ac0e4c081efb4760b3" spec: automountServiceAccountToken: false serviceAccountName: postiz-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: postiz-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -74,6 +77,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/stalwart/ConfigMap-stalwart-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/stalwart/ConfigMap-stalwart-valkey-init-scripts.yaml index 55e4aa591..2b82e915f 100644 --- a/clusters/cl01tl/manifests/stalwart/ConfigMap-stalwart-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/stalwart/ConfigMap-stalwart-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: stalwart-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/PodMonitor-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/PodMonitor-stalwart-valkey.yaml index 0fbeeeb59..956d0c98a 100644 --- a/clusters/cl01tl/manifests/stalwart/PodMonitor-stalwart-valkey.yaml +++ b/clusters/cl01tl/manifests/stalwart/PodMonitor-stalwart-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: stalwart-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/PrometheusRule-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/PrometheusRule-stalwart-valkey.yaml index 9d95ad260..f6154938f 100644 --- a/clusters/cl01tl/manifests/stalwart/PrometheusRule-stalwart-valkey.yaml +++ b/clusters/cl01tl/manifests/stalwart/PrometheusRule-stalwart-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: stalwart-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-headless.yaml b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-headless.yaml index 03bccfb21..c9de0e07d 100644 --- a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: stalwart-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-metrics.yaml b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-metrics.yaml index 3acad5563..79ee9f963 100644 --- a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: stalwart-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-read.yaml b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-read.yaml index c1892fc72..639cf5839 100644 --- a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-read.yaml +++ b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: stalwart-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey.yaml index 34479d96b..5a353ce4d 100644 --- a/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey.yaml +++ b/clusters/cl01tl/manifests/stalwart/Service-stalwart-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: stalwart-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/ServiceAccount-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/ServiceAccount-stalwart-valkey.yaml index 115e027fe..e76c2e57e 100644 --- a/clusters/cl01tl/manifests/stalwart/ServiceAccount-stalwart-valkey.yaml +++ b/clusters/cl01tl/manifests/stalwart/ServiceAccount-stalwart-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: stalwart-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/ServiceMonitor-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/ServiceMonitor-stalwart-valkey.yaml index a33baae99..b3f1ead4a 100644 --- a/clusters/cl01tl/manifests/stalwart/ServiceMonitor-stalwart-valkey.yaml +++ b/clusters/cl01tl/manifests/stalwart/ServiceMonitor-stalwart-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: stalwart-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/stalwart/StatefulSet-stalwart-valkey.yaml b/clusters/cl01tl/manifests/stalwart/StatefulSet-stalwart-valkey.yaml index 336121c4a..c298be812 100644 --- a/clusters/cl01tl/manifests/stalwart/StatefulSet-stalwart-valkey.yaml +++ b/clusters/cl01tl/manifests/stalwart/StatefulSet-stalwart-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: stalwart-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: stalwart annotations: - checksum/initconfig: "0b239a281121e840428928da1c5cc8f7" + checksum/initconfig: "4c6b93b8a76c270b0b7536ec44133194" spec: automountServiceAccountToken: false serviceAccountName: stalwart-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: stalwart-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/tubearchivist/ConfigMap-tubearchivist-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/tubearchivist/ConfigMap-tubearchivist-valkey-init-scripts.yaml index 73f9e85dd..5edc3c6b6 100644 --- a/clusters/cl01tl/manifests/tubearchivist/ConfigMap-tubearchivist-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/ConfigMap-tubearchivist-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: tubearchivist-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/PodMonitor-tubearchivist-valkey.yaml b/clusters/cl01tl/manifests/tubearchivist/PodMonitor-tubearchivist-valkey.yaml index 6793f5ab4..9e8870952 100644 --- a/clusters/cl01tl/manifests/tubearchivist/PodMonitor-tubearchivist-valkey.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/PodMonitor-tubearchivist-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: tubearchivist-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/PrometheusRule-tubearchivist-valkey.yaml b/clusters/cl01tl/manifests/tubearchivist/PrometheusRule-tubearchivist-valkey.yaml index 1fd5bc58b..e81538eb3 100644 --- a/clusters/cl01tl/manifests/tubearchivist/PrometheusRule-tubearchivist-valkey.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/PrometheusRule-tubearchivist-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: tubearchivist-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-headless.yaml b/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-headless.yaml index 5f05257c3..61aab7535 100644 --- a/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: tubearchivist-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-metrics.yaml b/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-metrics.yaml index a7039b064..1863f1057 100644 --- a/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: tubearchivist-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-read.yaml b/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-read.yaml index e34f4301e..ae76b357a 100644 --- a/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-read.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: tubearchivist-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey.yaml b/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey.yaml index bd691cf3d..9304c9162 100644 --- a/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/Service-tubearchivist-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: tubearchivist-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/ServiceAccount-tubearchivist-valkey.yaml b/clusters/cl01tl/manifests/tubearchivist/ServiceAccount-tubearchivist-valkey.yaml index 82fe95b74..8bd9e9177 100644 --- a/clusters/cl01tl/manifests/tubearchivist/ServiceAccount-tubearchivist-valkey.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/ServiceAccount-tubearchivist-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: tubearchivist-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/ServiceMonitor-tubearchivist-valkey.yaml b/clusters/cl01tl/manifests/tubearchivist/ServiceMonitor-tubearchivist-valkey.yaml index deae25d15..966fadd8d 100644 --- a/clusters/cl01tl/manifests/tubearchivist/ServiceMonitor-tubearchivist-valkey.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/ServiceMonitor-tubearchivist-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: tubearchivist-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/tubearchivist/StatefulSet-tubearchivist-valkey.yaml b/clusters/cl01tl/manifests/tubearchivist/StatefulSet-tubearchivist-valkey.yaml index 809239c84..15494bce0 100644 --- a/clusters/cl01tl/manifests/tubearchivist/StatefulSet-tubearchivist-valkey.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/StatefulSet-tubearchivist-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: tubearchivist-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: tubearchivist annotations: - checksum/initconfig: "98c1a271c9c183213a1aa113039e1a4e" + checksum/initconfig: "3be91ff7618b7c996cd412435660fddc" spec: automountServiceAccountToken: false serviceAccountName: tubearchivist-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: tubearchivist-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL diff --git a/clusters/cl01tl/manifests/yamtrack/ConfigMap-yamtrack-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/yamtrack/ConfigMap-yamtrack-valkey-init-scripts.yaml index ec4434d98..a74faaaf7 100644 --- a/clusters/cl01tl/manifests/yamtrack/ConfigMap-yamtrack-valkey-init-scripts.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ConfigMap-yamtrack-valkey-init-scripts.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: yamtrack-valkey-init-scripts labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/PodMonitor-yamtrack-valkey.yaml b/clusters/cl01tl/manifests/yamtrack/PodMonitor-yamtrack-valkey.yaml index 63763c1ab..01c030e7f 100644 --- a/clusters/cl01tl/manifests/yamtrack/PodMonitor-yamtrack-valkey.yaml +++ b/clusters/cl01tl/manifests/yamtrack/PodMonitor-yamtrack-valkey.yaml @@ -3,7 +3,7 @@ kind: PodMonitor metadata: name: yamtrack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/PrometheusRule-yamtrack-valkey.yaml b/clusters/cl01tl/manifests/yamtrack/PrometheusRule-yamtrack-valkey.yaml index f60d15d6d..70e464dfa 100644 --- a/clusters/cl01tl/manifests/yamtrack/PrometheusRule-yamtrack-valkey.yaml +++ b/clusters/cl01tl/manifests/yamtrack/PrometheusRule-yamtrack-valkey.yaml @@ -3,7 +3,7 @@ kind: PrometheusRule metadata: name: yamtrack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-headless.yaml b/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-headless.yaml index 388150469..739d0c296 100644 --- a/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-headless.yaml +++ b/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-headless.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: yamtrack-valkey-headless labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-metrics.yaml b/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-metrics.yaml index e191831e8..5270ef151 100644 --- a/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-metrics.yaml +++ b/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-metrics.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: yamtrack-valkey-metrics labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-read.yaml b/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-read.yaml index e3d19d4e3..30a632fbd 100644 --- a/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-read.yaml +++ b/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey-read.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: yamtrack-valkey-read labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey.yaml b/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey.yaml index 6b0409a6b..65176b836 100644 --- a/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey.yaml +++ b/clusters/cl01tl/manifests/yamtrack/Service-yamtrack-valkey.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: yamtrack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/ServiceAccount-yamtrack-valkey.yaml b/clusters/cl01tl/manifests/yamtrack/ServiceAccount-yamtrack-valkey.yaml index d350bf605..c325a260e 100644 --- a/clusters/cl01tl/manifests/yamtrack/ServiceAccount-yamtrack-valkey.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ServiceAccount-yamtrack-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: yamtrack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/ServiceMonitor-yamtrack-valkey.yaml b/clusters/cl01tl/manifests/yamtrack/ServiceMonitor-yamtrack-valkey.yaml index 23b55ba39..c5039f2a2 100644 --- a/clusters/cl01tl/manifests/yamtrack/ServiceMonitor-yamtrack-valkey.yaml +++ b/clusters/cl01tl/manifests/yamtrack/ServiceMonitor-yamtrack-valkey.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: name: yamtrack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" diff --git a/clusters/cl01tl/manifests/yamtrack/StatefulSet-yamtrack-valkey.yaml b/clusters/cl01tl/manifests/yamtrack/StatefulSet-yamtrack-valkey.yaml index f64ae8cfc..7cdd6e19b 100644 --- a/clusters/cl01tl/manifests/yamtrack/StatefulSet-yamtrack-valkey.yaml +++ b/clusters/cl01tl/manifests/yamtrack/StatefulSet-yamtrack-valkey.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: yamtrack-valkey labels: - helm.sh/chart: valkey-0.9.3 + helm.sh/chart: valkey-0.9.4 app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack app.kubernetes.io/version: "9.0.3" @@ -32,7 +32,7 @@ spec: app.kubernetes.io/name: valkey app.kubernetes.io/instance: yamtrack annotations: - checksum/initconfig: "2a752af416142b8e244d7d720adef483" + checksum/initconfig: "a1a311827512d0f30f70b1a7ec6022d1" spec: automountServiceAccountToken: false serviceAccountName: yamtrack-valkey @@ -40,11 +40,14 @@ spec: fsGroup: 1000 runAsGroup: 1000 runAsUser: 1000 + seccompProfile: + type: RuntimeDefault initContainers: - name: yamtrack-valkey-init image: docker.io/valkey/valkey:9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9 imagePullPolicy: IfNotPresent securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL @@ -69,6 +72,7 @@ spec: command: ["valkey-server"] args: ["/data/conf/valkey.conf"] securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL