alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests Actions Activity
Files
f57f7ef18b4567176b44c99f99f8e30b05e4c2a1
infrastructure/clusters/cl01tl/helm/karakeep/values.yaml
Renovate Bot 7d4cdb9f67
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
Update ghcr.io/karakeep-app/karakeep Docker tag to v0.29.3 (#2642) 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/karakeep-app/karakeep](https://github.com/karakeep-app/karakeep) | patch | `0.29.1` -> `0.29.3` |

---

### Release Notes

<details>
<summary>karakeep-app/karakeep (ghcr.io/karakeep-app/karakeep)</summary>

### [`v0.29.3`](https://github.com/karakeep-app/karakeep/releases/tag/v0.29.3): 0.29.3

[Compare Source](https://github.com/karakeep-app/karakeep/compare/v0.29.2...v0.29.3)

Well. Upgrading Nextjs one more time to patch CVE-2025-67779.

### [`v0.29.2`](https://github.com/karakeep-app/karakeep/releases/tag/v0.29.2): 0.29.2

[Compare Source](https://github.com/karakeep-app/karakeep/compare/v0.29.1...v0.29.2)

Upgrading Nextjs to patch two new vulnerabilities in react CVE-2025-55184 & CVE-2025-55183. This is on top of the critical vulnerability (CVE-2025-66478) that was patched in 0.29.1.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zOS4xIiwidXBkYXRlZEluVmVyIjoiNDIuMzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwiaW1hZ2UiXX0=-->

Reviewed-on: #2642
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
2025-12-18 02:33:19 +00:00

157 lines
4.7 KiB
YAML
Raw Blame History

karakeep:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/karakeep-app/karakeep
tag: 0.29.3
pullPolicy: IfNotPresent
env:
- name: DATA_DIR
value: /data
- name: DB_WAL_MODE
value: true
- name: NEXTAUTH_URL
value: https://karakeep.alexlebens.dev/
- name: NEXTAUTH_SECRET
valueFrom:
secretKeyRef:
name: karakeep-key-secret
key: key
- name: PROMETHEUS_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: karakeep-key-secret
key: prometheus-token
- name: ASSET_STORE_S3_ENDPOINT
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: ASSET_STORE_S3_REGION
value: us-east-1
- name: ASSET_STORE_S3_BUCKET
valueFrom:
configMapKeyRef:
name: ceph-bucket-karakeep
key: BUCKET_NAME
- name: ASSET_STORE_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: ceph-bucket-karakeep
key: AWS_ACCESS_KEY_ID
- name: ASSET_STORE_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: ceph-bucket-karakeep
key: AWS_SECRET_ACCESS_KEY
- name: ASSET_STORE_S3_FORCE_PATH_STYLE
value: true
- name: MEILI_ADDR
value: http://karakeep-meilisearch.karakeep:7700
- name: MEILI_MASTER_KEY
valueFrom:
secretKeyRef:
name: karakeep-meilisearch-master-key-secret
key: MEILI_MASTER_KEY
- name: BROWSER_WEB_URL
value: http://karakeep.karakeep:9222
- name: DISABLE_SIGNUPS
value: false
- name: OAUTH_PROVIDER_NAME
value: "Authentik"
- name: OAUTH_WELLKNOWN_URL
value: https://auth.alexlebens.dev/application/o/karakeep/.well-known/openid-configuration
- name: OAUTH_SCOPE
value: "openid email profile"
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: karakeep-oidc-secret
key: AUTHENTIK_CLIENT_ID
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: karakeep-oidc-secret
key: AUTHENTIK_CLIENT_SECRET
- name: OLLAMA_BASE_URL
value: http://ollama-server-3.ollama:11434
- name: OLLAMA_KEEP_ALIVE
value: 5m
- name: INFERENCE_TEXT_MODEL
value: gemma3:4b
- name: INFERENCE_IMAGE_MODEL
value: granite3.2-vision:2b
- name: EMBEDDING_TEXT_MODEL
value: mxbai-embed-large
- name: INFERENCE_JOB_TIMEOUT_SEC
value: 720
resources:
requests:
cpu: 10m
memory: 256Mi
chrome:
image:
repository: gcr.io/zenika-hub/alpine-chrome
tag: 124
pullPolicy: IfNotPresent
args:
- --no-sandbox
- --disable-gpu
- --disable-dev-shm-usage
- --remote-debugging-address=0.0.0.0
- --remote-debugging-port=9222
- --hide-scrollbars
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 3000
targetPort: 3000
protocol: HTTP
chrome:
port: 9222
targetPort: 9222
protocol: HTTP
persistence:
data:
forceRename: karakeep
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
meilisearch:
environment:
MEILI_NO_ANALYTICS: true
MEILI_ENV: production
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth:
existingMasterKeySecret: karakeep-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
size: 10Gi
resources:
requests:
cpu: 10m
memory: 128Mi
serviceMonitor:
enabled: true
volsync-target-data:
pvcTarget: karakeep
Reference in New Issue View Git Blame Copy Permalink