feat(container)!: Update image app-template to v3 #227
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
--- kubernetes/apps/services/atuin/app Kustomization: flux-system/atuin HelmRelease: services/atuin
+++ kubernetes/apps/services/atuin/app Kustomization: flux-system/atuin HelmRelease: services/atuin
@@ -13,30 +13,30 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ atuin:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ app:
args:
- server
- start
env:
ATUIN_HOST: 0.0.0.0
ATUIN_METRICS__ENABLE: 'true'
@@ -77,49 +77,51 @@
runAsGroup: 568
runAsNonRoot: true
runAsUser: 568
replicas: 2
strategy: RollingUpdate
ingress:
- main:
+ app:
annotations:
external-dns.alpha.kubernetes.io/target: internal.
className: internal
enabled: true
hosts:
- host: '{{ .Release.Name }}.'
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
- host: sh.
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
tls:
- hosts:
- '{{ .Release.Name }}.'
- sh.
persistence:
config:
enabled: true
type: emptyDir
service:
- main:
+ app:
+ controller: atuin
ports:
http:
port: 80
metrics:
port: 8080
serviceMonitor:
- main:
+ app:
enabled: true
endpoints:
- interval: 1m
path: /metrics
port: metrics
scheme: http
scrapeTimeout: 10s
+ serviceName: atuin
--- kubernetes/apps/auth/authelia/app Kustomization: flux-system/authelia HelmRelease: auth/authelia
+++ kubernetes/apps/auth/authelia/app Kustomization: flux-system/authelia HelmRelease: auth/authelia
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
dependsOn:
- name: lldap
namespace: auth
- name: redis
namespace: database
install:
@@ -32,17 +32,17 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ authelia:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ app:
env:
AUTHELIA_SERVER_ADDRESS: tcp://0.0.0.0:80
AUTHELIA_SERVER_DISABLE_HEALTHCHECK: 'true'
AUTHELIA_TELEMETRY_METRICS_ADDRESS: tcp://0.0.0.0:8080
AUTHELIA_TELEMETRY_METRICS_ENABLED: 'true'
AUTHELIA_THEME: dark
@@ -114,13 +114,13 @@
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
replicas: 2
strategy: RollingUpdate
ingress:
- main:
+ app:
annotations:
external-dns.alpha.kubernetes.io/target: internal.
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header Cache-Control "no-store";
add_header Pragma "no-cache";
add_header X-Frame-Options "SAMEORIGIN";
@@ -129,19 +129,19 @@
enabled: true
hosts:
- host: '{{ .Release.Name }}.'
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
- host: auth.
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
tls:
- hosts:
- '{{ .Release.Name }}.'
- auth.
persistence:
@@ -151,22 +151,23 @@
- path: /config/configuration.yaml
readOnly: true
subPath: configuration.yaml
name: authelia-configmap
type: configMap
service:
- main:
+ app:
+ controller: authelia
ports:
http:
port: 80
metrics:
port: 8080
serviceMonitor:
- main:
- enabled: true
+ app:
endpoints:
- interval: 1m
path: /metrics
port: metrics
scheme: http
scrapeTimeout: 10s
+ serviceName: authelia
--- kubernetes/apps/networking/cloudflared/app Kustomization: flux-system/cloudflared HelmRelease: networking/cloudflared
+++ kubernetes/apps/networking/cloudflared/app Kustomization: flux-system/cloudflared HelmRelease: networking/cloudflared
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,17 +27,17 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ cloudflared:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ app:
args:
- tunnel
- --config
- /etc/cloudflared/config/config.yaml
- run
- $(TUNNEL_ID)
@@ -106,14 +106,22 @@
- path: /etc/cloudflared/creds/credentials.json
readOnly: true
subPath: credentials.json
name: cloudflared-secret
type: secret
service:
- main:
+ app:
+ controller: cloudflared
ports:
http:
port: 8080
serviceMonitor:
- main:
+ app:
enabled: true
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: metrics
+ scheme: http
+ scrapeTimeout: 10s
+ serviceName: cloudflared
--- kubernetes/apps/services/code-server/app Kustomization: flux-system/code-server ExternalSecret: services/code-server
+++ kubernetes/apps/services/code-server/app Kustomization: flux-system/code-server ExternalSecret: services/code-server
@@ -1,24 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: code-server
- kustomize.toolkit.fluxcd.io/name: code-server
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: code-server
- namespace: services
-spec:
- dataFrom:
- - extract:
- key: code-server
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- name: code-server-secret
- template:
- data:
- PASSWORD: '{{ .CODE_SERVER_PASSWORD }}'
- engineVersion: v2
-
--- kubernetes/apps/services/code-server/app Kustomization: flux-system/code-server HelmRelease: services/code-server
+++ kubernetes/apps/services/code-server/app Kustomization: flux-system/code-server HelmRelease: services/code-server
@@ -1,116 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: code-server
- kustomize.toolkit.fluxcd.io/name: code-server
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: code-server
- namespace: services
-spec:
- chart:
- spec:
- chart: app-template
- sourceRef:
- kind: HelmRepository
- name: bjw-s
- namespace: flux-system
- version: 2.6.0
- install:
- remediation:
- retries: 3
- interval: 30m
- uninstall:
- keepHistory: false
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- values:
- controllers:
- main:
- annotations:
- reloader.stakater.com/auto: 'true'
- containers:
- main:
- env:
- DEFAULT_WORKSPACE: /config/workspace
- GUID: 568
- PROXY_DOMAIN: '{{ .Release.Name }}.'
- PUID: 568
- envFrom:
- - secretRef:
- name: code-server-secret
- image:
- repository: ghcr.io/linuxserver/code-server
- tag: 4.22.0
- resources:
- limits:
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 128Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- fsGroup: 568
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 568
- runAsNonRoot: true
- runAsUser: 568
- initContainers:
- init-chmod-data:
- command:
- - sh
- - -c
- - |
- chown -R 568:568 /config
- image:
- repository: busybox
- tag: latest
- imagePullPolicy: IfNotPresent
- order: 1
- securityContext:
- allowPrivilegeEscalation: true
- runAsUser: 0
- replicas: 1
- strategy: RollingUpdate
- ingress:
- main:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.
- className: internal
- enabled: true
- hosts:
- - host: '{{ .Release.Name }}.'
- paths:
- - path: /
- service:
- name: main
- port: http
- tls:
- - hosts:
- - '{{ .Release.Name }}.'
- persistence:
- data:
- accessMode: ReadWriteOnce
- enabled: true
- globalMounts:
- - path: /config
- readOnly: false
- retain: true
- size: 5Gi
- storageClass: local-path
- type: persistentVolumeClaim
- service:
- main:
- ports:
- http:
- port: 8080
- serviceMonitor:
- main:
- enabled: false
-
--- kubernetes/apps/services/code-server/app Kustomization: flux-system/code-server ConfigMap: services/code-server-gatus-ep
+++ kubernetes/apps/services/code-server/app Kustomization: flux-system/code-server ConfigMap: services/code-server-gatus-ep
@@ -1,27 +0,0 @@
----
-apiVersion: v1
-data:
- config.yaml: |-
- endpoints:
- - name: "code-server"
- group: internal
- url: "https://sh."
- interval: 1m
- ui:
- hide-hostname: true
- hide-url: true
- conditions:
- - "[STATUS] < 300"
- - "[RESPONSE_TIME] < 300"
- alerts:
- - type: pushover
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: code-server
- gatus.io/enabled: 'true'
- kustomize.toolkit.fluxcd.io/name: code-server
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: code-server-gatus-ep
- namespace: services
-
--- kubernetes/apps/networking/echo-server/app Kustomization: flux-system/echo-server HelmRelease: networking/echo-server
+++ kubernetes/apps/networking/echo-server/app Kustomization: flux-system/echo-server HelmRelease: networking/echo-server
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,15 +27,15 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ echo-server:
containers:
- main:
+ app:
env:
PORT: 8080
image:
repository: docker.io/jmalloc/echo-server
tag: 0.3.6
probes:
@@ -73,28 +73,39 @@
securityContext:
runAsGroup: 568
runAsUser: 568
replicas: 2
strategy: RollingUpdate
ingress:
- main:
+ app:
annotations:
external-dns.alpha.kubernetes.io/target: external.
hajimari.io/icon: video-input-antenna
className: external
enabled: true
hosts:
- host: '{{ .Release.Name }}.'
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
tls:
- hosts:
- '{{ .Release.Name }}.'
service:
- main:
+ app:
+ controller: echo-server
ports:
http:
port: 8080
+ serviceMonitor:
+ app:
+ enabled: true
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: metrics
+ scheme: http
+ scrapeTimeout: 10s
+ serviceName: echo-server
--- kubernetes/apps/kube-system/external-secrets/stores Kustomization: flux-system/external-secrets-stores HelmRelease: kube-system/onepassword-connect
+++ kubernetes/apps/kube-system/external-secrets/stores Kustomization: flux-system/external-secrets-stores HelmRelease: kube-system/onepassword-connect
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,17 +27,17 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ onepassword-connect:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ api:
env:
OP_BUS_PEERS: localhost:11221
OP_BUS_PORT: 11220
OP_HTTP_PORT: 80
OP_SESSION:
valueFrom:
@@ -71,13 +71,18 @@
enabled: false
resources:
limits:
memory: 256M
requests:
cpu: 10m
- memory: 128M
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
sync:
env:
OP_BUS_PEERS: localhost:11220
OP_BUS_PORT: 11221
OP_HTTP_PORT: 8081
OP_SESSION:
@@ -105,47 +110,53 @@
enabled: true
spec:
httpGet:
path: /health
port: 8081
initialDelaySeconds: 15
- resources:
- limits:
- memory: 256M
- requests:
- cpu: 10m
- memory: 128M
startup:
enabled: false
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
pod:
securityContext:
fsGroup: 999
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 999
runAsUser: 999
strategy: RollingUpdate
ingress:
- main:
+ api:
className: internal
enabled: true
hosts:
- host: onepassword-connect.${SECRET_DOMAIN}
paths:
- path: /
service:
- name: main
+ identifier: api
port: http
tls:
- hosts:
- onepassword-connect.${SECRET_DOMAIN}
persistence:
config:
enabled: true
globalMounts:
- path: /config
type: emptyDir
service:
- main:
+ api:
+ controller: onepassword-connect
ports:
http:
port: 80
--- kubernetes/apps/monitoring/gatus/app Kustomization: flux-system/gatus HelmRelease: monitoring/gatus
+++ kubernetes/apps/monitoring/gatus/app Kustomization: flux-system/gatus HelmRelease: monitoring/gatus
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,16 +27,39 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ gatus:
annotations:
reloader.stakater.com/auto: 'true'
containers:
+ app:
+ env:
+ CUSTOM_WEB_PORT: 80
+ GATUS_CONFIG_PATH: /config
+ TZ: America/New_York
+ envFrom:
+ - secretRef:
+ name: gatus-secret
+ image:
+ repository: ghcr.io/twin/gatus
+ tag: v5.7.0
+ resources:
+ limits:
+ memory: 512M
+ requests:
+ cpu: 10m
+ memory: 256M
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
config-sync:
env:
FOLDER: /config
LABEL: gatus.io/enabled
METHOD: WATCH
NAMESPACE: ALL
@@ -54,48 +77,24 @@
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- main:
- env:
- CUSTOM_WEB_PORT: 80
- GATUS_CONFIG_PATH: /config
- TZ: America/New_York
- envFrom:
- - secretRef:
- name: gatus-secret
- image:
- repository: ghcr.io/twin/gatus
- tag: v5.7.0
- resources:
- limits:
- memory: 512M
- requests:
- cpu: 10m
- memory: 256M
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
initContainers:
init-config:
env:
FOLDER: /config
LABEL: gatus.io/enabled
METHOD: LIST
NAMESPACE: ALL
RESOURCE: both
UNIQUE_FILENAMES: true
image:
repository: ghcr.io/kiwigrid/k8s-sidecar
tag: 1.26.1
- order: 2
resources:
limits:
memory: 128Mi
requests:
cpu: 10m
memory: 10Mi
@@ -103,13 +102,12 @@
envFrom:
- secretRef:
name: gatus-secret
image:
repository: ghcr.io/onedr0p/postgres-init
tag: 16
- order: 1
pod:
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
runAsNonRoot: true
@@ -122,19 +120,19 @@
enabled: true
hosts:
- host: '{{ .Release.Name }}.${SECRET_DOMAIN}'
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
- host: status.${SECRET_DOMAIN}
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
tls:
- hosts:
- '{{ .Release.Name }}.${SECRET_DOMAIN}'
- status.${SECRET_DOMAIN}
persistence:
@@ -146,17 +144,25 @@
- path: /config/config.yaml
readOnly: true
subPath: config.yaml
name: gatus-configmap
type: configMap
service:
- main:
+ app:
+ controller: gatus
ports:
http:
port: 80
serviceAccount:
create: true
name: gatus
serviceMonitor:
main:
enabled: true
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: metrics
+ scheme: http
+ scrapeTimeout: 10s
+ serviceName: gatus
--- kubernetes/apps/services/linkwarden/app Kustomization: flux-system/linkwarden HelmRelease: services/linkwarden
+++ kubernetes/apps/services/linkwarden/app Kustomization: flux-system/linkwarden HelmRelease: services/linkwarden
@@ -13,30 +13,30 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ linkwarden:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ app:
env:
AUTHELIA_SCOPES: openid email profile
AUTHELIA_WELLKNOWN_URL: https://auth./.well-known/openid-configuration
EMAIL_SERVER: smtp-relay.default.svc.cluster.local:25
NEXT_PUBLIC_AUTHELIA_ENABLED: true
NEXT_PUBLIC_EMAIL_PROVIDER: false
@@ -64,29 +64,29 @@
runAsGroup: 568
runAsNonRoot: true
runAsUser: 568
replicas: 1
strategy: RollingUpdate
ingress:
- main:
+ app:
annotations:
external-dns.alpha.kubernetes.io/target: internal.
className: internal
enabled: true
hosts:
- host: '{{ .Release.Name }}.'
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
- host: bookmarks.
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
tls:
- hosts:
- '{{ .Release.Name }}.'
- bookmarks.
persistence:
@@ -103,14 +103,22 @@
readOnly: false
retain: true
size: 5Gi
storageClass: local-path
type: persistentVolumeClaim
service:
- main:
+ app:
+ controller: linkwarden
ports:
http:
port: 3000
serviceMonitor:
- main:
- enabled: false
+ app:
+ enabled: true
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: metrics
+ scheme: http
+ scrapeTimeout: 10s
+ serviceName: linkwarden
--- kubernetes/apps/storage/minio/app Kustomization: flux-system/minio HelmRelease: storage/minio
+++ kubernetes/apps/storage/minio/app Kustomization: flux-system/minio HelmRelease: storage/minio
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,17 +27,17 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ minio:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ app:
args:
- server
- /data
- --console-address
- :9001
env:
@@ -79,45 +79,30 @@
timeoutSeconds: 10
startup:
enabled: false
securityContext:
runAsGroup: 568
runAsUser: 568
- initContainers:
- nfs-fixer:
- command:
- - sh
- - -c
- - (chmod 0775 /data; chgrp 568 /data)
- image:
- pullPolicy: IfNotPresent
- repository: alpine
- tag: 3.19
- securityContext:
- runAsUser: 0
- volumeMounts:
- - mountPath: /data
- name: nfs-test
ingress:
- main:
+ app:
annotations:
external-dns.alpha.kubernetes.io/target: internal.
className: internal
enabled: true
hosts:
- host: '{{ .Release.Name }}.'
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
- host: s3.
paths:
- path: /
service:
- name: main
+ identifier: app
port: s3
tls:
- hosts:
- '{{ .Release.Name }}.'
- s3.
persistence:
@@ -132,22 +117,24 @@
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
runAsUser: 568
supplementalGroups:
- 100
service:
- main:
+ app:
+ controller: minio
ports:
http:
port: 9001
s3:
port: 9000
serviceMonitor:
- main:
+ app:
enabled: true
endpoints:
- interval: 1m
path: /minio/v2/metrics/cluster
port: s3
scheme: http
scrapeTimeout: 10s
+ serviceName: minio
--- kubernetes/apps/default/smtp-relay/app Kustomization: flux-system/smtp-relay HelmRelease: default/smtp-relay
+++ kubernetes/apps/default/smtp-relay/app Kustomization: flux-system/smtp-relay HelmRelease: default/smtp-relay
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,17 +27,17 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ smtp-relay:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ app:
env:
SMTP_RELAY_METRICS_PORT: 8080
SMTP_RELAY_SERVER_PORT: 465
SMTP_RELAY_SMTP_PORT: 25
envFrom:
- secretRef:
@@ -77,19 +77,26 @@
- path: /data/maddy.conf
readOnly: true
subPath: maddy.conf
name: smtp-relay-configmap
type: configMap
service:
- main:
+ app:
annotations:
io.cilium/lb-ipam-ips: 10.20.0.155
+ controller: smtp-relay
ports:
http:
port: 8080
smtp:
port: 25
type: LoadBalancer
serviceMonitor:
- main:
- enabled: true
+ app:
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: http
+ scheme: http
+ scrapeTimeout: 10s
+ serviceName: smtp-relay
--- kubernetes/apps/auth/lldap/app Kustomization: flux-system/lldap HelmRelease: auth/lldap
+++ kubernetes/apps/auth/lldap/app Kustomization: flux-system/lldap HelmRelease: auth/lldap
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,17 +27,17 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ lldap:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ app:
env:
LLDAP_HTTP_PORT: 80
LLDAP_HTTP_URL: https://lldap.
LLDAP_LDAP_PORT: 389
TZ: America/New_York
envFrom:
@@ -69,30 +69,31 @@
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
replicas: 2
strategy: RollingUpdate
ingress:
- main:
+ app:
className: internal
enabled: true
hosts:
- host: '{{ .Release.Name }}.'
paths:
- path: /
service:
- name: main
+ identifier: app
port: http
tls:
- hosts:
- '{{ .Release.Name }}.'
persistence:
data:
type: emptyDir
service:
- main:
+ app:
+ controller: lldap
ports:
http:
port: 80
ldap:
port: 389
--- kubernetes/apps/monitoring/snmp-exporter/app Kustomization: flux-system/snmp HelmRelease: monitoring/snmp-exporter
+++ kubernetes/apps/monitoring/snmp-exporter/app Kustomization: flux-system/snmp HelmRelease: monitoring/snmp-exporter
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,17 +27,17 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ snmp-exporter:
annotations:
reloader.stakater.com/auto: 'true'
containers:
- main:
+ app:
args:
- --config.file=/config/snmp.yaml
envFrom:
- secretRef:
name: snmp-secret
image:
@@ -122,16 +122,26 @@
- path: /template/config.yaml
readOnly: true
subPath: config.yaml
name: snmp-configmap
type: configMap
service:
- main:
+ app:
+ controller: snmp-exporter
ports:
http:
port: 9116
+ serviceMonitor:
+ app:
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: http
+ scheme: http
+ scrapeTimeout: 10s
+ serviceName: snmp-exporter
valuesFrom:
- kind: Secret
name: snmp-secret
optional: false
valuesKey: values.yaml
--- kubernetes/apps/monitoring/unpoller/app Kustomization: flux-system/unpoller HelmRelease: monitoring/unpoller
+++ kubernetes/apps/monitoring/unpoller/app Kustomization: flux-system/unpoller HelmRelease: monitoring/unpoller
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 2.6.0
+ version: 3.0.2
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall:
@@ -27,15 +27,15 @@
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controllers:
- main:
+ unpoller:
containers:
- main:
+ app:
env:
TZ: America/New_York
UP_INFLUXDB_DISABLE: true
envFrom:
- secretRef:
name: unpoller-secret
@@ -57,20 +57,22 @@
pod:
securityContext:
runAsGroup: 568
runAsNonRoot: true
runAsUser: 568
service:
- main:
+ app:
+ controller: unpoller
ports:
http:
port: 9130
serviceMonitor:
- main:
+ app:
enabled: true
endpoints:
- interval: 2m
path: /metrics
port: http
scheme: http
scrapeTimeout: 10s
+ serviceName: unpoller
|
renovate
bot
force-pushed
the
renovate/app-template-3.x
branch
from
3e6751b to
7d786be
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
--- HelmRelease: networking/echo-server Service: networking/echo-server
+++ HelmRelease: networking/echo-server Service: networking/echo-server
@@ -13,10 +13,10 @@
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: echo-server
app.kubernetes.io/instance: echo-server
app.kubernetes.io/name: echo-server
--- HelmRelease: networking/echo-server Deployment: networking/echo-server
+++ HelmRelease: networking/echo-server Deployment: networking/echo-server
@@ -1,34 +1,34 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-server
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: echo-server
app.kubernetes.io/instance: echo-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: echo-server
spec:
revisionHistoryLimit: 3
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: echo-server
app.kubernetes.io/name: echo-server
app.kubernetes.io/instance: echo-server
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: echo-server
app.kubernetes.io/instance: echo-server
app.kubernetes.io/name: echo-server
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
runAsGroup: 568
runAsUser: 568
hostIPC: false
@@ -45,13 +45,13 @@
httpGet:
path: /health
port: 8080
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
- name: main
+ name: app
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 8080
initialDelaySeconds: 0
--- HelmRelease: networking/echo-server ServiceMonitor: networking/echo-server
+++ HelmRelease: networking/echo-server ServiceMonitor: networking/echo-server
@@ -0,0 +1,22 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: echo-server
+ labels:
+ app.kubernetes.io/instance: echo-server
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: echo-server
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/service: echo-server
+ app.kubernetes.io/name: echo-server
+ app.kubernetes.io/instance: echo-server
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: metrics
+ scheme: http
+ scrapeTimeout: 10s
+
--- HelmRelease: monitoring/gatus Service: monitoring/gatus
+++ HelmRelease: monitoring/gatus Service: monitoring/gatus
@@ -13,10 +13,10 @@
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: gatus
app.kubernetes.io/instance: gatus
app.kubernetes.io/name: gatus
--- HelmRelease: monitoring/gatus Deployment: monitoring/gatus
+++ HelmRelease: monitoring/gatus Deployment: monitoring/gatus
@@ -1,38 +1,38 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gatus
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: gatus
app.kubernetes.io/instance: gatus
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gatus
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: gatus
app.kubernetes.io/name: gatus
app.kubernetes.io/instance: gatus
template:
metadata:
annotations:
checksum/secrets: 4141e6981f3b767e75a4e744858b9ff414dba5d0ef6afd761f7700061fb6e32e
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: gatus
app.kubernetes.io/instance: gatus
app.kubernetes.io/name: gatus
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: gatus
automountServiceAccountToken: true
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
@@ -40,24 +40,12 @@
runAsUser: 568
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
initContainers:
- - envFrom:
- - secretRef:
- name: gatus-secret
- image: ghcr.io/onedr0p/postgres-init:16
- name: init-db
- volumeMounts:
- - mountPath: /config
- name: config
- - mountPath: /config/config.yaml
- name: config-file
- readOnly: true
- subPath: config.yaml
- env:
- name: FOLDER
value: /config
- name: LABEL
value: gatus.io/enabled
- name: METHOD
@@ -80,58 +68,49 @@
- mountPath: /config
name: config
- mountPath: /config/config.yaml
name: config-file
readOnly: true
subPath: config.yaml
+ - envFrom:
+ - secretRef:
+ name: gatus-secret
+ image: ghcr.io/onedr0p/postgres-init:16
+ name: init-db
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ - mountPath: /config/config.yaml
+ name: config-file
+ readOnly: true
+ subPath: config.yaml
containers:
- env:
- name: CUSTOM_WEB_PORT
value: '80'
- name: GATUS_CONFIG_PATH
value: /config
- name: TZ
value: America/New_York
envFrom:
- secretRef:
name: gatus-secret
image: ghcr.io/twin/gatus:v5.7.0
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 80
- timeoutSeconds: 1
- name: main
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 80
- timeoutSeconds: 1
+ name: app
resources:
limits:
memory: 512M
requests:
cpu: 10m
memory: 256M
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
- tcpSocket:
- port: 80
- timeoutSeconds: 1
volumeMounts:
- mountPath: /config
name: config
- mountPath: /config/config.yaml
name: config-file
readOnly: true
--- HelmRelease: monitoring/gatus ServiceMonitor: monitoring/gatus
+++ HelmRelease: monitoring/gatus ServiceMonitor: monitoring/gatus
@@ -13,10 +13,10 @@
app.kubernetes.io/service: gatus
app.kubernetes.io/name: gatus
app.kubernetes.io/instance: gatus
endpoints:
- interval: 1m
path: /metrics
- port: http
+ port: metrics
scheme: http
scrapeTimeout: 10s
--- HelmRelease: storage/minio Service: storage/minio
+++ HelmRelease: storage/minio Service: storage/minio
@@ -17,10 +17,10 @@
name: http
- port: 9000
targetPort: 9000
protocol: TCP
name: s3
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: minio
app.kubernetes.io/instance: minio
app.kubernetes.io/name: minio
--- HelmRelease: storage/minio Deployment: storage/minio
+++ HelmRelease: storage/minio Deployment: storage/minio
@@ -1,55 +1,42 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: minio
app.kubernetes.io/instance: minio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: minio
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: minio
app.kubernetes.io/name: minio
app.kubernetes.io/instance: minio
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: minio
app.kubernetes.io/instance: minio
app.kubernetes.io/name: minio
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
- initContainers:
- - command:
- - sh
- - -c
- - (chmod 0775 /data; chgrp 568 /data)
- image: alpine:3.19
- imagePullPolicy: IfNotPresent
- name: nfs-fixer
- securityContext:
- runAsUser: 0
- volumeMounts:
- - mountPath: /data
- name: config
containers:
- args:
- server
- /data
- --console-address
- :9001
@@ -77,13 +64,13 @@
httpGet:
path: /minio/health/live
port: 9000
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
- name: main
+ name: app
readinessProbe:
failureThreshold: 6
httpGet:
path: /minio/health/live
port: 9000
initialDelaySeconds: 30
--- HelmRelease: networking/cloudflared Service: networking/cloudflared
+++ HelmRelease: networking/cloudflared Service: networking/cloudflared
@@ -13,10 +13,10 @@
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: cloudflared
app.kubernetes.io/instance: cloudflared
app.kubernetes.io/name: cloudflared
--- HelmRelease: networking/cloudflared Deployment: networking/cloudflared
+++ HelmRelease: networking/cloudflared Deployment: networking/cloudflared
@@ -1,36 +1,36 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloudflared
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: cloudflared
app.kubernetes.io/instance: cloudflared
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cloudflared
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: cloudflared
app.kubernetes.io/name: cloudflared
app.kubernetes.io/instance: cloudflared
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: cloudflared
app.kubernetes.io/instance: cloudflared
app.kubernetes.io/name: cloudflared
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
runAsGroup: 568
runAsUser: 568
hostIPC: false
@@ -66,13 +66,13 @@
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
- name: main
+ name: app
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 0
--- HelmRelease: networking/cloudflared ServiceMonitor: networking/cloudflared
+++ HelmRelease: networking/cloudflared ServiceMonitor: networking/cloudflared
@@ -13,10 +13,10 @@
app.kubernetes.io/service: cloudflared
app.kubernetes.io/name: cloudflared
app.kubernetes.io/instance: cloudflared
endpoints:
- interval: 1m
path: /metrics
- port: http
+ port: metrics
scheme: http
scrapeTimeout: 10s
--- HelmRelease: services/code-server PersistentVolumeClaim: services/code-server-data
+++ HelmRelease: services/code-server PersistentVolumeClaim: services/code-server-data
@@ -1,19 +0,0 @@
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: code-server-data
- labels:
- app.kubernetes.io/instance: code-server
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: code-server
- annotations:
- helm.sh/resource-policy: keep
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 5Gi
- storageClassName: local-path
-
--- HelmRelease: services/code-server Service: services/code-server
+++ HelmRelease: services/code-server Service: services/code-server
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: code-server
- labels:
- app.kubernetes.io/instance: code-server
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: code-server
- app.kubernetes.io/service: code-server
-spec:
- type: ClusterIP
- ports:
- - port: 8080
- targetPort: 8080
- protocol: TCP
- name: http
- selector:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: code-server
- app.kubernetes.io/name: code-server
-
--- HelmRelease: services/code-server Deployment: services/code-server
+++ HelmRelease: services/code-server Deployment: services/code-server
@@ -1,110 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: code-server
- labels:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: code-server
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: code-server
- annotations:
- reloader.stakater.com/auto: 'true'
-spec:
- revisionHistoryLimit: 3
- replicas: 1
- strategy:
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/component: main
- app.kubernetes.io/name: code-server
- app.kubernetes.io/instance: code-server
- template:
- metadata:
- labels:
- app.kubernetes.io/component: main
- app.kubernetes.io/instance: code-server
- app.kubernetes.io/name: code-server
- spec:
- enableServiceLinks: true
- serviceAccountName: default
- automountServiceAccountToken: true
- hostIPC: false
- hostNetwork: false
- hostPID: false
- dnsPolicy: ClusterFirst
- initContainers:
- - command:
- - sh
- - -c
- - |
- chown -R 568:568 /config
- image: busybox:latest
- name: init-chmod-data
- securityContext:
- allowPrivilegeEscalation: true
- runAsUser: 0
- volumeMounts:
- - mountPath: /config
- name: data
- containers:
- - env:
- - name: DEFAULT_WORKSPACE
- value: /config/workspace
- - name: GUID
- value: '568'
- - name: PROXY_DOMAIN
- value: code-server.
- - name: PUID
- value: '568'
- envFrom:
- - secretRef:
- name: code-server-secret
- image: ghcr.io/linuxserver/code-server:4.22.0
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 8080
- timeoutSeconds: 1
- name: main
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 8080
- timeoutSeconds: 1
- resources:
- limits:
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 128Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- fsGroup: 568
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 568
- runAsNonRoot: true
- runAsUser: 568
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
- tcpSocket:
- port: 8080
- timeoutSeconds: 1
- volumeMounts:
- - mountPath: /config
- name: data
- volumes:
- - name: data
- persistentVolumeClaim:
- claimName: code-server-data
-
--- HelmRelease: services/code-server Ingress: services/code-server
+++ HelmRelease: services/code-server Ingress: services/code-server
@@ -1,28 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: code-server
- labels:
- app.kubernetes.io/instance: code-server
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: code-server
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.
-spec:
- ingressClassName: internal
- tls:
- - hosts:
- - code-server.
- rules:
- - host: code-server.
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: code-server
- port:
- number: 8080
-
--- HelmRelease: services/linkwarden Service: services/linkwarden
+++ HelmRelease: services/linkwarden Service: services/linkwarden
@@ -13,10 +13,10 @@
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: http
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: linkwarden
app.kubernetes.io/instance: linkwarden
app.kubernetes.io/name: linkwarden
--- HelmRelease: services/linkwarden Deployment: services/linkwarden
+++ HelmRelease: services/linkwarden Deployment: services/linkwarden
@@ -1,36 +1,36 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: linkwarden
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: linkwarden
app.kubernetes.io/instance: linkwarden
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: linkwarden
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: linkwarden
app.kubernetes.io/name: linkwarden
app.kubernetes.io/instance: linkwarden
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: linkwarden
app.kubernetes.io/instance: linkwarden
app.kubernetes.io/name: linkwarden
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
@@ -53,45 +53,24 @@
- name: NEXT_PUBLIC_EMAIL_PROVIDER
value: 'false'
envFrom:
- secretRef:
name: linkwarden-secret
image: ghcr.io/chrisbsmith/linkwarden:v2.4.8-2
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 3000
- timeoutSeconds: 1
- name: main
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 3000
- timeoutSeconds: 1
+ name: app
resources:
limits:
memory: 1Gi
requests:
cpu: 10m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
- tcpSocket:
- port: 3000
- timeoutSeconds: 1
volumeMounts:
- mountPath: /tmp
name: config
- mountPath: /data/data
name: data
volumes:
--- HelmRelease: services/linkwarden ServiceMonitor: services/linkwarden
+++ HelmRelease: services/linkwarden ServiceMonitor: services/linkwarden
@@ -0,0 +1,22 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: linkwarden
+ labels:
+ app.kubernetes.io/instance: linkwarden
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: linkwarden
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/service: linkwarden
+ app.kubernetes.io/name: linkwarden
+ app.kubernetes.io/instance: linkwarden
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: metrics
+ scheme: http
+ scrapeTimeout: 10s
+
--- HelmRelease: services/atuin Service: services/atuin
+++ HelmRelease: services/atuin Service: services/atuin
@@ -17,10 +17,10 @@
name: http
- port: 8080
targetPort: 8080
protocol: TCP
name: metrics
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: atuin
app.kubernetes.io/instance: atuin
app.kubernetes.io/name: atuin
--- HelmRelease: services/atuin Deployment: services/atuin
+++ HelmRelease: services/atuin Deployment: services/atuin
@@ -1,36 +1,36 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: atuin
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: atuin
app.kubernetes.io/instance: atuin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: atuin
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: atuin
app.kubernetes.io/name: atuin
app.kubernetes.io/instance: atuin
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: atuin
app.kubernetes.io/instance: atuin
app.kubernetes.io/name: atuin
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
@@ -67,46 +67,25 @@
- name: ATUIN_PORT
value: '80'
envFrom:
- secretRef:
name: atuin-secret
image: ghcr.io/atuinsh/atuin:v18.1.0@sha256:c1245d9bbaf9ef1610a973750003d634d55e52ffb3e14caa9bb47c867e1f6c6e
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 80
- timeoutSeconds: 1
- name: main
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 80
- timeoutSeconds: 1
+ name: app
resources:
limits:
memory: 512Mi
requests:
cpu: 10m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
- tcpSocket:
- port: 80
- timeoutSeconds: 1
volumeMounts:
- mountPath: /config
name: config
volumes:
- emptyDir: {}
name: config
--- HelmRelease: auth/authelia Service: auth/authelia
+++ HelmRelease: auth/authelia Service: auth/authelia
@@ -17,10 +17,10 @@
name: http
- port: 8080
targetPort: 8080
protocol: TCP
name: metrics
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/name: authelia
--- HelmRelease: auth/authelia Deployment: auth/authelia
+++ HelmRelease: auth/authelia Deployment: auth/authelia
@@ -1,32 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: authelia
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: authelia
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: authelia
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/name: authelia
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
@@ -84,13 +84,13 @@
httpGet:
path: /api/health
port: 80
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
- name: main
+ name: app
readinessProbe:
failureThreshold: 3
httpGet:
path: /api/health
port: 80
initialDelaySeconds: 0
--- HelmRelease: auth/lldap Service: auth/lldap
+++ HelmRelease: auth/lldap Service: auth/lldap
@@ -17,10 +17,10 @@
name: http
- port: 389
targetPort: 389
protocol: TCP
name: ldap
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: lldap
app.kubernetes.io/instance: lldap
app.kubernetes.io/name: lldap
--- HelmRelease: auth/lldap Deployment: auth/lldap
+++ HelmRelease: auth/lldap Deployment: auth/lldap
@@ -1,36 +1,36 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: lldap
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: lldap
app.kubernetes.io/instance: lldap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: lldap
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: lldap
app.kubernetes.io/name: lldap
app.kubernetes.io/instance: lldap
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: lldap
app.kubernetes.io/instance: lldap
app.kubernetes.io/name: lldap
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
@@ -62,40 +62,19 @@
- name: TZ
value: America/New_York
envFrom:
- secretRef:
name: lldap-secret
image: ghcr.io/lldap/lldap:v0.5.0
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 80
- timeoutSeconds: 1
- name: main
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 80
- timeoutSeconds: 1
+ name: app
resources:
limits:
memory: 128M
requests:
cpu: 5m
memory: 36M
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
- tcpSocket:
- port: 80
- timeoutSeconds: 1
volumeMounts:
- mountPath: /data
name: data
volumes:
- emptyDir: {}
name: data
--- HelmRelease: monitoring/unpoller Service: monitoring/unpoller
+++ HelmRelease: monitoring/unpoller Service: monitoring/unpoller
@@ -13,10 +13,10 @@
ports:
- port: 9130
targetPort: 9130
protocol: TCP
name: http
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: unpoller
app.kubernetes.io/instance: unpoller
app.kubernetes.io/name: unpoller
--- HelmRelease: monitoring/unpoller Deployment: monitoring/unpoller
+++ HelmRelease: monitoring/unpoller Deployment: monitoring/unpoller
@@ -1,34 +1,34 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: unpoller
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: unpoller
app.kubernetes.io/instance: unpoller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: unpoller
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: unpoller
app.kubernetes.io/name: unpoller
app.kubernetes.io/instance: unpoller
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: unpoller
app.kubernetes.io/instance: unpoller
app.kubernetes.io/name: unpoller
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
runAsGroup: 568
runAsNonRoot: true
runAsUser: 568
@@ -43,41 +43,20 @@
- name: UP_INFLUXDB_DISABLE
value: 'true'
envFrom:
- secretRef:
name: unpoller-secret
image: ghcr.io/unpoller/unpoller:v2.10.0
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 9130
- timeoutSeconds: 1
- name: main
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 9130
- timeoutSeconds: 1
+ name: app
resources:
limits:
memory: 128M
requests:
cpu: 5m
memory: 36M
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
- tcpSocket:
- port: 9130
- timeoutSeconds: 1
--- HelmRelease: default/smtp-relay Service: default/smtp-relay
+++ HelmRelease: default/smtp-relay Service: default/smtp-relay
@@ -19,10 +19,10 @@
name: http
- port: 25
targetPort: 25
protocol: TCP
name: smtp
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: smtp-relay
app.kubernetes.io/instance: smtp-relay
app.kubernetes.io/name: smtp-relay
--- HelmRelease: default/smtp-relay Deployment: default/smtp-relay
+++ HelmRelease: default/smtp-relay Deployment: default/smtp-relay
@@ -1,36 +1,36 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: smtp-relay
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: smtp-relay
app.kubernetes.io/instance: smtp-relay
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: smtp-relay
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: smtp-relay
app.kubernetes.io/name: smtp-relay
app.kubernetes.io/instance: smtp-relay
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: smtp-relay
app.kubernetes.io/instance: smtp-relay
app.kubernetes.io/name: smtp-relay
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
@@ -55,40 +55,19 @@
- name: SMTP_RELAY_SMTP_PORT
value: '25'
envFrom:
- secretRef:
name: smtp-relay-secret
image: ghcr.io/foxcpp/maddy:0.7.1
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 8080
- timeoutSeconds: 1
- name: main
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 0
- periodSeconds: 10
- tcpSocket:
- port: 8080
- timeoutSeconds: 1
+ name: app
resources:
limits:
memory: 256M
requests:
cpu: 5m
memory: 128M
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
- tcpSocket:
- port: 8080
- timeoutSeconds: 1
volumeMounts:
- mountPath: /cache
name: cache
- mountPath: /data/maddy.conf
name: config
readOnly: true
--- HelmRelease: kube-system/onepassword-connect Service: kube-system/onepassword-connect
+++ HelmRelease: kube-system/onepassword-connect Service: kube-system/onepassword-connect
@@ -13,10 +13,10 @@
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: onepassword-connect
app.kubernetes.io/instance: onepassword-connect
app.kubernetes.io/name: onepassword-connect
--- HelmRelease: kube-system/onepassword-connect Deployment: kube-system/onepassword-connect
+++ HelmRelease: kube-system/onepassword-connect Deployment: kube-system/onepassword-connect
@@ -1,36 +1,36 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: onepassword-connect
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: onepassword-connect
app.kubernetes.io/instance: onepassword-connect
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: onepassword-connect
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: onepassword-connect
app.kubernetes.io/name: onepassword-connect
app.kubernetes.io/instance: onepassword-connect
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: onepassword-connect
app.kubernetes.io/instance: onepassword-connect
app.kubernetes.io/name: onepassword-connect
spec:
- enableServiceLinks: true
+ enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
fsGroup: 999
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 999
@@ -59,28 +59,29 @@
failureThreshold: 3
httpGet:
path: /heartbeat
port: 80
initialDelaySeconds: 15
periodSeconds: 30
- timeoutSeconds: 1
- name: main
+ name: api
readinessProbe:
- failureThreshold: 3
httpGet:
path: /health
port: 80
initialDelaySeconds: 15
- periodSeconds: 10
- timeoutSeconds: 1
resources:
limits:
memory: 256M
requests:
cpu: 10m
- memory: 128M
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /config
name: config
- env:
- name: OP_BUS_PEERS
value: localhost:11220
@@ -106,12 +107,23 @@
name: sync
readinessProbe:
httpGet:
path: /health
port: 8081
initialDelaySeconds: 15
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 10m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /config
name: config
volumes:
- emptyDir: {}
name: config
--- HelmRelease: monitoring/snmp-exporter Service: monitoring/snmp-exporter
+++ HelmRelease: monitoring/snmp-exporter Service: monitoring/snmp-exporter
@@ -13,10 +13,10 @@
ports:
- port: 9116
targetPort: 9116
protocol: TCP
name: http
selector:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: snmp-exporter
app.kubernetes.io/instance: snmp-exporter
app.kubernetes.io/name: snmp-exporter
--- HelmRelease: monitoring/snmp-exporter Deployment: monitoring/snmp-exporter
+++ HelmRelease: monitoring/snmp-exporter Deployment: monitoring/snmp-exporter
@@ -1,32 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: snmp-exporter
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: snmp-exporter
app.kubernetes.io/instance: snmp-exporter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snmp-exporter
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: snmp-exporter
app.kubernetes.io/name: snmp-exporter
app.kubernetes.io/instance: snmp-exporter
template:
metadata:
labels:
- app.kubernetes.io/component: main
+ app.kubernetes.io/component: snmp-exporter
app.kubernetes.io/instance: snmp-exporter
app.kubernetes.io/name: snmp-exporter
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
@@ -80,13 +80,13 @@
httpGet:
path: /health
port: 9116
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
- name: main
+ name: app
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 9116
initialDelaySeconds: 0
--- HelmRelease: monitoring/snmp-exporter ServiceMonitor: monitoring/snmp-exporter
+++ HelmRelease: monitoring/snmp-exporter ServiceMonitor: monitoring/snmp-exporter
@@ -0,0 +1,22 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: snmp-exporter
+ labels:
+ app.kubernetes.io/instance: snmp-exporter
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: snmp-exporter
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/service: snmp-exporter
+ app.kubernetes.io/name: snmp-exporter
+ app.kubernetes.io/instance: snmp-exporter
+ endpoints:
+ - interval: 1m
+ path: /metrics
+ port: http
+ scheme: http
+ scrapeTimeout: 10s
+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.6.0->3.0.2Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.