Update grafana/promtail Docker tag to v3

Reviewed-on: #569

manifests/_apps/goldilocks.yaml

@@ -1,35 +1,35 @@
 
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: cluster-fun-goldilocks
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: cluster.fun
-  destination:
-    namespace: goldilocks
-    name: cluster-fun (v2)
-  source:
-    repoURL: 'https://charts.fairwinds.com/stable'
-    targetRevision: 10.1.0
-    chart: goldilocks
-    helm:
-      version: v3
-      values: |-
-        vpa:
-          enabled: true
-        controller:
-          flags:
-            on-by-default: true
-        dashboard:
-          flags:
-            on-by-default: true
-          replicaCount: 1
-  syncPolicy:
-    automated: {}
-    syncOptions:
-      - CreateNamespace=true
+# apiVersion: argoproj.io/v1alpha1
+# kind: Application
+# metadata:
+#   name: cluster-fun-goldilocks
+#   namespace: argocd
+#   finalizers:
+#   - resources-finalizer.argocd.argoproj.io
+# spec:
+#   project: cluster.fun
+#   destination:
+#     namespace: goldilocks
+#     name: cluster-fun (v2)
+#   source:
+#     repoURL: 'https://charts.fairwinds.com/stable'
+#     targetRevision: 10.1.0
+#     chart: goldilocks
+#     helm:
+#       version: v3
+#       values: |-
+#         vpa:
+#           enabled: true
+#         controller:
+#           flags:
+#             on-by-default: true
+#         dashboard:
+#           flags:
+#             on-by-default: true
+#           replicaCount: 1
+#   syncPolicy:
+#     automated: {}
+#     syncOptions:
+#       - CreateNamespace=true
 
----
+# ---

manifests/_apps/mastodon-digest.yaml

@@ -1,25 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: cluster-fun-mastodon-digest
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: cluster.fun
-  destination:
-    namespace: mastodon-digest
-    name: cluster-fun (v2)
-  source:
-    path: manifests/mastodon-digest
-    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
-    targetRevision: HEAD
-  syncPolicy:
-    automated: {}
-    syncOptions:
-      - CreateNamespace=true
-  ignoreDifferences:
-  - kind: Secret
-    jsonPointers:
-    - /data
----

manifests/_apps/tank.yaml

@@ -1,26 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: cluster-fun-tank
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: cluster.fun
-  destination:
-    namespace: tank
-    name: cluster-fun (v2)
-  source:
-    path: manifests/tank
-    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
-    targetRevision: HEAD
-  syncPolicy:
-    automated: {}
-    syncOptions:
-      - CreateNamespace=true
-  ignoreDifferences:
-  - kind: Secret
-    jsonPointers:
-    - /data
-
----

manifests/bsky-screenshot/bsky-screenshot.yaml

@@ -36,9 +36,9 @@ spec:
           name: web
         resources:
           limits:
-            memory: 20Mi
+            memory: 105Mi
           requests:
-            memory: 20Mi
+            memory: 105Mi
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress

manifests/cors-proxy/cors-proxy.yaml

@@ -37,6 +37,11 @@ spec:
         env:
         - name: ALLOWLIST
           value: cdn.bsky.app
+        resources:
+          requests:
+            memory: 184M
+          limits:
+            memory: 184M
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress

manifests/feed-fetcher/feed-fetcher.yaml

@@ -34,6 +34,11 @@ spec:
         ports:
         - containerPort: 8080
           name: web
+        resources:
+          requests:
+            memory: 80M
+          limits:
+            memory: 80M
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress

manifests/gitea/gitea.yaml

@@ -77,7 +77,7 @@ spec:
           name: web
         resources:
           requests:
-            memory: 400Mi
+            memory: 800Mi
         volumeMounts:
         - mountPath: /data
           name: git-data

manifests/grist/grist.yaml

@@ -64,6 +64,8 @@ spec:
   selector:
     matchLabels:
       app.kubernetes.io/name: grist
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -73,7 +75,7 @@ spec:
       priorityClassName: critical
       containers:
         - name: grist
-          image: gristlabs/grist-oss:1.7.3
+          image: gristlabs/grist-oss:1.7.4
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
@@ -98,14 +100,17 @@ spec:
               value: default
             - name: GRIST_TELEMETRY_LEVEL
               value: "off"
-            - name: ALLOWED_WEBHOOK_DOMAINS
-              value: "tank.tank.svc,matrix.cluster.fun"
             - name: GRIST_ANON_PLAYGROUND
               value: "false"
             - name: GRIST_FORCE_LOGIN
               value: "true"
             - name: GRIST_SANDBOX_FLAVOR
               value: gvisor
+          resources:
+            requests:
+              memory: 300M
+            limits:
+              memory: 300M
           securityContext:
             capabilities:
               add:

manifests/mastodon-digest/mastodon_digest.yaml

@@ -1,230 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: docker-config
-  namespace: mastodon-digest
-  annotations:
-    kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
-    kube-1password/vault: Kubernetes
-    kube-1password/secret-text-key: .dockerconfigjson
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: e30=
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mastodon-digest-auth
-  namespace: mastodon-digest
-  annotations:
-    kube-1password: mr6spkkx7n3memkbute6ojaarm
-    kube-1password/vault: Kubernetes
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mastodon-digest
-  namespace: mastodon-digest
-  annotations:
-    kube-1password: bfklz3yi3dn4e7xtsbttcvhata
-    kube-1password/vault: Kubernetes
-    kube-1password/secret-text-parse: "true"
-type: Opaque
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: config
-  namespace: mastodon-digest
-  labels:
-    app: mastodon-digest
-data:
-  config.json: |
-    [
-      {
-        "timeline": "home",
-        "hours": 12,
-        "scorer": "ExtendedSimpleWeighted",
-        "threshold": "lax",
-        "output": "/usr/share/nginx/html/home/"
-      },
-      {
-        "timeline": "federated",
-        "hours": 12,
-        "scorer": "ExtendedSimpleWeighted",
-        "threshold": "lax",
-        "output": "/usr/share/nginx/html/federated/"
-      }
-    ]
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: index
-  namespace: mastodon-digest
-  labels:
-    app: mastodon-digest
-data:
-  index.html: |
-    <!DOCTYPE html>
-    <html lang="en">
-    <head>
-        <meta chartset="utf-8" />
-        <meta name="viewport" content="width=device-width, initial-scale=1" />
-        <title>Mastodon Digest</title>
-        <style>
-        body { background-color: #292c36; font-family: "Arial", sans-serif; }
-        div#container { margin: auto; max-width: 640px; padding: 10px; text-align: center; margin: 0 auto; }
-        .links { align: center; }
-        h1 { color: white; }
-        a.button { background: #595aff; color: #fff; line-height: 1.2; min-height: 38px; min-width: 88px; padding: 0 30px; border: 0; border-radius: 6px;; display: inline-flex; justify-content: center; align-items: center; }
-    </style>
-    </head>
-    <body>
-        <div id="container">
-            <h1>Mastodon Digest</h1>
-            <section class="links">
-                <a href="home/" class="button">Home</a>
-                <a href="federated/" class="button">Federated</a>
-            </section>
-        </div>
-    </body>
-    </html>
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: mastodon-digest
-  namespace: mastodon-digest
-spec:
-  type: ClusterIP
-  ports:
-  - port: 80
-    targetPort: auth
-    name: web
-  selector:
-    app: mastodon-digest
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mastodon-digest
-  namespace: mastodon-digest
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mastodon-digest
-  template:
-    metadata:
-      labels:
-        app: mastodon-digest
-    spec:
-      imagePullSecrets:
-        - name: docker-config
-      priorityClassName: low
-      containers:
-      - args:
-        - --cookie-secure=false
-        - --provider=oidc
-        - --provider-display-name=Auth0
-        - --upstream=http://localhost:80
-        - --http-address=$(HOST_IP):8000
-        - --redirect-url=https://mastodon-digest.cluster.fun/oauth2/callback
-        - --email-domain=marcusnoble.co.uk
-        - --pass-basic-auth=false
-        - --pass-access-token=false
-        - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
-        - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
-        env:
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-        - name: OAUTH2_PROXY_CLIENT_ID
-          valueFrom:
-            secretKeyRef:
-              key: username
-              name: mastodon-digest-auth
-        - name: OAUTH2_PROXY_CLIENT_SECRET
-          valueFrom:
-            secretKeyRef:
-              key: password
-              name: mastodon-digest-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
-        name: oauth-proxy
-        ports:
-        - containerPort: 8000
-          protocol: TCP
-          name: auth
-        resources:
-          limits:
-            memory: 50Mi
-          requests:
-            memory: 50Mi
-
-      - name: web
-        image: nginx:stable
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-          name: web
-        volumeMounts:
-        - name: html
-          mountPath: /usr/share/nginx/html
-        - name: index
-          mountPath: /usr/share/nginx/html/index.html
-          subPath: index.html
-
-      - name: digest
-        image: rg.fr-par.scw.cloud/averagemarcus-private/mastodon-digest:latest
-        imagePullPolicy: Always
-        env:
-        - name: CONFIG_FILE
-          value: /config.json
-        envFrom:
-        - secretRef:
-            name: mastodon-digest
-        volumeMounts:
-        - name: config
-          mountPath: /config.json
-          subPath: config.json
-        - name: html
-          mountPath: /usr/share/nginx/html
-      volumes:
-      - name: html
-        emptyDir: {}
-      - name: config
-        configMap:
-          name: config
-      - name: index
-        configMap:
-          name: index
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: mastodon-digest
-  namespace: mastodon-digest
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - mastodon-digest.cluster.fun
-    secretName: mastodon-digest-ingress
-  rules:
-  - host: mastodon-digest.cluster.fun
-    http:
-      paths:
-      - path: /
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: mastodon-digest
-            port:
-              number: 80

manifests/mealie/mealie.yaml

@@ -31,7 +31,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: frontend
-        image: ghcr.io/mealie-recipes/mealie:v3.2.0
+        image: ghcr.io/mealie-recipes/mealie:v3.3.2
         imagePullPolicy: Always
         envFrom:
         - secretRef:
@@ -72,10 +72,10 @@ spec:
         resources:
           requests:
             cpu: 200m
-            memory: 443M
+            memory: 550M
           limits:
             cpu: 1000m
-            memory: 443M
+            memory: 550M
       volumes:
       - name: data
         persistentVolumeClaim:

manifests/monitoring/cadvisor.yaml

@@ -0,0 +1,87 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: cadvisor
+    app.kubernetes.io/name: cadvisor
+  name: cadvisor
+  namespace: monitoring
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  annotations:
+    seccomp.security.alpha.kubernetes.io/pod: docker/default
+  labels:
+    app: cadvisor
+    app.kubernetes.io/name: cadvisor
+  name: cadvisor
+  namespace: monitoring
+spec:
+  selector:
+    matchLabels:
+      app: cadvisor
+      app.kubernetes.io/name: cadvisor
+      name: cadvisor
+  template:
+    metadata:
+      labels:
+        app: cadvisor
+        app.kubernetes.io/name: cadvisor
+        name: cadvisor
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      priorityClassName: system-node-critical
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+      automountServiceAccountToken: false
+      containers:
+      - image: ghcr.io/google/cadvisor:v0.53.0
+        name: cadvisor
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 800m
+            memory: 2000Mi
+          requests:
+            cpu: 400m
+            memory: 400Mi
+        volumeMounts:
+        - mountPath: /rootfs
+          name: rootfs
+          readOnly: true
+        - mountPath: /var/run
+          name: var-run
+          readOnly: true
+        - mountPath: /sys
+          name: sys
+          readOnly: true
+        - mountPath: /var/lib/docker
+          name: docker
+          readOnly: true
+        - mountPath: /dev/disk
+          name: disk
+          readOnly: true
+      serviceAccountName: cadvisor
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - hostPath:
+          path: /
+        name: rootfs
+      - hostPath:
+          path: /var/run
+        name: var-run
+      - hostPath:
+          path: /sys
+        name: sys
+      - hostPath:
+          path: /var/lib/docker
+        name: docker
+      - hostPath:
+          path: /dev/disk
+        name: disk

manifests/monitoring/ephemeral-storage-exporter.yaml

@@ -0,0 +1,142 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: k8s-ephemeral-storage-metrics
+  name: k8s-ephemeral-storage-metrics
+  namespace: monitoring
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: k8s-ephemeral-storage-metrics
+  labels:
+    app.kubernetes.io/name: k8s-ephemeral-storage-metrics
+rules:
+  - apiGroups: [""]
+    resources: ["nodes","nodes/proxy", "nodes/stats", "pods"]
+    verbs: ["get","list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: k8s-ephemeral-storage-metrics
+  labels:
+    app.kubernetes.io/name: k8s-ephemeral-storage-metrics
+subjects:
+  - kind: ServiceAccount
+    name: k8s-ephemeral-storage-metrics
+    namespace: monitoring
+roleRef:
+  kind: ClusterRole
+  name: k8s-ephemeral-storage-metrics
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: k8s-ephemeral-storage-metrics
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: k8s-ephemeral-storage-metrics
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "9100"
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: k8s-ephemeral-storage-metrics
+  ports:
+    - name: metrics
+      port: 9100
+      protocol: TCP
+      targetPort: metrics
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: k8s-ephemeral-storage-metrics
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: k8s-ephemeral-storage-metrics
+spec:
+  replicas: 1
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: k8s-ephemeral-storage-metrics
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: k8s-ephemeral-storage-metrics
+    spec:
+      serviceAccountName: k8s-ephemeral-storage-metrics
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: metrics
+          image: ghcr.io/jmcgrath207/k8s-ephemeral-storage-metrics:1.18.2
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: metrics
+              containerPort: 9100
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 10
+            httpGet:
+              path: /metrics
+              port: 9100
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 30
+          readinessProbe:
+            failureThreshold: 10
+            httpGet:
+              path: /metrics
+              port: 9100
+              scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            privileged: false
+            readOnlyRootFilesystem: false
+            runAsNonRoot: true
+          env:
+            - name: DEPLOY_TYPE
+              value: "Deployment"
+            - name: SCRAPE_INTERVAL
+              value: "15"
+            - name: MAX_NODE_CONCURRENCY
+              value: "10"
+            - name: CLIENT_GO_QPS
+              value: "5"
+            - name: CLIENT_GO_BURST
+              value: "10"
+            - name: LOG_LEVEL
+              value: "info"
+            - name: EPHEMERAL_STORAGE_POD_USAGE
+              value: "true"
+            - name: EPHEMERAL_STORAGE_NODE_AVAILABLE
+              value: "true"
+            - name: EPHEMERAL_STORAGE_NODE_CAPACITY
+              value: "true"
+            - name: EPHEMERAL_STORAGE_NODE_PERCENTAGE
+              value: "true"
+            - name: EPHEMERAL_STORAGE_CONTAINER_LIMIT_PERCENTAGE
+              value: "true"
+            - name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_USAGE
+              value: "true"
+            - name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_LIMITS_PERCENTAGE
+              value: "true"
+            - name: EPHEMERAL_STORAGE_INODES
+              value: "true"

manifests/monitoring/kube-state-metrics.yaml

@@ -201,6 +201,7 @@ spec:
       labels:
         app.kubernetes.io/name: kube-state-metrics
     spec:
+      priorityClassName: system-cluster-critical
       serviceAccountName: kube-state-metrics
       securityContext:
         fsGroup: 65534

manifests/monitoring/node-exporter.yaml

@@ -51,6 +51,7 @@ spec:
         app.kubernetes.io/name: prometheus
         app.kubernetes.io/component: node-exporter
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: prometheus-node-exporter
       containers:
         - name: prometheus-node-exporter

manifests/monitoring/promtail.yaml

@@ -212,10 +212,11 @@ spec:
         prometheus.io/port: http-metrics
         prometheus.io/scrape: "true"
     spec:
+      priorityClassName: system-node-critical
       serviceAccountName: promtail
       containers:
         - name: promtail
-          image: "grafana/promtail:2.9.15"
+          image: "grafana/promtail:3.5.7"
           imagePullPolicy: IfNotPresent
           args:
             - "-config.file=/etc/promtail/promtail.yaml"

manifests/monitoring/vmagent.yaml

@@ -17,6 +17,11 @@ data:
     - job_name: 'vmagent'
       static_configs:
         - targets: ['localhost:8429']
+      relabel_configs:
+      - action: drop
+        source_labels: [__name__]
+        regex: "flag"
+
     - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
       job_name: kubernetes-nodes
       kubernetes_sd_configs:
@@ -36,6 +41,38 @@ data:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
         insecure_skip_verify: true
 
+    - job_name: cadvisor
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      scheme: https
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        insecure_skip_verify: true
+      kubernetes_sd_configs:
+      - role: node
+      relabel_configs:
+      - action: labelmap
+        regex: __meta_kubernetes_node_label_(.+)
+      - replacement: kubernetes.default.svc:443
+        target_label: __address__
+      - source_labels: [__meta_kubernetes_node_name]
+        regex: (.+)
+        target_label: __metrics_path__
+        replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
+      # Drop high cardinality labels
+      - action: labeldrop
+        regex: id
+      # Drop unneeded labels
+      - action: labeldrop
+        regex: beta_kubernetes_io_os
+      - action: labeldrop
+        regex: beta_kubernetes_io_arch
+      - action: labeldrop
+        regex: kubernetes_io_arch
+      - action: labeldrop
+        regex: kubernetes_io_os
+      - action: labeldrop
+        regex: topology_jiva_openebs_io_nodeName
+
     - job_name: kubernetes-service-endpoints
       kubernetes_sd_configs:
       - role: endpoints
@@ -78,6 +115,21 @@ data:
         source_labels:
         - __meta_kubernetes_pod_node_name
         target_label: kubernetes_node
+      # We don't care about the flag metrics from VM
+      - action: drop
+        source_labels: [__name__]
+        regex: "flag"
+      # Drop unneeded labels
+      - action: labeldrop
+        regex: beta_kubernetes_io_os
+      - action: labeldrop
+        regex: beta_kubernetes_io_arch
+      - action: labeldrop
+        regex: kubernetes_io_arch
+      - action: labeldrop
+        regex: kubernetes_io_os
+      - action: labeldrop
+        regex: topology_jiva_openebs_io_nodeName
 
     - job_name: kubernetes-pods
       kubernetes_sd_configs:
@@ -116,6 +168,17 @@ data:
         regex: Pending|Succeeded|Failed
         source_labels:
         - __meta_kubernetes_pod_phase
+      # Drop unneeded labels
+      - action: labeldrop
+        regex: beta_kubernetes_io_os
+      - action: labeldrop
+        regex: beta_kubernetes_io_arch
+      - action: labeldrop
+        regex: kubernetes_io_arch
+      - action: labeldrop
+        regex: kubernetes_io_os
+      - action: labeldrop
+        regex: topology_jiva_openebs_io_nodeName
 
     - job_name: 'node-exporter'
       kubernetes_sd_configs:
@@ -150,10 +213,11 @@ spec:
         app.kubernetes.io/name: victoria-metrics
         app.kubernetes.io/component: agent
     spec:
+      priorityClassName: system-cluster-critical
       serviceAccountName: prometheus-server
       containers:
         - name: vmagent
-          image: "victoriametrics/vmagent:v1.125.1"
+          image: "victoriametrics/vmagent:v1.127.0"
           imagePullPolicy: "IfNotPresent"
           args:
             - -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/

manifests/nextcloud_chart/manifest.yaml

@@ -204,7 +204,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: nextcloud
-        image: "nextcloud:31.0.8-apache"
+        image: "nextcloud:32.0.0-apache"
         imagePullPolicy: IfNotPresent
         env:
         - name: SQLITE_DATABASE
@@ -284,9 +284,10 @@ spec:
         resources:
           requests:
             cpu: 1038m
-            memory: 512M
+            memory: 765M
           limits:
             cpu: 1200m
+            memory: 765M
         volumeMounts:
         - name: nextcloud-data
           mountPath: /var/www/
@@ -378,7 +379,7 @@ spec:
           restartPolicy: Never
           containers:
             - name: nextcloud
-              image: "nextcloud:31.0.8-apache"
+              image: "nextcloud:32.0.0-apache"
               imagePullPolicy: IfNotPresent
               command: [ "curl" ]
               args:

manifests/nginx-lb/nginx-lb.yaml

@@ -492,7 +492,7 @@ spec:
               fieldPath: metadata.namespace
         - name: LD_PRELOAD
           value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.13.2@sha256:1f7eaeb01933e719c8a9f4acd8181e555e582330c7d50f24484fb64d2ba9b2ef
+        image: registry.k8s.io/ingress-nginx/controller:v1.13.3@sha256:1b044f6dcac3afbb59e05d98463f1dec6f3d3fb99940bc12ca5d80270358e3bd
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:

manifests/nodered/nodered.yaml

@@ -57,7 +57,7 @@ spec:
           - name: data
             mountPath: /data
       - name: update-native-modules
-        image: nodered/node-red:4.1.0-18
+        image: nodered/node-red:4.1.1-18
         imagePullPolicy: IfNotPresent
         command:
           - bash
@@ -73,11 +73,16 @@ spec:
             mountPath: /data
       containers:
       - name: web
-        image: nodered/node-red:4.1.0-18
+        image: nodered/node-red:4.1.1-18
         imagePullPolicy: Always
         ports:
         - containerPort: 1880
           name: web
+        resources:
+          requests:
+            memory: 200M
+          limits:
+            memory: 200M
         volumeMounts:
           - name: data
             mountPath: /data

manifests/outline/outline.yaml

@@ -46,7 +46,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: outline
-        image: outlinewiki/outline:0.87.3
+        image: outlinewiki/outline:0.87.4
         imagePullPolicy: IfNotPresent
         env:
         - name: ALLOWED_DOMAINS
@@ -73,7 +73,9 @@ spec:
         resources:
           requests:
             cpu: 8m
-            memory: 1024Mi
+            memory: 1389M
+          limits:
+            memory: 1489M
         volumeMounts:
           - mountPath: /opt/outline/.env
             subPath: .env

manifests/rss/miniflux.yaml

@@ -68,7 +68,7 @@ spec:
     spec:
       containers:
       - name: web
-        image: ghcr.io/miniflux/miniflux:2.2.12
+        image: ghcr.io/miniflux/miniflux:2.2.13
         imagePullPolicy: IfNotPresent
         envFrom:
         - configMapRef:

manifests/tank/tank.yaml

@@ -1,57 +0,0 @@
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: tank
-  namespace: tank
-  annotations:
-    kube-1password: g6xle67quzowvvekf6zukjbbm4
-    kube-1password/vault: Kubernetes
-    kube-1password/secret-text-parse: "true"
-type: Opaque
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: tank
-  namespace: tank
-spec:
-  type: ClusterIP
-  ports:
-  - port: 80
-    targetPort: web
-  selector:
-    app: tank
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: tank
-  namespace: tank
-  labels:
-    app: tank
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: tank
-  template:
-    metadata:
-      labels:
-        app: tank
-    spec:
-      containers:
-      - name: web
-        image: rg.fr-par.scw.cloud/averagemarcus/tank:latest
-        imagePullPolicy: Always
-        envFrom:
-          - secretRef:
-              name: tank
-        ports:
-        - containerPort: 3000
-          name: web
-        resources:
-          limits:
-            memory: 10Mi
-          requests:
-            memory: 10Mi