Update grafana/promtail Docker tag to v3

Reviewed-on: #602

manifests/_apps/homelab-accesible-check.yaml

@@ -0,0 +1,26 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cluster-fun-homelab-accessible-check
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: homelab-accessible-check
+    name: cluster-fun (v2)
+  source:
+    path: manifests/homelab-accessible-check
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data
+
+---

manifests/_apps/url-to-grist.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: url-to-grist
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: cloudnative-now
+    name: cluster-fun (v2)
+  source:
+    path: manifests/url-to-grist
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated: {}
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data
+---

manifests/auth-proxy/proxy.yaml

@@ -68,7 +68,7 @@ spec:
           mountPath: /config/
 
       - name: oauth-proxy
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.13.0
         args:
         - --cookie-secure=false
         - --provider=oidc

manifests/dashboard/dashboard.yaml

@@ -81,7 +81,7 @@ spec:
             secretKeyRef:
               key: password
               name: dashboard-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.13.0
         name: oauth-proxy
         ports:
         - containerPort: 8000

manifests/gitea/gitea.yaml

@@ -43,7 +43,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: git
-        image: gitea/gitea:1.24.6
+        image: gitea/gitea:1.25.2
         env:
         - name: APP_NAME
           value: "Git"

manifests/grist/grist.yaml

@@ -75,7 +75,7 @@ spec:
       priorityClassName: critical
       containers:
         - name: grist
-          image: gristlabs/grist-oss:1.7.4
+          image: gristlabs/grist-oss:1.7.8
           imagePullPolicy: IfNotPresent
           ports:
             - name: http

manifests/homelab-accessible-check/homelab-accessible-check.yaml

@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: docker-config
+  namespace: homelab-accessible-check
+  annotations:
+    kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: .dockerconfigjson
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30=
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: homelab-accessible-check
+  namespace: homelab-accessible-check
+  annotations:
+    kube-1password: bz6ujxc5neqma242lpfqdxfiay
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-parse: "true"
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homelab-accessible-check
+  namespace: homelab-accessible-check
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: homelab-accessible-check
+  template:
+    metadata:
+      labels:
+        app: homelab-accessible-check
+    spec:
+      imagePullSecrets:
+        - name: docker-config
+      containers:
+      - name: checker
+        image: rg.fr-par.scw.cloud/averagemarcus-private/homelab-accessible-check:latest
+        imagePullPolicy: Always
+        envFrom:
+        - secretRef:
+            name: "homelab-accessible-check"
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi

manifests/link/link.yaml

@@ -35,6 +35,8 @@ data:
     cnsmunich-feedback: https://yay-or-nay.cluster.fun/feedback/20UETBI0
     containerdays25: https://speaking.marcusnoble.co.uk/HARSlE/the-future-of-kubernetes-admission-logic
     containerdays25-feedback: https://yay-or-nay.cluster.fun/feedback/F8P351QK
+    cdl-2026: https://speaking.marcusnoble.co.uk/lMcEwR/pod-deep-dive-the-interesting-bits
+    cdl-2026-feedback: https://yay-or-nay.cluster.fun/feedback/EMLARINI
 ---
 apiVersion: v1
 kind: Service

manifests/mealie/mealie.yaml

@@ -31,7 +31,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: frontend
-        image: ghcr.io/mealie-recipes/mealie:v3.3.2
+        image: ghcr.io/mealie-recipes/mealie:v3.6.1
         imagePullPolicy: Always
         envFrom:
         - secretRef:

manifests/monitoring/cadvisor.yaml

@@ -38,7 +38,7 @@ spec:
           operator: "Exists"
       automountServiceAccountToken: false
       containers:
-      - image: ghcr.io/google/cadvisor:v0.53.0
+      - image: ghcr.io/google/cadvisor:0.54.1
         name: cadvisor
         ports:
         - containerPort: 8080

manifests/monitoring/node-exporter.yaml

@@ -55,7 +55,7 @@ spec:
       serviceAccountName: prometheus-node-exporter
       containers:
         - name: prometheus-node-exporter
-          image: "prom/node-exporter:v1.10.0"
+          image: "prom/node-exporter:v1.10.2"
           imagePullPolicy: "IfNotPresent"
           args:
             - --path.procfs=/host/proc

manifests/monitoring/promtail.yaml

@@ -216,7 +216,7 @@ spec:
       serviceAccountName: promtail
       containers:
         - name: promtail
-          image: "grafana/promtail:2.9.15"
+          image: "grafana/promtail:3.6.2"
           imagePullPolicy: IfNotPresent
           args:
             - "-config.file=/etc/promtail/promtail.yaml"

manifests/monitoring/vmagent.yaml

@@ -217,7 +217,7 @@ spec:
       serviceAccountName: prometheus-server
       containers:
         - name: vmagent
-          image: "victoriametrics/vmagent:v1.128.0"
+          image: "victoriametrics/vmagent:v1.131.0"
           imagePullPolicy: "IfNotPresent"
           args:
             - -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/

manifests/nextcloud_chart/manifest.yaml

@@ -56,7 +56,9 @@ data:
   general.config.php: |-
     <?php
     $CONFIG = array (
-        'overwriteprotocol' => 'https'
+        'overwriteprotocol' => 'https',
+        'loglevel' => 1,
+        'log_rotate_size' => 100 * 1024 * 1024
     );
   .htaccess: |-
     # line below if for Apache 2.4
@@ -204,7 +206,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: nextcloud
-        image: "nextcloud:32.0.1-apache"
+        image: "nextcloud:32.0.2-apache"
         imagePullPolicy: IfNotPresent
         env:
         - name: SQLITE_DATABASE
@@ -337,6 +339,97 @@ spec:
         - name: nextcloud-config
           mountPath: /var/www/html/config/smtp.config.php
           subPath: smtp.config.php
+      - name: cron
+        image: "nextcloud:32.0.2-apache"
+        imagePullPolicy: IfNotPresent
+        command:
+          - /cron.sh
+        env:
+          - name: SQLITE_DATABASE
+            value: "nextcloud"
+          - name: NEXTCLOUD_ADMIN_USER
+            valueFrom:
+              secretKeyRef:
+                name: nextcloud-nextcloud
+                key: nextcloud-username
+          - name: NEXTCLOUD_ADMIN_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: nextcloud-nextcloud
+                key: nextcloud-password
+          - name: NEXTCLOUD_TRUSTED_DOMAINS
+            value: nextcloud.cluster.fun
+          - name: NEXTCLOUD_DATA_DIR
+            value: "/var/www/html/data"
+          - name: REDIS_HOST
+            valueFrom:
+              secretKeyRef:
+                name: nextcloud-nextcloud-redis
+                key: redis-host
+          - name: REDIS_PORT
+            valueFrom:
+              secretKeyRef:
+                name: nextcloud-nextcloud-redis
+                key: redis-port
+          - name: REDIS_HOST_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: nextcloud-nextcloud-redis
+                key: redis-password
+          - name: REDIS_DB_INDEX
+            valueFrom:
+              secretKeyRef:
+                name: nextcloud-nextcloud-redis
+                key: redis-db-index
+        volumeMounts:
+        - name: nextcloud-data
+          mountPath: /var/www/
+          subPath: root
+        - name: nextcloud-data
+          mountPath: /var/www/html
+          subPath: html
+        - name: nextcloud-data
+          mountPath: /var/www/html/data
+          subPath: data
+        - name: nextcloud-data
+          mountPath: /var/www/html/config
+          subPath: config
+        - name: nextcloud-data
+          mountPath: /var/www/html/custom_apps
+          subPath: custom_apps
+        - name: nextcloud-data
+          mountPath: /var/www/tmp
+          subPath: tmp
+        - name: nextcloud-data
+          mountPath: /var/www/html/themes
+          subPath: themes
+        - name: nextcloud-config
+          mountPath: /var/www/html/config/general.config.php
+          subPath: general.config.php
+        - name: nextcloud-s3
+          mountPath: /var/www/html/config/s3.config.php
+          subPath: s3.config.php
+        - name: nextcloud-config
+          mountPath: /var/www/html/config/.htaccess
+          subPath: .htaccess
+        - name: nextcloud-config
+          mountPath: /var/www/html/config/apache-pretty-urls.config.php
+          subPath: apache-pretty-urls.config.php
+        - name: nextcloud-config
+          mountPath: /var/www/html/config/apcu.config.php
+          subPath: apcu.config.php
+        - name: nextcloud-config
+          mountPath: /var/www/html/config/apps.config.php
+          subPath: apps.config.php
+        - name: nextcloud-config
+          mountPath: /var/www/html/config/autoconfig.php
+          subPath: autoconfig.php
+        - name: nextcloud-config
+          mountPath: /var/www/html/config/redis.config.php
+          subPath: redis.config.php
+        - name: nextcloud-config
+          mountPath: /var/www/html/config/smtp.config.php
+          subPath: smtp.config.php
       volumes:
       - name: nextcloud-data
         persistentVolumeClaim:
@@ -351,45 +444,6 @@ spec:
       securityContext:
         fsGroup: 33
 ---
-# Source: nextcloud/templates/cronjob.yaml
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: nextcloud-nextcloud-cron
-  labels:
-    app.kubernetes.io/name: nextcloud
-    app.kubernetes.io/instance: nextcloud-nextcloud
-  annotations:
-    {}
-spec:
-  schedule: "*/5 * * * *"
-  concurrencyPolicy: Forbid
-  failedJobsHistoryLimit: 5
-  successfulJobsHistoryLimit: 2
-  jobTemplate:
-    metadata:
-      labels:
-        app.kubernetes.io/name: nextcloud
-    spec:
-      template:
-        metadata:
-          labels:
-            app.kubernetes.io/name: nextcloud
-        spec:
-          restartPolicy: Never
-          containers:
-            - name: nextcloud
-              image: "nextcloud:32.0.1-apache"
-              imagePullPolicy: IfNotPresent
-              command: [ "curl" ]
-              args:
-                - "--fail"
-                - "-L"
-                - "https://nextcloud.cluster.fun/cron.php"
-              resources:
-                requests:
-                  memory: 200Mi
----
 # Source: nextcloud/templates/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress

manifests/nginx-lb/nginx-lb.yaml

@@ -492,7 +492,7 @@ spec:
               fieldPath: metadata.namespace
         - name: LD_PRELOAD
           value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.13.3@sha256:1b044f6dcac3afbb59e05d98463f1dec6f3d3fb99940bc12ca5d80270358e3bd
+        image: registry.k8s.io/ingress-nginx/controller:v1.14.1@sha256:f95a79b85fb93ac3de752c71a5c27d5ceae10a18b61904dec224c1c6a4581e47
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:

manifests/nodered/nodered.yaml

@@ -57,7 +57,7 @@ spec:
           - name: data
             mountPath: /data
       - name: update-native-modules
-        image: nodered/node-red:4.1.1-18
+        image: nodered/node-red:4.1.2-18
         imagePullPolicy: IfNotPresent
         command:
           - bash
@@ -73,7 +73,7 @@ spec:
             mountPath: /data
       containers:
       - name: web
-        image: nodered/node-red:4.1.1-18
+        image: nodered/node-red:4.1.2-18
         imagePullPolicy: Always
         ports:
         - containerPort: 1880

manifests/outline/outline.yaml

@@ -46,7 +46,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: outline
-        image: outlinewiki/outline:0.87.4
+        image: outlinewiki/outline:1.1.0
         imagePullPolicy: IfNotPresent
         env:
         - name: ALLOWED_DOMAINS

manifests/social-to-rolodex/social-to-rolodex.yaml

@@ -92,7 +92,7 @@ spec:
             secretKeyRef:
               key: password
               name: social-to-rolodex-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.13.0
         name: oauth-proxy
         ports:
         - containerPort: 8000

manifests/traefik/traefik.yaml

@@ -45,7 +45,7 @@ spec:
         - --entrypoints.websecure.http.tls=true
         - --entrypoints.web.http.redirections.entrypoint.to=websecure
         - --entrypoints.web.http.redirections.entrypoint.scheme=https
-        image: rancher/mirrored-library-traefik:2.11.29
+        image: rancher/mirrored-library-traefik:2.11.31
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 3

manifests/url-to-grist/url-to-grist.yaml

@@ -0,0 +1,117 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: url-to-grist
+  namespace: cloudnative-now
+  annotations:
+    kube-1password: bu4lczquzosu3yxhyrzbtepply
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-parse: "true"
+  labels:
+    app.kubernetes.io/name: url-to-grist
+    app.kubernetes.io/part-of: cloudnative.now
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: url-to-grist
+  labels:
+    app.kubernetes.io/name: url-to-grist
+    app.kubernetes.io/part-of: cloudnative.now
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app.kubernetes.io/name: url-to-grist
+    app.kubernetes.io/part-of: cloudnative.now
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: url-to-grist
+  labels:
+    app.kubernetes.io/name: url-to-grist
+    app.kubernetes.io/part-of: cloudnative.now
+  annotations:
+    secret.reloader.stakater.com/reload: "url-to-grist"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: url-to-grist
+      app.kubernetes.io/part-of: cloudnative.now
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: url-to-grist
+        app.kubernetes.io/part-of: cloudnative.now
+    spec:
+      containers:
+      - name: url-to-grist
+        image: ghcr.io/namelessplanet/url-to-grist:v1.5.3
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: PORT
+          value: "8080"
+        envFrom:
+        - secretRef:
+            name: "url-to-grist"
+        ports:
+        - containerPort: 8080
+          name: web
+        livenessProbe:
+          httpGet:
+            port: web
+            path: /healthz
+          initialDelaySeconds: 1
+          periodSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+          timeoutSeconds: 3
+        readinessProbe:
+          httpGet:
+            port: web
+            path: /healthz
+          initialDelaySeconds: 1
+          periodSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+          timeoutSeconds: 3
+        resources:
+          limits:
+            memory: 20Mi
+          requests:
+            memory: 20Mi
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: url-to-grist
+  namespace: cloudnative-now
+  labels:
+    app.kubernetes.io/name: url-to-grist
+    app.kubernetes.io/part-of: cloudnative.now
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - "url-to-grist.cloudnative.now"
+      secretName: "url-to-grist-ingress"
+  rules:
+    - host: "url-to-grist.cloudnative.now"
+      http:
+        paths:
+          - path: "/"
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: url-to-grist
+                port:
+                  name: web

manifests/yay-or-nay/yay-or-nay.yaml

@@ -17,7 +17,7 @@ metadata:
     app: yay-or-nay
     app.kubernetes.io/name: yay-or-nay
   annotations:
-    reloader.stakater.com/search: "true"
+    secret.reloader.stakater.com/reload: "yay-or-nay"
 spec:
   replicas: 1
   selector: