Update grafana/promtail Docker tag to v3

Merge pull request 'Update victoriametrics/vmagent Docker tag to v1.125.0' (#553 ) from renovate/victoriametrics into master
Reviewed-on: #553
2025-09-03 03:10:46 +00:00 · 2025-09-02 06:45:15 +00:00 · 2025-09-02 06:45:11 +00:00 · 2025-09-02 06:45:07 +00:00 · 2025-09-02 03:14:36 +00:00 · 2025-09-02 03:14:34 +00:00
54 changed files with 519 additions and 226 deletions
--- a/manifests/_apps/base64.yaml
+++ b/manifests/_apps/base64.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/blog.yaml
+++ b/manifests/_apps/blog.yaml
@@ -22,8 +22,5 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
 ---
--- a/manifests/_apps/bsky-screenshot.yaml
+++ b/manifests/_apps/bsky-screenshot.yaml
@@ -1,17 +1,17 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: social-to-grist
+  name: bsky-screenshot
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: cluster.fun
  destination:
-    namespace: social-to-grist
+    namespace: bsky-screenshot
    name: civo
  source:
-    path: manifests/social-to-grist
+    path: manifests/bsky-screenshot
    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
    targetRevision: HEAD
  syncPolicy:
@@ -22,7 +22,3 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
--- a/manifests/_apps/civo-versions.yaml
+++ b/manifests/_apps/civo-versions.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/cors-proxy.yaml
+++ b/manifests/_apps/cors-proxy.yaml
@@ -1,17 +1,17 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: cluster-fun-starling
+  name: cors-proxy
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: cluster.fun
  destination:
-    namespace: starling
+    namespace: cors-proxy
    name: cluster-fun (v2)
  source:
-    path: manifests/starling
+    path: manifests/cors-proxy
    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
    targetRevision: HEAD
  syncPolicy:
--- a/manifests/_apps/cv.yaml
+++ b/manifests/_apps/cv.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/dashboard.yaml
+++ b/manifests/_apps/dashboard.yaml
@@ -22,8 +22,5 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
 ---
--- a/manifests/_apps/devstats-viewer.yaml
+++ b/manifests/_apps/devstats-viewer.yaml
@@ -22,8 +22,5 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
 ---
--- a/manifests/_apps/feed-fetcher.yaml
+++ b/manifests/_apps/feed-fetcher.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/grist.yaml
+++ b/manifests/_apps/grist.yaml
@@ -22,8 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
 ---
--- a/manifests/_apps/marcusnoble.yaml
+++ b/manifests/_apps/marcusnoble.yaml
@@ -22,8 +22,5 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
 ---
--- a/manifests/_apps/mastodon-digest.yaml
+++ b/manifests/_apps/mastodon-digest.yaml
@@ -22,8 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
 ---
--- a/manifests/_apps/mealie.yaml
+++ b/manifests/_apps/mealie.yaml
@@ -22,8 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
 ---
--- a/manifests/_apps/opengraph-image-gen.yaml
+++ b/manifests/_apps/opengraph-image-gen.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/qr.yaml
+++ b/manifests/_apps/qr.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/rss.yaml
+++ b/manifests/_apps/rss.yaml
@@ -22,8 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
 ---
--- a/manifests/_apps/social-to-rolodex.yaml
+++ b/manifests/_apps/social-to-rolodex.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: social-to-rolodex
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: social-to-rolodex
+    name: civo
+  source:
+    path: manifests/social-to-rolodex
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data
+
--- a/manifests/_apps/svg-to-dxf.yaml
+++ b/manifests/_apps/svg-to-dxf.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/talks.yaml
+++ b/manifests/_apps/talks.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/tank.yaml
+++ b/manifests/_apps/tank.yaml
@@ -22,8 +22,5 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
 ---
--- a/manifests/_apps/text-to-dxf.yaml
+++ b/manifests/_apps/text-to-dxf.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/til.yaml
+++ b/manifests/_apps/til.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/tweetsvg.yaml
+++ b/manifests/_apps/tweetsvg.yaml
@@ -22,7 +22,4 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
--- a/manifests/_apps/twitter-profile-pic.yaml
+++ b/manifests/_apps/twitter-profile-pic.yaml
@@ -22,8 +22,5 @@ spec:
  - kind: Secret
    jsonPointers:
    - /data
-  - group: apps
-    kind: Deployment
-    jqPathExpressions:
-    - .spec.template.spec.containers[]?.image
+
 ---
--- a/manifests/_apps/yay-or-nay.yaml
+++ b/manifests/_apps/yay-or-nay.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: yay-or-nay
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: yay-or-nay
+    name: cluster-fun (v2)
+  source:
+    path: manifests/yay-or-nay
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated: {}
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data
+---
--- a/manifests/auth-proxy/auth-ingress.yaml
+++ b/manifests/auth-proxy/auth-ingress.yaml
@@ -29,6 +29,7 @@ spec:
    - changedetection.cluster.fun
    - grafana.cluster.fun
    - podgrab.cluster.fun
+    - stablediffusion.cluster.fun
    secretName: auth-proxy-ingress
  rules:
  - host: downloads.cluster.fun
@@ -221,3 +222,13 @@ spec:
            name: tailscale-proxy
            port:
              name: auth
+  - host: stablediffusion.cluster.fun
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: tailscale-proxy
+            port:
+              name: auth
--- a/manifests/auth-proxy/non-auth-ingress.yaml
+++ b/manifests/auth-proxy/non-auth-ingress.yaml
@@ -6,6 +6,10 @@ metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-body-size: 25m
+    nginx.ingress.kubernetes.io/client-body-buffer-size: 25m
 spec:
  ingressClassName: nginx
  tls:
@@ -13,6 +17,7 @@ spec:
    - hello-world.cluster.fun
    - ombi.cluster.fun
    - bsky-feeds.cluster.fun
+    - ai.cluster.fun
    secretName: non-auth-proxy-ingress
  rules:
  - host: hello-world.cluster.fun
@@ -45,3 +50,13 @@ spec:
            name: tailscale-proxy
            port:
              name: non-auth
+  - host: ai.cluster.fun
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: tailscale-proxy
+            port:
+              name: non-auth
--- a/manifests/auth-proxy/proxy.yaml
+++ b/manifests/auth-proxy/proxy.yaml
@@ -67,7 +67,7 @@ spec:
          mountPath: /config/

      - name: oauth-proxy
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
        args:
        - --cookie-secure=false
        - --provider=oidc
--- a/manifests/bsky-screenshot/bsky-screenshot.yaml
+++ b/manifests/bsky-screenshot/bsky-screenshot.yaml
@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: bsky-screenshot
+  namespace: bsky-screenshot
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: bsky-screenshot
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bsky-screenshot
+  namespace: bsky-screenshot
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bsky-screenshot
+  template:
+    metadata:
+      labels:
+        app: bsky-screenshot
+    spec:
+      containers:
+      - name: web
+        image: rg.fr-par.scw.cloud/averagemarcus/bsky-screenshot:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          name: web
+        resources:
+          limits:
+            memory: 20Mi
+          requests:
+            memory: 20Mi
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bsky-screenshot
+  namespace: bsky-screenshot
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: traefik
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    ingress.kubernetes.io/ssl-redirect: "true"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  tls:
+  - hosts:
+    - bsky-screenshot.cluster.fun
+    secretName: bsky-screenshot-ingress
+  rules:
+  - host: bsky-screenshot.cluster.fun
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: bsky-screenshot
+            port:
+              number: 80
+
--- a/manifests/cors-proxy/cors-proxy.yaml
+++ b/manifests/cors-proxy/cors-proxy.yaml
@@ -0,0 +1,76 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cors-proxy
+  namespace: cors-proxy
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: 8000
+    name: web
+  selector:
+    app: cors-proxy
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cors-proxy
+  namespace: cors-proxy
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: cors-proxy
+  template:
+    metadata:
+      labels:
+        app: cors-proxy
+    spec:
+      containers:
+      - name: web
+        image: rg.fr-par.scw.cloud/averagemarcus/cors-proxy:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8000
+          name: web
+        env:
+        - name: ALLOWLIST
+          value: cdn.bsky.app
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: cors-proxy
+  namespace: cors-proxy
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - cors-proxy.cluster.fun
+    - cors-proxy.marcusnoble.co.uk
+    secretName: cors-proxy-ingress
+  rules:
+  - host: cors-proxy.cluster.fun
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: cors-proxy
+            port:
+              number: 80
+  - host: cors-proxy.marcusnoble.co.uk
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: cors-proxy
+            port:
+              number: 80
--- a/manifests/dashboard/dashboard.yaml
+++ b/manifests/dashboard/dashboard.yaml
@@ -81,7 +81,7 @@ spec:
            secretKeyRef:
              key: password
              name: dashboard-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
        name: oauth-proxy
        ports:
        - containerPort: 8000
--- a/manifests/gitea/gitea.yaml
+++ b/manifests/gitea/gitea.yaml
@@ -42,7 +42,7 @@ spec:
    spec:
      containers:
      - name: git
-        image: gitea/gitea:1.23.8
+        image: gitea/gitea:1.24.5
        env:
        - name: APP_NAME
          value: "Git"
--- a/manifests/grist/grist.yaml
+++ b/manifests/grist/grist.yaml
@@ -72,7 +72,7 @@ spec:
      serviceAccountName: grist
      containers:
        - name: grist
-          image: gristlabs/grist-oss:1.6.0
+          image: gristlabs/grist-oss:1.7.3
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
--- a/manifests/link/link.yaml
+++ b/manifests/link/link.yaml
@@ -32,6 +32,9 @@ data:
    kcdbudapest: https://speaking.marcusnoble.co.uk/43QLpx/the-future-of-kubernetes-admission-logic
    kcdczechslovak: https://speaking.marcusnoble.co.uk/Np2xUv/pod-deep-dive-the-interesting-bits
    cnsmunich: https://speaking.marcusnoble.co.uk/HqYcp2/pod-deep-dive-the-interesting-bits
+    cnsmunich-feedback: https://yay-or-nay.cluster.fun/feedback/20UETBI0
+    containerdays25: https://speaking.marcusnoble.co.uk/HARSlE/the-future-of-kubernetes-admission-logic
+    containerdays25-feedback: https://yay-or-nay.cluster.fun/feedback/F8P351QK
 ---
 apiVersion: v1
 kind: Service
--- a/manifests/mastodon-digest/mastodon_digest.yaml
+++ b/manifests/mastodon-digest/mastodon_digest.yaml
@@ -152,7 +152,7 @@ spec:
            secretKeyRef:
              key: password
              name: mastodon-digest-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
        name: oauth-proxy
        ports:
        - containerPort: 8000
--- a/manifests/matrix_chart/matrix_chart.yaml
+++ b/manifests/matrix_chart/matrix_chart.yaml
@@ -363,7 +363,7 @@ spec:
        fsGroup: 1000
      containers:
        - name: "riot"
-          image: "vectorim/element-web:v1.11.102"
+          image: "vectorim/element-web:v1.11.110"
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
@@ -444,7 +444,7 @@ spec:
        fsGroup: 1000
      initContainers:
        - name: generate-signing-key
-          image: "ghcr.io/element-hq/synapse:v1.131.0"
+          image: "ghcr.io/element-hq/synapse:v1.137.0"
          imagePullPolicy: IfNotPresent
          env:
            - name: SYNAPSE_SERVER_NAME
@@ -471,7 +471,7 @@ spec:
              mountPath: /data/keys
      containers:
        - name: "synapse"
-          image: "ghcr.io/element-hq/synapse:v1.131.0"
+          image: "ghcr.io/element-hq/synapse:v1.137.0"
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
--- a/manifests/mealie/mealie.yaml
+++ b/manifests/mealie/mealie.yaml
@@ -30,7 +30,7 @@ spec:
    spec:
      containers:
      - name: frontend
-        image: ghcr.io/mealie-recipes/mealie:v2.8.0
+        image: ghcr.io/mealie-recipes/mealie:v3.1.2
        imagePullPolicy: Always
        envFrom:
        - secretRef:
--- a/manifests/monitoring-civo/kube-state-metrics.yaml
+++ b/manifests/monitoring-civo/kube-state-metrics.yaml
@@ -237,7 +237,7 @@ spec:
        - --resources=validatingwebhookconfigurations
        #- --resources=volumeattachments
        imagePullPolicy: IfNotPresent
-        image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.15.0"
+        image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
        ports:
        - containerPort: 8080
        livenessProbe:
--- a/manifests/monitoring-civo/promtail.yaml
+++ b/manifests/monitoring-civo/promtail.yaml
@@ -236,7 +236,7 @@ spec:
      serviceAccountName: promtail
      containers:
        - name: promtail
-          image: "grafana/promtail:3.5.1"
+          image: "grafana/promtail:3.5.3"
          imagePullPolicy: IfNotPresent
          args:
            - "-config.file=/etc/promtail/promtail.yaml"
--- a/manifests/monitoring-civo/vmagent.yaml
+++ b/manifests/monitoring-civo/vmagent.yaml
@@ -147,7 +147,7 @@ spec:
      serviceAccountName: prometheus-server
      containers:
        - name: vmagent
-          image: "victoriametrics/vmagent:v1.118.0"
+          image: "victoriametrics/vmagent:v1.125.0"
          imagePullPolicy: "IfNotPresent"
          args:
            - -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/
--- a/manifests/monitoring/kube-state-metrics.yaml
+++ b/manifests/monitoring/kube-state-metrics.yaml
@@ -237,7 +237,7 @@ spec:
        - --resources=validatingwebhookconfigurations
        #- --resources=volumeattachments
        imagePullPolicy: IfNotPresent
-        image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.15.0"
+        image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
        ports:
        - containerPort: 8080
        livenessProbe:
--- a/manifests/monitoring/promtail.yaml
+++ b/manifests/monitoring/promtail.yaml
@@ -215,7 +215,7 @@ spec:
      serviceAccountName: promtail
      containers:
        - name: promtail
-          image: "grafana/promtail:3.5.1"
+          image: "grafana/promtail:3.5.3"
          imagePullPolicy: IfNotPresent
          args:
            - "-config.file=/etc/promtail/promtail.yaml"
--- a/manifests/monitoring/vmagent.yaml
+++ b/manifests/monitoring/vmagent.yaml
@@ -153,7 +153,7 @@ spec:
      serviceAccountName: prometheus-server
      containers:
        - name: vmagent
-          image: "victoriametrics/vmagent:v1.118.0"
+          image: "victoriametrics/vmagent:v1.125.0"
          imagePullPolicy: "IfNotPresent"
          args:
            - -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/
--- a/manifests/nextcloud_chart/manifest.yaml
+++ b/manifests/nextcloud_chart/manifest.yaml
@@ -203,7 +203,7 @@ spec:
    spec:
      containers:
      - name: nextcloud
-        image: "nextcloud:31.0.5-apache"
+        image: "nextcloud:31.0.8-apache"
        imagePullPolicy: IfNotPresent
        env:
        - name: SQLITE_DATABASE
@@ -374,7 +374,7 @@ spec:
          restartPolicy: Never
          containers:
            - name: nextcloud
-              image: "nextcloud:31.0.5-apache"
+              image: "nextcloud:31.0.8-apache"
              imagePullPolicy: IfNotPresent
              command: [ "curl" ]
              args:
--- a/manifests/nginx-lb/nginx-lb.yaml
+++ b/manifests/nginx-lb/nginx-lb.yaml
@@ -491,7 +491,7 @@ spec:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.12.3@sha256:ac444cd9515af325ba577b596fe4f27a34be1aa330538e8b317ad9d6c8fb94ee
+        image: registry.k8s.io/ingress-nginx/controller:v1.13.2@sha256:1f7eaeb01933e719c8a9f4acd8181e555e582330c7d50f24484fb64d2ba9b2ef
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
--- a/manifests/nodered/nodered.yaml
+++ b/manifests/nodered/nodered.yaml
@@ -57,7 +57,7 @@ spec:
          - name: data
            mountPath: /data
      - name: update-native-modules
-        image: nodered/node-red:4.0.9-18
+        image: nodered/node-red:4.1.0-18
        imagePullPolicy: IfNotPresent
        command:
          - bash
@@ -73,7 +73,7 @@ spec:
            mountPath: /data
      containers:
      - name: web
-        image: nodered/node-red:4.0.9-18
+        image: nodered/node-red:4.1.0-18
        imagePullPolicy: Always
        ports:
        - containerPort: 1880
--- a/manifests/outline/outline.yaml
+++ b/manifests/outline/outline.yaml
@@ -45,7 +45,7 @@ spec:
    spec:
      containers:
      - name: outline
-        image: outlinewiki/outline:0.84.0
+        image: outlinewiki/outline:0.87.3
        imagePullPolicy: IfNotPresent
        env:
        - name: ALLOWED_DOMAINS
--- a/manifests/redis/redis.yaml
+++ b/manifests/redis/redis.yaml
@@ -329,7 +329,7 @@ spec:
      terminationGracePeriodSeconds: 30
      containers:
        - name: redis
-          image: docker.io/bitnami/redis:7.2.4-debian-11-r11
+          image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
          imagePullPolicy: "IfNotPresent"
          securityContext:
            runAsUser: 1001
@@ -471,7 +471,7 @@ spec:
      terminationGracePeriodSeconds: 30
      containers:
        - name: redis
-          image: docker.io/bitnami/redis:7.2.4-debian-11-r11
+          image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
          imagePullPolicy: "IfNotPresent"
          securityContext:
            runAsUser: 1001
--- a/manifests/rss/miniflux.yaml
+++ b/manifests/rss/miniflux.yaml
@@ -66,7 +66,7 @@ spec:
    spec:
      containers:
      - name: web
-        image: ghcr.io/miniflux/miniflux:2.2.9
+        image: ghcr.io/miniflux/miniflux:2.2.12
        imagePullPolicy: IfNotPresent
        envFrom:
        - configMapRef:
--- a/manifests/social-to-grist/social-to-grist.yaml
+++ b/manifests/social-to-grist/social-to-grist.yaml
@@ -92,7 +92,7 @@ spec:
            secretKeyRef:
              key: password
              name: social-to-grist-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
        name: oauth-proxy
        ports:
        - containerPort: 8000
--- a/manifests/social-to-rolodex/social-to-rolodex.yaml
+++ b/manifests/social-to-rolodex/social-to-rolodex.yaml
@@ -0,0 +1,151 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: docker-config
+  namespace: social-to-rolodex
+  annotations:
+    kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: .dockerconfigjson
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30=
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: social-to-rolodex-auth
+  namespace: social-to-rolodex
+  annotations:
+    kube-1password: mr6spkkx7n3memkbute6ojaarm
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: social-to-rolodex
+  namespace: social-to-rolodex
+  annotations:
+    kube-1password: oa3ycnui3ji4lc665bifaao63q
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-parse: "true"
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: social-to-rolodex
+  namespace: social-to-rolodex
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: auth
+    name: web
+  selector:
+    app: social-to-rolodex
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: social-to-rolodex
+  namespace: social-to-rolodex
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: social-to-rolodex
+  template:
+    metadata:
+      labels:
+        app: social-to-rolodex
+    spec:
+      imagePullSecrets:
+        - name: docker-config
+      containers:
+      - args:
+        - --cookie-secure=false
+        - --provider=oidc
+        - --provider-display-name=Auth0
+        - --upstream=http://localhost:8080
+        - --http-address=$(HOST_IP):8000
+        - --redirect-url=https://social-to-rolodex.cluster.fun/oauth2/callback
+        - --email-domain=marcusnoble.co.uk
+        - --pass-basic-auth=false
+        - --pass-access-token=false
+        - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
+        - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
+        env:
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              key: username
+              name: social-to-rolodex-auth
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: social-to-rolodex-auth
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
+        name: oauth-proxy
+        ports:
+        - containerPort: 8000
+          protocol: TCP
+          name: auth
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+      - name: web
+        image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-rolodex:latest
+        imagePullPolicy: Always
+        env:
+        - name: PORT
+          value: "8080"
+        envFrom:
+        - secretRef:
+            name: "social-to-rolodex"
+        ports:
+        - containerPort: 8080
+          name: web
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: social-to-rolodex
+  namespace: social-to-rolodex
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: traefik
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    ingress.kubernetes.io/ssl-redirect: "true"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  tls:
+  - hosts:
+    - social-to-rolodex.cluster.fun
+    secretName: social-to-rolodex-ingress
+  rules:
+  - host: social-to-rolodex.cluster.fun
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: social-to-rolodex
+            port:
+              number: 80
--- a/manifests/starling/starling.yaml
+++ b/manifests/starling/starling.yaml
@@ -1,106 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: docker-config
-  namespace: starling
-  annotations:
-    kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
-    kube-1password/vault: Kubernetes
-    kube-1password/secret-text-key: .dockerconfigjson
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: e30=
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: starling
-  namespace: starling
-  annotations:
-    kube-1password: ufxpki65ffgprn2upksirweeie
-    kube-1password/vault: Kubernetes
-    kube-1password/secret-text-parse: "true"
-type: Opaque
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: starling
-  namespace: starling
-spec:
-  type: ClusterIP
-  ports:
-  - port: 80
-    targetPort: web
-    name: web
-  selector:
-    app: starling
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: starling
-  namespace: starling
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: starling
-  template:
-    metadata:
-      labels:
-        app: starling
-    spec:
-      imagePullSecrets:
-        - name: docker-config
-      containers:
-      - name: web
-        image: rg.fr-par.scw.cloud/averagemarcus-private/starling:latest
-        imagePullPolicy: Always
-        env:
-        - name: PORT
-          value: "3000"
-        - name: SHARED_SECRET
-          valueFrom:  
-            secretKeyRef:
-              name: starling
-              key: SHARED_SECRET
-        - name: ACCESS_TOKEN
-          valueFrom:  
-            secretKeyRef:
-              name: starling
-              key: ACCESS_TOKEN
-        ports:
-        - containerPort: 3000
-          name: web
-        resources:
-          limits:
-            memory: 50Mi
-          requests:
-            memory: 50Mi
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: starling
-  namespace: starling
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - starling.marcusnoble.co.uk
-    secretName: starling-ingress
-  rules:
-  - host: starling.marcusnoble.co.uk
-    http:
-      paths:
-      - path: /
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: starling
-            port:
-              number: 80
--- a/manifests/traefik/traefik.yaml
+++ b/manifests/traefik/traefik.yaml
@@ -45,7 +45,7 @@ spec:
        - --entrypoints.websecure.http.tls=true
        - --entrypoints.web.http.redirections.entrypoint.to=websecure
        - --entrypoints.web.http.redirections.entrypoint.scheme=https
-        image: rancher/mirrored-library-traefik:2.11.24
+        image: rancher/mirrored-library-traefik:2.11.29
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
--- a/manifests/yay-or-nay/yay-or-nay.yaml
+++ b/manifests/yay-or-nay/yay-or-nay.yaml
@@ -0,0 +1,94 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: yay-or-nay
+  namespace: yay-or-nay
+  annotations:
+    kube-1password: vtnx2swze7r6qepxnlepufvcbi
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-parse: "true"
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: yay-or-nay
+  labels:
+    app: yay-or-nay
+    app.kubernetes.io/name: yay-or-nay
+  annotations:
+    reloader.stakater.com/search: "true"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: yay-or-nay
+  template:
+    metadata:
+      labels:
+        app: yay-or-nay
+        app.kubernetes.io/name: yay-or-nay
+    spec:
+      containers:
+      - name: yay-or-nay
+        image: ghcr.io/mocdaniel/yay-or-nay:1.1.1
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 3000
+          name: web
+        envFrom:
+        - secretRef:
+            name: yay-or-nay
+        livenessProbe:
+          httpGet:
+            path: /
+            port: web
+          initialDelaySeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /
+            port: web
+          initialDelaySeconds: 10
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: yay-or-nay
+  labels:
+    app.kubernetes.io/name: yay-or-nay
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: yay-or-nay
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: yay-or-nay
+  namespace: yay-or-nay
+  labels:
+    app.kubernetes.io/name: yay-or-nay
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+spec:
+  tls:
+    - hosts:
+        - "yay-or-nay.cluster.fun"
+      secretName: "yay-or-nay-ingress"
+  rules:
+    - host: "yay-or-nay.cluster.fun"
+      http:
+        paths:
+          - path: "/"
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: yay-or-nay
+                port:
+                  name: web