Update Helm release cert-manager to v1.19.4

manifests/_apps/certmanager_chart.yaml

@@ -35,7 +35,7 @@ spec:
     name: cluster-fun (v2)
   source:
     repoURL: 'https://charts.jetstack.io'
-    targetRevision: v1.20.2
+    targetRevision: v1.19.4
     chart: cert-manager
     helm:
       version: v3

manifests/_apps/pairdrop.yaml

@@ -1,25 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: pairdrop
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: cluster.fun
-  destination:
-    namespace: pairdrop
-    name: cluster-fun (v2)
-  source:
-    path: manifests/pairdrop
-    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
-    targetRevision: HEAD
-  syncPolicy:
-    automated: {}
-    syncOptions:
-      - CreateNamespace=true
-  ignoreDifferences:
-  - kind: Secret
-    jsonPointers:
-    - /data
-

manifests/_apps/vert.yaml

@@ -1,25 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: vert
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: cluster.fun
-  destination:
-    namespace: vert
-    name: cluster-fun (v2)
-  source:
-    path: manifests/vert
-    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
-    targetRevision: HEAD
-  syncPolicy:
-    automated: {}
-    syncOptions:
-      - CreateNamespace=true
-  ignoreDifferences:
-  - kind: Secret
-    jsonPointers:
-    - /data
-

manifests/auth-proxy/non-auth-ingress.yaml

@@ -19,7 +19,6 @@ spec:
     - bsky-feeds.cluster.fun
     - ai.cluster.fun
     - penpot.cluster.fun
-    - trek.cluster.fun
     secretName: non-auth-proxy-ingress
   rules:
   - host: hello-world.cluster.fun
@@ -72,13 +71,3 @@ spec:
             name: tailscale-proxy
             port:
               name: non-auth
-  - host: trek.cluster.fun
-    http:
-      paths:
-      - path: /
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: tailscale-proxy
-            port:
-              name: non-auth

manifests/auth-proxy/proxy.yaml

@@ -68,7 +68,7 @@ spec:
           mountPath: /config/
 
       - name: oauth-proxy
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.14.2
         args:
         - --cookie-secure=false
         - --provider=oidc

manifests/cors-proxy/cors-proxy.yaml

@@ -36,7 +36,7 @@ spec:
           name: web
         env:
         - name: ALLOWLIST
-          value: cdn.bsky.app,en.wikipedia.org
+          value: cdn.bsky.app
         resources:
           requests:
             memory: 184M

manifests/dashboard/dashboard.yaml

@@ -81,7 +81,7 @@ spec:
             secretKeyRef:
               key: password
               name: dashboard-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.14.2
         name: oauth-proxy
         ports:
         - containerPort: 8000

manifests/gitea/gitea.yaml

@@ -43,7 +43,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: git
-        image: gitea/gitea:1.26.2
+        image: gitea/gitea:1.25.4
         env:
         - name: APP_NAME
           value: "Git"

manifests/goplayground/goplayground.yaml

@@ -29,7 +29,7 @@ spec:
     spec:
       containers:
       - name: web
-        image: x1unix/go-playground:3.0.0
+        image: x1unix/go-playground:2.5.8
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 8000

manifests/grist/grist.yaml

@@ -75,7 +75,7 @@ spec:
       priorityClassName: critical
       containers:
         - name: grist
-          image: gristlabs/grist-oss:1.7.13
+          image: gristlabs/grist-oss:1.7.10
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
@@ -110,7 +110,7 @@ spec:
             requests:
               memory: 300M
             limits:
-              memory: 600M
+              memory: 300M
           securityContext:
             capabilities:
               add:

manifests/link/link.yaml

@@ -41,7 +41,6 @@ data:
     cdl-talk-2026-feedback: https://yay-or-nay.cluster.fun/feedback/22TO05MQ
     technical-talking-blog-post: https://marcusnoble.co.uk/2025-04-30-my-tips-on-giving-technical-talks/
     kubecon-eu-26: https://speaking.marcusnoble.co.uk/zT471P/kube-oddities-the-quirks-that-keep-kubernetes-interesting
-    cndro26: https://speaking.marcusnoble.co.uk/1OrBAe/kube-oddities-the-quirks-that-keep-kubernetes-interesting-marcus-noble-mark-sagi-kazar
 ---
 apiVersion: v1
 kind: Service

manifests/marcusnoble/marcusnoble.yaml

@@ -39,16 +39,16 @@ spec:
             memory: 50Mi
           requests:
             memory: 50Mi
-        livenessProbe:
+        # livenessProbe:
-          httpGet:
+        #   httpGet:
-            path: /
+        #     path: /healthz
-            port: web
+        #     port: web
-          initialDelaySeconds: 10
+        #   initialDelaySeconds: 10
-        readinessProbe:
+        # readinessProbe:
-          httpGet:
+        #   httpGet:
-            path: /
+        #     path: /healthz
-            port: web
+        #     port: web
-          initialDelaySeconds: 10
+        #   initialDelaySeconds: 10
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress

manifests/mazanoke/manifest.yaml

@@ -29,7 +29,7 @@ spec:
     spec:
       containers:
       - name: web
-        image: ghcr.io/civilblur/mazanoke:v1.1.6
+        image: ghcr.io/civilblur/mazanoke:v1.1.5
         imagePullPolicy: Always
         ports:
         - containerPort: 80

manifests/mealie/mealie.yaml

@@ -31,7 +31,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: frontend
-        image: ghcr.io/mealie-recipes/mealie:v3.19.0
+        image: ghcr.io/mealie-recipes/mealie:v3.11.0
         imagePullPolicy: Always
         envFrom:
         - secretRef:

manifests/monitoring/cadvisor.yaml

@@ -38,7 +38,7 @@ spec:
           operator: "Exists"
       automountServiceAccountToken: false
       containers:
-      - image: ghcr.io/google/cadvisor:v0.57.0
+      - image: ghcr.io/google/cadvisor:0.56.2
         name: cadvisor
         ports:
         - containerPort: 8080

manifests/monitoring/kube-state-metrics.yaml

@@ -238,7 +238,7 @@ spec:
         - --resources=validatingwebhookconfigurations
         #- --resources=volumeattachments
         imagePullPolicy: IfNotPresent
-        image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.19.0"
+        image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.18.0"
         ports:
         - containerPort: 8080
         livenessProbe:

manifests/monitoring/node-exporter.yaml

@@ -55,7 +55,7 @@ spec:
       serviceAccountName: prometheus-node-exporter
       containers:
         - name: prometheus-node-exporter
-          image: "prom/node-exporter:v1.11.1"
+          image: "prom/node-exporter:v1.10.2"
           imagePullPolicy: "IfNotPresent"
           args:
             - --path.procfs=/host/proc

manifests/monitoring/vmagent.yaml

@@ -217,7 +217,7 @@ spec:
       serviceAccountName: prometheus-server
       containers:
         - name: vmagent
-          image: "victoriametrics/vmagent:v1.143.0"
+          image: "victoriametrics/vmagent:v1.136.0"
           imagePullPolicy: "IfNotPresent"
           args:
             - -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/

manifests/nextcloud_chart/manifest.yaml

@@ -206,7 +206,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: nextcloud
-        image: "nextcloud:33.0.3-apache"
+        image: "nextcloud:32.0.6-apache"
         imagePullPolicy: IfNotPresent
         env:
         - name: SQLITE_DATABASE
@@ -340,7 +340,7 @@ spec:
           mountPath: /var/www/html/config/smtp.config.php
           subPath: smtp.config.php
       - name: cron
-        image: "nextcloud:33.0.3-apache"
+        image: "nextcloud:32.0.6-apache"
         imagePullPolicy: IfNotPresent
         command:
           - /cron.sh

manifests/nginx-lb/nginx-lb.yaml

@@ -492,7 +492,7 @@ spec:
               fieldPath: metadata.namespace
         - name: LD_PRELOAD
           value: /usr/local/lib/libmimalloc.so
-        image: registry.k8s.io/ingress-nginx/controller:v1.15.1@sha256:594ceea76b01c592858f803f9ff4d2cb40542cae2060410b2c95f75907d659e1
+        image: registry.k8s.io/ingress-nginx/controller:v1.14.3@sha256:82917be97c0939f6ada1717bb39aa7e66c229d6cfb10dcfc8f1bd42f9efe0f81
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:

manifests/nodered/nodered.yaml

@@ -57,7 +57,7 @@ spec:
           - name: data
             mountPath: /data
       - name: update-native-modules
-        image: nodered/node-red:4.1.10-18
+        image: nodered/node-red:4.1.5-18
         imagePullPolicy: IfNotPresent
         command:
           - bash
@@ -73,7 +73,7 @@ spec:
             mountPath: /data
       containers:
       - name: web
-        image: nodered/node-red:4.1.10-18
+        image: nodered/node-red:4.1.5-18
         imagePullPolicy: Always
         ports:
         - containerPort: 1880

manifests/outline/outline.yaml

@@ -46,7 +46,7 @@ spec:
       priorityClassName: critical
       containers:
       - name: outline
-        image: outlinewiki/outline:1.7.1
+        image: outlinewiki/outline:1.5.0
         imagePullPolicy: IfNotPresent
         env:
         - name: ALLOWED_DOMAINS

manifests/pairdrop/pairdrop.yaml

@@ -1,88 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: pairdrop
-  namespace: pairdrop
-spec:
-  type: ClusterIP
-  ports:
-  - port: 80
-    targetPort: web
-    name: web
-  selector:
-    app: pairdrop
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: pairdrop
-  namespace: pairdrop
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: pairdrop
-  template:
-    metadata:
-      labels:
-        app: pairdrop
-    spec:
-      imagePullSecrets:
-        - name: docker-config
-      priorityClassName: low
-      containers:
-      - name: web
-        image: ghcr.io/schlagmichdoch/pairdrop:v1.11.2
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 3000
-          name: web
-        env:
-        - name: RATE_LIMIT
-          value: "1"
-        - name: DONATION_BUTTON_ACTIVE
-          value: "false"
-        - name: TWITTER_BUTTON_ACTIVE
-          value: "false"
-        - name: MASTODON_BUTTON_ACTIVE
-          value: "false"
-        - name: BLUESKY_BUTTON_ACTIVE
-          value: "false"
-        - name: PRIVACYPOLICY_BUTTON_ACTIVE
-          value: "false"
-        resources:
-          limits:
-            memory: 100Mi
-          requests:
-            memory: 100Mi
-        livenessProbe:
-          httpGet:
-            path: /
-            port: web
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: pairdrop
-  namespace: pairdrop
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - drop.cluster.fun
-    secretName: pairdrop-ingress
-  rules:
-  - host: drop.cluster.fun
-    http:
-      paths:
-      - path: /
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: pairdrop
-            port:
-              number: 80

manifests/rss/miniflux.yaml

@@ -68,7 +68,7 @@ spec:
     spec:
       containers:
       - name: web
-        image: ghcr.io/miniflux/miniflux:2.3.0
+        image: ghcr.io/miniflux/miniflux:2.2.17
         imagePullPolicy: IfNotPresent
         envFrom:
         - configMapRef:

manifests/social-to-rolodex/social-to-rolodex.yaml

@@ -92,7 +92,7 @@ spec:
             secretKeyRef:
               key: password
               name: social-to-rolodex-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2
+        image: quay.io/oauth2-proxy/oauth2-proxy:v7.14.2
         name: oauth-proxy
         ports:
         - containerPort: 8000

manifests/traefik/traefik.yaml

@@ -45,7 +45,7 @@ spec:
         - --entrypoints.websecure.http.tls=true
         - --entrypoints.web.http.redirections.entrypoint.to=websecure
         - --entrypoints.web.http.redirections.entrypoint.scheme=https
-        image: rancher/mirrored-library-traefik:2.11.42
+        image: rancher/mirrored-library-traefik:2.11.36
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 3

manifests/vert/manifest.yaml

@@ -1,69 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: vert
-  namespace: vert
-spec:
-  type: ClusterIP
-  ports:
-  - port: 80
-    targetPort: web
-    name: web
-  selector:
-    app: vert
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: vert
-  namespace: vert
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: vert
-  template:
-    metadata:
-      labels:
-        app: vert
-    spec:
-      containers:
-      - name: web
-        image: ghcr.io/vert-sh/vert:sha-438f91a
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-          name: web
-        resources:
-          limits:
-            memory: 200Mi
-          requests:
-            memory: 200Mi
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: vert
-  namespace: vert
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - vert.cluster.fun
-    secretName: vert-ingress
-  rules:
-  - host: vert.cluster.fun
-    http:
-      paths:
-      - path: /
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: vert
-            port:
-              number: 80
-