1 Commits

Author SHA1 Message Date
b54f25d1f4 Update grafana/promtail Docker tag to v3 2024-12-14 03:12:08 +00:00
60 changed files with 702 additions and 596 deletions

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: bsky-screenshot
name: social-to-grist
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: bsky-screenshot
namespace: social-to-grist
name: civo
source:
path: manifests/bsky-screenshot
path: manifests/social-to-grist
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
@@ -22,3 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -1,25 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: social-to-rolodex
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: social-to-rolodex
name: civo
source:
path: manifests/social-to-rolodex
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cors-proxy
name: cluster-fun-starling
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: cors-proxy
namespace: starling
name: cluster-fun (v2)
source:
path: manifests/cors-proxy
path: manifests/starling
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

View File

@@ -1,25 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: yay-or-nay
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: yay-or-nay
name: cluster-fun (v2)
source:
path: manifests/yay-or-nay
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=true
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---

View File

@@ -23,13 +23,10 @@ spec:
- sonarr.cluster.fun
- lidarr.cluster.fun
- prowlarr.cluster.fun
- mylarr.cluster.fun
- transmission.cluster.fun
- tekton.cluster.fun
- changedetection.cluster.fun
- grafana.cluster.fun
- podgrab.cluster.fun
- stablediffusion.cluster.fun
secretName: auth-proxy-ingress
rules:
- host: downloads.cluster.fun
@@ -202,33 +199,3 @@ spec:
name: tailscale-proxy
port:
name: auth
- host: podgrab.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth
- host: mylarr.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth
- host: stablediffusion.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth

View File

@@ -6,18 +6,11 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-body-size: 25m
nginx.ingress.kubernetes.io/client-body-buffer-size: 25m
spec:
ingressClassName: nginx
tls:
- hosts:
- hello-world.cluster.fun
- ombi.cluster.fun
- bsky-feeds.cluster.fun
- ai.cluster.fun
secretName: non-auth-proxy-ingress
rules:
- host: hello-world.cluster.fun
@@ -30,33 +23,3 @@ spec:
name: tailscale-proxy
port:
name: non-auth
- host: ombi.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: non-auth
- host: bsky-feeds.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: non-auth
- host: ai.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: non-auth

View File

@@ -67,7 +67,7 @@ spec:
mountPath: /config/
- name: oauth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
args:
- --cookie-secure=false
- --provider=oidc

View File

@@ -1,70 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: bsky-screenshot
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
spec:
replicas: 1
selector:
matchLabels:
app: bsky-screenshot
template:
metadata:
labels:
app: bsky-screenshot
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/bsky-screenshot:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- bsky-screenshot.cluster.fun
secretName: bsky-screenshot-ingress
rules:
- host: bsky-screenshot.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: bsky-screenshot
port:
number: 80

View File

@@ -1,76 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: cors-proxy
namespace: cors-proxy
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8000
name: web
selector:
app: cors-proxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cors-proxy
namespace: cors-proxy
spec:
replicas: 2
selector:
matchLabels:
app: cors-proxy
template:
metadata:
labels:
app: cors-proxy
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/cors-proxy:latest
imagePullPolicy: Always
ports:
- containerPort: 8000
name: web
env:
- name: ALLOWLIST
value: cdn.bsky.app
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cors-proxy
namespace: cors-proxy
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- cors-proxy.cluster.fun
- cors-proxy.marcusnoble.co.uk
secretName: cors-proxy-ingress
rules:
- host: cors-proxy.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cors-proxy
port:
number: 80
- host: cors-proxy.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cors-proxy
port:
number: 80

View File

@@ -81,7 +81,7 @@ spec:
secretKeyRef:
key: password
name: dashboard-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
name: oauth-proxy
ports:
- containerPort: 8000

View File

@@ -42,7 +42,7 @@ spec:
spec:
containers:
- name: git
image: gitea/gitea:1.24.5
image: gitea/gitea:1.22.5
env:
- name: APP_NAME
value: "Git"

View File

@@ -29,7 +29,7 @@ spec:
spec:
containers:
- name: web
image: x1unix/go-playground:2.5.7
image: x1unix/go-playground:2.3.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000

View File

@@ -72,7 +72,7 @@ spec:
serviceAccountName: grist
containers:
- name: grist
image: gristlabs/grist-oss:1.7.3
image: gristlabs/grist-oss:1.3.0
imagePullPolicy: IfNotPresent
ports:
- name: http

View File

@@ -27,14 +27,6 @@ data:
kcduk24: https://speaking.marcusnoble.co.uk/0qcuN9/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
rejektsna24: https://speaking.marcusnoble.co.uk/dALiFY/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
kcddk24: https://speaking.marcusnoble.co.uk/FU4W7x/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
cndoslo: https://speaking.marcusnoble.co.uk/j5M53P/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
rejekts25: https://speaking.marcusnoble.co.uk/AXARFf/pod-deep-dive-everything-you-didnt-know-you-needed-to-know
kcdbudapest: https://speaking.marcusnoble.co.uk/43QLpx/the-future-of-kubernetes-admission-logic
kcdczechslovak: https://speaking.marcusnoble.co.uk/Np2xUv/pod-deep-dive-the-interesting-bits
cnsmunich: https://speaking.marcusnoble.co.uk/HqYcp2/pod-deep-dive-the-interesting-bits
cnsmunich-feedback: https://yay-or-nay.cluster.fun/feedback/20UETBI0
containerdays25: https://speaking.marcusnoble.co.uk/HARSlE/the-future-of-kubernetes-admission-logic
containerdays25-feedback: https://yay-or-nay.cluster.fun/feedback/F8P351QK
---
apiVersion: v1
kind: Service

View File

@@ -152,7 +152,7 @@ spec:
secretKeyRef:
key: password
name: mastodon-digest-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
name: oauth-proxy
ports:
- containerPort: 8000

View File

@@ -348,7 +348,7 @@ metadata:
app.kubernetes.io/name: "matrix"
component: element
spec:
replicas: 1
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: matrix-riot
@@ -363,7 +363,7 @@ spec:
fsGroup: 1000
containers:
- name: "riot"
image: "vectorim/element-web:v1.11.110"
image: "vectorim/element-web:v1.11.87"
imagePullPolicy: IfNotPresent
ports:
- name: http
@@ -388,8 +388,6 @@ spec:
- mountPath: /var/run/pid
name: ephemeral
subPath: pid
- mountPath: /tmp
name: tmp
readinessProbe:
httpGet:
path: /
@@ -414,8 +412,6 @@ spec:
name: matrix-riot-config
- name: ephemeral
emptyDir: {}
- name: tmp
emptyDir: {}
---
# Source: matrix/templates/synapse/deployment.yaml
apiVersion: apps/v1
@@ -444,7 +440,7 @@ spec:
fsGroup: 1000
initContainers:
- name: generate-signing-key
image: "ghcr.io/element-hq/synapse:v1.137.0"
image: "ghcr.io/element-hq/synapse:v1.121.1"
imagePullPolicy: IfNotPresent
env:
- name: SYNAPSE_SERVER_NAME
@@ -471,7 +467,7 @@ spec:
mountPath: /data/keys
containers:
- name: "synapse"
image: "ghcr.io/element-hq/synapse:v1.137.0"
image: "ghcr.io/element-hq/synapse:v1.121.1"
imagePullPolicy: IfNotPresent
ports:
- name: http
@@ -484,6 +480,15 @@ spec:
- name: synapse-config-homeserver
mountPath: /data/homeserver.yaml
subPath: homeserver.yaml
- name: mautrix-whatsapp-registration
mountPath: /data/mautrix-whatsapp-registration.yaml
subPath: registration.yaml
# - name: mautrix-signal-registration
# mountPath: /data/mautrix-signal-registration.yaml
# subPath: registration.yaml
# - name: mautrix-telegram-registration
# mountPath: /data/mautrix-telegram-registration.yaml
# subPath: registration.yaml
- name: synapse-config-logging
mountPath: /data/matrix.cluster.fun.log.config
subPath: matrix.cluster.fun.log.config
@@ -527,6 +532,15 @@ spec:
- name: synapse-config-homeserver
secret:
secretName: matrix-synapse-config
- name: mautrix-whatsapp-registration
secret:
secretName: mautrix-whatsapp-registration
# - name: mautrix-signal-registration
# secret:
# secretName: mautrix-signal-registration
# - name: mautrix-telegram-registration
# secret:
# secretName: mautrix-telegram-registration
- name: signing-key
persistentVolumeClaim:
claimName: chat-matrix-signing-key

View File

@@ -0,0 +1,153 @@
# apiVersion: v1
# kind: Secret
# metadata:
# name: mautrix-signal-registration
# namespace: chat
# annotations:
# kube-1password: z6tylu2br724gttcpfyi5egaui
# kube-1password/vault: Kubernetes
# kube-1password/secret-text-key: registration.yaml
# labels:
# app.kubernetes.io/name: "mautrix-signal"
# component: registration
# type: Opaque
# ---
# apiVersion: v1
# kind: Secret
# metadata:
# name: mautrix-signal-config
# namespace: chat
# annotations:
# kube-1password: 5vfaorcudozlq4clkzgmzzszqe
# kube-1password/vault: Kubernetes
# kube-1password/secret-text-key: config.yaml
# labels:
# app.kubernetes.io/name: "mautrix-signal"
# component: config
# type: Opaque
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: mautrix-signal
# namespace: chat
# labels:
# app.kubernetes.io/name: mautrix-signal
# annotations:
# prometheus.io/scrape: "true"
# prometheus.io/path: "/metrics"
# prometheus.io/port: "9000"
# spec:
# type: ClusterIP
# ports:
# - port: 29328
# targetPort: http
# protocol: TCP
# name: http
# selector:
# app.kubernetes.io/name: mautrix-signal
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: mautrix-signal
# labels:
# app.kubernetes.io/name: mautrix-signal
# spec:
# revisionHistoryLimit: 3
# replicas: 1
# strategy:
# type: Recreate
# selector:
# matchLabels:
# app.kubernetes.io/name: mautrix-signal
# template:
# metadata:
# labels:
# app.kubernetes.io/name: mautrix-signal
# spec:
# serviceAccountName: default
# automountServiceAccountToken: true
# dnsPolicy: ClusterFirst
# enableServiceLinks: true
# initContainers:
# - name: config-copy
# image: bash:latest
# imagePullPolicy: IfNotPresent
# args:
# - -c
# - |
# cp /secrets/* /data/
# volumeMounts:
# - name: mautrix-signal-config
# mountPath: /secrets/config.yaml
# subPath: config.yaml
# - name: mautrix-signal-registration
# mountPath: /secrets/registration.yaml
# subPath: registration.yaml
# - name: data
# mountPath: /data
# containers:
# - name: signald
# image: docker.io/signald/signald:stable
# imagePullPolicy: Always
# volumeMounts:
# - name: signald
# mountPath: /signald
# - name: mautrix-signal
# image: "dock.mau.dev/mautrix/signal:v0.4.3"
# imagePullPolicy: IfNotPresent
# env:
# - name: "TZ"
# value: "UTC"
# ports:
# - name: http
# containerPort: 29328
# protocol: TCP
# - name: metrics
# containerPort: 9000
# protocol: TCP
# volumeMounts:
# - name: signald
# mountPath: /signald
# - name: data
# mountPath: /data
# livenessProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 3
# timeoutSeconds: 1
# periodSeconds: 10
# readinessProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 3
# timeoutSeconds: 1
# periodSeconds: 10
# startupProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 30
# timeoutSeconds: 1
# periodSeconds: 5
# volumes:
# - name: data
# emptyDir: {}
# - name: signald
# emptyDir: {}
# - name: mautrix-signal-config
# secret:
# secretName: mautrix-signal-config
# - name: mautrix-signal-registration
# secret:
# secretName: mautrix-signal-registration
# ---

View File

@@ -0,0 +1,143 @@
# apiVersion: v1
# kind: Secret
# metadata:
# name: mautrix-telegram-registration
# namespace: chat
# annotations:
# kube-1password: dancy7ogc4gjlxhfntqejgudwi
# kube-1password/vault: Kubernetes
# kube-1password/secret-text-key: registration.yaml
# labels:
# app.kubernetes.io/name: "mautrix-telegram"
# component: registration
# type: Opaque
# ---
# apiVersion: v1
# kind: Secret
# metadata:
# name: mautrix-telegram-config
# namespace: chat
# annotations:
# kube-1password: nilzdpfum35hhwijnwvasbzmcq
# kube-1password/vault: Kubernetes
# kube-1password/secret-text-key: config.yaml
# labels:
# app.kubernetes.io/name: "mautrix-telegram"
# component: config
# type: Opaque
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: mautrix-telegram
# namespace: chat
# labels:
# app.kubernetes.io/name: mautrix-telegram
# annotations:
# prometheus.io/scrape: "true"
# prometheus.io/path: "/metrics"
# prometheus.io/port: "9000"
# spec:
# type: ClusterIP
# ports:
# - port: 29318
# targetPort: http
# protocol: TCP
# name: http
# selector:
# app.kubernetes.io/name: mautrix-telegram
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: mautrix-telegram
# labels:
# app.kubernetes.io/name: mautrix-telegram
# spec:
# revisionHistoryLimit: 3
# replicas: 1
# strategy:
# type: Recreate
# selector:
# matchLabels:
# app.kubernetes.io/name: mautrix-telegram
# template:
# metadata:
# labels:
# app.kubernetes.io/name: mautrix-telegram
# spec:
# serviceAccountName: default
# automountServiceAccountToken: true
# dnsPolicy: ClusterFirst
# enableServiceLinks: true
# initContainers:
# - name: config-copy
# image: bash:latest
# imagePullPolicy: IfNotPresent
# args:
# - -c
# - |
# cp /secrets/* /data/
# volumeMounts:
# - name: mautrix-telegram-config
# mountPath: /secrets/config.yaml
# subPath: config.yaml
# - name: mautrix-telegram-registration
# mountPath: /secrets/registration.yaml
# subPath: registration.yaml
# - name: data
# mountPath: /data
# containers:
# - name: mautrix-telegram
# image: "dock.mau.dev/mautrix/telegram:v0.12.1"
# imagePullPolicy: IfNotPresent
# env:
# - name: "TZ"
# value: "UTC"
# ports:
# - name: http
# containerPort: 29318
# protocol: TCP
# - name: metrics
# containerPort: 9000
# protocol: TCP
# volumeMounts:
# - name: data
# mountPath: /data
# livenessProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 3
# timeoutSeconds: 1
# periodSeconds: 10
# readinessProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 3
# timeoutSeconds: 1
# periodSeconds: 10
# startupProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 30
# timeoutSeconds: 1
# periodSeconds: 5
# volumes:
# - name: data
# emptyDir: {}
# - name: mautrix-telegram-config
# secret:
# secretName: mautrix-telegram-config
# - name: mautrix-telegram-registration
# secret:
# secretName: mautrix-telegram-registration
# ---

View File

@@ -0,0 +1,143 @@
apiVersion: v1
kind: Secret
metadata:
name: mautrix-whatsapp-registration
namespace: chat
annotations:
kube-1password: x6lzkpyov4dem5jtk2kimyrnvy
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: registration.yaml
labels:
app.kubernetes.io/name: "mautrix-whatsapp"
component: registration
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: mautrix-whatsapp-config
namespace: chat
annotations:
kube-1password: ji3e2el66bu56bml3kq3ghyojq
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: config.yaml
labels:
app.kubernetes.io/name: "mautrix-whatsapp"
component: config
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: mautrix-whatsapp
namespace: chat
labels:
app.kubernetes.io/name: mautrix-whatsapp
# annotations:
# prometheus.io/scrape: "true"
# prometheus.io/path: "/metrics"
# prometheus.io/port: "9000"
spec:
type: ClusterIP
ports:
- port: 29318
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: mautrix-whatsapp
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mautrix-whatsapp
labels:
app.kubernetes.io/name: mautrix-whatsapp
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: mautrix-whatsapp
template:
metadata:
labels:
app.kubernetes.io/name: mautrix-whatsapp
spec:
serviceAccountName: default
automountServiceAccountToken: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- name: config-copy
image: bash:latest
imagePullPolicy: IfNotPresent
args:
- -c
- |
cp /secrets/* /data/
volumeMounts:
- name: mautrix-whatsapp-config
mountPath: /secrets/config.yaml
subPath: config.yaml
- name: mautrix-whatsapp-registration
mountPath: /secrets/registration.yaml
subPath: registration.yaml
- name: data
mountPath: /data
containers:
- name: mautrix-whatsapp
image: "dock.mau.dev/mautrix/whatsapp:v0.11.0"
imagePullPolicy: IfNotPresent
env:
- name: "TZ"
value: "UTC"
ports:
- name: http
containerPort: 29318
protocol: TCP
# - name: metrics
# containerPort: 9000
# protocol: TCP
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
tcpSocket:
port: 29318
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 29318
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
startupProbe:
tcpSocket:
port: 29318
initialDelaySeconds: 0
failureThreshold: 30
timeoutSeconds: 1
periodSeconds: 5
volumes:
- name: data
emptyDir: {}
- name: mautrix-whatsapp-config
secret:
secretName: mautrix-whatsapp-config
- name: mautrix-whatsapp-registration
secret:
secretName: mautrix-whatsapp-registration
---

View File

@@ -30,7 +30,7 @@ spec:
spec:
containers:
- name: frontend
image: ghcr.io/mealie-recipes/mealie:v3.1.2
image: ghcr.io/mealie-recipes/mealie:v2.3.0
imagePullPolicy: Always
envFrom:
- secretRef:

View File

@@ -237,7 +237,7 @@ spec:
- --resources=validatingwebhookconfigurations
#- --resources=volumeattachments
imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0"
ports:
- containerPort: 8080
livenessProbe:

View File

@@ -236,7 +236,7 @@ spec:
serviceAccountName: promtail
containers:
- name: promtail
image: "grafana/promtail:2.9.15"
image: "grafana/promtail:3.3.1"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"

View File

@@ -147,7 +147,7 @@ spec:
serviceAccountName: prometheus-server
containers:
- name: vmagent
image: "victoriametrics/vmagent:v1.125.1"
image: "victoriametrics/vmagent:v1.107.0"
imagePullPolicy: "IfNotPresent"
args:
- -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/

View File

@@ -237,7 +237,7 @@ spec:
- --resources=validatingwebhookconfigurations
#- --resources=volumeattachments
imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0"
ports:
- containerPort: 8080
livenessProbe:

View File

@@ -54,7 +54,7 @@ spec:
serviceAccountName: prometheus-node-exporter
containers:
- name: prometheus-node-exporter
image: "prom/node-exporter:v1.9.1"
image: "prom/node-exporter:v1.8.2"
imagePullPolicy: "IfNotPresent"
args:
- --path.procfs=/host/proc

View File

@@ -215,7 +215,7 @@ spec:
serviceAccountName: promtail
containers:
- name: promtail
image: "grafana/promtail:2.9.15"
image: "grafana/promtail:3.3.1"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"

View File

@@ -153,7 +153,7 @@ spec:
serviceAccountName: prometheus-server
containers:
- name: vmagent
image: "victoriametrics/vmagent:v1.125.1"
image: "victoriametrics/vmagent:v1.107.0"
imagePullPolicy: "IfNotPresent"
args:
- -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/

View File

@@ -203,7 +203,7 @@ spec:
spec:
containers:
- name: nextcloud
image: "nextcloud:31.0.8-apache"
image: "nextcloud:30.0.4-apache"
imagePullPolicy: IfNotPresent
env:
- name: SQLITE_DATABASE
@@ -374,7 +374,7 @@ spec:
restartPolicy: Never
containers:
- name: nextcloud
image: "nextcloud:31.0.8-apache"
image: "nextcloud:30.0.4-apache"
imagePullPolicy: IfNotPresent
command: [ "curl" ]
args:

View File

@@ -15,6 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
---
@@ -26,6 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
---
@@ -37,6 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
rules:
@@ -141,6 +144,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
@@ -159,6 +163,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
rules:
- apiGroups:
@@ -240,6 +245,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
rules:
- apiGroups:
@@ -258,6 +264,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
roleRef:
@@ -277,6 +284,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
@@ -295,6 +303,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -313,6 +322,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -359,6 +369,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
---
@@ -394,6 +405,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
@@ -426,6 +438,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
@@ -448,6 +461,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
@@ -491,7 +505,7 @@ spec:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.13.2@sha256:1f7eaeb01933e719c8a9f4acd8181e555e582330c7d50f24484fb64d2ba9b2ef
image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -701,20 +715,3 @@ webhooks:
resources:
- ingresses
sideEffects: None
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
minAvailable: 1

View File

@@ -57,7 +57,7 @@ spec:
- name: data
mountPath: /data
- name: update-native-modules
image: nodered/node-red:4.1.0-18
image: nodered/node-red:4.0.5-18
imagePullPolicy: IfNotPresent
command:
- bash
@@ -66,14 +66,12 @@ spec:
cd /data
npm rebuild
npm install tldts
npm install @atproto/api
npm install node-fetch
volumeMounts:
- name: data
mountPath: /data
containers:
- name: web
image: nodered/node-red:4.1.0-18
image: nodered/node-red:4.0.5-18
imagePullPolicy: Always
ports:
- containerPort: 1880

View File

@@ -45,7 +45,7 @@ spec:
spec:
containers:
- name: outline
image: outlinewiki/outline:0.87.3
image: outlinewiki/outline:0.81.1
imagePullPolicy: IfNotPresent
env:
- name: ALLOWED_DOMAINS

View File

@@ -329,7 +329,7 @@ spec:
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
image: docker.io/bitnami/redis:7.2.4-debian-11-r11
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001
@@ -471,7 +471,7 @@ spec:
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
image: docker.io/bitnami/redis:7.2.4-debian-11-r11
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001

View File

@@ -66,7 +66,7 @@ spec:
spec:
containers:
- name: web
image: ghcr.io/miniflux/miniflux:2.2.12
image: ghcr.io/miniflux/miniflux:2.2.3
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:

View File

@@ -92,7 +92,7 @@ spec:
secretKeyRef:
key: password
name: social-to-grist-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
name: oauth-proxy
ports:
- containerPort: 8000

View File

@@ -1,151 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: social-to-rolodex
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: social-to-rolodex-auth
namespace: social-to-rolodex
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
annotations:
kube-1password: oa3ycnui3ji4lc665bifaao63q
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
spec:
type: ClusterIP
ports:
- port: 80
targetPort: auth
name: web
selector:
app: social-to-rolodex
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
spec:
replicas: 1
selector:
matchLabels:
app: social-to-rolodex
template:
metadata:
labels:
app: social-to-rolodex
spec:
imagePullSecrets:
- name: docker-config
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://localhost:8080
- --http-address=$(HOST_IP):8000
- --redirect-url=https://social-to-rolodex.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: social-to-rolodex-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: social-to-rolodex-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
name: oauth-proxy
ports:
- containerPort: 8000
protocol: TCP
name: auth
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-rolodex:latest
imagePullPolicy: Always
env:
- name: PORT
value: "8080"
envFrom:
- secretRef:
name: "social-to-rolodex"
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- social-to-rolodex.cluster.fun
secretName: social-to-rolodex-ingress
rules:
- host: social-to-rolodex.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: social-to-rolodex
port:
number: 80

View File

@@ -0,0 +1,106 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: starling
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: starling
namespace: starling
annotations:
kube-1password: ufxpki65ffgprn2upksirweeie
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: starling
namespace: starling
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: starling
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: starling
namespace: starling
spec:
replicas: 1
selector:
matchLabels:
app: starling
template:
metadata:
labels:
app: starling
spec:
imagePullSecrets:
- name: docker-config
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/starling:latest
imagePullPolicy: Always
env:
- name: PORT
value: "3000"
- name: SHARED_SECRET
valueFrom:
secretKeyRef:
name: starling
key: SHARED_SECRET
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: starling
key: ACCESS_TOKEN
ports:
- containerPort: 3000
name: web
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: starling
namespace: starling
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- starling.marcusnoble.co.uk
secretName: starling-ingress
rules:
- host: starling.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: starling
port:
number: 80

View File

@@ -45,7 +45,7 @@ spec:
- --entrypoints.websecure.http.tls=true
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
image: rancher/mirrored-library-traefik:2.11.29
image: rancher/mirrored-library-traefik:2.11.11
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3

View File

@@ -95,7 +95,7 @@ spec:
spec:
initContainers:
- name: db-migrate
image: "wallabag/wallabag:2.6.13"
image: "wallabag/wallabag:2.6.10"
imagePullPolicy: IfNotPresent
command:
- /var/www/wallabag/bin/console
@@ -126,7 +126,7 @@ spec:
value: "false"
containers:
- name: wallabag
image: "wallabag/wallabag:2.6.13"
image: "wallabag/wallabag:2.6.10"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:

View File

@@ -1,94 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: yay-or-nay
namespace: yay-or-nay
annotations:
kube-1password: vtnx2swze7r6qepxnlepufvcbi
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: yay-or-nay
labels:
app: yay-or-nay
app.kubernetes.io/name: yay-or-nay
annotations:
reloader.stakater.com/search: "true"
spec:
replicas: 1
selector:
matchLabels:
app: yay-or-nay
template:
metadata:
labels:
app: yay-or-nay
app.kubernetes.io/name: yay-or-nay
spec:
containers:
- name: yay-or-nay
image: ghcr.io/mocdaniel/yay-or-nay:1.1.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: web
envFrom:
- secretRef:
name: yay-or-nay
livenessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 10
readinessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: yay-or-nay
labels:
app.kubernetes.io/name: yay-or-nay
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: yay-or-nay
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: yay-or-nay
namespace: yay-or-nay
labels:
app.kubernetes.io/name: yay-or-nay
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- "yay-or-nay.cluster.fun"
secretName: "yay-or-nay-ingress"
rules:
- host: "yay-or-nay.cluster.fun"
http:
paths:
- path: "/"
pathType: ImplementationSpecific
backend:
service:
name: yay-or-nay
port:
name: web