chore(deps): update docker.io/library/busybox docker tag to v1.37.0

grafana: change deploymentstrategy to recreate
grafana: cleanup values file
2025-05-27 15:00:21 +00:00 · 2025-05-27 10:13:51 -04:00 · 2025-05-27 10:12:17 -04:00 · 2025-05-27 10:02:36 -04:00 · 2025-05-27 13:47:22 +00:00 · 2025-05-27 13:44:37 +00:00
12 changed files with 103 additions and 326 deletions
--- a/attic/secret.yaml
+++ b/attic/secret.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: attic-secret
--- a/authentik/values.yaml
+++ b/authentik/values.yaml
@@ -124,7 +124,7 @@ authentik:
      data:
        tls.crt: ""
        tls.key: ""
-    - apiVersion: external-secrets.io/v1beta1
+    - apiVersion: external-secrets.io/v1
      kind: ExternalSecret
      metadata:
        name: authentik-credentials
--- a/gitea-runner/secret.yaml
+++ b/gitea-runner/secret.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: gitea-runner-token
--- a/grafana/Chart.yaml
+++ b/grafana/Chart.yaml
@@ -24,5 +24,5 @@ appVersion: "1.0"

 dependencies:
 - name: grafana
-  version: 9.0.0
+  version: 9.2.1
  repository: https://grafana.github.io/helm-charts
--- a/grafana/values.yaml
+++ b/grafana/values.yaml
@@ -3,17 +3,8 @@ grafana:
    existingSecret: grafana-admin
    passwordKey: passwordKey
    userKey: userKey
-  affinity: {}
-  alerting: {}
  assertNoLeakedSecrets: true
  automountServiceAccountToken: true
-  autoscaling:
-    behavior: {}
-    enabled: false
-    maxReplicas: 5
-    minReplicas: 1
-    targetCPU: "60"
-    targetMemory: ""
  containerSecurityContext:
    allowPrivilegeEscalation: false
    capabilities:
@@ -22,52 +13,21 @@ grafana:
    seccompProfile:
      type: RuntimeDefault
  createConfigmap: true
-  dashboardProviders: {}
-  dashboards: {}
-  dashboardsConfigMaps: {}
-  datasources: {}
  defaultCurlOptions: -skf
  deploymentStrategy:
-    type: RollingUpdate
-  dnsConfig: {}
-  dnsPolicy: null
-  downloadDashboards:
-    env: {}
-    envFromSecret: ""
-    envValueFrom: {}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      seccompProfile:
-        type: RuntimeDefault
+    type: Recreate
  downloadDashboardsImage:
    pullPolicy: IfNotPresent
    registry: docker.io
    repository: curlimages/curl
-    sha: ""
    tag: 8.9.1
-  enableKubeBackwardCompatibility: false
  enableServiceLinks: true
-  env: {}
  envFromConfigMaps:
  - name: grafana-env
-  envFromSecret: ""
  envFromSecrets:
  - name: grafana-secretenv
-  envRenderSecret: {}
-  envValueFrom: {}
-  extraConfigmapMounts: []
-  extraContainerVolumes: []
-  extraContainers: ""
-  extraEmptyDirMounts: []
-  extraExposePorts: []
-  extraInitContainers: []
-  extraLabels: {}
  extraObjects:
-  - apiVersion: external-secrets.io/v1beta1
+  - apiVersion: external-secrets.io/v1
    kind: ExternalSecret
    metadata:
      name: grafana-admin
@@ -95,7 +55,7 @@ grafana:
        creationPolicy: Owner
        deletionPolicy: Retain
        name: grafana-admin
-  - apiVersion: external-secrets.io/v1beta1
+  - apiVersion: external-secrets.io/v1
    kind: ExternalSecret
    metadata:
      name: grafana-secretenv
@@ -148,13 +108,6 @@ grafana:
    data:
      tls.crt: ""
      tls.key: ""
-  extraSecretMounts: []
-  extraVolumeMounts: []
-  extraVolumes: []
-  global:
-    imagePullSecrets: []
-    imageRegistry: null
-  gossipPortName: gossip
  grafana.ini:
    analytics:
      check_for_updates: true
@@ -170,93 +123,14 @@ grafana:
    server:
      domain: '{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts
        | first) . }}{{ else }}''''{{ end }}'
-  headlessService: false
-  hostAliases: []
  image:
    pullPolicy: IfNotPresent
-    pullSecrets: []
    registry: docker.io
    repository: grafana/grafana
-    sha: ""
-    tag: ""
-  imageRenderer:
-    affinity: {}
-    automountServiceAccountToken: false
-    autoscaling:
-      behavior: {}
-      enabled: false
-      maxReplicas: 5
-      minReplicas: 1
-      targetCPU: "60"
-      targetMemory: ""
-    containerSecurityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      seccompProfile:
-        type: RuntimeDefault
-    deploymentStrategy: {}
-    enabled: false
-    env:
-      HTTP_HOST: 0.0.0.0
-      XDG_CACHE_HOME: /tmp/.chromium
-      XDG_CONFIG_HOME: /tmp/.chromium
-    envValueFrom: {}
-    extraConfigmapMounts: []
-    extraSecretMounts: []
-    extraVolumeMounts: []
-    extraVolumes: []
-    grafanaProtocol: http
-    grafanaSubPath: ""
-    hostAliases: []
-    image:
-      pullPolicy: Always
-      pullSecrets: []
-      registry: docker.io
-      repository: grafana/grafana-image-renderer
-      sha: ""
-      tag: latest
-    networkPolicy:
-      extraIngressSelectors: []
-      limitEgress: false
-      limitIngress: true
-    nodeSelector: {}
-    podAnnotations: {}
-    podPortName: http
-    priorityClassName: ""
-    renderingCallbackURL: ""
-    replicas: 1
-    resources: {}
-    revisionHistoryLimit: 10
-    securityContext: {}
-    serverURL: ""
-    service:
-      appProtocol: ""
-      enabled: true
-      port: 8081
-      portName: http
-      targetPort: 8081
-    serviceAccountName: ""
-    serviceMonitor:
-      enabled: false
-      interval: 1m
-      labels: {}
-      path: /metrics
-      relabelings: []
-      scheme: http
-      scrapeTimeout: 30s
-      targetLabels: []
-      tlsConfig: {}
-    tolerations: []
  ingress:
-    annotations: {}
    enabled: true
-    extraPaths: []
    hosts:
    - grafana.infra.dubyatp.xyz
-    labels: {}
    path: /
    pathType: Prefix
    tls:
@@ -269,9 +143,7 @@ grafana:
      pullPolicy: IfNotPresent
      registry: docker.io
      repository: library/busybox
-      sha: ""
      tag: 1.37.0
-    resources: {}
    securityContext:
      capabilities:
        add:
@@ -283,11 +155,6 @@ grafana:
      runAsUser: 0
      seccompProfile:
        type: RuntimeDefault
-  ldap:
-    config: ""
-    enabled: false
-    existingSecret: ""
-  lifecycleHooks: {}
  livenessProbe:
    failureThreshold: 10
    httpGet:
@@ -295,227 +162,45 @@ grafana:
      port: 3000
    initialDelaySeconds: 60
    timeoutSeconds: 30
-  namespaceOverride: ""
-  networkPolicy:
-    allowExternal: true
-    egress:
-      blockDNSResolution: false
-      enabled: false
-      ports: []
-      to: []
-    enabled: false
-    explicitNamespacesSelector: {}
-    ingress: true
-  nodeSelector: {}
-  notifiers: {}
  persistence:
    accessModes:
    - ReadWriteOnce
-    disableWarning: false
    enabled: true
-    extraPvcLabels: {}
    finalizers:
    - kubernetes.io/pvc-protection
-    inMemory:
-      enabled: false
-    lookupVolumeName: true
    size: 10Gi
    type: pvc
-    volumeName: ""
-  plugins: []
-  podDisruptionBudget: {}
  podPortName: grafana
  podAnnotations:
    backup.velero.io/backup-volumes: "storage"
  rbac:
    create: true
-    extraClusterRoleRules: []
-    extraRoleRules: []
    namespaced: false
-    pspEnabled: false
-    pspUseAppArmor: false
  readinessProbe:
    httpGet:
      path: /api/health
      port: 3000
  replicas: 1
-  resources: {}
  revisionHistoryLimit: 10
-  route:
-    main:
-      additionalRules: []
-      annotations: {}
-      apiVersion: gateway.networking.k8s.io/v1
-      enabled: false
-      filters: []
-      hostnames: []
-      kind: HTTPRoute
-      labels: {}
-      matches:
-      - path:
-          type: PathPrefix
-          value: /
-      parentRefs: []
  securityContext:
    fsGroup: 472
    runAsGroup: 472
    runAsNonRoot: true
    runAsUser: 472
  service:
-    annotations: {}
-    appProtocol: ""
    enabled: true
-    ipFamilies: []
-    ipFamilyPolicy: ""
-    labels: {}
-    loadBalancerClass: ""
-    loadBalancerIP: ""
-    loadBalancerSourceRanges: []
    port: 80
    portName: service
-    sessionAffinity: ""
    targetPort: 3000
    type: ClusterIP
  serviceAccount:
    automountServiceAccountToken: false
    create: true
-    labels: {}
-    name: null
-    nameTest: null
-  serviceMonitor:
-    basicAuth: {}
-    enabled: false
-    interval: 30s
-    labels: {}
-    metricRelabelings: []
-    path: /metrics
-    relabelings: []
-    scheme: http
-    scrapeTimeout: 30s
-    targetLabels: []
-    tlsConfig: {}
-  shareProcessNamespace: false
-  sidecar:
-    alerts:
-      enabled: false
-      env: {}
-      extraMounts: []
-      initAlerts: false
-      label: grafana_alert
-      labelValue: ""
-      reloadURL: http://localhost:3000/api/admin/provisioning/alerting/reload
-      resource: both
-      resourceName: ""
-      script: null
-      searchNamespace: null
-      sizeLimit: {}
-      skipReload: false
-      watchMethod: WATCH
-    dashboards:
-      SCProvider: true
-      defaultFolderName: null
-      enabled: false
-      env: {}
-      envValueFrom: {}
-      extraMounts: []
-      folder: /tmp/dashboards
-      folderAnnotation: null
-      label: grafana_dashboard
-      labelValue: ""
-      provider:
-        allowUiUpdates: false
-        disableDelete: false
-        folder: ""
-        folderUid: ""
-        foldersFromFilesStructure: false
-        name: sidecarProvider
-        orgid: 1
-        type: file
-      reloadURL: http://localhost:3000/api/admin/provisioning/dashboards/reload
-      resource: both
-      resourceName: ""
-      script: null
-      searchNamespace: null
-      sizeLimit: {}
-      skipReload: false
-      watchMethod: WATCH
-    datasources:
-      enabled: false
-      env: {}
-      envValueFrom: {}
-      extraMounts: []
-      initDatasources: false
-      label: grafana_datasource
-      labelValue: ""
-      reloadURL: http://localhost:3000/api/admin/provisioning/datasources/reload
-      resource: both
-      resourceName: ""
-      script: null
-      searchNamespace: null
-      sizeLimit: {}
-      skipReload: false
-      watchMethod: WATCH
-    enableUniqueFilenames: false
-    image:
-      registry: quay.io
-      repository: kiwigrid/k8s-sidecar
-      sha: ""
-      tag: 1.30.3
-    imagePullPolicy: IfNotPresent
-    livenessProbe: {}
-    notifiers:
-      enabled: false
-      env: {}
-      extraMounts: []
-      initNotifiers: false
-      label: grafana_notifier
-      labelValue: ""
-      reloadURL: http://localhost:3000/api/admin/provisioning/notifications/reload
-      resource: both
-      resourceName: ""
-      script: null
-      searchNamespace: null
-      sizeLimit: {}
-      skipReload: false
-      watchMethod: WATCH
-    plugins:
-      enabled: false
-      env: {}
-      extraMounts: []
-      initPlugins: false
-      label: grafana_plugin
-      labelValue: ""
-      reloadURL: http://localhost:3000/api/admin/provisioning/plugins/reload
-      resource: both
-      resourceName: ""
-      script: null
-      searchNamespace: null
-      sizeLimit: {}
-      skipReload: false
-      watchMethod: WATCH
-    readinessProbe: {}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      seccompProfile:
-        type: RuntimeDefault
-  smtp:
-    existingSecret: ""
-    passwordKey: password
-    userKey: user
  testFramework:
-    containerSecurityContext: {}
    enabled: true
    image:
      registry: docker.io
      repository: bats/bats
      tag: 1.12.0
    imagePullPolicy: IfNotPresent
-    resources: {}
-    securityContext: {}
-  tolerations: []
-  topologySpreadConstraints: []
-  useStatefulSet: false
+  useStatefulSet: false
--- a/immich/immich-postgres-credentials.yaml
+++ b/immich/immich-postgres-credentials.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: postgres-credentials
--- a/nextcloud/secret.yaml
+++ b/nextcloud/secret.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: nextcloud-secret
--- a/renovate/renovate-config.yaml
+++ b/renovate/renovate-config.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: renovate-config
+data:
+  config.json: |-
+    {
+      "repositories": ["infrastructure/core-apps","infrastructure/db-operators","infrastructure/weyma-talos"]
+    }
--- a/renovate/renovate-cronjob.yaml
+++ b/renovate/renovate-cronjob.yaml
@@ -0,0 +1,49 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: renovate-bot
+spec:
+  schedule: '@hourly'
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - image: renovate/renovate:40.14.6
+              name: renovate-bot
+              env: # For illustration purposes, please use secrets.
+                - name: RENOVATE_PLATFORM
+                  value: 'gitea'
+                - name: RENOVATE_ENDPOINT
+                  value: 'https://git.dubyatp.xyz/api/v1'
+                - name: RENOVATE_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      key: gitea-pat
+                      name: renovate-gitea-token
+                - name: RENOVATE_GITHUB_COM_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      key: github-com-pat
+                      name: renovate-github-com-token
+                - name: RENOVATE_AUTODISCOVER
+                  value: 'false'
+                - name: RENOVATE_BASE_DIR
+                  value: '/tmp/renovate/'
+                - name: RENOVATE_CONFIG_FILE
+                  value: '/opt/renovate/config.json'
+                - name: LOG_LEVEL
+                  value: debug
+              volumeMounts:
+                - name: config-volume
+                  mountPath: /opt/renovate/
+                - name: work-volume
+                  mountPath: /tmp/renovate/
+          restartPolicy: Never
+          volumes:
+            - name: config-volume
+              configMap:
+                name: renovate-config
+            - name: work-volume
+              emptyDir: {}
--- a/renovate/renovate-gitea-token.yaml
+++ b/renovate/renovate-gitea-token.yaml
@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: renovate-gitea-token
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: renovate-gitea-token
+    creationPolicy: Owner
+  data:
+    - secretKey: gitea-pat
+      remoteRef:
+        key: renovate
+        property: gitea-pat
--- a/renovate/renovate-github-token.yaml
+++ b/renovate/renovate-github-token.yaml
@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: renovate-github-com-token
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: renovate-github-com-token
+    creationPolicy: Owner
+  data:
+    - secretKey: github-com-pat
+      remoteRef:
+        key: renovate
+        property: github-com-pat
--- a/vaultwarden/secret.yaml
+++ b/vaultwarden/secret.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: vaultwarden-secrets
Author	SHA1	Message	Date
Renovate Bot	bbdfaee3bf	chore(deps): update docker.io/library/busybox docker tag to v1.37.0	2025-05-27 15:00:21 +00:00
William P	7110b1878d	grafana: change deploymentstrategy to recreate	2025-05-27 10:13:51 -04:00
William P	a23d978668	grafana: cleanup values file	2025-05-27 10:12:17 -04:00
William P	b4e3062480	add renovate	2025-05-27 10:02:36 -04:00
williamp	8be1db7ef9	Merge pull request 'chore(deps): update helm release grafana to v9.2.1' (#8 ) from renovate/grafana-9.x into main Reviewed-on: #8	2025-05-27 13:47:22 +00:00
Renovate Bot	7bf065764a	chore(deps): update helm release grafana to v9.2.1	2025-05-27 13:44:37 +00:00
William P	5a4896927f	immich: update apiVersion on external-secret from v1beta1 to v1	2025-05-26 10:15:46 -04:00
William P	3f8819d4eb	update externalsecrets to use v1 instead of v1beta1	2025-05-26 10:04:30 -04:00
williamp	31a2413834	Merge pull request 'chore(deps): update helm release grafana to v9.2.0' (#6 ) from renovate/grafana-9.x into main Reviewed-on: #6	2025-05-24 11:41:20 +00:00
Renovate Bot	4b9bbe6a9e	chore(deps): update helm release grafana to v9.2.0	2025-05-23 16:00:16 +00:00