chore(deps): update helm release csi-s3 to v0.41.1

blog/.gitattributes

@@ -0,0 +1 @@
+config/* filter=age diff=age merge=age -text

blog/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: blog
+
+images:
+  - name: caddy
+    newName: code.icb4dc0.de/infrastructure/images/caddy
+    newTag: latest
+    digest: sha256:6942ec75b708e2b37d6903346ace5511ef6c6df043d1c670ee3515698adcd116
+
+resources:
+  - resources/namespace.yaml
+  - https://github.com/spinkube/spin-operator/releases/download/v0.3.0/spin-operator.shim-executor.yaml
+  - resources/spinapp.yaml
+  - resources/routes.yaml

blog/resources/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: blog

blog/resources/routes.yaml

@@ -0,0 +1,31 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: blog-https
+spec:
+  parentRefs:
+    - name: contour
+      sectionName: https
+      namespace: projectcontour
+  hostnames:
+    - "www.icb4dc0.de"
+  rules:
+    - backendRefs:
+        - name: spin-proxy
+          port: 80
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: git-age-docs-https
+spec:
+  parentRefs:
+    - name: contour
+      sectionName: git-age-docs
+      namespace: projectcontour
+  hostnames:
+    - "docs.git-age.icb4dc0.de"
+  rules:
+    - backendRefs:
+        - name: spin-proxy
+          port: 80

blog/resources/spinapp.yaml

@@ -0,0 +1,11 @@
+apiVersion: core.spinoperator.dev/v1alpha1
+kind: SpinApp
+metadata:
+  name: spin-proxy
+spec:
+  image: "code.icb4dc0.de/prskr/spin-proxy:latest"
+  executor: containerd-shim-spin
+  replicas: 2
+  variables:
+    - name: domain_mapping
+      value: '{"docs.git-age.icb4dc0.de":"1661580-git-age.fsn1.your-objectstorage.com","www.icb4dc0.de":"1661580-blog.fsn1.your-objectstorage.com"}'

coder/kustomization.yaml

@@ -15,6 +15,6 @@ helmCharts:
     repo: https://helm.coder.com/v2
     releaseName: coder
     namespace: coder
-    version: "2.16.0"
+    version: "2.17.0"
     valuesFile: config/values.coder.yml
     skipTests: true

contour/resources/default_gateway.yaml

@@ -9,13 +9,12 @@ metadata:
 spec:
   gatewayClassName: contour
   listeners:
-
     - name: snips-ssh
       protocol: TCP
       port: 2222
       allowedRoutes:
         kinds:
-        - kind: TCPRoute
+          - kind: TCPRoute
         namespaces:
           from: All
 
@@ -57,7 +56,7 @@ spec:
       port: 22
       allowedRoutes:
         kinds:
-        - kind: TCPRoute
+          - kind: TCPRoute
         namespaces:
           from: Selector
           selector:
@@ -178,8 +177,8 @@ spec:
           from: Selector
           selector:
             matchLabels:
-              kubernetes.io/metadata.name: garage
+              kubernetes.io/metadata.name: blog
       tls:
         mode: Terminate
         certificateRefs:
-          - name: git-age-docs-tls
+          - name: git-age-docs-tls

forgejo/config/values.forgejo.yaml

@@ -67,7 +67,7 @@ gitea:
       STORAGE_TYPE: minio
       MINIO_ENDPOINT: fsn1.your-objectstorage.com:443
       MINIO_BUCKET: 1661580-forgejo
-      MINIO_LOCATION: auto
+      MINIO_LOCATION: fsn1
       MINIO_USE_SSL: "true"
     indexer:
       ISSUE_INDEXER_TYPE: meilisearch
@@ -81,10 +81,10 @@ gitea:
       MAX_SIZE: 30
       MAX_FILES: 15
       STORAGE_TYPE: minio
-      MINIO_ENDPOINT: garage.garage.svc:3900
-      MINIO_BUCKET: forgejo
-      MINIO_LOCATION: hel1
-      MINIO_USE_SSL: "false"
+      MINIO_ENDPOINT: fsn1.your-objectstorage.com:443
+      MINIO_BUCKET: 1661580-forgejo
+      MINIO_LOCATION: fsn1
+      MINIO_USE_SSL: "true"
     actions:
       ENABLED: "true"
       DEFAULT_ACTIONS_URL: github

forgejo/kustomization.yaml

@@ -4,15 +4,15 @@ kind: Kustomization
 namespace: forgejo
 
 labels:
-- includeSelectors: true
-  pairs:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/part-of: forgejo
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/managed-by: kustomize
+      app.kubernetes.io/part-of: forgejo
 
 images:
   - name: act_runner
     newName: code.forgejo.org/forgejo/runner
-    newTag: "3.5.1"
+    newTag: "4.0.0"
   - name: dind
     newName: docker
     newTag: 27.3.1-dind
@@ -33,22 +33,22 @@ resources:
   - resources/runners/act-cache-svc.yaml
 
 configMapGenerator:
-- name: act-runner-config-arm64
-  files:
-  - config.yaml=config/runners/config-arm64.yaml
-  - daemon.json=config/runners/daemon.arm64.json
+  - name: act-runner-config-arm64
+    files:
+      - config.yaml=config/runners/config-arm64.yaml
+      - daemon.json=config/runners/daemon.arm64.json
 
-- name: act-runner-config-amd64
-  files:
-  - config.yaml=config/runners/config-amd64.yaml
-  - daemon.json=config/runners/daemon.amd64.json
+  - name: act-runner-config-amd64
+    files:
+      - config.yaml=config/runners/config-amd64.yaml
+      - daemon.json=config/runners/daemon.amd64.json
 
 helmCharts:
   - name: forgejo
     repo: oci://codeberg.org/forgejo-contrib
     releaseName: forgejo
     namespace: forgejo
-    version: "10.0.0"
+    version: "10.0.1"
     valuesFile: config/values.forgejo.yaml
     skipTests: true
     apiVersions:
@@ -59,4 +59,4 @@ helmCharts:
     namespace: forgejo
     version: "0.10.1"
     valuesFile: config/values.meilisearch.yaml
-    skipTests: true
+    skipTests: true

garage/migrate/resources/job.migrate.yaml

@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: sync-garage-forgejo
+  name: sync-garage-csi
   namespace: garage
 spec:
   ttlSecondsAfterFinished: 100
@@ -20,8 +20,8 @@ spec:
             - --ignore-errors
             - -s3-upload-concurrency 64
             - -v
-            - garage:forgejo
-            - hcloud:1661580-forgejo
+            - garage:csi
+            - hcloud:1661580-csi
           volumeMounts:
             - name: rclone-config
               mountPath: /config/rclone

hcloud/kustomization.yaml

@@ -19,5 +19,5 @@ helmCharts:
     repo: https://charts.hetzner.cloud
     releaseName: hcloud-csi-driver
     namespace: kube-system
-    version: "2.9.0"
+    version: "2.10.0"
     valuesFile: config/values.csi.yaml

kube-prometheus/kustomization.yaml

@@ -17,5 +17,5 @@ helmCharts:
     includeCRDs: true
     namespace: observability-system
     releaseName: prometheus
-    version: "65.5.0"
+    version: "65.8.1"
     valuesFile: config/values.prometheus.yaml

s3-csi/kustomization.yaml

@@ -5,7 +5,9 @@ namespace: kube-system
 
 resources:
   - resources/secret.garage.yaml
+  - resources/secret.hcloud.yaml
   - resources/storageClass.garage.yaml
+  - resources/storageClass.hcloud.yaml
 
 images:
   - name: registrar
@@ -17,6 +19,7 @@ images:
   - name: csi
     newName: code.icb4dc0.de/infrastructure/csi-s3
     newTag: 0.38.3
+    digest: sha256:afda8c9cb694023dcaca7c644114372927ddf2c2de77ee4f19caf5c7695dcb04
 
 patches:
   - target:
@@ -26,11 +29,10 @@ patches:
       name: csi-s3
     path: patches/daemonset.yaml
 
-
 helmCharts:
   - name: csi-s3
     repo: https://yandex-cloud.github.io/k8s-csi-s3/charts/
     releaseName: csi-s3
     namespace: kube-system
     version: "0.41.1"
-    valuesFile: config/values.csi-s3.yaml
+    valuesFile: config/values.csi-s3.yaml

s3-csi/resources/storageClass.garage.yaml

@@ -14,6 +14,6 @@ parameters:
   csi.storage.k8s.io/provisioner-secret-name: csi-s3-garage-secret
   csi.storage.k8s.io/provisioner-secret-namespace: kube-system
   mounter: geesefs
-  options: '--memory-limit 1000 --dir-mode 0777 --file-mode 0666'
+  options: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
 reclaimPolicy: Delete
 volumeBindingMode: Immediate

s3-csi/resources/storageClass.hcloud.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: hcloud-blob
+provisioner: ru.yandex.s3.csi
+parameters:
+  bucket: 1661580-csi
+  csi.storage.k8s.io/controller-publish-secret-name: csi-s3-hcloud-secret
+  csi.storage.k8s.io/controller-publish-secret-namespace: kube-system
+  csi.storage.k8s.io/node-publish-secret-name: csi-s3-hcloud-secret
+  csi.storage.k8s.io/node-publish-secret-namespace: kube-system
+  csi.storage.k8s.io/node-stage-secret-name: csi-s3-hcloud-secret
+  csi.storage.k8s.io/node-stage-secret-namespace: kube-system
+  csi.storage.k8s.io/provisioner-secret-name: csi-s3-hcloud-secret
+  csi.storage.k8s.io/provisioner-secret-namespace: kube-system
+  mounter: geesefs
+  options: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
+reclaimPolicy: Delete
+volumeBindingMode: Immediate

spinkube/kustomization.yaml

@@ -0,0 +1,23 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: spin-system
+
+resources:
+  - resources/namespace.yaml
+  - https://github.com/spinkube/spin-operator/releases/download/v0.3.0/spin-operator.crds.yaml
+  - https://github.com/spinkube/spin-operator/releases/download/v0.3.0/spin-operator.runtime-class.yaml
+  - https://github.com/spinkube/spin-operator/releases/download/v0.3.0/spin-operator.shim-executor.yaml
+
+helmCharts:
+  - name: kwasm-operator
+    repo: https://kwasm.sh/kwasm-operator/
+    namespace: spin-system
+    version: "0.2.3"
+    includeCRDs: true
+
+  - name: spin-operator
+    repo: oci://ghcr.io/spinkube/charts
+    namespace: spin-system
+    version: "0.3.0"
+    includeCRDs: true

spinkube/resources/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: spin-system
+  labels:
+    prometheus: default

vaultwarden/kustomization.yaml

@@ -12,7 +12,7 @@ labels:
 images:
   - name: vaultwarden
     newName: ghcr.io/dani-garcia/vaultwarden
-    newTag: "1.32.2-alpine"
+    newTag: "1.32.3-alpine"
 
 resources:
   - "resources/namespace.yaml"