chore(deps): update helm release csi-s3 to v0.40.1

coder/kustomization.yaml

@@ -11,7 +11,7 @@ helmCharts:
     repo: https://helm.coder.com/v2
     releaseName: coder
     namespace: coder
-    version: "2.6.0"
+    version: "2.7.1"
     valuesFile: config/values.coder.yml
     skipTests: true
 

forgejo/config/values.forgejo.yaml

@@ -1,6 +1,5 @@
 image:
   rootless: true
-  tag: "1.21.1-0"
 
 service:
   ssh:

forgejo/kustomization.yaml

@@ -35,7 +35,7 @@ helmCharts:
     repo: oci://codeberg.org/forgejo-contrib
     releaseName: forgejo
     namespace: forgejo
-    version: "1.0.1"
+    version: "1.1.1"
     valuesFile: config/values.forgejo.yaml
     skipTests: true
     apiVersions:

ghostcms/kustomization.yaml

@@ -6,7 +6,7 @@ namespace: ghostcms
 images:
   - name: ghostcms
     newName: docker.io/ghost
-    newTag: 5.75.2-alpine
+    newTag: 5.77.0-alpine
 
 commonLabels:
   app.kubernetes.io/instance: icb4dc0de

homepage/kustomization.yaml

@@ -6,7 +6,7 @@ namespace: homepage
 images:
 - name: homepage
   newName: ghcr.io/gethomepage/homepage
-  newTag: "v0.8.3"
+  newTag: "v0.8.6"
 - name: oauth2-proxy
   newName: quay.io/oauth2-proxy/oauth2-proxy
   newTag: v7.5.1

linkwarden/kustomization.yaml

@@ -11,7 +11,7 @@ labels:
 images:
   - name: linkwarden
     newName: ghcr.io/linkwarden/linkwarden
-    newTag: "v2.3.0"
+    newTag: "v2.4.9"
 
 resources:
   - "resources/namespace.yaml"

linkwarden/resources/deployment.yaml

@@ -48,7 +48,7 @@ spec:
               memory: "384Mi"
               cpu: "50m"
             limits:
-              memory: "768Mi"
+              memory: "1500Mi"
               cpu: "500m"
           securityContext:
             allowPrivilegeEscalation: false

mariadb-operator/kustomization.yaml

@@ -11,7 +11,7 @@ helmCharts:
     releaseName: mariadb-operator
     repo: https://mariadb-operator.github.io/mariadb-operator
     namespace: mariadb-system
-    version: "0.23.1"
+    version: "0.24.0"
     valuesFile: config/mariadb-operator.values.yaml
     includeCRDs: true
     skipTests: true

nextcloud/.gitignore

@@ -0,0 +1 @@
+charts/

nextcloud/config/values.keydb.yaml

@@ -0,0 +1,33 @@
+imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb
+imageTag: v6.3.3
+
+nodes: 3
+podDisruptionBudget:
+  enabled: true
+
+persistentVolume:
+  enabled: false
+
+resources:
+  requests:
+    cpu: 50m
+    memory: 100Mi
+  limits:
+    cpu: 250m
+    memory: 256Mi
+
+exporter:
+  enabled: true
+  imageTag: v1.51.0
+  resources:
+    requests:
+      cpu: 50m
+      memory: 50Mi
+    limits:
+      cpu: 150m
+      memory: 100Mi
+
+serviceMonitor:
+  enabled: true
+  labels:
+    prometheus: default

nextcloud/config/values.nextcloud.yaml

@@ -0,0 +1,105 @@
+image:
+  flavor: fpm
+
+ingress:
+  enabled: true
+
+nextcloud:
+  host: nextcloud.icb4dc0.de
+  existingSecret:
+    enabled: true
+    secretName: nextcloud-secrets
+    usernameKey: root-username
+    passwordKey: root-password
+  defaultConfigs:
+    redis.config.php: false
+  configs:
+    reverse-proxy.config.php: |-
+      <?php
+        $CONFIG = array (
+          "overwrite.cli.url" => "https://nextcloud.icb4dc0.de",
+          "overwriteprotocol" => "https",
+      );
+    logs.config.php: |-
+      <?php
+        $CONFIG = array (
+          "log_type" => "file",
+          "logfile" => "/dev/stdout",
+          "loglevel" => 1,
+      );
+    redis.config.php: |-
+      <?php
+      if (getenv('REDIS_HOST')) {
+        $CONFIG = array (
+          'memcache.distributed' => '\OC\Memcache\Redis',
+          'memcache.locking' => '\OC\Memcache\Redis',
+          'redis' => array(
+            'host' => getenv('REDIS_HOST'),
+            'port' => getenv('REDIS_HOST_PORT') ?: 6379,
+          ),
+        );
+      }
+  extraVolumes:
+    - name: php-confd
+      emptyDir:
+        sizeLimit: 50Mi
+  extraVolumeMounts:
+    - mountPath: /usr/local/etc/php/conf.d/
+      name: php-confd
+  extraInitContainers:
+    - name: php-confd-init
+      image: nextcloud:27.1.2-fpm
+      command: 
+        - /bin/bash
+        - -c
+        - --
+      args:
+        - cp -R /usr/local/etc/php/conf.d/* /data/
+      volumeMounts:
+        - mountPath: /data
+          name: php-confd
+  
+  podSecurityContext:
+    fsGroup: 1001
+
+  extraEnv:
+    - name: REDIS_HOST
+      value: nextcloud-keydb
+
+nginx:
+  enabled: true
+
+redis:
+  enabled: false
+
+cronjob:
+  enabled: true
+
+internalDatabase:
+  enabled: false
+
+externalDatabase:
+  enabled: true
+  type: postgresql
+  existingSecret:
+    enabled: true
+    secretName: default-cluster-pguser-nextcloud
+    usernameKey: user
+    passwordKey: password
+    hostKey: host
+    databaseKey: dbname
+
+persistence:
+  enabled: true
+  storageClass: hcloud-volumes
+  size: 8Gi
+  nextcloudData:
+    enabled: true
+    storageClass: storage-box
+    accessMode: ReadWriteMany
+    size: 100Gi
+
+metrics:
+  enabled: true
+  serviceMonitor:
+    enabled: true

nextcloud/kustomization.yaml

@@ -0,0 +1,32 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: nextcloud
+
+labels:
+- includeSelectors: false
+  pairs:
+    app.kubernetes.io/instance: icb4dc0de
+    app.kubernetes.io/managed-by: kustomize
+
+helmCharts:
+  - name: keydb
+    repo: https://enapter.github.io/charts/
+    releaseName: nextcloud-keydb
+    namespace: nextcloud
+    version: "0.48.0"
+    valuesFile: config/values.keydb.yaml
+    skipTests: true
+  - name: nextcloud
+    repo: https://nextcloud.github.io/helm/
+    releaseName: nextcloud
+    namespace: nextcloud
+    version: "4.5.12"
+    valuesFile: config/values.nextcloud.yaml
+    skipTests: true
+
+resources:
+  - "resources/namespace.yaml"
+
+generators:
+  - ./secret-generator.yaml

nextcloud/resources/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nextcloud
+  labels:
+    prometheus: default

nextcloud/resources/secrets.enc.yaml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: nextcloud-secrets
+type: Opaque
+stringData:
+    root-username: ENC[AES256_GCM,data:bvXYQRg=,iv:uoGUcfHnxOpKjSslTLAW3yNglzR3UmVEjRiCxBP7ROE=,tag:blTERWxgF1IDbcPKyKjVow==,type:str]
+    root-password: ENC[AES256_GCM,data:r9TSvn71Ecg/eAsGXWtc6vWsyRnZcu01QQ==,iv:l7Fc7Yz8527EHQvX7dkkNJRfswR/eaqn913t4G+5mn8=,tag:evh5PmuuGhusPQMYxRY5WQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwRkVpUjZxVmF0SmRPdHJZ
+            cGcrWTRuZFhhZGRaSUY5SS9pQnpNUjk3d1dvCldVS2ZOUTlYKzBFcjhibi9qOWRw
+            R3NCRVk0NWVYSFVQTm16L08yaTZEUjQKLS0tIEFablpOME0xNEJDbksxWHZRZXUy
+            YnlhMitYajVtb0hRQ0dPUkU4a2E5SnMKqVV3/2d+p+yu6pV2TqUUIoaj6wulKkci
+            3G6hlQY7WSST04KT2kTYPqzA9cEQIXSktvsVKuYeRvhcHz7lSbYJRQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWFV2OVVkQUtpSTBoaE5D
+            WFh2NllUZnBBMklOODlmVVQvTUVyUVdTazM4CnQzU1JDalhTcUVYKy9BQkFmMzZG
+            TFpGcGlpVE1uRjB6ZkdUeWk5eldGQlUKLS0tIHEwbHAzNFRDMjBRaHVjN0lwTGVV
+            MmpIaTVUcVJ4c1pFSkwyRWhHdStTbVEKm+JhVAwmzuvuAbph5ZAmqw+97YznBmpm
+            fdr2wsqIGJEG6EfWeYEsAHnCbqasxGJafYcJ2F3D1prJ5DE63OFXFg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-12-24T11:00:26Z"
+    mac: ENC[AES256_GCM,data:ntJWpg4t+ZMejPz/J204dPEW7x729yqqKjIeUOXoGHI0CM/GuFXNcPd2trQiaMzOjrVuQDRRPbKtXELxMwHThqttV7cc8b9sIS3ZZn1y/rEv3KJZjEMdnPcSSXDwdjm08IEixAzNHmdojg4mpQVKQveYzbGT80In26MhN+ZS9r8=,iv:naAAJ+tUz5l7I1rli0gbEUWbo0X33WORIxRSYvGjUV0=,tag:eTOwdvYTNEj53oAfRJ8VCA==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.8.1

nextcloud/secret-generator.yaml

@@ -0,0 +1,11 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  # Specify a name
+  name: nextcloud-secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+        exec:
+          path: ksops
+files:
+  - ./resources/secrets.enc.yaml

nocodb/kustomization.yaml

@@ -6,31 +6,33 @@ namespace: nocodb
 images:
 - name: nocodb
   newName: docker.io/nocodb/nocodb
-  newTag: "0.202.10"
+  newTag: 0.204.0
 
-commonLabels:
-  app.kubernetes.io/instance: icb4dc0de
-  app.kubernetes.io/managed-by: kustomize
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/instance: icb4dc0de
+    app.kubernetes.io/managed-by: kustomize
 
 resources:
-  - "resources/namespace.yaml"
-  - "resources/pvc.yaml"
-  - "resources/deployment.yaml"
-  - "resources/service.yaml"
-  - "resources/ingress.yaml"
+- resources/namespace.yaml
+- resources/pvc.yaml
+- resources/deployment.yaml
+- resources/service.yaml
+- resources/ingress.yaml
 
 generators:
-  - ./secret-generator.yaml
+- ./secret-generator.yaml
 
 secretGenerator:
-  - name: nocodb-base-config
-    envs:
-      - "config/base.env"
+- envs:
+  - config/base.env
+  name: nocodb-base-config
 
 helmCharts:
-  - name: keydb
-    repo: https://enapter.github.io/charts/
-    releaseName: nocodb-keydb
-    namespace: nocodb
-    version: "0.48.0"
-    valuesFile: config/values.keydb.yaml
+- name: keydb
+  namespace: nocodb
+  releaseName: nocodb-keydb
+  repo: https://enapter.github.io/charts/
+  valuesFile: config/values.keydb.yaml
+  version: 0.48.0

s3-csi/kustomization.yaml

@@ -8,7 +8,7 @@ helmCharts:
     repo: https://yandex-cloud.github.io/k8s-csi-s3/charts/
     releaseName: csi-s3
     namespace: kube-system
-    version: "0.40.0"
+    version: "0.40.1"
     valuesFile: config/values.csi-s3.yaml
 
 generators:

zipline/kustomization.yaml

@@ -6,7 +6,7 @@ namespace: zipline
 images:
 - name: zipline
   newName: ghcr.io/diced/zipline
-  newTag: "3.7.7"
+  newTag: "3.7.8"
 
 labels:
 - includeSelectors: true