Merge branch 'main' into renovate/teyvat-ghcr.io-actualbudget-actual-…

…server-24.x

kubernetes/pi/apps/storage/longhorn/app/helmrelease.yaml

@@ -25,26 +25,24 @@ spec:
   uninstall:
     keepHistory: false
   values:
-    monitoring:
-      enabled: true
-      createPrometheusRules: true
     defaultSettings:
       # backupTarget: s3://longhorn@ca-west-1/
       # backupTargetCredentialSecret: longhorn-secret
-      defaultReplicaCount: 3
-      backupstorePollInterval: 0
       createDefaultDiskLabeledNodes: true
-      restoreVolumeRecurringJobs: true
-      storageOverProvisioningPercentage: 100
+      defaultDataLocality: true
+      replicaAutoBalance: true
       storageMinimalAvailablePercentage: 1
-      guaranteedEngineManagerCPU: 20
-      guaranteedReplicaManagerCPU: 20
-      orphanAutoDeletion: true
-      concurrentAutomaticEngineUpgradePerNodeLimit: 3
       defaultLonghornStaticStorageClass: longhorn
+      # restoreVolumeRecurringJobs: true
       nodeDownPodDeletionPolicy: delete-both-statefulset-and-deployment-pod
+      concurrentAutomaticEngineUpgradePerNodeLimit: 3
+      guaranteedInstanceManagerCPU: 20
+      orphanAutoDeletion: true
     ingress:
       enabled: true
       ingressClassName: internal
       host: longhorn.${SECRET_DOMAIN}
       tls: true
+    metrics:
+      serviceMonitor:
+        enabled: true

kubernetes/pi/apps/storage/longhorn/app/kustomization.yaml

@@ -4,5 +4,4 @@ kind: Kustomization
 resources:
 # - ./externalsecret.yaml
 - ./helmrelease.yaml
-- ./servicemonitor.yaml
 - ./snapshot.yaml

kubernetes/teyvat/apps/security/authentik/app/externalsecret.yaml

@@ -19,8 +19,6 @@ spec:
         AUTHENTIK_POSTGRESQL__PASSWORD: "{{ .AUTHENTIK_DATABASE_PASSWORD }}"
         AUTHENTIK_POSTGRESQL__HOST: postgres-rw.database.svc.cluster.local
         AUTHENTIK_POSTGRESQL__NAME: &dbname authentik
-        AUTHENTIK_REDIS__URL: dragonfly.database.svc.cluster.local
-        AUTHENTIK_REDIS__DB: "1"
         AUTHENTIK_SECRET_KEY: "{{ .AUTHENTIK_SECRET_KEY }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: *dbname

kubernetes/teyvat/apps/security/authentik/app/helmrelease.yaml

@@ -19,25 +19,18 @@ spec:
     - name: dragonfly
       namespace: database
   values:
+    strategy:
+      type: RollingUpdate
+    worker:
+      strategy:
+        type: RollingUpdate
     initContainers:
       init-db:
         image: ghcr.io/onedr0p/postgres-init:16
         imagePullPolicy: IfNotPresent
         envFrom:
           - secretRef:
               name: authentik-secrets
-    podAnnotations:
-      secret.reloader.stakater.com/reload: authentik-secrets
-    autoscaling:
-      server:
-        enabled: true
-      worker:
-        enabled: true
-    strategy:
-      type: RollingUpdate
-    worker:
-      strategy:
-        type: RollingUpdate
     ingress:
       enabled: true
       ingressClassName: external
@@ -59,26 +52,25 @@ spec:
         - hosts:
             - *host
           secretName: *host
+    podAnnotations:
+      secret.reloader.stakater.com/reload: authentik-secrets
+    authentik:
+      redis:
+        host: dragonfly.database.svc.cluster.local
+    env:
+      AUTHENTIK_REDIS__DB: "1"
     envFrom:
       - secretRef:
           name: authentik-secrets
-    postgresql:
-      enabled: false
-    redis:
-      enabled: false
-    geoip:
-      enabled: false
     autoscaling:
       server:
         enabled: true
+        minReplicas: 2
       worker:
         enabled: true
+        minReplicas: 2
     prometheus:
-      rules:
-        create: true
       serviceMonitor:
         create: true
-    authentik:
-      log_level: info
-      outposts:
-        docker_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
+      rules:
+        create: true