diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 98508000fca59..1b41e11337aa5 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -3,7 +3,6 @@ "extends": [ "config:recommended", "docker:enableMajor", - "helpers:pinGitHubActionDigests", "replacements:k8s-registry-move", ":automergeBranch", ":disableRateLimiting", diff --git a/.github/renovate/grafanaDashboards.json5 b/.github/renovate/grafanaDashboards.json5 index b2112a66b02a4..ac104a0ded1e7 100644 --- a/.github/renovate/grafanaDashboards.json5 +++ b/.github/renovate/grafanaDashboards.json5 @@ -17,7 +17,7 @@ "(^|/)kubernetes/.+\\.ya?ml(\\.j2)?$" ], "matchStrings": [ - "depName=\"(?\\S+)\"\\n.*?gnetId: (?\\d+)\\n.*?revision: (?\\d+)" + "depName=\"(?.*)\"\\n.*?gnetId: (?\\d+)\\n.*?revision: (?\\d+)" ], "datasourceTemplate": "custom.grafana-dashboards", "versioningTemplate": "regex:^(?\\d+)$" @@ -26,12 +26,12 @@ "packageRules": [ { "addLabels": ["renovate/grafana-dashboard"], - "commitMessageExtra": "to revision {{newVersion}}", - "commitMessageTopic": "dashboard {{depName}}", "matchDatasources": ["grafana-dashboards", "custom.grafana-dashboards"], "matchUpdateTypes": ["major"], "semanticCommitScope": "grafana-dashboards", - "semanticCommitType": "chore" + "semanticCommitType": "", + "commitMessageTopic": "dashboard {{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" } ] } diff --git a/.github/renovate/semanticCommits.json5 b/.github/renovate/semanticCommits.json5 index 62a3d7c0107ce..f2e01f613041d 100644 --- a/.github/renovate/semanticCommits.json5 +++ b/.github/renovate/semanticCommits.json5 @@ -4,112 +4,150 @@ { "matchDatasources": ["docker"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(container)!: " + "commitMessagePrefix": "feat(container)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": " ( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["docker"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "container" + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["docker"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "container" + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["docker"], "matchUpdateTypes": ["digest"], "semanticCommitType": "chore", - "semanticCommitScope": "container" + "semanticCommitScope": "container", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentDigestShort}} → {{newDigestShort}} )" }, { "matchDatasources": ["helm"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(helm)!: " + "commitMessagePrefix": "feat(helm)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["helm"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "helm" + "semanticCommitScope": "helm", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["helm"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "helm" + "semanticCommitScope": "helm", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["galaxy", "galaxy-collection"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(ansible)!: " + "commitMessagePrefix": "feat(ansible)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["galaxy", "galaxy-collection"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "ansible" + "semanticCommitScope": "ansible", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["galaxy", "galaxy-collection"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "ansible" + "semanticCommitScope": "ansible", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["terraform-provider"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(terraform)!: " + "commitMessagePrefix": "feat(terraform)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["terraform-provider"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "terraform" + "semanticCommitScope": "terraform", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["terraform-provider"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "terraform" + "semanticCommitScope": "terraform", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["github-releases", "github-tags"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(github-release)!: " + "commitMessagePrefix": "feat(github-release)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["github-releases", "github-tags"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "github-release" + "semanticCommitScope": "github-release", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchDatasources": ["github-releases", "github-tags"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "github-release" + "semanticCommitScope": "github-release", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchManagers": ["github-actions"], "matchUpdateTypes": ["major"], - "commitMessagePrefix": "feat(github-action)!: " + "commitMessagePrefix": "feat(github-action)!: ", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchManagers": ["github-actions"], "matchUpdateTypes": ["minor"], "semanticCommitType": "feat", - "semanticCommitScope": "github-action" + "semanticCommitScope": "github-action", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" }, { "matchManagers": ["github-actions"], "matchUpdateTypes": ["patch"], "semanticCommitType": "fix", - "semanticCommitScope": "github-action" + "semanticCommitScope": "github-action", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "( {{currentVersion}} → {{newVersion}} )" } ] } diff --git a/.github/scripts/extract-images.mjs b/.github/scripts/extract-images.mjs new file mode 100755 index 0000000000000..06ccb2b93831b --- /dev/null +++ b/.github/scripts/extract-images.mjs @@ -0,0 +1,96 @@ +#!/usr/bin/env zx +$.verbose = false + +/** + * * extract-images.mjs + * * Extracts all container images from a HelmRelease and renders them as a JSON object + * @param --helmrelease : The source Flux HelmRelease to compare against the target + * @param --kubernetes-dir : The directory containing your Flux manifests including the HelmRepository manifests + */ +const HelmRelease = argv['helmrelease'] +const KubernetesDir = argv['kubernetes-dir'] + +const helm = await which('helm') +const kustomize = await which('kustomize') + +function extractImageValues(data) { + const imageValues = []; + function extractValues(obj) { + for (const key in obj) { + if (typeof obj[key] === 'object') { + extractValues(obj[key]); + } else if (key === 'image') { + imageValues.push(obj[key]); + } + } + } + extractValues(data); + return imageValues; +} + +async function parseHelmRelease(releaseFile) { + const helmRelease = await fs.readFile(releaseFile, 'utf8') + const doc = YAML.parseAllDocuments(helmRelease).map((item) => item.toJS()) + const release = doc.filter((item) => + item.apiVersion === 'helm.toolkit.fluxcd.io/v2beta2' + && item.kind === 'HelmRelease' + ) + return release[0] +} + +async function parseHelmRepository(kubernetesDir, releaseName) { + const files = await globby([`${kubernetesDir}/**/*.yaml`]) + for await (const file of files) { + const contents = await fs.readFile(file, 'utf8') + const repository = YAML.parseAllDocuments(contents).map((item) => item.toJS()) + if (repository[0] && 'apiVersion' in repository[0] && repository[0].apiVersion === 'source.toolkit.fluxcd.io/v1beta2' + && 'kind' in repository[0] && repository[0].kind === 'HelmRepository' + && 'metadata' in repository[0] && 'name' in repository[0].metadata && repository[0].metadata.name === releaseName) + { + return repository[0] + } + } +} + +async function renderKustomize(releaseBaseDir, releaseName) { + const build = await $`${kustomize} build --load-restrictor=LoadRestrictionsNone ${releaseBaseDir}` + const docs = YAML.parseAllDocuments(build.stdout).map((item) => item.toJS()) + const release = docs.filter((item) => + item.apiVersion === 'helm.toolkit.fluxcd.io/v2beta2' + && item.kind === 'HelmRelease' + && item.metadata.name === releaseName + ) + return release[0] +} + +async function helmTemplate(release, repository) { + const values = new YAML.Document() + values.contents = release.spec.values + const valuesFile = await $`mktemp` + await fs.writeFile(valuesFile.stdout.trim(), values.toString()) + + // Template out helm values into Kubernetes manifests + let manifests + if ('type' in repository.spec && repository.spec.type == 'oci') { + manifests = await $`${helm} template --kube-version 1.28.0 --release-name ${release.metadata.name} --include-crds=false --skip-tests ${repository.spec.url}/${release.spec.chart.spec.chart} --version ${release.spec.chart.spec.version} --values ${valuesFile.stdout.trim()}` + } else { + await $`${helm} repo add ${release.spec.chart.spec.sourceRef.name} ${repository.spec.url}` + manifests = await $`${helm} template --kube-version 1.28.0 --release-name ${release.metadata.name} --include-crds=false --skip-tests ${release.spec.chart.spec.sourceRef.name}/${release.spec.chart.spec.chart} --version ${release.spec.chart.spec.version} --values ${valuesFile.stdout.trim()}` + } + + let documents = YAML.parseAllDocuments(manifests.stdout.trim()).map((item) => item.toJS()) + + const images = []; + documents.forEach((doc) => { + const docImageValues = extractImageValues(doc); + images.push(...docImageValues); + }); + return images; +} + +const helmRelease = await parseHelmRelease(HelmRelease) +const kustomizeBuild = await renderKustomize(path.dirname(HelmRelease), helmRelease.metadata.name) +const helmRepository = await parseHelmRepository(KubernetesDir, kustomizeBuild.spec.chart.spec.sourceRef.name) +const images = await helmTemplate(kustomizeBuild, helmRepository) + +echo(JSON.stringify(images)) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 61bc667bc288d..652fb3238263e 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -5,68 +5,140 @@ name: "Flux Diff" on: pull_request: branches: ["main"] - paths: ["kubernetes/**.yaml"] + paths: ["kubernetes/**"] -env: - DEBCONF_NONINTERACTIVE_SEEN: "true" - DEBIAN_FRONTEND: noninteractive - APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn - WORKFLOW_RESOURCE_DIR: ./.github/workflows/resources +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true jobs: + changed-files: + name: Get Changed Files + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.changed-files.outputs.all_changed_and_modified_files }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + fetch-depth: 0 + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v40 + with: + files: kubernetes/** + dir_names: true + dir_names_max_depth: 2 + json: true + quotepath: false + escape_json: false + + - name: List all changed files + run: echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}" + flux-diff: name: Flux Diff runs-on: ubuntu-latest + needs: ["changed-files"] permissions: pull-requests: write strategy: matrix: - path: ["kubernetes/main", "kubernetes/storage"] - resource: ["helmrelease", "kustomization"] + paths: ${{ fromJSON(needs.changed-files.outputs.matrix) }} + resources: ["helmrelease", "kustomization"] + max-parallel: 4 + fail-fast: false steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: "${{ steps.app-token.outputs.token }}" - - - name: Install OS Deps + - name: Setup System Tools shell: bash - run: sudo apt-get update && sudo apt-get install -y curl git xz-utils + run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git - - name: Install Nix - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + # - name: Setup Workflow Tools + # uses: jdx/rtx-action@v1 + # with: + # install: true + # cache: true + # rtx_toml: | + # [tools] + # flux2 = "latest" + + # - name: Diff Resources + # uses: allenporter/flux-local/action/diff@4.1.1 + # id: diff + # with: + # sources: home-kubernetes + # path: "${{ matrix.paths }}" + # resource: "${{ matrix.resources }}" + + - name: Checkout Live Branch + uses: actions/checkout@v4 with: - github_access_token: "${{ steps.app-token.outputs.token }}" + token: "${{ steps.app-token.outputs.token }}" + path: live - - name: Switch to Nix devShell - uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0 + - name: Checkout PR branch + uses: actions/checkout@v4 with: - arguments: "${{ env.WORKFLOW_RESOURCE_DIR }}" + token: "${{ steps.app-token.outputs.token }}" + path: pr - name: Diff Resources - # uses: allenporter/flux-local/action/diff@19bfc6920e8964a479363bc230e6c329120ead02 # 3.2.0 - uses: allenporter/flux-local/action/diff@flux-build - id: diff + uses: docker://ghcr.io/allenporter/flux-local:main with: - sources: home-kubernetes - path: "${{ matrix.path }}" - resource: "${{ matrix.resource }}" + args: >- + diff ${{ matrix.resources }} + --unified 6 + --path-orig live/${{ matrix.paths }} + --path pr/${{ matrix.paths }} + --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart" + --limit-bytes 10000 + --all-namespaces + --sources "home-kubernetes" + --output-file diff.txt + + - name: Generate Diff + id: diff + run: | + cat diff.txt + echo "diff<> $GITHUB_OUTPUT + cat diff.txt >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - if: ${{ steps.diff.outputs.diff != '' }} name: Add comment - uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1 + uses: mshick/add-pr-comment@v2.8.1 with: repo-token: "${{ steps.app-token.outputs.token }}" - message-id: "${{ github.event.pull_request.number }}/${{ matrix.path }}/${{ matrix.resource }}" + message-id: "${{ github.event.pull_request.number }}/${{ matrix.paths }}/${{ matrix.resources }}" message-failure: Diff was not successful message: | ```diff ${{ steps.diff.outputs.diff }} ``` + + # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7 + flux-diff-success: + if: ${{ always() }} + needs: ["flux-diff"] + name: Flux diff successful + runs-on: ubuntu-latest + steps: + - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + name: Check matrix status + run: exit 1 diff --git a/.github/workflows/flux-hr-image-test.yaml b/.github/workflows/flux-hr-image-test.yaml new file mode 100644 index 0000000000000..4bc09c748f978 --- /dev/null +++ b/.github/workflows/flux-hr-image-test.yaml @@ -0,0 +1,119 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Flux Helm Release Image Test" + +on: + pull_request: + branches: ["main"] + paths: ["kubernetes/**/helmrelease.yaml"] + +env: + WORKFLOW_KUBERNETES_DIR: ./kubernetes + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true + +jobs: + changed-files: + name: Get Changed Files + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.changed-files.outputs.all_changed_and_modified_files }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + fetch-depth: 0 + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v40 + with: + files: kubernetes/**/helmrelease.yaml + json: true + quotepath: false + escape_json: false + + - name: List all changed files + run: echo "${{ steps.changed-files.outputs.all_changed_and_modified_files }}" + + extract-images: + if: ${{ needs.changed-files.outputs.matrix != '[]' }} + name: Extract images from Helm Release + runs-on: ubuntu-latest + needs: ["changed-files"] + strategy: + matrix: + files: ${{ fromJSON(needs.changed-files.outputs.matrix) }} + max-parallel: 4 + fail-fast: false + outputs: + matrix: ${{ steps.extract-images.outputs.images }} + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + + - name: Checkout + uses: actions/checkout@v4 + with: + token: "${{ steps.app-token.outputs.token }}" + fetch-depth: 0 + + - name: Setup System Tools + shell: bash + run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git + + - name: Setup Workflow Tools + uses: jdx/rtx-action@v1 + with: + install: true + cache: true + rtx_toml: | + [tools] + helm = "latest" + kustomize = "latest" + + - name: Extract Images from Helm Release + id: extract-images + run: | + images=$(npx zx ./.github/scripts/extract-images.mjs --kubernetes-dir "${{ env.WORKFLOW_KUBERNETES_DIR }}" --helmrelease "${{ matrix.files }}") + echo "images=${images}" >> $GITHUB_OUTPUT + echo "${images}" + + test-images: + if: ${{ needs.extract-images.outputs.matrix != '[]' }} + name: Test images from Helm Release + runs-on: ubuntu-latest + needs: ["extract-images"] + strategy: + matrix: + images: ${{ fromJSON(needs.extract-images.outputs.matrix) }} + max-parallel: 4 + fail-fast: false + steps: + - name: Test Images from Helm Release + run: docker pull ${{ matrix.images }} + + # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7 + test-images-success: + if: ${{ always() }} + needs: ["test-images"] + name: Test images from Helm Release successful + runs-on: ubuntu-latest + steps: + - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + name: Check matrix status + run: exit 1 diff --git a/.github/workflows/flux-hr-sync.yaml b/.github/workflows/flux-hr-sync.yaml index 4ab90b17586ca..4ec835f03cc8c 100644 --- a/.github/workflows/flux-hr-sync.yaml +++ b/.github/workflows/flux-hr-sync.yaml @@ -20,47 +20,41 @@ on: branches: ["main"] paths: ["kubernetes/**/helmrelease.yaml"] -env: - DEBCONF_NONINTERACTIVE_SEEN: "true" - DEBIAN_FRONTEND: noninteractive - APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn - WORKFLOW_RESOURCE_DIR: ./.github/workflows/resources - jobs: sync: name: Flux Helm Repository Sync runs-on: ["arc-runner-set-home-ops"] steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" fetch-depth: 0 - - name: Install OS Deps + - name: Setup System Tools shell: bash - run: sudo apt-get update && sudo apt-get install -y curl git xz-utils - - - name: Install Nix - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 - with: - github_access_token: "${{ steps.app-token.outputs.token }}" + run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git - - name: Switch to Nix devShell - uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0 + - name: Setup Workflow Tools + uses: jdx/rtx-action@v1 with: - arguments: "${{ env.WORKFLOW_RESOURCE_DIR }}" + install: true + cache: true + rtx_toml: | + [tools] + flux2 = "latest" + yq = "latest" - name: Write kubeconfig id: kubeconfig - uses: timheuer/base64-to-file@784a1a4a994315802b7d8e2084e116e783d157be # v1.2.4 + uses: timheuer/base64-to-file@v1 with: encodedString: "${{ secrets.KUBECONFIG }}" fileName: kubeconfig @@ -68,7 +62,7 @@ jobs: - if: ${{ github.event.inputs.clusterName == '' && github.event.inputs.helmRepoNamespace == '' && github.event.inputs.helmRepoName == '' }} name: Get changed files id: changed-files - uses: tj-actions/changed-files@56284d80811fb5963a972b438f2870f175e5b7c8 # v40.2.3 + uses: tj-actions/changed-files@v40 with: files: kubernetes/**/helmrelease.yaml diff --git a/.github/workflows/flux-ks-sync.yaml b/.github/workflows/flux-ks-sync.yaml index 7d7c7398ed322..d2c9308887776 100644 --- a/.github/workflows/flux-ks-sync.yaml +++ b/.github/workflows/flux-ks-sync.yaml @@ -7,12 +7,6 @@ on: branches: ["main"] paths: ["kubernetes/storage/**"] -env: - DEBCONF_NONINTERACTIVE_SEEN: "true" - DEBIAN_FRONTEND: noninteractive - APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn - WORKFLOW_RESOURCE_DIR: ./.github/workflows/resources - jobs: sync: name: Flux Kustomization Sync @@ -22,35 +16,34 @@ jobs: cluster: ["storage"] steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" fetch-depth: 0 - - name: Install OS Deps + - name: Setup System Tools shell: bash - run: sudo apt-get update && sudo apt-get install -y curl git xz-utils - - - name: Install Nix - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 - with: - github_access_token: "${{ steps.app-token.outputs.token }}" + run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git - - name: Switch to Nix devShell - uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0 + - name: Setup Workflow Tools + uses: jdx/rtx-action@v1 with: - arguments: "${{ env.WORKFLOW_RESOURCE_DIR }}" + install: true + cache: true + rtx_toml: | + [tools] + flux2 = "latest" - name: Write kubeconfig id: kubeconfig - uses: timheuer/base64-to-file@784a1a4a994315802b7d8e2084e116e783d157be # v1.2.4 + uses: timheuer/base64-to-file@v1 with: encodedString: "${{ secrets.KUBECONFIG }}" fileName: kubeconfig diff --git a/.github/workflows/kubeconform.yaml b/.github/workflows/kubeconform.yaml deleted file mode 100644 index 177c6a61c343d..0000000000000 --- a/.github/workflows/kubeconform.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: "Kubeconform" - -on: - workflow_dispatch: - pull_request: - branches: ["main"] - paths: - - "kubernetes/main/**" - - "kubernetes/storage/**" - -env: - DEBCONF_NONINTERACTIVE_SEEN: "true" - DEBIAN_FRONTEND: noninteractive - APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn - WORKFLOW_RESOURCE_DIR: ./.github/workflows/resources - -jobs: - kubeconform: - name: Kubeconform - runs-on: ubuntu-latest - strategy: - matrix: - path: ["kubernetes/main", "kubernetes/storage"] - steps: - - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 - id: app-token - with: - app-id: "${{ secrets.BOT_APP_ID }}" - private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: "${{ steps.app-token.outputs.token }}" - - - name: Install OS Deps - shell: bash - run: sudo apt-get update && sudo apt-get install -y curl git xz-utils - - - name: Install Nix - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 - with: - github_access_token: "${{ steps.app-token.outputs.token }}" - - - name: Switch to Nix devShell - uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0 - with: - arguments: "${{ env.WORKFLOW_RESOURCE_DIR }}" - - - name: Run kubeconform - shell: bash - run: bash ${{ env.WORKFLOW_RESOURCE_DIR }}/kubeconform.sh ${{ matrix.path }} diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml index a60d7f698b756..73724ef17c83f 100644 --- a/.github/workflows/label-sync.yaml +++ b/.github/workflows/label-sync.yaml @@ -14,19 +14,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - name: Sync Labels - uses: EndBug/label-sync@da00f2c11fdb78e4fae44adac2fdd713778ea3e8 # renovate: tag=v2.3.2 + uses: EndBug/label-sync@v2 with: config-file: .github/labels.yaml token: "${{ steps.app-token.outputs.token }}" diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 17a7785f5547f..e45e4ffd1ec09 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -17,14 +17,14 @@ jobs: pull-requests: write steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Labeler - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 + uses: actions/labeler@v5 with: configuration-path: .github/labeler.yaml repo-token: "${{ steps.app-token.outputs.token }}" diff --git a/.github/workflows/lychee.yaml b/.github/workflows/lychee.yaml index 1159eabfdc588..664d0a8b86fce 100644 --- a/.github/workflows/lychee.yaml +++ b/.github/workflows/lychee.yaml @@ -5,10 +5,10 @@ name: "Lychee" on: workflow_dispatch: schedule: - - cron: "0 0 * * 0" + - cron: "0 0 * * *" env: - ISSUE_LABEL: lint/lychee + WORKFLOW_ISSUE_NUMBER: 6587 jobs: lychee: @@ -16,38 +16,29 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - name: Scan for broken links - uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0 + uses: lycheeverse/lychee-action@v1 id: lychee - env: - GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" - with: - args: --verbose --no-progress --exclude-mail './**/*.md' - - - name: Find Link Checker Issue - id: issue-number - uses: micalevisk/last-issue-action@f5661581217cc78cc282d1351aa65bd8bd155003 # v2.2.1 with: token: "${{ steps.app-token.outputs.token }}" - state: open - labels: "${{ env.ISSUE_LABEL }}" + args: --verbose --no-progress --exclude-mail './**/*.md' + output: /tmp/results.md - name: Update Issue - uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v4.0.1 + uses: peter-evans/create-issue-from-file@v4 with: token: "${{ steps.app-token.outputs.token }}" title: Link Checker Dashboard 🔗 - issue-number: "${{ steps.issue-number.outputs.issue-number }}" - content-filepath: ./lychee/out.md - labels: "${{ env.ISSUE_LABEL }}" + issue-number: "${{ env.WORKFLOW_ISSUE_NUMBER }}" + content-filepath: /tmp/results.md diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index 4b187ccf7ffcd..23c6638c5b534 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -3,6 +3,7 @@ name: "Publish Docs" on: + workflow_dispatch: push: branches: ["main"] paths: @@ -11,9 +12,10 @@ on: - README.md permissions: + actions: write contents: read - pages: write id-token: write + pages: write jobs: build: @@ -23,31 +25,31 @@ jobs: group: ${{ github.workflow }}-${{ github.ref }} steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - name: Setup Pages id: pages - uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4.0.0 + uses: actions/configure-pages@v4 with: token: "${{ steps.app-token.outputs.token }}" enablement: true - name: Build docs - uses: docker://ghcr.io/bjw-s/mdbook:0.4.36@sha256:fb39e02eb5bcc052e2883dad6d9dd480a4fbd2a69b4e3404682f7ac215a5d501 + uses: docker://ghcr.io/bjw-s/mdbook:0.4.36@sha256:d86edc42a0d22e38f3d59d6cf517a9d93a7dbe8ec3ec80a114dfd7a99d9354cd with: args: mdbook build docs - name: Upload artifact - uses: actions/upload-pages-artifact@a753861a5debcf57bf8b404356158c8e1e33150c # v2.0.0 + uses: actions/upload-pages-artifact@v3 with: path: ./docs/book @@ -60,7 +62,7 @@ jobs: needs: build steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" @@ -68,7 +70,6 @@ jobs: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@13b55b33dd8996121833dbc1db458c793a334630 # v3.0.1 + uses: actions/deploy-pages@v4 with: token: "${{ steps.app-token.outputs.token }}" - artifact_name: github-pages diff --git a/.github/workflows/publish-schemas.yaml b/.github/workflows/publish-schemas.yaml index 997ccb01d326e..9c15f179b774a 100644 --- a/.github/workflows/publish-schemas.yaml +++ b/.github/workflows/publish-schemas.yaml @@ -10,13 +10,6 @@ on: branches: ["main"] paths: [".github/workflows/publish-schemas.yaml"] -env: - DEBCONF_NONINTERACTIVE_SEEN: "true" - DEBIAN_FRONTEND: noninteractive - APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn - WORKFLOW_RESOURCE_DIR: ./.github/workflows/resources - SCHEMAS_DIR: /home/runner/crds - jobs: publish-schemas: name: Publish Schemas @@ -26,44 +19,37 @@ jobs: packages: write steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - - name: Install OS Deps + - name: Setup System Tools shell: bash - run: sudo apt-get update && sudo apt-get install -y curl git xz-utils - - - name: Install Nix - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 - with: - github_access_token: "${{ steps.app-token.outputs.token }}" + run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git - - name: Switch to Nix devShell - uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0 + - name: Setup Python + uses: actions/setup-python@v5 with: - arguments: "${{ env.WORKFLOW_RESOURCE_DIR }}" + python-version: 3.x - name: Setup Node - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 + uses: actions/setup-node@v4 with: node-version: 18.x - - name: Setup Python - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 - with: - python-version: 3.x + - name: Setup kubectl + uses: azure/setup-kubectl@v3 - name: Write kubeconfig id: kubeconfig - uses: timheuer/base64-to-file@784a1a4a994315802b7d8e2084e116e783d157be # v1.2.4 + uses: timheuer/base64-to-file@v1 with: encodedString: "${{ secrets.KUBECONFIG }}" fileName: kubeconfig @@ -73,17 +59,16 @@ jobs: KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}" shell: bash run: | - mkdir -p ${{ env.SCHEMAS_DIR }} curl -fsSL -o $GITHUB_WORKSPACE/crd-extractor.sh \ https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/Utilities/crd-extractor.sh chmod +x $GITHUB_WORKSPACE/crd-extractor.sh bash $GITHUB_WORKSPACE/crd-extractor.sh - mv /home/runner/.datree/crdSchemas/* ${{ env.SCHEMAS_DIR }} + - name: Deploy to Cloudflare Pages - uses: cloudflare/wrangler-action@5e8484995321734668f14981c316aa9188d76ed1 # v3.3.2 + uses: cloudflare/wrangler-action@v3 with: apiToken: "${{ secrets.CLOUDFLARE_API_TOKEN }}" accountId: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}" - workingDirectory: "${{ env.SCHEMAS_DIR }}" + workingDirectory: /home/runner/.datree/crdSchemas command: pages deploy --project-name=kubernetes-schemas --branch main . diff --git a/.github/workflows/publish-terraform.yaml b/.github/workflows/publish-terraform.yaml index f8d0371210e49..58b8a3fd6929f 100644 --- a/.github/workflows/publish-terraform.yaml +++ b/.github/workflows/publish-terraform.yaml @@ -8,12 +8,6 @@ on: branches: ["main"] paths: ["terraform/**"] -env: - DEBCONF_NONINTERACTIVE_SEEN: "true" - DEBIAN_FRONTEND: noninteractive - APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE: DontWarn - WORKFLOW_RESOURCE_DIR: ./.github/workflows/resources - jobs: publish-terraform: name: Publish Terraform @@ -23,33 +17,32 @@ jobs: packages: write steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - - name: Install OS Deps + - name: Setup System Tools shell: bash - run: sudo apt-get update && sudo apt-get install -y curl git xz-utils - - - name: Install Nix - uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 - with: - github_access_token: "${{ steps.app-token.outputs.token }}" + run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git - - name: Switch to Nix devShell - uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0 + - name: Setup Workflow Tools + uses: jdx/rtx-action@v1 with: - arguments: "${{ env.WORKFLOW_RESOURCE_DIR }}" + install: true + cache: true + rtx_toml: | + [tools] + flux2 = "latest" - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@v3 with: registry: ghcr.io username: "${{ github.actor }}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 558f40b3f7b3d..4e0d34a9c9573 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,14 +13,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0e56bd1a803ac..b9803bc799766 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -31,9 +31,6 @@ concurrency: # Retrieve BOT_USER_ID via `curl -s "https://api.github.com/users/${BOT_USERNAME}%5Bbot%5D" | jq .id` env: - WORKFLOW_DRY_RUN: false - WORKFLOW_LOG_LEVEL: debug - WORKFLOW_VERSION: latest # 37.59.8 RENOVATE_PLATFORM: github RENOVATE_PLATFORM_COMMIT: true RENOVATE_ONBOARDING_CONFIG_FILE_NAME: .github/renovate.json5 @@ -41,6 +38,9 @@ env: RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}" RENOVATE_USERNAME: "${{ secrets.BOT_USERNAME }}[bot]" RENOVATE_GIT_AUTHOR: "${{ secrets.BOT_USERNAME }} <${{ secrets.BOT_USER_ID }}+${{ secrets.BOT_USERNAME }}[bot]@users.noreply.github.com>" + WORKFLOW_RENOVATE_DRY_RUN: false + WORKFLOW_RENOVATE_LOG_LEVEL: debug + WORKFLOW_RENOVATE_VERSION: latest jobs: renovate: @@ -48,26 +48,26 @@ jobs: runs-on: ubuntu-latest steps: - name: Generate Token - uses: actions/create-github-app-token@2986852ad836768dfea7781f31828eb3e17990fa # v1.6.2 + uses: actions/create-github-app-token@v1 id: app-token with: app-id: "${{ secrets.BOT_APP_ID }}" private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 with: token: "${{ steps.app-token.outputs.token }}" - name: Override default config from dispatch variables shell: bash run: | - echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.WORKFLOW_DRY_RUN }}" >> "${GITHUB_ENV}" - echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.WORKFLOW_LOG_LEVEL }}" >> "${GITHUB_ENV}" + echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.WORKFLOW_RENOVATE_DRY_RUN }}" >> "${GITHUB_ENV}" + echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.WORKFLOW_RENOVATE_LOG_LEVEL }}" >> "${GITHUB_ENV}" - name: Renovate - uses: renovatebot/github-action@b8ce565a2e98de1fec9696a76fba7beb01ec29b2 # v39.2.3 + uses: renovatebot/github-action@v39.2.3 with: configurationFile: "${{ env.RENOVATE_ONBOARDING_CONFIG_FILE_NAME }}" token: "${{ steps.app-token.outputs.token }}" - renovate-version: "${{ github.event.inputs.version || env.WORKFLOW_VERSION }}" + renovate-version: "${{ github.event.inputs.version || env.WORKFLOW_RENOVATE_VERSION }}" diff --git a/.github/workflows/resources/flake.nix b/.github/workflows/resources/flake.nix deleted file mode 100644 index 5c57c3b53c8b6..0000000000000 --- a/.github/workflows/resources/flake.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - description = "CI Nix Flake"; - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - flake-utils.url = "github:numtide/flake-utils"; - }; - outputs = { self, nixpkgs, flake-utils }: - flake-utils.lib.eachDefaultSystem(system: - let pkgs = import nixpkgs { inherit system; }; in { - devShells = { - default = pkgs.mkShell - { - buildInputs = (with pkgs; [ - cosign - fluxcd - kubeconform - kubectl - kustomize - jo - yq - ]); - }; - }; - } - ); -} diff --git a/.github/workflows/resources/kubeconform.sh b/.github/workflows/resources/kubeconform.sh deleted file mode 100755 index fe957e383f8d3..0000000000000 --- a/.github/workflows/resources/kubeconform.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env bash -set -o errexit - -KUBERNETES_DIR=$1 -KUBE_VERSION="${2:-1.28.0}" - -[[ -z "${KUBERNETES_DIR}" ]] && echo "Kubernetes location not specified" && exit 1 - -kustomize_args=("--load-restrictor=LoadRestrictionsNone") -kustomize_config="kustomization.yaml" -kubeconform_args=( - "-strict" - "-ignore-missing-schemas" - "-kubernetes-version" - "${KUBE_VERSION}" - "-skip" - "ReplicationSource,ReplicationDestination,Secret" - "-schema-location" - "default" - "-schema-location" - "https://kubernetes-schemas.pages.dev/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json" - "-verbose" -) - -echo "=== Validating standalone manifests in ${KUBERNETES_DIR}/flux ===" -find "${KUBERNETES_DIR}/flux" -maxdepth 1 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; - do - kubeconform "${kubeconform_args[@]}" "${file}" - if [[ ${PIPESTATUS[0]} != 0 ]]; then - exit 1 - fi -done - -echo "=== Validating kustomizations in ${KUBERNETES_DIR}/flux ===" -find "${KUBERNETES_DIR}/flux" -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; - do - echo "=== Validating kustomizations in ${file/%$kustomize_config} ===" - kustomize build "${file/%$kustomize_config}" "${kustomize_args[@]}" | \ - kubeconform "${kubeconform_args[@]}" - if [[ ${PIPESTATUS[0]} != 0 ]]; then - exit 1 - fi -done - -echo "=== Validating kustomizations in ${KUBERNETES_DIR}/apps ===" -find "${KUBERNETES_DIR}/apps" -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; - do - echo "=== Validating kustomizations in ${file/%$kustomize_config} ===" - kustomize build "${file/%$kustomize_config}" "${kustomize_args[@]}" | \ - kubeconform "${kubeconform_args[@]}" - if [[ ${PIPESTATUS[0]} != 0 ]]; then - exit 1 - fi -done diff --git a/ansible/main/inventory/group_vars/all/main.yaml b/ansible/main/inventory/group_vars/all/main.yaml index ba46f35310280..09bb1c1532c00 100644 --- a/ansible/main/inventory/group_vars/all/main.yaml +++ b/ansible/main/inventory/group_vars/all/main.yaml @@ -1,6 +1,6 @@ --- # renovate: datasource=github-releases depName=k3s-io/k3s -k3s_release_version: "v1.28.4+k3s2" +k3s_release_version: "v1.29.0+k3s1" k3s_install_hard_links: true k3s_become: true k3s_etcd_datastore: true diff --git a/ansible/storage/inventory/group_vars/all/main.yaml b/ansible/storage/inventory/group_vars/all/main.yaml index 7a3115a8dcbc9..e43afa27e81e1 100644 --- a/ansible/storage/inventory/group_vars/all/main.yaml +++ b/ansible/storage/inventory/group_vars/all/main.yaml @@ -1,6 +1,6 @@ --- # renovate: datasource=github-releases depName=k3s-io/k3s -k3s_release_version: "v1.28.4+k3s2" +k3s_release_version: "v1.29.0+k3s1" k3s_install_hard_links: true k3s_become: true k3s_registration_address: 192.168.42.80 diff --git a/aqua.yaml b/aqua.yaml new file mode 100644 index 0000000000000..7f3001a7481c7 --- /dev/null +++ b/aqua.yaml @@ -0,0 +1,12 @@ +--- +# aqua - Declarative CLI Version Manager +# https://aquaproj.github.io/ +# checksum: +# enabled: true +# require_checksum: true +# supported_envs: +# - all +registries: +- type: standard + ref: v4.107.0 # renovate: depName=aquaproj/aqua-registry +packages: diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml index 30563301d75f7..34bb4b2ff644b 100644 --- a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: actions-runner-controller-auth-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml index 620b8d0c02b2f..022ff5971a000 100644 --- a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: gha-runner-scale-set-controller - version: 0.7.0 + version: 0.8.1 sourceRef: kind: HelmRepository name: actions-runner-controller diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/helmrelease.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/helmrelease.yaml index 122928fc20741..c9c85ab0eab7a 100644 --- a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/helmrelease.yaml +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: gha-runner-scale-set - version: 0.7.0 + version: 0.8.1 sourceRef: kind: HelmRepository name: actions-runner-controller @@ -40,7 +40,7 @@ spec: runnerScaleSetName: arc-runner-set-home-ops githubConfigUrl: https://github.com/onedr0p/home-ops minRunners: 1 - maxRunners: 3 + maxRunners: 6 containerMode: type: dind template: diff --git a/kubernetes/main/apps/cert-manager/cert-manager/issuers/externalsecret.yaml b/kubernetes/main/apps/cert-manager/cert-manager/issuers/externalsecret.yaml index 8d60f7d9aadfc..da8ef0da9cec6 100644 --- a/kubernetes/main/apps/cert-manager/cert-manager/issuers/externalsecret.yaml +++ b/kubernetes/main/apps/cert-manager/cert-manager/issuers/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: cloudflare-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/database/cloudnative-pg/app/externalsecret.yaml b/kubernetes/main/apps/database/cloudnative-pg/app/externalsecret.yaml index 01f292f379ed6..4aac2e2798fa5 100644 --- a/kubernetes/main/apps/database/cloudnative-pg/app/externalsecret.yaml +++ b/kubernetes/main/apps/database/cloudnative-pg/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: cloudnative-pg-secret - creationPolicy: Owner template: engineVersion: v2 metadata: diff --git a/kubernetes/main/apps/database/cloudnative-pg/app/helmrelease.yaml b/kubernetes/main/apps/database/cloudnative-pg/app/helmrelease.yaml index 3acd6930de25f..5239ebb47b49c 100644 --- a/kubernetes/main/apps/database/cloudnative-pg/app/helmrelease.yaml +++ b/kubernetes/main/apps/database/cloudnative-pg/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: cloudnative-pg - version: 0.19.1 + version: 0.20.0 sourceRef: kind: HelmRepository name: cloudnative-pg diff --git a/kubernetes/main/apps/database/redis/app/helmrelease.yaml b/kubernetes/main/apps/database/redis/app/helmrelease.yaml index 037ab8b4e7db3..40d296ec25602 100644 --- a/kubernetes/main/apps/database/redis/app/helmrelease.yaml +++ b/kubernetes/main/apps/database/redis/app/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: redis - version: 18.5.0 + version: 18.6.1 sourceRef: kind: HelmRepository name: bitnami diff --git a/kubernetes/main/apps/default/atuin/app/externalsecret.yaml b/kubernetes/main/apps/default/atuin/app/externalsecret.yaml index 2855ef267264b..f5bc2076f2a89 100644 --- a/kubernetes/main/apps/default/atuin/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/atuin/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: atuin-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/authelia/app/externalsecret.yaml b/kubernetes/main/apps/default/authelia/app/externalsecret.yaml index 3b89a5034ad05..94676fb47deb3 100644 --- a/kubernetes/main/apps/default/authelia/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/authelia/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: authelia-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/authelia/app/helmrelease.yaml b/kubernetes/main/apps/default/authelia/app/helmrelease.yaml index 96da40ce60fae..33c9c62a06fa1 100644 --- a/kubernetes/main/apps/default/authelia/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/authelia/app/helmrelease.yaml @@ -47,7 +47,7 @@ spec: main: image: repository: ghcr.io/authelia/authelia - tag: v4.38.0-beta3@sha256:05b25a05109800cbfe969bb8634034749391e429bdf0f3d1be55f00ff421750f + tag: v4.38.0-beta3@sha256:9ad7df91dfec75d2f46d544e3128215b755ee78550b4ed0ed995b5a3fad35458 env: AUTHELIA_SERVER_ADDRESS: tcp://0.0.0.0:80 AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true" diff --git a/kubernetes/main/apps/default/autobrr/app/externalsecret.yaml b/kubernetes/main/apps/default/autobrr/app/externalsecret.yaml index 2a5d38a8cf835..a804066d5cb75 100644 --- a/kubernetes/main/apps/default/autobrr/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/autobrr/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: autobrr-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/cross-seed/app/externalsecret.yaml b/kubernetes/main/apps/default/cross-seed/app/externalsecret.yaml index fba65e7464796..50904afe51bf8 100644 --- a/kubernetes/main/apps/default/cross-seed/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/cross-seed/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: cross-seed-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/frigate/app/externalsecret.yaml b/kubernetes/main/apps/default/frigate/app/externalsecret.yaml index ef0e56859ed29..cecc34f7ea242 100644 --- a/kubernetes/main/apps/default/frigate/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/frigate/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: frigate-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/home-assistant/app/externalsecret.yaml b/kubernetes/main/apps/default/home-assistant/app/externalsecret.yaml index 6dd081c7390a0..2662f526e1226 100644 --- a/kubernetes/main/apps/default/home-assistant/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/home-assistant/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: home-assistant-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/home-assistant/code/helmrelease.yaml b/kubernetes/main/apps/default/home-assistant/code/helmrelease.yaml index 0a9d4fb3cf435..2d0651e4873d3 100644 --- a/kubernetes/main/apps/default/home-assistant/code/helmrelease.yaml +++ b/kubernetes/main/apps/default/home-assistant/code/helmrelease.yaml @@ -35,7 +35,7 @@ spec: main: image: repository: ghcr.io/coder/code-server - tag: 4.19.1 + tag: 4.20.0 env: TZ: America/New_York args: diff --git a/kubernetes/main/apps/default/lldap/app/externalsecret.yaml b/kubernetes/main/apps/default/lldap/app/externalsecret.yaml index 16205938215fc..a175620ba4749 100644 --- a/kubernetes/main/apps/default/lldap/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/lldap/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: lldap-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/miniflux/app/externalsecret.yaml b/kubernetes/main/apps/default/miniflux/app/externalsecret.yaml index 28951e6ada55b..256cf522f4770 100644 --- a/kubernetes/main/apps/default/miniflux/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/miniflux/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: miniflux-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/mosquitto/app/externalsecret.yaml b/kubernetes/main/apps/default/mosquitto/app/externalsecret.yaml index 749ef68e4b10b..54bd04b710720 100644 --- a/kubernetes/main/apps/default/mosquitto/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/mosquitto/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: mosquitto-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/plex/tools/off-deck/externalsecret.yaml b/kubernetes/main/apps/default/plex/tools/off-deck/externalsecret.yaml index 9146f7712d689..dbd668a67c618 100644 --- a/kubernetes/main/apps/default/plex/tools/off-deck/externalsecret.yaml +++ b/kubernetes/main/apps/default/plex/tools/off-deck/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: plex-off-deck-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml b/kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml index 7a892aa46774f..57d6cfa6b383a 100644 --- a/kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/prowlarr/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: prowlarr-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/radarr/app/externalsecret.yaml b/kubernetes/main/apps/default/radarr/app/externalsecret.yaml index 6f5736b5a1a7e..8c1f678dc4106 100644 --- a/kubernetes/main/apps/default/radarr/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/radarr/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: radarr-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/radarr/app/helmrelease.yaml b/kubernetes/main/apps/default/radarr/app/helmrelease.yaml index 29866272623c7..5ad8e8789877e 100644 --- a/kubernetes/main/apps/default/radarr/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/radarr/app/helmrelease.yaml @@ -43,7 +43,7 @@ spec: main: image: repository: ghcr.io/onedr0p/radarr-develop - tag: 5.2.4.8328@sha256:9908d5e7ef16122cfdf80fa0d1fefef743cc598346bc12c3408e645d99012c74 + tag: 5.2.5.8361@sha256:c6b3d06ce98faacdd2e91e70763d0c96ab1421aa4858f45957a14d91ff9490a0 env: # https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518 # https://github.com/dotnet/runtime/issues/9336 diff --git a/kubernetes/main/apps/default/recyclarr/app/externalsecret.yaml b/kubernetes/main/apps/default/recyclarr/app/externalsecret.yaml index 80f89abfdf18a..af19fc8f94d01 100644 --- a/kubernetes/main/apps/default/recyclarr/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/recyclarr/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: recyclarr-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/rtlamr2mqtt/app/externalsecret.yaml b/kubernetes/main/apps/default/rtlamr2mqtt/app/externalsecret.yaml index ce65758533e4e..fd55ae0c793bd 100644 --- a/kubernetes/main/apps/default/rtlamr2mqtt/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/rtlamr2mqtt/app/externalsecret.yaml @@ -11,7 +11,6 @@ spec: name: onepassword-connect target: name: rtlamr2mqtt-secret - creationPolicy: Owner template: templateFrom: - configMap: diff --git a/kubernetes/main/apps/default/sabnzbd/app/externalsecret.yaml b/kubernetes/main/apps/default/sabnzbd/app/externalsecret.yaml index 4df4f1cd1d23f..7342f416bb70d 100644 --- a/kubernetes/main/apps/default/sabnzbd/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/sabnzbd/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: sabnzbd-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/shlink/app/externalsecret.yaml b/kubernetes/main/apps/default/shlink/app/externalsecret.yaml index d68a7e8de5768..891046f9ab255 100644 --- a/kubernetes/main/apps/default/shlink/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/shlink/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: shlink-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/smtp-relay/app/externalsecret.yaml b/kubernetes/main/apps/default/smtp-relay/app/externalsecret.yaml index 51e8bdf32e1fb..dd8699a41ba09 100644 --- a/kubernetes/main/apps/default/smtp-relay/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/smtp-relay/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: smtp-relay-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/sonarr/app/externalsecret.yaml b/kubernetes/main/apps/default/sonarr/app/externalsecret.yaml index 91bf74a2442d7..06b89a72ace3c 100644 --- a/kubernetes/main/apps/default/sonarr/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/sonarr/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: sonarr-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/unpackerr/app/externalsecret.yaml b/kubernetes/main/apps/default/unpackerr/app/externalsecret.yaml index f499a6e0a6c3b..958eac8d34134 100644 --- a/kubernetes/main/apps/default/unpackerr/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/unpackerr/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: unpackerr-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/zigbee2mqtt/app/externalsecret.yaml b/kubernetes/main/apps/default/zigbee2mqtt/app/externalsecret.yaml index 8ecf76c4a12e4..7d88c4db6a89c 100644 --- a/kubernetes/main/apps/default/zigbee2mqtt/app/externalsecret.yaml +++ b/kubernetes/main/apps/default/zigbee2mqtt/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: zigbee2mqtt-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml b/kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml index 44cd7c180505a..9f975a9edd662 100644 --- a/kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml @@ -37,7 +37,7 @@ spec: main: image: repository: ghcr.io/zwave-js/zwave-js-ui - tag: 9.6.0@sha256:716bd40a1ce44f66b2e362202d5eaa0da5cdaa141d7473053ace1cf0d97606e7 + tag: 9.6.2@sha256:cf5eac533babba885390f1fd674d41299dc4e425b3ffde1a813a07af29234469 env: TZ: America/New_York probes: diff --git a/kubernetes/main/apps/flux-system/addons/app/kustomization.yaml b/kubernetes/main/apps/flux-system/addons/app/kustomization.yaml index c6d032d1581ea..feb053584c4dc 100644 --- a/kubernetes/main/apps/flux-system/addons/app/kustomization.yaml +++ b/kubernetes/main/apps/flux-system/addons/app/kustomization.yaml @@ -2,7 +2,6 @@ # yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: flux-system resources: - ./monitoring - ./notifications diff --git a/kubernetes/main/apps/flux-system/addons/app/notifications/alert-manager/notification.yaml b/kubernetes/main/apps/flux-system/addons/app/notifications/alert-manager/notification.yaml index 128c06eba5f4b..fa3a51662728a 100644 --- a/kubernetes/main/apps/flux-system/addons/app/notifications/alert-manager/notification.yaml +++ b/kubernetes/main/apps/flux-system/addons/app/notifications/alert-manager/notification.yaml @@ -4,7 +4,6 @@ apiVersion: notification.toolkit.fluxcd.io/v1beta3 kind: Provider metadata: name: alert-manager - namespace: flux-system spec: type: alertmanager address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/ @@ -14,7 +13,6 @@ apiVersion: notification.toolkit.fluxcd.io/v1beta3 kind: Alert metadata: name: alert-manager - namespace: flux-system spec: providerRef: name: alert-manager diff --git a/kubernetes/main/apps/flux-system/addons/app/notifications/github/externalsecret.yaml b/kubernetes/main/apps/flux-system/addons/app/notifications/github/externalsecret.yaml index a560f1bfa78f1..196a36b62fc6e 100644 --- a/kubernetes/main/apps/flux-system/addons/app/notifications/github/externalsecret.yaml +++ b/kubernetes/main/apps/flux-system/addons/app/notifications/github/externalsecret.yaml @@ -4,14 +4,12 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: github-token - namespace: flux-system spec: secretStoreRef: kind: ClusterSecretStore name: onepassword-connect target: name: github-token-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/flux-system/addons/app/notifications/github/notification.yaml b/kubernetes/main/apps/flux-system/addons/app/notifications/github/notification.yaml index 115ebcbdb27ac..eea2b5d9fbf51 100644 --- a/kubernetes/main/apps/flux-system/addons/app/notifications/github/notification.yaml +++ b/kubernetes/main/apps/flux-system/addons/app/notifications/github/notification.yaml @@ -4,7 +4,6 @@ apiVersion: notification.toolkit.fluxcd.io/v1beta3 kind: Provider metadata: name: github - namespace: flux-system spec: type: github address: https://github.com/onedr0p/home-ops @@ -16,7 +15,6 @@ apiVersion: notification.toolkit.fluxcd.io/v1beta3 kind: Alert metadata: name: github - namespace: flux-system spec: providerRef: name: github diff --git a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/externalsecret.yaml b/kubernetes/main/apps/flux-system/addons/app/webhooks/github/externalsecret.yaml index 29936d1c3faf3..8d466e6c1b873 100644 --- a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/externalsecret.yaml +++ b/kubernetes/main/apps/flux-system/addons/app/webhooks/github/externalsecret.yaml @@ -4,14 +4,12 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: github-webhook-token - namespace: flux-system spec: secretStoreRef: kind: ClusterSecretStore name: onepassword-connect target: name: github-webhook-token-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/ingress.yaml b/kubernetes/main/apps/flux-system/addons/app/webhooks/github/ingress.yaml index 199f3da0f8e26..cabedb9505276 100644 --- a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/ingress.yaml +++ b/kubernetes/main/apps/flux-system/addons/app/webhooks/github/ingress.yaml @@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: webhook-receiver - namespace: flux-system annotations: external-dns.alpha.kubernetes.io/target: external.devbu.io spec: diff --git a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/receiver.yaml b/kubernetes/main/apps/flux-system/addons/app/webhooks/github/receiver.yaml index 156347a211bb5..fd67703a220a0 100644 --- a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/receiver.yaml +++ b/kubernetes/main/apps/flux-system/addons/app/webhooks/github/receiver.yaml @@ -4,7 +4,6 @@ apiVersion: notification.toolkit.fluxcd.io/v1 kind: Receiver metadata: name: home-ops - namespace: flux-system spec: type: github events: diff --git a/kubernetes/main/apps/flux-system/tf-controller/app/externalsecret.yaml b/kubernetes/main/apps/flux-system/tf-controller/app/externalsecret.yaml index 4b47be573b260..e4b64fba9af5c 100644 --- a/kubernetes/main/apps/flux-system/tf-controller/app/externalsecret.yaml +++ b/kubernetes/main/apps/flux-system/tf-controller/app/externalsecret.yaml @@ -11,7 +11,6 @@ spec: name: onepassword-connect target: name: tf-controller-secret - creationPolicy: Owner template: engineVersion: v2 data: @@ -35,7 +34,6 @@ spec: name: onepassword-connect target: name: tf-controller-tfrc-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/flux-system/wego/app/externalsecret.yaml b/kubernetes/main/apps/flux-system/wego/app/externalsecret.yaml index f9fbf9d78d95c..a4031ab911456 100644 --- a/kubernetes/main/apps/flux-system/wego/app/externalsecret.yaml +++ b/kubernetes/main/apps/flux-system/wego/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: cluster-user-auth # weave-gitops expects this name - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/network/cloudflared/app/externalsecret.yaml b/kubernetes/main/apps/network/cloudflared/app/externalsecret.yaml index c88c191496334..73c2bb7fa1e62 100644 --- a/kubernetes/main/apps/network/cloudflared/app/externalsecret.yaml +++ b/kubernetes/main/apps/network/cloudflared/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: cloudflared-tunnel-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/network/external-dns/app/bind/externalsecret.yaml b/kubernetes/main/apps/network/external-dns/app/bind/externalsecret.yaml index bcc359e501b8a..5218e805832dd 100644 --- a/kubernetes/main/apps/network/external-dns/app/bind/externalsecret.yaml +++ b/kubernetes/main/apps/network/external-dns/app/bind/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: external-dns-bind-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/network/external-dns/app/cloudflare/externalsecret.yaml b/kubernetes/main/apps/network/external-dns/app/cloudflare/externalsecret.yaml index 26927b7a0d05d..108962da04747 100644 --- a/kubernetes/main/apps/network/external-dns/app/cloudflare/externalsecret.yaml +++ b/kubernetes/main/apps/network/external-dns/app/cloudflare/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: external-dns-cloudflare-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/network/nginx/external/externalsecret.yaml b/kubernetes/main/apps/network/nginx/external/externalsecret.yaml index 279d9b4d1b313..9771494538423 100644 --- a/kubernetes/main/apps/network/nginx/external/externalsecret.yaml +++ b/kubernetes/main/apps/network/nginx/external/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: nginx-external-maxmind-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/network/nginx/external/helmrelease.yaml b/kubernetes/main/apps/network/nginx/external/helmrelease.yaml index a696f25541127..8898dffbb404f 100644 --- a/kubernetes/main/apps/network/nginx/external/helmrelease.yaml +++ b/kubernetes/main/apps/network/nginx/external/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.8.4 + version: 4.9.0 sourceRef: kind: HelmRepository name: ingress-nginx diff --git a/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml b/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml index 7b09ffa6e6f7d..919a509ff9522 100644 --- a/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml +++ b/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.8.4 + version: 4.9.0 sourceRef: kind: HelmRepository name: ingress-nginx diff --git a/kubernetes/main/apps/observability/gatus/app/externalsecret.yaml b/kubernetes/main/apps/observability/gatus/app/externalsecret.yaml index 67e6b14abd079..0edaa5ba749b0 100644 --- a/kubernetes/main/apps/observability/gatus/app/externalsecret.yaml +++ b/kubernetes/main/apps/observability/gatus/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: gatus-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/observability/grafana/app/externalsecret.yaml b/kubernetes/main/apps/observability/grafana/app/externalsecret.yaml index 5af8d563b21cf..b8ce9f57f890f 100644 --- a/kubernetes/main/apps/observability/grafana/app/externalsecret.yaml +++ b/kubernetes/main/apps/observability/grafana/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: grafana-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/observability/grafana/app/helmrelease.yaml b/kubernetes/main/apps/observability/grafana/app/helmrelease.yaml index eb81e6faeaba2..c75b7e9560f48 100644 --- a/kubernetes/main/apps/observability/grafana/app/helmrelease.yaml +++ b/kubernetes/main/apps/observability/grafana/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: grafana - version: 7.0.17 + version: 7.0.19 sourceRef: kind: HelmRepository name: grafana @@ -222,6 +222,9 @@ spec: external-secrets: url: https://raw.githubusercontent.com/external-secrets/external-secrets/main/docs/snippets/dashboard.json datasource: Prometheus + node-feature-discovery: + url: https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/examples/grafana-dashboard.json + datasource: Prometheus miniflux: url: https://raw.githubusercontent.com/miniflux/v2/main/contrib/grafana/dashboard.json datasource: Prometheus @@ -260,22 +263,22 @@ spec: kubernetes-coredns: # renovate: depName="Kubernetes / System / CoreDNS" gnetId: 15762 - revision: 13 + revision: 14 datasource: Prometheus kubernetes-global: # renovate: depName="Kubernetes / Views / Global" gnetId: 15757 - revision: 31 + revision: 33 datasource: Prometheus kubernetes-namespaces: # renovate: depName="Kubernetes / Views / Namespaces" gnetId: 15758 - revision: 27 + revision: 30 datasource: Prometheus kubernetes-nodes: # renovate: depName="Kubernetes / Views / Nodes" gnetId: 15759 - revision: 19 + revision: 23 datasource: Prometheus kubernetes-pods: # renovate: depName="Kubernetes / Views / Pods" diff --git a/kubernetes/main/apps/observability/kube-prometheus-stack/app/externalsecret.yaml b/kubernetes/main/apps/observability/kube-prometheus-stack/app/externalsecret.yaml index 6f0e47c1d6e2f..e315ad331705c 100644 --- a/kubernetes/main/apps/observability/kube-prometheus-stack/app/externalsecret.yaml +++ b/kubernetes/main/apps/observability/kube-prometheus-stack/app/externalsecret.yaml @@ -11,7 +11,6 @@ spec: name: onepassword-connect target: name: alertmanager-secret - creationPolicy: Owner template: templateFrom: - configMap: diff --git a/kubernetes/main/apps/observability/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/main/apps/observability/kube-prometheus-stack/app/helmrelease.yaml index d7a57bd5b5da7..b43698fcc6df3 100644 --- a/kubernetes/main/apps/observability/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/main/apps/observability/kube-prometheus-stack/app/helmrelease.yaml @@ -189,3 +189,18 @@ spec: multicluster: etcd: enabled: true + postRenderers: + - kustomize: + patches: + - target: + version: v1 + kind: ConfigMap + labelSelector: grafana_dashboard in (1) + patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: not-used + namespace: not-used + annotations: + grafana_folder: Kubernetes diff --git a/kubernetes/main/apps/observability/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml b/kubernetes/main/apps/observability/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml index 609bbcf1adde7..0358210923a9b 100644 --- a/kubernetes/main/apps/observability/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml +++ b/kubernetes/main/apps/observability/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml @@ -3,8 +3,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./expanse.yaml - - ./federation.yaml + # - ./expanse.yaml + # - ./federation.yaml - ./kube-vip.yaml - ./node-exporter.yaml - ./pikvm.yaml diff --git a/kubernetes/main/apps/observability/thanos/app/helmrelease.yaml b/kubernetes/main/apps/observability/thanos/app/helmrelease.yaml index 0a9ecb6eacabd..cdb193a0e0b86 100644 --- a/kubernetes/main/apps/observability/thanos/app/helmrelease.yaml +++ b/kubernetes/main/apps/observability/thanos/app/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: thanos - version: 12.18.0 + version: 12.20.1 sourceRef: kind: HelmRepository name: bitnami @@ -88,6 +88,7 @@ spec: dnsDiscovery: sidecarsService: kube-prometheus-stack-thanos-discovery sidecarsNamespace: observability + stores: ["thanos.turbo.ac:10901"] bucketweb: enabled: true replicaCount: 2 @@ -96,9 +97,9 @@ spec: extraFlags: - --compact.concurrency=4 - --delete-delay=30m - retentionResolutionRaw: 30d - retentionResolution5m: 60d - retentionResolution1h: 90d + retentionResolutionRaw: 14d + retentionResolution5m: 30d + retentionResolution1h: 60d persistence: enabled: true storageClass: local-hostpath diff --git a/kubernetes/main/apps/observability/unpoller/app/helmrelease.yaml b/kubernetes/main/apps/observability/unpoller/app/helmrelease.yaml index 0a78f5743ef3c..c35880879759d 100644 --- a/kubernetes/main/apps/observability/unpoller/app/helmrelease.yaml +++ b/kubernetes/main/apps/observability/unpoller/app/helmrelease.yaml @@ -30,7 +30,7 @@ spec: main: image: repository: ghcr.io/unpoller/unpoller - tag: v2.9.4@sha256:20c161781ac544a7548c8dd533f13498201746efdf0853d4625a1dbfd5652a19 + tag: v2.9.5@sha256:486a63339969fd5207697502e29e4875f4bf7d7ef5c558188b192f2f88fdd3d6 env: TZ: America/New_York UP_UNIFI_DEFAULT_ROLE: home-ops diff --git a/kubernetes/main/apps/observability/vector/app/aggregator/externalsecret.yaml b/kubernetes/main/apps/observability/vector/app/aggregator/externalsecret.yaml index da460eec366f7..37ca991bf3338 100644 --- a/kubernetes/main/apps/observability/vector/app/aggregator/externalsecret.yaml +++ b/kubernetes/main/apps/observability/vector/app/aggregator/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: vector-aggregator-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/app/helmrelease.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/app/helmrelease.yaml index a452bb00b4358..fb2e475522ade 100644 --- a/kubernetes/main/apps/rook-ceph/rook-ceph/app/helmrelease.yaml +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/app/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: rook-ceph - version: v1.13.0 + version: v1.13.1 sourceRef: kind: HelmRepository name: rook-ceph diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/app/kustomization.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/app/kustomization.yaml index 17cbc72b25c80..fb2f8c1206f70 100644 --- a/kubernetes/main/apps/rook-ceph/rook-ceph/app/kustomization.yaml +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/app/kustomization.yaml @@ -3,4 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ./rook-ceph-dashboard-password.secret.sops.yaml - ./helmrelease.yaml diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/app/rook-ceph-dashboard-password.secret.sops.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/app/rook-ceph-dashboard-password.secret.sops.yaml new file mode 100644 index 0000000000000..5a0af9e22d826 --- /dev/null +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/app/rook-ceph-dashboard-password.secret.sops.yaml @@ -0,0 +1,27 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: rook-ceph-dashboard-password +stringData: + password: ENC[AES256_GCM,data:9uWCs4NJS0WWx8k2aeJMtBhWYlY=,iv:cER9i26H33VeAqHUOj/3BuQk07QJCLXLW2Ick1Ao94I=,tag:mdgTJQceztsSD/bje3JunA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzLzNjRm9sdGVVdW43dDcx + Z043dUgvdzIrUk44QmFEdWxvdEp5b1Z4OFc0Cit0OFdTT3hmQ3VCVE12WkhvY2JH + RzhGY1NDd1RVOTJwQWhJQ0NjUE5hR0kKLS0tIGJuZUZHcDRORGVIYkQvYzF0SWZV + WmF4NjJaVXpidWh5ekY1VU9xQkZTOGMKWh2+yLXIWbAaVrlPch77cc+8zStEHA7u + nHVhCmX7NB2LYL8JEHg51/ElHhVowlSJDbeYvudTNAOWpdOd+Kv6iw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-20T00:21:50Z" + mac: ENC[AES256_GCM,data:Pc8SKRKKPnKkp21v6ibxkI9uC6vg6z1V0eEqx/DU7cB90OU3A5z/R+b5p8CfyniKT36PKSHtZ1nPrHdY5yMkd/0dqLqoJcI4CIrsew29FW2EZQD0EuS3MUBymqCNSexTpKwBFvl9SDhfN0uZLXw5IHo2jbLs6YWYBZ3+GY//jf8=,iv:2X0BwTMyKNeZqwcZBHfu9Wzw7Zb93Rg2KdGuvG57D1s=,tag:AwXqKpxNAWQB9PrRoBdjdg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml index dfdd462200c2f..30a8b4a2846d7 100644 --- a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: rook-ceph-cluster - version: v1.13.0 + version: v1.13.1 sourceRef: kind: HelmRepository name: rook-ceph diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml index 17cbc72b25c80..99974dc489025 100644 --- a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/kustomization.yaml @@ -4,3 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./helmrelease.yaml + - ./rgw-external.yaml diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/rgw-external.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/rgw-external.yaml new file mode 100644 index 0000000000000..98d5cdd330d0b --- /dev/null +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/rgw-external.yaml @@ -0,0 +1,53 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/ceph.rook.io/cephobjectstoreuser_v1.json +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: cluster-admin +spec: + # https://rook.io/docs/rook/v1.13/Storage-Configuration/Object-Storage-RGW/object-storage/ + store: ceph-objectstore + displayName: Cluster Admin +--- +apiVersion: v1 +kind: Service +metadata: + name: rook-ceph-rgw-ceph-objectstore-external + namespace: rook-ceph + labels: + app: rook-ceph-rgw + rook_cluster: rook-ceph + rook_object_store: ceph-objectstore +spec: + type: NodePort + selector: + app: rook-ceph-rgw + rook_cluster: rook-ceph + rook_object_store: ceph-objectstore + ports: + - name: rgw + port: 80 + protocol: TCP + targetPort: 80 + sessionAffinity: None +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: rook-ceph-rgw +spec: + ingressClassName: internal + rules: + - host: &host rook-ceph-rgw.devbu.io + http: + paths: + - backend: + service: + name: rook-ceph-rgw-ceph-objectstore-external + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - *host diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/ks.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/ks.yaml index 64864da645014..f3ad1c3f74a7b 100644 --- a/kubernetes/main/apps/rook-ceph/rook-ceph/ks.yaml +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/ks.yaml @@ -11,11 +11,11 @@ spec: labels: app.kubernetes.io/name: *app path: ./kubernetes/main/apps/rook-ceph/rook-ceph/app - prune: false + prune: false # never should be deleted sourceRef: kind: GitRepository name: home-kubernetes - wait: true + wait: false interval: 30m retryInterval: 1m timeout: 5m @@ -32,7 +32,7 @@ spec: labels: app.kubernetes.io/name: *app path: ./kubernetes/main/apps/rook-ceph/rook-ceph/cluster - prune: false + prune: false # never should be deleted sourceRef: kind: GitRepository name: home-kubernetes diff --git a/kubernetes/main/apps/tools/intel-device-plugin/app/helmrelease.yaml b/kubernetes/main/apps/tools/intel-device-plugin/app/helmrelease.yaml index 7f8f61acebcce..856a031ce4130 100644 --- a/kubernetes/main/apps/tools/intel-device-plugin/app/helmrelease.yaml +++ b/kubernetes/main/apps/tools/intel-device-plugin/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: intel-device-plugins-operator - version: 0.28.0 + version: 0.29.0 sourceRef: kind: HelmRepository name: intel diff --git a/kubernetes/main/apps/tools/intel-device-plugin/gpu/helmrelease.yaml b/kubernetes/main/apps/tools/intel-device-plugin/gpu/helmrelease.yaml index b109562ad9e95..3b67b4db490d2 100644 --- a/kubernetes/main/apps/tools/intel-device-plugin/gpu/helmrelease.yaml +++ b/kubernetes/main/apps/tools/intel-device-plugin/gpu/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: intel-device-plugins-gpu - version: 0.28.1-helm.0 + version: 0.29.0 sourceRef: kind: HelmRepository name: intel diff --git a/kubernetes/main/apps/tools/reloader/app/helmrelease.yaml b/kubernetes/main/apps/tools/reloader/app/helmrelease.yaml index e2d4d44a802cb..e7f94e46f8ab2 100644 --- a/kubernetes/main/apps/tools/reloader/app/helmrelease.yaml +++ b/kubernetes/main/apps/tools/reloader/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: reloader - version: 1.0.54 + version: 1.0.56 sourceRef: kind: HelmRepository name: stakater diff --git a/kubernetes/main/apps/tools/system-upgrade-controller/app/helmrelease.yaml b/kubernetes/main/apps/tools/system-upgrade-controller/app/helmrelease.yaml index 13d4e7c062e63..3c22b7b3aae8d 100644 --- a/kubernetes/main/apps/tools/system-upgrade-controller/app/helmrelease.yaml +++ b/kubernetes/main/apps/tools/system-upgrade-controller/app/helmrelease.yaml @@ -38,7 +38,7 @@ spec: SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: 900 SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: 99 SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: IfNotPresent - SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: docker.io/rancher/kubectl:v1.28.4 + SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: docker.io/rancher/kubectl:v1.29.0 SYSTEM_UPGRADE_JOB_PRIVILEGED: true SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: 900 SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m diff --git a/kubernetes/main/apps/tools/system-upgrade-controller/plans/agent.yaml b/kubernetes/main/apps/tools/system-upgrade-controller/plans/agent.yaml index 48bd808641b8e..bcb19cc0901ae 100644 --- a/kubernetes/main/apps/tools/system-upgrade-controller/plans/agent.yaml +++ b/kubernetes/main/apps/tools/system-upgrade-controller/plans/agent.yaml @@ -6,7 +6,7 @@ metadata: name: agent spec: # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.28.4+k3s2" + version: "v1.29.0+k3s1" serviceAccountName: system-upgrade concurrency: 1 nodeSelector: diff --git a/kubernetes/main/apps/tools/system-upgrade-controller/plans/server.yaml b/kubernetes/main/apps/tools/system-upgrade-controller/plans/server.yaml index d3d493a9a18f8..19cdbdc6d516a 100644 --- a/kubernetes/main/apps/tools/system-upgrade-controller/plans/server.yaml +++ b/kubernetes/main/apps/tools/system-upgrade-controller/plans/server.yaml @@ -6,7 +6,7 @@ metadata: name: server spec: # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.28.4+k3s2" + version: "v1.29.0+k3s1" serviceAccountName: system-upgrade concurrency: 1 cordon: true diff --git a/kubernetes/main/bootstrap/flux/kustomization.yaml b/kubernetes/main/bootstrap/flux/kustomization.yaml index 075093f93848c..a698904bfe1f1 100644 --- a/kubernetes/main/bootstrap/flux/kustomization.yaml +++ b/kubernetes/main/bootstrap/flux/kustomization.yaml @@ -5,7 +5,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - github.com/fluxcd/flux2/manifests/install?ref=v2.2.1 + - github.com/fluxcd/flux2/manifests/install?ref=v2.2.2 patches: # Remove the network policies that does not work with k3s - patch: | diff --git a/kubernetes/main/flux/config/flux.yaml b/kubernetes/main/flux/config/flux.yaml index ee9e3d3d1df21..4b2a83140f5e3 100644 --- a/kubernetes/main/flux/config/flux.yaml +++ b/kubernetes/main/flux/config/flux.yaml @@ -9,7 +9,7 @@ spec: interval: 10m url: oci://ghcr.io/fluxcd/flux-manifests ref: - tag: v2.2.1 + tag: v2.2.2 --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 diff --git a/kubernetes/main/templates/volsync/minio.yaml b/kubernetes/main/templates/volsync/minio.yaml index 24282d1e5d7e2..364734f531f59 100644 --- a/kubernetes/main/templates/volsync/minio.yaml +++ b/kubernetes/main/templates/volsync/minio.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: "${APP}-volsync-secret" - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/main/templates/volsync/r2.yaml b/kubernetes/main/templates/volsync/r2.yaml index f109392f5b1a9..3d12e32f115e9 100644 --- a/kubernetes/main/templates/volsync/r2.yaml +++ b/kubernetes/main/templates/volsync/r2.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: "${APP}-volsync-r2-secret" - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/storage/apps/cert-manager/cert-manager/issuers/externalsecret.yaml b/kubernetes/storage/apps/cert-manager/cert-manager/issuers/externalsecret.yaml index 25c41dd7247e8..385b6dac40c88 100644 --- a/kubernetes/storage/apps/cert-manager/cert-manager/issuers/externalsecret.yaml +++ b/kubernetes/storage/apps/cert-manager/cert-manager/issuers/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: cloudflare-secret - creationPolicy: Owner dataFrom: - extract: key: cloudflare diff --git a/kubernetes/storage/apps/default/kopia/app/externalsecret.yaml b/kubernetes/storage/apps/default/kopia/app/externalsecret.yaml index 0cb2895ae0eb2..f342575a47c2a 100644 --- a/kubernetes/storage/apps/default/kopia/app/externalsecret.yaml +++ b/kubernetes/storage/apps/default/kopia/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: kopia-secret - creationPolicy: Owner template: engineVersion: v2 data: @@ -32,7 +31,6 @@ spec: name: onepassword-connect target: name: kopia-repository-secret - creationPolicy: Owner template: templateFrom: - configMap: diff --git a/kubernetes/storage/apps/default/minio/app/externalsecret.yaml b/kubernetes/storage/apps/default/minio/app/externalsecret.yaml index 02a4724de6702..9c72731db8ca6 100644 --- a/kubernetes/storage/apps/default/minio/app/externalsecret.yaml +++ b/kubernetes/storage/apps/default/minio/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: minio-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/storage/apps/default/minio/app/helmrelease.yaml b/kubernetes/storage/apps/default/minio/app/helmrelease.yaml index 2de3034bfbad3..722f6a30d9f34 100644 --- a/kubernetes/storage/apps/default/minio/app/helmrelease.yaml +++ b/kubernetes/storage/apps/default/minio/app/helmrelease.yaml @@ -32,7 +32,7 @@ spec: main: image: repository: quay.io/minio/minio - tag: RELEASE.2023-12-14T18-51-57Z@sha256:62bffc26326ee5c841d7774b1c94712953d315ee5ca603c124206cabc77681d5 + tag: RELEASE.2023-12-20T01-00-02Z@sha256:5702ea3614203466e8e6616469e460567dc0c82def5a024a90426b25ee4a4d23 env: MINIO_API_CORS_ALLOW_ORIGIN: https://minio.turbo.ac,https://s3.turbo.ac MINIO_BROWSER_REDIRECT_URL: https://minio.turbo.ac diff --git a/kubernetes/storage/apps/default/zot/app/helmrelease.yaml b/kubernetes/storage/apps/default/zot/app/helmrelease.yaml index 8f922bd4cb555..06efda95670ad 100644 --- a/kubernetes/storage/apps/default/zot/app/helmrelease.yaml +++ b/kubernetes/storage/apps/default/zot/app/helmrelease.yaml @@ -40,7 +40,7 @@ spec: spec: httpGet: path: /v2/ - port: &port 5000 + port: &port 80 initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 10 diff --git a/kubernetes/storage/apps/default/zot/app/resources/config.json b/kubernetes/storage/apps/default/zot/app/resources/config.json index 1abd66edf971b..cace47c2945f6 100644 --- a/kubernetes/storage/apps/default/zot/app/resources/config.json +++ b/kubernetes/storage/apps/default/zot/app/resources/config.json @@ -9,20 +9,17 @@ }, "http": { "address": "0.0.0.0", - "port": "5000" + "port": "80" }, "log": { "level": "info" }, "extensions": { "search": { - "enable": true, - "cve": { - "updateInterval": "2h" - } + "enable": true }, "scrub": { - "enable": true, + "enable": false, "interval": "24h" }, "sync": { diff --git a/kubernetes/storage/apps/flux-system/wego/app/externalsecret.yaml b/kubernetes/storage/apps/flux-system/wego/app/externalsecret.yaml index f9fbf9d78d95c..a4031ab911456 100644 --- a/kubernetes/storage/apps/flux-system/wego/app/externalsecret.yaml +++ b/kubernetes/storage/apps/flux-system/wego/app/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: cluster-user-auth # weave-gitops expects this name - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/storage/apps/network/external-dns/app/bind/externalsecret.yaml b/kubernetes/storage/apps/network/external-dns/app/bind/externalsecret.yaml index 45db91b02f2f8..294a2d5bcf4f1 100644 --- a/kubernetes/storage/apps/network/external-dns/app/bind/externalsecret.yaml +++ b/kubernetes/storage/apps/network/external-dns/app/bind/externalsecret.yaml @@ -10,7 +10,6 @@ spec: name: onepassword-connect target: name: external-dns-bind-secret - creationPolicy: Owner template: engineVersion: v2 data: diff --git a/kubernetes/storage/apps/network/nginx/internal/helmrelease.yaml b/kubernetes/storage/apps/network/nginx/internal/helmrelease.yaml index a1e24ed3d9f89..a21c13f6e34da 100644 --- a/kubernetes/storage/apps/network/nginx/internal/helmrelease.yaml +++ b/kubernetes/storage/apps/network/nginx/internal/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.8.4 + version: 4.9.0 sourceRef: kind: HelmRepository name: ingress-nginx diff --git a/kubernetes/storage/apps/observability/kube-prometheus-stack/app/externalsecret.yaml b/kubernetes/storage/apps/observability/kube-prometheus-stack/app/externalsecret.yaml new file mode 100644 index 0000000000000..3296a3e93a012 --- /dev/null +++ b/kubernetes/storage/apps/observability/kube-prometheus-stack/app/externalsecret.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: kube-prometheus-stack +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: kube-prometheus-stack-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + objstore.yml: |- + type: s3 + config: + bucket: thanos-v2 + endpoint: rook-ceph-rgw.devbu.io + access_key: {{ .AWS_ACCESS_KEY_ID }} + secret_key: {{ .AWS_SECRET_ACCESS_KEY }} + dataFrom: + - extract: + key: thanos diff --git a/kubernetes/storage/apps/observability/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/storage/apps/observability/kube-prometheus-stack/app/helmrelease.yaml index fbdfa98e878bf..78b1780a6ff75 100644 --- a/kubernetes/storage/apps/observability/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/storage/apps/observability/kube-prometheus-stack/app/helmrelease.yaml @@ -35,8 +35,6 @@ spec: enabled: true alertmanager: enabled: false - defaultRules: - create: false kubelet: enabled: true serviceMonitor: @@ -105,7 +103,12 @@ spec: - hosts: - *host prometheusSpec: + additionalAlertManagerConfigs: + - static_configs: + - targets: + - alertmanager.devbu.io replicas: 1 + replicaExternalLabelName: __replica__ ruleSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false podMonitorSelectorNilUsesHelmValues: false @@ -128,6 +131,24 @@ spec: resources: requests: storage: 20Gi + thanos: + image: quay.io/thanos/thanos:v0.33.0 + objectStorageConfig: + existingSecret: + name: kube-prometheus-stack-secret + key: objstore.yml + # renovate: datasource=docker depName=quay.io/thanos/thanos + version: "0.33.0" + thanosService: + enabled: true + thanosServiceExternal: + enabled: true + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: thanos.turbo.ac + externalTrafficPolicy: Cluster + thanosServiceMonitor: + enabled: true nodeExporter: enabled: true prometheus-node-exporter: diff --git a/kubernetes/storage/apps/observability/kube-prometheus-stack/app/kustomization.yaml b/kubernetes/storage/apps/observability/kube-prometheus-stack/app/kustomization.yaml index 17cbc72b25c80..4eed917b96fa1 100644 --- a/kubernetes/storage/apps/observability/kube-prometheus-stack/app/kustomization.yaml +++ b/kubernetes/storage/apps/observability/kube-prometheus-stack/app/kustomization.yaml @@ -3,4 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ./externalsecret.yaml - ./helmrelease.yaml diff --git a/kubernetes/storage/apps/tools/reloader/app/helmrelease.yaml b/kubernetes/storage/apps/tools/reloader/app/helmrelease.yaml index e2d4d44a802cb..e7f94e46f8ab2 100644 --- a/kubernetes/storage/apps/tools/reloader/app/helmrelease.yaml +++ b/kubernetes/storage/apps/tools/reloader/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: reloader - version: 1.0.54 + version: 1.0.56 sourceRef: kind: HelmRepository name: stakater diff --git a/kubernetes/storage/apps/tools/system-upgrade-controller/app/helmrelease.yaml b/kubernetes/storage/apps/tools/system-upgrade-controller/app/helmrelease.yaml index 13d4e7c062e63..3c22b7b3aae8d 100644 --- a/kubernetes/storage/apps/tools/system-upgrade-controller/app/helmrelease.yaml +++ b/kubernetes/storage/apps/tools/system-upgrade-controller/app/helmrelease.yaml @@ -38,7 +38,7 @@ spec: SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: 900 SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: 99 SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: IfNotPresent - SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: docker.io/rancher/kubectl:v1.28.4 + SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: docker.io/rancher/kubectl:v1.29.0 SYSTEM_UPGRADE_JOB_PRIVILEGED: true SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: 900 SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m diff --git a/kubernetes/storage/apps/tools/system-upgrade-controller/plans/agent.yaml b/kubernetes/storage/apps/tools/system-upgrade-controller/plans/agent.yaml index 48bd808641b8e..bcb19cc0901ae 100644 --- a/kubernetes/storage/apps/tools/system-upgrade-controller/plans/agent.yaml +++ b/kubernetes/storage/apps/tools/system-upgrade-controller/plans/agent.yaml @@ -6,7 +6,7 @@ metadata: name: agent spec: # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.28.4+k3s2" + version: "v1.29.0+k3s1" serviceAccountName: system-upgrade concurrency: 1 nodeSelector: diff --git a/kubernetes/storage/apps/tools/system-upgrade-controller/plans/server.yaml b/kubernetes/storage/apps/tools/system-upgrade-controller/plans/server.yaml index d3d493a9a18f8..19cdbdc6d516a 100644 --- a/kubernetes/storage/apps/tools/system-upgrade-controller/plans/server.yaml +++ b/kubernetes/storage/apps/tools/system-upgrade-controller/plans/server.yaml @@ -6,7 +6,7 @@ metadata: name: server spec: # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.28.4+k3s2" + version: "v1.29.0+k3s1" serviceAccountName: system-upgrade concurrency: 1 cordon: true diff --git a/kubernetes/storage/bootstrap/flux/kustomization.yaml b/kubernetes/storage/bootstrap/flux/kustomization.yaml index 075093f93848c..a698904bfe1f1 100644 --- a/kubernetes/storage/bootstrap/flux/kustomization.yaml +++ b/kubernetes/storage/bootstrap/flux/kustomization.yaml @@ -5,7 +5,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - github.com/fluxcd/flux2/manifests/install?ref=v2.2.1 + - github.com/fluxcd/flux2/manifests/install?ref=v2.2.2 patches: # Remove the network policies that does not work with k3s - patch: | diff --git a/kubernetes/storage/flux/config/flux.yaml b/kubernetes/storage/flux/config/flux.yaml index 61bb50e3bb586..2e7c398e4f979 100644 --- a/kubernetes/storage/flux/config/flux.yaml +++ b/kubernetes/storage/flux/config/flux.yaml @@ -9,7 +9,7 @@ spec: interval: 10m url: oci://ghcr.io/fluxcd/flux-manifests ref: - tag: v2.2.1 + tag: v2.2.2 --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 diff --git a/terraform/main/cloudflare/.terraform.lock.hcl b/terraform/main/cloudflare/.terraform.lock.hcl index eadf5c351539b..1dae4352fb6b3 100644 --- a/terraform/main/cloudflare/.terraform.lock.hcl +++ b/terraform/main/cloudflare/.terraform.lock.hcl @@ -60,31 +60,31 @@ provider "registry.terraform.io/cloudflare/cloudflare" { } provider "registry.terraform.io/hashicorp/http" { - version = "3.4.0" - constraints = "3.4.0" + version = "3.4.1" + constraints = "3.4.1" hashes = [ - "h1:AaRLrzxA1t02OIwO32uLp85npqRLZSwPFgrHxb9qp0c=", - "h1:Ebz2ySdvdNR8T1LBlKYjkUVShfDZQOeoEPwE7Kt1R3o=", - "h1:QXyGXwWgTmlhJZhlsZpkZ/Bz0YKzmwO8zmmRM09Jnzc=", - "h1:YWO/DmxRoJwzMcQavmIKO5pTavIPt0bbBRZBpBaC8MY=", - "h1:YifspScDMuGENA14TfTr7fByjWYq1GGNmAULIBXzHGk=", - "h1:ZWoE0ARqUMnujHu62cMkmjF2+FoWwUn9YbHjiKPq0e8=", - "h1:ZYJW4peMhgPv5SxYCCBJ9LB5tWz7Z/q2UoIBGiuDgvI=", - "h1:gLCUuF4yN2uNA0FjVXCJd65ZnI8VKJVsZEYKRem1JUM=", - "h1:h3URn6qAnP36OlSqI1tTuKgPL3GriZaJia9ZDrUvRdg=", - "h1:m0d6+9xK/9TJSE9Z6nM4IwHXZgod4/jkdsf7CZSpUvo=", - "h1:tVyo3HTmBDTeaPRhOXucb5eyRouvXlTydHXPyVLAAFA=", - "zh:56712497a87bc4e91bbaf1a5a2be4b3f9cfa2384baeb20fc9fad0aff8f063914", - "zh:6661355e1090ebacab16a40ede35b029caffc279d67da73a000b6eecf0b58eba", - "zh:67b92d343e808b92d7e6c3bbcb9b9d5475fecfed0836963f7feb9d9908bd4c4f", + "h1:0ZTpURRPf/5CZCjbo06yZhxnpqOe3YLpKXzbmyLZ0eQ=", + "h1:8LwXr5bVU7HepPkfzXge3fBNN6A14LeWgbtm7T1g/iA=", + "h1:9qCkAyW738gFicV6cSLs1EKPLxyJ//D231+eWEMGLtw=", + "h1:FheIljbOzcw9WXX28reLCaNrQlZuE49S6oBFeT6qoaU=", + "h1:LwCRujohuC7VQb6QtaZHA4BPgwkUALO7MlmZXgYTUYE=", + "h1:RLJ1zsc2ScUFapTANM91XHyAY7715gP3yPlBOcaBKuk=", + "h1:UQUGsexUBuu7mC3YG4soR66fhVYPeo6+zB7sUtR3evU=", + "h1:WHowkin6m5sX2+SjPVI3kMOkWpFQf8jd2cDlZa0NF/4=", + "h1:cRuTokLfCeRUISqxeoQBVkYyW8gWDs0+2/fVsfFVIvk=", + "h1:qWyzt0smtLitATspBvlcntwRlyTLnbxpkVV4INmq1PQ=", + "h1:uJ4vgW0m1oBYNHXrltZ9xI34EXlkaJgL2vyGssBFNv4=", + "zh:2a79832069a34e88ec997fb8d2c2bdad6f40bfe93a4ae5e6e7f0caf4eea2a9e5", + "zh:37d3611857ab207e1565e441a2df9020b1326b7df31e5656165cb6817306494b", + "zh:48cc974b12544be18c18bfcb5ea21a4818d03b897e96fb9b4d0d9303883cb3fa", + "zh:4b8da2ffe868082830173fdcc8632e2705918e0396c72158d7822650bb1d3bf6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:86ebb9be9b685c96dbb5c024b55d87526d57a4b127796d6046344f8294d3f28e", - "zh:902be7cfca4308cba3e1e7ba6fc292629dfd150eb9a9f054a854fa1532b0ceba", - "zh:9ba26e0215cd53b21fe26a0a98c007de1348b7d13a75ae3cfaf7729e0f2c50bb", - "zh:a195c941e1f1526147134c257ff549bea4c89c953685acd3d48d9de7a38f39dc", - "zh:a7967b3d2a8c3e7e1dc9ae381ca753268f9fce756466fe2fc9e414ca2d85a92e", - "zh:bde56542e9a093434d96bea21c341285737c6d38fea2f05e12ba7b333f3e9c05", - "zh:c0306f76903024c497fd01f9fd9bace5854c263e87a97bc2e89dcc96d35ca3cc", - "zh:f9335a6c336171e85f8e3e99c3d31758811a19aeb21fa8c9013d427e155ae2a9", + "zh:8148614299a21be04dd11268047e110df3ce9ef585d6240bed2f196839946efa", + "zh:a6d583cb70b1355fbc7b1c2cffaa53e4703b04ced9d0ecf78708129ce7072128", + "zh:a95f770e8913dd48fde8836cf993fafdbf7da5308a6fbd3d455cb10737742990", + "zh:b36784e6602e6ae7ba67560ebcfd055b4448cb0edf9bf35744c2f32ddbd8fa2d", + "zh:c23b37fd9e481269fc55735b24c7e8877057c08b42671c796816409d54486a1c", + "zh:df07252b27120020d91d7ad11f7ea92832d8df2e81b55a658ac1eb93dc6b8d18", + "zh:e44dc5a1fd5995bfd21d385949d539c619e8b37b69875bd92ad4aa18e2435722", ] } diff --git a/terraform/main/cloudflare/main.tf b/terraform/main/cloudflare/main.tf index 89e6c441f7efc..624b7d2ce43c2 100644 --- a/terraform/main/cloudflare/main.tf +++ b/terraform/main/cloudflare/main.tf @@ -13,7 +13,7 @@ terraform { } http = { source = "hashicorp/http" - version = "3.4.0" + version = "3.4.1" } } required_version = ">= 1.3.0"