From 4bc1182265a4ec7e4902f9d51f15441fba882046 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 08:07:53 +0900 Subject: [PATCH 0001/1209] add Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/deployment.yaml | 72 ----------- k8s/apps/fitbit-manager/externalsecret.yaml | 32 ----- k8s/apps/fitbit-manager/image-policy.yaml | 45 ------- k8s/apps/fitbit-manager/ingress.yaml | 17 --- k8s/apps/fitbit-manager/kustomization.yaml | 9 -- k8s/apps/fitbit-manager/service.yaml | 14 --- k8s/argocdapps/fitbit-manager/app.json5 | 4 + .../fitbit-manager/deployment.jsonnet | 119 ++++++++++++++++++ .../fitbit-manager/external-secret.jsonnet | 40 ++++++ k8s/argocdapps/fitbit-manager/ingress.jsonnet | 33 +++++ k8s/argocdapps/fitbit-manager/service.jsonnet | 22 ++++ 11 files changed, 218 insertions(+), 189 deletions(-) delete mode 100644 k8s/apps/fitbit-manager/deployment.yaml delete mode 100644 k8s/apps/fitbit-manager/externalsecret.yaml delete mode 100644 k8s/apps/fitbit-manager/image-policy.yaml delete mode 100644 k8s/apps/fitbit-manager/ingress.yaml delete mode 100644 k8s/apps/fitbit-manager/kustomization.yaml delete mode 100644 k8s/apps/fitbit-manager/service.yaml create mode 100644 k8s/argocdapps/fitbit-manager/app.json5 create mode 100644 k8s/argocdapps/fitbit-manager/deployment.jsonnet create mode 100644 k8s/argocdapps/fitbit-manager/external-secret.jsonnet create mode 100644 k8s/argocdapps/fitbit-manager/ingress.jsonnet create mode 100644 k8s/argocdapps/fitbit-manager/service.jsonnet diff --git a/k8s/apps/fitbit-manager/deployment.yaml b/k8s/apps/fitbit-manager/deployment.yaml deleted file mode 100644 index 3e656324b..000000000 --- a/k8s/apps/fitbit-manager/deployment.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: fitbit-manager - labels: - app: fitbit-manager -spec: - replicas: 1 - selector: - matchLabels: - app: fitbit-manager - template: - metadata: - labels: - app: fitbit-manager - spec: - containers: - - name: fitbit-manager - securityContext: - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - image: ghcr.io/walnuts1018/fitbit-manager:0.8.3 # {"$imagepolicy": "default:fitbit-manager"} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - resources: - limits: {} - requests: - memory: 10Mi - env: - - name: GIN_MODE - value: "release" - - name: CLIENT_ID - valueFrom: - secretKeyRef: - name: fitbit-manager-secret - key: client_id - - name: CLIENT_SECRET - valueFrom: - secretKeyRef: - name: fitbit-manager-secret - key: client_secret - - name: COOKIE_SECRET - valueFrom: - secretKeyRef: - name: fitbit-manager-secret - key: cookie_secret - - name: PSQL_ENDPOINT - value: "postgresql-default.databases.svc.cluster.local" - - name: PSQL_PORT - value: "5432" - - name: PSQL_DATABASE - value: "fitbit_manager" - - name: PSQL_USER - value: "fitbit_manager" - - name: PSQL_PASSWORD - valueFrom: - secretKeyRef: - name: fitbit-manager-secret - key: postgres_password - - name: INFLUXDB_ENDPOINT - value: "http://influxdb-influxdb2.databases.svc.cluster.local" - - name: INFLUXDB_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: fitbit-manager-secret - key: influxdb_auth_token - - name: INFLUXDB_ORG - value: "influxdata" - - name: INFLUXDB_BUCKET - value: "fitbit_manager" diff --git a/k8s/apps/fitbit-manager/externalsecret.yaml b/k8s/apps/fitbit-manager/externalsecret.yaml deleted file mode 100644 index d2c75945d..000000000 --- a/k8s/apps/fitbit-manager/externalsecret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: fitbit-manager-secret -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: fitbit-manager-secret - data: - - secretKey: client_id - remoteRef: - key: fitbit_manager - property: client_id - - secretKey: client_secret - remoteRef: - key: fitbit_manager - property: client_secret - - secretKey: cookie_secret - remoteRef: - key: fitbit_manager - property: cookie_secret - - secretKey: postgres_password - remoteRef: - key: postgres_passwords - property: fitbit-manager - - secretKey: influxdb_auth_token - remoteRef: - key: influxdb - property: fitbit-manager-auth-token diff --git a/k8s/apps/fitbit-manager/image-policy.yaml b/k8s/apps/fitbit-manager/image-policy.yaml deleted file mode 100644 index 3ddd86774..000000000 --- a/k8s/apps/fitbit-manager/image-policy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: fitbit-manager -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/fitbit-manager - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/fitbit-manager - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: fitbit-manager -spec: - image: ghcr.io/walnuts1018/fitbit-manager - interval: 2m0s - secretRef: - name: ghcr-login-secret ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: fitbit-manager -spec: - imageRepositoryRef: - name: fitbit-manager - policy: - semver: - range: ">=0.0.0" diff --git a/k8s/apps/fitbit-manager/ingress.yaml b/k8s/apps/fitbit-manager/ingress.yaml deleted file mode 100644 index 882e8a375..000000000 --- a/k8s/apps/fitbit-manager/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: fitbit-manager -spec: - ingressClassName: "nginx" - rules: - - host: "fitbit.walnuts.dev" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: fitbit-manager - port: - number: 8080 diff --git a/k8s/apps/fitbit-manager/kustomization.yaml b/k8s/apps/fitbit-manager/kustomization.yaml deleted file mode 100644 index 5e13e8fe1..000000000 --- a/k8s/apps/fitbit-manager/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: -- deployment.yaml -- service.yaml -- externalsecret.yaml -- ingress.yaml -- image-policy.yaml diff --git a/k8s/apps/fitbit-manager/service.yaml b/k8s/apps/fitbit-manager/service.yaml deleted file mode 100644 index 3420ac41e..000000000 --- a/k8s/apps/fitbit-manager/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: fitbit-manager - labels: - app: fitbit-manager -spec: - ports: - - name: http - port: 8080 - targetPort: 8080 - selector: - app: fitbit-manager - type: ClusterIP diff --git a/k8s/argocdapps/fitbit-manager/app.json5 b/k8s/argocdapps/fitbit-manager/app.json5 new file mode 100644 index 000000000..527e1951f --- /dev/null +++ b/k8s/argocdapps/fitbit-manager/app.json5 @@ -0,0 +1,4 @@ +{ + name: "fitbit-manager", + namespace: "fitbit-manager", +} diff --git a/k8s/argocdapps/fitbit-manager/deployment.jsonnet b/k8s/argocdapps/fitbit-manager/deployment.jsonnet new file mode 100644 index 000000000..341320175 --- /dev/null +++ b/k8s/argocdapps/fitbit-manager/deployment.jsonnet @@ -0,0 +1,119 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + template: { + metadata: { + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + containers: [ + { + name: 'fitbit-manager', + image: 'ghcr.io/walnuts1018/fitbit-manager:0.8.3', + imagePullPolicy: 'IfNotPresent', + ports: [ + { + containerPort: 8080, + }, + ], + resources: { + limits: {}, + requests: { + memory: '10Mi', + }, + }, + env: [ + { + name: 'GIN_MODE', + value: 'release', + }, + { + name: 'CLIENT_ID', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'client_id', + }, + }, + }, + { + name: 'CLIENT_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'client_secret', + }, + }, + }, + { + name: 'COOKIE_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'cookie_secret', + }, + }, + }, + { + name: 'PSQL_ENDPOINT', + value: 'postgresql-default.databases.svc.cluster.local', + }, + { + name: 'PSQL_PORT', + value: '5432', + }, + { + name: 'PSQL_DATABASE', + value: 'fitbit_manager', + }, + { + name: 'PSQL_USER', + value: 'fitbit_manager', + }, + { + name: 'PSQL_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'postgres_password', + }, + }, + }, + { + name: 'INFLUXDB_ENDPOINT', + value: 'http://influxdb-influxdb2.databases.svc.cluster.local', + }, + { + name: 'INFLUXDB_AUTH_TOKEN', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'influxdb_auth_token', + }, + }, + }, + { + name: 'INFLUXDB_ORG', + value: 'influxdata', + }, + { + name: 'INFLUXDB_BUCKET', + value: 'fitbit_manager', + }, + ], + }, + ], + }, + }, + }, +} diff --git a/k8s/argocdapps/fitbit-manager/external-secret.jsonnet b/k8s/argocdapps/fitbit-manager/external-secret.jsonnet new file mode 100644 index 000000000..9122b76cd --- /dev/null +++ b/k8s/argocdapps/fitbit-manager/external-secret.jsonnet @@ -0,0 +1,40 @@ +(import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + data: [ + { + secretKey: 'client_id', + remoteRef: { + key: 'fitbit_manager', + property: 'client_id', + }, + }, + { + secretKey: 'client_secret', + remoteRef: { + key: 'fitbit_manager', + property: 'client_secret', + }, + }, + { + secretKey: 'cookie_secret', + remoteRef: { + key: 'fitbit_manager', + property: 'cookie_secret', + }, + }, + { + secretKey: 'postgres_password', + remoteRef: { + key: 'postgres_passwords', + property: 'fitbit-manager', + }, + }, + { + secretKey: 'influxdb_auth_token', + remoteRef: { + key: 'influxdb', + property: 'fitbit-manager-auth-token', + }, + }, + ], +} diff --git a/k8s/argocdapps/fitbit-manager/ingress.jsonnet b/k8s/argocdapps/fitbit-manager/ingress.jsonnet new file mode 100644 index 000000000..b8a13476f --- /dev/null +++ b/k8s/argocdapps/fitbit-manager/ingress.jsonnet @@ -0,0 +1,33 @@ +{ + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + ingressClassName: 'nginx', + rules: [ + { + host: 'fitbit.walnuts.dev', + http: { + paths: [ + { + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: (import 'service.jsonnet').metadata.name, + port: { + number: 8080, + }, + }, + }, + }, + ], + }, + }, + ], + }, +} diff --git a/k8s/argocdapps/fitbit-manager/service.jsonnet b/k8s/argocdapps/fitbit-manager/service.jsonnet new file mode 100644 index 000000000..ec223cfdb --- /dev/null +++ b/k8s/argocdapps/fitbit-manager/service.jsonnet @@ -0,0 +1,22 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + ports: [ + { + name: 'http', + port: 8080, + targetPort: 8080, + }, + ], + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + type: 'ClusterIP', + }, +} From 506048d72ff5b0c8a0ea6c0b2e1a632c367a0feb Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 23:08:13 +0000 Subject: [PATCH 0002/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 7be54879d..22190d8e8 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-secrets","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","walnuts-dev","zitadel"] +["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","walnuts-dev","zitadel"] From e52b014b18d573faa1622516fc6e773ce9b0b828 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 08:09:06 +0900 Subject: [PATCH 0003/1209] add Signed-off-by: walnuts1018 --- k8s/argocdapps/github-readme-stats/ingress.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argocdapps/github-readme-stats/ingress.jsonnet b/k8s/argocdapps/github-readme-stats/ingress.jsonnet index b8f44553a..6f3daf451 100644 --- a/k8s/argocdapps/github-readme-stats/ingress.jsonnet +++ b/k8s/argocdapps/github-readme-stats/ingress.jsonnet @@ -18,7 +18,7 @@ pathType: 'Prefix', backend: { service: { - name: (import 'service.json5').metadata.name, + name: (import 'service.jsonnet').metadata.name, port: { number: 80, }, From 1340de4302704856c07965b92199ceca3a7a1856 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 08:12:34 +0900 Subject: [PATCH 0004/1209] add sandbox Signed-off-by: walnuts1018 --- k8s/argocdapps/http-dump/app.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argocdapps/http-dump/app.json5 b/k8s/argocdapps/http-dump/app.json5 index 5d0456dd4..bbaa007fb 100644 --- a/k8s/argocdapps/http-dump/app.json5 +++ b/k8s/argocdapps/http-dump/app.json5 @@ -1,4 +1,4 @@ { name: "http-dump", - namespace: "default", + namespace: "sandbox", } From 43a810b39f064c80b2cc5f0e08dffee454cdd997 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 23:13:00 +0000 Subject: [PATCH 0005/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 22190d8e8..3368cbf5a 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","walnuts-dev","zitadel"] +["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","walnuts-dev","zitadel"] From 839289492768892ec0b13f086f7e0632885ad0ce Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 08:13:15 +0900 Subject: [PATCH 0006/1209] add Signed-off-by: walnuts1018 --- k8s/argocdapps/http-dump/app.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argocdapps/http-dump/app.json5 b/k8s/argocdapps/http-dump/app.json5 index bbaa007fb..5d0456dd4 100644 --- a/k8s/argocdapps/http-dump/app.json5 +++ b/k8s/argocdapps/http-dump/app.json5 @@ -1,4 +1,4 @@ { name: "http-dump", - namespace: "sandbox", + namespace: "default", } From 4bd4fe1c2783e4625d9dd50bde81c611c0638f95 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 08:13:31 +0900 Subject: [PATCH 0007/1209] add wakatime-to-slack-profile Signed-off-by: walnuts1018 --- k8s/argocdapps/wakatime-to-slack-profile/app.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argocdapps/wakatime-to-slack-profile/app.json5 b/k8s/argocdapps/wakatime-to-slack-profile/app.json5 index fac24c6d6..6a908b843 100644 --- a/k8s/argocdapps/wakatime-to-slack-profile/app.json5 +++ b/k8s/argocdapps/wakatime-to-slack-profile/app.json5 @@ -1,4 +1,4 @@ { name: "wakatime-to-slack-profile", - namespace: "default", + namespace: "wakatime-to-slack-profile", } From 88b9c0d72a1b4143045a091c958d905b8f270bcd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 23:13:51 +0000 Subject: [PATCH 0008/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 3368cbf5a..a0635fd8d 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","walnuts-dev","zitadel"] +["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From df5a577122c6533eaebaff6581124bf2d26dcf51 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 08:17:00 +0900 Subject: [PATCH 0009/1209] add Signed-off-by: walnuts1018 --- k8s/argocdapps/github-readme-stats/service.jsonnet | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/k8s/argocdapps/github-readme-stats/service.jsonnet b/k8s/argocdapps/github-readme-stats/service.jsonnet index b74090b88..dc69ba5fc 100644 --- a/k8s/argocdapps/github-readme-stats/service.jsonnet +++ b/k8s/argocdapps/github-readme-stats/service.jsonnet @@ -7,9 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - selector: { - matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, + selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, ports: [ { protocol: 'TCP', From 2260353876e2d211b07c84beb107073d3d666f49 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 08:21:05 +0900 Subject: [PATCH 0010/1209] add Signed-off-by: walnuts1018 --- k8s/argocdapps/fitbit-manager/service.jsonnet | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/k8s/argocdapps/fitbit-manager/service.jsonnet b/k8s/argocdapps/fitbit-manager/service.jsonnet index ec223cfdb..528b7a599 100644 --- a/k8s/argocdapps/fitbit-manager/service.jsonnet +++ b/k8s/argocdapps/fitbit-manager/service.jsonnet @@ -14,9 +14,7 @@ targetPort: 8080, }, ], - selector: { - matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, + selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, type: 'ClusterIP', }, } From d75a0c5d6c2dcc4e53b6b472c5226fc443cbe19e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 00:20:50 +0000 Subject: [PATCH 0011/1209] Update Helm release argo-cd to v7.7.0 --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 86a38e522..cf0fe948e 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.6.12', + targetRevision: '7.7.0', values: (importstr 'values.yaml'), } From c6f63437551a270bcb6618aa86141197979478d6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 11:02:22 +0000 Subject: [PATCH 0012/1209] Update Helm release kube-prometheus-stack to v65.7.0 --- k8s/argocdapps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argocdapps/prometheus-stack/helm.jsonnet b/k8s/argocdapps/prometheus-stack/helm.jsonnet index aaa098888..aaf896661 100644 --- a/k8s/argocdapps/prometheus-stack/helm.jsonnet +++ b/k8s/argocdapps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '65.6.0', + targetRevision: '65.7.0', values: (importstr 'values.yaml'), } From 590e439c4b8aacbf9afa576dd1f986dab673ede7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 20:03:57 +0900 Subject: [PATCH 0013/1209] add snmp-exporter Signed-off-by: walnuts1018 --- k8s/apps/snmp-exporter/helm.yaml | 2556 ----------------- k8s/apps/snmp-exporter/kustomization.yaml | 7 - k8s/argocdapps/snmp-exporter/app.json5 | 4 + .../snmp-exporter/config}/generator.yaml | 0 k8s/argocdapps/snmp-exporter/helm.jsonnet | 9 + k8s/argocdapps/snmp-exporter/values.yaml | 2539 ++++++++++++++++ 6 files changed, 2552 insertions(+), 2563 deletions(-) delete mode 100644 k8s/apps/snmp-exporter/helm.yaml delete mode 100644 k8s/apps/snmp-exporter/kustomization.yaml create mode 100644 k8s/argocdapps/snmp-exporter/app.json5 rename k8s/{apps/snmp-exporter => argocdapps/snmp-exporter/config}/generator.yaml (100%) create mode 100644 k8s/argocdapps/snmp-exporter/helm.jsonnet create mode 100644 k8s/argocdapps/snmp-exporter/values.yaml diff --git a/k8s/apps/snmp-exporter/helm.yaml b/k8s/apps/snmp-exporter/helm.yaml deleted file mode 100644 index b95f9d058..000000000 --- a/k8s/apps/snmp-exporter/helm.yaml +++ /dev/null @@ -1,2556 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: snmp-exporter -spec: - url: https://prometheus-community.github.io/helm-charts ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: snmp-exporter -spec: - chart: - spec: - chart: prometheus-snmp-exporter - version: 5.6.0 - values: - serviceMonitor: - enabled: true - params: - - name: ix2215 - target: "192.168.0.1" - module: - - nec_ix - config: | - # WARNING: This file was auto-generated using snmp_exporter generator, manual changes will be lost. - auths: - public_v1: - community: public - security_level: noAuthNoPriv - auth_protocol: MD5 - priv_protocol: DES - version: 1 - public_v2: - community: public - security_level: noAuthNoPriv - auth_protocol: MD5 - priv_protocol: DES - version: 2 - modules: - nec_ix: - walk: - - 1.3.6.1.4.1.119.2.3.84.1 - - 1.3.6.1.4.1.119.2.3.84.10 - - 1.3.6.1.4.1.119.2.3.84.11 - - 1.3.6.1.4.1.119.2.3.84.12 - - 1.3.6.1.4.1.119.2.3.84.13 - - 1.3.6.1.4.1.119.2.3.84.14 - - 1.3.6.1.4.1.119.2.3.84.15 - - 1.3.6.1.4.1.119.2.3.84.2 - - 1.3.6.1.4.1.119.2.3.84.3 - - 1.3.6.1.4.1.119.2.3.84.4 - - 1.3.6.1.4.1.119.2.3.84.5 - - 1.3.6.1.4.1.119.2.3.84.6 - - 1.3.6.1.4.1.119.2.3.84.7 - - 1.3.6.1.4.1.119.2.3.84.8 - - 1.3.6.1.4.1.119.2.3.84.9 - metrics: - - name: picoPostIndex - oid: 1.3.6.1.4.1.119.2.3.84.10.1.1.1.1 - type: gauge - help: Unique index for each POST. - 1.3.6.1.4.1.119.2.3.84.10.1.1.1.1 - indexes: - - labelname: picoPostIndex - type: gauge - - name: picoPostFail - oid: 1.3.6.1.4.1.119.2.3.84.10.1.1.1.2 - type: DisplayString - help: POST fail information - 1.3.6.1.4.1.119.2.3.84.10.1.1.1.2 - indexes: - - labelname: picoPostIndex - type: gauge - - name: picoMobileDeviceIndex - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.1 - type: gauge - help: The unique index for each Mobile module. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.1 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceVendorName - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.2 - type: DisplayString - help: The object of the vendor name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.2 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceName - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.3 - type: DisplayString - help: The object of the device name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.3 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceProductID - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.4 - type: DisplayString - help: The object of the product ID. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.4 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceSoftwareVersion - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.5 - type: DisplayString - help: The object of the software version. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.5 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceSignalBar - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.6 - type: gauge - help: The object of the signal bar. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.6 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceSignalStrength - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.7 - type: gauge - help: 'The signal strength can be: unknown(-1) :signal strength is unknown out-range(0):signal strength is 0 weak(1) :signal strength is 1 low(2) :signal strength is 2 high(3) :signal strength is 3 - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.7' - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - enum_values: - -1: unknown - 0: out-range - 1: weak - 2: low - 3: high - - name: picoMobileDeviceSignalQuality - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.8 - type: DisplayString - help: The object of the signal quality. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.8 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceSignalElapsedTime - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.9 - type: gauge - help: The object of the elapsed time after signal acquiring. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.9 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceRadioInterface - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.10 - type: DisplayString - help: The object of the radio interface. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.10 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceCarrier - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.11 - type: DisplayString - help: The object of the carrier name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.11 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceDialerString - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.12 - type: DisplayString - help: The object of the dialer string. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.12 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceDialStatus - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.13 - type: gauge - help: 'The dial status can be: disconnected(0):dial status is disconnected - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.13' - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - enum_values: - 0: disconnected - 1: connect - 2: cancel - 3: connected - 4: postprocess - - name: picoMobileDeviceInRangeCounts - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.14 - type: gauge - help: The in-range statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.14 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceOutRangeCounts - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.15 - type: gauge - help: The out-range statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.15 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoMobileDeviceResetCounts - oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.16 - type: gauge - help: The reset device statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.16 - indexes: - - labelname: picoMobileDeviceIndex - type: gauge - - name: picoIPv4CacheEntries - oid: 1.3.6.1.4.1.119.2.3.84.12.1.1 - type: gauge - help: The number of current IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.1 - - name: picoIPv4CachePeaks - oid: 1.3.6.1.4.1.119.2.3.84.12.1.2 - type: gauge - help: The peak value of IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.2 - - name: picoIPv4CacheCreates - oid: 1.3.6.1.4.1.119.2.3.84.12.1.3 - type: counter - help: The total count of created IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.3 - - name: picoIPv4CacheOverflows - oid: 1.3.6.1.4.1.119.2.3.84.12.1.4 - type: counter - help: The total count of IPv4 cache overflow. - 1.3.6.1.4.1.119.2.3.84.12.1.4 - - name: picoIPv4UFSCacheEntries - oid: 1.3.6.1.4.1.119.2.3.84.12.2.1 - type: gauge - help: The number of current IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.1 - - name: picoIPv4UFSCachePeaks - oid: 1.3.6.1.4.1.119.2.3.84.12.2.2 - type: gauge - help: The peak value of IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.2 - - name: picoIPv4UFSCacheCreates - oid: 1.3.6.1.4.1.119.2.3.84.12.2.3 - type: counter - help: The total count of created IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.3 - - name: picoIPv4UFSCacheOverflows - oid: 1.3.6.1.4.1.119.2.3.84.12.2.4 - type: counter - help: The total count of IPv4 UFS cache overflow - 1.3.6.1.4.1.119.2.3.84.12.2.4 - - name: picoIPv6CacheEntries - oid: 1.3.6.1.4.1.119.2.3.84.13.1.1 - type: gauge - help: The number of current IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.1 - - name: picoIPv6CachePeaks - oid: 1.3.6.1.4.1.119.2.3.84.13.1.2 - type: gauge - help: The peak value of IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.2 - - name: picoIPv6CacheCreates - oid: 1.3.6.1.4.1.119.2.3.84.13.1.3 - type: counter - help: The total count of created IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.3 - - name: picoIPv6CacheOverflows - oid: 1.3.6.1.4.1.119.2.3.84.13.1.4 - type: counter - help: The total count of IPv6 cache overflow. - 1.3.6.1.4.1.119.2.3.84.13.1.4 - - name: picoIPv6UFSCacheEntries - oid: 1.3.6.1.4.1.119.2.3.84.13.2.1 - type: gauge - help: The number of current IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.1 - - name: picoIPv6UFSCachePeaks - oid: 1.3.6.1.4.1.119.2.3.84.13.2.2 - type: gauge - help: The peak value of IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.2 - - name: picoIPv6UFSCacheCreates - oid: 1.3.6.1.4.1.119.2.3.84.13.2.3 - type: counter - help: The total count of created IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.3 - - name: picoIPv6UFSCacheOverflows - oid: 1.3.6.1.4.1.119.2.3.84.13.2.4 - type: counter - help: The total count of IPv6 UFS cache overflow - 1.3.6.1.4.1.119.2.3.84.13.2.4 - - name: qosPolicyIfIndex - oid: 1.3.6.1.4.1.119.2.3.84.14.1.1.1 - type: gauge - help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.1.1.1 - indexes: - - labelname: qosPolicyIfIndex - type: gauge - - name: qosPolicyName - oid: 1.3.6.1.4.1.119.2.3.84.14.1.1.2 - type: DisplayString - help: QoS Policy name. - 1.3.6.1.4.1.119.2.3.84.14.1.1.2 - indexes: - - labelname: qosPolicyIfIndex - type: gauge - - name: qosClassIfIndex - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.1 - type: gauge - help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.2.1.1 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassIndex - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.2 - type: gauge - help: The class index value of the class - 1.3.6.1.4.1.119.2.3.84.14.2.1.2 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassName - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.3 - type: DisplayString - help: QoS Class name. - 1.3.6.1.4.1.119.2.3.84.14.2.1.3 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassType - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.4 - type: gauge - help: QoS Class type. - 1.3.6.1.4.1.119.2.3.84.14.2.1.4 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - enum_values: - 1: cbq - 2: llq - - name: qosClassBandwidth - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.5 - type: gauge - help: QoS Class Bandwidth. - 1.3.6.1.4.1.119.2.3.84.14.2.1.5 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassBandwidthUnit - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.6 - type: gauge - help: QoS Class BandwidthUnit. - 1.3.6.1.4.1.119.2.3.84.14.2.1.6 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - enum_values: - 1: kbps - 2: percent - - name: qosClassBitRate - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.7 - type: gauge - help: QoS Class BitRate. - 1.3.6.1.4.1.119.2.3.84.14.2.1.7 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassEnqPkts - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.8 - type: counter - help: QoS Class Enqueue Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.8 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassEnqBytes - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.9 - type: counter - help: QoS Class Enqueue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.9 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassDeqPkts - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.10 - type: counter - help: QoS Class Dequeue Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.10 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassDeqBytes - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.11 - type: counter - help: QoS Class Dequeue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.11 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassDropPkts - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.12 - type: counter - help: QoS Class Drop Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.12 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosClassDropbytes - oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.13 - type: counter - help: QoS Class Drop Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.13 - indexes: - - labelname: qosClassIfIndex - type: gauge - - labelname: qosClassIndex - type: gauge - - name: qosQueueIfIndex - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.1 - type: gauge - help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.3.1.1 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: qosQueueClassIndex - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.2 - type: gauge - help: The class index value of the class - 1.3.6.1.4.1.119.2.3.84.14.3.1.2 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: qosQueueIndex - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.3 - type: gauge - help: The queue index value of the queue - 1.3.6.1.4.1.119.2.3.84.14.3.1.3 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: qosQueueEnqPkts - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.4 - type: counter - help: QoS Queue Enqueue Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.4 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: qosQueueEnqBytes - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.5 - type: counter - help: QoS Queue Enqueue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.5 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: qosQueueDeqPkts - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.6 - type: counter - help: QoS Queue Dequeue Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.6 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: qosQueueDeqBytes - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.7 - type: counter - help: QoS Queue Dequeue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.7 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: qosQueueDropPkts - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.8 - type: counter - help: QoS Queue Drop Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.8 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: qosQueueDropbytes - oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.9 - type: counter - help: QoS Queue Drop Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.9 - indexes: - - labelname: qosQueueIfIndex - type: gauge - - labelname: qosQueueClassIndex - type: gauge - - labelname: qosQueueIndex - type: gauge - - name: naptCacheIfIndex - oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.1 - type: gauge - help: The interface index value of the interface for which NAPT is enabled. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.1 - indexes: - - labelname: naptCacheIfIndex - type: gauge - - name: naptCacheEntries - oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.2 - type: gauge - help: The number of current NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.2 - indexes: - - labelname: naptCacheIfIndex - type: gauge - - name: naptCachePeak - oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.3 - type: gauge - help: The peak value of NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.3 - indexes: - - labelname: naptCacheIfIndex - type: gauge - - name: naptCacheCreates - oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.4 - type: counter - help: The total count of created NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.4 - indexes: - - labelname: naptCacheIfIndex - type: gauge - - name: naptCacheOverflows - oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.5 - type: counter - help: The total count of NAPT cache overflow. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.5 - indexes: - - labelname: naptCacheIfIndex - type: gauge - - name: picoCelsius - oid: 1.3.6.1.4.1.119.2.3.84.2.1.1 - type: gauge - help: Indicates the temperature of the equipment inside, in degree (Celsius). - 1.3.6.1.4.1.119.2.3.84.2.1.1 - - name: picoFahrenheit - oid: 1.3.6.1.4.1.119.2.3.84.2.1.2 - type: gauge - help: Indicates the temperature of the equipment inside, in degree (Fahrenheit). - 1.3.6.1.4.1.119.2.3.84.2.1.2 - - name: picoVoltage - oid: 1.3.6.1.4.1.119.2.3.84.2.2 - type: gauge - help: Indicates the observed voltage, in milli-volt (mV). - 1.3.6.1.4.1.119.2.3.84.2.2 - - name: picoFanIndex - oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.1 - type: gauge - help: Unique index for each fan module. - 1.3.6.1.4.1.119.2.3.84.2.3.1.1 - indexes: - - labelname: picoFanIndex - type: gauge - - name: picoFanStatus - oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.2 - type: gauge - help: Status of a fan module - 1.3.6.1.4.1.119.2.3.84.2.3.1.2 - indexes: - - labelname: picoFanIndex - type: gauge - enum_values: - 1: normal - 2: failure - - name: picoFanRpm - oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.3 - type: gauge - help: Fan speed (Revolution Per Minutes) - 1.3.6.1.4.1.119.2.3.84.2.3.1.3 - indexes: - - labelname: picoFanIndex - type: gauge - - name: picoPowerSupplyIndex - oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.1 - type: gauge - help: Unique index for each power supply module. - 1.3.6.1.4.1.119.2.3.84.2.4.1.1 - indexes: - - labelname: picoPowerSupplyIndex - type: gauge - - name: picoPowerSupplyType - oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.2 - type: gauge - help: Power supply module type. - 1.3.6.1.4.1.119.2.3.84.2.4.1.2 - indexes: - - labelname: picoPowerSupplyIndex - type: gauge - enum_values: - 0: notInstalled - 1: systemACPS - 2: ieee802dot3af-PoE-ACPS - - name: picoPowerSupplyStatus - oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.3 - type: gauge - help: Status of a Power Supply module. - 1.3.6.1.4.1.119.2.3.84.2.4.1.3 - indexes: - - labelname: picoPowerSupplyIndex - type: gauge - enum_values: - 0: notInstalled - 1: normal - 2: failure - - name: picoSchedRtUtl1Sec - oid: 1.3.6.1.4.1.119.2.3.84.2.5.1 - type: gauge - help: Indicates the observed system utilization for last 1 second, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.1 - - name: picoSchedRtUtl5Sec - oid: 1.3.6.1.4.1.119.2.3.84.2.5.2 - type: gauge - help: Indicates the observed system utilization for last 5 seconds, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.2 - - name: picoSchedRtUtl1Min - oid: 1.3.6.1.4.1.119.2.3.84.2.5.3 - type: gauge - help: Indicates the observed system utilization for last 1 minute, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.3 - - name: picoSchedRtUtl1Hour - oid: 1.3.6.1.4.1.119.2.3.84.2.5.4 - type: gauge - help: Indicates the observed system utilization for last 1 hour, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.4 - - name: picoHeapSize - oid: 1.3.6.1.4.1.119.2.3.84.2.6.1 - type: gauge - help: Indicates the observed total heap size, in bytes. - 1.3.6.1.4.1.119.2.3.84.2.6.1 - - name: picoHeapUtil - oid: 1.3.6.1.4.1.119.2.3.84.2.6.2 - type: gauge - help: Indicates the observed current heap utilization, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.6.2 - - name: pipSecMibLevel - oid: 1.3.6.1.4.1.119.2.3.84.3.1.1.1 - type: gauge - help: The version of the IPsec MIB. - 1.3.6.1.4.1.119.2.3.84.3.1.1.1 - - name: pikeGlobalActiveTunnels - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.1 - type: gauge - help: The number of currently active IPsec Phase-1 IKE Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.1 - - name: pikeGlobalInNotifys - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.6 - type: counter - help: The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.6 - - name: pikeGlobalInP2Exchgs - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.7 - type: counter - help: The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.7 - - name: pikeGlobalInP2ExchgInvalids - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.8 - type: counter - help: The total number of IPsec Phase-2 exchanges which were received and found to be contain references to unrecognized security parameters - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.8 - - name: pikeGlobalInP2ExchgRejects - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.9 - type: counter - help: The total number of IPsec Phase-2 exchanges which were received and validated but were rejected by the local policy - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.9 - - name: pikeGlobalInP2SaDelRequests - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.10 - type: counter - help: The total number of IPsec Phase-2 security association delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.10 - - name: pikeGlobalOutNotifys - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.14 - type: counter - help: The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.14 - - name: pikeGlobalOutP2Exchgs - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.15 - type: counter - help: The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.15 - - name: pikeGlobalOutP2ExchgInvalids - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.16 - type: counter - help: The total number of IPsec Phase-2 exchanges which were sent and were flagged by the peer to contain references to unrecognized security parameters - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.16 - - name: pikeGlobalOutP2ExchgRejects - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.17 - type: counter - help: The total number of IPsec Phase-2 exchanges which were sent, validated by the peer but were rejected by the peer's policy - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.17 - - name: pikeGlobalOutP2SaDelRequests - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.18 - type: counter - help: The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.18 - - name: pikeGlobalInitTunnels - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.19 - type: counter - help: The total number of IPsec Phase-1 IKE Tunnels which were locally initiated. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.19 - - name: pikeGlobalInitTunnelFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.20 - type: counter - help: The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.20 - - name: pikeGlobalRespTunnelFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.21 - type: counter - help: The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.21 - - name: pikeGlobalAuthFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.23 - type: counter - help: The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.23 - - name: pikeGlobalDecryptFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.24 - type: counter - help: The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.24 - - name: pikeGlobalHashValidFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.25 - type: counter - help: The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.25 - - name: pikeGlobalRespTunnels - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.27 - type: counter - help: The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.27 - - name: pikeGlobalInP1SaDelRequests - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.30 - type: counter - help: The total number of ISAKMP security association delete requests received by all currently and previously active and ISAKMP security associations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.30 - - name: pikeGlobalOutP1SaDelRequests - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.31 - type: counter - help: The total number of ISAKMP security association delete requests sent by all currently and previously active and ISAKMP security associations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.31 - - name: pikePeerLocalType - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.1 - type: gauge - help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.1 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - name: pikePeerLocalValue - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.2 - type: DisplayString - help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.2 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - - name: pikePeerRemoteType - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.3 - type: gauge - help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.3 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - name: pikePeerRemoteValue - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.4 - type: DisplayString - help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.4 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - - name: pikePeerIntIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.5 - type: gauge - help: The internal index of the local-remote peer association - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.5 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - - name: pikePeerLocalAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.6 - type: OctetString - help: The IP address of the local peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.6 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - - name: pikePeerRemoteAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.7 - type: OctetString - help: The IP address of the remote peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.7 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - - name: pikePeerActiveTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.8 - type: gauge - help: The length of time that the peer association has existed in hundredths of a second. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.8 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - - name: pikePeerActiveTunnelIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.9 - type: gauge - help: The index of the active IPsec Phase-1 IKE Tunnel (pikeTunIndex in the pikeTunnelTable) for this peer association - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.9 - indexes: - - labelname: pikePeerLocalType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerLocalValue - type: DisplayString - - labelname: pikePeerRemoteType - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - labelname: pikePeerRemoteValue - type: DisplayString - - labelname: pikePeerIntIndex - type: gauge - - name: pikeTunIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.1 - type: gauge - help: The index of the IPsec Phase-1 IKE Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.1 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunLocalType - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.2 - type: gauge - help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.2 - indexes: - - labelname: pikeTunIndex - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - name: pikeTunLocalValue - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.3 - type: DisplayString - help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.3 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunLocalAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.4 - type: OctetString - help: The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.4 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunRemoteType - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.6 - type: gauge - help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.6 - indexes: - - labelname: pikeTunIndex - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - name: pikeTunRemoteValue - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.7 - type: DisplayString - help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.7 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunRemoteAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.8 - type: OctetString - help: The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.8 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunNegoMode - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.10 - type: gauge - help: The negotiation mode of the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.10 - indexes: - - labelname: pikeTunIndex - type: gauge - enum_values: - 1: main - 2: aggressive - - name: pikeTunDiffHellmanGrp - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.11 - type: gauge - help: The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.11 - indexes: - - labelname: pikeTunIndex - type: gauge - enum_values: - 1: none - 2: modp768 - 3: modp1024 - 4: modp1536 - 5: modp2048 - - name: pikeTunEncryptAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.12 - type: gauge - help: The encryption algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.12 - indexes: - - labelname: pikeTunIndex - type: gauge - enum_values: - 1: none - 2: des - 3: des3 - 4: aes - 9: "null" - - name: pikeTunHashAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.13 - type: gauge - help: The hash algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.13 - indexes: - - labelname: pikeTunIndex - type: gauge - enum_values: - 1: none - 2: md5 - 3: sha - 4: sha2-256 - 5: sha2-384 - 6: sha2-512 - - name: pikeTunAuthMethod - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.14 - type: gauge - help: The authentication method used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.14 - indexes: - - labelname: pikeTunIndex - type: gauge - enum_values: - 1: none - 2: preSharedKey - 3: rsaSig - 4: rsaEncrypt - 5: revPublicKey - - name: pikeTunLifeTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.15 - type: gauge - help: The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.15 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunActiveTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.16 - type: gauge - help: The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.16 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunSaRefreshThreshold - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.17 - type: gauge - help: The security assoication refresh threshold in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.17 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunInNotifys - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.22 - type: counter - help: The total number of notifys received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.22 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunInP2Exchgs - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.23 - type: counter - help: The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.23 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunInP2ExchgInvalids - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.24 - type: counter - help: The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.24 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunInP2ExchgRejects - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.25 - type: counter - help: The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.25 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunInP2SaDelRequests - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.26 - type: counter - help: The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.26 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunOutNotifys - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.30 - type: counter - help: The total number of notifys sent by this IPsec Phase-1 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.30 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunOutP2Exchgs - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.31 - type: counter - help: The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.31 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunOutP2ExchgInvalids - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.32 - type: counter - help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.32 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunOutP2ExchgRejects - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.33 - type: counter - help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.33 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunOutP2SaDelRequests - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.34 - type: counter - help: The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.34 - indexes: - - labelname: pikeTunIndex - type: gauge - - name: pikeTunStatus - oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.35 - type: gauge - help: The status of the MIB table row - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.35 - indexes: - - labelname: pikeTunIndex - type: gauge - enum_values: - 1: active - 2: destroy - - name: pipSecGlobalActiveTunnels - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.1 - type: gauge - help: The total number of currently active IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.1 - - name: pipSecGlobalInOctets - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.3 - type: counter - help: The total number of octets received by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.3 - - name: pipSecGlobalInPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.9 - type: counter - help: The total number of packets received by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.9 - - name: pipSecGlobalInDrops - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.10 - type: counter - help: The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.10 - - name: pipSecGlobalInReplayDrops - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.11 - type: counter - help: The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.11 - - name: pipSecGlobalInAuths - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.12 - type: counter - help: The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.12 - - name: pipSecGlobalInAuthFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.13 - type: counter - help: The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.13 - - name: pipSecGlobalInDecrypts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.14 - type: counter - help: The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.14 - - name: pipSecGlobalInDecryptFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.15 - type: counter - help: The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.15 - - name: pipSecGlobalOutOctets - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.16 - type: counter - help: The total number of octets sent by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.16 - - name: pipSecGlobalOutPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.22 - type: counter - help: The total number of packets sent by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.22 - - name: pipSecGlobalOutDrops - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.23 - type: counter - help: The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.23 - - name: pipSecGlobalOutAuths - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.24 - type: counter - help: The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.24 - - name: pipSecGlobalOutAuthFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.25 - type: counter - help: The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.25 - - name: pipSecGlobalOutEncrypts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.26 - type: counter - help: The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.26 - - name: pipSecGlobalOutEncryptFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.27 - type: counter - help: The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.27 - - name: pipSecGlobalNoSaFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.33 - type: counter - help: The total number of non-existent Security Assocication in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.33 - - name: pipSecTunIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.1 - type: gauge - help: The index of the IPsec Phase-2 Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.1 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunIkeTunnelIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.2 - type: gauge - help: The index of the associated IPsec Phase-1 IKE Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.2 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunIkeTunnelAlive - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.3 - type: gauge - help: An indicator which specifies whether or not the IPsec Phase-1 IKE Tunnel currently exists. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.3 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: "true" - 2: "false" - - name: pipSecTunLocalAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.4 - type: OctetString - help: The IP address of the local endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.4 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunRemoteAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.5 - type: OctetString - help: The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.5 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunKeyType - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.6 - type: gauge - help: The type of key used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.6 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: ike - 2: manual - - name: pipSecTunEncapMode - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.7 - type: gauge - help: The encapsulation mode used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.7 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: tunnel - 2: transport - - name: pipSecTunLifeSize - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.8 - type: gauge - help: The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.8 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunLifeTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.9 - type: gauge - help: The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.9 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunActiveTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.10 - type: gauge - help: The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.10 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunSaLifeSizeThreshold - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.11 - type: gauge - help: The security association LifeSize refresh threshold in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.11 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunSaLifeTimeThreshold - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.12 - type: gauge - help: The security association LifeTime refresh threshold in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.12 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunTotalRefreshes - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.13 - type: counter - help: The total number of security association refreshes performed. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.13 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunExpiredSaInstances - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.14 - type: counter - help: The total number of security associations which have expired. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.14 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunCurrentSaInstances - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.15 - type: gauge - help: The number of security associations which are currently active or expiring. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.15 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInSaDiffHellmanGrp - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.16 - type: gauge - help: The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.16 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: none - 2: modp768 - 3: modp1024 - 4: modp1536 - 5: modp2048 - - name: pipSecTunInSaEncryptAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.17 - type: gauge - help: The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.17 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: none - 2: des - 3: des3 - 4: aes - 9: "null" - - name: pipSecTunInSaAhAuthAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.18 - type: gauge - help: The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.18 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: none - 2: hmacMd5 - 3: hmacSha - 4: hmacSha2-256 - 5: hmacSha2-384 - 6: hmacSha2-512 - - name: pipSecTunInSaEspAuthAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.19 - type: gauge - help: The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.19 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: none - 2: hmacMd5 - 3: hmacSha - 4: hmacSha2-256 - 5: hmacSha2-384 - 6: hmacSha2-512 - - name: pipSecTunOutSaDiffHellmanGrp - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.21 - type: gauge - help: The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.21 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: none - 2: modp768 - 3: modp1024 - 4: modp1536 - 5: modp2048 - - name: pipSecTunOutSaEncryptAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.22 - type: gauge - help: The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.22 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: none - 2: des - 3: des3 - 4: aes - 9: "null" - - name: pipSecTunOutSaAhAuthAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.23 - type: gauge - help: The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.23 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: none - 2: hmacMd5 - 3: hmacSha - 4: hmacSha2-256 - 5: hmacSha2-384 - 6: hmacSha2-512 - - name: pipSecTunOutSaEspAuthAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.24 - type: gauge - help: The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.24 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: none - 2: hmacMd5 - 3: hmacSha - 4: hmacSha2-256 - 5: hmacSha2-384 - 6: hmacSha2-512 - - name: pipSecTunPmtu - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.26 - type: gauge - help: The Path MTU that has been determined for this IPsec Phase-2 tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.26 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInOctets - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.27 - type: counter - help: The total number of octets received by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.27 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.33 - type: counter - help: The total number of packets received by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.33 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInDropPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.34 - type: counter - help: The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.34 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInReplayDropPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.35 - type: counter - help: The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.35 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInAuths - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.36 - type: counter - help: The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.36 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInAuthFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.37 - type: counter - help: The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.37 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInDecrypts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.38 - type: counter - help: The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.38 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunInDecryptFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.39 - type: counter - help: The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.39 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunOutOctets - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.40 - type: counter - help: The total number of octets sent by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.40 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunOutPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.46 - type: counter - help: The total number of packets sent by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.46 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunOutDropPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.47 - type: counter - help: The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.47 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunOutAuths - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.48 - type: counter - help: The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.48 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunOutAuthFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.49 - type: counter - help: The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.49 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunOutEncrypts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.50 - type: counter - help: The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.50 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunOutEncryptFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.51 - type: counter - help: The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.51 - indexes: - - labelname: pipSecTunIndex - type: gauge - - name: pipSecTunStatus - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.56 - type: gauge - help: The status of the MIB table row - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.56 - indexes: - - labelname: pipSecTunIndex - type: gauge - enum_values: - 1: active - 2: destroy - - name: pipSecSpiIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.1 - type: gauge - help: The number of the SPI associated with the Phase-2 Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.1 - indexes: - - labelname: pipSecTunIndex - type: gauge - - labelname: pipSecSpiIndex - type: gauge - - name: pipSecSpiDirection - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.2 - type: gauge - help: The direction of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.2 - indexes: - - labelname: pipSecTunIndex - type: gauge - - labelname: pipSecSpiIndex - type: gauge - enum_values: - 1: in - 2: out - - name: pipSecSpiValue - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.3 - type: gauge - help: The value of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.3 - indexes: - - labelname: pipSecTunIndex - type: gauge - - labelname: pipSecSpiIndex - type: gauge - - name: pipSecSpiProtocol - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.4 - type: gauge - help: The protocol of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.4 - indexes: - - labelname: pipSecTunIndex - type: gauge - - labelname: pipSecSpiIndex - type: gauge - enum_values: - 1: ah - 2: esp - 3: ipcomp - - name: pipSecSpiStatus - oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.5 - type: gauge - help: The status of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.5 - indexes: - - labelname: pipSecTunIndex - type: gauge - - labelname: pipSecSpiIndex - type: gauge - enum_values: - 1: active - 2: expiring - - name: pikeTunHistIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.1 - type: gauge - help: The index of the IPsec Phase-1 IKE Tunnel History Table - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.1 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistTermReason - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.2 - type: gauge - help: The reason the IPsec Phase-1 IKE Tunnel was terminated - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.2 - indexes: - - labelname: pikeTunHistIndex - type: gauge - enum_values: - 1: other - 2: normal - 3: operRequest - 4: peerDelRequest - 5: peerLost - 6: applicationInitiated - 7: xauthFailure - 8: localFailure - 9: checkPointReg - - name: pikeTunHistActiveIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.3 - type: gauge - help: The index of the previously active IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.3 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistPeerLocalType - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.4 - type: gauge - help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.4 - indexes: - - labelname: pikeTunHistIndex - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - name: pikeTunHistPeerLocalValue - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.5 - type: DisplayString - help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.5 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistPeerIntIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.6 - type: gauge - help: The internal index of the local-remote peer association - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.6 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistPeerRemoteType - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.7 - type: gauge - help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.7 - indexes: - - labelname: pikeTunHistIndex - type: gauge - enum_values: - 1: idIpv4Addr - 2: idFqdn - 3: idDn - 4: idIpv6Addr - - name: pikeTunHistPeerRemoteValue - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.8 - type: DisplayString - help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.8 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistLocalAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.9 - type: OctetString - help: The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.9 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistRemoteAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.11 - type: OctetString - help: The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.11 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistNegoMode - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.13 - type: gauge - help: The negotiation mode of the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.13 - indexes: - - labelname: pikeTunHistIndex - type: gauge - enum_values: - 1: main - 2: aggressive - - name: pikeTunHistDiffHellmanGrp - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.14 - type: gauge - help: The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.14 - indexes: - - labelname: pikeTunHistIndex - type: gauge - enum_values: - 1: none - 2: modp768 - 3: modp1024 - 4: modp1536 - 5: modp2048 - - name: pikeTunHistEncryptAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.15 - type: gauge - help: The encryption algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.15 - indexes: - - labelname: pikeTunHistIndex - type: gauge - enum_values: - 1: none - 2: des - 3: des3 - 4: aes - 9: "null" - - name: pikeTunHistHashAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.16 - type: gauge - help: The hash algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.16 - indexes: - - labelname: pikeTunHistIndex - type: gauge - enum_values: - 1: none - 2: md5 - 3: sha - 4: sha2-256 - 5: sha2-384 - 6: sha2-512 - - name: pikeTunHistAuthMethod - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.17 - type: gauge - help: The authentication method used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.17 - indexes: - - labelname: pikeTunHistIndex - type: gauge - enum_values: - 1: none - 2: preSharedKey - 3: rsaSig - 4: rsaEncrypt - 5: revPublicKey - - name: pikeTunHistLifeTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.18 - type: gauge - help: The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.18 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistStartTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.19 - type: gauge - help: The value of sysUpTime in hundredths of seconds when the IPsec Phase-1 IKE tunnel was started. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.19 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistActiveTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.20 - type: gauge - help: The length of time the IPsec Phase-1 IKE tunnel was been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.20 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistInNotifys - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.26 - type: counter - help: The total number of notifys received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.26 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistInP2Exchgs - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.27 - type: counter - help: The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.27 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistInP2ExchgInvalids - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.28 - type: counter - help: The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.28 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistInP2ExchgRejects - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.29 - type: counter - help: The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.29 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistInP2SaDelRequests - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.30 - type: counter - help: The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.30 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistOutNotifys - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.34 - type: counter - help: The total number of notifys sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.34 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistOutP2Exchgs - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.35 - type: counter - help: The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.35 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistOutP2ExchgInvalids - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.36 - type: counter - help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.36 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistOutP2ExchgRejects - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.37 - type: counter - help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.37 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pikeTunHistOutP2SaDelRequests - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.38 - type: counter - help: The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.38 - indexes: - - labelname: pikeTunHistIndex - type: gauge - - name: pipSecTunHistIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.1 - type: gauge - help: The index of the IPsec Phase-2 Tunnel History Table - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.1 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistTermReason - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.2 - type: gauge - help: The reason the IPsec Phase-2 Tunnel was terminated - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.2 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: other - 2: normal - 3: operRequest - 4: peerDelRequest - 5: peerLost - 6: applicationInitiated - 7: xauthFailure - 8: seqNumRollOver - 9: checkPointReq - - name: pipSecTunHistActiveIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.3 - type: gauge - help: The index of the previously active IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.3 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistIkeTunnelIndex - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.4 - type: gauge - help: The index of the associated IPsec Phase-1 Tunnel (pikeTunIndex in the pikeTunnelTable). - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.4 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistLocalAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.5 - type: OctetString - help: The IP address of the local endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.5 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistRemoteAddr - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.6 - type: OctetString - help: The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.6 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistKeyType - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.7 - type: gauge - help: The type of key used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.7 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: ike - 2: manual - - name: pipSecTunHistEncapMode - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.8 - type: gauge - help: The encapsulation mode used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.8 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: tunnel - 2: transport - - name: pipSecTunHistLifeSize - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.9 - type: gauge - help: The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.9 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistLifeTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.10 - type: gauge - help: The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.10 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistStartTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.11 - type: gauge - help: The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.11 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistActiveTime - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.12 - type: gauge - help: The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.12 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistTotalRefreshes - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.13 - type: counter - help: The total number of security association refreshes performed. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.13 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInSaDiffHellmanGrp - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.15 - type: gauge - help: The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.15 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: none - 2: modp768 - 3: modp1024 - 4: modp1536 - 5: modp2048 - - name: pipSecTunHistInSaEncryptAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.16 - type: gauge - help: The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.16 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: none - 2: des - 3: des3 - 4: aes - 9: "null" - - name: pipSecTunHistInSaAhAuthAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.17 - type: gauge - help: The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.17 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: none - 2: hmacMd5 - 3: hmacSha - 4: hmacSha2-256 - 5: hmacSha2-384 - 6: hmacSha2-512 - - name: pipSecTunHistInSaEspAuthAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.18 - type: gauge - help: The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.18 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: none - 2: hmacMd5 - 3: hmacSha - 4: hmacSha2-256 - 5: hmacSha2-384 - 6: hmacSha2-512 - - name: pipSecTunHistOutSaDiffHellmanGrp - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.20 - type: gauge - help: The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.20 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: none - 2: modp768 - 3: modp1024 - 4: modp1536 - 5: modp2048 - - name: pipSecTunHistOutSaEncryptAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.21 - type: gauge - help: The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.21 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: none - 2: des - 3: des3 - 4: aes - 9: "null" - - name: pipSecTunHistOutSaAhAuthAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.22 - type: gauge - help: The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.22 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: none - 2: hmacMd5 - 3: hmacSha - 4: hmacSha2-256 - 5: hmacSha2-384 - 6: hmacSha2-512 - - name: pipSecTunHistOutSaEspAuthAlgo - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.23 - type: gauge - help: The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.23 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - enum_values: - 1: none - 2: hmacMd5 - 3: hmacSha - 4: hmacSha2-256 - 5: hmacSha2-384 - 6: hmacSha2-512 - - name: pipSecTunHistPmtu - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.25 - type: gauge - help: The Path MTU that was determined for this IPsec Phase-2 tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.25 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInOctets - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.26 - type: counter - help: The total number of octets received by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.26 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.32 - type: counter - help: The total number of packets received by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.32 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInDropPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.33 - type: counter - help: The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.33 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInReplayDropPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.34 - type: counter - help: The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.34 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInAuths - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.35 - type: counter - help: The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.35 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInAuthFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.36 - type: counter - help: The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.36 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInDecrypts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.37 - type: counter - help: The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.37 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistInDecryptFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.38 - type: counter - help: The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.38 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistOutOctets - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.39 - type: counter - help: The total number of octets sent by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.39 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistOutPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.45 - type: counter - help: The total number of packets sent by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.45 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistOutDropPkts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.46 - type: counter - help: The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.46 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistOutAuths - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.47 - type: counter - help: The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.47 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistOutAuthFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.48 - type: counter - help: The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.48 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistOutEncrypts - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.49 - type: counter - help: The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.49 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: pipSecTunHistOutEncryptFails - oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.50 - type: counter - help: The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.50 - indexes: - - labelname: pipSecTunHistIndex - type: gauge - - name: picoLoginSessionIndex - oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.1 - type: gauge - help: Unique index for each login. - 1.3.6.1.4.1.119.2.3.84.4.1.1.1 - indexes: - - labelname: picoLoginSessionIndex - type: gauge - - name: picoLoginSessionStatus - oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.2 - type: gauge - help: Status of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.2 - indexes: - - labelname: picoLoginSessionIndex - type: gauge - enum_values: - 1: login - 2: logout - 3: fail - - name: picoLoginSessionPrivilege - oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.3 - type: gauge - help: User privilege of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.3 - indexes: - - labelname: picoLoginSessionIndex - type: gauge - enum_values: - 1: administrator - 2: monitor - 3: operator - 4: unknown - - name: picoLoginSessionProcessMode - oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.4 - type: gauge - help: User process status of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.4 - indexes: - - labelname: picoLoginSessionIndex - type: gauge - enum_values: - 1: operation - 2: configure - - name: picoLoginSessionTerminalType - oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.5 - type: gauge - help: Terminal type of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.5 - indexes: - - labelname: picoLoginSessionIndex - type: gauge - enum_values: - 1: unknown - 2: local - 3: remote - - name: picoLoginSessionPeerIpAddress - oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.6 - type: InetAddressIPv4 - help: Peer ipv4 address of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.6 - indexes: - - labelname: picoLoginSessionIndex - type: gauge - - name: picoLoginSessionPeerIpv6Address - oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.7 - type: OctetString - help: Peer ipv6 address of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.7 - indexes: - - labelname: picoLoginSessionIndex - type: gauge - - name: picoConfigType - oid: 1.3.6.1.4.1.119.2.3.84.5.1 - type: gauge - help: Configuration type. - 1.3.6.1.4.1.119.2.3.84.5.1 - enum_values: - 1: default-config - 2: startup-config - 3: license - - name: picoConfigEventType - oid: 1.3.6.1.4.1.119.2.3.84.5.2 - type: gauge - help: Event type of configuration modified. - 1.3.6.1.4.1.119.2.3.84.5.2 - enum_values: - 1: write - 2: erase - - name: picoExtIfInstalledSlot - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.1 - type: gauge - help: The slot number in which the extension card was installed. - 1.3.6.1.4.1.119.2.3.84.6.1.1.1 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - - name: picoExtIfIndex - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.2 - type: gauge - help: A unique value for each extension card. - 1.3.6.1.4.1.119.2.3.84.6.1.1.2 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - - name: picoExtIfDescr - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.3 - type: DisplayString - help: A textual string containing information about the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.3 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - - name: picoExtIfUpperLayer - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.4 - type: gauge - help: Index of interface to upper layers. - 1.3.6.1.4.1.119.2.3.84.6.1.1.4 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - - name: picoExtIfType - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.5 - type: gauge - help: The type of interface,, distinguished according to the physical/link protocol(s) immediately `below' the network layer in the protocol stack. - 1.3.6.1.4.1.119.2.3.84.6.1.1.5 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - enum_values: - 6: ethernet-csmacd - 62: fastEther - - name: picoExtIfSpeed - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.6 - type: gauge - help: An estimate of the interface's current bandwidth in bits per second. - 1.3.6.1.4.1.119.2.3.84.6.1.1.6 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - - name: picoExtIfDuplex - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.7 - type: gauge - help: The current mode of this link. - 1.3.6.1.4.1.119.2.3.84.6.1.1.7 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - enum_values: - 1: halfduplex - 2: fullduplex - - name: picoExtIfEffectiveMtu - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.8 - type: gauge - help: The size of the largest datagram which can be sent/received on the interface, specified in octets. - 1.3.6.1.4.1.119.2.3.84.6.1.1.8 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - - name: picoExtIfPhysicalAddress - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.9 - type: PhysAddress48 - help: The interface's address at the protocol layer immediately `below' the network layer in the protocol stack. - 1.3.6.1.4.1.119.2.3.84.6.1.1.9 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - - name: picoExtIfAdminStatus - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.10 - type: gauge - help: The desired state of the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.10 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - enum_values: - 1: up - 2: down - 3: testing - - name: picoExtIfOperStatus - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.11 - type: gauge - help: The current operational state of the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.11 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - enum_values: - 1: up - 2: down - 3: testing - - name: picoExtIfLastChange - oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.12 - type: gauge - help: The value of sysUpTime at the time the interface entered its current operational state. - 1.3.6.1.4.1.119.2.3.84.6.1.1.12 - indexes: - - labelname: picoExtIfInstalledSlot - type: gauge - - labelname: picoExtIfIndex - type: gauge - - name: picoNetmonWatchgroupIndex - oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.1 - type: gauge - help: Unique index for each Netmon Watchgroup. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.1 - indexes: - - labelname: picoNetmonWatchgroupIndex - type: gauge - - name: picoNetmonWatchgroupName - oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.2 - type: DisplayString - help: Netmon Watchgroup Name. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.2 - indexes: - - labelname: picoNetmonWatchgroupIndex - type: gauge - - name: picoNetmonWatchgroupSequenceNumber - oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.3 - type: gauge - help: Netmon Watchgroup sequence number. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.3 - indexes: - - labelname: picoNetmonWatchgroupIndex - type: gauge - - name: picoNetmonWatchgroupStatus - oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.4 - type: gauge - help: Status of a Netmon Watchgroup. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.4 - indexes: - - labelname: picoNetmonWatchgroupIndex - type: gauge - enum_values: - 1: normal - 2: stand - 3: disable - - name: picoNetmonWatchgroupVarianceCounts - oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.5 - type: gauge - help: Netmon Watchgroup variance statistics. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.5 - indexes: - - labelname: picoNetmonWatchgroupIndex - type: gauge - - name: picoNgnIfIndex - oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.1 - type: gauge - help: The interface index value of the interface for which NGN is enabled. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.1 - indexes: - - labelname: picoNgnIfIndex - type: gauge - - name: picoNgnType - oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.2 - type: gauge - help: 'The mode of the NGN service can be: standard(1) :NGN service is standard - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.2' - indexes: - - labelname: picoNgnIfIndex - type: gauge - enum_values: - 1: standard - 2: numbergate - - name: picoNgnIfType - oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.3 - type: gauge - help: 'The type of the NGN interface can be: global(1) :NGN interface type is global - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.3' - indexes: - - labelname: picoNgnIfIndex - type: gauge - enum_values: - 1: global - 2: private - - name: picoNgnStatus - oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.4 - type: gauge - help: 'The state of the NGN SIP-UA register can be: notReady(1) :NGN service is not Ready - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.4' - indexes: - - labelname: picoNgnIfIndex - type: gauge - enum_values: - 1: notReady - 2: initializing - 3: registering - 4: registered - - name: picoNgnSipServerIpAddress - oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.5 - type: InetAddressIPv4 - help: The object of the SIP server address. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.5 - indexes: - - labelname: picoNgnIfIndex - type: gauge - - name: picoNgnSipUri - oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.6 - type: DisplayString - help: The object of the SIP URI. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.6 - indexes: - - labelname: picoNgnIfIndex - type: gauge - - name: picoNgnUpTime - oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.7 - type: gauge - help: The time elapsed since registered. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.7 - indexes: - - labelname: picoNgnIfIndex - type: gauge - - name: picoNgnVpnIfIndex - oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.1 - type: gauge - help: The interface index value of the interface for which NGN binding is enabled. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.1 - indexes: - - labelname: picoNgnVpnIfIndex - type: gauge - - name: picoNgnVpnStatus - oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.2 - type: gauge - help: 'The state of the NGN SIP-UA session can be: disconnected(1):SIP session is disconnected - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.2' - indexes: - - labelname: picoNgnVpnIfIndex - type: gauge - enum_values: - 1: disconnected - 2: connecting - 3: connected - - name: picoNgnVpnPeerAddress - oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.3 - type: DisplayString - help: The object of the NGN peer address. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.3 - indexes: - - labelname: picoNgnVpnIfIndex - type: gauge - - name: picoNgnVpnBandwidth - oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.4 - type: gauge - help: The object of the NGN session bandwidth. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.4 - indexes: - - labelname: picoNgnVpnIfIndex - type: gauge - - name: picoNgnVpnUsedTime - oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.5 - type: gauge - help: The time elapsed since this connected NGN session. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.5 - indexes: - - labelname: picoNgnVpnIfIndex - type: gauge - - name: picoNgnVpnSbcIpAddress - oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.6 - type: InetAddressIPv4 - help: The object of the NGN session SBC address. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.6 - indexes: - - labelname: picoNgnVpnIfIndex - type: gauge - - name: picoNgnVpnSbcPort - oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.7 - type: gauge - help: The object of the NGN session SBC port. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.7 - indexes: - - labelname: picoNgnVpnIfIndex - type: gauge - retries: 3 - timeout: 10s diff --git a/k8s/apps/snmp-exporter/kustomization.yaml b/k8s/apps/snmp-exporter/kustomization.yaml deleted file mode 100644 index 466d5a0e1..000000000 --- a/k8s/apps/snmp-exporter/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: monitoring -components: -- ../../components/helm -resources: -- helm.yaml diff --git a/k8s/argocdapps/snmp-exporter/app.json5 b/k8s/argocdapps/snmp-exporter/app.json5 new file mode 100644 index 000000000..c9de489bb --- /dev/null +++ b/k8s/argocdapps/snmp-exporter/app.json5 @@ -0,0 +1,4 @@ +{ + name: "snmp-exporter", + namespace: "monitoring", +} diff --git a/k8s/apps/snmp-exporter/generator.yaml b/k8s/argocdapps/snmp-exporter/config/generator.yaml similarity index 100% rename from k8s/apps/snmp-exporter/generator.yaml rename to k8s/argocdapps/snmp-exporter/config/generator.yaml diff --git a/k8s/argocdapps/snmp-exporter/helm.jsonnet b/k8s/argocdapps/snmp-exporter/helm.jsonnet new file mode 100644 index 000000000..64631bf39 --- /dev/null +++ b/k8s/argocdapps/snmp-exporter/helm.jsonnet @@ -0,0 +1,9 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + + chart: 'prometheus-snmp-exporter', + repoURL: 'https://prometheus-community.github.io/helm-charts', + targetRevision: '5.6.0', + values: (importstr 'values.yaml'), +} diff --git a/k8s/argocdapps/snmp-exporter/values.yaml b/k8s/argocdapps/snmp-exporter/values.yaml new file mode 100644 index 000000000..cba5ae05f --- /dev/null +++ b/k8s/argocdapps/snmp-exporter/values.yaml @@ -0,0 +1,2539 @@ +serviceMonitor: + enabled: true + params: + - name: ix2215 + target: "192.168.0.1" + module: + - nec_ix +config: | + # WARNING: This file was auto-generated using snmp_exporter generator, manual changes will be lost. + auths: + public_v1: + community: public + security_level: noAuthNoPriv + auth_protocol: MD5 + priv_protocol: DES + version: 1 + public_v2: + community: public + security_level: noAuthNoPriv + auth_protocol: MD5 + priv_protocol: DES + version: 2 + modules: + nec_ix: + walk: + - 1.3.6.1.4.1.119.2.3.84.1 + - 1.3.6.1.4.1.119.2.3.84.10 + - 1.3.6.1.4.1.119.2.3.84.11 + - 1.3.6.1.4.1.119.2.3.84.12 + - 1.3.6.1.4.1.119.2.3.84.13 + - 1.3.6.1.4.1.119.2.3.84.14 + - 1.3.6.1.4.1.119.2.3.84.15 + - 1.3.6.1.4.1.119.2.3.84.2 + - 1.3.6.1.4.1.119.2.3.84.3 + - 1.3.6.1.4.1.119.2.3.84.4 + - 1.3.6.1.4.1.119.2.3.84.5 + - 1.3.6.1.4.1.119.2.3.84.6 + - 1.3.6.1.4.1.119.2.3.84.7 + - 1.3.6.1.4.1.119.2.3.84.8 + - 1.3.6.1.4.1.119.2.3.84.9 + metrics: + - name: picoPostIndex + oid: 1.3.6.1.4.1.119.2.3.84.10.1.1.1.1 + type: gauge + help: Unique index for each POST. - 1.3.6.1.4.1.119.2.3.84.10.1.1.1.1 + indexes: + - labelname: picoPostIndex + type: gauge + - name: picoPostFail + oid: 1.3.6.1.4.1.119.2.3.84.10.1.1.1.2 + type: DisplayString + help: POST fail information - 1.3.6.1.4.1.119.2.3.84.10.1.1.1.2 + indexes: + - labelname: picoPostIndex + type: gauge + - name: picoMobileDeviceIndex + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.1 + type: gauge + help: The unique index for each Mobile module. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.1 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceVendorName + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.2 + type: DisplayString + help: The object of the vendor name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.2 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceName + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.3 + type: DisplayString + help: The object of the device name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.3 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceProductID + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.4 + type: DisplayString + help: The object of the product ID. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.4 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceSoftwareVersion + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.5 + type: DisplayString + help: The object of the software version. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.5 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceSignalBar + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.6 + type: gauge + help: The object of the signal bar. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.6 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceSignalStrength + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.7 + type: gauge + help: 'The signal strength can be: unknown(-1) :signal strength is unknown out-range(0):signal strength is 0 weak(1) :signal strength is 1 low(2) :signal strength is 2 high(3) :signal strength is 3 - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.7' + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + enum_values: + -1: unknown + 0: out-range + 1: weak + 2: low + 3: high + - name: picoMobileDeviceSignalQuality + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.8 + type: DisplayString + help: The object of the signal quality. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.8 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceSignalElapsedTime + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.9 + type: gauge + help: The object of the elapsed time after signal acquiring. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.9 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceRadioInterface + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.10 + type: DisplayString + help: The object of the radio interface. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.10 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceCarrier + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.11 + type: DisplayString + help: The object of the carrier name. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.11 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceDialerString + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.12 + type: DisplayString + help: The object of the dialer string. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.12 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceDialStatus + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.13 + type: gauge + help: 'The dial status can be: disconnected(0):dial status is disconnected - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.13' + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + enum_values: + 0: disconnected + 1: connect + 2: cancel + 3: connected + 4: postprocess + - name: picoMobileDeviceInRangeCounts + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.14 + type: gauge + help: The in-range statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.14 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceOutRangeCounts + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.15 + type: gauge + help: The out-range statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.15 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoMobileDeviceResetCounts + oid: 1.3.6.1.4.1.119.2.3.84.11.1.1.1.16 + type: gauge + help: The reset device statistics. - 1.3.6.1.4.1.119.2.3.84.11.1.1.1.16 + indexes: + - labelname: picoMobileDeviceIndex + type: gauge + - name: picoIPv4CacheEntries + oid: 1.3.6.1.4.1.119.2.3.84.12.1.1 + type: gauge + help: The number of current IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.1 + - name: picoIPv4CachePeaks + oid: 1.3.6.1.4.1.119.2.3.84.12.1.2 + type: gauge + help: The peak value of IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.2 + - name: picoIPv4CacheCreates + oid: 1.3.6.1.4.1.119.2.3.84.12.1.3 + type: counter + help: The total count of created IPv4 cache. - 1.3.6.1.4.1.119.2.3.84.12.1.3 + - name: picoIPv4CacheOverflows + oid: 1.3.6.1.4.1.119.2.3.84.12.1.4 + type: counter + help: The total count of IPv4 cache overflow. - 1.3.6.1.4.1.119.2.3.84.12.1.4 + - name: picoIPv4UFSCacheEntries + oid: 1.3.6.1.4.1.119.2.3.84.12.2.1 + type: gauge + help: The number of current IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.1 + - name: picoIPv4UFSCachePeaks + oid: 1.3.6.1.4.1.119.2.3.84.12.2.2 + type: gauge + help: The peak value of IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.2 + - name: picoIPv4UFSCacheCreates + oid: 1.3.6.1.4.1.119.2.3.84.12.2.3 + type: counter + help: The total count of created IPv4 UFS cache - 1.3.6.1.4.1.119.2.3.84.12.2.3 + - name: picoIPv4UFSCacheOverflows + oid: 1.3.6.1.4.1.119.2.3.84.12.2.4 + type: counter + help: The total count of IPv4 UFS cache overflow - 1.3.6.1.4.1.119.2.3.84.12.2.4 + - name: picoIPv6CacheEntries + oid: 1.3.6.1.4.1.119.2.3.84.13.1.1 + type: gauge + help: The number of current IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.1 + - name: picoIPv6CachePeaks + oid: 1.3.6.1.4.1.119.2.3.84.13.1.2 + type: gauge + help: The peak value of IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.2 + - name: picoIPv6CacheCreates + oid: 1.3.6.1.4.1.119.2.3.84.13.1.3 + type: counter + help: The total count of created IPv6 cache. - 1.3.6.1.4.1.119.2.3.84.13.1.3 + - name: picoIPv6CacheOverflows + oid: 1.3.6.1.4.1.119.2.3.84.13.1.4 + type: counter + help: The total count of IPv6 cache overflow. - 1.3.6.1.4.1.119.2.3.84.13.1.4 + - name: picoIPv6UFSCacheEntries + oid: 1.3.6.1.4.1.119.2.3.84.13.2.1 + type: gauge + help: The number of current IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.1 + - name: picoIPv6UFSCachePeaks + oid: 1.3.6.1.4.1.119.2.3.84.13.2.2 + type: gauge + help: The peak value of IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.2 + - name: picoIPv6UFSCacheCreates + oid: 1.3.6.1.4.1.119.2.3.84.13.2.3 + type: counter + help: The total count of created IPv6 UFS cache - 1.3.6.1.4.1.119.2.3.84.13.2.3 + - name: picoIPv6UFSCacheOverflows + oid: 1.3.6.1.4.1.119.2.3.84.13.2.4 + type: counter + help: The total count of IPv6 UFS cache overflow - 1.3.6.1.4.1.119.2.3.84.13.2.4 + - name: qosPolicyIfIndex + oid: 1.3.6.1.4.1.119.2.3.84.14.1.1.1 + type: gauge + help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.1.1.1 + indexes: + - labelname: qosPolicyIfIndex + type: gauge + - name: qosPolicyName + oid: 1.3.6.1.4.1.119.2.3.84.14.1.1.2 + type: DisplayString + help: QoS Policy name. - 1.3.6.1.4.1.119.2.3.84.14.1.1.2 + indexes: + - labelname: qosPolicyIfIndex + type: gauge + - name: qosClassIfIndex + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.1 + type: gauge + help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.2.1.1 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassIndex + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.2 + type: gauge + help: The class index value of the class - 1.3.6.1.4.1.119.2.3.84.14.2.1.2 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassName + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.3 + type: DisplayString + help: QoS Class name. - 1.3.6.1.4.1.119.2.3.84.14.2.1.3 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassType + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.4 + type: gauge + help: QoS Class type. - 1.3.6.1.4.1.119.2.3.84.14.2.1.4 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + enum_values: + 1: cbq + 2: llq + - name: qosClassBandwidth + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.5 + type: gauge + help: QoS Class Bandwidth. - 1.3.6.1.4.1.119.2.3.84.14.2.1.5 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassBandwidthUnit + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.6 + type: gauge + help: QoS Class BandwidthUnit. - 1.3.6.1.4.1.119.2.3.84.14.2.1.6 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + enum_values: + 1: kbps + 2: percent + - name: qosClassBitRate + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.7 + type: gauge + help: QoS Class BitRate. - 1.3.6.1.4.1.119.2.3.84.14.2.1.7 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassEnqPkts + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.8 + type: counter + help: QoS Class Enqueue Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.8 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassEnqBytes + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.9 + type: counter + help: QoS Class Enqueue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.9 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassDeqPkts + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.10 + type: counter + help: QoS Class Dequeue Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.10 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassDeqBytes + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.11 + type: counter + help: QoS Class Dequeue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.11 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassDropPkts + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.12 + type: counter + help: QoS Class Drop Packets. - 1.3.6.1.4.1.119.2.3.84.14.2.1.12 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosClassDropbytes + oid: 1.3.6.1.4.1.119.2.3.84.14.2.1.13 + type: counter + help: QoS Class Drop Bytes. - 1.3.6.1.4.1.119.2.3.84.14.2.1.13 + indexes: + - labelname: qosClassIfIndex + type: gauge + - labelname: qosClassIndex + type: gauge + - name: qosQueueIfIndex + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.1 + type: gauge + help: The interface index value of the interface for which QoS is enabled. - 1.3.6.1.4.1.119.2.3.84.14.3.1.1 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: qosQueueClassIndex + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.2 + type: gauge + help: The class index value of the class - 1.3.6.1.4.1.119.2.3.84.14.3.1.2 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: qosQueueIndex + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.3 + type: gauge + help: The queue index value of the queue - 1.3.6.1.4.1.119.2.3.84.14.3.1.3 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: qosQueueEnqPkts + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.4 + type: counter + help: QoS Queue Enqueue Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.4 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: qosQueueEnqBytes + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.5 + type: counter + help: QoS Queue Enqueue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.5 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: qosQueueDeqPkts + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.6 + type: counter + help: QoS Queue Dequeue Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.6 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: qosQueueDeqBytes + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.7 + type: counter + help: QoS Queue Dequeue Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.7 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: qosQueueDropPkts + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.8 + type: counter + help: QoS Queue Drop Packets. - 1.3.6.1.4.1.119.2.3.84.14.3.1.8 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: qosQueueDropbytes + oid: 1.3.6.1.4.1.119.2.3.84.14.3.1.9 + type: counter + help: QoS Queue Drop Bytes. - 1.3.6.1.4.1.119.2.3.84.14.3.1.9 + indexes: + - labelname: qosQueueIfIndex + type: gauge + - labelname: qosQueueClassIndex + type: gauge + - labelname: qosQueueIndex + type: gauge + - name: naptCacheIfIndex + oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.1 + type: gauge + help: The interface index value of the interface for which NAPT is enabled. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.1 + indexes: + - labelname: naptCacheIfIndex + type: gauge + - name: naptCacheEntries + oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.2 + type: gauge + help: The number of current NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.2 + indexes: + - labelname: naptCacheIfIndex + type: gauge + - name: naptCachePeak + oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.3 + type: gauge + help: The peak value of NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.3 + indexes: + - labelname: naptCacheIfIndex + type: gauge + - name: naptCacheCreates + oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.4 + type: counter + help: The total count of created NAPT cache. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.4 + indexes: + - labelname: naptCacheIfIndex + type: gauge + - name: naptCacheOverflows + oid: 1.3.6.1.4.1.119.2.3.84.15.1.1.1.5 + type: counter + help: The total count of NAPT cache overflow. - 1.3.6.1.4.1.119.2.3.84.15.1.1.1.5 + indexes: + - labelname: naptCacheIfIndex + type: gauge + - name: picoCelsius + oid: 1.3.6.1.4.1.119.2.3.84.2.1.1 + type: gauge + help: Indicates the temperature of the equipment inside, in degree (Celsius). - 1.3.6.1.4.1.119.2.3.84.2.1.1 + - name: picoFahrenheit + oid: 1.3.6.1.4.1.119.2.3.84.2.1.2 + type: gauge + help: Indicates the temperature of the equipment inside, in degree (Fahrenheit). - 1.3.6.1.4.1.119.2.3.84.2.1.2 + - name: picoVoltage + oid: 1.3.6.1.4.1.119.2.3.84.2.2 + type: gauge + help: Indicates the observed voltage, in milli-volt (mV). - 1.3.6.1.4.1.119.2.3.84.2.2 + - name: picoFanIndex + oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.1 + type: gauge + help: Unique index for each fan module. - 1.3.6.1.4.1.119.2.3.84.2.3.1.1 + indexes: + - labelname: picoFanIndex + type: gauge + - name: picoFanStatus + oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.2 + type: gauge + help: Status of a fan module - 1.3.6.1.4.1.119.2.3.84.2.3.1.2 + indexes: + - labelname: picoFanIndex + type: gauge + enum_values: + 1: normal + 2: failure + - name: picoFanRpm + oid: 1.3.6.1.4.1.119.2.3.84.2.3.1.3 + type: gauge + help: Fan speed (Revolution Per Minutes) - 1.3.6.1.4.1.119.2.3.84.2.3.1.3 + indexes: + - labelname: picoFanIndex + type: gauge + - name: picoPowerSupplyIndex + oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.1 + type: gauge + help: Unique index for each power supply module. - 1.3.6.1.4.1.119.2.3.84.2.4.1.1 + indexes: + - labelname: picoPowerSupplyIndex + type: gauge + - name: picoPowerSupplyType + oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.2 + type: gauge + help: Power supply module type. - 1.3.6.1.4.1.119.2.3.84.2.4.1.2 + indexes: + - labelname: picoPowerSupplyIndex + type: gauge + enum_values: + 0: notInstalled + 1: systemACPS + 2: ieee802dot3af-PoE-ACPS + - name: picoPowerSupplyStatus + oid: 1.3.6.1.4.1.119.2.3.84.2.4.1.3 + type: gauge + help: Status of a Power Supply module. - 1.3.6.1.4.1.119.2.3.84.2.4.1.3 + indexes: + - labelname: picoPowerSupplyIndex + type: gauge + enum_values: + 0: notInstalled + 1: normal + 2: failure + - name: picoSchedRtUtl1Sec + oid: 1.3.6.1.4.1.119.2.3.84.2.5.1 + type: gauge + help: Indicates the observed system utilization for last 1 second, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.1 + - name: picoSchedRtUtl5Sec + oid: 1.3.6.1.4.1.119.2.3.84.2.5.2 + type: gauge + help: Indicates the observed system utilization for last 5 seconds, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.2 + - name: picoSchedRtUtl1Min + oid: 1.3.6.1.4.1.119.2.3.84.2.5.3 + type: gauge + help: Indicates the observed system utilization for last 1 minute, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.3 + - name: picoSchedRtUtl1Hour + oid: 1.3.6.1.4.1.119.2.3.84.2.5.4 + type: gauge + help: Indicates the observed system utilization for last 1 hour, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.5.4 + - name: picoHeapSize + oid: 1.3.6.1.4.1.119.2.3.84.2.6.1 + type: gauge + help: Indicates the observed total heap size, in bytes. - 1.3.6.1.4.1.119.2.3.84.2.6.1 + - name: picoHeapUtil + oid: 1.3.6.1.4.1.119.2.3.84.2.6.2 + type: gauge + help: Indicates the observed current heap utilization, in percent (%). - 1.3.6.1.4.1.119.2.3.84.2.6.2 + - name: pipSecMibLevel + oid: 1.3.6.1.4.1.119.2.3.84.3.1.1.1 + type: gauge + help: The version of the IPsec MIB. - 1.3.6.1.4.1.119.2.3.84.3.1.1.1 + - name: pikeGlobalActiveTunnels + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.1 + type: gauge + help: The number of currently active IPsec Phase-1 IKE Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.1 + - name: pikeGlobalInNotifys + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.6 + type: counter + help: The total number of notifys received by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.6 + - name: pikeGlobalInP2Exchgs + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.7 + type: counter + help: The total number of IPsec Phase-2 exchanges received by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.7 + - name: pikeGlobalInP2ExchgInvalids + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.8 + type: counter + help: The total number of IPsec Phase-2 exchanges which were received and found to be contain references to unrecognized security parameters - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.8 + - name: pikeGlobalInP2ExchgRejects + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.9 + type: counter + help: The total number of IPsec Phase-2 exchanges which were received and validated but were rejected by the local policy - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.9 + - name: pikeGlobalInP2SaDelRequests + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.10 + type: counter + help: The total number of IPsec Phase-2 security association delete requests received by all currently and previously active and IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.10 + - name: pikeGlobalOutNotifys + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.14 + type: counter + help: The total number of notifys sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.14 + - name: pikeGlobalOutP2Exchgs + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.15 + type: counter + help: The total number of IPsec Phase-2 exchanges which were sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.15 + - name: pikeGlobalOutP2ExchgInvalids + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.16 + type: counter + help: The total number of IPsec Phase-2 exchanges which were sent and were flagged by the peer to contain references to unrecognized security parameters - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.16 + - name: pikeGlobalOutP2ExchgRejects + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.17 + type: counter + help: The total number of IPsec Phase-2 exchanges which were sent, validated by the peer but were rejected by the peer's policy - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.17 + - name: pikeGlobalOutP2SaDelRequests + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.18 + type: counter + help: The total number of IPsec Phase-2 SA delete requests sent by all currently and previously active IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.18 + - name: pikeGlobalInitTunnels + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.19 + type: counter + help: The total number of IPsec Phase-1 IKE Tunnels which were locally initiated. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.19 + - name: pikeGlobalInitTunnelFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.20 + type: counter + help: The total number of IPsec Phase-1 IKE Tunnels which were locally initiated and failed to activate. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.20 + - name: pikeGlobalRespTunnelFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.21 + type: counter + help: The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated and failed to activate. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.21 + - name: pikeGlobalAuthFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.23 + type: counter + help: The total number of authentications which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.23 + - name: pikeGlobalDecryptFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.24 + type: counter + help: The total number of decryptions which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.24 + - name: pikeGlobalHashValidFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.25 + type: counter + help: The total number of hash validations which ended in failure by all current and previous IPsec Phase-1 IKE Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.25 + - name: pikeGlobalRespTunnels + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.27 + type: counter + help: The total number of IPsec Phase-1 IKE Tunnels which were remotely initiated. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.27 + - name: pikeGlobalInP1SaDelRequests + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.30 + type: counter + help: The total number of ISAKMP security association delete requests received by all currently and previously active and ISAKMP security associations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.30 + - name: pikeGlobalOutP1SaDelRequests + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.1.31 + type: counter + help: The total number of ISAKMP security association delete requests sent by all currently and previously active and ISAKMP security associations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.1.31 + - name: pikePeerLocalType + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.1 + type: gauge + help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.1 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - name: pikePeerLocalValue + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.2 + type: DisplayString + help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.2 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + - name: pikePeerRemoteType + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.3 + type: gauge + help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.3 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - name: pikePeerRemoteValue + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.4 + type: DisplayString + help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.4 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + - name: pikePeerIntIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.5 + type: gauge + help: The internal index of the local-remote peer association - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.5 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + - name: pikePeerLocalAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.6 + type: OctetString + help: The IP address of the local peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.6 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + - name: pikePeerRemoteAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.7 + type: OctetString + help: The IP address of the remote peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.7 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + - name: pikePeerActiveTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.8 + type: gauge + help: The length of time that the peer association has existed in hundredths of a second. - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.8 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + - name: pikePeerActiveTunnelIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.9 + type: gauge + help: The index of the active IPsec Phase-1 IKE Tunnel (pikeTunIndex in the pikeTunnelTable) for this peer association - 1.3.6.1.4.1.119.2.3.84.3.1.2.2.1.9 + indexes: + - labelname: pikePeerLocalType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerLocalValue + type: DisplayString + - labelname: pikePeerRemoteType + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - labelname: pikePeerRemoteValue + type: DisplayString + - labelname: pikePeerIntIndex + type: gauge + - name: pikeTunIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.1 + type: gauge + help: The index of the IPsec Phase-1 IKE Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.1 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunLocalType + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.2 + type: gauge + help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.2 + indexes: + - labelname: pikeTunIndex + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - name: pikeTunLocalValue + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.3 + type: DisplayString + help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.3 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunLocalAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.4 + type: OctetString + help: The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.4 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunRemoteType + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.6 + type: gauge + help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.6 + indexes: + - labelname: pikeTunIndex + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - name: pikeTunRemoteValue + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.7 + type: DisplayString + help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.7 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunRemoteAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.8 + type: OctetString + help: The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.8 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunNegoMode + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.10 + type: gauge + help: The negotiation mode of the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.10 + indexes: + - labelname: pikeTunIndex + type: gauge + enum_values: + 1: main + 2: aggressive + - name: pikeTunDiffHellmanGrp + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.11 + type: gauge + help: The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.11 + indexes: + - labelname: pikeTunIndex + type: gauge + enum_values: + 1: none + 2: modp768 + 3: modp1024 + 4: modp1536 + 5: modp2048 + - name: pikeTunEncryptAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.12 + type: gauge + help: The encryption algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.12 + indexes: + - labelname: pikeTunIndex + type: gauge + enum_values: + 1: none + 2: des + 3: des3 + 4: aes + 9: "null" + - name: pikeTunHashAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.13 + type: gauge + help: The hash algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.13 + indexes: + - labelname: pikeTunIndex + type: gauge + enum_values: + 1: none + 2: md5 + 3: sha + 4: sha2-256 + 5: sha2-384 + 6: sha2-512 + - name: pikeTunAuthMethod + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.14 + type: gauge + help: The authentication method used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.14 + indexes: + - labelname: pikeTunIndex + type: gauge + enum_values: + 1: none + 2: preSharedKey + 3: rsaSig + 4: rsaEncrypt + 5: revPublicKey + - name: pikeTunLifeTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.15 + type: gauge + help: The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.15 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunActiveTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.16 + type: gauge + help: The length of time the IPsec Phase-1 IKE tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.16 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunSaRefreshThreshold + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.17 + type: gauge + help: The security assoication refresh threshold in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.17 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunInNotifys + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.22 + type: counter + help: The total number of notifys received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.22 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunInP2Exchgs + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.23 + type: counter + help: The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.23 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunInP2ExchgInvalids + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.24 + type: counter + help: The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.24 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunInP2ExchgRejects + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.25 + type: counter + help: The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.25 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunInP2SaDelRequests + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.26 + type: counter + help: The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.26 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunOutNotifys + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.30 + type: counter + help: The total number of notifys sent by this IPsec Phase-1 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.30 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunOutP2Exchgs + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.31 + type: counter + help: The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.31 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunOutP2ExchgInvalids + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.32 + type: counter + help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.32 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunOutP2ExchgRejects + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.33 + type: counter + help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.33 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunOutP2SaDelRequests + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.34 + type: counter + help: The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.34 + indexes: + - labelname: pikeTunIndex + type: gauge + - name: pikeTunStatus + oid: 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.35 + type: gauge + help: The status of the MIB table row - 1.3.6.1.4.1.119.2.3.84.3.1.2.3.1.35 + indexes: + - labelname: pikeTunIndex + type: gauge + enum_values: + 1: active + 2: destroy + - name: pipSecGlobalActiveTunnels + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.1 + type: gauge + help: The total number of currently active IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.1 + - name: pipSecGlobalInOctets + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.3 + type: counter + help: The total number of octets received by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.3 + - name: pipSecGlobalInPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.9 + type: counter + help: The total number of packets received by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.9 + - name: pipSecGlobalInDrops + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.10 + type: counter + help: The total number of packets dropped during receive processing by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.10 + - name: pipSecGlobalInReplayDrops + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.11 + type: counter + help: The total number of packets dropped during receive processing due to Anti-Replay processing by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.11 + - name: pipSecGlobalInAuths + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.12 + type: counter + help: The total number of inbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.12 + - name: pipSecGlobalInAuthFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.13 + type: counter + help: The total number of inbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.13 + - name: pipSecGlobalInDecrypts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.14 + type: counter + help: The total number of inbound decryption's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.14 + - name: pipSecGlobalInDecryptFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.15 + type: counter + help: The total number of inbound decryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.15 + - name: pipSecGlobalOutOctets + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.16 + type: counter + help: The total number of octets sent by all current and previous IPsec Phase-2 Tunnels - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.16 + - name: pipSecGlobalOutPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.22 + type: counter + help: The total number of packets sent by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.22 + - name: pipSecGlobalOutDrops + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.23 + type: counter + help: The total number of packets dropped during send processing by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.23 + - name: pipSecGlobalOutAuths + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.24 + type: counter + help: The total number of outbound authentication's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.24 + - name: pipSecGlobalOutAuthFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.25 + type: counter + help: The total number of outbound authentication's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.25 + - name: pipSecGlobalOutEncrypts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.26 + type: counter + help: The total number of outbound encryption's performed by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.26 + - name: pipSecGlobalOutEncryptFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.27 + type: counter + help: The total number of outbound encryption's which ended in failure by all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.27 + - name: pipSecGlobalNoSaFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.1.33 + type: counter + help: The total number of non-existent Security Assocication in failures which occurred during processing of all current and previous IPsec Phase-2 Tunnels. - 1.3.6.1.4.1.119.2.3.84.3.1.3.1.33 + - name: pipSecTunIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.1 + type: gauge + help: The index of the IPsec Phase-2 Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.1 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunIkeTunnelIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.2 + type: gauge + help: The index of the associated IPsec Phase-1 IKE Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.2 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunIkeTunnelAlive + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.3 + type: gauge + help: An indicator which specifies whether or not the IPsec Phase-1 IKE Tunnel currently exists. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.3 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: "true" + 2: "false" + - name: pipSecTunLocalAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.4 + type: OctetString + help: The IP address of the local endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.4 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunRemoteAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.5 + type: OctetString + help: The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.5 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunKeyType + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.6 + type: gauge + help: The type of key used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.6 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: ike + 2: manual + - name: pipSecTunEncapMode + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.7 + type: gauge + help: The encapsulation mode used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.7 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: tunnel + 2: transport + - name: pipSecTunLifeSize + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.8 + type: gauge + help: The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.8 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunLifeTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.9 + type: gauge + help: The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.9 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunActiveTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.10 + type: gauge + help: The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.10 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunSaLifeSizeThreshold + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.11 + type: gauge + help: The security association LifeSize refresh threshold in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.11 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunSaLifeTimeThreshold + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.12 + type: gauge + help: The security association LifeTime refresh threshold in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.12 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunTotalRefreshes + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.13 + type: counter + help: The total number of security association refreshes performed. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.13 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunExpiredSaInstances + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.14 + type: counter + help: The total number of security associations which have expired. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.14 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunCurrentSaInstances + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.15 + type: gauge + help: The number of security associations which are currently active or expiring. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.15 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInSaDiffHellmanGrp + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.16 + type: gauge + help: The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.16 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: none + 2: modp768 + 3: modp1024 + 4: modp1536 + 5: modp2048 + - name: pipSecTunInSaEncryptAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.17 + type: gauge + help: The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.17 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: none + 2: des + 3: des3 + 4: aes + 9: "null" + - name: pipSecTunInSaAhAuthAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.18 + type: gauge + help: The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.18 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: none + 2: hmacMd5 + 3: hmacSha + 4: hmacSha2-256 + 5: hmacSha2-384 + 6: hmacSha2-512 + - name: pipSecTunInSaEspAuthAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.19 + type: gauge + help: The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.19 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: none + 2: hmacMd5 + 3: hmacSha + 4: hmacSha2-256 + 5: hmacSha2-384 + 6: hmacSha2-512 + - name: pipSecTunOutSaDiffHellmanGrp + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.21 + type: gauge + help: The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.21 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: none + 2: modp768 + 3: modp1024 + 4: modp1536 + 5: modp2048 + - name: pipSecTunOutSaEncryptAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.22 + type: gauge + help: The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.22 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: none + 2: des + 3: des3 + 4: aes + 9: "null" + - name: pipSecTunOutSaAhAuthAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.23 + type: gauge + help: The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.23 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: none + 2: hmacMd5 + 3: hmacSha + 4: hmacSha2-256 + 5: hmacSha2-384 + 6: hmacSha2-512 + - name: pipSecTunOutSaEspAuthAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.24 + type: gauge + help: The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.24 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: none + 2: hmacMd5 + 3: hmacSha + 4: hmacSha2-256 + 5: hmacSha2-384 + 6: hmacSha2-512 + - name: pipSecTunPmtu + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.26 + type: gauge + help: The Path MTU that has been determined for this IPsec Phase-2 tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.26 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInOctets + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.27 + type: counter + help: The total number of octets received by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.27 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.33 + type: counter + help: The total number of packets received by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.33 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInDropPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.34 + type: counter + help: The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.34 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInReplayDropPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.35 + type: counter + help: The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.35 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInAuths + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.36 + type: counter + help: The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.36 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInAuthFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.37 + type: counter + help: The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.37 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInDecrypts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.38 + type: counter + help: The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.38 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunInDecryptFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.39 + type: counter + help: The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.39 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunOutOctets + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.40 + type: counter + help: The total number of octets sent by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.40 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunOutPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.46 + type: counter + help: The total number of packets sent by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.46 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunOutDropPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.47 + type: counter + help: The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.47 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunOutAuths + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.48 + type: counter + help: The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.48 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunOutAuthFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.49 + type: counter + help: The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.49 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunOutEncrypts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.50 + type: counter + help: The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.50 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunOutEncryptFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.51 + type: counter + help: The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.51 + indexes: + - labelname: pipSecTunIndex + type: gauge + - name: pipSecTunStatus + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.56 + type: gauge + help: The status of the MIB table row - 1.3.6.1.4.1.119.2.3.84.3.1.3.2.1.56 + indexes: + - labelname: pipSecTunIndex + type: gauge + enum_values: + 1: active + 2: destroy + - name: pipSecSpiIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.1 + type: gauge + help: The number of the SPI associated with the Phase-2 Tunnel Table - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.1 + indexes: + - labelname: pipSecTunIndex + type: gauge + - labelname: pipSecSpiIndex + type: gauge + - name: pipSecSpiDirection + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.2 + type: gauge + help: The direction of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.2 + indexes: + - labelname: pipSecTunIndex + type: gauge + - labelname: pipSecSpiIndex + type: gauge + enum_values: + 1: in + 2: out + - name: pipSecSpiValue + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.3 + type: gauge + help: The value of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.3 + indexes: + - labelname: pipSecTunIndex + type: gauge + - labelname: pipSecSpiIndex + type: gauge + - name: pipSecSpiProtocol + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.4 + type: gauge + help: The protocol of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.4 + indexes: + - labelname: pipSecTunIndex + type: gauge + - labelname: pipSecSpiIndex + type: gauge + enum_values: + 1: ah + 2: esp + 3: ipcomp + - name: pipSecSpiStatus + oid: 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.5 + type: gauge + help: The status of the SPI. - 1.3.6.1.4.1.119.2.3.84.3.1.3.4.1.5 + indexes: + - labelname: pipSecTunIndex + type: gauge + - labelname: pipSecSpiIndex + type: gauge + enum_values: + 1: active + 2: expiring + - name: pikeTunHistIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.1 + type: gauge + help: The index of the IPsec Phase-1 IKE Tunnel History Table - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.1 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistTermReason + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.2 + type: gauge + help: The reason the IPsec Phase-1 IKE Tunnel was terminated - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.2 + indexes: + - labelname: pikeTunHistIndex + type: gauge + enum_values: + 1: other + 2: normal + 3: operRequest + 4: peerDelRequest + 5: peerLost + 6: applicationInitiated + 7: xauthFailure + 8: localFailure + 9: checkPointReg + - name: pikeTunHistActiveIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.3 + type: gauge + help: The index of the previously active IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.3 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistPeerLocalType + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.4 + type: gauge + help: The type of local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.4 + indexes: + - labelname: pikeTunHistIndex + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - name: pikeTunHistPeerLocalValue + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.5 + type: DisplayString + help: The value of the local peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.5 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistPeerIntIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.6 + type: gauge + help: The internal index of the local-remote peer association - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.6 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistPeerRemoteType + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.7 + type: gauge + help: The type of remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.7 + indexes: + - labelname: pikeTunHistIndex + type: gauge + enum_values: + 1: idIpv4Addr + 2: idFqdn + 3: idDn + 4: idIpv6Addr + - name: pikeTunHistPeerRemoteValue + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.8 + type: DisplayString + help: The value of the remote peer identity - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.8 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistLocalAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.9 + type: OctetString + help: The IP address of the local endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.9 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistRemoteAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.11 + type: OctetString + help: The IP address of the remote endpoint for the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.11 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistNegoMode + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.13 + type: gauge + help: The negotiation mode of the IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.13 + indexes: + - labelname: pikeTunHistIndex + type: gauge + enum_values: + 1: main + 2: aggressive + - name: pikeTunHistDiffHellmanGrp + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.14 + type: gauge + help: The Diffie Hellman Group used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.14 + indexes: + - labelname: pikeTunHistIndex + type: gauge + enum_values: + 1: none + 2: modp768 + 3: modp1024 + 4: modp1536 + 5: modp2048 + - name: pikeTunHistEncryptAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.15 + type: gauge + help: The encryption algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.15 + indexes: + - labelname: pikeTunHistIndex + type: gauge + enum_values: + 1: none + 2: des + 3: des3 + 4: aes + 9: "null" + - name: pikeTunHistHashAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.16 + type: gauge + help: The hash algorithm used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.16 + indexes: + - labelname: pikeTunHistIndex + type: gauge + enum_values: + 1: none + 2: md5 + 3: sha + 4: sha2-256 + 5: sha2-384 + 6: sha2-512 + - name: pikeTunHistAuthMethod + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.17 + type: gauge + help: The authentication method used in IPsec Phase-1 IKE negotiations. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.17 + indexes: + - labelname: pikeTunHistIndex + type: gauge + enum_values: + 1: none + 2: preSharedKey + 3: rsaSig + 4: rsaEncrypt + 5: revPublicKey + - name: pikeTunHistLifeTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.18 + type: gauge + help: The negotiated LifeTime of the IPsec Phase-1 IKE Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.18 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistStartTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.19 + type: gauge + help: The value of sysUpTime in hundredths of seconds when the IPsec Phase-1 IKE tunnel was started. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.19 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistActiveTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.20 + type: gauge + help: The length of time the IPsec Phase-1 IKE tunnel was been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.20 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistInNotifys + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.26 + type: counter + help: The total number of notifys received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.26 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistInP2Exchgs + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.27 + type: counter + help: The total number of IPsec Phase-2 exchanges received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.27 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistInP2ExchgInvalids + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.28 + type: counter + help: The total number of IPsec Phase-2 exchanges received on this tunnel that were found to contain references to unrecognized security parameters. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.28 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistInP2ExchgRejects + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.29 + type: counter + help: The total number of IPsec Phase-2 exchanges received on this tunnel that were validated but were rejected by the local policy. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.29 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistInP2SaDelRequests + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.30 + type: counter + help: The total number of IPsec Phase-2 security association delete requests received by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.30 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistOutNotifys + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.34 + type: counter + help: The total number of notifys sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.34 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistOutP2Exchgs + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.35 + type: counter + help: The total number of IPsec Phase-2 exchanges sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.35 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistOutP2ExchgInvalids + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.36 + type: counter + help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were found by the peer to contain references to security parameters not recognized by the peer. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.36 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistOutP2ExchgRejects + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.37 + type: counter + help: The total number of IPsec Phase-2 exchanges sent on this tunnel that were validated by the peer but were rejected by the peer's policy. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.37 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pikeTunHistOutP2SaDelRequests + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.38 + type: counter + help: The total number of IPsec Phase-2 security association delete requests sent by this IPsec Phase-1 IKE Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.2.1.1.38 + indexes: + - labelname: pikeTunHistIndex + type: gauge + - name: pipSecTunHistIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.1 + type: gauge + help: The index of the IPsec Phase-2 Tunnel History Table - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.1 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistTermReason + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.2 + type: gauge + help: The reason the IPsec Phase-2 Tunnel was terminated - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.2 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: other + 2: normal + 3: operRequest + 4: peerDelRequest + 5: peerLost + 6: applicationInitiated + 7: xauthFailure + 8: seqNumRollOver + 9: checkPointReq + - name: pipSecTunHistActiveIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.3 + type: gauge + help: The index of the previously active IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.3 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistIkeTunnelIndex + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.4 + type: gauge + help: The index of the associated IPsec Phase-1 Tunnel (pikeTunIndex in the pikeTunnelTable). - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.4 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistLocalAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.5 + type: OctetString + help: The IP address of the local endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.5 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistRemoteAddr + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.6 + type: OctetString + help: The IP address of the remote endpoint for the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.6 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistKeyType + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.7 + type: gauge + help: The type of key used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.7 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: ike + 2: manual + - name: pipSecTunHistEncapMode + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.8 + type: gauge + help: The encapsulation mode used by the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.8 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: tunnel + 2: transport + - name: pipSecTunHistLifeSize + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.9 + type: gauge + help: The negotiated LifeSize of the IPsec Phase-2 Tunnel in kilobytes. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.9 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistLifeTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.10 + type: gauge + help: The negotiated LifeTime of the IPsec Phase-2 Tunnel in seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.10 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistStartTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.11 + type: gauge + help: The value of sysUpTime in hundredths of seconds when the IPsec Phase-2 Tunnel was started. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.11 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistActiveTime + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.12 + type: gauge + help: The length of time the IPsec Phase-2 Tunnel has been active in hundredths of seconds. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.12 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistTotalRefreshes + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.13 + type: counter + help: The total number of security association refreshes performed. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.13 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInSaDiffHellmanGrp + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.15 + type: gauge + help: The Diffie Hellman Group used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.15 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: none + 2: modp768 + 3: modp1024 + 4: modp1536 + 5: modp2048 + - name: pipSecTunHistInSaEncryptAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.16 + type: gauge + help: The encryption algorithm used by the inbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.16 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: none + 2: des + 3: des3 + 4: aes + 9: "null" + - name: pipSecTunHistInSaAhAuthAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.17 + type: gauge + help: The authentication algorithm used by the inbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.17 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: none + 2: hmacMd5 + 3: hmacSha + 4: hmacSha2-256 + 5: hmacSha2-384 + 6: hmacSha2-512 + - name: pipSecTunHistInSaEspAuthAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.18 + type: gauge + help: The authentication algorithm used by the inbound encapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.18 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: none + 2: hmacMd5 + 3: hmacSha + 4: hmacSha2-256 + 5: hmacSha2-384 + 6: hmacSha2-512 + - name: pipSecTunHistOutSaDiffHellmanGrp + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.20 + type: gauge + help: The Diffie Hellman Group used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.20 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: none + 2: modp768 + 3: modp1024 + 4: modp1536 + 5: modp2048 + - name: pipSecTunHistOutSaEncryptAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.21 + type: gauge + help: The encryption algorithm used by the outbound security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.21 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: none + 2: des + 3: des3 + 4: aes + 9: "null" + - name: pipSecTunHistOutSaAhAuthAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.22 + type: gauge + help: The authentication algorithm used by the outbound authentication header (AH) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.22 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: none + 2: hmacMd5 + 3: hmacSha + 4: hmacSha2-256 + 5: hmacSha2-384 + 6: hmacSha2-512 + - name: pipSecTunHistOutSaEspAuthAlgo + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.23 + type: gauge + help: The authentication algorithm used by the inbound ecapsulation security protocol (ESP) security association of the IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.23 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + enum_values: + 1: none + 2: hmacMd5 + 3: hmacSha + 4: hmacSha2-256 + 5: hmacSha2-384 + 6: hmacSha2-512 + - name: pipSecTunHistPmtu + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.25 + type: gauge + help: The Path MTU that was determined for this IPsec Phase-2 tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.25 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInOctets + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.26 + type: counter + help: The total number of octets received by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.26 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.32 + type: counter + help: The total number of packets received by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.32 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInDropPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.33 + type: counter + help: The total number of packets dropped during receive processing by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.33 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInReplayDropPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.34 + type: counter + help: The total number of packets dropped during receive processing due to Anti-Replay processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.34 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInAuths + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.35 + type: counter + help: The total number of inbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.35 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInAuthFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.36 + type: counter + help: The total number of inbound authentication's which ended in failure by this IPsec Phase-2 Tunnel . - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.36 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInDecrypts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.37 + type: counter + help: The total number of inbound decryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.37 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistInDecryptFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.38 + type: counter + help: The total number of inbound decryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.38 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistOutOctets + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.39 + type: counter + help: The total number of octets sent by this IPsec Phase-2 Tunnel - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.39 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistOutPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.45 + type: counter + help: The total number of packets sent by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.45 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistOutDropPkts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.46 + type: counter + help: The total number of packets dropped during send processing by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.46 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistOutAuths + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.47 + type: counter + help: The total number of outbound authentication's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.47 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistOutAuthFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.48 + type: counter + help: The total number of outbound authentication's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.48 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistOutEncrypts + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.49 + type: counter + help: The total number of outbound encryption's performed by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.49 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: pipSecTunHistOutEncryptFails + oid: 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.50 + type: counter + help: The total number of outbound encryption's which ended in failure by this IPsec Phase-2 Tunnel. - 1.3.6.1.4.1.119.2.3.84.3.1.4.3.1.1.50 + indexes: + - labelname: pipSecTunHistIndex + type: gauge + - name: picoLoginSessionIndex + oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.1 + type: gauge + help: Unique index for each login. - 1.3.6.1.4.1.119.2.3.84.4.1.1.1 + indexes: + - labelname: picoLoginSessionIndex + type: gauge + - name: picoLoginSessionStatus + oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.2 + type: gauge + help: Status of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.2 + indexes: + - labelname: picoLoginSessionIndex + type: gauge + enum_values: + 1: login + 2: logout + 3: fail + - name: picoLoginSessionPrivilege + oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.3 + type: gauge + help: User privilege of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.3 + indexes: + - labelname: picoLoginSessionIndex + type: gauge + enum_values: + 1: administrator + 2: monitor + 3: operator + 4: unknown + - name: picoLoginSessionProcessMode + oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.4 + type: gauge + help: User process status of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.4 + indexes: + - labelname: picoLoginSessionIndex + type: gauge + enum_values: + 1: operation + 2: configure + - name: picoLoginSessionTerminalType + oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.5 + type: gauge + help: Terminal type of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.5 + indexes: + - labelname: picoLoginSessionIndex + type: gauge + enum_values: + 1: unknown + 2: local + 3: remote + - name: picoLoginSessionPeerIpAddress + oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.6 + type: InetAddressIPv4 + help: Peer ipv4 address of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.6 + indexes: + - labelname: picoLoginSessionIndex + type: gauge + - name: picoLoginSessionPeerIpv6Address + oid: 1.3.6.1.4.1.119.2.3.84.4.1.1.7 + type: OctetString + help: Peer ipv6 address of a login session. - 1.3.6.1.4.1.119.2.3.84.4.1.1.7 + indexes: + - labelname: picoLoginSessionIndex + type: gauge + - name: picoConfigType + oid: 1.3.6.1.4.1.119.2.3.84.5.1 + type: gauge + help: Configuration type. - 1.3.6.1.4.1.119.2.3.84.5.1 + enum_values: + 1: default-config + 2: startup-config + 3: license + - name: picoConfigEventType + oid: 1.3.6.1.4.1.119.2.3.84.5.2 + type: gauge + help: Event type of configuration modified. - 1.3.6.1.4.1.119.2.3.84.5.2 + enum_values: + 1: write + 2: erase + - name: picoExtIfInstalledSlot + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.1 + type: gauge + help: The slot number in which the extension card was installed. - 1.3.6.1.4.1.119.2.3.84.6.1.1.1 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + - name: picoExtIfIndex + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.2 + type: gauge + help: A unique value for each extension card. - 1.3.6.1.4.1.119.2.3.84.6.1.1.2 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + - name: picoExtIfDescr + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.3 + type: DisplayString + help: A textual string containing information about the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.3 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + - name: picoExtIfUpperLayer + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.4 + type: gauge + help: Index of interface to upper layers. - 1.3.6.1.4.1.119.2.3.84.6.1.1.4 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + - name: picoExtIfType + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.5 + type: gauge + help: The type of interface,, distinguished according to the physical/link protocol(s) immediately `below' the network layer in the protocol stack. - 1.3.6.1.4.1.119.2.3.84.6.1.1.5 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + enum_values: + 6: ethernet-csmacd + 62: fastEther + - name: picoExtIfSpeed + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.6 + type: gauge + help: An estimate of the interface's current bandwidth in bits per second. - 1.3.6.1.4.1.119.2.3.84.6.1.1.6 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + - name: picoExtIfDuplex + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.7 + type: gauge + help: The current mode of this link. - 1.3.6.1.4.1.119.2.3.84.6.1.1.7 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + enum_values: + 1: halfduplex + 2: fullduplex + - name: picoExtIfEffectiveMtu + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.8 + type: gauge + help: The size of the largest datagram which can be sent/received on the interface, specified in octets. - 1.3.6.1.4.1.119.2.3.84.6.1.1.8 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + - name: picoExtIfPhysicalAddress + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.9 + type: PhysAddress48 + help: The interface's address at the protocol layer immediately `below' the network layer in the protocol stack. - 1.3.6.1.4.1.119.2.3.84.6.1.1.9 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + - name: picoExtIfAdminStatus + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.10 + type: gauge + help: The desired state of the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.10 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + enum_values: + 1: up + 2: down + 3: testing + - name: picoExtIfOperStatus + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.11 + type: gauge + help: The current operational state of the interface. - 1.3.6.1.4.1.119.2.3.84.6.1.1.11 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + enum_values: + 1: up + 2: down + 3: testing + - name: picoExtIfLastChange + oid: 1.3.6.1.4.1.119.2.3.84.6.1.1.12 + type: gauge + help: The value of sysUpTime at the time the interface entered its current operational state. - 1.3.6.1.4.1.119.2.3.84.6.1.1.12 + indexes: + - labelname: picoExtIfInstalledSlot + type: gauge + - labelname: picoExtIfIndex + type: gauge + - name: picoNetmonWatchgroupIndex + oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.1 + type: gauge + help: Unique index for each Netmon Watchgroup. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.1 + indexes: + - labelname: picoNetmonWatchgroupIndex + type: gauge + - name: picoNetmonWatchgroupName + oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.2 + type: DisplayString + help: Netmon Watchgroup Name. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.2 + indexes: + - labelname: picoNetmonWatchgroupIndex + type: gauge + - name: picoNetmonWatchgroupSequenceNumber + oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.3 + type: gauge + help: Netmon Watchgroup sequence number. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.3 + indexes: + - labelname: picoNetmonWatchgroupIndex + type: gauge + - name: picoNetmonWatchgroupStatus + oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.4 + type: gauge + help: Status of a Netmon Watchgroup. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.4 + indexes: + - labelname: picoNetmonWatchgroupIndex + type: gauge + enum_values: + 1: normal + 2: stand + 3: disable + - name: picoNetmonWatchgroupVarianceCounts + oid: 1.3.6.1.4.1.119.2.3.84.7.1.1.1.5 + type: gauge + help: Netmon Watchgroup variance statistics. - 1.3.6.1.4.1.119.2.3.84.7.1.1.1.5 + indexes: + - labelname: picoNetmonWatchgroupIndex + type: gauge + - name: picoNgnIfIndex + oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.1 + type: gauge + help: The interface index value of the interface for which NGN is enabled. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.1 + indexes: + - labelname: picoNgnIfIndex + type: gauge + - name: picoNgnType + oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.2 + type: gauge + help: 'The mode of the NGN service can be: standard(1) :NGN service is standard - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.2' + indexes: + - labelname: picoNgnIfIndex + type: gauge + enum_values: + 1: standard + 2: numbergate + - name: picoNgnIfType + oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.3 + type: gauge + help: 'The type of the NGN interface can be: global(1) :NGN interface type is global - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.3' + indexes: + - labelname: picoNgnIfIndex + type: gauge + enum_values: + 1: global + 2: private + - name: picoNgnStatus + oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.4 + type: gauge + help: 'The state of the NGN SIP-UA register can be: notReady(1) :NGN service is not Ready - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.4' + indexes: + - labelname: picoNgnIfIndex + type: gauge + enum_values: + 1: notReady + 2: initializing + 3: registering + 4: registered + - name: picoNgnSipServerIpAddress + oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.5 + type: InetAddressIPv4 + help: The object of the SIP server address. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.5 + indexes: + - labelname: picoNgnIfIndex + type: gauge + - name: picoNgnSipUri + oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.6 + type: DisplayString + help: The object of the SIP URI. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.6 + indexes: + - labelname: picoNgnIfIndex + type: gauge + - name: picoNgnUpTime + oid: 1.3.6.1.4.1.119.2.3.84.9.1.1.1.7 + type: gauge + help: The time elapsed since registered. - 1.3.6.1.4.1.119.2.3.84.9.1.1.1.7 + indexes: + - labelname: picoNgnIfIndex + type: gauge + - name: picoNgnVpnIfIndex + oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.1 + type: gauge + help: The interface index value of the interface for which NGN binding is enabled. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.1 + indexes: + - labelname: picoNgnVpnIfIndex + type: gauge + - name: picoNgnVpnStatus + oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.2 + type: gauge + help: 'The state of the NGN SIP-UA session can be: disconnected(1):SIP session is disconnected - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.2' + indexes: + - labelname: picoNgnVpnIfIndex + type: gauge + enum_values: + 1: disconnected + 2: connecting + 3: connected + - name: picoNgnVpnPeerAddress + oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.3 + type: DisplayString + help: The object of the NGN peer address. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.3 + indexes: + - labelname: picoNgnVpnIfIndex + type: gauge + - name: picoNgnVpnBandwidth + oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.4 + type: gauge + help: The object of the NGN session bandwidth. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.4 + indexes: + - labelname: picoNgnVpnIfIndex + type: gauge + - name: picoNgnVpnUsedTime + oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.5 + type: gauge + help: The time elapsed since this connected NGN session. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.5 + indexes: + - labelname: picoNgnVpnIfIndex + type: gauge + - name: picoNgnVpnSbcIpAddress + oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.6 + type: InetAddressIPv4 + help: The object of the NGN session SBC address. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.6 + indexes: + - labelname: picoNgnVpnIfIndex + type: gauge + - name: picoNgnVpnSbcPort + oid: 1.3.6.1.4.1.119.2.3.84.9.1.2.1.7 + type: gauge + help: The object of the NGN session SBC port. - 1.3.6.1.4.1.119.2.3.84.9.1.2.1.7 + indexes: + - labelname: picoNgnVpnIfIndex + type: gauge + retries: 3 + timeout: 10s From 509eaf6866d018919c6dc8ebd4bddc0d1353727c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 20:05:48 +0900 Subject: [PATCH 0014/1209] add Signed-off-by: walnuts1018 --- k8s/apps/smartctl-exporter/helm.yaml | 33 ------------------- k8s/apps/smartctl-exporter/kustomization.yaml | 7 ---- k8s/argocdapps/smartctl-exporter/app.json5 | 4 +++ k8s/argocdapps/smartctl-exporter/helm.jsonnet | 9 +++++ k8s/argocdapps/smartctl-exporter/values.yaml | 16 +++++++++ 5 files changed, 29 insertions(+), 40 deletions(-) delete mode 100644 k8s/apps/smartctl-exporter/helm.yaml delete mode 100644 k8s/apps/smartctl-exporter/kustomization.yaml create mode 100644 k8s/argocdapps/smartctl-exporter/app.json5 create mode 100644 k8s/argocdapps/smartctl-exporter/helm.jsonnet create mode 100644 k8s/argocdapps/smartctl-exporter/values.yaml diff --git a/k8s/apps/smartctl-exporter/helm.yaml b/k8s/apps/smartctl-exporter/helm.yaml deleted file mode 100644 index b0d1a30dd..000000000 --- a/k8s/apps/smartctl-exporter/helm.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: smartctl-exporter -spec: - url: https://prometheus-community.github.io/helm-charts ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: smartctl-exporter -spec: - chart: - spec: - chart: prometheus-smartctl-exporter - version: 0.10.0 - values: - image: - repository: ghcr.io/joryirving/smartctl_exporter - tag: "0.12.0" - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9666" - prometheus.io/path: "/metrics" - serviceMonitor: - enabled: true - relabelings: - - sourceLabels: [__meta_kubernetes_pod_node_name] - separator: ; - regex: ^(.*)$ - targetLabel: node - replacement: $1 - action: replace diff --git a/k8s/apps/smartctl-exporter/kustomization.yaml b/k8s/apps/smartctl-exporter/kustomization.yaml deleted file mode 100644 index 466d5a0e1..000000000 --- a/k8s/apps/smartctl-exporter/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: monitoring -components: -- ../../components/helm -resources: -- helm.yaml diff --git a/k8s/argocdapps/smartctl-exporter/app.json5 b/k8s/argocdapps/smartctl-exporter/app.json5 new file mode 100644 index 000000000..d8564d5f0 --- /dev/null +++ b/k8s/argocdapps/smartctl-exporter/app.json5 @@ -0,0 +1,4 @@ +{ + name: "smartctl-exporter", + namespace: "monitoring", +} diff --git a/k8s/argocdapps/smartctl-exporter/helm.jsonnet b/k8s/argocdapps/smartctl-exporter/helm.jsonnet new file mode 100644 index 000000000..40c9ebaa5 --- /dev/null +++ b/k8s/argocdapps/smartctl-exporter/helm.jsonnet @@ -0,0 +1,9 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + + chart: 'prometheus-smartctl-exporter', + repoURL: 'https://prometheus-community.github.io/helm-charts', + targetRevision: '0.10.0', + values: (importstr 'values.yaml'), +} diff --git a/k8s/argocdapps/smartctl-exporter/values.yaml b/k8s/argocdapps/smartctl-exporter/values.yaml new file mode 100644 index 000000000..855e5f73b --- /dev/null +++ b/k8s/argocdapps/smartctl-exporter/values.yaml @@ -0,0 +1,16 @@ +image: + repository: ghcr.io/joryirving/smartctl_exporter + tag: "0.12.0" +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9666" + prometheus.io/path: "/metrics" +serviceMonitor: + enabled: true + relabelings: + - sourceLabels: [ __meta_kubernetes_pod_node_name ] + separator: ; + regex: ^(.*)$ + targetLabel: node + replacement: $1 + action: replace From c63e63e44da4b4539bf32e9fabecdb1d10d95d53 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 20:08:30 +0900 Subject: [PATCH 0015/1209] add Signed-off-by: walnuts1018 --- k8s/apps/mysql-default/kustomization.yaml | 5 - k8s/apps/mysql-default/mysqlcluster.yaml | 63 ---------- k8s/argocdapps/mysql-default/app.json5 | 4 + .../mysql-default/mysql-cluster.jsonnet | 110 ++++++++++++++++++ 4 files changed, 114 insertions(+), 68 deletions(-) delete mode 100644 k8s/apps/mysql-default/kustomization.yaml delete mode 100644 k8s/apps/mysql-default/mysqlcluster.yaml create mode 100644 k8s/argocdapps/mysql-default/app.json5 create mode 100644 k8s/argocdapps/mysql-default/mysql-cluster.jsonnet diff --git a/k8s/apps/mysql-default/kustomization.yaml b/k8s/apps/mysql-default/kustomization.yaml deleted file mode 100644 index c476fa28c..000000000 --- a/k8s/apps/mysql-default/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: databases -resources: -- mysqlcluster.yaml diff --git a/k8s/apps/mysql-default/mysqlcluster.yaml b/k8s/apps/mysql-default/mysqlcluster.yaml deleted file mode 100644 index 82aa28a0a..000000000 --- a/k8s/apps/mysql-default/mysqlcluster.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: moco.cybozu.com/v1beta2 -kind: MySQLCluster -metadata: - name: default -spec: - replicas: 3 - podTemplate: - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - test - topologyKey: "kubernetes.io/hostname" - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 10 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - mysql - topologyKey: "kubernetes.io/hostname" - containers: - - name: mysqld - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - image: ghcr.io/cybozu-go/moco/mysql:8.4.2 - resources: - requests: - memory: "400Mi" - limits: - memory: "2Gi" - volumeClaimTemplates: - - metadata: - name: mysql-data - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "longhorn" - resources: - requests: - storage: 10Gi - primaryServiceTemplate: - spec: - type: LoadBalancer - loadBalancerIP: "192.168.0.133" diff --git a/k8s/argocdapps/mysql-default/app.json5 b/k8s/argocdapps/mysql-default/app.json5 new file mode 100644 index 000000000..df38b1988 --- /dev/null +++ b/k8s/argocdapps/mysql-default/app.json5 @@ -0,0 +1,4 @@ +{ + name: "mysql-default", + namespace: "databases", +} diff --git a/k8s/argocdapps/mysql-default/mysql-cluster.jsonnet b/k8s/argocdapps/mysql-default/mysql-cluster.jsonnet new file mode 100644 index 000000000..190fad670 --- /dev/null +++ b/k8s/argocdapps/mysql-default/mysql-cluster.jsonnet @@ -0,0 +1,110 @@ +{ + apiVersion: 'moco.cybozu.com/v1beta2', + kind: 'MySQLCluster', + metadata: { + name: (import 'app.json5').name, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + replicas: 3, + podTemplate: { + spec: { + affinity: { + nodeAffinity: { + preferredDuringSchedulingIgnoredDuringExecution: [ + { + weight: 100, + preference: { + matchExpressions: [ + { + key: 'kubernetes.io/arch', + operator: 'In', + values: [ + 'amd64', + ], + }, + ], + }, + }, + ], + }, + podAntiAffinity: { + requiredDuringSchedulingIgnoredDuringExecution: [ + { + labelSelector: { + matchExpressions: [ + { + key: 'app.kubernetes.io/instance', + operator: 'In', + values: [ + 'test', + ], + }, + ], + }, + topologyKey: 'kubernetes.io/hostname', + }, + ], + preferredDuringSchedulingIgnoredDuringExecution: [ + { + weight: 10, + podAffinityTerm: { + labelSelector: { + matchExpressions: [ + { + key: 'app.kubernetes.io/name', + operator: 'In', + values: [ + 'mysql', + ], + }, + ], + }, + topologyKey: 'kubernetes.io/hostname', + }, + }, + ], + }, + }, + containers: [ + (import '../../components/container.libsonnet') { + name: 'mysqld', + image: 'ghcr.io/cybozu-go/moco/mysql:8.4.2', + resources: { + requests: { + memory: '400Mi', + }, + limits: { + memory: '2Gi', + }, + }, + }, + ], + }, + }, + volumeClaimTemplates: [ + { + metadata: { + name: 'mysql-data', + }, + spec: { + accessModes: [ + 'ReadWriteOnce', + ], + storageClassName: 'longhorn', + resources: { + requests: { + storage: '10Gi', + }, + }, + }, + }, + ], + primaryServiceTemplate: { + spec: { + type: 'LoadBalancer', + loadBalancerIP: '192.168.0.133', + }, + }, + }, +} From 7059eb9aa2df833040b43a86e3060db71c5a8855 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 20:10:32 +0900 Subject: [PATCH 0016/1209] add prometheus-oauth2-proxy configuration files Signed-off-by: walnuts1018 --- .../externalsecret.yaml | 28 ---------- k8s/apps/prometheus-oauth2-proxy/helm.yaml | 52 ------------------- .../kustomization.yaml | 9 ---- k8s/apps/prometheus-oauth2-proxy/redis.yaml | 51 ------------------ .../prometheus-oauth2-proxy/app.json5 | 4 ++ .../oauth2-proxy.jsonnet | 14 +++++ 6 files changed, 18 insertions(+), 140 deletions(-) delete mode 100644 k8s/apps/prometheus-oauth2-proxy/externalsecret.yaml delete mode 100644 k8s/apps/prometheus-oauth2-proxy/helm.yaml delete mode 100644 k8s/apps/prometheus-oauth2-proxy/kustomization.yaml delete mode 100644 k8s/apps/prometheus-oauth2-proxy/redis.yaml create mode 100644 k8s/argocdapps/prometheus-oauth2-proxy/app.json5 create mode 100644 k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet diff --git a/k8s/apps/prometheus-oauth2-proxy/externalsecret.yaml b/k8s/apps/prometheus-oauth2-proxy/externalsecret.yaml deleted file mode 100644 index d75de23ba..000000000 --- a/k8s/apps/prometheus-oauth2-proxy/externalsecret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: prometheus-oauth2-proxy -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: prometheus-oauth2-proxy - data: - - secretKey: client-id - remoteRef: - key: prometheus-oauth2-proxy - property: client-id - - secretKey: client-secret - remoteRef: - key: prometheus-oauth2-proxy - property: client-secret - - secretKey: cookie-secret - remoteRef: - key: prometheus-oauth2-proxy - property: cookie-secret - - secretKey: redis-password - remoteRef: - key: redis - property: password diff --git a/k8s/apps/prometheus-oauth2-proxy/helm.yaml b/k8s/apps/prometheus-oauth2-proxy/helm.yaml deleted file mode 100644 index e73bebf05..000000000 --- a/k8s/apps/prometheus-oauth2-proxy/helm.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: prometheus-oauth2-proxy -spec: - url: https://oauth2-proxy.github.io/manifests ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: prometheus-oauth2-proxy -spec: - chart: - spec: - chart: oauth2-proxy - version: 7.7.28 - values: - config: - existingSecret: prometheus-oauth2-proxy - configFile: |- - email_domains = [ "*" ] - upstreams = [ "http://prometheus-operated.monitoring.svc.cluster.local:9090" ] - pass_access_token = true - user_id_claim = "sub" - oidc_groups_claim="my:zitadel:grants" - allowed_groups = ["237477822715658605:prometheus-admin"] - - extraArgs: - provider: oidc - redirect-url: https://prometheus.walnuts.dev/oauth2/callback - oidc-issuer-url: https://auth.walnuts.dev - skip-provider-button: true - ingress: - enabled: true - className: nginx - path: / - pathType: Prefix - hosts: - - "prometheus.walnuts.dev" - sessionStorage: - type: redis - redis: - existingSecret: "prometheus-oauth2-proxy" - passwordKey: "redis-password" - clientType: "sentinel" - sentinel: - existingSecret: "prometheus-oauth2-proxy" - passwordKey: "redis-password" - masterName: "mymaster" - connectionUrls: "redis://prometheus-oauth2-proxy-redis:6379,redis://prometheus-oauth2-proxy-redis-sentinel:26379" - metrics: - enabled: true diff --git a/k8s/apps/prometheus-oauth2-proxy/kustomization.yaml b/k8s/apps/prometheus-oauth2-proxy/kustomization.yaml deleted file mode 100644 index 4fc7b7a1c..000000000 --- a/k8s/apps/prometheus-oauth2-proxy/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: monitoring -resources: -- externalsecret.yaml -- helm.yaml -- redis.yaml -components: -- ../../components/helm diff --git a/k8s/apps/prometheus-oauth2-proxy/redis.yaml b/k8s/apps/prometheus-oauth2-proxy/redis.yaml deleted file mode 100644 index 0dc17c6e2..000000000 --- a/k8s/apps/prometheus-oauth2-proxy/redis.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: prometheus-oauth2-proxy-redis - labels: - app.kubernetes.io/name: prometheus-oauth2-proxy-redis -spec: - clusterSize: 2 - kubernetesConfig: - image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "prometheus-oauth2-proxy" - key: "redis-password" - storage: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 ---- -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisSentinel -metadata: - name: prometheus-oauth2-proxy-redis - labels: - app.kubernetes.io/name: prometheus-oauth2-proxy-redis -spec: - clusterSize: 3 - redisSentinelConfig: - redisReplicationName: prometheus-oauth2-proxy-redis - masterGroupName: "mymaster" - redisPort: "6379" - quorum: "2" - parallelSyncs: "1" - failoverTimeout: "180000" - downAfterMilliseconds: "30000" - kubernetesConfig: - image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "prometheus-oauth2-proxy" - key: "redis-password" - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 diff --git a/k8s/argocdapps/prometheus-oauth2-proxy/app.json5 b/k8s/argocdapps/prometheus-oauth2-proxy/app.json5 new file mode 100644 index 000000000..8e83e57dd --- /dev/null +++ b/k8s/argocdapps/prometheus-oauth2-proxy/app.json5 @@ -0,0 +1,4 @@ +{ + name: "prometheus-oauth2-proxy", + namespace: "monitoring", +} diff --git a/k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet new file mode 100644 index 000000000..863df1e12 --- /dev/null +++ b/k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet @@ -0,0 +1,14 @@ +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') { + app:: { + name: 'prometheus', + namespace: (import 'app.json5').namespace, + }, + domain: 'prometheus.walnuts.dev', + upstream: 'http://prometheus-operated.monitoring.svc.cluster.local:9090', + oidc:: { + secret:: { + onepassword_item_name: 'rometheus-oauth2-proxy', + }, + allowed_group: '237477822715658605:prometheus-admin', + }, +} From 3a972cc8a5e93126de031033a22c02d13aa86b4e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 20:11:27 +0900 Subject: [PATCH 0017/1209] add Signed-off-by: walnuts1018 --- .../dashy-oauth2-proxy/externalsecret.yaml | 28 --- k8s/apps/dashy-oauth2-proxy/helm.yaml | 52 ------ .../dashy-oauth2-proxy/kustomization.yaml | 9 - k8s/apps/dashy-oauth2-proxy/redis.yaml | 51 ------ k8s/apps/dashy/deployment.yaml | 43 ----- k8s/apps/dashy/image-policy.yaml | 43 ----- k8s/apps/dashy/kustomization.yaml | 8 - k8s/apps/dashy/pvc.yaml | 12 -- k8s/apps/dashy/service.yaml | 14 -- k8s/apps/krakend/deployment.yaml | 50 ------ k8s/apps/krakend/image-policy.yaml | 43 ----- k8s/apps/krakend/ingress.yaml | 17 -- k8s/apps/krakend/krakend.json | 164 ------------------ k8s/apps/krakend/kustomization.yaml | 12 -- k8s/apps/krakend/service.yaml | 13 -- 15 files changed, 559 deletions(-) delete mode 100644 k8s/apps/dashy-oauth2-proxy/externalsecret.yaml delete mode 100644 k8s/apps/dashy-oauth2-proxy/helm.yaml delete mode 100644 k8s/apps/dashy-oauth2-proxy/kustomization.yaml delete mode 100644 k8s/apps/dashy-oauth2-proxy/redis.yaml delete mode 100644 k8s/apps/dashy/deployment.yaml delete mode 100644 k8s/apps/dashy/image-policy.yaml delete mode 100644 k8s/apps/dashy/kustomization.yaml delete mode 100644 k8s/apps/dashy/pvc.yaml delete mode 100644 k8s/apps/dashy/service.yaml delete mode 100644 k8s/apps/krakend/deployment.yaml delete mode 100644 k8s/apps/krakend/image-policy.yaml delete mode 100644 k8s/apps/krakend/ingress.yaml delete mode 100644 k8s/apps/krakend/krakend.json delete mode 100644 k8s/apps/krakend/kustomization.yaml delete mode 100644 k8s/apps/krakend/service.yaml diff --git a/k8s/apps/dashy-oauth2-proxy/externalsecret.yaml b/k8s/apps/dashy-oauth2-proxy/externalsecret.yaml deleted file mode 100644 index b129b01a9..000000000 --- a/k8s/apps/dashy-oauth2-proxy/externalsecret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: dashy-oauth2-proxy -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: dashy-oauth2-proxy - data: - - secretKey: client-id - remoteRef: - key: dashy-oauth2-proxy - property: client-id - - secretKey: client-secret - remoteRef: - key: dashy-oauth2-proxy - property: client-secret - - secretKey: cookie-secret - remoteRef: - key: dashy-oauth2-proxy - property: cookie-secret - - secretKey: redis-password - remoteRef: - key: redis - property: password diff --git a/k8s/apps/dashy-oauth2-proxy/helm.yaml b/k8s/apps/dashy-oauth2-proxy/helm.yaml deleted file mode 100644 index 806de0429..000000000 --- a/k8s/apps/dashy-oauth2-proxy/helm.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: dashy-oauth2-proxy -spec: - url: https://oauth2-proxy.github.io/manifests ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: dashy-oauth2-proxy -spec: - chart: - spec: - chart: oauth2-proxy - version: 7.7.28 - values: - config: - existingSecret: dashy-oauth2-proxy - configFile: |- - email_domains = [ "*" ] - upstreams = [ "http://dashy.dashy.svc.cluster.local:8080/" ] - pass_access_token = true - user_id_claim = "sub" - oidc_groups_claim="my:zitadel:grants" - allowed_groups = ["237477822715658605:dashy"] - - extraArgs: - provider: oidc - redirect-url: https://dashy.walnuts.dev/oauth2/callback - oidc-issuer-url: https://auth.walnuts.dev - skip-provider-button: true - ingress: - enabled: true - className: nginx - path: / - pathType: Prefix - hosts: - - "dashy.walnuts.dev" - sessionStorage: - type: redis - redis: - existingSecret: "dashy-oauth2-proxy" - passwordKey: "redis-password" - clientType: "sentinel" - sentinel: - existingSecret: "dashy-oauth2-proxy" - passwordKey: "redis-password" - masterName: "mymaster" - connectionUrls: "redis://dashy-oauth2-proxy-redis:6379,redis://dashy-oauth2-proxy-redis-sentinel:26379" - metrics: - enabled: true diff --git a/k8s/apps/dashy-oauth2-proxy/kustomization.yaml b/k8s/apps/dashy-oauth2-proxy/kustomization.yaml deleted file mode 100644 index 140a4b3d0..000000000 --- a/k8s/apps/dashy-oauth2-proxy/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: dashy -resources: -- externalsecret.yaml -- helm.yaml -- redis.yaml -components: -- ../../components/helm diff --git a/k8s/apps/dashy-oauth2-proxy/redis.yaml b/k8s/apps/dashy-oauth2-proxy/redis.yaml deleted file mode 100644 index 2bf9414d0..000000000 --- a/k8s/apps/dashy-oauth2-proxy/redis.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: dashy-oauth2-proxy-redis - labels: - app.kubernetes.io/name: dashy-oauth2-proxy-redis -spec: - clusterSize: 2 - kubernetesConfig: - image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "dashy-oauth2-proxy" - key: "redis-password" - storage: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 ---- -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisSentinel -metadata: - name: dashy-oauth2-proxy-redis - labels: - app.kubernetes.io/name: dashy-oauth2-proxy-redis -spec: - clusterSize: 3 - redisSentinelConfig: - redisReplicationName: dashy-oauth2-proxy-redis - masterGroupName: "mymaster" - redisPort: "6379" - quorum: "2" - parallelSyncs: "1" - failoverTimeout: "180000" - downAfterMilliseconds: "30000" - kubernetesConfig: - image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "dashy-oauth2-proxy" - key: "redis-password" - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 diff --git a/k8s/apps/dashy/deployment.yaml b/k8s/apps/dashy/deployment.yaml deleted file mode 100644 index 7e72e987e..000000000 --- a/k8s/apps/dashy/deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dashy - labels: - app: dashy -spec: - replicas: 1 - selector: - matchLabels: - app: dashy - template: - metadata: - labels: - app: dashy - spec: - containers: - - name: dashy - # securityContext: - # readOnlyRootFilesystem: true - image: lissy93/dashy:3.1.0 # {"$imagepolicy": "dashy:dashy"} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - resources: - limits: {} - requests: - memory: 180Mi - env: - - name: NODE_ENV - value: "production" - volumeMounts: - - name: dashy - mountPath: /app/user-data - - name: tmp - mountPath: /tmp - volumes: - - name: dashy - persistentVolumeClaim: - claimName: dashy - - name: tmp - emptyDir: {} - priorityClassName: low diff --git a/k8s/apps/dashy/image-policy.yaml b/k8s/apps/dashy/image-policy.yaml deleted file mode 100644 index 7fcfa1517..000000000 --- a/k8s/apps/dashy/image-policy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: dashy -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/dashy - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/dashy - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: dashy -spec: - image: lissy93/dashy - interval: 2m0s ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: dashy -spec: - imageRepositoryRef: - name: dashy - policy: - semver: - range: ">=0.0.0" diff --git a/k8s/apps/dashy/kustomization.yaml b/k8s/apps/dashy/kustomization.yaml deleted file mode 100644 index 6f988e846..000000000 --- a/k8s/apps/dashy/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: dashy -resources: -- deployment.yaml -- service.yaml -- pvc.yaml -- image-policy.yaml diff --git a/k8s/apps/dashy/pvc.yaml b/k8s/apps/dashy/pvc.yaml deleted file mode 100644 index f3627c477..000000000 --- a/k8s/apps/dashy/pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: dashy -spec: - storageClassName: longhorn - volumeName: dashy - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/k8s/apps/dashy/service.yaml b/k8s/apps/dashy/service.yaml deleted file mode 100644 index 39634c669..000000000 --- a/k8s/apps/dashy/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: dashy - labels: - app: dashy -spec: - ports: - - name: http - port: 8080 - targetPort: 8080 - selector: - app: dashy - type: ClusterIP diff --git a/k8s/apps/krakend/deployment.yaml b/k8s/apps/krakend/deployment.yaml deleted file mode 100644 index 71df56bf5..000000000 --- a/k8s/apps/krakend/deployment.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: krakend -spec: - selector: - matchLabels: - app: krakend - replicas: 1 - template: - metadata: - labels: - app: krakend - spec: - containers: - - name: krakend - image: devopsfaith/krakend:2.7.2 # {"$imagepolicy": "krakend-system:krakend"} - ports: - - containerPort: 8080 - imagePullPolicy: IfNotPresent - command: ["/usr/bin/krakend"] - args: ["run", "-d", "-c", "/etc/krakend/krakend.json", "-p", "8080"] - securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - runAsUser: 1000 - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: - - name: config - mountPath: /etc/krakend - readOnly: true - env: - - name: KRAKEND_PORT - value: "8080" - resources: - limits: {} - requests: - memory: 50Mi - volumes: - - name: config - configMap: - name: krakend-configmap - items: - - key: krakend.json - path: krakend.json diff --git a/k8s/apps/krakend/image-policy.yaml b/k8s/apps/krakend/image-policy.yaml deleted file mode 100644 index ef5dd9250..000000000 --- a/k8s/apps/krakend/image-policy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: krakend -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/krakend - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/krakend - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: krakend -spec: - image: devopsfaith/krakend - interval: 2m0s ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: krakend -spec: - imageRepositoryRef: - name: krakend - policy: - semver: - range: ">=0.0.0" diff --git a/k8s/apps/krakend/ingress.yaml b/k8s/apps/krakend/ingress.yaml deleted file mode 100644 index f443aa5f5..000000000 --- a/k8s/apps/krakend/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: krakend -spec: - ingressClassName: "nginx" - rules: - - host: "api.walnuts.dev" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: krakend - port: - number: 8080 diff --git a/k8s/apps/krakend/krakend.json b/k8s/apps/krakend/krakend.json deleted file mode 100644 index a4bc2ee8c..000000000 --- a/k8s/apps/krakend/krakend.json +++ /dev/null @@ -1,164 +0,0 @@ -{ - "$schema": "https://www.krakend.io/schema/krakend.json", - "version": 3, - "name": "Main API Gateway", - "timeout": "3000ms", - "cache_ttl": "300s", - "output_encoding": "json", - "endpoints": [ - { - "endpoint": "/v1/httptest", - "method": "GET", - "output_encoding": "string", - "backend": [ - { - "url_pattern": "/", - "encoding": "string", - "sd": "static", - "method": "GET", - "host": ["http://http-dump.default.svc.cluster.local:8080"], - "disable_host_sanitize": false - } - ], - "extra_config": { - "auth/validator": { - "alg": "RS256", - "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs", - "cache": true - } - } - }, - { - "endpoint": "/machine-manager/v1/machines/start/{machineName}", - "method": "POST", - "output_encoding": "json", - "backend": [ - { - "url_pattern": "/v1/machines/start/{machineName}", - "encoding": "json", - "sd": "static", - "method": "POST", - "host": ["http://machine-status-api.default.svc.cluster.local"], - "disable_host_sanitize": false - } - ], - "extra_config": { - "auth/validator": { - "alg": "RS256", - "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs", - "cache": true - } - } - }, - { - "endpoint": "/machine-manager/v1/machines/start/{machineName}/automated", - "method": "POST", - "output_encoding": "json", - "backend": [ - { - "url_pattern": "/v1/machines/start/{machineName}/automated", - "encoding": "json", - "sd": "static", - "method": "POST", - "host": ["http://machine-status-api.default.svc.cluster.local"], - "disable_host_sanitize": false - } - ], - "extra_config": { - "auth/validator": { - "alg": "RS256", - "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs", - "cache": true - } - } - }, - { - "endpoint": "/machine-manager/v1/machines/stop/{machineName}", - "method": "POST", - "output_encoding": "json", - "backend": [ - { - "url_pattern": "/v1/machines/stop/{machineName}", - "encoding": "json", - "sd": "static", - "method": "POST", - "host": ["http://machine-status-api.default.svc.cluster.local"], - "disable_host_sanitize": false - } - ], - "extra_config": { - "auth/validator": { - "alg": "RS256", - "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs", - "cache": true - } - } - }, - { - "endpoint": "/machine-manager/v1/machines/stop/{machineName}/automated", - "method": "POST", - "output_encoding": "json", - "backend": [ - { - "url_pattern": "/v1/machines/stop/{machineName}/automated", - "encoding": "json", - "sd": "static", - "method": "POST", - "host": ["http://machine-status-api.default.svc.cluster.local"], - "disable_host_sanitize": false - } - ], - "extra_config": { - "auth/validator": { - "alg": "RS256", - "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs", - "cache": true - } - } - }, - { - "endpoint": "/machine-manager/v1/machines/status/{machineName}", - "method": "GET", - "output_encoding": "json", - "backend": [ - { - "url_pattern": "/v1/machines/status/{machineName}", - "encoding": "json", - "sd": "static", - "method": "GET", - "host": ["http://machine-status-api.default.svc.cluster.local"], - "disable_host_sanitize": false - } - ], - "extra_config": { - "auth/validator": { - "alg": "RS256", - "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs", - "cache": true - } - } - }, - { - "endpoint": "/machine-manager/v1/tasks/{taskId}", - "method": "GET", - "output_encoding": "json", - "backend": [ - { - "url_pattern": "/v1/tasks/{taskId}", - "encoding": "json", - "sd": "static", - "method": "GET", - "host": ["http://machine-status-api.default.svc.cluster.local"], - "disable_host_sanitize": false - } - ], - "extra_config": { - "auth/validator": { - "alg": "RS256", - "jwk_url": "https://auth.walnuts.dev/realms/master/protocol/openid-connect/certs", - "cache": true - } - } - } - ] -} diff --git a/k8s/apps/krakend/kustomization.yaml b/k8s/apps/krakend/kustomization.yaml deleted file mode 100644 index df1de826d..000000000 --- a/k8s/apps/krakend/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: krakend-system -resources: -- service.yaml -- deployment.yaml -- ingress.yaml -- image-policy.yaml -configMapGenerator: -- name: krakend-configmap - files: - - krakend.json diff --git a/k8s/apps/krakend/service.yaml b/k8s/apps/krakend/service.yaml deleted file mode 100644 index de31fc551..000000000 --- a/k8s/apps/krakend/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: krakend -spec: - type: ClusterIP - ports: - - name: http - port: 8080 - targetPort: 8080 - protocol: TCP - selector: - app: krakend From 0900f006924bb46c6efef93e1c0f51cf64433b44 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 20:20:24 +0900 Subject: [PATCH 0018/1209] add Signed-off-by: walnuts1018 --- k8s/apps/komga/externalsecret.yaml | 27 ------ k8s/apps/komga/image-policy.yaml | 43 --------- k8s/apps/komga/ingress.yaml | 20 ---- k8s/apps/komga/kustomization.yaml | 16 ---- k8s/apps/komga/pvc.yaml | 11 --- k8s/apps/komga/service.yaml | 13 --- k8s/apps/komga/statefulset.yaml | 57 ----------- k8s/argocdapps/komga/app.json5 | 4 + .../komga/config}/application.yml | 0 k8s/argocdapps/komga/configmap.jsonnet | 12 +++ k8s/argocdapps/komga/external-secret.jsonnet | 35 +++++++ k8s/argocdapps/komga/ingress.jsonnet | 36 +++++++ k8s/argocdapps/komga/pvc.jsonnet | 18 ++++ k8s/argocdapps/komga/service.jsonnet | 21 ++++ k8s/argocdapps/komga/statefulset.jsonnet | 96 +++++++++++++++++++ 15 files changed, 222 insertions(+), 187 deletions(-) delete mode 100644 k8s/apps/komga/externalsecret.yaml delete mode 100644 k8s/apps/komga/image-policy.yaml delete mode 100644 k8s/apps/komga/ingress.yaml delete mode 100644 k8s/apps/komga/kustomization.yaml delete mode 100644 k8s/apps/komga/pvc.yaml delete mode 100644 k8s/apps/komga/service.yaml delete mode 100644 k8s/apps/komga/statefulset.yaml create mode 100644 k8s/argocdapps/komga/app.json5 rename k8s/{apps/komga => argocdapps/komga/config}/application.yml (100%) create mode 100644 k8s/argocdapps/komga/configmap.jsonnet create mode 100644 k8s/argocdapps/komga/external-secret.jsonnet create mode 100644 k8s/argocdapps/komga/ingress.jsonnet create mode 100644 k8s/argocdapps/komga/pvc.jsonnet create mode 100644 k8s/argocdapps/komga/service.jsonnet create mode 100644 k8s/argocdapps/komga/statefulset.jsonnet diff --git a/k8s/apps/komga/externalsecret.yaml b/k8s/apps/komga/externalsecret.yaml deleted file mode 100644 index 7df1f8fc7..000000000 --- a/k8s/apps/komga/externalsecret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: komga-config -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: komga-config - template: - engineVersion: v2 - type: Opaque - templateFrom: - - target: Data - configMap: - name: komga-config - items: - - key: application.yml - templateAs: Values - data: - - secretKey: clientsecret - remoteRef: - key: komga - property: client-secret - diff --git a/k8s/apps/komga/image-policy.yaml b/k8s/apps/komga/image-policy.yaml deleted file mode 100644 index 4fa68de6c..000000000 --- a/k8s/apps/komga/image-policy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: komga -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/komga - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/komga - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: komga -spec: - image: gotson/komga - interval: 2m0s ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: komga -spec: - imageRepositoryRef: - name: komga - policy: - semver: - range: ">=0.0.0" diff --git a/k8s/apps/komga/ingress.yaml b/k8s/apps/komga/ingress.yaml deleted file mode 100644 index 3d6be2440..000000000 --- a/k8s/apps/komga/ingress.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: 4G - name: komga -spec: - ingressClassName: "nginx" - rules: - - host: komga.walnuts.dev - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: komga - port: - name: http - diff --git a/k8s/apps/komga/kustomization.yaml b/k8s/apps/komga/kustomization.yaml deleted file mode 100644 index 332bbec1d..000000000 --- a/k8s/apps/komga/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: komga -resources: -- externalsecret.yaml -- service.yaml -- ingress.yaml -- statefulset.yaml -- pvc.yaml -- image-policy.yaml -configMapGenerator: -- name: komga-config - files: - - application.yml -generatorOptions: - disableNameSuffixHash: true diff --git a/k8s/apps/komga/pvc.yaml b/k8s/apps/komga/pvc.yaml deleted file mode 100644 index c955deaa9..000000000 --- a/k8s/apps/komga/pvc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: komga-config -spec: - storageClassName: longhorn - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi diff --git a/k8s/apps/komga/service.yaml b/k8s/apps/komga/service.yaml deleted file mode 100644 index eb7857aa7..000000000 --- a/k8s/apps/komga/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: komga -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: komga - type: ClusterIP diff --git a/k8s/apps/komga/statefulset.yaml b/k8s/apps/komga/statefulset.yaml deleted file mode 100644 index 0b4e402b9..000000000 --- a/k8s/apps/komga/statefulset.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: komga -spec: - selector: - matchLabels: - app: komga - serviceName: komga - replicas: 1 - template: - metadata: - labels: - app: komga - spec: - containers: - - name: komga - # securityContext: - # readOnlyRootFilesystem: true - image: gotson/komga:1.14.1 # {"$imagepolicy": "komga:komga"} - resources: - limits: {} - requests: - memory: 600Mi - ports: - - containerPort: 25600 - name: http - readinessProbe: - httpGet: - path: /actuator/health - port: http - volumeMounts: - - mountPath: /config - name: config-dir - - mountPath: /config/application.yml - name: config-file - subPath: application.yml - readOnly: true - - mountPath: /books - name: book-dir - - mountPath: /tmp - name: tmp - volumes: - - name: config-dir - persistentVolumeClaim: - claimName: komga-config - - name: config-file - secret: - secretName: komga-config - - name: book-dir - hostPath: - path: /mnt/data/share/Books - type: Directory - - emptyDir: {} - name: tmp - nodeSelector: - kubernetes.io/hostname: cake diff --git a/k8s/argocdapps/komga/app.json5 b/k8s/argocdapps/komga/app.json5 new file mode 100644 index 000000000..69a743855 --- /dev/null +++ b/k8s/argocdapps/komga/app.json5 @@ -0,0 +1,4 @@ +{ + name: "komga", + namespace: "komga", +} diff --git a/k8s/apps/komga/application.yml b/k8s/argocdapps/komga/config/application.yml similarity index 100% rename from k8s/apps/komga/application.yml rename to k8s/argocdapps/komga/config/application.yml diff --git a/k8s/argocdapps/komga/configmap.jsonnet b/k8s/argocdapps/komga/configmap.jsonnet new file mode 100644 index 000000000..78305a1ed --- /dev/null +++ b/k8s/argocdapps/komga/configmap.jsonnet @@ -0,0 +1,12 @@ +{ + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: (import 'app.json5').name + '-secret-template' + '-' + std.md5(std.toString($.data))[0:6], + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + data: { + 'application.yml': (importstr './config/application.yml'), + }, +} diff --git a/k8s/argocdapps/komga/external-secret.jsonnet b/k8s/argocdapps/komga/external-secret.jsonnet new file mode 100644 index 000000000..5f34fa6a6 --- /dev/null +++ b/k8s/argocdapps/komga/external-secret.jsonnet @@ -0,0 +1,35 @@ +std.mergePatch((import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + data: [ + { + secretKey: 'clientsecret', + remoteRef: { + key: 'komga', + property: 'client-secret', + }, + }, + ], +}, { + spec: { + target: { + template: { + engineVersion: 'v2', + type: 'Opaque', + templateFrom: [ + { + target: 'Data', + configMap: { + name: (import 'configmap.jsonnet').metadata.name, + items: [ + { + key: 'application.yml', + templateAs: 'Values', + }, + ], + }, + }, + ], + }, + }, + }, +}) diff --git a/k8s/argocdapps/komga/ingress.jsonnet b/k8s/argocdapps/komga/ingress.jsonnet new file mode 100644 index 000000000..429d92a35 --- /dev/null +++ b/k8s/argocdapps/komga/ingress.jsonnet @@ -0,0 +1,36 @@ +{ + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + annotations: { + 'nginx.ingress.kubernetes.io/proxy-body-size': '4G', + }, + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + ingressClassName: 'nginx', + rules: [ + { + host: 'komga.walnuts.dev', + http: { + paths: [ + { + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: (import 'service.jsonnet').metadata.name, + port: { + name: 'http', + }, + }, + }, + }, + ], + }, + }, + ], + }, +} diff --git a/k8s/argocdapps/komga/pvc.jsonnet b/k8s/argocdapps/komga/pvc.jsonnet new file mode 100644 index 000000000..dc845b10e --- /dev/null +++ b/k8s/argocdapps/komga/pvc.jsonnet @@ -0,0 +1,18 @@ +{ + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "komga-config" + }, + "spec": { + "storageClassName": "longhorn", + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "2Gi" + } + } + } +} diff --git a/k8s/argocdapps/komga/service.jsonnet b/k8s/argocdapps/komga/service.jsonnet new file mode 100644 index 000000000..e9869e0ae --- /dev/null +++ b/k8s/argocdapps/komga/service.jsonnet @@ -0,0 +1,21 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + ports: [ + { + name: 'http', + port: 80, + protocol: 'TCP', + targetPort: 'http', + }, + ], + selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + type: 'ClusterIP', + }, +} diff --git a/k8s/argocdapps/komga/statefulset.jsonnet b/k8s/argocdapps/komga/statefulset.jsonnet new file mode 100644 index 000000000..f348ebcdc --- /dev/null +++ b/k8s/argocdapps/komga/statefulset.jsonnet @@ -0,0 +1,96 @@ +{ + apiVersion: 'apps/v1', + kind: 'StatefulSet', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + serviceName: (import 'service.jsonnet').metadata.name, + replicas: 1, + template: { + metadata: { + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + containers: [ + (import '../../components/container.libsonnet') { + name: 'komga', + image: 'gotson/komga:1.14.1', + resources: { + limits: {}, + requests: { + memory: '600Mi', + }, + }, + securityContext:: null, + ports: [ + { + containerPort: 25600, + name: 'http', + }, + ], + readinessProbe: { + httpGet: { + path: '/actuator/health', + port: 'http', + }, + }, + volumeMounts: [ + { + mountPath: '/config', + name: 'config-dir', + }, + { + mountPath: '/config/application.yml', + name: 'config-file', + subPath: 'application.yml', + readOnly: true, + }, + { + mountPath: '/books', + name: 'book-dir', + }, + { + mountPath: '/tmp', + name: 'tmp', + }, + ], + }, + ], + volumes: [ + { + name: 'config-dir', + persistentVolumeClaim: { + claimName: (import 'pvc.jsonnet').metadata.name, + }, + }, + { + name: 'config-file', + secret: { + secretName: (import 'external-secret.jsonnet').spec.target.name, + }, + }, + { + name: 'book-dir', + hostPath: { + path: '/mnt/data/share/Books', + type: 'Directory', + }, + }, + { + emptyDir: {}, + name: 'tmp', + }, + ], + nodeSelector: { + 'kubernetes.io/hostname': 'cake', + }, + }, + }, + }, +} From 6f3156e60171c20f253cf97c117f713cc3062e26 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 20:21:31 +0900 Subject: [PATCH 0019/1209] add Signed-off-by: walnuts1018 --- k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet index 863df1e12..00d23ba92 100644 --- a/k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet +++ b/k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet @@ -7,7 +7,7 @@ upstream: 'http://prometheus-operated.monitoring.svc.cluster.local:9090', oidc:: { secret:: { - onepassword_item_name: 'rometheus-oauth2-proxy', + onepassword_item_name: 'prometheus-oauth2-proxy', }, allowed_group: '237477822715658605:prometheus-admin', }, From d57d6bcf657ffe95773febe1f3b3bee85f2ee290 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 20:25:15 +0900 Subject: [PATCH 0020/1209] update oauth2-proxy configuration to use metadata.name and enhance secret_name generation Signed-off-by: walnuts1018 --- k8s/components/oauth2-proxy/external-secret.libsonnet | 2 +- k8s/components/oauth2-proxy/oauth2-proxy.libsonnet | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/k8s/components/oauth2-proxy/external-secret.libsonnet b/k8s/components/oauth2-proxy/external-secret.libsonnet index 110d6b144..7ea8aa88e 100644 --- a/k8s/components/oauth2-proxy/external-secret.libsonnet +++ b/k8s/components/oauth2-proxy/external-secret.libsonnet @@ -14,7 +14,7 @@ }, refreshInterval: '1m', target: { - name: $.name, + name: $.metadata.name, }, data: [ { diff --git a/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet b/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet index 5666f861e..b6d3d943f 100644 --- a/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet +++ b/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet @@ -12,8 +12,7 @@ allowed_group:: error 'allowed_group is required', }, - secret_name:: $.app.name + '-oauth2-proxy', - + secret_name:: $.app.name + '-oauth2-proxy' + '-' + std.md5(std.toString($.oidc.secret))[0:6], redis:: (import './redis.libsonnet') { name: $.app.name + '-oauth2-proxy-redis', secret_name: $.secret_name, From cf782863d2d196969c18564b2b7f6436658d2515 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 11:41:54 +0000 Subject: [PATCH 0021/1209] Update Helm release prometheus-smartctl-exporter to v0.11.0 --- k8s/argocdapps/smartctl-exporter/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argocdapps/smartctl-exporter/helm.jsonnet b/k8s/argocdapps/smartctl-exporter/helm.jsonnet index 40c9ebaa5..e8968ee42 100644 --- a/k8s/argocdapps/smartctl-exporter/helm.jsonnet +++ b/k8s/argocdapps/smartctl-exporter/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'prometheus-smartctl-exporter', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '0.10.0', + targetRevision: '0.11.0', values: (importstr 'values.yaml'), } From fc6a0baf76e3f766151feb865c84236a0dfc3fed Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 21:02:40 +0900 Subject: [PATCH 0022/1209] add Kibana and Elasticsearch Signed-off-by: walnuts1018 --- k8s/apps/elasticsearch/deployment.yaml | 58 ---------- k8s/apps/elasticsearch/image-policy.yaml | 43 -------- k8s/apps/elasticsearch/kustomization.yaml | 12 --- k8s/apps/elasticsearch/pvc.yaml | 14 --- k8s/apps/elasticsearch/service.yaml | 12 --- k8s/apps/kibana/deployment.yaml | 40 ------- k8s/apps/kibana/image-policy.yaml | 43 -------- k8s/apps/kibana/kustomization.yaml | 8 -- .../kibana/oauth2-proxy/externalsecret.yaml | 28 ----- k8s/apps/kibana/oauth2-proxy/helm.yaml | 52 --------- .../kibana/oauth2-proxy/kustomization.yaml | 8 -- k8s/apps/kibana/oauth2-proxy/redis.yaml | 51 --------- k8s/apps/kibana/service.yaml | 14 --- k8s/argocdapps/elasticsearch/app.json5 | 4 + .../config}/elasticsearch-plugins.yml | 0 .../elasticsearch/configmap.jsonnet | 8 ++ .../elasticsearch/deployment.jsonnet | 100 ++++++++++++++++++ k8s/argocdapps/elasticsearch/pvc.jsonnet | 23 ++++ k8s/argocdapps/elasticsearch/service.jsonnet | 20 ++++ k8s/argocdapps/kibana/app.json5 | 4 + k8s/argocdapps/kibana/deployment.jsonnet | 62 +++++++++++ k8s/argocdapps/kibana/oauth2-proxy.jsonnet | 14 +++ k8s/argocdapps/kibana/service.jsonnet | 20 ++++ k8s/argocdapps/samba-backup/configmap.jsonnet | 11 +- .../configmap.jsonnet | 11 +- k8s/components/configmap.libsonnet | 5 + 26 files changed, 268 insertions(+), 397 deletions(-) delete mode 100644 k8s/apps/elasticsearch/deployment.yaml delete mode 100644 k8s/apps/elasticsearch/image-policy.yaml delete mode 100644 k8s/apps/elasticsearch/kustomization.yaml delete mode 100644 k8s/apps/elasticsearch/pvc.yaml delete mode 100644 k8s/apps/elasticsearch/service.yaml delete mode 100644 k8s/apps/kibana/deployment.yaml delete mode 100644 k8s/apps/kibana/image-policy.yaml delete mode 100644 k8s/apps/kibana/kustomization.yaml delete mode 100644 k8s/apps/kibana/oauth2-proxy/externalsecret.yaml delete mode 100644 k8s/apps/kibana/oauth2-proxy/helm.yaml delete mode 100644 k8s/apps/kibana/oauth2-proxy/kustomization.yaml delete mode 100644 k8s/apps/kibana/oauth2-proxy/redis.yaml delete mode 100644 k8s/apps/kibana/service.yaml create mode 100644 k8s/argocdapps/elasticsearch/app.json5 rename k8s/{apps/elasticsearch => argocdapps/elasticsearch/config}/elasticsearch-plugins.yml (100%) create mode 100644 k8s/argocdapps/elasticsearch/configmap.jsonnet create mode 100644 k8s/argocdapps/elasticsearch/deployment.jsonnet create mode 100644 k8s/argocdapps/elasticsearch/pvc.jsonnet create mode 100644 k8s/argocdapps/elasticsearch/service.jsonnet create mode 100644 k8s/argocdapps/kibana/app.json5 create mode 100644 k8s/argocdapps/kibana/deployment.jsonnet create mode 100644 k8s/argocdapps/kibana/oauth2-proxy.jsonnet create mode 100644 k8s/argocdapps/kibana/service.jsonnet diff --git a/k8s/apps/elasticsearch/deployment.yaml b/k8s/apps/elasticsearch/deployment.yaml deleted file mode 100644 index 269fe80ae..000000000 --- a/k8s/apps/elasticsearch/deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: elasticsearch -spec: - replicas: 1 - selector: - matchLabels: - app: elasticsearch - template: - metadata: - labels: - app: elasticsearch - spec: - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: "OnRootMismatch" - containers: - - name: elasticsearch - securityContext: - seccompProfile: - type: RuntimeDefault - # readOnlyRootFilesystem: true - image: docker.elastic.co/elasticsearch/elasticsearch:8.15.3 # {"$imagepolicy": "elasticsearch:elasticsearch"} - ports: - - containerPort: 9200 - resources: - requests: - cpu: "0" - memory: 3000Mi - limits: - cpu: "1" - memory: "6000Mi" - env: - - name: discovery.type - value: single-node - - name: cluster.name - value: kurumi - - name: xpack.security.enabled - value: "false" - volumeMounts: - - name: config - mountPath: "/usr/share/elasticsearch/config/elasticsearch-plugins.yml" - subPath: "elasticsearch-plugins.yml" - readOnly: true - - name: data - mountPath: /usr/share/elasticsearch/data - - name: tmp - mountPath: /tmp - volumes: - - name: config - configMap: - name: elasticsearch-configmap - - name: data - persistentVolumeClaim: - claimName: elasticsearch - - name: tmp - emptyDir: {} diff --git a/k8s/apps/elasticsearch/image-policy.yaml b/k8s/apps/elasticsearch/image-policy.yaml deleted file mode 100644 index 00da3229f..000000000 --- a/k8s/apps/elasticsearch/image-policy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: elasticsearch -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/elasticsearch - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/elasticsearch - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: elasticsearch -spec: - image: docker.elastic.co/elasticsearch/elasticsearch - interval: 2m0s ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: elasticsearch -spec: - imageRepositoryRef: - name: elasticsearch - policy: - semver: - range: ">=0.0.0" diff --git a/k8s/apps/elasticsearch/kustomization.yaml b/k8s/apps/elasticsearch/kustomization.yaml deleted file mode 100644 index d04a95a2a..000000000 --- a/k8s/apps/elasticsearch/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: elasticsearch -resources: -- deployment.yaml -- service.yaml -- pvc.yaml -- image-policy.yaml -configMapGenerator: -- name: elasticsearch-configmap - files: - - elasticsearch-plugins.yml diff --git a/k8s/apps/elasticsearch/pvc.yaml b/k8s/apps/elasticsearch/pvc.yaml deleted file mode 100644 index ff1608f9c..000000000 --- a/k8s/apps/elasticsearch/pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: elasticsearch - labels: - recurring-job-group.longhorn.io/default: enabled -spec: - storageClassName: longhorn - volumeName: elasticsearch - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/k8s/apps/elasticsearch/service.yaml b/k8s/apps/elasticsearch/service.yaml deleted file mode 100644 index ebf008cf1..000000000 --- a/k8s/apps/elasticsearch/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: elasticsearch -spec: - selector: - app: elasticsearch - ports: - - protocol: TCP - port: 9200 - targetPort: 9200 - type: ClusterIP diff --git a/k8s/apps/kibana/deployment.yaml b/k8s/apps/kibana/deployment.yaml deleted file mode 100644 index 1f8df3dab..000000000 --- a/k8s/apps/kibana/deployment.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kibana - labels: - app: kibana -spec: - replicas: 1 - selector: - matchLabels: - app: kibana - template: - metadata: - labels: - app: kibana - spec: - containers: - - name: kibana - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - image: docker.elastic.co/kibana/kibana:8.15.3 # {"$imagepolicy": "elasticsearch:kibana"} - ports: - - name: http - containerPort: 5601 - env: - - name: ELASTICSEARCH_HOSTS - value: "http://elasticsearch.databases.svc.cluster.local:9200" - #- name: SERVER_PUBLICBASEURL - # value: "https://kibana.walnuts.dev" - resources: - limits: {} - requests: - memory: 500Mi - volumeMounts: - - mountPath: /usr/share/kibana/data - name: kibana-data - volumes: - - name: kibana-data - emptyDir: {} diff --git a/k8s/apps/kibana/image-policy.yaml b/k8s/apps/kibana/image-policy.yaml deleted file mode 100644 index 2d0cc6e98..000000000 --- a/k8s/apps/kibana/image-policy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: kibana -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/kibana - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/kibana - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: kibana -spec: - image: docker.elastic.co/kibana/kibana - interval: 2m0s ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: kibana -spec: - imageRepositoryRef: - name: kibana - policy: - semver: - range: ">=0.0.0" diff --git a/k8s/apps/kibana/kustomization.yaml b/k8s/apps/kibana/kustomization.yaml deleted file mode 100644 index 4c120cf5e..000000000 --- a/k8s/apps/kibana/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: elasticsearch -resources: -- deployment.yaml -- service.yaml -- ./oauth2-proxy -- image-policy.yaml diff --git a/k8s/apps/kibana/oauth2-proxy/externalsecret.yaml b/k8s/apps/kibana/oauth2-proxy/externalsecret.yaml deleted file mode 100644 index 351bcd3e0..000000000 --- a/k8s/apps/kibana/oauth2-proxy/externalsecret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: kibana-oauth2-proxy -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: kibana-oauth2-proxy - data: - - secretKey: client-id - remoteRef: - key: kibana-oauth2-proxy - property: client-id - - secretKey: client-secret - remoteRef: - key: kibana-oauth2-proxy - property: client-secret - - secretKey: cookie-secret - remoteRef: - key: kibana-oauth2-proxy - property: cookie-secret - - secretKey: redis-password - remoteRef: - key: redis - property: password diff --git a/k8s/apps/kibana/oauth2-proxy/helm.yaml b/k8s/apps/kibana/oauth2-proxy/helm.yaml deleted file mode 100644 index 8c9d86352..000000000 --- a/k8s/apps/kibana/oauth2-proxy/helm.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: kibana-oauth2-proxy -spec: - url: https://oauth2-proxy.github.io/manifests ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: kibana-oauth2-proxy -spec: - chart: - spec: - chart: oauth2-proxy - version: 7.7.28 - values: - config: - existingSecret: kibana-oauth2-proxy - configFile: |- - email_domains = [ "*" ] - upstreams = [ "http://kibana.elasticsearch.svc.cluster.local:5601" ] - pass_access_token = true - user_id_claim = "sub" - oidc_groups_claim="my:zitadel:grants" - allowed_groups = ["237477822715658605:kibana-admin"] - - extraArgs: - provider: oidc - redirect-url: https://kibana.walnuts.dev/oauth2/callback - oidc-issuer-url: https://auth.walnuts.dev - skip-provider-button: true - ingress: - enabled: true - className: nginx - path: / - pathType: Prefix - hosts: - - "kibana.walnuts.dev" - sessionStorage: - type: redis - redis: - existingSecret: "kibana-oauth2-proxy" - passwordKey: "redis-password" - clientType: "sentinel" - sentinel: - existingSecret: "kibana-oauth2-proxy" - passwordKey: "redis-password" - masterName: "mymaster" - connectionUrls: "redis://kibana-oauth2-proxy-redis:6379,redis://kibana-oauth2-proxy-redis-sentinel:26379" - metrics: - enabled: true diff --git a/k8s/apps/kibana/oauth2-proxy/kustomization.yaml b/k8s/apps/kibana/oauth2-proxy/kustomization.yaml deleted file mode 100644 index ba766e9f0..000000000 --- a/k8s/apps/kibana/oauth2-proxy/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- externalsecret.yaml -- helm.yaml -- redis.yaml -components: -- ../../../components/helm diff --git a/k8s/apps/kibana/oauth2-proxy/redis.yaml b/k8s/apps/kibana/oauth2-proxy/redis.yaml deleted file mode 100644 index 196cd6a05..000000000 --- a/k8s/apps/kibana/oauth2-proxy/redis.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: kibana-oauth2-proxy-redis - labels: - app.kubernetes.io/name: kibana-oauth2-proxy-redis -spec: - clusterSize: 2 - kubernetesConfig: - image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "kibana-oauth2-proxy" - key: "redis-password" - storage: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 ---- -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisSentinel -metadata: - name: kibana-oauth2-proxy-redis - labels: - app.kubernetes.io/name: kibana-oauth2-proxy-redis -spec: - clusterSize: 3 - redisSentinelConfig: - redisReplicationName: kibana-oauth2-proxy-redis - masterGroupName: "mymaster" - redisPort: "6379" - quorum: "2" - parallelSyncs: "1" - failoverTimeout: "180000" - downAfterMilliseconds: "30000" - kubernetesConfig: - image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "kibana-oauth2-proxy" - key: "redis-password" - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 diff --git a/k8s/apps/kibana/service.yaml b/k8s/apps/kibana/service.yaml deleted file mode 100644 index b7e9d9f9f..000000000 --- a/k8s/apps/kibana/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kibana - labels: - app: kibana -spec: - ports: - - name: http - port: 5601 - targetPort: 5601 - selector: - app: kibana - type: ClusterIP diff --git a/k8s/argocdapps/elasticsearch/app.json5 b/k8s/argocdapps/elasticsearch/app.json5 new file mode 100644 index 000000000..244c3af04 --- /dev/null +++ b/k8s/argocdapps/elasticsearch/app.json5 @@ -0,0 +1,4 @@ +{ + name: "elasticsearch", + namespace: "elasticsearch", +} diff --git a/k8s/apps/elasticsearch/elasticsearch-plugins.yml b/k8s/argocdapps/elasticsearch/config/elasticsearch-plugins.yml similarity index 100% rename from k8s/apps/elasticsearch/elasticsearch-plugins.yml rename to k8s/argocdapps/elasticsearch/config/elasticsearch-plugins.yml diff --git a/k8s/argocdapps/elasticsearch/configmap.jsonnet b/k8s/argocdapps/elasticsearch/configmap.jsonnet new file mode 100644 index 000000000..cb7a9fddf --- /dev/null +++ b/k8s/argocdapps/elasticsearch/configmap.jsonnet @@ -0,0 +1,8 @@ +(import '../../components/configmap.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + data: { + 'elasticsearch-plugins.yml': (importstr './config/elasticsearch-plugins.yml'), + }, +} diff --git a/k8s/argocdapps/elasticsearch/deployment.jsonnet b/k8s/argocdapps/elasticsearch/deployment.jsonnet new file mode 100644 index 000000000..ab0c9de98 --- /dev/null +++ b/k8s/argocdapps/elasticsearch/deployment.jsonnet @@ -0,0 +1,100 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + template: { + metadata: { + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + securityContext: { + fsGroup: 1000, + fsGroupChangePolicy: 'OnRootMismatch', + }, + containers: [ + (import '../../components/container.libsonnet') { + name: 'elasticsearch', + securityContext: { + seccompProfile: { + type: 'RuntimeDefault', + }, + }, + image: 'docker.elastic.co/elasticsearch/elasticsearch:8.15.3', + ports: [ + { + containerPort: 9200, + }, + ], + resources: { + requests: { + cpu: '0', + memory: '3000Mi', + }, + limits: { + cpu: '1', + memory: '6000Mi', + }, + }, + env: [ + { + name: 'discovery.type', + value: 'single-node', + }, + { + name: 'cluster.name', + value: 'kurumi', + }, + { + name: 'xpack.security.enabled', + value: 'false', + }, + ], + volumeMounts: [ + { + name: 'config', + mountPath: '/usr/share/elasticsearch/config/elasticsearch-plugins.yml', + subPath: 'elasticsearch-plugins.yml', + readOnly: true, + }, + { + name: 'data', + mountPath: '/usr/share/elasticsearch/data', + }, + { + name: 'tmp', + mountPath: '/tmp', + }, + ], + }, + ], + volumes: [ + { + name: 'config', + configMap: { + name: (import 'configmap.jsonnet').metadata.name, + }, + }, + { + name: 'data', + persistentVolumeClaim: { + claimName: (import 'pvc.jsonnet').metadata.name, + }, + }, + { + name: 'tmp', + emptyDir: {}, + }, + ], + }, + }, + }, +} diff --git a/k8s/argocdapps/elasticsearch/pvc.jsonnet b/k8s/argocdapps/elasticsearch/pvc.jsonnet new file mode 100644 index 000000000..0a5922ce0 --- /dev/null +++ b/k8s/argocdapps/elasticsearch/pvc.jsonnet @@ -0,0 +1,23 @@ +{ + apiVersion: 'v1', + kind: 'PersistentVolumeClaim', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: std.mergePatch((import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, { + 'recurring-job-group.longhorn.io/default': 'enabled', + }), + }, + spec: { + storageClassName: 'longhorn', + volumeName: 'elasticsearch', + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '1Gi', + }, + }, + }, +} diff --git a/k8s/argocdapps/elasticsearch/service.jsonnet b/k8s/argocdapps/elasticsearch/service.jsonnet new file mode 100644 index 000000000..15fabb5f1 --- /dev/null +++ b/k8s/argocdapps/elasticsearch/service.jsonnet @@ -0,0 +1,20 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + ports: [ + { + protocol: 'TCP', + port: 9200, + targetPort: 9200, + }, + ], + type: 'ClusterIP', + }, +} diff --git a/k8s/argocdapps/kibana/app.json5 b/k8s/argocdapps/kibana/app.json5 new file mode 100644 index 000000000..787f9cf21 --- /dev/null +++ b/k8s/argocdapps/kibana/app.json5 @@ -0,0 +1,4 @@ +{ + name: "kibana", + namespace: "elasticsearch", +} diff --git a/k8s/argocdapps/kibana/deployment.jsonnet b/k8s/argocdapps/kibana/deployment.jsonnet new file mode 100644 index 000000000..ced14473d --- /dev/null +++ b/k8s/argocdapps/kibana/deployment.jsonnet @@ -0,0 +1,62 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + template: { + metadata: { + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + containers: [ + { + name: 'kibana', + securityContext: { + readOnlyRootFilesystem: true, + runAsNonRoot: true, + }, + image: 'docker.elastic.co/kibana/kibana:8.15.3', + ports: [ + { + name: 'http', + containerPort: 5601, + }, + ], + env: [ + { + name: 'ELASTICSEARCH_HOSTS', + value: 'http://%s.%s.svc.cluster.local:9200' % [(import '../elasticsearch/service.jsonnet').metadata.name, (import '../elasticsearch/app.json5').namespace], + }, + ], + resources: { + limits: {}, + requests: { + memory: '500Mi', + }, + }, + volumeMounts: [ + { + mountPath: '/usr/share/kibana/data', + name: 'kibana-data', + }, + ], + }, + ], + volumes: [ + { + name: 'kibana-data', + emptyDir: {}, + }, + ], + }, + }, + }, +} diff --git a/k8s/argocdapps/kibana/oauth2-proxy.jsonnet b/k8s/argocdapps/kibana/oauth2-proxy.jsonnet new file mode 100644 index 000000000..6e0464162 --- /dev/null +++ b/k8s/argocdapps/kibana/oauth2-proxy.jsonnet @@ -0,0 +1,14 @@ +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') { + app:: { + name: 'kibana', + namespace: (import 'app.json5').namespace, + }, + domain: 'kibana.walnuts.dev', + upstream: 'http://kibana.elasticsearch.svc.cluster.local:5601', + oidc:: { + secret:: { + onepassword_item_name: 'kibana-oauth2-proxy', + }, + allowed_group: '237477822715658605:kibana-admin', + }, +} diff --git a/k8s/argocdapps/kibana/service.jsonnet b/k8s/argocdapps/kibana/service.jsonnet new file mode 100644 index 000000000..44822d10b --- /dev/null +++ b/k8s/argocdapps/kibana/service.jsonnet @@ -0,0 +1,20 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + ports: [ + { + name: 'http', + port: 5601, + targetPort: 5601, + }, + ], + selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + type: 'ClusterIP', + }, +} diff --git a/k8s/argocdapps/samba-backup/configmap.jsonnet b/k8s/argocdapps/samba-backup/configmap.jsonnet index fca1b3fd7..a73d047ba 100644 --- a/k8s/argocdapps/samba-backup/configmap.jsonnet +++ b/k8s/argocdapps/samba-backup/configmap.jsonnet @@ -1,11 +1,8 @@ -std.mergePatch((import '../../components/configmap.libsonnet') { +(import '../../components/configmap.libsonnet') { name: (import 'app.json5').name + '-script', + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, data: { 'backup.sh': (importstr './config/backup.sh'), }, -}, { - metadata: { - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, -}) +} diff --git a/k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet b/k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet index 158afd804..f7c4f87eb 100644 --- a/k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet +++ b/k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet @@ -1,11 +1,8 @@ -std.mergePatch((import '../../components/configmap.libsonnet') { +(import '../../components/configmap.libsonnet') { name: (import 'app.json5').name + '-emojis', + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, data: { 'emoji.json': (importstr './config/emoji.json'), }, -}, { - metadata: { - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, -}) +} diff --git a/k8s/components/configmap.libsonnet b/k8s/components/configmap.libsonnet index 73f8c496d..607c28d95 100644 --- a/k8s/components/configmap.libsonnet +++ b/k8s/components/configmap.libsonnet @@ -1,8 +1,13 @@ { name:: error 'name is required', + namespace:: error 'namespace is required', + labels:: {}, apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: $.name + '-' + std.md5(std.toString($.data))[0:6], + namespace: $.namespace, + labels: $.labels, }, + data: {}, } From 2519d2ffa24ae8ad716bf5b4616bf751e2a7a952 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 21:21:26 +0900 Subject: [PATCH 0023/1209] add Signed-off-by: walnuts1018 --- .../configurations.yaml | 5 - .../externalsecret.yaml | 28 ---- .../oekaki-dengon-game-oauth2-proxy/helm.yaml | 83 ------------ .../kustomization.yaml | 15 --- .../redis.yaml | 51 -------- .../oekaki-dengon-game/back/deployment.yaml | 72 ---------- .../oekaki-dengon-game/back/image-policy.yaml | 49 ------- .../back/kustomization.yaml | 6 - k8s/apps/oekaki-dengon-game/back/service.yaml | 14 -- .../oekaki-dengon-game/externalsecret.yaml | 28 ---- .../oekaki-dengon-game/front/deployment.yaml | 37 ------ .../front/image-policy.yaml | 49 ------- .../front/kustomization.yaml | 6 - .../oekaki-dengon-game/front/service.yaml | 14 -- .../oekaki-dengon-game/kustomization.yaml | 7 - .../mucaron/back/deployment.jsonnet | 6 +- k8s/argocdapps/mucaron/back/service.jsonnet | 4 +- .../mucaron/front/deployment.jsonnet | 6 +- k8s/argocdapps/mucaron/front/service.jsonnet | 4 +- k8s/argocdapps/oekaki-dengon-game/app.json5 | 4 + .../back/deployment.jsonnet | 123 ++++++++++++++++++ .../oekaki-dengon-game/back/service.jsonnet | 20 +++ .../external-secret.jsonnet | 34 +++++ .../front/deployment.jsonnet | 54 ++++++++ .../oekaki-dengon-game/front/service.jsonnet | 20 +++ .../oauth2-proxy/config}/robots.txt | 0 .../oauth2-proxy/configmap.jsonnet | 8 ++ .../oauth2-proxy/oauth2-proxy.jsonnet | 40 ++++++ k8s/components/oauth2-proxy/helm.libsonnet | 5 +- .../oauth2-proxy/oauth2-proxy.libsonnet | 3 + 30 files changed, 319 insertions(+), 476 deletions(-) delete mode 100644 k8s/apps/oekaki-dengon-game-oauth2-proxy/configurations.yaml delete mode 100644 k8s/apps/oekaki-dengon-game-oauth2-proxy/externalsecret.yaml delete mode 100644 k8s/apps/oekaki-dengon-game-oauth2-proxy/helm.yaml delete mode 100644 k8s/apps/oekaki-dengon-game-oauth2-proxy/kustomization.yaml delete mode 100644 k8s/apps/oekaki-dengon-game-oauth2-proxy/redis.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/back/deployment.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/back/image-policy.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/back/kustomization.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/back/service.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/externalsecret.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/front/deployment.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/front/image-policy.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/front/kustomization.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/front/service.yaml delete mode 100644 k8s/apps/oekaki-dengon-game/kustomization.yaml create mode 100644 k8s/argocdapps/oekaki-dengon-game/app.json5 create mode 100644 k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet create mode 100644 k8s/argocdapps/oekaki-dengon-game/back/service.jsonnet create mode 100644 k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet create mode 100644 k8s/argocdapps/oekaki-dengon-game/front/deployment.jsonnet create mode 100644 k8s/argocdapps/oekaki-dengon-game/front/service.jsonnet rename k8s/{apps/oekaki-dengon-game-oauth2-proxy => argocdapps/oekaki-dengon-game/oauth2-proxy/config}/robots.txt (100%) create mode 100644 k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet create mode 100644 k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/configurations.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/configurations.yaml deleted file mode 100644 index 17a3800ea..000000000 --- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/configurations.yaml +++ /dev/null @@ -1,5 +0,0 @@ -nameReference: -- kind: ConfigMap - fieldSpecs: - - path: spec/values/extraVolumes/configMap/name - kind: HelmRelease diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/externalsecret.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/externalsecret.yaml deleted file mode 100644 index 36d76420c..000000000 --- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/externalsecret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: oekaki-oauth2-proxy -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: oekaki-oauth2-proxy - data: - - secretKey: client-id - remoteRef: - key: oekaki-oauth2-proxy - property: client-id - - secretKey: client-secret - remoteRef: - key: oekaki-oauth2-proxy - property: client-secret - - secretKey: cookie-secret - remoteRef: - key: oekaki-oauth2-proxy - property: cookie-secret - - secretKey: redis-password - remoteRef: - key: redis - property: password diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/helm.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/helm.yaml deleted file mode 100644 index f8e4770cc..000000000 --- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/helm.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: oekaki-oauth2-proxy -spec: - url: https://oauth2-proxy.github.io/manifests ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: oekaki-oauth2-proxy -spec: - chart: - spec: - chart: oauth2-proxy - version: 7.7.28 - values: - config: - existingSecret: oekaki-oauth2-proxy - configFile: |- - email_domains = [ "*" ] - upstreams = [ "http://oekaki-dengon-game-front.oekaki-dengon-game.svc.cluster.local:3000/" ] - pass_access_token = true - user_id_claim = "sub" - oidc_groups_claim="my:zitadel:grants" - allowed_groups = ["237477822715658605:oekaki-admin"] - skip_auth_routes = ["/public","GET=/api","/_next", "/texture.png", "/favicon.ico", "site.webmanifest"] - custom_templates_dir = "/etc/oauth2-proxy/templates" - extraArgs: - provider: oidc - redirect-url: https://oekaki.walnuts.dev/oauth2/callback - oidc-issuer-url: https://auth.walnuts.dev - skip-provider-button: true - - extraVolumes: - - name: custom-templates - configMap: - name: oekaki-oauth2-proxy-templates - items: - - key: robots.txt - path: robots.txt - extraVolumeMounts: - - name: custom-templates - mountPath: /etc/oauth2-proxy/templates - readOnly: true - - ingress: - enabled: true - className: nginx - path: / - # Only used if API capabilities (networking.k8s.io/v1) allow it - pathType: Prefix - # Used to create an Ingress record. - hosts: - - "oekaki.walnuts.dev" - - # Configure the session storage type, between cookie and redis - sessionStorage: - # Can be one of the supported session storage cookie|redis - type: redis - redis: - # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`) - existingSecret: "oekaki-oauth2-proxy" - # Key of the Kubernetes secret data containing the redis password value - passwordKey: "redis-password" - # Can be one of standalone|cluster|sentinel - clientType: "sentinel" - sentinel: - existingSecret: "oekaki-oauth2-proxy" - passwordKey: "redis-password" - # Redis sentinel master name - masterName: "mymaster" - # List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) - connectionUrls: "redis://oekaki-oauth2-proxy-redis:6379,redis://oekaki-oauth2-proxy-redis-sentinel:26379" - - metrics: - enabled: true - - resources: - limits: - memory: 512Mi - requests: - memory: 10Mi diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/kustomization.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/kustomization.yaml deleted file mode 100644 index c8498e8c7..000000000 --- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: oekaki-dengon-game -resources: -- externalsecret.yaml -- helm.yaml -- redis.yaml -components: -- ../../components/helm -configMapGenerator: -- name: oekaki-oauth2-proxy-templates - files: - - robots.txt -configurations: -- configurations.yaml diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/redis.yaml b/k8s/apps/oekaki-dengon-game-oauth2-proxy/redis.yaml deleted file mode 100644 index 98504399f..000000000 --- a/k8s/apps/oekaki-dengon-game-oauth2-proxy/redis.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: oekaki-oauth2-proxy-redis - labels: - app.kubernetes.io/name: oekaki-oauth2-proxy-redis -spec: - clusterSize: 2 - kubernetesConfig: - image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "oekaki-oauth2-proxy" - key: "redis-password" - storage: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 ---- -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisSentinel -metadata: - name: oekaki-oauth2-proxy-redis - labels: - app.kubernetes.io/name: oekaki-oauth2-proxy-redis -spec: - clusterSize: 3 - redisSentinelConfig: - redisReplicationName: oekaki-oauth2-proxy-redis - masterGroupName: "mymaster" - redisPort: "6379" - quorum: "2" - parallelSyncs: "1" - failoverTimeout: "180000" - downAfterMilliseconds: "30000" - kubernetesConfig: - image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "oekaki-oauth2-proxy" - key: "redis-password" - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 diff --git a/k8s/apps/oekaki-dengon-game/back/deployment.yaml b/k8s/apps/oekaki-dengon-game/back/deployment.yaml deleted file mode 100644 index 84660f78c..000000000 --- a/k8s/apps/oekaki-dengon-game/back/deployment.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: oekaki-dengon-game-back - labels: - app: oekaki-dengon-game-back -spec: - replicas: 1 - selector: - matchLabels: - app: oekaki-dengon-game-back - template: - metadata: - labels: - app: oekaki-dengon-game-back - annotations: - instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' - instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/app/server' - spec: - containers: - - name: oekaki-dengon-game-back - securityContext: - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - image: "ghcr.io/kmc-jp/oekaki-dengon-game-back:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-13" # {"$imagepolicy": "oekaki-dengon-game:oekaki-dengon-game-back"} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - env: - - name: GIN_MODE - value: "release" - - name: POSTGRES_ADMIN_USER - value: "postgres" - - name: POSTGRES_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: oekaki-dengon-game-secret - key: postgres-admin-password - - name: POSTGRES_USER - value: "oekaki_dengon_game" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: oekaki-dengon-game-secret - key: postgres-user-password - - name: POSTGRES_DB - value: oekaki_dengon_game - - name: POSTGRES_HOST - value: "postgresql-default.databases.svc.cluster.local" - - name: POSTGRES_PORT - value: "5432" - - name: MINIO_ENDPOINT - value: "minio.walnuts.dev" - - name: MINIO_ACCESS_KEY - valueFrom: - secretKeyRef: - name: oekaki-dengon-game-secret - key: minio-access-key - - name: MINIO_SECRET_KEY - valueFrom: - secretKeyRef: - name: oekaki-dengon-game-secret - key: minio-secret-key - - name: MINIO_BUCKET - value: "oekaki-dengon-game" - - name: MINIO_KEY_PREFIX - value: "" - resources: - requests: - memory: 10Mi - limits: {} diff --git a/k8s/apps/oekaki-dengon-game/back/image-policy.yaml b/k8s/apps/oekaki-dengon-game/back/image-policy.yaml deleted file mode 100644 index 0d4ab33ff..000000000 --- a/k8s/apps/oekaki-dengon-game/back/image-policy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: oekaki-dengon-game-back -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/oekaki-dengon-game-back - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/oekaki-dengon-game/back - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: oekaki-dengon-game-back -spec: - image: ghcr.io/kmc-jp/oekaki-dengon-game-back - interval: 2m0s - secretRef: - name: ghcr-login-secret ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: oekaki-dengon-game-back -spec: - imageRepositoryRef: - name: oekaki-dengon-game-back - filterTags: - ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number - pattern: ".*-[a-f0-9]+-(?P[0-9]+)" - extract: "$ts" - policy: - numerical: - order: asc diff --git a/k8s/apps/oekaki-dengon-game/back/kustomization.yaml b/k8s/apps/oekaki-dengon-game/back/kustomization.yaml deleted file mode 100644 index ef7633829..000000000 --- a/k8s/apps/oekaki-dengon-game/back/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -- image-policy.yaml diff --git a/k8s/apps/oekaki-dengon-game/back/service.yaml b/k8s/apps/oekaki-dengon-game/back/service.yaml deleted file mode 100644 index 62b52c640..000000000 --- a/k8s/apps/oekaki-dengon-game/back/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: oekaki-dengon-game-back - labels: - app: oekaki-dengon-game-back -spec: - ports: - - name: http - port: 8080 - targetPort: 8080 - selector: - app: oekaki-dengon-game-back - type: ClusterIP diff --git a/k8s/apps/oekaki-dengon-game/externalsecret.yaml b/k8s/apps/oekaki-dengon-game/externalsecret.yaml deleted file mode 100644 index db204ec5d..000000000 --- a/k8s/apps/oekaki-dengon-game/externalsecret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: oekaki-dengon-game-secret -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: oekaki-dengon-game-secret - data: - - secretKey: postgres-admin-password - remoteRef: - key: postgres_passwords - property: postgres - - secretKey: postgres-user-password - remoteRef: - key: postgres_passwords - property: oekaki-dengon-game - - secretKey: minio-access-key - remoteRef: - key: oekaki-dengon-game - property: minio-access-key - - secretKey: minio-secret-key - remoteRef: - key: oekaki-dengon-game - property: minio-secret-key diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.yaml b/k8s/apps/oekaki-dengon-game/front/deployment.yaml deleted file mode 100644 index 532e6b105..000000000 --- a/k8s/apps/oekaki-dengon-game/front/deployment.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: oekaki-dengon-game-front - labels: - app: oekaki-dengon-game-front -spec: - replicas: 1 - selector: - matchLabels: - app: oekaki-dengon-game-front - template: - metadata: - labels: - app: oekaki-dengon-game-front - spec: - imagePullSecrets: - - name: ghcr-login-secret - containers: - - name: oekaki-dengon-game-front - securityContext: - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - image: ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-87 # {"$imagepolicy": "oekaki-dengon-game:oekaki-dengon-game-front"} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 3000 - env: - - name: API_URL - value: "http://oekaki-dengon-game-back.oekaki-dengon-game.svc.cluster.local:8080/api" - resources: - limits: {} - requests: - memory: 160Mi - nodeSelector: - kubernetes.io/arch: amd64 diff --git a/k8s/apps/oekaki-dengon-game/front/image-policy.yaml b/k8s/apps/oekaki-dengon-game/front/image-policy.yaml deleted file mode 100644 index 91d9a0869..000000000 --- a/k8s/apps/oekaki-dengon-game/front/image-policy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: oekaki-dengon-game-front -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/oekaki-dengon-game-front - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/oekaki-dengon-game/front - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: oekaki-dengon-game-front -spec: - image: ghcr.io/kmc-jp/oekaki-dengon-game-front - interval: 2m0s - secretRef: - name: ghcr-login-secret ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: oekaki-dengon-game-front -spec: - imageRepositoryRef: - name: oekaki-dengon-game-front - filterTags: - ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number - pattern: ".*-[a-f0-9]+-(?P[0-9]+)" - extract: "$ts" - policy: - numerical: - order: asc diff --git a/k8s/apps/oekaki-dengon-game/front/kustomization.yaml b/k8s/apps/oekaki-dengon-game/front/kustomization.yaml deleted file mode 100644 index ef7633829..000000000 --- a/k8s/apps/oekaki-dengon-game/front/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -- image-policy.yaml diff --git a/k8s/apps/oekaki-dengon-game/front/service.yaml b/k8s/apps/oekaki-dengon-game/front/service.yaml deleted file mode 100644 index 46a6598bc..000000000 --- a/k8s/apps/oekaki-dengon-game/front/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: oekaki-dengon-game-front - labels: - app: oekaki-dengon-game-front -spec: - ports: - - name: http - port: 3000 - targetPort: 3000 - selector: - app: oekaki-dengon-game-front - type: ClusterIP diff --git a/k8s/apps/oekaki-dengon-game/kustomization.yaml b/k8s/apps/oekaki-dengon-game/kustomization.yaml deleted file mode 100644 index b98d996f2..000000000 --- a/k8s/apps/oekaki-dengon-game/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: oekaki-dengon-game -resources: -- externalsecret.yaml -- ./back -- ./front diff --git a/k8s/argocdapps/mucaron/back/deployment.jsonnet b/k8s/argocdapps/mucaron/back/deployment.jsonnet index 51fa18b67..89b9c203e 100644 --- a/k8s/argocdapps/mucaron/back/deployment.jsonnet +++ b/k8s/argocdapps/mucaron/back/deployment.jsonnet @@ -4,16 +4,16 @@ metadata: { name: (import '../app.json5').name + '-back', namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, }, spec: { replicas: 1, selector: { - matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, }, template: { metadata: { - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, }, spec: { containers: [ diff --git a/k8s/argocdapps/mucaron/back/service.jsonnet b/k8s/argocdapps/mucaron/back/service.jsonnet index fb6ed532b..b38e103ff 100644 --- a/k8s/argocdapps/mucaron/back/service.jsonnet +++ b/k8s/argocdapps/mucaron/back/service.jsonnet @@ -4,10 +4,10 @@ metadata: { name: (import '../app.json5').name + '-back', namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, }, spec: { - selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, ports: [ { protocol: 'TCP', diff --git a/k8s/argocdapps/mucaron/front/deployment.jsonnet b/k8s/argocdapps/mucaron/front/deployment.jsonnet index fdf8d2390..371d3bd33 100644 --- a/k8s/argocdapps/mucaron/front/deployment.jsonnet +++ b/k8s/argocdapps/mucaron/front/deployment.jsonnet @@ -4,16 +4,16 @@ metadata: { name: (import '../app.json5').name + '-front', namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, }, spec: { replicas: 1, selector: { - matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, }, template: { metadata: { - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, }, spec: { containers: [ diff --git a/k8s/argocdapps/mucaron/front/service.jsonnet b/k8s/argocdapps/mucaron/front/service.jsonnet index 9bd12b1b8..d5ad5346a 100644 --- a/k8s/argocdapps/mucaron/front/service.jsonnet +++ b/k8s/argocdapps/mucaron/front/service.jsonnet @@ -4,10 +4,10 @@ metadata: { name: (import '../app.json5').name + '-front', namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, }, spec: { - selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, ports: [ { protocol: 'TCP', diff --git a/k8s/argocdapps/oekaki-dengon-game/app.json5 b/k8s/argocdapps/oekaki-dengon-game/app.json5 new file mode 100644 index 000000000..787f9cf21 --- /dev/null +++ b/k8s/argocdapps/oekaki-dengon-game/app.json5 @@ -0,0 +1,4 @@ +{ + name: "kibana", + namespace: "elasticsearch", +} diff --git a/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet b/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet new file mode 100644 index 000000000..c470c4b49 --- /dev/null +++ b/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet @@ -0,0 +1,123 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import '../app.json5').name + '-back', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + template: { + metadata: { + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + annotations: { + 'instrumentation.opentelemetry.io/inject-go': 'opentelemetry-collector/default', + 'instrumentation.opentelemetry.io/otel-go-auto-target-exe': '/app/server', + }, + }, + spec: { + imagePullSecrets: [ + { + name: 'ghcr-login-secret', + }, + ], + containers: [ + (import '../../../components/container.libsonnet') { + name: 'oekaki-dengon-game-back', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-back:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-13', + imagePullPolicy: 'IfNotPresent', + ports: [ + { + containerPort: 8080, + }, + ], + env: [ + { + name: 'GIN_MODE', + value: 'release', + }, + { + name: 'POSTGRES_ADMIN_USER', + value: 'postgres', + }, + { + name: 'POSTGRES_ADMIN_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'postgres-admin-password', + }, + }, + }, + { + name: 'POSTGRES_USER', + value: 'oekaki_dengon_game', + }, + { + name: 'POSTGRES_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'postgres-user-password', + }, + }, + }, + { + name: 'POSTGRES_DB', + value: 'oekaki_dengon_game', + }, + { + name: 'POSTGRES_HOST', + value: 'postgresql-default.databases.svc.cluster.local', + }, + { + name: 'POSTGRES_PORT', + value: '5432', + }, + { + name: 'MINIO_ENDPOINT', + value: 'minio.walnuts.dev', + }, + { + name: 'MINIO_ACCESS_KEY', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'minio-access-key', + }, + }, + }, + { + name: 'MINIO_SECRET_KEY', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'minio-secret-key', + }, + }, + }, + { + name: 'MINIO_BUCKET', + value: 'oekaki-dengon-game', + }, + { + name: 'MINIO_KEY_PREFIX', + value: '', + }, + ], + resources: { + requests: { + memory: '10Mi', + }, + limits: {}, + }, + }, + ], + }, + }, +} diff --git a/k8s/argocdapps/oekaki-dengon-game/back/service.jsonnet b/k8s/argocdapps/oekaki-dengon-game/back/service.jsonnet new file mode 100644 index 000000000..b38e103ff --- /dev/null +++ b/k8s/argocdapps/oekaki-dengon-game/back/service.jsonnet @@ -0,0 +1,20 @@ +{ + kind: 'Service', + apiVersion: 'v1', + metadata: { + name: (import '../app.json5').name + '-back', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + spec: { + selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + ports: [ + { + protocol: 'TCP', + port: 8080, + targetPort: 8080, + }, + ], + type: 'ClusterIP', + }, +} diff --git a/k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet b/k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet new file mode 100644 index 000000000..7aeb26b84 --- /dev/null +++ b/k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet @@ -0,0 +1,34 @@ +(import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + use_suffix: false, + data: [ + { + secretKey: 'postgres-admin-password', + remoteRef: { + key: 'postgres_passwords', + property: 'postgres', + }, + }, + { + secretKey: 'postgres-user-password', + remoteRef: { + key: 'postgres_passwords', + property: 'oekaki-dengon-game', + }, + }, + { + secretKey: 'minio-access-key', + remoteRef: { + key: 'oekaki-dengon-game', + property: 'minio-access-key', + }, + }, + { + secretKey: 'minio-secret-key', + remoteRef: { + key: 'oekaki-dengon-game', + property: 'minio-secret-key', + }, + }, + ], +} diff --git a/k8s/argocdapps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/argocdapps/oekaki-dengon-game/front/deployment.jsonnet new file mode 100644 index 000000000..5cea2a4bb --- /dev/null +++ b/k8s/argocdapps/oekaki-dengon-game/front/deployment.jsonnet @@ -0,0 +1,54 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import '../app.json5').name + '-front', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + template: { + metadata: { + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + spec: { + imagePullSecrets: [ + { + name: 'ghcr-login-secret', + }, + ], + containers: [ + (import '../../../components/container.libsonnet') { + name: 'oekaki-dengon-game-front', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-87', + imagePullPolicy: 'IfNotPresent', + ports: [ + { + containerPort: 3000, + }, + ], + env: [ + { + name: 'API_URL', + value: 'http://oekaki-dengon-game-front.oekaki-dengon-game.svc.cluster.local:8080/api', + }, + ], + resources: { + limits: {}, + requests: { + memory: '160Mi', + }, + }, + }, + ], + nodeSelector: { + 'kubernetes.io/arch': 'amd64', + }, + }, + }, + }, +} diff --git a/k8s/argocdapps/oekaki-dengon-game/front/service.jsonnet b/k8s/argocdapps/oekaki-dengon-game/front/service.jsonnet new file mode 100644 index 000000000..abe3a4997 --- /dev/null +++ b/k8s/argocdapps/oekaki-dengon-game/front/service.jsonnet @@ -0,0 +1,20 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import '../app.json5').name + '-front', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + spec: { + ports: [ + { + name: 'http', + port: 3000, + targetPort: 3000, + }, + ], + selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + type: 'ClusterIP', + }, +} diff --git a/k8s/apps/oekaki-dengon-game-oauth2-proxy/robots.txt b/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/config/robots.txt similarity index 100% rename from k8s/apps/oekaki-dengon-game-oauth2-proxy/robots.txt rename to k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/config/robots.txt diff --git a/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet b/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet new file mode 100644 index 000000000..d37ca820d --- /dev/null +++ b/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet @@ -0,0 +1,8 @@ +(import '../../../components/configmap.libsonnet') { + name: (import '../app.json5').name + '-oauth2-proxy', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name }, + data: { + 'robots.txt': (importstr './config/robots.txt'), + }, +} diff --git a/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet b/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet new file mode 100644 index 000000000..996a9bbb6 --- /dev/null +++ b/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet @@ -0,0 +1,40 @@ +(import '../../../components/oauth2-proxy/oauth2-proxy.libsonnet') { + app:: { + name: 'oekaki', + namespace: (import '../app.json5').namespace, + }, + domain: 'oekaki.walnuts.dev', + upstream: 'http://oekaki-dengon-game-front.oekaki-dengon-game.svc.cluster.local:3000/', + oidc:: { + secret:: { + onepassword_item_name: 'oekaki-oauth2-proxy', + }, + allowed_group: '237477822715658605:oekaki-admin', + }, + valuesObject:: { + config: { + configFile: 'email_domains = [ "*" ]\nupstreams = [ "%s" ]\npass_access_token = true\nuser_id_claim = "sub"\noidc_groups_claim="my:zitadel:grants"\nallowed_groups = ["%s"]\nskip_auth_routes = ["/public","GET=/api","/_next", "/texture.png", "/favicon.ico", "site.webmanifest"]\ncustom_templates_dir = "/etc/oauth2-proxy/templates"' % [$.upstream, $.oidc.allowed_group], + }, + extraVolumes: [ + { + name: 'custom-templates', + configMap: { + name: (import 'configmap.jsonnet').metadata.name, + items: [ + { + key: 'robots.txt', + path: 'robots.txt', + }, + ], + }, + }, + ], + extraVolumeMounts: [ + { + name: 'custom-templates', + mountPath: '/etc/oauth2-proxy/templates', + readOnly: true, + }, + ], + }, +} diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 3f7ecfd21..aab25de23 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -4,6 +4,7 @@ domain:: error 'domain is required', secret_name:: error 'secret_name is required', redis_name:: error 'redis_name is required', + valuesObjectOverride:: {}, name: error 'name is required', namespace: error 'namespace is required', @@ -11,11 +12,11 @@ repoURL: 'https://oauth2-proxy.github.io/manifests', targetRevision: '7.7.28', values: '', - valuesObject: (import 'values.libsonnet') { + valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, allowed_groups: $.allowed_groups, domain: $.domain, secret_name: $.secret_name, redis_name: $.redis_name, - }, + }, $.valuesObjectOverride), } diff --git a/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet b/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet index b6d3d943f..f98c4450b 100644 --- a/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet +++ b/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet @@ -17,6 +17,7 @@ name: $.app.name + '-oauth2-proxy-redis', secret_name: $.secret_name, }, + valuesObject:: {}, apiVersion: 'v1', kind: 'List', @@ -34,6 +35,8 @@ domain: $.domain, secret_name: $.secret_name, redis_name: $.redis.name, + + valuesObjectOverride: $.valuesObject, }, $.redis.items[0], $.redis.items[1], From 40f87a26dd91e158a892064739c4d415e030e6f3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 21:25:00 +0900 Subject: [PATCH 0024/1209] Rename application and namespace for oekaki-dengon-game Signed-off-by: walnuts1018 --- k8s/argocdapps/oekaki-dengon-game/app.json5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/argocdapps/oekaki-dengon-game/app.json5 b/k8s/argocdapps/oekaki-dengon-game/app.json5 index 787f9cf21..f56509ae1 100644 --- a/k8s/argocdapps/oekaki-dengon-game/app.json5 +++ b/k8s/argocdapps/oekaki-dengon-game/app.json5 @@ -1,4 +1,4 @@ { - name: "kibana", - namespace: "elasticsearch", + name: "oekaki-dengon-game", + namespace: "oekaki-dengon-game", } From 346719bde3827675ea9aa678bf12be22571d84c8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 21:37:22 +0900 Subject: [PATCH 0025/1209] add Signed-off-by: walnuts1018 --- .../oekaki-dengon-game/back/deployment.jsonnet | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet b/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet index c470c4b49..b4fc42739 100644 --- a/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet +++ b/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet @@ -14,11 +14,12 @@ template: { metadata: { labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + annotations: { + 'instrumentation.opentelemetry.io/inject-go': 'opentelemetry-collector/default', + 'instrumentation.opentelemetry.io/otel-go-auto-target-exe': '/app/server', + }, }, - annotations: { - 'instrumentation.opentelemetry.io/inject-go': 'opentelemetry-collector/default', - 'instrumentation.opentelemetry.io/otel-go-auto-target-exe': '/app/server', - }, + }, spec: { imagePullSecrets: [ From de621e1b9a9cb636abb15859fba1c4b52c31200e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:01:43 +0900 Subject: [PATCH 0026/1209] fix Signed-off-by: walnuts1018 --- .../back/deployment.jsonnet | 179 +++++++++--------- 1 file changed, 89 insertions(+), 90 deletions(-) diff --git a/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet b/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet index b4fc42739..4cf272711 100644 --- a/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet +++ b/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet @@ -19,106 +19,105 @@ 'instrumentation.opentelemetry.io/otel-go-auto-target-exe': '/app/server', }, }, - - }, - spec: { - imagePullSecrets: [ - { - name: 'ghcr-login-secret', - }, - ], - containers: [ - (import '../../../components/container.libsonnet') { - name: 'oekaki-dengon-game-back', - image: 'ghcr.io/kmc-jp/oekaki-dengon-game-back:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-13', - imagePullPolicy: 'IfNotPresent', - ports: [ - { - containerPort: 8080, - }, - ], - env: [ - { - name: 'GIN_MODE', - value: 'release', - }, - { - name: 'POSTGRES_ADMIN_USER', - value: 'postgres', - }, - { - name: 'POSTGRES_ADMIN_PASSWORD', - valueFrom: { - secretKeyRef: { - name: (import '../external-secret.jsonnet').spec.target.name, - key: 'postgres-admin-password', + spec: { + imagePullSecrets: [ + { + name: 'ghcr-login-secret', + }, + ], + containers: [ + (import '../../../components/container.libsonnet') { + name: 'oekaki-dengon-game-back', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-back:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-13', + imagePullPolicy: 'IfNotPresent', + ports: [ + { + containerPort: 8080, + }, + ], + env: [ + { + name: 'GIN_MODE', + value: 'release', + }, + { + name: 'POSTGRES_ADMIN_USER', + value: 'postgres', + }, + { + name: 'POSTGRES_ADMIN_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'postgres-admin-password', + }, }, }, - }, - { - name: 'POSTGRES_USER', - value: 'oekaki_dengon_game', - }, - { - name: 'POSTGRES_PASSWORD', - valueFrom: { - secretKeyRef: { - name: (import '../external-secret.jsonnet').spec.target.name, - key: 'postgres-user-password', + { + name: 'POSTGRES_USER', + value: 'oekaki_dengon_game', + }, + { + name: 'POSTGRES_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'postgres-user-password', + }, }, }, - }, - { - name: 'POSTGRES_DB', - value: 'oekaki_dengon_game', - }, - { - name: 'POSTGRES_HOST', - value: 'postgresql-default.databases.svc.cluster.local', - }, - { - name: 'POSTGRES_PORT', - value: '5432', - }, - { - name: 'MINIO_ENDPOINT', - value: 'minio.walnuts.dev', - }, - { - name: 'MINIO_ACCESS_KEY', - valueFrom: { - secretKeyRef: { - name: (import '../external-secret.jsonnet').spec.target.name, - key: 'minio-access-key', + { + name: 'POSTGRES_DB', + value: 'oekaki_dengon_game', + }, + { + name: 'POSTGRES_HOST', + value: 'postgresql-default.databases.svc.cluster.local', + }, + { + name: 'POSTGRES_PORT', + value: '5432', + }, + { + name: 'MINIO_ENDPOINT', + value: 'minio.walnuts.dev', + }, + { + name: 'MINIO_ACCESS_KEY', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'minio-access-key', + }, }, }, - }, - { - name: 'MINIO_SECRET_KEY', - valueFrom: { - secretKeyRef: { - name: (import '../external-secret.jsonnet').spec.target.name, - key: 'minio-secret-key', + { + name: 'MINIO_SECRET_KEY', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'minio-secret-key', + }, }, }, + { + name: 'MINIO_BUCKET', + value: 'oekaki-dengon-game', + }, + { + name: 'MINIO_KEY_PREFIX', + value: '', + }, + ], + resources: { + requests: { + memory: '10Mi', + }, + limits: {}, }, - { - name: 'MINIO_BUCKET', - value: 'oekaki-dengon-game', - }, - { - name: 'MINIO_KEY_PREFIX', - value: '', - }, - ], - resources: { - requests: { - memory: '10Mi', - }, - limits: {}, }, - }, - ], + ], + }, }, }, } From 0b632aec6afc6c36a1ae850dfc75a11bcc4db791 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:03:02 +0900 Subject: [PATCH 0027/1209] add aqua Signed-off-by: walnuts1018 --- Makefile | 8 ++++++++ aqua.yaml | 13 +++++++++++++ renovate.json5 | 2 +- 3 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 aqua.yaml diff --git a/Makefile b/Makefile index 7b626700e..908ccbc09 100644 --- a/Makefile +++ b/Makefile @@ -20,3 +20,11 @@ snapshot: build-infrautil # terraform -chdir=".\terraform\kurumi" init # terraform -chdir=".\terraform\kurumi" plan -var="minio_secret_key=$(SECRET_KEY)" # terraform -chdir=".\terraform\kurumi" apply -var="minio_secret_key=$(SECRET_KEY)" -auto-approve + +.PHONY: aquq +aquq: + aqua i + +.PHONY: lint +lint: snapshot + kubeconform -ignore-missing-schemas -strict -summary k8s/snapshots/argocdapps diff --git a/aqua.yaml b/aqua.yaml new file mode 100644 index 000000000..994033721 --- /dev/null +++ b/aqua.yaml @@ -0,0 +1,13 @@ +--- +# aqua - Declarative CLI Version Manager +# https://aquaproj.github.io/ +# checksum: +# enabled: true +# require_checksum: true +# supported_envs: +# - all +registries: +- type: standard + ref: v4.239.0 # renovate: depName=aquaproj/aqua-registry +packages: +- name: yannh/kubeconform@v0.6.7 diff --git a/renovate.json5 b/renovate.json5 index 6b0d47172..aa9e183dd 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,6 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["config:recommended"], + extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.2.1"], dependencyDashboard: true, timezone: "Asia/Tokyo", minimumReleaseAge: "8 days", From 88ba76aaffe7d0d5112a1a5ac1a3d70a75d636f8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 13:03:23 +0000 Subject: [PATCH 0028/1209] Update dependency aquaproj/aqua-registry to v4.246.1 --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 994033721..605b3f8c0 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.239.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.246.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 24185be25df46a30d25fe753917bf1c9d786da10 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 13:03:29 +0000 Subject: [PATCH 0029/1209] Update dependency aquaproj/aqua-renovate-config to v2.3.1 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index aa9e183dd..e4976346a 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,6 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.2.1"], + extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.3.1"], dependencyDashboard: true, timezone: "Asia/Tokyo", minimumReleaseAge: "8 days", From 00e8e505a5cfae32b690d5ee5bdcadc9bfa5cfbf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:11:08 +0900 Subject: [PATCH 0030/1209] add Signed-off-by: walnuts1018 --- k8s/apps/external-dns/clusterrole.yaml | 14 ----- k8s/apps/external-dns/clusterrolebinding.yaml | 12 ---- k8s/apps/external-dns/deployment.yaml | 42 ------------- k8s/apps/external-dns/externalsecret.yaml | 16 ----- k8s/apps/external-dns/image-policy.yaml | 49 --------------- k8s/apps/external-dns/kustomization.yaml | 10 --- k8s/apps/external-dns/serviceaccount.yaml | 4 -- k8s/argocdapps/external-dns/app.json5 | 4 ++ .../external-dns/cluster-role-binding.jsonnet | 20 ++++++ .../external-dns/cluster-role.jsonnet | 51 +++++++++++++++ .../external-dns/deployment.jsonnet | 63 +++++++++++++++++++ .../external-dns/external-secret.jsonnet | 12 ++++ .../external-dns/service-account.jsonnet | 9 +++ 13 files changed, 159 insertions(+), 147 deletions(-) delete mode 100644 k8s/apps/external-dns/clusterrole.yaml delete mode 100644 k8s/apps/external-dns/clusterrolebinding.yaml delete mode 100644 k8s/apps/external-dns/deployment.yaml delete mode 100644 k8s/apps/external-dns/externalsecret.yaml delete mode 100644 k8s/apps/external-dns/image-policy.yaml delete mode 100644 k8s/apps/external-dns/kustomization.yaml delete mode 100644 k8s/apps/external-dns/serviceaccount.yaml create mode 100644 k8s/argocdapps/external-dns/app.json5 create mode 100644 k8s/argocdapps/external-dns/cluster-role-binding.jsonnet create mode 100644 k8s/argocdapps/external-dns/cluster-role.jsonnet create mode 100644 k8s/argocdapps/external-dns/deployment.jsonnet create mode 100644 k8s/argocdapps/external-dns/external-secret.jsonnet create mode 100644 k8s/argocdapps/external-dns/service-account.jsonnet diff --git a/k8s/apps/external-dns/clusterrole.yaml b/k8s/apps/external-dns/clusterrole.yaml deleted file mode 100644 index ad65458a4..000000000 --- a/k8s/apps/external-dns/clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: external-dns -rules: -- apiGroups: [""] - resources: ["services", "endpoints", "pods"] - verbs: ["get", "watch", "list"] -- apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "watch", "list"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list", "watch"] diff --git a/k8s/apps/external-dns/clusterrolebinding.yaml b/k8s/apps/external-dns/clusterrolebinding.yaml deleted file mode 100644 index bd8cb64d7..000000000 --- a/k8s/apps/external-dns/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: external-dns-viewer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: external-dns -subjects: -- kind: ServiceAccount - name: external-dns - namespace: default diff --git a/k8s/apps/external-dns/deployment.yaml b/k8s/apps/external-dns/deployment.yaml deleted file mode 100644 index eec13d198..000000000 --- a/k8s/apps/external-dns/deployment.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: external-dns -spec: - strategy: - type: Recreate - selector: - matchLabels: - app: external-dns - template: - metadata: - labels: - app: external-dns - spec: - serviceAccountName: external-dns - containers: - - name: external-dns - securityContext: - readOnlyRootFilesystem: true - image: ghcr.io/walnuts1018/external-dns:670a2816bbb5c344117eab45003d7a6ff2c86349-10 # {"$imagepolicy": "kube-system:external-dns"} - args: - - --source=ingress - - --domain-filter=walnuts.dev - - --provider=cloudflare-tunnel - - --annotation-filter=walnuts.dev/externaldns.skip notin (true) - env: - - name: CF_API_TOKEN - valueFrom: - secretKeyRef: - name: external-dns-secret - key: cf-api-token - - name: CF_ACCOUNT_ID - value: 38b5eab012d216dfcc52dcd69e7764b5 - - name: CF_TUNNEL_ID - value: 603f4f99-268a-4d2a-8c2a-66d29ef1f528 - resources: - requests: - memory: 32Mi - limits: {} - nodeSelector: - kubernetes.io/arch: amd64 diff --git a/k8s/apps/external-dns/externalsecret.yaml b/k8s/apps/external-dns/externalsecret.yaml deleted file mode 100644 index 6f6179214..000000000 --- a/k8s/apps/external-dns/externalsecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: external-dns-secret -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: external-dns-secret - data: - - secretKey: cf-api-token - remoteRef: - key: cloudflare - property: apitoken diff --git a/k8s/apps/external-dns/image-policy.yaml b/k8s/apps/external-dns/image-policy.yaml deleted file mode 100644 index 60403e079..000000000 --- a/k8s/apps/external-dns/image-policy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: external-dns -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/external-dns - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/external-dns - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: external-dns -spec: - image: ghcr.io/walnuts1018/external-dns - interval: 2m0s - secretRef: - name: ghcr-login-secret ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: external-dns -spec: - imageRepositoryRef: - name: external-dns - filterTags: - ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number - pattern: ".*-[a-f0-9]+-(?P[0-9]+)" - extract: "$ts" - policy: - numerical: - order: asc diff --git a/k8s/apps/external-dns/kustomization.yaml b/k8s/apps/external-dns/kustomization.yaml deleted file mode 100644 index 4a09cabe0..000000000 --- a/k8s/apps/external-dns/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kube-system -resources: -- externalsecret.yaml -- clusterrole.yaml -- clusterrolebinding.yaml -- deployment.yaml -- serviceaccount.yaml -- image-policy.yaml diff --git a/k8s/apps/external-dns/serviceaccount.yaml b/k8s/apps/external-dns/serviceaccount.yaml deleted file mode 100644 index 5b022409b..000000000 --- a/k8s/apps/external-dns/serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: external-dns diff --git a/k8s/argocdapps/external-dns/app.json5 b/k8s/argocdapps/external-dns/app.json5 new file mode 100644 index 000000000..4d3d5438e --- /dev/null +++ b/k8s/argocdapps/external-dns/app.json5 @@ -0,0 +1,4 @@ +{ + name: "external-dns", + namespace: "external-dns", +} diff --git a/k8s/argocdapps/external-dns/cluster-role-binding.jsonnet b/k8s/argocdapps/external-dns/cluster-role-binding.jsonnet new file mode 100644 index 000000000..d184609bf --- /dev/null +++ b/k8s/argocdapps/external-dns/cluster-role-binding.jsonnet @@ -0,0 +1,20 @@ +{ + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: (import 'app.json5').name, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: (import './cluster-role.jsonnet').metadata.name, + }, + subjects: [ + { + kind: 'ServiceAccount', + name: (import './service-account.jsonnet').metadata.name, + namespace: (import './service-account.jsonnet').metadata.namespace, + }, + ], +} diff --git a/k8s/argocdapps/external-dns/cluster-role.jsonnet b/k8s/argocdapps/external-dns/cluster-role.jsonnet new file mode 100644 index 000000000..bacaebde7 --- /dev/null +++ b/k8s/argocdapps/external-dns/cluster-role.jsonnet @@ -0,0 +1,51 @@ +{ + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: (import 'app.json5').name, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + rules: [ + { + apiGroups: [ + '', + ], + resources: [ + 'services', + 'endpoints', + 'pods', + ], + verbs: [ + 'get', + 'watch', + 'list', + ], + }, + { + apiGroups: [ + 'extensions', + 'networking.k8s.io', + ], + resources: [ + 'ingresses', + ], + verbs: [ + 'get', + 'watch', + 'list', + ], + }, + { + apiGroups: [ + '', + ], + resources: [ + 'nodes', + ], + verbs: [ + 'list', + 'watch', + ], + }, + ], +} diff --git a/k8s/argocdapps/external-dns/deployment.jsonnet b/k8s/argocdapps/external-dns/deployment.jsonnet new file mode 100644 index 000000000..dc8494a4e --- /dev/null +++ b/k8s/argocdapps/external-dns/deployment.jsonnet @@ -0,0 +1,63 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + template: { + metadata: { + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + serviceAccountName: (import './service-account.jsonnet').metadata.name, + containers: [ + (import '../../components/container.libsonnet') { + name: 'external-dns', + image: 'ghcr.io/walnuts1018/external-dns:670a2816bbb5c344117eab45003d7a6ff2c86349-10', + args: [ + '--source=ingress', + '--domain-filter=walnuts.dev', + '--provider=cloudflare-tunnel', + '--annotation-filter=walnuts.dev/externaldns.skip notin (true)', + ], + env: [ + { + name: 'CF_API_TOKEN', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'cf-api-token', + }, + }, + }, + { + name: 'CF_ACCOUNT_ID', + value: '38b5eab012d216dfcc52dcd69e7764b5', + }, + { + name: 'CF_TUNNEL_ID', + value: '603f4f99-268a-4d2a-8c2a-66d29ef1f528', + }, + ], + resources: { + requests: { + memory: '32Mi', + }, + limits: {}, + }, + }, + ], + nodeSelector: { + 'kubernetes.io/arch': 'amd64', + }, + }, + }, + }, +} diff --git a/k8s/argocdapps/external-dns/external-secret.jsonnet b/k8s/argocdapps/external-dns/external-secret.jsonnet new file mode 100644 index 000000000..357145e22 --- /dev/null +++ b/k8s/argocdapps/external-dns/external-secret.jsonnet @@ -0,0 +1,12 @@ +(import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + data: [ + { + secretKey: 'cf-api-token', + remoteRef: { + key: 'cloudflare', + property: 'apitoken', + }, + }, + ], +} diff --git a/k8s/argocdapps/external-dns/service-account.jsonnet b/k8s/argocdapps/external-dns/service-account.jsonnet new file mode 100644 index 000000000..4e7e329d1 --- /dev/null +++ b/k8s/argocdapps/external-dns/service-account.jsonnet @@ -0,0 +1,9 @@ +{ + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, +} From a7c43adbfb64c9b28889a09990f3777d99a12a2a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 13:11:27 +0000 Subject: [PATCH 0031/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index a0635fd8d..429beb876 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 09a95d0c4cfe5fffeec375ea9da9477e93d7c2ea Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:18:28 +0900 Subject: [PATCH 0032/1209] add Signed-off-by: walnuts1018 --- k8s/apps/openchokin/back/deployment.yaml | 53 --------- k8s/apps/openchokin/back/image-policy.yaml | 49 -------- k8s/apps/openchokin/back/ingress.yaml | 17 --- k8s/apps/openchokin/back/kustomization.yaml | 7 -- k8s/apps/openchokin/back/service.yaml | 14 --- k8s/apps/openchokin/externalsecret.yaml | 40 ------- k8s/apps/openchokin/front/deployment.yaml | 66 ----------- k8s/apps/openchokin/front/image-policy.yaml | 49 -------- k8s/apps/openchokin/front/ingress.yaml | 17 --- k8s/apps/openchokin/front/kustomization.yaml | 8 -- k8s/apps/openchokin/front/redis.yaml | 51 --------- k8s/apps/openchokin/front/service.yaml | 14 --- k8s/apps/openchokin/kustomization.yaml | 7 -- .../external-secret.jsonnet | 1 - k8s/argocdapps/openchokin/app.json5 | 4 + .../openchokin/back/deployment.jsonnet | 84 ++++++++++++++ .../openchokin/back/ingress.jsonnet | 33 ++++++ .../openchokin/back/service.jsonnet | 20 ++++ .../openchokin/external-secret.jsonnet | 54 +++++++++ .../openchokin/front/deployment.jsonnet | 107 ++++++++++++++++++ .../openchokin/front/ingress.jsonnet | 33 ++++++ k8s/argocdapps/openchokin/front/redis.jsonnet | 71 ++++++++++++ .../openchokin/front/service.jsonnet | 20 ++++ 23 files changed, 426 insertions(+), 393 deletions(-) delete mode 100644 k8s/apps/openchokin/back/deployment.yaml delete mode 100644 k8s/apps/openchokin/back/image-policy.yaml delete mode 100644 k8s/apps/openchokin/back/ingress.yaml delete mode 100644 k8s/apps/openchokin/back/kustomization.yaml delete mode 100644 k8s/apps/openchokin/back/service.yaml delete mode 100644 k8s/apps/openchokin/externalsecret.yaml delete mode 100644 k8s/apps/openchokin/front/deployment.yaml delete mode 100644 k8s/apps/openchokin/front/image-policy.yaml delete mode 100644 k8s/apps/openchokin/front/ingress.yaml delete mode 100644 k8s/apps/openchokin/front/kustomization.yaml delete mode 100644 k8s/apps/openchokin/front/redis.yaml delete mode 100644 k8s/apps/openchokin/front/service.yaml delete mode 100644 k8s/apps/openchokin/kustomization.yaml create mode 100644 k8s/argocdapps/openchokin/app.json5 create mode 100644 k8s/argocdapps/openchokin/back/deployment.jsonnet create mode 100644 k8s/argocdapps/openchokin/back/ingress.jsonnet create mode 100644 k8s/argocdapps/openchokin/back/service.jsonnet create mode 100644 k8s/argocdapps/openchokin/external-secret.jsonnet create mode 100644 k8s/argocdapps/openchokin/front/deployment.jsonnet create mode 100644 k8s/argocdapps/openchokin/front/ingress.jsonnet create mode 100644 k8s/argocdapps/openchokin/front/redis.jsonnet create mode 100644 k8s/argocdapps/openchokin/front/service.jsonnet diff --git a/k8s/apps/openchokin/back/deployment.yaml b/k8s/apps/openchokin/back/deployment.yaml deleted file mode 100644 index 6446de858..000000000 --- a/k8s/apps/openchokin/back/deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: openchokin-back - labels: - app: openchokin-back -spec: - replicas: 1 - selector: - matchLabels: - app: openchokin-back - template: - metadata: - labels: - app: openchokin-back - spec: - containers: - - name: openchokin-back - securityContext: - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - image: "ghcr.io/walnuts1018/openchokin-back:v0.0.0-cd205cba77a922ba01009c04203a0e4b962a31d8-97" # {"$imagepolicy": "openchokin:openchokin-back"} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - env: - - name: GIN_MODE - value: "release" - - name: POSTGRES_ADMIN_USER - value: "postgres" - - name: POSTGRES_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: openchokin-secret - key: postgres-admin-password - - name: POSTGRES_USER - value: "openchokin" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: openchokin-secret - key: postgres-user-password - - name: POSTGRES_DB - value: "openchokin" - - name: POSTGRES_HOST - value: "postgresql-default.databases.svc.cluster.local" - - name: POSTGRES_PORT - value: "5432" - resources: - requests: - memory: 10Mi - limits: {} diff --git a/k8s/apps/openchokin/back/image-policy.yaml b/k8s/apps/openchokin/back/image-policy.yaml deleted file mode 100644 index e7489e74d..000000000 --- a/k8s/apps/openchokin/back/image-policy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: openchokin-back -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/openchokin-back - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/openchokin/back - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: openchokin-back -spec: - image: ghcr.io/walnuts1018/openchokin-back - interval: 2m0s - secretRef: - name: ghcr-login-secret ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: openchokin-back -spec: - imageRepositoryRef: - name: openchokin-back - filterTags: - ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number - pattern: ".*-[a-f0-9]+-(?P[0-9]+)" - extract: "$ts" - policy: - numerical: - order: asc diff --git a/k8s/apps/openchokin/back/ingress.yaml b/k8s/apps/openchokin/back/ingress.yaml deleted file mode 100644 index cfffe8e11..000000000 --- a/k8s/apps/openchokin/back/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: openchokin-back -spec: - ingressClassName: "nginx" - rules: - - host: "api-openchokin.walnuts.dev" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: "openchokin-back" - port: - number: 8080 diff --git a/k8s/apps/openchokin/back/kustomization.yaml b/k8s/apps/openchokin/back/kustomization.yaml deleted file mode 100644 index e8968ce90..000000000 --- a/k8s/apps/openchokin/back/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -- image-policy.yaml -- ingress.yaml diff --git a/k8s/apps/openchokin/back/service.yaml b/k8s/apps/openchokin/back/service.yaml deleted file mode 100644 index ff63481e2..000000000 --- a/k8s/apps/openchokin/back/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: openchokin-back - labels: - app: openchokin-back -spec: - ports: - - name: http - port: 8080 - targetPort: 8080 - selector: - app: openchokin-back - type: ClusterIP diff --git a/k8s/apps/openchokin/externalsecret.yaml b/k8s/apps/openchokin/externalsecret.yaml deleted file mode 100644 index 1459ea7fd..000000000 --- a/k8s/apps/openchokin/externalsecret.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: openchokin-secret -spec: - secretStoreRef: - name: onepassword - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: openchokin-secret - data: - - secretKey: zitade-client-id - remoteRef: - key: openchokin - property: ZITADEL_CLIENT_ID - - secretKey: zitadel-client-secret - remoteRef: - key: openchokin - property: ZITADEL_CLIENT_SECRET - - secretKey: nextauth-secret - remoteRef: - key: openchokin - property: NEXTAUTH_SECRET - - secretKey: postgres-admin-password - remoteRef: - key: postgres_passwords - property: postgres - - secretKey: postgres-user-password - remoteRef: - key: postgres_passwords - property: openchokin - - secretKey: redis-password - remoteRef: - key: redis - property: password - - secretKey: cache-password - remoteRef: - key: openchokin - property: CACHE_PASSWORD diff --git a/k8s/apps/openchokin/front/deployment.yaml b/k8s/apps/openchokin/front/deployment.yaml deleted file mode 100644 index d00628f95..000000000 --- a/k8s/apps/openchokin/front/deployment.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: openchokin-front - labels: - app: openchokin-front -spec: - replicas: 1 - selector: - matchLabels: - app: openchokin-front - template: - metadata: - labels: - app: openchokin-front - spec: - containers: - - name: openchokin-front - securityContext: - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - image: "ghcr.io/walnuts1018/openchokin-front:v0.0.0-805921b42b330190ff496e2d810ec3846947162a-66" # {"$imagepolicy": "openchokin:openchokin-front"} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 3000 - resources: - requests: - memory: 100Mi - limits: {} - env: - - name: ZITADEL_URL - value: "https://auth.walnuts.dev" - - name: NEXTAUTH_URL - value: "https://openchokin.walnuts.dev" - - name: ZITADEL_CLIENT_ID - valueFrom: - secretKeyRef: - name: openchokin-secret - key: zitade-client-id - - name: ZITADEL_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: openchokin-secret - key: zitadel-client-secret - - name: NEXTAUTH_SECRET - valueFrom: - secretKeyRef: - name: openchokin-secret - key: nextauth-secret - - name: REDIS_SENTINEL_HOST - value: "openchokin-front-redis-sentinel" - - name: REDIS_SENTINEL_PORT - value: "26379" - - name: REDIS_SENTINEL_NAME - value: "mymaster" - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: openchokin-secret - key: redis-password - - name: CACHE_PASSWORD - valueFrom: - secretKeyRef: - name: openchokin-secret - key: cache-password diff --git a/k8s/apps/openchokin/front/image-policy.yaml b/k8s/apps/openchokin/front/image-policy.yaml deleted file mode 100644 index e9c63b492..000000000 --- a/k8s/apps/openchokin/front/image-policy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: openchokin-front -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/openchokin-front - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/openchokin/front - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: openchokin-front -spec: - image: ghcr.io/walnuts1018/openchokin-front - interval: 2m0s - secretRef: - name: ghcr-login-secret ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: openchokin-front -spec: - imageRepositoryRef: - name: openchokin-front - filterTags: - ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number - pattern: ".*-[a-f0-9]+-(?P[0-9]+)" - extract: "$ts" - policy: - numerical: - order: asc diff --git a/k8s/apps/openchokin/front/ingress.yaml b/k8s/apps/openchokin/front/ingress.yaml deleted file mode 100644 index 879c16f92..000000000 --- a/k8s/apps/openchokin/front/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: openchokin-front -spec: - ingressClassName: "nginx" - rules: - - host: "openchokin.walnuts.dev" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: "openchokin-front" - port: - number: 3000 diff --git a/k8s/apps/openchokin/front/kustomization.yaml b/k8s/apps/openchokin/front/kustomization.yaml deleted file mode 100644 index b7c09b376..000000000 --- a/k8s/apps/openchokin/front/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -- image-policy.yaml -- ingress.yaml -- redis.yaml diff --git a/k8s/apps/openchokin/front/redis.yaml b/k8s/apps/openchokin/front/redis.yaml deleted file mode 100644 index f5b9ebd8e..000000000 --- a/k8s/apps/openchokin/front/redis.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisReplication -metadata: - name: openchokin-front-redis - labels: - app.kubernetes.io/name: openchokin-front-redis -spec: - clusterSize: 2 - kubernetesConfig: - image: "quay.io/opstree/redis:v7.0.12" # {"$imagepolicy": "redis-operator:redis"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "openchokin-secret" - key: "redis-password" - storage: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 ---- -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: RedisSentinel -metadata: - name: openchokin-front-redis - labels: - app.kubernetes.io/name: openchokin-front-redis -spec: - clusterSize: 3 - redisSentinelConfig: - redisReplicationName: openchokin-front-redis - masterGroupName: "mymaster" - redisPort: "6379" - quorum: "2" - parallelSyncs: "1" - failoverTimeout: "180000" - downAfterMilliseconds: "30000" - kubernetesConfig: - image: "quay.io/opstree/redis-sentinel:v7.0.12" # {"$imagepolicy": "redis-operator:redis-sentinel"} - imagePullPolicy: "IfNotPresent" - redisSecret: - name: "openchokin-secret" - key: "redis-password" - podSecurityContext: - fsGroup: 1000 - runAsUser: 1000 diff --git a/k8s/apps/openchokin/front/service.yaml b/k8s/apps/openchokin/front/service.yaml deleted file mode 100644 index fa7d370ce..000000000 --- a/k8s/apps/openchokin/front/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: openchokin-front - labels: - app: openchokin-front -spec: - ports: - - name: http - port: 3000 - targetPort: 3000 - selector: - app: openchokin-front - type: ClusterIP diff --git a/k8s/apps/openchokin/kustomization.yaml b/k8s/apps/openchokin/kustomization.yaml deleted file mode 100644 index 8b45787a6..000000000 --- a/k8s/apps/openchokin/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: openchokin -resources: -- externalsecret.yaml -- ./front -- ./back diff --git a/k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet b/k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet index 7aeb26b84..0456d5b4d 100644 --- a/k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet +++ b/k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet @@ -1,6 +1,5 @@ (import '../../components/external-secret.libsonnet') { name: (import 'app.json5').name, - use_suffix: false, data: [ { secretKey: 'postgres-admin-password', diff --git a/k8s/argocdapps/openchokin/app.json5 b/k8s/argocdapps/openchokin/app.json5 new file mode 100644 index 000000000..1b2211c12 --- /dev/null +++ b/k8s/argocdapps/openchokin/app.json5 @@ -0,0 +1,4 @@ +{ + name: "openchokin", + namespace: "openchokin", +} diff --git a/k8s/argocdapps/openchokin/back/deployment.jsonnet b/k8s/argocdapps/openchokin/back/deployment.jsonnet new file mode 100644 index 000000000..68d50d4de --- /dev/null +++ b/k8s/argocdapps/openchokin/back/deployment.jsonnet @@ -0,0 +1,84 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import '../app.json5').name + '-back', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + template: { + metadata: { + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + spec: { + containers: [ + (import '../../../components/container.libsonnet') { + name: 'openchokin-back', + image: 'ghcr.io/walnuts1018/openchokin-back:v0.0.0-cd205cba77a922ba01009c04203a0e4b962a31d8-97', + imagePullPolicy: 'IfNotPresent', + ports: [ + { + containerPort: 8080, + }, + ], + env: [ + { + name: 'GIN_MODE', + value: 'release', + }, + { + name: 'POSTGRES_ADMIN_USER', + value: 'postgres', + }, + { + name: 'POSTGRES_ADMIN_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'postgres-admin-password', + }, + }, + }, + { + name: 'POSTGRES_USER', + value: 'openchokin', + }, + { + name: 'POSTGRES_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'postgres-user-password', + }, + }, + }, + { + name: 'POSTGRES_DB', + value: 'openchokin', + }, + { + name: 'POSTGRES_HOST', + value: 'postgresql-default.databases.svc.cluster.local', + }, + { + name: 'POSTGRES_PORT', + value: '5432', + }, + ], + resources: { + requests: { + memory: '10Mi', + }, + limits: {}, + }, + }, + ], + }, + }, + }, +} diff --git a/k8s/argocdapps/openchokin/back/ingress.jsonnet b/k8s/argocdapps/openchokin/back/ingress.jsonnet new file mode 100644 index 000000000..cf20038b1 --- /dev/null +++ b/k8s/argocdapps/openchokin/back/ingress.jsonnet @@ -0,0 +1,33 @@ +{ + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: (import '../app.json5').name + '-back', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + spec: { + ingressClassName: 'nginx', + rules: [ + { + host: 'api-openchokin.walnuts.dev', + http: { + paths: [ + { + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: (import './service.jsonnet').metadata.name, + port: { + number: 8080, + }, + }, + }, + }, + ], + }, + }, + ], + }, +} diff --git a/k8s/argocdapps/openchokin/back/service.jsonnet b/k8s/argocdapps/openchokin/back/service.jsonnet new file mode 100644 index 000000000..5c6f630f4 --- /dev/null +++ b/k8s/argocdapps/openchokin/back/service.jsonnet @@ -0,0 +1,20 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import '../app.json5').name + '-back', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + }, + spec: { + ports: [ + { + name: 'http', + port: 8080, + targetPort: 8080, + }, + ], + selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, + type: 'ClusterIP', + }, +} diff --git a/k8s/argocdapps/openchokin/external-secret.jsonnet b/k8s/argocdapps/openchokin/external-secret.jsonnet new file mode 100644 index 000000000..79fd2b5fc --- /dev/null +++ b/k8s/argocdapps/openchokin/external-secret.jsonnet @@ -0,0 +1,54 @@ +(import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + data: [ + { + secretKey: 'zitade-client-id', + remoteRef: { + key: 'openchokin', + property: 'ZITADEL_CLIENT_ID', + }, + }, + { + secretKey: 'zitadel-client-secret', + remoteRef: { + key: 'openchokin', + property: 'ZITADEL_CLIENT_SECRET', + }, + }, + { + secretKey: 'nextauth-secret', + remoteRef: { + key: 'openchokin', + property: 'NEXTAUTH_SECRET', + }, + }, + { + secretKey: 'postgres-admin-password', + remoteRef: { + key: 'postgres_passwords', + property: 'postgres', + }, + }, + { + secretKey: 'postgres-user-password', + remoteRef: { + key: 'postgres_passwords', + property: 'openchokin', + }, + }, + { + secretKey: 'redis-password', + remoteRef: { + key: 'redis', + property: 'password', + }, + }, + { + secretKey: 'cache-password', + remoteRef: { + key: 'openchokin', + property: 'CACHE_PASSWORD', + }, + }, + ], +} diff --git a/k8s/argocdapps/openchokin/front/deployment.jsonnet b/k8s/argocdapps/openchokin/front/deployment.jsonnet new file mode 100644 index 000000000..34e50e862 --- /dev/null +++ b/k8s/argocdapps/openchokin/front/deployment.jsonnet @@ -0,0 +1,107 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import '../app.json5').name + '-front', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + template: { + metadata: { + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + spec: { + containers: [ + (import '../../../components/container.libsonnet') { + name: 'openchokin-front', + image: 'ghcr.io/walnuts1018/openchokin-front:v0.0.0-805921b42b330190ff496e2d810ec3846947162a-66', + imagePullPolicy: 'IfNotPresent', + ports: [ + { + containerPort: 3000, + }, + ], + resources: { + requests: { + memory: '100Mi', + }, + limits: {}, + }, + env: [ + { + name: 'ZITADEL_URL', + value: 'https://auth.walnuts.dev', + }, + { + name: 'NEXTAUTH_URL', + value: 'https://openchokin.walnuts.dev', + }, + { + name: 'ZITADEL_CLIENT_ID', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'zitade-client-id', + }, + }, + }, + { + name: 'ZITADEL_CLIENT_SECRET', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'zitadel-client-secret', + }, + }, + }, + { + name: 'NEXTAUTH_SECRET', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'nextauth-secret', + }, + }, + }, + { + name: 'REDIS_SENTINEL_HOST', + value: 'openchokin-front-redis-sentinel', + }, + { + name: 'REDIS_SENTINEL_PORT', + value: '26379', + }, + { + name: 'REDIS_SENTINEL_NAME', + value: 'mymaster', + }, + { + name: 'REDIS_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'redis-password', + }, + }, + }, + { + name: 'CACHE_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import '../external-secret.jsonnet').spec.target.name, + key: 'cache-password', + }, + }, + }, + ], + }, + ], + }, + }, + }, +} diff --git a/k8s/argocdapps/openchokin/front/ingress.jsonnet b/k8s/argocdapps/openchokin/front/ingress.jsonnet new file mode 100644 index 000000000..558b8caff --- /dev/null +++ b/k8s/argocdapps/openchokin/front/ingress.jsonnet @@ -0,0 +1,33 @@ +{ + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: (import '../app.json5').name + '-front', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + spec: { + ingressClassName: 'nginx', + rules: [ + { + host: 'openchokin.walnuts.dev', + http: { + paths: [ + { + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: (import './service.jsonnet').metadata.name, + port: { + number: 3000, + }, + }, + }, + }, + ], + }, + }, + ], + }, +} diff --git a/k8s/argocdapps/openchokin/front/redis.jsonnet b/k8s/argocdapps/openchokin/front/redis.jsonnet new file mode 100644 index 000000000..a3318f584 --- /dev/null +++ b/k8s/argocdapps/openchokin/front/redis.jsonnet @@ -0,0 +1,71 @@ +[ + { + apiVersion: 'redis.redis.opstreelabs.in/v1beta2', + kind: 'RedisReplication', + metadata: { + name: (import '../app.json5').name + '-front-redis', + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front-redis' }, + }, + spec: { + clusterSize: 2, + kubernetesConfig: { + image: 'quay.io/opstree/redis:v7.0.12', + imagePullPolicy: 'IfNotPresent', + redisSecret: { + name: (import '../external-secret.jsonnet').name, + key: 'redis-password', + }, + }, + storage: { + volumeClaimTemplate: { + spec: { + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '1Gi', + }, + }, + }, + }, + }, + podSecurityContext: { + fsGroup: 1000, + runAsUser: 1000, + }, + }, + }, + { + apiVersion: 'redis.redis.opstreelabs.in/v1beta2', + kind: 'RedisSentinel', + metadata: { + name: (import '../app.json5').name + '-front-redis', + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front-redis' }, + }, + spec: { + clusterSize: 3, + redisSentinelConfig: { + redisReplicationName: 'openchokin-front-redis', + masterGroupName: 'mymaster', + redisPort: '6379', + quorum: '2', + parallelSyncs: '1', + failoverTimeout: '180000', + downAfterMilliseconds: '30000', + }, + kubernetesConfig: { + image: 'quay.io/opstree/redis-sentinel:v7.0.12', + imagePullPolicy: 'IfNotPresent', + redisSecret: { + name: (import '../external-secret.jsonnet').name, + key: 'redis-password', + }, + }, + podSecurityContext: { + fsGroup: 1000, + runAsUser: 1000, + }, + }, + }, +] diff --git a/k8s/argocdapps/openchokin/front/service.jsonnet b/k8s/argocdapps/openchokin/front/service.jsonnet new file mode 100644 index 000000000..abe3a4997 --- /dev/null +++ b/k8s/argocdapps/openchokin/front/service.jsonnet @@ -0,0 +1,20 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import '../app.json5').name + '-front', + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + }, + spec: { + ports: [ + { + name: 'http', + port: 3000, + targetPort: 3000, + }, + ], + selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, + type: 'ClusterIP', + }, +} From 9d1fd653b3d4551e26a8ae5f658777ea41a1fa2d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:20:39 +0900 Subject: [PATCH 0033/1209] rename Signed-off-by: walnuts1018 --- .github/scripts/infrautil/namespaceCmd.go | 2 +- .github/scripts/infrautil/snapshotCmd.go | 4 ++-- .github/workflows/snapshot-diff.yaml | 2 +- .github/workflows/snapshot.yaml | 6 +++--- .trivyignore.yaml | 4 ++-- Makefile | 6 +++--- k8s/_argocd/applications/apps.yaml | 2 +- k8s/{argocdapps => apps}/ac-hacking-2024/app.json5 | 0 .../ac-hacking-2024/back/deployment.jsonnet | 0 .../ac-hacking-2024/back/external-secret.jsonnet | 0 .../ac-hacking-2024/back/service.jsonnet | 0 .../ac-hacking-2024/front/deployment.jsonnet | 0 .../ac-hacking-2024/front/service.jsonnet | 0 .../ac-hacking-2024/oauth2-proxy.jsonnet | 0 k8s/{argocdapps => apps}/blog/app.json5 | 0 k8s/{argocdapps => apps}/blog/config/nginx.conf | 0 k8s/{argocdapps => apps}/blog/config/virtualhost.conf | 0 k8s/{argocdapps => apps}/blog/configmap.jsonnet | 0 k8s/{argocdapps => apps}/blog/deployment.jsonnet | 0 k8s/{argocdapps => apps}/blog/ingress.jsonnet | 0 k8s/{argocdapps => apps}/blog/service.jsonnet | 0 k8s/{argocdapps => apps}/cert-manager/app.json5 | 0 k8s/{argocdapps => apps}/cert-manager/helm.jsonnet | 0 .../cilium-hubble-oauth2-proxy/app.json5 | 0 .../cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet | 0 k8s/{argocdapps => apps}/cilium-ipaddress/app.json5 | 0 .../cilium-ipaddress/l2-announcement-policy.jsonnet | 0 .../cilium-ipaddress/loadbalancerippool.jsonnet | 0 k8s/{argocdapps => apps}/cilium/app.json5 | 0 k8s/{argocdapps => apps}/cilium/helm.jsonnet | 0 k8s/{argocdapps => apps}/cilium/values.yaml | 0 k8s/{argocdapps => apps}/cloudflared/app.json5 | 0 k8s/{argocdapps => apps}/cloudflared/deployment.jsonnet | 0 .../cloudflared/external-secret.jsonnet | 0 .../cloudflared/service-monitor.jsonnet | 0 k8s/{argocdapps => apps}/cloudflared/service.jsonnet | 0 k8s/{argocdapps => apps}/clusterissuer/app.json5 | 0 .../clusterissuer/external-secret.jsonnet | 0 .../clusterissuer/letsencrypt-prod.jsonnet | 0 .../clusterissuer/letsencrypt-stg.jsonnet | 0 k8s/{argocdapps => apps}/clusterissuer/selfsigned.jsonnet | 0 k8s/{argocdapps => apps}/code-server-knative/app.json5 | 0 .../code-server-knative/codeserver.jsonnet | 0 k8s/{argocdapps => apps}/code-server-operator/app.json5 | 0 k8s/{argocdapps => apps}/code-server-operator/helm.jsonnet | 0 k8s/{argocdapps => apps}/code-server-operator/values.yaml | 0 k8s/{argocdapps => apps}/code-server/README.md | 0 k8s/{argocdapps => apps}/code-server/app.json5 | 0 k8s/{argocdapps => apps}/code-server/network-policy.jsonnet | 0 k8s/{argocdapps => apps}/descheduler/app.json5 | 0 k8s/{argocdapps => apps}/descheduler/helm.jsonnet | 0 k8s/{argocdapps => apps}/descheduler/values.yaml | 0 k8s/{argocdapps => apps}/elasticsearch/app.json5 | 0 .../elasticsearch/config/elasticsearch-plugins.yml | 0 k8s/{argocdapps => apps}/elasticsearch/configmap.jsonnet | 0 k8s/{argocdapps => apps}/elasticsearch/deployment.jsonnet | 0 k8s/{argocdapps => apps}/elasticsearch/pvc.jsonnet | 0 k8s/{argocdapps => apps}/elasticsearch/service.jsonnet | 0 k8s/{argocdapps => apps}/external-dns/app.json5 | 0 .../external-dns/cluster-role-binding.jsonnet | 0 k8s/{argocdapps => apps}/external-dns/cluster-role.jsonnet | 0 k8s/{argocdapps => apps}/external-dns/deployment.jsonnet | 0 .../external-dns/external-secret.jsonnet | 0 .../external-dns/service-account.jsonnet | 0 k8s/{argocdapps => apps}/external-secrets-store/app.json5 | 0 .../external-secrets-store/onepassword.jsonnet | 0 k8s/{argocdapps => apps}/external-secrets/app.json5 | 0 k8s/{argocdapps => apps}/external-secrets/helm.jsonnet | 0 k8s/{argocdapps => apps}/fitbit-manager/app.json5 | 0 k8s/{argocdapps => apps}/fitbit-manager/deployment.jsonnet | 0 .../fitbit-manager/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/fitbit-manager/ingress.jsonnet | 0 k8s/{argocdapps => apps}/fitbit-manager/service.jsonnet | 0 k8s/{argocdapps => apps}/ghcr-login-secret/app.json5 | 0 .../ghcr-login-secret/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/github-readme-stats/app.json5 | 0 .../github-readme-stats/deployment.jsonnet | 0 .../github-readme-stats/external-secret.jsonnet | 0 .../github-readme-stats/ingress.jsonnet | 0 .../github-readme-stats/service.jsonnet | 0 k8s/{argocdapps => apps}/hedgedoc/app.json5 | 0 k8s/{argocdapps => apps}/hedgedoc/deployment.jsonnet | 0 k8s/{argocdapps => apps}/hedgedoc/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/hedgedoc/ingress.jsonnet | 0 k8s/{argocdapps => apps}/hedgedoc/service.jsonnet | 0 k8s/{argocdapps => apps}/http-dump/app.json5 | 0 k8s/{argocdapps => apps}/http-dump/deployment.jsonnet | 0 k8s/{argocdapps => apps}/http-dump/ingress.jsonnet | 0 k8s/{argocdapps => apps}/http-dump/service.jsonnet | 0 k8s/{argocdapps => apps}/influxdb/app.json5 | 0 k8s/{argocdapps => apps}/influxdb/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/influxdb/helm.jsonnet | 0 k8s/{argocdapps => apps}/influxdb/values.yaml | 0 k8s/{argocdapps => apps}/ingress-nginx/app.json5 | 0 k8s/{argocdapps => apps}/ingress-nginx/helm.jsonnet | 0 k8s/{argocdapps => apps}/ingress-nginx/values.yaml | 0 k8s/{argocdapps => apps}/kibana/app.json5 | 0 k8s/{argocdapps => apps}/kibana/deployment.jsonnet | 0 k8s/{argocdapps => apps}/kibana/oauth2-proxy.jsonnet | 0 k8s/{argocdapps => apps}/kibana/service.jsonnet | 0 k8s/{argocdapps => apps}/komga/app.json5 | 0 k8s/{argocdapps => apps}/komga/config/application.yml | 0 k8s/{argocdapps => apps}/komga/configmap.jsonnet | 0 k8s/{argocdapps => apps}/komga/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/komga/ingress.jsonnet | 0 k8s/{argocdapps => apps}/komga/pvc.jsonnet | 0 k8s/{argocdapps => apps}/komga/service.jsonnet | 0 k8s/{argocdapps => apps}/komga/statefulset.jsonnet | 0 k8s/{argocdapps => apps}/local-path-provisioner/app.json5 | 0 .../local-path-provisioner/application.jsonnet | 0 k8s/{argocdapps => apps}/loki/app.json5 | 0 k8s/{argocdapps => apps}/loki/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/loki/helm.jsonnet | 0 k8s/{argocdapps => apps}/loki/values.yaml | 0 k8s/{argocdapps => apps}/longhorn-backup/app.json5 | 0 .../longhorn-backup/recurring-job.jsonnet | 0 k8s/{argocdapps => apps}/longhorn-oauth2-proxy/app.json5 | 0 .../longhorn-oauth2-proxy/oauth2-proxy.jsonnet | 0 k8s/{argocdapps => apps}/longhorn/app.json5 | 0 k8s/{argocdapps => apps}/longhorn/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/longhorn/helm.jsonnet | 0 k8s/{argocdapps => apps}/longhorn/storage-class.jsonnet | 0 k8s/{argocdapps => apps}/longhorn/values.yaml | 0 k8s/{argocdapps => apps}/machine-status-api/app.json5 | 0 .../machine-status-api/deployment.jsonnet | 0 k8s/{argocdapps => apps}/machine-status-api/service.jsonnet | 0 k8s/{argocdapps => apps}/metrics-server/app.json5 | 0 k8s/{argocdapps => apps}/metrics-server/helm.jsonnet | 0 k8s/{argocdapps => apps}/metrics-server/values.yaml | 0 k8s/{argocdapps => apps}/minio/app.json5 | 0 k8s/{argocdapps => apps}/minio/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/minio/helm.jsonnet | 0 k8s/{argocdapps => apps}/minio/values.yaml | 0 k8s/{argocdapps => apps}/misskey/app.json5 | 0 k8s/{argocdapps => apps}/misskey/config/default.yml | 0 k8s/{argocdapps => apps}/misskey/configmap.jsonnet | 0 k8s/{argocdapps => apps}/misskey/deployment.jsonnet | 0 k8s/{argocdapps => apps}/misskey/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/misskey/ingress.jsonnet | 0 k8s/{argocdapps => apps}/misskey/pvc.jsonnet | 0 k8s/{argocdapps => apps}/misskey/redis.jsonnet | 0 k8s/{argocdapps => apps}/misskey/service.jsonnet | 0 k8s/{argocdapps => apps}/moco/app.json5 | 0 k8s/{argocdapps => apps}/moco/helm.jsonnet | 0 k8s/{argocdapps => apps}/moco/values.yaml | 0 k8s/{argocdapps => apps}/mucaron/app.json5 | 0 k8s/{argocdapps => apps}/mucaron/back/deployment.jsonnet | 0 .../mucaron/back/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/mucaron/back/pvc.jsonnet | 0 k8s/{argocdapps => apps}/mucaron/back/redis.jsonnet | 0 k8s/{argocdapps => apps}/mucaron/back/service.jsonnet | 0 k8s/{argocdapps => apps}/mucaron/front/deployment.jsonnet | 0 k8s/{argocdapps => apps}/mucaron/front/service.jsonnet | 0 k8s/{argocdapps => apps}/mucaron/ingress.jsonnet | 0 k8s/{argocdapps => apps}/mysql-default/app.json5 | 0 .../mysql-default/mysql-cluster.jsonnet | 0 k8s/{argocdapps => apps}/nextcloud/app.json5 | 0 k8s/{argocdapps => apps}/nextcloud/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/nextcloud/helm.jsonnet | 0 k8s/{argocdapps => apps}/nextcloud/pvc.jsonnet | 0 k8s/{argocdapps => apps}/nextcloud/redis.jsonnet | 0 k8s/{argocdapps => apps}/nextcloud/values.yaml | 0 k8s/{argocdapps => apps}/nginx-test/app.json5 | 0 k8s/{argocdapps => apps}/nginx-test/config/nginx.conf | 0 k8s/{argocdapps => apps}/nginx-test/config/virtualhost.conf | 0 k8s/{argocdapps => apps}/nginx-test/configmap.jsonnet | 0 k8s/{argocdapps => apps}/nginx-test/deployment.jsonnet | 0 k8s/{argocdapps => apps}/nginx-test/ingress.jsonnet | 0 k8s/{argocdapps => apps}/nginx-test/service.jsonnet | 0 k8s/{argocdapps => apps}/oekaki-dengon-game/app.json5 | 0 .../oekaki-dengon-game/back/deployment.jsonnet | 0 .../oekaki-dengon-game/back/service.jsonnet | 0 .../oekaki-dengon-game/external-secret.jsonnet | 0 .../oekaki-dengon-game/front/deployment.jsonnet | 0 .../oekaki-dengon-game/front/service.jsonnet | 0 .../oekaki-dengon-game/oauth2-proxy/config/robots.txt | 0 .../oekaki-dengon-game/oauth2-proxy/configmap.jsonnet | 0 .../oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet | 0 k8s/{argocdapps => apps}/openchokin/app.json5 | 0 k8s/{argocdapps => apps}/openchokin/back/deployment.jsonnet | 0 k8s/{argocdapps => apps}/openchokin/back/ingress.jsonnet | 0 k8s/{argocdapps => apps}/openchokin/back/service.jsonnet | 0 k8s/{argocdapps => apps}/openchokin/external-secret.jsonnet | 0 .../openchokin/front/deployment.jsonnet | 0 k8s/{argocdapps => apps}/openchokin/front/ingress.jsonnet | 0 k8s/{argocdapps => apps}/openchokin/front/redis.jsonnet | 0 k8s/{argocdapps => apps}/openchokin/front/service.jsonnet | 0 k8s/{argocdapps => apps}/opentelemetry-collectors/app.json5 | 0 .../opentelemetry-collectors/cluster-role-binding.jsonnet | 0 .../opentelemetry-collectors/cluster-role.jsonnet | 0 .../opentelemetry-collectors/collectors/_base.libsonnet | 0 .../opentelemetry-collectors/collectors/daemonset.jsonnet | 0 .../opentelemetry-collectors/collectors/default.jsonnet | 0 .../opentelemetry-collectors/collectors/deployment.jsonnet | 0 .../collectors/prometheus-exporter.jsonnet | 0 .../opentelemetry-collectors/external-secret.jsonnet | 0 .../opentelemetry-collectors/sa.jsonnet | 0 .../opentelemetry-instrumentations/app.json5 | 0 .../opentelemetry-instrumentations/default.jsonnet | 0 k8s/{argocdapps => apps}/opentelemetry-operator/app.json5 | 0 .../opentelemetry-operator/helm.jsonnet | 0 k8s/{argocdapps => apps}/opentelemetry-operator/values.yaml | 0 k8s/{argocdapps => apps}/photoprism/app.json5 | 0 k8s/{argocdapps => apps}/photoprism/cronjob.jsonnet | 0 k8s/{argocdapps => apps}/photoprism/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/photoprism/ingress.jsonnet | 0 .../photoprism/mariadb/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/photoprism/mariadb/helm.jsonnet | 0 k8s/{argocdapps => apps}/photoprism/mariadb/pvc.jsonnet | 0 k8s/{argocdapps => apps}/photoprism/mariadb/values.yaml | 0 k8s/{argocdapps => apps}/photoprism/pvc.jsonnet | 0 k8s/{argocdapps => apps}/photoprism/service.jsonnet | 0 k8s/{argocdapps => apps}/photoprism/statefulset.jsonnet | 0 k8s/{argocdapps => apps}/postgresql-default/app.json5 | 0 .../postgresql-default/external-secrets.jsonnet | 0 .../postgresql-default/postgresql.jsonnet | 0 k8s/{argocdapps => apps}/postgresql-default/service.jsonnet | 0 k8s/{argocdapps => apps}/postgresql-default/users.libsonnet | 0 k8s/{argocdapps => apps}/priorities/app.json5 | 0 k8s/{argocdapps => apps}/priorities/default.jsonnet | 0 k8s/{argocdapps => apps}/priorities/high.jsonnet | 0 k8s/{argocdapps => apps}/priorities/low.jsonnet | 0 k8s/{argocdapps => apps}/prometheus-oauth2-proxy/app.json5 | 0 .../prometheus-oauth2-proxy/oauth2-proxy.jsonnet | 0 k8s/{argocdapps => apps}/prometheus-stack/app.json5 | 0 .../prometheus-stack/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/prometheus-stack/helm.jsonnet | 0 k8s/{argocdapps => apps}/prometheus-stack/values.yaml | 0 k8s/{argocdapps => apps}/redis-operator/app.json5 | 0 k8s/{argocdapps => apps}/redis-operator/helm.jsonnet | 0 k8s/{argocdapps => apps}/redis-operator/values.yaml | 0 k8s/{argocdapps => apps}/samba-backup/app.json5 | 0 k8s/{argocdapps => apps}/samba-backup/config/backup.sh | 0 k8s/{argocdapps => apps}/samba-backup/configmap.jsonnet | 0 k8s/{argocdapps => apps}/samba-backup/cronjob.jsonnet | 0 .../samba-backup/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/samba/app.json5 | 0 k8s/{argocdapps => apps}/samba/deployment.jsonnet | 0 k8s/{argocdapps => apps}/samba/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/samba/service.jsonnet | 0 k8s/{argocdapps => apps}/smartctl-exporter/app.json5 | 0 k8s/{argocdapps => apps}/smartctl-exporter/helm.jsonnet | 0 k8s/{argocdapps => apps}/smartctl-exporter/values.yaml | 0 k8s/{argocdapps => apps}/snmp-exporter/app.json5 | 0 .../snmp-exporter/config/generator.yaml | 0 k8s/{argocdapps => apps}/snmp-exporter/helm.jsonnet | 0 k8s/{argocdapps => apps}/snmp-exporter/values.yaml | 0 k8s/{argocdapps => apps}/tailscale/app.json5 | 0 k8s/{argocdapps => apps}/tailscale/deployment.jsonnet | 0 k8s/{argocdapps => apps}/tailscale/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/tailscale/role.jsonnet | 0 k8s/{argocdapps => apps}/tailscale/rolebinding.jsonnet | 0 k8s/{argocdapps => apps}/tailscale/sa.jsonnet | 0 k8s/{argocdapps => apps}/tempo/app.json5 | 0 k8s/{argocdapps => apps}/tempo/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/tempo/helm.jsonnet | 0 k8s/{argocdapps => apps}/tempo/values.yaml | 0 .../wakatime-to-slack-profile/app.json5 | 0 .../wakatime-to-slack-profile/config/emoji.json | 0 .../wakatime-to-slack-profile/configmap.jsonnet | 0 .../wakatime-to-slack-profile/deployment.jsonnet | 0 .../wakatime-to-slack-profile/external-secret.jsonnet | 0 .../wakatime-to-slack-profile/ingress.jsonnet | 0 .../wakatime-to-slack-profile/service.jsonnet | 0 k8s/{argocdapps => apps}/walnuts-dev-www-redirect/app.json5 | 0 .../walnuts-dev-www-redirect/config/nginx.conf | 0 .../walnuts-dev-www-redirect/config/virtualhost.conf | 0 .../walnuts-dev-www-redirect/configmap.jsonnet | 0 .../walnuts-dev-www-redirect/deployment.jsonnet | 0 .../walnuts-dev-www-redirect/ingress.jsonnet | 0 .../walnuts-dev-www-redirect/service.jsonnet | 0 k8s/{argocdapps => apps}/walnuts-dev/app.json5 | 0 k8s/{argocdapps => apps}/walnuts-dev/deployment.jsonnet | 0 k8s/{argocdapps => apps}/walnuts-dev/ingress.jsonnet | 0 k8s/{argocdapps => apps}/walnuts-dev/service.jsonnet | 0 k8s/{argocdapps => apps}/zalando-psql-operator/app.json5 | 0 .../zalando-psql-operator/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/zalando-psql-operator/helm.jsonnet | 0 k8s/{argocdapps => apps}/zalando-psql-operator/values.yaml | 0 k8s/{argocdapps => apps}/zitadel/app.json5 | 0 k8s/{argocdapps => apps}/zitadel/config/config.yaml | 0 k8s/{argocdapps => apps}/zitadel/configmap.jsonnet | 0 k8s/{argocdapps => apps}/zitadel/external-secret.jsonnet | 0 k8s/{argocdapps => apps}/zitadel/helm.jsonnet | 0 k8s/{argocdapps => apps}/zitadel/values.yaml | 0 285 files changed, 13 insertions(+), 13 deletions(-) rename k8s/{argocdapps => apps}/ac-hacking-2024/app.json5 (100%) rename k8s/{argocdapps => apps}/ac-hacking-2024/back/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/ac-hacking-2024/back/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/ac-hacking-2024/back/service.jsonnet (100%) rename k8s/{argocdapps => apps}/ac-hacking-2024/front/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/ac-hacking-2024/front/service.jsonnet (100%) rename k8s/{argocdapps => apps}/ac-hacking-2024/oauth2-proxy.jsonnet (100%) rename k8s/{argocdapps => apps}/blog/app.json5 (100%) rename k8s/{argocdapps => apps}/blog/config/nginx.conf (100%) rename k8s/{argocdapps => apps}/blog/config/virtualhost.conf (100%) rename k8s/{argocdapps => apps}/blog/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/blog/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/blog/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/blog/service.jsonnet (100%) rename k8s/{argocdapps => apps}/cert-manager/app.json5 (100%) rename k8s/{argocdapps => apps}/cert-manager/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/cilium-hubble-oauth2-proxy/app.json5 (100%) rename k8s/{argocdapps => apps}/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet (100%) rename k8s/{argocdapps => apps}/cilium-ipaddress/app.json5 (100%) rename k8s/{argocdapps => apps}/cilium-ipaddress/l2-announcement-policy.jsonnet (100%) rename k8s/{argocdapps => apps}/cilium-ipaddress/loadbalancerippool.jsonnet (100%) rename k8s/{argocdapps => apps}/cilium/app.json5 (100%) rename k8s/{argocdapps => apps}/cilium/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/cilium/values.yaml (100%) rename k8s/{argocdapps => apps}/cloudflared/app.json5 (100%) rename k8s/{argocdapps => apps}/cloudflared/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/cloudflared/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/cloudflared/service-monitor.jsonnet (100%) rename k8s/{argocdapps => apps}/cloudflared/service.jsonnet (100%) rename k8s/{argocdapps => apps}/clusterissuer/app.json5 (100%) rename k8s/{argocdapps => apps}/clusterissuer/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/clusterissuer/letsencrypt-prod.jsonnet (100%) rename k8s/{argocdapps => apps}/clusterissuer/letsencrypt-stg.jsonnet (100%) rename k8s/{argocdapps => apps}/clusterissuer/selfsigned.jsonnet (100%) rename k8s/{argocdapps => apps}/code-server-knative/app.json5 (100%) rename k8s/{argocdapps => apps}/code-server-knative/codeserver.jsonnet (100%) rename k8s/{argocdapps => apps}/code-server-operator/app.json5 (100%) rename k8s/{argocdapps => apps}/code-server-operator/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/code-server-operator/values.yaml (100%) rename k8s/{argocdapps => apps}/code-server/README.md (100%) rename k8s/{argocdapps => apps}/code-server/app.json5 (100%) rename k8s/{argocdapps => apps}/code-server/network-policy.jsonnet (100%) rename k8s/{argocdapps => apps}/descheduler/app.json5 (100%) rename k8s/{argocdapps => apps}/descheduler/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/descheduler/values.yaml (100%) rename k8s/{argocdapps => apps}/elasticsearch/app.json5 (100%) rename k8s/{argocdapps => apps}/elasticsearch/config/elasticsearch-plugins.yml (100%) rename k8s/{argocdapps => apps}/elasticsearch/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/elasticsearch/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/elasticsearch/pvc.jsonnet (100%) rename k8s/{argocdapps => apps}/elasticsearch/service.jsonnet (100%) rename k8s/{argocdapps => apps}/external-dns/app.json5 (100%) rename k8s/{argocdapps => apps}/external-dns/cluster-role-binding.jsonnet (100%) rename k8s/{argocdapps => apps}/external-dns/cluster-role.jsonnet (100%) rename k8s/{argocdapps => apps}/external-dns/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/external-dns/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/external-dns/service-account.jsonnet (100%) rename k8s/{argocdapps => apps}/external-secrets-store/app.json5 (100%) rename k8s/{argocdapps => apps}/external-secrets-store/onepassword.jsonnet (100%) rename k8s/{argocdapps => apps}/external-secrets/app.json5 (100%) rename k8s/{argocdapps => apps}/external-secrets/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/fitbit-manager/app.json5 (100%) rename k8s/{argocdapps => apps}/fitbit-manager/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/fitbit-manager/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/fitbit-manager/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/fitbit-manager/service.jsonnet (100%) rename k8s/{argocdapps => apps}/ghcr-login-secret/app.json5 (100%) rename k8s/{argocdapps => apps}/ghcr-login-secret/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/github-readme-stats/app.json5 (100%) rename k8s/{argocdapps => apps}/github-readme-stats/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/github-readme-stats/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/github-readme-stats/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/github-readme-stats/service.jsonnet (100%) rename k8s/{argocdapps => apps}/hedgedoc/app.json5 (100%) rename k8s/{argocdapps => apps}/hedgedoc/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/hedgedoc/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/hedgedoc/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/hedgedoc/service.jsonnet (100%) rename k8s/{argocdapps => apps}/http-dump/app.json5 (100%) rename k8s/{argocdapps => apps}/http-dump/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/http-dump/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/http-dump/service.jsonnet (100%) rename k8s/{argocdapps => apps}/influxdb/app.json5 (100%) rename k8s/{argocdapps => apps}/influxdb/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/influxdb/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/influxdb/values.yaml (100%) rename k8s/{argocdapps => apps}/ingress-nginx/app.json5 (100%) rename k8s/{argocdapps => apps}/ingress-nginx/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/ingress-nginx/values.yaml (100%) rename k8s/{argocdapps => apps}/kibana/app.json5 (100%) rename k8s/{argocdapps => apps}/kibana/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/kibana/oauth2-proxy.jsonnet (100%) rename k8s/{argocdapps => apps}/kibana/service.jsonnet (100%) rename k8s/{argocdapps => apps}/komga/app.json5 (100%) rename k8s/{argocdapps => apps}/komga/config/application.yml (100%) rename k8s/{argocdapps => apps}/komga/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/komga/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/komga/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/komga/pvc.jsonnet (100%) rename k8s/{argocdapps => apps}/komga/service.jsonnet (100%) rename k8s/{argocdapps => apps}/komga/statefulset.jsonnet (100%) rename k8s/{argocdapps => apps}/local-path-provisioner/app.json5 (100%) rename k8s/{argocdapps => apps}/local-path-provisioner/application.jsonnet (100%) rename k8s/{argocdapps => apps}/loki/app.json5 (100%) rename k8s/{argocdapps => apps}/loki/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/loki/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/loki/values.yaml (100%) rename k8s/{argocdapps => apps}/longhorn-backup/app.json5 (100%) rename k8s/{argocdapps => apps}/longhorn-backup/recurring-job.jsonnet (100%) rename k8s/{argocdapps => apps}/longhorn-oauth2-proxy/app.json5 (100%) rename k8s/{argocdapps => apps}/longhorn-oauth2-proxy/oauth2-proxy.jsonnet (100%) rename k8s/{argocdapps => apps}/longhorn/app.json5 (100%) rename k8s/{argocdapps => apps}/longhorn/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/longhorn/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/longhorn/storage-class.jsonnet (100%) rename k8s/{argocdapps => apps}/longhorn/values.yaml (100%) rename k8s/{argocdapps => apps}/machine-status-api/app.json5 (100%) rename k8s/{argocdapps => apps}/machine-status-api/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/machine-status-api/service.jsonnet (100%) rename k8s/{argocdapps => apps}/metrics-server/app.json5 (100%) rename k8s/{argocdapps => apps}/metrics-server/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/metrics-server/values.yaml (100%) rename k8s/{argocdapps => apps}/minio/app.json5 (100%) rename k8s/{argocdapps => apps}/minio/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/minio/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/minio/values.yaml (100%) rename k8s/{argocdapps => apps}/misskey/app.json5 (100%) rename k8s/{argocdapps => apps}/misskey/config/default.yml (100%) rename k8s/{argocdapps => apps}/misskey/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/misskey/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/misskey/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/misskey/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/misskey/pvc.jsonnet (100%) rename k8s/{argocdapps => apps}/misskey/redis.jsonnet (100%) rename k8s/{argocdapps => apps}/misskey/service.jsonnet (100%) rename k8s/{argocdapps => apps}/moco/app.json5 (100%) rename k8s/{argocdapps => apps}/moco/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/moco/values.yaml (100%) rename k8s/{argocdapps => apps}/mucaron/app.json5 (100%) rename k8s/{argocdapps => apps}/mucaron/back/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/mucaron/back/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/mucaron/back/pvc.jsonnet (100%) rename k8s/{argocdapps => apps}/mucaron/back/redis.jsonnet (100%) rename k8s/{argocdapps => apps}/mucaron/back/service.jsonnet (100%) rename k8s/{argocdapps => apps}/mucaron/front/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/mucaron/front/service.jsonnet (100%) rename k8s/{argocdapps => apps}/mucaron/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/mysql-default/app.json5 (100%) rename k8s/{argocdapps => apps}/mysql-default/mysql-cluster.jsonnet (100%) rename k8s/{argocdapps => apps}/nextcloud/app.json5 (100%) rename k8s/{argocdapps => apps}/nextcloud/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/nextcloud/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/nextcloud/pvc.jsonnet (100%) rename k8s/{argocdapps => apps}/nextcloud/redis.jsonnet (100%) rename k8s/{argocdapps => apps}/nextcloud/values.yaml (100%) rename k8s/{argocdapps => apps}/nginx-test/app.json5 (100%) rename k8s/{argocdapps => apps}/nginx-test/config/nginx.conf (100%) rename k8s/{argocdapps => apps}/nginx-test/config/virtualhost.conf (100%) rename k8s/{argocdapps => apps}/nginx-test/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/nginx-test/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/nginx-test/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/nginx-test/service.jsonnet (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/app.json5 (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/back/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/back/service.jsonnet (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/front/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/front/service.jsonnet (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/oauth2-proxy/config/robots.txt (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet (100%) rename k8s/{argocdapps => apps}/openchokin/app.json5 (100%) rename k8s/{argocdapps => apps}/openchokin/back/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/openchokin/back/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/openchokin/back/service.jsonnet (100%) rename k8s/{argocdapps => apps}/openchokin/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/openchokin/front/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/openchokin/front/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/openchokin/front/redis.jsonnet (100%) rename k8s/{argocdapps => apps}/openchokin/front/service.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/app.json5 (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/cluster-role-binding.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/cluster-role.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/collectors/_base.libsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/collectors/daemonset.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/collectors/default.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/collectors/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-collectors/sa.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-instrumentations/app.json5 (100%) rename k8s/{argocdapps => apps}/opentelemetry-instrumentations/default.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-operator/app.json5 (100%) rename k8s/{argocdapps => apps}/opentelemetry-operator/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/opentelemetry-operator/values.yaml (100%) rename k8s/{argocdapps => apps}/photoprism/app.json5 (100%) rename k8s/{argocdapps => apps}/photoprism/cronjob.jsonnet (100%) rename k8s/{argocdapps => apps}/photoprism/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/photoprism/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/photoprism/mariadb/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/photoprism/mariadb/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/photoprism/mariadb/pvc.jsonnet (100%) rename k8s/{argocdapps => apps}/photoprism/mariadb/values.yaml (100%) rename k8s/{argocdapps => apps}/photoprism/pvc.jsonnet (100%) rename k8s/{argocdapps => apps}/photoprism/service.jsonnet (100%) rename k8s/{argocdapps => apps}/photoprism/statefulset.jsonnet (100%) rename k8s/{argocdapps => apps}/postgresql-default/app.json5 (100%) rename k8s/{argocdapps => apps}/postgresql-default/external-secrets.jsonnet (100%) rename k8s/{argocdapps => apps}/postgresql-default/postgresql.jsonnet (100%) rename k8s/{argocdapps => apps}/postgresql-default/service.jsonnet (100%) rename k8s/{argocdapps => apps}/postgresql-default/users.libsonnet (100%) rename k8s/{argocdapps => apps}/priorities/app.json5 (100%) rename k8s/{argocdapps => apps}/priorities/default.jsonnet (100%) rename k8s/{argocdapps => apps}/priorities/high.jsonnet (100%) rename k8s/{argocdapps => apps}/priorities/low.jsonnet (100%) rename k8s/{argocdapps => apps}/prometheus-oauth2-proxy/app.json5 (100%) rename k8s/{argocdapps => apps}/prometheus-oauth2-proxy/oauth2-proxy.jsonnet (100%) rename k8s/{argocdapps => apps}/prometheus-stack/app.json5 (100%) rename k8s/{argocdapps => apps}/prometheus-stack/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/prometheus-stack/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/prometheus-stack/values.yaml (100%) rename k8s/{argocdapps => apps}/redis-operator/app.json5 (100%) rename k8s/{argocdapps => apps}/redis-operator/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/redis-operator/values.yaml (100%) rename k8s/{argocdapps => apps}/samba-backup/app.json5 (100%) rename k8s/{argocdapps => apps}/samba-backup/config/backup.sh (100%) rename k8s/{argocdapps => apps}/samba-backup/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/samba-backup/cronjob.jsonnet (100%) rename k8s/{argocdapps => apps}/samba-backup/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/samba/app.json5 (100%) rename k8s/{argocdapps => apps}/samba/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/samba/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/samba/service.jsonnet (100%) rename k8s/{argocdapps => apps}/smartctl-exporter/app.json5 (100%) rename k8s/{argocdapps => apps}/smartctl-exporter/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/smartctl-exporter/values.yaml (100%) rename k8s/{argocdapps => apps}/snmp-exporter/app.json5 (100%) rename k8s/{argocdapps => apps}/snmp-exporter/config/generator.yaml (100%) rename k8s/{argocdapps => apps}/snmp-exporter/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/snmp-exporter/values.yaml (100%) rename k8s/{argocdapps => apps}/tailscale/app.json5 (100%) rename k8s/{argocdapps => apps}/tailscale/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/tailscale/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/tailscale/role.jsonnet (100%) rename k8s/{argocdapps => apps}/tailscale/rolebinding.jsonnet (100%) rename k8s/{argocdapps => apps}/tailscale/sa.jsonnet (100%) rename k8s/{argocdapps => apps}/tempo/app.json5 (100%) rename k8s/{argocdapps => apps}/tempo/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/tempo/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/tempo/values.yaml (100%) rename k8s/{argocdapps => apps}/wakatime-to-slack-profile/app.json5 (100%) rename k8s/{argocdapps => apps}/wakatime-to-slack-profile/config/emoji.json (100%) rename k8s/{argocdapps => apps}/wakatime-to-slack-profile/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/wakatime-to-slack-profile/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/wakatime-to-slack-profile/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/wakatime-to-slack-profile/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/wakatime-to-slack-profile/service.jsonnet (100%) rename k8s/{argocdapps => apps}/walnuts-dev-www-redirect/app.json5 (100%) rename k8s/{argocdapps => apps}/walnuts-dev-www-redirect/config/nginx.conf (100%) rename k8s/{argocdapps => apps}/walnuts-dev-www-redirect/config/virtualhost.conf (100%) rename k8s/{argocdapps => apps}/walnuts-dev-www-redirect/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/walnuts-dev-www-redirect/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/walnuts-dev-www-redirect/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/walnuts-dev-www-redirect/service.jsonnet (100%) rename k8s/{argocdapps => apps}/walnuts-dev/app.json5 (100%) rename k8s/{argocdapps => apps}/walnuts-dev/deployment.jsonnet (100%) rename k8s/{argocdapps => apps}/walnuts-dev/ingress.jsonnet (100%) rename k8s/{argocdapps => apps}/walnuts-dev/service.jsonnet (100%) rename k8s/{argocdapps => apps}/zalando-psql-operator/app.json5 (100%) rename k8s/{argocdapps => apps}/zalando-psql-operator/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/zalando-psql-operator/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/zalando-psql-operator/values.yaml (100%) rename k8s/{argocdapps => apps}/zitadel/app.json5 (100%) rename k8s/{argocdapps => apps}/zitadel/config/config.yaml (100%) rename k8s/{argocdapps => apps}/zitadel/configmap.jsonnet (100%) rename k8s/{argocdapps => apps}/zitadel/external-secret.jsonnet (100%) rename k8s/{argocdapps => apps}/zitadel/helm.jsonnet (100%) rename k8s/{argocdapps => apps}/zitadel/values.yaml (100%) diff --git a/.github/scripts/infrautil/namespaceCmd.go b/.github/scripts/infrautil/namespaceCmd.go index db3225e41..fd7c001a0 100644 --- a/.github/scripts/infrautil/namespaceCmd.go +++ b/.github/scripts/infrautil/namespaceCmd.go @@ -23,7 +23,7 @@ func (*namespaceCmd) Usage() string { } func (n *namespaceCmd) SetFlags(f *flag.FlagSet) { - f.StringVar(&n.appDir, "d", "k8s/argocdapps", "app directory") + f.StringVar(&n.appDir, "d", "k8s/apps", "app directory") f.StringVar(&n.outFilePath, "o", "namespaces/namespaces.yaml", "output file path") } diff --git a/.github/scripts/infrautil/snapshotCmd.go b/.github/scripts/infrautil/snapshotCmd.go index beb800dcb..19e3b69c2 100644 --- a/.github/scripts/infrautil/snapshotCmd.go +++ b/.github/scripts/infrautil/snapshotCmd.go @@ -24,8 +24,8 @@ func (*snapshotCmd) Usage() string { } func (b *snapshotCmd) SetFlags(f *flag.FlagSet) { - f.StringVar(&b.appBaseDir, "d", "k8s/argocdapps", "app directory") - f.StringVar(&b.outFilePath, "o", "k8s/snapshots/argocdapps", "output file path") + f.StringVar(&b.appBaseDir, "d", "k8s/apps", "app directory") + f.StringVar(&b.outFilePath, "o", "k8s/snapshots/apps", "output file path") } func (b *snapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) subcommands.ExitStatus { diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index 1692bd2d1..138d7eeb1 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -31,7 +31,7 @@ jobs: - name: mv run: | mkdir /tmp/snapshots-main - mv k8s/argocdapps /tmp/snapshots-main/argocdapps + mv k8s/apps /tmp/snapshots-main/apps - name: Upload folder uses: actions/upload-artifact@v4 diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index 4e211ed52..c0148d803 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -39,8 +39,8 @@ jobs: - name: mv snapshot run: | - rm -rf k8s/argocdapps - mv k8s/snapshots/argocdapps k8s/argocdapps + rm -rf k8s/apps + mv k8s/snapshots/apps k8s/apps - name: push run: | @@ -83,4 +83,4 @@ jobs: - name: Lint manifest with kubeconform uses: docker://ghcr.io/yannh/kubeconform:latest with: - args: "-ignore-missing-schemas -strict -summary k8s/argocdapps" + args: "-ignore-missing-schemas -strict -summary k8s/apps" diff --git a/.trivyignore.yaml b/.trivyignore.yaml index 7c07102c2..43a219916 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -1,9 +1,9 @@ misconfigurations: - id: KSV017 paths: - - "k8s/argocdapps/machine-status-api/deployment.yaml" + - "k8s/apps/machine-status-api/deployment.yaml" statement: Accept Privileged - id: KSV023 paths: - - "k8s/argocdapps/samba/deployment.yaml" + - "k8s/apps/samba/deployment.yaml" statement: accept hostpath diff --git a/Makefile b/Makefile index 908ccbc09..4dc31f2e6 100644 --- a/Makefile +++ b/Makefile @@ -8,11 +8,11 @@ build-infrautil: .PHONY: namespace namespace: build-infrautil - $(INFRAUTIL) namespace -d ./k8s/argocdapps -o ./k8s/namespaces/namespaces.json5 + $(INFRAUTIL) namespace -d ./k8s/apps -o ./k8s/namespaces/namespaces.json5 .PHONY: snapshot snapshot: build-infrautil - $(INFRAUTIL) snapshot -d ./k8s/argocdapps -o ./k8s/snapshots/argocdapps + $(INFRAUTIL) snapshot -d ./k8s/apps -o ./k8s/snapshots/apps # SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal) # .PHONY: terraform @@ -27,4 +27,4 @@ aquq: .PHONY: lint lint: snapshot - kubeconform -ignore-missing-schemas -strict -summary k8s/snapshots/argocdapps + kubeconform -ignore-missing-schemas -strict -summary k8s/snapshots/apps diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index f57933a83..0843aaf95 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/walnuts1018/infra revision: main files: - - path: "k8s/argocdapps/*/app.json5" + - path: "k8s/apps/*/app.json5" template: metadata: name: '{{.name}}' diff --git a/k8s/argocdapps/ac-hacking-2024/app.json5 b/k8s/apps/ac-hacking-2024/app.json5 similarity index 100% rename from k8s/argocdapps/ac-hacking-2024/app.json5 rename to k8s/apps/ac-hacking-2024/app.json5 diff --git a/k8s/argocdapps/ac-hacking-2024/back/deployment.jsonnet b/k8s/apps/ac-hacking-2024/back/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/ac-hacking-2024/back/deployment.jsonnet rename to k8s/apps/ac-hacking-2024/back/deployment.jsonnet diff --git a/k8s/argocdapps/ac-hacking-2024/back/external-secret.jsonnet b/k8s/apps/ac-hacking-2024/back/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/ac-hacking-2024/back/external-secret.jsonnet rename to k8s/apps/ac-hacking-2024/back/external-secret.jsonnet diff --git a/k8s/argocdapps/ac-hacking-2024/back/service.jsonnet b/k8s/apps/ac-hacking-2024/back/service.jsonnet similarity index 100% rename from k8s/argocdapps/ac-hacking-2024/back/service.jsonnet rename to k8s/apps/ac-hacking-2024/back/service.jsonnet diff --git a/k8s/argocdapps/ac-hacking-2024/front/deployment.jsonnet b/k8s/apps/ac-hacking-2024/front/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/ac-hacking-2024/front/deployment.jsonnet rename to k8s/apps/ac-hacking-2024/front/deployment.jsonnet diff --git a/k8s/argocdapps/ac-hacking-2024/front/service.jsonnet b/k8s/apps/ac-hacking-2024/front/service.jsonnet similarity index 100% rename from k8s/argocdapps/ac-hacking-2024/front/service.jsonnet rename to k8s/apps/ac-hacking-2024/front/service.jsonnet diff --git a/k8s/argocdapps/ac-hacking-2024/oauth2-proxy.jsonnet b/k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet similarity index 100% rename from k8s/argocdapps/ac-hacking-2024/oauth2-proxy.jsonnet rename to k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet diff --git a/k8s/argocdapps/blog/app.json5 b/k8s/apps/blog/app.json5 similarity index 100% rename from k8s/argocdapps/blog/app.json5 rename to k8s/apps/blog/app.json5 diff --git a/k8s/argocdapps/blog/config/nginx.conf b/k8s/apps/blog/config/nginx.conf similarity index 100% rename from k8s/argocdapps/blog/config/nginx.conf rename to k8s/apps/blog/config/nginx.conf diff --git a/k8s/argocdapps/blog/config/virtualhost.conf b/k8s/apps/blog/config/virtualhost.conf similarity index 100% rename from k8s/argocdapps/blog/config/virtualhost.conf rename to k8s/apps/blog/config/virtualhost.conf diff --git a/k8s/argocdapps/blog/configmap.jsonnet b/k8s/apps/blog/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/blog/configmap.jsonnet rename to k8s/apps/blog/configmap.jsonnet diff --git a/k8s/argocdapps/blog/deployment.jsonnet b/k8s/apps/blog/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/blog/deployment.jsonnet rename to k8s/apps/blog/deployment.jsonnet diff --git a/k8s/argocdapps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/blog/ingress.jsonnet rename to k8s/apps/blog/ingress.jsonnet diff --git a/k8s/argocdapps/blog/service.jsonnet b/k8s/apps/blog/service.jsonnet similarity index 100% rename from k8s/argocdapps/blog/service.jsonnet rename to k8s/apps/blog/service.jsonnet diff --git a/k8s/argocdapps/cert-manager/app.json5 b/k8s/apps/cert-manager/app.json5 similarity index 100% rename from k8s/argocdapps/cert-manager/app.json5 rename to k8s/apps/cert-manager/app.json5 diff --git a/k8s/argocdapps/cert-manager/helm.jsonnet b/k8s/apps/cert-manager/helm.jsonnet similarity index 100% rename from k8s/argocdapps/cert-manager/helm.jsonnet rename to k8s/apps/cert-manager/helm.jsonnet diff --git a/k8s/argocdapps/cilium-hubble-oauth2-proxy/app.json5 b/k8s/apps/cilium-hubble-oauth2-proxy/app.json5 similarity index 100% rename from k8s/argocdapps/cilium-hubble-oauth2-proxy/app.json5 rename to k8s/apps/cilium-hubble-oauth2-proxy/app.json5 diff --git a/k8s/argocdapps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet similarity index 100% rename from k8s/argocdapps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet rename to k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet diff --git a/k8s/argocdapps/cilium-ipaddress/app.json5 b/k8s/apps/cilium-ipaddress/app.json5 similarity index 100% rename from k8s/argocdapps/cilium-ipaddress/app.json5 rename to k8s/apps/cilium-ipaddress/app.json5 diff --git a/k8s/argocdapps/cilium-ipaddress/l2-announcement-policy.jsonnet b/k8s/apps/cilium-ipaddress/l2-announcement-policy.jsonnet similarity index 100% rename from k8s/argocdapps/cilium-ipaddress/l2-announcement-policy.jsonnet rename to k8s/apps/cilium-ipaddress/l2-announcement-policy.jsonnet diff --git a/k8s/argocdapps/cilium-ipaddress/loadbalancerippool.jsonnet b/k8s/apps/cilium-ipaddress/loadbalancerippool.jsonnet similarity index 100% rename from k8s/argocdapps/cilium-ipaddress/loadbalancerippool.jsonnet rename to k8s/apps/cilium-ipaddress/loadbalancerippool.jsonnet diff --git a/k8s/argocdapps/cilium/app.json5 b/k8s/apps/cilium/app.json5 similarity index 100% rename from k8s/argocdapps/cilium/app.json5 rename to k8s/apps/cilium/app.json5 diff --git a/k8s/argocdapps/cilium/helm.jsonnet b/k8s/apps/cilium/helm.jsonnet similarity index 100% rename from k8s/argocdapps/cilium/helm.jsonnet rename to k8s/apps/cilium/helm.jsonnet diff --git a/k8s/argocdapps/cilium/values.yaml b/k8s/apps/cilium/values.yaml similarity index 100% rename from k8s/argocdapps/cilium/values.yaml rename to k8s/apps/cilium/values.yaml diff --git a/k8s/argocdapps/cloudflared/app.json5 b/k8s/apps/cloudflared/app.json5 similarity index 100% rename from k8s/argocdapps/cloudflared/app.json5 rename to k8s/apps/cloudflared/app.json5 diff --git a/k8s/argocdapps/cloudflared/deployment.jsonnet b/k8s/apps/cloudflared/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/cloudflared/deployment.jsonnet rename to k8s/apps/cloudflared/deployment.jsonnet diff --git a/k8s/argocdapps/cloudflared/external-secret.jsonnet b/k8s/apps/cloudflared/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/cloudflared/external-secret.jsonnet rename to k8s/apps/cloudflared/external-secret.jsonnet diff --git a/k8s/argocdapps/cloudflared/service-monitor.jsonnet b/k8s/apps/cloudflared/service-monitor.jsonnet similarity index 100% rename from k8s/argocdapps/cloudflared/service-monitor.jsonnet rename to k8s/apps/cloudflared/service-monitor.jsonnet diff --git a/k8s/argocdapps/cloudflared/service.jsonnet b/k8s/apps/cloudflared/service.jsonnet similarity index 100% rename from k8s/argocdapps/cloudflared/service.jsonnet rename to k8s/apps/cloudflared/service.jsonnet diff --git a/k8s/argocdapps/clusterissuer/app.json5 b/k8s/apps/clusterissuer/app.json5 similarity index 100% rename from k8s/argocdapps/clusterissuer/app.json5 rename to k8s/apps/clusterissuer/app.json5 diff --git a/k8s/argocdapps/clusterissuer/external-secret.jsonnet b/k8s/apps/clusterissuer/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/clusterissuer/external-secret.jsonnet rename to k8s/apps/clusterissuer/external-secret.jsonnet diff --git a/k8s/argocdapps/clusterissuer/letsencrypt-prod.jsonnet b/k8s/apps/clusterissuer/letsencrypt-prod.jsonnet similarity index 100% rename from k8s/argocdapps/clusterissuer/letsencrypt-prod.jsonnet rename to k8s/apps/clusterissuer/letsencrypt-prod.jsonnet diff --git a/k8s/argocdapps/clusterissuer/letsencrypt-stg.jsonnet b/k8s/apps/clusterissuer/letsencrypt-stg.jsonnet similarity index 100% rename from k8s/argocdapps/clusterissuer/letsencrypt-stg.jsonnet rename to k8s/apps/clusterissuer/letsencrypt-stg.jsonnet diff --git a/k8s/argocdapps/clusterissuer/selfsigned.jsonnet b/k8s/apps/clusterissuer/selfsigned.jsonnet similarity index 100% rename from k8s/argocdapps/clusterissuer/selfsigned.jsonnet rename to k8s/apps/clusterissuer/selfsigned.jsonnet diff --git a/k8s/argocdapps/code-server-knative/app.json5 b/k8s/apps/code-server-knative/app.json5 similarity index 100% rename from k8s/argocdapps/code-server-knative/app.json5 rename to k8s/apps/code-server-knative/app.json5 diff --git a/k8s/argocdapps/code-server-knative/codeserver.jsonnet b/k8s/apps/code-server-knative/codeserver.jsonnet similarity index 100% rename from k8s/argocdapps/code-server-knative/codeserver.jsonnet rename to k8s/apps/code-server-knative/codeserver.jsonnet diff --git a/k8s/argocdapps/code-server-operator/app.json5 b/k8s/apps/code-server-operator/app.json5 similarity index 100% rename from k8s/argocdapps/code-server-operator/app.json5 rename to k8s/apps/code-server-operator/app.json5 diff --git a/k8s/argocdapps/code-server-operator/helm.jsonnet b/k8s/apps/code-server-operator/helm.jsonnet similarity index 100% rename from k8s/argocdapps/code-server-operator/helm.jsonnet rename to k8s/apps/code-server-operator/helm.jsonnet diff --git a/k8s/argocdapps/code-server-operator/values.yaml b/k8s/apps/code-server-operator/values.yaml similarity index 100% rename from k8s/argocdapps/code-server-operator/values.yaml rename to k8s/apps/code-server-operator/values.yaml diff --git a/k8s/argocdapps/code-server/README.md b/k8s/apps/code-server/README.md similarity index 100% rename from k8s/argocdapps/code-server/README.md rename to k8s/apps/code-server/README.md diff --git a/k8s/argocdapps/code-server/app.json5 b/k8s/apps/code-server/app.json5 similarity index 100% rename from k8s/argocdapps/code-server/app.json5 rename to k8s/apps/code-server/app.json5 diff --git a/k8s/argocdapps/code-server/network-policy.jsonnet b/k8s/apps/code-server/network-policy.jsonnet similarity index 100% rename from k8s/argocdapps/code-server/network-policy.jsonnet rename to k8s/apps/code-server/network-policy.jsonnet diff --git a/k8s/argocdapps/descheduler/app.json5 b/k8s/apps/descheduler/app.json5 similarity index 100% rename from k8s/argocdapps/descheduler/app.json5 rename to k8s/apps/descheduler/app.json5 diff --git a/k8s/argocdapps/descheduler/helm.jsonnet b/k8s/apps/descheduler/helm.jsonnet similarity index 100% rename from k8s/argocdapps/descheduler/helm.jsonnet rename to k8s/apps/descheduler/helm.jsonnet diff --git a/k8s/argocdapps/descheduler/values.yaml b/k8s/apps/descheduler/values.yaml similarity index 100% rename from k8s/argocdapps/descheduler/values.yaml rename to k8s/apps/descheduler/values.yaml diff --git a/k8s/argocdapps/elasticsearch/app.json5 b/k8s/apps/elasticsearch/app.json5 similarity index 100% rename from k8s/argocdapps/elasticsearch/app.json5 rename to k8s/apps/elasticsearch/app.json5 diff --git a/k8s/argocdapps/elasticsearch/config/elasticsearch-plugins.yml b/k8s/apps/elasticsearch/config/elasticsearch-plugins.yml similarity index 100% rename from k8s/argocdapps/elasticsearch/config/elasticsearch-plugins.yml rename to k8s/apps/elasticsearch/config/elasticsearch-plugins.yml diff --git a/k8s/argocdapps/elasticsearch/configmap.jsonnet b/k8s/apps/elasticsearch/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/elasticsearch/configmap.jsonnet rename to k8s/apps/elasticsearch/configmap.jsonnet diff --git a/k8s/argocdapps/elasticsearch/deployment.jsonnet b/k8s/apps/elasticsearch/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/elasticsearch/deployment.jsonnet rename to k8s/apps/elasticsearch/deployment.jsonnet diff --git a/k8s/argocdapps/elasticsearch/pvc.jsonnet b/k8s/apps/elasticsearch/pvc.jsonnet similarity index 100% rename from k8s/argocdapps/elasticsearch/pvc.jsonnet rename to k8s/apps/elasticsearch/pvc.jsonnet diff --git a/k8s/argocdapps/elasticsearch/service.jsonnet b/k8s/apps/elasticsearch/service.jsonnet similarity index 100% rename from k8s/argocdapps/elasticsearch/service.jsonnet rename to k8s/apps/elasticsearch/service.jsonnet diff --git a/k8s/argocdapps/external-dns/app.json5 b/k8s/apps/external-dns/app.json5 similarity index 100% rename from k8s/argocdapps/external-dns/app.json5 rename to k8s/apps/external-dns/app.json5 diff --git a/k8s/argocdapps/external-dns/cluster-role-binding.jsonnet b/k8s/apps/external-dns/cluster-role-binding.jsonnet similarity index 100% rename from k8s/argocdapps/external-dns/cluster-role-binding.jsonnet rename to k8s/apps/external-dns/cluster-role-binding.jsonnet diff --git a/k8s/argocdapps/external-dns/cluster-role.jsonnet b/k8s/apps/external-dns/cluster-role.jsonnet similarity index 100% rename from k8s/argocdapps/external-dns/cluster-role.jsonnet rename to k8s/apps/external-dns/cluster-role.jsonnet diff --git a/k8s/argocdapps/external-dns/deployment.jsonnet b/k8s/apps/external-dns/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/external-dns/deployment.jsonnet rename to k8s/apps/external-dns/deployment.jsonnet diff --git a/k8s/argocdapps/external-dns/external-secret.jsonnet b/k8s/apps/external-dns/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/external-dns/external-secret.jsonnet rename to k8s/apps/external-dns/external-secret.jsonnet diff --git a/k8s/argocdapps/external-dns/service-account.jsonnet b/k8s/apps/external-dns/service-account.jsonnet similarity index 100% rename from k8s/argocdapps/external-dns/service-account.jsonnet rename to k8s/apps/external-dns/service-account.jsonnet diff --git a/k8s/argocdapps/external-secrets-store/app.json5 b/k8s/apps/external-secrets-store/app.json5 similarity index 100% rename from k8s/argocdapps/external-secrets-store/app.json5 rename to k8s/apps/external-secrets-store/app.json5 diff --git a/k8s/argocdapps/external-secrets-store/onepassword.jsonnet b/k8s/apps/external-secrets-store/onepassword.jsonnet similarity index 100% rename from k8s/argocdapps/external-secrets-store/onepassword.jsonnet rename to k8s/apps/external-secrets-store/onepassword.jsonnet diff --git a/k8s/argocdapps/external-secrets/app.json5 b/k8s/apps/external-secrets/app.json5 similarity index 100% rename from k8s/argocdapps/external-secrets/app.json5 rename to k8s/apps/external-secrets/app.json5 diff --git a/k8s/argocdapps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet similarity index 100% rename from k8s/argocdapps/external-secrets/helm.jsonnet rename to k8s/apps/external-secrets/helm.jsonnet diff --git a/k8s/argocdapps/fitbit-manager/app.json5 b/k8s/apps/fitbit-manager/app.json5 similarity index 100% rename from k8s/argocdapps/fitbit-manager/app.json5 rename to k8s/apps/fitbit-manager/app.json5 diff --git a/k8s/argocdapps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/fitbit-manager/deployment.jsonnet rename to k8s/apps/fitbit-manager/deployment.jsonnet diff --git a/k8s/argocdapps/fitbit-manager/external-secret.jsonnet b/k8s/apps/fitbit-manager/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/fitbit-manager/external-secret.jsonnet rename to k8s/apps/fitbit-manager/external-secret.jsonnet diff --git a/k8s/argocdapps/fitbit-manager/ingress.jsonnet b/k8s/apps/fitbit-manager/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/fitbit-manager/ingress.jsonnet rename to k8s/apps/fitbit-manager/ingress.jsonnet diff --git a/k8s/argocdapps/fitbit-manager/service.jsonnet b/k8s/apps/fitbit-manager/service.jsonnet similarity index 100% rename from k8s/argocdapps/fitbit-manager/service.jsonnet rename to k8s/apps/fitbit-manager/service.jsonnet diff --git a/k8s/argocdapps/ghcr-login-secret/app.json5 b/k8s/apps/ghcr-login-secret/app.json5 similarity index 100% rename from k8s/argocdapps/ghcr-login-secret/app.json5 rename to k8s/apps/ghcr-login-secret/app.json5 diff --git a/k8s/argocdapps/ghcr-login-secret/external-secret.jsonnet b/k8s/apps/ghcr-login-secret/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/ghcr-login-secret/external-secret.jsonnet rename to k8s/apps/ghcr-login-secret/external-secret.jsonnet diff --git a/k8s/argocdapps/github-readme-stats/app.json5 b/k8s/apps/github-readme-stats/app.json5 similarity index 100% rename from k8s/argocdapps/github-readme-stats/app.json5 rename to k8s/apps/github-readme-stats/app.json5 diff --git a/k8s/argocdapps/github-readme-stats/deployment.jsonnet b/k8s/apps/github-readme-stats/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/github-readme-stats/deployment.jsonnet rename to k8s/apps/github-readme-stats/deployment.jsonnet diff --git a/k8s/argocdapps/github-readme-stats/external-secret.jsonnet b/k8s/apps/github-readme-stats/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/github-readme-stats/external-secret.jsonnet rename to k8s/apps/github-readme-stats/external-secret.jsonnet diff --git a/k8s/argocdapps/github-readme-stats/ingress.jsonnet b/k8s/apps/github-readme-stats/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/github-readme-stats/ingress.jsonnet rename to k8s/apps/github-readme-stats/ingress.jsonnet diff --git a/k8s/argocdapps/github-readme-stats/service.jsonnet b/k8s/apps/github-readme-stats/service.jsonnet similarity index 100% rename from k8s/argocdapps/github-readme-stats/service.jsonnet rename to k8s/apps/github-readme-stats/service.jsonnet diff --git a/k8s/argocdapps/hedgedoc/app.json5 b/k8s/apps/hedgedoc/app.json5 similarity index 100% rename from k8s/argocdapps/hedgedoc/app.json5 rename to k8s/apps/hedgedoc/app.json5 diff --git a/k8s/argocdapps/hedgedoc/deployment.jsonnet b/k8s/apps/hedgedoc/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/hedgedoc/deployment.jsonnet rename to k8s/apps/hedgedoc/deployment.jsonnet diff --git a/k8s/argocdapps/hedgedoc/external-secret.jsonnet b/k8s/apps/hedgedoc/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/hedgedoc/external-secret.jsonnet rename to k8s/apps/hedgedoc/external-secret.jsonnet diff --git a/k8s/argocdapps/hedgedoc/ingress.jsonnet b/k8s/apps/hedgedoc/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/hedgedoc/ingress.jsonnet rename to k8s/apps/hedgedoc/ingress.jsonnet diff --git a/k8s/argocdapps/hedgedoc/service.jsonnet b/k8s/apps/hedgedoc/service.jsonnet similarity index 100% rename from k8s/argocdapps/hedgedoc/service.jsonnet rename to k8s/apps/hedgedoc/service.jsonnet diff --git a/k8s/argocdapps/http-dump/app.json5 b/k8s/apps/http-dump/app.json5 similarity index 100% rename from k8s/argocdapps/http-dump/app.json5 rename to k8s/apps/http-dump/app.json5 diff --git a/k8s/argocdapps/http-dump/deployment.jsonnet b/k8s/apps/http-dump/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/http-dump/deployment.jsonnet rename to k8s/apps/http-dump/deployment.jsonnet diff --git a/k8s/argocdapps/http-dump/ingress.jsonnet b/k8s/apps/http-dump/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/http-dump/ingress.jsonnet rename to k8s/apps/http-dump/ingress.jsonnet diff --git a/k8s/argocdapps/http-dump/service.jsonnet b/k8s/apps/http-dump/service.jsonnet similarity index 100% rename from k8s/argocdapps/http-dump/service.jsonnet rename to k8s/apps/http-dump/service.jsonnet diff --git a/k8s/argocdapps/influxdb/app.json5 b/k8s/apps/influxdb/app.json5 similarity index 100% rename from k8s/argocdapps/influxdb/app.json5 rename to k8s/apps/influxdb/app.json5 diff --git a/k8s/argocdapps/influxdb/external-secret.jsonnet b/k8s/apps/influxdb/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/influxdb/external-secret.jsonnet rename to k8s/apps/influxdb/external-secret.jsonnet diff --git a/k8s/argocdapps/influxdb/helm.jsonnet b/k8s/apps/influxdb/helm.jsonnet similarity index 100% rename from k8s/argocdapps/influxdb/helm.jsonnet rename to k8s/apps/influxdb/helm.jsonnet diff --git a/k8s/argocdapps/influxdb/values.yaml b/k8s/apps/influxdb/values.yaml similarity index 100% rename from k8s/argocdapps/influxdb/values.yaml rename to k8s/apps/influxdb/values.yaml diff --git a/k8s/argocdapps/ingress-nginx/app.json5 b/k8s/apps/ingress-nginx/app.json5 similarity index 100% rename from k8s/argocdapps/ingress-nginx/app.json5 rename to k8s/apps/ingress-nginx/app.json5 diff --git a/k8s/argocdapps/ingress-nginx/helm.jsonnet b/k8s/apps/ingress-nginx/helm.jsonnet similarity index 100% rename from k8s/argocdapps/ingress-nginx/helm.jsonnet rename to k8s/apps/ingress-nginx/helm.jsonnet diff --git a/k8s/argocdapps/ingress-nginx/values.yaml b/k8s/apps/ingress-nginx/values.yaml similarity index 100% rename from k8s/argocdapps/ingress-nginx/values.yaml rename to k8s/apps/ingress-nginx/values.yaml diff --git a/k8s/argocdapps/kibana/app.json5 b/k8s/apps/kibana/app.json5 similarity index 100% rename from k8s/argocdapps/kibana/app.json5 rename to k8s/apps/kibana/app.json5 diff --git a/k8s/argocdapps/kibana/deployment.jsonnet b/k8s/apps/kibana/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/kibana/deployment.jsonnet rename to k8s/apps/kibana/deployment.jsonnet diff --git a/k8s/argocdapps/kibana/oauth2-proxy.jsonnet b/k8s/apps/kibana/oauth2-proxy.jsonnet similarity index 100% rename from k8s/argocdapps/kibana/oauth2-proxy.jsonnet rename to k8s/apps/kibana/oauth2-proxy.jsonnet diff --git a/k8s/argocdapps/kibana/service.jsonnet b/k8s/apps/kibana/service.jsonnet similarity index 100% rename from k8s/argocdapps/kibana/service.jsonnet rename to k8s/apps/kibana/service.jsonnet diff --git a/k8s/argocdapps/komga/app.json5 b/k8s/apps/komga/app.json5 similarity index 100% rename from k8s/argocdapps/komga/app.json5 rename to k8s/apps/komga/app.json5 diff --git a/k8s/argocdapps/komga/config/application.yml b/k8s/apps/komga/config/application.yml similarity index 100% rename from k8s/argocdapps/komga/config/application.yml rename to k8s/apps/komga/config/application.yml diff --git a/k8s/argocdapps/komga/configmap.jsonnet b/k8s/apps/komga/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/komga/configmap.jsonnet rename to k8s/apps/komga/configmap.jsonnet diff --git a/k8s/argocdapps/komga/external-secret.jsonnet b/k8s/apps/komga/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/komga/external-secret.jsonnet rename to k8s/apps/komga/external-secret.jsonnet diff --git a/k8s/argocdapps/komga/ingress.jsonnet b/k8s/apps/komga/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/komga/ingress.jsonnet rename to k8s/apps/komga/ingress.jsonnet diff --git a/k8s/argocdapps/komga/pvc.jsonnet b/k8s/apps/komga/pvc.jsonnet similarity index 100% rename from k8s/argocdapps/komga/pvc.jsonnet rename to k8s/apps/komga/pvc.jsonnet diff --git a/k8s/argocdapps/komga/service.jsonnet b/k8s/apps/komga/service.jsonnet similarity index 100% rename from k8s/argocdapps/komga/service.jsonnet rename to k8s/apps/komga/service.jsonnet diff --git a/k8s/argocdapps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet similarity index 100% rename from k8s/argocdapps/komga/statefulset.jsonnet rename to k8s/apps/komga/statefulset.jsonnet diff --git a/k8s/argocdapps/local-path-provisioner/app.json5 b/k8s/apps/local-path-provisioner/app.json5 similarity index 100% rename from k8s/argocdapps/local-path-provisioner/app.json5 rename to k8s/apps/local-path-provisioner/app.json5 diff --git a/k8s/argocdapps/local-path-provisioner/application.jsonnet b/k8s/apps/local-path-provisioner/application.jsonnet similarity index 100% rename from k8s/argocdapps/local-path-provisioner/application.jsonnet rename to k8s/apps/local-path-provisioner/application.jsonnet diff --git a/k8s/argocdapps/loki/app.json5 b/k8s/apps/loki/app.json5 similarity index 100% rename from k8s/argocdapps/loki/app.json5 rename to k8s/apps/loki/app.json5 diff --git a/k8s/argocdapps/loki/external-secret.jsonnet b/k8s/apps/loki/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/loki/external-secret.jsonnet rename to k8s/apps/loki/external-secret.jsonnet diff --git a/k8s/argocdapps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet similarity index 100% rename from k8s/argocdapps/loki/helm.jsonnet rename to k8s/apps/loki/helm.jsonnet diff --git a/k8s/argocdapps/loki/values.yaml b/k8s/apps/loki/values.yaml similarity index 100% rename from k8s/argocdapps/loki/values.yaml rename to k8s/apps/loki/values.yaml diff --git a/k8s/argocdapps/longhorn-backup/app.json5 b/k8s/apps/longhorn-backup/app.json5 similarity index 100% rename from k8s/argocdapps/longhorn-backup/app.json5 rename to k8s/apps/longhorn-backup/app.json5 diff --git a/k8s/argocdapps/longhorn-backup/recurring-job.jsonnet b/k8s/apps/longhorn-backup/recurring-job.jsonnet similarity index 100% rename from k8s/argocdapps/longhorn-backup/recurring-job.jsonnet rename to k8s/apps/longhorn-backup/recurring-job.jsonnet diff --git a/k8s/argocdapps/longhorn-oauth2-proxy/app.json5 b/k8s/apps/longhorn-oauth2-proxy/app.json5 similarity index 100% rename from k8s/argocdapps/longhorn-oauth2-proxy/app.json5 rename to k8s/apps/longhorn-oauth2-proxy/app.json5 diff --git a/k8s/argocdapps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet similarity index 100% rename from k8s/argocdapps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet rename to k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet diff --git a/k8s/argocdapps/longhorn/app.json5 b/k8s/apps/longhorn/app.json5 similarity index 100% rename from k8s/argocdapps/longhorn/app.json5 rename to k8s/apps/longhorn/app.json5 diff --git a/k8s/argocdapps/longhorn/external-secret.jsonnet b/k8s/apps/longhorn/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/longhorn/external-secret.jsonnet rename to k8s/apps/longhorn/external-secret.jsonnet diff --git a/k8s/argocdapps/longhorn/helm.jsonnet b/k8s/apps/longhorn/helm.jsonnet similarity index 100% rename from k8s/argocdapps/longhorn/helm.jsonnet rename to k8s/apps/longhorn/helm.jsonnet diff --git a/k8s/argocdapps/longhorn/storage-class.jsonnet b/k8s/apps/longhorn/storage-class.jsonnet similarity index 100% rename from k8s/argocdapps/longhorn/storage-class.jsonnet rename to k8s/apps/longhorn/storage-class.jsonnet diff --git a/k8s/argocdapps/longhorn/values.yaml b/k8s/apps/longhorn/values.yaml similarity index 100% rename from k8s/argocdapps/longhorn/values.yaml rename to k8s/apps/longhorn/values.yaml diff --git a/k8s/argocdapps/machine-status-api/app.json5 b/k8s/apps/machine-status-api/app.json5 similarity index 100% rename from k8s/argocdapps/machine-status-api/app.json5 rename to k8s/apps/machine-status-api/app.json5 diff --git a/k8s/argocdapps/machine-status-api/deployment.jsonnet b/k8s/apps/machine-status-api/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/machine-status-api/deployment.jsonnet rename to k8s/apps/machine-status-api/deployment.jsonnet diff --git a/k8s/argocdapps/machine-status-api/service.jsonnet b/k8s/apps/machine-status-api/service.jsonnet similarity index 100% rename from k8s/argocdapps/machine-status-api/service.jsonnet rename to k8s/apps/machine-status-api/service.jsonnet diff --git a/k8s/argocdapps/metrics-server/app.json5 b/k8s/apps/metrics-server/app.json5 similarity index 100% rename from k8s/argocdapps/metrics-server/app.json5 rename to k8s/apps/metrics-server/app.json5 diff --git a/k8s/argocdapps/metrics-server/helm.jsonnet b/k8s/apps/metrics-server/helm.jsonnet similarity index 100% rename from k8s/argocdapps/metrics-server/helm.jsonnet rename to k8s/apps/metrics-server/helm.jsonnet diff --git a/k8s/argocdapps/metrics-server/values.yaml b/k8s/apps/metrics-server/values.yaml similarity index 100% rename from k8s/argocdapps/metrics-server/values.yaml rename to k8s/apps/metrics-server/values.yaml diff --git a/k8s/argocdapps/minio/app.json5 b/k8s/apps/minio/app.json5 similarity index 100% rename from k8s/argocdapps/minio/app.json5 rename to k8s/apps/minio/app.json5 diff --git a/k8s/argocdapps/minio/external-secret.jsonnet b/k8s/apps/minio/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/minio/external-secret.jsonnet rename to k8s/apps/minio/external-secret.jsonnet diff --git a/k8s/argocdapps/minio/helm.jsonnet b/k8s/apps/minio/helm.jsonnet similarity index 100% rename from k8s/argocdapps/minio/helm.jsonnet rename to k8s/apps/minio/helm.jsonnet diff --git a/k8s/argocdapps/minio/values.yaml b/k8s/apps/minio/values.yaml similarity index 100% rename from k8s/argocdapps/minio/values.yaml rename to k8s/apps/minio/values.yaml diff --git a/k8s/argocdapps/misskey/app.json5 b/k8s/apps/misskey/app.json5 similarity index 100% rename from k8s/argocdapps/misskey/app.json5 rename to k8s/apps/misskey/app.json5 diff --git a/k8s/argocdapps/misskey/config/default.yml b/k8s/apps/misskey/config/default.yml similarity index 100% rename from k8s/argocdapps/misskey/config/default.yml rename to k8s/apps/misskey/config/default.yml diff --git a/k8s/argocdapps/misskey/configmap.jsonnet b/k8s/apps/misskey/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/misskey/configmap.jsonnet rename to k8s/apps/misskey/configmap.jsonnet diff --git a/k8s/argocdapps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/misskey/deployment.jsonnet rename to k8s/apps/misskey/deployment.jsonnet diff --git a/k8s/argocdapps/misskey/external-secret.jsonnet b/k8s/apps/misskey/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/misskey/external-secret.jsonnet rename to k8s/apps/misskey/external-secret.jsonnet diff --git a/k8s/argocdapps/misskey/ingress.jsonnet b/k8s/apps/misskey/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/misskey/ingress.jsonnet rename to k8s/apps/misskey/ingress.jsonnet diff --git a/k8s/argocdapps/misskey/pvc.jsonnet b/k8s/apps/misskey/pvc.jsonnet similarity index 100% rename from k8s/argocdapps/misskey/pvc.jsonnet rename to k8s/apps/misskey/pvc.jsonnet diff --git a/k8s/argocdapps/misskey/redis.jsonnet b/k8s/apps/misskey/redis.jsonnet similarity index 100% rename from k8s/argocdapps/misskey/redis.jsonnet rename to k8s/apps/misskey/redis.jsonnet diff --git a/k8s/argocdapps/misskey/service.jsonnet b/k8s/apps/misskey/service.jsonnet similarity index 100% rename from k8s/argocdapps/misskey/service.jsonnet rename to k8s/apps/misskey/service.jsonnet diff --git a/k8s/argocdapps/moco/app.json5 b/k8s/apps/moco/app.json5 similarity index 100% rename from k8s/argocdapps/moco/app.json5 rename to k8s/apps/moco/app.json5 diff --git a/k8s/argocdapps/moco/helm.jsonnet b/k8s/apps/moco/helm.jsonnet similarity index 100% rename from k8s/argocdapps/moco/helm.jsonnet rename to k8s/apps/moco/helm.jsonnet diff --git a/k8s/argocdapps/moco/values.yaml b/k8s/apps/moco/values.yaml similarity index 100% rename from k8s/argocdapps/moco/values.yaml rename to k8s/apps/moco/values.yaml diff --git a/k8s/argocdapps/mucaron/app.json5 b/k8s/apps/mucaron/app.json5 similarity index 100% rename from k8s/argocdapps/mucaron/app.json5 rename to k8s/apps/mucaron/app.json5 diff --git a/k8s/argocdapps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/mucaron/back/deployment.jsonnet rename to k8s/apps/mucaron/back/deployment.jsonnet diff --git a/k8s/argocdapps/mucaron/back/external-secret.jsonnet b/k8s/apps/mucaron/back/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/mucaron/back/external-secret.jsonnet rename to k8s/apps/mucaron/back/external-secret.jsonnet diff --git a/k8s/argocdapps/mucaron/back/pvc.jsonnet b/k8s/apps/mucaron/back/pvc.jsonnet similarity index 100% rename from k8s/argocdapps/mucaron/back/pvc.jsonnet rename to k8s/apps/mucaron/back/pvc.jsonnet diff --git a/k8s/argocdapps/mucaron/back/redis.jsonnet b/k8s/apps/mucaron/back/redis.jsonnet similarity index 100% rename from k8s/argocdapps/mucaron/back/redis.jsonnet rename to k8s/apps/mucaron/back/redis.jsonnet diff --git a/k8s/argocdapps/mucaron/back/service.jsonnet b/k8s/apps/mucaron/back/service.jsonnet similarity index 100% rename from k8s/argocdapps/mucaron/back/service.jsonnet rename to k8s/apps/mucaron/back/service.jsonnet diff --git a/k8s/argocdapps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/mucaron/front/deployment.jsonnet rename to k8s/apps/mucaron/front/deployment.jsonnet diff --git a/k8s/argocdapps/mucaron/front/service.jsonnet b/k8s/apps/mucaron/front/service.jsonnet similarity index 100% rename from k8s/argocdapps/mucaron/front/service.jsonnet rename to k8s/apps/mucaron/front/service.jsonnet diff --git a/k8s/argocdapps/mucaron/ingress.jsonnet b/k8s/apps/mucaron/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/mucaron/ingress.jsonnet rename to k8s/apps/mucaron/ingress.jsonnet diff --git a/k8s/argocdapps/mysql-default/app.json5 b/k8s/apps/mysql-default/app.json5 similarity index 100% rename from k8s/argocdapps/mysql-default/app.json5 rename to k8s/apps/mysql-default/app.json5 diff --git a/k8s/argocdapps/mysql-default/mysql-cluster.jsonnet b/k8s/apps/mysql-default/mysql-cluster.jsonnet similarity index 100% rename from k8s/argocdapps/mysql-default/mysql-cluster.jsonnet rename to k8s/apps/mysql-default/mysql-cluster.jsonnet diff --git a/k8s/argocdapps/nextcloud/app.json5 b/k8s/apps/nextcloud/app.json5 similarity index 100% rename from k8s/argocdapps/nextcloud/app.json5 rename to k8s/apps/nextcloud/app.json5 diff --git a/k8s/argocdapps/nextcloud/external-secret.jsonnet b/k8s/apps/nextcloud/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/nextcloud/external-secret.jsonnet rename to k8s/apps/nextcloud/external-secret.jsonnet diff --git a/k8s/argocdapps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet similarity index 100% rename from k8s/argocdapps/nextcloud/helm.jsonnet rename to k8s/apps/nextcloud/helm.jsonnet diff --git a/k8s/argocdapps/nextcloud/pvc.jsonnet b/k8s/apps/nextcloud/pvc.jsonnet similarity index 100% rename from k8s/argocdapps/nextcloud/pvc.jsonnet rename to k8s/apps/nextcloud/pvc.jsonnet diff --git a/k8s/argocdapps/nextcloud/redis.jsonnet b/k8s/apps/nextcloud/redis.jsonnet similarity index 100% rename from k8s/argocdapps/nextcloud/redis.jsonnet rename to k8s/apps/nextcloud/redis.jsonnet diff --git a/k8s/argocdapps/nextcloud/values.yaml b/k8s/apps/nextcloud/values.yaml similarity index 100% rename from k8s/argocdapps/nextcloud/values.yaml rename to k8s/apps/nextcloud/values.yaml diff --git a/k8s/argocdapps/nginx-test/app.json5 b/k8s/apps/nginx-test/app.json5 similarity index 100% rename from k8s/argocdapps/nginx-test/app.json5 rename to k8s/apps/nginx-test/app.json5 diff --git a/k8s/argocdapps/nginx-test/config/nginx.conf b/k8s/apps/nginx-test/config/nginx.conf similarity index 100% rename from k8s/argocdapps/nginx-test/config/nginx.conf rename to k8s/apps/nginx-test/config/nginx.conf diff --git a/k8s/argocdapps/nginx-test/config/virtualhost.conf b/k8s/apps/nginx-test/config/virtualhost.conf similarity index 100% rename from k8s/argocdapps/nginx-test/config/virtualhost.conf rename to k8s/apps/nginx-test/config/virtualhost.conf diff --git a/k8s/argocdapps/nginx-test/configmap.jsonnet b/k8s/apps/nginx-test/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/nginx-test/configmap.jsonnet rename to k8s/apps/nginx-test/configmap.jsonnet diff --git a/k8s/argocdapps/nginx-test/deployment.jsonnet b/k8s/apps/nginx-test/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/nginx-test/deployment.jsonnet rename to k8s/apps/nginx-test/deployment.jsonnet diff --git a/k8s/argocdapps/nginx-test/ingress.jsonnet b/k8s/apps/nginx-test/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/nginx-test/ingress.jsonnet rename to k8s/apps/nginx-test/ingress.jsonnet diff --git a/k8s/argocdapps/nginx-test/service.jsonnet b/k8s/apps/nginx-test/service.jsonnet similarity index 100% rename from k8s/argocdapps/nginx-test/service.jsonnet rename to k8s/apps/nginx-test/service.jsonnet diff --git a/k8s/argocdapps/oekaki-dengon-game/app.json5 b/k8s/apps/oekaki-dengon-game/app.json5 similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/app.json5 rename to k8s/apps/oekaki-dengon-game/app.json5 diff --git a/k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/back/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/back/deployment.jsonnet rename to k8s/apps/oekaki-dengon-game/back/deployment.jsonnet diff --git a/k8s/argocdapps/oekaki-dengon-game/back/service.jsonnet b/k8s/apps/oekaki-dengon-game/back/service.jsonnet similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/back/service.jsonnet rename to k8s/apps/oekaki-dengon-game/back/service.jsonnet diff --git a/k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet b/k8s/apps/oekaki-dengon-game/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/external-secret.jsonnet rename to k8s/apps/oekaki-dengon-game/external-secret.jsonnet diff --git a/k8s/argocdapps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/front/deployment.jsonnet rename to k8s/apps/oekaki-dengon-game/front/deployment.jsonnet diff --git a/k8s/argocdapps/oekaki-dengon-game/front/service.jsonnet b/k8s/apps/oekaki-dengon-game/front/service.jsonnet similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/front/service.jsonnet rename to k8s/apps/oekaki-dengon-game/front/service.jsonnet diff --git a/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/config/robots.txt b/k8s/apps/oekaki-dengon-game/oauth2-proxy/config/robots.txt similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/config/robots.txt rename to k8s/apps/oekaki-dengon-game/oauth2-proxy/config/robots.txt diff --git a/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet b/k8s/apps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet rename to k8s/apps/oekaki-dengon-game/oauth2-proxy/configmap.jsonnet diff --git a/k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet similarity index 100% rename from k8s/argocdapps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet rename to k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet diff --git a/k8s/argocdapps/openchokin/app.json5 b/k8s/apps/openchokin/app.json5 similarity index 100% rename from k8s/argocdapps/openchokin/app.json5 rename to k8s/apps/openchokin/app.json5 diff --git a/k8s/argocdapps/openchokin/back/deployment.jsonnet b/k8s/apps/openchokin/back/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/openchokin/back/deployment.jsonnet rename to k8s/apps/openchokin/back/deployment.jsonnet diff --git a/k8s/argocdapps/openchokin/back/ingress.jsonnet b/k8s/apps/openchokin/back/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/openchokin/back/ingress.jsonnet rename to k8s/apps/openchokin/back/ingress.jsonnet diff --git a/k8s/argocdapps/openchokin/back/service.jsonnet b/k8s/apps/openchokin/back/service.jsonnet similarity index 100% rename from k8s/argocdapps/openchokin/back/service.jsonnet rename to k8s/apps/openchokin/back/service.jsonnet diff --git a/k8s/argocdapps/openchokin/external-secret.jsonnet b/k8s/apps/openchokin/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/openchokin/external-secret.jsonnet rename to k8s/apps/openchokin/external-secret.jsonnet diff --git a/k8s/argocdapps/openchokin/front/deployment.jsonnet b/k8s/apps/openchokin/front/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/openchokin/front/deployment.jsonnet rename to k8s/apps/openchokin/front/deployment.jsonnet diff --git a/k8s/argocdapps/openchokin/front/ingress.jsonnet b/k8s/apps/openchokin/front/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/openchokin/front/ingress.jsonnet rename to k8s/apps/openchokin/front/ingress.jsonnet diff --git a/k8s/argocdapps/openchokin/front/redis.jsonnet b/k8s/apps/openchokin/front/redis.jsonnet similarity index 100% rename from k8s/argocdapps/openchokin/front/redis.jsonnet rename to k8s/apps/openchokin/front/redis.jsonnet diff --git a/k8s/argocdapps/openchokin/front/service.jsonnet b/k8s/apps/openchokin/front/service.jsonnet similarity index 100% rename from k8s/argocdapps/openchokin/front/service.jsonnet rename to k8s/apps/openchokin/front/service.jsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/app.json5 b/k8s/apps/opentelemetry-collectors/app.json5 similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/app.json5 rename to k8s/apps/opentelemetry-collectors/app.json5 diff --git a/k8s/argocdapps/opentelemetry-collectors/cluster-role-binding.jsonnet b/k8s/apps/opentelemetry-collectors/cluster-role-binding.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/cluster-role-binding.jsonnet rename to k8s/apps/opentelemetry-collectors/cluster-role-binding.jsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/cluster-role.jsonnet b/k8s/apps/opentelemetry-collectors/cluster-role.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/cluster-role.jsonnet rename to k8s/apps/opentelemetry-collectors/cluster-role.jsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/_base.libsonnet b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/collectors/_base.libsonnet rename to k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/collectors/daemonset.jsonnet rename to k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/collectors/default.jsonnet rename to k8s/apps/opentelemetry-collectors/collectors/default.jsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/collectors/deployment.jsonnet rename to k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet rename to k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/external-secret.jsonnet b/k8s/apps/opentelemetry-collectors/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/external-secret.jsonnet rename to k8s/apps/opentelemetry-collectors/external-secret.jsonnet diff --git a/k8s/argocdapps/opentelemetry-collectors/sa.jsonnet b/k8s/apps/opentelemetry-collectors/sa.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-collectors/sa.jsonnet rename to k8s/apps/opentelemetry-collectors/sa.jsonnet diff --git a/k8s/argocdapps/opentelemetry-instrumentations/app.json5 b/k8s/apps/opentelemetry-instrumentations/app.json5 similarity index 100% rename from k8s/argocdapps/opentelemetry-instrumentations/app.json5 rename to k8s/apps/opentelemetry-instrumentations/app.json5 diff --git a/k8s/argocdapps/opentelemetry-instrumentations/default.jsonnet b/k8s/apps/opentelemetry-instrumentations/default.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-instrumentations/default.jsonnet rename to k8s/apps/opentelemetry-instrumentations/default.jsonnet diff --git a/k8s/argocdapps/opentelemetry-operator/app.json5 b/k8s/apps/opentelemetry-operator/app.json5 similarity index 100% rename from k8s/argocdapps/opentelemetry-operator/app.json5 rename to k8s/apps/opentelemetry-operator/app.json5 diff --git a/k8s/argocdapps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet similarity index 100% rename from k8s/argocdapps/opentelemetry-operator/helm.jsonnet rename to k8s/apps/opentelemetry-operator/helm.jsonnet diff --git a/k8s/argocdapps/opentelemetry-operator/values.yaml b/k8s/apps/opentelemetry-operator/values.yaml similarity index 100% rename from k8s/argocdapps/opentelemetry-operator/values.yaml rename to k8s/apps/opentelemetry-operator/values.yaml diff --git a/k8s/argocdapps/photoprism/app.json5 b/k8s/apps/photoprism/app.json5 similarity index 100% rename from k8s/argocdapps/photoprism/app.json5 rename to k8s/apps/photoprism/app.json5 diff --git a/k8s/argocdapps/photoprism/cronjob.jsonnet b/k8s/apps/photoprism/cronjob.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/cronjob.jsonnet rename to k8s/apps/photoprism/cronjob.jsonnet diff --git a/k8s/argocdapps/photoprism/external-secret.jsonnet b/k8s/apps/photoprism/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/external-secret.jsonnet rename to k8s/apps/photoprism/external-secret.jsonnet diff --git a/k8s/argocdapps/photoprism/ingress.jsonnet b/k8s/apps/photoprism/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/ingress.jsonnet rename to k8s/apps/photoprism/ingress.jsonnet diff --git a/k8s/argocdapps/photoprism/mariadb/external-secret.jsonnet b/k8s/apps/photoprism/mariadb/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/mariadb/external-secret.jsonnet rename to k8s/apps/photoprism/mariadb/external-secret.jsonnet diff --git a/k8s/argocdapps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/mariadb/helm.jsonnet rename to k8s/apps/photoprism/mariadb/helm.jsonnet diff --git a/k8s/argocdapps/photoprism/mariadb/pvc.jsonnet b/k8s/apps/photoprism/mariadb/pvc.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/mariadb/pvc.jsonnet rename to k8s/apps/photoprism/mariadb/pvc.jsonnet diff --git a/k8s/argocdapps/photoprism/mariadb/values.yaml b/k8s/apps/photoprism/mariadb/values.yaml similarity index 100% rename from k8s/argocdapps/photoprism/mariadb/values.yaml rename to k8s/apps/photoprism/mariadb/values.yaml diff --git a/k8s/argocdapps/photoprism/pvc.jsonnet b/k8s/apps/photoprism/pvc.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/pvc.jsonnet rename to k8s/apps/photoprism/pvc.jsonnet diff --git a/k8s/argocdapps/photoprism/service.jsonnet b/k8s/apps/photoprism/service.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/service.jsonnet rename to k8s/apps/photoprism/service.jsonnet diff --git a/k8s/argocdapps/photoprism/statefulset.jsonnet b/k8s/apps/photoprism/statefulset.jsonnet similarity index 100% rename from k8s/argocdapps/photoprism/statefulset.jsonnet rename to k8s/apps/photoprism/statefulset.jsonnet diff --git a/k8s/argocdapps/postgresql-default/app.json5 b/k8s/apps/postgresql-default/app.json5 similarity index 100% rename from k8s/argocdapps/postgresql-default/app.json5 rename to k8s/apps/postgresql-default/app.json5 diff --git a/k8s/argocdapps/postgresql-default/external-secrets.jsonnet b/k8s/apps/postgresql-default/external-secrets.jsonnet similarity index 100% rename from k8s/argocdapps/postgresql-default/external-secrets.jsonnet rename to k8s/apps/postgresql-default/external-secrets.jsonnet diff --git a/k8s/argocdapps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet similarity index 100% rename from k8s/argocdapps/postgresql-default/postgresql.jsonnet rename to k8s/apps/postgresql-default/postgresql.jsonnet diff --git a/k8s/argocdapps/postgresql-default/service.jsonnet b/k8s/apps/postgresql-default/service.jsonnet similarity index 100% rename from k8s/argocdapps/postgresql-default/service.jsonnet rename to k8s/apps/postgresql-default/service.jsonnet diff --git a/k8s/argocdapps/postgresql-default/users.libsonnet b/k8s/apps/postgresql-default/users.libsonnet similarity index 100% rename from k8s/argocdapps/postgresql-default/users.libsonnet rename to k8s/apps/postgresql-default/users.libsonnet diff --git a/k8s/argocdapps/priorities/app.json5 b/k8s/apps/priorities/app.json5 similarity index 100% rename from k8s/argocdapps/priorities/app.json5 rename to k8s/apps/priorities/app.json5 diff --git a/k8s/argocdapps/priorities/default.jsonnet b/k8s/apps/priorities/default.jsonnet similarity index 100% rename from k8s/argocdapps/priorities/default.jsonnet rename to k8s/apps/priorities/default.jsonnet diff --git a/k8s/argocdapps/priorities/high.jsonnet b/k8s/apps/priorities/high.jsonnet similarity index 100% rename from k8s/argocdapps/priorities/high.jsonnet rename to k8s/apps/priorities/high.jsonnet diff --git a/k8s/argocdapps/priorities/low.jsonnet b/k8s/apps/priorities/low.jsonnet similarity index 100% rename from k8s/argocdapps/priorities/low.jsonnet rename to k8s/apps/priorities/low.jsonnet diff --git a/k8s/argocdapps/prometheus-oauth2-proxy/app.json5 b/k8s/apps/prometheus-oauth2-proxy/app.json5 similarity index 100% rename from k8s/argocdapps/prometheus-oauth2-proxy/app.json5 rename to k8s/apps/prometheus-oauth2-proxy/app.json5 diff --git a/k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet similarity index 100% rename from k8s/argocdapps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet rename to k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet diff --git a/k8s/argocdapps/prometheus-stack/app.json5 b/k8s/apps/prometheus-stack/app.json5 similarity index 100% rename from k8s/argocdapps/prometheus-stack/app.json5 rename to k8s/apps/prometheus-stack/app.json5 diff --git a/k8s/argocdapps/prometheus-stack/external-secret.jsonnet b/k8s/apps/prometheus-stack/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/prometheus-stack/external-secret.jsonnet rename to k8s/apps/prometheus-stack/external-secret.jsonnet diff --git a/k8s/argocdapps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet similarity index 100% rename from k8s/argocdapps/prometheus-stack/helm.jsonnet rename to k8s/apps/prometheus-stack/helm.jsonnet diff --git a/k8s/argocdapps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml similarity index 100% rename from k8s/argocdapps/prometheus-stack/values.yaml rename to k8s/apps/prometheus-stack/values.yaml diff --git a/k8s/argocdapps/redis-operator/app.json5 b/k8s/apps/redis-operator/app.json5 similarity index 100% rename from k8s/argocdapps/redis-operator/app.json5 rename to k8s/apps/redis-operator/app.json5 diff --git a/k8s/argocdapps/redis-operator/helm.jsonnet b/k8s/apps/redis-operator/helm.jsonnet similarity index 100% rename from k8s/argocdapps/redis-operator/helm.jsonnet rename to k8s/apps/redis-operator/helm.jsonnet diff --git a/k8s/argocdapps/redis-operator/values.yaml b/k8s/apps/redis-operator/values.yaml similarity index 100% rename from k8s/argocdapps/redis-operator/values.yaml rename to k8s/apps/redis-operator/values.yaml diff --git a/k8s/argocdapps/samba-backup/app.json5 b/k8s/apps/samba-backup/app.json5 similarity index 100% rename from k8s/argocdapps/samba-backup/app.json5 rename to k8s/apps/samba-backup/app.json5 diff --git a/k8s/argocdapps/samba-backup/config/backup.sh b/k8s/apps/samba-backup/config/backup.sh similarity index 100% rename from k8s/argocdapps/samba-backup/config/backup.sh rename to k8s/apps/samba-backup/config/backup.sh diff --git a/k8s/argocdapps/samba-backup/configmap.jsonnet b/k8s/apps/samba-backup/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/samba-backup/configmap.jsonnet rename to k8s/apps/samba-backup/configmap.jsonnet diff --git a/k8s/argocdapps/samba-backup/cronjob.jsonnet b/k8s/apps/samba-backup/cronjob.jsonnet similarity index 100% rename from k8s/argocdapps/samba-backup/cronjob.jsonnet rename to k8s/apps/samba-backup/cronjob.jsonnet diff --git a/k8s/argocdapps/samba-backup/external-secret.jsonnet b/k8s/apps/samba-backup/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/samba-backup/external-secret.jsonnet rename to k8s/apps/samba-backup/external-secret.jsonnet diff --git a/k8s/argocdapps/samba/app.json5 b/k8s/apps/samba/app.json5 similarity index 100% rename from k8s/argocdapps/samba/app.json5 rename to k8s/apps/samba/app.json5 diff --git a/k8s/argocdapps/samba/deployment.jsonnet b/k8s/apps/samba/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/samba/deployment.jsonnet rename to k8s/apps/samba/deployment.jsonnet diff --git a/k8s/argocdapps/samba/external-secret.jsonnet b/k8s/apps/samba/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/samba/external-secret.jsonnet rename to k8s/apps/samba/external-secret.jsonnet diff --git a/k8s/argocdapps/samba/service.jsonnet b/k8s/apps/samba/service.jsonnet similarity index 100% rename from k8s/argocdapps/samba/service.jsonnet rename to k8s/apps/samba/service.jsonnet diff --git a/k8s/argocdapps/smartctl-exporter/app.json5 b/k8s/apps/smartctl-exporter/app.json5 similarity index 100% rename from k8s/argocdapps/smartctl-exporter/app.json5 rename to k8s/apps/smartctl-exporter/app.json5 diff --git a/k8s/argocdapps/smartctl-exporter/helm.jsonnet b/k8s/apps/smartctl-exporter/helm.jsonnet similarity index 100% rename from k8s/argocdapps/smartctl-exporter/helm.jsonnet rename to k8s/apps/smartctl-exporter/helm.jsonnet diff --git a/k8s/argocdapps/smartctl-exporter/values.yaml b/k8s/apps/smartctl-exporter/values.yaml similarity index 100% rename from k8s/argocdapps/smartctl-exporter/values.yaml rename to k8s/apps/smartctl-exporter/values.yaml diff --git a/k8s/argocdapps/snmp-exporter/app.json5 b/k8s/apps/snmp-exporter/app.json5 similarity index 100% rename from k8s/argocdapps/snmp-exporter/app.json5 rename to k8s/apps/snmp-exporter/app.json5 diff --git a/k8s/argocdapps/snmp-exporter/config/generator.yaml b/k8s/apps/snmp-exporter/config/generator.yaml similarity index 100% rename from k8s/argocdapps/snmp-exporter/config/generator.yaml rename to k8s/apps/snmp-exporter/config/generator.yaml diff --git a/k8s/argocdapps/snmp-exporter/helm.jsonnet b/k8s/apps/snmp-exporter/helm.jsonnet similarity index 100% rename from k8s/argocdapps/snmp-exporter/helm.jsonnet rename to k8s/apps/snmp-exporter/helm.jsonnet diff --git a/k8s/argocdapps/snmp-exporter/values.yaml b/k8s/apps/snmp-exporter/values.yaml similarity index 100% rename from k8s/argocdapps/snmp-exporter/values.yaml rename to k8s/apps/snmp-exporter/values.yaml diff --git a/k8s/argocdapps/tailscale/app.json5 b/k8s/apps/tailscale/app.json5 similarity index 100% rename from k8s/argocdapps/tailscale/app.json5 rename to k8s/apps/tailscale/app.json5 diff --git a/k8s/argocdapps/tailscale/deployment.jsonnet b/k8s/apps/tailscale/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/tailscale/deployment.jsonnet rename to k8s/apps/tailscale/deployment.jsonnet diff --git a/k8s/argocdapps/tailscale/external-secret.jsonnet b/k8s/apps/tailscale/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/tailscale/external-secret.jsonnet rename to k8s/apps/tailscale/external-secret.jsonnet diff --git a/k8s/argocdapps/tailscale/role.jsonnet b/k8s/apps/tailscale/role.jsonnet similarity index 100% rename from k8s/argocdapps/tailscale/role.jsonnet rename to k8s/apps/tailscale/role.jsonnet diff --git a/k8s/argocdapps/tailscale/rolebinding.jsonnet b/k8s/apps/tailscale/rolebinding.jsonnet similarity index 100% rename from k8s/argocdapps/tailscale/rolebinding.jsonnet rename to k8s/apps/tailscale/rolebinding.jsonnet diff --git a/k8s/argocdapps/tailscale/sa.jsonnet b/k8s/apps/tailscale/sa.jsonnet similarity index 100% rename from k8s/argocdapps/tailscale/sa.jsonnet rename to k8s/apps/tailscale/sa.jsonnet diff --git a/k8s/argocdapps/tempo/app.json5 b/k8s/apps/tempo/app.json5 similarity index 100% rename from k8s/argocdapps/tempo/app.json5 rename to k8s/apps/tempo/app.json5 diff --git a/k8s/argocdapps/tempo/external-secret.jsonnet b/k8s/apps/tempo/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/tempo/external-secret.jsonnet rename to k8s/apps/tempo/external-secret.jsonnet diff --git a/k8s/argocdapps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet similarity index 100% rename from k8s/argocdapps/tempo/helm.jsonnet rename to k8s/apps/tempo/helm.jsonnet diff --git a/k8s/argocdapps/tempo/values.yaml b/k8s/apps/tempo/values.yaml similarity index 100% rename from k8s/argocdapps/tempo/values.yaml rename to k8s/apps/tempo/values.yaml diff --git a/k8s/argocdapps/wakatime-to-slack-profile/app.json5 b/k8s/apps/wakatime-to-slack-profile/app.json5 similarity index 100% rename from k8s/argocdapps/wakatime-to-slack-profile/app.json5 rename to k8s/apps/wakatime-to-slack-profile/app.json5 diff --git a/k8s/argocdapps/wakatime-to-slack-profile/config/emoji.json b/k8s/apps/wakatime-to-slack-profile/config/emoji.json similarity index 100% rename from k8s/argocdapps/wakatime-to-slack-profile/config/emoji.json rename to k8s/apps/wakatime-to-slack-profile/config/emoji.json diff --git a/k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet b/k8s/apps/wakatime-to-slack-profile/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/wakatime-to-slack-profile/configmap.jsonnet rename to k8s/apps/wakatime-to-slack-profile/configmap.jsonnet diff --git a/k8s/argocdapps/wakatime-to-slack-profile/deployment.jsonnet b/k8s/apps/wakatime-to-slack-profile/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/wakatime-to-slack-profile/deployment.jsonnet rename to k8s/apps/wakatime-to-slack-profile/deployment.jsonnet diff --git a/k8s/argocdapps/wakatime-to-slack-profile/external-secret.jsonnet b/k8s/apps/wakatime-to-slack-profile/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/wakatime-to-slack-profile/external-secret.jsonnet rename to k8s/apps/wakatime-to-slack-profile/external-secret.jsonnet diff --git a/k8s/argocdapps/wakatime-to-slack-profile/ingress.jsonnet b/k8s/apps/wakatime-to-slack-profile/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/wakatime-to-slack-profile/ingress.jsonnet rename to k8s/apps/wakatime-to-slack-profile/ingress.jsonnet diff --git a/k8s/argocdapps/wakatime-to-slack-profile/service.jsonnet b/k8s/apps/wakatime-to-slack-profile/service.jsonnet similarity index 100% rename from k8s/argocdapps/wakatime-to-slack-profile/service.jsonnet rename to k8s/apps/wakatime-to-slack-profile/service.jsonnet diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/app.json5 b/k8s/apps/walnuts-dev-www-redirect/app.json5 similarity index 100% rename from k8s/argocdapps/walnuts-dev-www-redirect/app.json5 rename to k8s/apps/walnuts-dev-www-redirect/app.json5 diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/config/nginx.conf b/k8s/apps/walnuts-dev-www-redirect/config/nginx.conf similarity index 100% rename from k8s/argocdapps/walnuts-dev-www-redirect/config/nginx.conf rename to k8s/apps/walnuts-dev-www-redirect/config/nginx.conf diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/config/virtualhost.conf b/k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf similarity index 100% rename from k8s/argocdapps/walnuts-dev-www-redirect/config/virtualhost.conf rename to k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/configmap.jsonnet b/k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/walnuts-dev-www-redirect/configmap.jsonnet rename to k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/deployment.jsonnet b/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/walnuts-dev-www-redirect/deployment.jsonnet rename to k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/ingress.jsonnet b/k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/walnuts-dev-www-redirect/ingress.jsonnet rename to k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet diff --git a/k8s/argocdapps/walnuts-dev-www-redirect/service.jsonnet b/k8s/apps/walnuts-dev-www-redirect/service.jsonnet similarity index 100% rename from k8s/argocdapps/walnuts-dev-www-redirect/service.jsonnet rename to k8s/apps/walnuts-dev-www-redirect/service.jsonnet diff --git a/k8s/argocdapps/walnuts-dev/app.json5 b/k8s/apps/walnuts-dev/app.json5 similarity index 100% rename from k8s/argocdapps/walnuts-dev/app.json5 rename to k8s/apps/walnuts-dev/app.json5 diff --git a/k8s/argocdapps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet similarity index 100% rename from k8s/argocdapps/walnuts-dev/deployment.jsonnet rename to k8s/apps/walnuts-dev/deployment.jsonnet diff --git a/k8s/argocdapps/walnuts-dev/ingress.jsonnet b/k8s/apps/walnuts-dev/ingress.jsonnet similarity index 100% rename from k8s/argocdapps/walnuts-dev/ingress.jsonnet rename to k8s/apps/walnuts-dev/ingress.jsonnet diff --git a/k8s/argocdapps/walnuts-dev/service.jsonnet b/k8s/apps/walnuts-dev/service.jsonnet similarity index 100% rename from k8s/argocdapps/walnuts-dev/service.jsonnet rename to k8s/apps/walnuts-dev/service.jsonnet diff --git a/k8s/argocdapps/zalando-psql-operator/app.json5 b/k8s/apps/zalando-psql-operator/app.json5 similarity index 100% rename from k8s/argocdapps/zalando-psql-operator/app.json5 rename to k8s/apps/zalando-psql-operator/app.json5 diff --git a/k8s/argocdapps/zalando-psql-operator/external-secret.jsonnet b/k8s/apps/zalando-psql-operator/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/zalando-psql-operator/external-secret.jsonnet rename to k8s/apps/zalando-psql-operator/external-secret.jsonnet diff --git a/k8s/argocdapps/zalando-psql-operator/helm.jsonnet b/k8s/apps/zalando-psql-operator/helm.jsonnet similarity index 100% rename from k8s/argocdapps/zalando-psql-operator/helm.jsonnet rename to k8s/apps/zalando-psql-operator/helm.jsonnet diff --git a/k8s/argocdapps/zalando-psql-operator/values.yaml b/k8s/apps/zalando-psql-operator/values.yaml similarity index 100% rename from k8s/argocdapps/zalando-psql-operator/values.yaml rename to k8s/apps/zalando-psql-operator/values.yaml diff --git a/k8s/argocdapps/zitadel/app.json5 b/k8s/apps/zitadel/app.json5 similarity index 100% rename from k8s/argocdapps/zitadel/app.json5 rename to k8s/apps/zitadel/app.json5 diff --git a/k8s/argocdapps/zitadel/config/config.yaml b/k8s/apps/zitadel/config/config.yaml similarity index 100% rename from k8s/argocdapps/zitadel/config/config.yaml rename to k8s/apps/zitadel/config/config.yaml diff --git a/k8s/argocdapps/zitadel/configmap.jsonnet b/k8s/apps/zitadel/configmap.jsonnet similarity index 100% rename from k8s/argocdapps/zitadel/configmap.jsonnet rename to k8s/apps/zitadel/configmap.jsonnet diff --git a/k8s/argocdapps/zitadel/external-secret.jsonnet b/k8s/apps/zitadel/external-secret.jsonnet similarity index 100% rename from k8s/argocdapps/zitadel/external-secret.jsonnet rename to k8s/apps/zitadel/external-secret.jsonnet diff --git a/k8s/argocdapps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet similarity index 100% rename from k8s/argocdapps/zitadel/helm.jsonnet rename to k8s/apps/zitadel/helm.jsonnet diff --git a/k8s/argocdapps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml similarity index 100% rename from k8s/argocdapps/zitadel/values.yaml rename to k8s/apps/zitadel/values.yaml From 76cc2d0a24ebc42a59d53e21a99a9811cf689b04 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:22:15 +0900 Subject: [PATCH 0034/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/openchokin/front/redis.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/openchokin/front/redis.jsonnet b/k8s/apps/openchokin/front/redis.jsonnet index a3318f584..430bed695 100644 --- a/k8s/apps/openchokin/front/redis.jsonnet +++ b/k8s/apps/openchokin/front/redis.jsonnet @@ -12,7 +12,7 @@ image: 'quay.io/opstree/redis:v7.0.12', imagePullPolicy: 'IfNotPresent', redisSecret: { - name: (import '../external-secret.jsonnet').name, + name: (import '../external-secret.jsonnet').spec.target.name, key: 'redis-password', }, }, @@ -58,7 +58,7 @@ image: 'quay.io/opstree/redis-sentinel:v7.0.12', imagePullPolicy: 'IfNotPresent', redisSecret: { - name: (import '../external-secret.jsonnet').name, + name: (import '../external-secret.jsonnet').spec.target.name, key: 'redis-password', }, }, From e579085bddf41d7b8c810f3fc0069eb04275fc23 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:33:44 +0900 Subject: [PATCH 0035/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- k8s/utils/get-endpoint-from-service.libsonnet | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 k8s/utils/get-endpoint-from-service.libsonnet diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 5cea2a4bb..41e3db547 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -34,7 +34,7 @@ env: [ { name: 'API_URL', - value: 'http://oekaki-dengon-game-front.oekaki-dengon-game.svc.cluster.local:8080/api', + value: 'http://' + (import '../../../utils/get-endpoint-from-service.libsonnet')(import 'service.jsonnet') + ':8080/api', }, ], resources: { diff --git a/k8s/utils/get-endpoint-from-service.libsonnet b/k8s/utils/get-endpoint-from-service.libsonnet new file mode 100644 index 000000000..86c5a4501 --- /dev/null +++ b/k8s/utils/get-endpoint-from-service.libsonnet @@ -0,0 +1 @@ +function(service) '%s.%s.svc.cluster.local' % [service.metadata.name, service.metadata.namespace] From 13f3968a144ea055725410a071bad0b3cddae510 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:46:11 +0900 Subject: [PATCH 0036/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 41e3db547..6be365803 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -24,7 +24,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'oekaki-dengon-game-front', - image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-a6d6d6e7d66e6d0dfafbf416b462be908b208489-87', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-8c4f26887ee6615f8e0c4bf09e4ea338c4ddb631-88', imagePullPolicy: 'IfNotPresent', ports: [ { From d2ff0192283783abc709cc32a8c27e3426efacff Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 22:53:44 +0900 Subject: [PATCH 0037/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 6be365803..7000c047c 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -24,7 +24,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'oekaki-dengon-game-front', - image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-8c4f26887ee6615f8e0c4bf09e4ea338c4ddb631-88', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-a28ec4cf7314f2b7049329737bd57cb14abe907d-89', imagePullPolicy: 'IfNotPresent', ports: [ { From ce6947d67f70a791964c4350ff9be8b543604b7c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:02:16 +0900 Subject: [PATCH 0038/1209] add Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/_base.libsonnet | 3 --- .../opentelemetry-collectors/collectors/daemonset.jsonnet | 6 ++---- .../opentelemetry-collectors/collectors/default.jsonnet | 8 ++------ .../collectors/deployment.jsonnet | 8 ++------ .../collectors/prometheus-exporter.jsonnet | 7 ++----- 5 files changed, 8 insertions(+), 24 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet index a601fda13..b3e952496 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet @@ -1,9 +1,6 @@ { apiVersion: 'opentelemetry.io/v1beta1', kind: 'OpenTelemetryCollector', - metadata: { - name: error 'metadata.name is required', - }, spec: { managementState: 'managed', serviceAccount: (import '../sa.jsonnet').metadata.name, diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 03aa99f8e..e4c1a2a60 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -1,6 +1,4 @@ -(import '_base.libsonnet') + { - apiVersion: 'opentelemetry.io/v1beta1', - kind: 'OpenTelemetryCollector', +std.mergePatch((import '_base.libsonnet'), { metadata: { name: 'k8s-daemonset', }, @@ -234,4 +232,4 @@ runAsGroup: 0, }, }, -} +}) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 261c4350c..59c4ebe88 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -1,14 +1,10 @@ -(import '_base.libsonnet') + { - apiVersion: 'opentelemetry.io/v1beta1', - kind: 'OpenTelemetryCollector', +std.mergePatch((import '_base.libsonnet'), { metadata: { name: 'default', }, spec: { replicas: 1, mode: 'deployment', - serviceAccount: 'otel-collector', - managementState: 'managed', config: { receivers: { otlp: { @@ -190,4 +186,4 @@ }, ], }, -} +}) diff --git a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet index 353a01700..fe7f36544 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet @@ -1,15 +1,11 @@ -(import '_base.libsonnet') + { - apiVersion: 'opentelemetry.io/v1beta1', - kind: 'OpenTelemetryCollector', +std.mergePatch((import '_base.libsonnet'), { metadata: { name: 'k8s-deployment', }, spec: { replicas: 1, - serviceAccount: 'otel-collector', mode: 'deployment', image: 'otel/opentelemetry-collector-k8s', - managementState: 'managed', config: { receivers: { k8s_cluster: { @@ -113,4 +109,4 @@ }, ], }, -} +}) diff --git a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet index 0201a448a..49b6c6445 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet @@ -1,13 +1,10 @@ -(import '_base.libsonnet') + { - apiVersion: 'opentelemetry.io/v1beta1', - kind: 'OpenTelemetryCollector', +std.mergePatch((import '_base.libsonnet'), { metadata: { name: 'prometheus-exporter', }, spec: { mode: 'deployment', image: 'otel/opentelemetry-collector-contrib', - managementState: 'managed', config: { receivers: { otlp: { @@ -79,4 +76,4 @@ ], }, }, -} +}) From 484bdbdcd9d53d623707c43e81e4ecc7b322b380 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:21:38 +0900 Subject: [PATCH 0039/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 7000c047c..d054719c7 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -24,7 +24,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'oekaki-dengon-game-front', - image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-a28ec4cf7314f2b7049329737bd57cb14abe907d-89', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-a28ec4cf7314f2b7049329737bd57cb14abe907d-90', imagePullPolicy: 'IfNotPresent', ports: [ { From 59b39e04bb2f8d9088c36cfdfe4bafe4c6129b6d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:32:58 +0900 Subject: [PATCH 0040/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index d054719c7..739a2e4ef 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -24,7 +24,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'oekaki-dengon-game-front', - image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-a28ec4cf7314f2b7049329737bd57cb14abe907d-90', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-c80248a3dd5c3609ccfe55e1132068df22ecc092-92', imagePullPolicy: 'IfNotPresent', ports: [ { From 6d9b05b0fb561fa5b595df05c46313ce6108c404 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:42:31 +0900 Subject: [PATCH 0041/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 739a2e4ef..1ad4fa0bb 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -24,7 +24,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'oekaki-dengon-game-front', - image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-c80248a3dd5c3609ccfe55e1132068df22ecc092-92', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-9c31d9c66702b599c95c3ba85109c7b389b8ca1f-93', imagePullPolicy: 'IfNotPresent', ports: [ { From edeb20f2e69e1e15b9f1b878d1ab02b75802c901 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:45:17 +0900 Subject: [PATCH 0042/1209] rm securityContext Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 1ad4fa0bb..fa73d44f5 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -31,6 +31,7 @@ containerPort: 3000, }, ], + securityContext:: null, env: [ { name: 'API_URL', From 71e69625958cad37fb7f56a41b3150b48e6b9bd2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:52:34 +0900 Subject: [PATCH 0043/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index fa73d44f5..09d75410a 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -24,7 +24,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'oekaki-dengon-game-front', - image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-9c31d9c66702b599c95c3ba85109c7b389b8ca1f-93', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-033204307091c0be33ba4b31a9b214ceba705270-94', imagePullPolicy: 'IfNotPresent', ports: [ { From 68098b1421667052606a33948b840d678ad33aa7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:52:41 +0900 Subject: [PATCH 0044/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 09d75410a..901ed1622 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -31,7 +31,6 @@ containerPort: 3000, }, ], - securityContext:: null, env: [ { name: 'API_URL', From 3de4a76d0f2a9c619126c6bc5ea69da784e2738a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:55:54 +0900 Subject: [PATCH 0045/1209] add Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 901ed1622..ab2358c5c 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -24,7 +24,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'oekaki-dengon-game-front', - image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-033204307091c0be33ba4b31a9b214ceba705270-94', + image: 'ghcr.io/kmc-jp/oekaki-dengon-game-front:v0.0.0-10b57aae4bfe56124907ac1b03bc822a635e173f-95', imagePullPolicy: 'IfNotPresent', ports: [ { From bd2865d6baf55973faaaca1e3b5239e83715425a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:58:10 +0900 Subject: [PATCH 0046/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index ab2358c5c..0b9f8e3c6 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -34,7 +34,7 @@ env: [ { name: 'API_URL', - value: 'http://' + (import '../../../utils/get-endpoint-from-service.libsonnet')(import 'service.jsonnet') + ':8080/api', + value: 'http://' + (import '../../../utils/get-endpoint-from-service.libsonnet')(import '../backend/service.jsonnet') + ':8080/api', }, ], resources: { From 228ab304dd36121a22d2f538a5fd811831730862 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 5 Nov 2024 23:58:35 +0900 Subject: [PATCH 0047/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 0b9f8e3c6..78bb9443f 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -34,7 +34,7 @@ env: [ { name: 'API_URL', - value: 'http://' + (import '../../../utils/get-endpoint-from-service.libsonnet')(import '../backend/service.jsonnet') + ':8080/api', + value: 'http://' + (import '../../../utils/get-endpoint-from-service.libsonnet')(import '../back/service.jsonnet') + ':8080/api', }, ], resources: { From 4c7e98a9cf28351a2c3a61e8ce85faf35cc7e3e6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 22:57:27 +0000 Subject: [PATCH 0048/1209] Update Helm release kube-prometheus-stack to v65.8.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index aaf896661..8c9cbb5ca 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '65.7.0', + targetRevision: '65.8.0', values: (importstr 'values.yaml'), } From 1763dca427748065e4f9677209f9b27f03319981 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 6 Nov 2024 08:34:28 +0900 Subject: [PATCH 0049/1209] Update deployment.jsonnet --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index caf4b109c..878e7ebeb 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:149b65e8e64d96baedd360cec387ed8871648a2a-239', + image: 'ghcr.io/walnuts1018/walnuts.dev:9f32c4cde0d8a72054c70779b54ccfb0e2bd6e8d-244', imagePullPolicy: 'IfNotPresent', ports: [ { From 56d654e7ab359cfe92e86a4c8ef2182f0ce59bba Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Nov 2024 01:12:58 +0000 Subject: [PATCH 0050/1209] Update dependency aquaproj/aqua-registry to v4.247.0 --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 605b3f8c0..8fc94c06f 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.246.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.247.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 33828b15dfe7a71979262ecdee3159c88e1c4e20 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 6 Nov 2024 12:41:05 +0900 Subject: [PATCH 0051/1209] Update deployment.jsonnet --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 878e7ebeb..c58f42126 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:9f32c4cde0d8a72054c70779b54ccfb0e2bd6e8d-244', + image: 'ghcr.io/walnuts1018/walnuts.dev:d4b801b4058b5f366151e19bbd40b37a7b7771ee-256', imagePullPolicy: 'IfNotPresent', ports: [ { From 33a9cbbb2772f8b3dc3ea503851320688b0c9c8c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Nov 2024 08:20:50 +0000 Subject: [PATCH 0052/1209] Update Helm release redis-operator to v0.18.4 --- k8s/apps/redis-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/redis-operator/helm.jsonnet b/k8s/apps/redis-operator/helm.jsonnet index c70608192..f6dc1b000 100644 --- a/k8s/apps/redis-operator/helm.jsonnet +++ b/k8s/apps/redis-operator/helm.jsonnet @@ -3,7 +3,7 @@ std.mergePatch((import '../../components/helm.libsonnet') { namespace: (import 'app.json5').namespace, chart: 'redis-operator', repoURL: 'https://ot-container-kit.github.io/helm-charts/', - targetRevision: '0.18.3', + targetRevision: '0.18.4', values: (importstr 'values.yaml'), }, { spec: { From 017e6db3f9a499fe81342c8a666454f5ac64220f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Nov 2024 10:17:50 +0000 Subject: [PATCH 0053/1209] Update Helm release kube-prometheus-stack to v65.8.1 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 8c9cbb5ca..df9a587b8 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '65.8.0', + targetRevision: '65.8.1', values: (importstr 'values.yaml'), } From 0918bf0758dde823e922e27dde08c45cdd8c61dc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Nov 2024 14:57:10 +0000 Subject: [PATCH 0054/1209] Update dependency aquaproj/aqua-registry to v4.248.0 --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 8fc94c06f..bdfe5cbc6 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.247.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.248.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From f13de33c17cbb39554382283555fdaa6fdf1c3d4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Nov 2024 23:30:51 +0000 Subject: [PATCH 0055/1209] Update Helm release tempo to v1.12.0 --- k8s/apps/tempo/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet index 3e683989d..b11d929cb 100644 --- a/k8s/apps/tempo/helm.jsonnet +++ b/k8s/apps/tempo/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'tempo', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '1.11.0', + targetRevision: '1.12.0', values: (importstr 'values.yaml'), } From bd97feb35c7d7113ef32b911be6b242944b0838c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 14:25:33 +0000 Subject: [PATCH 0056/1209] Update Helm release redis-operator to v0.18.5 --- k8s/apps/redis-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/redis-operator/helm.jsonnet b/k8s/apps/redis-operator/helm.jsonnet index f6dc1b000..f7164051d 100644 --- a/k8s/apps/redis-operator/helm.jsonnet +++ b/k8s/apps/redis-operator/helm.jsonnet @@ -3,7 +3,7 @@ std.mergePatch((import '../../components/helm.libsonnet') { namespace: (import 'app.json5').namespace, chart: 'redis-operator', repoURL: 'https://ot-container-kit.github.io/helm-charts/', - targetRevision: '0.18.4', + targetRevision: '0.18.5', values: (importstr 'values.yaml'), }, { spec: { From 8b325b802b38e0fe99c202f8fc0142f3ae15cb0b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 8 Nov 2024 00:09:25 +0900 Subject: [PATCH 0057/1209] Update deployment.jsonnet --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index c58f42126..8a1e8c90c 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:d4b801b4058b5f366151e19bbd40b37a7b7771ee-256', + image: 'ghcr.io/walnuts1018/walnuts.dev:8fd4cd6e1f6dbb44bdc9e7ef130f58f19d90db10-257', imagePullPolicy: 'IfNotPresent', ports: [ { From 124f5e9e44c427ba36f0b214faca6f4ecb447f95 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 18:19:10 +0000 Subject: [PATCH 0058/1209] Update Helm release loki to v6.19.0 --- k8s/apps/loki/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet index ef0fb05cc..51b484a2b 100644 --- a/k8s/apps/loki/helm.jsonnet +++ b/k8s/apps/loki/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'loki', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '6.18.0', + targetRevision: '6.19.0', values: (importstr 'values.yaml'), } From e18178c783938d4076fc7e40f8d38bdb07dca859 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 18:19:15 +0000 Subject: [PATCH 0059/1209] Update Helm release opentelemetry-operator to v0.73.0 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index e47e3de1b..f547a9196 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.72.0', + targetRevision: '0.73.0', values: (importstr 'values.yaml'), } From c8381076df00ef9d4f518e93c0c8b23429d8afba Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 8 Nov 2024 06:40:09 +0900 Subject: [PATCH 0060/1209] 4efcb800849da61b51914f053587045cb42d73f3-260 Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 8a1e8c90c..21f28672e 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:8fd4cd6e1f6dbb44bdc9e7ef130f58f19d90db10-257', + image: 'ghcr.io/walnuts1018/walnuts.dev:4efcb800849da61b51914f053587045cb42d73f3-260', imagePullPolicy: 'IfNotPresent', ports: [ { From ed7941ab8df6b90ab4838491748d8ac1fe36de98 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 21:40:43 +0000 Subject: [PATCH 0061/1209] Update Terraform aws to ~> 5.75.0 --- terraform/kurumi/.terraform.lock.hcl | 60 ++++++++++++++-------------- terraform/kurumi/main.tf | 2 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index ec204720b..6beb653d4 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,37 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.74.0" - constraints = "~> 5.74.0" + version = "5.75.0" + constraints = "~> 5.75.0" hashes = [ - "h1:/dQYO7n+CskbVyK4lZf9W9GrfBARF1gnOaYcR51e6IE=", - "h1:0Iq3x8RSdWedvATBO1RZbCQqRCHPNsdhkYVrRs9crEE=", - "h1:1kuxoGf+62BB4tZXGDovizWZMYKNibprG2bp6Qd/9Bw=", - "h1:5emrJ5QaBKjWqw7RkEisKDFEb9M32axWezw+YpYo2z0=", - "h1:8uZ7Hq4cduhQxYe4HPo7rGYAvEieQjiEPIh/wRLmITU=", - "h1:CkpdUEM8uA3eLWHo3ci0cAiG4IdeWWsJShWwAQMV4/c=", - "h1:HMaN/L2hf1PN2YLdlQRbE49f4RF7VuqEVpqxNtJ2+18=", - "h1:K6rrQRr37cCDcr5ULPlMVfa9sTyO4yVXXPRA4g9wSkA=", - "h1:NjiJii9QnUzkYo8wFU9fsdKGl1PSqGsfU34Er2n1GSs=", - "h1:U7dnLTlNn4puZS57/QRoIX6lPrVwC8XT+qBjvm2eYVs=", - "h1:Uk2a12Ta3FPv0oUDfDPg9bovIuP02Z/XJ5kolfPLNgI=", - "h1:au5Jus+lpe1XBi32ViPzLeXg6r6JivJDwYWIpDGW5Cs=", - "h1:eQ4lXIfKHT+3pObx8FcGHGM1RRk7DfJSsr6QcLS9d5M=", - "h1:nlhi+q6W7SXJcrEtAJvRFiEbXC+u1hZwK1JL+QD1Qvg=", - "zh:1e2d65add4d63af5b396ae33d55c48303eca6c86bd1be0f6fae13267a9b47bc4", - "zh:20ddec3dac3d06a188f12e58b6428854949b1295e937c5d4dca4866dc1c937af", - "zh:35b72de4e6a3e3d69efc07184fb413406262fe447b2d82d57eaf8c787a068a06", - "zh:44eada24a50cd869aadc4b29f9e791fdf262d7f426921e9ac2893bbb86013176", - "zh:455e666e3a9a2312b3b9f434b87a404b6515d64a8853751e20566a6548f9df9e", - "zh:58b3ae74abfca7b9b61f42f0c8b10d97f9b01aff18bd1d4ab091129c9d203707", - "zh:840a8a32d5923f9e7422f9c80d165c3f89bb6ea370b8283095081e39050a8ea8", - "zh:87cb6dbbdbc1b73bdde4b8b5d6d780914a3e8f1df0385da4ea7323dc1a68468f", - "zh:8b8953e39b0e6e6156c5570d1ca653450bfa0d9b280e2475f01ee5c51a6554db", + "h1:1R08bG9RT1qWHU6K0B992s3VbTIdb7cWt421+TBVS/8=", + "h1:36n0sS0B/ZL0yr4JsW07TT+WtLmozvlKTAA/MQWpDY8=", + "h1:5E1PLq7S2vAczsDkUGc1MrvuZGTNgmsGXcrY9Hty0Dw=", + "h1:6SG/Rk52Rj48h4JDOyVg4pw9jmjxgCyCLwgXrJXZGL0=", + "h1:GGL7/R/t1CLUYTcoUG5oSoNv0ZIlf/1/PFanquWbgUg=", + "h1:NVVF3N+wgg5EfE7XlYgvjAO9VHqBeOYR/IG0cTLgruY=", + "h1:OkOE53v2W80A4UB+mI4VvE70W63eyYGWD8pHLu4OaWE=", + "h1:RJs0yQo3ScqJ0ZJyR9UX92ja2Nl5rEVJPUwP9h6lxBc=", + "h1:Vp6AJuCkdX4e1r8twlZmiBxO82N24+ytjVNQUBePy/s=", + "h1:WMOykRQJ6m4Z6tXrW5Vz9zCitj6R8rP99x4cAKU5lgE=", + "h1:aA/+c37GlH4+CsV49So/+/TsdpfwRNCQLP3CglLjjmw=", + "h1:rQl8P8OJZNwwPTATMtPjkyHnSOt4lkVD4t2cT+9JE+Y=", + "h1:rhG7XqZyeERvJ5JByMUO5rzYcu3VgWlRE7/tzi2dNI0=", + "h1:sIFhAbI3lxSeDdmgFoee7cNq24kBmMHqmDLbCLTqq8k=", + "zh:01b01b132b70df918f735898f1ad012ab3033d1b909b2e38950d16964d94c084", + "zh:28bc6ee7b0c88b1a48f315509ad390fb1e8f39bebe0f7a43c22b1a63825251d1", + "zh:31f9043a4c3538883ab9b9d3b399dae62e4552251e6a2b1da13ec3a2018a027d", + "zh:47451c295ffbddd19679a41d728f0942486d6de0d9206418d9593dda5a20c120", + "zh:5204c1a9f41dcc10e38879d41d95d95fdbb10527f613c129603137b1dbe99777", + "zh:64c3165a6019045782c8ad2a40d6fa4253d44dba67a5a971a81791cff5a9d3d5", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9bd750262e2fb0187a8420a561e55b0a1da738f690f53f5c7df170cb1f380459", - "zh:9d2474c1432dfa5e1db197e2dd6cd61a6a15452e0bc7acd09ca86b3cdb228871", - "zh:b763ecaf471c7737a5c6e4cf257b5318e922a6610fd83b36ed8eb68582a8642e", - "zh:c1344cd8fe03ff7433a19b14b14a1898c2ca5ba22a468fb8e1687f0a7f564d52", - "zh:dc0e0abf3be7402d0d022ced82816884356115ed27646df9c7222609e96840e6", + "zh:a5788f78da2f0ac78f99ca2a4c489c041654bec992f3183fd0b972e0554f91e9", + "zh:aed486e3b24e9f82543bf558b2a7eade4a905608060fac1284145c00ff63d3e2", + "zh:b42523c409940a9c3866f4973c8251b96e5f3a0934230849c533a04b95854965", + "zh:b570353eeb97b3ed1b423a6f67857a7a3c1c47c9907e45a81c3df186a2fd88d0", + "zh:bf05df84199cbc776a878f920f6be4d27737f2de204f80794e6a652d49692f0d", + "zh:c27133287d20620244de95f4c2438135e60c057e0891a3ec97539c990f7ebdec", + "zh:c59143082fe8e4f5d5b0676472b8b0e24c2a2f1ede622a64f9f24639382d4b03", + "zh:ebe01c3b7a85deebc10b4081097dd6e8b4c79b7c13a20acb099bd17ff06afcb7", ] } diff --git a/terraform/kurumi/main.tf b/terraform/kurumi/main.tf index 6f70d6058..01dd20cfa 100644 --- a/terraform/kurumi/main.tf +++ b/terraform/kurumi/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.74.0" + version = "~> 5.75.0" } } } From ef079156b5d48c55a2736d64e56cf8a703a6771d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 7 Nov 2024 21:40:47 +0000 Subject: [PATCH 0062/1209] Update dependency aquaproj/aqua-registry to v4.249.0 --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index bdfe5cbc6..d9411b06e 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.248.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.249.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From fd4ae44fe6da1d4d41a0fc0560f7e5e9f5c14c8f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 8 Nov 2024 17:03:50 +0900 Subject: [PATCH 0063/1209] add image updater Signed-off-by: walnuts1018 --- k8s/_argocd/applications/argocd.yaml | 1 + k8s/_argocd/argocd_components/image-updater/app.json5 | 4 ++++ k8s/_argocd/argocd_components/image-updater/helm.jsonnet | 8 ++++++++ k8s/_argocd/argocd_components/image-updater/values.yaml | 4 ++++ 4 files changed, 17 insertions(+) create mode 100644 k8s/_argocd/argocd_components/image-updater/app.json5 create mode 100644 k8s/_argocd/argocd_components/image-updater/helm.jsonnet create mode 100644 k8s/_argocd/argocd_components/image-updater/values.yaml diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index 77a500f6a..52617c9f6 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -13,6 +13,7 @@ spec: repoURL: 'https://github.com/walnuts1018/infra' targetRevision: main directory: + recurse: true jsonnet: tlas: - name: '' diff --git a/k8s/_argocd/argocd_components/image-updater/app.json5 b/k8s/_argocd/argocd_components/image-updater/app.json5 new file mode 100644 index 000000000..2392c3a9d --- /dev/null +++ b/k8s/_argocd/argocd_components/image-updater/app.json5 @@ -0,0 +1,4 @@ +{ + name: "argocd-image-updater", + namespace: "argocd", +} diff --git a/k8s/_argocd/argocd_components/image-updater/helm.jsonnet b/k8s/_argocd/argocd_components/image-updater/helm.jsonnet new file mode 100644 index 000000000..9f9bfde36 --- /dev/null +++ b/k8s/_argocd/argocd_components/image-updater/helm.jsonnet @@ -0,0 +1,8 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + chart: 'argocd-image-updater', + repoURL: 'https://argoproj.github.io/argo-helm', + targetRevision: '0.11.1', + values: (importstr 'values.yaml'), +} diff --git a/k8s/_argocd/argocd_components/image-updater/values.yaml b/k8s/_argocd/argocd_components/image-updater/values.yaml new file mode 100644 index 000000000..4dc54fd86 --- /dev/null +++ b/k8s/_argocd/argocd_components/image-updater/values.yaml @@ -0,0 +1,4 @@ +config: + gitCommitUser: "" + gitCommitMail: "" + gitCommitSignOff: true From 241a516a81ece00b1bd9a76fb60ea72434aafc60 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 8 Nov 2024 18:56:56 +0900 Subject: [PATCH 0064/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 3 +++ k8s/_argocd/applications/argocd.yaml | 3 +++ k8s/_argocd/argocd_components/image-updater/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index 0843aaf95..d1a4df32e 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -3,6 +3,9 @@ kind: ApplicationSet metadata: name: apps namespace: argocd + annotations: + argocd-image-updater.argoproj.io/write-back-method: git + argocd-image-updater.argoproj.io/git-branch: main:image-updater{{range .Images}}-{{.Name}}{{end}} spec: goTemplate: true goTemplateOptions: [ "missingkey=error" ] diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index 52617c9f6..4c12ac34d 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -3,6 +3,9 @@ kind: Application metadata: name: argocd namespace: argocd + annotations: + argocd-image-updater.argoproj.io/write-back-method: git + argocd-image-updater.argoproj.io/git-branch: main:image-updater{{range .Images}}-{{.Name}}{{end}} spec: project: default destination: diff --git a/k8s/_argocd/argocd_components/image-updater/values.yaml b/k8s/_argocd/argocd_components/image-updater/values.yaml index 4dc54fd86..7f271ebf9 100644 --- a/k8s/_argocd/argocd_components/image-updater/values.yaml +++ b/k8s/_argocd/argocd_components/image-updater/values.yaml @@ -1,4 +1,4 @@ config: - gitCommitUser: "" - gitCommitMail: "" + gitCommitUser: "argocd-image-updater" + gitCommitMail: "noreply@argoproj.io" gitCommitSignOff: true From 69558f05515bfd89e77b1241ddd5e1792e241e7a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 8 Nov 2024 18:58:46 +0900 Subject: [PATCH 0065/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index d1a4df32e..5b1f74eef 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -3,9 +3,6 @@ kind: ApplicationSet metadata: name: apps namespace: argocd - annotations: - argocd-image-updater.argoproj.io/write-back-method: git - argocd-image-updater.argoproj.io/git-branch: main:image-updater{{range .Images}}-{{.Name}}{{end}} spec: goTemplate: true goTemplateOptions: [ "missingkey=error" ] @@ -18,6 +15,9 @@ spec: template: metadata: name: '{{.name}}' + annotations: + argocd-image-updater.argoproj.io/write-back-method: git + argocd-image-updater.argoproj.io/git-branch: main:image-updater{{range .Images}}-{{.Name}}{{end}} spec: project: default destination: From 9a7d79ce2980db76c70223c77a73b5a88485b157 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 8 Nov 2024 19:30:30 +0900 Subject: [PATCH 0066/1209] fix: update git branch annotation format for image updater Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index 5b1f74eef..40e7ee685 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -17,7 +17,7 @@ spec: name: '{{.name}}' annotations: argocd-image-updater.argoproj.io/write-back-method: git - argocd-image-updater.argoproj.io/git-branch: main:image-updater{{range .Images}}-{{.Name}}{{end}} + argocd-image-updater.argoproj.io/git-branch: main:image-updater-{{.name}} spec: project: default destination: From cc126ab203fd910e6580a852ca07509ff7b2cbd6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 10:31:01 +0000 Subject: [PATCH 0067/1209] chore(deps): update helm release mariadb to v20 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 50eab7a82..4171d8a43 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import '../app.json5').namespace, chart: 'mariadb', repoURL: 'https://charts.bitnami.com/bitnami', - targetRevision: '19.1.2', + targetRevision: '20.0.0', values: (importstr 'values.yaml'), } From 2ab6069e7f73c0cbe36cfea1bc268924a319d2e8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 19:35:46 +0000 Subject: [PATCH 0068/1209] chore(deps): update helm release kube-prometheus-stack to v66 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index df9a587b8..3e9bb7486 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '65.8.1', + targetRevision: '66.0.0', values: (importstr 'values.yaml'), } From 896f40d9bb4671829c15f7067dbc5cd998a9e7de Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 22:38:47 +0000 Subject: [PATCH 0069/1209] chore(deps): update helm release tempo to v1.13.0 --- k8s/apps/tempo/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet index b11d929cb..375850757 100644 --- a/k8s/apps/tempo/helm.jsonnet +++ b/k8s/apps/tempo/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'tempo', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '1.12.0', + targetRevision: '1.13.0', values: (importstr 'values.yaml'), } From 44c21ee25087a98ceb42f2c491ba66fe4edbd366 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 07:48:20 +0900 Subject: [PATCH 0070/1209] add Signed-off-by: walnuts1018 --- .github/scripts/infrautil/go.mod | 140 ++++- .github/scripts/infrautil/go.sum | 530 +++++++++++++++++- .github/scripts/infrautil/helmSnapshotCmd.go | 130 +++++ .github/scripts/infrautil/lib/helm.go | 229 ++++++++ .github/scripts/infrautil/lib/helm_test.go | 76 +++ .github/scripts/infrautil/lib/helmyaml.go | 104 ++++ .../infrautil/lib/testfiles/helm.result.yaml | 0 .github/scripts/infrautil/main.go | 1 + Makefile | 14 +- k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet | 10 +- .../oauth2-proxy.jsonnet | 10 +- k8s/apps/kibana/oauth2-proxy.jsonnet | 10 +- .../oauth2-proxy.jsonnet | 10 +- .../oauth2-proxy/oauth2-proxy.jsonnet | 33 +- .../oauth2-proxy.jsonnet | 10 +- .../oauth2-proxy/oauth2-proxy.libsonnet | 71 ++- 16 files changed, 1282 insertions(+), 96 deletions(-) create mode 100644 .github/scripts/infrautil/helmSnapshotCmd.go create mode 100644 .github/scripts/infrautil/lib/helm.go create mode 100644 .github/scripts/infrautil/lib/helm_test.go create mode 100644 .github/scripts/infrautil/lib/helmyaml.go create mode 100644 .github/scripts/infrautil/lib/testfiles/helm.result.yaml diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index d59f2c4b0..0fda34125 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -3,25 +3,159 @@ module github.com/walnuts1018/infra/.github/scripts/infrautil go 1.23.2 require ( + github.com/go-playground/validator/v10 v10.4.1 github.com/google/go-jsonnet v0.20.0 github.com/google/subcommands v1.2.0 github.com/phsym/console-slog v0.3.1 + github.com/pkg/errors v0.9.1 github.com/yosuke-furukawa/json5 v0.1.1 + golang.org/x/sync v0.8.0 ) require ( + dario.cat/mergo v1.0.1 // indirect + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect + github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/MakeNowJust/heredoc v1.0.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect + github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/sprig/v3 v3.3.0 // indirect + github.com/Masterminds/squirrel v1.5.4 // indirect + github.com/Microsoft/hcsshim v0.11.4 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/chai2010/gettext-go v1.0.2 // indirect + github.com/containerd/containerd v1.7.12 // indirect + github.com/containerd/log v0.1.0 // indirect + github.com/cyphar/filepath-securejoin v0.3.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/distribution/reference v0.5.0 // indirect + github.com/docker/cli v25.0.1+incompatible // indirect + github.com/docker/distribution v2.8.3+incompatible // indirect + github.com/docker/docker v25.0.6+incompatible // indirect + github.com/docker/docker-credential-helpers v0.7.0 // indirect + github.com/docker/go-connections v0.5.0 // indirect + github.com/docker/go-metrics v0.0.1 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect + github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.16.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-errors/errors v1.4.2 // indirect + github.com/go-gorp/gorp/v3 v3.1.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-playground/locales v0.13.0 // indirect + github.com/go-playground/universal-translator v0.17.0 // indirect + github.com/gobwas/glob v0.2.3 // indirect github.com/goccy/go-yaml v1.11.3 // indirect - github.com/kr/text v0.2.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.0.1 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/mux v1.8.0 // indirect + github.com/gorilla/websocket v1.5.0 // indirect + github.com/gosuri/uitable v0.0.4 // indirect + github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/huandu/xstrings v1.5.0 // indirect + github.com/imdario/mergo v0.3.16 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jmoiron/sqlx v1.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.16.0 // indirect + github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect + github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect + github.com/leodido/go-urn v1.2.0 // indirect + github.com/lib/pq v1.10.9 // indirect + github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - golang.org/x/sys v0.17.0 // indirect + github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect + github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/moby/locker v1.0.1 // indirect + github.com/moby/spdystream v0.4.0 // indirect + github.com/moby/term v0.5.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/opencontainers/image-spec v1.1.0 // indirect + github.com/peterbourgon/diskv v2.0.1+incompatible // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/rubenv/sql-migrate v1.7.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/shopspring/decimal v1.4.0 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect + github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cobra v1.8.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/x448/float16 v0.8.4 // indirect + github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect + github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect + github.com/xeipuuv/gojsonschema v1.2.0 // indirect + github.com/xlab/treeprint v1.2.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect + golang.org/x/crypto v0.27.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/text v0.18.0 // indirect + golang.org/x/time v0.3.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/grpc v1.65.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + k8s.io/api v0.31.1 // indirect + k8s.io/apiextensions-apiserver v0.31.1 // indirect + k8s.io/apimachinery v0.31.1 // indirect + k8s.io/apiserver v0.31.1 // indirect + k8s.io/cli-runtime v0.31.1 // indirect + k8s.io/client-go v0.31.1 // indirect + k8s.io/component-base v0.31.1 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + k8s.io/kubectl v0.31.1 // indirect + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect + oras.land/oras-go v1.2.5 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/kustomize/api v0.17.2 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) require ( github.com/sters/yaml-diff v1.3.2 gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 - sigs.k8s.io/yaml v1.1.0 // indirect + helm.sh/helm/v3 v3.16.2 + sigs.k8s.io/yaml v1.4.0 ) diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index 14ca1fbb7..2f8ba1e41 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -1,59 +1,561 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= +github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= +github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= +github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= +github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= +github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= +github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= +github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= +github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= +github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= +github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng= +github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= +github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ= +github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= +github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o= +github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= +github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= +github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= +github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= +github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= +github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= +github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= +github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= +github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= +github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= +github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= +github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= +github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= +github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= +github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= +github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= +github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= +github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= +github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= +github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= +github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4= +github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= +github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= +github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= +github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/goccy/go-yaml v1.11.3 h1:B3W9IdWbvrUu2OYQGwvU1nZtvMQJPBKgBUuweJjLj6I= github.com/goccy/go-yaml v1.11.3/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= +github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= +github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= +github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g= github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE= github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= +github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= +github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= +github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= +github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= +github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= +github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= +github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= +github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= +github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= +github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= +github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= +github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= +github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= +github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= +github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= +github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/phsym/console-slog v0.3.1 h1:Fuzcrjr40xTc004S9Kni8XfNsk+qrptQmyR+wZw9/7A= github.com/phsym/console-slog v0.3.1/go.mod h1:oJskjp/X6e6c0mGpfP8ELkfKUsrkDifYRAqJQgmdDS0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= +github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= +github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= +github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/sters/yaml-diff v1.3.2 h1:99Ke50QYFQYZjKMOiePxwyuQ+WeCvNy6cRooqdLs/ZE= github.com/sters/yaml-diff v1.3.2/go.mod h1:86usbNZiUqke5wYjMxDVEjmvGjmY2FkMwOwe0A5zf68= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= +github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yosuke-furukawa/json5 v0.1.1 h1:0F9mNwTvOuDNH243hoPqvf+dxa5QsKnZzU20uNsh3ZI= github.com/yosuke-furukawa/json5 v0.1.1/go.mod h1:sw49aWDqNdRJ6DYUtIQiaA3xyj2IL9tjeNYmX2ixwcU= -golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI= +github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= +github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE= +github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= +github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY= +github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= +go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= +gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= +helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= +helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= +k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= +k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= +k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c= +k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM= +k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk= +k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U= +k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= +k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= +k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8= +k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24= +k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= +oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= +sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= +sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= +sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/.github/scripts/infrautil/helmSnapshotCmd.go b/.github/scripts/infrautil/helmSnapshotCmd.go new file mode 100644 index 000000000..c9022ccee --- /dev/null +++ b/.github/scripts/infrautil/helmSnapshotCmd.go @@ -0,0 +1,130 @@ +package main + +import ( + "context" + "errors" + "flag" + "fmt" + "io" + "io/fs" + "log/slog" + "net/url" + "os" + "path/filepath" + + "github.com/google/subcommands" + "github.com/walnuts1018/infra/.github/scripts/infrautil/lib" + "golang.org/x/sync/errgroup" +) + +type helmSnapshotCmd struct { + appSnapshotDir string + outFileDir string +} + +func (*helmSnapshotCmd) Name() string { return "helm-snapshot" } +func (*helmSnapshotCmd) Synopsis() string { return "create snapshot" } +func (*helmSnapshotCmd) Usage() string { + return `helm-snapshot -d -o :` +} + +func (b *helmSnapshotCmd) SetFlags(f *flag.FlagSet) { + f.StringVar(&b.appSnapshotDir, "d", "k8s/snapshot/apps", "app snapshot directory") + f.StringVar(&b.outFileDir, "o", "k8s/snapshots/helm", "output file path") +} + +func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) subcommands.ExitStatus { + if err := os.RemoveAll(b.outFileDir); err != nil { + slog.Error("failed to remove out file path", slog.String("outFileDir", b.outFileDir), slog.Any("error", err)) + return subcommands.ExitFailure + } + + if err := os.MkdirAll(filepath.Join(b.outFileDir), 0755); err != nil { + slog.Error("failed to create output directory", slog.String("outFileDir", b.outFileDir), slog.Any("error", err)) + return subcommands.ExitFailure + } + + eg := new(errgroup.Group) + + if err := filepath.Walk(b.appSnapshotDir, func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() { + return nil + } + + if filepath.Ext(path) != ".yaml" { + return nil + } + + yamlFile, err := os.Open(path) + if err != nil { + return fmt.Errorf("failed to open file: %w", err) + } + + helmapps, err := lib.ParseHelmApplications(yamlFile) + if err != nil { + return fmt.Errorf("failed to parse helm application: %w", err) + } + + for helmapp, err := range helmapps { + if err != nil { + if errors.Is(err, lib.ErrNotHelmApplication) { + slog.Warn("not a helm application", slog.String("path", path), slog.Any("error", err)) + continue + } + return fmt.Errorf("failed to parse helm application: %w", err) + } + + repoURL, err := url.Parse(helmapp.Spec.Source.RepoURL) + if err != nil { + return fmt.Errorf("failed to parse repo url: %w", err) + } + + eg.Go(func() error { + hc, err := lib.NewHelmClient() + if err != nil { + return fmt.Errorf("failed to create helm client: %w", err) + } + + gen, err := hc.HelmTemplate( + context.Background(), + helmapp.Spec.Source.Helm.ReleaseName, + helmapp.Spec.Destination.Namespace, + *repoURL, + helmapp.Spec.Source.Chart, + helmapp.Spec.Source.TargetRevision, + helmapp.Spec.Source.Helm.Values, + helmapp.Spec.Source.Helm.ValuesObject, + ) + if err != nil { + return fmt.Errorf("failed to generate helm template : %w", err) + } + + file, err := os.Create(filepath.Join(b.outFileDir, helmapp.Metadata.Name+".yaml")) + if err != nil { + return fmt.Errorf("failed to create file: %w", err) + } + defer file.Close() + + if _, err := io.Copy(file, gen); err != nil { + return fmt.Errorf("failed to copy file: %w", err) + } + return nil + }) + } + return nil + }); err != nil { + slog.Error("failed to walk app directory", slog.String("appSnapshotDir", b.appSnapshotDir), slog.Any("error", err)) + return subcommands.ExitFailure + } + + if err := eg.Wait(); err != nil { + slog.Error("failed to wait errgroup", slog.Any("error", err)) + return subcommands.ExitFailure + } + + return subcommands.ExitSuccess +} diff --git a/.github/scripts/infrautil/lib/helm.go b/.github/scripts/infrautil/lib/helm.go new file mode 100644 index 000000000..a9a819700 --- /dev/null +++ b/.github/scripts/infrautil/lib/helm.go @@ -0,0 +1,229 @@ +package lib + +import ( + "bytes" + "context" + "fmt" + "io" + "log/slog" + "net/url" + "os" + "strings" + + "github.com/pkg/errors" + "helm.sh/helm/v3/pkg/action" + "helm.sh/helm/v3/pkg/chart" + "helm.sh/helm/v3/pkg/chart/loader" + "helm.sh/helm/v3/pkg/cli" + "helm.sh/helm/v3/pkg/downloader" + "helm.sh/helm/v3/pkg/getter" + "helm.sh/helm/v3/pkg/registry" + "helm.sh/helm/v3/pkg/release" + "sigs.k8s.io/yaml" +) + +type HelmClient struct { + cfg *action.Configuration + settings *cli.EnvSettings + client *action.Install +} + +func NewHelmClient() (*HelmClient, error) { + cfg := new(action.Configuration) + settings := cli.New() + + registryClient, err := newRegistryClient(settings) + if err != nil { + return nil, err + } + cfg.RegistryClient = registryClient + + client := action.NewInstall(cfg) + client.DryRun = true + client.DryRunOption = "true" + client.Replace = true + client.ClientOnly = true + + return &HelmClient{ + cfg: cfg, + settings: settings, + client: client, + }, nil +} + +func newRegistryClient(settings *cli.EnvSettings) (*registry.Client, error) { + return registry.NewClient( + registry.ClientOptDebug(false), + registry.ClientOptEnableCache(true), + registry.ClientOptWriter(os.Stderr), + registry.ClientOptCredentialsFile(settings.RegistryConfig), + ) +} + +func (h *HelmClient) HelmTemplate( + ctx context.Context, + name string, + namespace string, + repoURL url.URL, + chartName string, + chartVersion string, + + valuesString string, + valuesObject map[string]interface{}, +) (io.Reader, error) { + registryClient, err := newRegistryClient(h.settings) + if err != nil { + return nil, fmt.Errorf("missing registry client: %w", err) + } + h.client.SetRegistryClient(registryClient) + + rel, err := h.createRelease(ctx, name, namespace, repoURL, chartName, chartVersion, valuesString, valuesObject) + if err != nil { + return nil, fmt.Errorf("failed to create release: %w", err) + } + if rel == nil { + return nil, errors.New("no release created") + } + + manifests := new(bytes.Buffer) + fmt.Fprintln(manifests, strings.TrimSpace(rel.Manifest)) + for _, m := range rel.Hooks { + fmt.Fprintf(manifests, "---\n# Source: %s\n%s\n", m.Path, m.Manifest) + } + + return manifests, nil +} + +func (h *HelmClient) createRelease( + ctx context.Context, + name string, + namespace string, + + repoURL url.URL, + + chartName string, + chartVersion string, + + valuesString string, + valuesObject map[string]interface{}, +) (*release.Release, error) { + h.client.ReleaseName = name + if namespace == "" { + namespace = "default" + } else { + h.client.Namespace = namespace + } + h.client.Version = chartVersion + h.client.ChartPathOptions.RepoURL = repoURL.String() + + cp, err := h.client.ChartPathOptions.LocateChart(chartName, h.settings) + if err != nil { + return nil, fmt.Errorf("failed to locate chart: %w", err) + } + + vals, err := createValues(valuesString, valuesObject) + if err != nil { + return nil, fmt.Errorf("failed to create values: %w", err) + } + + // Check chart dependencies to make sure all are present in /charts + chartRequested, err := loader.Load(cp) + if err != nil { + return nil, fmt.Errorf("failed to load chart: %w", err) + } + + if err := checkIfInstallable(chartRequested); err != nil { + return nil, fmt.Errorf("failed to check if chart is installable: %w", err) + } + + if chartRequested.Metadata.Deprecated { + slog.Warn("This chart is deprecated") + } + + if req := chartRequested.Metadata.Dependencies; req != nil { + // If CheckDependencies returns an error, we have unfulfilled dependencies. + // As of Helm 2.4.0, this is treated as a stopping condition: + // https://github.com/helm/helm/issues/2209 + if err := action.CheckDependencies(chartRequested, req); err != nil { + err = errors.Wrap(err, "An error occurred while checking for chart dependencies. You may need to run `helm dependency build` to fetch missing dependencies") + if h.client.DependencyUpdate { + man := &downloader.Manager{ + Out: os.Stdout, + ChartPath: cp, + Keyring: h.client.ChartPathOptions.Keyring, + SkipUpdate: false, + Getters: getter.All(h.settings), + RepositoryConfig: h.settings.RepositoryConfig, + RepositoryCache: h.settings.RepositoryCache, + Debug: h.settings.Debug, + RegistryClient: h.client.GetRegistryClient(), + } + if err := man.Update(); err != nil { + return nil, errors.Wrap(err, "failed to update chart dependencies") + } + // Reload the chart with the updated Chart.lock file. + if chartRequested, err = loader.Load(cp); err != nil { + return nil, errors.Wrap(err, "failed reloading chart after repo update") + } + } else { + return nil, err + } + } + } + + // to skip validation + chartRequested.Metadata.KubeVersion = "" + + release, err := h.client.RunWithContext(ctx, chartRequested, vals) + if err != nil { + return nil, fmt.Errorf("failed to run with context: %w", err) + } + return release, nil +} + +// parameters > valuesObject > values > valueFiles > helm repository values.yaml +func createValues(valuesString string, valuesObject map[string]interface{}) (map[string]interface{}, error) { + result := make(map[string]interface{}) + if valuesString != "" { + currentMap := map[string]interface{}{} + if err := yaml.Unmarshal([]byte(valuesString), ¤tMap); err != nil { + return nil, errors.Wrap(err, "failed to parse values string") + } + result = mergeMaps(result, currentMap) + } + + if valuesObject != nil { + result = mergeMaps(result, valuesObject) + } + + return result, nil +} + +// from https://github.com/helm/helm/blob/2aba8a1fcd5bb67b35746897a0864ff553edc11f/pkg/cli/values/options.go#L108-L125 +func mergeMaps(a, b map[string]interface{}) map[string]interface{} { + out := make(map[string]interface{}, len(a)) + for k, v := range a { + out[k] = v + } + for k, v := range b { + if v, ok := v.(map[string]interface{}); ok { + if bv, ok := out[k]; ok { + if bv, ok := bv.(map[string]interface{}); ok { + out[k] = mergeMaps(bv, v) + continue + } + } + } + out[k] = v + } + return out +} + +// from https://github.com/helm/helm/blob/2aba8a1fcd5bb67b35746897a0864ff553edc11f/cmd/helm/install.go#L322-L329 +func checkIfInstallable(ch *chart.Chart) error { + switch ch.Metadata.Type { + case "", "application": + return nil + } + return errors.Errorf("%s charts are not installable", ch.Metadata.Type) +} diff --git a/.github/scripts/infrautil/lib/helm_test.go b/.github/scripts/infrautil/lib/helm_test.go new file mode 100644 index 000000000..b7d458df7 --- /dev/null +++ b/.github/scripts/infrautil/lib/helm_test.go @@ -0,0 +1,76 @@ +package lib + +import ( + "context" + "io" + "net/url" + "testing" + + "sigs.k8s.io/yaml" +) + +func TestHelmClient_HelmTemplate(t *testing.T) { + type args struct { + ctx context.Context + name string + namespace string + repoURL url.URL + chartName string + chartVersion string + valuesString string + valuesObject map[string]interface{} + } + tests := []struct { + name string + args args + want string + wantErr bool + }{ + { + name: "test", + args: args{ + ctx: context.Background(), + name: "ingress-nginx-release", + namespace: "ingress-nginx", + repoURL: url.URL{ + Scheme: "https", + Host: "kubernetes.github.io", + Path: "/ingress-nginx", + }, + chartName: "ingress-nginx", + chartVersion: "4.11.3", + valuesString: ` +controller: + replicaCount: 2 +`, + }, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c, err := NewHelmClient() + if err != nil { + t.Errorf("HelmClient.HelmTemplate() error = %v", err) + return + } + + got, err := c.HelmTemplate(tt.args.ctx, tt.args.name, tt.args.namespace, tt.args.repoURL, tt.args.chartName, tt.args.chartVersion, tt.args.valuesString, tt.args.valuesObject) + if (err != nil) != tt.wantErr { + t.Errorf("HelmClient.HelmTemplate() error = %v, wantErr %v", err, tt.wantErr) + return + } + + gotStr, err := io.ReadAll(got) + if err != nil { + t.Errorf("HelmClient.HelmTemplate() error = %v", err) + return + } + + if err := yaml.Unmarshal([]byte(gotStr), map[string]any{}); err != nil { + t.Errorf("HelmClient.HelmTemplate() error = %v", err) + return + } + }) + } +} diff --git a/.github/scripts/infrautil/lib/helmyaml.go b/.github/scripts/infrautil/lib/helmyaml.go new file mode 100644 index 000000000..e884ab8c0 --- /dev/null +++ b/.github/scripts/infrautil/lib/helmyaml.go @@ -0,0 +1,104 @@ +package lib + +import ( + "bufio" + "fmt" + "io" + "iter" + "strings" + + "github.com/go-playground/validator/v10" + "sigs.k8s.io/yaml" +) + +type HelmApplication struct { + Metadata struct { + Name string `yaml:"name" validate:"required"` + } `yaml:"metadata"` + Spec struct { + Destination struct { + Namespace string `yaml:"namespace"` + } `yaml:"destination"` + Source struct { + Chart string `yaml:"chart" validate:"required"` + Helm struct { + ReleaseName string `yaml:"releaseName" validate:"required"` + Values string `yaml:"values"` + ValuesObject map[string]interface{} `yaml:"valuesObject"` + } `yaml:"helm"` + RepoURL string `yaml:"repoURL" validate:"required"` + TargetRevision string `yaml:"targetRevision" validate:"required"` + } `yaml:"source"` + } `yaml:"spec"` +} + +var validate = validator.New() + +var ErrNotHelmApplication = fmt.Errorf("not a helm application") + +func ParseHelmApplications(reader io.Reader) (iter.Seq2[HelmApplication, error], error) { + scanner := bufio.NewScanner(reader) + scanner.Buffer(make([]byte, 4096, bufio.MaxScanTokenSize*10), bufio.MaxScanTokenSize*10) + + return func(yield func(HelmApplication, error) bool) { + lines := []string{} + for scanner.Scan() { + line := scanner.Text() + if isSeparator(line) { + var app HelmApplication + if err := yaml.Unmarshal([]byte(strings.Join(lines, "\n")), &app); err != nil { + if !yield(HelmApplication{}, fmt.Errorf("failed to unmarshal yaml: %w", err)) { + return + } + } + lines = []string{} + + if err := scanner.Err(); err != nil { + if !yield(HelmApplication{}, fmt.Errorf("failed to read line: %w", err)) { + return + } + } + + if err := validate.Struct(app); err != nil { + if !yield(HelmApplication{}, ErrNotHelmApplication) { + return + } + } else { + if !yield(app, nil) { + return + } + } + } + lines = append(lines, line) + } + + if err := scanner.Err(); err != nil { + if !yield(HelmApplication{}, fmt.Errorf("failed to read line: %w", err)) { + return + } + } + + if len(lines) > 0 { + var app HelmApplication + if err := yaml.Unmarshal([]byte(strings.Join(lines, "\n")), &app); err != nil { + if !yield(HelmApplication{}, fmt.Errorf("failed to unmarshal yaml: %w", err)) { + return + } + } + + if err := validate.Struct(app); err != nil { + if !yield(HelmApplication{}, ErrNotHelmApplication) { + return + } + } else { + if !yield(app, nil) { + return + } + } + } + }, nil +} + +func isSeparator(s string) bool { + return strings.HasPrefix(s, "---") +} diff --git a/.github/scripts/infrautil/lib/testfiles/helm.result.yaml b/.github/scripts/infrautil/lib/testfiles/helm.result.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/.github/scripts/infrautil/main.go b/.github/scripts/infrautil/main.go index 086292326..5bb1b666f 100644 --- a/.github/scripts/infrautil/main.go +++ b/.github/scripts/infrautil/main.go @@ -24,6 +24,7 @@ func main() { subcommands.Register(subcommands.CommandsCommand(), "") subcommands.Register(&namespaceCmd{}, "") subcommands.Register(&snapshotCmd{}, "") + subcommands.Register(&helmSnapshotCmd{}, "") flag.Parse() ctx := context.Background() diff --git a/Makefile b/Makefile index 4dc31f2e6..812472f64 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,5 @@ INFRAUTIL ?= .github/scripts/infrautil/infrautil -.PHONY: build-tools -build-tools: build-infrautil build-infrautil2 - build-infrautil: cd .github/scripts/infrautil && go build -o infrautil . @@ -11,9 +8,18 @@ namespace: build-infrautil $(INFRAUTIL) namespace -d ./k8s/apps -o ./k8s/namespaces/namespaces.json5 .PHONY: snapshot -snapshot: build-infrautil +snapshot: + make app-snapshot + make helm-snapshot + +.PHONY: app-snapshot +app-snapshot: build-infrautil $(INFRAUTIL) snapshot -d ./k8s/apps -o ./k8s/snapshots/apps +.PHONY: helm-snapshot +helm-snapshot: build-infrautil + $(INFRAUTIL) helm-snapshot -d ./k8s/snapshots/apps -o ./k8s/snapshots/helm + # SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal) # .PHONY: terraform # terraform: diff --git a/k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet b/k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet index 12c12ec12..4149063b4 100644 --- a/k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet +++ b/k8s/apps/ac-hacking-2024/oauth2-proxy.jsonnet @@ -1,14 +1,14 @@ -(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') { - app:: { +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ + app: { name: 'ac-hacking', namespace: (import 'app.json5').namespace, }, domain: 'ac-hacking-2024.walnuts.dev', upstream: 'http://ac-hacking-2024-back.ac-hacking-2024.svc.cluster.local:8080', - oidc:: { - secret:: { + oidc: { + secret: { onepassword_item_name: 'ac-hacking-oauth2-proxy', }, allowed_group: '237477822715658605:ac-hacking-admin', }, -} +}) diff --git a/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet index b1665a316..99e33c15a 100644 --- a/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet +++ b/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet @@ -1,14 +1,14 @@ -(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') { - app:: { +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ + app: { name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, }, domain: 'hubble.walnuts.dev', upstream: 'http://hubble-ui.cilium-system.svc.cluster.local:80', - oidc:: { - secret:: { + oidc: { + secret: { onepassword_item_name: 'hubble-oauth2-proxy', }, allowed_group: '237477822715658605:hubble-admin', }, -} +}) diff --git a/k8s/apps/kibana/oauth2-proxy.jsonnet b/k8s/apps/kibana/oauth2-proxy.jsonnet index 6e0464162..e706bcb3c 100644 --- a/k8s/apps/kibana/oauth2-proxy.jsonnet +++ b/k8s/apps/kibana/oauth2-proxy.jsonnet @@ -1,14 +1,14 @@ -(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') { - app:: { +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ + app: { name: 'kibana', namespace: (import 'app.json5').namespace, }, domain: 'kibana.walnuts.dev', upstream: 'http://kibana.elasticsearch.svc.cluster.local:5601', - oidc:: { - secret:: { + oidc: { + secret: { onepassword_item_name: 'kibana-oauth2-proxy', }, allowed_group: '237477822715658605:kibana-admin', }, -} +}) diff --git a/k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet index 7ecf9ec9a..0ef4c67c3 100644 --- a/k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet +++ b/k8s/apps/longhorn-oauth2-proxy/oauth2-proxy.jsonnet @@ -1,14 +1,14 @@ -(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') { - app:: { +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ + app: { name: 'longhorn', namespace: (import 'app.json5').namespace, }, domain: 'longhorn.walnuts.dev', upstream: 'http://longhorn-frontend.longhorn-system.svc.cluster.local/#/dashboard', - oidc:: { - secret:: { + oidc: { + secret: { onepassword_item_name: 'longhorn-oauth2-proxy', }, allowed_group: '237477822715658605:longhorn-admin', }, -} +}) diff --git a/k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet index 996a9bbb6..82b373806 100644 --- a/k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet +++ b/k8s/apps/oekaki-dengon-game/oauth2-proxy/oauth2-proxy.jsonnet @@ -1,19 +1,24 @@ -(import '../../../components/oauth2-proxy/oauth2-proxy.libsonnet') { - app:: { - name: 'oekaki', - namespace: (import '../app.json5').namespace, - }, - domain: 'oekaki.walnuts.dev', - upstream: 'http://oekaki-dengon-game-front.oekaki-dengon-game.svc.cluster.local:3000/', - oidc:: { - secret:: { - onepassword_item_name: 'oekaki-oauth2-proxy', +local upstream = 'http://oekaki-dengon-game-front.oekaki-dengon-game.svc.cluster.local:3000/'; +local allowed_group = '237477822715658605:oekaki-admin'; + +(import '../../../components/oauth2-proxy/oauth2-proxy.libsonnet')( + { + app: { + name: 'oekaki', + namespace: (import '../app.json5').namespace, + }, + domain: 'oekaki.walnuts.dev', + upstream: upstream, + oidc: { + secret: { + onepassword_item_name: 'oekaki-oauth2-proxy', + }, + allowed_group: allowed_group, }, - allowed_group: '237477822715658605:oekaki-admin', }, - valuesObject:: { + valuesObject={ config: { - configFile: 'email_domains = [ "*" ]\nupstreams = [ "%s" ]\npass_access_token = true\nuser_id_claim = "sub"\noidc_groups_claim="my:zitadel:grants"\nallowed_groups = ["%s"]\nskip_auth_routes = ["/public","GET=/api","/_next", "/texture.png", "/favicon.ico", "site.webmanifest"]\ncustom_templates_dir = "/etc/oauth2-proxy/templates"' % [$.upstream, $.oidc.allowed_group], + configFile: 'email_domains = [ "*" ]\nupstreams = [ "%s" ]\npass_access_token = true\nuser_id_claim = "sub"\noidc_groups_claim="my:zitadel:grants"\nallowed_groups = ["%s"]\nskip_auth_routes = ["/public","GET=/api","/_next", "/texture.png", "/favicon.ico", "site.webmanifest"]\ncustom_templates_dir = "/etc/oauth2-proxy/templates"' % [upstream, allowed_group], }, extraVolumes: [ { @@ -37,4 +42,4 @@ }, ], }, -} +) diff --git a/k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet index 00d23ba92..27e2b713b 100644 --- a/k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet +++ b/k8s/apps/prometheus-oauth2-proxy/oauth2-proxy.jsonnet @@ -1,14 +1,14 @@ -(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet') { - app:: { +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ + app: { name: 'prometheus', namespace: (import 'app.json5').namespace, }, domain: 'prometheus.walnuts.dev', upstream: 'http://prometheus-operated.monitoring.svc.cluster.local:9090', - oidc:: { - secret:: { + oidc: { + secret: { onepassword_item_name: 'prometheus-oauth2-proxy', }, allowed_group: '237477822715658605:prometheus-admin', }, -} +}) diff --git a/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet b/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet index f98c4450b..ec6fdf171 100644 --- a/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet +++ b/k8s/components/oauth2-proxy/oauth2-proxy.libsonnet @@ -1,44 +1,43 @@ -{ - app:: { - name:: error 'name is required', - namespace:: error 'namespace is required', - }, - domain:: error 'domain is required', - upstream:: error 'upstream is required', - oidc:: { - secret:: { - onepassword_item_name:: error 'onepassword_item_name is required', - }, - allowed_group:: error 'allowed_group is required', - }, +// { +// app:: { +// name:: error 'name is required', +// namespace:: error 'namespace is required', +// }, +// domain:: error 'domain is required', +// upstream:: error 'upstream is required', +// oidc:: { +// secret:: { +// onepassword_item_name:: error 'onepassword_item_name is required', +// }, +// allowed_group:: error 'allowed_group is required', +// }, +// valuesObject:: {}, +// } - secret_name:: $.app.name + '-oauth2-proxy' + '-' + std.md5(std.toString($.oidc.secret))[0:6], - redis:: (import './redis.libsonnet') { - name: $.app.name + '-oauth2-proxy-redis', - secret_name: $.secret_name, - }, - valuesObject:: {}, +function(config, valuesObject={}) + local secret_name = config.app.name + '-oauth2-proxy' + '-' + std.md5(std.toString(config.oidc.secret))[0:6]; + local redis = (import './redis.libsonnet') { + name: config.app.name + '-oauth2-proxy-redis', + secret_name: secret_name, + }; - apiVersion: 'v1', - kind: 'List', - items: [ + [ (import './external-secret.libsonnet') { - name: $.secret_name, - onepassword_item_name: $.oidc.secret.onepassword_item_name, + name: secret_name, + onepassword_item_name: config.oidc.secret.onepassword_item_name, }, (import './helm.libsonnet') { - name: $.app.name + '-oauth2-proxy', - namespace: $.app.namespace, + name: config.app.name + '-oauth2-proxy', + namespace: config.app.namespace, - upstream: $.upstream, - allowed_groups: $.oidc.allowed_group, - domain: $.domain, - secret_name: $.secret_name, - redis_name: $.redis.name, + upstream: config.upstream, + allowed_groups: config.oidc.allowed_group, + domain: config.domain, + secret_name: secret_name, + redis_name: redis.name, - valuesObjectOverride: $.valuesObject, + valuesObjectOverride: valuesObject, }, - $.redis.items[0], - $.redis.items[1], - ], -} + redis.items[0], + redis.items[1], + ] From 59b5b7382d3cb3e38bdad454250b9f0e7ebc82ec Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 07:51:53 +0900 Subject: [PATCH 0071/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot-diff.yaml | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index 138d7eeb1..e40c9e52c 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -51,21 +51,15 @@ jobs: with: name: manifests - - name: install dyff - run: | - wget https://github.com/homeport/dyff/releases/download/v1.8.0/dyff_1.8.0_linux_amd64.tar.gz - tar -xvf dyff_1.8.0_linux_amd64.tar.gz - chmod +x dyff - - name: Build markdown comment with manifest diff run: | - echo "# Manifest diff + echo "# Manifest (k8s/apps) diff
Click to expand \`\`\`diff - $(for f in $(find snapshots-head -type f); do echo "## $f"; diff -u $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done) + $(for f in $(find snapshots-head/apps -type f); do echo "## $f"; diff -u $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done) \`\`\`
" | tee /tmp/diff.md @@ -79,25 +73,23 @@ jobs: https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/comments \ -d @- - - name: Build markdown comment with manifest dyff + - name: Build markdown comment with helm diff run: | - echo "# Manifest dyff + echo "# Helm diff
Click to expand \`\`\`diff - # $(./dyff between manifests-base.yaml manifests-head.yaml) - $(for f in $(find snapshots-head -type f); do echo "## $f"; ./dyff between $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done) + $(for f in $(find snapshots-head/helms -type f); do echo "## $f"; diff -u $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done) \`\`\` - -
" | tee /tmp/dyff.md + " | tee /tmp/diff.md # PRへのコメントだけど、issue commentのAPIを使うらしい - name: Comment manifest diff to GitHub PR continue-on-error: true run: | - cat /tmp/dyff.md | jq -Rs '{ "body": . }' | curl --fail \ + cat /tmp/diff.md | jq -Rs '{ "body": . }' | curl --fail \ -X POST -H 'Accept: application/vnd.github.v3+json' \ --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/comments \ From ebd981c9db1176427becff1de4821343c3305a15 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 22:52:47 +0000 Subject: [PATCH 0072/1209] fix(deps): update module github.com/go-playground/validator/v10 to v10.22.1 --- .github/scripts/infrautil/go.mod | 9 +++++---- .github/scripts/infrautil/go.sum | 10 ++++++++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index 0fda34125..8e83237a5 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -3,7 +3,7 @@ module github.com/walnuts1018/infra/.github/scripts/infrautil go 1.23.2 require ( - github.com/go-playground/validator/v10 v10.4.1 + github.com/go-playground/validator/v10 v10.22.1 github.com/google/go-jsonnet v0.20.0 github.com/google/subcommands v1.2.0 github.com/phsym/console-slog v0.3.1 @@ -45,6 +45,7 @@ require ( github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -52,8 +53,8 @@ require ( github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.4 // indirect - github.com/go-playground/locales v0.13.0 // indirect - github.com/go-playground/universal-translator v0.17.0 // indirect + github.com/go-playground/locales v0.14.1 // indirect + github.com/go-playground/universal-translator v0.18.1 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/goccy/go-yaml v1.11.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -79,7 +80,7 @@ require ( github.com/klauspost/compress v1.16.0 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect - github.com/leodido/go-urn v1.2.0 // indirect + github.com/leodido/go-urn v1.4.0 // indirect github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index 2f8ba1e41..80e142698 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -113,6 +113,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= +github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= @@ -136,10 +138,16 @@ github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBY github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= +github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= +github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= +github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= +github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= +github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA= +github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -246,6 +254,8 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= +github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= +github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= From 1d403c6e6ee90e988a9b46b13b4ee941ab46adfe Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 22:52:56 +0000 Subject: [PATCH 0073/1209] fix(deps): update module golang.org/x/sync to v0.9.0 --- .github/scripts/infrautil/go.mod | 2 +- .github/scripts/infrautil/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index 0fda34125..71c03fad8 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -9,7 +9,7 @@ require ( github.com/phsym/console-slog v0.3.1 github.com/pkg/errors v0.9.1 github.com/yosuke-furukawa/json5 v0.1.1 - golang.org/x/sync v0.8.0 + golang.org/x/sync v0.9.0 ) require ( diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index 2f8ba1e41..30287f6f5 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -441,6 +441,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From ac19053ae55238df65957f506596fab877145cb6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 07:53:32 +0900 Subject: [PATCH 0074/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot-diff.yaml | 2 +- .github/workflows/snapshot.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index e40c9e52c..36c5eba52 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -31,7 +31,7 @@ jobs: - name: mv run: | mkdir /tmp/snapshots-main - mv k8s/apps /tmp/snapshots-main/apps + mv k8s/snapshots /tmp/snapshots-main - name: Upload folder uses: actions/upload-artifact@v4 diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index c0148d803..c071d1369 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -40,7 +40,7 @@ jobs: - name: mv snapshot run: | rm -rf k8s/apps - mv k8s/snapshots/apps k8s/apps + cp -r k8s/snapshots/apps k8s/apps - name: push run: | From bcf213c9a57e63c534edf427eb4566e394dcd5a9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 07:54:24 +0900 Subject: [PATCH 0075/1209] fix Signed-off-by: walnuts1018 --- .github/workflows/snapshot-diff.yaml | 5 +++-- .github/workflows/snapshot.yaml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index 36c5eba52..08a71e007 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -31,7 +31,8 @@ jobs: - name: mv run: | mkdir /tmp/snapshots-main - mv k8s/snapshots /tmp/snapshots-main + mv k8s/apps /tmp/snapshots-main/apps + mv k8s/snapshots/helm /tmp/snapshots-main/helm - name: Upload folder uses: actions/upload-artifact@v4 @@ -81,7 +82,7 @@ jobs: Click to expand \`\`\`diff - $(for f in $(find snapshots-head/helms -type f); do echo "## $f"; diff -u $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done) + $(for f in $(find snapshots-head/helm -type f); do echo "## $f"; diff -u $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done) \`\`\` " | tee /tmp/diff.md diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index c071d1369..c0148d803 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -40,7 +40,7 @@ jobs: - name: mv snapshot run: | rm -rf k8s/apps - cp -r k8s/snapshots/apps k8s/apps + mv k8s/snapshots/apps k8s/apps - name: push run: | From e512d389b8447133d468b9beafdd801f97f211f8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 07:57:56 +0900 Subject: [PATCH 0076/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot-diff.yaml | 2 +- .github/workflows/snapshot.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index 08a71e007..d01b9a73d 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -32,7 +32,7 @@ jobs: run: | mkdir /tmp/snapshots-main mv k8s/apps /tmp/snapshots-main/apps - mv k8s/snapshots/helm /tmp/snapshots-main/helm + mv k8s/helm /tmp/snapshots-main/helm - name: Upload folder uses: actions/upload-artifact@v4 diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index c0148d803..86c0c9c3b 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -41,6 +41,7 @@ jobs: run: | rm -rf k8s/apps mv k8s/snapshots/apps k8s/apps + mv k8s/snapshots/helm k8s/helm - name: push run: | From a0d5a09d1526cffc1e7890c4c4a6d570066223cc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:09:07 +0900 Subject: [PATCH 0077/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot-diff.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index d01b9a73d..89f474c04 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -60,7 +60,7 @@ jobs: Click to expand \`\`\`diff - $(for f in $(find snapshots-head/apps -type f); do echo "## $f"; diff -u $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done) + $(for f in $(find snapshots-head/apps -type f); do echo "## $f"; diff -u $(echo $f | sed 's/head/main/') $f | sed 's/^/ /'; done) \`\`\` " | tee /tmp/diff.md @@ -82,7 +82,7 @@ jobs: Click to expand \`\`\`diff - $(for f in $(find snapshots-head/helm -type f); do echo "## $f"; diff -u $f $(echo $f | sed 's/head/main/') | sed 's/^/ /'; done) + $(for f in $(find snapshots-head/helm -type f); do echo "## $f"; diff -u $(echo $f | sed 's/head/main/') $f'; done) \`\`\` " | tee /tmp/diff.md From 465394cf0f924d29e72255753ceef76b6caa10ac Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:09:35 +0900 Subject: [PATCH 0078/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot-diff.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index 89f474c04..962727c63 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -82,7 +82,7 @@ jobs: Click to expand \`\`\`diff - $(for f in $(find snapshots-head/helm -type f); do echo "## $f"; diff -u $(echo $f | sed 's/head/main/') $f'; done) + $(for f in $(find snapshots-head/helm -type f); do echo "# Source: $f"; diff -u $(echo $f | sed 's/head/main/') $f'; done) \`\`\` " | tee /tmp/diff.md From dd890a6df0bb9038a82bb6ecfe9bba4aafb936e7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:12:22 +0900 Subject: [PATCH 0079/1209] fix Signed-off-by: walnuts1018 --- .github/workflows/snapshot-diff.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index 962727c63..2ec5aabf4 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -60,7 +60,7 @@ jobs: Click to expand \`\`\`diff - $(for f in $(find snapshots-head/apps -type f); do echo "## $f"; diff -u $(echo $f | sed 's/head/main/') $f | sed 's/^/ /'; done) + $(for f in $(find snapshots-head/apps -type f); do echo "## $f"; diff -u $(echo $f | sed 's/head/main/') $f; done) \`\`\` " | tee /tmp/diff.md @@ -82,7 +82,7 @@ jobs: Click to expand \`\`\`diff - $(for f in $(find snapshots-head/helm -type f); do echo "# Source: $f"; diff -u $(echo $f | sed 's/head/main/') $f'; done) + $(for f in $(find snapshots-head/helm -type f); do echo "# Source: $f"; diff -u $(echo $f | sed 's/head/main/') $f; done) \`\`\` " | tee /tmp/diff.md From 33efbc5bd90c536f31fe2f5f03f955e5a517f99d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:13:17 +0900 Subject: [PATCH 0080/1209] rm filename Signed-off-by: walnuts1018 --- .github/workflows/snapshot-diff.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index 2ec5aabf4..65cd0be0f 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -60,7 +60,7 @@ jobs: Click to expand \`\`\`diff - $(for f in $(find snapshots-head/apps -type f); do echo "## $f"; diff -u $(echo $f | sed 's/head/main/') $f; done) + $(for f in $(find snapshots-head/apps -type f); do diff -u $(echo $f | sed 's/head/main/') $f; done) \`\`\` " | tee /tmp/diff.md @@ -82,7 +82,7 @@ jobs: Click to expand \`\`\`diff - $(for f in $(find snapshots-head/helm -type f); do echo "# Source: $f"; diff -u $(echo $f | sed 's/head/main/') $f; done) + $(for f in $(find snapshots-head/helm -type f); do diff -u $(echo $f | sed 's/head/main/') $f; done) \`\`\` " | tee /tmp/diff.md From b1e4911ce24b9cfb7621c60486eeaf16e9e56f0e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:45:57 +0900 Subject: [PATCH 0081/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 3 --- k8s/_argocd/applications/argocd.yaml | 3 --- renovate.json5 | 7 +++++-- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index 40e7ee685..0843aaf95 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -15,9 +15,6 @@ spec: template: metadata: name: '{{.name}}' - annotations: - argocd-image-updater.argoproj.io/write-back-method: git - argocd-image-updater.argoproj.io/git-branch: main:image-updater-{{.name}} spec: project: default destination: diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index 4c12ac34d..52617c9f6 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -3,9 +3,6 @@ kind: Application metadata: name: argocd namespace: argocd - annotations: - argocd-image-updater.argoproj.io/write-back-method: git - argocd-image-updater.argoproj.io/git-branch: main:image-updater{{range .Images}}-{{.Name}}{{end}} spec: project: default destination: diff --git a/renovate.json5 b/renovate.json5 index e4976346a..b96012774 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -52,8 +52,11 @@ }, { matchManagers: ["kubernetes"], - matchDatasources: ["docker"], - enabled: false, + automerge: false, + }, + { + matchPackageNames: ["match-depName-below"], + versioning: "regex:^team-(?\\d+)(\\.(?\\d+))?(\\.(?\\d+))-plugins$", }, ], internalChecksFilter: "none", From fc78ea83dd5dbac8220d726fdccbcbc81b16f101 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:46:03 +0900 Subject: [PATCH 0082/1209] rm image update Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/image-updater/app.json5 | 4 ---- k8s/_argocd/argocd_components/image-updater/helm.jsonnet | 8 -------- k8s/_argocd/argocd_components/image-updater/values.yaml | 4 ---- 3 files changed, 16 deletions(-) delete mode 100644 k8s/_argocd/argocd_components/image-updater/app.json5 delete mode 100644 k8s/_argocd/argocd_components/image-updater/helm.jsonnet delete mode 100644 k8s/_argocd/argocd_components/image-updater/values.yaml diff --git a/k8s/_argocd/argocd_components/image-updater/app.json5 b/k8s/_argocd/argocd_components/image-updater/app.json5 deleted file mode 100644 index 2392c3a9d..000000000 --- a/k8s/_argocd/argocd_components/image-updater/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "argocd-image-updater", - namespace: "argocd", -} diff --git a/k8s/_argocd/argocd_components/image-updater/helm.jsonnet b/k8s/_argocd/argocd_components/image-updater/helm.jsonnet deleted file mode 100644 index 9f9bfde36..000000000 --- a/k8s/_argocd/argocd_components/image-updater/helm.jsonnet +++ /dev/null @@ -1,8 +0,0 @@ -(import '../../components/helm.libsonnet') { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - chart: 'argocd-image-updater', - repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '0.11.1', - values: (importstr 'values.yaml'), -} diff --git a/k8s/_argocd/argocd_components/image-updater/values.yaml b/k8s/_argocd/argocd_components/image-updater/values.yaml deleted file mode 100644 index 7f271ebf9..000000000 --- a/k8s/_argocd/argocd_components/image-updater/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -config: - gitCommitUser: "argocd-image-updater" - gitCommitMail: "noreply@argoproj.io" - gitCommitSignOff: true From 2651cf6caccb30bf3e859f4098d0ce07086f2b4b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:47:37 +0900 Subject: [PATCH 0083/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index b96012774..04394db84 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -55,8 +55,8 @@ automerge: false, }, { - matchPackageNames: ["match-depName-below"], - versioning: "regex:^team-(?\\d+)(\\.(?\\d+))?(\\.(?\\d+))-plugins$", + matchPackageNames: ["ghcr.io/walnuts1018/2024-ac-hacking"], + versioning: "regex:^[a-f0-9]+-(?[0-9]+)$", }, ], internalChecksFilter: "none", From 3923414927a744c165f0b7417c831161d2291c37 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:52:00 +0900 Subject: [PATCH 0084/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 04394db84..e9ab54864 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -7,9 +7,6 @@ flux: { enabled: false, }, - kubernetes: { - fileMatch: ["k8s/.+\\.yaml$"], - }, argocd: { fileMatch: ["k8s/_argocd/applications/.+\\.yaml$"], }, @@ -36,6 +33,17 @@ ], datasourceTemplate: "github-tags", }, + { + customType: "regex", + fileMatch: ["^k8s/.+\\.jsonnet$", "^k8s/.+\\.libsonnet$"], + matchStringsStrategy: "combination", + matchStrings: [ + "apiVersion:\\s'(?\\S+)'\\s*", + "kind:\\s'(?\\S+)'\\s*", + ], + datasourceTemplate: "kubernetes-api", + versioningTemplate: "kubernetes-api", + }, ], packageRules: [ { From 7fa582d711c407ca24aad8d1cf698e00dcf5d55d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:56:08 +0900 Subject: [PATCH 0085/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/renovate.json5 b/renovate.json5 index e9ab54864..140b24bbc 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -44,6 +44,15 @@ datasourceTemplate: "kubernetes-api", versioningTemplate: "kubernetes-api", }, + { + customType: "regex", + fileMatch: ["^k8s/.+\\.jsonnet$", "^k8s/.+\\.libsonnet$"], + matchStringsStrategy: "combination", + matchStrings: [ + "image:\\s'(?.+\\/)(?.+):(?.+)'", + ], + datasourceTemplate: "docker", + }, ], packageRules: [ { From 8f6b900fc997ef2085ba51cbd035befc68cef5b7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:57:02 +0900 Subject: [PATCH 0086/1209] fix Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 140b24bbc..658853c66 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -49,7 +49,7 @@ fileMatch: ["^k8s/.+\\.jsonnet$", "^k8s/.+\\.libsonnet$"], matchStringsStrategy: "combination", matchStrings: [ - "image:\\s'(?.+\\/)(?.+):(?.+)'", + "image:\\s'(?.+):(?.+)'", ], datasourceTemplate: "docker", }, From ab508404fcfbb3d4804b8a692e3b7fcbcc6f05cd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 23:57:31 +0000 Subject: [PATCH 0087/1209] Update ghcr.io/tailscale/tailscale Docker tag to v1.76.6 --- k8s/apps/tailscale/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tailscale/deployment.jsonnet b/k8s/apps/tailscale/deployment.jsonnet index 4c7b79d71..dae022c64 100644 --- a/k8s/apps/tailscale/deployment.jsonnet +++ b/k8s/apps/tailscale/deployment.jsonnet @@ -24,7 +24,7 @@ (import '../../components/container.libsonnet') { name: 'tailscale', imagePullPolicy: 'IfNotPresent', - image: 'ghcr.io/tailscale/tailscale:v1.76.1', + image: 'ghcr.io/tailscale/tailscale:v1.76.6', env: [ { name: 'TS_KUBE_SECRET', From 545b640073f224c31657ea45ff31c34faa3515e4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 23:57:34 +0000 Subject: [PATCH 0088/1209] Update cloudflare/cloudflared Docker tag to v2024.11.0 --- k8s/apps/cloudflared/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflared/deployment.jsonnet b/k8s/apps/cloudflared/deployment.jsonnet index feef7e4b8..375cecd1f 100644 --- a/k8s/apps/cloudflared/deployment.jsonnet +++ b/k8s/apps/cloudflared/deployment.jsonnet @@ -30,7 +30,7 @@ securityContext: { readOnlyRootFilesystem: true, }, - image: 'cloudflare/cloudflared:2024.10.1', + image: 'cloudflare/cloudflared:2024.11.0', imagePullPolicy: 'IfNotPresent', args: [ '--no-autoupdate', From 5d4d8d61562c6ad75798deda44e59e48afddd2c6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:57:56 +0900 Subject: [PATCH 0089/1209] =?UTF-8?q?=E3=81=9D=E3=81=AE=E3=81=BE=E3=81=BE?= =?UTF-8?q?=E3=81=A7=E3=82=82=E8=A1=8C=E3=81=91=E3=82=8B=E3=82=89=E3=81=97?= =?UTF-8?q?=E3=81=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- renovate.json5 | 9 --------- 1 file changed, 9 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 658853c66..e9ab54864 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -44,15 +44,6 @@ datasourceTemplate: "kubernetes-api", versioningTemplate: "kubernetes-api", }, - { - customType: "regex", - fileMatch: ["^k8s/.+\\.jsonnet$", "^k8s/.+\\.libsonnet$"], - matchStringsStrategy: "combination", - matchStrings: [ - "image:\\s'(?.+):(?.+)'", - ], - datasourceTemplate: "docker", - }, ], packageRules: [ { From 704681e5913363eb3c7fe73fde0d6dfbe652923c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 08:59:27 +0900 Subject: [PATCH 0090/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index e9ab54864..2f7f4a575 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -63,7 +63,11 @@ automerge: false, }, { - matchPackageNames: ["ghcr.io/walnuts1018/2024-ac-hacking"], + matchPackageNames: [ + "ghcr.io/walnuts1018/2024-ac-hacking", + "ghcr.io/walnuts1018/2024-ac-hacking-front", + "ghcr.io/walnuts1018/walnuts.dev", + ], versioning: "regex:^[a-f0-9]+-(?[0-9]+)$", }, ], From 3b54d88d3ad4122d23153c5b7c4d5689a8056012 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:01:52 +0900 Subject: [PATCH 0091/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 2f7f4a575..d0438ce48 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -7,6 +7,9 @@ flux: { enabled: false, }, + kubernetes: { + fileMatch: ["k8s/.+\\.jsonnet$"], + }, argocd: { fileMatch: ["k8s/_argocd/applications/.+\\.yaml$"], }, @@ -33,17 +36,6 @@ ], datasourceTemplate: "github-tags", }, - { - customType: "regex", - fileMatch: ["^k8s/.+\\.jsonnet$", "^k8s/.+\\.libsonnet$"], - matchStringsStrategy: "combination", - matchStrings: [ - "apiVersion:\\s'(?\\S+)'\\s*", - "kind:\\s'(?\\S+)'\\s*", - ], - datasourceTemplate: "kubernetes-api", - versioningTemplate: "kubernetes-api", - }, ], packageRules: [ { From 291a3cf7fe103e07902371ae74fcde7fcab86ab3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 00:02:54 +0000 Subject: [PATCH 0092/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to v4efcb800849da61b51914f053587045cb42d73f3-261 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 21f28672e..02017253a 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:4efcb800849da61b51914f053587045cb42d73f3-260', + image: 'ghcr.io/walnuts1018/walnuts.dev:4efcb800849da61b51914f053587045cb42d73f3-261', imagePullPolicy: 'IfNotPresent', ports: [ { From 023ece76b0ae4abb8b40f319cabb7a6e351cea5f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:06:38 +0900 Subject: [PATCH 0093/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/renovate.json5 b/renovate.json5 index d0438ce48..2961caea2 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -54,6 +54,7 @@ matchManagers: ["kubernetes"], automerge: false, }, + // Docker Imageタグ { matchPackageNames: [ "ghcr.io/walnuts1018/2024-ac-hacking", @@ -62,6 +63,10 @@ ], versioning: "regex:^[a-f0-9]+-(?[0-9]+)$", }, + { + matchPackageNames: ["photoprism/photoprism"], + versioning: "regex:^(?[0-9]{2})(?[0-9]{2})(?[0-9]{2})$", + }, ], internalChecksFilter: "none", prHourlyLimit: 0, From b9eaae02c80f7c22362ed4745c88482384b6525a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:11:31 +0900 Subject: [PATCH 0094/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/renovate.json5 b/renovate.json5 index 2961caea2..3d89dbf0e 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -60,6 +60,9 @@ "ghcr.io/walnuts1018/2024-ac-hacking", "ghcr.io/walnuts1018/2024-ac-hacking-front", "ghcr.io/walnuts1018/walnuts.dev", + "ghcr.io/walnuts1018/http-dump", + "ghcr.io/walnuts1018/mucaron-backend", + "ghcr.io/walnuts1018/mucaron-frontend", ], versioning: "regex:^[a-f0-9]+-(?[0-9]+)$", }, From 6871b01bb02666ec80f56b5005b7c22194d81086 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:14:17 +0900 Subject: [PATCH 0095/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 3d89dbf0e..5a43fdd19 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -54,7 +54,6 @@ matchManagers: ["kubernetes"], automerge: false, }, - // Docker Imageタグ { matchPackageNames: [ "ghcr.io/walnuts1018/2024-ac-hacking", @@ -66,6 +65,15 @@ ], versioning: "regex:^[a-f0-9]+-(?[0-9]+)$", }, + { + matchPackageNames: [ + "ghcr.io/kmc-jp/oekaki-dengon-game-back", + "ghcr.io/kmc-jp/oekaki-dengon-game-front", + "ghcr.io/walnuts1018/openchokin-back", + "ghcr.io/walnuts1018/openchokin-front", + ], + versioning: "regex:^v0\\.0\\.0-[a-f0-9]+-(?[0-9]+)$", + }, { matchPackageNames: ["photoprism/photoprism"], versioning: "regex:^(?[0-9]{2})(?[0-9]{2})(?[0-9]{2})$", From fb79a2789d9cbd014c98c4b1c52cafd9b94e23b4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:15:47 +0900 Subject: [PATCH 0096/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 5a43fdd19..0c73be300 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -51,8 +51,10 @@ automerge: true, }, { - matchManagers: ["kubernetes"], - automerge: false, + matchUpdateTypes: ["patch"], + matchDatasources: ["docker"], + matchCurrentVersion: "!/^0/", + automerge: true, }, { matchPackageNames: [ From 88390620449d930fa3dac929b2bd9fbc71769c7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 00:16:42 +0000 Subject: [PATCH 0097/1209] Update ghcr.io/walnuts1018/mucaron-backend Docker tag to v0102bd810fea7e88a85bb3e03348c522dcfc0d94-65 --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index 89b9c203e..adecb704e 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:d6be1e4266c1e34e7265cd7c46cdef25c192a5da-62', + image: 'ghcr.io/walnuts1018/mucaron-backend:0102bd810fea7e88a85bb3e03348c522dcfc0d94-65', ports: [ { containerPort: 8080, From a859775cff018ecc1b045c1c30c64057733c2443 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 00:16:45 +0000 Subject: [PATCH 0098/1209] Update ghcr.io/walnuts1018/mucaron-frontend Docker tag to v2324c722bddbc2ecf4428d6deff2f49a48b5938b-38 --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 371d3bd33..a6c0b4b6c 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:6ee43def7714d6fc0c1dcfa0be59c4a4fbdeeaff-33', + image: 'ghcr.io/walnuts1018/mucaron-frontend:2324c722bddbc2ecf4428d6deff2f49a48b5938b-38', ports: [ { containerPort: 3000, From c1a66eafeb4020349578151ca87c9fd70f471dd8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:17:10 +0900 Subject: [PATCH 0099/1209] rm check-automerge.py Signed-off-by: walnuts1018 --- .github/scripts/check-automerge.py | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 .github/scripts/check-automerge.py diff --git a/.github/scripts/check-automerge.py b/.github/scripts/check-automerge.py deleted file mode 100644 index 0559dc2dc..000000000 --- a/.github/scripts/check-automerge.py +++ /dev/null @@ -1,27 +0,0 @@ -import subprocess -import re -import os - -automerge = False -old_major = old_minor = old_patch = new_major = new_minor = new_patch = None - -result = subprocess.run("git diff", shell=True, capture_output=True) -if result.returncode == 0: - diff = result.stdout.decode("utf-8") - if match := re.search(r"\-.+?(\d+)\.(\d+)\.(\d+).+\"\$imagepolicy\"", diff): - old_major, old_minor, old_patch = match.groups() - - if match := re.search(r"\+.+?(\d+)\.(\d+)\.(\d+).+\"\$imagepolicy\"", diff): - new_major, new_minor, new_patch = match.groups() - - if new_major == old_major and new_minor == old_minor: - automerge = True - -print("Automerge: %s" % automerge) -print("Old tag: %s.%s.%s" % (old_major, old_minor, old_patch)) -print("New tag: %s.%s.%s" % (new_major, new_minor, new_patch)) - -with open(os.environ["GITHUB_OUTPUT"], "a") as f : - print("{0}={1}".format("automerge", automerge), file=f) - print("{0}={1}".format("old_tag", "%s.%s.%s" % (old_major, old_minor, old_patch)), file=f) - print("{0}={1}".format("new_tag", "%s.%s.%s" % (new_major, new_minor, new_patch)), file=f) From f17538b102fe1d27a77f12a9d74fb071395fd165 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:18:47 +0900 Subject: [PATCH 0100/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 3 --- 1 file changed, 3 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 0c73be300..6896bad48 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -4,9 +4,6 @@ dependencyDashboard: true, timezone: "Asia/Tokyo", minimumReleaseAge: "8 days", - flux: { - enabled: false, - }, kubernetes: { fileMatch: ["k8s/.+\\.jsonnet$"], }, From 97f24c0599b8ef0a75a638190fc1be3f28e1e60c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:19:38 +0900 Subject: [PATCH 0101/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/renovate.json5 b/renovate.json5 index 6896bad48..fee0375f7 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -53,6 +53,10 @@ matchCurrentVersion: "!/^0/", automerge: true, }, + { + matchPackageNames: ["aquaproj/aqua-registry"], + automerge: true, + }, { matchPackageNames: [ "ghcr.io/walnuts1018/2024-ac-hacking", From 0f6fdeeb9507cad4d4a514e6870ff7119d4b79e4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:29:21 +0900 Subject: [PATCH 0102/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index fee0375f7..873a63c76 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -3,7 +3,6 @@ extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.3.1"], dependencyDashboard: true, timezone: "Asia/Tokyo", - minimumReleaseAge: "8 days", kubernetes: { fileMatch: ["k8s/.+\\.jsonnet$"], }, @@ -41,6 +40,10 @@ matchCurrentVersion: "!/^0/", automerge: true, }, + { + matchDatasources: ["helm"], + minimumReleaseAge: "3 days", + } { matchUpdateTypes: ["patch"], matchDatasources: ["github-tags"], From 1d76cfdea4eb799e7434c15f7abccf288f52e94f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:31:54 +0900 Subject: [PATCH 0103/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot.yaml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index 86c0c9c3b..f3970d6d9 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -37,6 +37,14 @@ jobs: run: | make snapshot + - name: Upload folder + uses: actions/upload-artifact@v4 + with: + if-no-files-found: error + name: snapshots + path: | + k8s/snapshots + - name: mv snapshot run: | rm -rf k8s/apps @@ -77,11 +85,11 @@ jobs: runs-on: ubuntu-latest needs: snapshot steps: - - uses: actions/checkout@v4 + - uses: actions/download-artifact@v4 with: - ref: snapshot + name: snapshots - name: Lint manifest with kubeconform uses: docker://ghcr.io/yannh/kubeconform:latest with: - args: "-ignore-missing-schemas -strict -summary k8s/apps" + args: "-ignore-missing-schemas -strict -summary snapshots/apps" From f9270a092d647c0a66b2954b0d6bbea2687fa673 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:34:13 +0900 Subject: [PATCH 0104/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index f3970d6d9..b10f5a0c1 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -1,8 +1,6 @@ name: Snapshot Auto Generation on: push: - branches: - - main workflow_dispatch: jobs: @@ -46,12 +44,14 @@ jobs: k8s/snapshots - name: mv snapshot + if: ${{ github.ref_name == 'main' }} run: | rm -rf k8s/apps mv k8s/snapshots/apps k8s/apps mv k8s/snapshots/helm k8s/helm - name: push + if: ${{ github.ref_name == 'main' }} run: | git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" @@ -61,6 +61,7 @@ jobs: scan: runs-on: ubuntu-latest + if: ${{ github.ref_name == 'main' }} needs: snapshot steps: - uses: actions/checkout@v4 From 92fba16dde3deffc9877dc6300740db98beb3957 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:35:03 +0900 Subject: [PATCH 0105/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index b10f5a0c1..5ea334461 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -94,3 +94,10 @@ jobs: uses: docker://ghcr.io/yannh/kubeconform:latest with: args: "-ignore-missing-schemas -strict -summary snapshots/apps" + + status-check: + runs-on: ubuntu-latest + needs: [lint] + if: failure() + steps: + - run: exit 1 From 0500cd8e21cf1eb38697e9513e7779f4527bf618 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:35:42 +0900 Subject: [PATCH 0106/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index 5ea334461..569d8b11c 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -95,6 +95,8 @@ jobs: with: args: "-ignore-missing-schemas -strict -summary snapshots/apps" + # auto merge用 + # auto megeはskipもsuccessとみなす status-check: runs-on: ubuntu-latest needs: [lint] From 0470c517366a740143d7939c705b3ce214a3b396 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:41:22 +0900 Subject: [PATCH 0107/1209] add Signed-off-by: walnuts1018 --- .github/workflows/snapshot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index 569d8b11c..afb5fd390 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -93,7 +93,7 @@ jobs: - name: Lint manifest with kubeconform uses: docker://ghcr.io/yannh/kubeconform:latest with: - args: "-ignore-missing-schemas -strict -summary snapshots/apps" + args: "-ignore-missing-schemas -strict -summary apps" # auto merge用 # auto megeはskipもsuccessとみなす From 0d51c12c92ca2071d19305faa7781ac3706c998d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:44:22 +0900 Subject: [PATCH 0108/1209] =?UTF-8?q?snapshot=E3=83=96=E3=83=A9=E3=83=B3?= =?UTF-8?q?=E3=83=81=E3=81=A7=E3=81=AF=E5=AE=9F=E8=A1=8C=E3=81=97=E3=81=AA?= =?UTF-8?q?=E3=81=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- .github/workflows/snapshot.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index afb5fd390..f20d52c77 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -1,6 +1,9 @@ name: Snapshot Auto Generation on: push: + branches: + - "**" + - "!snapshot" workflow_dispatch: jobs: @@ -93,7 +96,7 @@ jobs: - name: Lint manifest with kubeconform uses: docker://ghcr.io/yannh/kubeconform:latest with: - args: "-ignore-missing-schemas -strict -summary apps" + args: "-ignore-missing-schemas -strict -summary snapshots/apps" # auto merge用 # auto megeはskipもsuccessとみなす From 4f5c6da69f38de14f252919e8f749698f81cbc03 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:45:39 +0900 Subject: [PATCH 0109/1209] fix Signed-off-by: walnuts1018 --- .github/workflows/snapshot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index f20d52c77..101dd4518 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -96,7 +96,7 @@ jobs: - name: Lint manifest with kubeconform uses: docker://ghcr.io/yannh/kubeconform:latest with: - args: "-ignore-missing-schemas -strict -summary snapshots/apps" + args: "-ignore-missing-schemas -strict -summary apps" # auto merge用 # auto megeはskipもsuccessとみなす From 5860c77ef1f2f1f5e09c04d3522e0149a624dcff Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 9 Nov 2024 09:55:59 +0900 Subject: [PATCH 0110/1209] fix Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 873a63c76..01bb340ca 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -43,7 +43,7 @@ { matchDatasources: ["helm"], minimumReleaseAge: "3 days", - } + }, { matchUpdateTypes: ["patch"], matchDatasources: ["github-tags"], From a6090b9a200871aeedc35a53463b4f4a830cf3da Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 02:12:03 +0000 Subject: [PATCH 0111/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to v4efcb800849da61b51914f053587045cb42d73f3-262 (#926) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 02017253a..7c65268bf 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:4efcb800849da61b51914f053587045cb42d73f3-261', + image: 'ghcr.io/walnuts1018/walnuts.dev:4efcb800849da61b51914f053587045cb42d73f3-262', imagePullPolicy: 'IfNotPresent', ports: [ { From 30c00d9443c52c745c6813f391ab6c24bb181650 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 16:00:23 +0000 Subject: [PATCH 0112/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to v1c59597a0d18b0cb0890f0398b701a52a04baba6-268 (#927) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 7c65268bf..2d80bd37c 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:4efcb800849da61b51914f053587045cb42d73f3-262', + image: 'ghcr.io/walnuts1018/walnuts.dev:1c59597a0d18b0cb0890f0398b701a52a04baba6-268', imagePullPolicy: 'IfNotPresent', ports: [ { From 38bda22212f768bd029bc3733b9927635fd38e9e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 18:00:27 +0000 Subject: [PATCH 0113/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to cdb647454bb869669c66613587657086ce3c52ce-270 (#928) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 2d80bd37c..0f918d55b 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:1c59597a0d18b0cb0890f0398b701a52a04baba6-268', + image: 'ghcr.io/walnuts1018/walnuts.dev:cdb647454bb869669c66613587657086ce3c52ce-270', imagePullPolicy: 'IfNotPresent', ports: [ { From 50f0ee2685e660d17ab29b6504abef9ac28f612b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 18:57:03 +0000 Subject: [PATCH 0114/1209] Update Helm release nextcloud to v6.2.2 (#929) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index 1ae3bcff7..717059ccb 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.2.1', + targetRevision: '6.2.2', values: (importstr 'values.yaml'), } From de16b59a6d402b23e829b6d2317e2c354130cc1b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 18:57:13 +0000 Subject: [PATCH 0115/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to v0b2a497275e4e6d0bbfd1f8e4b1fb39ba358664d-271 (#930) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 0f918d55b..e6ac7dc9d 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:cdb647454bb869669c66613587657086ce3c52ce-270', + image: 'ghcr.io/walnuts1018/walnuts.dev:0b2a497275e4e6d0bbfd1f8e4b1fb39ba358664d-271', imagePullPolicy: 'IfNotPresent', ports: [ { From fa2b802ea621689c2af9748e23a568684ba18a68 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 10 Nov 2024 04:02:27 +0900 Subject: [PATCH 0116/1209] add Signed-off-by: walnuts1018 --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index adecb704e..b8935e4a0 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -83,7 +83,7 @@ }, { name: 'MINIO_ACCESS_KEY', - value: 'oZzVGMWfbXtGtuzgPd3R', + value: '4SYRxLsspRxsvXvaddkz', }, { name: 'MINIO_SECRET_KEY', From a70dea15979dc5a4af0833c3202b454eb82dfe6e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 10 Nov 2024 05:48:18 +0900 Subject: [PATCH 0117/1209] add Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index e6ac7dc9d..d1953587d 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:0b2a497275e4e6d0bbfd1f8e4b1fb39ba358664d-271', + image: 'ghcr.io/walnuts1018/walnuts.dev:9b92bd806cbc142ae3e7e9ad393ebfed25792cb5-276', imagePullPolicy: 'IfNotPresent', ports: [ { From 8f29f7480e3c75ff0ace1883ca606667fabd6cb2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 22:30:38 +0000 Subject: [PATCH 0118/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to v9986bca33b7212acdf826bb43438e24614b7da3d-281 (#931) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index d1953587d..db2fe9066 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:9b92bd806cbc142ae3e7e9ad393ebfed25792cb5-276', + image: 'ghcr.io/walnuts1018/walnuts.dev:9986bca33b7212acdf826bb43438e24614b7da3d-281', imagePullPolicy: 'IfNotPresent', ports: [ { From 09f8bcffa344f246546bb5d6e5bb006a0e17404f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 10 Nov 2024 00:05:51 +0000 Subject: [PATCH 0119/1209] Update Helm release kube-prometheus-stack to v66.1.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 3e9bb7486..dd6804fd7 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.0.0', + targetRevision: '66.1.0', values: (importstr 'values.yaml'), } From 3c3f7e169ac8cdd0f9d099dbc25f4028edee9e3e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 10 Nov 2024 04:42:32 +0000 Subject: [PATCH 0120/1209] Update Helm release argo-cd to v7.7.1 (#933) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index cf0fe948e..5c3ed7033 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.0', + targetRevision: '7.7.1', values: (importstr 'values.yaml'), } From 6811abe25ffed690ee37df8d81b31e3060e2374d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 10 Nov 2024 21:53:36 +0900 Subject: [PATCH 0121/1209] add Signed-off-by: walnuts1018 --- .../collectors/default.jsonnet | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 59c4ebe88..c68817f48 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -6,6 +6,39 @@ std.mergePatch((import '_base.libsonnet'), { replicas: 1, mode: 'deployment', config: { + connectors: { + spanmetrics: { + histogram: { + explicit: { + buckets: [ + '1ms', + '10ms', + '100ms', + '200ms', + '400ms', + '800ms', + '1s', + ], + }, + }, + dimensions: [ + { + name: 'http.method', + default: 'GET', + }, + { + name: 'http.host', + }, + { + name: 'http.path', + }, + { + name: 'http.status_code', + }, + ], + metrics_flush_interval: '15s', + }, + }, receivers: { otlp: { protocols: { From edea5c7f4f5f11961fee9d94a6cab51d8deb4563 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 10 Nov 2024 21:54:13 +0900 Subject: [PATCH 0122/1209] add Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/default.jsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index c68817f48..dff67942b 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -150,11 +150,13 @@ std.mergePatch((import '_base.libsonnet'), { ], exporters: [ 'otlp/tempo', + 'spanmetrics', ], }, metrics: { receivers: [ 'otlp', + 'spanmetrics', ], processors: [ 'memory_limiter', From 6b885329e21a2a5e59183f5bbfbbb1d03c632819 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 10 Nov 2024 22:13:12 +0900 Subject: [PATCH 0123/1209] add Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/default.jsonnet | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index dff67942b..7bdb60703 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -32,6 +32,9 @@ std.mergePatch((import '_base.libsonnet'), { { name: 'http.path', }, + { + name: 'http.target', + }, { name: 'http.status_code', }, From af9b174cf09addc0da4f413348b1a0a4894dcbd7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 11 Nov 2024 14:59:47 +0900 Subject: [PATCH 0124/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 1a96bc2bc..424ba7965 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -11,6 +11,12 @@ ingress: ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/proxy-body-size: 128G + nginx.ingress.kubernetes.io/ignore-invalid-headers: "off" + nginx.ingress.kubernetes.io/client-max-body-size: "0" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-request-buffering: "off" + nginx.ingress.kubernetes.io/proxy-set-headers: 'Connection ""' + hosts: - minio.walnuts.dev consoleIngress: @@ -39,5 +45,4 @@ environment: metrics: serviceMonitor: enabled: true - users: [] From 2da6ddcb690494eeca14f2083d81f35926b00685 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 19:44:30 +0000 Subject: [PATCH 0125/1209] Update Terraform aws to v5.75.1 --- terraform/kurumi/.terraform.lock.hcl | 58 ++++++++++++++-------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 6beb653d4..71d8cce0a 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,37 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.75.0" + version = "5.75.1" constraints = "~> 5.75.0" hashes = [ - "h1:1R08bG9RT1qWHU6K0B992s3VbTIdb7cWt421+TBVS/8=", - "h1:36n0sS0B/ZL0yr4JsW07TT+WtLmozvlKTAA/MQWpDY8=", - "h1:5E1PLq7S2vAczsDkUGc1MrvuZGTNgmsGXcrY9Hty0Dw=", - "h1:6SG/Rk52Rj48h4JDOyVg4pw9jmjxgCyCLwgXrJXZGL0=", - "h1:GGL7/R/t1CLUYTcoUG5oSoNv0ZIlf/1/PFanquWbgUg=", - "h1:NVVF3N+wgg5EfE7XlYgvjAO9VHqBeOYR/IG0cTLgruY=", - "h1:OkOE53v2W80A4UB+mI4VvE70W63eyYGWD8pHLu4OaWE=", - "h1:RJs0yQo3ScqJ0ZJyR9UX92ja2Nl5rEVJPUwP9h6lxBc=", - "h1:Vp6AJuCkdX4e1r8twlZmiBxO82N24+ytjVNQUBePy/s=", - "h1:WMOykRQJ6m4Z6tXrW5Vz9zCitj6R8rP99x4cAKU5lgE=", - "h1:aA/+c37GlH4+CsV49So/+/TsdpfwRNCQLP3CglLjjmw=", - "h1:rQl8P8OJZNwwPTATMtPjkyHnSOt4lkVD4t2cT+9JE+Y=", - "h1:rhG7XqZyeERvJ5JByMUO5rzYcu3VgWlRE7/tzi2dNI0=", - "h1:sIFhAbI3lxSeDdmgFoee7cNq24kBmMHqmDLbCLTqq8k=", - "zh:01b01b132b70df918f735898f1ad012ab3033d1b909b2e38950d16964d94c084", - "zh:28bc6ee7b0c88b1a48f315509ad390fb1e8f39bebe0f7a43c22b1a63825251d1", - "zh:31f9043a4c3538883ab9b9d3b399dae62e4552251e6a2b1da13ec3a2018a027d", - "zh:47451c295ffbddd19679a41d728f0942486d6de0d9206418d9593dda5a20c120", - "zh:5204c1a9f41dcc10e38879d41d95d95fdbb10527f613c129603137b1dbe99777", - "zh:64c3165a6019045782c8ad2a40d6fa4253d44dba67a5a971a81791cff5a9d3d5", + "h1:+ZcdWhg8y53iMCvi3FvsXDKqEgaaCqJa5g6uOMXFuEg=", + "h1:95lSAhTV4tpAPI3yfKBdVFFwsg0K8uXVJe8vZ6DX/0E=", + "h1:IcDJUt4TCiiTEX6uFqq3XqNDDaO5vFCVItx9sIqtyUQ=", + "h1:IjTK53LCkzhOUT3v95TJnMXlQRzJnmK9uWjOrLDc79M=", + "h1:PIBnv1Mi0tX2GF6qUSdps3IouABeTqVgJZ4aAzIVzdI=", + "h1:R6IWpE+foH9oKVkmYVHtXxelMFOt5R60zmHmeXwkp6U=", + "h1:Sw1Knog2YkLGJ4+4TOdne9PcsOrp+n4SHiE2TH/LTPk=", + "h1:cHtyc9SWPFXXSjDjiRqpYsya+KbCBIGaddIN+/68kfc=", + "h1:cIsinPaDEhAg6BPG+b0jaHZdoCB4W/RRo6m8ETNAsMY=", + "h1:fr252BPFVqsCcVoLMN4PTVacXmrW3pbMlK1ibi/wHiU=", + "h1:ijX5mwbQZOnPVQGxxVsJs6Yh6h2w+V3mQmKznB6pIkw=", + "h1:ooOE19eAmj+5tOdgUh5aUOUKDFceb5RMd694vfomsIg=", + "h1:uz55I4t3Pqy3p+82NZ35mkUA9mZ5yu4pS6beZMI8wpA=", + "h1:vH/1vmjeNwSMAAXxPhR+IoIqpuSukgYQjDTb6NQ4ijQ=", + "zh:1075825e7311a8d2d233fd453a173910e891b0320e8a7698af44d1f90b02621d", + "zh:203c5d09a03fcaa946defb8459f01227f2fcda07df768f74777beb328d6751ae", + "zh:21bc79ccb09bfdeb711a3a5226c6c4a457ac7c4bb781dbda6ade7be38461739f", + "zh:2bac969855b62a0ff6716954be29387a1f9793626059122cda4681206396e309", + "zh:4b65ea5b51058f05b9ec8797f76184e19e5b38a609029fe2226af3fa4ad289b3", + "zh:5065d7df357fb3ee2b0a2520bbcff6335c0c47bfb9e8e9932bad088c3ab7efd3", + "zh:678a4015a4cd26af5c2b30dfd9290b8a01e900668fa0fec6585dfd1838f1cebd", + "zh:6ddc5dfdd4a0dddca027db99a7bfa9a0978933119d63af81acb6020728405119", + "zh:98c0d48b09842c444dbcbddd279e5b5b1e44113951817a8ecc28896bb4ad1dd7", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a5788f78da2f0ac78f99ca2a4c489c041654bec992f3183fd0b972e0554f91e9", - "zh:aed486e3b24e9f82543bf558b2a7eade4a905608060fac1284145c00ff63d3e2", - "zh:b42523c409940a9c3866f4973c8251b96e5f3a0934230849c533a04b95854965", - "zh:b570353eeb97b3ed1b423a6f67857a7a3c1c47c9907e45a81c3df186a2fd88d0", - "zh:bf05df84199cbc776a878f920f6be4d27737f2de204f80794e6a652d49692f0d", - "zh:c27133287d20620244de95f4c2438135e60c057e0891a3ec97539c990f7ebdec", - "zh:c59143082fe8e4f5d5b0676472b8b0e24c2a2f1ede622a64f9f24639382d4b03", - "zh:ebe01c3b7a85deebc10b4081097dd6e8b4c79b7c13a20acb099bd17ff06afcb7", + "zh:aad169fea072842c0b54f1ff95f1ec6558d6c5af3ea4c159308583db59003b09", + "zh:bd2625ed8e1ff29ac6ed3a810d7b68a090add5fcb2fce4122669bd37e1eb9f1d", + "zh:c6f57625e26a6ef1ffb49bfa0e6148496ad12d80c857f6bb222e21f293a2a78a", + "zh:c7cd085326c5eb88804b11a4bc0fbc8376f06138f4b9624fb25cd06ea8687cdd", + "zh:f60c98139f983817d4d08f4138b1e53f31f91176ff638631e8dd38b6de36fce0", ] } From 7142fafe0b52b593f840e94c526cb2387a86d709 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 19:44:34 +0000 Subject: [PATCH 0126/1209] Update Helm release tempo to v1.14.0 --- k8s/apps/tempo/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet index 375850757..622c61028 100644 --- a/k8s/apps/tempo/helm.jsonnet +++ b/k8s/apps/tempo/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'tempo', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '1.13.0', + targetRevision: '1.14.0', values: (importstr 'values.yaml'), } From 7af623affe8e479062d89df6f9524196751c9710 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 23:58:06 +0000 Subject: [PATCH 0127/1209] Update ghcr.io/walnuts1018/mucaron-backend Docker tag to v8731b75296ae462ad6c2b2a1ff5284f2d79cdb90-69 --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index b8935e4a0..3d76991a3 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:0102bd810fea7e88a85bb3e03348c522dcfc0d94-65', + image: 'ghcr.io/walnuts1018/mucaron-backend:8731b75296ae462ad6c2b2a1ff5284f2d79cdb90-69', ports: [ { containerPort: 8080, From e84c22fd200ef82f7d671496debf1e4527d71944 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 23:59:40 +0000 Subject: [PATCH 0128/1209] Update ghcr.io/walnuts1018/mucaron-frontend Docker tag to v6cb298426289cf4ec3135c832eac3d6a5c98afcc-43 (#937) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index a6c0b4b6c..46b290d9b 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:2324c722bddbc2ecf4428d6deff2f49a48b5938b-38', + image: 'ghcr.io/walnuts1018/mucaron-frontend:6cb298426289cf4ec3135c832eac3d6a5c98afcc-43', ports: [ { containerPort: 3000, From f91117d60b4eadcd7bb4fc01703392957facc796 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 04:48:43 +0000 Subject: [PATCH 0129/1209] Update ghcr.io/walnuts1018/fitbit-manager Docker tag to v0.8.4 --- k8s/apps/fitbit-manager/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index 341320175..b9a1c4c18 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:0.8.3', + image: 'ghcr.io/walnuts1018/fitbit-manager:0.8.4', imagePullPolicy: 'IfNotPresent', ports: [ { From 080419dd0f2142b7f748d66e2d5dd5fe2760f603 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 04:48:50 +0000 Subject: [PATCH 0130/1209] Update debian Docker tag to v12.8 --- k8s/apps/samba-backup/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/samba-backup/cronjob.jsonnet b/k8s/apps/samba-backup/cronjob.jsonnet index 33fac52f1..fdaf10802 100644 --- a/k8s/apps/samba-backup/cronjob.jsonnet +++ b/k8s/apps/samba-backup/cronjob.jsonnet @@ -17,7 +17,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'samba-backup', - image: 'debian:12.7', + image: 'debian:12.8', command: [ 'sh', '/backup.sh', From 02a50843fa6ee723be498eeb799982aac3940958 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 04:49:40 +0000 Subject: [PATCH 0131/1209] Update ghcr.io/walnuts1018/mucaron-backend Docker tag to v03336ba91b0acc370e5750306517506d41488734-70 (#939) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index 3d76991a3..608f393fa 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:8731b75296ae462ad6c2b2a1ff5284f2d79cdb90-69', + image: 'ghcr.io/walnuts1018/mucaron-backend:03336ba91b0acc370e5750306517506d41488734-70', ports: [ { containerPort: 8080, From 0ffef02fcc68b4acb594c6b737245d5df77f1ac4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:04:17 +0900 Subject: [PATCH 0132/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/app.json5 | 4 + k8s/apps/minio/proxy/config/nginx.conf | 24 ++++ k8s/apps/minio/proxy/config/virtualhost.conf | 70 +++++++++++ k8s/apps/minio/proxy/configmap.jsonnet | 13 ++ k8s/apps/minio/proxy/deployment.jsonnet | 122 +++++++++++++++++++ k8s/apps/minio/proxy/ingress.jsonnet | 56 +++++++++ k8s/apps/minio/proxy/service.jsonnet | 25 ++++ k8s/apps/minio/values.yaml | 18 --- 8 files changed, 314 insertions(+), 18 deletions(-) create mode 100644 k8s/apps/minio/proxy/config/nginx.conf create mode 100644 k8s/apps/minio/proxy/config/virtualhost.conf create mode 100644 k8s/apps/minio/proxy/configmap.jsonnet create mode 100644 k8s/apps/minio/proxy/deployment.jsonnet create mode 100644 k8s/apps/minio/proxy/ingress.jsonnet create mode 100644 k8s/apps/minio/proxy/service.jsonnet diff --git a/k8s/apps/minio/app.json5 b/k8s/apps/minio/app.json5 index 15ba0c82e..f2e2fe3e3 100644 --- a/k8s/apps/minio/app.json5 +++ b/k8s/apps/minio/app.json5 @@ -1,4 +1,8 @@ { name: "minio", namespace: "minio", + + proxy: { + name: "minio", + }, } diff --git a/k8s/apps/minio/proxy/config/nginx.conf b/k8s/apps/minio/proxy/config/nginx.conf new file mode 100644 index 000000000..0ded8adc3 --- /dev/null +++ b/k8s/apps/minio/proxy/config/nginx.conf @@ -0,0 +1,24 @@ +user nginx; +worker_processes 1; +error_log /var/log/nginx/error.log; +events { + worker_connections 10240; +} +http { + log_format main + 'remote_addr:$remote_addr\t' + 'time_local:$time_local\t' + 'method:$request_method\t' + 'uri:$request_uri\t' + 'host:$host\t' + 'status:$status\t' + 'bytes_sent:$body_bytes_sent\t' + 'referer:$http_referer\t' + 'useragent:$http_user_agent\t' + 'forwardedfor:$http_x_forwarded_for\t' + 'request_time:$request_time'; + + access_log /var/log/nginx/access.log main; + + include /etc/nginx/virtualhost/virtualhost.conf; +} diff --git a/k8s/apps/minio/proxy/config/virtualhost.conf b/k8s/apps/minio/proxy/config/virtualhost.conf new file mode 100644 index 000000000..027724c22 --- /dev/null +++ b/k8s/apps/minio/proxy/config/virtualhost.conf @@ -0,0 +1,70 @@ +server { + listen 9000 default_server; + listen [::]:9000 default_server; + server_name ""; + + # Allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; + + # Cloudflareが勝手に設定するが、terraformを使ったときにsignedheaderと一致しなくなってしまうので強制的にoverride + proxy_set_header Accept-Encoding "identity"; + + proxy_pass http://minio.minio.svc.cluster.local:9000; + } +} + +server { + listen 9001 default_server; + listen [::]:9001 default_server; + server_name ""; + + # Allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; + + proxy_connect_timeout 300; + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # Uncomment the following line to set the Origin request to an empty string + # proxy_set_header Origin ''; + + chunked_transfer_encoding off; + + proxy_pass http://minio-console.minio.svc.cluster.local:9000; + } +} diff --git a/k8s/apps/minio/proxy/configmap.jsonnet b/k8s/apps/minio/proxy/configmap.jsonnet new file mode 100644 index 000000000..fddf9f01b --- /dev/null +++ b/k8s/apps/minio/proxy/configmap.jsonnet @@ -0,0 +1,13 @@ +{ + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: (import '../app.json5').proxy.name, + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, + }, + data: { + 'nginx.conf': (importstr './config/nginx.conf'), + 'virtualhost.conf': (importstr './config/virtualhost.conf'), + }, +} diff --git a/k8s/apps/minio/proxy/deployment.jsonnet b/k8s/apps/minio/proxy/deployment.jsonnet new file mode 100644 index 000000000..372c3d0d6 --- /dev/null +++ b/k8s/apps/minio/proxy/deployment.jsonnet @@ -0,0 +1,122 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import '../app.json5').proxy.name, + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, + }, + template: { + metadata: { + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, + }, + spec: { + securityContext: { + fsGroup: 101, + fsGroupChangePolicy: 'OnRootMismatch', + }, + containers: [ + std.mergePatch((import '../../../components/container.libsonnet') { + name: 'nginx', + image: 'nginx:1.27.2', + ports: [ + { + containerPort: 9090, + }, + { + containerPort: 9091, + }, + ], + livenessProbe: { + httpGet: { + path: '/healthz', + port: 9090, + }, + failureThreshold: 1, + initialDelaySeconds: 10, + periodSeconds: 10, + }, + volumeMounts: [ + { + mountPath: '/etc/nginx', + readOnly: true, + name: 'nginx-conf', + }, + { + mountPath: '/tmp', + name: 'tmp', + }, + { + mountPath: '/var/tmp', + name: 'tmp', + }, + { + mountPath: '/var/log/nginx', + name: 'log-nginx', + }, + { + mountPath: '/var/cache/nginx', + name: 'cache-nginx', + }, + { + mountPath: '/var/run', + name: 'var-run', + }, + ], + resources: { + limits: { + memory: '100Mi', + }, + requests: { + memory: '5Mi', + }, + }, + }, { + securityContext: { + runAsUser: 101, + }, + }), + ], + volumes: [ + { + name: 'nginx-conf', + configMap: { + name: (import 'configmap.jsonnet').metadata.name, + items: [ + { + key: 'nginx.conf', + path: 'nginx.conf', + }, + { + key: 'virtualhost.conf', + path: 'virtualhost/virtualhost.conf', + }, + ], + }, + }, + { + name: 'tmp', + emptyDir: {}, + }, + { + name: 'log-nginx', + emptyDir: {}, + }, + { + name: 'cache-nginx', + emptyDir: {}, + }, + { + name: 'var-run', + emptyDir: {}, + }, + ], + }, + }, + }, +} diff --git a/k8s/apps/minio/proxy/ingress.jsonnet b/k8s/apps/minio/proxy/ingress.jsonnet new file mode 100644 index 000000000..9300c799c --- /dev/null +++ b/k8s/apps/minio/proxy/ingress.jsonnet @@ -0,0 +1,56 @@ +{ + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: (import '../app.json5').proxy.name, + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, + annotations: { + 'nginx.ingress.kubernetes.io/proxy-body-size': '128G', + }, + }, + spec: { + ingressClassName: 'nginx', + rules: [ + { + host: 'minio.walnuts.dev', + http: { + paths: [ + { + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: (import 'service.jsonnet').metadata.name, + port: { + number: (import 'service.jsonnet').spec.ports[0].port, + }, + }, + }, + }, + ], + }, + }, + { + host: 'minio-console.walnuts.dev', + http: { + paths: [ + { + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: (import 'service.jsonnet').metadata.name, + port: { + number: (import 'service.jsonnet').spec.ports[1].port, + }, + }, + }, + }, + ], + }, + }, + + ], + }, +} diff --git a/k8s/apps/minio/proxy/service.jsonnet b/k8s/apps/minio/proxy/service.jsonnet new file mode 100644 index 000000000..72eddfa40 --- /dev/null +++ b/k8s/apps/minio/proxy/service.jsonnet @@ -0,0 +1,25 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import '../app.json5').proxy.name, + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, + }, + spec: { + selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, + ports: [ + { + protocol: 'TCP', + port: 9000, + targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[0].containerPort, + }, + { + protocol: 'TCP', + port: 9001, + targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[1].containerPort, + }, + ], + type: 'ClusterIP', + }, +} diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 424ba7965..f306c4efc 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -6,24 +6,6 @@ persistence: size: 24Gi volumeName: minio accessMode: ReadWriteOnce -ingress: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: 128G - nginx.ingress.kubernetes.io/ignore-invalid-headers: "off" - nginx.ingress.kubernetes.io/client-max-body-size: "0" - nginx.ingress.kubernetes.io/proxy-buffering: "off" - nginx.ingress.kubernetes.io/proxy-request-buffering: "off" - nginx.ingress.kubernetes.io/proxy-set-headers: 'Connection ""' - - hosts: - - minio.walnuts.dev -consoleIngress: - enabled: true - ingressClassName: nginx - hosts: - - minio-console.walnuts.dev resources: requests: memory: 500Mi From 671d33d058b112e66fd4c416c566c99557611db6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 12:05:34 +0000 Subject: [PATCH 0133/1209] Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.16.0 --- k8s/apps/elasticsearch/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/elasticsearch/deployment.jsonnet b/k8s/apps/elasticsearch/deployment.jsonnet index ab0c9de98..a3184df5b 100644 --- a/k8s/apps/elasticsearch/deployment.jsonnet +++ b/k8s/apps/elasticsearch/deployment.jsonnet @@ -28,7 +28,7 @@ type: 'RuntimeDefault', }, }, - image: 'docker.elastic.co/elasticsearch/elasticsearch:8.15.3', + image: 'docker.elastic.co/elasticsearch/elasticsearch:8.16.0', ports: [ { containerPort: 9200, From bd31d2eae968645135cab8e25b1df5554eb58bbb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 12:05:46 +0000 Subject: [PATCH 0134/1209] Update docker.elastic.co/kibana/kibana Docker tag to v8.16.0 --- k8s/apps/kibana/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/kibana/deployment.jsonnet b/k8s/apps/kibana/deployment.jsonnet index ced14473d..bee1df86d 100644 --- a/k8s/apps/kibana/deployment.jsonnet +++ b/k8s/apps/kibana/deployment.jsonnet @@ -23,7 +23,7 @@ readOnlyRootFilesystem: true, runAsNonRoot: true, }, - image: 'docker.elastic.co/kibana/kibana:8.15.3', + image: 'docker.elastic.co/kibana/kibana:8.16.0', ports: [ { name: 'http', From e632cd30cc9cfde42ea82137eb0d620bb96def96 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:05:52 +0900 Subject: [PATCH 0135/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/minio/app.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/app.json5 b/k8s/apps/minio/app.json5 index f2e2fe3e3..724b7ea81 100644 --- a/k8s/apps/minio/app.json5 +++ b/k8s/apps/minio/app.json5 @@ -3,6 +3,6 @@ namespace: "minio", proxy: { - name: "minio", + name: "minio-proxy", }, } From 1daa6217f9a8e8d72b61e96e718c77fac7c1533d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:09:06 +0900 Subject: [PATCH 0136/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/minio/proxy/deployment.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/minio/proxy/deployment.jsonnet b/k8s/apps/minio/proxy/deployment.jsonnet index 372c3d0d6..ac938d1ef 100644 --- a/k8s/apps/minio/proxy/deployment.jsonnet +++ b/k8s/apps/minio/proxy/deployment.jsonnet @@ -26,10 +26,10 @@ image: 'nginx:1.27.2', ports: [ { - containerPort: 9090, + containerPort: 9000, }, { - containerPort: 9091, + containerPort: 9001, }, ], livenessProbe: { From 7b43c9a12e6d72a9aa8a629a707bb3eba9836b78 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:09:15 +0900 Subject: [PATCH 0137/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/proxy/deployment.jsonnet | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/k8s/apps/minio/proxy/deployment.jsonnet b/k8s/apps/minio/proxy/deployment.jsonnet index ac938d1ef..00394eca0 100644 --- a/k8s/apps/minio/proxy/deployment.jsonnet +++ b/k8s/apps/minio/proxy/deployment.jsonnet @@ -32,15 +32,15 @@ containerPort: 9001, }, ], - livenessProbe: { - httpGet: { - path: '/healthz', - port: 9090, - }, - failureThreshold: 1, - initialDelaySeconds: 10, - periodSeconds: 10, - }, + // livenessProbe: { + // httpGet: { + // path: '/healthz', + // port: 9000, + // }, + // failureThreshold: 1, + // initialDelaySeconds: 10, + // periodSeconds: 10, + // }, volumeMounts: [ { mountPath: '/etc/nginx', From 8bdab5581c2de37c6bf4d67a164d764d993efc91 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:10:20 +0900 Subject: [PATCH 0138/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/proxy/config/virtualhost.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/k8s/apps/minio/proxy/config/virtualhost.conf b/k8s/apps/minio/proxy/config/virtualhost.conf index 027724c22..34dd12ee9 100644 --- a/k8s/apps/minio/proxy/config/virtualhost.conf +++ b/k8s/apps/minio/proxy/config/virtualhost.conf @@ -68,3 +68,14 @@ server { proxy_pass http://minio-console.minio.svc.cluster.local:9000; } } + +server { + listen 8080; + server_name ""; + + location /healthz { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{"status":"UP"}'; + } +} From 19067ae99634ed8dd46a98065b4113ef9544987c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:11:29 +0900 Subject: [PATCH 0139/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/proxy/config/virtualhost.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/proxy/config/virtualhost.conf b/k8s/apps/minio/proxy/config/virtualhost.conf index 34dd12ee9..964947436 100644 --- a/k8s/apps/minio/proxy/config/virtualhost.conf +++ b/k8s/apps/minio/proxy/config/virtualhost.conf @@ -65,7 +65,7 @@ server { chunked_transfer_encoding off; - proxy_pass http://minio-console.minio.svc.cluster.local:9000; + proxy_pass http://minio-console.minio.svc.cluster.local:9001; } } From dce0b1a524d5dae51f675a5d53afd27d27cb3e83 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:13:04 +0900 Subject: [PATCH 0140/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/proxy/service.jsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/minio/proxy/service.jsonnet b/k8s/apps/minio/proxy/service.jsonnet index 72eddfa40..ee9112fae 100644 --- a/k8s/apps/minio/proxy/service.jsonnet +++ b/k8s/apps/minio/proxy/service.jsonnet @@ -10,11 +10,13 @@ selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, ports: [ { + name: 'minio', protocol: 'TCP', port: 9000, targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[0].containerPort, }, { + name: 'minio-console', protocol: 'TCP', port: 9001, targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[1].containerPort, From 64d86e94d1e4dbc2810d8d0ab79c831991d4bf8c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:50:28 +0900 Subject: [PATCH 0141/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/blog/config/nginx.conf | 4 ++-- k8s/apps/minio/proxy/config/nginx.conf | 4 ++-- k8s/apps/nginx-test/config/nginx.conf | 4 ++-- k8s/apps/walnuts-dev-www-redirect/config/nginx.conf | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/k8s/apps/blog/config/nginx.conf b/k8s/apps/blog/config/nginx.conf index 0ded8adc3..f728ccc06 100644 --- a/k8s/apps/blog/config/nginx.conf +++ b/k8s/apps/blog/config/nginx.conf @@ -1,6 +1,6 @@ user nginx; worker_processes 1; -error_log /var/log/nginx/error.log; +error_log /dev/stderr; events { worker_connections 10240; } @@ -18,7 +18,7 @@ http { 'forwardedfor:$http_x_forwarded_for\t' 'request_time:$request_time'; - access_log /var/log/nginx/access.log main; + access_log /dev/stdout main; include /etc/nginx/virtualhost/virtualhost.conf; } diff --git a/k8s/apps/minio/proxy/config/nginx.conf b/k8s/apps/minio/proxy/config/nginx.conf index 0ded8adc3..f728ccc06 100644 --- a/k8s/apps/minio/proxy/config/nginx.conf +++ b/k8s/apps/minio/proxy/config/nginx.conf @@ -1,6 +1,6 @@ user nginx; worker_processes 1; -error_log /var/log/nginx/error.log; +error_log /dev/stderr; events { worker_connections 10240; } @@ -18,7 +18,7 @@ http { 'forwardedfor:$http_x_forwarded_for\t' 'request_time:$request_time'; - access_log /var/log/nginx/access.log main; + access_log /dev/stdout main; include /etc/nginx/virtualhost/virtualhost.conf; } diff --git a/k8s/apps/nginx-test/config/nginx.conf b/k8s/apps/nginx-test/config/nginx.conf index 0ded8adc3..f728ccc06 100644 --- a/k8s/apps/nginx-test/config/nginx.conf +++ b/k8s/apps/nginx-test/config/nginx.conf @@ -1,6 +1,6 @@ user nginx; worker_processes 1; -error_log /var/log/nginx/error.log; +error_log /dev/stderr; events { worker_connections 10240; } @@ -18,7 +18,7 @@ http { 'forwardedfor:$http_x_forwarded_for\t' 'request_time:$request_time'; - access_log /var/log/nginx/access.log main; + access_log /dev/stdout main; include /etc/nginx/virtualhost/virtualhost.conf; } diff --git a/k8s/apps/walnuts-dev-www-redirect/config/nginx.conf b/k8s/apps/walnuts-dev-www-redirect/config/nginx.conf index 0ded8adc3..f728ccc06 100644 --- a/k8s/apps/walnuts-dev-www-redirect/config/nginx.conf +++ b/k8s/apps/walnuts-dev-www-redirect/config/nginx.conf @@ -1,6 +1,6 @@ user nginx; worker_processes 1; -error_log /var/log/nginx/error.log; +error_log /dev/stderr; events { worker_connections 10240; } @@ -18,7 +18,7 @@ http { 'forwardedfor:$http_x_forwarded_for\t' 'request_time:$request_time'; - access_log /var/log/nginx/access.log main; + access_log /dev/stdout main; include /etc/nginx/virtualhost/virtualhost.conf; } From 75a2da4d7512765d3ac4b2514cd9c3cbcf664312 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 21:56:44 +0900 Subject: [PATCH 0142/1209] add Signed-off-by: walnuts1018 --- k8s/apps/blog/configmap.jsonnet | 12 ++++-------- k8s/apps/minio/proxy/configmap.jsonnet | 12 ++++-------- k8s/apps/nginx-test/configmap.jsonnet | 12 ++++-------- k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet | 12 ++++-------- 4 files changed, 16 insertions(+), 32 deletions(-) diff --git a/k8s/apps/blog/configmap.jsonnet b/k8s/apps/blog/configmap.jsonnet index b852fae5f..439a91c2d 100644 --- a/k8s/apps/blog/configmap.jsonnet +++ b/k8s/apps/blog/configmap.jsonnet @@ -1,11 +1,7 @@ -{ - apiVersion: 'v1', - kind: 'ConfigMap', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, +(import '../../components/configmap.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, data: { 'nginx.conf': (importstr './config/nginx.conf'), 'virtualhost.conf': (importstr './config/virtualhost.conf'), diff --git a/k8s/apps/minio/proxy/configmap.jsonnet b/k8s/apps/minio/proxy/configmap.jsonnet index fddf9f01b..ca01391f8 100644 --- a/k8s/apps/minio/proxy/configmap.jsonnet +++ b/k8s/apps/minio/proxy/configmap.jsonnet @@ -1,11 +1,7 @@ -{ - apiVersion: 'v1', - kind: 'ConfigMap', - metadata: { - name: (import '../app.json5').proxy.name, - namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, - }, +(import '../../components/configmap.libsonnet') { + name: (import '../app.json5').proxy.name, + namespace: (import '../app.json5').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, data: { 'nginx.conf': (importstr './config/nginx.conf'), 'virtualhost.conf': (importstr './config/virtualhost.conf'), diff --git a/k8s/apps/nginx-test/configmap.jsonnet b/k8s/apps/nginx-test/configmap.jsonnet index b852fae5f..439a91c2d 100644 --- a/k8s/apps/nginx-test/configmap.jsonnet +++ b/k8s/apps/nginx-test/configmap.jsonnet @@ -1,11 +1,7 @@ -{ - apiVersion: 'v1', - kind: 'ConfigMap', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, +(import '../../components/configmap.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, data: { 'nginx.conf': (importstr './config/nginx.conf'), 'virtualhost.conf': (importstr './config/virtualhost.conf'), diff --git a/k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet b/k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet index 6bfc25600..439a91c2d 100644 --- a/k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet +++ b/k8s/apps/walnuts-dev-www-redirect/configmap.jsonnet @@ -1,11 +1,7 @@ -{ - apiVersion: 'v1', - kind: 'ConfigMap', - metadata: { - name: (import 'app.json5').name + '-' + std.md5(std.toString($.data))[0:6], - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, +(import '../../components/configmap.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, data: { 'nginx.conf': (importstr './config/nginx.conf'), 'virtualhost.conf': (importstr './config/virtualhost.conf'), From fb3a16be3979c602cbedaeefcbd294a53fb0599f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 22:52:25 +0900 Subject: [PATCH 0143/1209] terraform Signed-off-by: walnuts1018 --- terraform/kurumi/main.tf | 35 +++++++++++++++++++ terraform/modules/minio/minio.tf | 35 +++++-------------- terraform/modules/minio/oekaki-dengon-game.tf | 31 ++++++++++++++++ 3 files changed, 75 insertions(+), 26 deletions(-) create mode 100644 terraform/modules/minio/oekaki-dengon-game.tf diff --git a/terraform/kurumi/main.tf b/terraform/kurumi/main.tf index 01dd20cfa..9c6e8c9ed 100644 --- a/terraform/kurumi/main.tf +++ b/terraform/kurumi/main.tf @@ -29,3 +29,38 @@ module "minio" { source = "../modules/minio" bucket_name_suffix = "" } + +import { + id = "loki-admin" + to = module.minio.aws_s3_bucket.loki-admin +} + +import { + id = "loki-chunks" + to = module.minio.aws_s3_bucket.loki-chunks +} + +import { + id = "loki-ruler" + to = module.minio.aws_s3_bucket.loki-ruler +} + +import { + id = "oekaki-dengon-game" + to = module.minio.aws_s3_bucket.oekaki-dengon-game +} + +import { + id = "mucaron" + to = module.minio.aws_s3_bucket.mucaron +} + +import { + id = "tempo" + to = module.minio.aws_s3_bucket.tempo +} + +import { + id = "zalando-backup" + to = module.minio.aws_s3_bucket.zalando-backup +} diff --git a/terraform/modules/minio/minio.tf b/terraform/modules/minio/minio.tf index bf24d3c81..7f47ed3b4 100644 --- a/terraform/modules/minio/minio.tf +++ b/terraform/modules/minio/minio.tf @@ -1,5 +1,5 @@ -resource "aws_s3_bucket" "tempo" { - bucket = format("tempo%s", var.bucket_name_suffix) +resource "aws_s3_bucket" "loki-admin" { + bucket = format("loki-admin%s", var.bucket_name_suffix) } resource "aws_s3_bucket" "loki-chunks" { @@ -10,33 +10,16 @@ resource "aws_s3_bucket" "loki-ruler" { bucket = format("loki-ruler%s", var.bucket_name_suffix) } -resource "aws_s3_bucket" "loki-admin" { - bucket = format("loki-admin%s", var.bucket_name_suffix) + + +resource "aws_s3_bucket" "mucaron" { + bucket = format("mucaron%s", var.bucket_name_suffix) } +resource "aws_s3_bucket" "tempo" { + bucket = format("tempo%s", var.bucket_name_suffix) +} resource "aws_s3_bucket" "zalando-backup" { bucket = format("zalando-backup%s", var.bucket_name_suffix) } - - -# data "aws_iam_policy_document" "toberepalaced" { -# statement { -# principals { -# type = "AWS" -# identifiers = ["*"] -# } -# actions = [ -# "s3:GetObject", -# ] -# resources = [ -# aws_s3_bucket.toberepalaced" {.arn, -# "${aws_s3_bucket.toberepalaced" {.arn}/*", -# ] -# } -# } - -# resource "aws_s3_bucket_policy" "toberepalaced" {{ -# bucket = aws_s3_bucket.toberepalaced" {.id -# policy = data.aws_iam_policy_document.toberepalaced" {.json -# } diff --git a/terraform/modules/minio/oekaki-dengon-game.tf b/terraform/modules/minio/oekaki-dengon-game.tf new file mode 100644 index 000000000..788cf6870 --- /dev/null +++ b/terraform/modules/minio/oekaki-dengon-game.tf @@ -0,0 +1,31 @@ +resource "aws_s3_bucket" "oekaki-dengon-game" { + bucket = format("oekaki-dengon-game%s", var.bucket_name_suffix) +} + +resource "aws_s3_bucket_policy" "oekaki-dengon-game" { + bucket = aws_s3_bucket.oekaki-dengon-game.bucket + policy = data.aws_iam_policy_document.oekaki-dengon-game.json +} + +data "aws_iam_policy_document" "oekaki-dengon-game" { + version = "2012-10-17" + statement { + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["s3:GetBucketLocation", "s3:ListBucket"] + resources = [aws_s3_bucket.oekaki-dengon-game.arn] + } + + statement { + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["s3:GetObject"] + resources = ["${aws_s3_bucket.oekaki-dengon-game.arn}/*"] + } +} From 3f5b108c1f81cf51f9ec573a4047f8d811366763 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 12 Nov 2024 22:54:22 +0900 Subject: [PATCH 0144/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/proxy/configmap.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/proxy/configmap.jsonnet b/k8s/apps/minio/proxy/configmap.jsonnet index ca01391f8..bd0b01741 100644 --- a/k8s/apps/minio/proxy/configmap.jsonnet +++ b/k8s/apps/minio/proxy/configmap.jsonnet @@ -1,4 +1,4 @@ -(import '../../components/configmap.libsonnet') { +(import '../../../components/configmap.libsonnet') { name: (import '../app.json5').proxy.name, namespace: (import '../app.json5').namespace, labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, From 58b80ca3fcefefcba621320f8f84a0bffe8d1ee2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 17:48:38 +0000 Subject: [PATCH 0145/1209] Update Helm release opentelemetry-operator to v0.74.0 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index f547a9196..ae411081b 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.73.0', + targetRevision: '0.74.0', values: (importstr 'values.yaml'), } From bcc0d0f496db4831030b0aba35328395137f9f80 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 17:48:43 +0000 Subject: [PATCH 0146/1209] Update Helm release zitadel to v8.6.0 --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 70a993ea7..d54e2df1a 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.5.0', + targetRevision: '8.6.0', values: (importstr 'values.yaml'), } From a809c010b9a27257f9cb792aeb7419a0909f1d7d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 17:49:32 +0000 Subject: [PATCH 0147/1209] Update Helm release kube-prometheus-stack to v66.1.1 (#941) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index dd6804fd7..5a10f60c1 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.1.0', + targetRevision: '66.1.1', values: (importstr 'values.yaml'), } From 14aeb9a45284d71f2e72f41604a6112225546e8f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 17:49:48 +0000 Subject: [PATCH 0148/1209] Update Helm release argo-cd to v7.7.2 (#944) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 5c3ed7033..340b31b3f 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.1', + targetRevision: '7.7.2', values: (importstr 'values.yaml'), } From 5525992cd209cec6fe2da3c0cc43553ec0fdc467 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 02:05:34 +0000 Subject: [PATCH 0149/1209] Update dependency aquaproj/aqua-registry to v4.250.0 (#947) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index d9411b06e..5d50e00e8 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.249.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.250.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 75193d7542dd1d691432dd3bc9c09e46a322f68d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 13 Nov 2024 12:19:52 +0900 Subject: [PATCH 0150/1209] Update deployment.jsonnet --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index db2fe9066..4b8dd5e56 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:9986bca33b7212acdf826bb43438e24614b7da3d-281', + image: 'ghcr.io/walnuts1018/walnuts.dev:5ca4997566d3274f768fe2a6731fdff940ec24fb-283', imagePullPolicy: 'IfNotPresent', ports: [ { From ae69d0a783388959c6b1aed6f3a2d1b1a2d7dccf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 04:28:25 +0000 Subject: [PATCH 0151/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to v46e8420a07eb841cd4a6c71e5c86b2f8467bc187-285 (#948) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 4b8dd5e56..7d9559a56 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:5ca4997566d3274f768fe2a6731fdff940ec24fb-283', + image: 'ghcr.io/walnuts1018/walnuts.dev:46e8420a07eb841cd4a6c71e5c86b2f8467bc187-285', imagePullPolicy: 'IfNotPresent', ports: [ { From 71cb658157caac10e4e1b4f9ebbae4667b49f59d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 14:23:28 +0000 Subject: [PATCH 0152/1209] Update Helm release argo-cd to v7.7.3 (#949) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 340b31b3f..4f9ff13be 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.2', + targetRevision: '7.7.3', values: (importstr 'values.yaml'), } From 8e8ddaebbc437072963c0608f2747755e1c228e0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 14:23:42 +0000 Subject: [PATCH 0153/1209] Update ghcr.io/cybozu-go/moco/mysql Docker tag to v8.4.3 (#950) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mysql-default/mysql-cluster.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mysql-default/mysql-cluster.jsonnet b/k8s/apps/mysql-default/mysql-cluster.jsonnet index 190fad670..de8bc1904 100644 --- a/k8s/apps/mysql-default/mysql-cluster.jsonnet +++ b/k8s/apps/mysql-default/mysql-cluster.jsonnet @@ -69,7 +69,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'mysqld', - image: 'ghcr.io/cybozu-go/moco/mysql:8.4.2', + image: 'ghcr.io/cybozu-go/moco/mysql:8.4.3', resources: { requests: { memory: '400Mi', From f5fbd8f61f807b046aa7cee54ae2cacf60db2b20 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 23:16:10 +0000 Subject: [PATCH 0154/1209] Update Helm release opentelemetry-operator to v0.74.2 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index ae411081b..29c2fb2d2 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.74.0', + targetRevision: '0.74.2', values: (importstr 'values.yaml'), } From ea6b4dfd6d795f3a02226a9017f009f63f56b573 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 00:13:06 +0000 Subject: [PATCH 0155/1209] Update dependency aquaproj/aqua-registry to v4.251.0 (#952) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 5d50e00e8..bab644c72 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.250.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.251.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From aa43241a3e64f480170146a4c3ea624106997b7d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 03:08:02 +0000 Subject: [PATCH 0156/1209] Update module helm.sh/helm/v3 to v3.16.3 --- .github/scripts/infrautil/go.mod | 14 ++++++++------ .github/scripts/infrautil/go.sum | 15 +++++++++++++++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index 028625d15..321a2228c 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -22,17 +22,19 @@ require ( github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.11.4 // indirect + github.com/Microsoft/hcsshim v0.11.7 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.12 // indirect + github.com/containerd/containerd v1.7.23 // indirect + github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect - github.com/cyphar/filepath-securejoin v0.3.1 // indirect + github.com/containerd/platforms v0.2.1 // indirect + github.com/cyphar/filepath-securejoin v0.3.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/distribution/reference v0.5.0 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/docker/cli v25.0.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v25.0.6+incompatible // indirect @@ -77,7 +79,7 @@ require ( github.com/jmoiron/sqlx v1.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.16.0 // indirect + github.com/klauspost/compress v1.16.7 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/leodido/go-urn v1.4.0 // indirect @@ -157,6 +159,6 @@ require ( github.com/sters/yaml-diff v1.3.2 gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.16.2 + helm.sh/helm/v3 v3.16.3 sigs.k8s.io/yaml v1.4.0 ) diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index e317a033b..3d9f8cfc9 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -26,6 +26,7 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -61,16 +62,24 @@ github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaD github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= +github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= +github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= +github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= +github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= +github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= +github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -79,6 +88,8 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= @@ -239,6 +250,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= +github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -535,6 +548,8 @@ gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= +helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= +helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= From 0336c30d9d722a66fab11eb5ea2cb58114362369 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 18:30:38 +0000 Subject: [PATCH 0157/1209] Update Terraform aws to ~> 5.76.0 --- terraform/kurumi/.terraform.lock.hcl | 60 ++++++++++++++-------------- terraform/kurumi/main.tf | 2 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 71d8cce0a..583d440c3 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,37 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.75.1" - constraints = "~> 5.75.0" + version = "5.76.0" + constraints = "~> 5.76.0" hashes = [ - "h1:+ZcdWhg8y53iMCvi3FvsXDKqEgaaCqJa5g6uOMXFuEg=", - "h1:95lSAhTV4tpAPI3yfKBdVFFwsg0K8uXVJe8vZ6DX/0E=", - "h1:IcDJUt4TCiiTEX6uFqq3XqNDDaO5vFCVItx9sIqtyUQ=", - "h1:IjTK53LCkzhOUT3v95TJnMXlQRzJnmK9uWjOrLDc79M=", - "h1:PIBnv1Mi0tX2GF6qUSdps3IouABeTqVgJZ4aAzIVzdI=", - "h1:R6IWpE+foH9oKVkmYVHtXxelMFOt5R60zmHmeXwkp6U=", - "h1:Sw1Knog2YkLGJ4+4TOdne9PcsOrp+n4SHiE2TH/LTPk=", - "h1:cHtyc9SWPFXXSjDjiRqpYsya+KbCBIGaddIN+/68kfc=", - "h1:cIsinPaDEhAg6BPG+b0jaHZdoCB4W/RRo6m8ETNAsMY=", - "h1:fr252BPFVqsCcVoLMN4PTVacXmrW3pbMlK1ibi/wHiU=", - "h1:ijX5mwbQZOnPVQGxxVsJs6Yh6h2w+V3mQmKznB6pIkw=", - "h1:ooOE19eAmj+5tOdgUh5aUOUKDFceb5RMd694vfomsIg=", - "h1:uz55I4t3Pqy3p+82NZ35mkUA9mZ5yu4pS6beZMI8wpA=", - "h1:vH/1vmjeNwSMAAXxPhR+IoIqpuSukgYQjDTb6NQ4ijQ=", - "zh:1075825e7311a8d2d233fd453a173910e891b0320e8a7698af44d1f90b02621d", - "zh:203c5d09a03fcaa946defb8459f01227f2fcda07df768f74777beb328d6751ae", - "zh:21bc79ccb09bfdeb711a3a5226c6c4a457ac7c4bb781dbda6ade7be38461739f", - "zh:2bac969855b62a0ff6716954be29387a1f9793626059122cda4681206396e309", - "zh:4b65ea5b51058f05b9ec8797f76184e19e5b38a609029fe2226af3fa4ad289b3", - "zh:5065d7df357fb3ee2b0a2520bbcff6335c0c47bfb9e8e9932bad088c3ab7efd3", - "zh:678a4015a4cd26af5c2b30dfd9290b8a01e900668fa0fec6585dfd1838f1cebd", - "zh:6ddc5dfdd4a0dddca027db99a7bfa9a0978933119d63af81acb6020728405119", - "zh:98c0d48b09842c444dbcbddd279e5b5b1e44113951817a8ecc28896bb4ad1dd7", + "h1:0kI13izqob5Y68/D0QOrZBFZRsqpRt5y3xBbvXGCoFA=", + "h1:0vvRpjncvOeSq0e7hq5z9vkxqWqxrIe0T4uDOJYMogU=", + "h1:1HDJQxhd/6TGT1XjrhHs7OBAnjfBoJ3xNo4nn6wzoWM=", + "h1:3HO1CXuuuWt6dCfSYO4tBJjaNh86hd8M2ldzAAN1LTs=", + "h1:8xbmsJs9nCS9uBNjoxUXo5rOq1WgrXps632VIazrx84=", + "h1:GCIz6RqKVqFFdbaBRRCdLWilbMDpMiAblbn62BEuM9w=", + "h1:GxERYvv14yV5Eq0Ct1eInn3A0UAyvZsKgsDbmZmbtJU=", + "h1:JSLR3JP9naVcnH0PHcDwwHr3aQB9vlW0+b8HQma1GpU=", + "h1:RIaMr2WLZxL5Xs634b5Sa+hK6mVT7apzWcd9GfsGL20=", + "h1:bYc0hbgVRXYCiapr/EgjdP8ohcwFjninfknZvqHQZPQ=", + "h1:jD74ysr8oFfeOfFs38iwcINGNNa6lMOpojszl3auMx4=", + "h1:sD1YrPlCP6I6NsWhVVAl7IGKL9SvUZcbq4VhpiDv6xg=", + "h1:tOF76x3MbmnYsyciKeWSKM58mOGAcAa7BXln0h1zQrQ=", + "h1:xOKohtuoKP9ApJILrOTAS3oXZ+1vMGWvJ4o9+lzhX30=", + "zh:05b2a0d25fc07576f6698d4840d0d2ae2599484c49f1b911ea1154584557bc13", + "zh:1b22dd1d9c482739e133adb996a9c8b285ca7d978d0fe04deaa5588eba5d254c", + "zh:216088c8800e7b8d7eff7b1a822317bc6faec64f27946ffd22bb3494ac4175cb", + "zh:43e994112b1484bf49945c4885aa2fee32486c9a5d64b9146bbd6f309f24e332", + "zh:46a28ba800f176eef500f998217bccc331605ef05f11abb1728f727a81f3a8b0", + "zh:4fad2743174a600da76a0cceeec2fef8399a18d880ba8929d811cd5cea1b5dee", + "zh:5c42a2c1438cd7533456026f52b562715664490711fdea809f44610a7565c145", + "zh:792d4fd4be434682e4540d2579505c7f11f39d0efe1d12ee2761ed0d46c8cd51", + "zh:7bb5f9f87c9da6d62d6f89504f01a9d6d2f19dcaa0efc46ea51ebdc4bb6fd536", + "zh:81cdbd97f81b1110fce793944d5668a4389904979eb7d178d3142a6b0e175e5e", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:aad169fea072842c0b54f1ff95f1ec6558d6c5af3ea4c159308583db59003b09", - "zh:bd2625ed8e1ff29ac6ed3a810d7b68a090add5fcb2fce4122669bd37e1eb9f1d", - "zh:c6f57625e26a6ef1ffb49bfa0e6148496ad12d80c857f6bb222e21f293a2a78a", - "zh:c7cd085326c5eb88804b11a4bc0fbc8376f06138f4b9624fb25cd06ea8687cdd", - "zh:f60c98139f983817d4d08f4138b1e53f31f91176ff638631e8dd38b6de36fce0", + "zh:ab4b881eb0f3812b702aaecf921c5c16bbcc33d61d668be4d72d6da9c57ded85", + "zh:c1d9d1166fd948845614deef81f3197568d0d3c2a03b8b97fff308ebc59043f9", + "zh:cda7530f2c01434e483d3faf62fc0685295e7f844176aa38df1ba65fa6a4407a", + "zh:fdad558b1c41aa68123d0da82cc0d65bc86d09eaa1ab1d3a167ec3bce0fc0c66", ] } diff --git a/terraform/kurumi/main.tf b/terraform/kurumi/main.tf index 9c6e8c9ed..a53f660cc 100644 --- a/terraform/kurumi/main.tf +++ b/terraform/kurumi/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.75.0" + version = "~> 5.76.0" } } } From aaba4fae0a006cce7402bc53981af27f87346ca1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 23:12:31 +0000 Subject: [PATCH 0158/1209] Update dependency aquaproj/aqua-registry to v4.252.0 (#955) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index bab644c72..927454fcf 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.251.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.252.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 603f286d87438765b20ed8399db07cdc1a9cc8a8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 07:44:15 +0000 Subject: [PATCH 0159/1209] Update dependency aquaproj/aqua-registry to v4.253.0 (#956) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 927454fcf..cdc314182 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.252.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.253.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 1d664fb00eb4fb420a9f407d1d11177d7417a473 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 09:12:15 +0000 Subject: [PATCH 0160/1209] Update Helm release zitadel to v8.6.1 (#957) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index d54e2df1a..01edd915e 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.6.0', + targetRevision: '8.6.1', values: (importstr 'values.yaml'), } From 4048aeeafbdaac150d97183984c72f683c533463 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 19:47:00 +0000 Subject: [PATCH 0161/1209] Update Helm release kube-prometheus-stack to v66.2.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 5a10f60c1..9d036efc2 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.1.1', + targetRevision: '66.2.0', values: (importstr 'values.yaml'), } From bcfa3d8fcb72cdd11c16c6d36984dc59ac3ae95b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 19:47:58 +0000 Subject: [PATCH 0162/1209] Update Helm release nextcloud to v6.2.3 (#958) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index 717059ccb..7b80ba0a8 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.2.2', + targetRevision: '6.2.3', values: (importstr 'values.yaml'), } From 70326420a6408013362e4b7da175b170f976229a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 21:33:40 +0000 Subject: [PATCH 0163/1209] Update Helm release kube-prometheus-stack to v66.2.1 (#960) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 9d036efc2..46b60a6f2 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.2.0', + targetRevision: '66.2.1', values: (importstr 'values.yaml'), } From 823a7b3e11298290be0d63e5a666abb58635b5b2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 06:58:35 +0900 Subject: [PATCH 0164/1209] add Signed-off-by: walnuts1018 --- .gitignore | 1 - terraform/kurumi/.gitignore | 1 + terraform/kurumi/.terraform.lock.hcl | 23 ++++++++++++++++ terraform/kurumi/main.tf | 39 +++++++++++---------------- terraform/modules/minio/provider.tf | 26 ++++++++++++++++++ terraform/modules/zitadel/org.tf | 3 +++ terraform/modules/zitadel/project.tf | 4 +++ terraform/modules/zitadel/provider.tf | 19 +++++++++++++ 8 files changed, 92 insertions(+), 24 deletions(-) delete mode 100644 .gitignore create mode 100644 terraform/kurumi/.gitignore create mode 100644 terraform/modules/minio/provider.tf create mode 100644 terraform/modules/zitadel/org.tf create mode 100644 terraform/modules/zitadel/project.tf create mode 100644 terraform/modules/zitadel/provider.tf diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 8b1378917..000000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ - diff --git a/terraform/kurumi/.gitignore b/terraform/kurumi/.gitignore new file mode 100644 index 000000000..300c7412e --- /dev/null +++ b/terraform/kurumi/.gitignore @@ -0,0 +1 @@ +zitadel.token diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 71d8cce0a..60b94da0f 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -36,3 +36,26 @@ provider "registry.terraform.io/hashicorp/aws" { "zh:f60c98139f983817d4d08f4138b1e53f31f91176ff638631e8dd38b6de36fce0", ] } + +provider "registry.terraform.io/zitadel/zitadel" { + version = "2.0.1" + constraints = "2.0.1" + hashes = [ + "h1:sSJlUcE59nr4dTtuVM3ceLMIPTTNPw1vAVTssC0qqL4=", + "zh:0a4cc4c1be8af4e9c015b96eeee0e7b035f0688dc4a10877ba3970a0288ae62a", + "zh:0fd714c0bf720bf9143dd9615b4b680c3ddb6c6496dbf6cdff994c5a620d19c1", + "zh:1712343949346ec8ef277c16852733b15036fbc045458b3c4a6e35f4d52047d7", + "zh:37384476a2f0b30e6aa5cfc8da49c2a2285a00fcc2162bb6c30718e6814b00aa", + "zh:95b8762c3a8a3a36ac15de7477e8c749c545c705dcfb10e916d1bbb40dac235c", + "zh:9a44cd8b463fbc9a07c530cd28bf5146c991f5def569fdf521e9fab3dbe1d6a3", + "zh:a0838b723156722867d01fd009068269c7d3f2f92a5c7bae97326a7d29e4f019", + "zh:a33d53acc640dc93b81352ba633cf392bc8c7614a72d320d59d3dcdb22d73fc4", + "zh:a5817ccdee801d4422098a48e54dad557fd0f309e32b0fe829ed47b3af0977e9", + "zh:b0ddd042d32da9ad8bacbdc7053c9499dcecf96479615f5e37b3a44efe883ddf", + "zh:bbb928eb0fa9236e847e8ddefbd6d5de8d71fc550fe6a01aa75b5001852a3763", + "zh:c673713f1e3d86b1bd0ac610733132a56e626ce658bfe5fe86f2b2cd335c2c66", + "zh:de1d5bcba453371a0427938f957827c765ff0cd056a0002c4fc61131c07d144e", + "zh:e9971e2056b64ec6f0fbee8fa5ec0bf34c57c7aa6788fb8b73c3f748d2eb253a", + "zh:fb107735e5437b4825fc11ac40f2e3a14f3ee4831cb399dc9669816fcf4f16a2", + ] +} diff --git a/terraform/kurumi/main.tf b/terraform/kurumi/main.tf index 9c6e8c9ed..735445f27 100644 --- a/terraform/kurumi/main.tf +++ b/terraform/kurumi/main.tf @@ -1,33 +1,11 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.75.0" - } - } -} - variable "minio_secret_key" { type = string } -provider "aws" { - access_key = "709v82RovqXjvJR2P9yt" - secret_key = var.minio_secret_key - region = "ap-northeast-1" - skip_credentials_validation = true - skip_requesting_account_id = true - skip_metadata_api_check = true - s3_use_path_style = true - - endpoints { - s3 = "https://minio.walnuts.dev" - } -} - module "minio" { source = "../modules/minio" bucket_name_suffix = "" + minio_secret_key = var.minio_secret_key } import { @@ -64,3 +42,18 @@ import { id = "zalando-backup" to = module.minio.aws_s3_bucket.zalando-backup } + +module "zitadel" { + source = "../modules/zitadel" + jwt_profile_file_path = "zitadel.token" +} + +import { + id = "237477062321897835" + to = module.zitadel.zitadel_org.ZITADEL +} + +import { + id = "237477822715658605" + to = module.zitadel.zitadel_project.default +} diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf new file mode 100644 index 000000000..50a98d66b --- /dev/null +++ b/terraform/modules/minio/provider.tf @@ -0,0 +1,26 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.75.0" + } + } +} + +variable "minio_secret_key" { + type = string +} + +provider "aws" { + access_key = "709v82RovqXjvJR2P9yt" + secret_key = var.minio_secret_key + region = "ap-northeast-1" + skip_credentials_validation = true + skip_requesting_account_id = true + skip_metadata_api_check = true + s3_use_path_style = true + + endpoints { + s3 = "https://minio.walnuts.dev" + } +} diff --git a/terraform/modules/zitadel/org.tf b/terraform/modules/zitadel/org.tf new file mode 100644 index 000000000..bc73c013f --- /dev/null +++ b/terraform/modules/zitadel/org.tf @@ -0,0 +1,3 @@ +resource "zitadel_org" "ZITADEL" { + name = "ZITADEL" +} diff --git a/terraform/modules/zitadel/project.tf b/terraform/modules/zitadel/project.tf new file mode 100644 index 000000000..ee3233142 --- /dev/null +++ b/terraform/modules/zitadel/project.tf @@ -0,0 +1,4 @@ +resource "zitadel_project" "default" { + name = "walnuts.dev" + org_id = zitadel_org.ZITADEL.id +} diff --git a/terraform/modules/zitadel/provider.tf b/terraform/modules/zitadel/provider.tf new file mode 100644 index 000000000..69938c27e --- /dev/null +++ b/terraform/modules/zitadel/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + zitadel = { + source = "zitadel/zitadel" + version = "2.0.1" + } + } +} + +variable "jwt_profile_file_path" { + type = string +} + +provider "zitadel" { + domain = "localhost" + insecure = "true" + port = "8080" + jwt_profile_file = var.jwt_profile_file_path +} From 6df5d4f25da6877db54d4f1c674aa85604ac5a18 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:28:17 +0900 Subject: [PATCH 0165/1209] add Signed-off-by: walnuts1018 --- Makefile | 14 ++++---- terraform/kurumi/.terraform.lock.hcl | 47 ++++++++++----------------- terraform/modules/minio/provider.tf | 2 +- terraform/modules/zitadel/provider.tf | 6 ++-- 4 files changed, 29 insertions(+), 40 deletions(-) diff --git a/Makefile b/Makefile index 812472f64..9b486de5b 100644 --- a/Makefile +++ b/Makefile @@ -20,12 +20,14 @@ app-snapshot: build-infrautil helm-snapshot: build-infrautil $(INFRAUTIL) helm-snapshot -d ./k8s/snapshots/apps -o ./k8s/snapshots/helm -# SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal) -# .PHONY: terraform -# terraform: -# terraform -chdir=".\terraform\kurumi" init -# terraform -chdir=".\terraform\kurumi" plan -var="minio_secret_key=$(SECRET_KEY)" -# terraform -chdir=".\terraform\kurumi" apply -var="minio_secret_key=$(SECRET_KEY)" -auto-approve +.PHONY: terraform +terraform: + $(eval SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal)) + kubectl port-forward -n zitadel services/zitadel 8080:8080 & + kubectl port-forward -n minio services/minio 9000:9000 & + terraform -chdir=".\terraform\kurumi" init -upgrade + terraform -chdir=".\terraform\kurumi" plan -var="minio_secret_key=$(SECRET_KEY)" + terraform -chdir=".\terraform\kurumi" apply -var="minio_secret_key=$(SECRET_KEY)" -auto-approve .PHONY: aquq aquq: diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 3b9f1d439..fa0338612 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,38 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.76.0" - constraints = "~> 5.76.0" + version = "5.75.1" + constraints = "~> 5.75.0" hashes = [ - "h1:0kI13izqob5Y68/D0QOrZBFZRsqpRt5y3xBbvXGCoFA=", - "h1:0vvRpjncvOeSq0e7hq5z9vkxqWqxrIe0T4uDOJYMogU=", - "h1:1HDJQxhd/6TGT1XjrhHs7OBAnjfBoJ3xNo4nn6wzoWM=", - "h1:3HO1CXuuuWt6dCfSYO4tBJjaNh86hd8M2ldzAAN1LTs=", - "h1:8xbmsJs9nCS9uBNjoxUXo5rOq1WgrXps632VIazrx84=", - "h1:GCIz6RqKVqFFdbaBRRCdLWilbMDpMiAblbn62BEuM9w=", - "h1:GxERYvv14yV5Eq0Ct1eInn3A0UAyvZsKgsDbmZmbtJU=", - "h1:JSLR3JP9naVcnH0PHcDwwHr3aQB9vlW0+b8HQma1GpU=", - "h1:RIaMr2WLZxL5Xs634b5Sa+hK6mVT7apzWcd9GfsGL20=", - "h1:bYc0hbgVRXYCiapr/EgjdP8ohcwFjninfknZvqHQZPQ=", - "h1:jD74ysr8oFfeOfFs38iwcINGNNa6lMOpojszl3auMx4=", - "h1:sD1YrPlCP6I6NsWhVVAl7IGKL9SvUZcbq4VhpiDv6xg=", - "h1:tOF76x3MbmnYsyciKeWSKM58mOGAcAa7BXln0h1zQrQ=", - "h1:xOKohtuoKP9ApJILrOTAS3oXZ+1vMGWvJ4o9+lzhX30=", - "zh:05b2a0d25fc07576f6698d4840d0d2ae2599484c49f1b911ea1154584557bc13", - "zh:1b22dd1d9c482739e133adb996a9c8b285ca7d978d0fe04deaa5588eba5d254c", - "zh:216088c8800e7b8d7eff7b1a822317bc6faec64f27946ffd22bb3494ac4175cb", - "zh:43e994112b1484bf49945c4885aa2fee32486c9a5d64b9146bbd6f309f24e332", - "zh:46a28ba800f176eef500f998217bccc331605ef05f11abb1728f727a81f3a8b0", - "zh:4fad2743174a600da76a0cceeec2fef8399a18d880ba8929d811cd5cea1b5dee", - "zh:5c42a2c1438cd7533456026f52b562715664490711fdea809f44610a7565c145", - "zh:792d4fd4be434682e4540d2579505c7f11f39d0efe1d12ee2761ed0d46c8cd51", - "zh:7bb5f9f87c9da6d62d6f89504f01a9d6d2f19dcaa0efc46ea51ebdc4bb6fd536", - "zh:81cdbd97f81b1110fce793944d5668a4389904979eb7d178d3142a6b0e175e5e", + "h1:R6IWpE+foH9oKVkmYVHtXxelMFOt5R60zmHmeXwkp6U=", + "zh:1075825e7311a8d2d233fd453a173910e891b0320e8a7698af44d1f90b02621d", + "zh:203c5d09a03fcaa946defb8459f01227f2fcda07df768f74777beb328d6751ae", + "zh:21bc79ccb09bfdeb711a3a5226c6c4a457ac7c4bb781dbda6ade7be38461739f", + "zh:2bac969855b62a0ff6716954be29387a1f9793626059122cda4681206396e309", + "zh:4b65ea5b51058f05b9ec8797f76184e19e5b38a609029fe2226af3fa4ad289b3", + "zh:5065d7df357fb3ee2b0a2520bbcff6335c0c47bfb9e8e9932bad088c3ab7efd3", + "zh:678a4015a4cd26af5c2b30dfd9290b8a01e900668fa0fec6585dfd1838f1cebd", + "zh:6ddc5dfdd4a0dddca027db99a7bfa9a0978933119d63af81acb6020728405119", + "zh:98c0d48b09842c444dbcbddd279e5b5b1e44113951817a8ecc28896bb4ad1dd7", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:ab4b881eb0f3812b702aaecf921c5c16bbcc33d61d668be4d72d6da9c57ded85", - "zh:c1d9d1166fd948845614deef81f3197568d0d3c2a03b8b97fff308ebc59043f9", - "zh:cda7530f2c01434e483d3faf62fc0685295e7f844176aa38df1ba65fa6a4407a", - "zh:fdad558b1c41aa68123d0da82cc0d65bc86d09eaa1ab1d3a167ec3bce0fc0c66", + "zh:aad169fea072842c0b54f1ff95f1ec6558d6c5af3ea4c159308583db59003b09", + "zh:bd2625ed8e1ff29ac6ed3a810d7b68a090add5fcb2fce4122669bd37e1eb9f1d", + "zh:c6f57625e26a6ef1ffb49bfa0e6148496ad12d80c857f6bb222e21f293a2a78a", + "zh:c7cd085326c5eb88804b11a4bc0fbc8376f06138f4b9624fb25cd06ea8687cdd", + "zh:f60c98139f983817d4d08f4138b1e53f31f91176ff638631e8dd38b6de36fce0", ] } diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index 50a98d66b..c9a03dd9d 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.75.0" + version = "~> 5.76.0" } } } diff --git a/terraform/modules/zitadel/provider.tf b/terraform/modules/zitadel/provider.tf index 69938c27e..2609fad2b 100644 --- a/terraform/modules/zitadel/provider.tf +++ b/terraform/modules/zitadel/provider.tf @@ -12,8 +12,8 @@ variable "jwt_profile_file_path" { } provider "zitadel" { - domain = "localhost" - insecure = "true" - port = "8080" + domain = "auth.walnuts.dev" + insecure = "false" + port = "443" jwt_profile_file = var.jwt_profile_file_path } From 1ba14e725cef5b7c9c2bb1c52063beda69cfcbf2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:28:27 +0900 Subject: [PATCH 0166/1209] lock Signed-off-by: walnuts1018 --- terraform/kurumi/.terraform.lock.hcl | 34 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index fa0338612..abda6c4ae 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.75.1" - constraints = "~> 5.75.0" + version = "5.76.0" + constraints = "~> 5.76.0" hashes = [ - "h1:R6IWpE+foH9oKVkmYVHtXxelMFOt5R60zmHmeXwkp6U=", - "zh:1075825e7311a8d2d233fd453a173910e891b0320e8a7698af44d1f90b02621d", - "zh:203c5d09a03fcaa946defb8459f01227f2fcda07df768f74777beb328d6751ae", - "zh:21bc79ccb09bfdeb711a3a5226c6c4a457ac7c4bb781dbda6ade7be38461739f", - "zh:2bac969855b62a0ff6716954be29387a1f9793626059122cda4681206396e309", - "zh:4b65ea5b51058f05b9ec8797f76184e19e5b38a609029fe2226af3fa4ad289b3", - "zh:5065d7df357fb3ee2b0a2520bbcff6335c0c47bfb9e8e9932bad088c3ab7efd3", - "zh:678a4015a4cd26af5c2b30dfd9290b8a01e900668fa0fec6585dfd1838f1cebd", - "zh:6ddc5dfdd4a0dddca027db99a7bfa9a0978933119d63af81acb6020728405119", - "zh:98c0d48b09842c444dbcbddd279e5b5b1e44113951817a8ecc28896bb4ad1dd7", + "h1:0vvRpjncvOeSq0e7hq5z9vkxqWqxrIe0T4uDOJYMogU=", + "zh:05b2a0d25fc07576f6698d4840d0d2ae2599484c49f1b911ea1154584557bc13", + "zh:1b22dd1d9c482739e133adb996a9c8b285ca7d978d0fe04deaa5588eba5d254c", + "zh:216088c8800e7b8d7eff7b1a822317bc6faec64f27946ffd22bb3494ac4175cb", + "zh:43e994112b1484bf49945c4885aa2fee32486c9a5d64b9146bbd6f309f24e332", + "zh:46a28ba800f176eef500f998217bccc331605ef05f11abb1728f727a81f3a8b0", + "zh:4fad2743174a600da76a0cceeec2fef8399a18d880ba8929d811cd5cea1b5dee", + "zh:5c42a2c1438cd7533456026f52b562715664490711fdea809f44610a7565c145", + "zh:792d4fd4be434682e4540d2579505c7f11f39d0efe1d12ee2761ed0d46c8cd51", + "zh:7bb5f9f87c9da6d62d6f89504f01a9d6d2f19dcaa0efc46ea51ebdc4bb6fd536", + "zh:81cdbd97f81b1110fce793944d5668a4389904979eb7d178d3142a6b0e175e5e", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:aad169fea072842c0b54f1ff95f1ec6558d6c5af3ea4c159308583db59003b09", - "zh:bd2625ed8e1ff29ac6ed3a810d7b68a090add5fcb2fce4122669bd37e1eb9f1d", - "zh:c6f57625e26a6ef1ffb49bfa0e6148496ad12d80c857f6bb222e21f293a2a78a", - "zh:c7cd085326c5eb88804b11a4bc0fbc8376f06138f4b9624fb25cd06ea8687cdd", - "zh:f60c98139f983817d4d08f4138b1e53f31f91176ff638631e8dd38b6de36fce0", + "zh:ab4b881eb0f3812b702aaecf921c5c16bbcc33d61d668be4d72d6da9c57ded85", + "zh:c1d9d1166fd948845614deef81f3197568d0d3c2a03b8b97fff308ebc59043f9", + "zh:cda7530f2c01434e483d3faf62fc0685295e7f844176aa38df1ba65fa6a4407a", + "zh:fdad558b1c41aa68123d0da82cc0d65bc86d09eaa1ab1d3a167ec3bce0fc0c66", ] } From d41b7ed95eef16f2684fa1c9530c90db3faf4fda Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:30:46 +0900 Subject: [PATCH 0167/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 01bb340ca..a7bc3283b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -34,30 +34,18 @@ }, ], packageRules: [ - { - matchUpdateTypes: ["patch"], - matchDatasources: ["helm"], - matchCurrentVersion: "!/^0/", - automerge: true, - }, { matchDatasources: ["helm"], minimumReleaseAge: "3 days", }, { matchUpdateTypes: ["patch"], - matchDatasources: ["github-tags"], - matchCurrentVersion: "!/^0/", - automerge: true, - }, - { - matchUpdateTypes: ["patch"], - matchDatasources: ["docker"], + matchDatasources: ["github-tags", "helm", "docker"], matchCurrentVersion: "!/^0/", automerge: true, }, { - matchPackageNames: ["aquaproj/aqua-registry"], + matchPackageNames: ["aquaproj/aqua-registry", "terraform"], automerge: true, }, { From 74f6757c076e58918dd3d7f59d9fddd08407baa3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:31:24 +0900 Subject: [PATCH 0168/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index a7bc3283b..85d904635 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -4,7 +4,7 @@ dependencyDashboard: true, timezone: "Asia/Tokyo", kubernetes: { - fileMatch: ["k8s/.+\\.jsonnet$"], + fileMatch: ["k8s/.+\\.jsonnet$", "k8s/.+\\.yaml$"], }, argocd: { fileMatch: ["k8s/_argocd/applications/.+\\.yaml$"], From d6a48ec8901ea6d8cab97b4500fa8b091121719b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:31:54 +0900 Subject: [PATCH 0169/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 85d904635..cffda39bf 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -7,7 +7,7 @@ fileMatch: ["k8s/.+\\.jsonnet$", "k8s/.+\\.yaml$"], }, argocd: { - fileMatch: ["k8s/_argocd/applications/.+\\.yaml$"], + fileMatch: ["k8s/_argocd/.+\\.yaml$"], }, customManagers: [ { From 9e27881a855686ec28f3545f67918edd0e9bc860 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:32:56 +0900 Subject: [PATCH 0170/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index cffda39bf..2d11ac6ea 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -4,7 +4,12 @@ dependencyDashboard: true, timezone: "Asia/Tokyo", kubernetes: { - fileMatch: ["k8s/.+\\.jsonnet$", "k8s/.+\\.yaml$"], + fileMatch: [ + "k8s/.+\\.jsonnet$", + "k8s/.+\\.libsonnet$", + "k8s/.+\\.yaml$", + "k8s/.+\\.yml$", + ], }, argocd: { fileMatch: ["k8s/_argocd/.+\\.yaml$"], From 5b044df0b90b6320002b59b7fdf6d3eb4f72650e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:34:05 +0900 Subject: [PATCH 0171/1209] add Signed-off-by: walnuts1018 --- renovate.json5 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 2d11ac6ea..f6a68a2c9 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -17,7 +17,12 @@ customManagers: [ { customType: "regex", - fileMatch: ["^k8s/.*/helm.jsonnet$"], + fileMatch: [ + "^k8s/.*/helm.jsonnet$", + "^k8s/.*/helm.libsonnet$", + "^k8s/.*/helm.yaml$", + "^k8s/.*/helm.yml$", + ], matchStringsStrategy: "combination", matchStrings: [ "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", From 07d42e343476c66343f54319d88f891c6a2d0615 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 22:36:04 +0000 Subject: [PATCH 0172/1209] Update Helm release oauth2-proxy to v7.7.29 (#962) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index aab25de23..0cecb1516 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.7.28', + targetRevision: '7.7.29', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From d4c895e250841f55f69aaa6b7ef581aa53f47886 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:37:42 +0900 Subject: [PATCH 0173/1209] add Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 7d9559a56..928974670 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -35,7 +35,7 @@ resources: { limits: { cpu: '500m', - memory: '200Mi', + memory: '512Mi', }, requests: { cpu: '10m', From a5068ac5708d191fb85582c8dd8311bf464a5f44 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:43:28 +0900 Subject: [PATCH 0174/1209] add Signed-off-by: walnuts1018 --- k8s/apps/blog/config/virtualhost.conf | 10 ++++++++++ k8s/apps/blog/deployment.jsonnet | 4 ++-- k8s/apps/nginx-test/config/virtualhost.conf | 10 ++++++++++ k8s/apps/nginx-test/deployment.jsonnet | 4 ++-- .../walnuts-dev-www-redirect/config/virtualhost.conf | 10 ++++++++++ k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet | 4 ++-- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/k8s/apps/blog/config/virtualhost.conf b/k8s/apps/blog/config/virtualhost.conf index 939eeaeff..018c76829 100644 --- a/k8s/apps/blog/config/virtualhost.conf +++ b/k8s/apps/blog/config/virtualhost.conf @@ -6,3 +6,13 @@ server { rewrite ^(.*)$ https://walnuts.hatenablog.com/ redirect; } } + +server { + listen 8081 default_server; + server_name ""; + location /healthz { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{"status":"UP"}'; + } +} diff --git a/k8s/apps/blog/deployment.jsonnet b/k8s/apps/blog/deployment.jsonnet index 88abae67e..66c5c3e40 100644 --- a/k8s/apps/blog/deployment.jsonnet +++ b/k8s/apps/blog/deployment.jsonnet @@ -31,8 +31,8 @@ ], livenessProbe: { httpGet: { - path: '/', - port: 8080, + path: '/healthz', + port: 8081, }, failureThreshold: 1, initialDelaySeconds: 10, diff --git a/k8s/apps/nginx-test/config/virtualhost.conf b/k8s/apps/nginx-test/config/virtualhost.conf index a57f53ec7..d13a58db3 100644 --- a/k8s/apps/nginx-test/config/virtualhost.conf +++ b/k8s/apps/nginx-test/config/virtualhost.conf @@ -22,3 +22,13 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } + +server { + listen 8081 default_server; + server_name ""; + location /healthz { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{"status":"UP"}'; + } +} diff --git a/k8s/apps/nginx-test/deployment.jsonnet b/k8s/apps/nginx-test/deployment.jsonnet index 88abae67e..66c5c3e40 100644 --- a/k8s/apps/nginx-test/deployment.jsonnet +++ b/k8s/apps/nginx-test/deployment.jsonnet @@ -31,8 +31,8 @@ ], livenessProbe: { httpGet: { - path: '/', - port: 8080, + path: '/healthz', + port: 8081, }, failureThreshold: 1, initialDelaySeconds: 10, diff --git a/k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf b/k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf index 76f9c7d69..8f27427c0 100644 --- a/k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf +++ b/k8s/apps/walnuts-dev-www-redirect/config/virtualhost.conf @@ -6,3 +6,13 @@ server { rewrite ^(.*)$ https://walnuts.dev/ redirect; } } + +server { + listen 8081 default_server; + server_name ""; + location /healthz { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{"status":"UP"}'; + } +} diff --git a/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet b/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet index 88abae67e..66c5c3e40 100644 --- a/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet +++ b/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet @@ -31,8 +31,8 @@ ], livenessProbe: { httpGet: { - path: '/', - port: 8080, + path: '/healthz', + port: 8081, }, failureThreshold: 1, initialDelaySeconds: 10, From 98ad34aafc2e90bd2ad62132dfe34fa5f048de30 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 07:55:51 +0900 Subject: [PATCH 0175/1209] add Signed-off-by: walnuts1018 --- k8s/apps/ingress-nginx/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/ingress-nginx/values.yaml b/k8s/apps/ingress-nginx/values.yaml index 0d74f66ad..366eb6b8e 100644 --- a/k8s/apps/ingress-nginx/values.yaml +++ b/k8s/apps/ingress-nginx/values.yaml @@ -5,6 +5,7 @@ controller: opentelemetry-trust-incoming-span: "true" otlp-collector-host: "default-collector.opentelemetry-collector.svc.cluster.local" otel-service-name: "ingress-nginx" + log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' admissionWebhooks: patch: image: From 87c6a9404ac3b6dca8b40ff54e3ef534f99881e7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 08:19:07 +0900 Subject: [PATCH 0176/1209] add Signed-off-by: walnuts1018 --- k8s/apps/ingress-nginx/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/ingress-nginx/values.yaml b/k8s/apps/ingress-nginx/values.yaml index 366eb6b8e..495d15865 100644 --- a/k8s/apps/ingress-nginx/values.yaml +++ b/k8s/apps/ingress-nginx/values.yaml @@ -6,6 +6,8 @@ controller: otlp-collector-host: "default-collector.opentelemetry-collector.svc.cluster.local" otel-service-name: "ingress-nginx" log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' + location-snippet: | + opentelemetry_capture_headers on; admissionWebhooks: patch: image: From 41404b781ab6399343340cb7fd3934c869e83282 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 08:25:06 +0900 Subject: [PATCH 0177/1209] rm Signed-off-by: walnuts1018 --- k8s/apps/ingress-nginx/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/ingress-nginx/values.yaml b/k8s/apps/ingress-nginx/values.yaml index 495d15865..ba2eb466b 100644 --- a/k8s/apps/ingress-nginx/values.yaml +++ b/k8s/apps/ingress-nginx/values.yaml @@ -7,7 +7,7 @@ controller: otel-service-name: "ingress-nginx" log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' location-snippet: | - opentelemetry_capture_headers on; + # opentelemetry_capture_headers on; admissionWebhooks: patch: image: From 16c37d90e9defb53a2eb630648c9d2b25d9c14af Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 16 Nov 2024 08:27:13 +0900 Subject: [PATCH 0178/1209] rm Signed-off-by: walnuts1018 --- k8s/apps/ingress-nginx/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/k8s/apps/ingress-nginx/values.yaml b/k8s/apps/ingress-nginx/values.yaml index ba2eb466b..366eb6b8e 100644 --- a/k8s/apps/ingress-nginx/values.yaml +++ b/k8s/apps/ingress-nginx/values.yaml @@ -6,8 +6,6 @@ controller: otlp-collector-host: "default-collector.opentelemetry-collector.svc.cluster.local" otel-service-name: "ingress-nginx" log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' - location-snippet: | - # opentelemetry_capture_headers on; admissionWebhooks: patch: image: From 91665d983b47928688ab97c0c56f8582a4c4e22e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 01:26:20 +0000 Subject: [PATCH 0179/1209] Update ghcr.io/walnuts1018/mucaron-frontend Docker tag to f59cf8c7792b8cad79405aa4d7c8b65c0425c047-45 (#963) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 46b290d9b..24d7c1bc0 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:6cb298426289cf4ec3135c832eac3d6a5c98afcc-43', + image: 'ghcr.io/walnuts1018/mucaron-frontend:f59cf8c7792b8cad79405aa4d7c8b65c0425c047-45', ports: [ { containerPort: 3000, From 5f65b57857a5ed3dfe9efb2e65ba11a40324d915 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 01:26:33 +0000 Subject: [PATCH 0180/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to v966be9951bfbfd7b4bd9f1afd15e18a6ea246f09-295 (#964) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 928974670..d14fb0c3c 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:46e8420a07eb841cd4a6c71e5c86b2f8467bc187-285', + image: 'ghcr.io/walnuts1018/walnuts.dev:966be9951bfbfd7b4bd9f1afd15e18a6ea246f09-295', imagePullPolicy: 'IfNotPresent', ports: [ { From 5210e9cf88a0805d4aed7f517a73baaf35d48480 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 07:30:46 +0000 Subject: [PATCH 0181/1209] Update dependency aquaproj/aqua-registry to v4.254.0 (#965) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index cdc314182..8a2e166bd 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.253.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.254.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 5a1d56fdb0398133c7bc2a0d27d76c3b0cf1a119 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 19:47:52 +0000 Subject: [PATCH 0182/1209] Update module github.com/go-playground/validator/v10 to v10.23.0 --- .github/scripts/infrautil/go.mod | 2 +- .github/scripts/infrautil/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index 321a2228c..c87ea5a37 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -3,7 +3,7 @@ module github.com/walnuts1018/infra/.github/scripts/infrautil go 1.23.2 require ( - github.com/go-playground/validator/v10 v10.22.1 + github.com/go-playground/validator/v10 v10.23.0 github.com/google/go-jsonnet v0.20.0 github.com/google/subcommands v1.2.0 github.com/phsym/console-slog v0.3.1 diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index 3d9f8cfc9..c6f48d4fc 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -159,6 +159,8 @@ github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7a github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA= github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o= +github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= From 2108a3d8eca0b1bd6d2eda868f8abd6aaf48c447 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 17 Nov 2024 21:53:43 +0900 Subject: [PATCH 0183/1209] =?UTF-8?q?nginx=20proxy=E3=82=92=E3=82=84?= =?UTF-8?q?=E3=82=81=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- k8s/apps/minio/proxy/config/nginx.conf | 24 ---- k8s/apps/minio/proxy/config/virtualhost.conf | 81 ------------ k8s/apps/minio/proxy/configmap.jsonnet | 9 -- k8s/apps/minio/proxy/deployment.jsonnet | 122 ------------------- k8s/apps/minio/proxy/ingress.jsonnet | 56 --------- k8s/apps/minio/proxy/service.jsonnet | 27 ---- k8s/apps/minio/values.yaml | 14 +++ 7 files changed, 14 insertions(+), 319 deletions(-) delete mode 100644 k8s/apps/minio/proxy/config/nginx.conf delete mode 100644 k8s/apps/minio/proxy/config/virtualhost.conf delete mode 100644 k8s/apps/minio/proxy/configmap.jsonnet delete mode 100644 k8s/apps/minio/proxy/deployment.jsonnet delete mode 100644 k8s/apps/minio/proxy/ingress.jsonnet delete mode 100644 k8s/apps/minio/proxy/service.jsonnet diff --git a/k8s/apps/minio/proxy/config/nginx.conf b/k8s/apps/minio/proxy/config/nginx.conf deleted file mode 100644 index f728ccc06..000000000 --- a/k8s/apps/minio/proxy/config/nginx.conf +++ /dev/null @@ -1,24 +0,0 @@ -user nginx; -worker_processes 1; -error_log /dev/stderr; -events { - worker_connections 10240; -} -http { - log_format main - 'remote_addr:$remote_addr\t' - 'time_local:$time_local\t' - 'method:$request_method\t' - 'uri:$request_uri\t' - 'host:$host\t' - 'status:$status\t' - 'bytes_sent:$body_bytes_sent\t' - 'referer:$http_referer\t' - 'useragent:$http_user_agent\t' - 'forwardedfor:$http_x_forwarded_for\t' - 'request_time:$request_time'; - - access_log /dev/stdout main; - - include /etc/nginx/virtualhost/virtualhost.conf; -} diff --git a/k8s/apps/minio/proxy/config/virtualhost.conf b/k8s/apps/minio/proxy/config/virtualhost.conf deleted file mode 100644 index 964947436..000000000 --- a/k8s/apps/minio/proxy/config/virtualhost.conf +++ /dev/null @@ -1,81 +0,0 @@ -server { - listen 9000 default_server; - listen [::]:9000 default_server; - server_name ""; - - # Allow special characters in headers - ignore_invalid_headers off; - # Allow any size file to be uploaded. - # Set to a value such as 1000m; to restrict file size to a specific value - client_max_body_size 0; - # Disable buffering - proxy_buffering off; - proxy_request_buffering off; - - location / { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; - - # Cloudflareが勝手に設定するが、terraformを使ったときにsignedheaderと一致しなくなってしまうので強制的にoverride - proxy_set_header Accept-Encoding "identity"; - - proxy_pass http://minio.minio.svc.cluster.local:9000; - } -} - -server { - listen 9001 default_server; - listen [::]:9001 default_server; - server_name ""; - - # Allow special characters in headers - ignore_invalid_headers off; - # Allow any size file to be uploaded. - # Set to a value such as 1000m; to restrict file size to a specific value - client_max_body_size 0; - # Disable buffering - proxy_buffering off; - proxy_request_buffering off; - - location / { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # This is necessary to pass the correct IP to be hashed - real_ip_header X-Real-IP; - - proxy_connect_timeout 300; - # To support websockets in MinIO versions released after January 2023 - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) - # Uncomment the following line to set the Origin request to an empty string - # proxy_set_header Origin ''; - - chunked_transfer_encoding off; - - proxy_pass http://minio-console.minio.svc.cluster.local:9001; - } -} - -server { - listen 8080; - server_name ""; - - location /healthz { - access_log off; - add_header 'Content-Type' 'application/json'; - return 200 '{"status":"UP"}'; - } -} diff --git a/k8s/apps/minio/proxy/configmap.jsonnet b/k8s/apps/minio/proxy/configmap.jsonnet deleted file mode 100644 index bd0b01741..000000000 --- a/k8s/apps/minio/proxy/configmap.jsonnet +++ /dev/null @@ -1,9 +0,0 @@ -(import '../../../components/configmap.libsonnet') { - name: (import '../app.json5').proxy.name, - namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, - data: { - 'nginx.conf': (importstr './config/nginx.conf'), - 'virtualhost.conf': (importstr './config/virtualhost.conf'), - }, -} diff --git a/k8s/apps/minio/proxy/deployment.jsonnet b/k8s/apps/minio/proxy/deployment.jsonnet deleted file mode 100644 index 00394eca0..000000000 --- a/k8s/apps/minio/proxy/deployment.jsonnet +++ /dev/null @@ -1,122 +0,0 @@ -{ - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: (import '../app.json5').proxy.name, - namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, - }, - spec: { - replicas: 1, - selector: { - matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, - }, - template: { - metadata: { - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, - }, - spec: { - securityContext: { - fsGroup: 101, - fsGroupChangePolicy: 'OnRootMismatch', - }, - containers: [ - std.mergePatch((import '../../../components/container.libsonnet') { - name: 'nginx', - image: 'nginx:1.27.2', - ports: [ - { - containerPort: 9000, - }, - { - containerPort: 9001, - }, - ], - // livenessProbe: { - // httpGet: { - // path: '/healthz', - // port: 9000, - // }, - // failureThreshold: 1, - // initialDelaySeconds: 10, - // periodSeconds: 10, - // }, - volumeMounts: [ - { - mountPath: '/etc/nginx', - readOnly: true, - name: 'nginx-conf', - }, - { - mountPath: '/tmp', - name: 'tmp', - }, - { - mountPath: '/var/tmp', - name: 'tmp', - }, - { - mountPath: '/var/log/nginx', - name: 'log-nginx', - }, - { - mountPath: '/var/cache/nginx', - name: 'cache-nginx', - }, - { - mountPath: '/var/run', - name: 'var-run', - }, - ], - resources: { - limits: { - memory: '100Mi', - }, - requests: { - memory: '5Mi', - }, - }, - }, { - securityContext: { - runAsUser: 101, - }, - }), - ], - volumes: [ - { - name: 'nginx-conf', - configMap: { - name: (import 'configmap.jsonnet').metadata.name, - items: [ - { - key: 'nginx.conf', - path: 'nginx.conf', - }, - { - key: 'virtualhost.conf', - path: 'virtualhost/virtualhost.conf', - }, - ], - }, - }, - { - name: 'tmp', - emptyDir: {}, - }, - { - name: 'log-nginx', - emptyDir: {}, - }, - { - name: 'cache-nginx', - emptyDir: {}, - }, - { - name: 'var-run', - emptyDir: {}, - }, - ], - }, - }, - }, -} diff --git a/k8s/apps/minio/proxy/ingress.jsonnet b/k8s/apps/minio/proxy/ingress.jsonnet deleted file mode 100644 index 9300c799c..000000000 --- a/k8s/apps/minio/proxy/ingress.jsonnet +++ /dev/null @@ -1,56 +0,0 @@ -{ - apiVersion: 'networking.k8s.io/v1', - kind: 'Ingress', - metadata: { - name: (import '../app.json5').proxy.name, - namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, - annotations: { - 'nginx.ingress.kubernetes.io/proxy-body-size': '128G', - }, - }, - spec: { - ingressClassName: 'nginx', - rules: [ - { - host: 'minio.walnuts.dev', - http: { - paths: [ - { - path: '/', - pathType: 'Prefix', - backend: { - service: { - name: (import 'service.jsonnet').metadata.name, - port: { - number: (import 'service.jsonnet').spec.ports[0].port, - }, - }, - }, - }, - ], - }, - }, - { - host: 'minio-console.walnuts.dev', - http: { - paths: [ - { - path: '/', - pathType: 'Prefix', - backend: { - service: { - name: (import 'service.jsonnet').metadata.name, - port: { - number: (import 'service.jsonnet').spec.ports[1].port, - }, - }, - }, - }, - ], - }, - }, - - ], - }, -} diff --git a/k8s/apps/minio/proxy/service.jsonnet b/k8s/apps/minio/proxy/service.jsonnet deleted file mode 100644 index ee9112fae..000000000 --- a/k8s/apps/minio/proxy/service.jsonnet +++ /dev/null @@ -1,27 +0,0 @@ -{ - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: (import '../app.json5').proxy.name, - namespace: (import '../app.json5').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, - }, - spec: { - selector: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').proxy.name }, - ports: [ - { - name: 'minio', - protocol: 'TCP', - port: 9000, - targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[0].containerPort, - }, - { - name: 'minio-console', - protocol: 'TCP', - port: 9001, - targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[1].containerPort, - }, - ], - type: 'ClusterIP', - }, -} diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index f306c4efc..82bc855e1 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -6,6 +6,20 @@ persistence: size: 24Gi volumeName: minio accessMode: ReadWriteOnce +ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/ignore-invalid-headers: "off" + nginx.ingress.kubernetes.io/client-max-body-size: "0" + hosts: + - minio.walnuts.dev +consoleIngress: + enabled: true + ingressClassName: nginx + hosts: + - minio-console.walnuts.dev resources: requests: memory: 500Mi From 6e51239bc73e315562c546b30e84f343f76de72a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 17 Nov 2024 22:11:06 +0900 Subject: [PATCH 0184/1209] format Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 2c21d19da..cea7124a1 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -61,7 +61,7 @@ write: limits: memory: 1Gi cpu: 1 - extraArgs: ["-config.expand-env=true"] + extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: name: loki-minio @@ -85,7 +85,7 @@ read: limits: memory: 1Gi cpu: 1 - extraArgs: ["-config.expand-env=true"] + extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: name: loki-minio @@ -105,7 +105,7 @@ backend: limits: memory: 1Gi cpu: 100m - extraArgs: ["-config.expand-env=true"] + extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: name: loki-minio From 458f0850285a29870728b6c207e1dec2ac424c93 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 17 Nov 2024 22:11:36 +0900 Subject: [PATCH 0185/1209] 32GB Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 82bc855e1..cb432e2d3 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -3,7 +3,7 @@ replicas: 1 existingSecret: minio persistence: storageClass: longhorn - size: 24Gi + size: 32Gi volumeName: minio accessMode: ReadWriteOnce ingress: From 4a8df3990d4351b2ab02e87a3d291f2b0a2cc59d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 17 Nov 2024 22:12:22 +0900 Subject: [PATCH 0186/1209] add default logical_backup_s3_retention_time Signed-off-by: walnuts1018 --- k8s/apps/zalando-psql-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zalando-psql-operator/values.yaml b/k8s/apps/zalando-psql-operator/values.yaml index ae30a0dde..20ede783c 100644 --- a/k8s/apps/zalando-psql-operator/values.yaml +++ b/k8s/apps/zalando-psql-operator/values.yaml @@ -29,7 +29,7 @@ configLogicalBackup: logical_backup_s3_endpoint: "https://minio.walnuts.dev/" logical_backup_s3_sse: "" # S3 retention time for stored backups for example "2 week" or "7 days" - logical_backup_s3_retention_time: "" + logical_backup_s3_retention_time: "1 week" # backup schedule in the cron format logical_backup_schedule: "0 18 * * *" logical_backup_cronjob_environment_secret: "zalando-minio" From d427857e22e19917121fabbebc2e20af2cd562d9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:37:29 +0000 Subject: [PATCH 0187/1209] Update Helm release oauth2-proxy to v7.7.30 (#967) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 0cecb1516..12641705d 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.7.29', + targetRevision: '7.7.30', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From 443a31ee5767569d8173f6344f1534cf91ce0918 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 22:41:14 +0000 Subject: [PATCH 0188/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to ced0a74972aaaf8245196b93519765c065e83e4e-300 (#968) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index d14fb0c3c..18995454e 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:966be9951bfbfd7b4bd9f1afd15e18a6ea246f09-295', + image: 'ghcr.io/walnuts1018/walnuts.dev:ced0a74972aaaf8245196b93519765c065e83e4e-300', imagePullPolicy: 'IfNotPresent', ports: [ { From 2c1756b656aa423def41fdcdd7d52053d10663b9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 00:37:57 +0000 Subject: [PATCH 0189/1209] Update ghcr.io/walnuts1018/mucaron-frontend Docker tag to c39fa76a7a482cbeacbe37fa315e897b3e35e1dd-46 (#969) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 24d7c1bc0..692a9e43c 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:f59cf8c7792b8cad79405aa4d7c8b65c0425c047-45', + image: 'ghcr.io/walnuts1018/mucaron-frontend:c39fa76a7a482cbeacbe37fa315e897b3e35e1dd-46', ports: [ { containerPort: 3000, From da40709d289d732e0f0e4d4e39dd5df726339579 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 12:00:44 +0900 Subject: [PATCH 0190/1209] add Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/app.json5 | 4 + k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 137 ++++++++++++++++++ k8s/apps/mpeg-dash-encoder/ingress.jsonnet | 33 +++++ k8s/apps/mpeg-dash-encoder/service.jsonnet | 20 +++ terraform/kurumi/.terraform.lock.hcl | 23 --- terraform/kurumi/main.tf | 28 ++-- terraform/modules/minio/minio.tf | 8 + terraform/modules/minio/provider.tf | 2 +- 8 files changed, 217 insertions(+), 38 deletions(-) create mode 100644 k8s/apps/mpeg-dash-encoder/app.json5 create mode 100644 k8s/apps/mpeg-dash-encoder/deployment.jsonnet create mode 100644 k8s/apps/mpeg-dash-encoder/ingress.jsonnet create mode 100644 k8s/apps/mpeg-dash-encoder/service.jsonnet diff --git a/k8s/apps/mpeg-dash-encoder/app.json5 b/k8s/apps/mpeg-dash-encoder/app.json5 new file mode 100644 index 000000000..2dbca1e01 --- /dev/null +++ b/k8s/apps/mpeg-dash-encoder/app.json5 @@ -0,0 +1,4 @@ +{ + name: "mpeg-dash-encoder", + namespace: "mpeg-dash-encoder", +} diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet new file mode 100644 index 000000000..4c54f1796 --- /dev/null +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -0,0 +1,137 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + template: { + metadata: { + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + containers: [ + std.mergePatch((import '../../components/container.libsonnet') { + name: 'mpeg-dash-encoder', + image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:2274ab364149ca08bf3a826b99435a83ab8832d3-3', + ports: [ + { + containerPort: 8080, + }, + ], + livenessProbe: { + httpGet: { + path: '/healthz', + port: 8080, + }, + failureThreshold: 1, + initialDelaySeconds: 10, + periodSeconds: 10, + }, + env: [ + { + name: 'LOG_LEVEL', + value: 'debug', + }, + { + name: 'ADMIN_TOKEN', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'admin_token', + }, + }, + }, + { + name: 'JWT_SIGN_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'jwt_sign_secret', + }, + }, + }, + { + name: 'MINIO_ENDPOINT', + value: 'minio.minio.svc.cluster.local:9000', + }, + { + name: 'MINIO_ACCESS_KEY', + value: '4SYRxLsspRxsvXvaddkz', + }, + { + name: 'MINIO_SECRET_KEY', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'minio_secret_key', + }, + }, + }, + { + name: 'MINIO_BUCKET', + value: 'mucaron', + }, + { + name: 'MINIO_REGION', + value: 'ap-northeast-1', + }, + { + name: 'MINIO_USE_SSL', + value: 'true', + }, + { + name: 'FFMPEG_HW_ACCEL', + value: 'qsv', + }, + { + name: 'MINIO_SOURCE_UPLOAD_BUCKET', + value: 'mpeg-dash-encoder-source-upload', + }, + { + name: 'MINIO_OUTPUT_BUCKET', + value: 'mpeg-dash-encoder-output', + }, + { + name: 'OTEL_EXPORTER_OTLP_ENDPOINT', + value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4317', + }, + ], + volumeMounts: [ + { + mountPath: '/tmp', + name: 'tmp', + }, + { + mountPath: '/var/log/mpeg-dash-encoder', + name: 'log', + }, + ], + resources: { + }, + }, { + securityContext: { + privileged: true, + }, + }), + ], + volumes: [ + { + name: 'tmp', + emptyDir: {}, + }, + { + name: 'log', + emptyDir: {}, + }, + ], + }, + }, + }, +} diff --git a/k8s/apps/mpeg-dash-encoder/ingress.jsonnet b/k8s/apps/mpeg-dash-encoder/ingress.jsonnet new file mode 100644 index 000000000..029228a47 --- /dev/null +++ b/k8s/apps/mpeg-dash-encoder/ingress.jsonnet @@ -0,0 +1,33 @@ +{ + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + ingressClassName: 'nginx', + rules: [ + { + host: 'mpeg-dash-encoder.walnuts.dev', + http: { + paths: [ + { + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: (import 'service.jsonnet').metadata.name, + port: { + number: (import 'service.jsonnet').spec.ports[0].port, + }, + }, + }, + }, + ], + }, + }, + ], + }, +} diff --git a/k8s/apps/mpeg-dash-encoder/service.jsonnet b/k8s/apps/mpeg-dash-encoder/service.jsonnet new file mode 100644 index 000000000..6bcff3ad2 --- /dev/null +++ b/k8s/apps/mpeg-dash-encoder/service.jsonnet @@ -0,0 +1,20 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + ports: [ + { + protocol: 'TCP', + port: 8080, + targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[0].containerPort, + }, + ], + type: 'ClusterIP', + }, +} diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index abda6c4ae..8ceac101e 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -23,26 +23,3 @@ provider "registry.terraform.io/hashicorp/aws" { "zh:fdad558b1c41aa68123d0da82cc0d65bc86d09eaa1ab1d3a167ec3bce0fc0c66", ] } - -provider "registry.terraform.io/zitadel/zitadel" { - version = "2.0.1" - constraints = "2.0.1" - hashes = [ - "h1:sSJlUcE59nr4dTtuVM3ceLMIPTTNPw1vAVTssC0qqL4=", - "zh:0a4cc4c1be8af4e9c015b96eeee0e7b035f0688dc4a10877ba3970a0288ae62a", - "zh:0fd714c0bf720bf9143dd9615b4b680c3ddb6c6496dbf6cdff994c5a620d19c1", - "zh:1712343949346ec8ef277c16852733b15036fbc045458b3c4a6e35f4d52047d7", - "zh:37384476a2f0b30e6aa5cfc8da49c2a2285a00fcc2162bb6c30718e6814b00aa", - "zh:95b8762c3a8a3a36ac15de7477e8c749c545c705dcfb10e916d1bbb40dac235c", - "zh:9a44cd8b463fbc9a07c530cd28bf5146c991f5def569fdf521e9fab3dbe1d6a3", - "zh:a0838b723156722867d01fd009068269c7d3f2f92a5c7bae97326a7d29e4f019", - "zh:a33d53acc640dc93b81352ba633cf392bc8c7614a72d320d59d3dcdb22d73fc4", - "zh:a5817ccdee801d4422098a48e54dad557fd0f309e32b0fe829ed47b3af0977e9", - "zh:b0ddd042d32da9ad8bacbdc7053c9499dcecf96479615f5e37b3a44efe883ddf", - "zh:bbb928eb0fa9236e847e8ddefbd6d5de8d71fc550fe6a01aa75b5001852a3763", - "zh:c673713f1e3d86b1bd0ac610733132a56e626ce658bfe5fe86f2b2cd335c2c66", - "zh:de1d5bcba453371a0427938f957827c765ff0cd056a0002c4fc61131c07d144e", - "zh:e9971e2056b64ec6f0fbee8fa5ec0bf34c57c7aa6788fb8b73c3f748d2eb253a", - "zh:fb107735e5437b4825fc11ac40f2e3a14f3ee4831cb399dc9669816fcf4f16a2", - ] -} diff --git a/terraform/kurumi/main.tf b/terraform/kurumi/main.tf index 735445f27..e01bd15a0 100644 --- a/terraform/kurumi/main.tf +++ b/terraform/kurumi/main.tf @@ -43,17 +43,17 @@ import { to = module.minio.aws_s3_bucket.zalando-backup } -module "zitadel" { - source = "../modules/zitadel" - jwt_profile_file_path = "zitadel.token" -} - -import { - id = "237477062321897835" - to = module.zitadel.zitadel_org.ZITADEL -} - -import { - id = "237477822715658605" - to = module.zitadel.zitadel_project.default -} +# module "zitadel" { +# source = "../modules/zitadel" +# jwt_profile_file_path = "zitadel.token" +# } + +# import { +# id = "237477062321897835" +# to = module.zitadel.zitadel_org.ZITADEL +# } + +# import { +# id = "237477822715658605" +# to = module.zitadel.zitadel_project.default +# } diff --git a/terraform/modules/minio/minio.tf b/terraform/modules/minio/minio.tf index 7f47ed3b4..9fe43f59b 100644 --- a/terraform/modules/minio/minio.tf +++ b/terraform/modules/minio/minio.tf @@ -23,3 +23,11 @@ resource "aws_s3_bucket" "tempo" { resource "aws_s3_bucket" "zalando-backup" { bucket = format("zalando-backup%s", var.bucket_name_suffix) } + +resource "aws_s3_bucket" "mpeg-dash-encoder-source-upload" { + bucket = format("mpeg-dash-encoder-source-upload%s", var.bucket_name_suffix) +} + +resource "aws_s3_bucket" "mpeg-dash-encoder-source-output" { + bucket = format("mpeg-dash-encoder-source-output%s", var.bucket_name_suffix) +} diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index c9a03dd9d..753210e25 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -21,6 +21,6 @@ provider "aws" { s3_use_path_style = true endpoints { - s3 = "https://minio.walnuts.dev" + s3 = "http://localhost:9000" } } From 12dd07de31d0c32891773270d22240e95d83df08 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 12:34:39 +0900 Subject: [PATCH 0191/1209] add Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 2 +- .../mpeg-dash-encoder/external-secret.jsonnet | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 k8s/apps/mpeg-dash-encoder/external-secret.jsonnet diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet index 4c54f1796..bdfea5205 100644 --- a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -63,7 +63,7 @@ }, { name: 'MINIO_ACCESS_KEY', - value: '4SYRxLsspRxsvXvaddkz', + value: 'OXx9ohSJy0zqcqu2o98k', }, { name: 'MINIO_SECRET_KEY', diff --git a/k8s/apps/mpeg-dash-encoder/external-secret.jsonnet b/k8s/apps/mpeg-dash-encoder/external-secret.jsonnet new file mode 100644 index 000000000..d70dc3afa --- /dev/null +++ b/k8s/apps/mpeg-dash-encoder/external-secret.jsonnet @@ -0,0 +1,26 @@ +(import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + data: [ + { + secretKey: 'admin_token', + remoteRef: { + key: 'mpeg-dash-encoder', + property: 'admin_token', + }, + }, + { + secretKey: 'jwt_sign_secret', + remoteRef: { + key: 'mpeg-dash-encoder', + property: 'jwt_sign_secret', + }, + }, + { + secretKey: 'minio_secret_key', + remoteRef: { + key: 'mpeg-dash-encoder', + property: 'minio_secret_key', + }, + }, + ], +} From e6e7c909f0546a42b61d23d61c0491cb55620e64 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 03:35:33 +0000 Subject: [PATCH 0192/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 429beb876..8a01cb8f0 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From a046906ce325ca765439ba66578109b5ed78adf2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 12:38:24 +0900 Subject: [PATCH 0193/1209] update Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet index bdfea5205..0cb9da32b 100644 --- a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'mpeg-dash-encoder', - image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:2274ab364149ca08bf3a826b99435a83ab8832d3-3', + image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:ce945f879b4564e8cf3d4a88c76d61b45f17b11c-7', ports: [ { containerPort: 8080, From 68e7a9d9a0c0d34f18d6706aaed880e8b1ef8d6d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 12:39:12 +0900 Subject: [PATCH 0194/1209] add Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet index 0cb9da32b..498b32fb8 100644 --- a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -84,7 +84,7 @@ }, { name: 'MINIO_USE_SSL', - value: 'true', + value: 'false', }, { name: 'FFMPEG_HW_ACCEL', From cc52ec2977f6a289a635516c85cec7bc0667069f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 12:40:02 +0900 Subject: [PATCH 0195/1209] add nodeSelector Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet index 498b32fb8..ddf3b3cd5 100644 --- a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -131,6 +131,9 @@ emptyDir: {}, }, ], + nodeSelector: { + 'kubernetes.io/hostname': 'cake', + }, }, }, }, From 3fa6873d78c5fd93435b3db29fd10ab1c8be2320 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 12:43:43 +0900 Subject: [PATCH 0196/1209] fix Signed-off-by: walnuts1018 --- terraform/modules/minio/minio.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/modules/minio/minio.tf b/terraform/modules/minio/minio.tf index 9fe43f59b..c322207c1 100644 --- a/terraform/modules/minio/minio.tf +++ b/terraform/modules/minio/minio.tf @@ -28,6 +28,6 @@ resource "aws_s3_bucket" "mpeg-dash-encoder-source-upload" { bucket = format("mpeg-dash-encoder-source-upload%s", var.bucket_name_suffix) } -resource "aws_s3_bucket" "mpeg-dash-encoder-source-output" { - bucket = format("mpeg-dash-encoder-source-output%s", var.bucket_name_suffix) +resource "aws_s3_bucket" "mpeg-dash-encoder-output" { + bucket = format("mpeg-dash-encoder-output%s", var.bucket_name_suffix) } From cba428a9405c63c4eadce69f0a83fc79f8a0a930 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 12:47:14 +0900 Subject: [PATCH 0197/1209] add Signed-off-by: walnuts1018 --- k8s/apps/ingress-nginx/values.yaml | 1 + k8s/apps/minio/values.yaml | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/k8s/apps/ingress-nginx/values.yaml b/k8s/apps/ingress-nginx/values.yaml index 366eb6b8e..89a88e5c9 100644 --- a/k8s/apps/ingress-nginx/values.yaml +++ b/k8s/apps/ingress-nginx/values.yaml @@ -6,6 +6,7 @@ controller: otlp-collector-host: "default-collector.opentelemetry-collector.svc.cluster.local" otel-service-name: "ingress-nginx" log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' + proxy-body-size: 0 admissionWebhooks: patch: image: diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index cb432e2d3..73a0f9200 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -10,9 +10,7 @@ ingress: enabled: true ingressClassName: nginx annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ignore-invalid-headers: "off" - nginx.ingress.kubernetes.io/client-max-body-size: "0" hosts: - minio.walnuts.dev consoleIngress: From 3143c1ae66819d8d33b4c4207e40c7784ca7631d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 13:13:29 +0900 Subject: [PATCH 0198/1209] update mpeg-dash-encoder image tag Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet index ddf3b3cd5..4a5ab2e43 100644 --- a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'mpeg-dash-encoder', - image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:ce945f879b4564e8cf3d4a88c76d61b45f17b11c-7', + image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:1bf945f7326eba3d6941bff57743468262721c63-8', ports: [ { containerPort: 8080, From f11e5dbc143df321830cf800bf04a48c1226346d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 13:13:56 +0900 Subject: [PATCH 0199/1209] update mpeg-dash-encoder image tag Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet index 4a5ab2e43..b3a098d84 100644 --- a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'mpeg-dash-encoder', - image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:1bf945f7326eba3d6941bff57743468262721c63-8', + image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:3742198c7c9381460a667bee7f94fbda3704da43-11', ports: [ { containerPort: 8080, From 446c87a3e281d83938a8fa0eeb43a87cdc53d14d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 19 Nov 2024 13:41:50 +0900 Subject: [PATCH 0200/1209] add Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet index b3a098d84..ae9bb2af7 100644 --- a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'mpeg-dash-encoder', - image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:3742198c7c9381460a667bee7f94fbda3704da43-11', + image: 'ghcr.io/walnuts1018/mpeg-dash-encoder:52054e17d80858a0d2c515601db0a6f189352cf4-14', ports: [ { containerPort: 8080, From ce2acbdc2d93fd1c359c36cdfc36d41d245be9fb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 06:14:40 +0000 Subject: [PATCH 0201/1209] Update ghcr.io/walnuts1018/mucaron-backend Docker tag to ec8f7fc30e6ac56ac236188e5c35b7d7b44f12f9-71 --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index 608f393fa..f4ac865ff 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:03336ba91b0acc370e5750306517506d41488734-70', + image: 'ghcr.io/walnuts1018/mucaron-backend:ec8f7fc30e6ac56ac236188e5c35b7d7b44f12f9-71', ports: [ { containerPort: 8080, From 20cb3758eaa06e47e002d5649bd555d94d84893f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 06:14:52 +0000 Subject: [PATCH 0202/1209] Update dependency aquaproj/aqua-renovate-config to v2.4.0 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index f6a68a2c9..bcf065b77 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,6 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.3.1"], + extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.4.0"], dependencyDashboard: true, timezone: "Asia/Tokyo", kubernetes: { From 71de5002ca588cefba77da3b77bdce79c201c73d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 06:15:47 +0000 Subject: [PATCH 0203/1209] Update ghcr.io/walnuts1018/mucaron-frontend Docker tag to cf7ba698105468dc18720e2e87186285f315335e-50 (#972) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 692a9e43c..49ef53b1a 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:c39fa76a7a482cbeacbe37fa315e897b3e35e1dd-46', + image: 'ghcr.io/walnuts1018/mucaron-frontend:cf7ba698105468dc18720e2e87186285f315335e-50', ports: [ { containerPort: 3000, From ab9858b6367a8b053fe477193b2c929f315d66d2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 06:17:35 +0000 Subject: [PATCH 0204/1209] Update dependency aquaproj/aqua-registry to v4.255.0 (#973) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 8a2e166bd..02eafe7ec 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.254.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.255.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 3ba89fd8f9b99e7505188a91ab672dfcbda9a338 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 17:39:03 +0000 Subject: [PATCH 0205/1209] Update Helm release loki to v6.20.0 --- k8s/apps/loki/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet index 51b484a2b..1514c624a 100644 --- a/k8s/apps/loki/helm.jsonnet +++ b/k8s/apps/loki/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'loki', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '6.19.0', + targetRevision: '6.20.0', values: (importstr 'values.yaml'), } From addcde68b1645aa3a79ade190d6a4f2a91934f43 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 23:15:14 +0000 Subject: [PATCH 0206/1209] Update cloudflare/cloudflared Docker tag to v2024.11.1 (#976) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/cloudflared/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflared/deployment.jsonnet b/k8s/apps/cloudflared/deployment.jsonnet index 375cecd1f..c2154dd67 100644 --- a/k8s/apps/cloudflared/deployment.jsonnet +++ b/k8s/apps/cloudflared/deployment.jsonnet @@ -30,7 +30,7 @@ securityContext: { readOnlyRootFilesystem: true, }, - image: 'cloudflare/cloudflared:2024.11.0', + image: 'cloudflare/cloudflared:2024.11.1', imagePullPolicy: 'IfNotPresent', args: [ '--no-autoupdate', From e41a94d1373b056d67c49c9ea61f690e5c74e3ea Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 03:15:03 +0000 Subject: [PATCH 0207/1209] Update aquasecurity/trivy-action action to v0.29.0 --- .github/workflows/snapshot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index 101dd4518..5455c298a 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -72,7 +72,7 @@ jobs: ref: snapshot - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.29.0 with: scan-type: "config" format: "sarif" From 7fd9e974cfdcec4544378bc0a1e2135c01979dbc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 11:36:32 +0000 Subject: [PATCH 0208/1209] Update Helm release moco to v0.15.0 --- k8s/apps/moco/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/moco/helm.jsonnet b/k8s/apps/moco/helm.jsonnet index c9bcec18e..bdfd24dda 100644 --- a/k8s/apps/moco/helm.jsonnet +++ b/k8s/apps/moco/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'moco', repoURL: 'https://cybozu-go.github.io/moco/', - targetRevision: '0.14.0', + targetRevision: '0.15.0', values: (importstr 'values.yaml'), } From 89dd7db80ee68b62c1b7134850639fc90dfc9193 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 11:37:32 +0000 Subject: [PATCH 0209/1209] Update Helm release cilium to v1.16.4 (#978) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/cilium/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/helm.jsonnet b/k8s/apps/cilium/helm.jsonnet index b6054f3e9..484432f77 100644 --- a/k8s/apps/cilium/helm.jsonnet +++ b/k8s/apps/cilium/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'cilium', repoURL: 'https://helm.cilium.io/', - targetRevision: '1.16.3', + targetRevision: '1.16.4', values: (importstr 'values.yaml'), } From 92fbbada3221bebbac3e896d99c3afe57d681410 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 16:03:42 +0000 Subject: [PATCH 0210/1209] Update dependency aquaproj/aqua-registry to v4.256.0 (#980) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 02eafe7ec..7d6eb7ff7 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.255.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.256.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 5a366f7fecdf525fdabceb8c9c677e96cb29037e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 19:20:21 +0000 Subject: [PATCH 0211/1209] Update Helm release loki to v6.21.0 --- k8s/apps/loki/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet index 1514c624a..c88f2fafe 100644 --- a/k8s/apps/loki/helm.jsonnet +++ b/k8s/apps/loki/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'loki', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '6.20.0', + targetRevision: '6.21.0', values: (importstr 'values.yaml'), } From 78a0708f884b69883bbd3efa865ce05f0f86f527 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 21:05:32 +0000 Subject: [PATCH 0212/1209] Update Helm release external-secrets to v0.10.6 --- k8s/apps/external-secrets/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet index 6bfca6b63..f359e4e0d 100644 --- a/k8s/apps/external-secrets/helm.jsonnet +++ b/k8s/apps/external-secrets/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'external-secrets', repoURL: 'https://charts.external-secrets.io', - targetRevision: '0.10.5', + targetRevision: '0.10.6', values: '', } From 6e03c881f2413e2dc4a1aba5484712d6b0b415b6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 21:06:27 +0000 Subject: [PATCH 0213/1209] Update Helm release cert-manager to v1.16.2 (#983) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/cert-manager/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cert-manager/helm.jsonnet b/k8s/apps/cert-manager/helm.jsonnet index c9a9d2c09..c19995690 100644 --- a/k8s/apps/cert-manager/helm.jsonnet +++ b/k8s/apps/cert-manager/helm.jsonnet @@ -3,7 +3,7 @@ namespace: (import 'app.json5').namespace, chart: 'cert-manager', repoURL: 'https://charts.jetstack.io', - targetRevision: 'v1.16.1', + targetRevision: 'v1.16.2', valuesObject: { installCRDs: true, }, From 2ef18a724c658fcab436696a2352748f27a99e4a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 21:06:35 +0000 Subject: [PATCH 0214/1209] Update Helm release argo-cd to v7.7.4 (#982) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 4f9ff13be..a3e155609 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.3', + targetRevision: '7.7.4', values: (importstr 'values.yaml'), } From 86f48decf025862506e9efa15d79d1cd1ba9870a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 01:40:29 +0000 Subject: [PATCH 0215/1209] Update dependency aquaproj/aqua-registry to v4.256.1 (#985) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 7d6eb7ff7..51a704ceb 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.256.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.256.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 391ada8afe59c55392004385991df41461fa2a75 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 12:08:16 +0000 Subject: [PATCH 0216/1209] Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.16.1 (#987) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/elasticsearch/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/elasticsearch/deployment.jsonnet b/k8s/apps/elasticsearch/deployment.jsonnet index a3184df5b..8dd4c0155 100644 --- a/k8s/apps/elasticsearch/deployment.jsonnet +++ b/k8s/apps/elasticsearch/deployment.jsonnet @@ -28,7 +28,7 @@ type: 'RuntimeDefault', }, }, - image: 'docker.elastic.co/elasticsearch/elasticsearch:8.16.0', + image: 'docker.elastic.co/elasticsearch/elasticsearch:8.16.1', ports: [ { containerPort: 9200, From 8334dbc048a6f63ab466f1a4676e10902ef0ef3c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 12:08:27 +0000 Subject: [PATCH 0217/1209] Update Helm release oauth2-proxy to v7.7.31 (#986) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 12641705d..5249bf382 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.7.30', + targetRevision: '7.7.31', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From 5cd38a3951889e5a261b593a4d1fe647f0d67ac9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 12:08:33 +0000 Subject: [PATCH 0218/1209] Update docker.elastic.co/kibana/kibana Docker tag to v8.16.1 (#988) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/kibana/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/kibana/deployment.jsonnet b/k8s/apps/kibana/deployment.jsonnet index bee1df86d..8de7a0a5c 100644 --- a/k8s/apps/kibana/deployment.jsonnet +++ b/k8s/apps/kibana/deployment.jsonnet @@ -23,7 +23,7 @@ readOnlyRootFilesystem: true, runAsNonRoot: true, }, - image: 'docker.elastic.co/kibana/kibana:8.16.0', + image: 'docker.elastic.co/kibana/kibana:8.16.1', ports: [ { name: 'http', From 0d8ef75aabec6b98c9669442251a24a2df47439c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:51:27 +0000 Subject: [PATCH 0219/1209] Update Helm release argo-cd to v7.7.5 (#989) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index a3e155609..f356feb7a 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.4', + targetRevision: '7.7.5', values: (importstr 'values.yaml'), } From 394ab8f67352cd91edf233dba3723a3e7393f96d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 20:07:47 +0000 Subject: [PATCH 0220/1209] Update Helm release opentelemetry-operator to v0.74.3 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index 29c2fb2d2..4c7441831 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.74.2', + targetRevision: '0.74.3', values: (importstr 'values.yaml'), } From 769ab59b147f0a3ee263baaa5af8520f9c852eca Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 21:18:55 +0000 Subject: [PATCH 0221/1209] Update Terraform aws to ~> 5.77.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index 753210e25..0b4cabfb6 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.76.0" + version = "~> 5.77.0" } } } From 92c4770f99532f68c720cd7ffcea8539e8dffadc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 00:51:57 +0000 Subject: [PATCH 0222/1209] Update dependency aquaproj/aqua-registry to v4.257.0 (#991) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 51a704ceb..52dd9f43f 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.256.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.257.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 8e9187837ce9a07e41a84b863d220a5033327cb6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 09:38:01 +0000 Subject: [PATCH 0223/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to v4ef9fca05c38a6cce0ce79ae2263abece9fad5cb-301 (#992) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 18995454e..aa122a912 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:ced0a74972aaaf8245196b93519765c065e83e4e-300', + image: 'ghcr.io/walnuts1018/walnuts.dev:4ef9fca05c38a6cce0ce79ae2263abece9fad5cb-301', imagePullPolicy: 'IfNotPresent', ports: [ { From 47b1c63c97d6997f3eaaa525f511e3083b887453 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:17:25 +0000 Subject: [PATCH 0224/1209] Update misskey/misskey Docker tag to v2024.11.0 --- k8s/apps/misskey/deployment.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet index 10f621362..56e451937 100644 --- a/k8s/apps/misskey/deployment.jsonnet +++ b/k8s/apps/misskey/deployment.jsonnet @@ -26,7 +26,7 @@ initContainers: [ (import '../../components/container.libsonnet') { name: 'misskey-init', - image: 'misskey/misskey:2024.10.1', + image: 'misskey/misskey:2024.11.0', imagePullPolicy: 'IfNotPresent', command: [ 'pnpm', @@ -49,7 +49,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'misskey', - image: 'misskey/misskey:2024.10.1', + image: 'misskey/misskey:2024.11.0', imagePullPolicy: 'IfNotPresent', ports: [ { From 9166b91886132229d7ebbd68c9891fe712d31b0b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 16:59:25 +0000 Subject: [PATCH 0225/1209] Update Helm release oauth2-proxy to v7.8.0 --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 5249bf382..d50dbb808 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.7.31', + targetRevision: '7.8.0', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From 144fa03ae018487770b1482054f051c9e0b30901 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 17:00:21 +0000 Subject: [PATCH 0226/1209] Update Helm release nextcloud to v6.2.4 (#994) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index 7b80ba0a8..1240d2c08 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.2.3', + targetRevision: '6.2.4', values: (importstr 'values.yaml'), } From 98a0cd5a2a77d6a06c2a4788566e53dcc1812fad Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 23 Nov 2024 06:06:01 +0000 Subject: [PATCH 0227/1209] Update dependency aquaproj/aqua-renovate-config to v2.5.0 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index bcf065b77..b90cfea21 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,6 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.4.0"], + extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.5.0"], dependencyDashboard: true, timezone: "Asia/Tokyo", kubernetes: { From c2ee0f1f3a7741fd2f3777c4159914132b5c0deb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 23 Nov 2024 06:07:51 +0000 Subject: [PATCH 0228/1209] Update dependency aquaproj/aqua-registry to v4.258.0 (#996) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 52dd9f43f..115f2725a 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.257.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.258.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 8f647be381775b71e6b6dab3467a43b097773903 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 23 Nov 2024 09:19:26 +0000 Subject: [PATCH 0229/1209] Update Helm release kube-prometheus-stack to v66.2.2 (#998) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 46b60a6f2..cccdf2473 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.2.1', + targetRevision: '66.2.2', values: (importstr 'values.yaml'), } From aa387002a1891592f91684d18207e09e92dcd858 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 23 Nov 2024 09:20:51 +0000 Subject: [PATCH 0230/1209] Update Helm release external-secrets to v0.10.7 --- k8s/apps/external-secrets/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet index f359e4e0d..42158e445 100644 --- a/k8s/apps/external-secrets/helm.jsonnet +++ b/k8s/apps/external-secrets/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'external-secrets', repoURL: 'https://charts.external-secrets.io', - targetRevision: '0.10.6', + targetRevision: '0.10.7', values: '', } From d41f6ef64a7d49e6b82cc6c372b348009865b54f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 24 Nov 2024 14:23:29 +0000 Subject: [PATCH 0231/1209] Update dependency aquaproj/aqua-registry to v4.258.1 (#1000) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 115f2725a..063c7e6e7 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.258.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.258.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 1f6abed3f9cff1579e1fa8b512025af8b4dcc751 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 06:12:45 +0000 Subject: [PATCH 0232/1209] Update dependency aquaproj/aqua-registry to v4.259.0 (#1001) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 063c7e6e7..30e15e4d2 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.258.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.259.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 9bffcd2e5f99eeb14f4e1ef0aaa8283ef5a769a9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 23:02:23 +0000 Subject: [PATCH 0233/1209] Update ghcr.io/walnuts1018/mucaron-backend Docker tag to v9bdba227330b16619ed68982ad0d530fc568ef10-77 (#1002) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index f4ac865ff..0f4981d97 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:ec8f7fc30e6ac56ac236188e5c35b7d7b44f12f9-71', + image: 'ghcr.io/walnuts1018/mucaron-backend:9bdba227330b16619ed68982ad0d530fc568ef10-77', ports: [ { containerPort: 8080, From e480740b0754a580f8bffebf5a914397345b6775 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 23:02:45 +0000 Subject: [PATCH 0234/1209] Update ghcr.io/walnuts1018/mucaron-frontend Docker tag to v2c598c4e9678ff152c9b010a642976cca2660d4a-56 (#1003) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 49ef53b1a..6f6ad0ac0 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:cf7ba698105468dc18720e2e87186285f315335e-50', + image: 'ghcr.io/walnuts1018/mucaron-frontend:2c598c4e9678ff152c9b010a642976cca2660d4a-56', ports: [ { containerPort: 3000, From aa33043e579a6ab85de074c51f38289d5385dbc5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 00:10:12 +0000 Subject: [PATCH 0235/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to c0df069e77f5e2dbece09310e144b42f9046872b-306 (#1004) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index aa122a912..41cae5ed1 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:4ef9fca05c38a6cce0ce79ae2263abece9fad5cb-301', + image: 'ghcr.io/walnuts1018/walnuts.dev:c0df069e77f5e2dbece09310e144b42f9046872b-306', imagePullPolicy: 'IfNotPresent', ports: [ { From 82755ff7a0916883ade049af3445449e23e11f95 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 09:16:23 +0900 Subject: [PATCH 0236/1209] add cilium ingress Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 5500866db..a50729b5c 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -1,4 +1,3 @@ - image: useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 kubeProxyReplacement: true @@ -17,6 +16,10 @@ clustermesh: auto: enabled: true method: cronJob +ingressController: + enabled: true + loadbalancerMode: shared + default: falsess hubble: tls: enabled: true From 09dd14e310b906563e4645f63a92d884305c7cda Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 09:19:03 +0900 Subject: [PATCH 0237/1209] fix typo Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index a50729b5c..28e0ef900 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -19,7 +19,7 @@ clustermesh: ingressController: enabled: true loadbalancerMode: shared - default: falsess + default: false hubble: tls: enabled: true From 92111be3273353a5f1414f5a8e2a51c63735352a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 09:26:28 +0900 Subject: [PATCH 0238/1209] add loadBalancerIP Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 28e0ef900..38a164955 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -20,6 +20,8 @@ ingressController: enabled: true loadbalancerMode: shared default: false + service: + loadBalancerIP: 192.168.0.129 hubble: tls: enabled: true From 60ba1a30e02023553895a96fe71bb00e2c1913fd Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 09:55:45 +0900 Subject: [PATCH 0239/1209] add notification Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 2 ++ k8s/_argocd/applications/argocd.yaml | 3 +++ k8s/_argocd/applications/namespaces.yaml | 3 +++ .../notification-externalsecret.jsonnet | 14 ++++++++++++++ k8s/_argocd/argocd_components/values.yaml | 7 +++++++ 5 files changed, 29 insertions(+) create mode 100644 k8s/_argocd/argocd_components/notification-externalsecret.jsonnet diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index 0843aaf95..c44fc7ba7 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -15,6 +15,8 @@ spec: template: metadata: name: '{{.name}}' + annotations: + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index 52617c9f6..e757b18b4 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -3,6 +3,9 @@ kind: Application metadata: name: argocd namespace: argocd + metadata: + annotations: + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/applications/namespaces.yaml b/k8s/_argocd/applications/namespaces.yaml index 6b718ded9..37796c0a5 100644 --- a/k8s/_argocd/applications/namespaces.yaml +++ b/k8s/_argocd/applications/namespaces.yaml @@ -3,6 +3,9 @@ kind: Application metadata: name: namespaces namespace: argocd + metadata: + annotations: + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/argocd_components/notification-externalsecret.jsonnet b/k8s/_argocd/argocd_components/notification-externalsecret.jsonnet new file mode 100644 index 000000000..3444bbdc9 --- /dev/null +++ b/k8s/_argocd/argocd_components/notification-externalsecret.jsonnet @@ -0,0 +1,14 @@ +(import '../../components/external-secret.libsonnet') { + name: 'argocd-notifications-secret', + use_suffix: false, + namespace: (import 'app.json5').namespace, + data: [ + { + secretKey: 'slack-token', + remoteRef: { + key: 'argocd', + property: 'slack-token', + }, + }, + ], +} diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 95602727a..9f2e76318 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -42,3 +42,10 @@ server: controller: generic ingressClassName: "nginx" tls: false + +notifications: + context: + cluster: "kurumi" + secret: + create: false + name: "argocd-notifications-secret" From 622d5636c7c60929db47a0e287c996cd0dccdfe0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 09:57:22 +0900 Subject: [PATCH 0240/1209] add Slack notification for sync success in ArgoCD application Signed-off-by: walnuts1018 --- k8s/_argocd/clusters/kurumi/base.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index 87679e805..04ffe8125 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -3,6 +3,9 @@ kind: Application metadata: name: base namespace: argocd + metadata: + annotations: + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop spec: project: default destination: From abcb89532aed6afeb4e32178b143a9a7a82c7eb1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 00:57:35 +0000 Subject: [PATCH 0241/1209] Update dependency aquaproj/aqua-registry to v4.260.0 (#1005) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 30e15e4d2..d940a35a1 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.259.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.260.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 905bab096dc8b825f05de1032c015b844193a56d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:05:15 +0900 Subject: [PATCH 0242/1209] add Signed-off-by: walnuts1018 --- .../argocd_components/notification-configmap.jsonnet | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 k8s/_argocd/argocd_components/notification-configmap.jsonnet diff --git a/k8s/_argocd/argocd_components/notification-configmap.jsonnet b/k8s/_argocd/argocd_components/notification-configmap.jsonnet new file mode 100644 index 000000000..1d2630314 --- /dev/null +++ b/k8s/_argocd/argocd_components/notification-configmap.jsonnet @@ -0,0 +1,11 @@ +{ + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: 'argocd-notifications-cm', + namespace: (import 'app.json5').namespace, + }, + data: { + 'service.slack': 'token: $slack-token', + }, +} From f3e850ca7148f6e0c7aa876e00d38596c36b5e26 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:07:58 +0900 Subject: [PATCH 0243/1209] Add Slack notifications for application sync and health events in ArgoCD Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 4 +++- k8s/_argocd/applications/argocd.yaml | 4 +++- k8s/_argocd/applications/namespaces.yaml | 4 +++- k8s/_argocd/clusters/kurumi/base.yaml | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index c44fc7ba7..5c2ee147d 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -16,7 +16,9 @@ spec: metadata: name: '{{.name}}' annotations: - notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index e757b18b4..0b565e52a 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -5,7 +5,9 @@ metadata: namespace: argocd metadata: annotations: - notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/applications/namespaces.yaml b/k8s/_argocd/applications/namespaces.yaml index 37796c0a5..d98ebe825 100644 --- a/k8s/_argocd/applications/namespaces.yaml +++ b/k8s/_argocd/applications/namespaces.yaml @@ -5,7 +5,9 @@ metadata: namespace: argocd metadata: annotations: - notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index 04ffe8125..622a87ccb 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -5,7 +5,9 @@ metadata: namespace: argocd metadata: annotations: - notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: From 9940749249847f4c146d52025d36030bb735480a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:11:58 +0900 Subject: [PATCH 0244/1209] Add configuration to disable creation of notification config map in ArgoCD Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 9f2e76318..112f25cfb 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -49,3 +49,5 @@ notifications: secret: create: false name: "argocd-notifications-secret" + cm: + create: false From 9e6b126a8f4c6c42512b4b7db586072c22e0e4f6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:19:09 +0900 Subject: [PATCH 0245/1209] Add namespace support to ExternalSecret configuration Signed-off-by: walnuts1018 --- k8s/components/external-secret.libsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/components/external-secret.libsonnet b/k8s/components/external-secret.libsonnet index 46a146495..2e51659f6 100644 --- a/k8s/components/external-secret.libsonnet +++ b/k8s/components/external-secret.libsonnet @@ -1,11 +1,13 @@ { name:: error 'name is required', + namespace:: '', use_suffix:: true, data:: error 'data is required', apiVersion: 'external-secrets.io/v1beta1', kind: 'ExternalSecret', metadata: { name: $.name + if $.use_suffix then '-' + std.md5(std.toString($.data) + { spec: { target: { name: null } } })[0:6] else '', + [if !($.namespace == '') then 'namespace']: $.namespace, }, spec: { secretStoreRef: { From de5cfc004c05bbe4f5260b0e4337ab585eeea12e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:25:42 +0900 Subject: [PATCH 0246/1209] add Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/default.jsonnet | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 7bdb60703..b2712701e 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -3,7 +3,6 @@ std.mergePatch((import '_base.libsonnet'), { name: 'default', }, spec: { - replicas: 1, mode: 'deployment', config: { connectors: { From 4614cb6df0aec0e24827d41303115c158c3d8bbe Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:26:44 +0900 Subject: [PATCH 0247/1209] fix Signed-off-by: walnuts1018 --- k8s/_argocd/clusters/kurumi/base.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index 622a87ccb..2f1cb4e31 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -3,11 +3,10 @@ kind: Application metadata: name: base namespace: argocd - metadata: - annotations: - notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop + annotations: + notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: From e9ca96617462f17576402efd4abca572f8c71c1f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:28:17 +0900 Subject: [PATCH 0248/1209] Fix indentation in ArgoCD application YAML files for Slack notifications Signed-off-by: walnuts1018 --- k8s/_argocd/applications/argocd.yaml | 9 ++++----- k8s/_argocd/applications/namespaces.yaml | 9 ++++----- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index 0b565e52a..d3a78fdb3 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -3,11 +3,10 @@ kind: Application metadata: name: argocd namespace: argocd - metadata: - annotations: - notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop + annotations: + notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/applications/namespaces.yaml b/k8s/_argocd/applications/namespaces.yaml index d98ebe825..fe1f5510d 100644 --- a/k8s/_argocd/applications/namespaces.yaml +++ b/k8s/_argocd/applications/namespaces.yaml @@ -3,11 +3,10 @@ kind: Application metadata: name: namespaces namespace: argocd - metadata: - annotations: - notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop + annotations: + notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: From db1714d8a15a7eaf20709afc4a573fd5038f9839 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:33:20 +0900 Subject: [PATCH 0249/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index 5c2ee147d..c5d7cf57a 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -19,6 +19,7 @@ spec: notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop spec: project: default destination: From 233660a3055801f71e640e47ab84f5f8dd0dc644 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 10:38:43 +0900 Subject: [PATCH 0250/1209] fix Signed-off-by: walnuts1018 --- k8s/components/helm.libsonnet | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet index a6567dfc1..dc92bbe89 100644 --- a/k8s/components/helm.libsonnet +++ b/k8s/components/helm.libsonnet @@ -12,6 +12,13 @@ metadata: { name: $.name + '-helm', namespace: 'argocd', + annotations: { + local slackChannel = 'walnuts-sysop', + 'notifications.argoproj.io/subscribe.on-deleted.slack': slackChannel, + 'notifications.argoproj.io/subscribe.on-health-degraded.slack': slackChannel, + 'notifications.argoproj.io/subscribe.on-sync-failed.slack': slackChannel, + 'notifications.argoproj.io/subscribe.on-sync-succeeded.slack': slackChannel, + }, }, spec: { project: 'default', From 29f5255e574644bacb6425f3a75bb4be64d5516b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:01:47 +0900 Subject: [PATCH 0251/1209] add Signed-off-by: walnuts1018 --- .../argocd-notifications-cm.yaml | 524 ++++++++++++++++++ .../notification-configmap.jsonnet | 4 +- 2 files changed, 526 insertions(+), 2 deletions(-) create mode 100644 k8s/_argocd/argocd_components/argocd-notifications-cm.yaml diff --git a/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml b/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml new file mode 100644 index 000000000..37a8e1c88 --- /dev/null +++ b/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml @@ -0,0 +1,524 @@ +# from: https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml +apiVersion: v1 +data: + template.app-created: | + email: + subject: Application {{.app.metadata.name}} has been created. + message: Application {{.app.metadata.name}} has been created. + teams: + title: Application {{.app.metadata.name}} has been created. + template.app-deleted: | + email: + subject: Application {{.app.metadata.name}} has been deleted. + message: Application {{.app.metadata.name}} has been deleted. + teams: + title: Application {{.app.metadata.name}} has been deleted. + template.app-deployed: | + email: + subject: New version of an application {{.app.metadata.name}} is up and running. + message: | + {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#18be52", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + }, + { + "title": "Revision", + "value": "{{.app.status.sync.revision}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + }, + { + "name": "Revision", + "value": "{{.app.status.sync.revision}}" + } + {{range $index, $c := .app.status.conditions}} + , + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Operation Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + themeColor: '#000080' + title: New version of an application {{.app.metadata.name}} is up and running. + template.app-health-degraded: | + email: + subject: Application {{.app.metadata.name}} has degraded. + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#f4c030", + "fields": [ + { + "title": "Health Status", + "value": "{{.app.status.health.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Health Status", + "value": "{{.app.status.health.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: | + [{ + "@type":"OpenUri", + "name":"Open Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + themeColor: '#FF0000' + title: Application {{.app.metadata.name}} has degraded. + template.app-sync-failed: | + email: + subject: Failed to sync application {{.app.metadata.name}}. + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#E96D76", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Failed at", + "value": "{{.app.status.operationState.finishedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Operation", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + themeColor: '#FF0000' + title: Failed to sync application {{.app.metadata.name}}. + template.app-sync-running: | + email: + subject: Start syncing application {{.app.metadata.name}}. + message: | + The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#0DADEA", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Started at", + "value": "{{.app.status.operationState.startedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Operation", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + title: Start syncing application {{.app.metadata.name}}. + template.app-sync-status-unknown: | + email: + subject: Application {{.app.metadata.name}} sync status is 'Unknown' + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + {{if ne .serviceType "slack"}} + {{range $c := .app.status.conditions}} + * {{$c.message}} + {{end}} + {{end}} + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#E96D76", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + title: Application {{.app.metadata.name}} sync status is 'Unknown' + template.app-sync-succeeded: | + email: + subject: Application {{.app.metadata.name}} has been successfully synced. + message: | + {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#18be52", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Synced at", + "value": "{{.app.status.operationState.finishedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Operation Details", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + themeColor: '#000080' + title: Application {{.app.metadata.name}} has been successfully synced + trigger.on-created: | + - description: Application is created. + oncePer: app.metadata.name + send: + - app-created + when: "true" + trigger.on-deleted: | + - description: Application is deleted. + oncePer: app.metadata.name + send: + - app-deleted + when: app.metadata.deletionTimestamp != nil + trigger.on-deployed: | + - description: Application is synced and healthy. Triggered once per commit. + oncePer: app.status.operationState?.syncResult?.revision + send: + - app-deployed + when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] + and app.status.health.status == 'Healthy' + trigger.on-health-degraded: | + - description: Application has degraded + send: + - app-health-degraded + when: app.status.health.status == 'Degraded' + trigger.on-sync-failed: | + - description: Application syncing has failed + send: + - app-sync-failed + when: app.status.operationState != nil and app.status.operationState.phase in ['Error', + 'Failed'] + trigger.on-sync-running: | + - description: Application is being synced + send: + - app-sync-running + when: app.status.operationState != nil and app.status.operationState.phase in ['Running'] + trigger.on-sync-status-unknown: | + - description: Application status is 'Unknown' + send: + - app-sync-status-unknown + when: app.status.sync.status == 'Unknown' + trigger.on-sync-succeeded: | + - description: Application syncing has succeeded + send: + - app-sync-succeeded + when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] +kind: ConfigMap +metadata: + name: argocd-notifications-cm diff --git a/k8s/_argocd/argocd_components/notification-configmap.jsonnet b/k8s/_argocd/argocd_components/notification-configmap.jsonnet index 1d2630314..b1351f312 100644 --- a/k8s/_argocd/argocd_components/notification-configmap.jsonnet +++ b/k8s/_argocd/argocd_components/notification-configmap.jsonnet @@ -1,4 +1,4 @@ -{ +std.mergePatch(std.parseYaml(importstr 'argocd-notifications-cm.yaml'), { apiVersion: 'v1', kind: 'ConfigMap', metadata: { @@ -8,4 +8,4 @@ data: { 'service.slack': 'token: $slack-token', }, -} +}) From ed5cda321e42445ebc39ea1d46f64a5b16aff4b3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:03:15 +0900 Subject: [PATCH 0252/1209] rm success Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index c5d7cf57a..5c2ee147d 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -19,7 +19,6 @@ spec: notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop spec: project: default destination: From 4dad884edff292fbe5e5ac3154879c94545b9737 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:05:23 +0900 Subject: [PATCH 0253/1209] add Signed-off-by: walnuts1018 --- ...cation-configmap.jsonnet => argocd-notifications-cm.jsonnet} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename k8s/_argocd/argocd_components/{notification-configmap.jsonnet => argocd-notifications-cm.jsonnet} (75%) diff --git a/k8s/_argocd/argocd_components/notification-configmap.jsonnet b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet similarity index 75% rename from k8s/_argocd/argocd_components/notification-configmap.jsonnet rename to k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet index b1351f312..92988534e 100644 --- a/k8s/_argocd/argocd_components/notification-configmap.jsonnet +++ b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet @@ -6,6 +6,6 @@ std.mergePatch(std.parseYaml(importstr 'argocd-notifications-cm.yaml'), { namespace: (import 'app.json5').namespace, }, data: { - 'service.slack': 'token: $slack-token', + 'service.slack': 'token: $slack-token\nicon: :argo:\nusername: argocd', }, }) From fe061965ced3f1a9a9eeb3d1c81cedb6eda3140e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:07:45 +0900 Subject: [PATCH 0254/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index 5c2ee147d..c5d7cf57a 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -19,6 +19,7 @@ spec: notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop spec: project: default destination: From 1b269a8ac2f06a8f234a9f0ef754887870e2f811 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:09:53 +0900 Subject: [PATCH 0255/1209] fix Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet index 92988534e..8c0f328a9 100644 --- a/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet +++ b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet @@ -6,6 +6,6 @@ std.mergePatch(std.parseYaml(importstr 'argocd-notifications-cm.yaml'), { namespace: (import 'app.json5').namespace, }, data: { - 'service.slack': 'token: $slack-token\nicon: :argo:\nusername: argocd', + 'service.slack': 'token: $slack-token\nicon: ":argo:"\nusername: argocd', }, }) From a0e8df4c134e6ed1fb9e6748878c14e97db4dad6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:15:05 +0900 Subject: [PATCH 0256/1209] fix Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet index 8c0f328a9..b1351f312 100644 --- a/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet +++ b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet @@ -6,6 +6,6 @@ std.mergePatch(std.parseYaml(importstr 'argocd-notifications-cm.yaml'), { namespace: (import 'app.json5').namespace, }, data: { - 'service.slack': 'token: $slack-token\nicon: ":argo:"\nusername: argocd', + 'service.slack': 'token: $slack-token', }, }) From 32819b46abdf7a77e9d9f7e7f91efdc305bc87ea Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:17:45 +0900 Subject: [PATCH 0257/1209] fix Signed-off-by: walnuts1018 --- .../argocd-notifications-cm.jsonnet | 10 +- .../argocd-notifications-cm.yaml | 925 +++++++++--------- 2 files changed, 465 insertions(+), 470 deletions(-) diff --git a/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet index b1351f312..a0add5d38 100644 --- a/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet +++ b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet @@ -1,11 +1,11 @@ -std.mergePatch(std.parseYaml(importstr 'argocd-notifications-cm.yaml'), { +{ apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'argocd-notifications-cm', namespace: (import 'app.json5').namespace, }, - data: { - 'service.slack': 'token: $slack-token', - }, -}) + data: std.mergePatch(std.parseYaml(importstr 'argocd-notifications-cm.yaml'), { + 'service.slack': 'token: $slack-token\nicon: ":argo:"\nusername: argocd', + }), +} diff --git a/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml b/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml index 37a8e1c88..ea604fd88 100644 --- a/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml +++ b/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml @@ -1,524 +1,519 @@ # from: https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml -apiVersion: v1 -data: - template.app-created: | - email: - subject: Application {{.app.metadata.name}} has been created. - message: Application {{.app.metadata.name}} has been created. - teams: - title: Application {{.app.metadata.name}} has been created. - template.app-deleted: | - email: - subject: Application {{.app.metadata.name}} has been deleted. - message: Application {{.app.metadata.name}} has been deleted. - teams: - title: Application {{.app.metadata.name}} has been deleted. - template.app-deployed: | - email: - subject: New version of an application {{.app.metadata.name}} is up and running. - message: | - {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#18be52", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - }, - { - "title": "Revision", - "value": "{{.app.status.sync.revision}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] - }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" +template.app-created: | + email: + subject: Application {{.app.metadata.name}} has been created. + message: Application {{.app.metadata.name}} has been created. + teams: + title: Application {{.app.metadata.name}} has been created. +template.app-deleted: | + email: + subject: Application {{.app.metadata.name}} has been deleted. + message: Application {{.app.metadata.name}} has been deleted. + teams: + title: Application {{.app.metadata.name}} has been deleted. +template.app-deployed: | + email: + subject: New version of an application {{.app.metadata.name}} is up and running. + message: | + {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#18be52", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true }, { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true }, { - "name": "Revision", - "value": "{{.app.status.sync.revision}}" + "title": "Revision", + "value": "{{.app.status.sync.revision}}", + "short": true } {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } {{end}} ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Operation Application", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" - }] - }, + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + }, + { + "name": "Revision", + "value": "{{.app.status.sync.revision}}" + } + {{range $index, $c := .app.status.conditions}} + , { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Operation Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" }] - themeColor: '#000080' - title: New version of an application {{.app.metadata.name}} is up and running. - template.app-health-degraded: | - email: - subject: Application {{.app.metadata.name}} has degraded. - message: | - {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. - Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#f4c030", - "fields": [ - { - "title": "Health Status", - "value": "{{.app.status.health.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Health Status", - "value": "{{.app.status.health.status}}" + }] + themeColor: '#000080' + title: New version of an application {{.app.metadata.name}} is up and running. +template.app-health-degraded: | + email: + subject: Application {{.app.metadata.name}} has degraded. + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#f4c030", + "fields": [ + { + "title": "Health Status", + "value": "{{.app.status.health.status}}", + "short": true }, { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true } {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } {{end}} ] - potentialAction: | - [{ - "@type":"OpenUri", - "name":"Open Application", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" - }] - }, + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Health Status", + "value": "{{.app.status.health.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: | + [{ + "@type":"OpenUri", + "name":"Open Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" }] - themeColor: '#FF0000' - title: Application {{.app.metadata.name}} has degraded. - template.app-sync-failed: | - email: - subject: Failed to sync application {{.app.metadata.name}}. - message: | - {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} - Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#E96D76", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" - }, + }] + themeColor: '#FF0000' + title: Application {{.app.metadata.name}} has degraded. +template.app-sync-failed: | + email: + subject: Failed to sync application {{.app.metadata.name}}. + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#E96D76", + "fields": [ { - "name": "Failed at", - "value": "{{.app.status.operationState.finishedAt}}" + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true }, { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true } {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } {{end}} ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Open Operation", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - }] - }, + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Failed at", + "value": "{{.app.status.operationState.finishedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Operation", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" }] - themeColor: '#FF0000' - title: Failed to sync application {{.app.metadata.name}}. - template.app-sync-running: | - email: - subject: Start syncing application {{.app.metadata.name}}. - message: | - The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. - Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#0DADEA", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" - }, + }] + themeColor: '#FF0000' + title: Failed to sync application {{.app.metadata.name}}. +template.app-sync-running: | + email: + subject: Start syncing application {{.app.metadata.name}}. + message: | + The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#0DADEA", + "fields": [ { - "name": "Started at", - "value": "{{.app.status.operationState.startedAt}}" + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true }, { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true } {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } {{end}} ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Open Operation", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - }] - }, + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Started at", + "value": "{{.app.status.operationState.startedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] - }] - title: Start syncing application {{.app.metadata.name}}. - template.app-sync-status-unknown: | - email: - subject: Application {{.app.metadata.name}} sync status is 'Unknown' - message: | - {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. - Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. - {{if ne .serviceType "slack"}} - {{range $c := .app.status.conditions}} - * {{$c.message}} - {{end}} + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } {{end}} - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#E96D76", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Operation", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" + }] + title: Start syncing application {{.app.metadata.name}}. +template.app-sync-status-unknown: | + email: + subject: Application {{.app.metadata.name}} sync status is 'Unknown' + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + {{if ne .serviceType "slack"}} + {{range $c := .app.status.conditions}} + * {{$c.message}} + {{end}} + {{end}} + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#E96D76", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true }, { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true } {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } {{end}} ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Open Application", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" - }] - }, + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" }] - title: Application {{.app.metadata.name}} sync status is 'Unknown' - template.app-sync-succeeded: | - email: - subject: Application {{.app.metadata.name}} has been successfully synced. - message: | - {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. - Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#18be52", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" - }, + }] + title: Application {{.app.metadata.name}} sync status is 'Unknown' +template.app-sync-succeeded: | + email: + subject: Application {{.app.metadata.name}} has been successfully synced. + message: | + {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#18be52", + "fields": [ { - "name": "Synced at", - "value": "{{.app.status.operationState.finishedAt}}" + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true }, { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true } {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } + , + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } {{end}} ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Operation Details", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - }] - }, + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Synced at", + "value": "{{.app.status.operationState.finishedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + , { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Operation Details", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" }] - themeColor: '#000080' - title: Application {{.app.metadata.name}} has been successfully synced - trigger.on-created: | - - description: Application is created. - oncePer: app.metadata.name - send: - - app-created - when: "true" - trigger.on-deleted: | - - description: Application is deleted. - oncePer: app.metadata.name - send: - - app-deleted - when: app.metadata.deletionTimestamp != nil - trigger.on-deployed: | - - description: Application is synced and healthy. Triggered once per commit. - oncePer: app.status.operationState?.syncResult?.revision - send: - - app-deployed - when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] - and app.status.health.status == 'Healthy' - trigger.on-health-degraded: | - - description: Application has degraded - send: - - app-health-degraded - when: app.status.health.status == 'Degraded' - trigger.on-sync-failed: | - - description: Application syncing has failed - send: - - app-sync-failed - when: app.status.operationState != nil and app.status.operationState.phase in ['Error', - 'Failed'] - trigger.on-sync-running: | - - description: Application is being synced - send: - - app-sync-running - when: app.status.operationState != nil and app.status.operationState.phase in ['Running'] - trigger.on-sync-status-unknown: | - - description: Application status is 'Unknown' - send: - - app-sync-status-unknown - when: app.status.sync.status == 'Unknown' - trigger.on-sync-succeeded: | - - description: Application syncing has succeeded - send: - - app-sync-succeeded - when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] -kind: ConfigMap -metadata: - name: argocd-notifications-cm + }] + themeColor: '#000080' + title: Application {{.app.metadata.name}} has been successfully synced +trigger.on-created: | + - description: Application is created. + oncePer: app.metadata.name + send: + - app-created + when: "true" +trigger.on-deleted: | + - description: Application is deleted. + oncePer: app.metadata.name + send: + - app-deleted + when: app.metadata.deletionTimestamp != nil +trigger.on-deployed: | + - description: Application is synced and healthy. Triggered once per commit. + oncePer: app.status.operationState?.syncResult?.revision + send: + - app-deployed + when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] + and app.status.health.status == 'Healthy' +trigger.on-health-degraded: | + - description: Application has degraded + send: + - app-health-degraded + when: app.status.health.status == 'Degraded' +trigger.on-sync-failed: | + - description: Application syncing has failed + send: + - app-sync-failed + when: app.status.operationState != nil and app.status.operationState.phase in ['Error', + 'Failed'] +trigger.on-sync-running: | + - description: Application is being synced + send: + - app-sync-running + when: app.status.operationState != nil and app.status.operationState.phase in ['Running'] +trigger.on-sync-status-unknown: | + - description: Application status is 'Unknown' + send: + - app-sync-status-unknown + when: app.status.sync.status == 'Unknown' +trigger.on-sync-succeeded: | + - description: Application syncing has succeeded + send: + - app-sync-succeeded + when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] From d83b092da5f5d05e1b1644dec462d47aed11b3b9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:20:36 +0900 Subject: [PATCH 0258/1209] rm synced notifications Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index c5d7cf57a..5c2ee147d 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -19,7 +19,6 @@ spec: notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-succeeded.slack: walnuts-sysop spec: project: default destination: From 19a71acb7fe7fc948ca964df5ca89a5317eb8147 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:25:38 +0900 Subject: [PATCH 0259/1209] add Signed-off-by: walnuts1018 --- .../argocd-notifications-cm.jsonnet | 11 - .../argocd-notifications-cm.yaml | 519 ------------------ k8s/_argocd/argocd_components/values.yaml | 8 +- 3 files changed, 7 insertions(+), 531 deletions(-) delete mode 100644 k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet delete mode 100644 k8s/_argocd/argocd_components/argocd-notifications-cm.yaml diff --git a/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet b/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet deleted file mode 100644 index a0add5d38..000000000 --- a/k8s/_argocd/argocd_components/argocd-notifications-cm.jsonnet +++ /dev/null @@ -1,11 +0,0 @@ -{ - apiVersion: 'v1', - kind: 'ConfigMap', - metadata: { - name: 'argocd-notifications-cm', - namespace: (import 'app.json5').namespace, - }, - data: std.mergePatch(std.parseYaml(importstr 'argocd-notifications-cm.yaml'), { - 'service.slack': 'token: $slack-token\nicon: ":argo:"\nusername: argocd', - }), -} diff --git a/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml b/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml deleted file mode 100644 index ea604fd88..000000000 --- a/k8s/_argocd/argocd_components/argocd-notifications-cm.yaml +++ /dev/null @@ -1,519 +0,0 @@ -# from: https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml -template.app-created: | - email: - subject: Application {{.app.metadata.name}} has been created. - message: Application {{.app.metadata.name}} has been created. - teams: - title: Application {{.app.metadata.name}} has been created. -template.app-deleted: | - email: - subject: Application {{.app.metadata.name}} has been deleted. - message: Application {{.app.metadata.name}} has been deleted. - teams: - title: Application {{.app.metadata.name}} has been deleted. -template.app-deployed: | - email: - subject: New version of an application {{.app.metadata.name}} is up and running. - message: | - {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#18be52", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - }, - { - "title": "Revision", - "value": "{{.app.status.sync.revision}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] - }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" - }, - { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" - }, - { - "name": "Revision", - "value": "{{.app.status.sync.revision}}" - } - {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } - {{end}} - ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Operation Application", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" - }] - }, - { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] - }] - themeColor: '#000080' - title: New version of an application {{.app.metadata.name}} is up and running. -template.app-health-degraded: | - email: - subject: Application {{.app.metadata.name}} has degraded. - message: | - {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. - Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#f4c030", - "fields": [ - { - "title": "Health Status", - "value": "{{.app.status.health.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] - }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Health Status", - "value": "{{.app.status.health.status}}" - }, - { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" - } - {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } - {{end}} - ] - potentialAction: | - [{ - "@type":"OpenUri", - "name":"Open Application", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" - }] - }, - { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] - }] - themeColor: '#FF0000' - title: Application {{.app.metadata.name}} has degraded. -template.app-sync-failed: | - email: - subject: Failed to sync application {{.app.metadata.name}}. - message: | - {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} - Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#E96D76", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] - }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" - }, - { - "name": "Failed at", - "value": "{{.app.status.operationState.finishedAt}}" - }, - { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" - } - {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } - {{end}} - ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Open Operation", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - }] - }, - { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] - }] - themeColor: '#FF0000' - title: Failed to sync application {{.app.metadata.name}}. -template.app-sync-running: | - email: - subject: Start syncing application {{.app.metadata.name}}. - message: | - The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. - Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#0DADEA", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] - }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" - }, - { - "name": "Started at", - "value": "{{.app.status.operationState.startedAt}}" - }, - { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" - } - {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } - {{end}} - ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Open Operation", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - }] - }, - { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] - }] - title: Start syncing application {{.app.metadata.name}}. -template.app-sync-status-unknown: | - email: - subject: Application {{.app.metadata.name}} sync status is 'Unknown' - message: | - {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. - Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. - {{if ne .serviceType "slack"}} - {{range $c := .app.status.conditions}} - * {{$c.message}} - {{end}} - {{end}} - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#E96D76", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] - }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" - }, - { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" - } - {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } - {{end}} - ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Open Application", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" - }] - }, - { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] - }] - title: Application {{.app.metadata.name}} sync status is 'Unknown' -template.app-sync-succeeded: | - email: - subject: Application {{.app.metadata.name}} has been successfully synced. - message: | - {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. - Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - slack: - attachments: | - [{ - "title": "{{ .app.metadata.name}}", - "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - "color": "#18be52", - "fields": [ - { - "title": "Sync Status", - "value": "{{.app.status.sync.status}}", - "short": true - }, - { - "title": "Repository", - "value": "{{.app.spec.source.repoURL}}", - "short": true - } - {{range $index, $c := .app.status.conditions}} - , - { - "title": "{{$c.type}}", - "value": "{{$c.message}}", - "short": true - } - {{end}} - ] - }] - deliveryPolicy: Post - groupingKey: "" - notifyBroadcast: false - teams: - facts: | - [{ - "name": "Sync Status", - "value": "{{.app.status.sync.status}}" - }, - { - "name": "Synced at", - "value": "{{.app.status.operationState.finishedAt}}" - }, - { - "name": "Repository", - "value": "{{.app.spec.source.repoURL}}" - } - {{range $index, $c := .app.status.conditions}} - , - { - "name": "{{$c.type}}", - "value": "{{$c.message}}" - } - {{end}} - ] - potentialAction: |- - [{ - "@type":"OpenUri", - "name":"Operation Details", - "targets":[{ - "os":"default", - "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" - }] - }, - { - "@type":"OpenUri", - "name":"Open Repository", - "targets":[{ - "os":"default", - "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" - }] - }] - themeColor: '#000080' - title: Application {{.app.metadata.name}} has been successfully synced -trigger.on-created: | - - description: Application is created. - oncePer: app.metadata.name - send: - - app-created - when: "true" -trigger.on-deleted: | - - description: Application is deleted. - oncePer: app.metadata.name - send: - - app-deleted - when: app.metadata.deletionTimestamp != nil -trigger.on-deployed: | - - description: Application is synced and healthy. Triggered once per commit. - oncePer: app.status.operationState?.syncResult?.revision - send: - - app-deployed - when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] - and app.status.health.status == 'Healthy' -trigger.on-health-degraded: | - - description: Application has degraded - send: - - app-health-degraded - when: app.status.health.status == 'Degraded' -trigger.on-sync-failed: | - - description: Application syncing has failed - send: - - app-sync-failed - when: app.status.operationState != nil and app.status.operationState.phase in ['Error', - 'Failed'] -trigger.on-sync-running: | - - description: Application is being synced - send: - - app-sync-running - when: app.status.operationState != nil and app.status.operationState.phase in ['Running'] -trigger.on-sync-status-unknown: | - - description: Application status is 'Unknown' - send: - - app-sync-status-unknown - when: app.status.sync.status == 'Unknown' -trigger.on-sync-succeeded: | - - description: Application syncing has succeeded - send: - - app-sync-succeeded - when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 112f25cfb..0b8662a81 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -44,10 +44,16 @@ server: tls: false notifications: + argocdUrl: "https://argocd.walnuts.dev" context: cluster: "kurumi" secret: create: false name: "argocd-notifications-secret" cm: - create: false + create: true + notifiers: + service.slack: | + token: $slack-token + icon: ":argo:" + username: argocd From 0402f8e547780e525e7dd2ff742cc3fa962412d2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:28:12 +0900 Subject: [PATCH 0260/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 249 ++++++++++++++++++++++ 1 file changed, 249 insertions(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 0b8662a81..77d7963c3 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -57,3 +57,252 @@ notifications: token: $slack-token icon: ":argo:" username: argocd + templates: + template.app-deployed: | + email: + subject: New version of an application {{.app.metadata.name}} is up and running. + message: | + {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#18be52", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + }, + { + "title": "Revision", + "value": "{{.app.status.sync.revision}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + template.app-health-degraded: | + email: + subject: Application {{.app.metadata.name}} has degraded. + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + slack: + attachments: |- + [{ + "title": "{{ .app.metadata.name}}", + "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#f4c030", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + template.app-sync-failed: | + email: + subject: Failed to sync application {{.app.metadata.name}}. + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: |- + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#E96D76", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + template.app-sync-running: | + email: + subject: Start syncing application {{.app.metadata.name}}. + message: | + The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: |- + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#0DADEA", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + template.app-sync-status-unknown: | + email: + subject: Application {{.app.metadata.name}} sync status is 'Unknown' + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + {{if ne .serviceType "slack"}} + {{range $c := .app.status.conditions}} + * {{$c.message}} + {{end}} + {{end}} + slack: + attachments: |- + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#E96D76", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + template.app-sync-succeeded: | + email: + subject: Application {{.app.metadata.name}} has been successfully synced. + message: | + {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: |- + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#18be52", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + triggers: + trigger.on-deployed: | + - description: Application is synced and healthy. Triggered once per commit. + oncePer: app.status.sync.revision + send: + - app-deployed + when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' + trigger.on-health-degraded: | + - description: Application has degraded + send: + - app-health-degraded + when: app.status.health.status == 'Degraded' + trigger.on-sync-failed: | + - description: Application syncing has failed + send: + - app-sync-failed + when: app.status.operationState.phase in ['Error', 'Failed'] + trigger.on-sync-running: | + - description: Application is being synced + send: + - app-sync-running + when: app.status.operationState.phase in ['Running'] + trigger.on-sync-status-unknown: | + - description: Application status is 'Unknown' + send: + - app-sync-status-unknown + when: app.status.sync.status == 'Unknown' + trigger.on-sync-succeeded: | + - description: Application syncing has succeeded + send: + - app-sync-succeeded + when: app.status.operationState.phase in ['Succeeded'] + + defaultTriggers: | + - on-sync-status-unknown From 857c2a43c6856bbf481407086d7d20f346a971e0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:30:00 +0900 Subject: [PATCH 0261/1209] rm Signed-off-by: walnuts1018 --- k8s/components/helm.libsonnet | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet index dc92bbe89..1f22201e0 100644 --- a/k8s/components/helm.libsonnet +++ b/k8s/components/helm.libsonnet @@ -17,7 +17,6 @@ 'notifications.argoproj.io/subscribe.on-deleted.slack': slackChannel, 'notifications.argoproj.io/subscribe.on-health-degraded.slack': slackChannel, 'notifications.argoproj.io/subscribe.on-sync-failed.slack': slackChannel, - 'notifications.argoproj.io/subscribe.on-sync-succeeded.slack': slackChannel, }, }, spec: { From 650f875e60293a99663e1930d8e97e096ff30110 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:33:53 +0900 Subject: [PATCH 0262/1209] =?UTF-8?q?ingressClassName=E3=82=92nginx?= =?UTF-8?q?=E3=81=8B=E3=82=89cilium=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- k8s/apps/blog/ingress.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet index 97356bca8..d7097dbd9 100644 --- a/k8s/apps/blog/ingress.jsonnet +++ b/k8s/apps/blog/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'blog.walnuts.dev', From 4db5e6e0ffc7ecd313a6c450a4d01489eaee1012 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:37:54 +0900 Subject: [PATCH 0263/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 38a164955..ee0740b84 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -20,6 +20,7 @@ ingressController: enabled: true loadbalancerMode: shared default: false + enforceHttps: false service: loadBalancerIP: 192.168.0.129 hubble: From b44a519f62da098d06ee43310daa6c55acc14478 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:39:45 +0900 Subject: [PATCH 0264/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index ee0740b84..a0f3933a2 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -23,6 +23,8 @@ ingressController: enforceHttps: false service: loadBalancerIP: 192.168.0.129 +nodePort: + enabled: true hubble: tls: enabled: true From 520c7b21a837e3647ddd0d3777a9213f552c6bb5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 11:40:07 +0900 Subject: [PATCH 0265/1209] add l7Proxy Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index a0f3933a2..18af9e2c5 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -1,6 +1,7 @@ image: useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 kubeProxyReplacement: true +l7Proxy: true k8sServiceHost: 192.168.0.17 k8sServicePort: 16443 l2announcements: From 6ab8d92c731ddbde2e688d07541c4a3d5ca1ee9b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 12:05:59 +0900 Subject: [PATCH 0266/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 4 +- k8s/apps/cloudflare-origin-cert/app.json5 | 4 ++ .../external-secret.jsonnet | 51 +++++++++++++++++++ 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 k8s/apps/cloudflare-origin-cert/app.json5 create mode 100644 k8s/apps/cloudflare-origin-cert/external-secret.jsonnet diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 18af9e2c5..ccdd9af0c 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -20,8 +20,8 @@ clustermesh: ingressController: enabled: true loadbalancerMode: shared - default: false - enforceHttps: false + default: true + enforceHttps: true service: loadBalancerIP: 192.168.0.129 nodePort: diff --git a/k8s/apps/cloudflare-origin-cert/app.json5 b/k8s/apps/cloudflare-origin-cert/app.json5 new file mode 100644 index 000000000..899b9d390 --- /dev/null +++ b/k8s/apps/cloudflare-origin-cert/app.json5 @@ -0,0 +1,4 @@ +{ + name: "cloudflare-origin-cert", + namespace: "cloudflare-origin-cert", +} diff --git a/k8s/apps/cloudflare-origin-cert/external-secret.jsonnet b/k8s/apps/cloudflare-origin-cert/external-secret.jsonnet new file mode 100644 index 000000000..51f5f8393 --- /dev/null +++ b/k8s/apps/cloudflare-origin-cert/external-secret.jsonnet @@ -0,0 +1,51 @@ +{ + apiVersion: 'external-secrets.io/v1beta1', + kind: 'ClusterExternalSecret', + metadata: { + name: 'cloudflare-origin-cert', + }, + spec: { + externalSecretName: 'cloudflare-origin-cert', + namespaceSelector: { + matchExpressions: [ + { + key: 'kubernetes.io/metadata.name', + operator: 'Exists', + }, + { + key: 'walnuts.dev/public', + operator: 'DoesNotExist', + }, + ], + }, + externalSecretSpec: { + secretStoreRef: { + name: 'onepassword', + kind: 'ClusterSecretStore', + }, + refreshInterval: '1m', + target: { + name: 'cloudflare-origin-cert', + template: { + type: 'kubernetes.io/tls', + }, + }, + data: [ + { + secretKey: 'tls.crt', + remoteRef: { + key: 'cloudflare-origin-cert', + property: 'tls.crt', + }, + }, + { + secretKey: 'tls.key', + remoteRef: { + key: 'cloudflare-origin-cert', + property: 'tls.key', + }, + }, + ], + }, + }, +} From b40fe60622b4e2dc5d84dcdc14529087635a28a0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 12:06:11 +0900 Subject: [PATCH 0267/1209] add Signed-off-by: walnuts1018 --- k8s/apps/blog/ingress.jsonnet | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet index d7097dbd9..9f3addd52 100644 --- a/k8s/apps/blog/ingress.jsonnet +++ b/k8s/apps/blog/ingress.jsonnet @@ -29,5 +29,13 @@ }, }, ], + tls: [ + { + hosts: [ + 'blog.walnuts.dev', + ], + secretName: 'cloudflare-origin-cert', + }, + ], }, } From 31875fd38c81230d07e7776e243b94e323eac895 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 03:06:50 +0000 Subject: [PATCH 0268/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 8a01cb8f0..331b851f9 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-system","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","cert-manager","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 339b184aaaad924df80c072445a764357ea4a8a9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 12:15:46 +0900 Subject: [PATCH 0269/1209] add cert-manager.io/cluster-issuer Signed-off-by: walnuts1018 --- k8s/apps/blog/ingress.jsonnet | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet index 9f3addd52..5528ff6b2 100644 --- a/k8s/apps/blog/ingress.jsonnet +++ b/k8s/apps/blog/ingress.jsonnet @@ -5,6 +5,9 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + anotations: { + 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', + }, }, spec: { ingressClassName: 'cilium', @@ -29,13 +32,5 @@ }, }, ], - tls: [ - { - hosts: [ - 'blog.walnuts.dev', - ], - secretName: 'cloudflare-origin-cert', - }, - ], }, } From 4d0f39cf14511692da33c4564f423dd5fb1bc43c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 12:16:51 +0900 Subject: [PATCH 0270/1209] fix typo Signed-off-by: walnuts1018 --- k8s/apps/blog/ingress.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet index 5528ff6b2..473f7bc25 100644 --- a/k8s/apps/blog/ingress.jsonnet +++ b/k8s/apps/blog/ingress.jsonnet @@ -5,7 +5,7 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - anotations: { + annotations: { 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', }, }, From 4205abc283df64433cc7a7b760d1c0f872429926 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 12:19:53 +0900 Subject: [PATCH 0271/1209] add Signed-off-by: walnuts1018 --- k8s/apps/blog/ingress.jsonnet | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet index 473f7bc25..a3947eca7 100644 --- a/k8s/apps/blog/ingress.jsonnet +++ b/k8s/apps/blog/ingress.jsonnet @@ -32,5 +32,13 @@ }, }, ], + tls: [ + { + hosts: [ + 'blog.walnuts.dev', + ], + secretName: (import 'app.json5').name + '-tls', + }, + ], }, } From 621dea3983885a8d2759332226db956bb54ee190 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 26 Nov 2024 12:26:50 +0900 Subject: [PATCH 0272/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cert-manager/helm.jsonnet | 4 +--- k8s/apps/cert-manager/values.yaml | 4 ++++ 2 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 k8s/apps/cert-manager/values.yaml diff --git a/k8s/apps/cert-manager/helm.jsonnet b/k8s/apps/cert-manager/helm.jsonnet index c19995690..8af483442 100644 --- a/k8s/apps/cert-manager/helm.jsonnet +++ b/k8s/apps/cert-manager/helm.jsonnet @@ -4,7 +4,5 @@ chart: 'cert-manager', repoURL: 'https://charts.jetstack.io', targetRevision: 'v1.16.2', - valuesObject: { - installCRDs: true, - }, + values: (importstr 'values.yaml'), } diff --git a/k8s/apps/cert-manager/values.yaml b/k8s/apps/cert-manager/values.yaml new file mode 100644 index 000000000..34d5f9d6a --- /dev/null +++ b/k8s/apps/cert-manager/values.yaml @@ -0,0 +1,4 @@ +installCRDs: true +config: + featureGates: + ExperimentalGatewayAPISupport: true From 0f2f5e5121c64b72d53a9c468e11368d604e8800 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 22:42:46 +0000 Subject: [PATCH 0273/1209] Update Terraform aws to ~> 5.78.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index 0b4cabfb6..cb3671f80 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.77.0" + version = "~> 5.78.0" } } } From 3b76c80c26629f5efbf9e0a3fccd57b620d5b136 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 00:46:26 +0000 Subject: [PATCH 0274/1209] Update nginx Docker tag to v1.27.3 (#1008) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/blog/deployment.jsonnet | 2 +- k8s/apps/nginx-test/deployment.jsonnet | 2 +- k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/blog/deployment.jsonnet b/k8s/apps/blog/deployment.jsonnet index 66c5c3e40..474f8e772 100644 --- a/k8s/apps/blog/deployment.jsonnet +++ b/k8s/apps/blog/deployment.jsonnet @@ -23,7 +23,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'nginx', - image: 'nginx:1.27.2', + image: 'nginx:1.27.3', ports: [ { containerPort: 8080, diff --git a/k8s/apps/nginx-test/deployment.jsonnet b/k8s/apps/nginx-test/deployment.jsonnet index 66c5c3e40..474f8e772 100644 --- a/k8s/apps/nginx-test/deployment.jsonnet +++ b/k8s/apps/nginx-test/deployment.jsonnet @@ -23,7 +23,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'nginx', - image: 'nginx:1.27.2', + image: 'nginx:1.27.3', ports: [ { containerPort: 8080, diff --git a/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet b/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet index 66c5c3e40..474f8e772 100644 --- a/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet +++ b/k8s/apps/walnuts-dev-www-redirect/deployment.jsonnet @@ -23,7 +23,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'nginx', - image: 'nginx:1.27.2', + image: 'nginx:1.27.3', ports: [ { containerPort: 8080, From 35b7bc28a63d00d11048224c3c60171f3d29c6de Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 00:46:41 +0000 Subject: [PATCH 0275/1209] Update dependency aquaproj/aqua-registry to v4.261.0 (#1009) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index d940a35a1..1ede5d827 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.260.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.261.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From e5efecc664feeee2a44031d1be652a541fb920e8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 09:57:41 +0900 Subject: [PATCH 0276/1209] add minio2 Signed-off-by: walnuts1018 --- k8s/apps/minio/app.json5 | 4 ---- k8s/apps/minio2/app.json5 | 4 ++++ k8s/apps/minio2/external-secret.jsonnet | 27 +++++++++++++++++++++++++ k8s/apps/minio2/helm.jsonnet | 9 +++++++++ k8s/apps/minio2/values.yaml | 16 +++++++++++++++ 5 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 k8s/apps/minio2/app.json5 create mode 100644 k8s/apps/minio2/external-secret.jsonnet create mode 100644 k8s/apps/minio2/helm.jsonnet create mode 100644 k8s/apps/minio2/values.yaml diff --git a/k8s/apps/minio/app.json5 b/k8s/apps/minio/app.json5 index 724b7ea81..15ba0c82e 100644 --- a/k8s/apps/minio/app.json5 +++ b/k8s/apps/minio/app.json5 @@ -1,8 +1,4 @@ { name: "minio", namespace: "minio", - - proxy: { - name: "minio-proxy", - }, } diff --git a/k8s/apps/minio2/app.json5 b/k8s/apps/minio2/app.json5 new file mode 100644 index 000000000..ea7c88fdc --- /dev/null +++ b/k8s/apps/minio2/app.json5 @@ -0,0 +1,4 @@ +{ + name: "minio2", + namespace: "minio2", +} diff --git a/k8s/apps/minio2/external-secret.jsonnet b/k8s/apps/minio2/external-secret.jsonnet new file mode 100644 index 000000000..1ef628413 --- /dev/null +++ b/k8s/apps/minio2/external-secret.jsonnet @@ -0,0 +1,27 @@ +(import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + use_suffix: false, + data: [ + { + secretKey: 'rootUser', + remoteRef: { + key: 'minio', + property: 'rootUser', + }, + }, + { + secretKey: 'rootPassword', + remoteRef: { + key: 'minio', + property: 'rootPassword', + }, + }, + { + secretKey: 'client-secret', + remoteRef: { + key: 'minio', + property: 'client-secret', + }, + }, + ], +} diff --git a/k8s/apps/minio2/helm.jsonnet b/k8s/apps/minio2/helm.jsonnet new file mode 100644 index 000000000..b829548ab --- /dev/null +++ b/k8s/apps/minio2/helm.jsonnet @@ -0,0 +1,9 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + + chart: 'minio', + repoURL: 'https://charts.min.io/', + targetRevision: '5.3.0', + values: (importstr 'values.yaml'), +} diff --git a/k8s/apps/minio2/values.yaml b/k8s/apps/minio2/values.yaml new file mode 100644 index 000000000..5ea247390 --- /dev/null +++ b/k8s/apps/minio2/values.yaml @@ -0,0 +1,16 @@ +mode: distributed +replicas: 3 +existingSecret: minio +ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/ignore-invalid-headers: "off" + hosts: + - minio2.walnuts.dev +consoleIngress: + enabled: true + ingressClassName: nginx + hosts: + - minio2-console.walnuts.dev + From b7e0cfb29d98403941450766c6cdf67e29ec4476 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 00:58:20 +0000 Subject: [PATCH 0277/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 331b851f9..ba116972f 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","cert-manager","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","minio2","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 57b3c19f832f14d8b092328c73c0759375a08330 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:04:29 +0900 Subject: [PATCH 0278/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio2/values.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/k8s/apps/minio2/values.yaml b/k8s/apps/minio2/values.yaml index 5ea247390..e866594a5 100644 --- a/k8s/apps/minio2/values.yaml +++ b/k8s/apps/minio2/values.yaml @@ -13,4 +13,7 @@ consoleIngress: ingressClassName: nginx hosts: - minio2-console.walnuts.dev - +persistence: + storageClass: longhorn + size: 8Gi + accessMode: ReadWriteOnce From 9dafc621fd2bfae4d4e4c44023bd542cc4d6a044 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:07:21 +0900 Subject: [PATCH 0279/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio2/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio2/values.yaml b/k8s/apps/minio2/values.yaml index e866594a5..c2d77f6a7 100644 --- a/k8s/apps/minio2/values.yaml +++ b/k8s/apps/minio2/values.yaml @@ -1,6 +1,6 @@ mode: distributed replicas: 3 -existingSecret: minio +existingSecret: minio2 ingress: enabled: true ingressClassName: nginx From 1eb46f171f83c702befaf0f59337d813edc56e98 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:09:04 +0900 Subject: [PATCH 0280/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio2/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/minio2/values.yaml b/k8s/apps/minio2/values.yaml index c2d77f6a7..5d3dbcdc7 100644 --- a/k8s/apps/minio2/values.yaml +++ b/k8s/apps/minio2/values.yaml @@ -17,3 +17,6 @@ persistence: storageClass: longhorn size: 8Gi accessMode: ReadWriteOnce +resources: + requests: + memory: 500Mi From 104a8f35fbf23d72703b9cb6628bb6c201d68dab Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:12:35 +0900 Subject: [PATCH 0281/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio2/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/minio2/values.yaml b/k8s/apps/minio2/values.yaml index 5d3dbcdc7..a93499215 100644 --- a/k8s/apps/minio2/values.yaml +++ b/k8s/apps/minio2/values.yaml @@ -20,3 +20,7 @@ persistence: resources: requests: memory: 500Mi +environment: + MINIO_IDENTITY_OPENID_REDIRECT_URI: "https://minio2-console.walnuts.dev/oauth_callback" + MINIO_SERVER_URL: "https://minio2.walnuts.dev" + MINIO_BROWSER_REDIRECT_URL: "https://minio2-console.walnuts.dev" From eff6781eff57cb7b3150e19ac126c13b438256cb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:20:16 +0900 Subject: [PATCH 0282/1209] minio distributed Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 5 ++--- k8s/apps/minio2/app.json5 | 4 ---- k8s/apps/minio2/external-secret.jsonnet | 27 ------------------------- k8s/apps/minio2/helm.jsonnet | 9 --------- k8s/apps/minio2/values.yaml | 26 ------------------------ 5 files changed, 2 insertions(+), 69 deletions(-) delete mode 100644 k8s/apps/minio2/app.json5 delete mode 100644 k8s/apps/minio2/external-secret.jsonnet delete mode 100644 k8s/apps/minio2/helm.jsonnet delete mode 100644 k8s/apps/minio2/values.yaml diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 73a0f9200..2c2f7f7f6 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -1,10 +1,9 @@ -mode: standalone -replicas: 1 +mode: distributed +replicas: 3 existingSecret: minio persistence: storageClass: longhorn size: 32Gi - volumeName: minio accessMode: ReadWriteOnce ingress: enabled: true diff --git a/k8s/apps/minio2/app.json5 b/k8s/apps/minio2/app.json5 deleted file mode 100644 index ea7c88fdc..000000000 --- a/k8s/apps/minio2/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "minio2", - namespace: "minio2", -} diff --git a/k8s/apps/minio2/external-secret.jsonnet b/k8s/apps/minio2/external-secret.jsonnet deleted file mode 100644 index 1ef628413..000000000 --- a/k8s/apps/minio2/external-secret.jsonnet +++ /dev/null @@ -1,27 +0,0 @@ -(import '../../components/external-secret.libsonnet') { - name: (import 'app.json5').name, - use_suffix: false, - data: [ - { - secretKey: 'rootUser', - remoteRef: { - key: 'minio', - property: 'rootUser', - }, - }, - { - secretKey: 'rootPassword', - remoteRef: { - key: 'minio', - property: 'rootPassword', - }, - }, - { - secretKey: 'client-secret', - remoteRef: { - key: 'minio', - property: 'client-secret', - }, - }, - ], -} diff --git a/k8s/apps/minio2/helm.jsonnet b/k8s/apps/minio2/helm.jsonnet deleted file mode 100644 index b829548ab..000000000 --- a/k8s/apps/minio2/helm.jsonnet +++ /dev/null @@ -1,9 +0,0 @@ -(import '../../components/helm.libsonnet') { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - - chart: 'minio', - repoURL: 'https://charts.min.io/', - targetRevision: '5.3.0', - values: (importstr 'values.yaml'), -} diff --git a/k8s/apps/minio2/values.yaml b/k8s/apps/minio2/values.yaml deleted file mode 100644 index a93499215..000000000 --- a/k8s/apps/minio2/values.yaml +++ /dev/null @@ -1,26 +0,0 @@ -mode: distributed -replicas: 3 -existingSecret: minio2 -ingress: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/ignore-invalid-headers: "off" - hosts: - - minio2.walnuts.dev -consoleIngress: - enabled: true - ingressClassName: nginx - hosts: - - minio2-console.walnuts.dev -persistence: - storageClass: longhorn - size: 8Gi - accessMode: ReadWriteOnce -resources: - requests: - memory: 500Mi -environment: - MINIO_IDENTITY_OPENID_REDIRECT_URI: "https://minio2-console.walnuts.dev/oauth_callback" - MINIO_SERVER_URL: "https://minio2.walnuts.dev" - MINIO_BROWSER_REDIRECT_URL: "https://minio2-console.walnuts.dev" From 1d8c1960448daf7f1c804e1b3dd08f5d7250cefb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:21:58 +0900 Subject: [PATCH 0283/1209] use 16 Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 2c2f7f7f6..9581474e0 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -3,7 +3,7 @@ replicas: 3 existingSecret: minio persistence: storageClass: longhorn - size: 32Gi + size: 16Gi accessMode: ReadWriteOnce ingress: enabled: true From d22eed601b64b2b736ef26d09ee7cb233866b3ce Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:22:20 +0900 Subject: [PATCH 0284/1209] fix ns Signed-off-by: walnuts1018 --- k8s/namespaces/namespaces.json5 | 43 ++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index ba116972f..c32e2391e 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1,42 @@ -["ac-hacking-2024","cert-manager","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","minio2","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +[ + "ac-hacking-2024", + "cert-manager", + "cilium-system", + "cloudflare-origin-cert", + "code-server", + "dashy", + "databases", + "default", + "elasticsearch", + "external-dns", + "external-secrets", + "fitbit-manager", + "flux-system", + "github-readme-stats", + "hedgedoc", + "ingress-nginx", + "komga", + "krakend-system", + "kube-system", + "local-path-storage", + "loki", + "longhorn-system", + "minio", + "misskey", + "monitoring", + "mpeg-dash-encoder", + "mucaron", + "network-exporter", + "nextcloud", + "oekaki-dengon-game", + "openchokin", + "opentelemetry-collector", + "opentelemetry-operator-system", + "photoprism", + "redis-operator", + "samba", + "sandbox", + "wakatime-to-slack-profile", + "walnuts-dev", + "zitadel", +] From 07e68777061dbf7c20b43377d6970644622b7a45 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:28:12 +0900 Subject: [PATCH 0285/1209] add Signed-off-by: walnuts1018 --- terraform/kurumi/.terraform.lock.hcl | 34 ++++++++++++++-------------- terraform/modules/minio/minio.tf | 2 -- 2 files changed, 17 insertions(+), 19 deletions(-) diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 8ceac101e..37c932a27 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,24 +2,24 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.76.0" - constraints = "~> 5.76.0" + version = "5.78.0" + constraints = "~> 5.78.0" hashes = [ - "h1:0vvRpjncvOeSq0e7hq5z9vkxqWqxrIe0T4uDOJYMogU=", - "zh:05b2a0d25fc07576f6698d4840d0d2ae2599484c49f1b911ea1154584557bc13", - "zh:1b22dd1d9c482739e133adb996a9c8b285ca7d978d0fe04deaa5588eba5d254c", - "zh:216088c8800e7b8d7eff7b1a822317bc6faec64f27946ffd22bb3494ac4175cb", - "zh:43e994112b1484bf49945c4885aa2fee32486c9a5d64b9146bbd6f309f24e332", - "zh:46a28ba800f176eef500f998217bccc331605ef05f11abb1728f727a81f3a8b0", - "zh:4fad2743174a600da76a0cceeec2fef8399a18d880ba8929d811cd5cea1b5dee", - "zh:5c42a2c1438cd7533456026f52b562715664490711fdea809f44610a7565c145", - "zh:792d4fd4be434682e4540d2579505c7f11f39d0efe1d12ee2761ed0d46c8cd51", - "zh:7bb5f9f87c9da6d62d6f89504f01a9d6d2f19dcaa0efc46ea51ebdc4bb6fd536", - "zh:81cdbd97f81b1110fce793944d5668a4389904979eb7d178d3142a6b0e175e5e", + "h1:GwVGbd+IHAq+qwGs2QKuxazKzrJhSWVicYyGBPftuG0=", + "zh:0ae7d41b96441d0cf7ce2e1337657bdb2e1e5c9f1c2227b0642e1dcec2f9dfba", + "zh:21f8f1edf477681ea3b095c02cad6b8e85262e45015de58e84e0c7b2bfe9a1f6", + "zh:2bdc335e341bf98445255549ae93d66cfb9bca706e62b949da98fe467c182cad", + "zh:2fe4096e260367a225a9faf4a424d62b87e5498f12cb43bdb6f4e713d11b82c3", + "zh:3c63bb7a7925d65118d17461f4691a22dbb55ea39a7404e4d71f6ccca8765f8b", + "zh:6609a28a1c638a1901d8007b5386868ccfd313b4df2e98b35d9fdef436974e3b", + "zh:7ae3aef43bc4b365824cca4659cf92459d766800656e354bdbf83feabab835e8", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:ab4b881eb0f3812b702aaecf921c5c16bbcc33d61d668be4d72d6da9c57ded85", - "zh:c1d9d1166fd948845614deef81f3197568d0d3c2a03b8b97fff308ebc59043f9", - "zh:cda7530f2c01434e483d3faf62fc0685295e7f844176aa38df1ba65fa6a4407a", - "zh:fdad558b1c41aa68123d0da82cc0d65bc86d09eaa1ab1d3a167ec3bce0fc0c66", + "zh:c314efe454adc6ca483261c6906e64315aeb9db0c0332818714e9b81e07df0f0", + "zh:cd3e30396b554bbc1d260252db8a0f344065d619038fe60ea870689cd32c6aa9", + "zh:d1ba48fd9d8a1cb1daa927fb9e8bb708b857f2792d796e110460c6fdcd896a47", + "zh:d31c8abe75cb9cdc1c59ad9d356a1c3ae1ba8cd29ac15eb7e01b6cd01221ab04", + "zh:dc27c5c2116b4d9b404753f73bccaa635bce21f3bfb4bb7bc8e63225c36c98fe", + "zh:de491f0d05408378413187475c815d8cb2ac6bfa63d0b42a30ad5ee492e51c07", + "zh:eb44b45a40f80a309dd5b0eb7d7fcb2cbfe588fe2f18b173ef5851346898a662", ] } diff --git a/terraform/modules/minio/minio.tf b/terraform/modules/minio/minio.tf index c322207c1..cab7bcc74 100644 --- a/terraform/modules/minio/minio.tf +++ b/terraform/modules/minio/minio.tf @@ -10,8 +10,6 @@ resource "aws_s3_bucket" "loki-ruler" { bucket = format("loki-ruler%s", var.bucket_name_suffix) } - - resource "aws_s3_bucket" "mucaron" { bucket = format("mucaron%s", var.bucket_name_suffix) } From 67ac53bf71e6b9d4e1b9b503e9df63a95fe9dfb2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 01:28:49 +0000 Subject: [PATCH 0286/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 43 +-------------------------------- 1 file changed, 1 insertion(+), 42 deletions(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index c32e2391e..331b851f9 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1,42 +1 @@ -[ - "ac-hacking-2024", - "cert-manager", - "cilium-system", - "cloudflare-origin-cert", - "code-server", - "dashy", - "databases", - "default", - "elasticsearch", - "external-dns", - "external-secrets", - "fitbit-manager", - "flux-system", - "github-readme-stats", - "hedgedoc", - "ingress-nginx", - "komga", - "krakend-system", - "kube-system", - "local-path-storage", - "loki", - "longhorn-system", - "minio", - "misskey", - "monitoring", - "mpeg-dash-encoder", - "mucaron", - "network-exporter", - "nextcloud", - "oekaki-dengon-game", - "openchokin", - "opentelemetry-collector", - "opentelemetry-operator-system", - "photoprism", - "redis-operator", - "samba", - "sandbox", - "wakatime-to-slack-profile", - "walnuts-dev", - "zitadel", -] +["ac-hacking-2024","cert-manager","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From d172e66c81e37fdde76d4c22b9101a9c1cf9b732 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:44:55 +0900 Subject: [PATCH 0287/1209] add Signed-off-by: walnuts1018 --- k8s/apps/mpeg-dash-encoder/deployment.jsonnet | 2 +- terraform/kurumi/main.tf | 3 ++- terraform/modules/minio/provider.tf | 6 +++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet index ae9bb2af7..fc4b50916 100644 --- a/k8s/apps/mpeg-dash-encoder/deployment.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/deployment.jsonnet @@ -63,7 +63,7 @@ }, { name: 'MINIO_ACCESS_KEY', - value: 'OXx9ohSJy0zqcqu2o98k', + value: 'k1KHQ1COSPXdYb3CBDUJ', }, { name: 'MINIO_SECRET_KEY', diff --git a/terraform/kurumi/main.tf b/terraform/kurumi/main.tf index e01bd15a0..30bc4402f 100644 --- a/terraform/kurumi/main.tf +++ b/terraform/kurumi/main.tf @@ -5,6 +5,7 @@ variable "minio_secret_key" { module "minio" { source = "../modules/minio" bucket_name_suffix = "" + minio_access_key = "F1QPgAWk6bhvSrNjYPMS" minio_secret_key = var.minio_secret_key } @@ -44,7 +45,7 @@ import { } # module "zitadel" { -# source = "../modules/zitadel" +# source = "../modules/zitadel" # jwt_profile_file_path = "zitadel.token" # } diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index cb3671f80..bb86a95da 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -7,12 +7,16 @@ terraform { } } +variable "minio_access_key" { + type = string +} + variable "minio_secret_key" { type = string } provider "aws" { - access_key = "709v82RovqXjvJR2P9yt" + access_key = var.minio_access_key secret_key = var.minio_secret_key region = "ap-northeast-1" skip_credentials_validation = true From cface3569fbe172bb8e8ab751b0e8b024d91e9e3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:47:44 +0900 Subject: [PATCH 0288/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 9581474e0..2c2f7f7f6 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -3,7 +3,7 @@ replicas: 3 existingSecret: minio persistence: storageClass: longhorn - size: 16Gi + size: 32Gi accessMode: ReadWriteOnce ingress: enabled: true From bb5c075123584f50c722602da08e216dc888b8c0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 10:55:09 +0900 Subject: [PATCH 0289/1209] add Signed-off-by: walnuts1018 --- k8s/apps/blog/ingress.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet index a3947eca7..300e81400 100644 --- a/k8s/apps/blog/ingress.jsonnet +++ b/k8s/apps/blog/ingress.jsonnet @@ -10,7 +10,7 @@ }, }, spec: { - ingressClassName: 'cilium', + ingressClassName: 'nginx', rules: [ { host: 'blog.walnuts.dev', From ab360116c2a66205de55c54fb298d42f8e5baf44 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 11:02:30 +0900 Subject: [PATCH 0290/1209] add Signed-off-by: walnuts1018 --- k8s/apps/ingress-nginx/values.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/k8s/apps/ingress-nginx/values.yaml b/k8s/apps/ingress-nginx/values.yaml index 89a88e5c9..5fd36de70 100644 --- a/k8s/apps/ingress-nginx/values.yaml +++ b/k8s/apps/ingress-nginx/values.yaml @@ -7,10 +7,6 @@ controller: otel-service-name: "ingress-nginx" log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' proxy-body-size: 0 - admissionWebhooks: - patch: - image: - digest: "" # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 service: enabled: true loadBalancerIP: "192.168.0.128" From efdf35d8349de9176349197caa9ba24f986defcc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 11:05:04 +0900 Subject: [PATCH 0291/1209] add Signed-off-by: walnuts1018 --- k8s/apps/nginx-test/ingress.jsonnet | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/k8s/apps/nginx-test/ingress.jsonnet b/k8s/apps/nginx-test/ingress.jsonnet index 8f31d4c3f..bd5310258 100644 --- a/k8s/apps/nginx-test/ingress.jsonnet +++ b/k8s/apps/nginx-test/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'nginxtest.walnuts.dev', @@ -29,5 +29,13 @@ }, }, ], + tls: [ + { + hosts: [ + 'nginxtest.walnuts.dev', + ], + secretName: (import 'app.json5').name + '-tls', + }, + ], }, } From 210faeb0fb7c330d0cefb057ae060eb0d9f87a29 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 11:10:11 +0900 Subject: [PATCH 0292/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/external-secret.jsonnet | 21 ++++++++ k8s/apps/cilium/values.yaml | 2 + k8s/apps/cloudflare-origin-cert/app.json5 | 4 -- .../external-secret.jsonnet | 51 ------------------- 4 files changed, 23 insertions(+), 55 deletions(-) create mode 100644 k8s/apps/cilium/external-secret.jsonnet delete mode 100644 k8s/apps/cloudflare-origin-cert/app.json5 delete mode 100644 k8s/apps/cloudflare-origin-cert/external-secret.jsonnet diff --git a/k8s/apps/cilium/external-secret.jsonnet b/k8s/apps/cilium/external-secret.jsonnet new file mode 100644 index 000000000..0e1711fba --- /dev/null +++ b/k8s/apps/cilium/external-secret.jsonnet @@ -0,0 +1,21 @@ +(import '../../components/external-secret.libsonnet') { + name: 'cloudflare-origin-cert', + namespace: (import 'app.json5').namespace, + use_suffix: false, + data: [ + { + secretKey: 'tls.crt', + remoteRef: { + key: 'cloudflare-origin-cert', + property: 'tls.crt', + }, + }, + { + secretKey: 'tls.key', + remoteRef: { + key: 'cloudflare-origin-cert', + property: 'tls.key', + }, + }, + ], +} diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index ccdd9af0c..c4740ba74 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -24,6 +24,8 @@ ingressController: enforceHttps: true service: loadBalancerIP: 192.168.0.129 + defaultSecretName: cloudflare-origin-cert + defaultSecretNamespace: cilium-system nodePort: enabled: true hubble: diff --git a/k8s/apps/cloudflare-origin-cert/app.json5 b/k8s/apps/cloudflare-origin-cert/app.json5 deleted file mode 100644 index 899b9d390..000000000 --- a/k8s/apps/cloudflare-origin-cert/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "cloudflare-origin-cert", - namespace: "cloudflare-origin-cert", -} diff --git a/k8s/apps/cloudflare-origin-cert/external-secret.jsonnet b/k8s/apps/cloudflare-origin-cert/external-secret.jsonnet deleted file mode 100644 index 51f5f8393..000000000 --- a/k8s/apps/cloudflare-origin-cert/external-secret.jsonnet +++ /dev/null @@ -1,51 +0,0 @@ -{ - apiVersion: 'external-secrets.io/v1beta1', - kind: 'ClusterExternalSecret', - metadata: { - name: 'cloudflare-origin-cert', - }, - spec: { - externalSecretName: 'cloudflare-origin-cert', - namespaceSelector: { - matchExpressions: [ - { - key: 'kubernetes.io/metadata.name', - operator: 'Exists', - }, - { - key: 'walnuts.dev/public', - operator: 'DoesNotExist', - }, - ], - }, - externalSecretSpec: { - secretStoreRef: { - name: 'onepassword', - kind: 'ClusterSecretStore', - }, - refreshInterval: '1m', - target: { - name: 'cloudflare-origin-cert', - template: { - type: 'kubernetes.io/tls', - }, - }, - data: [ - { - secretKey: 'tls.crt', - remoteRef: { - key: 'cloudflare-origin-cert', - property: 'tls.crt', - }, - }, - { - secretKey: 'tls.key', - remoteRef: { - key: 'cloudflare-origin-cert', - property: 'tls.key', - }, - }, - ], - }, - }, -} From 2b4abe73ed66e90a7986cb380123e71a398bbd29 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 11:11:11 +0900 Subject: [PATCH 0293/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 6 ++++++ k8s/namespaces/namespaces.json5 | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index c4740ba74..1a496f442 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -26,6 +26,12 @@ ingressController: loadBalancerIP: 192.168.0.129 defaultSecretName: cloudflare-origin-cert defaultSecretNamespace: cilium-system + secretsNamespace: + create: false + name: cilium-secrets + # -- Enable secret sync, which will make sure all TLS secrets used by Ingress are synced to secretsNamespace.name. + # If disabled, TLS secrets must be maintained externally. + sync: true nodePort: enabled: true hubble: diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 331b851f9..541255e5b 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 1f9f22b651fed9693df7cddcdcb98740bf114c04 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 11:22:50 +0900 Subject: [PATCH 0294/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/cilium/external-secret.jsonnet | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/k8s/apps/cilium/external-secret.jsonnet b/k8s/apps/cilium/external-secret.jsonnet index 0e1711fba..80c6e0f3d 100644 --- a/k8s/apps/cilium/external-secret.jsonnet +++ b/k8s/apps/cilium/external-secret.jsonnet @@ -1,4 +1,4 @@ -(import '../../components/external-secret.libsonnet') { +std.mergePatch((import '../../components/external-secret.libsonnet') { name: 'cloudflare-origin-cert', namespace: (import 'app.json5').namespace, use_suffix: false, @@ -18,4 +18,12 @@ }, }, ], -} +}, { + spec: { + target: { + template: { + type: 'kubernetes.io/tls', + }, + }, + }, +}) From 6be2449ab6a18266f5c8feb75a64f7c402d34150 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 27 Nov 2024 11:29:22 +0900 Subject: [PATCH 0295/1209] add Signed-off-by: walnuts1018 --- k8s/apps/nginx-test/ingress.jsonnet | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/nginx-test/ingress.jsonnet b/k8s/apps/nginx-test/ingress.jsonnet index bd5310258..1e0c77ddb 100644 --- a/k8s/apps/nginx-test/ingress.jsonnet +++ b/k8s/apps/nginx-test/ingress.jsonnet @@ -5,6 +5,9 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + annotations: { + 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', + }, }, spec: { ingressClassName: 'cilium', From 01ea9a33d01bcdddc5659579e0f86edab46bff2c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 10:48:50 +0000 Subject: [PATCH 0296/1209] Update Helm release mariadb to v20.1.0 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 4171d8a43..2d7c07dc5 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import '../app.json5').namespace, chart: 'mariadb', repoURL: 'https://charts.bitnami.com/bitnami', - targetRevision: '20.0.0', + targetRevision: '20.1.0', values: (importstr 'values.yaml'), } From 91708ddffe2c96d9f4024e99e88b7e34a041f6cc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 17:08:05 +0000 Subject: [PATCH 0297/1209] Update Helm release kube-prometheus-stack to v66.3.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index cccdf2473..dfee75b7a 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.2.2', + targetRevision: '66.3.0', values: (importstr 'values.yaml'), } From 8cb76597c28831aff85b582cbb37623d50ce628f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 17:09:05 +0000 Subject: [PATCH 0298/1209] Update dependency aquaproj/aqua-registry to v4.262.0 (#1014) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 1ede5d827..f98e5df38 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.261.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.262.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 8524b7daa11abed0f207f214c18385f4ea8526eb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 23:08:54 +0000 Subject: [PATCH 0299/1209] Update Helm release loki to v6.22.0 --- k8s/apps/loki/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet index c88f2fafe..09179ee31 100644 --- a/k8s/apps/loki/helm.jsonnet +++ b/k8s/apps/loki/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'loki', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '6.21.0', + targetRevision: '6.22.0', values: (importstr 'values.yaml'), } From fef3b4bcc258de31a0941b1949cc7c083719f3c8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 28 Nov 2024 09:47:00 +0900 Subject: [PATCH 0300/1209] add Signed-off-by: walnuts1018 --- .github/scripts/infrautil/helmSnapshotCmd.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/scripts/infrautil/helmSnapshotCmd.go b/.github/scripts/infrautil/helmSnapshotCmd.go index c9022ccee..b87d008f0 100644 --- a/.github/scripts/infrautil/helmSnapshotCmd.go +++ b/.github/scripts/infrautil/helmSnapshotCmd.go @@ -61,11 +61,13 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) yamlFile, err := os.Open(path) if err != nil { + slog.Error("failed to open file", slog.String("path", path), slog.Any("error", err)) return fmt.Errorf("failed to open file: %w", err) } helmapps, err := lib.ParseHelmApplications(yamlFile) if err != nil { + slog.Error("failed to parse helm application", slog.String("path", path), slog.Any("error", err)) return fmt.Errorf("failed to parse helm application: %w", err) } @@ -80,12 +82,14 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) repoURL, err := url.Parse(helmapp.Spec.Source.RepoURL) if err != nil { + slog.Error("failed to parse repo url", slog.String("repoURL", helmapp.Spec.Source.RepoURL), slog.Any("error", err)) return fmt.Errorf("failed to parse repo url: %w", err) } eg.Go(func() error { hc, err := lib.NewHelmClient() if err != nil { + slog.Error("failed to create helm client", slog.Any("error", err)) return fmt.Errorf("failed to create helm client: %w", err) } @@ -100,16 +104,19 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) helmapp.Spec.Source.Helm.ValuesObject, ) if err != nil { + slog.Error("failed to generate helm template", slog.Any("error", err)) return fmt.Errorf("failed to generate helm template : %w", err) } file, err := os.Create(filepath.Join(b.outFileDir, helmapp.Metadata.Name+".yaml")) if err != nil { + slog.Error("failed to create file", slog.String("path", path), slog.Any("error", err)) return fmt.Errorf("failed to create file: %w", err) } defer file.Close() if _, err := io.Copy(file, gen); err != nil { + slog.Error("failed to copy file", slog.String("path", path), slog.Any("error", err)) return fmt.Errorf("failed to copy file: %w", err) } return nil From f7e83e01b954ff911345ef3843473832aa5db641 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 28 Nov 2024 09:53:01 +0900 Subject: [PATCH 0301/1209] add Signed-off-by: walnuts1018 --- .github/scripts/infrautil/helmSnapshotCmd.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/scripts/infrautil/helmSnapshotCmd.go b/.github/scripts/infrautil/helmSnapshotCmd.go index b87d008f0..e58f4a783 100644 --- a/.github/scripts/infrautil/helmSnapshotCmd.go +++ b/.github/scripts/infrautil/helmSnapshotCmd.go @@ -104,7 +104,15 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) helmapp.Spec.Source.Helm.ValuesObject, ) if err != nil { - slog.Error("failed to generate helm template", slog.Any("error", err)) + slog.Error("failed to generate helm template", slog.Any("error", err), + slog.String("release_name", helmapp.Spec.Source.Helm.ReleaseName), + slog.String("namespace", helmapp.Spec.Destination.Namespace), + slog.String("repo_url", helmapp.Spec.Source.RepoURL), + slog.String("chart", helmapp.Spec.Source.Chart), + slog.String("target_revision", helmapp.Spec.Source.TargetRevision), + slog.String("values", helmapp.Spec.Source.Helm.Values), + slog.Any("values_object", helmapp.Spec.Source.Helm.ValuesObject), + ) return fmt.Errorf("failed to generate helm template : %w", err) } From 669115eed00fd34f3276576d0f07856916ed8da1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 28 Nov 2024 09:53:21 +0900 Subject: [PATCH 0302/1209] rm Signed-off-by: walnuts1018 --- .github/scripts/infrautil/helmSnapshotCmd.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/scripts/infrautil/helmSnapshotCmd.go b/.github/scripts/infrautil/helmSnapshotCmd.go index e58f4a783..c9932984c 100644 --- a/.github/scripts/infrautil/helmSnapshotCmd.go +++ b/.github/scripts/infrautil/helmSnapshotCmd.go @@ -110,8 +110,6 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) slog.String("repo_url", helmapp.Spec.Source.RepoURL), slog.String("chart", helmapp.Spec.Source.Chart), slog.String("target_revision", helmapp.Spec.Source.TargetRevision), - slog.String("values", helmapp.Spec.Source.Helm.Values), - slog.Any("values_object", helmapp.Spec.Source.Helm.ValuesObject), ) return fmt.Errorf("failed to generate helm template : %w", err) } From 8e2b6f305cdf9f23b3ed4c1be4d71f6dd96c7f9b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 28 Nov 2024 10:47:33 +0900 Subject: [PATCH 0303/1209] add Signed-off-by: walnuts1018 --- .github/scripts/infrautil/go.mod | 1 - .github/scripts/infrautil/go.sum | 38 ++++++-------------------------- 2 files changed, 7 insertions(+), 32 deletions(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index c87ea5a37..2a9c0f10f 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -22,7 +22,6 @@ require ( github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.11.7 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index c6f48d4fc..a35034848 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -22,10 +22,9 @@ github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= -github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ= github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= @@ -60,8 +59,6 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= -github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= @@ -76,8 +73,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= -github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -86,8 +81,6 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= -github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= -github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= @@ -145,20 +138,12 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= -github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= -github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= -github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= -github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= -github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE= -github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= -github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA= -github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o= github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= @@ -250,8 +235,6 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -267,8 +250,6 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= -github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= -github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= @@ -301,6 +282,8 @@ github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8 github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -387,7 +370,6 @@ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -464,8 +446,6 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -486,7 +466,6 @@ golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= @@ -539,7 +518,6 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWM gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= @@ -548,8 +526,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= -helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 0ed10b8a9dfb9567ec82ef8c5033075d482422c8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 28 Nov 2024 10:48:20 +0900 Subject: [PATCH 0304/1209] update Signed-off-by: walnuts1018 --- .github/scripts/infrautil/go.mod | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index 2a9c0f10f..bc0261160 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -8,8 +8,12 @@ require ( github.com/google/subcommands v1.2.0 github.com/phsym/console-slog v0.3.1 github.com/pkg/errors v0.9.1 + github.com/sters/yaml-diff v1.3.2 github.com/yosuke-furukawa/json5 v0.1.1 golang.org/x/sync v0.9.0 + gopkg.in/yaml.v3 v3.0.1 + helm.sh/helm/v3 v3.16.3 + sigs.k8s.io/yaml v1.4.0 ) require ( @@ -136,6 +140,7 @@ require ( google.golang.org/protobuf v1.34.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/api v0.31.1 // indirect k8s.io/apiextensions-apiserver v0.31.1 // indirect k8s.io/apimachinery v0.31.1 // indirect @@ -153,11 +158,3 @@ require ( sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) - -require ( - github.com/sters/yaml-diff v1.3.2 - gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.16.3 - sigs.k8s.io/yaml v1.4.0 -) From 6e36bcc71427dbca334f7a1bf89aafd4e3fd847f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 01:49:05 +0000 Subject: [PATCH 0305/1209] Update Helm release argo-cd to v7.7.6 (#1016) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index f356feb7a..ab0f40d19 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.5', + targetRevision: '7.7.6', values: (importstr 'values.yaml'), } From 997eeff990426d7084d07321a86c78ca16ded9e5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 11:30:16 +0000 Subject: [PATCH 0306/1209] Update dependency aquaproj/aqua-registry to v4.263.0 (#1017) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index f98e5df38..b73754c0f 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.262.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.263.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 5785d396a885cceb93542c8b27a96c2db327ea0a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 29 Nov 2024 10:35:00 +0900 Subject: [PATCH 0307/1209] add ubuntu-debug Signed-off-by: walnuts1018 --- k8s/apps/ubuntu-test/app.json5 | 4 +++ k8s/apps/ubuntu-test/deployment.jsonnet | 47 +++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 k8s/apps/ubuntu-test/app.json5 create mode 100644 k8s/apps/ubuntu-test/deployment.jsonnet diff --git a/k8s/apps/ubuntu-test/app.json5 b/k8s/apps/ubuntu-test/app.json5 new file mode 100644 index 000000000..8b7c1b72b --- /dev/null +++ b/k8s/apps/ubuntu-test/app.json5 @@ -0,0 +1,4 @@ +{ + name: "ubuntu-test", + namespace: "default", +} diff --git a/k8s/apps/ubuntu-test/deployment.jsonnet b/k8s/apps/ubuntu-test/deployment.jsonnet new file mode 100644 index 000000000..f6c7a632d --- /dev/null +++ b/k8s/apps/ubuntu-test/deployment.jsonnet @@ -0,0 +1,47 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + template: { + metadata: { + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + containers: [ + std.mergePatch((import '../../components/container.libsonnet') { + name: 'ubuntu-debug', + image: 'ghcr.io/cybozu/ubuntu-debug:24.04', + livenessProbe: { + httpGet: { + path: '/healthz', + port: 8081, + }, + failureThreshold: 1, + initialDelaySeconds: 10, + periodSeconds: 10, + }, + resources: { + limits: { + memory: '100Mi', + }, + requests: { + memory: '5Mi', + }, + }, + }, { + securityContext:: null, + }), + ], + }, + }, + }, +} From 1da07ee5f8c35ff7f0c692fbe9a0c8db7a45f714 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 29 Nov 2024 10:36:58 +0900 Subject: [PATCH 0308/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/ubuntu-test/deployment.jsonnet | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/k8s/apps/ubuntu-test/deployment.jsonnet b/k8s/apps/ubuntu-test/deployment.jsonnet index f6c7a632d..45c48b35e 100644 --- a/k8s/apps/ubuntu-test/deployment.jsonnet +++ b/k8s/apps/ubuntu-test/deployment.jsonnet @@ -20,15 +20,7 @@ std.mergePatch((import '../../components/container.libsonnet') { name: 'ubuntu-debug', image: 'ghcr.io/cybozu/ubuntu-debug:24.04', - livenessProbe: { - httpGet: { - path: '/healthz', - port: 8081, - }, - failureThreshold: 1, - initialDelaySeconds: 10, - periodSeconds: 10, - }, + command: ['sleep', 'infinity'], resources: { limits: { memory: '100Mi', From 40ed2f91d991dd734426a42a7a2b51c26c680637 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 29 Nov 2024 10:42:29 +0900 Subject: [PATCH 0309/1209] add Signed-off-by: walnuts1018 --- k8s/apps/ubuntu-test/deployment.jsonnet | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/k8s/apps/ubuntu-test/deployment.jsonnet b/k8s/apps/ubuntu-test/deployment.jsonnet index 45c48b35e..724cfd62c 100644 --- a/k8s/apps/ubuntu-test/deployment.jsonnet +++ b/k8s/apps/ubuntu-test/deployment.jsonnet @@ -17,9 +17,10 @@ }, spec: { containers: [ - std.mergePatch((import '../../components/container.libsonnet') { + (import '../../components/container.libsonnet') { name: 'ubuntu-debug', image: 'ghcr.io/cybozu/ubuntu-debug:24.04', + securityContext:: null, command: ['sleep', 'infinity'], resources: { limits: { @@ -29,9 +30,7 @@ memory: '5Mi', }, }, - }, { - securityContext:: null, - }), + }, ], }, }, From 59e434161d529463ef70d288772784c0847f2949 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 29 Nov 2024 09:57:14 +0000 Subject: [PATCH 0310/1209] Update dependency aquaproj/aqua-registry to v4.264.0 (#1018) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index b73754c0f..e6e37ad2a 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.263.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.264.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 79a698c8cb9067948df13867b02abe2901481636 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 29 Nov 2024 23:07:02 +0000 Subject: [PATCH 0311/1209] Update dependency aquaproj/aqua-registry to v4.265.0 (#1019) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index e6e37ad2a..b6a85d007 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.264.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.265.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From e8045f0724db33a804e4560c9f6428dbe7320bd7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 02:09:59 +0000 Subject: [PATCH 0312/1209] Update Helm release mariadb to v20.1.1 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 4171d8a43..c8abd16a1 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import '../app.json5').namespace, chart: 'mariadb', repoURL: 'https://charts.bitnami.com/bitnami', - targetRevision: '20.0.0', + targetRevision: '20.1.1', values: (importstr 'values.yaml'), } From 886c53d216659f4cd178bccf9d1a3eb860618c44 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 13:29:16 +0900 Subject: [PATCH 0313/1209] add argocd metrics Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 38 +++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 77d7963c3..950de234c 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -36,12 +36,46 @@ configs: server.insecure: true server.basehref: / +controller: + metrics: + enabled: true + serviceMonitor: + enabled: true + +dex: + metrics: + enabled: true + serviceMonitor: + enabled: true + +redis: + metrics: + enabled: true + serviceMonitor: + enabled: true + server: ingress: enabled: true controller: generic ingressClassName: "nginx" tls: false + metrics: + enabled: true + serviceMonitor: + enabled: true + +repoServer: + metrics: + enabled: true + serviceMonitor: + enabled: true + +applicationSet: + metrics: + enabled: true + serviceMonitor: + enabled: true notifications: argocdUrl: "https://argocd.walnuts.dev" @@ -306,3 +340,7 @@ notifications: defaultTriggers: | - on-sync-status-unknown + metrics: + enabled: true + serviceMonitor: + enabled: true From ca1c9d5bc56fe36c73d1288c87c8a56c2331692a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 04:31:40 +0000 Subject: [PATCH 0314/1209] Update ghcr.io/walnuts1018/walnuts.dev Docker tag to b062b079d6947d3742f2d31d99e4bb07c075ac01-307 (#1020) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 41cae5ed1..d39525f37 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:c0df069e77f5e2dbece09310e144b42f9046872b-306', + image: 'ghcr.io/walnuts1018/walnuts.dev:b062b079d6947d3742f2d31d99e4bb07c075ac01-307', imagePullPolicy: 'IfNotPresent', ports: [ { From b8f44a188575a0e69e017d1d8075099bf1ecc8f4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 16:03:48 +0900 Subject: [PATCH 0315/1209] use oci repo Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index c8abd16a1..c65518bc7 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,7 +2,7 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, chart: 'mariadb', - repoURL: 'https://charts.bitnami.com/bitnami', + repoURL: 'oci://registry-1.docker.io/bitnamicharts/mariadb', targetRevision: '20.1.1', values: (importstr 'values.yaml'), } From 67780b2b6bb469182b1b2cb9176302a56dc5cf7f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 16:07:49 +0900 Subject: [PATCH 0316/1209] revert Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index c65518bc7..4171d8a43 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,7 +2,7 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, chart: 'mariadb', - repoURL: 'oci://registry-1.docker.io/bitnamicharts/mariadb', - targetRevision: '20.1.1', + repoURL: 'https://charts.bitnami.com/bitnami', + targetRevision: '20.0.0', values: (importstr 'values.yaml'), } From a1bcaf154963bdd432487c5b62528409db56ffd7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 16:47:39 +0900 Subject: [PATCH 0317/1209] add affine Signed-off-by: walnuts1018 --- k8s/apps/affine/app.json5 | 4 + k8s/apps/affine/external-secret.jsonnet | 33 ++++++++ k8s/apps/affine/ingress.jsonnet | 36 ++++++++ k8s/apps/affine/pvc.jsonnet | 19 +++++ k8s/apps/affine/redis.jsonnet | 39 +++++++++ k8s/apps/affine/service.jsonnet | 21 +++++ k8s/apps/affine/statefulset.jsonnet | 93 +++++++++++++++++++++ k8s/apps/postgresql-default/users.libsonnet | 1 + 8 files changed, 246 insertions(+) create mode 100644 k8s/apps/affine/app.json5 create mode 100644 k8s/apps/affine/external-secret.jsonnet create mode 100644 k8s/apps/affine/ingress.jsonnet create mode 100644 k8s/apps/affine/pvc.jsonnet create mode 100644 k8s/apps/affine/redis.jsonnet create mode 100644 k8s/apps/affine/service.jsonnet create mode 100644 k8s/apps/affine/statefulset.jsonnet diff --git a/k8s/apps/affine/app.json5 b/k8s/apps/affine/app.json5 new file mode 100644 index 000000000..1c9219465 --- /dev/null +++ b/k8s/apps/affine/app.json5 @@ -0,0 +1,4 @@ +{ + name: "affine", + namespace: "affine", +} diff --git a/k8s/apps/affine/external-secret.jsonnet b/k8s/apps/affine/external-secret.jsonnet new file mode 100644 index 000000000..201408d68 --- /dev/null +++ b/k8s/apps/affine/external-secret.jsonnet @@ -0,0 +1,33 @@ +std.mergePatch((import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name + '-minio', + use_suffix: false, + data: [ + { + secretKey: 'redispassword', + remoteRef: { + key: 'redis', + property: 'password', + }, + }, + { + secretKey: 'dbpassword', + remoteRef: { + key: 'postgres_passwords', + property: 'affine', + }, + }, + ], +}, { + spec: { + target: { + template: { + engineVersion: 'v2', + type: 'Opaque', + data: { + 'postgres-url': 'postgres://affine:{{ .dbpassword }}@postgresql-default.databases.svc.cluster.local/affine', + redispassword: '{{ .redispassword }}', + }, + }, + }, + }, +}) diff --git a/k8s/apps/affine/ingress.jsonnet b/k8s/apps/affine/ingress.jsonnet new file mode 100644 index 000000000..d481922f6 --- /dev/null +++ b/k8s/apps/affine/ingress.jsonnet @@ -0,0 +1,36 @@ +{ + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + annotations: { + 'nginx.ingress.kubernetes.io/proxy-body-size': '4G', + }, + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + ingressClassName: 'nginx', + rules: [ + { + host: 'affine.walnuts.dev', + http: { + paths: [ + { + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: (import 'service.jsonnet').metadata.name, + port: { + name: 'http', + }, + }, + }, + }, + ], + }, + }, + ], + }, +} diff --git a/k8s/apps/affine/pvc.jsonnet b/k8s/apps/affine/pvc.jsonnet new file mode 100644 index 000000000..7a56eaedb --- /dev/null +++ b/k8s/apps/affine/pvc.jsonnet @@ -0,0 +1,19 @@ +{ + apiVersion: 'v1', + kind: 'PersistentVolumeClaim', + metadata: { + name: 'affine-storage', + }, + spec: { + storageClassName: 'longhorn', + volumeName: 'affine-storage', + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '4Gi', + }, + }, + }, +} diff --git a/k8s/apps/affine/redis.jsonnet b/k8s/apps/affine/redis.jsonnet new file mode 100644 index 000000000..c42766565 --- /dev/null +++ b/k8s/apps/affine/redis.jsonnet @@ -0,0 +1,39 @@ +{ + apiVersion: 'redis.redis.opstreelabs.in/v1beta2', + kind: 'Redis', + metadata: { + local appname = (import 'app.json5').name + '-redis', + name: appname, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: appname }, + + }, + spec: { + kubernetesConfig: { + image: 'quay.io/opstree/redis:v7.0.12', + imagePullPolicy: 'IfNotPresent', + redisSecret: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'redispassword', + }, + }, + storage: { + volumeClaimTemplate: { + spec: { + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '1Gi', + }, + }, + }, + }, + }, + podSecurityContext: { + fsGroup: 1000, + runAsUser: 1000, + }, + }, +} diff --git a/k8s/apps/affine/service.jsonnet b/k8s/apps/affine/service.jsonnet new file mode 100644 index 000000000..e9869e0ae --- /dev/null +++ b/k8s/apps/affine/service.jsonnet @@ -0,0 +1,21 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + ports: [ + { + name: 'http', + port: 80, + protocol: 'TCP', + targetPort: 'http', + }, + ], + selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + type: 'ClusterIP', + }, +} diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet new file mode 100644 index 000000000..3164d2941 --- /dev/null +++ b/k8s/apps/affine/statefulset.jsonnet @@ -0,0 +1,93 @@ +{ + apiVersion: 'apps/v1', + kind: 'StatefulSet', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + selector: { + matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + serviceName: (import 'service.jsonnet').metadata.name, + replicas: 1, + template: { + metadata: { + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + containers: [ + (import '../../components/container.libsonnet') { + name: 'affine', + image: 'ghcr.io/toeverything/affine-graphql:stable', + command: ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js'], + env: [ + { + name: 'AFFINE_SERVER_HOST', + value: 'affine.walnuts.dev', + }, + { + name: 'AFFINE_SERVER_PORT', + value: '443', + }, + { + name: 'AFFINE_SERVER_EXTERNAL_URL', + value: 'https://affine.walnuts.dev', + } + { + name: 'NODE_OPTIONS', + value: '--import=./scripts/register.js', + }, + { + name: 'AFFINE_CONFIG_PATH', + value: '/root/.affine/config', + }, + { + name: 'REDIS_SERVER_HOST', + value: (import 'redis.jsonnet').metadata.name, + }, + { + name: 'DATABASE_URL', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'postgres-url', + }, + }, + }, + { + name: 'NODE_ENV', + value: 'production', + }, + ], + ports: [ + { + containerPort: 3010, + name: 'http', + }, + { + containerPort: 5555, + name: 'prisma', + }, + ], + volumeMounts: [ + { + mountPath: '/root/.affine/storage', + name: 'affine-storage', + }, + ], + }, + ], + volumes: [ + { + name: 'affine-storage', + persistentVolumeClaim: { + claimName: (import 'pvc.jsonnet').metadata.name, + }, + }, + ], + }, + }, + }, +} diff --git a/k8s/apps/postgresql-default/users.libsonnet b/k8s/apps/postgresql-default/users.libsonnet index f8f7f4aac..e24beb3e8 100644 --- a/k8s/apps/postgresql-default/users.libsonnet +++ b/k8s/apps/postgresql-default/users.libsonnet @@ -13,4 +13,5 @@ 'ac-hacking', 'y-2024', 'mucaron', + 'affine', ] From 0a0e470babf14db2da6022a9581eed7fe40a05e7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 07:48:15 +0000 Subject: [PATCH 0318/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 541255e5b..5afb53ff4 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 9e6c16d3839a5194237b8e2eaf71bc130e107454 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 16:49:01 +0900 Subject: [PATCH 0319/1209] use stable-1623f5d Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 3164d2941..68b80bcf2 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -20,7 +20,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'affine', - image: 'ghcr.io/toeverything/affine-graphql:stable', + image: 'ghcr.io/toeverything/affine-graphql:stable-1623f5d', command: ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js'], env: [ { From 01e7ed23f7a9661ecc808733c6adc8aefc780bdf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 17:01:56 +0900 Subject: [PATCH 0320/1209] affine: add config volume and mount path to statefulset Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 68b80bcf2..f6c4ee2d1 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -76,6 +76,10 @@ mountPath: '/root/.affine/storage', name: 'affine-storage', }, + { + mountPath: '/root/.affine/config', + name: 'affine-config', + }, ], }, ], @@ -86,6 +90,10 @@ claimName: (import 'pvc.jsonnet').metadata.name, }, }, + { + name: 'affine-config', + emptyDir: {}, + }, ], }, }, From a05c10797067c3655a7ffa0853a97882975ce8da Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 17:11:10 +0900 Subject: [PATCH 0321/1209] add Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index f6c4ee2d1..c95cdf469 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -41,7 +41,7 @@ }, { name: 'AFFINE_CONFIG_PATH', - value: '/root/.affine/config', + value: $.spec.containers[0].volumeMounts[1].mountPath, }, { name: 'REDIS_SERVER_HOST', From 93b8b4af1e81a8eb001eec5363202f22db0d1f1d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 17:12:17 +0900 Subject: [PATCH 0322/1209] add tmp dir Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index c95cdf469..eae30a6de 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -80,6 +80,14 @@ mountPath: '/root/.affine/config', name: 'affine-config', }, + { + mountPath: '/usr/local/share/.cache', + name: 'usr-local-share-cache', + }, + { + mountPath: '/tmp', + name: 'tmp', + }, ], }, ], @@ -94,6 +102,14 @@ name: 'affine-config', emptyDir: {}, }, + { + name: 'usr-local-share-cache', + emptyDir: {}, + }, + { + name: 'tmp', + emptyDir: {}, + }, ], }, }, From b674e0f342addd109fcccb088a8fc7b81ec4a6f7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 17:14:43 +0900 Subject: [PATCH 0323/1209] add Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index eae30a6de..e7fee5ce0 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -41,7 +41,7 @@ }, { name: 'AFFINE_CONFIG_PATH', - value: $.spec.containers[0].volumeMounts[1].mountPath, + value: $.spec.template.spec.containers[0].volumeMounts[1].mountPath, }, { name: 'REDIS_SERVER_HOST', From 988e3e2ae60cdde0b0721bbf85fc9516ea2eb28d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 17:24:46 +0900 Subject: [PATCH 0324/1209] rm securityContext Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index e7fee5ce0..d7a6df89c 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -22,6 +22,7 @@ name: 'affine', image: 'ghcr.io/toeverything/affine-graphql:stable-1623f5d', command: ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js'], + securityContext:: null, env: [ { name: 'AFFINE_SERVER_HOST', From 277305aa19b6309e25097d7971937114e7f2fb3c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 17:28:42 +0900 Subject: [PATCH 0325/1209] use 3010 Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index d7a6df89c..fa8d1f162 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -30,7 +30,7 @@ }, { name: 'AFFINE_SERVER_PORT', - value: '443', + value: '3010', }, { name: 'AFFINE_SERVER_EXTERNAL_URL', From d99ca5d448c00ec686c8dbc513d44438e918cda6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 17:31:09 +0900 Subject: [PATCH 0326/1209] =?UTF-8?q?port=E3=82=92=E5=8F=82=E7=85=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index fa8d1f162..b22e84caf 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -30,7 +30,7 @@ }, { name: 'AFFINE_SERVER_PORT', - value: '3010', + value: $.spec.template.spec.containers[0].ports[0].port, }, { name: 'AFFINE_SERVER_EXTERNAL_URL', From 5ffe25cf4a1a3c971771380ef34436a1127b6e47 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 18:04:55 +0900 Subject: [PATCH 0327/1209] add Signed-off-by: walnuts1018 --- k8s/apps/affine/external-secret.jsonnet | 8 ++++++++ k8s/apps/affine/statefulset.jsonnet | 21 +++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/k8s/apps/affine/external-secret.jsonnet b/k8s/apps/affine/external-secret.jsonnet index 201408d68..b49e01eec 100644 --- a/k8s/apps/affine/external-secret.jsonnet +++ b/k8s/apps/affine/external-secret.jsonnet @@ -16,6 +16,13 @@ std.mergePatch((import '../../components/external-secret.libsonnet') { property: 'affine', }, }, + { + secretKey: 'mailerpassword', + remoteRef: { + key: 'resend', + property: 'api-key', + }, + }, ], }, { spec: { @@ -26,6 +33,7 @@ std.mergePatch((import '../../components/external-secret.libsonnet') { data: { 'postgres-url': 'postgres://affine:{{ .dbpassword }}@postgresql-default.databases.svc.cluster.local/affine', redispassword: '{{ .redispassword }}', + 'mailer-password': '{{ .mailerpassword }}', }, }, }, diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index b22e84caf..38570e35d 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -61,6 +61,27 @@ name: 'NODE_ENV', value: 'production', }, + { + name: 'MAILER_HOST', + value: 'smtp.resend.com', + }, + { + name: 'MAILER_PORT', + value: '587', + }, + { + name: 'MAILER_USER', + value: 'affine@resend.walnuts.dev', + }, + { + name: 'MAILER_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'mailer-password', + }, + }, + }, ], ports: [ { From 2fc3139641bd04790ae8407a92103eaa60ffa643 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 18:07:23 +0900 Subject: [PATCH 0328/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 38570e35d..28f098824 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -30,7 +30,7 @@ }, { name: 'AFFINE_SERVER_PORT', - value: $.spec.template.spec.containers[0].ports[0].port, + value: $.spec.template.spec.containers[0].ports[0].containerPort, }, { name: 'AFFINE_SERVER_EXTERNAL_URL', From 11998e923dafbb98a15976bd75871989198b71ca Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 18:08:43 +0900 Subject: [PATCH 0329/1209] use tostring Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 28f098824..afde2d216 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -42,7 +42,7 @@ }, { name: 'AFFINE_CONFIG_PATH', - value: $.spec.template.spec.containers[0].volumeMounts[1].mountPath, + value: std.toString($.spec.template.spec.containers[0].volumeMounts[1].mountPath), }, { name: 'REDIS_SERVER_HOST', From e88f9cbb54a344d80d763ffe7ed05c81140846cf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 18:09:40 +0900 Subject: [PATCH 0330/1209] use tostring Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index afde2d216..93ca3c6f8 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -30,7 +30,7 @@ }, { name: 'AFFINE_SERVER_PORT', - value: $.spec.template.spec.containers[0].ports[0].containerPort, + value: std.toString($.spec.template.spec.containers[0].ports[0].containerPort), }, { name: 'AFFINE_SERVER_EXTERNAL_URL', @@ -42,7 +42,7 @@ }, { name: 'AFFINE_CONFIG_PATH', - value: std.toString($.spec.template.spec.containers[0].volumeMounts[1].mountPath), + value: $.spec.template.spec.containers[0].volumeMounts[1].mountPath, }, { name: 'REDIS_SERVER_HOST', From 2394ce04499f883ac9ea29cff3289e7fb7c1b164 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 18:13:34 +0900 Subject: [PATCH 0331/1209] add Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 93ca3c6f8..d9fc44c78 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -71,7 +71,7 @@ }, { name: 'MAILER_USER', - value: 'affine@resend.walnuts.dev', + value: 'resend', }, { name: 'MAILER_PASSWORD', From a296eb279dbbebe225cf99598cfae197a87b57da Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 18:19:04 +0900 Subject: [PATCH 0332/1209] add Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index d9fc44c78..963a70123 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -111,6 +111,21 @@ name: 'tmp', }, ], + livenessProbe: { + httpGet: { + path: '/info', + port: 'http', + }, + failureThreshold: 1, + initialDelaySeconds: 10, + periodSeconds: 10, + }, + readinessProbe: { + httpGet: { + path: '/info', + port: 'http', + }, + }, }, ], volumes: [ From 3f4d3d60f441fa254a543bc925cc4b01d26d16da Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 18:26:00 +0900 Subject: [PATCH 0333/1209] add MAILER_SENDER Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 963a70123..91c7654eb 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -82,6 +82,10 @@ }, }, }, + { + name: 'MAILER_SENDER', + value: 'affine@resend.walnuts.dev', + }, ], ports: [ { From b6d8d2d61e82bae689b0b8c39cbf7ffeaa816f56 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 30 Nov 2024 18:56:50 +0900 Subject: [PATCH 0334/1209] Update README.md --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 57e0d0d98..38249c497 100644 --- a/README.md +++ b/README.md @@ -26,15 +26,13 @@ Walnuts 家の自宅サーバ全般のリポジトリです。 - [README](./k8s/README.md) ### YAML + このリポジトリではjsonnetを用いてマニフェスト管理を行っています。 YAMLの生成結果は[snapshot](https://github.com/walnuts1018/infra/tree/snapshot)ブランチへと自動的にpushされるので、そちらを参照してください。 -## Actions - -- [k8s-badge](./.github/workflows/badge.yaml) -- [CI](./.github/workflows/k8s.yaml) -- [flux Manigests AutoGen](./.github/workflows/auto-gen.yaml) ## Renovate - [renovate.json](./renovate.json5) + +![Alt](https://repobeats.axiom.co/api/embed/dd585ab5402819b2c5e92a25cbd4dc2304035170.svg "Repobeats analytics image") From 683f2a7977b068542fa7fb40e7a49d774ca40192 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 19:13:40 +0900 Subject: [PATCH 0335/1209] add misskey Signed-off-by: walnuts1018 --- terraform/modules/minio/minio.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/terraform/modules/minio/minio.tf b/terraform/modules/minio/minio.tf index cab7bcc74..a7a7f3904 100644 --- a/terraform/modules/minio/minio.tf +++ b/terraform/modules/minio/minio.tf @@ -29,3 +29,7 @@ resource "aws_s3_bucket" "mpeg-dash-encoder-source-upload" { resource "aws_s3_bucket" "mpeg-dash-encoder-output" { bucket = format("mpeg-dash-encoder-output%s", var.bucket_name_suffix) } + +resource "aws_s3_bucket" "misskey" { + bucket = format("misskey%s", var.bucket_name_suffix) +} From 68f2f116fa127b1bd8f0e2496933a6a798ac896a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:08:08 +0900 Subject: [PATCH 0336/1209] rm misskey-pv Signed-off-by: walnuts1018 --- k8s/apps/misskey/deployment.jsonnet | 12 +++++------- k8s/apps/misskey/pvc.jsonnet | 19 ------------------- 2 files changed, 5 insertions(+), 26 deletions(-) delete mode 100644 k8s/apps/misskey/pvc.jsonnet diff --git a/k8s/apps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet index 56e451937..b64bb144d 100644 --- a/k8s/apps/misskey/deployment.jsonnet +++ b/k8s/apps/misskey/deployment.jsonnet @@ -58,7 +58,7 @@ ], volumeMounts: [ { - name: 'misskey-pv', + name: 'misskey-files', mountPath: '/misskey/files', }, { @@ -115,12 +115,6 @@ }, ], volumes: [ - { - name: 'misskey-pv', - persistentVolumeClaim: { - claimName: (import 'pvc.jsonnet').metadata.name, - }, - }, { name: 'misskey-config', secret: { @@ -131,6 +125,10 @@ name: 'tmp', emptyDir: {}, }, + { + name: 'misskey-files', + emptyDir: {}, + }, ], }, }, diff --git a/k8s/apps/misskey/pvc.jsonnet b/k8s/apps/misskey/pvc.jsonnet deleted file mode 100644 index 3cda9e945..000000000 --- a/k8s/apps/misskey/pvc.jsonnet +++ /dev/null @@ -1,19 +0,0 @@ -{ - apiVersion: 'v1', - kind: 'PersistentVolumeClaim', - metadata: { - name: (import 'app.json5').name, - }, - spec: { - storageClassName: 'longhorn', - volumeName: 'misskey', - accessModes: [ - 'ReadWriteOnce', - ], - resources: { - requests: { - storage: '4Gi', - }, - }, - }, -} From b60732294523f5da421e1ca4dc10444c25723caf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:13:19 +0900 Subject: [PATCH 0337/1209] use resend Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/external-secret.jsonnet | 4 ++-- k8s/apps/prometheus-stack/values.yaml | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/k8s/apps/prometheus-stack/external-secret.jsonnet b/k8s/apps/prometheus-stack/external-secret.jsonnet index 31c544bf5..8438d5d8b 100644 --- a/k8s/apps/prometheus-stack/external-secret.jsonnet +++ b/k8s/apps/prometheus-stack/external-secret.jsonnet @@ -33,8 +33,8 @@ { secretKey: 'smtp_password', remoteRef: { - key: 'gmail', - property: 'password', + key: 'resend', + property: 'api-key', }, }, ], diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index eeac2cdf3..cab5e299f 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -56,9 +56,9 @@ grafana: use_pkce: true smtp: enabled: true - from_address: noreply@walnuts.dev - host: smtp.gmail.com:587 - user: "r.juglans.1018@gmail.com" + from_address: grafana@resend.walnuts.dev + host: smtp.resend.com:587 + user: "resend" password: $__file{/etc/secrets/smtp_password} database: type: postgres @@ -75,7 +75,7 @@ prometheus-node-exporter: prometheus: monitor: relabelings: - - sourceLabels: [__meta_kubernetes_pod_node_name] + - sourceLabels: [ __meta_kubernetes_pod_node_name ] separator: ; regex: ^(.*)$ targetLabel: node @@ -91,7 +91,7 @@ prometheus: volumeClaimTemplate: spec: storageClassName: longhorn-local - accessModes: ["ReadWriteOnce"] + accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 32Gi From 646534b935b1ebc39bdabd686a8d70a557ffdaa3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:44:42 +0900 Subject: [PATCH 0338/1209] use server side apply Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 2 ++ k8s/_argocd/applications/argocd.yaml | 2 ++ k8s/_argocd/applications/namespaces.yaml | 2 ++ k8s/components/helm.libsonnet | 3 +++ 4 files changed, 9 insertions(+) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index 5c2ee147d..807339278 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -39,3 +39,5 @@ spec: automated: selfHeal: true prune: true + syncOptions: + - ServerSideApply=true diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index d3a78fdb3..ff77ec903 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -26,3 +26,5 @@ spec: automated: selfHeal: true prune: true + syncOptions: + - ServerSideApply=true diff --git a/k8s/_argocd/applications/namespaces.yaml b/k8s/_argocd/applications/namespaces.yaml index fe1f5510d..779d245d1 100644 --- a/k8s/_argocd/applications/namespaces.yaml +++ b/k8s/_argocd/applications/namespaces.yaml @@ -24,3 +24,5 @@ spec: automated: selfHeal: true prune: true + syncOptions: + - ServerSideApply=true diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet index 1f22201e0..a20279fc7 100644 --- a/k8s/components/helm.libsonnet +++ b/k8s/components/helm.libsonnet @@ -30,6 +30,9 @@ selfHeal: true, prune: true, }, + syncOptions: [ + 'ServerSideApply=true', + ], }, source: { chart: $.chart, From e3fe84e165dba3215af7d2729e20866dee60ff9e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:45:03 +0900 Subject: [PATCH 0339/1209] rm Signed-off-by: walnuts1018 --- k8s/apps/redis-operator/helm.jsonnet | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/k8s/apps/redis-operator/helm.jsonnet b/k8s/apps/redis-operator/helm.jsonnet index f7164051d..c3d85ccb8 100644 --- a/k8s/apps/redis-operator/helm.jsonnet +++ b/k8s/apps/redis-operator/helm.jsonnet @@ -1,16 +1,8 @@ -std.mergePatch((import '../../components/helm.libsonnet') { +(import '../../components/helm.libsonnet') { name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, chart: 'redis-operator', repoURL: 'https://ot-container-kit.github.io/helm-charts/', targetRevision: '0.18.5', values: (importstr 'values.yaml'), -}, { - spec: { - syncPolicy: { - syncOptions: [ - 'ServerSideApply=true', - ], - }, - }, -}) +} From 6266f65fbdb8a9b494fedfc4d84e2dc4b8d91d65 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:46:15 +0900 Subject: [PATCH 0340/1209] update base Signed-off-by: walnuts1018 --- k8s/_argocd/clusters/kurumi/base.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index 2f1cb4e31..b9dbc1379 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -20,3 +20,5 @@ spec: automated: selfHeal: true prune: true + syncOptions: + - ServerSideApply=true From 41cc5882b82535b36534888d92c5c17eefa843cc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:49:13 +0900 Subject: [PATCH 0341/1209] add base-updater Signed-off-by: walnuts1018 --- k8s/_argocd/clusters/kurumi/base-updater.yaml | 24 +++++++++++++++++++ k8s/_argocd/clusters/kurumi/base.yaml | 3 +++ 2 files changed, 27 insertions(+) create mode 100644 k8s/_argocd/clusters/kurumi/base-updater.yaml diff --git a/k8s/_argocd/clusters/kurumi/base-updater.yaml b/k8s/_argocd/clusters/kurumi/base-updater.yaml new file mode 100644 index 000000000..5d31b312e --- /dev/null +++ b/k8s/_argocd/clusters/kurumi/base-updater.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: base-updater + namespace: argocd + annotations: + notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop + notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop +spec: + project: default + destination: + namespace: argocd + server: https://kubernetes.default.svc + sources: + - path: k8s/_argocd/clusters/kurumi/base.yaml + repoURL: 'https://github.com/walnuts1018/infra' + targetRevision: main + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - ServerSideApply=true diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index b9dbc1379..cff2a92fd 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -16,6 +16,9 @@ spec: - path: k8s/_argocd/applications repoURL: 'https://github.com/walnuts1018/infra' targetRevision: main + - path: k8s/_argocd/clusters/kurumi/base-updater.yaml + repoURL: 'https://github.com/walnuts1018/infra' + targetRevision: main syncPolicy: automated: selfHeal: true From 97b0cc47596d87cf2023c20799bed28f641235f3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:50:27 +0900 Subject: [PATCH 0342/1209] =?UTF-8?q?=E8=87=AA=E5=88=86=E8=87=AA=E8=BA=AB?= =?UTF-8?q?=E3=82=82=E7=AE=A1=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- k8s/_argocd/clusters/kurumi/base-updater.yaml | 24 ------------------- k8s/_argocd/clusters/kurumi/base.yaml | 2 +- 2 files changed, 1 insertion(+), 25 deletions(-) delete mode 100644 k8s/_argocd/clusters/kurumi/base-updater.yaml diff --git a/k8s/_argocd/clusters/kurumi/base-updater.yaml b/k8s/_argocd/clusters/kurumi/base-updater.yaml deleted file mode 100644 index 5d31b312e..000000000 --- a/k8s/_argocd/clusters/kurumi/base-updater.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: base-updater - namespace: argocd - annotations: - notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop -spec: - project: default - destination: - namespace: argocd - server: https://kubernetes.default.svc - sources: - - path: k8s/_argocd/clusters/kurumi/base.yaml - repoURL: 'https://github.com/walnuts1018/infra' - targetRevision: main - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - ServerSideApply=true diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index cff2a92fd..968558cd7 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -16,7 +16,7 @@ spec: - path: k8s/_argocd/applications repoURL: 'https://github.com/walnuts1018/infra' targetRevision: main - - path: k8s/_argocd/clusters/kurumi/base-updater.yaml + - path: k8s/_argocd/clusters/kurumi repoURL: 'https://github.com/walnuts1018/infra' targetRevision: main syncPolicy: From 89ba256d73ff1201447aed8a50d7760885e1cd3f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:51:46 +0900 Subject: [PATCH 0343/1209] test Signed-off-by: walnuts1018 --- k8s/_argocd/clusters/kurumi/base.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index 968558cd7..cc6b06e8c 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -23,5 +23,5 @@ spec: automated: selfHeal: true prune: true - syncOptions: - - ServerSideApply=true + # syncOptions: + # - ServerSideApply=true From 2e2ba9f3e20292b1d010b6dd65e0cc9a2f18805c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:52:04 +0900 Subject: [PATCH 0344/1209] test Signed-off-by: walnuts1018 --- k8s/_argocd/clusters/kurumi/base.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index cc6b06e8c..968558cd7 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -23,5 +23,5 @@ spec: automated: selfHeal: true prune: true - # syncOptions: - # - ServerSideApply=true + syncOptions: + - ServerSideApply=true From f87d6acf1821a90596f72e009569f2bcc64992c9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 20:55:33 +0900 Subject: [PATCH 0345/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/misskey/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet index b64bb144d..91b152d7c 100644 --- a/k8s/apps/misskey/deployment.jsonnet +++ b/k8s/apps/misskey/deployment.jsonnet @@ -35,7 +35,7 @@ ], volumeMounts: [ { - name: 'misskey-pv', + name: 'misskey-files', mountPath: '/misskey/files', }, { From 55cc2f5cbc12f2beb14f536454f1f48c572814e8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 21:10:48 +0900 Subject: [PATCH 0346/1209] add Signed-off-by: walnuts1018 --- k8s/apps/affine/external-secret.jsonnet | 8 ++++++++ k8s/apps/affine/statefulset.jsonnet | 17 +++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/k8s/apps/affine/external-secret.jsonnet b/k8s/apps/affine/external-secret.jsonnet index b49e01eec..b3fa4aab4 100644 --- a/k8s/apps/affine/external-secret.jsonnet +++ b/k8s/apps/affine/external-secret.jsonnet @@ -23,6 +23,13 @@ std.mergePatch((import '../../components/external-secret.libsonnet') { property: 'api-key', }, }, + { + secretKey: 'oidcclientsecret', + remoteRef: { + key: 'zitadel', + property: 'affine', + }, + }, ], }, { spec: { @@ -34,6 +41,7 @@ std.mergePatch((import '../../components/external-secret.libsonnet') { 'postgres-url': 'postgres://affine:{{ .dbpassword }}@postgresql-default.databases.svc.cluster.local/affine', redispassword: '{{ .redispassword }}', 'mailer-password': '{{ .mailerpassword }}', + 'oidc-client-secret': '{{ .oidcclientsecret }}', }, }, }, diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 91c7654eb..bc070c5cb 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -86,6 +86,23 @@ name: 'MAILER_SENDER', value: 'affine@resend.walnuts.dev', }, + { + name: 'OAUTH_OIDC_ISSUER', + value: 'https://auth.walnuts.dev', + }, + { + name: 'OAUTH_OIDC_CLIENT_ID', + value: '296071951179383022', + }, + { + name: 'OAUTH_OIDC_CLIENT_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'oidc-client-secret', + }, + }, + }, ], ports: [ { From 3ebf11794d37cca44dc0fcb62b570d322090d30d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 21:18:59 +0900 Subject: [PATCH 0347/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 212 +++++++++++++++------------- 1 file changed, 112 insertions(+), 100 deletions(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index bc070c5cb..918fd1685 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -17,93 +17,123 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { + local env = [ + { + name: 'AFFINE_SERVER_HOST', + value: 'affine.walnuts.dev', + }, + { + name: 'AFFINE_SERVER_PORT', + value: std.toString($.spec.template.spec.containers[0].ports[0].containerPort), + }, + { + name: 'AFFINE_SERVER_EXTERNAL_URL', + value: 'https://affine.walnuts.dev', + } + { + name: 'NODE_OPTIONS', + value: '--import=./scripts/register.js', + }, + { + name: 'AFFINE_CONFIG_PATH', + value: $.spec.template.spec.containers[0].volumeMounts[1].mountPath, + }, + { + name: 'REDIS_SERVER_HOST', + value: (import 'redis.jsonnet').metadata.name, + }, + { + name: 'DATABASE_URL', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'postgres-url', + }, + }, + }, + { + name: 'NODE_ENV', + value: 'production', + }, + { + name: 'MAILER_HOST', + value: 'smtp.resend.com', + }, + { + name: 'MAILER_PORT', + value: '587', + }, + { + name: 'MAILER_USER', + value: 'resend', + }, + { + name: 'MAILER_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'mailer-password', + }, + }, + }, + { + name: 'MAILER_SENDER', + value: 'affine@resend.walnuts.dev', + }, + { + name: 'OAUTH_OIDC_ISSUER', + value: 'https://auth.walnuts.dev', + }, + { + name: 'OAUTH_OIDC_CLIENT_ID', + value: '296071951179383022', + }, + { + name: 'OAUTH_OIDC_CLIENT_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'oidc-client-secret', + }, + }, + }, + ], + local volumeMounts = [ + { + mountPath: '/root/.affine/storage', + name: 'affine-storage', + }, + { + mountPath: '/root/.affine/config', + name: 'affine-config', + }, + { + mountPath: '/usr/local/share/.cache', + name: 'usr-local-share-cache', + }, + { + mountPath: '/tmp', + name: 'tmp', + }, + ], + initContainers: [ + (import '../../components/container.libsonnet') { + name: 'affine-init', + image: 'ghcr.io/toeverything/affine-graphql:stable-1623f5d', + command: ['sh', '-c', 'node ./scripts/self-host-predeploy'], + securityContext:: null, + env: env, + volumeMounts: volumeMounts, + }, + ], containers: [ (import '../../components/container.libsonnet') { name: 'affine', image: 'ghcr.io/toeverything/affine-graphql:stable-1623f5d', - command: ['sh', '-c', 'node ./scripts/self-host-predeploy && node ./dist/index.js'], + command: ['sh', '-c', 'node ./dist/index.js'], securityContext:: null, - env: [ - { - name: 'AFFINE_SERVER_HOST', - value: 'affine.walnuts.dev', - }, - { - name: 'AFFINE_SERVER_PORT', - value: std.toString($.spec.template.spec.containers[0].ports[0].containerPort), - }, - { - name: 'AFFINE_SERVER_EXTERNAL_URL', - value: 'https://affine.walnuts.dev', - } - { - name: 'NODE_OPTIONS', - value: '--import=./scripts/register.js', - }, - { - name: 'AFFINE_CONFIG_PATH', - value: $.spec.template.spec.containers[0].volumeMounts[1].mountPath, - }, - { - name: 'REDIS_SERVER_HOST', - value: (import 'redis.jsonnet').metadata.name, - }, - { - name: 'DATABASE_URL', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').metadata.name, - key: 'postgres-url', - }, - }, - }, - { - name: 'NODE_ENV', - value: 'production', - }, - { - name: 'MAILER_HOST', - value: 'smtp.resend.com', - }, - { - name: 'MAILER_PORT', - value: '587', - }, - { - name: 'MAILER_USER', - value: 'resend', - }, - { - name: 'MAILER_PASSWORD', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').metadata.name, - key: 'mailer-password', - }, - }, - }, - { - name: 'MAILER_SENDER', - value: 'affine@resend.walnuts.dev', - }, - { - name: 'OAUTH_OIDC_ISSUER', - value: 'https://auth.walnuts.dev', - }, - { - name: 'OAUTH_OIDC_CLIENT_ID', - value: '296071951179383022', - }, - { - name: 'OAUTH_OIDC_CLIENT_SECRET', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').metadata.name, - key: 'oidc-client-secret', - }, - }, - }, - ], + env: env, + volumeMounts: volumeMounts, ports: [ { containerPort: 3010, @@ -114,24 +144,6 @@ name: 'prisma', }, ], - volumeMounts: [ - { - mountPath: '/root/.affine/storage', - name: 'affine-storage', - }, - { - mountPath: '/root/.affine/config', - name: 'affine-config', - }, - { - mountPath: '/usr/local/share/.cache', - name: 'usr-local-share-cache', - }, - { - mountPath: '/tmp', - name: 'tmp', - }, - ], livenessProbe: { httpGet: { path: '/info', From 42bb9cc75923b89c2d284c35bf7e22172d62493a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 21:31:22 +0900 Subject: [PATCH 0348/1209] add DEPLOYMENT_TYPE Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 918fd1685..af6814a11 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -55,6 +55,10 @@ name: 'NODE_ENV', value: 'production', }, + { + name: 'DEPLOYMENT_TYPE', + value: 'selfhosted', + } { name: 'MAILER_HOST', value: 'smtp.resend.com', From b5132fc08436898e8c311b0f4602b9afd567b852 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 21:36:29 +0900 Subject: [PATCH 0349/1209] add config Signed-off-by: walnuts1018 --- k8s/apps/affine/config/affine.js | 20 ++++++++++++++++++++ k8s/apps/affine/configmap.jsonnet | 8 ++++++++ k8s/apps/affine/statefulset.jsonnet | 18 ++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 k8s/apps/affine/config/affine.js create mode 100644 k8s/apps/affine/configmap.jsonnet diff --git a/k8s/apps/affine/config/affine.js b/k8s/apps/affine/config/affine.js new file mode 100644 index 000000000..9de07a21d --- /dev/null +++ b/k8s/apps/affine/config/affine.js @@ -0,0 +1,20 @@ +AFFiNE.use("redis", { + /* override options */ +}); + +AFFiNE.use("oauth", { + providers: { + oidc: { + // OpenID Connect + issuer: "", + clientId: "", + clientSecret: "", + args: { + scope: "openid email profile", + claim_id: "preferred_username", + claim_email: "email", + claim_name: "name", + }, + }, + }, +}); diff --git a/k8s/apps/affine/configmap.jsonnet b/k8s/apps/affine/configmap.jsonnet new file mode 100644 index 000000000..fd5245af5 --- /dev/null +++ b/k8s/apps/affine/configmap.jsonnet @@ -0,0 +1,8 @@ +(import '../../components/configmap.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + data: { + 'affine.js': (importstr './config/affine.js'), + }, +} diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index af6814a11..18c64de06 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -111,6 +111,12 @@ mountPath: '/root/.affine/config', name: 'affine-config', }, + { + mountPath: '/root/.affine/config/affine.js', + subPath: 'affine.js', + readOnly: true, + name: 'affine-config-affine-js', + } { mountPath: '/usr/local/share/.cache', name: 'usr-local-share-cache', @@ -166,6 +172,18 @@ }, ], volumes: [ + { + name: 'affine-config-affine-js', + configMap: { + name: (import 'configmap.jsonnet').metadata.name, + items: [ + { + key: 'affine.js', + path: 'affine.js',, + }, + ], + }, + }, { name: 'affine-storage', persistentVolumeClaim: { From 4323d552a2d85ee46066ed1e292d3d10d71a7d34 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 21:37:07 +0900 Subject: [PATCH 0350/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 18c64de06..e53af9044 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -179,7 +179,7 @@ items: [ { key: 'affine.js', - path: 'affine.js',, + path: 'affine.js', }, ], }, From b114eaa2f8d99d44f2237f3da6bf80c6d8bbcca1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 21:41:14 +0900 Subject: [PATCH 0351/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index e53af9044..6bde202a4 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -116,7 +116,7 @@ subPath: 'affine.js', readOnly: true, name: 'affine-config-affine-js', - } + }, { mountPath: '/usr/local/share/.cache', name: 'usr-local-share-cache', From 36ef30ab9a0d713ebf47a4f786241510a8a81a9d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 21:43:21 +0900 Subject: [PATCH 0352/1209] rm redis option Signed-off-by: walnuts1018 --- k8s/apps/affine/config/affine.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/k8s/apps/affine/config/affine.js b/k8s/apps/affine/config/affine.js index 9de07a21d..972094979 100644 --- a/k8s/apps/affine/config/affine.js +++ b/k8s/apps/affine/config/affine.js @@ -1,7 +1,3 @@ -AFFiNE.use("redis", { - /* override options */ -}); - AFFiNE.use("oauth", { providers: { oidc: { From 51c2c4d41137e952cf69b01e9b9961b7ff6b9d32 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 22:24:10 +0900 Subject: [PATCH 0353/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 6bde202a4..dc6d6e9b8 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -29,7 +29,7 @@ { name: 'AFFINE_SERVER_EXTERNAL_URL', value: 'https://affine.walnuts.dev', - } + }, { name: 'NODE_OPTIONS', value: '--import=./scripts/register.js', From 7bb472dea78c4aed9ef0932f8f0b6a506a0f2d93 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 22:24:30 +0900 Subject: [PATCH 0354/1209] add Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index dc6d6e9b8..1f45cb6b1 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -58,7 +58,7 @@ { name: 'DEPLOYMENT_TYPE', value: 'selfhosted', - } + }, { name: 'MAILER_HOST', value: 'smtp.resend.com', From 94858c62c6f04616c23407c5ad9d089f95d39505 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 22:30:53 +0900 Subject: [PATCH 0355/1209] =?UTF-8?q?=E7=92=B0=E5=A2=83=E5=A4=89=E6=95=B0N?= =?UTF-8?q?ODE=5FENV=E3=82=92production=E3=81=8B=E3=82=89development?= =?UTF-8?q?=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 1f45cb6b1..d5e40f709 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -53,7 +53,7 @@ }, { name: 'NODE_ENV', - value: 'production', + value: 'development', }, { name: 'DEPLOYMENT_TYPE', From a9a331c85eb7185521ea79cfc9a141546d39b939 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 22:34:47 +0900 Subject: [PATCH 0356/1209] rm probe Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 30 ++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index d5e40f709..7c9581144 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -154,21 +154,21 @@ name: 'prisma', }, ], - livenessProbe: { - httpGet: { - path: '/info', - port: 'http', - }, - failureThreshold: 1, - initialDelaySeconds: 10, - periodSeconds: 10, - }, - readinessProbe: { - httpGet: { - path: '/info', - port: 'http', - }, - }, + // livenessProbe: { + // httpGet: { + // path: '/info', + // port: 'http', + // }, + // failureThreshold: 1, + // initialDelaySeconds: 10, + // periodSeconds: 10, + // }, + // readinessProbe: { + // httpGet: { + // path: '/info', + // port: 'http', + // }, + // }, }, ], volumes: [ From 4ac234c412a50d596e5126fdfb23291774f800e4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 22:36:36 +0900 Subject: [PATCH 0357/1209] add Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 32 ++++++++++++++--------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 7c9581144..1f45cb6b1 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -53,7 +53,7 @@ }, { name: 'NODE_ENV', - value: 'development', + value: 'production', }, { name: 'DEPLOYMENT_TYPE', @@ -154,21 +154,21 @@ name: 'prisma', }, ], - // livenessProbe: { - // httpGet: { - // path: '/info', - // port: 'http', - // }, - // failureThreshold: 1, - // initialDelaySeconds: 10, - // periodSeconds: 10, - // }, - // readinessProbe: { - // httpGet: { - // path: '/info', - // port: 'http', - // }, - // }, + livenessProbe: { + httpGet: { + path: '/info', + port: 'http', + }, + failureThreshold: 1, + initialDelaySeconds: 10, + periodSeconds: 10, + }, + readinessProbe: { + httpGet: { + path: '/info', + port: 'http', + }, + }, }, ], volumes: [ From 92fe44c7b2d5db6d2470f8abd0eda72d196b5bfc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 30 Nov 2024 22:42:38 +0900 Subject: [PATCH 0358/1209] add DEV_SERVER_URL Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 1f45cb6b1..80f28b615 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -63,6 +63,10 @@ name: 'MAILER_HOST', value: 'smtp.resend.com', }, + { + name: 'DEV_SERVER_URL', + value: 'https://affine.walnuts.dev', + }, { name: 'MAILER_PORT', value: '587', From 96b984e6302cebc46c0ec952668c6c6eee3258d4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 11:57:10 +0900 Subject: [PATCH 0359/1209] add Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index e4c1a2a60..31931ab4e 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -196,11 +196,11 @@ std.mergePatch((import '_base.libsonnet'), { value: 'k8s.node.name=$(K8S_NODE_NAME),k8s.node.ip=$(K8S_NODE_IP)', }, ], - tolerations: [ - { - operator: 'Exists', - }, - ], + // tolerations: [ + // { + // operator: 'Exists', + // }, + // ], volumeMounts: [ { name: 'varlogpods', From 0fb40324e341829b60ffaa201ff09f574ecbc2a9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 12:51:10 +0900 Subject: [PATCH 0360/1209] add Signed-off-by: walnuts1018 --- k8s/init/readme.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/k8s/init/readme.md b/k8s/init/readme.md index 197f9c20f..4b909442f 100644 --- a/k8s/init/readme.md +++ b/k8s/init/readme.md @@ -8,6 +8,20 @@ - [zsh&dotfile](https://github.com/walnuts1018/dotfiles) +## ラズパイのみ + +```bash +sudo su +rpi-eeprom-update -a +echo -n "dtoverlay=cma,cma-64 +dtoverlay=disable-bt +dtoverlay=disable-wifi +dtparam=watchdog=on +" >> /boot/firmware/config.txt" + +exit +``` + ## Timezone ```bash From 9d0ce0018554a9d11c6585cdde4d68db169572d8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 13:20:54 +0900 Subject: [PATCH 0361/1209] rm MINIO_IDENTITY_OPENID_REDIRECT_URI Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 2c2f7f7f6..6e2a0497f 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -32,7 +32,6 @@ oidc: redirectUri: "https://minio-console.walnuts.dev/oauth_callback" displayName: "Walnuts.dev" environment: - MINIO_IDENTITY_OPENID_REDIRECT_URI: "https://minio-console.walnuts.dev/oauth_callback" MINIO_SERVER_URL: "https://minio.walnuts.dev" MINIO_BROWSER_REDIRECT_URL: "https://minio-console.walnuts.dev" metrics: From e05a17bf82c4761e2d985fd1677ad8a3478628cd Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 13:23:29 +0900 Subject: [PATCH 0362/1209] k8s: enable node inclusion in Minio service monitor Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 6e2a0497f..2d903d4bb 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -37,4 +37,5 @@ environment: metrics: serviceMonitor: enabled: true + includeNode: true users: [] From d282e727e13d7831b29b096bac8169e7db024560 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 13:28:06 +0900 Subject: [PATCH 0363/1209] k8s: add probeSelector to monitor all Probes Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index cab5e299f..e9921b5cc 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -87,6 +87,8 @@ prometheus: matchLabels: null #全てのServiceMonitorを監視対象にする podMonitorSelector: matchLabels: null #全てのPodMonitorを監視対象にする + probeSelector: + matchLabels: null #全てのProbeを監視対象にする storageSpec: volumeClaimTemplate: spec: From 7417249785cb41bdba74f1348a7fd94004fdce6d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 13:38:52 +0900 Subject: [PATCH 0364/1209] rm unnecessary Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index e9921b5cc..9f5f882e7 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -83,12 +83,6 @@ prometheus-node-exporter: action: replace prometheus: prometheusSpec: - serviceMonitorSelector: - matchLabels: null #全てのServiceMonitorを監視対象にする - podMonitorSelector: - matchLabels: null #全てのPodMonitorを監視対象にする - probeSelector: - matchLabels: null #全てのProbeを監視対象にする storageSpec: volumeClaimTemplate: spec: From 06a18311147324575906f96296dd2b9037b76fb0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 13:45:44 +0900 Subject: [PATCH 0365/1209] add Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index 9f5f882e7..b6d4551d8 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -83,6 +83,14 @@ prometheus-node-exporter: action: replace prometheus: prometheusSpec: + serviceMonitorSelector: + matchLabels: {} #全てのServiceMonitorを監視対象にする + podMonitorSelector: + matchLabels: {} #全てのPodMonitorを監視対象にする + probeSelector: + matchLabels: {} #全てのProbeを監視対象にする + probeNamespaceSelector: + matchLabels: {} #全てのNamespaceのProbeを監視対象にする storageSpec: volumeClaimTemplate: spec: From be54de9da7172add49d97435202004516d61e276 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 13:57:10 +0900 Subject: [PATCH 0366/1209] k8s: add grafana-github-datasource plugin to values.yaml Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index b6d4551d8..93112cbe5 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -71,6 +71,7 @@ grafana: enabled: true plugins: - knightss27-weathermap-panel + - grafana-github-datasource prometheus-node-exporter: prometheus: monitor: From b840c03b4ae3c8048312e50b4748f4371d15c03e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 13:59:27 +0900 Subject: [PATCH 0367/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 1a496f442..98dc88a24 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -64,6 +64,8 @@ hubble: - httpV2:exemplars=true serviceMonitor: enabled: true + dashboards: + enabled: true envoy: image: useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 From 727ee9fcca2564373128d3b7bf221339b34bb4ce Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 14:01:17 +0900 Subject: [PATCH 0368/1209] k8s: add namespace configuration for Hubble dashboards Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 98dc88a24..d86b0ba6c 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -66,6 +66,7 @@ hubble: enabled: true dashboards: enabled: true + namespace: monitoring envoy: image: useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 From 8ed028075cf8663168e6e6bea3465c40e354baf0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 14:01:56 +0900 Subject: [PATCH 0369/1209] k8s: remove namespace configuration from Hubble dashboards Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index d86b0ba6c..98dc88a24 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -66,7 +66,6 @@ hubble: enabled: true dashboards: enabled: true - namespace: monitoring envoy: image: useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 From 7282f45d1b559829bc5765a0c92f1620a5f4013b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 14:06:59 +0900 Subject: [PATCH 0370/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 98dc88a24..c76906995 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -17,6 +17,10 @@ clustermesh: auto: enabled: true method: cronJob + metrics: + enabled: true + serviceMonitor: + enabled: true ingressController: enabled: true loadbalancerMode: shared @@ -42,16 +46,12 @@ hubble: method: cronJob relay: enabled: true - image: - useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 + prometheus: + enabled: true + serviceMonitor: + enabled: true ui: enabled: true - backend: - image: - useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 - frontend: - image: - useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 metrics: enableOpenMetrics: true enabled: @@ -67,9 +67,17 @@ hubble: dashboards: enabled: true envoy: - image: - useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 + prometheus: + enabled: true + serviceMonitor: + enabled: true operator: - image: - useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 tolerations: [] + prometheus: + enabled: true + serviceMonitor: + enabled: true +prometheus: + enabled: true + serviceMonitor: + enabled: true From c4cf12a0dba35a1cee0d81c1a794a94597fa9c18 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 14:17:46 +0900 Subject: [PATCH 0371/1209] k8s: add blackbox-exporter application configuration Signed-off-by: walnuts1018 --- k8s/apps/blackbox-exporter/app.json5 | 4 ++++ k8s/apps/blackbox-exporter/helm.jsonnet | 9 +++++++++ k8s/apps/blackbox-exporter/values.yaml | 7 +++++++ 3 files changed, 20 insertions(+) create mode 100644 k8s/apps/blackbox-exporter/app.json5 create mode 100644 k8s/apps/blackbox-exporter/helm.jsonnet create mode 100644 k8s/apps/blackbox-exporter/values.yaml diff --git a/k8s/apps/blackbox-exporter/app.json5 b/k8s/apps/blackbox-exporter/app.json5 new file mode 100644 index 000000000..25130824c --- /dev/null +++ b/k8s/apps/blackbox-exporter/app.json5 @@ -0,0 +1,4 @@ +{ + name: "blackbox-exporter", + namespace: "monitoring", +} diff --git a/k8s/apps/blackbox-exporter/helm.jsonnet b/k8s/apps/blackbox-exporter/helm.jsonnet new file mode 100644 index 000000000..f6fdfdd5b --- /dev/null +++ b/k8s/apps/blackbox-exporter/helm.jsonnet @@ -0,0 +1,9 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + + chart: 'prometheus-blackbox-exporter', + repoURL: 'https://prometheus-community.github.io/helm-charts', + targetRevision: '9.1.0', + values: (importstr 'values.yaml'), +} diff --git a/k8s/apps/blackbox-exporter/values.yaml b/k8s/apps/blackbox-exporter/values.yaml new file mode 100644 index 000000000..e3b8a3a95 --- /dev/null +++ b/k8s/apps/blackbox-exporter/values.yaml @@ -0,0 +1,7 @@ +serviceMonitor: + selfMonitor: + enabled: true + enabled: true + targets: + - name: "walnuts-dev" + url: "https://walnuts.dev/healthz" From 1258e5b363c9639339bb7ac439cc2cea679c12c7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 14:19:31 +0900 Subject: [PATCH 0372/1209] add Signed-off-by: walnuts1018 --- k8s/apps/blackbox-exporter/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/k8s/apps/blackbox-exporter/values.yaml b/k8s/apps/blackbox-exporter/values.yaml index e3b8a3a95..6d39f4bb1 100644 --- a/k8s/apps/blackbox-exporter/values.yaml +++ b/k8s/apps/blackbox-exporter/values.yaml @@ -5,3 +5,11 @@ serviceMonitor: targets: - name: "walnuts-dev" url: "https://walnuts.dev/healthz" + - name: "http-test" + url: "https://httptest.walnuts.dev/" + - name: "blog" + url: "https://blog.walnuts.dev/" + - name: "grafana" + url: "https://grafana.walnuts.dev/" + - name: "oekaki-dengon-game" + url: "https://oekaki.walnuts.dev/public" From 5dd2c2f394331bdce79b94e3b4ec458ae31cc66c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 14:21:03 +0900 Subject: [PATCH 0373/1209] add Signed-off-by: walnuts1018 --- k8s/apps/blackbox-exporter/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/k8s/apps/blackbox-exporter/values.yaml b/k8s/apps/blackbox-exporter/values.yaml index 6d39f4bb1..a747d14e0 100644 --- a/k8s/apps/blackbox-exporter/values.yaml +++ b/k8s/apps/blackbox-exporter/values.yaml @@ -13,3 +13,11 @@ serviceMonitor: url: "https://grafana.walnuts.dev/" - name: "oekaki-dengon-game" url: "https://oekaki.walnuts.dev/public" + - name: "misskey" + url: "https://misskey.walnuts.dev/healthz" + - name: "minio" + url: "https://minio.walnuts.dev/minio/health/live" + - name: "nextcloud" + url: "https://nextcloud.walnuts.dev/status.php" + - name: "zitadel" + url: "https://auth.walnuts.dev/healthz" From b6e39c31c60de784b4cd8533b4f223cb9d7fd6c5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 14:25:54 +0900 Subject: [PATCH 0374/1209] add Signed-off-by: walnuts1018 --- k8s/apps/blackbox-exporter/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/blackbox-exporter/values.yaml b/k8s/apps/blackbox-exporter/values.yaml index a747d14e0..ab32730fa 100644 --- a/k8s/apps/blackbox-exporter/values.yaml +++ b/k8s/apps/blackbox-exporter/values.yaml @@ -10,7 +10,7 @@ serviceMonitor: - name: "blog" url: "https://blog.walnuts.dev/" - name: "grafana" - url: "https://grafana.walnuts.dev/" + url: "https://grafana.walnuts.dev/healthz" - name: "oekaki-dengon-game" url: "https://oekaki.walnuts.dev/public" - name: "misskey" From fae434a6ae4632b36d3b90788255fe6bc3bc8c68 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 14:49:26 +0900 Subject: [PATCH 0375/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index c76906995..81bd196ed 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -81,3 +81,4 @@ prometheus: enabled: true serviceMonitor: enabled: true + trustCRDsExist: true From d121c56506827852ef60ff029af9ed37adc40ff7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 15:12:15 +0900 Subject: [PATCH 0376/1209] fix Signed-off-by: walnuts1018 --- .github/scripts/infrautil/lib/helmyaml.go | 72 ++++++++++++++--------- 1 file changed, 43 insertions(+), 29 deletions(-) diff --git a/.github/scripts/infrautil/lib/helmyaml.go b/.github/scripts/infrautil/lib/helmyaml.go index e884ab8c0..5b7438850 100644 --- a/.github/scripts/infrautil/lib/helmyaml.go +++ b/.github/scripts/infrautil/lib/helmyaml.go @@ -45,31 +45,35 @@ func ParseHelmApplications(reader io.Reader) (iter.Seq2[HelmApplication, error], for scanner.Scan() { line := scanner.Text() if isSeparator(line) { - var app HelmApplication - if err := yaml.Unmarshal([]byte(strings.Join(lines, "\n")), &app); err != nil { - if !yield(HelmApplication{}, fmt.Errorf("failed to unmarshal yaml: %w", err)) { - return - } - } - lines = []string{} - if err := scanner.Err(); err != nil { if !yield(HelmApplication{}, fmt.Errorf("failed to read line: %w", err)) { return } } - if err := validate.Struct(app); err != nil { - if !yield(HelmApplication{}, ErrNotHelmApplication) { - return + if !isEmpty(lines) { + var app HelmApplication + if err := yaml.Unmarshal([]byte(strings.Join(lines, "\n")), &app); err != nil { + if !yield(HelmApplication{}, fmt.Errorf("failed to unmarshal yaml: %w", err)) { + return + } } - } else { - if !yield(app, nil) { - return + + if err := validate.Struct(app); err != nil { + if !yield(HelmApplication{}, ErrNotHelmApplication) { + return + } + } else { + if !yield(app, nil) { + return + } } } + + lines = []string{} + } else { + lines = append(lines, line) } - lines = append(lines, line) } if err := scanner.Err(); err != nil { @@ -78,22 +82,24 @@ func ParseHelmApplications(reader io.Reader) (iter.Seq2[HelmApplication, error], } } - if len(lines) > 0 { - var app HelmApplication - if err := yaml.Unmarshal([]byte(strings.Join(lines, "\n")), &app); err != nil { - if !yield(HelmApplication{}, fmt.Errorf("failed to unmarshal yaml: %w", err)) { - return - } + if isEmpty(lines) { + return + } + + var app HelmApplication + if err := yaml.Unmarshal([]byte(strings.Join(lines, "\n")), &app); err != nil { + if !yield(HelmApplication{}, fmt.Errorf("failed to unmarshal yaml: %w", err)) { + return } + } - if err := validate.Struct(app); err != nil { - if !yield(HelmApplication{}, ErrNotHelmApplication) { - return - } - } else { - if !yield(app, nil) { - return - } + if err := validate.Struct(app); err != nil { + if !yield(HelmApplication{}, ErrNotHelmApplication) { + return + } + } else { + if !yield(app, nil) { + return } } }, nil @@ -102,3 +108,11 @@ func ParseHelmApplications(reader io.Reader) (iter.Seq2[HelmApplication, error], func isSeparator(s string) bool { return strings.HasPrefix(s, "---") } + +func isEmpty(lines []string) bool { + if len(lines) == 0 { + return true + } + trimed := strings.TrimSpace(lines[0]) + return trimed == "" || strings.HasPrefix(trimed, "#") || isSeparator(trimed) +} From e1ca7e5f420b6c9b7e99c3fddaa93515b17fb0d0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 15:12:40 +0900 Subject: [PATCH 0377/1209] add Signed-off-by: walnuts1018 --- .github/scripts/infrautil/helmSnapshotCmd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/infrautil/helmSnapshotCmd.go b/.github/scripts/infrautil/helmSnapshotCmd.go index c9932984c..05133d63e 100644 --- a/.github/scripts/infrautil/helmSnapshotCmd.go +++ b/.github/scripts/infrautil/helmSnapshotCmd.go @@ -135,7 +135,7 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) } if err := eg.Wait(); err != nil { - slog.Error("failed to wait errgroup", slog.Any("error", err)) + slog.Error("failed to wait errgroup") return subcommands.ExitFailure } From ce9f26a3df271bbc03da4a754e982e5d93f868da Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 15:14:27 +0900 Subject: [PATCH 0378/1209] add Signed-off-by: walnuts1018 --- .github/scripts/infrautil/helmSnapshotCmd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/infrautil/helmSnapshotCmd.go b/.github/scripts/infrautil/helmSnapshotCmd.go index 05133d63e..e726eb0fa 100644 --- a/.github/scripts/infrautil/helmSnapshotCmd.go +++ b/.github/scripts/infrautil/helmSnapshotCmd.go @@ -74,7 +74,7 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) for helmapp, err := range helmapps { if err != nil { if errors.Is(err, lib.ErrNotHelmApplication) { - slog.Warn("not a helm application", slog.String("path", path), slog.Any("error", err)) + slog.Info("not helm application", slog.String("path", path)) continue } return fmt.Errorf("failed to parse helm application: %w", err) From 28ff85562bac446467d5443ab0a4371b978c37c6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 15:20:18 +0900 Subject: [PATCH 0379/1209] use eg Signed-off-by: walnuts1018 --- .github/scripts/infrautil/helmSnapshotCmd.go | 117 ++++++++++--------- .github/scripts/infrautil/snapshotCmd.go | 40 ++++--- 2 files changed, 85 insertions(+), 72 deletions(-) diff --git a/.github/scripts/infrautil/helmSnapshotCmd.go b/.github/scripts/infrautil/helmSnapshotCmd.go index e726eb0fa..51b69fe89 100644 --- a/.github/scripts/infrautil/helmSnapshotCmd.go +++ b/.github/scripts/infrautil/helmSnapshotCmd.go @@ -59,75 +59,78 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) return nil } - yamlFile, err := os.Open(path) - if err != nil { - slog.Error("failed to open file", slog.String("path", path), slog.Any("error", err)) - return fmt.Errorf("failed to open file: %w", err) - } - - helmapps, err := lib.ParseHelmApplications(yamlFile) - if err != nil { - slog.Error("failed to parse helm application", slog.String("path", path), slog.Any("error", err)) - return fmt.Errorf("failed to parse helm application: %w", err) - } - - for helmapp, err := range helmapps { + eg.Go(func() error { + yamlFile, err := os.Open(path) if err != nil { - if errors.Is(err, lib.ErrNotHelmApplication) { - slog.Info("not helm application", slog.String("path", path)) - continue - } - return fmt.Errorf("failed to parse helm application: %w", err) + slog.Error("failed to open file", slog.String("path", path), slog.Any("error", err)) + return fmt.Errorf("failed to open file: %w", err) } - repoURL, err := url.Parse(helmapp.Spec.Source.RepoURL) + helmapps, err := lib.ParseHelmApplications(yamlFile) if err != nil { - slog.Error("failed to parse repo url", slog.String("repoURL", helmapp.Spec.Source.RepoURL), slog.Any("error", err)) - return fmt.Errorf("failed to parse repo url: %w", err) + slog.Error("failed to parse helm application", slog.String("path", path), slog.Any("error", err)) + return fmt.Errorf("failed to parse helm application: %w", err) } - eg.Go(func() error { - hc, err := lib.NewHelmClient() + for helmapp, err := range helmapps { if err != nil { - slog.Error("failed to create helm client", slog.Any("error", err)) - return fmt.Errorf("failed to create helm client: %w", err) + if errors.Is(err, lib.ErrNotHelmApplication) { + slog.Info("not helm application", slog.String("path", path)) + continue + } + return fmt.Errorf("failed to parse helm application: %w", err) } - gen, err := hc.HelmTemplate( - context.Background(), - helmapp.Spec.Source.Helm.ReleaseName, - helmapp.Spec.Destination.Namespace, - *repoURL, - helmapp.Spec.Source.Chart, - helmapp.Spec.Source.TargetRevision, - helmapp.Spec.Source.Helm.Values, - helmapp.Spec.Source.Helm.ValuesObject, - ) + repoURL, err := url.Parse(helmapp.Spec.Source.RepoURL) if err != nil { - slog.Error("failed to generate helm template", slog.Any("error", err), - slog.String("release_name", helmapp.Spec.Source.Helm.ReleaseName), - slog.String("namespace", helmapp.Spec.Destination.Namespace), - slog.String("repo_url", helmapp.Spec.Source.RepoURL), - slog.String("chart", helmapp.Spec.Source.Chart), - slog.String("target_revision", helmapp.Spec.Source.TargetRevision), - ) - return fmt.Errorf("failed to generate helm template : %w", err) + slog.Error("failed to parse repo url", slog.String("repoURL", helmapp.Spec.Source.RepoURL), slog.Any("error", err)) + return fmt.Errorf("failed to parse repo url: %w", err) } - file, err := os.Create(filepath.Join(b.outFileDir, helmapp.Metadata.Name+".yaml")) - if err != nil { - slog.Error("failed to create file", slog.String("path", path), slog.Any("error", err)) - return fmt.Errorf("failed to create file: %w", err) - } - defer file.Close() - - if _, err := io.Copy(file, gen); err != nil { - slog.Error("failed to copy file", slog.String("path", path), slog.Any("error", err)) - return fmt.Errorf("failed to copy file: %w", err) - } - return nil - }) - } + eg.Go(func() error { + hc, err := lib.NewHelmClient() + if err != nil { + slog.Error("failed to create helm client", slog.Any("error", err)) + return fmt.Errorf("failed to create helm client: %w", err) + } + + gen, err := hc.HelmTemplate( + context.Background(), + helmapp.Spec.Source.Helm.ReleaseName, + helmapp.Spec.Destination.Namespace, + *repoURL, + helmapp.Spec.Source.Chart, + helmapp.Spec.Source.TargetRevision, + helmapp.Spec.Source.Helm.Values, + helmapp.Spec.Source.Helm.ValuesObject, + ) + if err != nil { + slog.Error("failed to generate helm template", slog.Any("error", err), + slog.String("release_name", helmapp.Spec.Source.Helm.ReleaseName), + slog.String("namespace", helmapp.Spec.Destination.Namespace), + slog.String("repo_url", helmapp.Spec.Source.RepoURL), + slog.String("chart", helmapp.Spec.Source.Chart), + slog.String("target_revision", helmapp.Spec.Source.TargetRevision), + ) + return fmt.Errorf("failed to generate helm template : %w", err) + } + + file, err := os.Create(filepath.Join(b.outFileDir, helmapp.Metadata.Name+".yaml")) + if err != nil { + slog.Error("failed to create file", slog.String("path", path), slog.Any("error", err)) + return fmt.Errorf("failed to create file: %w", err) + } + defer file.Close() + + if _, err := io.Copy(file, gen); err != nil { + slog.Error("failed to copy file", slog.String("path", path), slog.Any("error", err)) + return fmt.Errorf("failed to copy file: %w", err) + } + return nil + }) + } + return nil + }) return nil }); err != nil { slog.Error("failed to walk app directory", slog.String("appSnapshotDir", b.appSnapshotDir), slog.Any("error", err)) diff --git a/.github/scripts/infrautil/snapshotCmd.go b/.github/scripts/infrautil/snapshotCmd.go index 19e3b69c2..b7b9483a2 100644 --- a/.github/scripts/infrautil/snapshotCmd.go +++ b/.github/scripts/infrautil/snapshotCmd.go @@ -10,6 +10,7 @@ import ( "github.com/google/subcommands" "github.com/walnuts1018/infra/.github/scripts/infrautil/lib" + "golang.org/x/sync/errgroup" ) type snapshotCmd struct { @@ -34,6 +35,8 @@ func (b *snapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) subc return subcommands.ExitFailure } + eg := new(errgroup.Group) + if err := filepath.Walk(b.appBaseDir, func(path string, info fs.FileInfo, err error) error { if err != nil { return err @@ -46,30 +49,37 @@ func (b *snapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) subc if filepath.Ext(path) != ".jsonnet" { return nil } + eg.Go(func() error { + yaml, err := lib.BuildYAML(path) + if err != nil { + return err + } - yaml, err := lib.BuildYAML(path) - if err != nil { - return err - } - - relativePath, err := filepath.Rel(b.appBaseDir, path) - if err != nil { - return err - } + relativePath, err := filepath.Rel(b.appBaseDir, path) + if err != nil { + return err + } - if err := os.MkdirAll(filepath.Join(b.outFilePath, filepath.Dir(relativePath)), 0755); err != nil { - return err - } + if err := os.MkdirAll(filepath.Join(b.outFilePath, filepath.Dir(relativePath)), 0755); err != nil { + return err + } - if err := os.WriteFile(filepath.Join(b.outFilePath, changeExt(relativePath, ".yaml")), []byte(yaml), 0644); err != nil { - return err - } + if err := os.WriteFile(filepath.Join(b.outFilePath, changeExt(relativePath, ".yaml")), []byte(yaml), 0644); err != nil { + return err + } + return nil + }) return nil }); err != nil { slog.Error("failed to walk app directory", slog.String("appBaseDir", b.appBaseDir), slog.Any("error", err)) return subcommands.ExitFailure } + if err := eg.Wait(); err != nil { + slog.Error("failed to wait errgroup") + return subcommands.ExitFailure + } + return subcommands.ExitSuccess } From 9ef3ddb647571c254dbf0af498efce22b1d629b8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 15:23:00 +0900 Subject: [PATCH 0380/1209] add Signed-off-by: walnuts1018 --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 9b486de5b..c5ba6af4d 100644 --- a/Makefile +++ b/Makefile @@ -8,16 +8,16 @@ namespace: build-infrautil $(INFRAUTIL) namespace -d ./k8s/apps -o ./k8s/namespaces/namespaces.json5 .PHONY: snapshot -snapshot: +snapshot: build-infrautil make app-snapshot make helm-snapshot .PHONY: app-snapshot -app-snapshot: build-infrautil +app-snapshot: $(INFRAUTIL) snapshot -d ./k8s/apps -o ./k8s/snapshots/apps .PHONY: helm-snapshot -helm-snapshot: build-infrautil +helm-snapshot: $(INFRAUTIL) helm-snapshot -d ./k8s/snapshots/apps -o ./k8s/snapshots/helm .PHONY: terraform From 15f5add62ffdeac4f76e292e9750d7ed11dcd248 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 15:25:37 +0900 Subject: [PATCH 0381/1209] add Signed-off-by: walnuts1018 --- terraform/modules/minio/minio.tf | 4 ---- terraform/modules/minio/misskey.tf | 31 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 terraform/modules/minio/misskey.tf diff --git a/terraform/modules/minio/minio.tf b/terraform/modules/minio/minio.tf index a7a7f3904..cab7bcc74 100644 --- a/terraform/modules/minio/minio.tf +++ b/terraform/modules/minio/minio.tf @@ -29,7 +29,3 @@ resource "aws_s3_bucket" "mpeg-dash-encoder-source-upload" { resource "aws_s3_bucket" "mpeg-dash-encoder-output" { bucket = format("mpeg-dash-encoder-output%s", var.bucket_name_suffix) } - -resource "aws_s3_bucket" "misskey" { - bucket = format("misskey%s", var.bucket_name_suffix) -} diff --git a/terraform/modules/minio/misskey.tf b/terraform/modules/minio/misskey.tf new file mode 100644 index 000000000..7f02b236c --- /dev/null +++ b/terraform/modules/minio/misskey.tf @@ -0,0 +1,31 @@ +resource "aws_s3_bucket" "misskey" { + bucket = format("misskey%s", var.bucket_name_suffix) +} + +resource "aws_s3_bucket_policy" "misskey" { + bucket = aws_s3_bucket.misskey.bucket + policy = data.aws_iam_policy_document.misskey.json +} + +data "aws_iam_policy_document" "misskey" { + version = "2012-10-17" + statement { + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["s3:GetBucketLocation", "s3:ListBucket"] + resources = [aws_s3_bucket.misskey.arn] + } + + statement { + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["s3:GetObject"] + resources = ["${aws_s3_bucket.misskey.arn}/*"] + } +} From e2af94de1fee3e81e8053086052a528cc96f6214 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 15:28:44 +0900 Subject: [PATCH 0382/1209] add Signed-off-by: walnuts1018 --- terraform/modules/minio/loki-admin.tf | 3 +++ terraform/modules/minio/loki-chunks.tf | 3 +++ terraform/modules/minio/minio.tf | 8 -------- 3 files changed, 6 insertions(+), 8 deletions(-) create mode 100644 terraform/modules/minio/loki-admin.tf create mode 100644 terraform/modules/minio/loki-chunks.tf diff --git a/terraform/modules/minio/loki-admin.tf b/terraform/modules/minio/loki-admin.tf new file mode 100644 index 000000000..3ea9aa450 --- /dev/null +++ b/terraform/modules/minio/loki-admin.tf @@ -0,0 +1,3 @@ +resource "aws_s3_bucket" "loki-admin" { + bucket = format("loki-admin%s", var.bucket_name_suffix) +} diff --git a/terraform/modules/minio/loki-chunks.tf b/terraform/modules/minio/loki-chunks.tf new file mode 100644 index 000000000..a9e4efdec --- /dev/null +++ b/terraform/modules/minio/loki-chunks.tf @@ -0,0 +1,3 @@ +resource "aws_s3_bucket" "loki-chunks" { + bucket = format("loki-chunks%s", var.bucket_name_suffix) +} diff --git a/terraform/modules/minio/minio.tf b/terraform/modules/minio/minio.tf index cab7bcc74..f8117ac2d 100644 --- a/terraform/modules/minio/minio.tf +++ b/terraform/modules/minio/minio.tf @@ -1,11 +1,3 @@ -resource "aws_s3_bucket" "loki-admin" { - bucket = format("loki-admin%s", var.bucket_name_suffix) -} - -resource "aws_s3_bucket" "loki-chunks" { - bucket = format("loki-chunks%s", var.bucket_name_suffix) -} - resource "aws_s3_bucket" "loki-ruler" { bucket = format("loki-ruler%s", var.bucket_name_suffix) } From 8fd0c89d28242e2d427ce657625a2fa828077107 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 17:06:26 +0900 Subject: [PATCH 0383/1209] add Signed-off-by: walnuts1018 --- Makefile | 26 +++++-- terraform/kurumi/.terraform.lock.hcl | 23 ++++++ terraform/kurumi/cloudflare.tf | 61 ++++++++++++++++ terraform/kurumi/main.tf | 69 +++++------------- terraform/kurumi/minio.tf | 45 ++++++++++++ terraform/kurumi/zitadel.tf | 14 ++++ terraform/modules/cloudflare/.gitignore | 1 + .../modules/cloudflare/bot_management.tf | 6 ++ terraform/modules/cloudflare/dns_records.tf | 72 +++++++++++++++++++ terraform/modules/cloudflare/provider.tf | 23 ++++++ terraform/modules/cloudflare/ruleset.tf | 60 ++++++++++++++++ terraform/modules/cloudflare/zone.tf | 7 ++ terraform/modules/minio/tf-state.tf | 3 + 13 files changed, 354 insertions(+), 56 deletions(-) create mode 100644 terraform/kurumi/cloudflare.tf create mode 100644 terraform/kurumi/minio.tf create mode 100644 terraform/kurumi/zitadel.tf create mode 100644 terraform/modules/cloudflare/.gitignore create mode 100644 terraform/modules/cloudflare/bot_management.tf create mode 100644 terraform/modules/cloudflare/dns_records.tf create mode 100644 terraform/modules/cloudflare/provider.tf create mode 100644 terraform/modules/cloudflare/ruleset.tf create mode 100644 terraform/modules/cloudflare/zone.tf create mode 100644 terraform/modules/minio/tf-state.tf diff --git a/Makefile b/Makefile index c5ba6af4d..9cdd6ccdd 100644 --- a/Makefile +++ b/Makefile @@ -22,12 +22,28 @@ helm-snapshot: .PHONY: terraform terraform: - $(eval SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal)) - kubectl port-forward -n zitadel services/zitadel 8080:8080 & + make terraform-setup + make terraform-plan + make terraform-apply + +.PHONY: terraform-setup +terraform-setup: kubectl port-forward -n minio services/minio 9000:9000 & - terraform -chdir=".\terraform\kurumi" init -upgrade - terraform -chdir=".\terraform\kurumi" plan -var="minio_secret_key=$(SECRET_KEY)" - terraform -chdir=".\terraform\kurumi" apply -var="minio_secret_key=$(SECRET_KEY)" -auto-approve + + $(eval MINIO_SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal)) + terraform -chdir=".\terraform\kurumi" init -upgrade -backend-config="secret_key=$(MINIO_SECRET_KEY)" + +.PHONY: terraform-plan +terraform-plan: + $(eval MINIO_SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal)) + $(eval CLOUDFLARE_API_TOKEN := $(shell op item get cloudflare --field terraform-api-token --reveal)) + terraform -chdir=".\terraform\kurumi" plan -var="minio_secret_key=$(MINIO_SECRET_KEY)" -var="cloudflare_api_token=$(CLOUDFLARE_API_TOKEN)" + +.PHONY: terraform-apply +terraform-apply: + $(eval MINIO_SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal)) + $(eval CLOUDFLARE_API_TOKEN := $(shell op item get cloudflare --field terraform-api-token --reveal)) + terraform -chdir=".\terraform\kurumi" apply -var="minio_secret_key=$(MINIO_SECRET_KEY)" -var="cloudflare_api_token=$(CLOUDFLARE_API_TOKEN)" -auto-approve .PHONY: aquq aquq: diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 37c932a27..759c38eb8 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -1,6 +1,29 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/cloudflare/cloudflare" { + version = "4.46.0" + constraints = "4.46.0" + hashes = [ + "h1:t2IQYNu8YNykqYlEB+TTX+XpUd5z2flwGw8km9UgbnQ=", + "zh:2ee426ef3389022db0026792fdc4f2980dcf2600e31adf5a31b4bddfa8d68343", + "zh:2f993edb23df55dc1c18150fa187d80aa7d87e6439698ee34b6a6aad23ac2dd7", + "zh:3d6601333975e55979b1b454e50ff9a482ce4e0269dd6c72a50202163a8f4463", + "zh:4e5f48dce22f7a6d618018d65d1d443bb718defa23f514d5c6385860541fbe79", + "zh:5ebf5aea960fc30de381ffd6db20876d249673cf938fe67f1dfb6b9caa1db418", + "zh:80ed3fb901141f53b4b56ddb7eea5f2e0c0830d501387539d2c2b8e0cc7e587a", + "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", + "zh:9aeae8b3be4a577ced46987fd9159262c5b4c54a510f66592fbcdb40fef55b10", + "zh:a0479ef2d308c4a7894f1fe77467cd07e04c7b40d281088f4f204af1bdf94ac6", + "zh:a2bdc0c25130665af0b9559942b9813a1ba4889513e7185d4abc9c02e9bb99bd", + "zh:b10be9755fe80395ced6f0bbda38b8c8681714cf1eca1d895be239c75c2ffc2a", + "zh:ba3d55e722d9f48646574ce7c448f0084fe21fa884b5f8b6d6146a82a99c4baa", + "zh:ec1fd0ecaedc787a77d5342b51ae8dea8362a67f1e19123f6521a0e8e012d9e8", + "zh:ed49590e69faef14550179f965b4451b31415b8f6be6d33427ad48f65c76b6cf", + "zh:f4baa3a2dac719ad20dcfa525bc3f737ad95650b8d0de0c648dc9a87f993b2c3", + ] +} + provider "registry.terraform.io/hashicorp/aws" { version = "5.78.0" constraints = "~> 5.78.0" diff --git a/terraform/kurumi/cloudflare.tf b/terraform/kurumi/cloudflare.tf new file mode 100644 index 000000000..41297cd48 --- /dev/null +++ b/terraform/kurumi/cloudflare.tf @@ -0,0 +1,61 @@ +module "cloudflare" { + source = "../modules/cloudflare" + cloudflare_api_token = var.cloudflare_api_token + zone_id = "48b02398c8bc932f4d0b1dba83de196c" + account_id = "38b5eab012d216dfcc52dcd69e7764b5" +} + +import { + to = module.cloudflare.cloudflare_record.samba + id = "48b02398c8bc932f4d0b1dba83de196c/d115f6a6190de99c996d739c34d2a80d" +} + +import { + to = module.cloudflare.cloudflare_record.resend_mx + id = "48b02398c8bc932f4d0b1dba83de196c/8fece9f2d3a7f0070b77c2c3101c645d" +} + +import { + to = module.cloudflare.cloudflare_record.terraform_managed_resource_3bcba7bd4b61fd21dbbf52d7164dd740 + id = "48b02398c8bc932f4d0b1dba83de196c/3bcba7bd4b61fd21dbbf52d7164dd740" +} + +import { + to = module.cloudflare.cloudflare_record.terraform_managed_resource_52809b82fc5e93f5d20192f93b74f884 + id = "48b02398c8bc932f4d0b1dba83de196c/52809b82fc5e93f5d20192f93b74f884" +} + +import { + to = module.cloudflare.cloudflare_record.terraform_managed_resource_7fcb19b7bea399e699d5f6af4fd265f7 + id = "48b02398c8bc932f4d0b1dba83de196c/7fcb19b7bea399e699d5f6af4fd265f7" +} + +import { + to = module.cloudflare.cloudflare_record.terraform_managed_resource_b3aa52624d17e28a78c729cd51533e1b + id = "48b02398c8bc932f4d0b1dba83de196c/b3aa52624d17e28a78c729cd51533e1b" +} + +import { + to = module.cloudflare.cloudflare_record.terraform_managed_resource_cb6d40bd779430bc5c123e3c6120cacc + id = "48b02398c8bc932f4d0b1dba83de196c/cb6d40bd779430bc5c123e3c6120cacc" +} + +import { + to = module.cloudflare.cloudflare_record.terraform_managed_resource_a95a9a38f2f9db38790102b666d980b3 + id = "48b02398c8bc932f4d0b1dba83de196c/a95a9a38f2f9db38790102b666d980b3" +} + +import { + to = module.cloudflare.cloudflare_zone.walnuts_dev + id = "48b02398c8bc932f4d0b1dba83de196c" +} + +import { + to = module.cloudflare.cloudflare_ruleset.terraform_managed_resource_d3a7c2d6242d41068be770b71e25b365 + id = "zone/48b02398c8bc932f4d0b1dba83de196c/d3a7c2d6242d41068be770b71e25b365" +} + +import { + to = module.cloudflare.cloudflare_ruleset.terraform_managed_resource_304092e7f9904942998f39441eb19203 + id = "zone/48b02398c8bc932f4d0b1dba83de196c/304092e7f9904942998f39441eb19203" +} diff --git a/terraform/kurumi/main.tf b/terraform/kurumi/main.tf index 30bc4402f..05b01d1d4 100644 --- a/terraform/kurumi/main.tf +++ b/terraform/kurumi/main.tf @@ -2,59 +2,26 @@ variable "minio_secret_key" { type = string } -module "minio" { - source = "../modules/minio" - bucket_name_suffix = "" - minio_access_key = "F1QPgAWk6bhvSrNjYPMS" - minio_secret_key = var.minio_secret_key +variable "cloudflare_api_token" { + type = string } -import { - id = "loki-admin" - to = module.minio.aws_s3_bucket.loki-admin -} - -import { - id = "loki-chunks" - to = module.minio.aws_s3_bucket.loki-chunks -} +terraform { + backend "s3" { + endpoints = { + s3 = "http://localhost:9000" + } + bucket = "tf-state" + key = "kurumi/terraform.tfstate" + region = "us-east-1" -import { - id = "loki-ruler" - to = module.minio.aws_s3_bucket.loki-ruler -} + access_key = "F1QPgAWk6bhvSrNjYPMS" + # secret_key = "Vu9G6cKC7f41XrTIZURAoIhCpwkZwiBatluSPSZ4" -import { - id = "oekaki-dengon-game" - to = module.minio.aws_s3_bucket.oekaki-dengon-game + skip_credentials_validation = true + skip_requesting_account_id = true + skip_metadata_api_check = true + skip_s3_checksum = true + use_path_style = true + } } - -import { - id = "mucaron" - to = module.minio.aws_s3_bucket.mucaron -} - -import { - id = "tempo" - to = module.minio.aws_s3_bucket.tempo -} - -import { - id = "zalando-backup" - to = module.minio.aws_s3_bucket.zalando-backup -} - -# module "zitadel" { -# source = "../modules/zitadel" -# jwt_profile_file_path = "zitadel.token" -# } - -# import { -# id = "237477062321897835" -# to = module.zitadel.zitadel_org.ZITADEL -# } - -# import { -# id = "237477822715658605" -# to = module.zitadel.zitadel_project.default -# } diff --git a/terraform/kurumi/minio.tf b/terraform/kurumi/minio.tf new file mode 100644 index 000000000..55463953e --- /dev/null +++ b/terraform/kurumi/minio.tf @@ -0,0 +1,45 @@ +locals { + minio_access_key = "F1QPgAWk6bhvSrNjYPMS" +} + +module "minio" { + source = "../modules/minio" + bucket_name_suffix = "" + minio_access_key = local.minio_access_key + minio_secret_key = var.minio_secret_key +} + +import { + id = "loki-admin" + to = module.minio.aws_s3_bucket.loki-admin +} + +import { + id = "loki-chunks" + to = module.minio.aws_s3_bucket.loki-chunks +} + +import { + id = "loki-ruler" + to = module.minio.aws_s3_bucket.loki-ruler +} + +import { + id = "oekaki-dengon-game" + to = module.minio.aws_s3_bucket.oekaki-dengon-game +} + +import { + id = "mucaron" + to = module.minio.aws_s3_bucket.mucaron +} + +import { + id = "tempo" + to = module.minio.aws_s3_bucket.tempo +} + +import { + id = "zalando-backup" + to = module.minio.aws_s3_bucket.zalando-backup +} diff --git a/terraform/kurumi/zitadel.tf b/terraform/kurumi/zitadel.tf new file mode 100644 index 000000000..936ad3c8d --- /dev/null +++ b/terraform/kurumi/zitadel.tf @@ -0,0 +1,14 @@ +# module "zitadel" { +# source = "../modules/zitadel" +# jwt_profile_file_path = "zitadel.token" +# } + +# import { +# id = "237477062321897835" +# to = module.zitadel.zitadel_org.ZITADEL +# } + +# import { +# id = "237477822715658605" +# to = module.zitadel.zitadel_project.default +# } diff --git a/terraform/modules/cloudflare/.gitignore b/terraform/modules/cloudflare/.gitignore new file mode 100644 index 000000000..3fec32c84 --- /dev/null +++ b/terraform/modules/cloudflare/.gitignore @@ -0,0 +1 @@ +tmp/ diff --git a/terraform/modules/cloudflare/bot_management.tf b/terraform/modules/cloudflare/bot_management.tf new file mode 100644 index 000000000..7ad68fc98 --- /dev/null +++ b/terraform/modules/cloudflare/bot_management.tf @@ -0,0 +1,6 @@ +resource "cloudflare_bot_management" "terraform_managed_resource_48b02398c8bc932f4d0b1dba83de196c" { + ai_bots_protection = "disabled" + enable_js = false + fight_mode = false + zone_id = var.zone_id +} diff --git a/terraform/modules/cloudflare/dns_records.tf b/terraform/modules/cloudflare/dns_records.tf new file mode 100644 index 000000000..a33825d45 --- /dev/null +++ b/terraform/modules/cloudflare/dns_records.tf @@ -0,0 +1,72 @@ +resource "cloudflare_record" "samba" { + content = "192.168.0.132" + name = "samba" + proxied = false + ttl = 1 + type = "A" + zone_id = var.zone_id +} + +resource "cloudflare_record" "resend_mx" { + content = "feedback-smtp.us-east-1.amazonses.com" + name = "send.resend" + priority = 10 + proxied = false + ttl = 1 + type = "MX" + zone_id = var.zone_id +} + +resource "cloudflare_record" "terraform_managed_resource_3bcba7bd4b61fd21dbbf52d7164dd740" { + content = "\"v=DMARC1; p=none; rua=mailto:5e9239fe52ad41fd850bd72545e1e484@dmarc-reports.cloudflare.net;\"" + name = "_dmarc" + proxied = false + ttl = 1 + type = "TXT" + zone_id = var.zone_id +} + +resource "cloudflare_record" "terraform_managed_resource_52809b82fc5e93f5d20192f93b74f884" { + content = "\"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUe5ntBGI0Xnq8SBPdRqtCD7ZFiI39jCB9NbSOatnYw8MufwpaLPBTMwKdPKKWx+w9Ytv8LRQo1hbj6vGfjPq5mZ1wJPcA6YontVaVpXrL933pb9FYDCzoS3apPsQe3aYsRYA/vjvp6IU19PTVq4NTnX9SFUHK5i7eD8qUlevpvwIDAQAB\"" + name = "resend._domainkey.resend" + proxied = false + ttl = 1 + type = "TXT" + zone_id = var.zone_id +} + +resource "cloudflare_record" "terraform_managed_resource_7fcb19b7bea399e699d5f6af4fd265f7" { + content = "\"v=spf1 include:amazonses.com ~all\"" + name = "send.resend" + proxied = false + ttl = 1 + type = "TXT" + zone_id = var.zone_id +} + +resource "cloudflare_record" "terraform_managed_resource_b3aa52624d17e28a78c729cd51533e1b" { + content = "\"v=spf1 include:_spf.mx.cloudflare.net ~all\"" + name = "walnuts.dev" + proxied = false + ttl = 1 + type = "TXT" + zone_id = var.zone_id +} + +resource "cloudflare_record" "terraform_managed_resource_cb6d40bd779430bc5c123e3c6120cacc" { + content = "\"keybase-site-verification=CkunNoJNOAwbF99otCunfL3q8pI-kjr-VYLMUQYPz80\"" + name = "walnuts.dev" + proxied = false + ttl = 1 + type = "TXT" + zone_id = var.zone_id +} + +resource "cloudflare_record" "terraform_managed_resource_a95a9a38f2f9db38790102b666d980b3" { + content = "\"google-site-verification=Wjs9Wr9Jf_kvXEiGrailsCoTttvnsrZJGc-gXEbKq3E\"" + name = "walnuts.dev" + proxied = false + ttl = 3600 + type = "TXT" + zone_id = var.zone_id +} diff --git a/terraform/modules/cloudflare/provider.tf b/terraform/modules/cloudflare/provider.tf new file mode 100644 index 000000000..95fb9ceba --- /dev/null +++ b/terraform/modules/cloudflare/provider.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "4.46.0" + } + } +} + +variable "cloudflare_api_token" { + type = string +} + +provider "cloudflare" { + api_token = var.cloudflare_api_token +} + +variable "zone_id" { + type = string +} +variable "account_id" { + type = string +} diff --git a/terraform/modules/cloudflare/ruleset.tf b/terraform/modules/cloudflare/ruleset.tf new file mode 100644 index 000000000..73215e651 --- /dev/null +++ b/terraform/modules/cloudflare/ruleset.tf @@ -0,0 +1,60 @@ +resource "cloudflare_ruleset" "terraform_managed_resource_304092e7f9904942998f39441eb19203" { + kind = "zone" + name = "default" + phase = "http_config_settings" + zone_id = var.zone_id + rules { + action = "set_config" + description = "disable Rocket Loader" + enabled = true + expression = "(http.host eq \"hedgedoc.walnuts.dev\")" + ref = "9c1ef58603494a50af7855c3263e6bdf" + + action_parameters { + rocket_loader = false + } + } +} + +resource "cloudflare_ruleset" "terraform_managed_resource_d3a7c2d6242d41068be770b71e25b365" { + kind = "zone" + name = "default" + phase = "http_request_cache_settings" + zone_id = var.zone_id + + rules { + action = "set_cache_settings" + description = "walnuts.dev" + enabled = true + expression = "(http.host eq \"walnuts.dev\")" + ref = "02afb6686434455195ad5e1d630a099d" + + action_parameters { + cache = true + } + } + + rules { + action = "set_cache_settings" + description = "misskey" + enabled = true + expression = "(http.host eq \"misskey.walnuts.dev\" and starts_with(http.request.uri, \"/api/\"))" + ref = "e6dbe87b1b2b483db3df88b5576deb03" + + action_parameters { + cache = false + } + } + rules { + action = "set_cache_settings" + description = "minio" + enabled = true + expression = "(http.host wildcard \"minio.walnuts.dev\")" + ref = "9f4de8f107314fbe8058a07b62e1ffcd" + + action_parameters { + cache = false + } + } + +} diff --git a/terraform/modules/cloudflare/zone.tf b/terraform/modules/cloudflare/zone.tf new file mode 100644 index 000000000..73ed97a0b --- /dev/null +++ b/terraform/modules/cloudflare/zone.tf @@ -0,0 +1,7 @@ +resource "cloudflare_zone" "walnuts_dev" { + account_id = var.account_id + paused = false + plan = "free" + type = "full" + zone = "walnuts.dev" +} diff --git a/terraform/modules/minio/tf-state.tf b/terraform/modules/minio/tf-state.tf new file mode 100644 index 000000000..79ff713b5 --- /dev/null +++ b/terraform/modules/minio/tf-state.tf @@ -0,0 +1,3 @@ +resource "aws_s3_bucket" "tf-state" { + bucket = format("tf-state%s", var.bucket_name_suffix) +} From 078a38b818c5f400be9bab2d6d0965b78607addd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2024 08:07:09 +0000 Subject: [PATCH 0384/1209] chore(deps): update terraform cloudflare to v4.47.0 --- terraform/modules/cloudflare/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/cloudflare/provider.tf b/terraform/modules/cloudflare/provider.tf index 95fb9ceba..ece8d3209 100644 --- a/terraform/modules/cloudflare/provider.tf +++ b/terraform/modules/cloudflare/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "4.46.0" + version = "4.47.0" } } } From 20b97cc212994609b609d199cd3f4c748a3dac67 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 17:12:23 +0900 Subject: [PATCH 0385/1209] roll Signed-off-by: walnuts1018 --- terraform/kurumi/main.tf | 3 +-- terraform/kurumi/minio.tf | 2 +- terraform/modules/cloudflare/dns_zone_dnssec.tf | 5 +++++ 3 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 terraform/modules/cloudflare/dns_zone_dnssec.tf diff --git a/terraform/kurumi/main.tf b/terraform/kurumi/main.tf index 05b01d1d4..4eee14e00 100644 --- a/terraform/kurumi/main.tf +++ b/terraform/kurumi/main.tf @@ -15,8 +15,7 @@ terraform { key = "kurumi/terraform.tfstate" region = "us-east-1" - access_key = "F1QPgAWk6bhvSrNjYPMS" - # secret_key = "Vu9G6cKC7f41XrTIZURAoIhCpwkZwiBatluSPSZ4" + access_key = "L2thlqrcs0RnPD6YP61w" skip_credentials_validation = true skip_requesting_account_id = true diff --git a/terraform/kurumi/minio.tf b/terraform/kurumi/minio.tf index 55463953e..12e8283fa 100644 --- a/terraform/kurumi/minio.tf +++ b/terraform/kurumi/minio.tf @@ -1,5 +1,5 @@ locals { - minio_access_key = "F1QPgAWk6bhvSrNjYPMS" + minio_access_key = "L2thlqrcs0RnPD6YP61w" } module "minio" { diff --git a/terraform/modules/cloudflare/dns_zone_dnssec.tf b/terraform/modules/cloudflare/dns_zone_dnssec.tf new file mode 100644 index 000000000..208c54898 --- /dev/null +++ b/terraform/modules/cloudflare/dns_zone_dnssec.tf @@ -0,0 +1,5 @@ +resource "cloudflare_dns_zone_dnssec" "walnuts_dev" { + zone_id = cloudflare_zone.walnuts_dev.id + dnssec_multi_signer = false + +} From 7cb4be09d36d75f725763b464265f4c564b9cb62 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 1 Dec 2024 17:43:46 +0900 Subject: [PATCH 0386/1209] add Signed-off-by: walnuts1018 --- Makefile | 2 +- terraform/kurumi/.terraform.lock.hcl | 34 +++++++------- terraform/kurumi/cloudflare.tf | 45 ++++++++++++------- terraform/modules/cloudflare/account.tf | 4 ++ .../modules/cloudflare/bot_management.tf | 4 +- terraform/modules/cloudflare/dns_records.tf | 16 +++---- .../modules/cloudflare/dns_zone_dnssec.tf | 5 --- terraform/modules/cloudflare/provider.tf | 7 --- terraform/modules/cloudflare/ruleset.tf | 4 +- terraform/modules/cloudflare/zone.tf | 2 +- terraform/modules/cloudflare/zone_dnssec.tf | 3 ++ 11 files changed, 67 insertions(+), 59 deletions(-) create mode 100644 terraform/modules/cloudflare/account.tf delete mode 100644 terraform/modules/cloudflare/dns_zone_dnssec.tf create mode 100644 terraform/modules/cloudflare/zone_dnssec.tf diff --git a/Makefile b/Makefile index 9cdd6ccdd..2de4ad65e 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,7 @@ terraform-setup: kubectl port-forward -n minio services/minio 9000:9000 & $(eval MINIO_SECRET_KEY := $(shell op item get minio-default-secret-key --field secret_key --reveal)) - terraform -chdir=".\terraform\kurumi" init -upgrade -backend-config="secret_key=$(MINIO_SECRET_KEY)" + terraform -chdir=".\terraform\kurumi" init -upgrade -backend-config="secret_key=$(MINIO_SECRET_KEY)" -migrate-state .PHONY: terraform-plan terraform-plan: diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 759c38eb8..875640089 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/cloudflare/cloudflare" { - version = "4.46.0" - constraints = "4.46.0" + version = "4.47.0" + constraints = "4.47.0" hashes = [ - "h1:t2IQYNu8YNykqYlEB+TTX+XpUd5z2flwGw8km9UgbnQ=", - "zh:2ee426ef3389022db0026792fdc4f2980dcf2600e31adf5a31b4bddfa8d68343", - "zh:2f993edb23df55dc1c18150fa187d80aa7d87e6439698ee34b6a6aad23ac2dd7", - "zh:3d6601333975e55979b1b454e50ff9a482ce4e0269dd6c72a50202163a8f4463", - "zh:4e5f48dce22f7a6d618018d65d1d443bb718defa23f514d5c6385860541fbe79", - "zh:5ebf5aea960fc30de381ffd6db20876d249673cf938fe67f1dfb6b9caa1db418", - "zh:80ed3fb901141f53b4b56ddb7eea5f2e0c0830d501387539d2c2b8e0cc7e587a", + "h1:Im2G7kUnZj6GWzsJEUL6cNOtlTa7A0DCuBOouiiJWTE=", + "zh:1df6a36bad08e95518987a15584e535a1dad5fa0ee6e067c0c39d709a285f6b9", + "zh:20dce2a63f24f571f4d52d3217811d71e8d21f149f751d5972ec19200674638a", + "zh:6571aeeb61d4a27b4210a1979028119a1905e162b0c3845e7b549d6e0a08c36d", + "zh:87ec7ebe65c8884e174999c22970e2f28b0da4e0f65bdc92db051eb3dd649f78", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:9aeae8b3be4a577ced46987fd9159262c5b4c54a510f66592fbcdb40fef55b10", - "zh:a0479ef2d308c4a7894f1fe77467cd07e04c7b40d281088f4f204af1bdf94ac6", - "zh:a2bdc0c25130665af0b9559942b9813a1ba4889513e7185d4abc9c02e9bb99bd", - "zh:b10be9755fe80395ced6f0bbda38b8c8681714cf1eca1d895be239c75c2ffc2a", - "zh:ba3d55e722d9f48646574ce7c448f0084fe21fa884b5f8b6d6146a82a99c4baa", - "zh:ec1fd0ecaedc787a77d5342b51ae8dea8362a67f1e19123f6521a0e8e012d9e8", - "zh:ed49590e69faef14550179f965b4451b31415b8f6be6d33427ad48f65c76b6cf", - "zh:f4baa3a2dac719ad20dcfa525bc3f737ad95650b8d0de0c648dc9a87f993b2c3", + "zh:a20d1c0865a9443ada90ab7c83bd8605024452cf1e9f3b2ed2efcf06221b7835", + "zh:a5a5a91f658029ae3bb0414643ca09bd6a98a1980e197a9eb2ea4ba96a190d88", + "zh:b12623a85840821c465b87b1d65542f8f4a77079afef0ad2cc102a9f6eb4045c", + "zh:b83ac4f0b81aee32b3670f5870245172741bb86b153623da687d3c45ec9c1af9", + "zh:bb1ad4fcb949b12e5b40a21e65963ff64e20e72ab4c87a3ec91306b440a2cf35", + "zh:cb5a8bc24444a9d8f536b5acb7f6346f12c03e23539b183cb370f4876992360f", + "zh:ce6cc02ac4fc8cdf48a64254fdb0ea859b5b48e7fc08c7f1fcb8e9364ed32434", + "zh:e44643c86d38799991f5eb2378c00ca4738ec0f21dd64536dadffd71a337d778", + "zh:e5024d6792fcaa974b5f294399eea9b9c7d3d5d228423e71941994858a20c58f", + "zh:f9b18d0443487e30e0f3b83e311f17c85d184dc9f55b3f9b31332e815c41745a", ] } diff --git a/terraform/kurumi/cloudflare.tf b/terraform/kurumi/cloudflare.tf index 41297cd48..5c2fe491e 100644 --- a/terraform/kurumi/cloudflare.tf +++ b/terraform/kurumi/cloudflare.tf @@ -1,61 +1,74 @@ module "cloudflare" { source = "../modules/cloudflare" cloudflare_api_token = var.cloudflare_api_token - zone_id = "48b02398c8bc932f4d0b1dba83de196c" +} + +locals { account_id = "38b5eab012d216dfcc52dcd69e7764b5" + zone_id = "48b02398c8bc932f4d0b1dba83de196c" +} + +import { + to = module.cloudflare.cloudflare_account.walnuts1018 + id = local.account_id +} + +import { + to = module.cloudflare.cloudflare_zone.walnuts_dev + id = local.zone_id +} + +import { + to = module.cloudflare.cloudflare_zone_dnssec.walnuts_dev + id = local.zone_id } import { to = module.cloudflare.cloudflare_record.samba - id = "48b02398c8bc932f4d0b1dba83de196c/d115f6a6190de99c996d739c34d2a80d" + id = format("%s/%s", local.zone_id, "d115f6a6190de99c996d739c34d2a80d") } import { to = module.cloudflare.cloudflare_record.resend_mx - id = "48b02398c8bc932f4d0b1dba83de196c/8fece9f2d3a7f0070b77c2c3101c645d" + id = format("%s/%s", local.zone_id, "8fece9f2d3a7f0070b77c2c3101c645d") } import { to = module.cloudflare.cloudflare_record.terraform_managed_resource_3bcba7bd4b61fd21dbbf52d7164dd740 - id = "48b02398c8bc932f4d0b1dba83de196c/3bcba7bd4b61fd21dbbf52d7164dd740" + id = format("%s/%s", local.zone_id, "3bcba7bd4b61fd21dbbf52d7164dd740") } import { to = module.cloudflare.cloudflare_record.terraform_managed_resource_52809b82fc5e93f5d20192f93b74f884 - id = "48b02398c8bc932f4d0b1dba83de196c/52809b82fc5e93f5d20192f93b74f884" + id = format("%s/%s", local.zone_id, "52809b82fc5e93f5d20192f93b74f884") } import { to = module.cloudflare.cloudflare_record.terraform_managed_resource_7fcb19b7bea399e699d5f6af4fd265f7 - id = "48b02398c8bc932f4d0b1dba83de196c/7fcb19b7bea399e699d5f6af4fd265f7" + id = format("%s/%s", local.zone_id, "7fcb19b7bea399e699d5f6af4fd265f7") } import { to = module.cloudflare.cloudflare_record.terraform_managed_resource_b3aa52624d17e28a78c729cd51533e1b - id = "48b02398c8bc932f4d0b1dba83de196c/b3aa52624d17e28a78c729cd51533e1b" + id = format("%s/%s", local.zone_id, "b3aa52624d17e28a78c729cd51533e1b") } import { to = module.cloudflare.cloudflare_record.terraform_managed_resource_cb6d40bd779430bc5c123e3c6120cacc - id = "48b02398c8bc932f4d0b1dba83de196c/cb6d40bd779430bc5c123e3c6120cacc" + id = format("%s/%s", local.zone_id, "cb6d40bd779430bc5c123e3c6120cacc") } import { to = module.cloudflare.cloudflare_record.terraform_managed_resource_a95a9a38f2f9db38790102b666d980b3 - id = "48b02398c8bc932f4d0b1dba83de196c/a95a9a38f2f9db38790102b666d980b3" -} - -import { - to = module.cloudflare.cloudflare_zone.walnuts_dev - id = "48b02398c8bc932f4d0b1dba83de196c" + id = format("%s/%s", local.zone_id, "a95a9a38f2f9db38790102b666d980b3") } import { to = module.cloudflare.cloudflare_ruleset.terraform_managed_resource_d3a7c2d6242d41068be770b71e25b365 - id = "zone/48b02398c8bc932f4d0b1dba83de196c/d3a7c2d6242d41068be770b71e25b365" + id = format("zone/%s/%s", local.zone_id, "d3a7c2d6242d41068be770b71e25b365") } import { to = module.cloudflare.cloudflare_ruleset.terraform_managed_resource_304092e7f9904942998f39441eb19203 - id = "zone/48b02398c8bc932f4d0b1dba83de196c/304092e7f9904942998f39441eb19203" + id = format("zone/%s/%s", local.zone_id, "304092e7f9904942998f39441eb19203") } diff --git a/terraform/modules/cloudflare/account.tf b/terraform/modules/cloudflare/account.tf new file mode 100644 index 000000000..63c80c256 --- /dev/null +++ b/terraform/modules/cloudflare/account.tf @@ -0,0 +1,4 @@ +resource "cloudflare_account" "walnuts1018" { + name = "walnuts1018" + type = "standard" +} diff --git a/terraform/modules/cloudflare/bot_management.tf b/terraform/modules/cloudflare/bot_management.tf index 7ad68fc98..4a0c7f4e4 100644 --- a/terraform/modules/cloudflare/bot_management.tf +++ b/terraform/modules/cloudflare/bot_management.tf @@ -1,6 +1,6 @@ resource "cloudflare_bot_management" "terraform_managed_resource_48b02398c8bc932f4d0b1dba83de196c" { - ai_bots_protection = "disabled" + ai_bots_protection = "block" enable_js = false fight_mode = false - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } diff --git a/terraform/modules/cloudflare/dns_records.tf b/terraform/modules/cloudflare/dns_records.tf index a33825d45..235ee157a 100644 --- a/terraform/modules/cloudflare/dns_records.tf +++ b/terraform/modules/cloudflare/dns_records.tf @@ -4,7 +4,7 @@ resource "cloudflare_record" "samba" { proxied = false ttl = 1 type = "A" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } resource "cloudflare_record" "resend_mx" { @@ -14,7 +14,7 @@ resource "cloudflare_record" "resend_mx" { proxied = false ttl = 1 type = "MX" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } resource "cloudflare_record" "terraform_managed_resource_3bcba7bd4b61fd21dbbf52d7164dd740" { @@ -23,7 +23,7 @@ resource "cloudflare_record" "terraform_managed_resource_3bcba7bd4b61fd21dbbf52d proxied = false ttl = 1 type = "TXT" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } resource "cloudflare_record" "terraform_managed_resource_52809b82fc5e93f5d20192f93b74f884" { @@ -32,7 +32,7 @@ resource "cloudflare_record" "terraform_managed_resource_52809b82fc5e93f5d20192f proxied = false ttl = 1 type = "TXT" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } resource "cloudflare_record" "terraform_managed_resource_7fcb19b7bea399e699d5f6af4fd265f7" { @@ -41,7 +41,7 @@ resource "cloudflare_record" "terraform_managed_resource_7fcb19b7bea399e699d5f6a proxied = false ttl = 1 type = "TXT" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } resource "cloudflare_record" "terraform_managed_resource_b3aa52624d17e28a78c729cd51533e1b" { @@ -50,7 +50,7 @@ resource "cloudflare_record" "terraform_managed_resource_b3aa52624d17e28a78c729c proxied = false ttl = 1 type = "TXT" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } resource "cloudflare_record" "terraform_managed_resource_cb6d40bd779430bc5c123e3c6120cacc" { @@ -59,7 +59,7 @@ resource "cloudflare_record" "terraform_managed_resource_cb6d40bd779430bc5c123e3 proxied = false ttl = 1 type = "TXT" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } resource "cloudflare_record" "terraform_managed_resource_a95a9a38f2f9db38790102b666d980b3" { @@ -68,5 +68,5 @@ resource "cloudflare_record" "terraform_managed_resource_a95a9a38f2f9db38790102b proxied = false ttl = 3600 type = "TXT" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id } diff --git a/terraform/modules/cloudflare/dns_zone_dnssec.tf b/terraform/modules/cloudflare/dns_zone_dnssec.tf deleted file mode 100644 index 208c54898..000000000 --- a/terraform/modules/cloudflare/dns_zone_dnssec.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "cloudflare_dns_zone_dnssec" "walnuts_dev" { - zone_id = cloudflare_zone.walnuts_dev.id - dnssec_multi_signer = false - -} diff --git a/terraform/modules/cloudflare/provider.tf b/terraform/modules/cloudflare/provider.tf index ece8d3209..05edf67fd 100644 --- a/terraform/modules/cloudflare/provider.tf +++ b/terraform/modules/cloudflare/provider.tf @@ -14,10 +14,3 @@ variable "cloudflare_api_token" { provider "cloudflare" { api_token = var.cloudflare_api_token } - -variable "zone_id" { - type = string -} -variable "account_id" { - type = string -} diff --git a/terraform/modules/cloudflare/ruleset.tf b/terraform/modules/cloudflare/ruleset.tf index 73215e651..db9995a35 100644 --- a/terraform/modules/cloudflare/ruleset.tf +++ b/terraform/modules/cloudflare/ruleset.tf @@ -2,7 +2,7 @@ resource "cloudflare_ruleset" "terraform_managed_resource_304092e7f9904942998f39 kind = "zone" name = "default" phase = "http_config_settings" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id rules { action = "set_config" description = "disable Rocket Loader" @@ -20,7 +20,7 @@ resource "cloudflare_ruleset" "terraform_managed_resource_d3a7c2d6242d41068be770 kind = "zone" name = "default" phase = "http_request_cache_settings" - zone_id = var.zone_id + zone_id = cloudflare_zone.walnuts_dev.id rules { action = "set_cache_settings" diff --git a/terraform/modules/cloudflare/zone.tf b/terraform/modules/cloudflare/zone.tf index 73ed97a0b..53acb975a 100644 --- a/terraform/modules/cloudflare/zone.tf +++ b/terraform/modules/cloudflare/zone.tf @@ -1,5 +1,5 @@ resource "cloudflare_zone" "walnuts_dev" { - account_id = var.account_id + account_id = cloudflare_account.walnuts1018.id paused = false plan = "free" type = "full" diff --git a/terraform/modules/cloudflare/zone_dnssec.tf b/terraform/modules/cloudflare/zone_dnssec.tf new file mode 100644 index 000000000..e4b5238e1 --- /dev/null +++ b/terraform/modules/cloudflare/zone_dnssec.tf @@ -0,0 +1,3 @@ +resource "cloudflare_zone_dnssec" "walnuts_dev" { + zone_id = cloudflare_zone.walnuts_dev.id +} From 453caa1e0373b789c73324f409cdd8b9b5c58dd9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 10:17:12 +0000 Subject: [PATCH 0387/1209] chore(deps): update helm release external-secrets to v0.11.0 --- k8s/apps/external-secrets/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet index 42158e445..062ecc6e3 100644 --- a/k8s/apps/external-secrets/helm.jsonnet +++ b/k8s/apps/external-secrets/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'external-secrets', repoURL: 'https://charts.external-secrets.io', - targetRevision: '0.10.7', + targetRevision: '0.11.0', values: '', } From 54b98a05b81f8a8da47d5073d84b5722ed66c8d6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 2 Dec 2024 20:59:42 +0900 Subject: [PATCH 0388/1209] increase CPU limit from 100m to 1000m Signed-off-by: walnuts1018 --- k8s/apps/cloudflared/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflared/deployment.jsonnet b/k8s/apps/cloudflared/deployment.jsonnet index c2154dd67..0d691e59c 100644 --- a/k8s/apps/cloudflared/deployment.jsonnet +++ b/k8s/apps/cloudflared/deployment.jsonnet @@ -70,7 +70,7 @@ }, limits: { memory: '512Mi', - cpu: '100m', + cpu: '1000m', }, }, }, From 75e4f20fcaa9974a2fb325690a3f556c338b0dc5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 2 Dec 2024 21:27:07 +0900 Subject: [PATCH 0389/1209] add Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 2d903d4bb..13c41a06b 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -39,3 +39,7 @@ metrics: enabled: true includeNode: true users: [] + +additionalAnnotations: + instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' + instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/bin/minio' From e39ec3b163bcb41d3ae30a342f4e2dbe07442dfb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 12:28:44 +0000 Subject: [PATCH 0390/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to cc820a51cee584b52034b8e2cc38e9fdbea46f83-308 (#1026) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index d39525f37..114dea193 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:b062b079d6947d3742f2d31d99e4bb07c075ac01-307', + image: 'ghcr.io/walnuts1018/walnuts.dev:cc820a51cee584b52034b8e2cc38e9fdbea46f83-308', imagePullPolicy: 'IfNotPresent', ports: [ { From feefdf21e2c5ede30e0b87156a912559d475b166 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 2 Dec 2024 21:57:07 +0900 Subject: [PATCH 0391/1209] adding the annotation to individual PodSpec objects Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 13c41a06b..fb29b3684 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -40,6 +40,6 @@ metrics: includeNode: true users: [] -additionalAnnotations: +podAnnotations: instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/bin/minio' From 150b60227a988bc17e8829ac334b6769cefc4e3d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 2 Dec 2024 22:13:35 +0900 Subject: [PATCH 0392/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index fb29b3684..1b702c4db 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -42,4 +42,4 @@ users: [] podAnnotations: instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' - instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/bin/minio' + instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio' From 0a45da71c88cf0426a79bda9c817f33f85c3ec2c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 2 Dec 2024 22:20:07 +0900 Subject: [PATCH 0393/1209] Update values.yaml --- k8s/apps/opentelemetry-operator/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/opentelemetry-operator/values.yaml b/k8s/apps/opentelemetry-operator/values.yaml index 403764c63..cad9f84a9 100644 --- a/k8s/apps/opentelemetry-operator/values.yaml +++ b/k8s/apps/opentelemetry-operator/values.yaml @@ -6,6 +6,7 @@ manager: - --enable-nginx-instrumentation=true resources: limits: + cpu: 200m memory: 128Mi requests: cpu: 5m From bba065b5b3a39e090351eec4c86fce85d8abde3f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 2 Dec 2024 22:28:52 +0900 Subject: [PATCH 0394/1209] add Signed-off-by: walnuts1018 --- .../opentelemetry-instrumentations/default.jsonnet | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/k8s/apps/opentelemetry-instrumentations/default.jsonnet b/k8s/apps/opentelemetry-instrumentations/default.jsonnet index 3d9fa88f1..5f84b7129 100644 --- a/k8s/apps/opentelemetry-instrumentations/default.jsonnet +++ b/k8s/apps/opentelemetry-instrumentations/default.jsonnet @@ -39,6 +39,16 @@ value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4318', }, ], + resourceRequirements: { + limits: { + cpu: '500m', + memory: '256Mi', + }, + requests: { + cpu: '50m', + memory: '32Mi', + }, + }, }, }, } From 844e19727187d0037dbbe4bd7bdd846a0360a747 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 16:29:38 +0000 Subject: [PATCH 0395/1209] chore(deps): update helm release argo-cd to v7.7.7 (#1027) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index ab0f40d19..6ee365058 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.6', + targetRevision: '7.7.7', values: (importstr 'values.yaml'), } From cca06aa0c5ea06c7c20184fc456d3b61751e0765 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 19:13:35 +0000 Subject: [PATCH 0396/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.266.0 (#1028) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index b6a85d007..5312dc461 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.265.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.266.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 7962d4cbdaaf17e2f9e3d46dd64c7a02ec30bd95 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 08:22:23 +0000 Subject: [PATCH 0397/1209] chore(deps): update helm release moco to v0.15.1 --- k8s/apps/moco/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/moco/helm.jsonnet b/k8s/apps/moco/helm.jsonnet index bdfd24dda..ae67bf9f7 100644 --- a/k8s/apps/moco/helm.jsonnet +++ b/k8s/apps/moco/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'moco', repoURL: 'https://cybozu-go.github.io/moco/', - targetRevision: '0.15.0', + targetRevision: '0.15.1', values: (importstr 'values.yaml'), } From 342a22f8c68365e5602a93adb01876aa8f7cf083 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:45:29 +0000 Subject: [PATCH 0398/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.267.0 (#1031) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 5312dc461..611d4afab 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.266.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.267.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 2b9af13998fd6d1b6377da8b57e71a2046df0f30 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:45:35 +0000 Subject: [PATCH 0399/1209] chore(deps): update helm release zitadel to v8.6.2 (#1030) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 01edd915e..ee1f741d4 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.6.1', + targetRevision: '8.6.2', values: (importstr 'values.yaml'), } From 4497723522ccd81bb0edcbd150dc50711369fe4a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:06:39 +0000 Subject: [PATCH 0400/1209] chore(deps): update terraform aws to ~> 5.79.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index bb86a95da..4ea6335d2 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.78.0" + version = "~> 5.79.0" } } } From 4bbede8f9985419bca0db9bf6c47fa64fa784fde Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:07:27 +0000 Subject: [PATCH 0401/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-frontend docker tag to fcc74b7335f488a4da70f3d7cee20ae6aa4533cf-61 (#1033) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 6f6ad0ac0..57c24d678 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:2c598c4e9678ff152c9b010a642976cca2660d4a-56', + image: 'ghcr.io/walnuts1018/mucaron-frontend:fcc74b7335f488a4da70f3d7cee20ae6aa4533cf-61', ports: [ { containerPort: 3000, From e211f0b1eb2a84ab107de6ae8675cd52ffc5a708 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:07:42 +0000 Subject: [PATCH 0402/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-backend docker tag to f867097ae9f98eeb20f9a9504d2d9ca1e2376a0e-80 (#1032) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index 0f4981d97..a1d81a2c7 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:9bdba227330b16619ed68982ad0d530fc568ef10-77', + image: 'ghcr.io/walnuts1018/mucaron-backend:f867097ae9f98eeb20f9a9504d2d9ca1e2376a0e-80', ports: [ { containerPort: 8080, From dd3920f5a7131a91fa53ba9c33816a0ec059d25c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:07:48 +0000 Subject: [PATCH 0403/1209] chore(deps): update helm release oauth2-proxy to v7.8.1 (#1034) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index d50dbb808..8441f9713 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.8.0', + targetRevision: '7.8.1', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From 36333b710fa9a1b99a66f5e46b1e256427e6e6c1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 09:59:49 +0900 Subject: [PATCH 0404/1209] add Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 81bd196ed..06cdd5767 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -1,5 +1,3 @@ -image: - useDigest: false # https://github.com/containers/image/blob/d372f0e440d35c6041de39023b0b6eb131fba54b/docker/docker_transport.go#L79-L81 kubeProxyReplacement: true l7Proxy: true k8sServiceHost: 192.168.0.17 From 1ed31dd96193a5d1c767615db5052343aacd1359 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 10:15:38 +0900 Subject: [PATCH 0405/1209] empty storage Signed-off-by: walnuts1018 --- k8s/apps/affine/redis.jsonnet | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/k8s/apps/affine/redis.jsonnet b/k8s/apps/affine/redis.jsonnet index c42766565..56ae7d2bd 100644 --- a/k8s/apps/affine/redis.jsonnet +++ b/k8s/apps/affine/redis.jsonnet @@ -18,18 +18,6 @@ }, }, storage: { - volumeClaimTemplate: { - spec: { - accessModes: [ - 'ReadWriteOnce', - ], - resources: { - requests: { - storage: '1Gi', - }, - }, - }, - }, }, podSecurityContext: { fsGroup: 1000, From 8fa67fafd73c34544e73b76d4afe5d60111b5974 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 10:19:15 +0900 Subject: [PATCH 0406/1209] rm debug log Signed-off-by: walnuts1018 --- k8s/apps/redis-operator/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/redis-operator/values.yaml b/k8s/apps/redis-operator/values.yaml index 5d90ffca3..067c3b4b0 100644 --- a/k8s/apps/redis-operator/values.yaml +++ b/k8s/apps/redis-operator/values.yaml @@ -6,6 +6,6 @@ resources: cpu: 500m memory: 500Mi -redisOperator: - extraArgs: - - "-zap-log-level=debug" +# redisOperator: +# extraArgs: +# - "-zap-log-level=debug" From 07a5f15bebac796faa81555a45e19949f15c8956 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 10:19:47 +0900 Subject: [PATCH 0407/1209] resources Signed-off-by: walnuts1018 --- k8s/apps/redis-operator/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/redis-operator/values.yaml b/k8s/apps/redis-operator/values.yaml index 067c3b4b0..3e60a5691 100644 --- a/k8s/apps/redis-operator/values.yaml +++ b/k8s/apps/redis-operator/values.yaml @@ -3,8 +3,8 @@ resources: cpu: 500m memory: 500Mi requests: - cpu: 500m - memory: 500Mi + cpu: 30m + memory: 32Mi # redisOperator: # extraArgs: From a162aedd054cee5e2dcf19920a10ea15deaffbe0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 10:22:02 +0900 Subject: [PATCH 0408/1209] rm persistence Signed-off-by: walnuts1018 --- k8s/apps/affine/redis.jsonnet | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/k8s/apps/affine/redis.jsonnet b/k8s/apps/affine/redis.jsonnet index 56ae7d2bd..d3b6e1f61 100644 --- a/k8s/apps/affine/redis.jsonnet +++ b/k8s/apps/affine/redis.jsonnet @@ -9,6 +9,7 @@ }, spec: { + persistenceEnabled: false, kubernetesConfig: { image: 'quay.io/opstree/redis:v7.0.12', imagePullPolicy: 'IfNotPresent', @@ -17,8 +18,6 @@ key: 'redispassword', }, }, - storage: { - }, podSecurityContext: { fsGroup: 1000, runAsUser: 1000, From 46d74c2be6e9135a28873650434859d95267c61a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 10:26:27 +0900 Subject: [PATCH 0409/1209] add storage Signed-off-by: walnuts1018 --- k8s/apps/affine/redis.jsonnet | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/k8s/apps/affine/redis.jsonnet b/k8s/apps/affine/redis.jsonnet index d3b6e1f61..c42766565 100644 --- a/k8s/apps/affine/redis.jsonnet +++ b/k8s/apps/affine/redis.jsonnet @@ -9,7 +9,6 @@ }, spec: { - persistenceEnabled: false, kubernetesConfig: { image: 'quay.io/opstree/redis:v7.0.12', imagePullPolicy: 'IfNotPresent', @@ -18,6 +17,20 @@ key: 'redispassword', }, }, + storage: { + volumeClaimTemplate: { + spec: { + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '1Gi', + }, + }, + }, + }, + }, podSecurityContext: { fsGroup: 1000, runAsUser: 1000, From 55866bcf1a75c57204926341154dec2ac23fc627 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 11:57:52 +0900 Subject: [PATCH 0410/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 950de234c..eb6583ffb 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -23,7 +23,7 @@ configs: id: walnuts-dev name: walnuts-dev config: - clientID: "291851981864108044" + clientID: "296595833422414292" clientSecret: $argocd-oidc:client-secret issuer: https://auth.walnuts.dev scopes: From 1c8c50b9af01b6efb0aa6bd176d4e099845898fc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:05:45 +0900 Subject: [PATCH 0411/1209] add role Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index eb6583ffb..0ffef3b30 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -35,6 +35,11 @@ configs: otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317' server.insecure: true server.basehref: / + rbac: + create: true + policy.csv: | + g, argocd-admin, role:admin + scopes: '[urn:zitadel:iam:org:project:roles]' controller: metrics: From 71c47c1d710eccc931e770a08314fde97f77e0d6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:08:42 +0900 Subject: [PATCH 0412/1209] use oidc.config Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 24 ++++++++++------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 0ffef3b30..48adb3ddb 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -17,20 +17,16 @@ configs: - CiliumIdentity clusters: - "*" - dex.config: | - connectors: - - type: oidc - id: walnuts-dev - name: walnuts-dev - config: - clientID: "296595833422414292" - clientSecret: $argocd-oidc:client-secret - issuer: https://auth.walnuts.dev - scopes: - - openid - - email - - profile - - urn:zitadel:iam:org:projects:roles + oidc.config: | + name: walnuts-dev + issuer: https://auth.walnuts.dev + clientID: "296595833422414292" + clientSecret: $argocd-oidc:client-secret + requestedScopes: + - openid + - email + - profile + - urn:zitadel:iam:org:projects:roles params: otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317' server.insecure: true From 455684baa35c663041c3af59f1e6742d48b25304 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:19:00 +0900 Subject: [PATCH 0413/1209] my:zitadel:grants Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 48adb3ddb..ce45b40fc 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -26,7 +26,6 @@ configs: - openid - email - profile - - urn:zitadel:iam:org:projects:roles params: otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317' server.insecure: true @@ -35,7 +34,7 @@ configs: create: true policy.csv: | g, argocd-admin, role:admin - scopes: '[urn:zitadel:iam:org:project:roles]' + scopes: '[my:zitadel:grants]' controller: metrics: From e8576a57822410972a493f3bb2b1b7b450ef4bc5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:21:55 +0900 Subject: [PATCH 0414/1209] disable users.anonymous.enabled Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index ce45b40fc..6099887d1 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -26,6 +26,7 @@ configs: - openid - email - profile + users.anonymous.enabled: false params: otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317' server.insecure: true From f40fbcecb552b673a3d006c8e19c6c521f4bf13e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:22:27 +0900 Subject: [PATCH 0415/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 6099887d1..3f570d917 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -34,7 +34,7 @@ configs: rbac: create: true policy.csv: | - g, argocd-admin, role:admin + g, 237477822715658605:argocd-admin, role:admin scopes: '[my:zitadel:grants]' controller: From 200f967de49917d188516ca28d4ffa226bc7fb51 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:24:51 +0900 Subject: [PATCH 0416/1209] rm Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 3f570d917..951298380 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -36,6 +36,7 @@ configs: policy.csv: | g, 237477822715658605:argocd-admin, role:admin scopes: '[my:zitadel:grants]' + policy.default: '' controller: metrics: From 2fc59f0c6a7abfc50fb1c4620aa51c939c6425c3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:25:53 +0900 Subject: [PATCH 0417/1209] =?UTF-8?q?=E3=83=A6=E3=83=BC=E3=82=B6=E3=83=BC?= =?UTF-8?q?=E3=82=BB=E3=83=83=E3=82=B7=E3=83=A7=E3=83=B3=E3=81=AE=E6=8C=81?= =?UTF-8?q?=E7=B6=9A=E6=99=82=E9=96=93=E3=82=92168=E6=99=82=E9=96=93?= =?UTF-8?q?=E3=81=AB=E8=A8=AD=E5=AE=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 951298380..ba6db02ee 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -27,6 +27,7 @@ configs: - email - profile users.anonymous.enabled: false + users.session.duration: "168h" # 7 days params: otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317' server.insecure: true From 6ec29f5033dd6ea3acfdd471538b59fb0642c504 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:33:21 +0900 Subject: [PATCH 0418/1209] add proxy Signed-off-by: walnuts1018 --- .../zitadel/terraform-proxy/app.libsonnet | 4 + .../zitadel/terraform-proxy/config/nginx.conf | 24 ++++ .../terraform-proxy/config/virtualhost.conf | 19 +++ .../zitadel/terraform-proxy/configmap.jsonnet | 9 ++ .../terraform-proxy/deployment.jsonnet | 119 ++++++++++++++++++ .../zitadel/terraform-proxy/service.jsonnet | 20 +++ 6 files changed, 195 insertions(+) create mode 100644 k8s/apps/zitadel/terraform-proxy/app.libsonnet create mode 100644 k8s/apps/zitadel/terraform-proxy/config/nginx.conf create mode 100644 k8s/apps/zitadel/terraform-proxy/config/virtualhost.conf create mode 100644 k8s/apps/zitadel/terraform-proxy/configmap.jsonnet create mode 100644 k8s/apps/zitadel/terraform-proxy/deployment.jsonnet create mode 100644 k8s/apps/zitadel/terraform-proxy/service.jsonnet diff --git a/k8s/apps/zitadel/terraform-proxy/app.libsonnet b/k8s/apps/zitadel/terraform-proxy/app.libsonnet new file mode 100644 index 000000000..3ef337976 --- /dev/null +++ b/k8s/apps/zitadel/terraform-proxy/app.libsonnet @@ -0,0 +1,4 @@ +{ + name: (import '../app.json5').name + '-terraform-proxy', + namespace: (import '../app.json5').namespace, +} diff --git a/k8s/apps/zitadel/terraform-proxy/config/nginx.conf b/k8s/apps/zitadel/terraform-proxy/config/nginx.conf new file mode 100644 index 000000000..f728ccc06 --- /dev/null +++ b/k8s/apps/zitadel/terraform-proxy/config/nginx.conf @@ -0,0 +1,24 @@ +user nginx; +worker_processes 1; +error_log /dev/stderr; +events { + worker_connections 10240; +} +http { + log_format main + 'remote_addr:$remote_addr\t' + 'time_local:$time_local\t' + 'method:$request_method\t' + 'uri:$request_uri\t' + 'host:$host\t' + 'status:$status\t' + 'bytes_sent:$body_bytes_sent\t' + 'referer:$http_referer\t' + 'useragent:$http_user_agent\t' + 'forwardedfor:$http_x_forwarded_for\t' + 'request_time:$request_time'; + + access_log /dev/stdout main; + + include /etc/nginx/virtualhost/virtualhost.conf; +} diff --git a/k8s/apps/zitadel/terraform-proxy/config/virtualhost.conf b/k8s/apps/zitadel/terraform-proxy/config/virtualhost.conf new file mode 100644 index 000000000..f08c33721 --- /dev/null +++ b/k8s/apps/zitadel/terraform-proxy/config/virtualhost.conf @@ -0,0 +1,19 @@ +server { + listen 8080 default_server; + server_name ""; + proxy_redirect off; + location / { + proxy_pass "http://zitadel.zitadel.svc.cluster.local:8080"; + proxy_set_header Host "auth.walnuts.dev"; + } +} + +server { + listen 8081 default_server; + server_name ""; + location /healthz { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{"status":"UP"}'; + } +} diff --git a/k8s/apps/zitadel/terraform-proxy/configmap.jsonnet b/k8s/apps/zitadel/terraform-proxy/configmap.jsonnet new file mode 100644 index 000000000..8180af675 --- /dev/null +++ b/k8s/apps/zitadel/terraform-proxy/configmap.jsonnet @@ -0,0 +1,9 @@ +(import '../../components/configmap.libsonnet') { + name: (import 'app.libsonnet').name, + namespace: (import 'app.libsonnet').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, + data: { + 'nginx.conf': (importstr './config/nginx.conf'), + 'virtualhost.conf': (importstr './config/virtualhost.conf'), + }, +} diff --git a/k8s/apps/zitadel/terraform-proxy/deployment.jsonnet b/k8s/apps/zitadel/terraform-proxy/deployment.jsonnet new file mode 100644 index 000000000..251b8fada --- /dev/null +++ b/k8s/apps/zitadel/terraform-proxy/deployment.jsonnet @@ -0,0 +1,119 @@ +{ + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: (import 'app.libsonnet').name, + namespace: (import 'app.libsonnet').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, + }, + spec: { + replicas: 1, + selector: { + matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, + }, + template: { + metadata: { + labels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, + }, + spec: { + securityContext: { + fsGroup: 101, + fsGroupChangePolicy: 'OnRootMismatch', + }, + containers: [ + std.mergePatch((import '../../../components/container.libsonnet') { + name: 'nginx', + image: 'nginx:1.27.3', + ports: [ + { + containerPort: 8080, + }, + ], + livenessProbe: { + httpGet: { + path: '/healthz', + port: 8081, + }, + failureThreshold: 1, + initialDelaySeconds: 10, + periodSeconds: 10, + }, + volumeMounts: [ + { + mountPath: '/etc/nginx', + readOnly: true, + name: 'nginx-conf', + }, + { + mountPath: '/tmp', + name: 'tmp', + }, + { + mountPath: '/var/tmp', + name: 'tmp', + }, + { + mountPath: '/var/log/nginx', + name: 'log-nginx', + }, + { + mountPath: '/var/cache/nginx', + name: 'cache-nginx', + }, + { + mountPath: '/var/run', + name: 'var-run', + }, + ], + resources: { + limits: { + memory: '100Mi', + }, + requests: { + memory: '5Mi', + }, + }, + }, { + securityContext: { + runAsUser: 101, + }, + }), + ], + volumes: [ + { + name: 'nginx-conf', + configMap: { + name: (import 'configmap.jsonnet').metadata.name, + items: [ + { + key: 'nginx.conf', + path: 'nginx.conf', + }, + { + key: 'virtualhost.conf', + path: 'virtualhost/virtualhost.conf', + }, + ], + }, + }, + { + name: 'tmp', + emptyDir: {}, + }, + { + name: 'log-nginx', + emptyDir: {}, + }, + { + name: 'cache-nginx', + emptyDir: {}, + }, + { + name: 'var-run', + emptyDir: {}, + }, + ], + }, + }, + }, +} diff --git a/k8s/apps/zitadel/terraform-proxy/service.jsonnet b/k8s/apps/zitadel/terraform-proxy/service.jsonnet new file mode 100644 index 000000000..874fce14e --- /dev/null +++ b/k8s/apps/zitadel/terraform-proxy/service.jsonnet @@ -0,0 +1,20 @@ +{ + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: (import 'app.libsonnet').name, + namespace: (import 'app.libsonnet').namespace, + labels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, + }, + spec: { + selector: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, + ports: [ + { + protocol: 'TCP', + port: 8080, + targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[0].containerPort, + }, + ], + type: 'ClusterIP', + }, +} From ba2d5e37d13bd1f94d58afe013704bfa067afbbc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 4 Dec 2024 12:44:15 +0900 Subject: [PATCH 0419/1209] rm Signed-off-by: walnuts1018 --- .../zitadel/terraform-proxy/app.libsonnet | 4 - .../zitadel/terraform-proxy/config/nginx.conf | 24 ---- .../terraform-proxy/config/virtualhost.conf | 19 --- .../zitadel/terraform-proxy/configmap.jsonnet | 9 -- .../terraform-proxy/deployment.jsonnet | 119 ------------------ .../zitadel/terraform-proxy/service.jsonnet | 20 --- 6 files changed, 195 deletions(-) delete mode 100644 k8s/apps/zitadel/terraform-proxy/app.libsonnet delete mode 100644 k8s/apps/zitadel/terraform-proxy/config/nginx.conf delete mode 100644 k8s/apps/zitadel/terraform-proxy/config/virtualhost.conf delete mode 100644 k8s/apps/zitadel/terraform-proxy/configmap.jsonnet delete mode 100644 k8s/apps/zitadel/terraform-proxy/deployment.jsonnet delete mode 100644 k8s/apps/zitadel/terraform-proxy/service.jsonnet diff --git a/k8s/apps/zitadel/terraform-proxy/app.libsonnet b/k8s/apps/zitadel/terraform-proxy/app.libsonnet deleted file mode 100644 index 3ef337976..000000000 --- a/k8s/apps/zitadel/terraform-proxy/app.libsonnet +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: (import '../app.json5').name + '-terraform-proxy', - namespace: (import '../app.json5').namespace, -} diff --git a/k8s/apps/zitadel/terraform-proxy/config/nginx.conf b/k8s/apps/zitadel/terraform-proxy/config/nginx.conf deleted file mode 100644 index f728ccc06..000000000 --- a/k8s/apps/zitadel/terraform-proxy/config/nginx.conf +++ /dev/null @@ -1,24 +0,0 @@ -user nginx; -worker_processes 1; -error_log /dev/stderr; -events { - worker_connections 10240; -} -http { - log_format main - 'remote_addr:$remote_addr\t' - 'time_local:$time_local\t' - 'method:$request_method\t' - 'uri:$request_uri\t' - 'host:$host\t' - 'status:$status\t' - 'bytes_sent:$body_bytes_sent\t' - 'referer:$http_referer\t' - 'useragent:$http_user_agent\t' - 'forwardedfor:$http_x_forwarded_for\t' - 'request_time:$request_time'; - - access_log /dev/stdout main; - - include /etc/nginx/virtualhost/virtualhost.conf; -} diff --git a/k8s/apps/zitadel/terraform-proxy/config/virtualhost.conf b/k8s/apps/zitadel/terraform-proxy/config/virtualhost.conf deleted file mode 100644 index f08c33721..000000000 --- a/k8s/apps/zitadel/terraform-proxy/config/virtualhost.conf +++ /dev/null @@ -1,19 +0,0 @@ -server { - listen 8080 default_server; - server_name ""; - proxy_redirect off; - location / { - proxy_pass "http://zitadel.zitadel.svc.cluster.local:8080"; - proxy_set_header Host "auth.walnuts.dev"; - } -} - -server { - listen 8081 default_server; - server_name ""; - location /healthz { - access_log off; - add_header 'Content-Type' 'application/json'; - return 200 '{"status":"UP"}'; - } -} diff --git a/k8s/apps/zitadel/terraform-proxy/configmap.jsonnet b/k8s/apps/zitadel/terraform-proxy/configmap.jsonnet deleted file mode 100644 index 8180af675..000000000 --- a/k8s/apps/zitadel/terraform-proxy/configmap.jsonnet +++ /dev/null @@ -1,9 +0,0 @@ -(import '../../components/configmap.libsonnet') { - name: (import 'app.libsonnet').name, - namespace: (import 'app.libsonnet').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, - data: { - 'nginx.conf': (importstr './config/nginx.conf'), - 'virtualhost.conf': (importstr './config/virtualhost.conf'), - }, -} diff --git a/k8s/apps/zitadel/terraform-proxy/deployment.jsonnet b/k8s/apps/zitadel/terraform-proxy/deployment.jsonnet deleted file mode 100644 index 251b8fada..000000000 --- a/k8s/apps/zitadel/terraform-proxy/deployment.jsonnet +++ /dev/null @@ -1,119 +0,0 @@ -{ - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: (import 'app.libsonnet').name, - namespace: (import 'app.libsonnet').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, - }, - spec: { - replicas: 1, - selector: { - matchLabels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, - }, - template: { - metadata: { - labels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, - }, - spec: { - securityContext: { - fsGroup: 101, - fsGroupChangePolicy: 'OnRootMismatch', - }, - containers: [ - std.mergePatch((import '../../../components/container.libsonnet') { - name: 'nginx', - image: 'nginx:1.27.3', - ports: [ - { - containerPort: 8080, - }, - ], - livenessProbe: { - httpGet: { - path: '/healthz', - port: 8081, - }, - failureThreshold: 1, - initialDelaySeconds: 10, - periodSeconds: 10, - }, - volumeMounts: [ - { - mountPath: '/etc/nginx', - readOnly: true, - name: 'nginx-conf', - }, - { - mountPath: '/tmp', - name: 'tmp', - }, - { - mountPath: '/var/tmp', - name: 'tmp', - }, - { - mountPath: '/var/log/nginx', - name: 'log-nginx', - }, - { - mountPath: '/var/cache/nginx', - name: 'cache-nginx', - }, - { - mountPath: '/var/run', - name: 'var-run', - }, - ], - resources: { - limits: { - memory: '100Mi', - }, - requests: { - memory: '5Mi', - }, - }, - }, { - securityContext: { - runAsUser: 101, - }, - }), - ], - volumes: [ - { - name: 'nginx-conf', - configMap: { - name: (import 'configmap.jsonnet').metadata.name, - items: [ - { - key: 'nginx.conf', - path: 'nginx.conf', - }, - { - key: 'virtualhost.conf', - path: 'virtualhost/virtualhost.conf', - }, - ], - }, - }, - { - name: 'tmp', - emptyDir: {}, - }, - { - name: 'log-nginx', - emptyDir: {}, - }, - { - name: 'cache-nginx', - emptyDir: {}, - }, - { - name: 'var-run', - emptyDir: {}, - }, - ], - }, - }, - }, -} diff --git a/k8s/apps/zitadel/terraform-proxy/service.jsonnet b/k8s/apps/zitadel/terraform-proxy/service.jsonnet deleted file mode 100644 index 874fce14e..000000000 --- a/k8s/apps/zitadel/terraform-proxy/service.jsonnet +++ /dev/null @@ -1,20 +0,0 @@ -{ - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: (import 'app.libsonnet').name, - namespace: (import 'app.libsonnet').namespace, - labels: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, - }, - spec: { - selector: (import '../../../components/labels.libsonnet') + { appname: (import 'app.libsonnet').name }, - ports: [ - { - protocol: 'TCP', - port: 8080, - targetPort: (import 'deployment.jsonnet').spec.template.spec.containers[0].ports[0].containerPort, - }, - ], - type: 'ClusterIP', - }, -} From 4371b0d51b8d55f743d1028bc0e9b383e1c99fec Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 12:44:40 +0000 Subject: [PATCH 0420/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.268.0 (#1036) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 611d4afab..0d5d5a915 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.267.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.268.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 07dfad5fa380fcf377911349b5808cfc250a9241 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:54:29 +0000 Subject: [PATCH 0421/1209] fix(deps): update module golang.org/x/sync to v0.10.0 --- .github/scripts/infrautil/go.mod | 2 +- .github/scripts/infrautil/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index bc0261160..fb5e61802 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -10,7 +10,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/sters/yaml-diff v1.3.2 github.com/yosuke-furukawa/json5 v0.1.1 - golang.org/x/sync v0.9.0 + golang.org/x/sync v0.10.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.3 sigs.k8s.io/yaml v1.4.0 diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index a35034848..c65c32fa4 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -448,6 +448,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From 23d5224fa8e3a6890c849bb45750ebf17dcca42c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:54:56 +0000 Subject: [PATCH 0422/1209] chore(deps): update helm release kube-prometheus-stack to v66.3.1 (#1037) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index dfee75b7a..595c85969 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.3.0', + targetRevision: '66.3.1', values: (importstr 'values.yaml'), } From 1f248ca9bc28a2a198c0116e36bf31ce2208026d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:57:35 +0000 Subject: [PATCH 0423/1209] chore(deps): update terraform aws to ~> 5.80.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index 4ea6335d2..81826d829 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.79.0" + version = "~> 5.80.0" } } } From 099cf8d3ba67375891081d397654a0c2b892c9bf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 01:49:20 +0000 Subject: [PATCH 0424/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.269.0 (#1040) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 0d5d5a915..120eaddab 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.268.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.269.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From eef41cb1a0ee396de16568272fcb3d9149a89d88 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 07:08:20 +0000 Subject: [PATCH 0425/1209] fix(deps): update module github.com/sters/yaml-diff to v1.4.1 --- .github/scripts/infrautil/go.mod | 4 ++-- .github/scripts/infrautil/go.sum | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index fb5e61802..4a707b6c9 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -8,7 +8,7 @@ require ( github.com/google/subcommands v1.2.0 github.com/phsym/console-slog v0.3.1 github.com/pkg/errors v0.9.1 - github.com/sters/yaml-diff v1.3.2 + github.com/sters/yaml-diff v1.4.1 github.com/yosuke-furukawa/json5 v0.1.1 golang.org/x/sync v0.10.0 gopkg.in/yaml.v3 v3.0.1 @@ -61,7 +61,7 @@ require ( github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/goccy/go-yaml v1.11.3 // indirect + github.com/goccy/go-yaml v1.15.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.0.1 // indirect diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index c65c32fa4..03ca67de5 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -155,6 +155,8 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/goccy/go-yaml v1.11.3 h1:B3W9IdWbvrUu2OYQGwvU1nZtvMQJPBKgBUuweJjLj6I= github.com/goccy/go-yaml v1.11.3/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU= +github.com/goccy/go-yaml v1.15.6 h1:gy5kf1yjMia3/c3wWD+u1z3lU5XlhpT8FZGaLJU9cOA= +github.com/goccy/go-yaml v1.15.6/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -362,6 +364,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/sters/yaml-diff v1.3.2 h1:99Ke50QYFQYZjKMOiePxwyuQ+WeCvNy6cRooqdLs/ZE= github.com/sters/yaml-diff v1.3.2/go.mod h1:86usbNZiUqke5wYjMxDVEjmvGjmY2FkMwOwe0A5zf68= +github.com/sters/yaml-diff v1.4.1 h1:0W3jnFKCu8/DV7nh2aXSDA2VVfxfHu2+qdh81CuFmZo= +github.com/sters/yaml-diff v1.4.1/go.mod h1:K286Xp2z+aGkok7z9k3zXcq0ZsrDaDp7/wyGwFjM9Y8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= From cff0db77719b367caf9c58967b1a95a19b72ee77 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:32:05 +0000 Subject: [PATCH 0426/1209] chore(deps): update helm release zitadel to v8.7.0 --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index ee1f741d4..dd969813e 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.6.2', + targetRevision: '8.7.0', values: (importstr 'values.yaml'), } From f6ea0afad568d262b2be2261953bc4b124383937 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 14:42:36 +0000 Subject: [PATCH 0427/1209] chore(deps): update helm release zitadel to v8.7.1 (#1043) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index dd969813e..1a3f51345 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.7.0', + targetRevision: '8.7.1', values: (importstr 'values.yaml'), } From 494eb1fb49b8463fbe672f215ea9eb1a53630885 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 00:16:01 +0000 Subject: [PATCH 0428/1209] chore(deps): update helm release loki to v6.23.0 --- k8s/apps/loki/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet index 09179ee31..a55c6b8de 100644 --- a/k8s/apps/loki/helm.jsonnet +++ b/k8s/apps/loki/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'loki', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '6.22.0', + targetRevision: '6.23.0', values: (importstr 'values.yaml'), } From 2d0a0497dbeaded6083aca337952f835218d78f6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 00:16:05 +0000 Subject: [PATCH 0429/1209] chore(deps): update helm release nextcloud to v6.3.0 --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index 1240d2c08..b9db82316 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.2.4', + targetRevision: '6.3.0', values: (importstr 'values.yaml'), } From 7082713844058b9a656124868d1494c600b541f9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 22:22:21 +0000 Subject: [PATCH 0430/1209] chore(deps): update helm release opentelemetry-operator to v0.75.0 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index 4c7441831..69a19a4e2 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.74.3', + targetRevision: '0.75.0', values: (importstr 'values.yaml'), } From 76079b6182c784d67878d6368a7678be2be3b8bd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 8 Dec 2024 16:32:02 +0000 Subject: [PATCH 0431/1209] chore(deps): update dependency aquaproj/aqua-renovate-config to v2.6.0 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index b90cfea21..964f357df 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,6 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.5.0"], + extends: ["config:recommended", "github>aquaproj/aqua-renovate-config#2.6.0"], dependencyDashboard: true, timezone: "Asia/Tokyo", kubernetes: { From 744e2cb031147848f3990e39a1d81faaf0406de7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 8 Dec 2024 16:32:53 +0000 Subject: [PATCH 0432/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.270.0 (#1047) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 120eaddab..0e8f9a94b 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.269.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.270.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From a80507a6b1c616ec54e6bb65983745aa2f159d7e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 02:36:16 +0000 Subject: [PATCH 0433/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.271.0 (#1049) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 0e8f9a94b..f062dbbc6 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.270.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.271.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From b64832f08c2beea7883ebaf73622547a40d0e5ba Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 13:33:39 +0900 Subject: [PATCH 0434/1209] add Signed-off-by: walnuts1018 --- .github/scripts/infrautil/go.mod | 1 - .github/scripts/infrautil/go.sum | 15 +++------------ 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index 4a707b6c9..c35855b34 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -134,7 +134,6 @@ require ( golang.org/x/term v0.24.0 // indirect golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect google.golang.org/grpc v1.65.0 // indirect google.golang.org/protobuf v1.34.2 // indirect diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index 03ca67de5..77ad086e4 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -153,8 +153,6 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/goccy/go-yaml v1.11.3 h1:B3W9IdWbvrUu2OYQGwvU1nZtvMQJPBKgBUuweJjLj6I= -github.com/goccy/go-yaml v1.11.3/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU= github.com/goccy/go-yaml v1.15.6 h1:gy5kf1yjMia3/c3wWD+u1z3lU5XlhpT8FZGaLJU9cOA= github.com/goccy/go-yaml v1.15.6/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -362,24 +360,21 @@ github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/sters/yaml-diff v1.3.2 h1:99Ke50QYFQYZjKMOiePxwyuQ+WeCvNy6cRooqdLs/ZE= -github.com/sters/yaml-diff v1.3.2/go.mod h1:86usbNZiUqke5wYjMxDVEjmvGjmY2FkMwOwe0A5zf68= github.com/sters/yaml-diff v1.4.1 h1:0W3jnFKCu8/DV7nh2aXSDA2VVfxfHu2+qdh81CuFmZo= github.com/sters/yaml-diff v1.4.1/go.mod h1:K286Xp2z+aGkok7z9k3zXcq0ZsrDaDp7/wyGwFjM9Y8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -450,8 +445,6 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -491,8 +484,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= -golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= From 330dd0a6132c1454ecff7fb8993771f5861edfc1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 13:39:22 +0900 Subject: [PATCH 0435/1209] add Signed-off-by: walnuts1018 --- .github/scripts/infrautil/go.mod | 121 ++++++++++++++--------------- .github/scripts/infrautil/go.sum | 126 +++++++++++++++++++++++++++++++ 2 files changed, 187 insertions(+), 60 deletions(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index c35855b34..1b977b406 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -18,62 +18,62 @@ require ( require ( dario.cat/mergo v1.0.1 // indirect - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect + github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/semver/v3 v3.3.1 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.23 // indirect - github.com/containerd/errdefs v0.3.0 // indirect + github.com/chai2010/gettext-go v1.0.3 // indirect + github.com/containerd/containerd v1.7.24 // indirect + github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect - github.com/cyphar/filepath-securejoin v0.3.4 // indirect + github.com/cyphar/filepath-securejoin v0.3.5 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v25.0.1+incompatible // indirect + github.com/docker/cli v27.3.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v25.0.6+incompatible // indirect - github.com/docker/docker-credential-helpers v0.7.0 // indirect + github.com/docker/docker v27.3.1+incompatible // indirect + github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect - github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect - github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect - github.com/fatih/color v1.16.0 // indirect + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect + github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.3 // indirect - github.com/go-errors/errors v1.4.2 // indirect + github.com/gabriel-vasile/mimetype v1.4.7 // indirect + github.com/go-errors/errors v1.5.1 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/goccy/go-yaml v1.15.6 // indirect + github.com/goccy/go-yaml v1.15.7 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/btree v1.0.1 // indirect - github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/btree v1.1.3 // indirect + github.com/google/gnostic-models v0.6.9 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/mux v1.8.0 // indirect - github.com/gorilla/websocket v1.5.0 // indirect + github.com/gorilla/mux v1.8.1 // indirect + github.com/gorilla/websocket v1.5.3 // indirect github.com/gosuri/uitable v0.0.4 // indirect - github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect + github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/huandu/xstrings v1.5.0 // indirect @@ -82,7 +82,7 @@ require ( github.com/jmoiron/sqlx v1.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.16.7 // indirect + github.com/klauspost/compress v1.17.11 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/leodido/go-urn v1.4.0 // indirect @@ -91,12 +91,12 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect - github.com/moby/spdystream v0.4.0 // indirect + github.com/moby/spdystream v0.5.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -106,10 +106,11 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect - github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/common v0.61.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect + github.com/rivo/uniseg v0.4.7 // indirect github.com/rubenv/sql-migrate v1.7.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -122,38 +123,38 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect - go.opentelemetry.io/otel v1.28.0 // indirect - go.opentelemetry.io/otel/metric v1.28.0 // indirect - go.opentelemetry.io/otel/trace v1.28.0 // indirect - go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/crypto v0.27.0 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.25.0 // indirect - golang.org/x/term v0.24.0 // indirect - golang.org/x/text v0.18.0 // indirect - golang.org/x/time v0.3.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect - google.golang.org/grpc v1.65.0 // indirect - google.golang.org/protobuf v1.34.2 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect + go.opentelemetry.io/otel v1.32.0 // indirect + go.opentelemetry.io/otel/metric v1.32.0 // indirect + go.opentelemetry.io/otel/trace v1.32.0 // indirect + go.starlark.net v0.0.0-20241125201518-c05ff208a98f // indirect + golang.org/x/crypto v0.30.0 // indirect + golang.org/x/net v0.32.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect + golang.org/x/time v0.8.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect + google.golang.org/grpc v1.68.1 // indirect + google.golang.org/protobuf v1.35.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/api v0.31.1 // indirect - k8s.io/apiextensions-apiserver v0.31.1 // indirect - k8s.io/apimachinery v0.31.1 // indirect - k8s.io/apiserver v0.31.1 // indirect - k8s.io/cli-runtime v0.31.1 // indirect - k8s.io/client-go v0.31.1 // indirect - k8s.io/component-base v0.31.1 // indirect + k8s.io/api v0.31.3 // indirect + k8s.io/apiextensions-apiserver v0.31.3 // indirect + k8s.io/apimachinery v0.31.3 // indirect + k8s.io/apiserver v0.31.3 // indirect + k8s.io/cli-runtime v0.31.3 // indirect + k8s.io/client-go v0.31.3 // indirect + k8s.io/component-base v0.31.3 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/kubectl v0.31.1 // indirect - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect - oras.land/oras-go v1.2.5 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.17.2 // indirect - sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f // indirect + k8s.io/kubectl v0.31.3 // indirect + k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 // indirect + oras.land/oras-go v1.2.6 // indirect + sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + sigs.k8s.io/kustomize/api v0.18.0 // indirect + sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect ) diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index 77ad086e4..49afa5efd 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -5,11 +5,17 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -18,6 +24,8 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= +github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= @@ -53,6 +61,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= +github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80= +github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -61,10 +71,14 @@ github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaD github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= +github.com/containerd/containerd v1.7.24 h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA= +github.com/containerd/containerd v1.7.24/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= @@ -75,6 +89,8 @@ github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= +github.com/cyphar/filepath-securejoin v0.3.5 h1:L81NHjquoQmcPgXcttUS9qTSR/+bXry6pbSINQGpjj4= +github.com/cyphar/filepath-securejoin v0.3.5/go.mod h1:edhVd3c6OXKjUmSrVa/tGJRS9joFTxlslFCAyaxigkE= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -85,12 +101,18 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPDpigSyeKQQ= +github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI= +github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= +github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= +github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= @@ -101,14 +123,20 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arX github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= +github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= +github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= +github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= @@ -119,8 +147,12 @@ github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA= +github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= +github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= @@ -133,11 +165,17 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= @@ -155,6 +193,8 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/goccy/go-yaml v1.15.6 h1:gy5kf1yjMia3/c3wWD+u1z3lU5XlhpT8FZGaLJU9cOA= github.com/goccy/go-yaml v1.15.6/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= +github.com/goccy/go-yaml v1.15.7 h1:L7XuKpd/A66X4w/dlk08lVfiIADdy79a1AzRoIefC98= +github.com/goccy/go-yaml v1.15.7/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -177,8 +217,12 @@ github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -205,12 +249,18 @@ github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= +github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -237,6 +287,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -265,6 +317,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -280,6 +334,8 @@ github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= +github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= @@ -327,6 +383,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -336,15 +394,22 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ= +github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= +github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= +github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= @@ -369,6 +434,7 @@ github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -400,14 +466,24 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= +go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= +go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= +go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.starlark.net v0.0.0-20241125201518-c05ff208a98f h1:W+3pcCdjGognUT+oE6tXsC3xiCEcCYTaJBXHHRn7aW0= +go.starlark.net v0.0.0-20241125201518-c05ff208a98f/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -416,6 +492,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= +golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -436,9 +514,13 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -461,15 +543,23 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -491,11 +581,15 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= +google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -506,6 +600,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -529,35 +625,65 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= +k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= +k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= +k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE= +k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4= k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= +k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c= k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM= +k8s.io/apiserver v0.31.3 h1:+1oHTtCB+OheqFEz375D0IlzHZ5VeQKX1KGXnx+TTuY= +k8s.io/apiserver v0.31.3/go.mod h1:PrxVbebxrxQPFhJk4powDISIROkNMKHibTg9lTRQ0Qg= k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk= k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U= +k8s.io/cli-runtime v0.31.3 h1:fEQD9Xokir78y7pVK/fCJN090/iYNrLHpFbGU4ul9TI= +k8s.io/cli-runtime v0.31.3/go.mod h1:Q2jkyTpl+f6AtodQvgDI8io3jrfr+Z0LyQBPJJ2Btq8= k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= +k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= +k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8= k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w= +k8s.io/component-base v0.31.3 h1:DMCXXVx546Rfvhj+3cOm2EUxhS+EyztH423j+8sOwhQ= +k8s.io/component-base v0.31.3/go.mod h1:xME6BHfUOafRgT0rGVBGl7TuSg8Z9/deT7qq6w7qjIU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f h1:nLHvOvs1CZ+FAEwR4EqLeRLfbtWQNlIu5g393Hq/1UM= +k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f/go.mod h1:iZjdMQzunI7O/sUrf/5WRX1gvaAIam32lKx9+paoLbU= k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24= k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM= +k8s.io/kubectl v0.31.3 h1:3r111pCjPsvnR98oLLxDMwAeM6OPGmPty6gSKaLTQes= +k8s.io/kubectl v0.31.3/go.mod h1:lhMECDCbJN8He12qcKqs2QfmVo9Pue30geovBVpH5fs= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= +k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= +oras.land/oras-go v1.2.6 h1:z8cmxQXBU8yZ4mkytWqXfo6tZcamPwjsuxYU81xJ8Lk= +oras.land/oras-go v1.2.6/go.mod h1:OVPc1PegSEe/K8YiLfosrlqlqTN9PUyFvOw5Y9gwrT8= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= +sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo= +sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U= sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= +sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E= +sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= +sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 868d9d571eef64bf20a5d43d74425bac90876208 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 13:52:30 +0900 Subject: [PATCH 0436/1209] https://ca-srg.dev/28baefb78f0f44169b1879555dc81dbd Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 1 + k8s/_argocd/applications/argocd.yaml | 1 + k8s/_argocd/applications/namespaces.yaml | 1 + k8s/_argocd/argocd_components/values.yaml | 4 ++++ k8s/_argocd/clusters/kurumi/base.yaml | 1 + k8s/components/helm.libsonnet | 1 + 6 files changed, 9 insertions(+) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index 807339278..b1b1f9f39 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -41,3 +41,4 @@ spec: prune: true syncOptions: - ServerSideApply=true + - FailOnSharedResource=true diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index ff77ec903..f8b39508e 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -28,3 +28,4 @@ spec: prune: true syncOptions: - ServerSideApply=true + - FailOnSharedResource=true diff --git a/k8s/_argocd/applications/namespaces.yaml b/k8s/_argocd/applications/namespaces.yaml index 779d245d1..f8abb7377 100644 --- a/k8s/_argocd/applications/namespaces.yaml +++ b/k8s/_argocd/applications/namespaces.yaml @@ -26,3 +26,4 @@ spec: prune: true syncOptions: - ServerSideApply=true + - FailOnSharedResource=true diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index ba6db02ee..33031cd82 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -28,6 +28,10 @@ configs: - profile users.anonymous.enabled: false users.session.duration: "168h" # 7 days + application.resourceTrackingMethod: "annotation" + controller.resource.health.persist: "false" + controller.diff.server.side: "true" + params: otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317' server.insecure: true diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index 968558cd7..6c0fe1b19 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -25,3 +25,4 @@ spec: prune: true syncOptions: - ServerSideApply=true + - FailOnSharedResource=true diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet index a20279fc7..8dde00559 100644 --- a/k8s/components/helm.libsonnet +++ b/k8s/components/helm.libsonnet @@ -32,6 +32,7 @@ }, syncOptions: [ 'ServerSideApply=true', + 'FailOnSharedResource=true', ], }, source: { From 686b0e6b35a29ec5a659b5cb89f2c8958b2bf83f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 13:58:58 +0900 Subject: [PATCH 0437/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 33031cd82..f53278f84 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -71,12 +71,38 @@ server: enabled: true serviceMonitor: enabled: true + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 100 + targetMemoryUtilizationPercentage: 100 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 72Mi repoServer: metrics: enabled: true serviceMonitor: enabled: true + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 100 + targetMemoryUtilizationPercentage: 100 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi applicationSet: metrics: From 54298a71e108dd85389dccefe9eb0133b3a21e9a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 14:07:40 +0900 Subject: [PATCH 0438/1209] fix Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index f53278f84..eed965cae 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -101,7 +101,7 @@ repoServer: cpu: 200m memory: 512Mi requests: - cpu: 50m + cpu: 72m memory: 128Mi applicationSet: From f9c0fd5cc2a58026f608b928d8f3a5d06e1e8648 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 14:21:05 +0900 Subject: [PATCH 0439/1209] =?UTF-8?q?appproject=E3=82=82=E7=AE=A1=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 4 --- k8s/_argocd/applications/argocd.yaml | 4 --- k8s/_argocd/applications/namespaces.yaml | 4 --- .../argocd_components/appproject.jsonnet | 34 +++++++++++++++++++ k8s/_argocd/clusters/kurumi/base.yaml | 4 --- k8s/components/helm.libsonnet | 6 ---- 6 files changed, 34 insertions(+), 22 deletions(-) create mode 100644 k8s/_argocd/argocd_components/appproject.jsonnet diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index b1b1f9f39..c6283bf78 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -15,10 +15,6 @@ spec: template: metadata: name: '{{.name}}' - annotations: - notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index f8b39508e..3e35a09ba 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -3,10 +3,6 @@ kind: Application metadata: name: argocd namespace: argocd - annotations: - notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/applications/namespaces.yaml b/k8s/_argocd/applications/namespaces.yaml index f8abb7377..528c6a0a9 100644 --- a/k8s/_argocd/applications/namespaces.yaml +++ b/k8s/_argocd/applications/namespaces.yaml @@ -3,10 +3,6 @@ kind: Application metadata: name: namespaces namespace: argocd - annotations: - notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/_argocd/argocd_components/appproject.jsonnet b/k8s/_argocd/argocd_components/appproject.jsonnet new file mode 100644 index 000000000..a0a9a1492 --- /dev/null +++ b/k8s/_argocd/argocd_components/appproject.jsonnet @@ -0,0 +1,34 @@ +{ + apiVersion: 'argoproj.io/v1alpha1', + kind: 'AppProject', + metadata: { + name: 'default', + namespace: (import 'app.json5').namespace, + annotations: { + local slackChannel = 'walnuts-sysop', + 'notifications.argoproj.io/subscribe.on-deleted.slack': slackChannel, + 'notifications.argoproj.io/subscribe.on-health-degraded.slack': slackChannel, + 'notifications.argoproj.io/subscribe.on-sync-failed.slack': slackChannel, + }, + }, + spec: { + clusterResourceWhitelist: [ + { + group: '*', + kind: '*', + }, + ], + destinations: [ + { + namespace: '*', + server: '*', + }, + ], + orphanedResources: { + warn: true, + }, + sourceRepos: [ + '*', + ], + }, +} diff --git a/k8s/_argocd/clusters/kurumi/base.yaml b/k8s/_argocd/clusters/kurumi/base.yaml index 6c0fe1b19..90dd53cb8 100644 --- a/k8s/_argocd/clusters/kurumi/base.yaml +++ b/k8s/_argocd/clusters/kurumi/base.yaml @@ -3,10 +3,6 @@ kind: Application metadata: name: base namespace: argocd - annotations: - notifications.argoproj.io/subscribe.on-deleted.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-health-degraded.slack: walnuts-sysop - notifications.argoproj.io/subscribe.on-sync-failed.slack: walnuts-sysop spec: project: default destination: diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet index 8dde00559..85a1d70d7 100644 --- a/k8s/components/helm.libsonnet +++ b/k8s/components/helm.libsonnet @@ -12,12 +12,6 @@ metadata: { name: $.name + '-helm', namespace: 'argocd', - annotations: { - local slackChannel = 'walnuts-sysop', - 'notifications.argoproj.io/subscribe.on-deleted.slack': slackChannel, - 'notifications.argoproj.io/subscribe.on-health-degraded.slack': slackChannel, - 'notifications.argoproj.io/subscribe.on-sync-failed.slack': slackChannel, - }, }, spec: { project: 'default', From 9c705f43069175a2b3e2a2fe006e2d3b4e455f23 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 14:22:22 +0900 Subject: [PATCH 0440/1209] test Signed-off-by: walnuts1018 --- k8s/_argocd/applications/argocd.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index 3e35a09ba..cdf631d8d 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -3,6 +3,8 @@ kind: Application metadata: name: argocd namespace: argocd + annotations: + argocd.argoproj.io/compare-options: IncludeMutationWebhook=true spec: project: default destination: From b1ff9dcfd46049aa227b419a0faf820fe8148d0b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 14:51:52 +0900 Subject: [PATCH 0441/1209] =?UTF-8?q?argocd.yaml=E3=81=8B=E3=82=89?= =?UTF-8?q?=E6=AF=94=E8=BC=83=E3=82=AA=E3=83=97=E3=82=B7=E3=83=A7=E3=83=B3?= =?UTF-8?q?=E3=81=AE=E3=82=A2=E3=83=8E=E3=83=86=E3=83=BC=E3=82=B7=E3=83=A7?= =?UTF-8?q?=E3=83=B3=E3=82=92=E5=89=8A=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- k8s/_argocd/applications/argocd.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/k8s/_argocd/applications/argocd.yaml b/k8s/_argocd/applications/argocd.yaml index cdf631d8d..3e35a09ba 100644 --- a/k8s/_argocd/applications/argocd.yaml +++ b/k8s/_argocd/applications/argocd.yaml @@ -3,8 +3,6 @@ kind: Application metadata: name: argocd namespace: argocd - annotations: - argocd.argoproj.io/compare-options: IncludeMutationWebhook=true spec: project: default destination: From 38b649f9f2bf799c4e0950a5e75da9af624296a0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 14:53:31 +0900 Subject: [PATCH 0442/1209] cm -> params Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index eed965cae..dd079ddc9 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -29,13 +29,13 @@ configs: users.anonymous.enabled: false users.session.duration: "168h" # 7 days application.resourceTrackingMethod: "annotation" - controller.resource.health.persist: "false" - controller.diff.server.side: "true" - params: otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317' server.insecure: true server.basehref: / + controller.diff.server.side: "true" + controller.resource.health.persist: "false" + rbac: create: true policy.csv: | From f5f6abebf6a7032e042df5828837e75d2c825a71 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 15:33:57 +0900 Subject: [PATCH 0443/1209] add Signed-off-by: walnuts1018 --- .../collectors/_base.libsonnet | 47 +++++++++++++++++++ .../collectors/daemonset.jsonnet | 15 ++++++ .../collectors/default.jsonnet | 3 ++ .../collectors/deployment.jsonnet | 27 +++++++++++ 4 files changed, 92 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet index b3e952496..1a34d3ca5 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet @@ -4,5 +4,52 @@ spec: { managementState: 'managed', serviceAccount: (import '../sa.jsonnet').metadata.name, + service: { + telemetry: { + metrics: { + readers: [ + { + periodic: { + interval: 10000, + exporter: { + otlp: { + protocol: 'grpc/protobuf', + endpoint: 'http://localhost:14317', + }, + }, + }, + }, + ], + }, + traces: { + processors: [ + { + batch: { + exporter: { + otlp: { + protocol: 'grpc/protobuf', + endpoint: 'http://localhost:14317', + }, + }, + }, + }, + ], + }, + logs: { + processors: [ + { + batch: { + exporter: { + otlp: { + protocol: 'grpc/protobuf', + endpoint: 'http://localhost:14317', + }, + }, + }, + }, + ], + }, + }, + }, }, } diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 31931ab4e..11d7294e1 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -145,6 +145,7 @@ std.mergePatch((import '_base.libsonnet'), { pipelines: { metrics: { receivers: [ + 'otlp/internal', 'hostmetrics', 'kubeletstats', ], @@ -158,8 +159,22 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, + traces: { + receivers: [ + 'otlp/internal', + ], + processors: [ + 'memory_limiter', + 'batch', + 'k8sattributes', + ], + exporters: [ + 'otlp/default', + ], + }, logs: { receivers: [ + 'otlp/internal', 'filelog', ], processors: [ diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index b2712701e..6dd23ab28 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -143,6 +143,7 @@ std.mergePatch((import '_base.libsonnet'), { pipelines: { traces: { receivers: [ + 'otlp/internal', 'otlp', ], processors: [ @@ -157,6 +158,7 @@ std.mergePatch((import '_base.libsonnet'), { }, metrics: { receivers: [ + 'otlp/internal', 'otlp', 'spanmetrics', ], @@ -171,6 +173,7 @@ std.mergePatch((import '_base.libsonnet'), { }, logs: { receivers: [ + 'otlp/internal', 'otlp', ], processors: [ diff --git a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet index fe7f36544..a1252b312 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet @@ -84,6 +84,7 @@ std.mergePatch((import '_base.libsonnet'), { pipelines: { metrics: { receivers: [ + 'otlp/internal', 'k8s_cluster', ], processors: [ @@ -95,6 +96,32 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, + traces: { + receivers: [ + 'otlp/internal', + ], + processors: [ + 'memory_limiter', + 'batch', + 'k8sattributes', + ], + exporters: [ + 'otlp/default', + ], + }, + logs: { + receivers: [ + 'otlp/internal', + ], + processors: [ + 'memory_limiter', + 'batch', + 'k8sattributes', + ], + exporters: [ + 'otlp/default', + ], + }, }, }, }, From 906673576adbb9f6f4dc54c44b2ec076c0f8d57d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 15:34:53 +0900 Subject: [PATCH 0444/1209] fix Signed-off-by: walnuts1018 --- .../collectors/_base.libsonnet | 72 ++++++++++--------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet index 1a34d3ca5..c3c48b995 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet @@ -4,50 +4,52 @@ spec: { managementState: 'managed', serviceAccount: (import '../sa.jsonnet').metadata.name, - service: { - telemetry: { - metrics: { - readers: [ - { - periodic: { - interval: 10000, - exporter: { - otlp: { - protocol: 'grpc/protobuf', - endpoint: 'http://localhost:14317', + config: { + service: { + telemetry: { + metrics: { + readers: [ + { + periodic: { + interval: 10000, + exporter: { + otlp: { + protocol: 'grpc/protobuf', + endpoint: 'http://localhost:14317', + }, }, }, }, - }, - ], - }, - traces: { - processors: [ - { - batch: { - exporter: { - otlp: { - protocol: 'grpc/protobuf', - endpoint: 'http://localhost:14317', + ], + }, + traces: { + processors: [ + { + batch: { + exporter: { + otlp: { + protocol: 'grpc/protobuf', + endpoint: 'http://localhost:14317', + }, }, }, }, - }, - ], - }, - logs: { - processors: [ - { - batch: { - exporter: { - otlp: { - protocol: 'grpc/protobuf', - endpoint: 'http://localhost:14317', + ], + }, + logs: { + processors: [ + { + batch: { + exporter: { + otlp: { + protocol: 'grpc/protobuf', + endpoint: 'http://localhost:14317', + }, }, }, }, - }, - ], + ], + }, }, }, }, From eb55155e3b1b64a48da817e56875b02f4e1df431 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 15:43:02 +0900 Subject: [PATCH 0445/1209] fix Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 1 - .../collectors/default.jsonnet | 1 - .../collectors/deployment.jsonnet | 13 ------------- .../collectors/prometheus-exporter.jsonnet | 1 + 4 files changed, 1 insertion(+), 15 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 11d7294e1..0081a60d7 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -174,7 +174,6 @@ std.mergePatch((import '_base.libsonnet'), { }, logs: { receivers: [ - 'otlp/internal', 'filelog', ], processors: [ diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 6dd23ab28..48eb0407f 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -173,7 +173,6 @@ std.mergePatch((import '_base.libsonnet'), { }, logs: { receivers: [ - 'otlp/internal', 'otlp', ], processors: [ diff --git a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet index a1252b312..cfa1a2072 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet @@ -109,19 +109,6 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, - logs: { - receivers: [ - 'otlp/internal', - ], - processors: [ - 'memory_limiter', - 'batch', - 'k8sattributes', - ], - exporters: [ - 'otlp/default', - ], - }, }, }, }, diff --git a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet index 49b6c6445..4dc286a6c 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet @@ -51,6 +51,7 @@ std.mergePatch((import '_base.libsonnet'), { }, }, }, + telemetry:: null, }, resources: { requests: { From 0f757fa860137e0b5ba4467dc003a53f61f5d7e5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 15:46:44 +0900 Subject: [PATCH 0446/1209] fix Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 0081a60d7..fa59e80a6 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -159,19 +159,19 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, - traces: { - receivers: [ - 'otlp/internal', - ], - processors: [ - 'memory_limiter', - 'batch', - 'k8sattributes', - ], - exporters: [ - 'otlp/default', - ], - }, + // traces: { + // receivers: [ + // 'otlp/internal', + // ], + // processors: [ + // 'memory_limiter', + // 'batch', + // 'k8sattributes', + // ], + // exporters: [ + // 'otlp/default', + // ], + // }, logs: { receivers: [ 'filelog', From b8bad85bc05f3899eef6eb5c7be8c4a2a77e0358 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 15:48:09 +0900 Subject: [PATCH 0447/1209] rm Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index fa59e80a6..31931ab4e 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -145,7 +145,6 @@ std.mergePatch((import '_base.libsonnet'), { pipelines: { metrics: { receivers: [ - 'otlp/internal', 'hostmetrics', 'kubeletstats', ], @@ -159,19 +158,6 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, - // traces: { - // receivers: [ - // 'otlp/internal', - // ], - // processors: [ - // 'memory_limiter', - // 'batch', - // 'k8sattributes', - // ], - // exporters: [ - // 'otlp/default', - // ], - // }, logs: { receivers: [ 'filelog', From f92ba156907f18b5a79231a1dcfc779e9a75e723 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 15:51:46 +0900 Subject: [PATCH 0448/1209] fix Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 31931ab4e..903b818d4 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -145,6 +145,7 @@ std.mergePatch((import '_base.libsonnet'), { pipelines: { metrics: { receivers: [ + 'otlp/internal', 'hostmetrics', 'kubeletstats', ], @@ -171,6 +172,18 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, + traces: { + receivers: [ + 'filelog', + ], + processors: [ + 'memory_limiter', + 'batch', + ], + exporters: [ + 'otlp/default', + ], + }, }, }, }, From 83ff4b36d568b4877072e92c919ee2d0e86fb6ae Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 15:54:35 +0900 Subject: [PATCH 0449/1209] fix Signed-off-by: walnuts1018 --- .../collectors/_base.libsonnet | 49 ------------------- .../collectors/daemonset.jsonnet | 1 - .../collectors/default.jsonnet | 2 - .../collectors/deployment.jsonnet | 14 ------ .../collectors/prometheus-exporter.jsonnet | 1 - 5 files changed, 67 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet index c3c48b995..b3e952496 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/_base.libsonnet @@ -4,54 +4,5 @@ spec: { managementState: 'managed', serviceAccount: (import '../sa.jsonnet').metadata.name, - config: { - service: { - telemetry: { - metrics: { - readers: [ - { - periodic: { - interval: 10000, - exporter: { - otlp: { - protocol: 'grpc/protobuf', - endpoint: 'http://localhost:14317', - }, - }, - }, - }, - ], - }, - traces: { - processors: [ - { - batch: { - exporter: { - otlp: { - protocol: 'grpc/protobuf', - endpoint: 'http://localhost:14317', - }, - }, - }, - }, - ], - }, - logs: { - processors: [ - { - batch: { - exporter: { - otlp: { - protocol: 'grpc/protobuf', - endpoint: 'http://localhost:14317', - }, - }, - }, - }, - ], - }, - }, - }, - }, }, } diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 903b818d4..32579c951 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -145,7 +145,6 @@ std.mergePatch((import '_base.libsonnet'), { pipelines: { metrics: { receivers: [ - 'otlp/internal', 'hostmetrics', 'kubeletstats', ], diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 48eb0407f..b2712701e 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -143,7 +143,6 @@ std.mergePatch((import '_base.libsonnet'), { pipelines: { traces: { receivers: [ - 'otlp/internal', 'otlp', ], processors: [ @@ -158,7 +157,6 @@ std.mergePatch((import '_base.libsonnet'), { }, metrics: { receivers: [ - 'otlp/internal', 'otlp', 'spanmetrics', ], diff --git a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet index cfa1a2072..fe7f36544 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet @@ -84,7 +84,6 @@ std.mergePatch((import '_base.libsonnet'), { pipelines: { metrics: { receivers: [ - 'otlp/internal', 'k8s_cluster', ], processors: [ @@ -96,19 +95,6 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, - traces: { - receivers: [ - 'otlp/internal', - ], - processors: [ - 'memory_limiter', - 'batch', - 'k8sattributes', - ], - exporters: [ - 'otlp/default', - ], - }, }, }, }, diff --git a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet index 4dc286a6c..49b6c6445 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet @@ -51,7 +51,6 @@ std.mergePatch((import '_base.libsonnet'), { }, }, }, - telemetry:: null, }, resources: { requests: { From 0e934e69eb3deb734b5bcb5dff37ab5a16fdf7e4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 15:59:16 +0900 Subject: [PATCH 0450/1209] cert-manager: enable Prometheus monitoring and service monitor Signed-off-by: walnuts1018 --- k8s/apps/cert-manager/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/cert-manager/values.yaml b/k8s/apps/cert-manager/values.yaml index 34d5f9d6a..aba4e7102 100644 --- a/k8s/apps/cert-manager/values.yaml +++ b/k8s/apps/cert-manager/values.yaml @@ -2,3 +2,7 @@ installCRDs: true config: featureGates: ExperimentalGatewayAPISupport: true +prometheus: + enabled: true + servicemonitor: + enabled: true From 9d03440baac3d24f18972ee75bc698c8d45e88a8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 16:02:56 +0900 Subject: [PATCH 0451/1209] rm trace Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 32579c951..31931ab4e 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -171,18 +171,6 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, - traces: { - receivers: [ - 'filelog', - ], - processors: [ - 'memory_limiter', - 'batch', - ], - exporters: [ - 'otlp/default', - ], - }, }, }, }, From f245998d867d6b49f2959c4bfb6b57c231d6a95e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 16:25:40 +0900 Subject: [PATCH 0452/1209] tempo: increase memory request from 300Mi to 1Gi Signed-off-by: walnuts1018 --- k8s/apps/tempo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/values.yaml b/k8s/apps/tempo/values.yaml index e3ca66a86..c83d12d8f 100644 --- a/k8s/apps/tempo/values.yaml +++ b/k8s/apps/tempo/values.yaml @@ -1,7 +1,7 @@ tempo: resources: requests: - memory: 300Mi + memory: 1Gi limits: memory: 4Gi storage: From 7087ea7450dc4f7e96d0d627e89019dac8911bde Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 16:26:56 +0900 Subject: [PATCH 0453/1209] komga: update resource limits and requests for CPU and memory Signed-off-by: walnuts1018 --- k8s/apps/komga/statefulset.jsonnet | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet index f348ebcdc..850dc42e2 100644 --- a/k8s/apps/komga/statefulset.jsonnet +++ b/k8s/apps/komga/statefulset.jsonnet @@ -22,9 +22,13 @@ name: 'komga', image: 'gotson/komga:1.14.1', resources: { - limits: {}, + limits: { + cpu: '500m', + memory: '2Gi', + }, requests: { - memory: '600Mi', + cpu: '5m', + memory: '1Gi', }, }, securityContext:: null, From 97edbf3d7191f5a15828550ad305e9fa7505a077 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 9 Dec 2024 16:29:00 +0900 Subject: [PATCH 0454/1209] add Signed-off-by: walnuts1018 --- k8s/components/oauth2-proxy/values.libsonnet | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/k8s/components/oauth2-proxy/values.libsonnet b/k8s/components/oauth2-proxy/values.libsonnet index 57d302643..81a02217e 100644 --- a/k8s/components/oauth2-proxy/values.libsonnet +++ b/k8s/components/oauth2-proxy/values.libsonnet @@ -41,4 +41,14 @@ metrics: { enabled: true, }, + resources: { + limits: { + cpu: '100m', + memory: '128Mi', + }, + requests: { + cpu: '1m', + memory: '5Mi', + }, + }, } From c161636ff33e05ac3a21b85c08350704d11010b4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 12:30:27 +0000 Subject: [PATCH 0455/1209] chore(deps): update ghcr.io/walnuts1018/fitbit-manager docker tag to v0.8.7 --- k8s/apps/fitbit-manager/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index b9a1c4c18..294491ef2 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:0.8.4', + image: 'ghcr.io/walnuts1018/fitbit-manager:0.8.7', imagePullPolicy: 'IfNotPresent', ports: [ { From 1bcfceda79cdf2e3a704f3131669e6f82bfcb234 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 12:31:30 +0000 Subject: [PATCH 0456/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-backend docker tag to v2da1b6028da3649972992f11839328abb376c08f-81 (#1051) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index a1d81a2c7..fa8cfa531 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:f867097ae9f98eeb20f9a9504d2d9ca1e2376a0e-80', + image: 'ghcr.io/walnuts1018/mucaron-backend:2da1b6028da3649972992f11839328abb376c08f-81', ports: [ { containerPort: 8080, From e1fb45b1e592cf2ce6fce7e77dc84c4ce27aef62 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 12:31:39 +0000 Subject: [PATCH 0457/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-frontend docker tag to c50e0d09f307d7b9cd04d9edf59a632e6a321b01-62 (#1052) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 57c24d678..6c63dadd1 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:fcc74b7335f488a4da70f3d7cee20ae6aa4533cf-61', + image: 'ghcr.io/walnuts1018/mucaron-frontend:c50e0d09f307d7b9cd04d9edf59a632e6a321b01-62', ports: [ { containerPort: 3000, From c6d01f364f929a5638fcd808da5eb035d8441b3e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 12:31:43 +0000 Subject: [PATCH 0458/1209] chore(deps): update helm release argo-cd to v7.7.8 (#1054) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 6ee365058..848f6aa8a 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.7', + targetRevision: '7.7.8', values: (importstr 'values.yaml'), } From ad6feb4e1cb31f08a323ceb2b4420c21d2f0ce9a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 12:31:58 +0000 Subject: [PATCH 0459/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v3151826ffd8aff84aa04b14114fbe7bf2797e404-323 (#1053) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 114dea193..7017383d0 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:cc820a51cee584b52034b8e2cc38e9fdbea46f83-308', + image: 'ghcr.io/walnuts1018/walnuts.dev:3151826ffd8aff84aa04b14114fbe7bf2797e404-323', imagePullPolicy: 'IfNotPresent', ports: [ { From c2d4677d304c79c25d15222a6528eef835b362ff Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 16:35:31 +0000 Subject: [PATCH 0460/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.272.0 (#1055) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index f062dbbc6..8b8cb2e0e 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.271.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.272.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From b0976e5addf37ba9fa44593a99a68bf158abffd6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 10 Dec 2024 13:53:55 +0900 Subject: [PATCH 0461/1209] argocd: disable orphaned resources warning Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/appproject.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/appproject.jsonnet b/k8s/_argocd/argocd_components/appproject.jsonnet index a0a9a1492..101b046b7 100644 --- a/k8s/_argocd/argocd_components/appproject.jsonnet +++ b/k8s/_argocd/argocd_components/appproject.jsonnet @@ -25,7 +25,7 @@ }, ], orphanedResources: { - warn: true, + warn: false, }, sourceRepos: [ '*', From e172b2070d255a0d4a70b2839cefce800e2766be Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 10 Dec 2024 13:58:28 +0900 Subject: [PATCH 0462/1209] add Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index dd079ddc9..c1e1790bd 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -79,11 +79,11 @@ server: targetMemoryUtilizationPercentage: 100 resources: limits: - cpu: 200m + cpu: 500m memory: 512Mi requests: - cpu: 10m - memory: 72Mi + cpu: 20m + memory: 96Mi repoServer: metrics: @@ -98,10 +98,10 @@ repoServer: targetMemoryUtilizationPercentage: 100 resources: limits: - cpu: 200m + cpu: 500m memory: 512Mi requests: - cpu: 72m + cpu: 128m memory: 128Mi applicationSet: From 1804ffc60152d0f8c321c8e89ba5d00c5b36886a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 10 Dec 2024 14:03:19 +0900 Subject: [PATCH 0463/1209] argocd: increase CPU request for server component Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index c1e1790bd..dc202f6db 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -82,7 +82,7 @@ server: cpu: 500m memory: 512Mi requests: - cpu: 20m + cpu: 100m memory: 96Mi repoServer: From fdedb2b99098357801e51413fd2df38b3d96282d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 10 Dec 2024 14:03:47 +0900 Subject: [PATCH 0464/1209] argocd: decrease CPU request for server component Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index dc202f6db..911789b63 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -82,7 +82,7 @@ server: cpu: 500m memory: 512Mi requests: - cpu: 100m + cpu: 50m memory: 96Mi repoServer: From 7e9004960115851b419f2d9cb6746e0f0f8aed8a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 13:11:12 +0000 Subject: [PATCH 0465/1209] chore(deps): update cloudflare/cloudflared docker tag to v2024.12.0 --- k8s/apps/cloudflared/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflared/deployment.jsonnet b/k8s/apps/cloudflared/deployment.jsonnet index 0d691e59c..c2587dc70 100644 --- a/k8s/apps/cloudflared/deployment.jsonnet +++ b/k8s/apps/cloudflared/deployment.jsonnet @@ -30,7 +30,7 @@ securityContext: { readOnlyRootFilesystem: true, }, - image: 'cloudflare/cloudflared:2024.11.1', + image: 'cloudflare/cloudflared:2024.12.0', imagePullPolicy: 'IfNotPresent', args: [ '--no-autoupdate', From 6728d5aac5a9230567c28bee680bb5e3c4fd50ff Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 13:11:21 +0000 Subject: [PATCH 0466/1209] chore(deps): update helm release tempo to v1.15.0 --- k8s/apps/tempo/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet index 622c61028..7a84c686e 100644 --- a/k8s/apps/tempo/helm.jsonnet +++ b/k8s/apps/tempo/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'tempo', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '1.14.0', + targetRevision: '1.15.0', values: (importstr 'values.yaml'), } From 53ff59dbb08c7be5817c7c14efbd3ebc661cd65e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 13:13:24 +0000 Subject: [PATCH 0467/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.273.0 (#1057) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 8b8cb2e0e..5c16b5473 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.272.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.273.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From c5e7df63e402c95edc80d7411a9b69e4bc1eff6c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 17:27:13 +0000 Subject: [PATCH 0468/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-backend docker tag to d46a2837971e1780e541ea4fd057b48c84ea0308-84 (#1059) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index fa8cfa531..f8036fc9a 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:2da1b6028da3649972992f11839328abb376c08f-81', + image: 'ghcr.io/walnuts1018/mucaron-backend:d46a2837971e1780e541ea4fd057b48c84ea0308-84', ports: [ { containerPort: 8080, From 15a3d7b08356873f99acf0193d84c96e8680cd42 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 18:42:32 +0000 Subject: [PATCH 0469/1209] chore(deps): update ghcr.io/tailscale/tailscale docker tag to v1.78.1 --- k8s/apps/tailscale/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tailscale/deployment.jsonnet b/k8s/apps/tailscale/deployment.jsonnet index dae022c64..841ce83d9 100644 --- a/k8s/apps/tailscale/deployment.jsonnet +++ b/k8s/apps/tailscale/deployment.jsonnet @@ -24,7 +24,7 @@ (import '../../components/container.libsonnet') { name: 'tailscale', imagePullPolicy: 'IfNotPresent', - image: 'ghcr.io/tailscale/tailscale:v1.76.6', + image: 'ghcr.io/tailscale/tailscale:v1.78.1', env: [ { name: 'TS_KUBE_SECRET', From 64da7d5ff40434c782696ddbf74fddafa5528600 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 18:43:31 +0000 Subject: [PATCH 0470/1209] chore(deps): update cloudflare/cloudflared docker tag to v2024.12.1 (#1060) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/cloudflared/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflared/deployment.jsonnet b/k8s/apps/cloudflared/deployment.jsonnet index c2587dc70..13d95b6a3 100644 --- a/k8s/apps/cloudflared/deployment.jsonnet +++ b/k8s/apps/cloudflared/deployment.jsonnet @@ -30,7 +30,7 @@ securityContext: { readOnlyRootFilesystem: true, }, - image: 'cloudflare/cloudflared:2024.12.0', + image: 'cloudflare/cloudflared:2024.12.1', imagePullPolicy: 'IfNotPresent', args: [ '--no-autoupdate', From e3e5317561b4a1b68d5504f2dbcc10c91b08c9f6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 23:20:14 +0000 Subject: [PATCH 0471/1209] chore(deps): update helm release nextcloud to v6.3.1 (#1062) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index b9db82316..f4c3b8e14 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.3.0', + targetRevision: '6.3.1', values: (importstr 'values.yaml'), } From f2f0b97af3403f3758f53c35777aa02c4a8a7fde Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 08:28:20 +0000 Subject: [PATCH 0472/1209] chore(deps): update terraform cloudflare to v4.48.0 --- terraform/modules/cloudflare/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/cloudflare/provider.tf b/terraform/modules/cloudflare/provider.tf index 05edf67fd..67d649614 100644 --- a/terraform/modules/cloudflare/provider.tf +++ b/terraform/modules/cloudflare/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "4.47.0" + version = "4.48.0" } } } From 59b5f040996e280e5f44eeea2954c3ffa86d6fea Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 10:52:07 +0000 Subject: [PATCH 0473/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to a3fd41927cd3ffad0c659e9938ba8614be73d191-327 (#1064) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 7017383d0..6034b4c49 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:3151826ffd8aff84aa04b14114fbe7bf2797e404-323', + image: 'ghcr.io/walnuts1018/walnuts.dev:a3fd41927cd3ffad0c659e9938ba8614be73d191-327', imagePullPolicy: 'IfNotPresent', ports: [ { From 2a5abff4ebc4a581e372d5d1972f0959f1cfc3b6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 11 Dec 2024 20:04:09 +0900 Subject: [PATCH 0474/1209] chore(deps): update cloudflare provider to v4.48.0 and aws provider to v5.80.0 Signed-off-by: walnuts1018 --- terraform/kurumi/.terraform.lock.hcl | 68 ++++++++++++------------- terraform/modules/cloudflare/ruleset.tf | 46 ++++++++--------- 2 files changed, 57 insertions(+), 57 deletions(-) diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 875640089..276f99455 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,47 +2,47 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/cloudflare/cloudflare" { - version = "4.47.0" - constraints = "4.47.0" + version = "4.48.0" + constraints = "4.48.0" hashes = [ - "h1:Im2G7kUnZj6GWzsJEUL6cNOtlTa7A0DCuBOouiiJWTE=", - "zh:1df6a36bad08e95518987a15584e535a1dad5fa0ee6e067c0c39d709a285f6b9", - "zh:20dce2a63f24f571f4d52d3217811d71e8d21f149f751d5972ec19200674638a", - "zh:6571aeeb61d4a27b4210a1979028119a1905e162b0c3845e7b549d6e0a08c36d", - "zh:87ec7ebe65c8884e174999c22970e2f28b0da4e0f65bdc92db051eb3dd649f78", + "h1:Uu/gjBc99GefdPdSrlBwU75DWU0ZcwGcrd3ZFyTeL0s=", + "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c", + "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997", + "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b", + "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb", + "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153", + "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8", + "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f", + "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04", + "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937", + "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:a20d1c0865a9443ada90ab7c83bd8605024452cf1e9f3b2ed2efcf06221b7835", - "zh:a5a5a91f658029ae3bb0414643ca09bd6a98a1980e197a9eb2ea4ba96a190d88", - "zh:b12623a85840821c465b87b1d65542f8f4a77079afef0ad2cc102a9f6eb4045c", - "zh:b83ac4f0b81aee32b3670f5870245172741bb86b153623da687d3c45ec9c1af9", - "zh:bb1ad4fcb949b12e5b40a21e65963ff64e20e72ab4c87a3ec91306b440a2cf35", - "zh:cb5a8bc24444a9d8f536b5acb7f6346f12c03e23539b183cb370f4876992360f", - "zh:ce6cc02ac4fc8cdf48a64254fdb0ea859b5b48e7fc08c7f1fcb8e9364ed32434", - "zh:e44643c86d38799991f5eb2378c00ca4738ec0f21dd64536dadffd71a337d778", - "zh:e5024d6792fcaa974b5f294399eea9b9c7d3d5d228423e71941994858a20c58f", - "zh:f9b18d0443487e30e0f3b83e311f17c85d184dc9f55b3f9b31332e815c41745a", + "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c", + "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532", + "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f", + "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758", ] } provider "registry.terraform.io/hashicorp/aws" { - version = "5.78.0" - constraints = "~> 5.78.0" + version = "5.80.0" + constraints = "~> 5.80.0" hashes = [ - "h1:GwVGbd+IHAq+qwGs2QKuxazKzrJhSWVicYyGBPftuG0=", - "zh:0ae7d41b96441d0cf7ce2e1337657bdb2e1e5c9f1c2227b0642e1dcec2f9dfba", - "zh:21f8f1edf477681ea3b095c02cad6b8e85262e45015de58e84e0c7b2bfe9a1f6", - "zh:2bdc335e341bf98445255549ae93d66cfb9bca706e62b949da98fe467c182cad", - "zh:2fe4096e260367a225a9faf4a424d62b87e5498f12cb43bdb6f4e713d11b82c3", - "zh:3c63bb7a7925d65118d17461f4691a22dbb55ea39a7404e4d71f6ccca8765f8b", - "zh:6609a28a1c638a1901d8007b5386868ccfd313b4df2e98b35d9fdef436974e3b", - "zh:7ae3aef43bc4b365824cca4659cf92459d766800656e354bdbf83feabab835e8", + "h1:Qg45JNIes88ZwSZ2q3cMHE08GmBTOIOvcNSshQlG7zs=", + "zh:0b1655e39639d60f2de2860a5df8642f9556ba0ca04529c1b861fde4935cb0df", + "zh:13dc0155e0a11edceee29ce687fc04c5a5a85f3324c67556472713cfd52e5807", + "zh:180f6cb2be44be14cfe329e0649121b774319f083b6e4e8fb749f85090d73121", + "zh:3158d44b74c67465f7f19f22c42b643840c8d18ce833e2ec86e8d93085b06926", + "zh:6351b5bf7cde5dc83e926944891570636069e05ca43341f4d1feda67773469bf", + "zh:6fa9db1532096ba50e842d369b6688979306d2295c7ead49b8a266b0d60962cc", + "zh:85d2fe75def7619ff2cc29102048875039cad088fafb62ecc14c3763e7b1e9d9", + "zh:9028d653f1d7341c6dfe2afe961b6541581e9043a474eac2faf90e6426a24f6d", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:c314efe454adc6ca483261c6906e64315aeb9db0c0332818714e9b81e07df0f0", - "zh:cd3e30396b554bbc1d260252db8a0f344065d619038fe60ea870689cd32c6aa9", - "zh:d1ba48fd9d8a1cb1daa927fb9e8bb708b857f2792d796e110460c6fdcd896a47", - "zh:d31c8abe75cb9cdc1c59ad9d356a1c3ae1ba8cd29ac15eb7e01b6cd01221ab04", - "zh:dc27c5c2116b4d9b404753f73bccaa635bce21f3bfb4bb7bc8e63225c36c98fe", - "zh:de491f0d05408378413187475c815d8cb2ac6bfa63d0b42a30ad5ee492e51c07", - "zh:eb44b45a40f80a309dd5b0eb7d7fcb2cbfe588fe2f18b173ef5851346898a662", + "zh:9c4e248c442bc60f07f9f089e5361f19936833370dc3c04b27916672b765f0e1", + "zh:a710a3979596e3f3938c3ec6bb748e604724d3a4afa96ed2c14f0a245cc41a11", + "zh:c27936bdf447779d0c0833bf52a9ef618985f5ea8e3e243d6266513520ca31c4", + "zh:c7681134a123486e72eaedc3f8d2d75e267dbbfd45fa7de5aea8f757af57f89b", + "zh:ea717ebad3561fd02591f9eecf30f3df5635405556fba2bdbf29fd42691bebac", + "zh:f4e1e8f23c58c3e8f4371f9c3379a723ab4155246e6b6daad8eb99e16666b2cb", ] } diff --git a/terraform/modules/cloudflare/ruleset.tf b/terraform/modules/cloudflare/ruleset.tf index db9995a35..692438cfa 100644 --- a/terraform/modules/cloudflare/ruleset.tf +++ b/terraform/modules/cloudflare/ruleset.tf @@ -4,11 +4,11 @@ resource "cloudflare_ruleset" "terraform_managed_resource_304092e7f9904942998f39 phase = "http_config_settings" zone_id = cloudflare_zone.walnuts_dev.id rules { - action = "set_config" - description = "disable Rocket Loader" - enabled = true - expression = "(http.host eq \"hedgedoc.walnuts.dev\")" - ref = "9c1ef58603494a50af7855c3263e6bdf" + action = "set_config" + description = "disable Rocket Loader" + enabled = true + expression = "(http.host eq \"hedgedoc.walnuts.dev\") or (http.host eq \"misskey.walnuts.dev\") or (http.host eq \"nextcloud.walnuts.dev\")" + ref = "9c1ef58603494a50af7855c3263e6bdf" action_parameters { rocket_loader = false @@ -23,37 +23,37 @@ resource "cloudflare_ruleset" "terraform_managed_resource_d3a7c2d6242d41068be770 zone_id = cloudflare_zone.walnuts_dev.id rules { - action = "set_cache_settings" - description = "walnuts.dev" - enabled = true - expression = "(http.host eq \"walnuts.dev\")" - ref = "02afb6686434455195ad5e1d630a099d" + action = "set_cache_settings" + description = "walnuts.dev" + enabled = true + expression = "(http.host eq \"walnuts.dev\")" + ref = "02afb6686434455195ad5e1d630a099d" action_parameters { - cache = true + cache = true } } rules { - action = "set_cache_settings" - description = "misskey" - enabled = true - expression = "(http.host eq \"misskey.walnuts.dev\" and starts_with(http.request.uri, \"/api/\"))" - ref = "e6dbe87b1b2b483db3df88b5576deb03" + action = "set_cache_settings" + description = "misskey" + enabled = true + expression = "(http.host eq \"misskey.walnuts.dev\" and starts_with(http.request.uri, \"/api/\"))" + ref = "e6dbe87b1b2b483db3df88b5576deb03" action_parameters { - cache = false + cache = false } } rules { - action = "set_cache_settings" - description = "minio" - enabled = true - expression = "(http.host wildcard \"minio.walnuts.dev\")" - ref = "9f4de8f107314fbe8058a07b62e1ffcd" + action = "set_cache_settings" + description = "minio" + enabled = true + expression = "(http.host wildcard \"minio.walnuts.dev\")" + ref = "9f4de8f107314fbe8058a07b62e1ffcd" action_parameters { - cache = false + cache = false } } From a19914c93aab88106cba7b227ce7257d63d6e06a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 15:35:28 +0000 Subject: [PATCH 0475/1209] chore(deps): update helm release oauth2-proxy to v7.8.2 (#1065) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 8441f9713..735e9d38d 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.8.1', + targetRevision: '7.8.2', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From b1272711c255466856ec658cbe32c569613632ac Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 15:35:37 +0000 Subject: [PATCH 0476/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.274.0 (#1066) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 5c16b5473..75bf62150 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.273.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.274.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From d37abe9ab21de8918b5d1ee7418e2a440bd3df45 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 18:14:07 +0000 Subject: [PATCH 0477/1209] chore(deps): update helm release argo-cd to v7.7.9 (#1067) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 848f6aa8a..581f0822c 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.8', + targetRevision: '7.7.9', values: (importstr 'values.yaml'), } From cda271ea1a54c9f1e9c7e2284a0b6784a968dc53 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 12 Dec 2024 03:24:31 +0900 Subject: [PATCH 0478/1209] add kubeshark Signed-off-by: walnuts1018 --- k8s/apps/kubeshark/app.json5 | 4 ++++ k8s/apps/kubeshark/helm.jsonnet | 8 ++++++++ k8s/apps/kubeshark/values.yaml | 0 3 files changed, 12 insertions(+) create mode 100644 k8s/apps/kubeshark/app.json5 create mode 100644 k8s/apps/kubeshark/helm.jsonnet create mode 100644 k8s/apps/kubeshark/values.yaml diff --git a/k8s/apps/kubeshark/app.json5 b/k8s/apps/kubeshark/app.json5 new file mode 100644 index 000000000..a2e7384fc --- /dev/null +++ b/k8s/apps/kubeshark/app.json5 @@ -0,0 +1,4 @@ +{ + name: "kubeshark", + namespace: "kubeshark", +} diff --git a/k8s/apps/kubeshark/helm.jsonnet b/k8s/apps/kubeshark/helm.jsonnet new file mode 100644 index 000000000..643b14e35 --- /dev/null +++ b/k8s/apps/kubeshark/helm.jsonnet @@ -0,0 +1,8 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + chart: 'kubeshark', + repoURL: 'https://helm.kubeshark.co/', + targetRevision: '52.3.92', + values: (importstr 'values.yaml'), +} diff --git a/k8s/apps/kubeshark/values.yaml b/k8s/apps/kubeshark/values.yaml new file mode 100644 index 000000000..e69de29bb From 6639d9ee22b98c2069bc4a4046f7fd169bdce963 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 18:25:09 +0000 Subject: [PATCH 0479/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 5afb53ff4..aef1182de 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From aec4470c7e3996257bef3b6345965f9b1d429b35 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 12 Dec 2024 03:26:03 +0900 Subject: [PATCH 0480/1209] make namespace Signed-off-by: walnuts1018 --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 5afb53ff4..aef1182de 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From d9be2e52ae80ed6fabf9a5a5357637eb14f11fdf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 12 Dec 2024 03:38:33 +0900 Subject: [PATCH 0481/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/kubeshark/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/k8s/apps/kubeshark/values.yaml b/k8s/apps/kubeshark/values.yaml index e69de29bb..116bd2956 100644 --- a/k8s/apps/kubeshark/values.yaml +++ b/k8s/apps/kubeshark/values.yaml @@ -0,0 +1,6 @@ +# find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md +tap: + release: + repo: https://helm.kubeshark.co + name: kubeshark + namespace: kubeshark From 39e729ca88b78b43bdba10c98b2e2d070c25f757 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 12 Dec 2024 03:43:10 +0900 Subject: [PATCH 0482/1209] rm kubeshark Signed-off-by: walnuts1018 --- k8s/apps/kubeshark/app.json5 | 4 ---- k8s/apps/kubeshark/helm.jsonnet | 8 -------- k8s/apps/kubeshark/values.yaml | 6 ------ 3 files changed, 18 deletions(-) delete mode 100644 k8s/apps/kubeshark/app.json5 delete mode 100644 k8s/apps/kubeshark/helm.jsonnet delete mode 100644 k8s/apps/kubeshark/values.yaml diff --git a/k8s/apps/kubeshark/app.json5 b/k8s/apps/kubeshark/app.json5 deleted file mode 100644 index a2e7384fc..000000000 --- a/k8s/apps/kubeshark/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "kubeshark", - namespace: "kubeshark", -} diff --git a/k8s/apps/kubeshark/helm.jsonnet b/k8s/apps/kubeshark/helm.jsonnet deleted file mode 100644 index 643b14e35..000000000 --- a/k8s/apps/kubeshark/helm.jsonnet +++ /dev/null @@ -1,8 +0,0 @@ -(import '../../components/helm.libsonnet') { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - chart: 'kubeshark', - repoURL: 'https://helm.kubeshark.co/', - targetRevision: '52.3.92', - values: (importstr 'values.yaml'), -} diff --git a/k8s/apps/kubeshark/values.yaml b/k8s/apps/kubeshark/values.yaml deleted file mode 100644 index 116bd2956..000000000 --- a/k8s/apps/kubeshark/values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md -tap: - release: - repo: https://helm.kubeshark.co - name: kubeshark - namespace: kubeshark From 1df0055a70ff71e006339555f18d1c1fcad84547 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 06:46:28 +0000 Subject: [PATCH 0483/1209] chore(deps): update helm release argo-cd to v7.7.10 (#1069) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 581f0822c..c8105eb07 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.9', + targetRevision: '7.7.10', values: (importstr 'values.yaml'), } From dd393b8a8a9bcdd0d0c3377a6d0b36add48b9e94 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 15:17:27 +0000 Subject: [PATCH 0484/1209] chore(deps): update docker.elastic.co/elasticsearch/elasticsearch docker tag to v8.17.0 --- k8s/apps/elasticsearch/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/elasticsearch/deployment.jsonnet b/k8s/apps/elasticsearch/deployment.jsonnet index 8dd4c0155..0222b1695 100644 --- a/k8s/apps/elasticsearch/deployment.jsonnet +++ b/k8s/apps/elasticsearch/deployment.jsonnet @@ -28,7 +28,7 @@ type: 'RuntimeDefault', }, }, - image: 'docker.elastic.co/elasticsearch/elasticsearch:8.16.1', + image: 'docker.elastic.co/elasticsearch/elasticsearch:8.17.0', ports: [ { containerPort: 9200, From 48564ba0ddcd523191378f4cc36e7bb8b007a2e2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 15:17:35 +0000 Subject: [PATCH 0485/1209] chore(deps): update docker.elastic.co/kibana/kibana docker tag to v8.17.0 --- k8s/apps/kibana/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/kibana/deployment.jsonnet b/k8s/apps/kibana/deployment.jsonnet index 8de7a0a5c..83e74fe7f 100644 --- a/k8s/apps/kibana/deployment.jsonnet +++ b/k8s/apps/kibana/deployment.jsonnet @@ -23,7 +23,7 @@ readOnlyRootFilesystem: true, runAsNonRoot: true, }, - image: 'docker.elastic.co/kibana/kibana:8.16.1', + image: 'docker.elastic.co/kibana/kibana:8.17.0', ports: [ { name: 'http', From b405bebe3d7b36478d9303b1110d934581b1df7d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 15:17:44 +0000 Subject: [PATCH 0486/1209] chore(deps): update helm release kube-prometheus-stack to v66.4.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 595c85969..0a45556ed 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.3.1', + targetRevision: '66.4.0', values: (importstr 'values.yaml'), } From a0539633a7d94ed443a6600a361478a8caa8c0c1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 18:40:17 +0000 Subject: [PATCH 0487/1209] chore(deps): update helm release opentelemetry-operator to v0.75.1 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index 69a19a4e2..fcfe1f144 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.75.0', + targetRevision: '0.75.1', values: (importstr 'values.yaml'), } From 6d27ca9d8f8bd160a48a17692bc8ea5821c3680c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 18:41:07 +0000 Subject: [PATCH 0488/1209] chore(deps): update ghcr.io/tailscale/tailscale docker tag to v1.78.3 (#1073) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/tailscale/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tailscale/deployment.jsonnet b/k8s/apps/tailscale/deployment.jsonnet index 841ce83d9..0681d63da 100644 --- a/k8s/apps/tailscale/deployment.jsonnet +++ b/k8s/apps/tailscale/deployment.jsonnet @@ -24,7 +24,7 @@ (import '../../components/container.libsonnet') { name: 'tailscale', imagePullPolicy: 'IfNotPresent', - image: 'ghcr.io/tailscale/tailscale:v1.78.1', + image: 'ghcr.io/tailscale/tailscale:v1.78.3', env: [ { name: 'TS_KUBE_SECRET', From 7009d5530499683a0e92c90d8cdd35021fa2929e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 22:08:22 +0000 Subject: [PATCH 0489/1209] chore(deps): update terraform aws to ~> 5.81.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index 81826d829..67184c8f7 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.80.0" + version = "~> 5.81.0" } } } From e1c6993b8d511ed517cd16422f237f64d49335d8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 23:22:29 +0000 Subject: [PATCH 0490/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.275.0 (#1076) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 75bf62150..bd32d68a4 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.274.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.275.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From d611411494222ff69a3c1e643b5061e932aa9d1f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 08:42:55 +0000 Subject: [PATCH 0491/1209] chore(deps): update helm release zitadel to v8.7.2 (#1077) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 1a3f51345..e88580f36 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.7.1', + targetRevision: '8.7.2', values: (importstr 'values.yaml'), } From a5df5de832922be769c7ec948a9e6f6598c900e8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 10:13:26 +0000 Subject: [PATCH 0492/1209] chore(deps): update helm release kube-prometheus-stack to v66.5.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 0a45556ed..bf171f72a 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.4.0', + targetRevision: '66.5.0', values: (importstr 'values.yaml'), } From be82255b5b0e25c10ece66f8b8c8d350c79a69c7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 16:05:46 +0000 Subject: [PATCH 0493/1209] chore(deps): update helm release zitadel to v8.8.0 --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index e88580f36..15c0691a1 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.7.2', + targetRevision: '8.8.0', values: (importstr 'values.yaml'), } From 670d64afcdd6576891bd85823fa4487854a053d2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 16:06:37 +0000 Subject: [PATCH 0494/1209] chore(deps): update helm release nextcloud to v6.3.2 (#1079) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index f4c3b8e14..c26680cb2 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.3.1', + targetRevision: '6.3.2', values: (importstr 'values.yaml'), } From bb67388ed2112d66a166560fe6dd4a72950163ac Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 14 Dec 2024 01:27:46 +0000 Subject: [PATCH 0495/1209] chore(deps): update helm release kube-prometheus-stack to v66.6.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index bf171f72a..1f96a593c 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.5.0', + targetRevision: '66.6.0', values: (importstr 'values.yaml'), } From 6d6c8b56a5a5bc16cf58aac82c06078cb2a1ee9f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 15 Dec 2024 01:11:45 +0000 Subject: [PATCH 0496/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.276.0 (#1082) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index bd32d68a4..08a688426 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.275.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.276.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 4e50fb5c3375046b982f7ab54090cd00a1c5cb33 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 15 Dec 2024 12:18:46 +0000 Subject: [PATCH 0497/1209] chore(deps): update helm release kube-prometheus-stack to v66.7.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 1f96a593c..18412af43 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.6.0', + targetRevision: '66.7.0', values: (importstr 'values.yaml'), } From cbf18451503b73514101d31509ad63408cfb064d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 15 Dec 2024 16:12:09 +0000 Subject: [PATCH 0498/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.276.1 (#1084) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 08a688426..b6b63995a 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.276.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.276.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From cf2532a926f1f18089f8fb25c288c24a29eedd77 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 00:37:59 +0000 Subject: [PATCH 0499/1209] chore(deps): update helm release kube-prometheus-stack to v66.7.1 (#1085) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 18412af43..942e54eb8 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.7.0', + targetRevision: '66.7.1', values: (importstr 'values.yaml'), } From f610eef7990ce9f6373bb2cb8b57ff963d718edd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 03:29:23 +0000 Subject: [PATCH 0500/1209] chore(deps): update gotson/komga docker tag to v1.15.0 --- k8s/apps/komga/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet index 850dc42e2..d0eb81cf3 100644 --- a/k8s/apps/komga/statefulset.jsonnet +++ b/k8s/apps/komga/statefulset.jsonnet @@ -20,7 +20,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'komga', - image: 'gotson/komga:1.14.1', + image: 'gotson/komga:1.15.0', resources: { limits: { cpu: '500m', From 0ced31ec6adc02d36a32aaf4737a6a8e090f75d3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 03:29:28 +0000 Subject: [PATCH 0501/1209] chore(deps): update helm release kube-prometheus-stack to v67 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 942e54eb8..78670eaf5 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '66.7.1', + targetRevision: '67.0.0', values: (importstr 'values.yaml'), } From e4efa15e2dcefb4d7493f1083c1c5ac48e398bdb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 18:42:33 +0900 Subject: [PATCH 0502/1209] add Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/cronjob.jsonnet | 133 +++++++++++++++++++++ k8s/apps/fitbit-manager/deployment.jsonnet | 18 ++- 2 files changed, 147 insertions(+), 4 deletions(-) create mode 100644 k8s/apps/fitbit-manager/cronjob.jsonnet diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet new file mode 100644 index 000000000..bc60cb95c --- /dev/null +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -0,0 +1,133 @@ +{ + apiVersion: 'batch/v1', + kind: 'CronJob', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + schedule: '0 */1 * * *', + concurrencyPolicy: 'Forbid', + startingDeadlineSeconds: 12000, + jobTemplate: { + spec: { + template: { + spec: { + restartPolicy: 'OnFailure', + containers: [ + { + name: 'fitbit-manager', + image: 'ghcr.io/walnuts1018/fitbit-manager:0.8.7', + command: [ + 'fitbit-manager-job', + ], + imagePullPolicy: 'IfNotPresent', + ports: [ + { + containerPort: 8080, + }, + ], + resources: { + limits: { + memory: '300Mi', + }, + requests: { + memory: '10Mi', + }, + }, + env: [ + { + name: 'USER_ID', + value: 'B84M2S', + }, + { + name: 'CLIENT_ID', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'client_id', + }, + }, + }, + { + name: 'CLIENT_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'client_secret', + }, + }, + }, + { + name: 'COOKIE_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'cookie_secret', + }, + }, + }, + { + name: 'PSQL_HOST', + value: 'postgresql-default.databases.svc.cluster.local', + }, + { + name: 'PSQL_PORT', + value: '5432', + }, + { + name: 'PSQL_DATABASE', + value: 'fitbit_manager', + }, + { + name: 'PSQL_USER', + value: 'fitbit_manager', + }, + { + name: 'PSQL_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'postgres_password', + }, + }, + }, + { + name: 'INFLUXDB_ENDPOINT', + value: 'http://influxdb-influxdb2.databases.svc.cluster.local', + }, + { + name: 'INFLUXDB_AUTH_TOKEN', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'influxdb_auth_token', + }, + }, + }, + { + name: 'INFLUXDB_ORG', + value: 'influxdata', + }, + { + name: 'INFLUXDB_BUCKET', + value: 'fitbit_manager', + }, + { + name: 'OTEL_EXPORTER_OTLP_ENDPOINT', + value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4317', + }, + { + name: 'OTEL_EXPORTER_OTLP_INSECURE', + value: 'true', + }, + ], + }, + ], + }, + }, + }, + }, + }, +} diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index 294491ef2..53b8e66d1 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -27,15 +27,17 @@ }, ], resources: { - limits: {}, + limits: { + memory: '300Mi', + }, requests: { memory: '10Mi', }, }, env: [ { - name: 'GIN_MODE', - value: 'release', + name: 'USER_ID', + value: 'B84M2S', }, { name: 'CLIENT_ID', @@ -65,7 +67,7 @@ }, }, { - name: 'PSQL_ENDPOINT', + name: 'PSQL_HOST', value: 'postgresql-default.databases.svc.cluster.local', }, { @@ -110,6 +112,14 @@ name: 'INFLUXDB_BUCKET', value: 'fitbit_manager', }, + { + name: 'OTEL_EXPORTER_OTLP_ENDPOINT', + value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4317', + }, + { + name: 'OTEL_EXPORTER_OTLP_INSECURE', + value: 'true', + }, ], }, ], From 0298c69ae244fb987bb5f7b24e70533fbfad9f6f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 18:45:39 +0900 Subject: [PATCH 0503/1209] chore: update fitbit-manager image to version 1.0.0 Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/cronjob.jsonnet | 2 +- k8s/apps/fitbit-manager/deployment.jsonnet | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet index bc60cb95c..bbe5cfa64 100644 --- a/k8s/apps/fitbit-manager/cronjob.jsonnet +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -18,7 +18,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:0.8.7', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.0', command: [ 'fitbit-manager-job', ], diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index 53b8e66d1..ba2d2b340 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:0.8.7', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.0', imagePullPolicy: 'IfNotPresent', ports: [ { From c6714fbb67d24ee44957d58b8e757b661b413bca Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 19:01:48 +0900 Subject: [PATCH 0504/1209] fix env Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/cronjob.jsonnet | 88 +------------------- k8s/apps/fitbit-manager/deployment.jsonnet | 88 +------------------- k8s/apps/fitbit-manager/env.libsonnet | 93 ++++++++++++++++++++++ 3 files changed, 95 insertions(+), 174 deletions(-) create mode 100644 k8s/apps/fitbit-manager/env.libsonnet diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet index bbe5cfa64..a8215ae05 100644 --- a/k8s/apps/fitbit-manager/cronjob.jsonnet +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -36,93 +36,7 @@ memory: '10Mi', }, }, - env: [ - { - name: 'USER_ID', - value: 'B84M2S', - }, - { - name: 'CLIENT_ID', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'client_id', - }, - }, - }, - { - name: 'CLIENT_SECRET', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'client_secret', - }, - }, - }, - { - name: 'COOKIE_SECRET', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'cookie_secret', - }, - }, - }, - { - name: 'PSQL_HOST', - value: 'postgresql-default.databases.svc.cluster.local', - }, - { - name: 'PSQL_PORT', - value: '5432', - }, - { - name: 'PSQL_DATABASE', - value: 'fitbit_manager', - }, - { - name: 'PSQL_USER', - value: 'fitbit_manager', - }, - { - name: 'PSQL_PASSWORD', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'postgres_password', - }, - }, - }, - { - name: 'INFLUXDB_ENDPOINT', - value: 'http://influxdb-influxdb2.databases.svc.cluster.local', - }, - { - name: 'INFLUXDB_AUTH_TOKEN', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'influxdb_auth_token', - }, - }, - }, - { - name: 'INFLUXDB_ORG', - value: 'influxdata', - }, - { - name: 'INFLUXDB_BUCKET', - value: 'fitbit_manager', - }, - { - name: 'OTEL_EXPORTER_OTLP_ENDPOINT', - value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4317', - }, - { - name: 'OTEL_EXPORTER_OTLP_INSECURE', - value: 'true', - }, - ], + env: (import 'env.libsonnet').env, }, ], }, diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index ba2d2b340..c16823231 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -34,93 +34,7 @@ memory: '10Mi', }, }, - env: [ - { - name: 'USER_ID', - value: 'B84M2S', - }, - { - name: 'CLIENT_ID', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'client_id', - }, - }, - }, - { - name: 'CLIENT_SECRET', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'client_secret', - }, - }, - }, - { - name: 'COOKIE_SECRET', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'cookie_secret', - }, - }, - }, - { - name: 'PSQL_HOST', - value: 'postgresql-default.databases.svc.cluster.local', - }, - { - name: 'PSQL_PORT', - value: '5432', - }, - { - name: 'PSQL_DATABASE', - value: 'fitbit_manager', - }, - { - name: 'PSQL_USER', - value: 'fitbit_manager', - }, - { - name: 'PSQL_PASSWORD', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'postgres_password', - }, - }, - }, - { - name: 'INFLUXDB_ENDPOINT', - value: 'http://influxdb-influxdb2.databases.svc.cluster.local', - }, - { - name: 'INFLUXDB_AUTH_TOKEN', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'influxdb_auth_token', - }, - }, - }, - { - name: 'INFLUXDB_ORG', - value: 'influxdata', - }, - { - name: 'INFLUXDB_BUCKET', - value: 'fitbit_manager', - }, - { - name: 'OTEL_EXPORTER_OTLP_ENDPOINT', - value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4317', - }, - { - name: 'OTEL_EXPORTER_OTLP_INSECURE', - value: 'true', - }, - ], + env: (import 'env.libsonnet').env, }, ], }, diff --git a/k8s/apps/fitbit-manager/env.libsonnet b/k8s/apps/fitbit-manager/env.libsonnet new file mode 100644 index 000000000..0521964ab --- /dev/null +++ b/k8s/apps/fitbit-manager/env.libsonnet @@ -0,0 +1,93 @@ +{ + env: [ + { + name: 'USER_ID', + value: 'B84M2S', + }, + { + name: 'SERVER_URL', + value: 'https://fitbit.walnuts.dev/', + }, + { + name: 'CLIENT_ID', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'client_id', + }, + }, + }, + { + name: 'CLIENT_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'client_secret', + }, + }, + }, + { + name: 'COOKIE_SECRET', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'cookie_secret', + }, + }, + }, + { + name: 'PSQL_HOST', + value: 'postgresql-default.databases.svc.cluster.local', + }, + { + name: 'PSQL_PORT', + value: '5432', + }, + { + name: 'PSQL_DATABASE', + value: 'fitbit_manager', + }, + { + name: 'PSQL_USER', + value: 'fitbit_manager', + }, + { + name: 'PSQL_PASSWORD', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'postgres_password', + }, + }, + }, + { + name: 'INFLUXDB_ENDPOINT', + value: 'http://influxdb-influxdb2.databases.svc.cluster.local', + }, + { + name: 'INFLUXDB_AUTH_TOKEN', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'influxdb_auth_token', + }, + }, + }, + { + name: 'INFLUXDB_ORG', + value: 'influxdata', + }, + { + name: 'INFLUXDB_BUCKET', + value: 'fitbit_manager', + }, + { + name: 'OTEL_EXPORTER_OTLP_ENDPOINT', + value: 'http://default-collector.opentelemetry-collector.svc.cluster.local:4317', + }, + { + name: 'OTEL_EXPORTER_OTLP_INSECURE', + value: 'true', + }, + ], +} From 31ff502960b2b331b6490809a5b8c5c05b001336 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 19:03:13 +0900 Subject: [PATCH 0505/1209] fix path Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet index a8215ae05..07cdac31b 100644 --- a/k8s/apps/fitbit-manager/cronjob.jsonnet +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -20,7 +20,7 @@ name: 'fitbit-manager', image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.0', command: [ - 'fitbit-manager-job', + '/app/fitbit-manager-job', ], imagePullPolicy: 'IfNotPresent', ports: [ From 6ad2b10b5f4c20013451243e748e51eb891a39d5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 19:17:47 +0900 Subject: [PATCH 0506/1209] add RECORD_START_DATETIME Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/env.libsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/fitbit-manager/env.libsonnet b/k8s/apps/fitbit-manager/env.libsonnet index 0521964ab..8a3e0d6cd 100644 --- a/k8s/apps/fitbit-manager/env.libsonnet +++ b/k8s/apps/fitbit-manager/env.libsonnet @@ -89,5 +89,9 @@ name: 'OTEL_EXPORTER_OTLP_INSECURE', value: 'true', }, + { + name: 'RECORD_START_DATETIME', + value: '2021-11-01T00:00:00Z', + }, ], } From 9e0899c924bc95b81bf5bb619a900371f913c1af Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 19:19:50 +0900 Subject: [PATCH 0507/1209] chore: update fitbit-manager image to version 1.0.1 Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/cronjob.jsonnet | 2 +- k8s/apps/fitbit-manager/deployment.jsonnet | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet index 07cdac31b..d03a994c4 100644 --- a/k8s/apps/fitbit-manager/cronjob.jsonnet +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -18,7 +18,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.0', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.1', command: [ '/app/fitbit-manager-job', ], diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index c16823231..24d824acb 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.0', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.1', imagePullPolicy: 'IfNotPresent', ports: [ { From 536a6ec0d664ab3764ae86120e42c7f3e27da6b7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 19:32:58 +0900 Subject: [PATCH 0508/1209] fix Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/env.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/fitbit-manager/env.libsonnet b/k8s/apps/fitbit-manager/env.libsonnet index 8a3e0d6cd..4f9f71e04 100644 --- a/k8s/apps/fitbit-manager/env.libsonnet +++ b/k8s/apps/fitbit-manager/env.libsonnet @@ -91,7 +91,7 @@ }, { name: 'RECORD_START_DATETIME', - value: '2021-11-01T00:00:00Z', + value: '2022-11-01T00:00:00Z', }, ], } From eaf0c63203630796e65640bfcdf34e525cccd3f5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 20:13:29 +0900 Subject: [PATCH 0509/1209] chore: update fitbit-manager image to version 1.0.2 Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/cronjob.jsonnet | 2 +- k8s/apps/fitbit-manager/deployment.jsonnet | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet index d03a994c4..9eb9a95fa 100644 --- a/k8s/apps/fitbit-manager/cronjob.jsonnet +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -18,7 +18,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.1', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.2', command: [ '/app/fitbit-manager-job', ], diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index 24d824acb..aea9f7d6e 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.1', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.2', imagePullPolicy: 'IfNotPresent', ports: [ { From bf8daf623cf240de33d15d48faefe32117ff2dcd Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 16 Dec 2024 23:37:02 +0900 Subject: [PATCH 0510/1209] 1.0.3 Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/cronjob.jsonnet | 2 +- k8s/apps/fitbit-manager/deployment.jsonnet | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet index 9eb9a95fa..e41e1bf2e 100644 --- a/k8s/apps/fitbit-manager/cronjob.jsonnet +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -18,7 +18,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.2', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.3', command: [ '/app/fitbit-manager-job', ], diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index aea9f7d6e..6d5ba7bf7 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.2', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.3', imagePullPolicy: 'IfNotPresent', ports: [ { From b9f2c014814f0c584c8611b535d31f069e4bc2d4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 20:04:34 +0000 Subject: [PATCH 0511/1209] fix(deps): update module helm.sh/helm/v3 to v3.16.4 --- .github/scripts/infrautil/go.mod | 4 ++-- .github/scripts/infrautil/go.sum | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/scripts/infrautil/go.mod b/.github/scripts/infrautil/go.mod index 1b977b406..0c4ed67fe 100644 --- a/.github/scripts/infrautil/go.mod +++ b/.github/scripts/infrautil/go.mod @@ -12,7 +12,7 @@ require ( github.com/yosuke-furukawa/json5 v0.1.1 golang.org/x/sync v0.10.0 gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.16.3 + helm.sh/helm/v3 v3.16.4 sigs.k8s.io/yaml v1.4.0 ) @@ -128,7 +128,7 @@ require ( go.opentelemetry.io/otel/metric v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.32.0 // indirect go.starlark.net v0.0.0-20241125201518-c05ff208a98f // indirect - golang.org/x/crypto v0.30.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/net v0.32.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sys v0.28.0 // indirect diff --git a/.github/scripts/infrautil/go.sum b/.github/scripts/infrautil/go.sum index 49afa5efd..f91c939f9 100644 --- a/.github/scripts/infrautil/go.sum +++ b/.github/scripts/infrautil/go.sum @@ -494,6 +494,8 @@ golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -621,6 +623,8 @@ gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= +helm.sh/helm/v3 v3.16.4 h1:rBn/h9MACw+QlhxQTjpl8Ifx+VTWaYsw3rguGBYBzr0= +helm.sh/helm/v3 v3.16.4/go.mod h1:k8QPotUt57wWbi90w3LNmg3/MWcLPigVv+0/X4B8BzA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= From 8c7ada4263c4dd0ff5de855b25917169116da9e5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 20:04:39 +0000 Subject: [PATCH 0512/1209] chore(deps): update helm release nextcloud to v6.4.1 --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index c26680cb2..b5bb286ef 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.3.2', + targetRevision: '6.4.1', values: (importstr 'values.yaml'), } From a1c012ba9622e30d0fdea4eebf053615348177b0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:58:20 +0000 Subject: [PATCH 0513/1209] chore(deps): update helm release kube-prometheus-stack to v67.2.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 78670eaf5..42e8d338d 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.0.0', + targetRevision: '67.2.0', values: (importstr 'values.yaml'), } From b58a195d000ec6d382db5b9d09fcb7a4642c899d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:58:24 +0000 Subject: [PATCH 0514/1209] chore(deps): update helm release tempo to v1.16.0 --- k8s/apps/tempo/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet index 7a84c686e..13e5638ae 100644 --- a/k8s/apps/tempo/helm.jsonnet +++ b/k8s/apps/tempo/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'tempo', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '1.15.0', + targetRevision: '1.16.0', values: (importstr 'values.yaml'), } From 7681ff94548814d7e4b1e799be8462510b4001f4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 22:59:10 +0000 Subject: [PATCH 0515/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.277.0 (#1091) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index b6b63995a..f2f831a5b 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.276.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.277.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 63e095414172e2d9e201414a8f4f9f4e8f6ce8b7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 17 Dec 2024 16:52:30 +0900 Subject: [PATCH 0516/1209] fix(cronjob): update schedule to run every 15 minutes Signed-off-by: walnuts1018 --- k8s/apps/fitbit-manager/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet index e41e1bf2e..54349505a 100644 --- a/k8s/apps/fitbit-manager/cronjob.jsonnet +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - schedule: '0 */1 * * *', + schedule: '*/15 * * * *', concurrencyPolicy: 'Forbid', startingDeadlineSeconds: 12000, jobTemplate: { From 31ada43b54b016eb7d4cd5997f569d6eaad12b14 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 14:16:18 +0000 Subject: [PATCH 0517/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-backend docker tag to e80b1c8599dcb479f95a0e284b628b556e277697-85 (#1093) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index f8036fc9a..6bbfd5518 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:d46a2837971e1780e541ea4fd057b48c84ea0308-84', + image: 'ghcr.io/walnuts1018/mucaron-backend:e80b1c8599dcb479f95a0e284b628b556e277697-85', ports: [ { containerPort: 8080, From 896b50f954be847d067c4be6cf5db79ffa2acf39 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 14:16:30 +0000 Subject: [PATCH 0518/1209] chore(deps): update gotson/komga docker tag to v1.15.1 (#1094) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/komga/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet index d0eb81cf3..04d8d0db0 100644 --- a/k8s/apps/komga/statefulset.jsonnet +++ b/k8s/apps/komga/statefulset.jsonnet @@ -20,7 +20,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'komga', - image: 'gotson/komga:1.15.0', + image: 'gotson/komga:1.15.1', resources: { limits: { cpu: '500m', From 2d7cda42f66da760b3330dc4b8c9d4bbe9a1ff73 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 14:16:33 +0000 Subject: [PATCH 0519/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.278.0 (#1095) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index f2f831a5b..95e468be5 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.277.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.278.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 73618fc6722a284f0073554f75e926844b3e6b64 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 20:10:17 +0000 Subject: [PATCH 0520/1209] chore(deps): update helm release nextcloud to v6.5.0 --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index b5bb286ef..72dcb0b79 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.4.1', + targetRevision: '6.5.0', values: (importstr 'values.yaml'), } From 1a3627a3befed374f47edc899fb9199a921ef4b1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 22:51:16 +0000 Subject: [PATCH 0521/1209] chore(deps): update helm release kube-prometheus-stack to v67.2.1 (#1097) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 42e8d338d..f7b21bf04 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.2.0', + targetRevision: '67.2.1', values: (importstr 'values.yaml'), } From 2cb3d9bd80af42e855f5c978dabf17153e37dff1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 02:01:52 +0000 Subject: [PATCH 0522/1209] chore(deps): update helm release kube-prometheus-stack to v67.3.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index f7b21bf04..a883f5533 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.2.1', + targetRevision: '67.3.0', values: (importstr 'values.yaml'), } From 9b7abdd9db733ef7685c8ad24fe4d5409f5d42fc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 02:02:49 +0000 Subject: [PATCH 0523/1209] chore(deps): update helm release cilium to v1.16.5 (#1098) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/cilium/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/helm.jsonnet b/k8s/apps/cilium/helm.jsonnet index 484432f77..3dbb120b4 100644 --- a/k8s/apps/cilium/helm.jsonnet +++ b/k8s/apps/cilium/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'cilium', repoURL: 'https://helm.cilium.io/', - targetRevision: '1.16.4', + targetRevision: '1.16.5', values: (importstr 'values.yaml'), } From c6591853ea9fd7455b29a47cec88485aedda512c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 18 Dec 2024 19:53:09 +0900 Subject: [PATCH 0524/1209] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 38249c497..28afd481d 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@

+ argocd project status k8s Status Pod Status Node Status From 3fde5827db70bd6f628b4c21d578bbac5b10640c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 18 Dec 2024 19:53:28 +0900 Subject: [PATCH 0525/1209] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 28afd481d..23a51236a 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@

- argocd project status + argocd project status k8s Status Pod Status Node Status From 26ca4af6dbcba0595c52ad90be288899634b1863 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 18 Dec 2024 19:54:44 +0900 Subject: [PATCH 0526/1209] Update README.md --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 23a51236a..2cc9decf7 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@

- + walnuts

@@ -10,7 +10,9 @@ Pod Status Node Status k8s CI - Walnuts.dev Status + + Walnuts.dev Status + WakaTime From d9c43387473ea366e539e6eae06061d93e63e3d1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:09:50 +0000 Subject: [PATCH 0527/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v21766348bf6994ef1a8d9ddda23a295c54d15380-329 (#1102) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 6034b4c49..6e541f1f3 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:a3fd41927cd3ffad0c659e9938ba8614be73d191-327', + image: 'ghcr.io/walnuts1018/walnuts.dev:21766348bf6994ef1a8d9ddda23a295c54d15380-329', imagePullPolicy: 'IfNotPresent', ports: [ { From c6f68f39495f100ee3c751297c3e008e60e971db Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 21:21:46 +0900 Subject: [PATCH 0528/1209] chore: add Renovate workflow for automated dependency updates Signed-off-by: walnuts1018 --- .github/workflows/renovate.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/renovate.yaml diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 000000000..c1af6fccf --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,26 @@ +name: renovate +on: + schedule: + - cron: "*/10 * * * *" + workflow_dispatch: + +jobs: + renovate: + runs-on: ubuntu-latest + container: + image: renovate/renovate:39.72.5 + steps: + - uses: actions/create-github-app-token@v1 + id: generate_token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + + - name: Setup renovate + run: npm install -g renovate@32.89.0 + + - name: Run renovate + env: + RENOVATE_REPOSITORIES: walnuts1018/infra + RENOVATE_TOKEN: ${{ steps.generate_token.outputs.token }} + run: renovate From ec8ea7e7da0365db67512dd0988285ad9c85c540 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 21:22:26 +0900 Subject: [PATCH 0529/1209] fix Signed-off-by: walnuts1018 --- .github/workflows/renovate.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c1af6fccf..dadd8f91c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,9 +16,6 @@ jobs: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - - name: Setup renovate - run: npm install -g renovate@32.89.0 - - name: Run renovate env: RENOVATE_REPOSITORIES: walnuts1018/infra From edb94b294ad62b726f5052051cb577b7f6a14c4e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 21:24:15 +0900 Subject: [PATCH 0530/1209] add Signed-off-by: walnuts1018 --- .github/workflows/renovate.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index dadd8f91c..0b464cf74 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -7,9 +7,14 @@ on: jobs: renovate: runs-on: ubuntu-latest - container: - image: renovate/renovate:39.72.5 steps: + - uses: actions/setup-node@v1 + with: + node-version: "20" + + - name: Setup renovate + run: npm install -g renovate@32.89.0 + - uses: actions/create-github-app-token@v1 id: generate_token with: From f3b91f736920bc178aecfaaea4251e07dc7c4b4d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:25:22 +0000 Subject: [PATCH 0531/1209] chore(deps): update actions/setup-node action to v4 --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0b464cf74..3aa15fcff 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -8,7 +8,7 @@ jobs: renovate: runs-on: ubuntu-latest steps: - - uses: actions/setup-node@v1 + - uses: actions/setup-node@v4 with: node-version: "20" From e2f4a87e8fc33964127cf9fdf24579eecbc5b559 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 21:55:13 +0900 Subject: [PATCH 0532/1209] chore: migrate Renovate workflow to Kubernetes CronJob Signed-off-by: walnuts1018 --- .github/workflows/renovate.yaml | 28 ------------ k8s/apps/renovate/app.json5 | 4 ++ k8s/apps/renovate/cronjob.jsonnet | 55 +++++++++++++++++++++++ k8s/apps/renovate/external-secret.jsonnet | 12 +++++ 4 files changed, 71 insertions(+), 28 deletions(-) create mode 100644 k8s/apps/renovate/app.json5 create mode 100644 k8s/apps/renovate/cronjob.jsonnet create mode 100644 k8s/apps/renovate/external-secret.jsonnet diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0b464cf74..e69de29bb 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -1,28 +0,0 @@ -name: renovate -on: - schedule: - - cron: "*/10 * * * *" - workflow_dispatch: - -jobs: - renovate: - runs-on: ubuntu-latest - steps: - - uses: actions/setup-node@v1 - with: - node-version: "20" - - - name: Setup renovate - run: npm install -g renovate@32.89.0 - - - uses: actions/create-github-app-token@v1 - id: generate_token - with: - app-id: ${{ secrets.APP_ID }} - private-key: ${{ secrets.PRIVATE_KEY }} - - - name: Run renovate - env: - RENOVATE_REPOSITORIES: walnuts1018/infra - RENOVATE_TOKEN: ${{ steps.generate_token.outputs.token }} - run: renovate diff --git a/k8s/apps/renovate/app.json5 b/k8s/apps/renovate/app.json5 new file mode 100644 index 000000000..30c09a683 --- /dev/null +++ b/k8s/apps/renovate/app.json5 @@ -0,0 +1,4 @@ +{ + name: "renovate", + namespace: "renovate", +} diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet new file mode 100644 index 000000000..dcd5126ed --- /dev/null +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -0,0 +1,55 @@ +{ + apiVersion: 'batch/v1', + kind: 'CronJob', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + schedule: '*/10 * * * *', + concurrencyPolicy: 'Forbid', + jobTemplate: { + spec: { + template: { + spec: { + restartPolicy: 'Never', + containers: [ + { + name: 'renovate', + image: 'renovate/renovate:39.72.5', + resources: { + requests: { + memory: '100Mi', + }, + limits: { + memory: '512Mi', + }, + }, + env: [ + { + name: 'LOG_LEVEL', + value: 'debug', + }, + { + name: 'RENOVATE_AUTODISCOVER', + value: 'true', + }, + { + name: 'GITHUB_COM_TOKEN', + valueFrom: { + secretKeyRef: { + name: (import 'external-secret.jsonnet').spec.target.name, + key: 'GITHUB_COM_TOKEN', + }, + }, + }, + ], + }, + ], + }, + }, + }, + }, + }, +} diff --git a/k8s/apps/renovate/external-secret.jsonnet b/k8s/apps/renovate/external-secret.jsonnet new file mode 100644 index 000000000..6e43e09e3 --- /dev/null +++ b/k8s/apps/renovate/external-secret.jsonnet @@ -0,0 +1,12 @@ +(import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + data: [ + { + secretKey: 'GITHUB_COM_TOKEN', + remoteRef: { + key: 'renovate', + property: 'github_token', + }, + }, + ], +} From 666f75a656f7abb634cedbc4897caabf679d4b44 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:56:33 +0000 Subject: [PATCH 0533/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index aef1182de..be02656ed 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From da7ff2b7715d70b5398fbfcb863623d1e95caeca Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:57:53 +0000 Subject: [PATCH 0534/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v3da46301abad841586608e9b6e77849400fa9bce-330 (#1105) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 6e541f1f3..517e8cc3f 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:21766348bf6994ef1a8d9ddda23a295c54d15380-329', + image: 'ghcr.io/walnuts1018/walnuts.dev:3da46301abad841586608e9b6e77849400fa9bce-330', imagePullPolicy: 'IfNotPresent', ports: [ { From 7a03a4ecdbc16c5c6576a1122196721f1e13e9cf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 22:03:15 +0900 Subject: [PATCH 0535/1209] fix: rename GITHUB_COM_TOKEN to RENOVATE_TOKEN and update secret key reference Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 4 ++-- k8s/apps/renovate/external-secret.jsonnet | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index dcd5126ed..876988083 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -36,11 +36,11 @@ value: 'true', }, { - name: 'GITHUB_COM_TOKEN', + name: 'RENOVATE_TOKEN', valueFrom: { secretKeyRef: { name: (import 'external-secret.jsonnet').spec.target.name, - key: 'GITHUB_COM_TOKEN', + key: 'github-token', }, }, }, diff --git a/k8s/apps/renovate/external-secret.jsonnet b/k8s/apps/renovate/external-secret.jsonnet index 6e43e09e3..39f818c94 100644 --- a/k8s/apps/renovate/external-secret.jsonnet +++ b/k8s/apps/renovate/external-secret.jsonnet @@ -2,7 +2,7 @@ name: (import 'app.json5').name, data: [ { - secretKey: 'GITHUB_COM_TOKEN', + secretKey: 'github-token', remoteRef: { key: 'renovate', property: 'github_token', From e696d4f42c38d06fc1814f872401ba4dcf31dfb3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 22:05:57 +0900 Subject: [PATCH 0536/1209] feat: add RENOVATE_AUTODISCOVER_FILTER environment variable for filtering Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 876988083..2c470c10a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -35,6 +35,10 @@ name: 'RENOVATE_AUTODISCOVER', value: 'true', }, + { + name: 'RENOVATE_AUTODISCOVER_FILTER', + value: 'walnuts1018/*', + }, { name: 'RENOVATE_TOKEN', valueFrom: { From 8f8b45ecabb07f53062f5870b7cc52e10ec773a0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 22:11:55 +0900 Subject: [PATCH 0537/1209] add Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 14 ++++++++++++++ k8s/apps/renovate/pvc.jsonnet | 21 +++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 k8s/apps/renovate/pvc.jsonnet diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 2c470c10a..03e717bc2 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -49,6 +49,20 @@ }, }, ], + volumeMounts: [ + { + name: 'renovate', + mountPath: '/tmp/renovate', + }, + ], + }, + ], + volumes: [ + { + name: 'renovate', + persistentVolumeClaim: { + claimName: 'renovate', + }, }, ], }, diff --git a/k8s/apps/renovate/pvc.jsonnet b/k8s/apps/renovate/pvc.jsonnet new file mode 100644 index 000000000..a943155c0 --- /dev/null +++ b/k8s/apps/renovate/pvc.jsonnet @@ -0,0 +1,21 @@ +[ + { + apiVersion: 'v1', + kind: 'PersistentVolumeClaim', + metadata: { + name: 'renovate', + }, + spec: { + storageClassName: 'longhorn-local', + volumeName: 'renovate', + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '20Gi', + }, + }, + }, + }, +] From 39a82721c4f8247e2d4e6e5ff5075b3f145b920f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 22:12:25 +0900 Subject: [PATCH 0538/1209] fix: remove volumeName from PVC configuration Signed-off-by: walnuts1018 --- k8s/apps/renovate/pvc.jsonnet | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/apps/renovate/pvc.jsonnet b/k8s/apps/renovate/pvc.jsonnet index a943155c0..2c0c6523f 100644 --- a/k8s/apps/renovate/pvc.jsonnet +++ b/k8s/apps/renovate/pvc.jsonnet @@ -7,7 +7,6 @@ }, spec: { storageClassName: 'longhorn-local', - volumeName: 'renovate', accessModes: [ 'ReadWriteOnce', ], From f8fa997b93a41ab088ca803175ad1023f245cc9a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 22:14:11 +0900 Subject: [PATCH 0539/1209] fix: increase memory requests and limits for Renovate cronjob Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 03e717bc2..b424dcc25 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -20,10 +20,10 @@ image: 'renovate/renovate:39.72.5', resources: { requests: { - memory: '100Mi', + memory: '512Mi', }, limits: { - memory: '512Mi', + memory: '2Gi', }, }, env: [ From 3edce452f9285f4cdb3a564dc04ac996f0ba3073 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 22:14:16 +0900 Subject: [PATCH 0540/1209] fix: decrease memory request for Renovate cronjob Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b424dcc25..e254306df 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -20,7 +20,7 @@ image: 'renovate/renovate:39.72.5', resources: { requests: { - memory: '512Mi', + memory: '256Mi', }, limits: { memory: '2Gi', From 1012d04fc57b24dd4864ea218c22e893e27064ca Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 22:16:34 +0900 Subject: [PATCH 0541/1209] feat: add security context to Renovate cronjob for improved file system permissions Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e254306df..cc43a8fb4 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -13,6 +13,10 @@ spec: { template: { spec: { + securityContext: { + fsGroup: 12021, + fsGroupChangePolicy: 'OnRootMismatch', + }, restartPolicy: 'Never', containers: [ { From f44894b530854b52dd7ed396c11c48be612ee8c7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 18 Dec 2024 22:21:32 +0900 Subject: [PATCH 0542/1209] fix: update RENOVATE_AUTODISCOVER_FILTER value for improved filtering Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index cc43a8fb4..abfa106bd 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ }, { name: 'RENOVATE_AUTODISCOVER_FILTER', - value: 'walnuts1018/*', + value: 'walnuts1018/infra', }, { name: 'RENOVATE_TOKEN', From 3e412d638b9b33c93b31cba498bb231d19db729e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 18 Dec 2024 15:21:34 +0000 Subject: [PATCH 0543/1209] chore(deps): update renovate/renovate docker tag to v39.74.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index abfa106bd..0c013ac65 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.72.5', + image: 'renovate/renovate:39.74.0', resources: { requests: { memory: '256Mi', From 1cea998e40f2db353ba06fdd601a2e8881ba8068 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 19 Dec 2024 01:32:32 +0900 Subject: [PATCH 0544/1209] chore(deps): update helm release zitadel to v8.8.1 (#1108) Co-authored-by: Renovate Bot --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 15c0691a1..7e5b76284 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.8.0', + targetRevision: '8.8.1', values: (importstr 'values.yaml'), } From 01a0d750eb6c8a2526b2531f299fbf7f73751b1e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 19 Dec 2024 02:19:23 +0900 Subject: [PATCH 0545/1209] fix: update storageClassName and decrease storage request for PVC configuration Signed-off-by: walnuts1018 --- k8s/apps/renovate/pvc.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/renovate/pvc.jsonnet b/k8s/apps/renovate/pvc.jsonnet index 2c0c6523f..0c327a789 100644 --- a/k8s/apps/renovate/pvc.jsonnet +++ b/k8s/apps/renovate/pvc.jsonnet @@ -6,13 +6,13 @@ name: 'renovate', }, spec: { - storageClassName: 'longhorn-local', + storageClassName: 'longhorn', accessModes: [ 'ReadWriteOnce', ], resources: { requests: { - storage: '20Gi', + storage: '1Gi', }, }, }, From 6d5f9c2d83da775e74e1928be703f4a16b7998e5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 19 Dec 2024 03:42:36 +0900 Subject: [PATCH 0546/1209] chore(deps): update helm release kube-prometheus-stack to v67.3.1 (#1109) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index a883f5533..f6ff583ec 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.3.0', + targetRevision: '67.3.1', values: (importstr 'values.yaml'), } From f6605288ccad3049a2e34905beb745ec83c0c520 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 19 Dec 2024 03:44:43 +0900 Subject: [PATCH 0547/1209] Delete .github/workflows/renovate.yaml --- .github/workflows/renovate.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .github/workflows/renovate.yaml diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml deleted file mode 100644 index e69de29bb..000000000 From 7625be7e12f36695e0f672667797277d26048667 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 19 Dec 2024 04:24:17 +0900 Subject: [PATCH 0548/1209] chore(deps): update renovate/renovate docker tag to v39.74.1 (#1110) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0c013ac65..7b3c6b87e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.74.0', + image: 'renovate/renovate:39.74.1', resources: { requests: { memory: '256Mi', From a3f8545af29b00f21c0deab4be97fe3ce74427fb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 18 Dec 2024 22:01:13 +0000 Subject: [PATCH 0549/1209] chore(deps): update tailscale/github-action action to v3 --- .github/workflows/badge.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/badge.yaml b/.github/workflows/badge.yaml index 955cb4903..97b42b41e 100644 --- a/.github/workflows/badge.yaml +++ b/.github/workflows/badge.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: setup tailscale - uses: tailscale/github-action@v2 + uses: tailscale/github-action@v3 with: oauth-client-id: ${{secrets.TAILSCALE_CLIENT_ID}} oauth-secret: ${{secrets.TAILSCALE_SECRET}} From a4d227052cc84aacc664ceb00b6b8f22cb438624 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 19 Dec 2024 07:42:17 +0900 Subject: [PATCH 0550/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.279.0 (#1112) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 95e468be5..4e7faf801 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,6 +8,6 @@ # - all registries: - type: standard - ref: v4.278.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.279.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 From 9c72fd93aaa5b4173ba0547234d34d2e6664ba93 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 19 Dec 2024 00:21:13 +0000 Subject: [PATCH 0551/1209] chore(deps): update helm release loki to v6.24.0 --- k8s/apps/loki/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet index a55c6b8de..d84d25adf 100644 --- a/k8s/apps/loki/helm.jsonnet +++ b/k8s/apps/loki/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'loki', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '6.23.0', + targetRevision: '6.24.0', values: (importstr 'values.yaml'), } From 0fcddc974f3cb53856d3e2fb161736e11cb0680b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 19 Dec 2024 01:05:27 +0000 Subject: [PATCH 0552/1209] chore(deps): update renovate/renovate docker tag to v39.75.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 7b3c6b87e..08a2b701d 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.74.1', + image: 'renovate/renovate:39.75.0', resources: { requests: { memory: '256Mi', From 2574a67388cf2ab566c1d3f5afbb4700db805515 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 20 Dec 2024 00:06:48 +0900 Subject: [PATCH 0553/1209] chore(deps): update renovate/renovate docker tag to v39.75.1 (#1115) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 08a2b701d..07f918555 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.75.0', + image: 'renovate/renovate:39.75.1', resources: { requests: { memory: '256Mi', From d156356c3f059a28a79bbab7c64d05d7f943b88c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 20 Dec 2024 00:13:52 +0900 Subject: [PATCH 0554/1209] feat: add branch prefix environment variables for self-hosted Renovate Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0c013ac65..2f344072a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -30,6 +30,7 @@ memory: '2Gi', }, }, + local branch_prefix = 'selfhosted-rennovate/', env: [ { name: 'LOG_LEVEL', @@ -43,6 +44,14 @@ name: 'RENOVATE_AUTODISCOVER_FILTER', value: 'walnuts1018/infra', }, + { + name: 'RENOVATE_BRANCH_PREFIX', + value: branch_prefix, + }, + { + name: 'RENOVATE_BRANCH_PREFIX_OLD', + value: branch_prefix, + }, { name: 'RENOVATE_TOKEN', valueFrom: { From b597f2c853073e1c2cbc95582fc9d05a29862e60 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 20 Dec 2024 00:19:48 +0900 Subject: [PATCH 0555/1209] fix: update branch prefix for Renovate cronjob configuration Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index a8cb84408..722de2cc4 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -30,7 +30,7 @@ memory: '2Gi', }, }, - local branch_prefix = 'selfhosted-rennovate/', + local branch_prefix = 'rennovate/', env: [ { name: 'LOG_LEVEL', From 2efa03e6048dc0ad2052fabc88c56d5774ece9d4 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 20 Dec 2024 00:24:28 +0900 Subject: [PATCH 0556/1209] Delete .github/dependabot.yml --- .github/dependabot.yml | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index b18fd2935..000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: - - package-ecosystem: 'github-actions' - directory: '/' - schedule: - interval: 'weekly' From 7d13d10762b0b4e08f51d5442b3cda2b3ddd04f8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 20 Dec 2024 00:32:49 +0900 Subject: [PATCH 0557/1209] mv scripts Signed-off-by: walnuts1018 --- .github/workflows/gen-namespace.yaml | 4 ++-- .github/workflows/snapshot-diff.yaml | 4 ++-- .github/workflows/snapshot.yaml | 4 ++-- Makefile | 4 ++-- {.github/scripts => scripts}/infrautil/.gitignore | 0 {.github/scripts => scripts}/infrautil/go.mod | 2 +- {.github/scripts => scripts}/infrautil/go.sum | 0 {.github/scripts => scripts}/infrautil/helmSnapshotCmd.go | 2 +- {.github/scripts => scripts}/infrautil/lib/apps.go | 0 {.github/scripts => scripts}/infrautil/lib/helm.go | 0 {.github/scripts => scripts}/infrautil/lib/helm_test.go | 0 {.github/scripts => scripts}/infrautil/lib/helmyaml.go | 0 {.github/scripts => scripts}/infrautil/lib/jsonnet.go | 0 {.github/scripts => scripts}/infrautil/lib/jsonnet_test.go | 0 {.github/scripts => scripts}/infrautil/lib/namespace.go | 0 {.github/scripts => scripts}/infrautil/lib/namespace_test.go | 0 .../scripts => scripts}/infrautil/lib/testfiles/app.json5 | 0 .../infrautil/lib/testfiles/components/container.libsonnet | 0 .../infrautil/lib/testfiles/components/labels.libsonnet | 0 .../infrautil/lib/testfiles/deployment.jsonnet | 0 .../infrautil/lib/testfiles/deployment.yaml | 0 .../infrautil/lib/testfiles/helm.result.yaml | 0 .../infrautil/lib/testfiles/ingress.jsonnet | 0 .../scripts => scripts}/infrautil/lib/testfiles/ingress.yaml | 0 .../scripts => scripts}/infrautil/lib/testfiles/pvc.jsonnet | 0 {.github/scripts => scripts}/infrautil/lib/testfiles/pvc.yaml | 0 .../infrautil/lib/testfiles/service.jsonnet | 0 .../scripts => scripts}/infrautil/lib/testfiles/service.yaml | 0 {.github/scripts => scripts}/infrautil/main.go | 0 {.github/scripts => scripts}/infrautil/namespaceCmd.go | 2 +- {.github/scripts => scripts}/infrautil/snapshotCmd.go | 2 +- 31 files changed, 12 insertions(+), 12 deletions(-) rename {.github/scripts => scripts}/infrautil/.gitignore (100%) rename {.github/scripts => scripts}/infrautil/go.mod (99%) rename {.github/scripts => scripts}/infrautil/go.sum (100%) rename {.github/scripts => scripts}/infrautil/helmSnapshotCmd.go (98%) rename {.github/scripts => scripts}/infrautil/lib/apps.go (100%) rename {.github/scripts => scripts}/infrautil/lib/helm.go (100%) rename {.github/scripts => scripts}/infrautil/lib/helm_test.go (100%) rename {.github/scripts => scripts}/infrautil/lib/helmyaml.go (100%) rename {.github/scripts => scripts}/infrautil/lib/jsonnet.go (100%) rename {.github/scripts => scripts}/infrautil/lib/jsonnet_test.go (100%) rename {.github/scripts => scripts}/infrautil/lib/namespace.go (100%) rename {.github/scripts => scripts}/infrautil/lib/namespace_test.go (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/app.json5 (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/components/container.libsonnet (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/components/labels.libsonnet (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/deployment.jsonnet (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/deployment.yaml (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/helm.result.yaml (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/ingress.jsonnet (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/ingress.yaml (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/pvc.jsonnet (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/pvc.yaml (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/service.jsonnet (100%) rename {.github/scripts => scripts}/infrautil/lib/testfiles/service.yaml (100%) rename {.github/scripts => scripts}/infrautil/main.go (100%) rename {.github/scripts => scripts}/infrautil/namespaceCmd.go (96%) rename {.github/scripts => scripts}/infrautil/snapshotCmd.go (97%) diff --git a/.github/workflows/gen-namespace.yaml b/.github/workflows/gen-namespace.yaml index 78a705040..80194ced0 100644 --- a/.github/workflows/gen-namespace.yaml +++ b/.github/workflows/gen-namespace.yaml @@ -18,8 +18,8 @@ jobs: - name: setup-go uses: actions/setup-go@v5 with: - go-version-file: ".github/scripts/infrautil/go.mod" - cache-dependency-path: ".github/scripts/infrautil/go.sum" + go-version-file: "scripts/infrautil/go.mod" + cache-dependency-path: "scripts/infrautil/go.sum" - name: make namespace run: | diff --git a/.github/workflows/snapshot-diff.yaml b/.github/workflows/snapshot-diff.yaml index 65cd0be0f..66011c37c 100644 --- a/.github/workflows/snapshot-diff.yaml +++ b/.github/workflows/snapshot-diff.yaml @@ -15,8 +15,8 @@ jobs: - name: setup-go uses: actions/setup-go@v5 with: - go-version-file: ".github/scripts/infrautil/go.mod" - cache-dependency-path: ".github/scripts/infrautil/go.sum" + go-version-file: "scripts/infrautil/go.mod" + cache-dependency-path: "scripts/infrautil/go.sum" - name: make snapshot run: | diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index 5455c298a..d33f7631d 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -31,8 +31,8 @@ jobs: - name: setup-go uses: actions/setup-go@v5 with: - go-version-file: ".github/scripts/infrautil/go.mod" - cache-dependency-path: ".github/scripts/infrautil/go.sum" + go-version-file: "scripts/infrautil/go.mod" + cache-dependency-path: "scripts/infrautil/go.sum" - name: make snapshot run: | diff --git a/Makefile b/Makefile index 2de4ad65e..ad7ede989 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ -INFRAUTIL ?= .github/scripts/infrautil/infrautil +INFRAUTIL ?= scripts/infrautil/infrautil build-infrautil: - cd .github/scripts/infrautil && go build -o infrautil . + cd scripts/infrautil && go build -o infrautil . .PHONY: namespace namespace: build-infrautil diff --git a/.github/scripts/infrautil/.gitignore b/scripts/infrautil/.gitignore similarity index 100% rename from .github/scripts/infrautil/.gitignore rename to scripts/infrautil/.gitignore diff --git a/.github/scripts/infrautil/go.mod b/scripts/infrautil/go.mod similarity index 99% rename from .github/scripts/infrautil/go.mod rename to scripts/infrautil/go.mod index 0c4ed67fe..0c96f6310 100644 --- a/.github/scripts/infrautil/go.mod +++ b/scripts/infrautil/go.mod @@ -1,4 +1,4 @@ -module github.com/walnuts1018/infra/.github/scripts/infrautil +module github.com/walnuts1018/infra/scripts/infrautil go 1.23.2 diff --git a/.github/scripts/infrautil/go.sum b/scripts/infrautil/go.sum similarity index 100% rename from .github/scripts/infrautil/go.sum rename to scripts/infrautil/go.sum diff --git a/.github/scripts/infrautil/helmSnapshotCmd.go b/scripts/infrautil/helmSnapshotCmd.go similarity index 98% rename from .github/scripts/infrautil/helmSnapshotCmd.go rename to scripts/infrautil/helmSnapshotCmd.go index 51b69fe89..53c7de726 100644 --- a/.github/scripts/infrautil/helmSnapshotCmd.go +++ b/scripts/infrautil/helmSnapshotCmd.go @@ -13,7 +13,7 @@ import ( "path/filepath" "github.com/google/subcommands" - "github.com/walnuts1018/infra/.github/scripts/infrautil/lib" + "github.com/walnuts1018/infra/scripts/infrautil/lib" "golang.org/x/sync/errgroup" ) diff --git a/.github/scripts/infrautil/lib/apps.go b/scripts/infrautil/lib/apps.go similarity index 100% rename from .github/scripts/infrautil/lib/apps.go rename to scripts/infrautil/lib/apps.go diff --git a/.github/scripts/infrautil/lib/helm.go b/scripts/infrautil/lib/helm.go similarity index 100% rename from .github/scripts/infrautil/lib/helm.go rename to scripts/infrautil/lib/helm.go diff --git a/.github/scripts/infrautil/lib/helm_test.go b/scripts/infrautil/lib/helm_test.go similarity index 100% rename from .github/scripts/infrautil/lib/helm_test.go rename to scripts/infrautil/lib/helm_test.go diff --git a/.github/scripts/infrautil/lib/helmyaml.go b/scripts/infrautil/lib/helmyaml.go similarity index 100% rename from .github/scripts/infrautil/lib/helmyaml.go rename to scripts/infrautil/lib/helmyaml.go diff --git a/.github/scripts/infrautil/lib/jsonnet.go b/scripts/infrautil/lib/jsonnet.go similarity index 100% rename from .github/scripts/infrautil/lib/jsonnet.go rename to scripts/infrautil/lib/jsonnet.go diff --git a/.github/scripts/infrautil/lib/jsonnet_test.go b/scripts/infrautil/lib/jsonnet_test.go similarity index 100% rename from .github/scripts/infrautil/lib/jsonnet_test.go rename to scripts/infrautil/lib/jsonnet_test.go diff --git a/.github/scripts/infrautil/lib/namespace.go b/scripts/infrautil/lib/namespace.go similarity index 100% rename from .github/scripts/infrautil/lib/namespace.go rename to scripts/infrautil/lib/namespace.go diff --git a/.github/scripts/infrautil/lib/namespace_test.go b/scripts/infrautil/lib/namespace_test.go similarity index 100% rename from .github/scripts/infrautil/lib/namespace_test.go rename to scripts/infrautil/lib/namespace_test.go diff --git a/.github/scripts/infrautil/lib/testfiles/app.json5 b/scripts/infrautil/lib/testfiles/app.json5 similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/app.json5 rename to scripts/infrautil/lib/testfiles/app.json5 diff --git a/.github/scripts/infrautil/lib/testfiles/components/container.libsonnet b/scripts/infrautil/lib/testfiles/components/container.libsonnet similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/components/container.libsonnet rename to scripts/infrautil/lib/testfiles/components/container.libsonnet diff --git a/.github/scripts/infrautil/lib/testfiles/components/labels.libsonnet b/scripts/infrautil/lib/testfiles/components/labels.libsonnet similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/components/labels.libsonnet rename to scripts/infrautil/lib/testfiles/components/labels.libsonnet diff --git a/.github/scripts/infrautil/lib/testfiles/deployment.jsonnet b/scripts/infrautil/lib/testfiles/deployment.jsonnet similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/deployment.jsonnet rename to scripts/infrautil/lib/testfiles/deployment.jsonnet diff --git a/.github/scripts/infrautil/lib/testfiles/deployment.yaml b/scripts/infrautil/lib/testfiles/deployment.yaml similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/deployment.yaml rename to scripts/infrautil/lib/testfiles/deployment.yaml diff --git a/.github/scripts/infrautil/lib/testfiles/helm.result.yaml b/scripts/infrautil/lib/testfiles/helm.result.yaml similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/helm.result.yaml rename to scripts/infrautil/lib/testfiles/helm.result.yaml diff --git a/.github/scripts/infrautil/lib/testfiles/ingress.jsonnet b/scripts/infrautil/lib/testfiles/ingress.jsonnet similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/ingress.jsonnet rename to scripts/infrautil/lib/testfiles/ingress.jsonnet diff --git a/.github/scripts/infrautil/lib/testfiles/ingress.yaml b/scripts/infrautil/lib/testfiles/ingress.yaml similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/ingress.yaml rename to scripts/infrautil/lib/testfiles/ingress.yaml diff --git a/.github/scripts/infrautil/lib/testfiles/pvc.jsonnet b/scripts/infrautil/lib/testfiles/pvc.jsonnet similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/pvc.jsonnet rename to scripts/infrautil/lib/testfiles/pvc.jsonnet diff --git a/.github/scripts/infrautil/lib/testfiles/pvc.yaml b/scripts/infrautil/lib/testfiles/pvc.yaml similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/pvc.yaml rename to scripts/infrautil/lib/testfiles/pvc.yaml diff --git a/.github/scripts/infrautil/lib/testfiles/service.jsonnet b/scripts/infrautil/lib/testfiles/service.jsonnet similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/service.jsonnet rename to scripts/infrautil/lib/testfiles/service.jsonnet diff --git a/.github/scripts/infrautil/lib/testfiles/service.yaml b/scripts/infrautil/lib/testfiles/service.yaml similarity index 100% rename from .github/scripts/infrautil/lib/testfiles/service.yaml rename to scripts/infrautil/lib/testfiles/service.yaml diff --git a/.github/scripts/infrautil/main.go b/scripts/infrautil/main.go similarity index 100% rename from .github/scripts/infrautil/main.go rename to scripts/infrautil/main.go diff --git a/.github/scripts/infrautil/namespaceCmd.go b/scripts/infrautil/namespaceCmd.go similarity index 96% rename from .github/scripts/infrautil/namespaceCmd.go rename to scripts/infrautil/namespaceCmd.go index fd7c001a0..b3cb485a7 100644 --- a/.github/scripts/infrautil/namespaceCmd.go +++ b/scripts/infrautil/namespaceCmd.go @@ -8,7 +8,7 @@ import ( "os" "github.com/google/subcommands" - "github.com/walnuts1018/infra/.github/scripts/infrautil/lib" + "github.com/walnuts1018/infra/scripts/infrautil/lib" ) type namespaceCmd struct { diff --git a/.github/scripts/infrautil/snapshotCmd.go b/scripts/infrautil/snapshotCmd.go similarity index 97% rename from .github/scripts/infrautil/snapshotCmd.go rename to scripts/infrautil/snapshotCmd.go index b7b9483a2..264bef6f1 100644 --- a/.github/scripts/infrautil/snapshotCmd.go +++ b/scripts/infrautil/snapshotCmd.go @@ -9,7 +9,7 @@ import ( "path/filepath" "github.com/google/subcommands" - "github.com/walnuts1018/infra/.github/scripts/infrautil/lib" + "github.com/walnuts1018/infra/scripts/infrautil/lib" "golang.org/x/sync/errgroup" ) From 138838e522f7adb8222483683d97d94cd99661e3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 20 Dec 2024 00:36:42 +0900 Subject: [PATCH 0558/1209] add aqua Signed-off-by: walnuts1018 --- aqua.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/aqua.yaml b/aqua.yaml index 4e7faf801..99c5ef9a2 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -11,3 +11,4 @@ registries: ref: v4.279.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 +- name: hashicorp/terraform@v1.10.3 From 7ecc644a17f09660734b11317223ac567023730f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 20 Dec 2024 00:41:01 +0900 Subject: [PATCH 0559/1209] fix: update indirect dependencies in go.mod Signed-off-by: walnuts1018 --- scripts/infrautil/go.mod | 53 ++++++++++++++++++++------------------- scripts/infrautil/go.sum | 54 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 26 deletions(-) diff --git a/scripts/infrautil/go.mod b/scripts/infrautil/go.mod index 0c96f6310..5dcc943b6 100644 --- a/scripts/infrautil/go.mod +++ b/scripts/infrautil/go.mod @@ -35,12 +35,12 @@ require ( github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect - github.com/cyphar/filepath-securejoin v0.3.5 // indirect + github.com/cyphar/filepath-securejoin v0.3.6 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v27.3.1+incompatible // indirect + github.com/docker/cli v27.4.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v27.3.1+incompatible // indirect + github.com/docker/docker v27.4.1+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect @@ -61,7 +61,7 @@ require ( github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/goccy/go-yaml v1.15.7 // indirect + github.com/goccy/go-yaml v1.15.11 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect @@ -88,7 +88,7 @@ require ( github.com/leodido/go-urn v1.4.0 // indirect github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect - github.com/mailru/easyjson v0.7.7 // indirect + github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect @@ -111,11 +111,11 @@ require ( github.com/prometheus/common v0.61.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect - github.com/rubenv/sql-migrate v1.7.0 // indirect + github.com/rubenv/sql-migrate v1.7.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect @@ -123,38 +123,39 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect - go.opentelemetry.io/otel v1.32.0 // indirect - go.opentelemetry.io/otel/metric v1.32.0 // indirect - go.opentelemetry.io/otel/trace v1.32.0 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect go.starlark.net v0.0.0-20241125201518-c05ff208a98f // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect - google.golang.org/grpc v1.68.1 // indirect - google.golang.org/protobuf v1.35.2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect + google.golang.org/grpc v1.69.2 // indirect + google.golang.org/protobuf v1.36.0 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/api v0.31.3 // indirect - k8s.io/apiextensions-apiserver v0.31.3 // indirect - k8s.io/apimachinery v0.31.3 // indirect - k8s.io/apiserver v0.31.3 // indirect - k8s.io/cli-runtime v0.31.3 // indirect - k8s.io/client-go v0.31.3 // indirect - k8s.io/component-base v0.31.3 // indirect + k8s.io/api v0.32.0 // indirect + k8s.io/apiextensions-apiserver v0.32.0 // indirect + k8s.io/apimachinery v0.32.0 // indirect + k8s.io/apiserver v0.32.0 // indirect + k8s.io/cli-runtime v0.32.0 // indirect + k8s.io/client-go v0.32.0 // indirect + k8s.io/component-base v0.32.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f // indirect - k8s.io/kubectl v0.31.3 // indirect - k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 // indirect + k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect + k8s.io/kubectl v0.32.0 // indirect + k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect oras.land/oras-go v1.2.6 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/kustomize/api v0.18.0 // indirect sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect ) diff --git a/scripts/infrautil/go.sum b/scripts/infrautil/go.sum index f91c939f9..af3ae4d7e 100644 --- a/scripts/infrautil/go.sum +++ b/scripts/infrautil/go.sum @@ -91,6 +91,8 @@ github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0 github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/cyphar/filepath-securejoin v0.3.5 h1:L81NHjquoQmcPgXcttUS9qTSR/+bXry6pbSINQGpjj4= github.com/cyphar/filepath-securejoin v0.3.5/go.mod h1:edhVd3c6OXKjUmSrVa/tGJRS9joFTxlslFCAyaxigkE= +github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= +github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -103,12 +105,16 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPDpigSyeKQQ= github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.4.1+incompatible h1:VzPiUlRJ/xh+otB75gva3r05isHMo5wXDfPRi5/b4hI= +github.com/docker/cli v27.4.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI= github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.4.1+incompatible h1:ZJvcY7gfwHn1JF48PfbyXg7Jyt9ZCWDW+GGXOIxEwp4= +github.com/docker/docker v27.4.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= @@ -195,6 +201,8 @@ github.com/goccy/go-yaml v1.15.6 h1:gy5kf1yjMia3/c3wWD+u1z3lU5XlhpT8FZGaLJU9cOA= github.com/goccy/go-yaml v1.15.6/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/goccy/go-yaml v1.15.7 h1:L7XuKpd/A66X4w/dlk08lVfiIADdy79a1AzRoIefC98= github.com/goccy/go-yaml v1.15.7/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= +github.com/goccy/go-yaml v1.15.11 h1:XeEd/2INF0TXXWMzJ9ALqJLGjGDl4PIi1gmrK+7KpAs= +github.com/goccy/go-yaml v1.15.11/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -310,6 +318,8 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= @@ -408,6 +418,8 @@ github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= +github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4= +github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4= github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= @@ -421,6 +433,8 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -464,22 +478,32 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.starlark.net v0.0.0-20241125201518-c05ff208a98f h1:W+3pcCdjGognUT+oE6tXsC3xiCEcCYTaJBXHHRn7aW0= @@ -518,6 +542,8 @@ golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -585,6 +611,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -592,6 +620,8 @@ google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -604,6 +634,8 @@ google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6h google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= +google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -631,44 +663,64 @@ k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= +k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= +k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE= k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c= k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM= k8s.io/apiserver v0.31.3 h1:+1oHTtCB+OheqFEz375D0IlzHZ5VeQKX1KGXnx+TTuY= k8s.io/apiserver v0.31.3/go.mod h1:PrxVbebxrxQPFhJk4powDISIROkNMKHibTg9lTRQ0Qg= +k8s.io/apiserver v0.32.0 h1:VJ89ZvQZ8p1sLeiWdRJpRD6oLozNZD2+qVSLi+ft5Qs= +k8s.io/apiserver v0.32.0/go.mod h1:HFh+dM1/BE/Hm4bS4nTXHVfN6Z6tFIZPi649n83b4Ag= k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk= k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U= k8s.io/cli-runtime v0.31.3 h1:fEQD9Xokir78y7pVK/fCJN090/iYNrLHpFbGU4ul9TI= k8s.io/cli-runtime v0.31.3/go.mod h1:Q2jkyTpl+f6AtodQvgDI8io3jrfr+Z0LyQBPJJ2Btq8= +k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c= +k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ= k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= +k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= +k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8= k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w= k8s.io/component-base v0.31.3 h1:DMCXXVx546Rfvhj+3cOm2EUxhS+EyztH423j+8sOwhQ= k8s.io/component-base v0.31.3/go.mod h1:xME6BHfUOafRgT0rGVBGl7TuSg8Z9/deT7qq6w7qjIU= +k8s.io/component-base v0.32.0 h1:d6cWHZkCiiep41ObYQS6IcgzOUQUNpywm39KVYaUqzU= +k8s.io/component-base v0.32.0/go.mod h1:JLG2W5TUxUu5uDyKiH2R/7NnxJo1HlPoRIIbVLkK5eM= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f h1:nLHvOvs1CZ+FAEwR4EqLeRLfbtWQNlIu5g393Hq/1UM= k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f/go.mod h1:iZjdMQzunI7O/sUrf/5WRX1gvaAIam32lKx9+paoLbU= +k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= +k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24= k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM= k8s.io/kubectl v0.31.3 h1:3r111pCjPsvnR98oLLxDMwAeM6OPGmPty6gSKaLTQes= k8s.io/kubectl v0.31.3/go.mod h1:lhMECDCbJN8He12qcKqs2QfmVo9Pue30geovBVpH5fs= +k8s.io/kubectl v0.32.0 h1:rpxl+ng9qeG79YA4Em9tLSfX0G8W0vfaiPVrc/WR7Xw= +k8s.io/kubectl v0.32.0/go.mod h1:qIjSX+QgPQUgdy8ps6eKsYNF+YmFOAO3WygfucIqFiE= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= +k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= oras.land/oras-go v1.2.6 h1:z8cmxQXBU8yZ4mkytWqXfo6tZcamPwjsuxYU81xJ8Lk= @@ -689,5 +741,7 @@ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+s sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= +sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 8810ebda0b8212db59829a54d4140f91b9061d2f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 20 Dec 2024 00:42:37 +0900 Subject: [PATCH 0560/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-frontend docker tag to v2436a6d5f7c899ca8717ffcea4494d1fb25007a8-63 (#1122) Co-authored-by: Renovate Bot --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 6c63dadd1..169944749 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:c50e0d09f307d7b9cd04d9edf59a632e6a321b01-62', + image: 'ghcr.io/walnuts1018/mucaron-frontend:2436a6d5f7c899ca8717ffcea4494d1fb25007a8-63', ports: [ { containerPort: 3000, From c2676211d22b5d5d0aba206c3b171dbae171156e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 19 Dec 2024 17:01:31 +0000 Subject: [PATCH 0561/1209] chore(deps): update helm release kube-prometheus-stack to v67.4.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index f6ff583ec..d7c718491 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.3.1', + targetRevision: '67.4.0', values: (importstr 'values.yaml'), } From ee6c5b5fe77fc90b8ed99fe5b2a917295b5f469a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 20 Dec 2024 02:52:06 +0900 Subject: [PATCH 0562/1209] chore(deps): update cloudflare/cloudflared docker tag to v2024.12.2 (#1124) Co-authored-by: Renovate Bot --- k8s/apps/cloudflared/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflared/deployment.jsonnet b/k8s/apps/cloudflared/deployment.jsonnet index 13d95b6a3..a18ce1d3f 100644 --- a/k8s/apps/cloudflared/deployment.jsonnet +++ b/k8s/apps/cloudflared/deployment.jsonnet @@ -30,7 +30,7 @@ securityContext: { readOnlyRootFilesystem: true, }, - image: 'cloudflare/cloudflared:2024.12.1', + image: 'cloudflare/cloudflared:2024.12.2', imagePullPolicy: 'IfNotPresent', args: [ '--no-autoupdate', From c2effa5ca02407dc3736f01937d75a7bff762a4b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 19 Dec 2024 18:31:10 +0000 Subject: [PATCH 0563/1209] chore(deps): update terraform aws to ~> 5.82.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index 67184c8f7..eb5c19329 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.81.0" + version = "~> 5.82.0" } } } From a031fa643632e75cf02860afb454431b9d42014f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 20 Dec 2024 07:12:26 +0900 Subject: [PATCH 0564/1209] chore(deps): update helm release nextcloud to v6.5.1 (#1126) Co-authored-by: Renovate Bot --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index 72dcb0b79..95aa0e93f 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.5.0', + targetRevision: '6.5.1', values: (importstr 'values.yaml'), } From ef1931e5e9a47c55f453f37d970a627739e8b919 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 20 Dec 2024 13:12:30 +0900 Subject: [PATCH 0565/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.280.0 (#1127) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 99c5ef9a2..e0dd7aede 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.279.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.280.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 0168210acaa5bf3a47ef7632a8f9bf7c5adcaf30 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 20 Dec 2024 10:51:08 +0000 Subject: [PATCH 0566/1209] chore(deps): update terraform zitadel to v2.0.2 --- terraform/modules/zitadel/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/zitadel/provider.tf b/terraform/modules/zitadel/provider.tf index 2609fad2b..62f853a15 100644 --- a/terraform/modules/zitadel/provider.tf +++ b/terraform/modules/zitadel/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { zitadel = { source = "zitadel/zitadel" - version = "2.0.1" + version = "2.0.2" } } } From ff521f9f1b0159059e2e2966bd2c516978302a0e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 21 Dec 2024 07:42:37 +0900 Subject: [PATCH 0567/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.281.0 (#1130) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index e0dd7aede..ae7d46b57 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.280.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.281.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 4cdff8b568e15fc2e3fae65f1e8c52a0bcc35402 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 21 Dec 2024 15:32:15 +0900 Subject: [PATCH 0568/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.282.0 (#1131) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index ae7d46b57..7e54af77d 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.281.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.282.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 720bc636d27b5bb97c553573410b4abc0b67bdfb Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 21 Dec 2024 21:32:04 +0900 Subject: [PATCH 0569/1209] chore(deps): update helm release argo-cd to v7.7.11 (#1132) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index c8105eb07..489468666 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.10', + targetRevision: '7.7.11', values: (importstr 'values.yaml'), } From f8fda4012212804a8c0ab21af588596484247502 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 21 Dec 2024 15:21:18 +0000 Subject: [PATCH 0570/1209] chore(deps): update renovate/renovate docker tag to v39.80.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 722de2cc4..2a359fc7a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.75.1', + image: 'renovate/renovate:39.80.0', resources: { requests: { memory: '256Mi', From ee3ab36ade98530a521370f79220d96a96365e92 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 22 Dec 2024 01:13:36 +0900 Subject: [PATCH 0571/1209] feat(prometheus): enhance storage configuration for local storage and retention Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/helm.jsonnet | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index d7c718491..52654a4b6 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -5,5 +5,23 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', targetRevision: '67.4.0', - values: (importstr 'values.yaml'), + valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { + prometheus: { + prometheusSpec: { + local storageSize = 32, + storageSpec: { + volumeClaimTemplate: { + spec: { + resources: { + requests: { + storage: std.format('%dGi', storageSize), + }, + }, + }, + }, + }, + retentionSize: std.format('%dGiB', storageSize * 0.8), + }, + }, + }), } From 9008bab67737aae4145a604b95d675415a063786 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 22 Dec 2024 05:32:04 +0900 Subject: [PATCH 0572/1209] fix(prometheus): adjust retention size calculation to 75% of storage size Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 52654a4b6..6d4051c1e 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -20,7 +20,7 @@ }, }, }, - retentionSize: std.format('%dGiB', storageSize * 0.8), + retentionSize: std.format('%dGiB', storageSize * 0.75), }, }, }), From 62a2a5e39a35151535561dddb38e64a8ecbbd4c4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 22 Dec 2024 05:42:48 +0900 Subject: [PATCH 0573/1209] feat(deployment): add pod anti-affinity rules for improved scheduling Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 517e8cc3f..069453c6d 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -74,6 +74,27 @@ ], priorityClassName: 'high', affinity: { + podAntiAffinity: { + preferredDuringSchedulingIgnoredDuringExecution: [ + { + weight: 100, + podAffinityTerm: { + labelSelector: { + matchExpressions: [ + { + key: 'app', + operator: 'In', + values: [ + (import 'app.json5').name, + ], + }, + ], + }, + topologyKey: 'kubernetes.io/hostname', + }, + }, + ], + }, nodeAffinity: { preferredDuringSchedulingIgnoredDuringExecution: [ { From 5bce56a8fb6de20f3cd7c12b1ca0b573d3b86ac2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 21 Dec 2024 20:50:04 +0000 Subject: [PATCH 0574/1209] chore(deps): update ghcr.io/joryirving/smartctl_exporter docker tag to v0.13.0 --- k8s/apps/smartctl-exporter/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/smartctl-exporter/values.yaml b/k8s/apps/smartctl-exporter/values.yaml index 855e5f73b..92e1475a4 100644 --- a/k8s/apps/smartctl-exporter/values.yaml +++ b/k8s/apps/smartctl-exporter/values.yaml @@ -1,6 +1,6 @@ image: repository: ghcr.io/joryirving/smartctl_exporter - tag: "0.12.0" + tag: "0.13.0" podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "9666" From 04567fe27188a5f419ff5d9020f93ba0397a3e35 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 22 Dec 2024 14:11:52 +0900 Subject: [PATCH 0575/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.283.0 (#1135) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 7e54af77d..5844d0387 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.282.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.283.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 1569fa08699e52e718e1500e6ac642137324f272 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 23 Dec 2024 18:12:05 +0900 Subject: [PATCH 0576/1209] chore(deps): update helm release oauth2-proxy to v7.8.3 (#1137) Co-authored-by: Renovate Bot --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 735e9d38d..de2104cac 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.8.2', + targetRevision: '7.8.3', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From df94b9aabe28cde4f7c3f46f30b42c4517cf6ca5 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 23 Dec 2024 10:35:56 +0000 Subject: [PATCH 0577/1209] chore(deps): update renovate/renovate docker tag to v39.82.2 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 2a359fc7a..f1289b433 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.80.0', + image: 'renovate/renovate:39.82.2', resources: { requests: { memory: '256Mi', From 094693e84bc7924861d57ca583ff2a2c0728f31a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 23 Dec 2024 12:31:56 +0000 Subject: [PATCH 0578/1209] chore(deps): update helm release postgres-operator to v1.14.0 --- k8s/apps/zalando-psql-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zalando-psql-operator/helm.jsonnet b/k8s/apps/zalando-psql-operator/helm.jsonnet index 702e86d2e..93ab99273 100644 --- a/k8s/apps/zalando-psql-operator/helm.jsonnet +++ b/k8s/apps/zalando-psql-operator/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'postgres-operator', repoURL: 'https://opensource.zalando.com/postgres-operator/charts/postgres-operator', - targetRevision: '1.13.0', + targetRevision: '1.14.0', values: (importstr 'values.yaml'), } From a3db39f4a68450778cff234e85a721733bba5492 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 23 Dec 2024 21:32:31 +0900 Subject: [PATCH 0579/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v35f21bea81e428b3699b6bf6369a2016aa49bfd7-334 (#1138) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 069453c6d..a46548893 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:3da46301abad841586608e9b6e77849400fa9bce-330', + image: 'ghcr.io/walnuts1018/walnuts.dev:35f21bea81e428b3699b6bf6369a2016aa49bfd7-334', imagePullPolicy: 'IfNotPresent', ports: [ { From 82048ea6dcc73ffac96e0170ba0d470bb9f5fae1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 30 Dec 2024 17:39:40 +0900 Subject: [PATCH 0580/1209] feat(descheduler): update node affinity and resource thresholds for improved scheduling Signed-off-by: walnuts1018 --- k8s/apps/descheduler/values.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/k8s/apps/descheduler/values.yaml b/k8s/apps/descheduler/values.yaml index 9ddb6de25..909686d96 100644 --- a/k8s/apps/descheduler/values.yaml +++ b/k8s/apps/descheduler/values.yaml @@ -17,6 +17,7 @@ deschedulerPolicy: args: nodeAffinityType: - requiredDuringSchedulingIgnoredDuringExecution + - preferredDuringSchedulingIgnoredDuringExecution - name: RemovePodsViolatingTopologySpreadConstraint args: constraints: @@ -24,13 +25,13 @@ deschedulerPolicy: - name: LowNodeUtilization args: thresholds: - cpu: 30 - memory: 50 - pods: 30 + cpu: 80 + memory: 80 + pods: 110 targetThresholds: cpu: 50 - memory: 60 - pods: 50 + memory: 70 + pods: 60 plugins: balance: enabled: From 6f43a763d59d73e0abd50f94bd992655bf2fd89e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 30 Dec 2024 17:43:20 +0900 Subject: [PATCH 0581/1209] feat(renovate): increase storage request from 1Gi to 3Gi in pvc.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/renovate/pvc.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/pvc.jsonnet b/k8s/apps/renovate/pvc.jsonnet index 0c327a789..4af6b7261 100644 --- a/k8s/apps/renovate/pvc.jsonnet +++ b/k8s/apps/renovate/pvc.jsonnet @@ -12,7 +12,7 @@ ], resources: { requests: { - storage: '1Gi', + storage: '3Gi', }, }, }, From f52e5ce84bf52f90292177a6c947e151b8ab5c5d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 08:47:48 +0000 Subject: [PATCH 0582/1209] chore(deps): update helm release external-secrets to v0.12.1 --- k8s/apps/external-secrets/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet index 062ecc6e3..c26065cc1 100644 --- a/k8s/apps/external-secrets/helm.jsonnet +++ b/k8s/apps/external-secrets/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'external-secrets', repoURL: 'https://charts.external-secrets.io', - targetRevision: '0.11.0', + targetRevision: '0.12.1', values: '', } From b057c270ae90c55fe4d2dfd3c661d2ff001ac2e4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 08:47:56 +0000 Subject: [PATCH 0583/1209] chore(deps): update helm release kube-prometheus-stack to v67.5.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 6d4051c1e..b8aa13572 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.4.0', + targetRevision: '67.5.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 1a0827f01e1c5a37750c41edeb6faa0de998b76f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 08:48:21 +0000 Subject: [PATCH 0584/1209] chore(deps): update helm release prometheus-smartctl-exporter to v0.13.0 --- k8s/apps/smartctl-exporter/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/smartctl-exporter/helm.jsonnet b/k8s/apps/smartctl-exporter/helm.jsonnet index e8968ee42..aca667ce8 100644 --- a/k8s/apps/smartctl-exporter/helm.jsonnet +++ b/k8s/apps/smartctl-exporter/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'prometheus-smartctl-exporter', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '0.11.0', + targetRevision: '0.13.0', values: (importstr 'values.yaml'), } From cdd10526f589c2fc7ccebb0b15233af2548c6646 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 30 Dec 2024 17:48:33 +0900 Subject: [PATCH 0585/1209] chore(deps): update helm release nextcloud to v6.5.2 (#1141) Co-authored-by: Renovate Bot --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index 95aa0e93f..6d093a91d 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.5.1', + targetRevision: '6.5.2', values: (importstr 'values.yaml'), } From a1ee37b3f3b65d12a50709974a831f0c6afd181d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 08:48:35 +0000 Subject: [PATCH 0586/1209] chore(deps): update renovate/renovate docker tag to v39.86.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index f1289b433..79330c8b8 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.82.2', + image: 'renovate/renovate:39.86.0', resources: { requests: { memory: '256Mi', From 26e41fb7e0dc4594a64e10586e92b2a690df0869 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 30 Dec 2024 17:48:39 +0900 Subject: [PATCH 0587/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v085395c5fadeac556efe52033754a8cebb4d66d0-347 (#1140) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index a46548893..61fb052d5 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:35f21bea81e428b3699b6bf6369a2016aa49bfd7-334', + image: 'ghcr.io/walnuts1018/walnuts.dev:085395c5fadeac556efe52033754a8cebb4d66d0-347', imagePullPolicy: 'IfNotPresent', ports: [ { From 0a18c7b4fa092253654305b63fc76f786653cc2d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 30 Dec 2024 17:48:43 +0900 Subject: [PATCH 0588/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.286.0 (#1142) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 5844d0387..970ba4d46 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.283.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.286.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 8a3618be7b4f842e8202119dbf08dc5f785d19cd Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 08:49:01 +0000 Subject: [PATCH 0589/1209] chore(deps): update terraform cloudflare to v4.49.1 --- terraform/modules/cloudflare/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/cloudflare/provider.tf b/terraform/modules/cloudflare/provider.tf index 67d649614..1dd937361 100644 --- a/terraform/modules/cloudflare/provider.tf +++ b/terraform/modules/cloudflare/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "4.48.0" + version = "4.49.1" } } } From a883a3c4f2ea4971047e60d2269279db8843b59b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 30 Dec 2024 17:52:05 +0900 Subject: [PATCH 0590/1209] docs(readme): remove fluxcd installation instructions and add maxPods configuration Signed-off-by: walnuts1018 --- k8s/init/readme.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/k8s/init/readme.md b/k8s/init/readme.md index 4b909442f..9b577b008 100644 --- a/k8s/init/readme.md +++ b/k8s/init/readme.md @@ -357,17 +357,6 @@ sudo apt-get update sudo apt-get install helm ``` -## fluxcd - -```bash -curl -s https://fluxcd.io/install.sh | sudo bash -# echo "[[ /usr/bin/flux ]] && source <(flux completion zsh)" >> ~/.zshrc -``` - -```bash -flux bootstrap github --owner=walnuts1018 --repository=infra --branch=deploy --path=./k8s/_flux/kurumi/ --components-extra=image-reflector-controller,image-automation-controller --reconcile --ssh-key-algorithm=ed25519 --read-write-key=true -``` - ## labels ```bash @@ -379,3 +368,15 @@ kubectl label nodes peach walnuts.dev/ondemand=true ```shell helm install onepassword-connect -n onepassword --create-namespace 1password/connect --set-literal connect.credentials="$(op read "op://kurumi/kurumi Credentials File/1password-credentials.json")" --set operator.create=true --set operator.token.value="$(op item get mhc7wnb4oe3kevaiubx3cxz7du --reveal --fields label=credential)" ``` + +## MaxPods + +```shell +kubectl -n kube-system edit cm kubelet-config +``` + +下を追記 + +```yaml +maxPods: 250 +``` From ada6d65ad313770895974ebd8cd1207d14ed2b85 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 09:21:19 +0000 Subject: [PATCH 0591/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v02963e98e8bbd8ebb3915f00bd0c0cee2b953768-349 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 61fb052d5..59b206f69 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:085395c5fadeac556efe52033754a8cebb4d66d0-347', + image: 'ghcr.io/walnuts1018/walnuts.dev:02963e98e8bbd8ebb3915f00bd0c0cee2b953768-349', imagePullPolicy: 'IfNotPresent', ports: [ { From e62e11f2d60babe77d3b3d47c376433ce73b4392 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 30 Dec 2024 18:40:50 +0900 Subject: [PATCH 0592/1209] chore(deps): update walnuts.dev image tag to 02c939920929513a233e194964a9060987462a8c-353 Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 59b206f69..6098befd9 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:02963e98e8bbd8ebb3915f00bd0c0cee2b953768-349', + image: 'ghcr.io/walnuts1018/walnuts.dev:02c939920929513a233e194964a9060987462a8c-353', imagePullPolicy: 'IfNotPresent', ports: [ { From f58a08e019d64fdbce52b7be0a63e9c2dccde525 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 10:01:17 +0000 Subject: [PATCH 0593/1209] chore(deps): update helm release oauth2-proxy to v7.9.0 --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index de2104cac..9ceb90114 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.8.3', + targetRevision: '7.9.0', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From d5758a17b1905afbd0299683e57195aff0f1b7ed Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 30 Dec 2024 21:23:35 +0900 Subject: [PATCH 0594/1209] chore(deps): update renovate/renovate docker tag to v39.86.1 (#1151) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 79330c8b8..0765cb637 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.86.0', + image: 'renovate/renovate:39.86.1', resources: { requests: { memory: '256Mi', From a0fc1efb2aa922577a1fb278e24aee6fb72757d4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 31 Dec 2024 00:28:07 +0900 Subject: [PATCH 0595/1209] chore(ingress): add Cloudflare tunnel annotation for nginx test Signed-off-by: walnuts1018 --- k8s/apps/nginx-test/ingress.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/nginx-test/ingress.jsonnet b/k8s/apps/nginx-test/ingress.jsonnet index 1e0c77ddb..c2f85e253 100644 --- a/k8s/apps/nginx-test/ingress.jsonnet +++ b/k8s/apps/nginx-test/ingress.jsonnet @@ -7,6 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, annotations: { 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', + 'cf-tunnel-operator.walnuts.dev/cloudflare-tunnel': 'default/cloudflaretunnel-sample', }, }, spec: { From 7388db42ad5c516bb3ff114038dc08b0a5a0a948 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 17:41:15 +0000 Subject: [PATCH 0596/1209] chore(deps): update helm release opentelemetry-operator to v0.76.0 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index fcfe1f144..fba282a30 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.75.1', + targetRevision: '0.76.0', values: (importstr 'values.yaml'), } From 0c91287320227627b13f7189c9575d24e1c2ab54 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 31 Dec 2024 02:42:02 +0900 Subject: [PATCH 0597/1209] chore(deps): update helm release ingress-nginx to v4.11.4 (#1152) Co-authored-by: Renovate Bot --- k8s/apps/ingress-nginx/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/ingress-nginx/helm.jsonnet b/k8s/apps/ingress-nginx/helm.jsonnet index ece25fc35..a7c1e5685 100644 --- a/k8s/apps/ingress-nginx/helm.jsonnet +++ b/k8s/apps/ingress-nginx/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'ingress-nginx', repoURL: 'https://kubernetes.github.io/ingress-nginx', - targetRevision: '4.11.3', + targetRevision: '4.11.4', values: (importstr 'values.yaml'), } From befce1ac21f22919ca82868470d34cdce0e8a97f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 30 Dec 2024 18:21:03 +0000 Subject: [PATCH 0598/1209] chore(deps): update helm release ingress-nginx to v4.12.0 --- k8s/apps/ingress-nginx/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/ingress-nginx/helm.jsonnet b/k8s/apps/ingress-nginx/helm.jsonnet index a7c1e5685..6654f7cf8 100644 --- a/k8s/apps/ingress-nginx/helm.jsonnet +++ b/k8s/apps/ingress-nginx/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'ingress-nginx', repoURL: 'https://kubernetes.github.io/ingress-nginx', - targetRevision: '4.11.4', + targetRevision: '4.12.0', values: (importstr 'values.yaml'), } From e7fdd9b277341c11310150a081564d795e0ae7cf Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 31 Dec 2024 09:21:56 +0900 Subject: [PATCH 0599/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.287.0 (#1155) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 970ba4d46..9e16a7be2 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.286.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.287.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 432d1402fac6e5c9ee59f3d5607936c1a8556761 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 31 Dec 2024 16:01:12 +0000 Subject: [PATCH 0600/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v38f8551fb2eab7317855d1ec3500c6ce22bbb49b-354 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 6098befd9..4b14c0b38 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:02c939920929513a233e194964a9060987462a8c-353', + image: 'ghcr.io/walnuts1018/walnuts.dev:38f8551fb2eab7317855d1ec3500c6ce22bbb49b-354', imagePullPolicy: 'IfNotPresent', ports: [ { From 95db6f9c5011972030bcfe42e6c0545d56f24097 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 1 Jan 2025 01:42:04 +0900 Subject: [PATCH 0601/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to c0f77f41d74e78fb7bc76e2eba97cdbf174ee09c-355 (#1157) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 4b14c0b38..b1c264119 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:38f8551fb2eab7317855d1ec3500c6ce22bbb49b-354', + image: 'ghcr.io/walnuts1018/walnuts.dev:c0f77f41d74e78fb7bc76e2eba97cdbf174ee09c-355', imagePullPolicy: 'IfNotPresent', ports: [ { From ac85ee43fa409a2a96ddfebf810a5ed3691402c7 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 1 Jan 2025 02:22:05 +0900 Subject: [PATCH 0602/1209] chore(deps): update renovate/renovate docker tag to v39.86.2 (#1158) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0765cb637..2f3adbf74 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.86.1', + image: 'renovate/renovate:39.86.2', resources: { requests: { memory: '256Mi', From d7600940f59c495a8d9b54f554ce543a2a4aadbd Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 02:34:46 +0900 Subject: [PATCH 0603/1209] add actions-runner-controller Signed-off-by: walnuts1018 --- k8s/apps/actions-runner-controller/app.json5 | 4 +++ .../external-secret.jsonnet | 28 +++++++++++++++++++ .../actions-runner-controller/helm.jsonnet | 13 +++++++++ .../actions-runner-controller/values.yaml | 3 ++ 4 files changed, 48 insertions(+) create mode 100644 k8s/apps/actions-runner-controller/app.json5 create mode 100644 k8s/apps/actions-runner-controller/external-secret.jsonnet create mode 100644 k8s/apps/actions-runner-controller/helm.jsonnet create mode 100644 k8s/apps/actions-runner-controller/values.yaml diff --git a/k8s/apps/actions-runner-controller/app.json5 b/k8s/apps/actions-runner-controller/app.json5 new file mode 100644 index 000000000..6e32a21d7 --- /dev/null +++ b/k8s/apps/actions-runner-controller/app.json5 @@ -0,0 +1,4 @@ +{ + name: "actions-runner-controller", + namespace: "actions-runner-controller", +} diff --git a/k8s/apps/actions-runner-controller/external-secret.jsonnet b/k8s/apps/actions-runner-controller/external-secret.jsonnet new file mode 100644 index 000000000..6cd48e505 --- /dev/null +++ b/k8s/apps/actions-runner-controller/external-secret.jsonnet @@ -0,0 +1,28 @@ +(import '../../components/external-secret.libsonnet') { + use_suffix: false, + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + data: [ + { + secretKey: 'github_app_id', + remoteRef: { + key: 'github', + property: 'github_app_id', + }, + }, + { + secretKey: 'github_app_installation_id', + remoteRef: { + key: 'github', + property: 'github_app_installation_id', + }, + }, + { + secretKey: 'github_app_private_key', + remoteRef: { + key: 'github', + property: 'github_app_private_key', + }, + }, + ], +} diff --git a/k8s/apps/actions-runner-controller/helm.jsonnet b/k8s/apps/actions-runner-controller/helm.jsonnet new file mode 100644 index 000000000..f7117ae81 --- /dev/null +++ b/k8s/apps/actions-runner-controller/helm.jsonnet @@ -0,0 +1,13 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + + chart: 'code-server-operator', + repoURL: 'https://actions-runner-controller.github.io/actions-runner-controller', + targetRevision: '0.23.7', + valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { + authSecret: { + name: (import 'external-secret.jsonnet').spec.target.name, + }, + }), +} diff --git a/k8s/apps/actions-runner-controller/values.yaml b/k8s/apps/actions-runner-controller/values.yaml new file mode 100644 index 000000000..5a5c7b049 --- /dev/null +++ b/k8s/apps/actions-runner-controller/values.yaml @@ -0,0 +1,3 @@ +authSecret: + enabled: true + create: false From 3ba2be5c01c2921a04b54211b2472f4f1f371fb7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 17:35:22 +0000 Subject: [PATCH 0604/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index be02656ed..0517ca43f 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From babe38ac9144b666c65e03577ae2b93089f32c80 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 02:39:44 +0900 Subject: [PATCH 0605/1209] fix: update chart name to actions-runner-controller in helm.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/actions-runner-controller/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/actions-runner-controller/helm.jsonnet b/k8s/apps/actions-runner-controller/helm.jsonnet index f7117ae81..ab8b11de5 100644 --- a/k8s/apps/actions-runner-controller/helm.jsonnet +++ b/k8s/apps/actions-runner-controller/helm.jsonnet @@ -2,7 +2,7 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, - chart: 'code-server-operator', + chart: 'actions-runner-controller', repoURL: 'https://actions-runner-controller.github.io/actions-runner-controller', targetRevision: '0.23.7', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { From 23d0aeaae3e97ce6350ad15d6029522c018e24b1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 17:40:20 +0000 Subject: [PATCH 0606/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index be02656ed..0517ca43f 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From a708863e30e81bb2cf20cfb13b74d2f327f92fbe Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 02:40:52 +0900 Subject: [PATCH 0607/1209] fix: add pull request trigger for main branch in snapshot workflow Signed-off-by: walnuts1018 --- .github/workflows/snapshot.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index d33f7631d..148027d53 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -4,6 +4,9 @@ on: branches: - "**" - "!snapshot" + pull_request: + branches: + - main workflow_dispatch: jobs: From e9df919980aac61a0f3933b3c970bcf42d2a6613 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 03:09:57 +0900 Subject: [PATCH 0608/1209] feat: add cloudflare tunnel operator configuration files Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/app.json5 | 4 ++++ .../external-secret.jsonnet | 14 ++++++++++++++ k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 13 +++++++++++++ k8s/apps/cloudflare-tunnel-operator/values.yaml | 3 +++ 4 files changed, 34 insertions(+) create mode 100644 k8s/apps/cloudflare-tunnel-operator/app.json5 create mode 100644 k8s/apps/cloudflare-tunnel-operator/external-secret.jsonnet create mode 100644 k8s/apps/cloudflare-tunnel-operator/helm.jsonnet create mode 100644 k8s/apps/cloudflare-tunnel-operator/values.yaml diff --git a/k8s/apps/cloudflare-tunnel-operator/app.json5 b/k8s/apps/cloudflare-tunnel-operator/app.json5 new file mode 100644 index 000000000..4d4aaff5e --- /dev/null +++ b/k8s/apps/cloudflare-tunnel-operator/app.json5 @@ -0,0 +1,4 @@ +{ + name: "cloudflare-tunnel-operator", + namespace: "cloudflare-tunnel-operator", +} diff --git a/k8s/apps/cloudflare-tunnel-operator/external-secret.jsonnet b/k8s/apps/cloudflare-tunnel-operator/external-secret.jsonnet new file mode 100644 index 000000000..c6aae704d --- /dev/null +++ b/k8s/apps/cloudflare-tunnel-operator/external-secret.jsonnet @@ -0,0 +1,14 @@ +(import '../../components/external-secret.libsonnet') { + use_suffix: false, + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + data: [ + { + secretKey: 'cloudflareAPIToken', + remoteRef: { + key: 'cloudflare', + property: 'cloudflare-tunnel-operator', + }, + }, + ], +} diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet new file mode 100644 index 000000000..4fb661317 --- /dev/null +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -0,0 +1,13 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + + chart: 'actions-runner-controller', + repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', + targetRevision: '0.0.8', + valuesObject: std.mergePatch(std.parseYaml, { + cloudflareToken: { + existingSecret: (import 'external-secret.jsonnet').spec.target.name, + }, + }), +} diff --git a/k8s/apps/cloudflare-tunnel-operator/values.yaml b/k8s/apps/cloudflare-tunnel-operator/values.yaml new file mode 100644 index 000000000..b3cac2e3a --- /dev/null +++ b/k8s/apps/cloudflare-tunnel-operator/values.yaml @@ -0,0 +1,3 @@ +cloudflareToken: + cloudflareAccountID: "38b5eab012d216dfcc52dcd69e7764b5" + cloudflareZoneID: "48b02398c8bc932f4d0b1dba83de196c" From 8b6cde0cbe0a37eb139a4b88b1221f2f720389cf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 03:11:06 +0900 Subject: [PATCH 0609/1209] make namespace Signed-off-by: walnuts1018 --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 0517ca43f..1dcf7cf34 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","cloudflare-tunnel-operator","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 46358c261ae7bcd86a8882b1e8553571ef21fd35 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 03:13:18 +0900 Subject: [PATCH 0610/1209] fix: update chart name to cloudflare-tunnel-operator in helm.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 4fb661317..426ac674b 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -2,7 +2,7 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, - chart: 'actions-runner-controller', + chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', targetRevision: '0.0.8', valuesObject: std.mergePatch(std.parseYaml, { From d97b232ecaaf7e2f8ebf98d0bc25f3109c6ed213 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 03:16:16 +0900 Subject: [PATCH 0611/1209] fix: correct valuesObject parsing in helm.jsonnet to include values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 426ac674b..b8391ee7c 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -5,7 +5,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', targetRevision: '0.0.8', - valuesObject: std.mergePatch(std.parseYaml, { + valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, }, From dfdcdd32d1b0cbc6434e4e86fb9542a40d86dbc4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 03:17:31 +0900 Subject: [PATCH 0612/1209] fix: add placeholder for cloudflareAPIToken in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/cloudflare-tunnel-operator/values.yaml b/k8s/apps/cloudflare-tunnel-operator/values.yaml index b3cac2e3a..e537588b9 100644 --- a/k8s/apps/cloudflare-tunnel-operator/values.yaml +++ b/k8s/apps/cloudflare-tunnel-operator/values.yaml @@ -1,3 +1,4 @@ cloudflareToken: cloudflareAccountID: "38b5eab012d216dfcc52dcd69e7764b5" cloudflareZoneID: "48b02398c8bc932f4d0b1dba83de196c" + cloudflareAPIToken: "dummy" #TODO From 105ae5cb3eacca10929a80323630838f035222ad Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 03:38:25 +0900 Subject: [PATCH 0613/1209] fix: update targetRevision to 0.0.9 and remove placeholder for cloudflareAPIToken in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- k8s/apps/cloudflare-tunnel-operator/values.yaml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index b8391ee7c..7d4bce7ed 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '0.0.8', + targetRevision: '0.0.9', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, diff --git a/k8s/apps/cloudflare-tunnel-operator/values.yaml b/k8s/apps/cloudflare-tunnel-operator/values.yaml index e537588b9..b3cac2e3a 100644 --- a/k8s/apps/cloudflare-tunnel-operator/values.yaml +++ b/k8s/apps/cloudflare-tunnel-operator/values.yaml @@ -1,4 +1,3 @@ cloudflareToken: cloudflareAccountID: "38b5eab012d216dfcc52dcd69e7764b5" cloudflareZoneID: "48b02398c8bc932f4d0b1dba83de196c" - cloudflareAPIToken: "dummy" #TODO From d642c70cdc2c99c1ad5655629224cae6568f005e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 03:51:18 +0900 Subject: [PATCH 0614/1209] fix: update targetRevision to 0.0.10 in helm.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 7d4bce7ed..9984b75aa 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '0.0.9', + targetRevision: '0.0.10', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From 6ef4780a418a901608e9f81ac6980fdb92e273d4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 04:17:09 +0900 Subject: [PATCH 0615/1209] fix: update targetRevision to 0.0.11 in helm.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 9984b75aa..940376aef 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '0.0.10', + targetRevision: '0.0.11', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From e70bac5db11186be65f38195da60997fd3146e22 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 1 Jan 2025 09:05:47 +0900 Subject: [PATCH 0616/1209] chore(deps): update renovate/renovate docker tag to v39.86.3 (#1162) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 2f3adbf74..532d69777 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.86.2', + image: 'renovate/renovate:39.86.3', resources: { requests: { memory: '256Mi', From cdba8b71fd4b286b418747fd5d047dd4c945854d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 1 Jan 2025 10:22:19 +0900 Subject: [PATCH 0617/1209] chore(deps): update renovate/renovate docker tag to v39.86.4 (#1163) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 532d69777..8529383a3 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.86.3', + image: 'renovate/renovate:39.86.4', resources: { requests: { memory: '256Mi', From f5ab5ba9ff4a35d2a0a2924b966856bf8e42c69a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 13:20:27 +0900 Subject: [PATCH 0618/1209] fix: comment out TLS configuration in ingress.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/nginx-test/ingress.jsonnet | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/k8s/apps/nginx-test/ingress.jsonnet b/k8s/apps/nginx-test/ingress.jsonnet index c2f85e253..4fa4bcd77 100644 --- a/k8s/apps/nginx-test/ingress.jsonnet +++ b/k8s/apps/nginx-test/ingress.jsonnet @@ -33,13 +33,13 @@ }, }, ], - tls: [ - { - hosts: [ - 'nginxtest.walnuts.dev', - ], - secretName: (import 'app.json5').name + '-tls', - }, - ], + // tls: [ + // { + // hosts: [ + // 'nginxtest.walnuts.dev', + // ], + // secretName: (import 'app.json5').name + '-tls', + // }, + // ], }, } From eb259b297b05f164634d59b85b056cce9d148b03 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 13:28:48 +0900 Subject: [PATCH 0619/1209] feat: add Cloudflare Tunnel configuration in tunnel.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/cloudflared/tunnel.jsonnet | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 k8s/apps/cloudflared/tunnel.jsonnet diff --git a/k8s/apps/cloudflared/tunnel.jsonnet b/k8s/apps/cloudflared/tunnel.jsonnet new file mode 100644 index 000000000..19d632b5c --- /dev/null +++ b/k8s/apps/cloudflared/tunnel.jsonnet @@ -0,0 +1,15 @@ +{ + apiVersion: 'cf-tunnel-operator.walnuts.dev/v1beta1', + kind: 'CloudflareTunnel', + metadata: { + name: 'cloudflare-tunnel', + namespace: (import 'app.json5').namespace, + labels: { + app: 'cloudflare-tunnel', + }, + }, + spec: { + replicas: 3, + default: true, + }, +} From 1f47b155a76f72212a9efa2b51621fa35f9cb1ea Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 13:31:27 +0900 Subject: [PATCH 0620/1209] fix: comment out annotations in ingress.jsonnet for clarity Signed-off-by: walnuts1018 --- k8s/apps/nginx-test/ingress.jsonnet | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/k8s/apps/nginx-test/ingress.jsonnet b/k8s/apps/nginx-test/ingress.jsonnet index 4fa4bcd77..bf2f58668 100644 --- a/k8s/apps/nginx-test/ingress.jsonnet +++ b/k8s/apps/nginx-test/ingress.jsonnet @@ -5,10 +5,9 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - annotations: { - 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', - 'cf-tunnel-operator.walnuts.dev/cloudflare-tunnel': 'default/cloudflaretunnel-sample', - }, + // annotations: { + // 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', + // }, }, spec: { ingressClassName: 'cilium', From 43acfdee3fc8de869d1213deaffb6b2cdda66a00 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 13:47:16 +0900 Subject: [PATCH 0621/1209] rm TLS Signed-off-by: walnuts1018 --- k8s/apps/blog/ingress.jsonnet | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet index 300e81400..cb06b516a 100644 --- a/k8s/apps/blog/ingress.jsonnet +++ b/k8s/apps/blog/ingress.jsonnet @@ -5,9 +5,9 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - annotations: { - 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', - }, + // annotations: { + // 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', + // }, }, spec: { ingressClassName: 'nginx', @@ -32,13 +32,13 @@ }, }, ], - tls: [ - { - hosts: [ - 'blog.walnuts.dev', - ], - secretName: (import 'app.json5').name + '-tls', - }, - ], + // tls: [ + // { + // hosts: [ + // 'blog.walnuts.dev', + // ], + // secretName: (import 'app.json5').name + '-tls', + // }, + // ], }, } From 7db8df4b4b3a2aa7182283111aec16a926ad5d32 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 13:49:55 +0900 Subject: [PATCH 0622/1209] fix: update ingress class from nginx to cilium across multiple applications Signed-off-by: walnuts1018 --- k8s/apps/affine/ingress.jsonnet | 2 +- k8s/apps/blog/ingress.jsonnet | 2 +- k8s/apps/code-server-knative/codeserver.jsonnet | 2 +- k8s/apps/fitbit-manager/ingress.jsonnet | 2 +- k8s/apps/github-readme-stats/ingress.jsonnet | 2 +- k8s/apps/hedgedoc/ingress.jsonnet | 2 +- k8s/apps/http-dump/ingress.jsonnet | 2 +- k8s/apps/komga/ingress.jsonnet | 2 +- k8s/apps/misskey/ingress.jsonnet | 2 +- k8s/apps/mpeg-dash-encoder/ingress.jsonnet | 2 +- k8s/apps/mucaron/ingress.jsonnet | 2 +- k8s/apps/openchokin/back/ingress.jsonnet | 2 +- k8s/apps/openchokin/front/ingress.jsonnet | 2 +- k8s/apps/photoprism/ingress.jsonnet | 2 +- k8s/apps/wakatime-to-slack-profile/ingress.jsonnet | 2 +- k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet | 2 +- k8s/apps/walnuts-dev/ingress.jsonnet | 2 +- scripts/infrautil/lib/testfiles/ingress.jsonnet | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/k8s/apps/affine/ingress.jsonnet b/k8s/apps/affine/ingress.jsonnet index d481922f6..5317f0cac 100644 --- a/k8s/apps/affine/ingress.jsonnet +++ b/k8s/apps/affine/ingress.jsonnet @@ -10,7 +10,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'affine.walnuts.dev', diff --git a/k8s/apps/blog/ingress.jsonnet b/k8s/apps/blog/ingress.jsonnet index cb06b516a..137115352 100644 --- a/k8s/apps/blog/ingress.jsonnet +++ b/k8s/apps/blog/ingress.jsonnet @@ -10,7 +10,7 @@ // }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'blog.walnuts.dev', diff --git a/k8s/apps/code-server-knative/codeserver.jsonnet b/k8s/apps/code-server-knative/codeserver.jsonnet index c845bd71f..b53875809 100644 --- a/k8s/apps/code-server-knative/codeserver.jsonnet +++ b/k8s/apps/code-server-knative/codeserver.jsonnet @@ -34,7 +34,7 @@ }, ], domain: 'walnuts.dev', - ingressClassName: 'nginx', + ingressClassName: 'cilium', resources: { limits: { memory: '4Gi', diff --git a/k8s/apps/fitbit-manager/ingress.jsonnet b/k8s/apps/fitbit-manager/ingress.jsonnet index b8a13476f..12de6a75f 100644 --- a/k8s/apps/fitbit-manager/ingress.jsonnet +++ b/k8s/apps/fitbit-manager/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'fitbit.walnuts.dev', diff --git a/k8s/apps/github-readme-stats/ingress.jsonnet b/k8s/apps/github-readme-stats/ingress.jsonnet index 6f3daf451..734751b4f 100644 --- a/k8s/apps/github-readme-stats/ingress.jsonnet +++ b/k8s/apps/github-readme-stats/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'github-readme-stats.walnuts.dev', diff --git a/k8s/apps/hedgedoc/ingress.jsonnet b/k8s/apps/hedgedoc/ingress.jsonnet index 6ab3c13f7..a0fd79683 100644 --- a/k8s/apps/hedgedoc/ingress.jsonnet +++ b/k8s/apps/hedgedoc/ingress.jsonnet @@ -10,7 +10,7 @@ }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'hedgedoc.walnuts.dev', diff --git a/k8s/apps/http-dump/ingress.jsonnet b/k8s/apps/http-dump/ingress.jsonnet index d4316d93a..cfa0cedb7 100644 --- a/k8s/apps/http-dump/ingress.jsonnet +++ b/k8s/apps/http-dump/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'httptest.walnuts.dev', diff --git a/k8s/apps/komga/ingress.jsonnet b/k8s/apps/komga/ingress.jsonnet index 429d92a35..4d417d8c3 100644 --- a/k8s/apps/komga/ingress.jsonnet +++ b/k8s/apps/komga/ingress.jsonnet @@ -10,7 +10,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'komga.walnuts.dev', diff --git a/k8s/apps/misskey/ingress.jsonnet b/k8s/apps/misskey/ingress.jsonnet index 57f13523e..2c7499f31 100644 --- a/k8s/apps/misskey/ingress.jsonnet +++ b/k8s/apps/misskey/ingress.jsonnet @@ -10,7 +10,7 @@ }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'misskey.walnuts.dev', diff --git a/k8s/apps/mpeg-dash-encoder/ingress.jsonnet b/k8s/apps/mpeg-dash-encoder/ingress.jsonnet index 029228a47..6d975aef2 100644 --- a/k8s/apps/mpeg-dash-encoder/ingress.jsonnet +++ b/k8s/apps/mpeg-dash-encoder/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'mpeg-dash-encoder.walnuts.dev', diff --git a/k8s/apps/mucaron/ingress.jsonnet b/k8s/apps/mucaron/ingress.jsonnet index 6f1167e09..ffd7b803c 100644 --- a/k8s/apps/mucaron/ingress.jsonnet +++ b/k8s/apps/mucaron/ingress.jsonnet @@ -10,7 +10,7 @@ }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'mucaron.walnuts.dev', diff --git a/k8s/apps/openchokin/back/ingress.jsonnet b/k8s/apps/openchokin/back/ingress.jsonnet index cf20038b1..09b6ad0e4 100644 --- a/k8s/apps/openchokin/back/ingress.jsonnet +++ b/k8s/apps/openchokin/back/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-back' }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'api-openchokin.walnuts.dev', diff --git a/k8s/apps/openchokin/front/ingress.jsonnet b/k8s/apps/openchokin/front/ingress.jsonnet index 558b8caff..8118ad23b 100644 --- a/k8s/apps/openchokin/front/ingress.jsonnet +++ b/k8s/apps/openchokin/front/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../../components/labels.libsonnet') + { appname: (import '../app.json5').name + '-front' }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'openchokin.walnuts.dev', diff --git a/k8s/apps/photoprism/ingress.jsonnet b/k8s/apps/photoprism/ingress.jsonnet index 6ed3b902c..3f134002d 100644 --- a/k8s/apps/photoprism/ingress.jsonnet +++ b/k8s/apps/photoprism/ingress.jsonnet @@ -10,7 +10,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'photoprism.walnuts.dev', diff --git a/k8s/apps/wakatime-to-slack-profile/ingress.jsonnet b/k8s/apps/wakatime-to-slack-profile/ingress.jsonnet index 4453a8a1b..d94050d1c 100644 --- a/k8s/apps/wakatime-to-slack-profile/ingress.jsonnet +++ b/k8s/apps/wakatime-to-slack-profile/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'wakatime.walnuts.dev', diff --git a/k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet b/k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet index 671623323..5eeeed61a 100644 --- a/k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet +++ b/k8s/apps/walnuts-dev-www-redirect/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'www.walnuts.dev', diff --git a/k8s/apps/walnuts-dev/ingress.jsonnet b/k8s/apps/walnuts-dev/ingress.jsonnet index 696fa91f9..e95fc62f4 100644 --- a/k8s/apps/walnuts-dev/ingress.jsonnet +++ b/k8s/apps/walnuts-dev/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'walnuts.dev', diff --git a/scripts/infrautil/lib/testfiles/ingress.jsonnet b/scripts/infrautil/lib/testfiles/ingress.jsonnet index b24d984f2..3f189c31e 100644 --- a/scripts/infrautil/lib/testfiles/ingress.jsonnet +++ b/scripts/infrautil/lib/testfiles/ingress.jsonnet @@ -7,7 +7,7 @@ labels: (import 'components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - ingressClassName: 'nginx', + ingressClassName: 'cilium', rules: [ { host: 'httptest.walnuts.dev', From 07c386e7772a0fa29d18c1a5e8c74415ae468938 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 1 Jan 2025 04:51:13 +0000 Subject: [PATCH 0623/1209] chore(deps): update helm release cloudflare-tunnel-operator to v1 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 940376aef..df111df22 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '0.0.11', + targetRevision: '1.0.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From 5d2f55bb3f959b72803938c2cb7303e28863693a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 13:51:28 +0900 Subject: [PATCH 0624/1209] use cilium ingress Signed-off-by: walnuts1018 --- k8s/apps/influxdb/values.yaml | 2 +- k8s/apps/minio/values.yaml | 4 +- k8s/apps/nextcloud/values.yaml | 46 ++++++++++---------- k8s/apps/prometheus-stack/values.yaml | 2 +- k8s/apps/zitadel/values.yaml | 7 +-- scripts/infrautil/lib/testfiles/ingress.yaml | 22 +++++----- 6 files changed, 42 insertions(+), 41 deletions(-) diff --git a/k8s/apps/influxdb/values.yaml b/k8s/apps/influxdb/values.yaml index 4674755ed..ac3a9eabb 100644 --- a/k8s/apps/influxdb/values.yaml +++ b/k8s/apps/influxdb/values.yaml @@ -20,7 +20,7 @@ ingress: enabled: true # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - className: nginx + className: cilium tls: false # secretName: my-tls-cert # only needed if tls above is true or default certificate is not configured for Nginx hostname: influxdb.walnuts.dev diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 1b702c4db..602e7d256 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -7,14 +7,14 @@ persistence: accessMode: ReadWriteOnce ingress: enabled: true - ingressClassName: nginx + ingressClassName: cilium annotations: nginx.ingress.kubernetes.io/ignore-invalid-headers: "off" hosts: - minio.walnuts.dev consoleIngress: enabled: true - ingressClassName: nginx + ingressClassName: cilium hosts: - minio-console.walnuts.dev resources: diff --git a/k8s/apps/nextcloud/values.yaml b/k8s/apps/nextcloud/values.yaml index 40581232e..bb0fdec2e 100644 --- a/k8s/apps/nextcloud/values.yaml +++ b/k8s/apps/nextcloud/values.yaml @@ -1,32 +1,32 @@ ingress: enabled: true - className: nginx + className: cilium annotations: nginx.ingress.kubernetes.io/proxy-body-size: 128G # nginx.ingress.kubernetes.io/server-snippet: |- -# server_tokens off; -# proxy_hide_header X-Powered-By; + # server_tokens off; + # proxy_hide_header X-Powered-By; -# rewrite ^/.well-known/webfinger /public.php?service=webfinger last; -# rewrite ^/.well-known/host-meta /public.php?service=host-meta last; -# rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; -# location = /.well-known/carddav { -# return 301 $scheme://$host/remote.php/dav; -# } -# location = /.well-known/caldav { -# return 301 $scheme://$host/remote.php/dav; -# } -# location = /robots.txt { -# allow all; -# log_not_found off; -# access_log off; -# } -# location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { -# deny all; -# } -# location ~ ^/(?:autotest|occ|issue|indie|db_|console) { -# deny all; -# } + # rewrite ^/.well-known/webfinger /public.php?service=webfinger last; + # rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; + # location = /.well-known/carddav { + # return 301 $scheme://$host/remote.php/dav; + # } + # location = /.well-known/caldav { + # return 301 $scheme://$host/remote.php/dav; + # } + # location = /robots.txt { + # allow all; + # log_not_found off; + # access_log off; + # } + # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + # deny all; + # } + # location ~ ^/(?:autotest|occ|issue|indie|db_|console) { + # deny all; + # } phpClientHttpsFix: enabled: true diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index 93112cbe5..473aca2c5 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -9,7 +9,7 @@ grafana: enabled: true hosts: - grafana.walnuts.dev - ingressClassName: nginx + ingressClassName: cilium rbac: pspEnabled: false testFramework: diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index a7f683bc3..37c179ffa 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -11,7 +11,7 @@ zitadel: replicaCount: 2 ingress: enabled: true - className: "nginx" + className: "cilium" annotations: nginx.ingress.kubernetes.io/proxy-body-size: "0" hosts: @@ -19,8 +19,8 @@ ingress: paths: - path: / pathType: Prefix -env: -# - name: ZITADEL_LOG_LEVEL +env: # - name: ZITADEL_LOG_LEVEL + # value: "debug" metrics: enabled: true @@ -48,5 +48,6 @@ affinity: operator: NotIn values: - donut + # image: # tag: v2.64.1 # {"$imagepolicy": "zitadel:zitadel:tag"} diff --git a/scripts/infrautil/lib/testfiles/ingress.yaml b/scripts/infrautil/lib/testfiles/ingress.yaml index 28c7aa054..2d449f948 100644 --- a/scripts/infrautil/lib/testfiles/ingress.yaml +++ b/scripts/infrautil/lib/testfiles/ingress.yaml @@ -7,15 +7,15 @@ metadata: name: http-dump namespace: default spec: - ingressClassName: nginx + ingressClassName: cilium rules: - - host: httptest.walnuts.dev - http: - paths: - - backend: - service: - name: http-dump - port: - number: 8080 - path: / - pathType: Prefix + - host: httptest.walnuts.dev + http: + paths: + - backend: + service: + name: http-dump + port: + number: 8080 + path: / + pathType: Prefix From d198a72fa5e8e6ad094115c94d1d9309447965e2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 13:55:07 +0900 Subject: [PATCH 0625/1209] fix: update ingress class from nginx to cilium in argocd values.yaml Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 911789b63..5c3417f43 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -65,7 +65,7 @@ server: ingress: enabled: true controller: generic - ingressClassName: "nginx" + ingressClassName: "cilium" tls: false metrics: enabled: true From faf8dbef33ca8594f083ac7683ea881bd23e630a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 13:55:35 +0900 Subject: [PATCH 0626/1209] fix: update ingress class from nginx to cilium in oauth2-proxy values.libsonnet Signed-off-by: walnuts1018 --- k8s/components/oauth2-proxy/values.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/values.libsonnet b/k8s/components/oauth2-proxy/values.libsonnet index 81a02217e..295591b6f 100644 --- a/k8s/components/oauth2-proxy/values.libsonnet +++ b/k8s/components/oauth2-proxy/values.libsonnet @@ -17,7 +17,7 @@ }, ingress: { enabled: true, - className: 'nginx', + className: 'cilium', path: '/', pathType: 'Prefix', hosts: [ From 35804b1428ede9f90d94a47bcdbbc1aac15bd203 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 14:01:43 +0900 Subject: [PATCH 0627/1209] fix: enable TLS and add cert-manager annotations in nginx-test ingress Signed-off-by: walnuts1018 --- k8s/apps/nginx-test/ingress.jsonnet | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/k8s/apps/nginx-test/ingress.jsonnet b/k8s/apps/nginx-test/ingress.jsonnet index bf2f58668..1e0c77ddb 100644 --- a/k8s/apps/nginx-test/ingress.jsonnet +++ b/k8s/apps/nginx-test/ingress.jsonnet @@ -5,9 +5,9 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - // annotations: { - // 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', - // }, + annotations: { + 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', + }, }, spec: { ingressClassName: 'cilium', @@ -32,13 +32,13 @@ }, }, ], - // tls: [ - // { - // hosts: [ - // 'nginxtest.walnuts.dev', - // ], - // secretName: (import 'app.json5').name + '-tls', - // }, - // ], + tls: [ + { + hosts: [ + 'nginxtest.walnuts.dev', + ], + secretName: (import 'app.json5').name + '-tls', + }, + ], }, } From 356fc12607d1dc23fb827f56dea9df14a0b818a7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 14:08:45 +0900 Subject: [PATCH 0628/1209] fix: add cert-manager annotations and configure TLS for Zitadel ingress Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 37c179ffa..e32f8ef66 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -13,15 +13,19 @@ ingress: enabled: true className: "cilium" annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "0" + cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: - host: auth.walnuts.dev paths: - path: / pathType: Prefix -env: # - name: ZITADEL_LOG_LEVEL - -# value: "debug" + tls: + - secretName: zitadel-tls + hosts: + - auth.walnuts.dev +# env: +# - name: ZITADEL_LOG_LEVEL +# value: "debug" metrics: enabled: true serviceMonitor: From 61ae61e5b7b7a5541b3695fad2f94fbacac71eee Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 14:09:19 +0900 Subject: [PATCH 0629/1209] rm ingress-nginx Signed-off-by: walnuts1018 --- k8s/apps/ingress-nginx/app.json5 | 4 ---- k8s/apps/ingress-nginx/helm.jsonnet | 8 ------- k8s/apps/ingress-nginx/values.yaml | 34 ----------------------------- 3 files changed, 46 deletions(-) delete mode 100644 k8s/apps/ingress-nginx/app.json5 delete mode 100644 k8s/apps/ingress-nginx/helm.jsonnet delete mode 100644 k8s/apps/ingress-nginx/values.yaml diff --git a/k8s/apps/ingress-nginx/app.json5 b/k8s/apps/ingress-nginx/app.json5 deleted file mode 100644 index d6b32bf10..000000000 --- a/k8s/apps/ingress-nginx/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "ingress-nginx", - namespace: "ingress-nginx", -} diff --git a/k8s/apps/ingress-nginx/helm.jsonnet b/k8s/apps/ingress-nginx/helm.jsonnet deleted file mode 100644 index 6654f7cf8..000000000 --- a/k8s/apps/ingress-nginx/helm.jsonnet +++ /dev/null @@ -1,8 +0,0 @@ -(import '../../components/helm.libsonnet') { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - chart: 'ingress-nginx', - repoURL: 'https://kubernetes.github.io/ingress-nginx', - targetRevision: '4.12.0', - values: (importstr 'values.yaml'), -} diff --git a/k8s/apps/ingress-nginx/values.yaml b/k8s/apps/ingress-nginx/values.yaml deleted file mode 100644 index 5fd36de70..000000000 --- a/k8s/apps/ingress-nginx/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -controller: - config: - use-forwarded-headers: true - enable-opentelemetry: "true" - opentelemetry-trust-incoming-span: "true" - otlp-collector-host: "default-collector.opentelemetry-collector.svc.cluster.local" - otel-service-name: "ingress-nginx" - log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' - proxy-body-size: 0 - service: - enabled: true - loadBalancerIP: "192.168.0.128" - loadBalancerSourceRanges: [] - enableHttp: false - enableHttps: true - type: LoadBalancer - replicaCount: 3 - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - opentelemetry: - enabled: true - name: opentelemetry - metrics: - enabled: true - serviceMonitor: - enabled: true From 4df3fe91bf11323295d8aa2336af92e15e3ed749 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 1 Jan 2025 14:22:03 +0900 Subject: [PATCH 0630/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v1de6cde0454bdc651793612f22e27255691c0802-356 (#1165) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index b1c264119..9b1e78bfb 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:c0f77f41d74e78fb7bc76e2eba97cdbf174ee09c-355', + image: 'ghcr.io/walnuts1018/walnuts.dev:1de6cde0454bdc651793612f22e27255691c0802-356', imagePullPolicy: 'IfNotPresent', ports: [ { From d5566e88e9a0936e0295adae7efa4f64dda29034 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 14:24:34 +0900 Subject: [PATCH 0631/1209] refactor: rename cloudflared to cloudflare-tunnel and remove obsolete files Signed-off-by: walnuts1018 --- .../app.json5 | 2 +- .../tunnel.jsonnet | 7 +- k8s/apps/cloudflared/deployment.jsonnet | 104 ------------------ k8s/apps/cloudflared/external-secret.jsonnet | 28 ----- k8s/apps/cloudflared/service-monitor.jsonnet | 28 ----- k8s/apps/cloudflared/service.jsonnet | 20 ---- 6 files changed, 4 insertions(+), 185 deletions(-) rename k8s/apps/{cloudflared => cloudflare-tunnel}/app.json5 (56%) rename k8s/apps/{cloudflared => cloudflare-tunnel}/tunnel.jsonnet (54%) delete mode 100644 k8s/apps/cloudflared/deployment.jsonnet delete mode 100644 k8s/apps/cloudflared/external-secret.jsonnet delete mode 100644 k8s/apps/cloudflared/service-monitor.jsonnet delete mode 100644 k8s/apps/cloudflared/service.jsonnet diff --git a/k8s/apps/cloudflared/app.json5 b/k8s/apps/cloudflare-tunnel/app.json5 similarity index 56% rename from k8s/apps/cloudflared/app.json5 rename to k8s/apps/cloudflare-tunnel/app.json5 index 248a6c028..ef99d469c 100644 --- a/k8s/apps/cloudflared/app.json5 +++ b/k8s/apps/cloudflare-tunnel/app.json5 @@ -1,4 +1,4 @@ { - name: "cloudflared", + name: "cloudflare-tunnel", namespace: "network-exporter", } diff --git a/k8s/apps/cloudflared/tunnel.jsonnet b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet similarity index 54% rename from k8s/apps/cloudflared/tunnel.jsonnet rename to k8s/apps/cloudflare-tunnel/tunnel.jsonnet index 19d632b5c..e3a768332 100644 --- a/k8s/apps/cloudflared/tunnel.jsonnet +++ b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet @@ -2,14 +2,13 @@ apiVersion: 'cf-tunnel-operator.walnuts.dev/v1beta1', kind: 'CloudflareTunnel', metadata: { - name: 'cloudflare-tunnel', + name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, - labels: { - app: 'cloudflare-tunnel', - }, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { replicas: 3, default: true, + enableServiceMonitor: true, }, } diff --git a/k8s/apps/cloudflared/deployment.jsonnet b/k8s/apps/cloudflared/deployment.jsonnet deleted file mode 100644 index a18ce1d3f..000000000 --- a/k8s/apps/cloudflared/deployment.jsonnet +++ /dev/null @@ -1,104 +0,0 @@ -{ - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - selector: { - matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - replicas: 2, - template: { - metadata: { - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - securityContext: { - sysctls: [ - { - name: 'net.ipv4.ping_group_range', - value: '0 2147483647', - }, - ], - }, - containers: [ - (import '../../components/container.libsonnet') { - name: 'cloudflared', - securityContext: { - readOnlyRootFilesystem: true, - }, - image: 'cloudflare/cloudflared:2024.12.2', - imagePullPolicy: 'IfNotPresent', - args: [ - '--no-autoupdate', - '--metrics=0.0.0.0:60123', - 'tunnel', - 'run', - ], - env: [ - { - name: 'TUNNEL_TOKEN', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').metadata.name, - key: 'cloudflared-token', - }, - }, - }, - ], - ports: [ - { - containerPort: 60123, - }, - ], - livenessProbe: { - httpGet: { - path: '/ready', - port: 60123, - }, - failureThreshold: 1, - initialDelaySeconds: 10, - periodSeconds: 10, - }, - resources: { - requests: { - memory: '32Mi', - cpu: '10m', - }, - limits: { - memory: '512Mi', - cpu: '1000m', - }, - }, - }, - ], - affinity: { - podAntiAffinity: { - preferredDuringSchedulingIgnoredDuringExecution: [ - { - weight: 10, - podAffinityTerm: { - labelSelector: { - matchExpressions: [ - { - key: 'app', - operator: 'In', - values: [ - 'cloudflared', - ], - }, - ], - }, - topologyKey: 'kubernetes.io/hostname', - }, - }, - ], - }, - }, - }, - }, - }, -} diff --git a/k8s/apps/cloudflared/external-secret.jsonnet b/k8s/apps/cloudflared/external-secret.jsonnet deleted file mode 100644 index 4080d2391..000000000 --- a/k8s/apps/cloudflared/external-secret.jsonnet +++ /dev/null @@ -1,28 +0,0 @@ -{ - apiVersion: 'external-secrets.io/v1beta1', - kind: 'ExternalSecret', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - secretStoreRef: { - name: 'onepassword', - kind: 'ClusterSecretStore', - }, - refreshInterval: '1m', - target: { - name: (import 'app.json5').name, - }, - data: [ - { - secretKey: 'cloudflared-token', - remoteRef: { - key: 'cloudflare', - property: 'k8s-tunnel-token', - }, - }, - ], - }, -} diff --git a/k8s/apps/cloudflared/service-monitor.jsonnet b/k8s/apps/cloudflared/service-monitor.jsonnet deleted file mode 100644 index 207159362..000000000 --- a/k8s/apps/cloudflared/service-monitor.jsonnet +++ /dev/null @@ -1,28 +0,0 @@ -{ - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - endpoints: [ - { - honorLabels: false, - honorTimestamps: true, - path: '/metrics', - targetPort: 60123, - }, - ], - jobLabel: 'cloudflared', - namespaceSelector: { - matchNames: [ - (import 'app.json5').namespace, - ], - }, - selector: { - matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - }, -} diff --git a/k8s/apps/cloudflared/service.jsonnet b/k8s/apps/cloudflared/service.jsonnet deleted file mode 100644 index 9ee509136..000000000 --- a/k8s/apps/cloudflared/service.jsonnet +++ /dev/null @@ -1,20 +0,0 @@ -{ - kind: 'Service', - apiVersion: 'v1', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - selector: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - ports: [ - { - protocol: 'TCP', - port: 60123, - targetPort: 60123, - }, - ], - type: 'ClusterIP', - }, -} From 764bff8ff616c826bfb66e078ac1ae5020b5e363 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 14:25:06 +0900 Subject: [PATCH 0632/1209] fix: update targetRevision for cloudflare-tunnel-operator to 1.0.2 Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index df111df22..da95cb96c 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '1.0.0', + targetRevision: '1.0.2', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From 513b38f01bd1bc70b862b1c3f09d8ce65fc3e712 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 14:29:34 +0900 Subject: [PATCH 0633/1209] fix: add custom label for Cloudflare tunnel operator in tunnel.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel/tunnel.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet index e3a768332..40ea1499e 100644 --- a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet +++ b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet @@ -4,7 +4,7 @@ metadata: { name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name, 'cf-tunnel-operator.walnuts.dev/default': 'true' }, }, spec: { replicas: 3, From 210a9a6712b4b6dde851e7a6e87a8df872b256e1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 1 Jan 2025 14:29:46 +0900 Subject: [PATCH 0634/1209] fix: format labels in tunnel.jsonnet for better readability Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel/tunnel.jsonnet | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet index 40ea1499e..b6fbece8c 100644 --- a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet +++ b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet @@ -4,7 +4,10 @@ metadata: { name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name, 'cf-tunnel-operator.walnuts.dev/default': 'true' }, + labels: (import '../../components/labels.libsonnet') + { + appname: (import 'app.json5').name, + 'cf-tunnel-operator.walnuts.dev/default': 'true', + }, }, spec: { replicas: 3, From 728bdc7f7cb950c9b04049c6cee991876e6ece04 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 06:40:58 +0900 Subject: [PATCH 0635/1209] update PostgreSQL version from 16 to 17 in postgresql.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/postgresql.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet index 120fdcb39..c511bf641 100644 --- a/k8s/apps/postgresql-default/postgresql.jsonnet +++ b/k8s/apps/postgresql-default/postgresql.jsonnet @@ -33,7 +33,7 @@ local usernames = (import 'users.libsonnet'); wakatime_to_slack: 'wakatime', }, postgresql: { - version: '16', + version: '17', parameters: { max_standby_archive_delay: '180s', max_standby_streaming_delay: '180s', From 8daa024c7de937203dae5c3f64f52ea65b626c28 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 1 Jan 2025 21:51:27 +0000 Subject: [PATCH 0636/1209] chore(deps): update renovate/renovate docker tag to v39.87.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 8529383a3..bf666d17b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.86.4', + image: 'renovate/renovate:39.87.0', resources: { requests: { memory: '256Mi', From 2d4eaa6f76dcb8f8c89346a6ab11b5f15f12346c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 07:13:57 +0900 Subject: [PATCH 0637/1209] fix: comment out 'postgres' user in users.libsonnet Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/users.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-default/users.libsonnet b/k8s/apps/postgresql-default/users.libsonnet index e24beb3e8..c3aef3418 100644 --- a/k8s/apps/postgresql-default/users.libsonnet +++ b/k8s/apps/postgresql-default/users.libsonnet @@ -1,5 +1,5 @@ [ - 'postgres', + // 'postgres', 'juglans', 'fitbit-manager', 'grafana', From 1620c1d5b9a75b3241825dad243fa5c4f3037ab7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 07:16:20 +0900 Subject: [PATCH 0638/1209] fix: add username to external-secrets.jsonnet template data Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/external-secrets.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/postgresql-default/external-secrets.jsonnet b/k8s/apps/postgresql-default/external-secrets.jsonnet index 5a96d12e4..f7246d3bc 100644 --- a/k8s/apps/postgresql-default/external-secrets.jsonnet +++ b/k8s/apps/postgresql-default/external-secrets.jsonnet @@ -24,6 +24,7 @@ local gen = function(username) { name: $.metadata.name, template: { data: { + username: username, password: '{{ .password }}', }, engineVersion: 'v2', From dc3699b64271b82a11bdf62e5ce0b23e161fe593 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 07:21:43 +0900 Subject: [PATCH 0639/1209] fix: uncomment 'postgres' user in users.libsonnet Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/users.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-default/users.libsonnet b/k8s/apps/postgresql-default/users.libsonnet index c3aef3418..e24beb3e8 100644 --- a/k8s/apps/postgresql-default/users.libsonnet +++ b/k8s/apps/postgresql-default/users.libsonnet @@ -1,5 +1,5 @@ [ - // 'postgres', + 'postgres', 'juglans', 'fitbit-manager', 'grafana', From cddf649162597b6f59c2a30af24132517111310d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 07:29:58 +0900 Subject: [PATCH 0640/1209] fix: revert PostgreSQL version from 17 to 16 in postgresql.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/postgresql.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet index c511bf641..120fdcb39 100644 --- a/k8s/apps/postgresql-default/postgresql.jsonnet +++ b/k8s/apps/postgresql-default/postgresql.jsonnet @@ -33,7 +33,7 @@ local usernames = (import 'users.libsonnet'); wakatime_to_slack: 'wakatime', }, postgresql: { - version: '17', + version: '16', parameters: { max_standby_archive_delay: '180s', max_standby_streaming_delay: '180s', From 9323ff56fd6afc6453bc36f0b0f51d9a5139b101 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 07:32:15 +0900 Subject: [PATCH 0641/1209] update: change PostgreSQL version from 16 to 17 in postgresql.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/postgresql.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet index 120fdcb39..c511bf641 100644 --- a/k8s/apps/postgresql-default/postgresql.jsonnet +++ b/k8s/apps/postgresql-default/postgresql.jsonnet @@ -33,7 +33,7 @@ local usernames = (import 'users.libsonnet'); wakatime_to_slack: 'wakatime', }, postgresql: { - version: '16', + version: '17', parameters: { max_standby_archive_delay: '180s', max_standby_streaming_delay: '180s', From 80412595264803ebf4bdf42f748a7dc7203be116 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 07:56:56 +0900 Subject: [PATCH 0642/1209] fix: revert PostgreSQL version from 17 to 16 in postgresql.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/postgresql.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet index c511bf641..120fdcb39 100644 --- a/k8s/apps/postgresql-default/postgresql.jsonnet +++ b/k8s/apps/postgresql-default/postgresql.jsonnet @@ -33,7 +33,7 @@ local usernames = (import 'users.libsonnet'); wakatime_to_slack: 'wakatime', }, postgresql: { - version: '17', + version: '16', parameters: { max_standby_archive_delay: '180s', max_standby_streaming_delay: '180s', From c6289f103fb48bf08b852081bfe9bd5f7b6bac99 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 07:59:38 +0900 Subject: [PATCH 0643/1209] update: change PostgreSQL version from 16 to 17 in postgresql.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/postgresql.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet index 120fdcb39..c511bf641 100644 --- a/k8s/apps/postgresql-default/postgresql.jsonnet +++ b/k8s/apps/postgresql-default/postgresql.jsonnet @@ -33,7 +33,7 @@ local usernames = (import 'users.libsonnet'); wakatime_to_slack: 'wakatime', }, postgresql: { - version: '16', + version: '17', parameters: { max_standby_archive_delay: '180s', max_standby_streaming_delay: '180s', From ede7b43cfbf422698439cfffc18ec0349c5a3661 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 2 Jan 2025 08:12:10 +0900 Subject: [PATCH 0644/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.288.0 (#1167) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 9e16a7be2..7a1281100 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.287.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.288.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 14c9c5039031d3eb1b2551c52f3ad95bd2771ba5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 2 Jan 2025 15:01:53 +0900 Subject: [PATCH 0645/1209] chore(deps): update ghcr.io/walnuts1018/http-dump docker tag to v63f4ea0c62de57ddf3716b295f5edb8787444a21-27 (#1168) Co-authored-by: Renovate Bot --- k8s/apps/http-dump/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/http-dump/deployment.jsonnet b/k8s/apps/http-dump/deployment.jsonnet index f44ce9233..9cfd4adf1 100644 --- a/k8s/apps/http-dump/deployment.jsonnet +++ b/k8s/apps/http-dump/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'http-dump', - image: 'ghcr.io/walnuts1018/http-dump:629824cedeccfb239b7d490f2f6dffb70f12a5f7-24', + image: 'ghcr.io/walnuts1018/http-dump:63f4ea0c62de57ddf3716b295f5edb8787444a21-27', ports: [ { name: 'http', From 5b3c4301bb08070eb50dbceb3c7bd694e23d37fb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 15:27:02 +0900 Subject: [PATCH 0646/1209] remove: delete external-dns application resources and configurations Signed-off-by: walnuts1018 --- k8s/apps/external-dns/app.json5 | 4 -- .../external-dns/cluster-role-binding.jsonnet | 20 ------ k8s/apps/external-dns/cluster-role.jsonnet | 51 --------------- k8s/apps/external-dns/deployment.jsonnet | 63 ------------------- k8s/apps/external-dns/external-secret.jsonnet | 12 ---- k8s/apps/external-dns/service-account.jsonnet | 9 --- 6 files changed, 159 deletions(-) delete mode 100644 k8s/apps/external-dns/app.json5 delete mode 100644 k8s/apps/external-dns/cluster-role-binding.jsonnet delete mode 100644 k8s/apps/external-dns/cluster-role.jsonnet delete mode 100644 k8s/apps/external-dns/deployment.jsonnet delete mode 100644 k8s/apps/external-dns/external-secret.jsonnet delete mode 100644 k8s/apps/external-dns/service-account.jsonnet diff --git a/k8s/apps/external-dns/app.json5 b/k8s/apps/external-dns/app.json5 deleted file mode 100644 index 4d3d5438e..000000000 --- a/k8s/apps/external-dns/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "external-dns", - namespace: "external-dns", -} diff --git a/k8s/apps/external-dns/cluster-role-binding.jsonnet b/k8s/apps/external-dns/cluster-role-binding.jsonnet deleted file mode 100644 index d184609bf..000000000 --- a/k8s/apps/external-dns/cluster-role-binding.jsonnet +++ /dev/null @@ -1,20 +0,0 @@ -{ - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: (import 'app.json5').name, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: (import './cluster-role.jsonnet').metadata.name, - }, - subjects: [ - { - kind: 'ServiceAccount', - name: (import './service-account.jsonnet').metadata.name, - namespace: (import './service-account.jsonnet').metadata.namespace, - }, - ], -} diff --git a/k8s/apps/external-dns/cluster-role.jsonnet b/k8s/apps/external-dns/cluster-role.jsonnet deleted file mode 100644 index bacaebde7..000000000 --- a/k8s/apps/external-dns/cluster-role.jsonnet +++ /dev/null @@ -1,51 +0,0 @@ -{ - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: (import 'app.json5').name, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - rules: [ - { - apiGroups: [ - '', - ], - resources: [ - 'services', - 'endpoints', - 'pods', - ], - verbs: [ - 'get', - 'watch', - 'list', - ], - }, - { - apiGroups: [ - 'extensions', - 'networking.k8s.io', - ], - resources: [ - 'ingresses', - ], - verbs: [ - 'get', - 'watch', - 'list', - ], - }, - { - apiGroups: [ - '', - ], - resources: [ - 'nodes', - ], - verbs: [ - 'list', - 'watch', - ], - }, - ], -} diff --git a/k8s/apps/external-dns/deployment.jsonnet b/k8s/apps/external-dns/deployment.jsonnet deleted file mode 100644 index dc8494a4e..000000000 --- a/k8s/apps/external-dns/deployment.jsonnet +++ /dev/null @@ -1,63 +0,0 @@ -{ - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - replicas: 1, - selector: { - matchLabels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - template: { - metadata: { - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - serviceAccountName: (import './service-account.jsonnet').metadata.name, - containers: [ - (import '../../components/container.libsonnet') { - name: 'external-dns', - image: 'ghcr.io/walnuts1018/external-dns:670a2816bbb5c344117eab45003d7a6ff2c86349-10', - args: [ - '--source=ingress', - '--domain-filter=walnuts.dev', - '--provider=cloudflare-tunnel', - '--annotation-filter=walnuts.dev/externaldns.skip notin (true)', - ], - env: [ - { - name: 'CF_API_TOKEN', - valueFrom: { - secretKeyRef: { - name: (import 'external-secret.jsonnet').spec.target.name, - key: 'cf-api-token', - }, - }, - }, - { - name: 'CF_ACCOUNT_ID', - value: '38b5eab012d216dfcc52dcd69e7764b5', - }, - { - name: 'CF_TUNNEL_ID', - value: '603f4f99-268a-4d2a-8c2a-66d29ef1f528', - }, - ], - resources: { - requests: { - memory: '32Mi', - }, - limits: {}, - }, - }, - ], - nodeSelector: { - 'kubernetes.io/arch': 'amd64', - }, - }, - }, - }, -} diff --git a/k8s/apps/external-dns/external-secret.jsonnet b/k8s/apps/external-dns/external-secret.jsonnet deleted file mode 100644 index 357145e22..000000000 --- a/k8s/apps/external-dns/external-secret.jsonnet +++ /dev/null @@ -1,12 +0,0 @@ -(import '../../components/external-secret.libsonnet') { - name: (import 'app.json5').name, - data: [ - { - secretKey: 'cf-api-token', - remoteRef: { - key: 'cloudflare', - property: 'apitoken', - }, - }, - ], -} diff --git a/k8s/apps/external-dns/service-account.jsonnet b/k8s/apps/external-dns/service-account.jsonnet deleted file mode 100644 index 4e7e329d1..000000000 --- a/k8s/apps/external-dns/service-account.jsonnet +++ /dev/null @@ -1,9 +0,0 @@ -{ - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, -} From 26d50d30e6db0d155997b25be5dc171ba6d8edf9 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 2 Jan 2025 15:41:56 +0900 Subject: [PATCH 0647/1209] chore(deps): update ghcr.io/walnuts1018/http-dump docker tag to v57d44747fb87b9197c335f275763279861c90def-33 (#1169) Co-authored-by: Renovate Bot --- k8s/apps/http-dump/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/http-dump/deployment.jsonnet b/k8s/apps/http-dump/deployment.jsonnet index 9cfd4adf1..b4d55ce8c 100644 --- a/k8s/apps/http-dump/deployment.jsonnet +++ b/k8s/apps/http-dump/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'http-dump', - image: 'ghcr.io/walnuts1018/http-dump:63f4ea0c62de57ddf3716b295f5edb8787444a21-27', + image: 'ghcr.io/walnuts1018/http-dump:57d44747fb87b9197c335f275763279861c90def-33', ports: [ { name: 'http', From c7025dca233fab27d42782804bb780536dbe153b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 15:44:33 +0900 Subject: [PATCH 0648/1209] update: change MariaDB chart repository URL to use OCI format Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 4171d8a43..b663bfa7f 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,7 +2,7 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, chart: 'mariadb', - repoURL: 'https://charts.bitnami.com/bitnami', + repoURL: 'oci://registry-1.docker.io/bitnamicharts/', targetRevision: '20.0.0', values: (importstr 'values.yaml'), } From 66bf73ee1ae72480b9dff3823f56e3fedde6f98c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 15:45:31 +0900 Subject: [PATCH 0649/1209] update: change MariaDB chart repository URL to remove OCI prefix Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index b663bfa7f..6bea82d5c 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,7 +2,7 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, chart: 'mariadb', - repoURL: 'oci://registry-1.docker.io/bitnamicharts/', + repoURL: 'registry-1.docker.io/bitnamicharts/', targetRevision: '20.0.0', values: (importstr 'values.yaml'), } From 59446e78ce7a99a6987ef71898c8d7b70c890ebb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 15:48:21 +0900 Subject: [PATCH 0650/1209] update: fix MariaDB chart repository URL by removing trailing slash Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 6bea82d5c..813c82b11 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,7 +2,7 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, chart: 'mariadb', - repoURL: 'registry-1.docker.io/bitnamicharts/', + repoURL: 'registry-1.docker.io/bitnamicharts', targetRevision: '20.0.0', values: (importstr 'values.yaml'), } From 5fe63a9952f2a3c6931400d05c07f133d83f5299 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 15:50:56 +0900 Subject: [PATCH 0651/1209] update: change MariaDB chart repository URL to use OCI format Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 813c82b11..da554a521 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,7 +2,7 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, chart: 'mariadb', - repoURL: 'registry-1.docker.io/bitnamicharts', + repoURL: 'oci://registry-1.docker.io/bitnamicharts', targetRevision: '20.0.0', values: (importstr 'values.yaml'), } From 6cefe83f7a8f06d838c33a795debaa94eceacd8f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 15:54:33 +0900 Subject: [PATCH 0652/1209] update: change MariaDB chart repository URL to remove OCI prefix Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index da554a521..813c82b11 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,7 +2,7 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, chart: 'mariadb', - repoURL: 'oci://registry-1.docker.io/bitnamicharts', + repoURL: 'registry-1.docker.io/bitnamicharts', targetRevision: '20.0.0', values: (importstr 'values.yaml'), } From 37dbf7fd5fdbf61d0045acbb3005dc7fc973244a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 2 Jan 2025 07:11:11 +0000 Subject: [PATCH 0653/1209] chore(deps): update helm release code-server-operator to v0.5.12 --- k8s/apps/code-server-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/code-server-operator/helm.jsonnet b/k8s/apps/code-server-operator/helm.jsonnet index e55727d6c..386bbc470 100644 --- a/k8s/apps/code-server-operator/helm.jsonnet +++ b/k8s/apps/code-server-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'code-server-operator', repoURL: 'https://walnuts1018.github.io/code-server-operator/', - targetRevision: '0.5.7', + targetRevision: '0.5.12', values: (importstr 'values.yaml'), } From 2975fa55b67a2aa42f28188518faf5345e98c831 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 16:35:36 +0900 Subject: [PATCH 0654/1209] =?UTF-8?q?snapshot=E3=81=A7Helm=20from=20OCI?= =?UTF-8?q?=E3=81=AB=E5=AF=BE=E5=BF=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- scripts/infrautil/lib/helm.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/scripts/infrautil/lib/helm.go b/scripts/infrautil/lib/helm.go index a9a819700..3d12d4b19 100644 --- a/scripts/infrautil/lib/helm.go +++ b/scripts/infrautil/lib/helm.go @@ -114,7 +114,13 @@ func (h *HelmClient) createRelease( h.client.Namespace = namespace } h.client.Version = chartVersion - h.client.ChartPathOptions.RepoURL = repoURL.String() + + if isHelmOciRepo(repoURL.String()) { + repoURL.Scheme = "oci" + chartName = repoURL.JoinPath(chartName).String() + } else { + h.client.ChartPathOptions.RepoURL = repoURL.String() + } cp, err := h.client.ChartPathOptions.LocateChart(chartName, h.settings) if err != nil { @@ -227,3 +233,13 @@ func checkIfInstallable(ch *chart.Chart) error { } return errors.Errorf("%s charts are not installable", ch.Metadata.Type) } + +// From: https://github.com/argoproj/argo-cd/blob/db8d2f08d926c9f811a3d4f26d2883856e135e38/util/helm/client.go#L397-L404 +func isHelmOciRepo(repoURL string) bool { + if repoURL == "" { + return false + } + parsed, err := url.Parse(repoURL) + // the URL parser treat hostname as either path or opaque if scheme is not specified, so hostname must be empty + return err == nil && parsed.Host == "" +} From e535c2d075d2ad3e016d20391cd55986b3493808 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 2 Jan 2025 16:37:27 +0900 Subject: [PATCH 0655/1209] chore(deps): update helm release argo-cd to v7.7.12 (#1171) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 489468666..30296c0e1 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.11', + targetRevision: '7.7.12', values: (importstr 'values.yaml'), } From 2a5f2f4d7e05991448c028f9c530e54f2c6fdf72 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 2 Jan 2025 16:37:33 +0900 Subject: [PATCH 0656/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v4d804b20c7c16c4e96f80d30b74925485e318eed-357 (#1170) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 9b1e78bfb..9a830a33f 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:1de6cde0454bdc651793612f22e27255691c0802-356', + image: 'ghcr.io/walnuts1018/walnuts.dev:4d804b20c7c16c4e96f80d30b74925485e318eed-357', imagePullPolicy: 'IfNotPresent', ports: [ { From d9eb9bc719b5542437f15583d9ff16e9f333b8ee Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 16:53:37 +0900 Subject: [PATCH 0657/1209] =?UTF-8?q?renovate=E3=82=82OCI=E3=81=AB?= =?UTF-8?q?=E5=AF=BE=E5=BF=9C=E3=81=95=E3=81=9B=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- renovate.json5 | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/renovate.json5 b/renovate.json5 index 964f357df..1c32720aa 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -31,6 +31,23 @@ ], datasourceTemplate: "helm", }, + { + customType: "regex", + fileMatch: [ + "^k8s/.*/helm.jsonnet$", + "^k8s/.*/helm.libsonnet$", + "^k8s/.*/helm.yaml$", + "^k8s/.*/helm.yml$", + ], + matchStringsStrategy: "combination", + matchStrings: [ + "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", + "repoURL:\\s+[\"'](?!https:\\/\\/)(?\\S+)[\"']", + "targetRevision:\\s+[\"']?(?\\S+)[\"']", + ], + registryUrlTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", + datasourceTemplate: "helm", + }, { customType: "regex", fileMatch: "^k8s/apps/.*/kustomization.yaml$", From 067120af1e01589566e5c591ddd44980c4bf4ef7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 16:56:32 +0900 Subject: [PATCH 0658/1209] fix: update registryUrlTemplate to packageNameTemplate in renovate.json5 Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 1c32720aa..33f0eaa15 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -45,7 +45,7 @@ "repoURL:\\s+[\"'](?!https:\\/\\/)(?\\S+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], - registryUrlTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", + packageNameTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", datasourceTemplate: "helm", }, { From 622438fceb511255afa0b9471c8afe6466bd2ae6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:09:45 +0900 Subject: [PATCH 0659/1209] fix renovate regex Signed-off-by: walnuts1018 --- renovate.json5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 33f0eaa15..007dbc1b1 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -26,7 +26,7 @@ matchStringsStrategy: "combination", matchStrings: [ "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", - "repoURL:\\s+[\"']?(?\\S+)[\"']", + "repoURL:\\s+[\"']?https:\\/\\/(?\\S+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], datasourceTemplate: "helm", @@ -42,7 +42,7 @@ matchStringsStrategy: "combination", matchStrings: [ "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", - "repoURL:\\s+[\"'](?!https:\\/\\/)(?\\S+)[\"']", + "repoURL:\\s+[\"']?(?[^\\/\\s]+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], packageNameTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", From 93520ca3df8e8ba8f621948726721f18623cd250 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:12:14 +0900 Subject: [PATCH 0660/1209] fix Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 007dbc1b1..42b580134 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -42,7 +42,7 @@ matchStringsStrategy: "combination", matchStrings: [ "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", - "repoURL:\\s+[\"']?(?[^\\/\\s]+)[\"']", + "repoURL:\\s+[\"']?(?[^:\\s]+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], packageNameTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", From cdc2dfa35cc4aa49c2946dfa9ffd4f3adc3d1ae2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:13:46 +0900 Subject: [PATCH 0661/1209] fix: correct regex for repoURL in renovate.json5 Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 42b580134..be54ededd 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -26,7 +26,7 @@ matchStringsStrategy: "combination", matchStrings: [ "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", - "repoURL:\\s+[\"']?https:\\/\\/(?\\S+)[\"']", + "repoURL:\\s+[\"']?(?https:\\/\\/\\S+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], datasourceTemplate: "helm", From ea789d6881a34caec445efc4837b18141f866bd3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:28:42 +0900 Subject: [PATCH 0662/1209] fix: update datasourceTemplate from helm to docker in renovate.json5 Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index be54ededd..34dbb669c 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -46,7 +46,7 @@ "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], packageNameTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", - datasourceTemplate: "helm", + datasourceTemplate: "docker", }, { customType: "regex", From 0dc1d860dce88aa66df1fc4309764091bab1fa99 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 2 Jan 2025 08:34:33 +0000 Subject: [PATCH 0663/1209] chore(deps): update gotson/komga docker tag to v1.16.0 --- k8s/apps/komga/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet index 04d8d0db0..cd03d2041 100644 --- a/k8s/apps/komga/statefulset.jsonnet +++ b/k8s/apps/komga/statefulset.jsonnet @@ -20,7 +20,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'komga', - image: 'gotson/komga:1.15.1', + image: 'gotson/komga:1.16.0', resources: { limits: { cpu: '500m', From 670e79435d92af33f462280861c1cad77c567e57 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 2 Jan 2025 08:34:45 +0000 Subject: [PATCH 0664/1209] chore(deps): update renovate/renovate docker tag to v39.88.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index bf666d17b..88c0221c4 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.87.0', + image: 'renovate/renovate:39.88.0', resources: { requests: { memory: '256Mi', From 242b295e76dd70195ef2a88f6f161d057eb6a74f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:38:40 +0900 Subject: [PATCH 0665/1209] fix: update depNameTemplate in renovate.json5 for consistency Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 34dbb669c..2df403924 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -45,7 +45,7 @@ "repoURL:\\s+[\"']?(?[^:\\s]+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], - packageNameTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", + depNameTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", datasourceTemplate: "docker", }, { From 138a8244a4fd81e47ff3309a5c27a17fcc0f0c22 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:40:02 +0900 Subject: [PATCH 0666/1209] fix: rename depNameTemplate to packageNameTemplate in renovate.json5 for clarity Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 2df403924..9c77609ce 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -45,7 +45,7 @@ "repoURL:\\s+[\"']?(?[^:\\s]+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], - depNameTemplate: "oci://{{{ociRepo}}}/{{{ociChart}}}", + packageNameTemplate: "{{{ociRepo}}}/{{{ociChart}}}", datasourceTemplate: "docker", }, { From 820b2a24d5547a783701fb62453fc8375e526792 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:43:46 +0900 Subject: [PATCH 0667/1209] fix: update packageNameTemplate in renovate.json5 to handle empty ociRepo case Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 9c77609ce..e2d2da716 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -45,7 +45,7 @@ "repoURL:\\s+[\"']?(?[^:\\s]+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], - packageNameTemplate: "{{{ociRepo}}}/{{{ociChart}}}", + packageNameTemplate: "{{#if (equals {{{ociRepo}}} '')}}''{{else}}{{{ociRepo}}}/{{{ociChart}}}{{/if}}" datasourceTemplate: "docker", }, { From 3a1c29787c4584ddde73a6ea0e588063cf521b3f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:45:32 +0900 Subject: [PATCH 0668/1209] fix: add missing comma in packageNameTemplate in renovate.json5 Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index e2d2da716..5684b8dc1 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -45,7 +45,7 @@ "repoURL:\\s+[\"']?(?[^:\\s]+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], - packageNameTemplate: "{{#if (equals {{{ociRepo}}} '')}}''{{else}}{{{ociRepo}}}/{{{ociChart}}}{{/if}}" + packageNameTemplate: "{{#if (equals {{{ociRepo}}} '')}}''{{else}}{{{ociRepo}}}/{{{ociChart}}}{{/if}}", datasourceTemplate: "docker", }, { From 2d46a65809b175ce5af0c1693bc6a042060ddf34 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 17:47:07 +0900 Subject: [PATCH 0669/1209] fix: update packageNameTemplate in renovate.json5 to use variable directly for clarity Signed-off-by: walnuts1018 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 5684b8dc1..b33cee2c8 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -45,7 +45,7 @@ "repoURL:\\s+[\"']?(?[^:\\s]+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], - packageNameTemplate: "{{#if (equals {{{ociRepo}}} '')}}''{{else}}{{{ociRepo}}}/{{{ociChart}}}{{/if}}", + packageNameTemplate: "{{#if (equals ociRepo '')}}''{{else}}{{{ociRepo}}}/{{{ociChart}}}{{/if}}", datasourceTemplate: "docker", }, { From 5d51f49e38e10b63512b852beefbc7a51403b7fa Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 18:02:24 +0900 Subject: [PATCH 0670/1209] fix: update packageNameTemplate in renovate.json5 to simplify ociRepo handling Signed-off-by: walnuts1018 --- renovate.json5 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index b33cee2c8..6741e3093 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -26,7 +26,7 @@ matchStringsStrategy: "combination", matchStrings: [ "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", - "repoURL:\\s+[\"']?(?https:\\/\\/\\S+)[\"']", + "repoURL:\\s+[\"']?(?\\S+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], datasourceTemplate: "helm", @@ -41,11 +41,11 @@ ], matchStringsStrategy: "combination", matchStrings: [ - "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", - "repoURL:\\s+[\"']?(?[^:\\s]+)[\"']", + "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", + "ociRepoURL:\\s+[\"']?(?\\S+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], - packageNameTemplate: "{{#if (equals ociRepo '')}}''{{else}}{{{ociRepo}}}/{{{ociChart}}}{{/if}}", + packageNameTemplate: "{{{ociRepo}}}/{{{ociChart}}}", datasourceTemplate: "docker", }, { From 1c21cf80382b7f2cf25081f967ba96a6788adf3a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 18:11:19 +0900 Subject: [PATCH 0671/1209] fix: update repoURL to ociRepoURL in helm.jsonnet and helm.libsonnet for consistency Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- k8s/components/helm.libsonnet | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 813c82b11..401b55701 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,7 +2,7 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, chart: 'mariadb', - repoURL: 'registry-1.docker.io/bitnamicharts', + ociRepoURL: 'registry-1.docker.io/bitnamicharts', targetRevision: '20.0.0', values: (importstr 'values.yaml'), } diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet index 85a1d70d7..7e7dceca4 100644 --- a/k8s/components/helm.libsonnet +++ b/k8s/components/helm.libsonnet @@ -2,7 +2,8 @@ name:: error 'name is required', namespace:: error 'namespace is required', chart:: error 'chart is required', - repoURL:: error 'repoURL is required', + ociRepoURL:: '', + repoURL:: '', targetRevision:: error 'targetRevision is required', values:: '', valuesObject:: null, @@ -31,7 +32,7 @@ }, source: { chart: $.chart, - repoURL: $.repoURL, + repoURL: if $.ociRepoURL != '' then $.ociRepoURL else $.repoURL, targetRevision: $.targetRevision, helm: { releaseName: $.name, From a74852312aab95485fae3c737023344b1f684c53 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 18:14:46 +0900 Subject: [PATCH 0672/1209] fix: refactor repoURL assignment in helm.libsonnet for improved clarity and validation Signed-off-by: walnuts1018 --- k8s/components/helm.libsonnet | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet index 7e7dceca4..d879e0372 100644 --- a/k8s/components/helm.libsonnet +++ b/k8s/components/helm.libsonnet @@ -31,8 +31,10 @@ ], }, source: { + local argoRepoURL = if $.ociRepoURL != '' then $.ociRepoURL else $.repoURL, + assert !std.isEmpty(argoRepoURL) : 'ociRepoURL or repoURL is required', chart: $.chart, - repoURL: if $.ociRepoURL != '' then $.ociRepoURL else $.repoURL, + repoURL: argoRepoURL, targetRevision: $.targetRevision, helm: { releaseName: $.name, From eec886025753743f2c0a62c05e80df42bae37f7f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 18:15:36 +0900 Subject: [PATCH 0673/1209] fix: rename match strings in renovate.json5 for clarity and consistency Signed-off-by: walnuts1018 --- renovate.json5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 6741e3093..7176bb5bf 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -41,8 +41,8 @@ ], matchStringsStrategy: "combination", matchStrings: [ - "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", - "ociRepoURL:\\s+[\"']?(?\\S+)[\"']", + "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", + "ociRepoURL:\\s+[\"']?(?\\S+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], packageNameTemplate: "{{{ociRepo}}}/{{{ociChart}}}", From 06f03a5df8b408dca47f43429928d8e14c17977c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 18:25:32 +0900 Subject: [PATCH 0674/1209] fix: update ociRepoURL to ociChartURL in helm.jsonnet and helm.libsonnet for consistency Signed-off-by: walnuts1018 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 3 +-- k8s/components/helm.libsonnet | 16 +++++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 401b55701..120d50e2a 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -1,8 +1,7 @@ (import '../../../components/helm.libsonnet') { name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, - chart: 'mariadb', - ociRepoURL: 'registry-1.docker.io/bitnamicharts', + ociChartURL: 'registry-1.docker.io/bitnamicharts/mariadb', targetRevision: '20.0.0', values: (importstr 'values.yaml'), } diff --git a/k8s/components/helm.libsonnet b/k8s/components/helm.libsonnet index d879e0372..3b5714da7 100644 --- a/k8s/components/helm.libsonnet +++ b/k8s/components/helm.libsonnet @@ -1,8 +1,8 @@ { name:: error 'name is required', namespace:: error 'namespace is required', - chart:: error 'chart is required', - ociRepoURL:: '', + ociChartURL:: '', + chart:: '', repoURL:: '', targetRevision:: error 'targetRevision is required', values:: '', @@ -31,9 +31,15 @@ ], }, source: { - local argoRepoURL = if $.ociRepoURL != '' then $.ociRepoURL else $.repoURL, - assert !std.isEmpty(argoRepoURL) : 'ociRepoURL or repoURL is required', - chart: $.chart, + local useOCI = !std.isEmpty($.ociChartURL), + local splitedOCIChartURL = std.splitLimitR($.ociChartURL, '/', 1), + local argoChart = if useOCI then splitedOCIChartURL[1] else $.chart, + local argoRepoURL = if useOCI then splitedOCIChartURL[0] else $.repoURL, + + assert !std.isEmpty(argoChart) : 'ociChartURL or chart is required', + assert !std.isEmpty(argoRepoURL) : 'ociChartURL or repoURL is required', + + chart: argoChart, repoURL: argoRepoURL, targetRevision: $.targetRevision, helm: { From c865b40c5fa26fa7478aa5045e5b9758e2023eb3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 2 Jan 2025 18:26:07 +0900 Subject: [PATCH 0675/1209] fix: update matchStrings and packageNameTemplate in renovate.json5 for consistency Signed-off-by: walnuts1018 --- renovate.json5 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 7176bb5bf..2e86f2494 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -41,11 +41,9 @@ ], matchStringsStrategy: "combination", matchStrings: [ - "chart:\\s+[\"']?(?[a-z0-9-]+)[\"']", - "ociRepoURL:\\s+[\"']?(?\\S+)[\"']", + "ociChartURL:\\s+[\"']?(?\\S+)[\"']", "targetRevision:\\s+[\"']?(?\\S+)[\"']", ], - packageNameTemplate: "{{{ociRepo}}}/{{{ociChart}}}", datasourceTemplate: "docker", }, { From 8332d6bf0b6cb6a794b532870e90f13267c5dee6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 2 Jan 2025 09:27:22 +0000 Subject: [PATCH 0676/1209] chore(deps): update registry-1.docker.io/bitnamicharts/mariadb docker tag to v20.2.1 --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index 120d50e2a..f255d909f 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,6 +2,6 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, ociChartURL: 'registry-1.docker.io/bitnamicharts/mariadb', - targetRevision: '20.0.0', + targetRevision: '20.2.1', values: (importstr 'values.yaml'), } From edac640553b5171447a3c33704f317e14ed7068b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 3 Jan 2025 02:35:30 +0900 Subject: [PATCH 0677/1209] chore(deps): update renovate/renovate docker tag to v39.88.1 (#1177) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 88c0221c4..0517e5c1f 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.88.0', + image: 'renovate/renovate:39.88.1', resources: { requests: { memory: '256Mi', From 69ef08d3a4e43d1ff8f7549d6b9f652da048b901 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 3 Jan 2025 06:51:53 +0900 Subject: [PATCH 0678/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v3b35a1c7d0b56e8d796f7640af64f860fd66f5d2-358 (#1179) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 9a830a33f..345482c1b 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:4d804b20c7c16c4e96f80d30b74925485e318eed-357', + image: 'ghcr.io/walnuts1018/walnuts.dev:3b35a1c7d0b56e8d796f7640af64f860fd66f5d2-358', imagePullPolicy: 'IfNotPresent', ports: [ { From fc4f67f1ec07b4297376d1a4b30c728beb793e0c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 3 Jan 2025 00:01:04 +0000 Subject: [PATCH 0679/1209] chore(deps): update helm release descheduler to v0.32.0 --- k8s/apps/descheduler/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/descheduler/helm.jsonnet b/k8s/apps/descheduler/helm.jsonnet index 73ce1b9e6..27954360c 100644 --- a/k8s/apps/descheduler/helm.jsonnet +++ b/k8s/apps/descheduler/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'descheduler', repoURL: 'https://kubernetes-sigs.github.io/descheduler/', - targetRevision: '0.31.0', + targetRevision: '0.32.0', values: (importstr 'values.yaml'), } From b9b0caa73aa79c23dc20dd5130ef171ae2ca9e4e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 3 Jan 2025 01:21:09 +0000 Subject: [PATCH 0680/1209] chore(deps): update renovate/renovate docker tag to v39.90.2 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0517e5c1f..6440f9a36 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.88.1', + image: 'renovate/renovate:39.90.2', resources: { requests: { memory: '256Mi', From 87d9645293119cd842bfa1adb5a9ab5cda87a536 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 3 Jan 2025 11:42:04 +0900 Subject: [PATCH 0681/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.289.0 (#1181) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 7a1281100..634e5fe7c 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.288.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.289.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From c95784310c224a661ea1024d4a719b5f71aeef7b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 3 Jan 2025 06:01:03 +0000 Subject: [PATCH 0682/1209] chore(deps): update helm release minio to v5.4.0 --- k8s/apps/minio/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/helm.jsonnet b/k8s/apps/minio/helm.jsonnet index b829548ab..886e377da 100644 --- a/k8s/apps/minio/helm.jsonnet +++ b/k8s/apps/minio/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'minio', repoURL: 'https://charts.min.io/', - targetRevision: '5.3.0', + targetRevision: '5.4.0', values: (importstr 'values.yaml'), } From 2844d19fc1babf84bbddde8447fd7019a427dd74 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 3 Jan 2025 07:21:03 +0000 Subject: [PATCH 0683/1209] chore(deps): update helm release kube-prometheus-stack to v67.6.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index b8aa13572..77f333309 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.5.0', + targetRevision: '67.6.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 3fc6579452e87c73caa23a421cb4626ac05ade7c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 3 Jan 2025 17:31:53 +0900 Subject: [PATCH 0684/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v7de491d80aace20dcbc06d4656a2969e28a429f0-359 (#1184) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 345482c1b..ae600cef1 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:3b35a1c7d0b56e8d796f7640af64f860fd66f5d2-358', + image: 'ghcr.io/walnuts1018/walnuts.dev:7de491d80aace20dcbc06d4656a2969e28a429f0-359', imagePullPolicy: 'IfNotPresent', ports: [ { From 656859416a3516ec55f5dd6b8333e113342f122b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 3 Jan 2025 19:04:39 +0900 Subject: [PATCH 0685/1209] fix: update pods threshold in descheduler values.yaml for resource management Signed-off-by: walnuts1018 --- k8s/apps/descheduler/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/descheduler/values.yaml b/k8s/apps/descheduler/values.yaml index 909686d96..f90af7c0f 100644 --- a/k8s/apps/descheduler/values.yaml +++ b/k8s/apps/descheduler/values.yaml @@ -27,7 +27,7 @@ deschedulerPolicy: thresholds: cpu: 80 memory: 80 - pods: 110 + pods: 100 targetThresholds: cpu: 50 memory: 70 From 190cb6424f4ca0e07ce9fea158ebdcc374d1ef97 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 3 Jan 2025 19:09:19 +0900 Subject: [PATCH 0686/1209] fix: adjust resource thresholds in descheduler values.yaml for improved management Signed-off-by: walnuts1018 --- k8s/apps/descheduler/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/k8s/apps/descheduler/values.yaml b/k8s/apps/descheduler/values.yaml index f90af7c0f..952f7aeff 100644 --- a/k8s/apps/descheduler/values.yaml +++ b/k8s/apps/descheduler/values.yaml @@ -25,11 +25,11 @@ deschedulerPolicy: - name: LowNodeUtilization args: thresholds: - cpu: 80 - memory: 80 - pods: 100 + cpu: 70 + memory: 70 + pods: 60 targetThresholds: - cpu: 50 + cpu: 70 memory: 70 pods: 60 plugins: From 7fccc0b9ba404efd004d8aaacfb9f6abfcfa7fce Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 3 Jan 2025 19:09:43 +0900 Subject: [PATCH 0687/1209] fix: update resource thresholds in descheduler values.yaml for better utilization Signed-off-by: walnuts1018 --- k8s/apps/descheduler/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/descheduler/values.yaml b/k8s/apps/descheduler/values.yaml index 952f7aeff..6341b2385 100644 --- a/k8s/apps/descheduler/values.yaml +++ b/k8s/apps/descheduler/values.yaml @@ -25,13 +25,13 @@ deschedulerPolicy: - name: LowNodeUtilization args: thresholds: - cpu: 70 - memory: 70 + cpu: 60 + memory: 60 pods: 60 targetThresholds: cpu: 70 memory: 70 - pods: 60 + pods: 70 plugins: balance: enabled: From e178040bc35d39e1ff33b19973550fece8a1df41 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 3 Jan 2025 14:01:04 +0000 Subject: [PATCH 0688/1209] chore(deps): update helm release kube-prometheus-stack to v67.7.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 77f333309..32f6c7760 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.6.0', + targetRevision: '67.7.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From b2fda6069e23fa5a12c2cd5ad03a82549dda90dd Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 4 Jan 2025 02:42:41 +0900 Subject: [PATCH 0689/1209] chore(deps): update renovate/renovate docker tag to v39.90.3 (#1186) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 6440f9a36..36a394f76 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.90.2', + image: 'renovate/renovate:39.90.3', resources: { requests: { memory: '256Mi', From ace14ed7f38e2b26cc7e2c79125302138494e4b8 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 4 Jan 2025 07:31:59 +0900 Subject: [PATCH 0690/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.290.0 (#1187) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 634e5fe7c..5c6d12aff 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.289.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.290.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From d01bfe4ba850667626b7e6fc3588517a0c87692e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 4 Jan 2025 09:31:57 +0900 Subject: [PATCH 0691/1209] chore(deps): update helm release argo-cd to v7.7.13 (#1188) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 30296c0e1..7fd35ff14 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.12', + targetRevision: '7.7.13', values: (importstr 'values.yaml'), } From 8085de571fd5e5a8e9c6dd6e2990b9c6372bd417 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 4 Jan 2025 13:51:57 +0900 Subject: [PATCH 0692/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-backend docker tag to c8d65c4a763fc9073216ece4c7384101737448c5-86 (#1189) Co-authored-by: Renovate Bot --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index 6bbfd5518..1accc4223 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:e80b1c8599dcb479f95a0e284b628b556e277697-85', + image: 'ghcr.io/walnuts1018/mucaron-backend:c8d65c4a763fc9073216ece4c7384101737448c5-86', ports: [ { containerPort: 8080, From b0fe1dbf7daf3faa37bbc3ded201583cbed82903 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 4 Jan 2025 17:12:21 +0900 Subject: [PATCH 0693/1209] chore(deps): update renovate/renovate docker tag to v39.90.4 (#1190) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 36a394f76..8c6039523 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.90.3', + image: 'renovate/renovate:39.90.4', resources: { requests: { memory: '256Mi', From 495c8035ae2becb423089be954188fee8e4b3996 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 4 Jan 2025 20:12:45 +0900 Subject: [PATCH 0694/1209] del unused namespaces Signed-off-by: walnuts1018 --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 1dcf7cf34..61d1ef3b1 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-origin-cert","cloudflare-tunnel-operator","code-server","dashy","databases","default","elasticsearch","external-dns","external-secrets","fitbit-manager","flux-system","github-readme-stats","hedgedoc","ingress-nginx","komga","krakend-system","kube-system","kubeshark","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-tunnel-operator","code-server","databases","default","elasticsearch","external-secrets","fitbit-manager","github-readme-stats","hedgedoc","komga","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 4aace93b3999fade58e0be2883412e825da0d55a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 5 Jan 2025 08:02:07 +0900 Subject: [PATCH 0695/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.291.0 (#1191) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 5c6d12aff..ee6ae3e4e 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.290.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.291.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From d7a07517f56f348179a631fce7f536729b15a1ee Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 5 Jan 2025 14:22:10 +0900 Subject: [PATCH 0696/1209] chore(deps): update renovate/renovate docker tag to v39.90.5 (#1192) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 8c6039523..1ac34aa77 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.90.4', + image: 'renovate/renovate:39.90.5', resources: { requests: { memory: '256Mi', From 4614267418e5a05ec50735c2c7d221302740986e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 5 Jan 2025 16:41:20 +0000 Subject: [PATCH 0697/1209] chore(deps): update renovate/renovate docker tag to v39.91.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 1ac34aa77..231b80677 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.90.5', + image: 'renovate/renovate:39.91.0', resources: { requests: { memory: '256Mi', From f35f20e09100fd11dd80d10cdb23e3f31bbd34f3 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 6 Jan 2025 01:52:13 +0900 Subject: [PATCH 0698/1209] chore(deps): update ghcr.io/walnuts1018/fitbit-manager docker tag to v1.0.4 (#1194) Co-authored-by: Renovate Bot --- k8s/apps/fitbit-manager/cronjob.jsonnet | 2 +- k8s/apps/fitbit-manager/deployment.jsonnet | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/fitbit-manager/cronjob.jsonnet b/k8s/apps/fitbit-manager/cronjob.jsonnet index 54349505a..ab6b9c613 100644 --- a/k8s/apps/fitbit-manager/cronjob.jsonnet +++ b/k8s/apps/fitbit-manager/cronjob.jsonnet @@ -18,7 +18,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.3', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.4', command: [ '/app/fitbit-manager-job', ], diff --git a/k8s/apps/fitbit-manager/deployment.jsonnet b/k8s/apps/fitbit-manager/deployment.jsonnet index 6d5ba7bf7..e41d3edc5 100644 --- a/k8s/apps/fitbit-manager/deployment.jsonnet +++ b/k8s/apps/fitbit-manager/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ { name: 'fitbit-manager', - image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.3', + image: 'ghcr.io/walnuts1018/fitbit-manager:1.0.4', imagePullPolicy: 'IfNotPresent', ports: [ { From 90884e85cdf45809f8b782587e46938664c907df Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 6 Jan 2025 13:42:15 +0900 Subject: [PATCH 0699/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.292.0 (#1195) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index ee6ae3e4e..145daeab6 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.291.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.292.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 6d45ce8e15e52bc012b9e542ada1361095af1560 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 6 Jan 2025 09:21:14 +0000 Subject: [PATCH 0700/1209] chore(deps): update helm release kube-prometheus-stack to v67.8.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 32f6c7760..aaf8d5f26 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.7.0', + targetRevision: '67.8.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 410ce28c655b0399f23ca5cd36387da56cec202e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 6 Jan 2025 19:42:09 +0900 Subject: [PATCH 0701/1209] chore(deps): update helm release zitadel to v8.8.2 (#1197) Co-authored-by: Renovate Bot --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 7e5b76284..93a5c46d7 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.8.1', + targetRevision: '8.8.2', values: (importstr 'values.yaml'), } From 4d39e19dd89115c352a3554b014ddb499e356f6e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 6 Jan 2025 20:43:22 +0900 Subject: [PATCH 0702/1209] chore(deps): update renovate/renovate docker tag to v39.91.1 (#1198) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 231b80677..fa3461892 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.91.0', + image: 'renovate/renovate:39.91.1', resources: { requests: { memory: '256Mi', From 992aaabbc4ed50a58fd7a571f1e75be60ea395ff Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 21:06:46 +0900 Subject: [PATCH 0703/1209] refactor: remove prometheus-exporter configuration and update otlp exporter settings Signed-off-by: walnuts1018 --- .../collectors/default.jsonnet | 58 +------------- .../collectors/prometheus-exporter.jsonnet | 79 ------------------- 2 files changed, 1 insertion(+), 136 deletions(-) delete mode 100644 k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index b2712701e..4bef5894d 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -62,43 +62,6 @@ std.mergePatch((import '_base.libsonnet'), { send_batch_max_size: 5000, timeout: '10s', }, - k8sattributes: { - auth_type: 'serviceAccount', - passthrough: true, - filter: { - node_from_env_var: 'K8S_NODE_NAME', - }, - extract: { - metadata: [ - 'k8s.cluster.uid', - ], - }, - pod_association: [ - { - sources: [ - { - from: 'resource_attribute', - name: 'k8s.pod.ip', - }, - ], - }, - { - sources: [ - { - from: 'resource_attribute', - name: 'k8s.pod.uid', - }, - ], - }, - { - sources: [ - { - from: 'connection', - }, - ], - }, - ], - }, }, exporters: { 'otlphttp/prometheus': { @@ -113,25 +76,6 @@ std.mergePatch((import '_base.libsonnet'), { insecure: true, }, }, - 'otlp/prometheus-exporter': { - endpoint: 'prometheus-exporter-collector.opentelemetry-collector.svc.cluster.local:4317', - tls: { - insecure: true, - }, - }, - 'otlphttp/vaxila': { - endpoint: 'https://otlp-vaxila.mackerelio.com', - headers: { - Accept: '*/*', - 'Mackerel-Api-Key': '${env:VAXILA_APIKEY}', - }, - }, - 'otlp/signoz': { - endpoint: 'signoz-otel-collector.signoz.svc.cluster.local:4317', - tls: { - insecure: true, - }, - }, 'otlphttp/loki': { endpoint: 'http://loki-gateway.loki.svc.cluster.local/otlp', tls: { @@ -166,7 +110,7 @@ std.mergePatch((import '_base.libsonnet'), { 'k8sattributes', ], exporters: [ - 'otlp/prometheus-exporter', + 'otlphttp/prometheus', ], }, logs: { diff --git a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet deleted file mode 100644 index 49b6c6445..000000000 --- a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet +++ /dev/null @@ -1,79 +0,0 @@ -std.mergePatch((import '_base.libsonnet'), { - metadata: { - name: 'prometheus-exporter', - }, - spec: { - mode: 'deployment', - image: 'otel/opentelemetry-collector-contrib', - config: { - receivers: { - otlp: { - protocols: { - grpc: { - max_recv_msg_size_mib: 100, - }, - http: {}, - }, - }, - }, - processors: { - memory_limiter: { - check_interval: '5s', - limit_mib: 2000, - spike_limit_percentage: 15, - }, - batch: { - send_batch_size: 10000, - timeout: '10s', - }, - }, - exporters: { - prometheusremotewrite: { - endpoint: 'http://prometheus-stack-kube-prom-prometheus.monitoring.svc.cluster.local:9090/api/v1/write', - resource_to_telemetry_conversion: { - enabled: true, - }, - }, - }, - service: { - pipelines: { - metrics: { - receivers: [ - 'otlp', - ], - processors: [ - 'memory_limiter', - 'batch', - ], - exporters: [ - 'prometheusremotewrite', - ], - }, - }, - }, - }, - resources: { - requests: { - memory: '200Mi', - }, - }, - autoscaler: { - minReplicas: 1, - maxReplicas: 5, - metrics: [ - { - type: 'Pods', - pods: { - metric: { - name: 'memory', - }, - target: { - type: 'AverageValue', - averageValue: '1Gi', - }, - }, - }, - ], - }, - }, -}) From 0a614d1d28e27e80f4985237c92f69b03486e896 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 21:17:35 +0900 Subject: [PATCH 0704/1209] feat(prometheus): enable OTLP receiver in prometheus configuration Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index 473aca2c5..186f5c822 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -84,6 +84,7 @@ prometheus-node-exporter: action: replace prometheus: prometheusSpec: + enableOTLPReceiver: true serviceMonitorSelector: matchLabels: {} #全てのServiceMonitorを監視対象にする podMonitorSelector: From 00f0e4755fc744579b5fb9fcaa103656f49ddbef Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 21:23:49 +0900 Subject: [PATCH 0705/1209] feat(prometheus): add additional configuration to enable OTLP receiver Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index 186f5c822..2f9c921c5 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -112,3 +112,5 @@ prometheus: enableRemoteWriteReceiver: true enableFeatures: - otlp-write-receiver + additionalConfig: + enableOTLPReceiver: true From 25cbf220bc87ec2a695286b1ecfa9ef5d447b309 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 21:50:24 +0900 Subject: [PATCH 0706/1209] feat(prometheus): add translation strategy for OTLP receiver configuration Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index 2f9c921c5..fa9b249c6 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -114,3 +114,5 @@ prometheus: - otlp-write-receiver additionalConfig: enableOTLPReceiver: true + otlp: + translationStrategy: "NoUTF8EscapingWithSuffixes" From b969ea7be3df84663f27f2e22763c62f09691e5f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 21:52:38 +0900 Subject: [PATCH 0707/1209] feat(prometheus): restore OTLP receiver and set translation strategy in configuration Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index fa9b249c6..cab0885e8 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -84,7 +84,6 @@ prometheus-node-exporter: action: replace prometheus: prometheusSpec: - enableOTLPReceiver: true serviceMonitorSelector: matchLabels: {} #全てのServiceMonitorを監視対象にする podMonitorSelector: @@ -110,8 +109,9 @@ prometheus: retentionSize: 30GiB replicas: 1 enableRemoteWriteReceiver: true - enableFeatures: - - otlp-write-receiver + enableOTLPReceiver: true + otlp: + translationStrategy: "NoUTF8EscapingWithSuffixes" additionalConfig: enableOTLPReceiver: true otlp: From 2731ecb61e184949050386625907b67515d55a4e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 21:57:22 +0900 Subject: [PATCH 0708/1209] feat(prometheus): add outOfOrderTimeWindow configuration for TSDB Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index cab0885e8..4d356b0d0 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -116,3 +116,5 @@ prometheus: enableOTLPReceiver: true otlp: translationStrategy: "NoUTF8EscapingWithSuffixes" + tsdb: + outOfOrderTimeWindow: 30m From 57a9a1fa8ff92beca04a0c13205eec6600175ce5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 21:58:01 +0900 Subject: [PATCH 0709/1209] feat(prometheus): add outOfOrderTimeWindow configuration to TSDB Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index 4d356b0d0..dd303206b 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -112,9 +112,9 @@ prometheus: enableOTLPReceiver: true otlp: translationStrategy: "NoUTF8EscapingWithSuffixes" + tsdb: + outOfOrderTimeWindow: 30m additionalConfig: enableOTLPReceiver: true otlp: translationStrategy: "NoUTF8EscapingWithSuffixes" - tsdb: - outOfOrderTimeWindow: 30m From e307d95580a842bbcd85e151d25a85101c7ea17a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 22:14:02 +0900 Subject: [PATCH 0710/1209] feat(opentelemetry): add k8sattributes configuration for service account authentication Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/default.jsonnet | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 4bef5894d..77891164b 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -57,6 +57,14 @@ std.mergePatch((import '_base.libsonnet'), { limit_mib: 2000, spike_limit_percentage: 15, }, + k8sattributes: { + auth_type: 'serviceAccount', + extract: { + metadata: [ + 'k8s.cluster.uid', + ], + }, + }, batch: { send_batch_size: 5000, send_batch_max_size: 5000, From d61d770534c3e9a696e67e0683c2f0b8af9604f9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 22:16:24 +0900 Subject: [PATCH 0711/1209] feat(minio): remove unused pod annotations from values.yaml Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 602e7d256..cd843bd01 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -8,8 +8,6 @@ persistence: ingress: enabled: true ingressClassName: cilium - annotations: - nginx.ingress.kubernetes.io/ignore-invalid-headers: "off" hosts: - minio.walnuts.dev consoleIngress: @@ -40,6 +38,6 @@ metrics: includeNode: true users: [] -podAnnotations: - instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' - instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio' +# podAnnotations: +# instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' +# instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio' From d85178bfb252c2a767b399c76a595f906878c73f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 22:41:47 +0900 Subject: [PATCH 0712/1209] feat(opentelemetry): add Prometheus exporter configuration and deployment Signed-off-by: walnuts1018 --- .../collectors/default.jsonnet | 7 ++ .../collectors/prometheus-exporter.jsonnet | 79 +++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 77891164b..a729dbabb 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -78,6 +78,12 @@ std.mergePatch((import '_base.libsonnet'), { insecure: true, }, }, + 'otlp/prometheus-exporter': { + endpoint: 'prometheus-exporter-collector.opentelemetry-collector.svc.cluster.local:4317', + tls: { + insecure: true, + }, + }, 'otlp/tempo': { endpoint: 'tempo.monitoring.svc.cluster.local:4317', tls: { @@ -119,6 +125,7 @@ std.mergePatch((import '_base.libsonnet'), { ], exporters: [ 'otlphttp/prometheus', + 'otlp/prometheus-exporter', ], }, logs: { diff --git a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet new file mode 100644 index 000000000..49b6c6445 --- /dev/null +++ b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet @@ -0,0 +1,79 @@ +std.mergePatch((import '_base.libsonnet'), { + metadata: { + name: 'prometheus-exporter', + }, + spec: { + mode: 'deployment', + image: 'otel/opentelemetry-collector-contrib', + config: { + receivers: { + otlp: { + protocols: { + grpc: { + max_recv_msg_size_mib: 100, + }, + http: {}, + }, + }, + }, + processors: { + memory_limiter: { + check_interval: '5s', + limit_mib: 2000, + spike_limit_percentage: 15, + }, + batch: { + send_batch_size: 10000, + timeout: '10s', + }, + }, + exporters: { + prometheusremotewrite: { + endpoint: 'http://prometheus-stack-kube-prom-prometheus.monitoring.svc.cluster.local:9090/api/v1/write', + resource_to_telemetry_conversion: { + enabled: true, + }, + }, + }, + service: { + pipelines: { + metrics: { + receivers: [ + 'otlp', + ], + processors: [ + 'memory_limiter', + 'batch', + ], + exporters: [ + 'prometheusremotewrite', + ], + }, + }, + }, + }, + resources: { + requests: { + memory: '200Mi', + }, + }, + autoscaler: { + minReplicas: 1, + maxReplicas: 5, + metrics: [ + { + type: 'Pods', + pods: { + metric: { + name: 'memory', + }, + target: { + type: 'AverageValue', + averageValue: '1Gi', + }, + }, + }, + ], + }, + }, +}) From 7b26967f93e724a58592f3bb0f850c72293dfc95 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 6 Jan 2025 22:43:11 +0900 Subject: [PATCH 0713/1209] chore(deps): update renovate/renovate docker tag to v39.91.2 (#1199) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index fa3461892..08f0269bc 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.91.1', + image: 'renovate/renovate:39.91.2', resources: { requests: { memory: '256Mi', From 3e45f4150cbeae0d2a64acf931d9ba8683182046 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 22:44:00 +0900 Subject: [PATCH 0714/1209] feat(komga): update pvc.jsonnet to use single quotes for consistency Signed-off-by: walnuts1018 --- k8s/apps/komga/pvc.jsonnet | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/k8s/apps/komga/pvc.jsonnet b/k8s/apps/komga/pvc.jsonnet index dc845b10e..5d3ba95de 100644 --- a/k8s/apps/komga/pvc.jsonnet +++ b/k8s/apps/komga/pvc.jsonnet @@ -1,18 +1,18 @@ { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "komga-config" + apiVersion: 'v1', + kind: 'PersistentVolumeClaim', + metadata: { + name: 'komga-config', }, - "spec": { - "storageClassName": "longhorn", - "accessModes": [ - "ReadWriteOnce" + spec: { + storageClassName: 'longhorn', + accessModes: [ + 'ReadWriteOnce', ], - "resources": { - "requests": { - "storage": "2Gi" - } - } - } + resources: { + requests: { + storage: '2Gi', + }, + }, + }, } From 25f21c01bc802050ef78e15aebe4b4617b430b16 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 22:46:38 +0900 Subject: [PATCH 0715/1209] format Signed-off-by: walnuts1018 --- k8s/apps/elasticsearch/config/elasticsearch-plugins.yml | 1 - k8s/apps/komga/config/application.yml | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/k8s/apps/elasticsearch/config/elasticsearch-plugins.yml b/k8s/apps/elasticsearch/config/elasticsearch-plugins.yml index 214a0a17d..9ecc6ed30 100644 --- a/k8s/apps/elasticsearch/config/elasticsearch-plugins.yml +++ b/k8s/apps/elasticsearch/config/elasticsearch-plugins.yml @@ -1,4 +1,3 @@ # https://www.elastic.co/guide/en/elasticsearch/plugins/current/manage-plugins-using-configuration-file.html plugins: - id: analysis-icu - diff --git a/k8s/apps/komga/config/application.yml b/k8s/apps/komga/config/application.yml index 5a38ea2a6..357829cf1 100644 --- a/k8s/apps/komga/config/application.yml +++ b/k8s/apps/komga/config/application.yml @@ -13,7 +13,6 @@ spring: # the placeholders in {} will be replaced automatically, you don't need to change this line redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}" provider: - zitadel: # this must match the provider above + zitadel: user-name-attribute: sub - # either set the issuer-uri, in which case the app will lookup the configuration for you automatically issuer-uri: https://auth.walnuts.dev From ffbafc4921781c13446520bbd9406709d1be9e88 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 22:59:57 +0900 Subject: [PATCH 0716/1209] rm rotation Signed-off-by: walnuts1018 --- k8s/apps/zalando-psql-operator/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/zalando-psql-operator/values.yaml b/k8s/apps/zalando-psql-operator/values.yaml index 20ede783c..57bda7ff0 100644 --- a/k8s/apps/zalando-psql-operator/values.yaml +++ b/k8s/apps/zalando-psql-operator/values.yaml @@ -15,6 +15,9 @@ configKubernetes: nodeSelector: kubernetes.io/arch: amd64 +configUsers: + enable_password_rotation: false + resources: limits: cpu: 500m From aa6494eada7f88514883df512b4231afda4bbff0 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 6 Jan 2025 23:22:17 +0900 Subject: [PATCH 0717/1209] chore(deps): update helm release zitadel to v8.8.3 (#1200) Co-authored-by: Renovate Bot --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 93a5c46d7..8110921ee 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.8.2', + targetRevision: '8.8.3', values: (importstr 'values.yaml'), } From 7a64e9f93750b2e8697c1b7a82741293a2411a4d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 23:30:14 +0900 Subject: [PATCH 0718/1209] feat(postgresql): add test user Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/postgresql.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet index c511bf641..ef9f13d20 100644 --- a/k8s/apps/postgresql-default/postgresql.jsonnet +++ b/k8s/apps/postgresql-default/postgresql.jsonnet @@ -23,6 +23,7 @@ local usernames = (import 'users.libsonnet'); 'superuser', 'createdb', ], + test: [], }, databases: { [formatUsername(username)]: formatUsername(username) From c88f7c21eb1c4be8b7b73281569f59368e16827a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 6 Jan 2025 23:52:53 +0900 Subject: [PATCH 0719/1209] feat(postgresql): refactor postgres Signed-off-by: walnuts1018 --- .../postgresql-default/databases.libsonnet | 50 +++++++++++++++++++ .../external-secrets.jsonnet | 2 +- .../postgresql-default/functions.libsonnet | 4 ++ .../postgresql-default/postgresql.jsonnet | 15 ++---- k8s/apps/postgresql-default/users.libsonnet | 7 ++- 5 files changed, 63 insertions(+), 15 deletions(-) create mode 100644 k8s/apps/postgresql-default/databases.libsonnet create mode 100644 k8s/apps/postgresql-default/functions.libsonnet diff --git a/k8s/apps/postgresql-default/databases.libsonnet b/k8s/apps/postgresql-default/databases.libsonnet new file mode 100644 index 000000000..7958f11f6 --- /dev/null +++ b/k8s/apps/postgresql-default/databases.libsonnet @@ -0,0 +1,50 @@ +[ + { + db_name: 'fitbit_manager', + user_name: 'fitbit_manager', + }, + { + db_name: 'grafana', + user_name: 'grafana', + }, + { + db_name: 'hedgedoc', + user_name: 'hedgedoc', + }, + { + db_name: 'misskey', + user_name: 'misskey', + }, + { + db_name: 'nextcloud', + user_name: 'nextcloud', + }, + { + db_name: 'oekaki_dengon_game', + user_name: 'oekaki_dengon_game', + }, + { + db_name: 'openchokin', + user_name: 'openchokin', + }, + { + db_name: 'wakatime_to_slack', + user_name: 'wakatime', + }, + { + db_name: 'zitadel', + user_name: 'zitadel', + }, + { + db_name: 'ac_hacking', + user_name: 'ac_hacking', + }, + { + db_name: 'mucaron', + user_name: 'mucaron', + }, + { + db_name: 'affine', + user_name: 'affine', + }, +] diff --git a/k8s/apps/postgresql-default/external-secrets.jsonnet b/k8s/apps/postgresql-default/external-secrets.jsonnet index f7246d3bc..ada2160cc 100644 --- a/k8s/apps/postgresql-default/external-secrets.jsonnet +++ b/k8s/apps/postgresql-default/external-secrets.jsonnet @@ -3,7 +3,7 @@ local gen = function(username) { apiVersion: 'external-secrets.io/v1beta1', kind: 'ExternalSecret', metadata: { - name: '%s.default.credentials.postgresql.acid.zalan.do' % username, + name: (import 'functions.libsonnet').secretName(username), }, spec: { data: [ diff --git a/k8s/apps/postgresql-default/functions.libsonnet b/k8s/apps/postgresql-default/functions.libsonnet new file mode 100644 index 000000000..980197ac9 --- /dev/null +++ b/k8s/apps/postgresql-default/functions.libsonnet @@ -0,0 +1,4 @@ +{ + secretName(username): + std.join('-', std.split(username, '_')) + '.default.credentials.postgresql.acid.zalan.do', +} diff --git a/k8s/apps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet index ef9f13d20..c6e1f6b54 100644 --- a/k8s/apps/postgresql-default/postgresql.jsonnet +++ b/k8s/apps/postgresql-default/postgresql.jsonnet @@ -1,7 +1,6 @@ -local formatUsername(username) = ( - std.join('_', std.split(username, '-')) -); local usernames = (import 'users.libsonnet'); +local databases = (import 'databases.libsonnet'); + { apiVersion: 'acid.zalan.do/v1', kind: 'postgresql', @@ -16,7 +15,7 @@ local usernames = (import 'users.libsonnet'); }, numberOfInstances: 3, users: { - [formatUsername(username)]: [] + [username]: [] for username in usernames } + { postgres: [ @@ -26,12 +25,8 @@ local usernames = (import 'users.libsonnet'); test: [], }, databases: { - [formatUsername(username)]: formatUsername(username) - for username in usernames - } + { - postgres:: null, - wakatime:: null, - wakatime_to_slack: 'wakatime', + [database.db_name]: database.user_name + for database in databases }, postgresql: { version: '17', diff --git a/k8s/apps/postgresql-default/users.libsonnet b/k8s/apps/postgresql-default/users.libsonnet index e24beb3e8..3ea5941f7 100644 --- a/k8s/apps/postgresql-default/users.libsonnet +++ b/k8s/apps/postgresql-default/users.libsonnet @@ -1,17 +1,16 @@ [ 'postgres', 'juglans', - 'fitbit-manager', + 'fitbit_manager', 'grafana', 'hedgedoc', 'misskey', 'nextcloud', - 'oekaki-dengon-game', + 'oekaki_dengon_game', 'openchokin', 'wakatime', 'zitadel', - 'ac-hacking', - 'y-2024', + 'ac_hacking', 'mucaron', 'affine', ] From 400dc83ee439a5b0aea6f2aa0b1ea1b8906df29e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 6 Jan 2025 18:21:18 +0000 Subject: [PATCH 0720/1209] chore(deps): update helm release nextcloud to v6.6.2 --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index 6d093a91d..233cc1c05 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.5.2', + targetRevision: '6.6.2', values: (importstr 'values.yaml'), } From c646ec5ffe612446e01191900281639605424f65 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 7 Jan 2025 03:22:07 +0900 Subject: [PATCH 0721/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v75ef7965084bd41ceb8bd5781467b1497dcfcf45-361 (#1202) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index ae600cef1..1484e5df3 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -25,7 +25,7 @@ type: 'RuntimeDefault', }, }, - image: 'ghcr.io/walnuts1018/walnuts.dev:7de491d80aace20dcbc06d4656a2969e28a429f0-359', + image: 'ghcr.io/walnuts1018/walnuts.dev:75ef7965084bd41ceb8bd5781467b1497dcfcf45-361', imagePullPolicy: 'IfNotPresent', ports: [ { From ee02c2f9e7f604d3ff2009b263967ad9c67f0560 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 7 Jan 2025 04:43:17 +0900 Subject: [PATCH 0722/1209] chore(deps): update renovate/renovate docker tag to v39.91.3 (#1204) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 08f0269bc..f899d73c4 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.91.2', + image: 'renovate/renovate:39.91.3', resources: { requests: { memory: '256Mi', From 77cc57371d7d1cf9a9279ffe7c3e414d77f52c1b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 6 Jan 2025 21:41:16 +0000 Subject: [PATCH 0723/1209] chore(deps): update helm release opentelemetry-operator to v0.77.0 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index fba282a30..c3f4d9241 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.76.0', + targetRevision: '0.77.0', values: (importstr 'values.yaml'), } From a979bb5bc3db6893c8fa33f7b5f991d18e5f8f05 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 6 Jan 2025 23:41:19 +0000 Subject: [PATCH 0724/1209] chore(deps): update helm release descheduler to v0.32.1 --- k8s/apps/descheduler/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/descheduler/helm.jsonnet b/k8s/apps/descheduler/helm.jsonnet index 27954360c..bfdd83566 100644 --- a/k8s/apps/descheduler/helm.jsonnet +++ b/k8s/apps/descheduler/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'descheduler', repoURL: 'https://kubernetes-sigs.github.io/descheduler/', - targetRevision: '0.32.0', + targetRevision: '0.32.1', values: (importstr 'values.yaml'), } From b08662b2d00e909d3e84dfa7e51a66193d41935b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 7 Jan 2025 15:13:26 +0900 Subject: [PATCH 0725/1209] chore(deps): update renovate/renovate docker tag to v39.91.4 (#1207) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index f899d73c4..e467dabeb 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.91.3', + image: 'renovate/renovate:39.91.4', resources: { requests: { memory: '256Mi', From b3ed55aaf3499eaac0183e190673be20ccfe7ef8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 7 Jan 2025 07:35:03 +0000 Subject: [PATCH 0726/1209] chore(deps): update renovate/renovate docker tag to v39.92.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e467dabeb..05be11b9e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ { name: 'renovate', - image: 'renovate/renovate:39.91.4', + image: 'renovate/renovate:39.92.0', resources: { requests: { memory: '256Mi', From 288efbbc07f2760a45ee526b0e8eed91bd1db542 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 7 Jan 2025 08:51:15 +0000 Subject: [PATCH 0727/1209] chore(deps): update helm release zitadel to v8.9.0 --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 8110921ee..9267be8dd 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.8.3', + targetRevision: '8.9.0', values: (importstr 'values.yaml'), } From f910362c37e217a2d07d2a00bb87d8da65fffcee Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 7 Jan 2025 21:42:22 +0900 Subject: [PATCH 0728/1209] chore(deps): update helm release argo-cd to v7.7.14 (#1210) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 7fd35ff14..d5a8d01fd 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.13', + targetRevision: '7.7.14', values: (importstr 'values.yaml'), } From ebed5d34c96e9f3ebb48969061a06e81d338ee41 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 22:28:40 +0900 Subject: [PATCH 0729/1209] fix: improve YAML encoding in BuildYAML function and update Go version to 1.23.4 Signed-off-by: walnuts1018 --- scripts/infrautil/go.mod | 5 +- scripts/infrautil/go.sum | 351 ++++++------------------------- scripts/infrautil/lib/jsonnet.go | 14 +- 3 files changed, 75 insertions(+), 295 deletions(-) diff --git a/scripts/infrautil/go.mod b/scripts/infrautil/go.mod index 5dcc943b6..b4489da14 100644 --- a/scripts/infrautil/go.mod +++ b/scripts/infrautil/go.mod @@ -1,6 +1,6 @@ module github.com/walnuts1018/infra/scripts/infrautil -go 1.23.2 +go 1.23.4 require ( github.com/go-playground/validator/v10 v10.23.0 @@ -77,7 +77,6 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/huandu/xstrings v1.5.0 // indirect - github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmoiron/sqlx v1.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -128,7 +127,6 @@ require ( go.opentelemetry.io/otel v1.33.0 // indirect go.opentelemetry.io/otel/metric v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect - go.starlark.net v0.0.0-20241125201518-c05ff208a98f // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect @@ -141,7 +139,6 @@ require ( google.golang.org/protobuf v1.36.0 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/api v0.32.0 // indirect k8s.io/apiextensions-apiserver v0.32.0 // indirect k8s.io/apimachinery v0.32.0 // indirect diff --git a/scripts/infrautil/go.sum b/scripts/infrautil/go.sum index af3ae4d7e..bfd8a1d7a 100644 --- a/scripts/infrautil/go.sum +++ b/scripts/infrautil/go.sum @@ -1,19 +1,11 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= @@ -22,8 +14,6 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= -github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= @@ -34,8 +24,6 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ= github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU= -github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= -github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -50,73 +38,47 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= -github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng= -github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= -github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ= -github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= -github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o= -github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= -github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80= github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= -github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/containerd v1.7.24 h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA= github.com/containerd/containerd v1.7.24/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= -github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= +github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= -github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= -github.com/cyphar/filepath-securejoin v0.3.5 h1:L81NHjquoQmcPgXcttUS9qTSR/+bXry6pbSINQGpjj4= -github.com/cyphar/filepath-securejoin v0.3.5/go.mod h1:edhVd3c6OXKjUmSrVa/tGJRS9joFTxlslFCAyaxigkE= github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= -github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= +github.com/distribution/distribution/v3 v3.0.0-beta.1 h1:X+ELTxPuZ1Xe5MsD3kp2wfGUhc8I+MPfRis8dZ818Ic= +github.com/distribution/distribution/v3 v3.0.0-beta.1/go.mod h1:O9O8uamhHzWWQVTjuQpyYUVm/ShPHPUDgvQMpHGVBDs= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= -github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPDpigSyeKQQ= -github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v27.4.1+incompatible h1:VzPiUlRJ/xh+otB75gva3r05isHMo5wXDfPRi5/b4hI= github.com/docker/cli v27.4.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= -github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI= -github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v27.4.1+incompatible h1:ZJvcY7gfwHn1JF48PfbyXg7Jyt9ZCWDW+GGXOIxEwp4= github.com/docker/docker v27.4.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= -github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -127,20 +89,12 @@ github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQ github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4= github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= -github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= -github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -151,12 +105,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= -github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA= github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU= -github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= -github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= @@ -169,17 +119,10 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= @@ -197,46 +140,23 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/goccy/go-yaml v1.15.6 h1:gy5kf1yjMia3/c3wWD+u1z3lU5XlhpT8FZGaLJU9cOA= -github.com/goccy/go-yaml v1.15.6/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= -github.com/goccy/go-yaml v1.15.7 h1:L7XuKpd/A66X4w/dlk08lVfiIADdy79a1AzRoIefC98= -github.com/goccy/go-yaml v1.15.7/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/goccy/go-yaml v1.15.11 h1:XeEd/2INF0TXXWMzJ9ALqJLGjGDl4PIi1gmrK+7KpAs= github.com/goccy/go-yaml v1.15.11/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= -github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= -github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -245,41 +165,39 @@ github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE= github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= -github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= +github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw= +github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU= +github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4= +github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= -github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= @@ -293,19 +211,16 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= -github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= @@ -316,8 +231,6 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -325,8 +238,6 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= -github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= @@ -342,8 +253,6 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= -github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= @@ -366,10 +275,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -391,19 +300,14 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ= github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -411,17 +315,19 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= +github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U= +github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc= +github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ= +github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY= +github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= -github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4= github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4= -github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= -github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= @@ -431,8 +337,6 @@ github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+D github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= @@ -443,16 +347,12 @@ github.com/sters/yaml-diff v1.4.1 h1:0W3jnFKCu8/DV7nh2aXSDA2VVfxfHu2+qdh81CuFmZo github.com/sters/yaml-diff v1.4.1/go.mod h1:K286Xp2z+aGkok7z9k3zXcq0ZsrDaDp7/wyGwFjM9Y8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= @@ -470,86 +370,64 @@ github.com/yosuke-furukawa/json5 v0.1.1 h1:0F9mNwTvOuDNH243hoPqvf+dxa5QsKnZzU20u github.com/yosuke-furukawa/json5 v0.1.1/go.mod h1:sw49aWDqNdRJ6DYUtIQiaA3xyj2IL9tjeNYmX2ixwcU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI= -github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= -github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE= -github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= -github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY= -github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= +go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw= +go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= -go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= -go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= -go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= -go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= -go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= -go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= -go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= -go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I= +go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w= +go.opentelemetry.io/otel/exporters/prometheus v0.44.0/go.mod h1:ERL2uIeBtg4TxZdojHUwzZfIFlUIjZtxubT5p4h1Gjg= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgYCza3PXRUGEyCB++y1sAqm6guWFesk= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E= go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= -go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= -go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= -go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= -go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= +go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= +go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= -go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= -go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= -go.starlark.net v0.0.0-20241125201518-c05ff208a98f h1:W+3pcCdjGognUT+oE6tXsC3xiCEcCYTaJBXHHRn7aW0= -go.starlark.net v0.0.0-20241125201518-c05ff208a98f/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= -golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= -golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -557,83 +435,43 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= +google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U= +google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4= google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= -google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= -google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -645,7 +483,6 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWM gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -653,94 +490,38 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= -helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= helm.sh/helm/v3 v3.16.4 h1:rBn/h9MACw+QlhxQTjpl8Ifx+VTWaYsw3rguGBYBzr0= helm.sh/helm/v3 v3.16.4/go.mod h1:k8QPotUt57wWbi90w3LNmg3/MWcLPigVv+0/X4B8BzA= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= -k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= -k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= -k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= -k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= -k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= -k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE= -k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4= k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= -k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= -k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= -k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c= -k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM= -k8s.io/apiserver v0.31.3 h1:+1oHTtCB+OheqFEz375D0IlzHZ5VeQKX1KGXnx+TTuY= -k8s.io/apiserver v0.31.3/go.mod h1:PrxVbebxrxQPFhJk4powDISIROkNMKHibTg9lTRQ0Qg= k8s.io/apiserver v0.32.0 h1:VJ89ZvQZ8p1sLeiWdRJpRD6oLozNZD2+qVSLi+ft5Qs= k8s.io/apiserver v0.32.0/go.mod h1:HFh+dM1/BE/Hm4bS4nTXHVfN6Z6tFIZPi649n83b4Ag= -k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk= -k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U= -k8s.io/cli-runtime v0.31.3 h1:fEQD9Xokir78y7pVK/fCJN090/iYNrLHpFbGU4ul9TI= -k8s.io/cli-runtime v0.31.3/go.mod h1:Q2jkyTpl+f6AtodQvgDI8io3jrfr+Z0LyQBPJJ2Btq8= k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c= k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ= -k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= -k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= -k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= -k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= -k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8= -k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w= -k8s.io/component-base v0.31.3 h1:DMCXXVx546Rfvhj+3cOm2EUxhS+EyztH423j+8sOwhQ= -k8s.io/component-base v0.31.3/go.mod h1:xME6BHfUOafRgT0rGVBGl7TuSg8Z9/deT7qq6w7qjIU= k8s.io/component-base v0.32.0 h1:d6cWHZkCiiep41ObYQS6IcgzOUQUNpywm39KVYaUqzU= k8s.io/component-base v0.32.0/go.mod h1:JLG2W5TUxUu5uDyKiH2R/7NnxJo1HlPoRIIbVLkK5eM= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f h1:nLHvOvs1CZ+FAEwR4EqLeRLfbtWQNlIu5g393Hq/1UM= -k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f/go.mod h1:iZjdMQzunI7O/sUrf/5WRX1gvaAIam32lKx9+paoLbU= k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= -k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24= -k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM= -k8s.io/kubectl v0.31.3 h1:3r111pCjPsvnR98oLLxDMwAeM6OPGmPty6gSKaLTQes= -k8s.io/kubectl v0.31.3/go.mod h1:lhMECDCbJN8He12qcKqs2QfmVo9Pue30geovBVpH5fs= k8s.io/kubectl v0.32.0 h1:rpxl+ng9qeG79YA4Em9tLSfX0G8W0vfaiPVrc/WR7Xw= k8s.io/kubectl v0.32.0/go.mod h1:qIjSX+QgPQUgdy8ps6eKsYNF+YmFOAO3WygfucIqFiE= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= -oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= oras.land/oras-go v1.2.6 h1:z8cmxQXBU8yZ4mkytWqXfo6tZcamPwjsuxYU81xJ8Lk= oras.land/oras-go v1.2.6/go.mod h1:OVPc1PegSEe/K8YiLfosrlqlqTN9PUyFvOw5Y9gwrT8= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= -sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo= sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U= -sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= -sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E= sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= -sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/scripts/infrautil/lib/jsonnet.go b/scripts/infrautil/lib/jsonnet.go index 0675e9582..86722d405 100644 --- a/scripts/infrautil/lib/jsonnet.go +++ b/scripts/infrautil/lib/jsonnet.go @@ -2,6 +2,7 @@ package lib import ( "encoding/json" + "strings" "github.com/google/go-jsonnet" yaml "gopkg.in/yaml.v3" @@ -24,14 +25,15 @@ func BuildYAML(filepath string) (string, error) { jsonResults = []interface{}{jsonResult} } - var yamlResult string + var yamlResult strings.Builder + encoder := yaml.NewEncoder(&yamlResult) + encoder.SetIndent(2) + defer encoder.Close() + for _, result := range jsonResults { - yamlBytes, err := yaml.Marshal(result) - if err != nil { + if err := encoder.Encode(result); err != nil { return "", err } - yamlResult += string(yamlBytes) - yamlResult += "\n---\n" } - return yamlResult, nil + return yamlResult.String(), nil } From b7e871631f40c8c01c584e36e057aa998730fe61 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 22:51:20 +0900 Subject: [PATCH 0730/1209] fix: refactor error handling for repo URL parsing in helm commands Signed-off-by: walnuts1018 --- scripts/infrautil/helmSnapshotCmd.go | 13 ++++++------- scripts/infrautil/snapshotCmd.go | 1 + 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/infrautil/helmSnapshotCmd.go b/scripts/infrautil/helmSnapshotCmd.go index 53c7de726..4b42824b0 100644 --- a/scripts/infrautil/helmSnapshotCmd.go +++ b/scripts/infrautil/helmSnapshotCmd.go @@ -80,14 +80,13 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) } return fmt.Errorf("failed to parse helm application: %w", err) } - - repoURL, err := url.Parse(helmapp.Spec.Source.RepoURL) - if err != nil { - slog.Error("failed to parse repo url", slog.String("repoURL", helmapp.Spec.Source.RepoURL), slog.Any("error", err)) - return fmt.Errorf("failed to parse repo url: %w", err) - } - eg.Go(func() error { + repoURL, err := url.Parse(helmapp.Spec.Source.RepoURL) + if err != nil { + slog.Error("failed to parse repo url", slog.String("repoURL", helmapp.Spec.Source.RepoURL), slog.Any("error", err)) + return fmt.Errorf("failed to parse repo url: %w", err) + } + hc, err := lib.NewHelmClient() if err != nil { slog.Error("failed to create helm client", slog.Any("error", err)) diff --git a/scripts/infrautil/snapshotCmd.go b/scripts/infrautil/snapshotCmd.go index 264bef6f1..49acbc72c 100644 --- a/scripts/infrautil/snapshotCmd.go +++ b/scripts/infrautil/snapshotCmd.go @@ -49,6 +49,7 @@ func (b *snapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) subc if filepath.Ext(path) != ".jsonnet" { return nil } + eg.Go(func() error { yaml, err := lib.BuildYAML(path) if err != nil { From c1a41eafd6324cd775952ac1e3cc9cad3daabff2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 22:56:21 +0900 Subject: [PATCH 0731/1209] fix: enhance security settings in MinIO values.yaml Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index cd843bd01..8292c0ada 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -41,3 +41,8 @@ users: [] # podAnnotations: # instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' # instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio' + +containerSecurityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false From 9c1f6def914d2b3461dedd2be8229e1a95544c59 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 22:59:13 +0900 Subject: [PATCH 0732/1209] fix: enhance security settings in MinIO values.yaml with seccomp profile and capabilities adjustments Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 8292c0ada..0aab9740e 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -46,3 +46,10 @@ containerSecurityContext: readOnlyRootFilesystem: true runAsNonRoot: true allowPrivilegeEscalation: false + seccompProfile: + type: 'RuntimeDefault' + capabilities: + add: + - 'NET_BIND_SERVICE' + drop: + - 'all' From b0a8f8a2ffd57addf361183cf7ff4fba077d1d8a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:00:39 +0900 Subject: [PATCH 0733/1209] fix: update MinIO security settings to allow non-root user and remove capabilities adjustments Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 0aab9740e..352368c3e 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -44,12 +44,7 @@ users: [] containerSecurityContext: readOnlyRootFilesystem: true - runAsNonRoot: true + runAsNonRoot: false allowPrivilegeEscalation: false seccompProfile: type: 'RuntimeDefault' - capabilities: - add: - - 'NET_BIND_SERVICE' - drop: - - 'all' From bd4f67f618055e4cd2d625249f22380d3785b153 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:10:14 +0900 Subject: [PATCH 0734/1209] fix: add rule to .trivyignore.yaml to disable false positives for ConfigMap with secrets Signed-off-by: walnuts1018 --- .trivyignore.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.trivyignore.yaml b/.trivyignore.yaml index 43a219916..2ae62e733 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -7,3 +7,5 @@ misconfigurations: paths: - "k8s/apps/samba/deployment.yaml" statement: accept hostpath +- id: AVD-KSV-0109 + statement: Disable “ConfigMap with secrets” as there are many false positives. From a3a570ac4bd031ab1bbc71a30e33bd98b00fbf5f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:12:36 +0900 Subject: [PATCH 0735/1209] fix: add rule to .trivyignore.yaml to accept capabilities.add in cilium Signed-off-by: walnuts1018 --- .trivyignore.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.trivyignore.yaml b/.trivyignore.yaml index 2ae62e733..38eec387f 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -9,3 +9,7 @@ misconfigurations: statement: accept hostpath - id: AVD-KSV-0109 statement: Disable “ConfigMap with secrets” as there are many false positives. +- id: KSV022 + paths: + - "k8s/helm/cilium-helm.yaml" + statement: accept capabilities.add in cilium From 36111f5712e86b3d5b0552d61be71af8d28abb4e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:13:32 +0900 Subject: [PATCH 0736/1209] fix: refactor container definition in renovate cronjob to use shared library Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 05be11b9e..514497341 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -19,7 +19,7 @@ }, restartPolicy: 'Never', containers: [ - { + (import '../../components/container.libsonnet') { name: 'renovate', image: 'renovate/renovate:39.92.0', resources: { From 6b2579096fb64c593eb69d74338635429a932af9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:15:47 +0900 Subject: [PATCH 0737/1209] fix: update property names in external-secret.jsonnet to use underscores Signed-off-by: walnuts1018 --- k8s/apps/ac-hacking-2024/back/external-secret.jsonnet | 2 +- k8s/apps/fitbit-manager/external-secret.jsonnet | 2 +- k8s/apps/oekaki-dengon-game/external-secret.jsonnet | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/ac-hacking-2024/back/external-secret.jsonnet b/k8s/apps/ac-hacking-2024/back/external-secret.jsonnet index 30b6c8943..b08d132f8 100644 --- a/k8s/apps/ac-hacking-2024/back/external-secret.jsonnet +++ b/k8s/apps/ac-hacking-2024/back/external-secret.jsonnet @@ -5,7 +5,7 @@ secretKey: 'postgres_password', remoteRef: { key: 'postgres_passwords', - property: 'ac-hacking', + property: 'ac_hacking', }, }, ], diff --git a/k8s/apps/fitbit-manager/external-secret.jsonnet b/k8s/apps/fitbit-manager/external-secret.jsonnet index 9122b76cd..7610b6ab4 100644 --- a/k8s/apps/fitbit-manager/external-secret.jsonnet +++ b/k8s/apps/fitbit-manager/external-secret.jsonnet @@ -26,7 +26,7 @@ secretKey: 'postgres_password', remoteRef: { key: 'postgres_passwords', - property: 'fitbit-manager', + property: 'fitbit_manager', }, }, { diff --git a/k8s/apps/oekaki-dengon-game/external-secret.jsonnet b/k8s/apps/oekaki-dengon-game/external-secret.jsonnet index 0456d5b4d..ca7245b63 100644 --- a/k8s/apps/oekaki-dengon-game/external-secret.jsonnet +++ b/k8s/apps/oekaki-dengon-game/external-secret.jsonnet @@ -12,7 +12,7 @@ secretKey: 'postgres-user-password', remoteRef: { key: 'postgres_passwords', - property: 'oekaki-dengon-game', + property: 'oekaki_dengon_game', }, }, { From 9563cfcfd85ca3f44768cd70604240b715494c1e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:34:38 +0900 Subject: [PATCH 0738/1209] fix: update .trivyignore.yaml to disable false positives for ConfigMap with sensitive content and enhance deployment security context in walnuts-dev Signed-off-by: walnuts1018 --- .trivyignore.yaml | 4 +++- k8s/apps/walnuts-dev/deployment.jsonnet | 17 +++++++++-------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.trivyignore.yaml b/.trivyignore.yaml index 38eec387f..b329525da 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -8,7 +8,9 @@ misconfigurations: - "k8s/apps/samba/deployment.yaml" statement: accept hostpath - id: AVD-KSV-0109 - statement: Disable “ConfigMap with secrets” as there are many false positives. + statement: Disable "ConfigMap with secrets" as there are many false positives. +- id: AVD-KSV-01010 + statement: Disable "ConfigMap with sensitive content" as there are many false positives. - id: KSV022 paths: - "k8s/helm/cilium-helm.yaml" diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 1484e5df3..83499f4b0 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -17,14 +17,8 @@ }, spec: { containers: [ - (import '../../components/container.libsonnet') { + std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - securityContext: { - readOnlyRootFilesystem: true, - seccompProfile: { - type: 'RuntimeDefault', - }, - }, image: 'ghcr.io/walnuts1018/walnuts.dev:75ef7965084bd41ceb8bd5781467b1497dcfcf45-361', imagePullPolicy: 'IfNotPresent', ports: [ @@ -70,7 +64,14 @@ mountPath: '/app/.next/cache', }, ], - }, + }, { + securityContext: { + runAsNonRoot: true, + allowPrivilegeEscalation: false, + runAsGroup: 10001, + runAsUser: 10001, + }, + }), ], priorityClassName: 'high', affinity: { From b95bb5d929d54b2623b049e7ea71594bfea3f1dc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:34:47 +0900 Subject: [PATCH 0739/1209] fix: remove unnecessary runAsGroup and runAsUser from deployment security context in walnuts-dev Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 -- 1 file changed, 2 deletions(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 83499f4b0..c741be947 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -68,8 +68,6 @@ securityContext: { runAsNonRoot: true, allowPrivilegeEscalation: false, - runAsGroup: 10001, - runAsUser: 10001, }, }), ], From 6263e0577e11f5fd5d2fcbeb7f88ee1ca6248956 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:37:47 +0900 Subject: [PATCH 0740/1209] fix: add rule to .trivyignore.yaml to require NET_BIND_SERVICE capability in securityContext Signed-off-by: walnuts1018 --- .trivyignore.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.trivyignore.yaml b/.trivyignore.yaml index b329525da..1a670352c 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -15,3 +15,5 @@ misconfigurations: paths: - "k8s/helm/cilium-helm.yaml" statement: accept capabilities.add in cilium +- id: AVD-KSV-0022 + statement: "`NET_BIND_SERVICE` should be added to the capabilities.add list in the securityContext" From ea0546347af83fe239ea1e89f2c225ffc76cb5c6 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:38:40 +0900 Subject: [PATCH 0741/1209] =?UTF-8?q?fix:=20.trivyignore.yaml=E3=81=8B?= =?UTF-8?q?=E3=82=89runAsUser=E3=81=8A=E3=82=88=E3=81=B3runAsGroup?= =?UTF-8?q?=E3=81=AE=E3=83=81=E3=82=A7=E3=83=83=E3=82=AF=E3=82=92=E5=89=8A?= =?UTF-8?q?=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- .trivyignore.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.trivyignore.yaml b/.trivyignore.yaml index 1a670352c..af96a1e2d 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -17,3 +17,7 @@ misconfigurations: statement: accept capabilities.add in cilium - id: AVD-KSV-0022 statement: "`NET_BIND_SERVICE` should be added to the capabilities.add list in the securityContext" +- id: AVD-KSV-0020 + statement: runAsUserのチェックは要らない +- id: AVD-KSV-0021 + statement: runAsGroupのチェックは要らない From 5d9d312e4d988abf5d6a8788018091056537aa95 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 7 Jan 2025 23:39:42 +0900 Subject: [PATCH 0742/1209] =?UTF-8?q?fix:=20.trivyignore.yaml=E3=81=AE?= =?UTF-8?q?=E3=82=B9=E3=83=86=E3=83=BC=E3=83=88=E3=83=A1=E3=83=B3=E3=83=88?= =?UTF-8?q?=E3=82=92=E6=97=A5=E6=9C=AC=E8=AA=9E=E3=81=AB=E7=BF=BB=E8=A8=B3?= =?UTF-8?q?=E3=81=97=E3=80=81=E7=89=B9=E5=AE=9A=E3=81=AE=E3=82=B3=E3=83=B3?= =?UTF-8?q?=E3=83=86=E3=83=8A=E3=81=AB=E9=96=A2=E3=81=99=E3=82=8B=E8=AA=AC?= =?UTF-8?q?=E6=98=8E=E3=82=92=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: walnuts1018 --- .trivyignore.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.trivyignore.yaml b/.trivyignore.yaml index af96a1e2d..98175feae 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -2,11 +2,11 @@ misconfigurations: - id: KSV017 paths: - "k8s/apps/machine-status-api/deployment.yaml" - statement: Accept Privileged + statement: 特定のコンテナはPrivilegedを許可する - id: KSV023 paths: - "k8s/apps/samba/deployment.yaml" - statement: accept hostpath + statement: 特定のコンテナはホストマウントを許可する - id: AVD-KSV-0109 statement: Disable "ConfigMap with secrets" as there are many false positives. - id: AVD-KSV-01010 From 7eb58b22a4d05ad0a027c0ecc8914b2bf63258b1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 7 Jan 2025 23:42:04 +0900 Subject: [PATCH 0743/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v6d39ebf253770ec984db2d5c9491f192ca54b2dc-362 (#1211) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index c741be947..c9172fcfc 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:75ef7965084bd41ceb8bd5781467b1497dcfcf45-361', + image: 'ghcr.io/walnuts1018/walnuts.dev:6d39ebf253770ec984db2d5c9491f192ca54b2dc-362', imagePullPolicy: 'IfNotPresent', ports: [ { From 87905542c5d47f1a823d0461ee41028fd320d5f0 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 00:01:05 +0900 Subject: [PATCH 0744/1209] Update cronjob.jsonnet --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 514497341..26bb18cde 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -7,7 +7,7 @@ labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, }, spec: { - schedule: '*/10 * * * *', + schedule: '*/5 * * * *', concurrencyPolicy: 'Forbid', jobTemplate: { spec: { From fba97f1d66494135dad218ebab83c5d19b493eab Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 00:17:01 +0900 Subject: [PATCH 0745/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to f3fe4c3e639de63a3a1042d3a08019592e9ce2a1-363 (#1212) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index c9172fcfc..d2e8af6a0 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:6d39ebf253770ec984db2d5c9491f192ca54b2dc-362', + image: 'ghcr.io/walnuts1018/walnuts.dev:f3fe4c3e639de63a3a1042d3a08019592e9ce2a1-363', imagePullPolicy: 'IfNotPresent', ports: [ { From e312806d6da0fa0562293fed0808673f295682ec Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 00:17:17 +0900 Subject: [PATCH 0746/1209] chore(deps): update renovate/renovate docker tag to v39.92.1 (#1213) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 26bb18cde..e838fe9f1 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.92.0', + image: 'renovate/renovate:39.92.1', resources: { requests: { memory: '256Mi', From cecc65f44ae81e555fad464caa3274db6b8387f0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 7 Jan 2025 15:51:33 +0000 Subject: [PATCH 0747/1209] chore(deps): update helm release zitadel to v8.11.0 --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 9267be8dd..0e39bacb9 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.9.0', + targetRevision: '8.11.0', values: (importstr 'values.yaml'), } From 44c6ff290e7fa58ba0238ab24e60e8a44d04be0f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 00:52:10 +0900 Subject: [PATCH 0748/1209] chore(deps): update renovate/renovate docker tag to v39.92.2 (#1214) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e838fe9f1..32c33067b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.92.1', + image: 'renovate/renovate:39.92.2', resources: { requests: { memory: '256Mi', From ec805d32b29ff31fd8948e0328d1f32f56dc86bf Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 7 Jan 2025 17:01:23 +0000 Subject: [PATCH 0749/1209] chore(deps): update renovate/renovate docker tag to v39.93.0 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 32c33067b..9d691ce1c 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.92.2', + image: 'renovate/renovate:39.93.0', resources: { requests: { memory: '256Mi', From 4b8337ab8e2fd26eb69160f9cf3aa27a6b310007 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 02:37:10 +0900 Subject: [PATCH 0750/1209] chore(deps): update helm release zitadel to v8.11.1 (#1217) Co-authored-by: Renovate Bot --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 0e39bacb9..8e21f1fb8 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.11.0', + targetRevision: '8.11.1', values: (importstr 'values.yaml'), } From 402660f3e632b60176230e5cd0e69fb081b4918f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 07:16:54 +0900 Subject: [PATCH 0751/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.293.0 (#1218) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 145daeab6..724778758 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.292.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.293.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.3 From 7091f7a4ef138417de0605c31fe406a9536e48aa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 7 Jan 2025 23:21:18 +0000 Subject: [PATCH 0752/1209] chore(deps): update helm release opentelemetry-operator to v0.78.0 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index c3f4d9241..a9de8389b 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.77.0', + targetRevision: '0.78.0', values: (importstr 'values.yaml'), } From 014a5564f6e00d6ded7dd19bc91b93a33f672f08 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 8 Jan 2025 02:36:11 +0000 Subject: [PATCH 0753/1209] chore(deps): update terraform cloudflare to v4.50.0 --- terraform/modules/cloudflare/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/cloudflare/provider.tf b/terraform/modules/cloudflare/provider.tf index 1dd937361..56f9c7170 100644 --- a/terraform/modules/cloudflare/provider.tf +++ b/terraform/modules/cloudflare/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "4.49.1" + version = "4.50.0" } } } From 97480a8a8e74f19cec26b54bd864e955faf3fb5f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 8 Jan 2025 08:06:15 +0000 Subject: [PATCH 0754/1209] chore(deps): update helm release kube-prometheus-stack to v67.9.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index aaf8d5f26..187da7691 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.8.0', + targetRevision: '67.9.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From c21a22a103d96b08b32f0a3391bb1f4350b99126 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 19:27:05 +0900 Subject: [PATCH 0755/1209] chore(deps): update helm release oauth2-proxy to v7.9.1 (#1222) Co-authored-by: Renovate Bot --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 9ceb90114..8de2e5761 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.9.0', + targetRevision: '7.9.1', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From 1c47d60b1474d8411968bff2ea58d37d06334e1f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 19:51:59 +0900 Subject: [PATCH 0756/1209] chore(deps): update renovate/renovate docker tag to v39.93.1 (#1223) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 9d691ce1c..fe2ab2a71 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.93.0', + image: 'renovate/renovate:39.93.1', resources: { requests: { memory: '256Mi', From 118b800a9294c8ae8b38fbe97efde1833bc6f99f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 19:57:27 +0900 Subject: [PATCH 0757/1209] chore(deps): update helm release oauth2-proxy to v7.9.2 (#1224) Co-authored-by: Renovate Bot --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 8de2e5761..30bd5540f 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.9.1', + targetRevision: '7.9.2', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From c37dae5a44bc8296ca3ed7c2d4873f2b8a66f853 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 8 Jan 2025 11:41:10 +0000 Subject: [PATCH 0758/1209] chore(deps): update dependency hashicorp/terraform to v1.10.4 --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 724778758..8f5174e8b 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -11,4 +11,4 @@ registries: ref: v4.293.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 -- name: hashicorp/terraform@v1.10.3 +- name: hashicorp/terraform@v1.10.4 From 4f87088d6f6f4a44e82b820e1e44ff77f2f99cfb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 8 Jan 2025 12:40:03 +0000 Subject: [PATCH 0759/1209] chore(deps): update renovate/renovate docker tag to v39.94.2 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index fe2ab2a71..b7f441db7 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.93.1', + image: 'renovate/renovate:39.94.2', resources: { requests: { memory: '256Mi', From 810cd650d6778d26db22d5f1ba7775caf09c29b5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 22:46:23 +0900 Subject: [PATCH 0760/1209] Update renovate.json5 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 2e86f2494..06a68e4eb 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -70,7 +70,7 @@ automerge: true, }, { - matchPackageNames: ["aquaproj/aqua-registry", "terraform"], + matchPackageNames: ["aquaproj/aqua-registry", "terraform", "renovate/renovate"], automerge: true, }, { From aeb975435ba4ec94392d4389f0b859f874c2bf71 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 8 Jan 2025 22:52:20 +0900 Subject: [PATCH 0761/1209] chore(deps): update renovate/renovate docker tag to v39.95.0 (#1227) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b7f441db7..b8165e6ae 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.94.2', + image: 'renovate/renovate:39.95.0', resources: { requests: { memory: '256Mi', From 2d977910e4b69454f579d566b45b257964703262 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 00:30:59 +0900 Subject: [PATCH 0762/1209] chore(deps): update renovate/renovate docker tag to v39.96.0 (#1228) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b8165e6ae..8bbd5271d 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.95.0', + image: 'renovate/renovate:39.96.0', resources: { requests: { memory: '256Mi', From efb51bef75ec99e690a3486313c598a25ec6259f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 01:06:59 +0900 Subject: [PATCH 0763/1209] chore(deps): update helm release cloudflare-tunnel-operator to v1.0.3 (#1229) Co-authored-by: Renovate Bot --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index da95cb96c..761b184f4 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '1.0.2', + targetRevision: '1.0.3', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From aa3a683458ee7ab5ccb5fcb30c06a2d121b43862 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 01:42:49 +0900 Subject: [PATCH 0764/1209] chore(deps): update actions-runner-controller chart to v0.10.1 and change repo to OCI Signed-off-by: walnuts1018 --- k8s/apps/actions-runner-controller/helm.jsonnet | 11 +++-------- k8s/apps/actions-runner-controller/values.yaml | 3 --- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/k8s/apps/actions-runner-controller/helm.jsonnet b/k8s/apps/actions-runner-controller/helm.jsonnet index ab8b11de5..43eb4c712 100644 --- a/k8s/apps/actions-runner-controller/helm.jsonnet +++ b/k8s/apps/actions-runner-controller/helm.jsonnet @@ -2,12 +2,7 @@ name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, - chart: 'actions-runner-controller', - repoURL: 'https://actions-runner-controller.github.io/actions-runner-controller', - targetRevision: '0.23.7', - valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { - authSecret: { - name: (import 'external-secret.jsonnet').spec.target.name, - }, - }), + ociChartURL: 'ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller', + targetRevision: '0.10.1', + values: (importstr 'values.yaml'), } diff --git a/k8s/apps/actions-runner-controller/values.yaml b/k8s/apps/actions-runner-controller/values.yaml index 5a5c7b049..e69de29bb 100644 --- a/k8s/apps/actions-runner-controller/values.yaml +++ b/k8s/apps/actions-runner-controller/values.yaml @@ -1,3 +0,0 @@ -authSecret: - enabled: true - create: false From e6bd6c15bc35dc1eafd539b8be38852afbb17946 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 01:46:56 +0900 Subject: [PATCH 0765/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to b549d97197c341ea781bb1d6fbc324821540483d-364 (#1230) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index d2e8af6a0..3c0d13871 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:f3fe4c3e639de63a3a1042d3a08019592e9ce2a1-363', + image: 'ghcr.io/walnuts1018/walnuts.dev:b549d97197c341ea781bb1d6fbc324821540483d-364', imagePullPolicy: 'IfNotPresent', ports: [ { From 220ef8f26a508ef0972c743d2f23dd7fd885811a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 01:48:59 +0900 Subject: [PATCH 0766/1209] chore(apps): migrate actions-runner-controller to gha-runner and add helm configuration Signed-off-by: walnuts1018 --- k8s/apps/actions-runner-controller/app.json5 | 4 ---- k8s/apps/gha-runner-controller/app.json5 | 4 ++++ .../helm.jsonnet | 0 .../values.yaml | 0 k8s/apps/gha-runner/app.json5 | 4 ++++ .../external-secret.jsonnet | 0 k8s/apps/gha-runner/helm.jsonnet | 12 ++++++++++++ k8s/apps/gha-runner/values.yaml | 2 ++ 8 files changed, 22 insertions(+), 4 deletions(-) delete mode 100644 k8s/apps/actions-runner-controller/app.json5 create mode 100644 k8s/apps/gha-runner-controller/app.json5 rename k8s/apps/{actions-runner-controller => gha-runner-controller}/helm.jsonnet (100%) rename k8s/apps/{actions-runner-controller => gha-runner-controller}/values.yaml (100%) create mode 100644 k8s/apps/gha-runner/app.json5 rename k8s/apps/{actions-runner-controller => gha-runner}/external-secret.jsonnet (100%) create mode 100644 k8s/apps/gha-runner/helm.jsonnet create mode 100644 k8s/apps/gha-runner/values.yaml diff --git a/k8s/apps/actions-runner-controller/app.json5 b/k8s/apps/actions-runner-controller/app.json5 deleted file mode 100644 index 6e32a21d7..000000000 --- a/k8s/apps/actions-runner-controller/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "actions-runner-controller", - namespace: "actions-runner-controller", -} diff --git a/k8s/apps/gha-runner-controller/app.json5 b/k8s/apps/gha-runner-controller/app.json5 new file mode 100644 index 000000000..64075bb14 --- /dev/null +++ b/k8s/apps/gha-runner-controller/app.json5 @@ -0,0 +1,4 @@ +{ + name: "gha-runner-controller", + namespace: "gha-runner-controller", +} diff --git a/k8s/apps/actions-runner-controller/helm.jsonnet b/k8s/apps/gha-runner-controller/helm.jsonnet similarity index 100% rename from k8s/apps/actions-runner-controller/helm.jsonnet rename to k8s/apps/gha-runner-controller/helm.jsonnet diff --git a/k8s/apps/actions-runner-controller/values.yaml b/k8s/apps/gha-runner-controller/values.yaml similarity index 100% rename from k8s/apps/actions-runner-controller/values.yaml rename to k8s/apps/gha-runner-controller/values.yaml diff --git a/k8s/apps/gha-runner/app.json5 b/k8s/apps/gha-runner/app.json5 new file mode 100644 index 000000000..005bee91c --- /dev/null +++ b/k8s/apps/gha-runner/app.json5 @@ -0,0 +1,4 @@ +{ + name: "gha-runner", + namespace: "gha-runner", +} diff --git a/k8s/apps/actions-runner-controller/external-secret.jsonnet b/k8s/apps/gha-runner/external-secret.jsonnet similarity index 100% rename from k8s/apps/actions-runner-controller/external-secret.jsonnet rename to k8s/apps/gha-runner/external-secret.jsonnet diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet new file mode 100644 index 000000000..e822e480f --- /dev/null +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -0,0 +1,12 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + + ociChartURL: 'ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set', + targetRevision: '0.10.1', + valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { + githubConfigSecret: { + githubConfigSecret: (import 'external-secret.jsonnet').spec.target.name, + }, + }), +} diff --git a/k8s/apps/gha-runner/values.yaml b/k8s/apps/gha-runner/values.yaml new file mode 100644 index 000000000..4d6beda87 --- /dev/null +++ b/k8s/apps/gha-runner/values.yaml @@ -0,0 +1,2 @@ +githubConfigSecret: + githubConfigSecret: From c5b7b5fe18711a8e75fab97a50a9639edec49e66 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 01:49:59 +0900 Subject: [PATCH 0767/1209] chore(gha-runner): update githubConfigSecret to githubConfigUrl for cloudflare-tunnel-operator Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/k8s/apps/gha-runner/values.yaml b/k8s/apps/gha-runner/values.yaml index 4d6beda87..02ecbce40 100644 --- a/k8s/apps/gha-runner/values.yaml +++ b/k8s/apps/gha-runner/values.yaml @@ -1,2 +1 @@ -githubConfigSecret: - githubConfigSecret: +githubConfigUrl: "https://github.com/walnuts1018/cloudflare-tunnel-operator" From 7e188e6e43c0b8f865da0a7dab820e31ae1d883b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 16:50:26 +0000 Subject: [PATCH 0768/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 61d1ef3b1..a3e662f5a 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-tunnel-operator","code-server","databases","default","elasticsearch","external-secrets","fitbit-manager","github-readme-stats","hedgedoc","komga","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-tunnel-operator","code-server","databases","default","elasticsearch","external-secrets","fitbit-manager","gha-runner","gha-runner-controller","github-readme-stats","hedgedoc","komga","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 451cdd2c7c4e74cc7a3294fafdc1aa83a8ff6952 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 01:56:38 +0900 Subject: [PATCH 0769/1209] feat(gha-runner): refactor to use githubConfigUrl and remove values.yaml Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 26 ++++++++++++++++---------- k8s/apps/gha-runner/urls.libsonnet | 3 +++ k8s/apps/gha-runner/values.yaml | 1 - 3 files changed, 19 insertions(+), 11 deletions(-) create mode 100644 k8s/apps/gha-runner/urls.libsonnet delete mode 100644 k8s/apps/gha-runner/values.yaml diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index e822e480f..cf6b0512b 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -1,12 +1,18 @@ -(import '../../components/helm.libsonnet') { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, +local urls = (import 'urls.libsonnet'); +local gen = function(githubConfigUrl) { + (import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, - ociChartURL: 'ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set', - targetRevision: '0.10.1', - valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { - githubConfigSecret: { - githubConfigSecret: (import 'external-secret.jsonnet').spec.target.name, + ociChartURL: 'ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set', + targetRevision: '0.10.1', + valuesObject: { + githubConfigSecret: { + githubConfigSecret: (import 'external-secret.jsonnet').spec.target.name, + }, + githubConfigUrl: githubConfigUrl, }, - }), -} + } +}; + +std.map(gen, urls) diff --git a/k8s/apps/gha-runner/urls.libsonnet b/k8s/apps/gha-runner/urls.libsonnet new file mode 100644 index 000000000..598f49b2e --- /dev/null +++ b/k8s/apps/gha-runner/urls.libsonnet @@ -0,0 +1,3 @@ +[ + 'https://github.com/walnuts1018/cloudflare-tunnel-operator', +] diff --git a/k8s/apps/gha-runner/values.yaml b/k8s/apps/gha-runner/values.yaml deleted file mode 100644 index 02ecbce40..000000000 --- a/k8s/apps/gha-runner/values.yaml +++ /dev/null @@ -1 +0,0 @@ -githubConfigUrl: "https://github.com/walnuts1018/cloudflare-tunnel-operator" From 0532b3ac425177de68d517d792e22e0acde04146 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:01:59 +0900 Subject: [PATCH 0770/1209] feat(gha-runner): update name generation to use md5 hash of githubConfigUrl Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index cf6b0512b..fb4e3ebc1 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -1,7 +1,7 @@ local urls = (import 'urls.libsonnet'); -local gen = function(githubConfigUrl) { +local gen = function(githubConfigUrl) (import '../../components/helm.libsonnet') { - name: (import 'app.json5').name, + name: std.md5(githubConfigUrl), namespace: (import 'app.json5').namespace, ociChartURL: 'ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set', @@ -12,7 +12,6 @@ local gen = function(githubConfigUrl) { }, githubConfigUrl: githubConfigUrl, }, - } -}; + }; std.map(gen, urls) From 7b46a6647021afb21f5a0205d4f7581bd84414a3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:03:34 +0900 Subject: [PATCH 0771/1209] feat(gha-runner): add controller service account configuration to helm.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index fb4e3ebc1..0171d3011 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -11,6 +11,10 @@ local gen = function(githubConfigUrl) githubConfigSecret: (import 'external-secret.jsonnet').spec.target.name, }, githubConfigUrl: githubConfigUrl, + controllerServiceAccount: { + namespace: (import '../gha-runner-controller/app.json5').namespace, + name: (import '../gha-runner-controller/app.json5').name + '-gha-rs-controller', + }, }, }; From a65c57900504b0526e79471ea62bbf4cd30defca Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:04:14 +0900 Subject: [PATCH 0772/1209] feat(namespaces): remove 'actions-runner-controller' from namespaces list Signed-off-by: walnuts1018 --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index a3e662f5a..48a0ab00d 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","actions-runner-controller","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-tunnel-operator","code-server","databases","default","elasticsearch","external-secrets","fitbit-manager","gha-runner","gha-runner-controller","github-readme-stats","hedgedoc","komga","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-tunnel-operator","code-server","databases","default","elasticsearch","external-secrets","fitbit-manager","gha-runner","gha-runner-controller","github-readme-stats","hedgedoc","komga","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 09f30907851948c031f899889e2235c425868a93 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:05:32 +0900 Subject: [PATCH 0773/1209] feat(gha-runner): simplify githubConfigSecret assignment in helm.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index 0171d3011..00298a861 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -7,9 +7,7 @@ local gen = function(githubConfigUrl) ociChartURL: 'ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set', targetRevision: '0.10.1', valuesObject: { - githubConfigSecret: { - githubConfigSecret: (import 'external-secret.jsonnet').spec.target.name, - }, + githubConfigSecret: (import 'external-secret.jsonnet').spec.target.name, githubConfigUrl: githubConfigUrl, controllerServiceAccount: { namespace: (import '../gha-runner-controller/app.json5').namespace, From 4ad834e8ed4dd87e33f53d9f13b0af87b29fb503 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:12:25 +0900 Subject: [PATCH 0774/1209] feat(gha-runner): add network policy configuration for gha-runner-scale-set Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/network-policy.jsonnet | 64 ++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 k8s/apps/gha-runner/network-policy.jsonnet diff --git a/k8s/apps/gha-runner/network-policy.jsonnet b/k8s/apps/gha-runner/network-policy.jsonnet new file mode 100644 index 000000000..f5ea3ae61 --- /dev/null +++ b/k8s/apps/gha-runner/network-policy.jsonnet @@ -0,0 +1,64 @@ +{ + apiVersion: 'networking.k8s.io/v1', + kind: 'NetworkPolicy', + metadata: { + name: (import 'app.json5').name, + }, + spec: { + podSelector: { + matchLabels: { + 'app.kubernetes.io/part-of': 'gha-runner-scale-set', + }, + }, + policyTypes: [ + 'Ingress', + 'Egress', + ], + ingress: [ + { + from: [ + { + namespaceSelector: { + matchLabels: { + 'kubernetes.io/metadata.name': 'kube-system', + }, + }, + podSelector: { + matchLabels: { + 'k8s-app': 'kube-dns', + }, + }, + }, + ], + }, + ], + egress: [ + { + to: [ + { + ipBlock: { + cidr: '0.0.0.0/0', + except: [ + '192.168.0.0/16', + '10.244.0.0/16', + '10.96.0.0/12', + ], + }, + }, + { + namespaceSelector: { + matchLabels: { + 'kubernetes.io/metadata.name': 'kube-system', + }, + }, + podSelector: { + matchLabels: { + 'k8s-app': 'kube-dns', + }, + }, + }, + ], + }, + ], + }, +} From 744986580373c1c33a04a478579a8bb39f4eb14f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:12:41 +0900 Subject: [PATCH 0775/1209] feat(gha-runner): add namespace to network policy metadata Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/network-policy.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/gha-runner/network-policy.jsonnet b/k8s/apps/gha-runner/network-policy.jsonnet index f5ea3ae61..c84941c10 100644 --- a/k8s/apps/gha-runner/network-policy.jsonnet +++ b/k8s/apps/gha-runner/network-policy.jsonnet @@ -3,6 +3,7 @@ kind: 'NetworkPolicy', metadata: { name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, }, spec: { podSelector: { From 3d6f633b1b1577b15afce0cd083905333ea80b3c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 8 Jan 2025 17:16:14 +0000 Subject: [PATCH 0776/1209] chore(deps): update helm release cloudflare-tunnel-operator to v1.1.0 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 761b184f4..7ce27a362 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '1.0.3', + targetRevision: '1.1.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From fc09f1c08ef096c52318e1847dc81e5af8d9dc68 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:30:54 +0900 Subject: [PATCH 0777/1209] feat(cloudflare-tunnel): remove unnecessary label from tunnel configuration Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel/tunnel.jsonnet | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet index b6fbece8c..504b2cb7f 100644 --- a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet +++ b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet @@ -6,7 +6,6 @@ namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name, - 'cf-tunnel-operator.walnuts.dev/default': 'true', }, }, spec: { From 99842a6ef0e5ec31b82cb1074332b6c0e5363c95 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:47:49 +0900 Subject: [PATCH 0778/1209] feat(gha-runner): add container mode configuration with storage settings Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index 00298a861..4d3405825 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -13,6 +13,18 @@ local gen = function(githubConfigUrl) namespace: (import '../gha-runner-controller/app.json5').namespace, name: (import '../gha-runner-controller/app.json5').name + '-gha-rs-controller', }, + containerMode: { + type: 'kubernetes', + kubernetesModeWorkVolumeClaim: { + accessModes: ['ReadWriteOnce'], + storageClassName: 'longhorn', + resources: { + requests: { + storage: '10Gi', + }, + }, + }, + }, }, }; From 4473866faf2b303c6b3edb9f2d1b96bc65a1fc52 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:52:21 +0900 Subject: [PATCH 0779/1209] feat(gha-runner): add runner container configuration to helm template Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index 4d3405825..7272d5da2 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -25,6 +25,23 @@ local gen = function(githubConfigUrl) }, }, }, + template: { + spec: { + containers: [ + { + name: 'runner', + image: 'ghcr.io/actions/actions-runner:latest', + command: ['/home/runner/run.sh'], + env: [ + { + name: 'ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER', + value: 'false', + }, + ], + }, + ], + }, + }, }, }; From f57bb7da00a0dfdcc04de339d199238a4a0b91fd Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:57:42 +0900 Subject: [PATCH 0780/1209] feat(gha-runner): add security context with fsGroup to runner container Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index 7272d5da2..ad5fa0118 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -27,6 +27,9 @@ local gen = function(githubConfigUrl) }, template: { spec: { + securityContext: { + fsGroup: '1001', + }, containers: [ { name: 'runner', From e513247b1bf04f9517e5271e7ef0e92068cfb6d7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 02:58:13 +0900 Subject: [PATCH 0781/1209] feat(gha-runner): update fsGroup in security context to 123 Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index ad5fa0118..e6c014a58 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -28,7 +28,7 @@ local gen = function(githubConfigUrl) template: { spec: { securityContext: { - fsGroup: '1001', + fsGroup: '123', }, containers: [ { From 58a97d6002da1a3b69c60a19c0e5beece4c9c11e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 03:03:03 +0900 Subject: [PATCH 0782/1209] feat(cloudflare-tunnel): add default label for cf-tunnel-operator Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel/tunnel.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet index 504b2cb7f..b6fbece8c 100644 --- a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet +++ b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet @@ -6,6 +6,7 @@ namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name, + 'cf-tunnel-operator.walnuts.dev/default': 'true', }, }, spec: { From 607bb91265726e67299b44018cf01d933e1fb06e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 03:08:28 +0900 Subject: [PATCH 0783/1209] fix(gha-runner): change fsGroup value type from string to integer Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index e6c014a58..2b808878f 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -28,7 +28,7 @@ local gen = function(githubConfigUrl) template: { spec: { securityContext: { - fsGroup: '123', + fsGroup: 123, }, containers: [ { From 00366c2220cc8c1f66ce229705945fdbc88e74ee Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 9 Jan 2025 03:17:16 +0900 Subject: [PATCH 0784/1209] feat(gha-runner): change container mode to 'dind' and remove unnecessary volume claim configuration Signed-off-by: walnuts1018 --- k8s/apps/gha-runner/helm.jsonnet | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) diff --git a/k8s/apps/gha-runner/helm.jsonnet b/k8s/apps/gha-runner/helm.jsonnet index 2b808878f..6615506ae 100644 --- a/k8s/apps/gha-runner/helm.jsonnet +++ b/k8s/apps/gha-runner/helm.jsonnet @@ -14,36 +14,7 @@ local gen = function(githubConfigUrl) name: (import '../gha-runner-controller/app.json5').name + '-gha-rs-controller', }, containerMode: { - type: 'kubernetes', - kubernetesModeWorkVolumeClaim: { - accessModes: ['ReadWriteOnce'], - storageClassName: 'longhorn', - resources: { - requests: { - storage: '10Gi', - }, - }, - }, - }, - template: { - spec: { - securityContext: { - fsGroup: 123, - }, - containers: [ - { - name: 'runner', - image: 'ghcr.io/actions/actions-runner:latest', - command: ['/home/runner/run.sh'], - env: [ - { - name: 'ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER', - value: 'false', - }, - ], - }, - ], - }, + type: 'dind', }, }, }; From e5bff1f06f87026e8a255e24eecc1aaccc370243 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 8 Jan 2025 18:26:56 +0000 Subject: [PATCH 0785/1209] chore(deps): update helm release opentelemetry-operator to v0.78.1 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index a9de8389b..5423616fc 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.78.0', + targetRevision: '0.78.1', values: (importstr 'values.yaml'), } From 8bc2c700127a47fd84c10603c7990711369d6a40 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 03:52:36 +0900 Subject: [PATCH 0786/1209] chore(deps): update renovate/renovate docker tag to v39.96.1 (#1234) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 8bbd5271d..e3aae0d86 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.96.0', + image: 'renovate/renovate:39.96.1', resources: { requests: { memory: '256Mi', From 1f3e12dcd381dc67eea50fffcb20721ef18cc4be Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 07:16:57 +0900 Subject: [PATCH 0787/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v9d1dfe3c2519d8839b15a5079da9b8eba84dceb4-365 (#1235) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 3c0d13871..5423ae730 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:b549d97197c341ea781bb1d6fbc324821540483d-364', + image: 'ghcr.io/walnuts1018/walnuts.dev:9d1dfe3c2519d8839b15a5079da9b8eba84dceb4-365', imagePullPolicy: 'IfNotPresent', ports: [ { From 4f1b48568311a630d80ec72cf1a3b4e28656d68e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 08:00:56 +0900 Subject: [PATCH 0788/1209] chore(deps): update renovate/renovate docker tag to v39.96.2 (#1236) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e3aae0d86..408b5621b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.96.1', + image: 'renovate/renovate:39.96.2', resources: { requests: { memory: '256Mi', From 043a85e0175c2b6311a543003b7f03eb9f3cd733 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 17:14:17 +0900 Subject: [PATCH 0789/1209] chore(deps): update renovate/renovate docker tag to v39.97.0 (#1237) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 408b5621b..fc8880549 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.96.2', + image: 'renovate/renovate:39.97.0', resources: { requests: { memory: '256Mi', From 79793bcbd2c5bcb2b9f64d20d0dd07bc122af6d7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 9 Jan 2025 10:06:06 +0000 Subject: [PATCH 0790/1209] chore(deps): update gotson/komga docker tag to v1.17.0 --- k8s/apps/komga/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet index cd03d2041..aa0e2a6f0 100644 --- a/k8s/apps/komga/statefulset.jsonnet +++ b/k8s/apps/komga/statefulset.jsonnet @@ -20,7 +20,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'komga', - image: 'gotson/komga:1.16.0', + image: 'gotson/komga:1.17.0', resources: { limits: { cpu: '500m', From faf0796146b780704e85cf602fb1eb1824804579 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 20:10:42 +0900 Subject: [PATCH 0791/1209] chore(deps): update renovate/renovate docker tag to v39.98.0 (#1239) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index fc8880549..2fec4ef1e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.97.0', + image: 'renovate/renovate:39.98.0', resources: { requests: { memory: '256Mi', From bc92a6ff57dc0571b830caea624ff23dc768fa12 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 21:22:05 +0900 Subject: [PATCH 0792/1209] chore(deps): update helm release cloudflare-tunnel-operator to v1.1.2 (#1240) Co-authored-by: Renovate Bot --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 7ce27a362..56e0cbd6e 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '1.1.0', + targetRevision: '1.1.2', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From 8beb7df69a683ae84cf5ee2e3e892a3aaed03f6d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 9 Jan 2025 21:35:05 +0900 Subject: [PATCH 0793/1209] Update tunnel.jsonnet --- k8s/apps/cloudflare-tunnel/tunnel.jsonnet | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet index b6fbece8c..504b2cb7f 100644 --- a/k8s/apps/cloudflare-tunnel/tunnel.jsonnet +++ b/k8s/apps/cloudflare-tunnel/tunnel.jsonnet @@ -6,7 +6,6 @@ namespace: (import 'app.json5').namespace, labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name, - 'cf-tunnel-operator.walnuts.dev/default': 'true', }, }, spec: { From b2da395e5fb5fd9c8b351c895d9f4c5436fc73a6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 00:47:17 +0900 Subject: [PATCH 0794/1209] chore(deps): update renovate/renovate docker tag to v39.99.0 (#1241) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 2fec4ef1e..09c9410a7 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.98.0', + image: 'renovate/renovate:39.99.0', resources: { requests: { memory: '256Mi', From 6ea809750437d02886f98f35125428fdaa28d17d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 9 Jan 2025 17:56:08 +0000 Subject: [PATCH 0795/1209] chore(deps): update terraform aws to ~> 5.83.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index eb5c19329..a9ec76602 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.82.0" + version = "~> 5.83.0" } } } From ddf2ddbc07cd7a6a2ba044c17bb8d5c158520506 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 08:16:54 +0900 Subject: [PATCH 0796/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.294.0 (#1243) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 8f5174e8b..67d6fd0b4 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.293.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.294.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From 87ae42e89ad3ff79710de1e1b053bfad95116062 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 11:46:54 +0900 Subject: [PATCH 0797/1209] chore(deps): update renovate/renovate docker tag to v39.100.0 (#1244) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 09c9410a7..7c142926a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.99.0', + image: 'renovate/renovate:39.100.0', resources: { requests: { memory: '256Mi', From 64318ec003d1d9414ae62ce770b08b1c738fe41b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 15:14:26 +0900 Subject: [PATCH 0798/1209] chore(deps): update renovate/renovate docker tag to v39.100.1 (#1245) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 7c142926a..c3e2459dc 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.100.0', + image: 'renovate/renovate:39.100.1', resources: { requests: { memory: '256Mi', From bd9c324c3da434f1113f92fa6e16fef8273a7ae8 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 16:36:52 +0900 Subject: [PATCH 0799/1209] chore(deps): update helm release argo-cd to v7.7.15 (#1246) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index d5a8d01fd..028d8b38a 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.14', + targetRevision: '7.7.15', values: (importstr 'values.yaml'), } From 6b71ef8569b65de3bf84ad2bcc97ef30405ed0d1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 19:46:59 +0900 Subject: [PATCH 0800/1209] chore(deps): update renovate/renovate docker tag to v39.100.2 (#1247) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index c3e2459dc..4b73dcfff 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.100.1', + image: 'renovate/renovate:39.100.2', resources: { requests: { memory: '256Mi', From 5d0754ee8b8a47fa3993288c652d99ef7d8552c5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 21:00:52 +0900 Subject: [PATCH 0801/1209] chore(deps): update renovate/renovate docker tag to v39.101.0 (#1248) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 4b73dcfff..07c6ff4ca 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.100.2', + image: 'renovate/renovate:39.101.0', resources: { requests: { memory: '256Mi', From 1a02f5f35405f1557bfc307c57e702862e466c0c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 21:35:52 +0900 Subject: [PATCH 0802/1209] chore(deps): update renovate/renovate docker tag to v39.102.0 (#1249) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 07c6ff4ca..1a69be12a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.101.0', + image: 'renovate/renovate:39.102.0', resources: { requests: { memory: '256Mi', From c5e461ced728af0a4ecc0a4c8e991d2c8980375e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 21:37:18 +0900 Subject: [PATCH 0803/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.294.1 (#1250) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 67d6fd0b4..e90ad95f8 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.294.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.294.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From 825b4c151020de6df8cc21e24c97841fa30025a4 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 10 Jan 2025 23:22:07 +0900 Subject: [PATCH 0804/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.295.0 (#1251) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index e90ad95f8..5579a7426 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.294.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.295.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From 9dac840899997efd25c2e88d3b87688b34a027c0 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 11 Jan 2025 03:11:59 +0900 Subject: [PATCH 0805/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v94defab8916b03f43a2f746feba54602aa9ff01c-366 (#1252) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 5423ae730..f2a6afce8 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:9d1dfe3c2519d8839b15a5079da9b8eba84dceb4-365', + image: 'ghcr.io/walnuts1018/walnuts.dev:94defab8916b03f43a2f746feba54602aa9ff01c-366', imagePullPolicy: 'IfNotPresent', ports: [ { From d01d4c0b969ea25b1fd6e4682437edd3f279356d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 11 Jan 2025 03:46:56 +0900 Subject: [PATCH 0806/1209] chore(deps): update renovate/renovate docker tag to v39.103.0 (#1253) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 1a69be12a..b967cb904 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.102.0', + image: 'renovate/renovate:39.103.0', resources: { requests: { memory: '256Mi', From eef64612fdde1572c48ce9fb11e08ab6df7091a6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 10 Jan 2025 20:51:16 +0000 Subject: [PATCH 0807/1209] chore(deps): update helm release prometheus-snmp-exporter to v6 --- k8s/apps/snmp-exporter/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/snmp-exporter/helm.jsonnet b/k8s/apps/snmp-exporter/helm.jsonnet index 64631bf39..c24186308 100644 --- a/k8s/apps/snmp-exporter/helm.jsonnet +++ b/k8s/apps/snmp-exporter/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'prometheus-snmp-exporter', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '5.6.0', + targetRevision: '6.0.0', values: (importstr 'values.yaml'), } From ef7d5d6660d32db347bca6759449c543c1ee6e6a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 11 Jan 2025 07:32:05 +0900 Subject: [PATCH 0808/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.295.1 (#1255) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 5579a7426..45af78337 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.295.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.295.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From 2c49e87fc7b4257bb47231e7d73310f17a791c89 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 11 Jan 2025 10:51:15 +0000 Subject: [PATCH 0809/1209] chore(deps): update helm release kube-prometheus-stack to v67.10.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 187da7691..76d62d89c 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.9.0', + targetRevision: '67.10.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From e3d05c1e4ca6a6b2fe71e51b3d37b0780a5ad826 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 11 Jan 2025 23:14:32 +0900 Subject: [PATCH 0810/1209] chore(deps): update renovate/renovate docker tag to v39.104.1 (#1257) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b967cb904..0802626de 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.103.0', + image: 'renovate/renovate:39.104.1', resources: { requests: { memory: '256Mi', From c405f8173bd18bce2a985beec62764dc93cb39e1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 12 Jan 2025 02:05:54 +0900 Subject: [PATCH 0811/1209] chore(deps): update renovate/renovate docker tag to v39.104.2 (#1258) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0802626de..912f70e1d 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.104.1', + image: 'renovate/renovate:39.104.2', resources: { requests: { memory: '256Mi', From 072be9d67eb4d2259deb6ee8b06c7c41c11deab8 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 12 Jan 2025 02:40:30 +0900 Subject: [PATCH 0812/1209] chore(deps): update renovate/renovate docker tag to v39.104.3 (#1259) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 912f70e1d..5c9b2b052 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.104.2', + image: 'renovate/renovate:39.104.3', resources: { requests: { memory: '256Mi', From 4b9a30b37a3349c9a3e92cf1835517aba466c778 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 12 Jan 2025 03:40:58 +0900 Subject: [PATCH 0813/1209] feat(renovate): add CPU resource requests and limits to cronjob configuration Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 8bbd5271d..31d26e7c4 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -24,9 +24,11 @@ image: 'renovate/renovate:39.96.0', resources: { requests: { + cpu: '500m', memory: '256Mi', }, limits: { + cpu: '500m', memory: '2Gi', }, }, From 73b0df3ea7cec72953ddacd03913673459eab2f2 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 12 Jan 2025 07:23:03 +0900 Subject: [PATCH 0814/1209] chore(deps): update renovate/renovate docker tag to v39.105.0 (#1260) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b0d394da4..2c596af44 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.104.3', + image: 'renovate/renovate:39.105.0', resources: { requests: { cpu: '500m', From fc6f44c26d80f1e3193df8a7fcd93c6f82e7e712 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 12 Jan 2025 07:58:15 +0900 Subject: [PATCH 0815/1209] chore(deps): update renovate/renovate docker tag to v39.105.1 (#1261) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 2c596af44..0f202820b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.105.0', + image: 'renovate/renovate:39.105.1', resources: { requests: { cpu: '500m', From 858e8eaa6d56cc3f1d7aaf7fe220a93f5e3b195b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 12 Jan 2025 06:32:18 +0000 Subject: [PATCH 0816/1209] chore(deps): update helm release redis-operator to v0.19.0 --- k8s/apps/redis-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/redis-operator/helm.jsonnet b/k8s/apps/redis-operator/helm.jsonnet index c3d85ccb8..32ad86f39 100644 --- a/k8s/apps/redis-operator/helm.jsonnet +++ b/k8s/apps/redis-operator/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'redis-operator', repoURL: 'https://ot-container-kit.github.io/helm-charts/', - targetRevision: '0.18.5', + targetRevision: '0.19.0', values: (importstr 'values.yaml'), } From 6fb9e51a2b73f7ef6e7f927df3ba6fcefc4112c0 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 12 Jan 2025 22:33:03 +0900 Subject: [PATCH 0817/1209] chore(deps): update renovate/renovate docker tag to v39.106.0 (#1263) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0f202820b..bd933a8d0 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.105.1', + image: 'renovate/renovate:39.106.0', resources: { requests: { cpu: '500m', From 6e7a09078f26441ef0b669ebb190a587b4c376dc Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Jan 2025 11:09:36 +0000 Subject: [PATCH 0818/1209] chore(deps): update helm release opentelemetry-operator to v0.78.2 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index 5423616fc..c6095e177 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.78.1', + targetRevision: '0.78.2', values: (importstr 'values.yaml'), } From 248fb79cba324fe4c9c08f79cd6b5576b53e1c11 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 14 Jan 2025 20:09:47 +0900 Subject: [PATCH 0819/1209] chore(deps): update helm release argo-cd to v7.7.16 (#1265) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 028d8b38a..17f518305 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.15', + targetRevision: '7.7.16', values: (importstr 'values.yaml'), } From 741eb1159023b9ade464a3dac301ca77961bb1a1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Jan 2025 11:09:49 +0000 Subject: [PATCH 0820/1209] chore(deps): update helm release redis-operator to v0.19.1 --- k8s/apps/redis-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/redis-operator/helm.jsonnet b/k8s/apps/redis-operator/helm.jsonnet index 32ad86f39..ddf98572b 100644 --- a/k8s/apps/redis-operator/helm.jsonnet +++ b/k8s/apps/redis-operator/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'redis-operator', repoURL: 'https://ot-container-kit.github.io/helm-charts/', - targetRevision: '0.19.0', + targetRevision: '0.19.1', values: (importstr 'values.yaml'), } From 47b6bd165f4f17a686e7aedc7bebc36a0156a779 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Jan 2025 11:10:05 +0000 Subject: [PATCH 0821/1209] chore(deps): update debian docker tag to v12.9 --- k8s/apps/samba-backup/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/samba-backup/cronjob.jsonnet b/k8s/apps/samba-backup/cronjob.jsonnet index fdaf10802..330215adb 100644 --- a/k8s/apps/samba-backup/cronjob.jsonnet +++ b/k8s/apps/samba-backup/cronjob.jsonnet @@ -17,7 +17,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'samba-backup', - image: 'debian:12.8', + image: 'debian:12.9', command: [ 'sh', '/backup.sh', From 9d43644b4e625b231bda79fe8ed4fbce965c70ee Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Jan 2025 11:10:08 +0000 Subject: [PATCH 0822/1209] chore(deps): update helm release kube-prometheus-stack to v67.11.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 76d62d89c..35f14eb09 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.10.0', + targetRevision: '67.11.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From ba3e292bb0065e83099905928a07f1bf6d03e4f3 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 14 Jan 2025 20:10:46 +0900 Subject: [PATCH 0823/1209] chore(deps): update helm release zitadel to v8.11.2 (#1268) Co-authored-by: Renovate Bot --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index 8e21f1fb8..f74920738 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.11.1', + targetRevision: '8.11.2', values: (importstr 'values.yaml'), } From 9691a55e0c0d9f79297dd8c58c750d27274e19d5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 14 Jan 2025 20:13:30 +0900 Subject: [PATCH 0824/1209] chore(deps): update renovate/renovate docker tag to v39.107.0 (#1271) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index bd933a8d0..32660aa10 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.106.0', + image: 'renovate/renovate:39.107.0', resources: { requests: { cpu: '500m', From 4ef1125c1519ba8683b299948af3f261aed9aa39 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Jan 2025 11:13:34 +0000 Subject: [PATCH 0825/1209] chore(deps): update helm release kube-prometheus-stack to v68 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 76d62d89c..4aa1eadd2 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '67.10.0', + targetRevision: '68.1.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From dc74c8bace6dfde5c86a0ef8f61a926257f114af Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 14 Jan 2025 20:28:58 +0900 Subject: [PATCH 0826/1209] feat(renovate): add disk-cleaner init container to cronjob for cache management Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b0d394da4..3d781bd5e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -18,6 +18,23 @@ fsGroupChangePolicy: 'OnRootMismatch', }, restartPolicy: 'Never', + initContainers: [ + (import '../../components/container.libsonnet') { + name: 'disk-cleaner', + image: 'busybox:1.36.1', + command: [ + 'sh', + '-c', + 'df --output=target,pcent | awk \'{if( $1 == "/tmp/renovate" && $2 > 75 ){ system("rm -rf /tmp/renovate/cache") }}\'', + ], + volumeMounts: [ + { + name: 'renovate', + mountPath: '/tmp/renovate', + }, + ], + }, + ], containers: [ (import '../../components/container.libsonnet') { name: 'renovate', From ce02d33c91989de75f5376f83b74969358d015d8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 14 Jan 2025 20:34:19 +0900 Subject: [PATCH 0827/1209] feat(renovate): update disk-cleaner init container image to debian:12.9-slim Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 1c2a42f7a..56afed6be 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ initContainers: [ (import '../../components/container.libsonnet') { name: 'disk-cleaner', - image: 'busybox:1.36.1', + image: ' debian:12.9-slim', command: [ 'sh', '-c', From 5ec1f772e915353a0e401214edd02ef4539e85fb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 14 Jan 2025 20:35:26 +0900 Subject: [PATCH 0828/1209] fix(renovate): remove leading space from disk-cleaner init container image Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 56afed6be..939f23c65 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -21,7 +21,7 @@ initContainers: [ (import '../../components/container.libsonnet') { name: 'disk-cleaner', - image: ' debian:12.9-slim', + image: 'debian:12.9-slim', command: [ 'sh', '-c', From 281c2e8d2a8dc2b34de135d60ff4d36ad5d8d6cc Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 14 Jan 2025 20:41:38 +0900 Subject: [PATCH 0829/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.296.0 (#1274) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 45af78337..54f6b08fa 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.295.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.296.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From defad003c3410965cdba5e9049885ebb96fad95e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 14 Jan 2025 20:45:03 +0900 Subject: [PATCH 0830/1209] chore(deps): update github.com/go-playground/validator/v10 Signed-off-by: walnuts1018 --- scripts/infrautil/go.mod | 38 +++++++++---------- scripts/infrautil/go.sum | 82 ++++++++++++++++++++-------------------- 2 files changed, 59 insertions(+), 61 deletions(-) diff --git a/scripts/infrautil/go.mod b/scripts/infrautil/go.mod index b4489da14..933b844d3 100644 --- a/scripts/infrautil/go.mod +++ b/scripts/infrautil/go.mod @@ -3,7 +3,7 @@ module github.com/walnuts1018/infra/scripts/infrautil go 1.23.4 require ( - github.com/go-playground/validator/v10 v10.23.0 + github.com/go-playground/validator/v10 v10.24.0 github.com/google/go-jsonnet v0.20.0 github.com/google/subcommands v1.2.0 github.com/phsym/console-slog v0.3.1 @@ -19,7 +19,7 @@ require ( require ( dario.cat/mergo v1.0.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect - github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect + github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/BurntSushi/toml v1.4.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -31,16 +31,16 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.3 // indirect - github.com/containerd/containerd v1.7.24 // indirect + github.com/containerd/containerd v1.7.25 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect - github.com/cyphar/filepath-securejoin v0.3.6 // indirect + github.com/cyphar/filepath-securejoin v0.4.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v27.4.1+incompatible // indirect + github.com/docker/cli v27.5.0+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v27.4.1+incompatible // indirect + github.com/docker/docker v27.5.0+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect @@ -50,7 +50,7 @@ require ( github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.7 // indirect + github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/go-errors/errors v1.5.1 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -61,7 +61,7 @@ require ( github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/goccy/go-yaml v1.15.11 // indirect + github.com/goccy/go-yaml v1.15.13 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect @@ -88,7 +88,7 @@ require ( github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.9.0 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -96,7 +96,7 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/spdystream v0.5.0 // indirect - github.com/moby/term v0.5.0 // indirect + github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect @@ -127,16 +127,16 @@ require ( go.opentelemetry.io/otel v1.33.0 // indirect go.opentelemetry.io/otel/metric v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect - golang.org/x/crypto v0.31.0 // indirect - golang.org/x/net v0.33.0 // indirect - golang.org/x/oauth2 v0.24.0 // indirect - golang.org/x/sys v0.28.0 // indirect - golang.org/x/term v0.27.0 // indirect + golang.org/x/crypto v0.32.0 // indirect + golang.org/x/net v0.34.0 // indirect + golang.org/x/oauth2 v0.25.0 // indirect + golang.org/x/sys v0.29.0 // indirect + golang.org/x/term v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.8.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect - google.golang.org/grpc v1.69.2 // indirect - google.golang.org/protobuf v1.36.0 // indirect + golang.org/x/time v0.9.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect + google.golang.org/grpc v1.69.4 // indirect + google.golang.org/protobuf v1.36.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect k8s.io/api v0.32.0 // indirect diff --git a/scripts/infrautil/go.sum b/scripts/infrautil/go.sum index bfd8a1d7a..a796ad929 100644 --- a/scripts/infrautil/go.sum +++ b/scripts/infrautil/go.sum @@ -4,8 +4,8 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= @@ -46,10 +46,10 @@ github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnT github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.24 h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA= -github.com/containerd/containerd v1.7.24/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= -github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= -github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/containerd v1.7.25 h1:khEQOAXOEJalRO228yzVsuASLH42vT7DIo9Ss+9SMFQ= +github.com/containerd/containerd v1.7.25/go.mod h1:tWfHzVI0azhw4CT2vaIjsb2CoV4LJ9PrMPaULAr21Ok= +github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII= +github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= @@ -61,8 +61,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= -github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.4.0 h1:PioTG9TBRSApBpYGnDU8HC+miIsX8vitBH9LGNNMoLQ= +github.com/cyphar/filepath-securejoin v0.4.0/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -73,12 +73,12 @@ github.com/distribution/distribution/v3 v3.0.0-beta.1 h1:X+ELTxPuZ1Xe5MsD3kp2wfG github.com/distribution/distribution/v3 v3.0.0-beta.1/go.mod h1:O9O8uamhHzWWQVTjuQpyYUVm/ShPHPUDgvQMpHGVBDs= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v27.4.1+incompatible h1:VzPiUlRJ/xh+otB75gva3r05isHMo5wXDfPRi5/b4hI= -github.com/docker/cli v27.4.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvDaFkLctbGM= +github.com/docker/cli v27.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v27.4.1+incompatible h1:ZJvcY7gfwHn1JF48PfbyXg7Jyt9ZCWDW+GGXOIxEwp4= -github.com/docker/docker v27.4.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.5.0+incompatible h1:um++2NcQtGRTz5eEgO6aJimo6/JxrTXC941hd05JO6U= +github.com/docker/docker v27.5.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -105,8 +105,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA= -github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU= +github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= +github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= @@ -131,8 +131,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o= -github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg= +github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -140,8 +140,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/goccy/go-yaml v1.15.11 h1:XeEd/2INF0TXXWMzJ9ALqJLGjGDl4PIi1gmrK+7KpAs= -github.com/goccy/go-yaml v1.15.11/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= +github.com/goccy/go-yaml v1.15.13 h1:Xd87Yddmr2rC1SLLTm2MNDcTjeO/GYo0JGiww6gSTDg= +github.com/goccy/go-yaml v1.15.13/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -233,9 +233,8 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= @@ -259,8 +258,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= -github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= -github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= +github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -412,8 +411,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= @@ -424,10 +423,10 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -443,18 +442,17 @@ golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -468,12 +466,12 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U= google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= -google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= -google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= +google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A= +google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= +google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 78d2d6ccdbdfb322bec120ac39b68fa44888b199 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Jan 2025 13:52:12 +0000 Subject: [PATCH 0831/1209] chore(deps): update helm release oauth2-proxy to v7.10.0 --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 30bd5540f..78a88b9b3 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.9.2', + targetRevision: '7.10.0', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From f45dc7ea895435e10ab07ae55f8059d9158ad5f9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Jan 2025 13:52:20 +0000 Subject: [PATCH 0832/1209] chore(deps): update helm release tempo to v1.17.0 --- k8s/apps/tempo/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet index 13e5638ae..6a2d28675 100644 --- a/k8s/apps/tempo/helm.jsonnet +++ b/k8s/apps/tempo/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'tempo', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '1.16.0', + targetRevision: '1.17.0', values: (importstr 'values.yaml'), } From c6512c9e8633cfecdbcc61a9524cac7086aab0c2 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 14 Jan 2025 22:57:42 +0900 Subject: [PATCH 0833/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v4c9042bba579ffd7fcef702392b627f43a36bf99-368 (#1277) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index f2a6afce8..16c006779 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:94defab8916b03f43a2f746feba54602aa9ff01c-366', + image: 'ghcr.io/walnuts1018/walnuts.dev:4c9042bba579ffd7fcef702392b627f43a36bf99-368', imagePullPolicy: 'IfNotPresent', ports: [ { From e9176c97a20cb6c4a91dc942e6436a60cd07d778 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Jan 2025 17:57:16 +0000 Subject: [PATCH 0834/1209] chore(deps): update helm release cloudflare-tunnel-operator to v1.2.0 --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 56e0cbd6e..9f7285f10 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '1.1.2', + targetRevision: '1.2.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From 2ae2c94d465c093d9c046652b31aea070254ffae Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 15 Jan 2025 03:19:57 +0900 Subject: [PATCH 0835/1209] feat(helm): enable inclusion of CRDs in Helm client Signed-off-by: walnuts1018 --- scripts/infrautil/lib/helm.go | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/infrautil/lib/helm.go b/scripts/infrautil/lib/helm.go index 3d12d4b19..6dd993797 100644 --- a/scripts/infrautil/lib/helm.go +++ b/scripts/infrautil/lib/helm.go @@ -43,6 +43,7 @@ func NewHelmClient() (*HelmClient, error) { client.DryRunOption = "true" client.Replace = true client.ClientOnly = true + client.IncludeCRDs = true return &HelmClient{ cfg: cfg, From 2858bbc4eac3dc731694aa27cd9750a9e087d442 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 15 Jan 2025 07:32:40 +0900 Subject: [PATCH 0836/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v9e602e4e54e528da92e8ff1357aceaf2d97bb71b-369 (#1279) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 16c006779..74266cb3b 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:4c9042bba579ffd7fcef702392b627f43a36bf99-368', + image: 'ghcr.io/walnuts1018/walnuts.dev:9e602e4e54e528da92e8ff1357aceaf2d97bb71b-369', imagePullPolicy: 'IfNotPresent', ports: [ { From de98381941c5196eebcd8924ef11dec0e2bbf92b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 15 Jan 2025 07:57:11 +0000 Subject: [PATCH 0837/1209] chore(deps): update gotson/komga docker tag to v1.18.0 --- k8s/apps/komga/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet index aa0e2a6f0..5ef3c8965 100644 --- a/k8s/apps/komga/statefulset.jsonnet +++ b/k8s/apps/komga/statefulset.jsonnet @@ -20,7 +20,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'komga', - image: 'gotson/komga:1.17.0', + image: 'gotson/komga:1.18.0', resources: { limits: { cpu: '500m', From 80da26f45889729bdd1ba1cb0bbdf49b2481f537 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 15 Jan 2025 18:44:05 +0900 Subject: [PATCH 0838/1209] add k8sobjects Signed-off-by: walnuts1018 --- .../cluster-role.jsonnet | 12 ++++++++ .../collectors/deployment.jsonnet | 28 +++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/cluster-role.jsonnet b/k8s/apps/opentelemetry-collectors/cluster-role.jsonnet index 6ef9a2425..2efaa80a5 100644 --- a/k8s/apps/opentelemetry-collectors/cluster-role.jsonnet +++ b/k8s/apps/opentelemetry-collectors/cluster-role.jsonnet @@ -131,6 +131,18 @@ 'watch', ], }, + { + apiGroups: [ + 'events.k8s.io', + ], + resources: [ + 'events', + ], + verbs: [ + 'list', + 'watch', + ], + }, { nonResourceURLs: [ '/metrics', diff --git a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet index fe7f36544..52e3eccff 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet @@ -27,6 +27,21 @@ std.mergePatch((import '_base.libsonnet'), { }, }, }, + k8sobjects: { + auth_type: 'serviceAccount', + objects: [ + { + name: 'pods', + mode: 'pull', + interval: '15m', + }, + { + name: 'events', + mode: 'watch', + group: 'events.k8s.io', + }, + ], + }, }, processors: { memory_limiter: { @@ -95,6 +110,19 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, + logs: { + receivers: [ + 'k8sobjects', + ], + processors: [ + 'memory_limiter', + 'batch', + 'k8sattributes', + ], + exporters: [ + 'otlp/default', + ], + }, }, }, }, From 40c94020a497b911e7eac48761f7609f4ff1d92f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 15 Jan 2025 18:48:26 +0900 Subject: [PATCH 0839/1209] chore(deps): update renovate/renovate docker tag to v39.107.1 (#1281) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 939f23c65..29b46c661 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.107.0', + image: 'renovate/renovate:39.107.1', resources: { requests: { cpu: '500m', From acde36c93a028288eff69ff61448b0c883c57b2b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 15 Jan 2025 19:18:00 +0900 Subject: [PATCH 0840/1209] chore(deps): update renovate/renovate docker tag to v39.107.2 (#1282) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 29b46c661..548fc8601 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.107.1', + image: 'renovate/renovate:39.107.2', resources: { requests: { cpu: '500m', From a089c368ce2ad31d3cd24a0c4c24851b17ed3722 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 15 Jan 2025 23:23:04 +0900 Subject: [PATCH 0841/1209] chore(deps): update helm release oauth2-proxy to v7.10.2 (#1283) Co-authored-by: Renovate Bot --- k8s/components/oauth2-proxy/helm.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/components/oauth2-proxy/helm.libsonnet b/k8s/components/oauth2-proxy/helm.libsonnet index 78a88b9b3..0800de6de 100644 --- a/k8s/components/oauth2-proxy/helm.libsonnet +++ b/k8s/components/oauth2-proxy/helm.libsonnet @@ -10,7 +10,7 @@ namespace: error 'namespace is required', chart: 'oauth2-proxy', repoURL: 'https://oauth2-proxy.github.io/manifests', - targetRevision: '7.10.0', + targetRevision: '7.10.2', values: '', valuesObject: std.mergePatch((import 'values.libsonnet') { upstream: $.upstream, From c664e424a8f94e71a97e072bdc02a2f8dd858653 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 15 Jan 2025 15:32:12 +0000 Subject: [PATCH 0842/1209] chore(deps): update helm release tempo to v1.18.0 --- k8s/apps/tempo/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet index 6a2d28675..7fb4660a8 100644 --- a/k8s/apps/tempo/helm.jsonnet +++ b/k8s/apps/tempo/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'tempo', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '1.17.0', + targetRevision: '1.18.0', values: (importstr 'values.yaml'), } From 2a6972b79d3d2d96100a6935c9ef068324074a40 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 15 Jan 2025 21:32:05 +0000 Subject: [PATCH 0843/1209] fix(deps): update module helm.sh/helm/v3 to v3.17.0 --- scripts/infrautil/go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/infrautil/go.mod b/scripts/infrautil/go.mod index 933b844d3..92bf765af 100644 --- a/scripts/infrautil/go.mod +++ b/scripts/infrautil/go.mod @@ -12,7 +12,7 @@ require ( github.com/yosuke-furukawa/json5 v0.1.1 golang.org/x/sync v0.10.0 gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.16.4 + helm.sh/helm/v3 v3.17.0 sigs.k8s.io/yaml v1.4.0 ) From b63d318de135a2de92ef04ae352d68d7cd59a7c1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 16 Jan 2025 16:17:57 +0900 Subject: [PATCH 0844/1209] chore(deps): update helm release kube-prometheus-stack to v68.1.1 (#1286) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 4aa1eadd2..dd84ca25e 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.1.0', + targetRevision: '68.1.1', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From afd1c8599f96ee55bad7820f9b477c97f185b15b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:10:09 +0900 Subject: [PATCH 0845/1209] feat(opentelemetry): add transform configuration for error handling and logging Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 31931ab4e..646196ce3 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -132,6 +132,21 @@ std.mergePatch((import '_base.libsonnet'), { timeout: '15s', override: false, }, + transform: { + error_mode: 'ignore', + log_statements: [ + { + context: 'log', + conditions: [ + "IsMatch(resource.attributes['k8s_namespace_name'], 'cloudflare-tunnel-operator')", + ], + statements: [ + "merge_maps(cache, ParseJSON(body), 'upsert') where IsMatch(body, '^\\{')", + "set(attributes['controllerGroup'], cache['controllerGroup'])", + ], + }, + ], + }, }, exporters: { 'otlp/default': { @@ -161,6 +176,7 @@ std.mergePatch((import '_base.libsonnet'), { logs: { receivers: [ 'filelog', + 'transform', ], processors: [ 'memory_limiter', From bc705bea271f60d9e5d948d5c26f599901332078 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:14:59 +0900 Subject: [PATCH 0846/1209] fix(opentelemetry): correct string quotes in daemonset configuration Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/daemonset.jsonnet | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 646196ce3..84c8868da 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -138,11 +138,11 @@ std.mergePatch((import '_base.libsonnet'), { { context: 'log', conditions: [ - "IsMatch(resource.attributes['k8s_namespace_name'], 'cloudflare-tunnel-operator')", + 'IsMatch(resource.attributes["k8s_namespace_name"], "cloudflare-tunnel-operator")', ], statements: [ - "merge_maps(cache, ParseJSON(body), 'upsert') where IsMatch(body, '^\\{')", - "set(attributes['controllerGroup'], cache['controllerGroup'])", + 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\{")', + 'set(attributes["controllerGroup"], cache["controllerGroup"])', ], }, ], From 1f68f99c8350ada3be912c940dcd193754d6a132 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:17:32 +0900 Subject: [PATCH 0847/1209] fix(opentelemetry): escape backslash in IsMatch regex for JSON parsing Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 84c8868da..41e4ec092 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -141,7 +141,7 @@ std.mergePatch((import '_base.libsonnet'), { 'IsMatch(resource.attributes["k8s_namespace_name"], "cloudflare-tunnel-operator")', ], statements: [ - 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\{")', + 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', 'set(attributes["controllerGroup"], cache["controllerGroup"])', ], }, From c5068ae25fee93a479d3049ebbb00f38d34b997d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:18:45 +0900 Subject: [PATCH 0848/1209] fix(opentelemetry): add 'transform' processor to logs in daemonset configuration Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 41e4ec092..3052946b1 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -176,12 +176,12 @@ std.mergePatch((import '_base.libsonnet'), { logs: { receivers: [ 'filelog', - 'transform', ], processors: [ 'memory_limiter', 'batch', 'k8sattributes', + 'transform', ], exporters: [ 'otlp/default', From 3f19b6ac416d4f18af8d0155eaa223e5f4fb30ca Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:29:37 +0900 Subject: [PATCH 0849/1209] fix(opentelemetry): comment out conditions for log statements in daemonset configuration Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/daemonset.jsonnet | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 3052946b1..2eeb2c411 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -137,9 +137,9 @@ std.mergePatch((import '_base.libsonnet'), { log_statements: [ { context: 'log', - conditions: [ - 'IsMatch(resource.attributes["k8s_namespace_name"], "cloudflare-tunnel-operator")', - ], + // conditions: [ + // 'IsMatch(resource.attributes["k8s_namespace_name"], "cloudflare-tunnel-operator")', + // ], statements: [ 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', 'set(attributes["controllerGroup"], cache["controllerGroup"])', From 382e121613df1fe22ac085157e11fd234a10f51f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:32:02 +0900 Subject: [PATCH 0850/1209] fix(opentelemetry): update log conditions in daemonset configuration Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/daemonset.jsonnet | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 2eeb2c411..2d9330adc 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -137,9 +137,9 @@ std.mergePatch((import '_base.libsonnet'), { log_statements: [ { context: 'log', - // conditions: [ - // 'IsMatch(resource.attributes["k8s_namespace_name"], "cloudflare-tunnel-operator")', - // ], + conditions: [ + 'IsMatch(attributes["k8s_namespace_name"], "cloudflare-tunnel-operator")', + ], statements: [ 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', 'set(attributes["controllerGroup"], cache["controllerGroup"])', From a062daa7a6762e3d4e4ca662ccf00be703e68ab9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:35:29 +0900 Subject: [PATCH 0851/1209] fix(opentelemetry): update log condition to use correct attribute name in daemonset configuration Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 2d9330adc..0207068c8 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -138,7 +138,7 @@ std.mergePatch((import '_base.libsonnet'), { { context: 'log', conditions: [ - 'IsMatch(attributes["k8s_namespace_name"], "cloudflare-tunnel-operator")', + 'IsMatch(attributes["k8s.namespace.name"], "cloudflare-tunnel-operator")', ], statements: [ 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', From 8e3d57135eaaf1936e1c508149788bf5b0ab4388 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:37:19 +0900 Subject: [PATCH 0852/1209] fix(opentelemetry): correct attribute reference in log condition for daemonset configuration Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 0207068c8..3690a533c 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -138,7 +138,7 @@ std.mergePatch((import '_base.libsonnet'), { { context: 'log', conditions: [ - 'IsMatch(attributes["k8s.namespace.name"], "cloudflare-tunnel-operator")', + 'IsMatch(resource.attributes["k8s.namespace.name"], "cloudflare-tunnel-operator")', ], statements: [ 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', From c4a060b7967d6b428197cfbddc057a49a9154d67 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 17:45:28 +0900 Subject: [PATCH 0853/1209] fix(opentelemetry): simplify log statements by removing conditions and updating merge logic in daemonset configuration Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/daemonset.jsonnet | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 3690a533c..02633ec89 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -137,12 +137,8 @@ std.mergePatch((import '_base.libsonnet'), { log_statements: [ { context: 'log', - conditions: [ - 'IsMatch(resource.attributes["k8s.namespace.name"], "cloudflare-tunnel-operator")', - ], statements: [ - 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', - 'set(attributes["controllerGroup"], cache["controllerGroup"])', + 'merge_maps(attributes, ParseJSON(body), "insert") where IsMatch(body, "^\\\\{")', ], }, ], From d59c2047e47b5e7690972f2104c0611329b1b222 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 18:00:13 +0900 Subject: [PATCH 0854/1209] fix(opentelemetry): update log statements to use cache for merging and setting body in daemonset configuration Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/daemonset.jsonnet | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 02633ec89..2ae8acdaf 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -138,7 +138,9 @@ std.mergePatch((import '_base.libsonnet'), { { context: 'log', statements: [ - 'merge_maps(attributes, ParseJSON(body), "insert") where IsMatch(body, "^\\\\{")', + 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', + 'set(body, cache["msg"])', + 'merge_maps(attributes, cache, "insert")', ], }, ], From e1da0dd9be1d4dbe11e79dbcd96ce555de0caccc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 18:05:52 +0900 Subject: [PATCH 0855/1209] fix(opentelemetry): remove 'msg' key from cache before setting body in daemonset configuration Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 2ae8acdaf..e1d9f11c6 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -139,6 +139,7 @@ std.mergePatch((import '_base.libsonnet'), { context: 'log', statements: [ 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', + 'delete_key(cache, "msg")', 'set(body, cache["msg"])', 'merge_maps(attributes, cache, "insert")', ], From 23b9cb2bc779c146340aa8ca445c813be87d3dee Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 18:14:46 +0900 Subject: [PATCH 0856/1209] fix(opentelemetry): reorder 'delete_key' and 'set' statements for cache in daemonset configuration Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index e1d9f11c6..8e79a863d 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -139,8 +139,8 @@ std.mergePatch((import '_base.libsonnet'), { context: 'log', statements: [ 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', - 'delete_key(cache, "msg")', 'set(body, cache["msg"])', + 'delete_key(cache, "msg")', 'merge_maps(attributes, cache, "insert")', ], }, From 3985b1f22d586e8ede896c5461f1ada3310adc5c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 18:24:37 +0900 Subject: [PATCH 0857/1209] fix(opentelemetry): update log statements to merge attributes and set body in daemonset configuration Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 8e79a863d..4b96e0264 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -138,10 +138,17 @@ std.mergePatch((import '_base.libsonnet'), { { context: 'log', statements: [ - 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', - 'set(body, cache["msg"])', - 'delete_key(cache, "msg")', - 'merge_maps(attributes, cache, "insert")', + 'merge_maps(attributes, ParseJSON(body), "insert") where IsMatch(body, "^\\\\{")', + ], + }, + { + context: 'log', + conditions: [ + 'IsMatch(attributes["msg"], ".+")', + ], + statements: [ + 'set(body, attributes["msg"])', + 'delete_key(attributes, "msg")', ], }, ], From b078fbeac98e28cb4dff7e89a321207a970b4f9f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 18:29:58 +0900 Subject: [PATCH 0858/1209] fix(opentelemetry): update log statements to use cache for merging and setting body in daemonset configuration Signed-off-by: walnuts1018 --- .../collectors/daemonset.jsonnet | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 4b96e0264..02f0b9973 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -138,17 +138,10 @@ std.mergePatch((import '_base.libsonnet'), { { context: 'log', statements: [ - 'merge_maps(attributes, ParseJSON(body), "insert") where IsMatch(body, "^\\\\{")', - ], - }, - { - context: 'log', - conditions: [ - 'IsMatch(attributes["msg"], ".+")', - ], - statements: [ - 'set(body, attributes["msg"])', - 'delete_key(attributes, "msg")', + 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', + 'set(body, cache["msg"]) where cache["msg"] != nil', + 'delete_key(cache, "msg")', + 'merge_maps(attributes, cache, "insert")', ], }, ], From 76a76d2d05a5e77012f636cf8a39d39d54b27bc2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 18:36:02 +0900 Subject: [PATCH 0859/1209] fix(opentelemetry): add cache truncation and limit to daemonset configuration Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 02f0b9973..0646a1501 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -141,6 +141,8 @@ std.mergePatch((import '_base.libsonnet'), { 'merge_maps(cache, ParseJSON(body), "upsert") where IsMatch(body, "^\\\\{")', 'set(body, cache["msg"]) where cache["msg"] != nil', 'delete_key(cache, "msg")', + 'truncate_all(cache, 1024)', + 'limit(cache, 100, [])', 'merge_maps(attributes, cache, "insert")', ], }, From 28ab073933d0e1464119f46bd249beac274d5a67 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 16 Jan 2025 18:43:09 +0900 Subject: [PATCH 0860/1209] chore(deps): update renovate/renovate docker tag to v39.109.0 (#1287) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 548fc8601..194e1d999 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.107.2', + image: 'renovate/renovate:39.109.0', resources: { requests: { cpu: '500m', From 513ad72e0f28703ddfbf6c1f5c6bfae421a2b274 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 18:50:52 +0900 Subject: [PATCH 0861/1209] fix(opentelemetry): update merge_maps to use resource.attributes in daemonset configuration Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 0646a1501..65434478b 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -143,7 +143,7 @@ std.mergePatch((import '_base.libsonnet'), { 'delete_key(cache, "msg")', 'truncate_all(cache, 1024)', 'limit(cache, 100, [])', - 'merge_maps(attributes, cache, "insert")', + 'merge_maps(resource.attributes, cache, "insert")', ], }, ], From 7372ec8c4dac0aa3ee25f4ac77924c5906ba673b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 16 Jan 2025 19:15:04 +0900 Subject: [PATCH 0862/1209] fix(deps): update helm.sh/helm/v3 to v3.17.0 Signed-off-by: walnuts1018 --- scripts/infrautil/go.sum | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/infrautil/go.sum b/scripts/infrautil/go.sum index a796ad929..2b3e79d89 100644 --- a/scripts/infrautil/go.sum +++ b/scripts/infrautil/go.sum @@ -488,8 +488,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.16.4 h1:rBn/h9MACw+QlhxQTjpl8Ifx+VTWaYsw3rguGBYBzr0= -helm.sh/helm/v3 v3.16.4/go.mod h1:k8QPotUt57wWbi90w3LNmg3/MWcLPigVv+0/X4B8BzA= +helm.sh/helm/v3 v3.17.0 h1:DUD4AGdNVn7PSTYfxe1gmQG7s18QeWv/4jI9TubnhT0= +helm.sh/helm/v3 v3.17.0/go.mod h1:Mo7eGyKPPHlS0Ml67W8z/lbkox/gD9Xt1XpD6bxvZZA= k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= From 1ffa8c2f7e6dfd15451774ffc5cb74785d1435e1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 16 Jan 2025 20:27:49 +0900 Subject: [PATCH 0863/1209] chore(deps): update renovate/renovate docker tag to v39.110.0 (#1288) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 194e1d999..23a6c7420 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.109.0', + image: 'renovate/renovate:39.110.0', resources: { requests: { cpu: '500m', From 7f8e3fcc3c86d9d489ca6a9ebf56af5fdf1da2d6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 16 Jan 2025 21:37:59 +0900 Subject: [PATCH 0864/1209] chore(deps): update renovate/renovate docker tag to v39.111.0 (#1289) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 23a6c7420..0adf7edab 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.110.0', + image: 'renovate/renovate:39.111.0', resources: { requests: { cpu: '500m', From bb8001b0354c747ccf27a9c8d3b3e5ca0b091b9f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 16 Jan 2025 22:37:39 +0900 Subject: [PATCH 0865/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v0ba975c1be21874f442d375f89abb15eba2034d7-370 (#1290) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 74266cb3b..07d0e4682 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:9e602e4e54e528da92e8ff1357aceaf2d97bb71b-369', + image: 'ghcr.io/walnuts1018/walnuts.dev:0ba975c1be21874f442d375f89abb15eba2034d7-370', imagePullPolicy: 'IfNotPresent', ports: [ { From 81ddcfb2b5c9e09dca871c75c6cfa16581e7dd64 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 16 Jan 2025 23:28:17 +0900 Subject: [PATCH 0866/1209] chore(deps): update renovate/renovate docker tag to v39.111.1 (#1291) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0adf7edab..cb0516c65 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.111.0', + image: 'renovate/renovate:39.111.1', resources: { requests: { cpu: '500m', From d4edf253967724330cb650954b3db5d433bc5a5b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 17 Jan 2025 00:43:32 +0900 Subject: [PATCH 0867/1209] chore(deps): update renovate/renovate docker tag to v39.112.0 (#1292) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index cb0516c65..e3eac519f 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.111.1', + image: 'renovate/renovate:39.112.0', resources: { requests: { cpu: '500m', From bf61929246663b22ef300999cf2abc53c25573f1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 17 Jan 2025 01:48:05 +0900 Subject: [PATCH 0868/1209] chore(deps): update helm release cert-manager to v1.16.3 (#1293) Co-authored-by: Renovate Bot --- k8s/apps/cert-manager/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cert-manager/helm.jsonnet b/k8s/apps/cert-manager/helm.jsonnet index 8af483442..8f4c02510 100644 --- a/k8s/apps/cert-manager/helm.jsonnet +++ b/k8s/apps/cert-manager/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'cert-manager', repoURL: 'https://charts.jetstack.io', - targetRevision: 'v1.16.2', + targetRevision: 'v1.16.3', values: (importstr 'values.yaml'), } From 95eb0b446d93d4753252f9884295e2c1fec1a904 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 17 Jan 2025 01:48:25 +0900 Subject: [PATCH 0869/1209] chore(deps): update renovate/renovate docker tag to v39.113.0 (#1294) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e3eac519f..69c235f57 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.112.0', + image: 'renovate/renovate:39.113.0', resources: { requests: { cpu: '500m', From a0e1123ccf98edc6c05d7d307fcf508dd001fbf0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 16 Jan 2025 20:11:56 +0000 Subject: [PATCH 0870/1209] chore(deps): update terraform aws to ~> 5.84.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index a9ec76602..95653a708 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.83.0" + version = "~> 5.84.0" } } } From 34838ff48a3719f21af3518e78901728c3f1b2af Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:22:14 +0900 Subject: [PATCH 0871/1209] feat(opentelemetry): add Vaxila OTLP HTTP exporter and update API key reference Signed-off-by: walnuts1018 --- .../collectors/default.jsonnet | 12 ++++++++++-- .../opentelemetry-collectors/external-secret.jsonnet | 7 ------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index a729dbabb..57c2618da 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -96,6 +96,13 @@ std.mergePatch((import '_base.libsonnet'), { insecure: true, }, }, + 'otlphttp/vaxila': { + endpoint: 'https://otlp-vaxila.mackerelio.com', + headers: { + Accept: '*/*', + 'Mackerel-Api-Key': '${env:MACKEREL_APIKEY}', + }, + }, }, service: { pipelines: { @@ -111,6 +118,7 @@ std.mergePatch((import '_base.libsonnet'), { exporters: [ 'otlp/tempo', 'spanmetrics', + 'otlphttp/vaxila', ], }, metrics: { @@ -172,11 +180,11 @@ std.mergePatch((import '_base.libsonnet'), { }, }, { - name: 'VAXILA_APIKEY', + name: 'MACKEREL_APIKEY', valueFrom: { secretKeyRef: { name: (import '../external-secret.jsonnet').spec.target.name, - key: 'vaxila-api-key', + key: 'mackerel-api-key', }, }, }, diff --git a/k8s/apps/opentelemetry-collectors/external-secret.jsonnet b/k8s/apps/opentelemetry-collectors/external-secret.jsonnet index 535a0b370..e9c6a50c3 100644 --- a/k8s/apps/opentelemetry-collectors/external-secret.jsonnet +++ b/k8s/apps/opentelemetry-collectors/external-secret.jsonnet @@ -8,12 +8,5 @@ property: 'api-key', }, }, - { - secretKey: 'vaxila-api-key', - remoteRef: { - key: 'mackerel', - property: 'vaxila-api-key', - }, - }, ], } From 912c74d6ae87149b9afe9bea08c74f28341db0c5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:33:25 +0900 Subject: [PATCH 0872/1209] feat(opentelemetry): add Mackerel OTLP exporter configuration Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/default.jsonnet | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 57c2618da..c1da51d36 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -103,6 +103,13 @@ std.mergePatch((import '_base.libsonnet'), { 'Mackerel-Api-Key': '${env:MACKEREL_APIKEY}', }, }, + 'otlp/mackerel': { + endpoint: 'otlp.mackerelio.com:4317', + compression: 'gzip', + headers: { + 'Mackerel-Api-Key': '${env:MACKEREL_APIKEY}', + }, + }, }, service: { pipelines: { @@ -134,6 +141,7 @@ std.mergePatch((import '_base.libsonnet'), { exporters: [ 'otlphttp/prometheus', 'otlp/prometheus-exporter', + 'otlp/mackerel', ], }, logs: { From 953cceb3b4aca61c45dc692af0e4baaa9a31c802 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:48:57 +0900 Subject: [PATCH 0873/1209] feat(misskey): increase memory request from 512Mi to 932Mi Signed-off-by: walnuts1018 --- k8s/apps/misskey/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet index 91b152d7c..614737e6d 100644 --- a/k8s/apps/misskey/deployment.jsonnet +++ b/k8s/apps/misskey/deployment.jsonnet @@ -108,7 +108,7 @@ }, resources: { requests: { - memory: '512Mi', + memory: '932Mi', }, limits: {}, }, From 6afb748966447863e866e631e6eeca52d3408c92 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:53:05 +0900 Subject: [PATCH 0874/1209] feat(loki): adjust resource utilization targets and memory requests Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index cea7124a1..cb5fc2a13 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -52,8 +52,8 @@ write: enabled: true minReplicas: 1 maxReplicas: 6 - targetCPUUtilizationPercentage: 700 - targetMemoryUtilizationPercentage: 200 + targetCPUUtilizationPercentage: 100 + targetMemoryUtilizationPercentage: 100 resources: requests: memory: 300Mi @@ -76,11 +76,11 @@ read: enabled: true minReplicas: 1 maxReplicas: 6 - targetCPUUtilizationPercentage: 500 - targetMemoryUtilizationPercentage: 200 + targetCPUUtilizationPercentage: 100 + targetMemoryUtilizationPercentage: 100 resources: requests: - memory: 200Mi + memory: 160Mi cpu: 10m limits: memory: 1Gi @@ -96,8 +96,8 @@ backend: enabled: true minReplicas: 2 maxReplicas: 6 - targetCPUUtilizationPercentage: 800 - targetMemoryUtilizationPercentage: 200 + targetCPUUtilizationPercentage: 100 + targetMemoryUtilizationPercentage: 100 resources: requests: memory: 256Mi @@ -123,14 +123,14 @@ sidecar: cpu: 100m memory: 100Mi requests: - cpu: 50m - memory: 50Mi + cpu: 1m + memory: 100Mi chunksCache: allocatedMemory: 8192 resources: requests: cpu: 50m - memory: 300Mi + memory: 4Gi limits: memory: 9830Mi resultsCache: @@ -138,6 +138,6 @@ resultsCache: resources: requests: cpu: 50m - memory: 50Mi + memory: 1Gi limits: memory: 1229Mi From 83ab3cd0e4b3e25f9e1ee72fe3799a9ae3ad9d37 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:53:38 +0900 Subject: [PATCH 0875/1209] feat(samba): increase memory request from 850Mi to 2Gi Signed-off-by: walnuts1018 --- k8s/apps/samba/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/samba/deployment.jsonnet b/k8s/apps/samba/deployment.jsonnet index f6287adb3..6461d5666 100644 --- a/k8s/apps/samba/deployment.jsonnet +++ b/k8s/apps/samba/deployment.jsonnet @@ -80,7 +80,7 @@ cpu: '1000m', }, requests: { - memory: '850Mi', + memory: '2Gi', cpu: '10m', }, }, From 41a54ba0227ed78b59c3daf1277fcef129f778b7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:54:08 +0900 Subject: [PATCH 0876/1209] feat(mucaron): increase memory request from 20Mi to 100Mi Signed-off-by: walnuts1018 --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index 169944749..d3bc3aace 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -32,7 +32,7 @@ }, requests: { cpu: '10m', - memory: '20Mi', + memory: '100Mi', }, }, volumeMounts: [ From eef71b20b9b79c3a4522bc1d44e53ea5ba4df294 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:54:58 +0900 Subject: [PATCH 0877/1209] feat(tailscale): increase memory request from 20Mi to 80Mi Signed-off-by: walnuts1018 --- k8s/apps/tailscale/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tailscale/deployment.jsonnet b/k8s/apps/tailscale/deployment.jsonnet index 0681d63da..9fc200d41 100644 --- a/k8s/apps/tailscale/deployment.jsonnet +++ b/k8s/apps/tailscale/deployment.jsonnet @@ -64,7 +64,7 @@ }, resources: { requests: { - memory: '20Mi', + memory: '80Mi', }, limits: {}, }, From 07670c24f87fa1abed0d02ed1c86241111a6e85c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:55:37 +0900 Subject: [PATCH 0878/1209] feat(prometheus): increase memory request from 1000Mi to 2Gi and limit from 4000Mi to 4Gi Signed-off-by: walnuts1018 --- k8s/apps/prometheus-stack/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index dd303206b..b2eeebab0 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -102,9 +102,9 @@ prometheus: storage: 32Gi resources: requests: - memory: 1000Mi + memory: 2Gi limits: - memory: 4000Mi + memory: 4Gi retention: 14d retentionSize: 30GiB replicas: 1 From 9f855f77e99daa901b701cd8e7f8e45139d38d95 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:56:39 +0900 Subject: [PATCH 0879/1209] feat(walnuts): increase memory request from 50Mi to 100Mi Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 07d0e4682..7d18e256f 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -33,7 +33,7 @@ }, requests: { cpu: '10m', - memory: '50Mi', + memory: '100Mi', }, }, env: [ From 91c99eec37fc1d5d75164ecbc3fc3f80f8374e24 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 05:57:10 +0900 Subject: [PATCH 0880/1209] feat(opentelemetry): increase memory request from 64Mi to 100Mi Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/values.yaml b/k8s/apps/opentelemetry-operator/values.yaml index cad9f84a9..10f5c8f30 100644 --- a/k8s/apps/opentelemetry-operator/values.yaml +++ b/k8s/apps/opentelemetry-operator/values.yaml @@ -10,4 +10,4 @@ manager: memory: 128Mi requests: cpu: 5m - memory: 64Mi + memory: 100Mi From 930bc1f29a3f891e6258540c9e7d0f8ba8d02f6e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:03:16 +0900 Subject: [PATCH 0881/1209] feat(loki): add affinity settings and gateway configuration with resource requests and limits Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index cb5fc2a13..40d4114fb 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -46,6 +46,7 @@ loki: enabled: true desired_rate: 104857600 # 10MiB reject_old_samples: false + write: replicas: 2 autoscaling: @@ -69,6 +70,7 @@ write: volumeClaimsEnabled: false dataVolumeParameters: emptyDir: {} + affinity: {} read: replicas: 2 @@ -89,6 +91,7 @@ read: extraEnvFrom: - secretRef: name: loki-minio + affinity: {} backend: replicas: 2 @@ -113,6 +116,24 @@ backend: volumeClaimsEnabled: false dataVolumeParameters: emptyDir: {} + affinity: {} + +gateway: + replicas: 1 + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 100 + targetMemoryUtilizationPercentage: 100 + resources: + requests: + memory: 15Mi + cpu: 2m + limits: + memory: 512Mi + cpu: 10m + affinity: {} singleBinary: replicas: 0 From b656627963e917c4fae7ba74cfd5e2c6a6601bce Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:04:27 +0900 Subject: [PATCH 0882/1209] feat(minio): increase memory request from 500Mi to 1Gi Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 352368c3e..1bcf02a4d 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -17,7 +17,7 @@ consoleIngress: - minio-console.walnuts.dev resources: requests: - memory: 500Mi + memory: 1Gi oidc: enabled: true configUrl: "https://auth.walnuts.dev/.well-known/openid-configuration" From bd896a8970068bee22b818269d45a6bbd616effd Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:07:23 +0900 Subject: [PATCH 0883/1209] feat(loki): add podAntiAffinity settings to affinity configuration Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 40d4114fb..09b2cfd4c 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -70,7 +70,8 @@ write: volumeClaimsEnabled: false dataVolumeParameters: emptyDir: {} - affinity: {} + affinity: + podAntiAffinity: {} read: replicas: 2 @@ -91,7 +92,8 @@ read: extraEnvFrom: - secretRef: name: loki-minio - affinity: {} + affinity: + podAntiAffinity: {} backend: replicas: 2 @@ -116,7 +118,8 @@ backend: volumeClaimsEnabled: false dataVolumeParameters: emptyDir: {} - affinity: {} + affinity: + podAntiAffinity: {} gateway: replicas: 1 @@ -133,7 +136,8 @@ gateway: limits: memory: 512Mi cpu: 10m - affinity: {} + affinity: + podAntiAffinity: {} singleBinary: replicas: 0 From 92f28fb6fec79787120a8934f1ebec76ca3d72c7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:11:28 +0900 Subject: [PATCH 0884/1209] feat(loki): add podAntiAffinity settings for write, read, backend, and gateway components Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 48 +++++++++++++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 4 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 09b2cfd4c..76fd00eed 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -71,7 +71,17 @@ write: dataVolumeParameters: emptyDir: {} affinity: - podAntiAffinity: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - write + topologyKey: kubernetes.io/hostname read: replicas: 2 @@ -93,7 +103,17 @@ read: - secretRef: name: loki-minio affinity: - podAntiAffinity: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - read + topologyKey: kubernetes.io/hostname backend: replicas: 2 @@ -119,7 +139,17 @@ backend: dataVolumeParameters: emptyDir: {} affinity: - podAntiAffinity: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - backend + topologyKey: kubernetes.io/hostname gateway: replicas: 1 @@ -137,7 +167,17 @@ gateway: memory: 512Mi cpu: 10m affinity: - podAntiAffinity: {} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - gateway + topologyKey: kubernetes.io/hostname singleBinary: replicas: 0 From efc6e2dd22ebc1b712bd90e9da70ac62512c28e2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:12:59 +0900 Subject: [PATCH 0885/1209] feat(loki): add requiredDuringSchedulingIgnoredDuringExecution to podAntiAffinity settings Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 76fd00eed..95abe32d9 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -72,6 +72,7 @@ write: emptyDir: {} affinity: podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: {} preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: @@ -104,6 +105,7 @@ read: name: loki-minio affinity: podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: {} preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: @@ -140,6 +142,7 @@ backend: emptyDir: {} affinity: podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: {} preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: @@ -168,6 +171,7 @@ gateway: cpu: 10m affinity: podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: {} preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: From b4a549eb9856e892d42e997041b975549c9ab0cb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:13:42 +0900 Subject: [PATCH 0886/1209] fix(loki): change requiredDuringSchedulingIgnoredDuringExecution from object to array in podAntiAffinity settings Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 95abe32d9..23dc17b9a 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -72,7 +72,7 @@ write: emptyDir: {} affinity: podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: {} + requiredDuringSchedulingIgnoredDuringExecution: [] preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: @@ -105,7 +105,7 @@ read: name: loki-minio affinity: podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: {} + requiredDuringSchedulingIgnoredDuringExecution: [] preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: @@ -142,7 +142,7 @@ backend: emptyDir: {} affinity: podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: {} + requiredDuringSchedulingIgnoredDuringExecution: [] preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: @@ -171,7 +171,7 @@ gateway: cpu: 10m affinity: podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: {} + requiredDuringSchedulingIgnoredDuringExecution: [] preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: From 6cde6a2124084037c70b8d4c17b59cc13793621c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:18:50 +0900 Subject: [PATCH 0887/1209] feat(zitadel): add Horizontal Pod Autoscaler configuration and adjust memory request Signed-off-by: walnuts1018 --- k8s/apps/zitadel/hpa.jsonnet | 40 ++++++++++++++++++++++++++++++++++++ k8s/apps/zitadel/values.yaml | 5 +---- 2 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 k8s/apps/zitadel/hpa.jsonnet diff --git a/k8s/apps/zitadel/hpa.jsonnet b/k8s/apps/zitadel/hpa.jsonnet new file mode 100644 index 000000000..07ddc0d41 --- /dev/null +++ b/k8s/apps/zitadel/hpa.jsonnet @@ -0,0 +1,40 @@ +{ + apiVersion: 'autoscaling/v2', + kind: 'HorizontalPodAutoscaler', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + minReplicas: 2, + maxReplicas: 6, + metrics: [ + { + resource: { + name: 'cpu', + target: { + averageUtilization: 100, + type: 'Utilization', + }, + }, + type: 'Resource', + }, + { + resource: { + name: 'memory', + target: { + averageUtilization: 100, + type: 'Utilization', + }, + }, + type: 'Resource', + }, + ], + scaleTargetRef: { + apiVersion: 'apps/v1', + kind: 'Deployment', + name: 'zitadel', + }, + }, +} diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index e32f8ef66..5c492a451 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -32,7 +32,7 @@ metrics: enabled: true resources: requests: - memory: 128Mi + memory: 100Mi limits: memory: 512Mi affinity: @@ -52,6 +52,3 @@ affinity: operator: NotIn values: - donut - -# image: -# tag: v2.64.1 # {"$imagepolicy": "zitadel:zitadel:tag"} From e2a1bfab561159df1e3cdabb575edbe4679f12b5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:19:28 +0900 Subject: [PATCH 0888/1209] feat(zitadel): add CPU request configuration to values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 5c492a451..aa915fb86 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -32,6 +32,7 @@ metrics: enabled: true resources: requests: + cpu: 10m memory: 100Mi limits: memory: 512Mi From cde36381a10bafb704f3e06f0314418dbdce7d4d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:19:44 +0900 Subject: [PATCH 0889/1209] fix(zitadel): reduce CPU request from 10m to 5m in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index aa915fb86..14269245a 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -32,7 +32,7 @@ metrics: enabled: true resources: requests: - cpu: 10m + cpu: 5m memory: 100Mi limits: memory: 512Mi From 7518889c66eb1f1ff4da47d0c3de07fa7d5f147a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:20:57 +0900 Subject: [PATCH 0890/1209] feat(walnuts): add Horizontal Pod Autoscaler configuration for CPU and memory metrics Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/hpa.jsonnet | 40 ++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 k8s/apps/walnuts-dev/hpa.jsonnet diff --git a/k8s/apps/walnuts-dev/hpa.jsonnet b/k8s/apps/walnuts-dev/hpa.jsonnet new file mode 100644 index 000000000..5d7b87fd6 --- /dev/null +++ b/k8s/apps/walnuts-dev/hpa.jsonnet @@ -0,0 +1,40 @@ +{ + apiVersion: 'autoscaling/v2', + kind: 'HorizontalPodAutoscaler', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + minReplicas: 2, + maxReplicas: 5, + metrics: [ + { + resource: { + name: 'cpu', + target: { + averageUtilization: 100, + type: 'Utilization', + }, + }, + type: 'Resource', + }, + { + resource: { + name: 'memory', + target: { + averageUtilization: 100, + type: 'Utilization', + }, + }, + type: 'Resource', + }, + ], + scaleTargetRef: { + apiVersion: 'apps/v1', + kind: 'Deployment', + name: (import 'deployment.jsonnet').metadata.name, + }, + }, +} From b146fa91339471085e96c7623623a7d16edd5791 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:24:37 +0900 Subject: [PATCH 0891/1209] fix(loki): increase CPU request from 10m to 15m in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 23dc17b9a..3360f6125 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -128,7 +128,7 @@ backend: resources: requests: memory: 256Mi - cpu: 10m + cpu: 15m limits: memory: 1Gi cpu: 100m From 239ff82b6f5ca41d045da2c5ef4e9bd422cbe194 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:25:46 +0900 Subject: [PATCH 0892/1209] fix(loki): adjust CPU requests in values.yaml for improved resource allocation Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 3360f6125..1ea3dd636 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -53,15 +53,12 @@ write: enabled: true minReplicas: 1 maxReplicas: 6 - targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 resources: requests: memory: 300Mi - cpu: 100m limits: memory: 1Gi - cpu: 1 extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: @@ -90,15 +87,12 @@ read: enabled: true minReplicas: 1 maxReplicas: 6 - targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 resources: requests: memory: 160Mi - cpu: 10m limits: memory: 1Gi - cpu: 1 extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: @@ -123,15 +117,12 @@ backend: enabled: true minReplicas: 2 maxReplicas: 6 - targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 resources: requests: memory: 256Mi - cpu: 15m limits: memory: 1Gi - cpu: 100m extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: @@ -160,15 +151,12 @@ gateway: enabled: true minReplicas: 1 maxReplicas: 3 - targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 resources: requests: memory: 15Mi - cpu: 2m limits: memory: 512Mi - cpu: 10m affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: [] From 18fe8e784621b5cd7ec89abebd44ab1023b7feb0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:27:58 +0900 Subject: [PATCH 0893/1209] feat(loki): add CPU requests and target utilization percentages in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 1ea3dd636..3360f6125 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -53,12 +53,15 @@ write: enabled: true minReplicas: 1 maxReplicas: 6 + targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 resources: requests: memory: 300Mi + cpu: 100m limits: memory: 1Gi + cpu: 1 extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: @@ -87,12 +90,15 @@ read: enabled: true minReplicas: 1 maxReplicas: 6 + targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 resources: requests: memory: 160Mi + cpu: 10m limits: memory: 1Gi + cpu: 1 extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: @@ -117,12 +123,15 @@ backend: enabled: true minReplicas: 2 maxReplicas: 6 + targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 resources: requests: memory: 256Mi + cpu: 15m limits: memory: 1Gi + cpu: 100m extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: @@ -151,12 +160,15 @@ gateway: enabled: true minReplicas: 1 maxReplicas: 3 + targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 resources: requests: memory: 15Mi + cpu: 2m limits: memory: 512Mi + cpu: 10m affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: [] From 1f51ea9f15b98d51065d1cd1162fd8786a676ea7 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 17 Jan 2025 06:28:01 +0900 Subject: [PATCH 0894/1209] chore(deps): update helm release loki to v6.24.1 (#1296) Co-authored-by: Renovate Bot --- k8s/apps/loki/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet index d84d25adf..8a84b74c0 100644 --- a/k8s/apps/loki/helm.jsonnet +++ b/k8s/apps/loki/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'loki', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '6.24.0', + targetRevision: '6.24.1', values: (importstr 'values.yaml'), } From e8bf9748e5be43c2d642f6b2fc76d2a0f4b86237 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:30:42 +0900 Subject: [PATCH 0895/1209] fix(loki): increase CPU request from 1m to 5m in values.yaml for better resource allocation Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 3360f6125..cd8b53c9e 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -192,7 +192,7 @@ sidecar: cpu: 100m memory: 100Mi requests: - cpu: 1m + cpu: 5m memory: 100Mi chunksCache: allocatedMemory: 8192 From e1cbcc6b39fe0e488d00eccf8bfbfd8f07e6f10a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 17 Jan 2025 06:31:26 +0900 Subject: [PATCH 0896/1209] fix(loki): increase CPU request from 10m to 20m in values.yaml for better resource allocation Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index cd8b53c9e..532b17568 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -95,7 +95,7 @@ read: resources: requests: memory: 160Mi - cpu: 10m + cpu: 20m limits: memory: 1Gi cpu: 1 From edc8cf1334327881dfe1eb97a1d3f6a6ee44ff10 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 17 Jan 2025 09:12:47 +0900 Subject: [PATCH 0897/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.297.0 (#1297) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 54f6b08fa..5d2a046eb 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.296.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.297.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From f3142a01956abef43be7208dfbcb0bda586b28cf Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 17 Jan 2025 19:53:15 +0900 Subject: [PATCH 0898/1209] chore(deps): update renovate/renovate docker tag to v39.114.0 (#1299) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 69c235f57..e0c367f0f 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.113.0', + image: 'renovate/renovate:39.114.0', resources: { requests: { cpu: '500m', From e4e34116000ce53bb0cfdd75adea454a47a10dcb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 17 Jan 2025 14:22:16 +0000 Subject: [PATCH 0899/1209] chore(deps): update helm release kube-prometheus-stack to v68.2.1 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index dd84ca25e..bf78803bb 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.1.1', + targetRevision: '68.2.1', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From d848eb05a919911fad15238a6b411677ef7295f5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 18 Jan 2025 00:38:23 +0900 Subject: [PATCH 0900/1209] chore(deps): update renovate/renovate docker tag to v39.115.0 (#1300) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e0c367f0f..c0ff1a38a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.114.0', + image: 'renovate/renovate:39.115.0', resources: { requests: { cpu: '500m', From 55c8cf4bab9373a29b1afdfe8c3db14bbb552ddd Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 18 Jan 2025 01:16:25 +0900 Subject: [PATCH 0901/1209] chore(deps): update renovate/renovate docker tag to v39.115.1 (#1301) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index c0ff1a38a..e21094c06 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.115.0', + image: 'renovate/renovate:39.115.1', resources: { requests: { cpu: '500m', From 79bef0181669e7360a0239b628d3098b448b99dd Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 18 Jan 2025 01:47:42 +0900 Subject: [PATCH 0902/1209] chore(deps): update renovate/renovate docker tag to v39.115.2 (#1302) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e21094c06..03e684dd2 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.115.1', + image: 'renovate/renovate:39.115.2', resources: { requests: { cpu: '500m', From faaf6089d06f66082ce3c7c6410c127691262fbf Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 17 Jan 2025 20:47:10 +0000 Subject: [PATCH 0903/1209] chore(deps): update helm release loki to v6.25.0 --- k8s/apps/loki/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/helm.jsonnet b/k8s/apps/loki/helm.jsonnet index 8a84b74c0..f269e5fac 100644 --- a/k8s/apps/loki/helm.jsonnet +++ b/k8s/apps/loki/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'loki', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '6.24.1', + targetRevision: '6.25.0', values: (importstr 'values.yaml'), } From 1853a0d512407f84290368e4685af1e98dc884af Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 18 Jan 2025 07:03:17 +0900 Subject: [PATCH 0904/1209] chore(deps): update renovate/renovate docker tag to v39.115.3 (#1304) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 03e684dd2..95f3bd4d1 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.115.2', + image: 'renovate/renovate:39.115.3', resources: { requests: { cpu: '500m', From 5ceac44c266097412573b2b75e280797197a7e7a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 18 Jan 2025 15:08:02 +0900 Subject: [PATCH 0905/1209] chore(deps): update renovate/renovate docker tag to v39.115.4 (#1305) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 95f3bd4d1..bc4b1bc16 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.115.3', + image: 'renovate/renovate:39.115.4', resources: { requests: { cpu: '500m', From 3e35a7676584c5b261f7109125d6c0f62deaf552 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 18 Jan 2025 18:08:40 +0900 Subject: [PATCH 0906/1209] chore(deps): update renovate/renovate docker tag to v39.116.0 (#1306) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index bc4b1bc16..0f6376e58 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.115.4', + image: 'renovate/renovate:39.116.0', resources: { requests: { cpu: '500m', From aa8af14f44b76a2817ccb372c3b55c42f4feb81e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 18 Jan 2025 20:17:15 +0900 Subject: [PATCH 0907/1209] Update deployment.jsonnet --- .../collectors/deployment.jsonnet | 28 ------------------- 1 file changed, 28 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet index 52e3eccff..fe7f36544 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet @@ -27,21 +27,6 @@ std.mergePatch((import '_base.libsonnet'), { }, }, }, - k8sobjects: { - auth_type: 'serviceAccount', - objects: [ - { - name: 'pods', - mode: 'pull', - interval: '15m', - }, - { - name: 'events', - mode: 'watch', - group: 'events.k8s.io', - }, - ], - }, }, processors: { memory_limiter: { @@ -110,19 +95,6 @@ std.mergePatch((import '_base.libsonnet'), { 'otlp/default', ], }, - logs: { - receivers: [ - 'k8sobjects', - ], - processors: [ - 'memory_limiter', - 'batch', - 'k8sattributes', - ], - exporters: [ - 'otlp/default', - ], - }, }, }, }, From 149c4eca48a82da07584ec823121877e0680ddd3 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 19 Jan 2025 01:02:57 +0900 Subject: [PATCH 0908/1209] chore(deps): update helm release tempo to v1.18.1 (#1307) Co-authored-by: Renovate Bot --- k8s/apps/tempo/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tempo/helm.jsonnet b/k8s/apps/tempo/helm.jsonnet index 7fb4660a8..61b72c69f 100644 --- a/k8s/apps/tempo/helm.jsonnet +++ b/k8s/apps/tempo/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'tempo', repoURL: 'https://grafana.github.io/helm-charts', - targetRevision: '1.18.0', + targetRevision: '1.18.1', values: (importstr 'values.yaml'), } From 8793dc50fba9b4f35b4980ed534f46245d468204 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 19 Jan 2025 09:56:51 +0000 Subject: [PATCH 0909/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v7dacbabadcf35a18524c58db4ab37e32cabe2d5c-371 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 7d18e256f..e71018052 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:0ba975c1be21874f442d375f89abb15eba2034d7-370', + image: 'ghcr.io/walnuts1018/walnuts.dev:7dacbabadcf35a18524c58db4ab37e32cabe2d5c-371', imagePullPolicy: 'IfNotPresent', ports: [ { From 82acbde9b32c4c44e5bc8b4a33224e008fae25d8 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 19 Jan 2025 19:07:56 +0900 Subject: [PATCH 0910/1209] chore(deps): update renovate/renovate docker tag to v39.116.1 (#1309) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0f6376e58..db8e92533 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.116.0', + image: 'renovate/renovate:39.116.1', resources: { requests: { cpu: '500m', From baea3c75c3a002ffa2155fb4b52ae289c91aa3d5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 19 Jan 2025 20:53:01 +0900 Subject: [PATCH 0911/1209] chore(deps): update renovate/renovate docker tag to v39.117.0 (#1310) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index db8e92533..dcdc99c52 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.116.1', + image: 'renovate/renovate:39.117.0', resources: { requests: { cpu: '500m', From eae9452ada61f609ea778dfd4a25d9cbd8ff2b95 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 19 Jan 2025 21:58:31 +0900 Subject: [PATCH 0912/1209] chore(deps): update renovate/renovate docker tag to v39.117.1 (#1311) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index dcdc99c52..431f578f2 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.117.0', + image: 'renovate/renovate:39.117.1', resources: { requests: { cpu: '500m', From 701efb92a3231eef93c92ced33478be704c54ae9 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 19 Jan 2025 23:08:02 +0900 Subject: [PATCH 0913/1209] chore(deps): update renovate/renovate docker tag to v39.117.2 (#1312) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 431f578f2..95dbb1d33 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.117.1', + image: 'renovate/renovate:39.117.2', resources: { requests: { cpu: '500m', From b84d97f43da0a24a9961adfabedbb5285f24f254 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 19 Jan 2025 23:43:00 +0900 Subject: [PATCH 0914/1209] chore(deps): update helm release nextcloud to v6.6.3 (#1313) Co-authored-by: Renovate Bot --- k8s/apps/nextcloud/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/helm.jsonnet b/k8s/apps/nextcloud/helm.jsonnet index 233cc1c05..b3f9c1138 100644 --- a/k8s/apps/nextcloud/helm.jsonnet +++ b/k8s/apps/nextcloud/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'nextcloud', repoURL: 'https://nextcloud.github.io/helm/', - targetRevision: '6.6.2', + targetRevision: '6.6.3', values: (importstr 'values.yaml'), } From 3ec696d7c9fe133c037456f7c39d5ffd9a943af2 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 19 Jan 2025 23:52:30 +0900 Subject: [PATCH 0915/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-frontend docker tag to v6815d5031e94f24ff1027f8616f7a8315a082f66-64 (#1314) Co-authored-by: Renovate Bot --- k8s/apps/mucaron/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/front/deployment.jsonnet b/k8s/apps/mucaron/front/deployment.jsonnet index d3bc3aace..35cfff8da 100644 --- a/k8s/apps/mucaron/front/deployment.jsonnet +++ b/k8s/apps/mucaron/front/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-front', - image: 'ghcr.io/walnuts1018/mucaron-frontend:2436a6d5f7c899ca8717ffcea4494d1fb25007a8-63', + image: 'ghcr.io/walnuts1018/mucaron-frontend:6815d5031e94f24ff1027f8616f7a8315a082f66-64', ports: [ { containerPort: 3000, From 0e66409536d07636e47446c6fed8b85bc44aff6d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 20 Jan 2025 01:38:14 +0900 Subject: [PATCH 0916/1209] feat(psql-operator): add logical backup Docker image version in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zalando-psql-operator/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/zalando-psql-operator/values.yaml b/k8s/apps/zalando-psql-operator/values.yaml index 57bda7ff0..bc2523e5b 100644 --- a/k8s/apps/zalando-psql-operator/values.yaml +++ b/k8s/apps/zalando-psql-operator/values.yaml @@ -26,6 +26,7 @@ resources: cpu: 10m memory: 50Mi configLogicalBackup: + logical_backup_docker_image: "ghcr.io/zalando/postgres-operator/logical-backup:v1.14.0" # TODO:https://github.com/walnuts1018/infra/issues/1315 logical_backup_s3_bucket: "zalando-backup" logical_backup_s3_bucket_prefix: "spilo" logical_backup_s3_region: "ap-northeast-1" From 54f04c980a06a65cc76f73d3423fd58223445b03 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Mon, 20 Jan 2025 01:38:47 +0900 Subject: [PATCH 0917/1209] chore(psql-operator): remove unnecessary nodeSelector for architecture Signed-off-by: walnuts1018 --- k8s/apps/zalando-psql-operator/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/k8s/apps/zalando-psql-operator/values.yaml b/k8s/apps/zalando-psql-operator/values.yaml index bc2523e5b..3867337ab 100644 --- a/k8s/apps/zalando-psql-operator/values.yaml +++ b/k8s/apps/zalando-psql-operator/values.yaml @@ -12,8 +12,6 @@ configKubernetes: pod_antiaffinity_preferred_during_scheduling: true # override topology key for pod anti affinity pod_antiaffinity_topology_key: "kubernetes.io/hostname" -nodeSelector: - kubernetes.io/arch: amd64 configUsers: enable_password_rotation: false From 66659bea28dc0509b5503a6d23bf027b837b685c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 20 Jan 2025 01:57:40 +0900 Subject: [PATCH 0918/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-backend docker tag to v1e951eb5a409796796e83debe0f46c9f75c6f420-87 (#1316) Co-authored-by: Renovate Bot --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index 1accc4223..3a5a81739 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:c8d65c4a763fc9073216ece4c7384101737448c5-86', + image: 'ghcr.io/walnuts1018/mucaron-backend:1e951eb5a409796796e83debe0f46c9f75c6f420-87', ports: [ { containerPort: 8080, From 8943e37b6a4c31202710691f2e9489629be5fb9e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 20 Jan 2025 10:02:45 +0900 Subject: [PATCH 0919/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.298.0 (#1317) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 5d2a046eb..053b2d61f 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.297.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.298.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From 3320ea42914d2cabc4ec480c70d8e70891d23cca Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 20 Jan 2025 13:02:45 +0900 Subject: [PATCH 0920/1209] chore(deps): update ghcr.io/walnuts1018/mucaron-backend docker tag to c8675c77b41b7155943b6316448ae856beea214f-88 (#1318) Co-authored-by: Renovate Bot --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index 3a5a81739..43d76f661 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../../components/container.libsonnet') { name: 'mucaron-backend', - image: 'ghcr.io/walnuts1018/mucaron-backend:1e951eb5a409796796e83debe0f46c9f75c6f420-87', + image: 'ghcr.io/walnuts1018/mucaron-backend:c8675c77b41b7155943b6316448ae856beea214f-88', ports: [ { containerPort: 8080, From bc22d75d324393012a26cc778a88bec56c843c03 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 20 Jan 2025 17:16:55 +0900 Subject: [PATCH 0921/1209] chore(deps): update renovate/renovate docker tag to v39.117.3 (#1319) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 95dbb1d33..da391886b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.117.2', + image: 'renovate/renovate:39.117.3', resources: { requests: { cpu: '500m', From fd2431586fbbfb27b8d8cd4da8f81cd7264d5be1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 20 Jan 2025 18:58:10 +0900 Subject: [PATCH 0922/1209] chore(deps): update renovate/renovate docker tag to v39.118.0 (#1320) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index da391886b..d86ebc293 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.117.3', + image: 'renovate/renovate:39.118.0', resources: { requests: { cpu: '500m', From 815b6e7034d86ee906088d5d8027a9725b7c6563 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 20 Jan 2025 23:08:25 +0900 Subject: [PATCH 0923/1209] chore(deps): update renovate/renovate docker tag to v39.118.1 (#1322) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index d86ebc293..e3b056897 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.118.0', + image: 'renovate/renovate:39.118.1', resources: { requests: { cpu: '500m', From d42348a8145470e63e0854c6dd7a964177cb3c19 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 00:51:34 +0900 Subject: [PATCH 0924/1209] feat(cilium): enable envoy configuration in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 06cdd5767..57dd3d54e 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -80,3 +80,5 @@ prometheus: serviceMonitor: enabled: true trustCRDsExist: true +envoyConfig: + enabled: true From 741325321d2b1f3735a73f6e4d364e6de91a6a20 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 00:54:39 +0900 Subject: [PATCH 0925/1209] feat(cilium): add secretsNamespace configuration in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 57dd3d54e..3e21a2766 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -82,3 +82,6 @@ prometheus: trustCRDsExist: true envoyConfig: enabled: true + secretsNamespace: + create: false + name: cilium-secrets From 5ce2e0ff897c036cb4dd3b6bf572f3745678277c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 01:13:00 +0900 Subject: [PATCH 0926/1209] feat(minio): enable OpenTelemetry instrumentation in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 1bcf02a4d..003bf5117 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -38,9 +38,9 @@ metrics: includeNode: true users: [] -# podAnnotations: -# instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' -# instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio' +podAnnotations: + instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' + instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio' containerSecurityContext: readOnlyRootFilesystem: true From af81ccd9b384dd2cd4e073fce4daeab3be6e35cd Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 02:54:46 +0900 Subject: [PATCH 0927/1209] feat(cilium): add OpenTelemetry pod annotations in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 3e21a2766..14b9aee10 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -69,6 +69,9 @@ envoy: enabled: true serviceMonitor: enabled: true + podAnnotations: + instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' + instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/cilium-envoy' operator: tolerations: [] prometheus: From 267f1b8a9f764d2a4bb0b59b26ae80e153053410 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 02:55:32 +0900 Subject: [PATCH 0928/1209] error while loading probes, cleaning up","error":"offset not found: google.golang.org/grpc.ClientConn:target (1.69.0) Signed-off-by: walnuts1018 --- k8s/apps/minio/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/minio/values.yaml b/k8s/apps/minio/values.yaml index 003bf5117..1bcf02a4d 100644 --- a/k8s/apps/minio/values.yaml +++ b/k8s/apps/minio/values.yaml @@ -38,9 +38,9 @@ metrics: includeNode: true users: [] -podAnnotations: - instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' - instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio' +# podAnnotations: +# instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' +# instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/minio' containerSecurityContext: readOnlyRootFilesystem: true From c779e7dcf23313ac3a2e862ffb1b3d743a1ef75c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 02:57:01 +0900 Subject: [PATCH 0929/1209] feat(cilium): rename app from "hubble" to "hubble-oauth2-proxy" Signed-off-by: walnuts1018 --- k8s/apps/cilium-hubble-oauth2-proxy/app.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium-hubble-oauth2-proxy/app.json5 b/k8s/apps/cilium-hubble-oauth2-proxy/app.json5 index 19b972795..671b40705 100644 --- a/k8s/apps/cilium-hubble-oauth2-proxy/app.json5 +++ b/k8s/apps/cilium-hubble-oauth2-proxy/app.json5 @@ -1,4 +1,4 @@ { - name: "hubble", + name: "hubble-oauth2-proxy", namespace: "cilium-system", } From 4b965929493722779b414bc21948377e20596912 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 02:59:18 +0900 Subject: [PATCH 0930/1209] feat(cilium): remove OpenTelemetry pod annotations from values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 14b9aee10..3e21a2766 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -69,9 +69,6 @@ envoy: enabled: true serviceMonitor: enabled: true - podAnnotations: - instrumentation.opentelemetry.io/inject-go: 'opentelemetry-collector/default' - instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/usr/bin/cilium-envoy' operator: tolerations: [] prometheus: From 71bec9d6d43b939a56f035ad5b49be7229a00a94 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 03:03:40 +0900 Subject: [PATCH 0931/1209] feat(cilium): update app name to "hubble" in oauth2-proxy.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet b/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet index 99e33c15a..3988bb3a9 100644 --- a/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet +++ b/k8s/apps/cilium-hubble-oauth2-proxy/oauth2-proxy.jsonnet @@ -1,6 +1,6 @@ (import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ app: { - name: (import 'app.json5').name, + name: 'hubble', namespace: (import 'app.json5').namespace, }, domain: 'hubble.walnuts.dev', From 60ca55686f29ebb7522af58c8081cb91d58b497e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 03:46:49 +0900 Subject: [PATCH 0932/1209] chore(deps): update renovate/renovate docker tag to v39.118.2 (#1324) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e3b056897..c86ffd058 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.118.1', + image: 'renovate/renovate:39.118.2', resources: { requests: { cpu: '500m', From 1729dabe9ab34ed312e8a705ec9087956256d2bd Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 04:14:44 +0900 Subject: [PATCH 0933/1209] feat(zitadel): remove CPU utilization metric from HPA configuration Signed-off-by: walnuts1018 --- k8s/apps/zitadel/hpa.jsonnet | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/k8s/apps/zitadel/hpa.jsonnet b/k8s/apps/zitadel/hpa.jsonnet index 07ddc0d41..929cc6129 100644 --- a/k8s/apps/zitadel/hpa.jsonnet +++ b/k8s/apps/zitadel/hpa.jsonnet @@ -10,16 +10,6 @@ minReplicas: 2, maxReplicas: 6, metrics: [ - { - resource: { - name: 'cpu', - target: { - averageUtilization: 100, - type: 'Utilization', - }, - }, - type: 'Resource', - }, { resource: { name: 'memory', From ffa9c3aba67c3dc9671fc85c6c0e6cb14cec99d4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 04:19:32 +0900 Subject: [PATCH 0934/1209] feat(argocd): ignore differences in replicas for Deployment resource customizations Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 5c3417f43..933f25a00 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -17,6 +17,9 @@ configs: - CiliumIdentity clusters: - "*" + resource.customizations.ignoreDifferences.apps_Deployment: | + jsonPointers: + - /spec/replicas oidc.config: | name: walnuts-dev issuer: https://auth.walnuts.dev From 097157ab362271feaa63843749be9c60cc8ffb15 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 04:31:16 +0900 Subject: [PATCH 0935/1209] fix(argocd): correct indentation for ignoreDifferences in values.yaml Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 933f25a00..cc6fbc598 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -19,7 +19,7 @@ configs: - "*" resource.customizations.ignoreDifferences.apps_Deployment: | jsonPointers: - - /spec/replicas + - /spec/replicas oidc.config: | name: walnuts-dev issuer: https://auth.walnuts.dev From ff989d50cd484ace0dd6e40027fcd25521166cdf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 21 Jan 2025 06:36:12 +0900 Subject: [PATCH 0936/1209] fix(psql-operator): comment out logical_backup_s3_region in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zalando-psql-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zalando-psql-operator/values.yaml b/k8s/apps/zalando-psql-operator/values.yaml index 3867337ab..ee38d7cf5 100644 --- a/k8s/apps/zalando-psql-operator/values.yaml +++ b/k8s/apps/zalando-psql-operator/values.yaml @@ -27,7 +27,7 @@ configLogicalBackup: logical_backup_docker_image: "ghcr.io/zalando/postgres-operator/logical-backup:v1.14.0" # TODO:https://github.com/walnuts1018/infra/issues/1315 logical_backup_s3_bucket: "zalando-backup" logical_backup_s3_bucket_prefix: "spilo" - logical_backup_s3_region: "ap-northeast-1" + # logical_backup_s3_region: "ap-northeast-1" logical_backup_s3_endpoint: "https://minio.walnuts.dev/" logical_backup_s3_sse: "" # S3 retention time for stored backups for example "2 week" or "7 days" From b75b933a9bc2a70f1d091f3566e04a36bb6261e0 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 09:32:56 +0900 Subject: [PATCH 0937/1209] chore(deps): update helm release kube-prometheus-stack to v68.2.2 (#1325) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index bf78803bb..4032639f8 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.2.1', + targetRevision: '68.2.2', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From cd8b154f2231849d78153908a2c14318db695124 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 11:58:01 +0900 Subject: [PATCH 0938/1209] chore(deps): update renovate/renovate docker tag to v39.118.3 (#1326) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index c86ffd058..a5f9fea74 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.118.2', + image: 'renovate/renovate:39.118.3', resources: { requests: { cpu: '500m', From cdbaa383fa137f105b07f03cc5469e9e6db9b3cc Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 14:17:00 +0900 Subject: [PATCH 0939/1209] chore(deps): update renovate/renovate docker tag to v39.118.4 (#1327) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index a5f9fea74..8a542f171 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.118.3', + image: 'renovate/renovate:39.118.4', resources: { requests: { cpu: '500m', From 85a81babd2e1fa9e5d5ee1f2ccb52c2ccd72b0e2 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 16:33:08 +0900 Subject: [PATCH 0940/1209] chore(deps): update renovate/renovate docker tag to v39.118.5 (#1328) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 8a542f171..33cea7c36 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.118.4', + image: 'renovate/renovate:39.118.5', resources: { requests: { cpu: '500m', From bc48760d9a858e088f3d8d22656fc83ceea2c70d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 21 Jan 2025 08:46:28 +0000 Subject: [PATCH 0941/1209] chore(deps): update helm release kube-prometheus-stack to v68.3.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 4032639f8..589ffa232 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.2.2', + targetRevision: '68.3.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 14840e68af21a35daaedd02ed4a651edab0cc137 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 17:46:55 +0900 Subject: [PATCH 0942/1209] chore(deps): update docker.elastic.co/elasticsearch/elasticsearch docker tag to v8.17.1 (#1329) Co-authored-by: Renovate Bot --- k8s/apps/elasticsearch/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/elasticsearch/deployment.jsonnet b/k8s/apps/elasticsearch/deployment.jsonnet index 0222b1695..b5c97d1d9 100644 --- a/k8s/apps/elasticsearch/deployment.jsonnet +++ b/k8s/apps/elasticsearch/deployment.jsonnet @@ -28,7 +28,7 @@ type: 'RuntimeDefault', }, }, - image: 'docker.elastic.co/elasticsearch/elasticsearch:8.17.0', + image: 'docker.elastic.co/elasticsearch/elasticsearch:8.17.1', ports: [ { containerPort: 9200, From 13682e0e015df77acfa2c56922e34046ac9c6573 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 17:47:30 +0900 Subject: [PATCH 0943/1209] chore(deps): update renovate/renovate docker tag to v39.119.0 (#1331) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 33cea7c36..18de048c3 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.118.5', + image: 'renovate/renovate:39.119.0', resources: { requests: { cpu: '500m', From fbe6995b0e7878892b80cec24adb2f6521f60511 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 17:49:24 +0900 Subject: [PATCH 0944/1209] chore(deps): update docker.elastic.co/kibana/kibana docker tag to v8.17.1 (#1332) Co-authored-by: Renovate Bot --- k8s/apps/kibana/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/kibana/deployment.jsonnet b/k8s/apps/kibana/deployment.jsonnet index 83e74fe7f..6bcf270d1 100644 --- a/k8s/apps/kibana/deployment.jsonnet +++ b/k8s/apps/kibana/deployment.jsonnet @@ -23,7 +23,7 @@ readOnlyRootFilesystem: true, runAsNonRoot: true, }, - image: 'docker.elastic.co/kibana/kibana:8.17.0', + image: 'docker.elastic.co/kibana/kibana:8.17.1', ports: [ { name: 'http', From 4781b51cd0f1b2e075dfa519248c96ff51b5c63a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 21 Jan 2025 09:17:10 +0000 Subject: [PATCH 0945/1209] chore(deps): update helm release external-secrets to v0.13.0 --- k8s/apps/external-secrets/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet index c26065cc1..9f4c33330 100644 --- a/k8s/apps/external-secrets/helm.jsonnet +++ b/k8s/apps/external-secrets/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'external-secrets', repoURL: 'https://charts.external-secrets.io', - targetRevision: '0.12.1', + targetRevision: '0.13.0', values: '', } From 794aab97d46687b4f63d250ab72a61824f5e23ec Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 20:08:40 +0900 Subject: [PATCH 0946/1209] chore(deps): update renovate/renovate docker tag to v39.119.1 (#1334) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 18de048c3..770cfe9b0 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.119.0', + image: 'renovate/renovate:39.119.1', resources: { requests: { cpu: '500m', From 79a39f5d17a98335a7543759d8f0a548c56800f5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 21:53:03 +0900 Subject: [PATCH 0947/1209] chore(deps): update renovate/renovate docker tag to v39.119.2 (#1335) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 770cfe9b0..15b6bfdf9 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.119.1', + image: 'renovate/renovate:39.119.2', resources: { requests: { cpu: '500m', From 0f3425e16cd856ca06ebea85469188f44c9cc225 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 21 Jan 2025 22:58:17 +0900 Subject: [PATCH 0948/1209] chore(deps): update renovate/renovate docker tag to v39.120.0 (#1336) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 15b6bfdf9..6f2815f28 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.119.2', + image: 'renovate/renovate:39.120.0', resources: { requests: { cpu: '500m', From 72619216cd8d159edf2d37feb08fe5eef6c2adaa Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 22 Jan 2025 02:28:07 +0900 Subject: [PATCH 0949/1209] chore(deps): update renovate/renovate docker tag to v39.120.1 (#1337) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 6f2815f28..cdc16d5fe 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.120.0', + image: 'renovate/renovate:39.120.1', resources: { requests: { cpu: '500m', From 36237fffec8ea01deed50c242cf8f75c0c77320b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 22 Jan 2025 03:08:40 +0900 Subject: [PATCH 0950/1209] chore(deps): update renovate/renovate docker tag to v39.120.2 (#1338) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index cdc16d5fe..ea21829e5 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.120.1', + image: 'renovate/renovate:39.120.2', resources: { requests: { cpu: '500m', From 31d33d06377f16107866c5ce95aaa57ba8fad191 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 22 Jan 2025 04:17:15 +0900 Subject: [PATCH 0951/1209] chore(deps): update renovate/renovate docker tag to v39.120.3 (#1339) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index ea21829e5..679da9b64 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.120.2', + image: 'renovate/renovate:39.120.3', resources: { requests: { cpu: '500m', From 03bf6291677146aab0646644125d0efef554fe10 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 22 Jan 2025 10:07:30 +0900 Subject: [PATCH 0952/1209] chore(deps): update helm release cilium to v1.16.6 (#1340) Co-authored-by: Renovate Bot --- k8s/apps/cilium/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/helm.jsonnet b/k8s/apps/cilium/helm.jsonnet index 3dbb120b4..449a6d0ab 100644 --- a/k8s/apps/cilium/helm.jsonnet +++ b/k8s/apps/cilium/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'cilium', repoURL: 'https://helm.cilium.io/', - targetRevision: '1.16.5', + targetRevision: '1.16.6', values: (importstr 'values.yaml'), } From 888f351e5bdd4742d575e69931c12f94ef2cc042 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 22 Jan 2025 13:03:25 +0900 Subject: [PATCH 0953/1209] chore(deps): update renovate/renovate docker tag to v39.120.4 (#1341) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 679da9b64..7291638e2 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.120.3', + image: 'renovate/renovate:39.120.4', resources: { requests: { cpu: '500m', From 92fa5a5049cedf8872399ea8cf6ac833e0ba78cc Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 22 Jan 2025 05:11:51 +0000 Subject: [PATCH 0954/1209] chore(deps): update terraform cloudflare to v4.51.0 --- terraform/modules/cloudflare/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/cloudflare/provider.tf b/terraform/modules/cloudflare/provider.tf index 56f9c7170..219d4a989 100644 --- a/terraform/modules/cloudflare/provider.tf +++ b/terraform/modules/cloudflare/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "4.50.0" + version = "4.51.0" } } } From 0128da7ae67a223b086b94b1b3de7b28ced5799c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 22 Jan 2025 15:18:09 +0900 Subject: [PATCH 0955/1209] chore(deps): update renovate/renovate docker tag to v39.121.0 (#1343) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 7291638e2..88df77428 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.120.4', + image: 'renovate/renovate:39.121.0', resources: { requests: { cpu: '500m', From 225b15c3937c8c4971a62f16fe5a17c983c9d0cf Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 22 Jan 2025 16:28:07 +0900 Subject: [PATCH 0956/1209] chore(deps): update renovate/renovate docker tag to v39.122.0 (#1344) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 88df77428..c49f508a4 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.121.0', + image: 'renovate/renovate:39.122.0', resources: { requests: { cpu: '500m', From 6810610f705ab2fcf687476c2373a823fd31918c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 22 Jan 2025 08:02:14 +0000 Subject: [PATCH 0957/1209] chore(deps): update helm release longhorn to v1.8.0 --- k8s/apps/longhorn/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/longhorn/helm.jsonnet b/k8s/apps/longhorn/helm.jsonnet index 39a7e50c2..eec7c2ce6 100644 --- a/k8s/apps/longhorn/helm.jsonnet +++ b/k8s/apps/longhorn/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'longhorn', repoURL: 'https://charts.longhorn.io', - targetRevision: '1.7.2', + targetRevision: '1.8.0', values: (importstr 'values.yaml'), } From b3588cef0b36e6757f5954f0d7a4b6f18a79216d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 22 Jan 2025 18:57:41 +0900 Subject: [PATCH 0958/1209] chore: comment out unused ingress and environment configurations in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 14269245a..0cfb072f8 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -12,20 +12,20 @@ replicaCount: 2 ingress: enabled: true className: "cilium" - annotations: - cert-manager.io/cluster-issuer: 'letsencrypt-prod' + # annotations: + # cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: - host: auth.walnuts.dev paths: - path: / pathType: Prefix - tls: - - secretName: zitadel-tls - hosts: - - auth.walnuts.dev -# env: -# - name: ZITADEL_LOG_LEVEL -# value: "debug" + # tls: + # - secretName: zitadel-tls + # hosts: + # - auth.walnuts.dev + # env: + # - name: ZITADEL_LOG_LEVEL + # value: "debug" metrics: enabled: true serviceMonitor: From 5983ea7a3719ea7d56c623ab7a71026c08b9161e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 22 Jan 2025 18:58:21 +0900 Subject: [PATCH 0959/1209] chore: update ingress configuration in values.yaml to enable TLS and adjust annotations Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 0cfb072f8..14269245a 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -12,20 +12,20 @@ replicaCount: 2 ingress: enabled: true className: "cilium" - # annotations: - # cert-manager.io/cluster-issuer: 'letsencrypt-prod' + annotations: + cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: - host: auth.walnuts.dev paths: - path: / pathType: Prefix - # tls: - # - secretName: zitadel-tls - # hosts: - # - auth.walnuts.dev - # env: - # - name: ZITADEL_LOG_LEVEL - # value: "debug" + tls: + - secretName: zitadel-tls + hosts: + - auth.walnuts.dev +# env: +# - name: ZITADEL_LOG_LEVEL +# value: "debug" metrics: enabled: true serviceMonitor: From 12959e6dc16c260c7f4fdecd08a79f94e677889d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 22 Jan 2025 23:32:38 +0900 Subject: [PATCH 0960/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v9eedd9d4531f8db839eecb57856889cfb7eb6848-372 (#1346) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index e71018052..d578a0238 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:7dacbabadcf35a18524c58db4ab37e32cabe2d5c-371', + image: 'ghcr.io/walnuts1018/walnuts.dev:9eedd9d4531f8db839eecb57856889cfb7eb6848-372', imagePullPolicy: 'IfNotPresent', ports: [ { From 3d52ce12d8fd32683b1614cc0b0a58b65fadf523 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 01:02:38 +0900 Subject: [PATCH 0961/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.299.0 (#1347) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 053b2d61f..699c07ce2 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.298.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.299.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From 06bfc42c077f946f49b7775199d7a67713ab9ccd Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 01:47:59 +0900 Subject: [PATCH 0962/1209] chore(deps): update renovate/renovate docker tag to v39.122.1 (#1348) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index c49f508a4..7ea84a49d 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.122.0', + image: 'renovate/renovate:39.122.1', resources: { requests: { cpu: '500m', From 9cfd48da327e068dd172b74e1608d15ccb8ca8fc Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 02:27:44 +0900 Subject: [PATCH 0963/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v24ad777d637fb7d5c0873de79a2aaefd29f55a90-374 (#1349) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index d578a0238..afbeb08ae 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:9eedd9d4531f8db839eecb57856889cfb7eb6848-372', + image: 'ghcr.io/walnuts1018/walnuts.dev:24ad777d637fb7d5c0873de79a2aaefd29f55a90-374', imagePullPolicy: 'IfNotPresent', ports: [ { From 4e28818fafd5734778ce3dc0f430e2645f94ccbe Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 22 Jan 2025 19:01:52 +0000 Subject: [PATCH 0964/1209] chore(deps): update dependency hashicorp/terraform to v1.10.5 --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 699c07ce2..fd0e722c6 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -11,4 +11,4 @@ registries: ref: v4.299.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 -- name: hashicorp/terraform@v1.10.4 +- name: hashicorp/terraform@v1.10.5 From 5a4100a73aef2cfb6a45c9e8653da4f609f69ddf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 23 Jan 2025 04:07:32 +0900 Subject: [PATCH 0965/1209] chore: move backup target settings to defaultBackupStore in longhorn values Signed-off-by: walnuts1018 --- k8s/apps/longhorn/values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/k8s/apps/longhorn/values.yaml b/k8s/apps/longhorn/values.yaml index d0aa2128f..6d0b8d8e8 100644 --- a/k8s/apps/longhorn/values.yaml +++ b/k8s/apps/longhorn/values.yaml @@ -1,8 +1,6 @@ defaultSettings: allowNodeDrainWithLastHealthyReplica: true orphanAutoDeletion: true - backupTarget: "cifs://samba.walnuts.dev/share/longhorn" - backupTargetCredentialSecret: "cifs-secret" defaultReplicaCount: 2 csi: attacherReplicaCount: 2 @@ -27,3 +25,7 @@ longhornRecoveryBackend: metrics: serviceMonitor: enabled: true + +defaultBackupStore: + backupTarget: "cifs://samba.walnuts.dev/share/longhorn" + backupTargetCredentialSecret: "cifs-secret" From 1d40c13266777d0c4ff58ffea55cde13eadf6bbd Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 04:13:25 +0900 Subject: [PATCH 0966/1209] chore(deps): update renovate/renovate docker tag to v39.122.3 (#1351) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 7ea84a49d..f8608460a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.122.1', + image: 'renovate/renovate:39.122.3', resources: { requests: { cpu: '500m', From c6c1642fd87adaaa41404944e714bdda270f614e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 05:53:16 +0900 Subject: [PATCH 0967/1209] chore(deps): update renovate/renovate docker tag to v39.123.0 (#1352) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index f8608460a..453a3958d 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.122.3', + image: 'renovate/renovate:39.123.0', resources: { requests: { cpu: '500m', From 6d318a29299c00c70672c52be1cbd1e21080dd6a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 07:38:02 +0900 Subject: [PATCH 0968/1209] chore(deps): update renovate/renovate docker tag to v39.124.0 (#1353) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 453a3958d..38deabfad 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.123.0', + image: 'renovate/renovate:39.124.0', resources: { requests: { cpu: '500m', From f31f982a77b91c993300d921a9208f90c5752e66 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 14:07:46 +0900 Subject: [PATCH 0969/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to ac80b4ee9082e62adcdfdbf5bade82a1d630e448-375 (#1354) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index afbeb08ae..11b66a2d2 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:24ad777d637fb7d5c0873de79a2aaefd29f55a90-374', + image: 'ghcr.io/walnuts1018/walnuts.dev:ac80b4ee9082e62adcdfdbf5bade82a1d630e448-375', imagePullPolicy: 'IfNotPresent', ports: [ { From 89e3835c7e448d69d56ea15e38b1ef981f1de538 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 23 Jan 2025 16:02:43 +0900 Subject: [PATCH 0970/1209] feat(redis): add Redis configuration and disable Memcached for Loki Signed-off-by: walnuts1018 --- k8s/apps/loki/redis.jsonnet | 37 ++++++++ k8s/apps/loki/values.yaml | 178 +++++++++++++++++++++++++++++++++--- 2 files changed, 201 insertions(+), 14 deletions(-) create mode 100644 k8s/apps/loki/redis.jsonnet diff --git a/k8s/apps/loki/redis.jsonnet b/k8s/apps/loki/redis.jsonnet new file mode 100644 index 000000000..be2e3ef22 --- /dev/null +++ b/k8s/apps/loki/redis.jsonnet @@ -0,0 +1,37 @@ +{ + apiVersion: 'redis.redis.opstreelabs.in/v1beta2', + kind: 'Redis', + metadata: { + name: (import 'app.json5').name + '-redis', + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + kubernetesConfig: { + image: 'quay.io/opstree/redis:v7.0.12', + imagePullPolicy: 'IfNotPresent', + redisSecret: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'redispassword', + }, + }, + storage: { + volumeClaimTemplate: { + spec: { + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '1Gi', + }, + }, + }, + }, + }, + podSecurityContext: { + fsGroup: 1000, + runAsUser: 1000, + }, + }, +} diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 532b17568..2b5cb37fb 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -46,6 +46,168 @@ loki: enabled: true desired_rate: 104857600 # 10MiB reject_old_samples: false + config: | + {{- if .Values.enterprise.enabled}} + {{- tpl .Values.enterprise.config . }} + {{- else }} + auth_enabled: {{ .Values.loki.auth_enabled }} + {{- end }} + + {{- with .Values.loki.server }} + server: + {{- toYaml . | nindent 2}} + {{- end}} + + pattern_ingester: + enabled: {{ .Values.loki.pattern_ingester.enabled }} + + memberlist: + {{- if .Values.loki.memberlistConfig }} + {{- toYaml .Values.loki.memberlistConfig | nindent 2 }} + {{- else }} + {{- if .Values.loki.extraMemberlistConfig}} + {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}} + {{- end }} + join_members: + - {{ include "loki.memberlist" . }} + {{- with .Values.migrate.fromDistributed }} + {{- if .enabled }} + - {{ .memberlistService }} + {{- end }} + {{- end }} + {{- end }} + + {{- with .Values.loki.ingester }} + ingester: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- if .Values.loki.commonConfig}} + common: + {{- toYaml .Values.loki.commonConfig | nindent 2}} + storage: + {{- include "loki.commonStorageConfig" . | nindent 4}} + {{- end}} + + {{- with .Values.loki.limits_config }} + limits_config: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + runtime_config: + file: /etc/loki/runtime-config/runtime-config.yaml + + {{- with .Values.chunksCache }} + chunk_store_config: + chunk_cache_config: + default_validity: {{ .defaultValidity }} + background: + writeback_goroutines: {{ .writebackParallelism }} + writeback_buffer: {{ .writebackBuffer }} + writeback_size_limit: {{ .writebackSizeLimit }} + redis: + endpoint: "TODO" + tls_enabled: true + tls_insecure_skip_verify: true + db: 0 + {{- end }} + + {{- if .Values.loki.schemaConfig }} + schema_config: + {{- toYaml .Values.loki.schemaConfig | nindent 2}} + {{- end }} + + {{- if .Values.loki.useTestSchema }} + schema_config: + {{- toYaml .Values.loki.testSchemaConfig | nindent 2}} + {{- end }} + + {{ include "loki.rulerConfig" . }} + + {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }} + table_manager: + retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }} + retention_period: {{ .Values.tableManager.retention_period }} + {{- end }} + + query_range: + align_queries_with_step: true + {{- with .Values.loki.query_range }} + {{- tpl (. | toYaml) $ | nindent 2 }} + {{- end }} + {{- with .Values.resultsCache }} + cache_results: true + results_cache: + cache: + default_validity: {{ .defaultValidity }} + background: + writeback_goroutines: {{ .writebackParallelism }} + writeback_buffer: {{ .writebackBuffer }} + writeback_size_limit: {{ .writebackSizeLimit }} + redis: + endpoint: "TODO" + tls_enabled: true + tls_insecure_skip_verify: true + db: 1 + {{- end }} + + {{- with .Values.loki.storage_config }} + storage_config: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.query_scheduler }} + query_scheduler: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.compactor }} + compactor: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.analytics }} + analytics: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.querier }} + querier: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.index_gateway }} + index_gateway: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.frontend }} + frontend: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.frontend_worker }} + frontend_worker: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.distributor }} + distributor: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + tracing: + enabled: {{ .Values.loki.tracing.enabled }} + + {{- with .Values.loki.bloom_build }} + bloom_build: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} + + {{- with .Values.loki.bloom_gateway }} + bloom_gateway: + {{- tpl (. | toYaml) $ | nindent 4 }} + {{- end }} write: replicas: 2 @@ -195,18 +357,6 @@ sidecar: cpu: 5m memory: 100Mi chunksCache: - allocatedMemory: 8192 - resources: - requests: - cpu: 50m - memory: 4Gi - limits: - memory: 9830Mi + enabled: false # Memcached Podをデプロイしない resultsCache: - allocatedMemory: 1024 - resources: - requests: - cpu: 50m - memory: 1Gi - limits: - memory: 1229Mi + enabled: false # Memcached Podをデプロイしない From 96e9be89cc13da528612df466768d494c0f66745 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 23 Jan 2025 16:03:51 +0900 Subject: [PATCH 0971/1209] feat(loki): update Redis configuration with endpoint and disable TLS Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 2b5cb37fb..1e53de2d5 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -106,9 +106,8 @@ loki: writeback_buffer: {{ .writebackBuffer }} writeback_size_limit: {{ .writebackSizeLimit }} redis: - endpoint: "TODO" - tls_enabled: true - tls_insecure_skip_verify: true + endpoint: "loki-redis" + tls_enabled: false db: 0 {{- end }} @@ -145,9 +144,8 @@ loki: writeback_buffer: {{ .writebackBuffer }} writeback_size_limit: {{ .writebackSizeLimit }} redis: - endpoint: "TODO" - tls_enabled: true - tls_insecure_skip_verify: true + endpoint: "loki-redis" + tls_enabled: false db: 1 {{- end }} From a4db02d0120b2c9e91aec5e9c5cb9b798c3aac12 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 23 Jan 2025 16:07:05 +0900 Subject: [PATCH 0972/1209] feat(loki): update external secret configuration and add Redis password reference Signed-off-by: walnuts1018 --- k8s/apps/loki/external-secret.jsonnet | 9 ++++++++- k8s/apps/loki/values.yaml | 6 +++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/k8s/apps/loki/external-secret.jsonnet b/k8s/apps/loki/external-secret.jsonnet index 22ee69fcf..3b78511ef 100644 --- a/k8s/apps/loki/external-secret.jsonnet +++ b/k8s/apps/loki/external-secret.jsonnet @@ -1,5 +1,5 @@ (import '../../components/external-secret.libsonnet') { - name: (import 'app.json5').name + '-minio', + name: (import 'app.json5').name, use_suffix: false, data: [ { @@ -16,5 +16,12 @@ property: 'minio-secret-key', }, }, + { + secretKey: 'redispassword', + remoteRef: { + key: 'redis', + property: 'password', + }, + }, ], } diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 1e53de2d5..80579c0f2 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -225,7 +225,7 @@ write: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki-minio + name: loki persistence: volumeClaimsEnabled: false dataVolumeParameters: @@ -262,7 +262,7 @@ read: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki-minio + name: loki affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: [] @@ -295,7 +295,7 @@ backend: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki-minio + name: loki persistence: volumeClaimsEnabled: false dataVolumeParameters: From ac995f7504161bf91afd28cd470d72bc99259d16 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 23 Jan 2025 16:09:04 +0900 Subject: [PATCH 0973/1209] feat(loki): update Redis endpoint to include port number Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 80579c0f2..ab9ae540d 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -106,7 +106,7 @@ loki: writeback_buffer: {{ .writebackBuffer }} writeback_size_limit: {{ .writebackSizeLimit }} redis: - endpoint: "loki-redis" + endpoint: "loki-redis:6379" tls_enabled: false db: 0 {{- end }} @@ -144,7 +144,7 @@ loki: writeback_buffer: {{ .writebackBuffer }} writeback_size_limit: {{ .writebackSizeLimit }} redis: - endpoint: "loki-redis" + endpoint: "loki-redis:6379" tls_enabled: false db: 1 {{- end }} From bb2b8030badb4533083e1e0a9df803a84033b047 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 23 Jan 2025 16:10:34 +0900 Subject: [PATCH 0974/1209] feat(loki): remove Redis password reference from configuration Signed-off-by: walnuts1018 --- k8s/apps/loki/redis.jsonnet | 4 ---- 1 file changed, 4 deletions(-) diff --git a/k8s/apps/loki/redis.jsonnet b/k8s/apps/loki/redis.jsonnet index be2e3ef22..b9f10c568 100644 --- a/k8s/apps/loki/redis.jsonnet +++ b/k8s/apps/loki/redis.jsonnet @@ -10,10 +10,6 @@ kubernetesConfig: { image: 'quay.io/opstree/redis:v7.0.12', imagePullPolicy: 'IfNotPresent', - redisSecret: { - name: (import 'external-secret.jsonnet').metadata.name, - key: 'redispassword', - }, }, storage: { volumeClaimTemplate: { From 599e718093e3c1474b13d906bf251e14c031504d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 23 Jan 2025 16:12:26 +0900 Subject: [PATCH 0975/1209] feat(loki): add Redis secret configuration for password retrieval Signed-off-by: walnuts1018 --- k8s/apps/loki/redis.jsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/loki/redis.jsonnet b/k8s/apps/loki/redis.jsonnet index b9f10c568..be2e3ef22 100644 --- a/k8s/apps/loki/redis.jsonnet +++ b/k8s/apps/loki/redis.jsonnet @@ -10,6 +10,10 @@ kubernetesConfig: { image: 'quay.io/opstree/redis:v7.0.12', imagePullPolicy: 'IfNotPresent', + redisSecret: { + name: (import 'external-secret.jsonnet').metadata.name, + key: 'redispassword', + }, }, storage: { volumeClaimTemplate: { From 6e77dc5024caefa309159dcb38786663868dd0c8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 23 Jan 2025 16:20:06 +0900 Subject: [PATCH 0976/1209] feat(loki): remove Redis configuration and update secret references Signed-off-by: walnuts1018 --- k8s/apps/loki/redis.jsonnet | 37 -------- k8s/apps/loki/values.yaml | 182 ++++-------------------------------- 2 files changed, 17 insertions(+), 202 deletions(-) delete mode 100644 k8s/apps/loki/redis.jsonnet diff --git a/k8s/apps/loki/redis.jsonnet b/k8s/apps/loki/redis.jsonnet deleted file mode 100644 index be2e3ef22..000000000 --- a/k8s/apps/loki/redis.jsonnet +++ /dev/null @@ -1,37 +0,0 @@ -{ - apiVersion: 'redis.redis.opstreelabs.in/v1beta2', - kind: 'Redis', - metadata: { - name: (import 'app.json5').name + '-redis', - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - kubernetesConfig: { - image: 'quay.io/opstree/redis:v7.0.12', - imagePullPolicy: 'IfNotPresent', - redisSecret: { - name: (import 'external-secret.jsonnet').metadata.name, - key: 'redispassword', - }, - }, - storage: { - volumeClaimTemplate: { - spec: { - accessModes: [ - 'ReadWriteOnce', - ], - resources: { - requests: { - storage: '1Gi', - }, - }, - }, - }, - }, - podSecurityContext: { - fsGroup: 1000, - runAsUser: 1000, - }, - }, -} diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index ab9ae540d..532b17568 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -46,166 +46,6 @@ loki: enabled: true desired_rate: 104857600 # 10MiB reject_old_samples: false - config: | - {{- if .Values.enterprise.enabled}} - {{- tpl .Values.enterprise.config . }} - {{- else }} - auth_enabled: {{ .Values.loki.auth_enabled }} - {{- end }} - - {{- with .Values.loki.server }} - server: - {{- toYaml . | nindent 2}} - {{- end}} - - pattern_ingester: - enabled: {{ .Values.loki.pattern_ingester.enabled }} - - memberlist: - {{- if .Values.loki.memberlistConfig }} - {{- toYaml .Values.loki.memberlistConfig | nindent 2 }} - {{- else }} - {{- if .Values.loki.extraMemberlistConfig}} - {{- toYaml .Values.loki.extraMemberlistConfig | nindent 2}} - {{- end }} - join_members: - - {{ include "loki.memberlist" . }} - {{- with .Values.migrate.fromDistributed }} - {{- if .enabled }} - - {{ .memberlistService }} - {{- end }} - {{- end }} - {{- end }} - - {{- with .Values.loki.ingester }} - ingester: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- if .Values.loki.commonConfig}} - common: - {{- toYaml .Values.loki.commonConfig | nindent 2}} - storage: - {{- include "loki.commonStorageConfig" . | nindent 4}} - {{- end}} - - {{- with .Values.loki.limits_config }} - limits_config: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - runtime_config: - file: /etc/loki/runtime-config/runtime-config.yaml - - {{- with .Values.chunksCache }} - chunk_store_config: - chunk_cache_config: - default_validity: {{ .defaultValidity }} - background: - writeback_goroutines: {{ .writebackParallelism }} - writeback_buffer: {{ .writebackBuffer }} - writeback_size_limit: {{ .writebackSizeLimit }} - redis: - endpoint: "loki-redis:6379" - tls_enabled: false - db: 0 - {{- end }} - - {{- if .Values.loki.schemaConfig }} - schema_config: - {{- toYaml .Values.loki.schemaConfig | nindent 2}} - {{- end }} - - {{- if .Values.loki.useTestSchema }} - schema_config: - {{- toYaml .Values.loki.testSchemaConfig | nindent 2}} - {{- end }} - - {{ include "loki.rulerConfig" . }} - - {{- if or .Values.tableManager.retention_deletes_enabled .Values.tableManager.retention_period }} - table_manager: - retention_deletes_enabled: {{ .Values.tableManager.retention_deletes_enabled }} - retention_period: {{ .Values.tableManager.retention_period }} - {{- end }} - - query_range: - align_queries_with_step: true - {{- with .Values.loki.query_range }} - {{- tpl (. | toYaml) $ | nindent 2 }} - {{- end }} - {{- with .Values.resultsCache }} - cache_results: true - results_cache: - cache: - default_validity: {{ .defaultValidity }} - background: - writeback_goroutines: {{ .writebackParallelism }} - writeback_buffer: {{ .writebackBuffer }} - writeback_size_limit: {{ .writebackSizeLimit }} - redis: - endpoint: "loki-redis:6379" - tls_enabled: false - db: 1 - {{- end }} - - {{- with .Values.loki.storage_config }} - storage_config: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.query_scheduler }} - query_scheduler: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.compactor }} - compactor: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.analytics }} - analytics: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.querier }} - querier: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.index_gateway }} - index_gateway: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.frontend }} - frontend: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.frontend_worker }} - frontend_worker: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.distributor }} - distributor: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - tracing: - enabled: {{ .Values.loki.tracing.enabled }} - - {{- with .Values.loki.bloom_build }} - bloom_build: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} - - {{- with .Values.loki.bloom_gateway }} - bloom_gateway: - {{- tpl (. | toYaml) $ | nindent 4 }} - {{- end }} write: replicas: 2 @@ -225,7 +65,7 @@ write: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki + name: loki-minio persistence: volumeClaimsEnabled: false dataVolumeParameters: @@ -262,7 +102,7 @@ read: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki + name: loki-minio affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: [] @@ -295,7 +135,7 @@ backend: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki + name: loki-minio persistence: volumeClaimsEnabled: false dataVolumeParameters: @@ -355,6 +195,18 @@ sidecar: cpu: 5m memory: 100Mi chunksCache: - enabled: false # Memcached Podをデプロイしない + allocatedMemory: 8192 + resources: + requests: + cpu: 50m + memory: 4Gi + limits: + memory: 9830Mi resultsCache: - enabled: false # Memcached Podをデプロイしない + allocatedMemory: 1024 + resources: + requests: + cpu: 50m + memory: 1Gi + limits: + memory: 1229Mi From 171a3b7e6af6cac3dfde4d0c1efec5ae867f2a5d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 18:12:45 +0900 Subject: [PATCH 0977/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v0400d1306b43c87468aaaa5f59941b1d9f0df4e3-376 (#1355) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 11b66a2d2..095aaec46 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:ac80b4ee9082e62adcdfdbf5bade82a1d630e448-375', + image: 'ghcr.io/walnuts1018/walnuts.dev:0400d1306b43c87468aaaa5f59941b1d9f0df4e3-376', imagePullPolicy: 'IfNotPresent', ports: [ { From b58a65d80ad1f85e4d811c97281d4b729fa0f50b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 19:18:06 +0900 Subject: [PATCH 0978/1209] chore(deps): update renovate/renovate docker tag to v39.125.0 (#1356) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 38deabfad..10417fc9f 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.124.0', + image: 'renovate/renovate:39.125.0', resources: { requests: { cpu: '500m', From 7afc3c9214c653ff7d9dbe125a49cfd0c4810e3f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 20:53:06 +0900 Subject: [PATCH 0979/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.300.0 (#1357) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 699c07ce2..ddf988730 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.299.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.300.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.4 From 21d2c9a6a86979c3da14e0d716b14cc103ee7aca Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 21:08:43 +0900 Subject: [PATCH 0980/1209] chore(deps): update renovate/renovate docker tag to v39.125.1 (#1358) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 10417fc9f..9d6733ad2 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.125.0', + image: 'renovate/renovate:39.125.1', resources: { requests: { cpu: '500m', From 2b083d5cf06ec9d49ddcb668a3736b029d3b53d3 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 23 Jan 2025 21:57:41 +0900 Subject: [PATCH 0981/1209] chore(deps): update ghcr.io/cybozu-go/moco/mysql docker tag to v8.4.4 (#1359) Co-authored-by: Renovate Bot --- k8s/apps/mysql-default/mysql-cluster.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mysql-default/mysql-cluster.jsonnet b/k8s/apps/mysql-default/mysql-cluster.jsonnet index de8bc1904..f893c93de 100644 --- a/k8s/apps/mysql-default/mysql-cluster.jsonnet +++ b/k8s/apps/mysql-default/mysql-cluster.jsonnet @@ -69,7 +69,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'mysqld', - image: 'ghcr.io/cybozu-go/moco/mysql:8.4.3', + image: 'ghcr.io/cybozu-go/moco/mysql:8.4.4', resources: { requests: { memory: '400Mi', From a0b48ee35a0d5080eef552bd1e698a244bcdc901 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 01:13:12 +0900 Subject: [PATCH 0982/1209] chore(deps): update renovate/renovate docker tag to v39.126.0 (#1360) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 9d6733ad2..71280f8a7 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.125.1', + image: 'renovate/renovate:39.126.0', resources: { requests: { cpu: '500m', From d74025d0440df57bd7175e68f7c529bdc9dc36b6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 04:42:57 +0900 Subject: [PATCH 0983/1209] chore(deps): update renovate/renovate docker tag to v39.126.1 (#1361) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 71280f8a7..84840ae2b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.126.0', + image: 'renovate/renovate:39.126.1', resources: { requests: { cpu: '500m', From bab24d5a583245cde2e3dd02e43b799c016c0265 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 05:40:05 +0900 Subject: [PATCH 0984/1209] chore(deps): update registry-1.docker.io/bitnamicharts/mariadb docker tag to v20.2.2 (#1362) Co-authored-by: Renovate Bot --- k8s/apps/photoprism/mariadb/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/photoprism/mariadb/helm.jsonnet b/k8s/apps/photoprism/mariadb/helm.jsonnet index f255d909f..0a6ba0442 100644 --- a/k8s/apps/photoprism/mariadb/helm.jsonnet +++ b/k8s/apps/photoprism/mariadb/helm.jsonnet @@ -2,6 +2,6 @@ name: (import '../app.json5').name + '-mariadb', namespace: (import '../app.json5').namespace, ociChartURL: 'registry-1.docker.io/bitnamicharts/mariadb', - targetRevision: '20.2.1', + targetRevision: '20.2.2', values: (importstr 'values.yaml'), } From 26ec6fbb5e6c12d0d1bce4353f848d4b96794875 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 06:13:39 +0900 Subject: [PATCH 0985/1209] test Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 14269245a..0cfb072f8 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -12,20 +12,20 @@ replicaCount: 2 ingress: enabled: true className: "cilium" - annotations: - cert-manager.io/cluster-issuer: 'letsencrypt-prod' + # annotations: + # cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: - host: auth.walnuts.dev paths: - path: / pathType: Prefix - tls: - - secretName: zitadel-tls - hosts: - - auth.walnuts.dev -# env: -# - name: ZITADEL_LOG_LEVEL -# value: "debug" + # tls: + # - secretName: zitadel-tls + # hosts: + # - auth.walnuts.dev + # env: + # - name: ZITADEL_LOG_LEVEL + # value: "debug" metrics: enabled: true serviceMonitor: From 4246f5976cfa05a3ad80768622823974f66652da Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 23 Jan 2025 21:16:50 +0000 Subject: [PATCH 0986/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v24357dc439599a0a350295911a8d534849cd8d2e-377 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 095aaec46..568207230 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:0400d1306b43c87468aaaa5f59941b1d9f0df4e3-376', + image: 'ghcr.io/walnuts1018/walnuts.dev:24357dc439599a0a350295911a8d534849cd8d2e-377', imagePullPolicy: 'IfNotPresent', ports: [ { From 9c066541e1df0b9077066bdad328370ba99c7ad3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 06:43:07 +0900 Subject: [PATCH 0987/1209] chore(terraform): update Cloudflare provider version and enable Rocket Loader Signed-off-by: walnuts1018 --- terraform/kurumi/.terraform.lock.hcl | 68 ++++++++++---------- terraform/modules/cloudflare/ruleset.tf | 6 +- terraform/modules/cloudflare/zone_setting.tf | 9 +++ 3 files changed, 46 insertions(+), 37 deletions(-) create mode 100644 terraform/modules/cloudflare/zone_setting.tf diff --git a/terraform/kurumi/.terraform.lock.hcl b/terraform/kurumi/.terraform.lock.hcl index 276f99455..e8e97ad13 100644 --- a/terraform/kurumi/.terraform.lock.hcl +++ b/terraform/kurumi/.terraform.lock.hcl @@ -2,47 +2,47 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/cloudflare/cloudflare" { - version = "4.48.0" - constraints = "4.48.0" + version = "4.51.0" + constraints = "4.51.0" hashes = [ - "h1:Uu/gjBc99GefdPdSrlBwU75DWU0ZcwGcrd3ZFyTeL0s=", - "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c", - "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997", - "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b", - "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb", - "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153", - "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8", - "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f", - "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04", - "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937", - "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49", + "h1:X2qQ1ctGGBg8FujzjDUHyhFbyQTZ6nJYZY/T1WfNlH8=", + "zh:0b58993b11326a6fefa51896bcd54ac56fcfc44ad75b0cef4bfaddf4c75bedf6", + "zh:0e80ad26ac8c72a58b8a55ca77249b34a1c62264f267700c0f284ca0ccd6eea6", + "zh:12202eeda021cef6c353d58d763d4ff74950b4c81d3a39c5bd371558f490f4ac", + "zh:1ab0e050598bac739f8596549394d798993738278917604fc7a47b9247b8d5c7", + "zh:46f0981f71ce81ea24065264a55da8823a6776434a1507f6b33bbc2dafb94be3", + "zh:48401cde69498dee4fd6892f7dd3d92fedb1ed0d533790b4d418815320fb502f", + "zh:4be3212ad0a474ea865d25da0ab22288dcc9fce6ed51e39b45f5a5a71a6a903c", + "zh:5ff79f144a2f3bdb00d5cd0de15667b41ac57794e0c7788f25d3c6281227f9e2", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c", - "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532", - "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f", - "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758", + "zh:89dc2b2f2ec3c03e42f0f348ec9f4c6deb7a86ae3594f35216c7439672cd214b", + "zh:8f055df13e2f7f158c6d6edc7fa2053c16781ee90cb812a1519bce7378447244", + "zh:a00bb5787cf3a252fcaa512ebbf7bb1234853ac745288dc733bed0c95046e9ae", + "zh:df3d303d74643f7a269202af8a425472e605a9d97bb4a3886a6ff9dc294b8df8", + "zh:e686cc60854151a6c7e154fb1ea6b3b885177d1effc76c259dc68de38743a1fb", + "zh:f54159d55ecef0966f9e278d02fa7898c7065d9d646c75f286262f230bbea0a3", ] } provider "registry.terraform.io/hashicorp/aws" { - version = "5.80.0" - constraints = "~> 5.80.0" + version = "5.84.0" + constraints = "~> 5.84.0" hashes = [ - "h1:Qg45JNIes88ZwSZ2q3cMHE08GmBTOIOvcNSshQlG7zs=", - "zh:0b1655e39639d60f2de2860a5df8642f9556ba0ca04529c1b861fde4935cb0df", - "zh:13dc0155e0a11edceee29ce687fc04c5a5a85f3324c67556472713cfd52e5807", - "zh:180f6cb2be44be14cfe329e0649121b774319f083b6e4e8fb749f85090d73121", - "zh:3158d44b74c67465f7f19f22c42b643840c8d18ce833e2ec86e8d93085b06926", - "zh:6351b5bf7cde5dc83e926944891570636069e05ca43341f4d1feda67773469bf", - "zh:6fa9db1532096ba50e842d369b6688979306d2295c7ead49b8a266b0d60962cc", - "zh:85d2fe75def7619ff2cc29102048875039cad088fafb62ecc14c3763e7b1e9d9", - "zh:9028d653f1d7341c6dfe2afe961b6541581e9043a474eac2faf90e6426a24f6d", + "h1:EJLTu1eqP93P4+DexFZHnuMCwEapkmHhEUirUT+tjZw=", + "zh:078f77438aba6ec8bf9154b7d223e5c71c48d805d6cd3bcf9db0cc1e82668ac3", + "zh:1f6591ff96be00501e71b792ed3a5a14b21ff03afec9a1c4a3fd9300e6e5b674", + "zh:2ab694e022e81dd74485351c5836148a842ed71cf640664c9d871cb517b09602", + "zh:33c8ccb6e3dc496e828a7572dd981366c6271075c1189f249b9b5236361d7eff", + "zh:6f31068ebad1d627e421c72ccdaafe678c53600ca73714e977bf45ff43ae5d17", + "zh:7488623dccfb639347cae66f9001d39cf06b92e8081975235a1ac3a0ac3f44aa", + "zh:7f042b78b9690a8725c95b91a70fc8e264011b836605bcc342ac297b9ea3937d", + "zh:88b56ac6c7209dc0a775b79975a371918f3aed8f015c37d5899f31deff37c61a", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9c4e248c442bc60f07f9f089e5361f19936833370dc3c04b27916672b765f0e1", - "zh:a710a3979596e3f3938c3ec6bb748e604724d3a4afa96ed2c14f0a245cc41a11", - "zh:c27936bdf447779d0c0833bf52a9ef618985f5ea8e3e243d6266513520ca31c4", - "zh:c7681134a123486e72eaedc3f8d2d75e267dbbfd45fa7de5aea8f757af57f89b", - "zh:ea717ebad3561fd02591f9eecf30f3df5635405556fba2bdbf29fd42691bebac", - "zh:f4e1e8f23c58c3e8f4371f9c3379a723ab4155246e6b6daad8eb99e16666b2cb", + "zh:a1979ba840d704af0932f8de5f541cbb4caa9b6bbd25ed552a24e6772175ba07", + "zh:b058c0533dae580e69d1adbc1f69e6a80632374abfc10e8634d06187a108e87b", + "zh:c88610af9cf957f8dcf4382e0c9ca566ef10e3290f5de01d4d90b2d81b078aa8", + "zh:e9562c055a2247d0c287772b55abef468c79f8d66a74780fe1c5e5dae1a284a9", + "zh:f7a7c71d28441d925a25c08c4485c015b2d9f0338bc9707443e91ff8e161d3d9", + "zh:fee533e81976d0900aa6fa443dc54ef171cbd901847f28a6e8edb1d161fa6fde", ] } diff --git a/terraform/modules/cloudflare/ruleset.tf b/terraform/modules/cloudflare/ruleset.tf index 692438cfa..9736b040d 100644 --- a/terraform/modules/cloudflare/ruleset.tf +++ b/terraform/modules/cloudflare/ruleset.tf @@ -5,13 +5,13 @@ resource "cloudflare_ruleset" "terraform_managed_resource_304092e7f9904942998f39 zone_id = cloudflare_zone.walnuts_dev.id rules { action = "set_config" - description = "disable Rocket Loader" + description = "enable Rocket Loader" enabled = true - expression = "(http.host eq \"hedgedoc.walnuts.dev\") or (http.host eq \"misskey.walnuts.dev\") or (http.host eq \"nextcloud.walnuts.dev\")" + expression = "(http.host eq \"walnuts.dev\") or (http.host eq \"minio.walnuts.dev\")" ref = "9c1ef58603494a50af7855c3263e6bdf" action_parameters { - rocket_loader = false + rocket_loader = true } } } diff --git a/terraform/modules/cloudflare/zone_setting.tf b/terraform/modules/cloudflare/zone_setting.tf new file mode 100644 index 000000000..98dabea14 --- /dev/null +++ b/terraform/modules/cloudflare/zone_setting.tf @@ -0,0 +1,9 @@ +resource "cloudflare_zone_settings_override" "walnuts_dev" { + zone_id = cloudflare_zone.walnuts_dev.id + settings { + always_online = "on" + rocket_loader = "off" + speed_brain = "on" + early_hints = "on" + } +} From 623122a78f8c9b68a97d0e412703176fd35da7a5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 06:43:29 +0900 Subject: [PATCH 0988/1209] enable TLS Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 0cfb072f8..14269245a 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -12,20 +12,20 @@ replicaCount: 2 ingress: enabled: true className: "cilium" - # annotations: - # cert-manager.io/cluster-issuer: 'letsencrypt-prod' + annotations: + cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: - host: auth.walnuts.dev paths: - path: / pathType: Prefix - # tls: - # - secretName: zitadel-tls - # hosts: - # - auth.walnuts.dev - # env: - # - name: ZITADEL_LOG_LEVEL - # value: "debug" + tls: + - secretName: zitadel-tls + hosts: + - auth.walnuts.dev +# env: +# - name: ZITADEL_LOG_LEVEL +# value: "debug" metrics: enabled: true serviceMonitor: From 71ef63d7e86479a0b35601b50529494d324185f5 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 06:56:48 +0900 Subject: [PATCH 0989/1209] test Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 14269245a..132ab8821 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,6 +1,6 @@ zitadel: configmapConfig: - ExternalDomain: auth.walnuts.dev + ExternalDomain: localhost:8080 TLS: Enabled: false ExternalPort: 443 From ed19699a2a53f03cba1bde1012f788bb661c6b07 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 06:58:26 +0900 Subject: [PATCH 0990/1209] fix(zitadel): update external domain and port configuration Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 132ab8821..53a40cae4 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,10 +1,10 @@ zitadel: configmapConfig: - ExternalDomain: localhost:8080 + ExternalDomain: localhost TLS: Enabled: false - ExternalPort: 443 - ExternalSecure: true + ExternalPort: 8080 + ExternalSecure: false masterkeySecretName: "zitadel" configSecretName: zitadel configSecretKey: "config.yaml" From 8e916e0554beb89091534fd8035f5f9666995a73 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:01:34 +0900 Subject: [PATCH 0991/1209] fix(zitadel): update external domain and enable TLS with secure port Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 53a40cae4..14269245a 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,10 +1,10 @@ zitadel: configmapConfig: - ExternalDomain: localhost + ExternalDomain: auth.walnuts.dev TLS: Enabled: false - ExternalPort: 8080 - ExternalSecure: false + ExternalPort: 443 + ExternalSecure: true masterkeySecretName: "zitadel" configSecretName: zitadel configSecretKey: "config.yaml" From 1ff639e911884ae2604c92ddd0b64fd7614db61d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:07:21 +0900 Subject: [PATCH 0992/1209] fix(zitadel): change ingress class from cilium to nginx Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 14269245a..0242eceec 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -11,7 +11,7 @@ zitadel: replicaCount: 2 ingress: enabled: true - className: "cilium" + className: "nginx" annotations: cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: From 3d6a5e7cb8b0c5f46b2e773aefa6b2c92757af20 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:08:15 +0900 Subject: [PATCH 0993/1209] fix(zitadel): change ingress class from nginx to cilium Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 0242eceec..2e11569c8 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -11,7 +11,7 @@ zitadel: replicaCount: 2 ingress: enabled: true - className: "nginx" + className: "cilium" annotations: cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: @@ -19,13 +19,13 @@ ingress: paths: - path: / pathType: Prefix - tls: - - secretName: zitadel-tls - hosts: - - auth.walnuts.dev -# env: -# - name: ZITADEL_LOG_LEVEL -# value: "debug" + # tls: + # - secretName: zitadel-tls + # hosts: + # - auth.walnuts.dev + # env: + # - name: ZITADEL_LOG_LEVEL + # value: "debug" metrics: enabled: true serviceMonitor: From ab25e026f28e599dadf3718a6f6442ebb505a5ea Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:10:32 +0900 Subject: [PATCH 0994/1209] fix(zitadel): comment out cert-manager annotations in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 2e11569c8..0cfb072f8 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -12,8 +12,8 @@ replicaCount: 2 ingress: enabled: true className: "cilium" - annotations: - cert-manager.io/cluster-issuer: 'letsencrypt-prod' + # annotations: + # cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: - host: auth.walnuts.dev paths: From e140a190aca8e90f6f5645e31487229e5504709e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:15:23 +0900 Subject: [PATCH 0995/1209] fix(zitadel): comment out configmapConfig settings in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 0cfb072f8..187f581e0 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,10 +1,10 @@ zitadel: - configmapConfig: - ExternalDomain: auth.walnuts.dev - TLS: - Enabled: false - ExternalPort: 443 - ExternalSecure: true + # configmapConfig: + # ExternalDomain: auth.walnuts.dev + # TLS: + # Enabled: false + # ExternalPort: 443 + # ExternalSecure: true masterkeySecretName: "zitadel" configSecretName: zitadel configSecretKey: "config.yaml" From 47b2e54dd5d7863ba252bf75ad536f282beaf0e8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:28:37 +0900 Subject: [PATCH 0996/1209] fix(zitadel): comment out ExternalDomain and ExternalPort settings in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 187f581e0..1f35384da 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,10 +1,10 @@ zitadel: - # configmapConfig: - # ExternalDomain: auth.walnuts.dev - # TLS: - # Enabled: false - # ExternalPort: 443 - # ExternalSecure: true + configmapConfig: + # ExternalDomain: auth.walnuts.dev + TLS: + Enabled: false + # ExternalPort: 443 + # ExternalSecure: true masterkeySecretName: "zitadel" configSecretName: zitadel configSecretKey: "config.yaml" From e1fd077fa18945c467bf43f079ca9d1780c9aa38 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:32:08 +0900 Subject: [PATCH 0997/1209] fix(zitadel): uncomment ExternalDomain, ExternalPort, and ExternalSecure settings in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 1f35384da..63576d6c3 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,10 +1,10 @@ zitadel: configmapConfig: - # ExternalDomain: auth.walnuts.dev + ExternalDomain: auth.walnuts.dev TLS: Enabled: false - # ExternalPort: 443 - # ExternalSecure: true + ExternalPort: 443 + ExternalSecure: false masterkeySecretName: "zitadel" configSecretName: zitadel configSecretKey: "config.yaml" From ce3a834d7f3efa42ff25838ae2bf5518875741ee Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:32:23 +0900 Subject: [PATCH 0998/1209] fix(zitadel): comment out ExternalPort setting in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 63576d6c3..aeb839477 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -3,7 +3,7 @@ zitadel: ExternalDomain: auth.walnuts.dev TLS: Enabled: false - ExternalPort: 443 + # ExternalPort: 443 ExternalSecure: false masterkeySecretName: "zitadel" configSecretName: zitadel From 2b04f8b789b653ef7ae2f312a2da4f8346a41fe9 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:46:19 +0900 Subject: [PATCH 0999/1209] fix(zitadel): comment out ExternalDomain setting in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index aeb839477..4f0e7e4d6 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,6 +1,6 @@ zitadel: configmapConfig: - ExternalDomain: auth.walnuts.dev + # ExternalDomain: auth.walnuts.dev TLS: Enabled: false # ExternalPort: 443 From 3749c932f75b69a3146396101fe64b48a41a73cb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:52:53 +0900 Subject: [PATCH 1000/1209] fix(zitadel): update ExternalDomain and ExternalPort settings in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 4f0e7e4d6..59a52d1c0 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,9 +1,9 @@ zitadel: configmapConfig: - # ExternalDomain: auth.walnuts.dev + ExternalDomain: localhost:8080 TLS: Enabled: false - # ExternalPort: 443 + ExternalPort: 8080 ExternalSecure: false masterkeySecretName: "zitadel" configSecretName: zitadel From 210b66579653814bcb41bf356282d4928b878819 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:53:15 +0900 Subject: [PATCH 1001/1209] fix(zitadel): update ExternalDomain setting in values.yaml to use localhost Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 59a52d1c0..ec95e8688 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,6 +1,6 @@ zitadel: configmapConfig: - ExternalDomain: localhost:8080 + ExternalDomain: localhost TLS: Enabled: false ExternalPort: 8080 From 9a80c5e1aed6ca69e801abecc4e8974976e87cd1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 07:58:45 +0900 Subject: [PATCH 1002/1209] fix(zitadel): update ExternalDomain, ExternalPort, and ExternalSecure settings in values.yaml; add Tracing configuration Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index ec95e8688..bacb4e438 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,10 +1,13 @@ zitadel: configmapConfig: - ExternalDomain: localhost + Tracing: + Type: otel + Endpoint: default-collector.opentelemetry-collector.svc.cluster.local:4317 + ExternalDomain: auth.walnuts.dev TLS: Enabled: false - ExternalPort: 8080 - ExternalSecure: false + ExternalPort: 443 + ExternalSecure: true masterkeySecretName: "zitadel" configSecretName: zitadel configSecretKey: "config.yaml" @@ -12,20 +15,20 @@ replicaCount: 2 ingress: enabled: true className: "cilium" - # annotations: - # cert-manager.io/cluster-issuer: 'letsencrypt-prod' + annotations: + cert-manager.io/cluster-issuer: 'letsencrypt-prod' hosts: - host: auth.walnuts.dev paths: - path: / pathType: Prefix - # tls: - # - secretName: zitadel-tls - # hosts: - # - auth.walnuts.dev - # env: - # - name: ZITADEL_LOG_LEVEL - # value: "debug" + tls: + - secretName: zitadel-tls + hosts: + - auth.walnuts.dev +# env: +# - name: ZITADEL_LOG_LEVEL +# value: "debug" metrics: enabled: true serviceMonitor: From 2649abafab75ece603971e0e78d1901601e67962 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 08:15:39 +0900 Subject: [PATCH 1003/1209] fix(zitadel): add logging configuration with debug level and JSON format to values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index bacb4e438..387cdc0e7 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,5 +1,8 @@ zitadel: configmapConfig: + Log: + Level: debug + Format: json Tracing: Type: otel Endpoint: default-collector.opentelemetry-collector.svc.cluster.local:4317 @@ -26,9 +29,6 @@ ingress: - secretName: zitadel-tls hosts: - auth.walnuts.dev -# env: -# - name: ZITADEL_LOG_LEVEL -# value: "debug" metrics: enabled: true serviceMonitor: From b97358e8ee716f7cbbd2e35ce1359913db9d4b95 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 08:28:03 +0900 Subject: [PATCH 1004/1209] fix(zitadel): update logging configuration to use Formatter for JSON format in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 387cdc0e7..c8ededd21 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -2,7 +2,8 @@ zitadel: configmapConfig: Log: Level: debug - Format: json + Formatter: + Format: json Tracing: Type: otel Endpoint: default-collector.opentelemetry-collector.svc.cluster.local:4317 From b1eefda33f80a3eb7e98bdb2d37a99fa82daf750 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 08:32:23 +0900 Subject: [PATCH 1005/1209] fix(zitadel): enable debug mode in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index c8ededd21..e7e1d32ed 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -15,6 +15,8 @@ zitadel: masterkeySecretName: "zitadel" configSecretName: zitadel configSecretKey: "config.yaml" + debug: + enabled: true replicaCount: 2 ingress: enabled: true From c845a60f02d3e47c0a8428cb71e32a7cd5d17289 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 08:44:51 +0900 Subject: [PATCH 1006/1209] fix(zitadel): update image tag to v2.68.0 in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index e7e1d32ed..7e136d3fb 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -59,3 +59,5 @@ affinity: operator: NotIn values: - donut +image: + tag: "v2.68.0" From d71351bf147a7bb5ad59ca2402bca9dc3f9dbdd1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 08:45:36 +0900 Subject: [PATCH 1007/1209] fix(zitadel): comment out debug log level in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 7e136d3fb..31675925e 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -1,7 +1,7 @@ zitadel: configmapConfig: Log: - Level: debug + # Level: debug Formatter: Format: json Tracing: From 62e6461457e57b4c08f7751aae25488ad9da76ae Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 08:49:08 +0900 Subject: [PATCH 1008/1209] fix(zitadel): remove image tag from values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 31675925e..9c4aa583b 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -59,5 +59,3 @@ affinity: operator: NotIn values: - donut -image: - tag: "v2.68.0" From 372898dcb77d26cd08962cf19e5137e802a15a4c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 08:58:37 +0900 Subject: [PATCH 1009/1209] fix(zitadel): disable debug mode in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 9c4aa583b..9888a6a28 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -15,8 +15,6 @@ zitadel: masterkeySecretName: "zitadel" configSecretName: zitadel configSecretKey: "config.yaml" - debug: - enabled: true replicaCount: 2 ingress: enabled: true From 07ac2767db8dac314a3dda4f27a8be3bd1268f18 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 09:09:13 +0900 Subject: [PATCH 1010/1209] fix(zitadel): enable TLS and add secret volume for certificates in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 9888a6a28..70720efe5 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -9,7 +9,9 @@ zitadel: Endpoint: default-collector.opentelemetry-collector.svc.cluster.local:4317 ExternalDomain: auth.walnuts.dev TLS: - Enabled: false + Enabled: true + KeyPath: /etc/ssl/certs/tls.key + CertPath: /etc/ssl/certs/tls.crt ExternalPort: 443 ExternalSecure: true masterkeySecretName: "zitadel" @@ -57,3 +59,13 @@ affinity: operator: NotIn values: - donut + +extraVolumes: +- name: zitadel-tls + secret: + defaultMode: 420 + secretName: zitadel-tls +extraVolumeMounts: +- name: zitadel-tls + mountPath: /etc/ssl/certs + readOnly: true From b9b11c752477ac7d4952ab7fe7c2c4759ed6057d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 09:13:18 +0900 Subject: [PATCH 1011/1209] fix(zitadel): disable TLS and comment out related configurations in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/zitadel/values.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/k8s/apps/zitadel/values.yaml b/k8s/apps/zitadel/values.yaml index 70720efe5..2ee1514b5 100644 --- a/k8s/apps/zitadel/values.yaml +++ b/k8s/apps/zitadel/values.yaml @@ -9,9 +9,9 @@ zitadel: Endpoint: default-collector.opentelemetry-collector.svc.cluster.local:4317 ExternalDomain: auth.walnuts.dev TLS: - Enabled: true - KeyPath: /etc/ssl/certs/tls.key - CertPath: /etc/ssl/certs/tls.crt + Enabled: false + # KeyPath: /etc/ssl/certs/tls.key + # CertPath: /etc/ssl/certs/tls.crt ExternalPort: 443 ExternalSecure: true masterkeySecretName: "zitadel" @@ -60,12 +60,12 @@ affinity: values: - donut -extraVolumes: -- name: zitadel-tls - secret: - defaultMode: 420 - secretName: zitadel-tls -extraVolumeMounts: -- name: zitadel-tls - mountPath: /etc/ssl/certs - readOnly: true +# extraVolumes: +# - name: zitadel-tls +# secret: +# defaultMode: 420 +# secretName: zitadel-tls +# extraVolumeMounts: +# - name: zitadel-tls +# mountPath: /etc/ssl/certs +# readOnly: true From f859fdb0030cade7dca8c660cf679c7473d76971 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 09:49:11 +0900 Subject: [PATCH 1012/1209] rm envoyConfig Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 3e21a2766..65ef012c4 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -81,7 +81,7 @@ prometheus: enabled: true trustCRDsExist: true envoyConfig: - enabled: true + enabled: false secretsNamespace: create: false name: cilium-secrets From 7b5fbc164a5bcdcdef7e94c0a625edd4063b2ece Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 09:58:58 +0900 Subject: [PATCH 1013/1209] fix(cilium): enable envoy configuration in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 65ef012c4..3e21a2766 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -81,7 +81,7 @@ prometheus: enabled: true trustCRDsExist: true envoyConfig: - enabled: false + enabled: true secretsNamespace: create: false name: cilium-secrets From 1419d9313528095b47f8f56800fbf5829a59bb28 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 09:59:08 +0900 Subject: [PATCH 1014/1209] fix(cilium): disable envoy configuration in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 3e21a2766..65ef012c4 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -81,7 +81,7 @@ prometheus: enabled: true trustCRDsExist: true envoyConfig: - enabled: true + enabled: false secretsNamespace: create: false name: cilium-secrets From 10eed1a04605e9b6146361c3ce324ed1abada67e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 10:06:40 +0900 Subject: [PATCH 1015/1209] fix(loki): update secret reference from loki-minio to loki in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 532b17568..6e91f513a 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -65,7 +65,7 @@ write: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki-minio + name: loki persistence: volumeClaimsEnabled: false dataVolumeParameters: @@ -102,7 +102,7 @@ read: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki-minio + name: loki affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: [] @@ -135,7 +135,7 @@ backend: extraArgs: [ "-config.expand-env=true" ] extraEnvFrom: - secretRef: - name: loki-minio + name: loki persistence: volumeClaimsEnabled: false dataVolumeParameters: From dc7d072ab84a23e40db1dbfe0c8f118a7513bc05 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 10:35:32 +0900 Subject: [PATCH 1016/1209] fix(cilium): enable envoy configuration in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cilium/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 65ef012c4..3e21a2766 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -81,7 +81,7 @@ prometheus: enabled: true trustCRDsExist: true envoyConfig: - enabled: false + enabled: true secretsNamespace: create: false name: cilium-secrets From 10287f32c3e13f5db49f9f853cbd1ddae2c7a48a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:06:22 +0900 Subject: [PATCH 1017/1209] fix(deployment): reduce memory request from 512Mi to 100Mi Signed-off-by: walnuts1018 --- k8s/apps/mucaron/back/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/mucaron/back/deployment.jsonnet b/k8s/apps/mucaron/back/deployment.jsonnet index 43d76f661..6875cab76 100644 --- a/k8s/apps/mucaron/back/deployment.jsonnet +++ b/k8s/apps/mucaron/back/deployment.jsonnet @@ -28,7 +28,7 @@ resources: { requests: { cpu: '10m', - memory: '512Mi', + memory: '100Mi', }, limits: { cpu: '2', From d2daec53a2457b9bbf2d8c0ad0bc50b7e6407a5d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:07:22 +0900 Subject: [PATCH 1018/1209] delete(code-server-knative): remove app.json5 and codeserver.jsonnet files Signed-off-by: walnuts1018 --- k8s/apps/code-server-knative/app.json5 | 4 -- .../code-server-knative/codeserver.jsonnet | 52 ------------------- 2 files changed, 56 deletions(-) delete mode 100644 k8s/apps/code-server-knative/app.json5 delete mode 100644 k8s/apps/code-server-knative/codeserver.jsonnet diff --git a/k8s/apps/code-server-knative/app.json5 b/k8s/apps/code-server-knative/app.json5 deleted file mode 100644 index 755e3a333..000000000 --- a/k8s/apps/code-server-knative/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "code-server-knative", - namespace: "code-server", -} diff --git a/k8s/apps/code-server-knative/codeserver.jsonnet b/k8s/apps/code-server-knative/codeserver.jsonnet deleted file mode 100644 index b53875809..000000000 --- a/k8s/apps/code-server-knative/codeserver.jsonnet +++ /dev/null @@ -1,52 +0,0 @@ -{ - apiVersion: 'cs.walnuts.dev/v1alpha2', - kind: 'CodeServerDeployment', - metadata: { - labels: { - 'app.kubernetes.io/name': 'codebox', - }, - name: (import 'app.json5').name, - }, - spec: { - replicas: 1, - template: { - spec: { - storageSize: '3Gi', - storageClassName: 'local-path', - initPlugins: { - git: { - repourl: 'github.com/walnuts1018/knative', - branch: 'master', - }, - copyDefaultConfig: {}, - copyHome: {}, - }, - envs: [ - { - name: 'LANGUAGE_DEFAULT', - value: 'ja', - }, - ], - image: 'ghcr.io/kmc-jp/code-server-images-golang:f66bb947f1dbfe0c07c8323ef45ebd32af0a72f4-54', - imagePullSecrets: [ - { - name: 'ghcr-login-secret', - }, - ], - domain: 'walnuts.dev', - ingressClassName: 'cilium', - resources: { - limits: { - memory: '4Gi', - }, - requests: { - memory: '512Mi', - }, - }, - nodeSelector: { - 'kubernetes.io/arch': 'amd64', - }, - }, - }, - }, -} From d82fbd79c8e3aeef13e456b8c70ebdfca4f7e54c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:08:04 +0900 Subject: [PATCH 1019/1209] fix(deployment): reduce memory request from 160Mi to 80Mi Signed-off-by: walnuts1018 --- k8s/apps/oekaki-dengon-game/front/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet index 78bb9443f..2822dc551 100644 --- a/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet +++ b/k8s/apps/oekaki-dengon-game/front/deployment.jsonnet @@ -40,7 +40,7 @@ resources: { limits: {}, requests: { - memory: '160Mi', + memory: '80Mi', }, }, }, From 036125556eb0aa0133b55da02c1af058298bbbac Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:12:52 +0900 Subject: [PATCH 1020/1209] fix(resources): update resource requests and limits for various components Signed-off-by: walnuts1018 --- .../cloudflare-tunnel-operator/values.yaml | 7 ++++++ .../collectors/default.jsonnet | 24 ++++++++++++++++++- .../collectors/prometheus-exporter.jsonnet | 20 +++++++++++----- k8s/apps/prometheus-stack/values.yaml | 2 +- k8s/apps/tailscale/deployment.jsonnet | 2 +- 5 files changed, 46 insertions(+), 9 deletions(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/values.yaml b/k8s/apps/cloudflare-tunnel-operator/values.yaml index b3cac2e3a..5189014b0 100644 --- a/k8s/apps/cloudflare-tunnel-operator/values.yaml +++ b/k8s/apps/cloudflare-tunnel-operator/values.yaml @@ -1,3 +1,10 @@ cloudflareToken: cloudflareAccountID: "38b5eab012d216dfcc52dcd69e7764b5" cloudflareZoneID: "48b02398c8bc932f4d0b1dba83de196c" +controllerManager: + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + memory: 32Mi diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index c1da51d36..1fef1220c 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -163,11 +163,33 @@ std.mergePatch((import '_base.libsonnet'), { autoscaler: { minReplicas: 1, maxReplicas: 5, + metrics: [ + { + type: 'Resource', + resource: { + name: 'cpu', + target: { + type: 'Utilization', + averageUtilization: 100, + }, + }, + }, + { + type: 'Resource', + resource: { + name: 'memory', + target: { + type: 'Utilization', + averageUtilization: 100, + }, + }, + }, + ], }, resources: { requests: { cpu: '20m', - memory: '200Mi', + memory: '100Mi', }, }, env: [ diff --git a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet index 49b6c6445..fe79cd8f9 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet @@ -62,14 +62,22 @@ std.mergePatch((import '_base.libsonnet'), { maxReplicas: 5, metrics: [ { - type: 'Pods', - pods: { - metric: { - name: 'memory', + type: 'Resource', + resource: { + name: 'cpu', + target: { + type: 'Utilization', + averageUtilization: 100, }, + }, + }, + { + type: 'Resource', + resource: { + name: 'memory', target: { - type: 'AverageValue', - averageValue: '1Gi', + type: 'Utilization', + averageUtilization: 100, }, }, }, diff --git a/k8s/apps/prometheus-stack/values.yaml b/k8s/apps/prometheus-stack/values.yaml index b2eeebab0..b0fb3c365 100644 --- a/k8s/apps/prometheus-stack/values.yaml +++ b/k8s/apps/prometheus-stack/values.yaml @@ -4,7 +4,7 @@ grafana: limits: memory: 800Mi requests: - memory: 330Mi + memory: 150Mi ingress: enabled: true hosts: diff --git a/k8s/apps/tailscale/deployment.jsonnet b/k8s/apps/tailscale/deployment.jsonnet index 9fc200d41..78e7670d2 100644 --- a/k8s/apps/tailscale/deployment.jsonnet +++ b/k8s/apps/tailscale/deployment.jsonnet @@ -64,7 +64,7 @@ }, resources: { requests: { - memory: '80Mi', + memory: '40Mi', }, limits: {}, }, From aadf450dfdf4928c1504780f0384988f274714b4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:13:49 +0900 Subject: [PATCH 1021/1209] fix(controller-manager): set resource requests and limits for CPU and memory Signed-off-by: walnuts1018 --- k8s/apps/code-server-operator/values.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/k8s/apps/code-server-operator/values.yaml b/k8s/apps/code-server-operator/values.yaml index 95a54656d..ff0e87075 100644 --- a/k8s/apps/code-server-operator/values.yaml +++ b/k8s/apps/code-server-operator/values.yaml @@ -1 +1,8 @@ fullnameOverride: code-server-operator +controllerManager: + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + memory: 32Mi From 21b87d91ab80a429e8e4bf564e624db290494395 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:14:24 +0900 Subject: [PATCH 1022/1209] fix(opentelemetry-operator): reduce memory request from 100Mi to 50Mi Signed-off-by: walnuts1018 --- k8s/apps/opentelemetry-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/values.yaml b/k8s/apps/opentelemetry-operator/values.yaml index 10f5c8f30..4bb42eb73 100644 --- a/k8s/apps/opentelemetry-operator/values.yaml +++ b/k8s/apps/opentelemetry-operator/values.yaml @@ -10,4 +10,4 @@ manager: memory: 128Mi requests: cpu: 5m - memory: 100Mi + memory: 50Mi From ef2a1373eef17c1ff305e24b6b347f8ff6c47b2d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:15:31 +0900 Subject: [PATCH 1023/1209] fix(hedgedoc, moco): reduce memory requests from 100Mi to 80Mi and 60Mi to 40Mi Signed-off-by: walnuts1018 --- k8s/apps/hedgedoc/deployment.jsonnet | 2 +- k8s/apps/moco/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/hedgedoc/deployment.jsonnet b/k8s/apps/hedgedoc/deployment.jsonnet index e16b32e5c..b7926bdf2 100644 --- a/k8s/apps/hedgedoc/deployment.jsonnet +++ b/k8s/apps/hedgedoc/deployment.jsonnet @@ -30,7 +30,7 @@ resources: { limits: {}, requests: { - memory: '100Mi', + memory: '80Mi', }, }, env: [ diff --git a/k8s/apps/moco/values.yaml b/k8s/apps/moco/values.yaml index 915473741..715fd5020 100644 --- a/k8s/apps/moco/values.yaml +++ b/k8s/apps/moco/values.yaml @@ -12,4 +12,4 @@ affinity: resources: requests: cpu: 10m - memory: 60Mi + memory: 40Mi From f974791153faa7807624400f6feeb4365381708b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:17:10 +0900 Subject: [PATCH 1024/1209] fix(loki): reduce minimum replicas from 2 to 1 for autoscaling Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 6e91f513a..9ab9fb041 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -121,7 +121,7 @@ backend: replicas: 2 autoscaling: enabled: true - minReplicas: 2 + minReplicas: 1 maxReplicas: 6 targetCPUUtilizationPercentage: 100 targetMemoryUtilizationPercentage: 100 From c2537bbb5c263aee14fe613a16ad71ccc7cfbd09 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:18:18 +0900 Subject: [PATCH 1025/1209] fix(loki): increase memory request from 15Mi to 20Mi Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 9ab9fb041..05dd34866 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -164,7 +164,7 @@ gateway: targetMemoryUtilizationPercentage: 100 resources: requests: - memory: 15Mi + memory: 20Mi cpu: 2m limits: memory: 512Mi From 33c8b42391183eee9a23504fe4eba1cc26a8a137 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:18:42 +0900 Subject: [PATCH 1026/1209] fix(loki): update memory and CPU requests to 40Mi and 10m respectively Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 05dd34866..7a8d9e1ff 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -164,11 +164,11 @@ gateway: targetMemoryUtilizationPercentage: 100 resources: requests: - memory: 20Mi - cpu: 2m + memory: 40Mi + cpu: 10m limits: memory: 512Mi - cpu: 10m + cpu: 100m affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: [] From 056d2eb654c47473021db73d2d3712caba3cea7f Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:20:19 +0900 Subject: [PATCH 1027/1209] fix(walnuts-dev): reduce CPU request from 10m to 1m Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 095aaec46..dc987a9a0 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -32,7 +32,7 @@ memory: '512Mi', }, requests: { - cpu: '10m', + cpu: '1m', memory: '100Mi', }, }, From e2adbcb89611f393ddba9136d823313afb8a4ef1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:21:20 +0900 Subject: [PATCH 1028/1209] fix(cloudflare-tunnel-operator, code-server-operator): reduce CPU requests to 1m Signed-off-by: walnuts1018 --- k8s/apps/cloudflare-tunnel-operator/values.yaml | 1 + k8s/apps/code-server-operator/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/k8s/apps/cloudflare-tunnel-operator/values.yaml b/k8s/apps/cloudflare-tunnel-operator/values.yaml index 5189014b0..25b77beef 100644 --- a/k8s/apps/cloudflare-tunnel-operator/values.yaml +++ b/k8s/apps/cloudflare-tunnel-operator/values.yaml @@ -7,4 +7,5 @@ controllerManager: cpu: 500m memory: 128Mi requests: + cpu: 1m memory: 32Mi diff --git a/k8s/apps/code-server-operator/values.yaml b/k8s/apps/code-server-operator/values.yaml index ff0e87075..e64f6c608 100644 --- a/k8s/apps/code-server-operator/values.yaml +++ b/k8s/apps/code-server-operator/values.yaml @@ -5,4 +5,5 @@ controllerManager: cpu: 500m memory: 128Mi requests: + cpu: 1m memory: 32Mi From a442b8c8769d073476fa485dfbf18c55974154c3 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:21:45 +0900 Subject: [PATCH 1029/1209] fix(zalando-psql-operator): reduce CPU request from 10m to 1m Signed-off-by: walnuts1018 --- k8s/apps/zalando-psql-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zalando-psql-operator/values.yaml b/k8s/apps/zalando-psql-operator/values.yaml index ee38d7cf5..39a3c70d9 100644 --- a/k8s/apps/zalando-psql-operator/values.yaml +++ b/k8s/apps/zalando-psql-operator/values.yaml @@ -21,7 +21,7 @@ resources: cpu: 500m memory: 500Mi requests: - cpu: 10m + cpu: 1m memory: 50Mi configLogicalBackup: logical_backup_docker_image: "ghcr.io/zalando/postgres-operator/logical-backup:v1.14.0" # TODO:https://github.com/walnuts1018/infra/issues/1315 From 955e7e7e41de59b627a0aebd3f8ad7fcee20de3a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:22:58 +0900 Subject: [PATCH 1030/1209] fix(redis-operator): reduce CPU request from 30m to 15m Signed-off-by: walnuts1018 --- k8s/apps/redis-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/redis-operator/values.yaml b/k8s/apps/redis-operator/values.yaml index 3e60a5691..918b1ad16 100644 --- a/k8s/apps/redis-operator/values.yaml +++ b/k8s/apps/redis-operator/values.yaml @@ -3,7 +3,7 @@ resources: cpu: 500m memory: 500Mi requests: - cpu: 30m + cpu: 15m memory: 32Mi # redisOperator: From e32fdcb12d02ad8476448a0baa498baf0d444f5d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:26:43 +0900 Subject: [PATCH 1031/1209] fix(opentelemetry-collectors): simplify autoscaler metrics configuration Signed-off-by: walnuts1018 --- .../collectors/default.jsonnet | 24 ++----------------- .../collectors/prometheus-exporter.jsonnet | 24 ++----------------- 2 files changed, 4 insertions(+), 44 deletions(-) diff --git a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet index 1fef1220c..7c57f9cb4 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/default.jsonnet @@ -163,28 +163,8 @@ std.mergePatch((import '_base.libsonnet'), { autoscaler: { minReplicas: 1, maxReplicas: 5, - metrics: [ - { - type: 'Resource', - resource: { - name: 'cpu', - target: { - type: 'Utilization', - averageUtilization: 100, - }, - }, - }, - { - type: 'Resource', - resource: { - name: 'memory', - target: { - type: 'Utilization', - averageUtilization: 100, - }, - }, - }, - ], + targetCPUUtilization: 100, + targetMemoryUtilization: 100, }, resources: { requests: { diff --git a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet index fe79cd8f9..2ed904d36 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet @@ -60,28 +60,8 @@ std.mergePatch((import '_base.libsonnet'), { autoscaler: { minReplicas: 1, maxReplicas: 5, - metrics: [ - { - type: 'Resource', - resource: { - name: 'cpu', - target: { - type: 'Utilization', - averageUtilization: 100, - }, - }, - }, - { - type: 'Resource', - resource: { - name: 'memory', - target: { - type: 'Utilization', - averageUtilization: 100, - }, - }, - }, - ], + targetCPUUtilization: 100, + targetMemoryUtilization: 100, }, }, }) From 79c0730a6149062011439f57c875d27dd17e4acf Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:30:39 +0900 Subject: [PATCH 1032/1209] fix(argocd): reduce CPU requests for server and repoServer components Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index cc6fbc598..5bb130459 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -85,8 +85,8 @@ server: cpu: 500m memory: 512Mi requests: - cpu: 50m - memory: 96Mi + cpu: 10m + memory: 128Mi repoServer: metrics: @@ -104,7 +104,7 @@ repoServer: cpu: 500m memory: 512Mi requests: - cpu: 128m + cpu: 64m memory: 128Mi applicationSet: From 62a3a9cb4b1d516b62522f3a713d390043ddf692 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:32:25 +0900 Subject: [PATCH 1033/1209] fix(opentelemetry-collectors): set CPU request to 20m for prometheus-exporter Signed-off-by: walnuts1018 --- .../collectors/prometheus-exporter.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet index 2ed904d36..c7963b95b 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/prometheus-exporter.jsonnet @@ -54,6 +54,7 @@ std.mergePatch((import '_base.libsonnet'), { }, resources: { requests: { + cpu: '20m', memory: '200Mi', }, }, From 385d418d96b8c049cd79bf37f05b503b28150dd1 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:33:08 +0900 Subject: [PATCH 1034/1209] fix(walnuts-dev): increase CPU request from 1m to 5m Signed-off-by: walnuts1018 --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index dc987a9a0..92dd8aa32 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -32,7 +32,7 @@ memory: '512Mi', }, requests: { - cpu: '1m', + cpu: '5m', memory: '100Mi', }, }, From 93058a21f3cb6df5bb06d92b74dc0796ad5d7188 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:38:41 +0900 Subject: [PATCH 1035/1209] fix(nextcloud): reduce memory request from 256Mi to 170Mi Signed-off-by: walnuts1018 --- k8s/apps/nextcloud/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/nextcloud/values.yaml b/k8s/apps/nextcloud/values.yaml index bb0fdec2e..963ed24f9 100644 --- a/k8s/apps/nextcloud/values.yaml +++ b/k8s/apps/nextcloud/values.yaml @@ -134,4 +134,4 @@ resources: limits: memory: 4096Mi requests: - memory: 256Mi + memory: 170Mi From b44a5f33d6d3da256a25af7b7d7b5874bc5314d4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:40:34 +0900 Subject: [PATCH 1036/1209] fix(affine): update resource requests and limits for containers Signed-off-by: walnuts1018 --- k8s/apps/affine/statefulset.jsonnet | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/k8s/apps/affine/statefulset.jsonnet b/k8s/apps/affine/statefulset.jsonnet index 80f28b615..5d5aac69b 100644 --- a/k8s/apps/affine/statefulset.jsonnet +++ b/k8s/apps/affine/statefulset.jsonnet @@ -138,6 +138,14 @@ securityContext:: null, env: env, volumeMounts: volumeMounts, + resources: { + limits: { + memory: '512Mi', + }, + requests: { + memory: '360Mi', + }, + }, }, ], containers: [ @@ -158,6 +166,16 @@ name: 'prisma', }, ], + resources: { + limits: { + cpu: '500m', + memory: '512Mi', + }, + requests: { + cpu: '2m', + memory: '180Mi', + }, + }, livenessProbe: { httpGet: { path: '/info', From e2cd3ddd0428ae91d73c6e7a9a580b8a6edbff6e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 24 Jan 2025 11:43:21 +0900 Subject: [PATCH 1037/1209] fix(elasticsearch): set CPU request to 10m for deployment Signed-off-by: walnuts1018 --- k8s/apps/elasticsearch/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/elasticsearch/deployment.jsonnet b/k8s/apps/elasticsearch/deployment.jsonnet index b5c97d1d9..97794458d 100644 --- a/k8s/apps/elasticsearch/deployment.jsonnet +++ b/k8s/apps/elasticsearch/deployment.jsonnet @@ -36,7 +36,7 @@ ], resources: { requests: { - cpu: '0', + cpu: '10m', memory: '3000Mi', }, limits: { From 5d37601ade7c24beddc03ce7f507c274cd956c2a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 12:52:52 +0900 Subject: [PATCH 1038/1209] chore(deps): update helm release cloudflare-tunnel-operator to v1.2.1 (#1364) Co-authored-by: Renovate Bot --- k8s/apps/cloudflare-tunnel-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet index 9f7285f10..e6fb6dd28 100644 --- a/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet +++ b/k8s/apps/cloudflare-tunnel-operator/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'cloudflare-tunnel-operator', repoURL: 'https://walnuts1018.github.io/cloudflare-tunnel-operator/', - targetRevision: '1.2.0', + targetRevision: '1.2.1', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { cloudflareToken: { existingSecret: (import 'external-secret.jsonnet').spec.target.name, From 0efe7b174f8adfe28fc41caccb9b5d116b658142 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 16:27:37 +0900 Subject: [PATCH 1039/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.300.1 (#1365) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 164afd93b..0c0313747 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.300.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.300.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From b2efe6d8891e6482dd4edb5f73371f32e82586fa Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 18:43:05 +0900 Subject: [PATCH 1040/1209] chore(deps): update renovate/renovate docker tag to v39.127.0 (#1366) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 84840ae2b..84a22d63f 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.126.1', + image: 'renovate/renovate:39.127.0', resources: { requests: { cpu: '500m', From 300604e9ec501423c380f924fe2a4f6d11981d8a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 19:18:09 +0900 Subject: [PATCH 1041/1209] chore(deps): update renovate/renovate docker tag to v39.128.0 (#1367) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 84a22d63f..37a40bd28 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.127.0', + image: 'renovate/renovate:39.128.0', resources: { requests: { cpu: '500m', From d8241548ee3a39ecbc6df1ff6c97fe1c2a157948 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 20:28:00 +0900 Subject: [PATCH 1042/1209] chore(deps): update renovate/renovate docker tag to v39.129.0 (#1368) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 37a40bd28..9980bfe85 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.128.0', + image: 'renovate/renovate:39.129.0', resources: { requests: { cpu: '500m', From 8527150b1eed9555454005cdaef663960f5cac08 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 21:44:07 +0900 Subject: [PATCH 1043/1209] chore(deps): update renovate/renovate docker tag to v39.130.0 (#1369) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 9980bfe85..0e46c548e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.129.0', + image: 'renovate/renovate:39.130.0', resources: { requests: { cpu: '500m', From 32625192056bb883219322e4c2fa8dd299b9fea8 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 22:18:04 +0900 Subject: [PATCH 1044/1209] chore(deps): update helm release argo-cd to v7.7.17 (#1370) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 17f518305..134021eb0 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.16', + targetRevision: '7.7.17', values: (importstr 'values.yaml'), } From 1881a02e2775ced11d376fddb0d750fde278f21c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 22:18:25 +0900 Subject: [PATCH 1045/1209] chore(deps): update renovate/renovate docker tag to v39.131.0 (#1371) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0e46c548e..f1eda0899 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.130.0', + image: 'renovate/renovate:39.131.0', resources: { requests: { cpu: '500m', From ebb12029d16231a7a2050c1eabb706f9371e4b08 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 24 Jan 2025 23:27:54 +0900 Subject: [PATCH 1046/1209] chore(deps): update renovate/renovate docker tag to v39.132.0 (#1372) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index f1eda0899..713bf3aa2 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.131.0', + image: 'renovate/renovate:39.132.0', resources: { requests: { cpu: '500m', From e7a2c7da44aeae47df6ce20cbfd18b689351f153 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 24 Jan 2025 16:01:52 +0000 Subject: [PATCH 1047/1209] chore(deps): update helm release opentelemetry-operator to v0.79.0 --- k8s/apps/opentelemetry-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/opentelemetry-operator/helm.jsonnet b/k8s/apps/opentelemetry-operator/helm.jsonnet index c6095e177..8cebc16de 100644 --- a/k8s/apps/opentelemetry-operator/helm.jsonnet +++ b/k8s/apps/opentelemetry-operator/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'opentelemetry-operator', repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts', - targetRevision: '0.78.2', + targetRevision: '0.79.0', values: (importstr 'values.yaml'), } From ace9683d5e9ab74d9299428fe3236198b3308cda Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 25 Jan 2025 01:13:21 +0900 Subject: [PATCH 1048/1209] chore(deps): update renovate/renovate docker tag to v39.132.1 (#1374) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 713bf3aa2..fea6c5489 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.132.0', + image: 'renovate/renovate:39.132.1', resources: { requests: { cpu: '500m', From e267810e0c3b4b9a0d3270edcba5cf061f001224 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 25 Jan 2025 02:18:03 +0900 Subject: [PATCH 1049/1209] chore(deps): update renovate/renovate docker tag to v39.133.0 (#1375) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index fea6c5489..6466e06ed 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.132.1', + image: 'renovate/renovate:39.133.0', resources: { requests: { cpu: '500m', From 40734b5fd908f21c55bfd617203a96880b463b86 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 02:44:39 +0900 Subject: [PATCH 1050/1209] add openclarity Signed-off-by: walnuts1018 --- k8s/apps/openclarity/app.json5 | 4 + k8s/apps/openclarity/external-secret.jsonnet | 42 ++++++++++ k8s/apps/openclarity/helm.jsonnet | 7 ++ k8s/apps/openclarity/values.yaml | 82 +++++++++++++++++++ .../postgresql-default/databases.libsonnet | 4 + k8s/apps/postgresql-default/users.libsonnet | 1 + 6 files changed, 140 insertions(+) create mode 100644 k8s/apps/openclarity/app.json5 create mode 100644 k8s/apps/openclarity/external-secret.jsonnet create mode 100644 k8s/apps/openclarity/helm.jsonnet create mode 100644 k8s/apps/openclarity/values.yaml diff --git a/k8s/apps/openclarity/app.json5 b/k8s/apps/openclarity/app.json5 new file mode 100644 index 000000000..a17a0722a --- /dev/null +++ b/k8s/apps/openclarity/app.json5 @@ -0,0 +1,4 @@ +{ + name: "openclarity", + namespace: "openclarity", +} diff --git a/k8s/apps/openclarity/external-secret.jsonnet b/k8s/apps/openclarity/external-secret.jsonnet new file mode 100644 index 000000000..9eb7e30dd --- /dev/null +++ b/k8s/apps/openclarity/external-secret.jsonnet @@ -0,0 +1,42 @@ +(import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + use_suffix: false, + data: [ + { + secretKey: 'password', + remoteRef: { + key: 'postgres_passwords', + property: 'openclarity', + }, + }, + ], +} + + +std.mergePatch((import '../../components/external-secret.libsonnet') { + name: (import 'app.json5').name, + use_suffix: false, + data: [ + { + secretKey: 'dbpassword', + remoteRef: { + key: 'postgres_passwords', + property: 'openclarity', + }, + }, + ], +}, { + spec: { + target: { + template: { + engineVersion: 'v2', + type: 'Opaque', + data: { + username: 'openclarity', + password: '{{ .dbpassword }}', + database: 'openclarity', + }, + }, + }, + }, +}) diff --git a/k8s/apps/openclarity/helm.jsonnet b/k8s/apps/openclarity/helm.jsonnet new file mode 100644 index 000000000..80957da2e --- /dev/null +++ b/k8s/apps/openclarity/helm.jsonnet @@ -0,0 +1,7 @@ +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name , + namespace: (import 'app.json5').namespace, + ociChartURL: 'ghcr.io/openclarity/charts/openclarity', + targetRevision: '1.1.2', + values: (importstr 'values.yaml'), +}; diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml new file mode 100644 index 000000000..9b0f2d99a --- /dev/null +++ b/k8s/apps/openclarity/values.yaml @@ -0,0 +1,82 @@ +apiserver: + replicas: 1 + database: + postgresql: + enabled: false + externalPostgresql: + enabled: true + host: "postgresql-default.databases.svc.cluster.local" + port: 5432 + auth: + existingSecret: "openclarity" + logLevel: info + resources: + limits: {} + requests: {} + +orchestrator: + replicas: 1 + provider: kubernetes + resources: + limits: {} + requests: {} + +ui: + replicas: 1 + resources: + limits: {} + requests: {} + +uibackend: + replicas: 1 + resources: + limits: {} + requests: {} + +gateway: + replicas: 1 + resources: + limits: {} + requests: {} + +exploitDBServer: + replicas: 1 + resources: + limits: {} + requests: {} + +trivyServer: + replicas: 1 + resources: + limits: {} + requests: {} + +grypeServer: + replicas: 1 + resources: + limits: {} + requests: {} + +freshclamMirror: + replicas: 1 + resources: + limits: {} + requests: {} + +swaggerUI: + replicas: 1 + resources: + limits: {} + requests: {} + +yaraRuleServer: + replicas: 1 + resources: + limits: {} + requests: {} + +crDiscoveryServer: + replicas: 1 + resources: + limits: {} + requests: {} diff --git a/k8s/apps/postgresql-default/databases.libsonnet b/k8s/apps/postgresql-default/databases.libsonnet index 7958f11f6..4567262f3 100644 --- a/k8s/apps/postgresql-default/databases.libsonnet +++ b/k8s/apps/postgresql-default/databases.libsonnet @@ -47,4 +47,8 @@ db_name: 'affine', user_name: 'affine', }, + { + db_name: 'openclarity', + user_name: 'openclarity', + }, ] diff --git a/k8s/apps/postgresql-default/users.libsonnet b/k8s/apps/postgresql-default/users.libsonnet index 3ea5941f7..25b75d976 100644 --- a/k8s/apps/postgresql-default/users.libsonnet +++ b/k8s/apps/postgresql-default/users.libsonnet @@ -13,4 +13,5 @@ 'ac_hacking', 'mucaron', 'affine', + 'openclarity', ] From a187c0a17d4cc79bff08ac631c59675a4edbaa12 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 17:45:13 +0000 Subject: [PATCH 1051/1209] auto-gen-namespace --- k8s/namespaces/namespaces.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/namespaces/namespaces.json5 b/k8s/namespaces/namespaces.json5 index 48a0ab00d..24afbf637 100644 --- a/k8s/namespaces/namespaces.json5 +++ b/k8s/namespaces/namespaces.json5 @@ -1 +1 @@ -["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-tunnel-operator","code-server","databases","default","elasticsearch","external-secrets","fitbit-manager","gha-runner","gha-runner-controller","github-readme-stats","hedgedoc","komga","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] +["ac-hacking-2024","affine","cert-manager","cilium-secrets","cilium-system","cloudflare-tunnel-operator","code-server","databases","default","elasticsearch","external-secrets","fitbit-manager","gha-runner","gha-runner-controller","github-readme-stats","hedgedoc","komga","kube-system","local-path-storage","loki","longhorn-system","minio","misskey","monitoring","mpeg-dash-encoder","mucaron","network-exporter","nextcloud","oekaki-dengon-game","openchokin","openclarity","opentelemetry-collector","opentelemetry-operator-system","photoprism","redis-operator","renovate","samba","sandbox","wakatime-to-slack-profile","walnuts-dev","zitadel"] From 18b4112efbf7dae589b6b59f8bd27bfde3fe142d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 02:49:22 +0900 Subject: [PATCH 1052/1209] fix: log error when failing to parse helm application Signed-off-by: walnuts1018 --- scripts/infrautil/helmSnapshotCmd.go | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/infrautil/helmSnapshotCmd.go b/scripts/infrautil/helmSnapshotCmd.go index 4b42824b0..4d6eff53a 100644 --- a/scripts/infrautil/helmSnapshotCmd.go +++ b/scripts/infrautil/helmSnapshotCmd.go @@ -78,6 +78,7 @@ func (b *helmSnapshotCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...any) slog.Info("not helm application", slog.String("path", path)) continue } + slog.Error("failed to parse helm application", slog.String("path", path), slog.Any("error", err)) return fmt.Errorf("failed to parse helm application: %w", err) } eg.Go(func() error { From 7b43d5babdb5e6be6bea6cf278355d171165042d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 02:50:21 +0900 Subject: [PATCH 1053/1209] fix: correct JSON syntax in helm.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/openclarity/helm.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/openclarity/helm.jsonnet b/k8s/apps/openclarity/helm.jsonnet index 80957da2e..60cf0a613 100644 --- a/k8s/apps/openclarity/helm.jsonnet +++ b/k8s/apps/openclarity/helm.jsonnet @@ -1,7 +1,7 @@ (import '../../components/helm.libsonnet') { - name: (import 'app.json5').name , + name: (import 'app.json5').name, namespace: (import 'app.json5').namespace, ociChartURL: 'ghcr.io/openclarity/charts/openclarity', targetRevision: '1.1.2', values: (importstr 'values.yaml'), -}; +} From 384a0eaf7cc584c4dbaa8ba91ae0c300cb83de3d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 02:52:18 +0900 Subject: [PATCH 1054/1209] fix: remove redundant code in external-secret.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/openclarity/external-secret.jsonnet | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/k8s/apps/openclarity/external-secret.jsonnet b/k8s/apps/openclarity/external-secret.jsonnet index 9eb7e30dd..76a3db4ad 100644 --- a/k8s/apps/openclarity/external-secret.jsonnet +++ b/k8s/apps/openclarity/external-secret.jsonnet @@ -1,18 +1,3 @@ -(import '../../components/external-secret.libsonnet') { - name: (import 'app.json5').name, - use_suffix: false, - data: [ - { - secretKey: 'password', - remoteRef: { - key: 'postgres_passwords', - property: 'openclarity', - }, - }, - ], -} - - std.mergePatch((import '../../components/external-secret.libsonnet') { name: (import 'app.json5').name, use_suffix: false, From 9bcefac07d2b789ef95588e1daa7cf752bb39c2e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 25 Jan 2025 02:57:37 +0900 Subject: [PATCH 1055/1209] chore(deps): update renovate/renovate docker tag to v39.133.1 (#1377) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 6466e06ed..de4b4604e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.133.0', + image: 'renovate/renovate:39.133.1', resources: { requests: { cpu: '500m', From 46d73911a55a481b81b3433ebf6c37cf35557826 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 02:59:50 +0900 Subject: [PATCH 1056/1209] feat: add oauth2-proxy configuration for OpenClarity Signed-off-by: walnuts1018 --- k8s/apps/openclarity/oauth2-proxy.jsonnet | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 k8s/apps/openclarity/oauth2-proxy.jsonnet diff --git a/k8s/apps/openclarity/oauth2-proxy.jsonnet b/k8s/apps/openclarity/oauth2-proxy.jsonnet new file mode 100644 index 000000000..1f87829e5 --- /dev/null +++ b/k8s/apps/openclarity/oauth2-proxy.jsonnet @@ -0,0 +1,14 @@ +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ + app: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + }, + domain: 'openclarity.walnuts.dev', + upstream: 'http://prometheus-operated.monitoring.svc.cluster.local:9090', + oidc: { + secret: { + onepassword_item_name: 'openclarity-oauth2-proxy', + }, + allowed_group: '237477822715658605:openclarity-admin', + }, +}) From f26a9342715491db310f5c61c0acc037fe84a889 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 03:04:06 +0900 Subject: [PATCH 1057/1209] feat: enable automount of service account token for OpenClarity orchestrator Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index 9b0f2d99a..1fa86856d 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -17,6 +17,8 @@ apiserver: orchestrator: replicas: 1 provider: kubernetes + serviceAccount: + automountServiceAccountToken: true resources: limits: {} requests: {} From b1e648d12d019fa58f18e77074fe104c00456b2d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 03:11:21 +0900 Subject: [PATCH 1058/1209] feat: add code-challenge-method configuration to oauth2-proxy Signed-off-by: walnuts1018 --- k8s/apps/openclarity/oauth2-proxy.jsonnet | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/k8s/apps/openclarity/oauth2-proxy.jsonnet b/k8s/apps/openclarity/oauth2-proxy.jsonnet index 1f87829e5..f9cd83ac2 100644 --- a/k8s/apps/openclarity/oauth2-proxy.jsonnet +++ b/k8s/apps/openclarity/oauth2-proxy.jsonnet @@ -11,4 +11,9 @@ }, allowed_group: '237477822715658605:openclarity-admin', }, + valuesObjectOverride: { + extraArgs: { + 'code-challenge-method': 'S256', + }, + }, }) From ce5efd04cb73ab6151b1c6e9d0a4dcb5d399941c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 03:17:52 +0900 Subject: [PATCH 1059/1209] feat: add allowed_group configuration to oauth2-proxy Signed-off-by: walnuts1018 --- k8s/apps/openclarity/oauth2-proxy.jsonnet | 28 ++++++++++++----------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/k8s/apps/openclarity/oauth2-proxy.jsonnet b/k8s/apps/openclarity/oauth2-proxy.jsonnet index f9cd83ac2..546cbe13c 100644 --- a/k8s/apps/openclarity/oauth2-proxy.jsonnet +++ b/k8s/apps/openclarity/oauth2-proxy.jsonnet @@ -1,19 +1,21 @@ -(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ - app: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - }, - domain: 'openclarity.walnuts.dev', - upstream: 'http://prometheus-operated.monitoring.svc.cluster.local:9090', - oidc: { - secret: { - onepassword_item_name: 'openclarity-oauth2-proxy', +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')( + { + app: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + }, + domain: 'openclarity.walnuts.dev', + upstream: 'http://prometheus-operated.monitoring.svc.cluster.local:9090', + oidc: { + secret: { + onepassword_item_name: 'openclarity-oauth2-proxy', + }, + allowed_group: '237477822715658605:openclarity-admin', }, - allowed_group: '237477822715658605:openclarity-admin', }, - valuesObjectOverride: { + valuesObject={ extraArgs: { 'code-challenge-method': 'S256', }, }, -}) +) From 6bf1c357df2483e7274bcbb0b4fbc5438f7c4786 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 03:23:38 +0900 Subject: [PATCH 1060/1209] feat: add env configuration to OpenClarity values.yaml Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index 1fa86856d..e0f776b36 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -82,3 +82,4 @@ crDiscoveryServer: resources: limits: {} requests: {} + env: {} #TODO: https://github.com/openclarity/openclarity/pull/980 From e5688bd129ba50774f2a2f2615fa8d5a54ddef55 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 03:29:12 +0900 Subject: [PATCH 1061/1209] feat: update upstream URL for oauth2-proxy configuration Signed-off-by: walnuts1018 --- k8s/apps/openclarity/oauth2-proxy.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/openclarity/oauth2-proxy.jsonnet b/k8s/apps/openclarity/oauth2-proxy.jsonnet index 546cbe13c..cdb2b95f0 100644 --- a/k8s/apps/openclarity/oauth2-proxy.jsonnet +++ b/k8s/apps/openclarity/oauth2-proxy.jsonnet @@ -5,7 +5,7 @@ namespace: (import 'app.json5').namespace, }, domain: 'openclarity.walnuts.dev', - upstream: 'http://prometheus-operated.monitoring.svc.cluster.local:9090', + upstream: 'http://openclarity-gateway.openclarity.svc.cluster.local:80', oidc: { secret: { onepassword_item_name: 'openclarity-oauth2-proxy', From 6f3cde42dcebd74fd2ad9e04b096d76bcf33feeb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 03:31:44 +0900 Subject: [PATCH 1062/1209] feat: refactor oauth2-proxy configuration for improved readability Signed-off-by: walnuts1018 --- k8s/apps/openclarity/oauth2-proxy.jsonnet | 29 ++++++++------------ k8s/components/oauth2-proxy/values.libsonnet | 1 + 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/k8s/apps/openclarity/oauth2-proxy.jsonnet b/k8s/apps/openclarity/oauth2-proxy.jsonnet index cdb2b95f0..5827a89b9 100644 --- a/k8s/apps/openclarity/oauth2-proxy.jsonnet +++ b/k8s/apps/openclarity/oauth2-proxy.jsonnet @@ -1,21 +1,14 @@ -(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')( - { - app: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - }, - domain: 'openclarity.walnuts.dev', - upstream: 'http://openclarity-gateway.openclarity.svc.cluster.local:80', - oidc: { - secret: { - onepassword_item_name: 'openclarity-oauth2-proxy', - }, - allowed_group: '237477822715658605:openclarity-admin', - }, +(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ + app: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, }, - valuesObject={ - extraArgs: { - 'code-challenge-method': 'S256', + domain: 'openclarity.walnuts.dev', + upstream: 'http://openclarity-gateway.openclarity.svc.cluster.local:80', + oidc: { + secret: { + onepassword_item_name: 'openclarity-oauth2-proxy', }, + allowed_group: '237477822715658605:openclarity-admin', }, -) +},) diff --git a/k8s/components/oauth2-proxy/values.libsonnet b/k8s/components/oauth2-proxy/values.libsonnet index 295591b6f..8deeaa930 100644 --- a/k8s/components/oauth2-proxy/values.libsonnet +++ b/k8s/components/oauth2-proxy/values.libsonnet @@ -14,6 +14,7 @@ 'redirect-url': 'https://%s/oauth2/callback' % $.domain, 'oidc-issuer-url': 'https://auth.walnuts.dev', 'skip-provider-button': true, + 'code-challenge-method': 'S256', }, ingress: { enabled: true, From f6858ea2e233c8c77c3aad121361c4b7170b3369 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 03:33:15 +0900 Subject: [PATCH 1063/1209] feat: update env configuration in OpenClarity values.yaml to false Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index e0f776b36..3b7a43a9f 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -82,4 +82,4 @@ crDiscoveryServer: resources: limits: {} requests: {} - env: {} #TODO: https://github.com/openclarity/openclarity/pull/980 + env: false #TODO: https://github.com/openclarity/openclarity/pull/980 From 409ac2e5073758f91afbfac8da02886998d2f3d8 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 25 Jan 2025 04:03:17 +0900 Subject: [PATCH 1064/1209] chore(deps): update renovate/renovate docker tag to v39.133.2 (#1378) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index de4b4604e..ea4cfd76e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.133.1', + image: 'renovate/renovate:39.133.2', resources: { requests: { cpu: '500m', From bc7825dee13fe2c97a1e86c9dfb64dd43d8ad76a Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 04:08:23 +0900 Subject: [PATCH 1065/1209] feat: migrate OpenClarity configuration to ArgoCD with Kustomize support Signed-off-by: walnuts1018 --- k8s/apps/openclarity/helm.jsonnet | 39 ++++++++++++++++--- .../openclarity/kustomize/kustomization.yaml | 9 +++++ k8s/apps/openclarity/values.yaml | 1 - 3 files changed, 42 insertions(+), 7 deletions(-) create mode 100644 k8s/apps/openclarity/kustomize/kustomization.yaml diff --git a/k8s/apps/openclarity/helm.jsonnet b/k8s/apps/openclarity/helm.jsonnet index 60cf0a613..7b6522883 100644 --- a/k8s/apps/openclarity/helm.jsonnet +++ b/k8s/apps/openclarity/helm.jsonnet @@ -1,7 +1,34 @@ -(import '../../components/helm.libsonnet') { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - ociChartURL: 'ghcr.io/openclarity/charts/openclarity', - targetRevision: '1.1.2', - values: (importstr 'values.yaml'), +// (import '../../components/helm.libsonnet') { +// name: (import 'app.json5').name, +// namespace: (import 'app.json5').namespace, +// ociChartURL: 'ghcr.io/openclarity/charts/openclarity', +// targetRevision: '1.1.2', +// values: (importstr 'values.yaml'), +// } + +{ + apiVersion: 'argoproj.io/v1alpha1', + kind: 'Application', + metadata: { + name: (import 'app.json5').name + '-helm', + namespace: 'argocd', + }, + spec: { + project: 'default', + destination: { + namespace: (import 'app.json5').namespace, + server: 'https://kubernetes.default.svc', + }, + source: { + path: 'k8s/apps/openclarity/kustomize', + repoURL: 'https://github.com/walnuts1018/infra', + targetRevision: 'main', + }, + syncPolicy: { + automated: { + selfHeal: true, + prune: true, + }, + }, + }, } diff --git a/k8s/apps/openclarity/kustomize/kustomization.yaml b/k8s/apps/openclarity/kustomize/kustomization.yaml new file mode 100644 index 000000000..333a76d47 --- /dev/null +++ b/k8s/apps/openclarity/kustomize/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: +- name: openclarity + repo: oci://ghcr.io/openclarity/charts + version: "1.1.2" + releaseName: openclarity + namespace: openclarity + valuesFile: ../values.yaml diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index 3b7a43a9f..b7ec37417 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -78,7 +78,6 @@ yaraRuleServer: requests: {} crDiscoveryServer: - replicas: 1 resources: limits: {} requests: {} From 0c5800233238496c058007b1869040904df12ea7 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 04:11:19 +0900 Subject: [PATCH 1066/1209] feat: update ArgoCD applications.yaml to exclude additional directories in path Signed-off-by: walnuts1018 --- k8s/_argocd/applications/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/applications/apps.yaml b/k8s/_argocd/applications/apps.yaml index c6283bf78..a5e01b083 100644 --- a/k8s/_argocd/applications/apps.yaml +++ b/k8s/_argocd/applications/apps.yaml @@ -26,7 +26,7 @@ spec: path: '{{.path.path}}' directory: recurse: true - exclude: 'config/*' + exclude: '{config/*,_*/*}' jsonnet: tlas: - name: '' From a09b4a066be33944c300868de248e45188f0b655 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 04:12:59 +0900 Subject: [PATCH 1067/1209] feat: update path in helm.jsonnet to use _kustomize directory Signed-off-by: walnuts1018 --- .../openclarity/{kustomize => _kustomize}/kustomization.yaml | 0 k8s/apps/openclarity/helm.jsonnet | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename k8s/apps/openclarity/{kustomize => _kustomize}/kustomization.yaml (100%) diff --git a/k8s/apps/openclarity/kustomize/kustomization.yaml b/k8s/apps/openclarity/_kustomize/kustomization.yaml similarity index 100% rename from k8s/apps/openclarity/kustomize/kustomization.yaml rename to k8s/apps/openclarity/_kustomize/kustomization.yaml diff --git a/k8s/apps/openclarity/helm.jsonnet b/k8s/apps/openclarity/helm.jsonnet index 7b6522883..e49f930c5 100644 --- a/k8s/apps/openclarity/helm.jsonnet +++ b/k8s/apps/openclarity/helm.jsonnet @@ -20,7 +20,7 @@ server: 'https://kubernetes.default.svc', }, source: { - path: 'k8s/apps/openclarity/kustomize', + path: 'k8s/apps/openclarity/_kustomize', repoURL: 'https://github.com/walnuts1018/infra', targetRevision: 'main', }, From 56aa55e88ee190460b3af6e93b8c852f92e29d42 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 04:14:54 +0900 Subject: [PATCH 1068/1209] feat: enable Helm support in Kustomize build options for ArgoCD values.yaml Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 5bb130459..afe30948a 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -32,6 +32,7 @@ configs: users.anonymous.enabled: false users.session.duration: "168h" # 7 days application.resourceTrackingMethod: "annotation" + kustomize.buildOptions: --enable-helm params: otlp.address: 'default-collector.opentelemetry-collector.svc.cluster.local:4317' server.insecure: true From 3b9a921678b1af007ab707e4c4570445e89c911e Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 04:22:26 +0900 Subject: [PATCH 1069/1209] feat: add container security context to OpenClarity values.yaml Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index b7ec37417..b4419fbb5 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -82,3 +82,7 @@ crDiscoveryServer: limits: {} requests: {} env: false #TODO: https://github.com/openclarity/openclarity/pull/980 + containerSecurityContext: + enabled: true + privileged: true + readOnlyRootFilesystem: false From 135db358199c58c3470349987fd6b39102554c87 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 04:23:49 +0900 Subject: [PATCH 1070/1209] feat: refactor helm.jsonnet to enable Helm chart configuration for OpenClarity Signed-off-by: walnuts1018 --- k8s/apps/openclarity/helm.jsonnet | 66 +++++++++++++++---------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/k8s/apps/openclarity/helm.jsonnet b/k8s/apps/openclarity/helm.jsonnet index e49f930c5..1f6f1a8c6 100644 --- a/k8s/apps/openclarity/helm.jsonnet +++ b/k8s/apps/openclarity/helm.jsonnet @@ -1,34 +1,34 @@ -// (import '../../components/helm.libsonnet') { -// name: (import 'app.json5').name, -// namespace: (import 'app.json5').namespace, -// ociChartURL: 'ghcr.io/openclarity/charts/openclarity', -// targetRevision: '1.1.2', -// values: (importstr 'values.yaml'), -// } - -{ - apiVersion: 'argoproj.io/v1alpha1', - kind: 'Application', - metadata: { - name: (import 'app.json5').name + '-helm', - namespace: 'argocd', - }, - spec: { - project: 'default', - destination: { - namespace: (import 'app.json5').namespace, - server: 'https://kubernetes.default.svc', - }, - source: { - path: 'k8s/apps/openclarity/_kustomize', - repoURL: 'https://github.com/walnuts1018/infra', - targetRevision: 'main', - }, - syncPolicy: { - automated: { - selfHeal: true, - prune: true, - }, - }, - }, +(import '../../components/helm.libsonnet') { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + ociChartURL: 'ghcr.io/openclarity/charts/openclarity', + targetRevision: '1.1.2', + values: (importstr 'values.yaml'), } + +// { +// apiVersion: 'argoproj.io/v1alpha1', +// kind: 'Application', +// metadata: { +// name: (import 'app.json5').name + '-helm', +// namespace: 'argocd', +// }, +// spec: { +// project: 'default', +// destination: { +// namespace: (import 'app.json5').namespace, +// server: 'https://kubernetes.default.svc', +// }, +// source: { +// path: 'k8s/apps/openclarity/_kustomize', +// repoURL: 'https://github.com/walnuts1018/infra', +// targetRevision: 'main', +// }, +// syncPolicy: { +// automated: { +// selfHeal: true, +// prune: true, +// }, +// }, +// }, +// } From 924622a081c86eef6ecaa149f0ea93a999421f86 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 04:27:23 +0900 Subject: [PATCH 1071/1209] feat: add ignoreDifferences for StatefulSet and HorizontalPodAutoscaler in ArgoCD values.yaml Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index afe30948a..4032e4ff6 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -20,6 +20,12 @@ configs: resource.customizations.ignoreDifferences.apps_Deployment: | jsonPointers: - /spec/replicas + resource.customizations.ignoreDifferences.apps_StatefulSet: | + jsonPointers: + - /spec/replicas + resource.customizations.ignoreDifferences.autoscaling_HorizontalPodAutoscaler: | + jsonPointers: + - /spec/metrics oidc.config: | name: walnuts-dev issuer: https://auth.walnuts.dev From 859c85dd87511d640772524c88e8fa42b48396ae Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 04:31:03 +0900 Subject: [PATCH 1072/1209] feat: add allowPrivilegeEscalation to container security context in OpenClarity values.yaml Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index b4419fbb5..f9051233f 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -84,5 +84,6 @@ crDiscoveryServer: env: false #TODO: https://github.com/openclarity/openclarity/pull/980 containerSecurityContext: enabled: true + allowPrivilegeEscalation: true privileged: true readOnlyRootFilesystem: false From 57c26016a73812b61d8e10a7d3d2814a8804239b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 05:08:59 +0900 Subject: [PATCH 1073/1209] feat: add CPU limit to PostgreSQL deployment in postgresql.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/postgresql-default/postgresql.jsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/apps/postgresql-default/postgresql.jsonnet b/k8s/apps/postgresql-default/postgresql.jsonnet index c6e1f6b54..4c8b3abbe 100644 --- a/k8s/apps/postgresql-default/postgresql.jsonnet +++ b/k8s/apps/postgresql-default/postgresql.jsonnet @@ -41,6 +41,7 @@ local databases = (import 'databases.libsonnet'); memory: '600Mi', }, limits: { + cpu: '2', memory: '2Gi', }, }, From 23330684e42fce6234e2280ddde4d06056827c2c Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 05:13:19 +0900 Subject: [PATCH 1074/1209] feat: add resource limits and requests for ArgoCD controller in values.yaml Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 4032e4ff6..77366b13f 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -58,6 +58,13 @@ controller: enabled: true serviceMonitor: enabled: true + resources: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 800m + memory: 512Mi dex: metrics: From f8db58724ce5b20dc6d3b46891a1dfcca1bb6ce6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 25 Jan 2025 05:53:36 +0900 Subject: [PATCH 1075/1209] chore(deps): update renovate/renovate docker tag to v39.133.3 (#1379) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index ea4cfd76e..68641c59e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.133.2', + image: 'renovate/renovate:39.133.3', resources: { requests: { cpu: '500m', From afdb2e692c254c95d6dc1e2c3725e574fecc7497 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 06:08:34 +0900 Subject: [PATCH 1076/1209] feat: add image registry and repository for OpenClarity CR Discovery Server Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index f9051233f..cb652431a 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -87,3 +87,7 @@ crDiscoveryServer: allowPrivilegeEscalation: true privileged: true readOnlyRootFilesystem: false + # TODO: rm + image: + registry: ghcr.io + repository: walnuts1018/openclarity-cr-discovery-server From 87275af9bfca06770f217a70b55ac7df4a57e151 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 06:16:56 +0900 Subject: [PATCH 1077/1209] feat: add capabilities and runAsNonRoot settings to OpenClarity security context Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index cb652431a..5a820cb15 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -87,6 +87,8 @@ crDiscoveryServer: allowPrivilegeEscalation: true privileged: true readOnlyRootFilesystem: false + capabilities: [] + runAsNonRoot: false # TODO: rm image: registry: ghcr.io From 791e55ab865abc49d39aa1b22fa6f8d14956d785 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 06:17:35 +0900 Subject: [PATCH 1078/1209] feat: update capabilities format in OpenClarity values.yaml Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index 5a820cb15..c9693b955 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -87,7 +87,7 @@ crDiscoveryServer: allowPrivilegeEscalation: true privileged: true readOnlyRootFilesystem: false - capabilities: [] + capabilities: {} runAsNonRoot: false # TODO: rm image: From 80016cbef84d1170acc0f00dfcc9f9e8b31ba77b Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 06:18:28 +0900 Subject: [PATCH 1079/1209] feat: add capability drop settings to OpenClarity values.yaml Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index c9693b955..bd38ef38b 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -87,7 +87,8 @@ crDiscoveryServer: allowPrivilegeEscalation: true privileged: true readOnlyRootFilesystem: false - capabilities: {} + capabilities: + drop: [] runAsNonRoot: false # TODO: rm image: From 923f4f9299c3a8723636a0e15f9cb92b4d45131f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 25 Jan 2025 06:22:59 +0900 Subject: [PATCH 1080/1209] chore(deps): update helm release kube-prometheus-stack to v68.3.2 (#1380) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 589ffa232..4fac65fc0 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.3.0', + targetRevision: '68.3.2', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 2f6e7981384eb0ba020e21158a79cfe1046a0c70 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 06:37:02 +0900 Subject: [PATCH 1081/1209] feat: add podSecurityContext settings to OpenClarity values.yaml Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index bd38ef38b..0c7fd104f 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -82,6 +82,9 @@ crDiscoveryServer: limits: {} requests: {} env: false #TODO: https://github.com/openclarity/openclarity/pull/980 + podSecurityContext: + enabled: true + fsGroup: 1001 containerSecurityContext: enabled: true allowPrivilegeEscalation: true From a36dbb4cffeea7596fdcdcfefb37efc82c858a11 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 06:47:14 +0900 Subject: [PATCH 1082/1209] feat: remove unnecessary security context settings from OpenClarity values.yaml Signed-off-by: walnuts1018 --- k8s/apps/openclarity/values.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml index 0c7fd104f..1f3c64860 100644 --- a/k8s/apps/openclarity/values.yaml +++ b/k8s/apps/openclarity/values.yaml @@ -90,10 +90,3 @@ crDiscoveryServer: allowPrivilegeEscalation: true privileged: true readOnlyRootFilesystem: false - capabilities: - drop: [] - runAsNonRoot: false - # TODO: rm - image: - registry: ghcr.io - repository: walnuts1018/openclarity-cr-discovery-server From 0a1f05b9261e1db3f6002288a1877b48a8350f02 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sat, 25 Jan 2025 07:22:54 +0900 Subject: [PATCH 1083/1209] feat: remove OpenClarity configuration files and values Signed-off-by: walnuts1018 --- .../openclarity/_kustomize/kustomization.yaml | 9 -- k8s/apps/openclarity/app.json5 | 4 - k8s/apps/openclarity/external-secret.jsonnet | 27 ------ k8s/apps/openclarity/helm.jsonnet | 34 ------- k8s/apps/openclarity/oauth2-proxy.jsonnet | 14 --- k8s/apps/openclarity/values.yaml | 92 ------------------- 6 files changed, 180 deletions(-) delete mode 100644 k8s/apps/openclarity/_kustomize/kustomization.yaml delete mode 100644 k8s/apps/openclarity/app.json5 delete mode 100644 k8s/apps/openclarity/external-secret.jsonnet delete mode 100644 k8s/apps/openclarity/helm.jsonnet delete mode 100644 k8s/apps/openclarity/oauth2-proxy.jsonnet delete mode 100644 k8s/apps/openclarity/values.yaml diff --git a/k8s/apps/openclarity/_kustomize/kustomization.yaml b/k8s/apps/openclarity/_kustomize/kustomization.yaml deleted file mode 100644 index 333a76d47..000000000 --- a/k8s/apps/openclarity/_kustomize/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -helmCharts: -- name: openclarity - repo: oci://ghcr.io/openclarity/charts - version: "1.1.2" - releaseName: openclarity - namespace: openclarity - valuesFile: ../values.yaml diff --git a/k8s/apps/openclarity/app.json5 b/k8s/apps/openclarity/app.json5 deleted file mode 100644 index a17a0722a..000000000 --- a/k8s/apps/openclarity/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "openclarity", - namespace: "openclarity", -} diff --git a/k8s/apps/openclarity/external-secret.jsonnet b/k8s/apps/openclarity/external-secret.jsonnet deleted file mode 100644 index 76a3db4ad..000000000 --- a/k8s/apps/openclarity/external-secret.jsonnet +++ /dev/null @@ -1,27 +0,0 @@ -std.mergePatch((import '../../components/external-secret.libsonnet') { - name: (import 'app.json5').name, - use_suffix: false, - data: [ - { - secretKey: 'dbpassword', - remoteRef: { - key: 'postgres_passwords', - property: 'openclarity', - }, - }, - ], -}, { - spec: { - target: { - template: { - engineVersion: 'v2', - type: 'Opaque', - data: { - username: 'openclarity', - password: '{{ .dbpassword }}', - database: 'openclarity', - }, - }, - }, - }, -}) diff --git a/k8s/apps/openclarity/helm.jsonnet b/k8s/apps/openclarity/helm.jsonnet deleted file mode 100644 index 1f6f1a8c6..000000000 --- a/k8s/apps/openclarity/helm.jsonnet +++ /dev/null @@ -1,34 +0,0 @@ -(import '../../components/helm.libsonnet') { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - ociChartURL: 'ghcr.io/openclarity/charts/openclarity', - targetRevision: '1.1.2', - values: (importstr 'values.yaml'), -} - -// { -// apiVersion: 'argoproj.io/v1alpha1', -// kind: 'Application', -// metadata: { -// name: (import 'app.json5').name + '-helm', -// namespace: 'argocd', -// }, -// spec: { -// project: 'default', -// destination: { -// namespace: (import 'app.json5').namespace, -// server: 'https://kubernetes.default.svc', -// }, -// source: { -// path: 'k8s/apps/openclarity/_kustomize', -// repoURL: 'https://github.com/walnuts1018/infra', -// targetRevision: 'main', -// }, -// syncPolicy: { -// automated: { -// selfHeal: true, -// prune: true, -// }, -// }, -// }, -// } diff --git a/k8s/apps/openclarity/oauth2-proxy.jsonnet b/k8s/apps/openclarity/oauth2-proxy.jsonnet deleted file mode 100644 index 5827a89b9..000000000 --- a/k8s/apps/openclarity/oauth2-proxy.jsonnet +++ /dev/null @@ -1,14 +0,0 @@ -(import '../../components/oauth2-proxy/oauth2-proxy.libsonnet')({ - app: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - }, - domain: 'openclarity.walnuts.dev', - upstream: 'http://openclarity-gateway.openclarity.svc.cluster.local:80', - oidc: { - secret: { - onepassword_item_name: 'openclarity-oauth2-proxy', - }, - allowed_group: '237477822715658605:openclarity-admin', - }, -},) diff --git a/k8s/apps/openclarity/values.yaml b/k8s/apps/openclarity/values.yaml deleted file mode 100644 index 1f3c64860..000000000 --- a/k8s/apps/openclarity/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiserver: - replicas: 1 - database: - postgresql: - enabled: false - externalPostgresql: - enabled: true - host: "postgresql-default.databases.svc.cluster.local" - port: 5432 - auth: - existingSecret: "openclarity" - logLevel: info - resources: - limits: {} - requests: {} - -orchestrator: - replicas: 1 - provider: kubernetes - serviceAccount: - automountServiceAccountToken: true - resources: - limits: {} - requests: {} - -ui: - replicas: 1 - resources: - limits: {} - requests: {} - -uibackend: - replicas: 1 - resources: - limits: {} - requests: {} - -gateway: - replicas: 1 - resources: - limits: {} - requests: {} - -exploitDBServer: - replicas: 1 - resources: - limits: {} - requests: {} - -trivyServer: - replicas: 1 - resources: - limits: {} - requests: {} - -grypeServer: - replicas: 1 - resources: - limits: {} - requests: {} - -freshclamMirror: - replicas: 1 - resources: - limits: {} - requests: {} - -swaggerUI: - replicas: 1 - resources: - limits: {} - requests: {} - -yaraRuleServer: - replicas: 1 - resources: - limits: {} - requests: {} - -crDiscoveryServer: - resources: - limits: {} - requests: {} - env: false #TODO: https://github.com/openclarity/openclarity/pull/980 - podSecurityContext: - enabled: true - fsGroup: 1001 - containerSecurityContext: - enabled: true - allowPrivilegeEscalation: true - privileged: true - readOnlyRootFilesystem: false From c728955f7b4e151b8df3b33cfb3f5bbb73a7d6f8 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 25 Jan 2025 07:52:48 +0900 Subject: [PATCH 1084/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v116d432f8a0189b4c8efcd41fa7306ccd664bedb-380 (#1381) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 4a1eb5a7b..562a9edfa 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:24357dc439599a0a350295911a8d534849cd8d2e-377', + image: 'ghcr.io/walnuts1018/walnuts.dev:116d432f8a0189b4c8efcd41fa7306ccd664bedb-380', imagePullPolicy: 'IfNotPresent', ports: [ { From fc5791349d2973949ca4e0d97b7d3edadd2fbcc6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 25 Jan 2025 17:23:13 +0900 Subject: [PATCH 1085/1209] chore(deps): update renovate/renovate docker tag to v39.133.4 (#1382) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 68641c59e..86bd62f6f 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.133.3', + image: 'renovate/renovate:39.133.4', resources: { requests: { cpu: '500m', From 9c6e7ed3f8901f66deb687fb1b2f4ad80dfb51ca Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 26 Jan 2025 05:32:49 +0900 Subject: [PATCH 1086/1209] feat: add PostgreSQL test configuration files Signed-off-by: walnuts1018 --- k8s/apps/postgresql-test/app.json5 | 4 ++ k8s/apps/postgresql-test/postgresql.jsonnet | 49 +++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 k8s/apps/postgresql-test/app.json5 create mode 100644 k8s/apps/postgresql-test/postgresql.jsonnet diff --git a/k8s/apps/postgresql-test/app.json5 b/k8s/apps/postgresql-test/app.json5 new file mode 100644 index 000000000..2158e6f5c --- /dev/null +++ b/k8s/apps/postgresql-test/app.json5 @@ -0,0 +1,4 @@ +{ + name: "postgresql-test", + namespace: "sandbox", +} diff --git a/k8s/apps/postgresql-test/postgresql.jsonnet b/k8s/apps/postgresql-test/postgresql.jsonnet new file mode 100644 index 000000000..7f6f354d1 --- /dev/null +++ b/k8s/apps/postgresql-test/postgresql.jsonnet @@ -0,0 +1,49 @@ +{ + apiVersion: 'acid.zalan.do/v1', + kind: 'postgresql', + metadata: { + name: 'default', + }, + spec: { + teamId: 'default', + volume: { + size: '1Gi', + storageClass: 'longhorn', + }, + numberOfInstances: 1, + users: { + postgres: [ + 'superuser', + 'createdb', + ], + test: [], + }, + databases: { + [test]: test, + }, + postgresql: { + version: '17', + parameters: { + max_standby_archive_delay: '180s', + max_standby_streaming_delay: '180s', + }, + }, + resources: { + }, + patroni: { + pg_hba: [ + 'local all all trust', + 'hostssl all +zalandos 127.0.0.1/32 pam', + 'host all all 127.0.0.1/32 md5', + 'hostssl all +zalandos ::1/128 pam', + 'host all all ::1/128 md5', + 'local replication standby trust', + 'hostssl replication standby all md5', + 'hostssl all +zalandos all pam', + 'hostssl all all all md5', + 'host all all 10.0.0.0/8 md5', + ], + }, + enableLogicalBackup: false, + }, +} From 19d62237a099526b0a5f2f2cf0842705804411af Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 26 Jan 2025 05:34:46 +0900 Subject: [PATCH 1087/1209] feat: rename PostgreSQL instance from 'default' to 'test' Signed-off-by: walnuts1018 --- k8s/apps/postgresql-test/postgresql.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-test/postgresql.jsonnet b/k8s/apps/postgresql-test/postgresql.jsonnet index 7f6f354d1..e4fd84eec 100644 --- a/k8s/apps/postgresql-test/postgresql.jsonnet +++ b/k8s/apps/postgresql-test/postgresql.jsonnet @@ -2,7 +2,7 @@ apiVersion: 'acid.zalan.do/v1', kind: 'postgresql', metadata: { - name: 'default', + name: 'test', }, spec: { teamId: 'default', From 8ab254db0e986ca019859192f99cd95c48165f13 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 26 Jan 2025 05:35:45 +0900 Subject: [PATCH 1088/1209] fix: correct PostgreSQL test database key assignment in configuration Signed-off-by: walnuts1018 --- k8s/apps/postgresql-test/postgresql.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/postgresql-test/postgresql.jsonnet b/k8s/apps/postgresql-test/postgresql.jsonnet index e4fd84eec..c03db4014 100644 --- a/k8s/apps/postgresql-test/postgresql.jsonnet +++ b/k8s/apps/postgresql-test/postgresql.jsonnet @@ -19,7 +19,7 @@ test: [], }, databases: { - [test]: test, + test: 'test', }, postgresql: { version: '17', From 445dd3631849e881c4da145c81d40bc1f0ac1831 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 26 Jan 2025 05:43:07 +0900 Subject: [PATCH 1089/1209] feat: rename PostgreSQL configuration from 'test' to 'misskey' and update settings Signed-off-by: walnuts1018 --- .../postgresql.jsonnet | 15 +++++++++------ k8s/apps/postgresql-test/app.json5 | 4 ---- 2 files changed, 9 insertions(+), 10 deletions(-) rename k8s/apps/{postgresql-test => misskey}/postgresql.jsonnet (81%) delete mode 100644 k8s/apps/postgresql-test/app.json5 diff --git a/k8s/apps/postgresql-test/postgresql.jsonnet b/k8s/apps/misskey/postgresql.jsonnet similarity index 81% rename from k8s/apps/postgresql-test/postgresql.jsonnet rename to k8s/apps/misskey/postgresql.jsonnet index c03db4014..ae1376a73 100644 --- a/k8s/apps/postgresql-test/postgresql.jsonnet +++ b/k8s/apps/misskey/postgresql.jsonnet @@ -2,24 +2,25 @@ apiVersion: 'acid.zalan.do/v1', kind: 'postgresql', metadata: { - name: 'test', + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, }, spec: { teamId: 'default', volume: { - size: '1Gi', + size: '5Gi', storageClass: 'longhorn', }, - numberOfInstances: 1, + numberOfInstances: 2, users: { postgres: [ 'superuser', 'createdb', ], - test: [], + misskey: [], }, databases: { - test: 'test', + misskey: 'misskey', }, postgresql: { version: '17', @@ -44,6 +45,8 @@ 'host all all 10.0.0.0/8 md5', ], }, - enableLogicalBackup: false, + enableLogicalBackup: true, + logicalBackupRetention: '1 week', + logicalBackupSchedule: '0 18 * * *', }, } diff --git a/k8s/apps/postgresql-test/app.json5 b/k8s/apps/postgresql-test/app.json5 deleted file mode 100644 index 2158e6f5c..000000000 --- a/k8s/apps/postgresql-test/app.json5 +++ /dev/null @@ -1,4 +0,0 @@ -{ - name: "postgresql-test", - namespace: "sandbox", -} From f97514c1e7e4bcea47881a45c57cc6eecf4944dc Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 26 Jan 2025 05:44:51 +0900 Subject: [PATCH 1090/1209] feat: append '-postgresql' to PostgreSQL instance name in configuration Signed-off-by: walnuts1018 --- k8s/apps/misskey/postgresql.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/misskey/postgresql.jsonnet b/k8s/apps/misskey/postgresql.jsonnet index ae1376a73..50af35f12 100644 --- a/k8s/apps/misskey/postgresql.jsonnet +++ b/k8s/apps/misskey/postgresql.jsonnet @@ -2,7 +2,7 @@ apiVersion: 'acid.zalan.do/v1', kind: 'postgresql', metadata: { - name: (import 'app.json5').name, + name: (import 'app.json5').name + '-postgresql', namespace: (import 'app.json5').namespace, }, spec: { From 47a66fe4da73a700fef62c158e88281ff2a3a701 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 26 Jan 2025 10:12:58 +0900 Subject: [PATCH 1091/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.300.2 (#1383) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 0c0313747..6f89ebcef 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.300.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.300.2 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From 6a548676e1a762188d4ea0abb97d7bd317023816 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 26 Jan 2025 08:06:50 +0000 Subject: [PATCH 1092/1209] chore(deps): update helm release redis-operator to v0.19.2 --- k8s/apps/redis-operator/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/redis-operator/helm.jsonnet b/k8s/apps/redis-operator/helm.jsonnet index ddf98572b..e630dea34 100644 --- a/k8s/apps/redis-operator/helm.jsonnet +++ b/k8s/apps/redis-operator/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'redis-operator', repoURL: 'https://ot-container-kit.github.io/helm-charts/', - targetRevision: '0.19.1', + targetRevision: '0.19.2', values: (importstr 'values.yaml'), } From 433a637ed39dbd4ec052eeaf1726dd66f7cf1c96 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 27 Jan 2025 07:13:08 +0900 Subject: [PATCH 1093/1209] chore(deps): update renovate/renovate docker tag to v39.134.0 (#1386) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 86bd62f6f..f6f72d0f8 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.133.4', + image: 'renovate/renovate:39.134.0', resources: { requests: { cpu: '500m', From d0a4d89748a6731c83c9c4c029bf54087f3b2bdf Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 27 Jan 2025 05:11:54 +0000 Subject: [PATCH 1094/1209] chore(deps): update gotson/komga docker tag to v1.19.0 --- k8s/apps/komga/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet index 5ef3c8965..5ec1938df 100644 --- a/k8s/apps/komga/statefulset.jsonnet +++ b/k8s/apps/komga/statefulset.jsonnet @@ -20,7 +20,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'komga', - image: 'gotson/komga:1.18.0', + image: 'gotson/komga:1.19.0', resources: { limits: { cpu: '500m', From f4476e5db9f4eca22e9d11921785f731cc38b4a7 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 27 Jan 2025 17:43:31 +0900 Subject: [PATCH 1095/1209] chore(deps): update renovate/renovate docker tag to v39.135.1 (#1388) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index f6f72d0f8..9df1aa2d0 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.134.0', + image: 'renovate/renovate:39.135.1', resources: { requests: { cpu: '500m', From 4f9419833b708a1b3e0f801bc38ad6b606450ced Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 27 Jan 2025 19:58:09 +0900 Subject: [PATCH 1096/1209] chore(deps): update renovate/renovate docker tag to v39.135.2 (#1389) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 9df1aa2d0..8d02c3dd8 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.135.1', + image: 'renovate/renovate:39.135.2', resources: { requests: { cpu: '500m', From fb2160cff536539621f61fd866db16f4654b3d4c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 27 Jan 2025 21:13:21 +0900 Subject: [PATCH 1097/1209] chore(deps): update renovate/renovate docker tag to v39.135.3 (#1390) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 8d02c3dd8..256cfb839 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.135.2', + image: 'renovate/renovate:39.135.3', resources: { requests: { cpu: '500m', From 6fb21c4eca4f014797d89a97a134761b3eefc4ae Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 27 Jan 2025 21:47:53 +0900 Subject: [PATCH 1098/1209] chore(deps): update renovate/renovate docker tag to v39.136.0 (#1391) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 256cfb839..57bf8740b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.135.3', + image: 'renovate/renovate:39.136.0', resources: { requests: { cpu: '500m', From 952d3931005d0fb7ebd77fb2f1ea0e88e7648217 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 00:43:21 +0900 Subject: [PATCH 1099/1209] chore(deps): update renovate/renovate docker tag to v39.136.1 (#1393) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 57bf8740b..b1ea606a2 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.136.0', + image: 'renovate/renovate:39.136.1', resources: { requests: { cpu: '500m', From bc6ed8dcdd4d1e292e4b35b819041b9ac54903ca Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 00:43:33 +0900 Subject: [PATCH 1100/1209] chore(deps): update helm release argo-cd to v7.7.18 (#1392) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 134021eb0..65a90e824 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.17', + targetRevision: '7.7.18', values: (importstr 'values.yaml'), } From 7ea766f309b4312589c0eaf593798f5f4d195b81 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 03:33:02 +0900 Subject: [PATCH 1101/1209] chore(deps): update renovate/renovate docker tag to v39.136.2 (#1394) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b1ea606a2..f9c8923d7 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.136.1', + image: 'renovate/renovate:39.136.2', resources: { requests: { cpu: '500m', From 54e5ad9a96c4944c00df1f22deeb928a14cceb3b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 04:13:28 +0900 Subject: [PATCH 1102/1209] chore(deps): update renovate/renovate docker tag to v39.137.0 (#1395) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index f9c8923d7..c4983e82f 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.136.2', + image: 'renovate/renovate:39.137.0', resources: { requests: { cpu: '500m', From db179a10060467689ab3378b651c3bb1fa982e90 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 05:53:04 +0900 Subject: [PATCH 1103/1209] chore(deps): update renovate/renovate docker tag to v39.137.1 (#1396) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index c4983e82f..a0bbf53ee 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.137.0', + image: 'renovate/renovate:39.137.1', resources: { requests: { cpu: '500m', From 776d5edc280a6e72a4bddcfbefd206bdea182f0c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 06:52:40 +0900 Subject: [PATCH 1104/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to dda335140feef858484beb1748b62a810e90727b-381 (#1397) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 562a9edfa..03ad0eae7 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:116d432f8a0189b4c8efcd41fa7306ccd664bedb-380', + image: 'ghcr.io/walnuts1018/walnuts.dev:dda335140feef858484beb1748b62a810e90727b-381', imagePullPolicy: 'IfNotPresent', ports: [ { From 9e898562f167133bdac24581e27c3586e3160df6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 08:48:04 +0900 Subject: [PATCH 1105/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.301.0 (#1398) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 6f89ebcef..7884e91f0 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.300.2 # renovate: depName=aquaproj/aqua-registry + ref: v4.301.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From 83c70e62c3fabe76899d1ad492c5109bfb52214d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 15:37:39 +0900 Subject: [PATCH 1106/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v60bdad2a2717fc3ded74014643f4fbfc955870cc-382 (#1399) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 03ad0eae7..7944913b8 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:dda335140feef858484beb1748b62a810e90727b-381', + image: 'ghcr.io/walnuts1018/walnuts.dev:60bdad2a2717fc3ded74014643f4fbfc955870cc-382', imagePullPolicy: 'IfNotPresent', ports: [ { From 75793d36670eaffe74d119cedbee9c2f0fcabe77 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 16:59:01 +0900 Subject: [PATCH 1107/1209] chore(deps): update renovate/renovate docker tag to v39.137.2 (#1400) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index a0bbf53ee..6d05fc46a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.137.1', + image: 'renovate/renovate:39.137.2', resources: { requests: { cpu: '500m', From 9bcce16dadc4b472d29c46ae6b34156d9cad800b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 17:28:51 +0900 Subject: [PATCH 1108/1209] chore(deps): update helm release argo-cd to v7.7.20 (#1401) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 65a90e824..c1707f538 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.18', + targetRevision: '7.7.20', values: (importstr 'values.yaml'), } From faef3ee5e3a0eb3dddd83e61c0f93896b7d0f9c0 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 19:14:13 +0900 Subject: [PATCH 1109/1209] chore(deps): update helm release argo-cd to v7.7.21 (#1402) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index c1707f538..ab1592ce7 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.20', + targetRevision: '7.7.21', values: (importstr 'values.yaml'), } From e840c21617919fe0d70b7fbfdd213c0ad2af1816 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 19:53:54 +0900 Subject: [PATCH 1110/1209] chore(deps): update renovate/renovate docker tag to v39.138.0 (#1403) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 6d05fc46a..0a63bbadf 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.137.2', + image: 'renovate/renovate:39.138.0', resources: { requests: { cpu: '500m', From e1f9abd8b2d5a9c703716ace9928d49b79753005 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 22:08:57 +0900 Subject: [PATCH 1111/1209] chore(deps): update renovate/renovate docker tag to v39.138.1 (#1404) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0a63bbadf..bfe08590f 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.138.0', + image: 'renovate/renovate:39.138.1', resources: { requests: { cpu: '500m', From 0a17a05e64b09bcc7fabdb92d0dd20cb136f6a75 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 28 Jan 2025 13:12:42 +0000 Subject: [PATCH 1112/1209] chore(deps): update misskey/misskey docker tag to v2025 --- k8s/apps/misskey/deployment.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet index 614737e6d..f084e0bdb 100644 --- a/k8s/apps/misskey/deployment.jsonnet +++ b/k8s/apps/misskey/deployment.jsonnet @@ -26,7 +26,7 @@ initContainers: [ (import '../../components/container.libsonnet') { name: 'misskey-init', - image: 'misskey/misskey:2024.11.0', + image: 'misskey/misskey:2025.1.0', imagePullPolicy: 'IfNotPresent', command: [ 'pnpm', @@ -49,7 +49,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'misskey', - image: 'misskey/misskey:2024.11.0', + image: 'misskey/misskey:2025.1.0', imagePullPolicy: 'IfNotPresent', ports: [ { From f860f89b3a1f520ad691c4ca371f99990730de2c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 28 Jan 2025 23:19:03 +0900 Subject: [PATCH 1113/1209] chore(deps): update renovate/renovate docker tag to v39.138.2 (#1406) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index bfe08590f..911a4f8a8 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.138.1', + image: 'renovate/renovate:39.138.2', resources: { requests: { cpu: '500m', From ca11adf8f7da8540aeda38b56cb073c6b7a95a37 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 29 Jan 2025 01:09:12 +0900 Subject: [PATCH 1114/1209] chore(deps): update renovate/renovate docker tag to v39.139.0 (#1407) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 911a4f8a8..1c9a756fa 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.138.2', + image: 'renovate/renovate:39.139.0', resources: { requests: { cpu: '500m', From fcb09efd476d2f8a56ffb4ff863f1e7fbff9a896 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 29 Jan 2025 02:18:33 +0900 Subject: [PATCH 1115/1209] chore(deps): update renovate/renovate docker tag to v39.140.0 (#1408) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 1c9a756fa..0478df337 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.139.0', + image: 'renovate/renovate:39.140.0', resources: { requests: { cpu: '500m', From 0349ef2cf115090239b63daebf1784447061b2e6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 29 Jan 2025 07:58:20 +0900 Subject: [PATCH 1116/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.302.0 (#1409) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 7884e91f0..67c662e57 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.301.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.302.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From 2e01c9921fbb5cf2886eac4bfcb6ac9037491163 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 29 Jan 2025 08:03:47 +0900 Subject: [PATCH 1117/1209] chore(deps): update helm release kube-prometheus-stack to v68.3.3 (#1410) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 4fac65fc0..f606784f8 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.3.2', + targetRevision: '68.3.3', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 8d0a3155604aee7d86a09b4d6a2b5e88fba166e2 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 29 Jan 2025 10:18:52 +0900 Subject: [PATCH 1118/1209] chore(deps): update renovate/renovate docker tag to v39.140.1 (#1411) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 0478df337..f18092a59 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.140.0', + image: 'renovate/renovate:39.140.1', resources: { requests: { cpu: '500m', From 577d945e76c01d0da8aade0ff675311002779939 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 29 Jan 2025 21:00:02 +0900 Subject: [PATCH 1119/1209] fix: correct branch prefix from 'rennovate/' to 'renovate/' Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index f18092a59..2e11f3f30 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -49,7 +49,7 @@ memory: '2Gi', }, }, - local branch_prefix = 'rennovate/', + local branch_prefix = 'renovate/', env: [ { name: 'LOG_LEVEL', From 8ab09d92c71d51ace0681ea79c7655a1df721e65 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Wed, 29 Jan 2025 21:15:18 +0900 Subject: [PATCH 1120/1209] fix: format cloudflare account resource attributes Signed-off-by: walnuts1018 --- terraform/modules/cloudflare/account.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/modules/cloudflare/account.tf b/terraform/modules/cloudflare/account.tf index 63c80c256..28987d081 100644 --- a/terraform/modules/cloudflare/account.tf +++ b/terraform/modules/cloudflare/account.tf @@ -1,4 +1,4 @@ resource "cloudflare_account" "walnuts1018" { - name = "walnuts1018" - type = "standard" + name = "walnuts1018" + type = "standard" } From 47157680d5891d60caa5fe8dcb0d3d2598a0227e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 29 Jan 2025 15:18:21 +0000 Subject: [PATCH 1121/1209] chore(deps): update helm release kube-prometheus-stack to v68.4.0 --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index f606784f8..6e086a454 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.3.3', + targetRevision: '68.4.0', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 757718f3e6939ec9fb8caf13d7831b34af18088a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 00:19:00 +0900 Subject: [PATCH 1122/1209] chore(deps): update renovate/renovate docker tag to v39.140.2 (#1416) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 2e11f3f30..310926d11 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.140.1', + image: 'renovate/renovate:39.140.2', resources: { requests: { cpu: '500m', From f7be85fefc32bb4ec6d8a354e0ef381d9e4a614b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 00:43:31 +0900 Subject: [PATCH 1123/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.302.1 (#1418) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 67c662e57..b97d82af4 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.302.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.302.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From 7ecb0143c774862cda808568607c01c49747852e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 02:44:12 +0900 Subject: [PATCH 1124/1209] chore(deps): update renovate/renovate docker tag to v39.140.3 (#1419) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 310926d11..5eed5f8cf 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.140.2', + image: 'renovate/renovate:39.140.3', resources: { requests: { cpu: '500m', From 3e0be81cfdf173a59a455165dcb6f4367eaa824d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 03:18:46 +0900 Subject: [PATCH 1125/1209] chore(deps): update renovate/renovate docker tag to v39.141.0 (#1420) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 5eed5f8cf..59c2a892b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.140.3', + image: 'renovate/renovate:39.141.0', resources: { requests: { cpu: '500m', From ba9f328ee5dff15bb140606ae621344b28a884c3 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 06:48:45 +0900 Subject: [PATCH 1126/1209] chore(deps): update renovate/renovate docker tag to v39.142.0 (#1421) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 59c2a892b..abaf83c0c 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.141.0', + image: 'renovate/renovate:39.142.0', resources: { requests: { cpu: '500m', From a38284627df6b2ae9f6f6914b7cb10352906b005 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 07:53:53 +0900 Subject: [PATCH 1127/1209] chore(deps): update helm release argo-cd to v7.7.22 (#1422) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index ab1592ce7..88ebe528e 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.21', + targetRevision: '7.7.22', values: (importstr 'values.yaml'), } From 1c180c59bb70e8d4a930add96ed8de95b3156483 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 10:51:04 +0900 Subject: [PATCH 1128/1209] feat(minio): enable versioning for S3 bucket in tf-state configuration Signed-off-by: walnuts1018 --- terraform/modules/minio/tf-state.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/terraform/modules/minio/tf-state.tf b/terraform/modules/minio/tf-state.tf index 79ff713b5..091d92364 100644 --- a/terraform/modules/minio/tf-state.tf +++ b/terraform/modules/minio/tf-state.tf @@ -1,3 +1,11 @@ resource "aws_s3_bucket" "tf-state" { bucket = format("tf-state%s", var.bucket_name_suffix) } + + +resource "aws_s3_bucket_versioning" "tf-state" { + bucket = aws_s3_bucket.tf-state.id + versioning_configuration { + status = "Enabled" + } +} From d941b182406c03e907449a594dc8b48fc6264b92 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 14:35:43 +0900 Subject: [PATCH 1129/1209] fix(loki): increase resource requests for memory and CPU Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 7a8d9e1ff..c0f522b6c 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -94,8 +94,8 @@ read: targetMemoryUtilizationPercentage: 100 resources: requests: - memory: 160Mi - cpu: 20m + memory: 240Mi + cpu: 30m limits: memory: 1Gi cpu: 1 From 929eb85ece064ca60fe6281b2c8e495cdb3b0fcb Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 14:36:12 +0900 Subject: [PATCH 1130/1209] fix(loki): decrease memory request from 40Mi to 20Mi in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index c0f522b6c..59b1f78fe 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -164,7 +164,7 @@ gateway: targetMemoryUtilizationPercentage: 100 resources: requests: - memory: 40Mi + memory: 20Mi cpu: 10m limits: memory: 512Mi From 74c486c9b9ff7e6cae284b77dfdc33cf6c77d801 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 14:36:41 +0900 Subject: [PATCH 1131/1209] fix(loki): increase CPU request from 15m to 20m in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/loki/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/loki/values.yaml b/k8s/apps/loki/values.yaml index 59b1f78fe..ecdc1ec2c 100644 --- a/k8s/apps/loki/values.yaml +++ b/k8s/apps/loki/values.yaml @@ -128,7 +128,7 @@ backend: resources: requests: memory: 256Mi - cpu: 15m + cpu: 20m limits: memory: 1Gi cpu: 100m From 3092536c7a91c26c7663e26a918e12f96c8bcf33 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 14:39:43 +0900 Subject: [PATCH 1132/1209] feat(misskey): add Horizontal Pod Autoscaler and update resource requests Signed-off-by: walnuts1018 --- k8s/apps/misskey/deployment.jsonnet | 3 ++- k8s/apps/misskey/hpa.jsonnet | 40 +++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 k8s/apps/misskey/hpa.jsonnet diff --git a/k8s/apps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet index f084e0bdb..7542fb27b 100644 --- a/k8s/apps/misskey/deployment.jsonnet +++ b/k8s/apps/misskey/deployment.jsonnet @@ -108,7 +108,8 @@ }, resources: { requests: { - memory: '932Mi', + cpu: '10m', + memory: '256Mi', }, limits: {}, }, diff --git a/k8s/apps/misskey/hpa.jsonnet b/k8s/apps/misskey/hpa.jsonnet new file mode 100644 index 000000000..c3cb52e63 --- /dev/null +++ b/k8s/apps/misskey/hpa.jsonnet @@ -0,0 +1,40 @@ +{ + apiVersion: 'autoscaling/v2', + kind: 'HorizontalPodAutoscaler', + metadata: { + name: (import 'app.json5').name, + namespace: (import 'app.json5').namespace, + labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, + }, + spec: { + minReplicas: 1, + maxReplicas: 5, + metrics: [ + { + resource: { + name: 'cpu', + target: { + averageUtilization: 100, + type: 'Utilization', + }, + }, + type: 'Resource', + }, + { + resource: { + name: 'memory', + target: { + averageUtilization: 100, + type: 'Utilization', + }, + }, + type: 'Resource', + }, + ], + scaleTargetRef: { + apiVersion: 'apps/v1', + kind: 'Deployment', + name: (import 'deployment.jsonnet').metadata.name, + }, + }, +} From 45e600bd9100dac2dfa066ca8b14184700785f88 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 14:40:57 +0900 Subject: [PATCH 1133/1209] fix(tempo): update resource requests for CPU and memory in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/tempo/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/k8s/apps/tempo/values.yaml b/k8s/apps/tempo/values.yaml index c83d12d8f..bfa3c7639 100644 --- a/k8s/apps/tempo/values.yaml +++ b/k8s/apps/tempo/values.yaml @@ -1,7 +1,8 @@ tempo: resources: requests: - memory: 1Gi + cpu: 5m + memory: 256Mi limits: memory: 4Gi storage: From 5875ee7b9cb99de7059dc8ddbeab698c7e2004da Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 15:01:42 +0900 Subject: [PATCH 1134/1209] fix(misskey): update memory request to 720Mi and remove Horizontal Pod Autoscaler Signed-off-by: walnuts1018 --- k8s/apps/misskey/deployment.jsonnet | 2 +- k8s/apps/misskey/hpa.jsonnet | 40 ----------------------------- 2 files changed, 1 insertion(+), 41 deletions(-) delete mode 100644 k8s/apps/misskey/hpa.jsonnet diff --git a/k8s/apps/misskey/deployment.jsonnet b/k8s/apps/misskey/deployment.jsonnet index 7542fb27b..9d9a4eb6b 100644 --- a/k8s/apps/misskey/deployment.jsonnet +++ b/k8s/apps/misskey/deployment.jsonnet @@ -109,7 +109,7 @@ resources: { requests: { cpu: '10m', - memory: '256Mi', + memory: '720Mi', }, limits: {}, }, diff --git a/k8s/apps/misskey/hpa.jsonnet b/k8s/apps/misskey/hpa.jsonnet deleted file mode 100644 index c3cb52e63..000000000 --- a/k8s/apps/misskey/hpa.jsonnet +++ /dev/null @@ -1,40 +0,0 @@ -{ - apiVersion: 'autoscaling/v2', - kind: 'HorizontalPodAutoscaler', - metadata: { - name: (import 'app.json5').name, - namespace: (import 'app.json5').namespace, - labels: (import '../../components/labels.libsonnet') + { appname: (import 'app.json5').name }, - }, - spec: { - minReplicas: 1, - maxReplicas: 5, - metrics: [ - { - resource: { - name: 'cpu', - target: { - averageUtilization: 100, - type: 'Utilization', - }, - }, - type: 'Resource', - }, - { - resource: { - name: 'memory', - target: { - averageUtilization: 100, - type: 'Utilization', - }, - }, - type: 'Resource', - }, - ], - scaleTargetRef: { - apiVersion: 'apps/v1', - kind: 'Deployment', - name: (import 'deployment.jsonnet').metadata.name, - }, - }, -} From 57537b2379c7f26c3fe7f48083b7e09cd37b1215 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 15:04:29 +0900 Subject: [PATCH 1135/1209] fix(redis): add resource requests and limits for CPU and memory Signed-off-by: walnuts1018 --- k8s/components/oauth2-proxy/redis.libsonnet | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/k8s/components/oauth2-proxy/redis.libsonnet b/k8s/components/oauth2-proxy/redis.libsonnet index f931d9b75..fead049ff 100644 --- a/k8s/components/oauth2-proxy/redis.libsonnet +++ b/k8s/components/oauth2-proxy/redis.libsonnet @@ -19,6 +19,16 @@ key: 'redis-password', }, }, + resources: { + requests: { + cpu: '3m', + memory: '3Mi', + }, + limits: { + cpu: '100m', + memory: '128Mi', + }, + }, storage: { volumeClaimTemplate: { spec: { @@ -57,6 +67,16 @@ failoverTimeout: '180000', downAfterMilliseconds: '30000', }, + resources: { + requests: { + cpu: '3m', + memory: '3Mi', + }, + limits: { + cpu: '100m', + memory: '128Mi', + }, + }, kubernetesConfig: { image: 'quay.io/opstree/redis-sentinel:v7.0.12', imagePullPolicy: 'IfNotPresent', From 48377a86d57d04d51fcf84637b6bd076e188d278 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 15:11:20 +0900 Subject: [PATCH 1136/1209] fix(redis): restore resource requests and limits for CPU and memory Signed-off-by: walnuts1018 --- k8s/components/oauth2-proxy/redis.libsonnet | 38 ++++++++++----------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/k8s/components/oauth2-proxy/redis.libsonnet b/k8s/components/oauth2-proxy/redis.libsonnet index fead049ff..c152d806d 100644 --- a/k8s/components/oauth2-proxy/redis.libsonnet +++ b/k8s/components/oauth2-proxy/redis.libsonnet @@ -18,15 +18,15 @@ name: $.secret_name, key: 'redis-password', }, - }, - resources: { - requests: { - cpu: '3m', - memory: '3Mi', - }, - limits: { - cpu: '100m', - memory: '128Mi', + resources: { + requests: { + cpu: '3m', + memory: '3Mi', + }, + limits: { + cpu: '100m', + memory: '128Mi', + }, }, }, storage: { @@ -67,16 +67,6 @@ failoverTimeout: '180000', downAfterMilliseconds: '30000', }, - resources: { - requests: { - cpu: '3m', - memory: '3Mi', - }, - limits: { - cpu: '100m', - memory: '128Mi', - }, - }, kubernetesConfig: { image: 'quay.io/opstree/redis-sentinel:v7.0.12', imagePullPolicy: 'IfNotPresent', @@ -84,6 +74,16 @@ name: $.secret_name, key: 'redis-password', }, + resources: { + requests: { + cpu: '3m', + memory: '3Mi', + }, + limits: { + cpu: '100m', + memory: '128Mi', + }, + }, }, podSecurityContext: { fsGroup: 1000, From 5355886261c50bfba3ffc1bdf349fbc6716738ee Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 15:16:39 +0900 Subject: [PATCH 1137/1209] fix(redis): update memory requests to 4Mi in oauth2-proxy configuration Signed-off-by: walnuts1018 --- k8s/components/oauth2-proxy/redis.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/components/oauth2-proxy/redis.libsonnet b/k8s/components/oauth2-proxy/redis.libsonnet index c152d806d..483308ca5 100644 --- a/k8s/components/oauth2-proxy/redis.libsonnet +++ b/k8s/components/oauth2-proxy/redis.libsonnet @@ -21,7 +21,7 @@ resources: { requests: { cpu: '3m', - memory: '3Mi', + memory: '4Mi', }, limits: { cpu: '100m', @@ -77,7 +77,7 @@ resources: { requests: { cpu: '3m', - memory: '3Mi', + memory: '4Mi', }, limits: { cpu: '100m', From 3dcfcd6ad50f9e64fe3f7035ae1a36507a15efb0 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 15:17:05 +0900 Subject: [PATCH 1138/1209] fix(redis): update CPU resource requests to 4m in oauth2-proxy configuration Signed-off-by: walnuts1018 --- k8s/components/oauth2-proxy/redis.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/components/oauth2-proxy/redis.libsonnet b/k8s/components/oauth2-proxy/redis.libsonnet index 483308ca5..0ac02b1aa 100644 --- a/k8s/components/oauth2-proxy/redis.libsonnet +++ b/k8s/components/oauth2-proxy/redis.libsonnet @@ -20,7 +20,7 @@ }, resources: { requests: { - cpu: '3m', + cpu: '4m', memory: '4Mi', }, limits: { @@ -76,7 +76,7 @@ }, resources: { requests: { - cpu: '3m', + cpu: '4m', memory: '4Mi', }, limits: { From 85e0bc576ca689caba3e13f7bbae85efbe85ce80 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 16:44:13 +0900 Subject: [PATCH 1139/1209] chore(deps): update renovate/renovate docker tag to v39.143.0 (#1423) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index abaf83c0c..b3b79e65d 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.142.0', + image: 'renovate/renovate:39.143.0', resources: { requests: { cpu: '500m', From c4973906d65983ec3cfa727beff2e37f6ff4525d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 17:19:01 +0900 Subject: [PATCH 1140/1209] chore(deps): update renovate/renovate docker tag to v39.144.0 (#1424) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b3b79e65d..e8b22d169 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.143.0', + image: 'renovate/renovate:39.144.0', resources: { requests: { cpu: '500m', From 0359eb923f76ea6b8ad86563d9ac2d13f5df0750 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 17:49:10 +0900 Subject: [PATCH 1141/1209] chore(deps): update renovate/renovate docker tag to v39.144.1 (#1425) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e8b22d169..75456672d 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.144.0', + image: 'renovate/renovate:39.144.1', resources: { requests: { cpu: '500m', From 3f543d707bbc889ce92d95f30a8cc7b7f7388354 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 17:52:00 +0900 Subject: [PATCH 1142/1209] fix(redis): add storage volume claim template with 1Gi request in oauth2-proxy configuration Signed-off-by: walnuts1018 --- k8s/components/oauth2-proxy/redis.libsonnet | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/k8s/components/oauth2-proxy/redis.libsonnet b/k8s/components/oauth2-proxy/redis.libsonnet index 0ac02b1aa..ab0d88f0d 100644 --- a/k8s/components/oauth2-proxy/redis.libsonnet +++ b/k8s/components/oauth2-proxy/redis.libsonnet @@ -89,6 +89,20 @@ fsGroup: 1000, runAsUser: 1000, }, + storage: { + volumeClaimTemplate: { + spec: { + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '1Gi', + }, + }, + }, + }, + }, }, }, ], From 76f5e032522914e9b3019627a4464014833e229d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 17:52:38 +0900 Subject: [PATCH 1143/1209] fix(redis): add storage configuration for 1Gi volume claim in redis.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/openchokin/front/redis.jsonnet | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/k8s/apps/openchokin/front/redis.jsonnet b/k8s/apps/openchokin/front/redis.jsonnet index 430bed695..c5ad995d9 100644 --- a/k8s/apps/openchokin/front/redis.jsonnet +++ b/k8s/apps/openchokin/front/redis.jsonnet @@ -66,6 +66,20 @@ fsGroup: 1000, runAsUser: 1000, }, + storage: { + volumeClaimTemplate: { + spec: { + accessModes: [ + 'ReadWriteOnce', + ], + resources: { + requests: { + storage: '1Gi', + }, + }, + }, + }, + }, }, }, ] From 9dab084ada851ae110dc2fa219b836a2eba2bb21 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Thu, 30 Jan 2025 17:55:05 +0900 Subject: [PATCH 1144/1209] refactor(redis): remove redundant storage configuration from redis.jsonnet and oauth2-proxy Signed-off-by: walnuts1018 --- k8s/apps/openchokin/front/redis.jsonnet | 14 -------------- k8s/components/oauth2-proxy/redis.libsonnet | 14 -------------- 2 files changed, 28 deletions(-) diff --git a/k8s/apps/openchokin/front/redis.jsonnet b/k8s/apps/openchokin/front/redis.jsonnet index c5ad995d9..430bed695 100644 --- a/k8s/apps/openchokin/front/redis.jsonnet +++ b/k8s/apps/openchokin/front/redis.jsonnet @@ -66,20 +66,6 @@ fsGroup: 1000, runAsUser: 1000, }, - storage: { - volumeClaimTemplate: { - spec: { - accessModes: [ - 'ReadWriteOnce', - ], - resources: { - requests: { - storage: '1Gi', - }, - }, - }, - }, - }, }, }, ] diff --git a/k8s/components/oauth2-proxy/redis.libsonnet b/k8s/components/oauth2-proxy/redis.libsonnet index ab0d88f0d..0ac02b1aa 100644 --- a/k8s/components/oauth2-proxy/redis.libsonnet +++ b/k8s/components/oauth2-proxy/redis.libsonnet @@ -89,20 +89,6 @@ fsGroup: 1000, runAsUser: 1000, }, - storage: { - volumeClaimTemplate: { - spec: { - accessModes: [ - 'ReadWriteOnce', - ], - resources: { - requests: { - storage: '1Gi', - }, - }, - }, - }, - }, }, }, ], From 0d2f9b1f6c0ab3f90bebe297875782a3853d163a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 18:24:01 +0900 Subject: [PATCH 1145/1209] chore(deps): update renovate/renovate docker tag to v39.144.2 (#1426) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 75456672d..cfd406320 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.144.1', + image: 'renovate/renovate:39.144.2', resources: { requests: { cpu: '500m', From 18a0034e4ed732d4d9062b34545566d8af4f568f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 19:39:06 +0900 Subject: [PATCH 1146/1209] chore(deps): update renovate/renovate docker tag to v39.144.4 (#1427) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index cfd406320..6741216ee 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.144.2', + image: 'renovate/renovate:39.144.4', resources: { requests: { cpu: '500m', From 5317ddab9237a0b6a964e704fd73ead2e61184d6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 19:56:42 +0900 Subject: [PATCH 1147/1209] Update cronjob.jsonnet --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 6741216ee..9fc2634e8 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -25,7 +25,7 @@ command: [ 'sh', '-c', - 'df --output=target,pcent | awk \'{if( $1 == "/tmp/renovate" && $2 > 75 ){ system("rm -rf /tmp/renovate/cache") }}\'', + 'df --output=target,pcent | awk \'{if( $1 == "/tmp/renovate" && $2 > 75 ){ system("sudo rm -rf /tmp/renovate/cache") }}\'', ], volumeMounts: [ { From 22b0ed10ba0d20c7188e057edd8ab0471f4341dd Mon Sep 17 00:00:00 2001 From: Walnuts Date: Thu, 30 Jan 2025 21:53:17 +0900 Subject: [PATCH 1148/1209] chore(deps): update renovate/renovate docker tag to v39.145.0 (#1428) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 9fc2634e8..9ba4b854a 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.144.4', + image: 'renovate/renovate:39.145.0', resources: { requests: { cpu: '500m', From 6773f1b8b4b91654e00453d3c29e1b1c9043abfa Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 01:58:27 +0900 Subject: [PATCH 1149/1209] chore(deps): update renovate/renovate docker tag to v39.145.1 (#1429) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 9ba4b854a..902d52a54 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.145.0', + image: 'renovate/renovate:39.145.1', resources: { requests: { cpu: '500m', From cefcca0956c9bb55ae4de36bf807d8e6c7fd13a1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 05:28:10 +0900 Subject: [PATCH 1150/1209] chore(deps): update helm release kube-prometheus-stack to v68.4.2 (#1430) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 6e086a454..2dc2dd416 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.4.0', + targetRevision: '68.4.2', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From ff99ba028ace7ebbda5955ff1945a6a1b32b783f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 06:03:05 +0900 Subject: [PATCH 1151/1209] chore(deps): update helm release kube-prometheus-stack to v68.4.3 (#1431) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 2dc2dd416..6b3f48315 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.4.2', + targetRevision: '68.4.3', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 8c19640c37312aa54675d3a3e854dcd2bb55c4f2 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 31 Jan 2025 07:41:32 +0900 Subject: [PATCH 1152/1209] fix(cloudflare): add oekaki.walnuts.dev to ruleset expressions Signed-off-by: walnuts1018 --- terraform/modules/cloudflare/ruleset.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/cloudflare/ruleset.tf b/terraform/modules/cloudflare/ruleset.tf index 9736b040d..f17ee6777 100644 --- a/terraform/modules/cloudflare/ruleset.tf +++ b/terraform/modules/cloudflare/ruleset.tf @@ -7,7 +7,7 @@ resource "cloudflare_ruleset" "terraform_managed_resource_304092e7f9904942998f39 action = "set_config" description = "enable Rocket Loader" enabled = true - expression = "(http.host eq \"walnuts.dev\") or (http.host eq \"minio.walnuts.dev\")" + expression = "(http.host eq \"walnuts.dev\") or (http.host eq \"minio.walnuts.dev\") or (http.host eq \"oekaki.walnuts.dev\")" ref = "9c1ef58603494a50af7855c3263e6bdf" action_parameters { @@ -26,7 +26,7 @@ resource "cloudflare_ruleset" "terraform_managed_resource_d3a7c2d6242d41068be770 action = "set_cache_settings" description = "walnuts.dev" enabled = true - expression = "(http.host eq \"walnuts.dev\")" + expression = "(http.host eq \"walnuts.dev\") or (http.host eq \"oekaki.walnuts.dev\")" ref = "02afb6686434455195ad5e1d630a099d" action_parameters { @@ -45,6 +45,7 @@ resource "cloudflare_ruleset" "terraform_managed_resource_d3a7c2d6242d41068be770 cache = false } } + rules { action = "set_cache_settings" description = "minio" @@ -56,5 +57,4 @@ resource "cloudflare_ruleset" "terraform_managed_resource_d3a7c2d6242d41068be770 cache = false } } - } From 5126a726b71b5d383044783f204a6a99b89c8661 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 07:48:19 +0900 Subject: [PATCH 1153/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.303.0 (#1432) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index b97d82af4..645ed66d2 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.302.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.303.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From efb53803003dfde5f9b090bdf2ea886718e8462e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 08:23:20 +0900 Subject: [PATCH 1154/1209] chore(deps): update renovate/renovate docker tag to v39.146.0 (#1433) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 902d52a54..d78e70dcd 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.145.1', + image: 'renovate/renovate:39.146.0', resources: { requests: { cpu: '500m', From 2d3a299b21f41b0882da1d0ae95f8743c10c670a Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 08:58:24 +0900 Subject: [PATCH 1155/1209] chore(deps): update renovate/renovate docker tag to v39.146.1 (#1434) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index d78e70dcd..519218b20 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.146.0', + image: 'renovate/renovate:39.146.1', resources: { requests: { cpu: '500m', From c594796de5949f7b167c191a5b0d1e5cc0f1b04f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 11:53:23 +0900 Subject: [PATCH 1156/1209] chore(deps): update renovate/renovate docker tag to v39.146.2 (#1435) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 519218b20..01c174751 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.146.1', + image: 'renovate/renovate:39.146.2', resources: { requests: { cpu: '500m', From d23d9edb3698e7a20747dac429395bbed30e0fce Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 14:49:01 +0900 Subject: [PATCH 1157/1209] chore(deps): update renovate/renovate docker tag to v39.146.3 (#1436) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 01c174751..d3739885e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.146.2', + image: 'renovate/renovate:39.146.3', resources: { requests: { cpu: '500m', From 9f1e315d516da599078d8411fa018f01c2d45d79 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 17:08:24 +0900 Subject: [PATCH 1158/1209] chore(deps): update renovate/renovate docker tag to v39.146.4 (#1437) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index d3739885e..82c4c28a4 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.146.3', + image: 'renovate/renovate:39.146.4', resources: { requests: { cpu: '500m', From 1212a521bba05c9ac34738fa2c9e4261ac240e7e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 17:48:39 +0900 Subject: [PATCH 1159/1209] chore(deps): update renovate/renovate docker tag to v39.148.0 (#1438) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 82c4c28a4..e6f6ed6f0 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.146.4', + image: 'renovate/renovate:39.148.0', resources: { requests: { cpu: '500m', From 5d24b29b8092208ec0fb6adae30cfecc3ec3c13c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 18:23:15 +0900 Subject: [PATCH 1160/1209] chore(deps): update renovate/renovate docker tag to v39.149.0 (#1439) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index e6f6ed6f0..610a699fd 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.148.0', + image: 'renovate/renovate:39.149.0', resources: { requests: { cpu: '500m', From 021cb100392f5b172bc092c0213780acef0b2326 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 20:43:57 +0900 Subject: [PATCH 1161/1209] chore(deps): update renovate/renovate docker tag to v39.150.0 (#1440) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 610a699fd..1af1c38ab 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -38,7 +38,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.149.0', + image: 'renovate/renovate:39.150.0', resources: { requests: { cpu: '500m', From 1b39e699236609023c6438784d2b5677b06e07d8 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 31 Jan 2025 20:55:43 +0900 Subject: [PATCH 1162/1209] fix(renovate): update cronjob to remove sudo requirement and set security context Signed-off-by: walnuts1018 --- k8s/apps/renovate/cronjob.jsonnet | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 902d52a54..dd17011de 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -25,7 +25,7 @@ command: [ 'sh', '-c', - 'df --output=target,pcent | awk \'{if( $1 == "/tmp/renovate" && $2 > 75 ){ system("sudo rm -rf /tmp/renovate/cache") }}\'', + 'df --output=target,pcent | awk \'{if( $1 == "/tmp/renovate" && $2 > 75 ){ system("rm -rf /tmp/renovate/cache") }}\'', ], volumeMounts: [ { @@ -33,6 +33,9 @@ mountPath: '/tmp/renovate', }, ], + securityContext: { + runAsUser: 0, + }, }, ], containers: [ From a18ea6f4b31de6e091cdb53415d3600be974dc02 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 31 Jan 2025 21:01:14 +0900 Subject: [PATCH 1163/1209] feat(opentelemetry): add resource requests for CPU and memory in daemonset and deployment Signed-off-by: walnuts1018 --- .../opentelemetry-collectors/collectors/daemonset.jsonnet | 6 ++++++ .../opentelemetry-collectors/collectors/deployment.jsonnet | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet index 65434478b..47c8566d9 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/daemonset.jsonnet @@ -213,6 +213,12 @@ std.mergePatch((import '_base.libsonnet'), { value: 'k8s.node.name=$(K8S_NODE_NAME),k8s.node.ip=$(K8S_NODE_IP)', }, ], + resources: { + requests: { + cpu: '100m', + memory: '150Mi', + }, + }, // tolerations: [ // { // operator: 'Exists', diff --git a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet index fe7f36544..2b9d0f392 100644 --- a/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet +++ b/k8s/apps/opentelemetry-collectors/collectors/deployment.jsonnet @@ -98,6 +98,12 @@ std.mergePatch((import '_base.libsonnet'), { }, }, }, + resources: { + requests: { + cpu: '6m', + memory: '90Mi', + }, + }, env: [ { name: 'K8S_NODE_IP', From 194d4a6cc0ac5d52f63c5cf34545c5cc851a3d13 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 31 Jan 2025 21:04:26 +0900 Subject: [PATCH 1164/1209] feat(external-secrets): add resource requests for CPU and memory in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/external-secrets/helm.jsonnet | 2 +- k8s/apps/external-secrets/values.yaml | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 k8s/apps/external-secrets/values.yaml diff --git a/k8s/apps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet index 9f4c33330..824f2945e 100644 --- a/k8s/apps/external-secrets/helm.jsonnet +++ b/k8s/apps/external-secrets/helm.jsonnet @@ -4,5 +4,5 @@ chart: 'external-secrets', repoURL: 'https://charts.external-secrets.io', targetRevision: '0.13.0', - values: '', + values: (importstr 'values.yaml'), } diff --git a/k8s/apps/external-secrets/values.yaml b/k8s/apps/external-secrets/values.yaml new file mode 100644 index 000000000..f5f0cd533 --- /dev/null +++ b/k8s/apps/external-secrets/values.yaml @@ -0,0 +1,16 @@ +resources: + requests: + cpu: 20m + memory: 128Mi + +webhook: + resources: + requests: + cpu: 10m + memory: 32Mi + +certController: + resources: + requests: + cpu: 2m + memory: 28Mi From c45d742bcd64da7ca3d7d0e1e29d6e0153bc4a98 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 31 Jan 2025 21:06:20 +0900 Subject: [PATCH 1165/1209] feat(cert-manager): add resource requests for CPU and memory in values.yaml Signed-off-by: walnuts1018 --- k8s/apps/cert-manager/values.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/k8s/apps/cert-manager/values.yaml b/k8s/apps/cert-manager/values.yaml index aba4e7102..8501e2d7e 100644 --- a/k8s/apps/cert-manager/values.yaml +++ b/k8s/apps/cert-manager/values.yaml @@ -6,3 +6,20 @@ prometheus: enabled: true servicemonitor: enabled: true + +resources: + requests: + cpu: 1m + memory: 78Mi + +webhook: + resources: + requests: + cpu: 2m + memory: 64Mi + +cainjector: + resources: + requests: + cpu: 1m + memory: 134Mi From 4c20a749a4bfc7dd3718d4a10d11f6d2bcaaa5a4 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 31 Jan 2025 21:08:37 +0900 Subject: [PATCH 1166/1209] feat(blog): update memory request from 5Mi to 10Mi in deployment.jsonnet Signed-off-by: walnuts1018 --- k8s/apps/blog/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/blog/deployment.jsonnet b/k8s/apps/blog/deployment.jsonnet index 474f8e772..520e4831a 100644 --- a/k8s/apps/blog/deployment.jsonnet +++ b/k8s/apps/blog/deployment.jsonnet @@ -70,7 +70,7 @@ memory: '100Mi', }, requests: { - memory: '5Mi', + memory: '10Mi', }, }, }, { From 90f77a9a3df4c5e902e87509cc3d85135cbbc93d Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Fri, 31 Jan 2025 21:15:23 +0900 Subject: [PATCH 1167/1209] feat(argocd): update CPU request from 64m to 48m in values.yaml Signed-off-by: walnuts1018 --- k8s/_argocd/argocd_components/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/values.yaml b/k8s/_argocd/argocd_components/values.yaml index 77366b13f..5ae4da800 100644 --- a/k8s/_argocd/argocd_components/values.yaml +++ b/k8s/_argocd/argocd_components/values.yaml @@ -118,7 +118,7 @@ repoServer: cpu: 500m memory: 512Mi requests: - cpu: 64m + cpu: 48m memory: 128Mi applicationSet: From 4cef49e5b97c6cb06938bd9b42179ba8fee67ecf Mon Sep 17 00:00:00 2001 From: Walnuts Date: Fri, 31 Jan 2025 21:34:53 +0900 Subject: [PATCH 1168/1209] chore(deps): update renovate/renovate docker tag to v39.151.0 (#1441) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index a237dc4e5..5c3650dc5 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.150.0', + image: 'renovate/renovate:39.151.0', resources: { requests: { cpu: '500m', From d31a59122e6856c425b9ccc00ad0217416ef6164 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 00:49:12 +0900 Subject: [PATCH 1169/1209] chore(deps): update renovate/renovate docker tag to v39.152.0 (#1442) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 5c3650dc5..a9d9087b0 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.151.0', + image: 'renovate/renovate:39.152.0', resources: { requests: { cpu: '500m', From eb0589b3f9a868001a841588fceef6e68b5a5dd1 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 02:03:59 +0900 Subject: [PATCH 1170/1209] chore(deps): update renovate/renovate docker tag to v39.153.0 (#1443) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index a9d9087b0..780881a06 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.152.0', + image: 'renovate/renovate:39.153.0', resources: { requests: { cpu: '500m', From 6af5edddff34ec94e7c291cdaef92804353830f7 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 02:38:07 +0900 Subject: [PATCH 1171/1209] chore(deps): update renovate/renovate docker tag to v39.153.1 (#1444) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 780881a06..15e9ef85e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.153.0', + image: 'renovate/renovate:39.153.1', resources: { requests: { cpu: '500m', From f60c30a709a912600e7a27d6062f2041d2150e5f Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 04:18:18 +0900 Subject: [PATCH 1172/1209] chore(deps): update helm release kube-prometheus-stack to v68.4.4 (#1445) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 6b3f48315..432fb4a24 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.4.3', + targetRevision: '68.4.4', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From a52f3a76b7f590ae72c245657d4a232ddfdb3806 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 31 Jan 2025 21:37:29 +0000 Subject: [PATCH 1173/1209] chore(deps): update helm release prometheus-blackbox-exporter to v9.2.0 --- k8s/apps/blackbox-exporter/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/blackbox-exporter/helm.jsonnet b/k8s/apps/blackbox-exporter/helm.jsonnet index f6fdfdd5b..ef631d2ec 100644 --- a/k8s/apps/blackbox-exporter/helm.jsonnet +++ b/k8s/apps/blackbox-exporter/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'prometheus-blackbox-exporter', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '9.1.0', + targetRevision: '9.2.0', values: (importstr 'values.yaml'), } From 43d6ff6f429901dbe9ac6ec81aae08d9d526a3b4 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 09:02:54 +0900 Subject: [PATCH 1174/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.304.0 (#1447) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 645ed66d2..7e0050580 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.303.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.304.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From c23fc636753dd02072dcd49ac0e5a9e1d188a1ed Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 10:13:59 +0900 Subject: [PATCH 1175/1209] chore(deps): update renovate/renovate docker tag to v39.153.2 (#1448) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 15e9ef85e..40cce7ee1 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.153.1', + image: 'renovate/renovate:39.153.2', resources: { requests: { cpu: '500m', From d04ea2585fc97cff0a880e2b3f1126710ed3ce3c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 16:33:17 +0900 Subject: [PATCH 1176/1209] chore(deps): update renovate/renovate docker tag to v39.154.0 (#1449) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 40cce7ee1..4eb83cc91 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.153.2', + image: 'renovate/renovate:39.154.0', resources: { requests: { cpu: '500m', From 2e2a849f86eef499eb68db391dc244e0c892a741 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 17:14:22 +0900 Subject: [PATCH 1177/1209] chore(deps): update renovate/renovate docker tag to v39.155.0 (#1450) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 4eb83cc91..fb96570e0 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.154.0', + image: 'renovate/renovate:39.155.0', resources: { requests: { cpu: '500m', From fcec45d418d02cd907de27283696bf4e5f70602c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sat, 1 Feb 2025 20:03:15 +0900 Subject: [PATCH 1178/1209] chore(deps): update renovate/renovate docker tag to v39.156.0 (#1451) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index fb96570e0..c48a49c28 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.155.0', + image: 'renovate/renovate:39.156.0', resources: { requests: { cpu: '500m', From 85facd4188ad89a2bdd0e82af397a831929829e6 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 2 Feb 2025 07:08:09 +0900 Subject: [PATCH 1179/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v7effeda7becb61fe5299960f60c615bf424d0323-383 (#1452) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 7944913b8..bca1d6770 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:60bdad2a2717fc3ded74014643f4fbfc955870cc-382', + image: 'ghcr.io/walnuts1018/walnuts.dev:7effeda7becb61fe5299960f60c615bf424d0323-383', imagePullPolicy: 'IfNotPresent', ports: [ { From e471dacd7297f79a901d51d235b60b4eb162ace5 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 2 Feb 2025 07:47:53 +0900 Subject: [PATCH 1180/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.305.0 (#1453) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 7e0050580..10b581249 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.304.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.305.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From 67a857d3d286f9ce26dc254e186b38183ce67c40 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Sun, 2 Feb 2025 12:58:21 +0900 Subject: [PATCH 1181/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to cbf28a9454fc11b5c94ce9cdee401712b3d6bde8-385 (#1454) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index bca1d6770..5ba3d30f1 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:7effeda7becb61fe5299960f60c615bf424d0323-383', + image: 'ghcr.io/walnuts1018/walnuts.dev:cbf28a9454fc11b5c94ce9cdee401712b3d6bde8-385', imagePullPolicy: 'IfNotPresent', ports: [ { From 7aa43d163285319315b9e37425e6ce1ba6f454ce Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 3 Feb 2025 01:15:19 +0900 Subject: [PATCH 1182/1209] chore(deps): update renovate/renovate docker tag to v39.156.1 (#1455) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index c48a49c28..b24e0f0e3 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.156.0', + image: 'renovate/renovate:39.156.1', resources: { requests: { cpu: '500m', From db4af89933146f73657bae28302a7ac40305fb77 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 3 Feb 2025 07:27:41 +0900 Subject: [PATCH 1183/1209] chore(deps): update quay.io/hedgedoc/hedgedoc docker tag to v1.10.1 (#1456) Co-authored-by: Renovate Bot --- k8s/apps/hedgedoc/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/hedgedoc/deployment.jsonnet b/k8s/apps/hedgedoc/deployment.jsonnet index b7926bdf2..fcf0df43e 100644 --- a/k8s/apps/hedgedoc/deployment.jsonnet +++ b/k8s/apps/hedgedoc/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'hedgedoc', - image: 'quay.io/hedgedoc/hedgedoc:1.10.0', + image: 'quay.io/hedgedoc/hedgedoc:1.10.1', imagePullPolicy: 'IfNotPresent', ports: [ { From 0b1e66c6e417d09c3ab79a3269f9ad760c912145 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 3 Feb 2025 07:42:52 +0900 Subject: [PATCH 1184/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.306.0 (#1457) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 10b581249..8b0fe56fb 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.305.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.306.0 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From 4129d0d704143a22d229cdcea9b71041b8cc6719 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 3 Feb 2025 13:28:15 +0900 Subject: [PATCH 1185/1209] chore(deps): update gotson/komga docker tag to v1.19.1 (#1458) Co-authored-by: Renovate Bot --- k8s/apps/komga/statefulset.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/komga/statefulset.jsonnet b/k8s/apps/komga/statefulset.jsonnet index 5ec1938df..eb456a68c 100644 --- a/k8s/apps/komga/statefulset.jsonnet +++ b/k8s/apps/komga/statefulset.jsonnet @@ -20,7 +20,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'komga', - image: 'gotson/komga:1.19.0', + image: 'gotson/komga:1.19.1', resources: { limits: { cpu: '500m', From f732f85089f2d71bec22d0ee0c8fed485254da83 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 3 Feb 2025 18:43:22 +0900 Subject: [PATCH 1186/1209] chore(deps): update helm release argo-cd to v7.7.23 (#1459) Co-authored-by: Renovate Bot --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 88ebe528e..4a7711ab0 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.22', + targetRevision: '7.7.23', values: (importstr 'values.yaml'), } From 38c04329b2b140a9e3165dd8690221c6d61b824e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 3 Feb 2025 20:30:06 +0900 Subject: [PATCH 1187/1209] chore(deps): update renovate/renovate docker tag to v39.156.2 (#1460) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index b24e0f0e3..4ab42fe21 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.156.1', + image: 'renovate/renovate:39.156.2', resources: { requests: { cpu: '500m', From 89b46dfa55c7d6fa56191a9b0c162207d31ca332 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Mon, 3 Feb 2025 21:45:06 +0900 Subject: [PATCH 1188/1209] chore(deps): update renovate/renovate docker tag to v39.157.0 (#1461) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 4ab42fe21..1294f7240 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.156.2', + image: 'renovate/renovate:39.157.0', resources: { requests: { cpu: '500m', From 5a5c76e9f2406c246db9a8ce3924795d42df14f3 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 4 Feb 2025 01:08:28 +0900 Subject: [PATCH 1189/1209] chore(deps): update renovate/renovate docker tag to v39.158.0 (#1462) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 1294f7240..c19e20c95 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.157.0', + image: 'renovate/renovate:39.158.0', resources: { requests: { cpu: '500m', From 34ac6c87d9f04aa6ee6e7df8be832d5aadcae62e Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 4 Feb 2025 01:43:12 +0900 Subject: [PATCH 1190/1209] chore(deps): update renovate/renovate docker tag to v39.158.1 (#1463) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index c19e20c95..d5e498c0b 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.158.0', + image: 'renovate/renovate:39.158.1', resources: { requests: { cpu: '500m', From f96d342aaff14d2165eb3d39058db3f09eb643fb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 3 Feb 2025 18:11:50 +0000 Subject: [PATCH 1191/1209] chore(deps): update helm release cert-manager to v1.17.0 --- k8s/apps/cert-manager/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cert-manager/helm.jsonnet b/k8s/apps/cert-manager/helm.jsonnet index 8f4c02510..d2a6e57bd 100644 --- a/k8s/apps/cert-manager/helm.jsonnet +++ b/k8s/apps/cert-manager/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'cert-manager', repoURL: 'https://charts.jetstack.io', - targetRevision: 'v1.16.3', + targetRevision: 'v1.17.0', values: (importstr 'values.yaml'), } From d2aff88dfd17219ff536579ce3dddb2b5829f0ef Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 3 Feb 2025 20:06:49 +0000 Subject: [PATCH 1192/1209] chore(deps): update ghcr.io/tailscale/tailscale docker tag to v1.80.0 --- k8s/apps/tailscale/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/tailscale/deployment.jsonnet b/k8s/apps/tailscale/deployment.jsonnet index 78e7670d2..6f7e5e298 100644 --- a/k8s/apps/tailscale/deployment.jsonnet +++ b/k8s/apps/tailscale/deployment.jsonnet @@ -24,7 +24,7 @@ (import '../../components/container.libsonnet') { name: 'tailscale', imagePullPolicy: 'IfNotPresent', - image: 'ghcr.io/tailscale/tailscale:v1.78.3', + image: 'ghcr.io/tailscale/tailscale:v1.80.0', env: [ { name: 'TS_KUBE_SECRET', From fd48663a538d6ccae64865dd3bb85069d02263b8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 3 Feb 2025 20:47:21 +0000 Subject: [PATCH 1193/1209] chore(deps): update terraform aws to ~> 5.85.0 --- terraform/modules/minio/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/minio/provider.tf b/terraform/modules/minio/provider.tf index 95653a708..06144b118 100644 --- a/terraform/modules/minio/provider.tf +++ b/terraform/modules/minio/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.84.0" + version = "~> 5.85.0" } } } From a8e6cbc221f8158651156f5a5585a0df906280bc Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 4 Feb 2025 09:57:52 +0900 Subject: [PATCH 1194/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v97b7e1ce15e7ab2beb0e519d7af52101912bcff1-386 (#1467) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 5ba3d30f1..85c23cc7e 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:cbf28a9454fc11b5c94ce9cdee401712b3d6bde8-385', + image: 'ghcr.io/walnuts1018/walnuts.dev:97b7e1ce15e7ab2beb0e519d7af52101912bcff1-386', imagePullPolicy: 'IfNotPresent', ports: [ { From 8ed3be3f6d1c6b64fb30990fa11a4a85b1646a99 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 4 Feb 2025 14:02:48 +0900 Subject: [PATCH 1195/1209] chore(deps): update dependency aquaproj/aqua-registry to v4.306.1 (#1468) Co-authored-by: Renovate Bot --- aqua.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aqua.yaml b/aqua.yaml index 8b0fe56fb..e1ee880f8 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -8,7 +8,7 @@ # - all registries: - type: standard - ref: v4.306.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.306.1 # renovate: depName=aquaproj/aqua-registry packages: - name: yannh/kubeconform@v0.6.7 - name: hashicorp/terraform@v1.10.5 From f79bd8587ce4a9ab62fba671849fd9a4de0a6dba Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 4 Feb 2025 17:28:07 +0900 Subject: [PATCH 1196/1209] chore(deps): update helm release kube-prometheus-stack to v68.4.5 (#1469) Co-authored-by: Renovate Bot --- k8s/apps/prometheus-stack/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/prometheus-stack/helm.jsonnet b/k8s/apps/prometheus-stack/helm.jsonnet index 432fb4a24..c9249a768 100644 --- a/k8s/apps/prometheus-stack/helm.jsonnet +++ b/k8s/apps/prometheus-stack/helm.jsonnet @@ -4,7 +4,7 @@ chart: 'kube-prometheus-stack', repoURL: 'https://prometheus-community.github.io/helm-charts', - targetRevision: '68.4.4', + targetRevision: '68.4.5', valuesObject: std.mergePatch(std.parseYaml(importstr 'values.yaml'), { prometheus: { prometheusSpec: { From 00ac85c85bba6738e3c69aba5ac33ef5994047f8 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 4 Feb 2025 18:40:00 +0900 Subject: [PATCH 1197/1209] chore(deps): update renovate/renovate docker tag to v39.158.2 (#1470) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index d5e498c0b..559cf1e0e 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.158.1', + image: 'renovate/renovate:39.158.2', resources: { requests: { cpu: '500m', From fad3deea222938a3b7716a71d088dec7ee7cf70c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Feb 2025 11:57:13 +0000 Subject: [PATCH 1198/1209] chore(deps): update helm release argo-cd to v7.8.0 --- k8s/_argocd/argocd_components/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/helm.jsonnet b/k8s/_argocd/argocd_components/helm.jsonnet index 4a7711ab0..824e30a90 100644 --- a/k8s/_argocd/argocd_components/helm.jsonnet +++ b/k8s/_argocd/argocd_components/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'argo-cd', repoURL: 'https://argoproj.github.io/argo-helm', - targetRevision: '7.7.23', + targetRevision: '7.8.0', values: (importstr 'values.yaml'), } From 86927d00e2a9147c6229023c09358578e95ed093 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Tue, 4 Feb 2025 22:08:26 +0900 Subject: [PATCH 1199/1209] chore(deps): update renovate/renovate docker tag to v39.159.0 (#1472) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 559cf1e0e..5697715b5 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.158.2', + image: 'renovate/renovate:39.159.0', resources: { requests: { cpu: '500m', From 871d10d207af7984c2dd1d6534b6f3958b88a902 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Feb 2025 16:02:27 +0000 Subject: [PATCH 1200/1209] chore(deps): update helm release cilium to v1.17.0 --- k8s/apps/cilium/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/cilium/helm.jsonnet b/k8s/apps/cilium/helm.jsonnet index 449a6d0ab..9103b66bc 100644 --- a/k8s/apps/cilium/helm.jsonnet +++ b/k8s/apps/cilium/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'cilium', repoURL: 'https://helm.cilium.io/', - targetRevision: '1.16.6', + targetRevision: '1.17.0', values: (importstr 'values.yaml'), } From 5111acbcd04830ba504516cf7d0cb35fc1114026 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 5 Feb 2025 01:03:10 +0900 Subject: [PATCH 1201/1209] chore(deps): update helm release zitadel to v8.11.3 (#1474) Co-authored-by: Renovate Bot --- k8s/apps/zitadel/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/zitadel/helm.jsonnet b/k8s/apps/zitadel/helm.jsonnet index f74920738..44f8abb33 100644 --- a/k8s/apps/zitadel/helm.jsonnet +++ b/k8s/apps/zitadel/helm.jsonnet @@ -4,6 +4,6 @@ chart: 'zitadel', repoURL: 'https://charts.zitadel.com', - targetRevision: '8.11.2', + targetRevision: '8.11.3', values: (importstr 'values.yaml'), } From 633a723f818fdb8c4b69d666294c35a32066f81b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 4 Feb 2025 17:47:21 +0000 Subject: [PATCH 1202/1209] chore(deps): update helm release external-secrets to v0.14.0 --- k8s/apps/external-secrets/helm.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/external-secrets/helm.jsonnet b/k8s/apps/external-secrets/helm.jsonnet index 824f2945e..e88aaf238 100644 --- a/k8s/apps/external-secrets/helm.jsonnet +++ b/k8s/apps/external-secrets/helm.jsonnet @@ -3,6 +3,6 @@ namespace: (import 'app.json5').namespace, chart: 'external-secrets', repoURL: 'https://charts.external-secrets.io', - targetRevision: '0.13.0', + targetRevision: '0.14.0', values: (importstr 'values.yaml'), } From 769196d94a71d31c825999b08d47bfda8f1fd8de Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 5 Feb 2025 06:20:09 +0900 Subject: [PATCH 1203/1209] chore(deps): update renovate/renovate docker tag to v39.160.1 (#1477) Co-authored-by: Renovate Bot --- k8s/apps/renovate/cronjob.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/renovate/cronjob.jsonnet b/k8s/apps/renovate/cronjob.jsonnet index 5697715b5..6222e8057 100644 --- a/k8s/apps/renovate/cronjob.jsonnet +++ b/k8s/apps/renovate/cronjob.jsonnet @@ -41,7 +41,7 @@ containers: [ (import '../../components/container.libsonnet') { name: 'renovate', - image: 'renovate/renovate:39.159.0', + image: 'renovate/renovate:39.160.1', resources: { requests: { cpu: '500m', From 2bdaac475541d6202907bc58d5b5ba27028b7406 Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 5 Feb 2025 10:58:17 +0900 Subject: [PATCH 1204/1209] Update appproject.jsonnet --- k8s/_argocd/argocd_components/appproject.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/_argocd/argocd_components/appproject.jsonnet b/k8s/_argocd/argocd_components/appproject.jsonnet index 101b046b7..9357793db 100644 --- a/k8s/_argocd/argocd_components/appproject.jsonnet +++ b/k8s/_argocd/argocd_components/appproject.jsonnet @@ -5,7 +5,7 @@ name: 'default', namespace: (import 'app.json5').namespace, annotations: { - local slackChannel = 'walnuts-sysop', + local slackChannel = 'sysop', 'notifications.argoproj.io/subscribe.on-deleted.slack': slackChannel, 'notifications.argoproj.io/subscribe.on-health-degraded.slack': slackChannel, 'notifications.argoproj.io/subscribe.on-sync-failed.slack': slackChannel, From 916832be592d959aaa34c3171d7c3408f604bb3b Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 5 Feb 2025 10:59:55 +0900 Subject: [PATCH 1205/1209] Update values.yaml --- k8s/apps/cilium/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 3e21a2766..23e01fd37 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -85,3 +85,7 @@ envoyConfig: secretsNamespace: create: false name: cilium-secrets +readSecretsOnlyFromSecretsNamespace: + secretsNamespace: + create: false + name: cilium-secrets From 08b513a1dd059e149963c888cdc8136f22278c8c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 5 Feb 2025 11:02:33 +0900 Subject: [PATCH 1206/1209] Update values.yaml --- k8s/apps/cilium/values.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 23e01fd37..1e55928db 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -86,6 +86,5 @@ envoyConfig: create: false name: cilium-secrets readSecretsOnlyFromSecretsNamespace: - secretsNamespace: - create: false - name: cilium-secrets + create: false + name: cilium-secrets From 53a58da8b40e9d55c7f4970c223d92364942ea3c Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 5 Feb 2025 11:02:39 +0900 Subject: [PATCH 1207/1209] chore(deps): update ghcr.io/walnuts1018/walnuts.dev docker tag to v31b13d8fd6ca944bcb1135607b6bb6702c567efd-387 (#1479) Co-authored-by: Renovate Bot --- k8s/apps/walnuts-dev/deployment.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/apps/walnuts-dev/deployment.jsonnet b/k8s/apps/walnuts-dev/deployment.jsonnet index 85c23cc7e..f649a15c9 100644 --- a/k8s/apps/walnuts-dev/deployment.jsonnet +++ b/k8s/apps/walnuts-dev/deployment.jsonnet @@ -19,7 +19,7 @@ containers: [ std.mergePatch((import '../../components/container.libsonnet') { name: 'walnuts-dev', - image: 'ghcr.io/walnuts1018/walnuts.dev:97b7e1ce15e7ab2beb0e519d7af52101912bcff1-386', + image: 'ghcr.io/walnuts1018/walnuts.dev:31b13d8fd6ca944bcb1135607b6bb6702c567efd-387', imagePullPolicy: 'IfNotPresent', ports: [ { From 409f7d2884196b8474f209e1cdfee1499a44054d Mon Sep 17 00:00:00 2001 From: Walnuts Date: Wed, 5 Feb 2025 11:08:37 +0900 Subject: [PATCH 1208/1209] Update values.yaml --- k8s/apps/cilium/values.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/k8s/apps/cilium/values.yaml b/k8s/apps/cilium/values.yaml index 1e55928db..792360aaf 100644 --- a/k8s/apps/cilium/values.yaml +++ b/k8s/apps/cilium/values.yaml @@ -85,6 +85,7 @@ envoyConfig: secretsNamespace: create: false name: cilium-secrets -readSecretsOnlyFromSecretsNamespace: - create: false - name: cilium-secrets +tls: + secretsNamespace: + create: false + name: cilium-secrets From 697025ec2fbb5954804e9246b95dbf73f7bc68ee Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 5 Feb 2025 07:36:47 +0000 Subject: [PATCH 1209/1209] chore(deps): update quay.io/opstree/redis-sentinel docker tag to v7.2.7 --- k8s/apps/openchokin/front/redis.jsonnet | 2 +- k8s/components/oauth2-proxy/redis.libsonnet | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/apps/openchokin/front/redis.jsonnet b/k8s/apps/openchokin/front/redis.jsonnet index 430bed695..aea37d3a4 100644 --- a/k8s/apps/openchokin/front/redis.jsonnet +++ b/k8s/apps/openchokin/front/redis.jsonnet @@ -55,7 +55,7 @@ downAfterMilliseconds: '30000', }, kubernetesConfig: { - image: 'quay.io/opstree/redis-sentinel:v7.0.12', + image: 'quay.io/opstree/redis-sentinel:v7.2.7', imagePullPolicy: 'IfNotPresent', redisSecret: { name: (import '../external-secret.jsonnet').spec.target.name, diff --git a/k8s/components/oauth2-proxy/redis.libsonnet b/k8s/components/oauth2-proxy/redis.libsonnet index 0ac02b1aa..23e9b8b91 100644 --- a/k8s/components/oauth2-proxy/redis.libsonnet +++ b/k8s/components/oauth2-proxy/redis.libsonnet @@ -68,7 +68,7 @@ downAfterMilliseconds: '30000', }, kubernetesConfig: { - image: 'quay.io/opstree/redis-sentinel:v7.0.12', + image: 'quay.io/opstree/redis-sentinel:v7.2.7', imagePullPolicy: 'IfNotPresent', redisSecret: { name: $.secret_name,