Update dependency HelmRelease to helm.toolkit.fluxcd.io/v2

2024-05-25 13:06:57 +00:00
53 changed files with 72 additions and 211 deletions
--- a/.taskfiles/rook/WipeDiskJob.tmpl.yaml
+++ b/.taskfiles/rook/WipeDiskJob.tmpl.yaml
@ -13,7 +13,7 @@ spec:
      nodeName: ${node}
      containers:
        - name: disk-wipe
-          image: docker.io/library/alpine:3.20.0
+          image: ghcr.io/onedr0p/alpine:3.17.3@sha256:999384960b6114496a5e4036e945141c205d064ce23b87326bd3f8d878c5a9d4
          securityContext:
            privileged: true
          resources: {}
--- a/.taskfiles/rook/WipeRookDataJob.tmpl.yaml
+++ b/.taskfiles/rook/WipeRookDataJob.tmpl.yaml
@ -13,7 +13,7 @@ spec:
      nodeName: ${node}
      containers:
        - name: disk-wipe
-          image: docker.io/library/alpine:3.20.0
+          image: ghcr.io/onedr0p/alpine:3.17.3@sha256:999384960b6114496a5e4036e945141c205d064ce23b87326bd3f8d878c5a9d4
          securityContext:
            privileged: true
          resources: {}
--- a/.taskfiles/rook/pod.yaml
+++ b/.taskfiles/rook/pod.yaml
@ -5,7 +5,7 @@ metadata:
 spec:
  containers:
    - name: disk-wipe
-      image: docker.io/library/alpine:3.20.0
+      image: ghcr.io/onedr0p/alpine:3.17.3@sha256:999384960b6114496a5e4036e945141c205d064ce23b87326bd3f8d878c5a9d4
      securityContext:
        privileged: true
      resources: {}
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@ -89,7 +89,7 @@ tasks:
            "containers": [
              {
                "name": "debug",
-                "image": "docker.io/library/alpine:3.20.0",
+                "image": "docker.io/library/alpine:3.19.1",
                "command": ["/bin/ash"],
                "stdin": true,
                "stdinOnce": true,
--- a/kubernetes/apps/database/crunchy-postgres-operator/operator/helmrelease.yaml
+++ b/kubernetes/apps/database/crunchy-postgres-operator/operator/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: pgo
-      version: 5.5.2
+      version: 5.5.1
      sourceRef:
        kind: HelmRepository
        name: crunchydata
--- a/.archive/kubernetes/home-automation/home-assistant/app/externalsecret.yaml
+++ b/.archive/kubernetes/home-automation/home-assistant/app/externalsecret.yaml
--- a/.archive/kubernetes/home-automation/home-assistant/app/helmrelease.yaml
+++ b/.archive/kubernetes/home-automation/home-assistant/app/helmrelease.yaml
@ -1,6 +1,6 @@
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: home-assistant
@ -45,7 +45,7 @@ spec:
          app:
            image:
              repository: ghcr.io/home-assistant/home-assistant
-              tag: 2024.5.5
+              tag: 2024.5.4
            env:
              TZ: America/Chicago
              HASS_HTTP_TRUSTED_PROXY_1: 10.244.0.0/16
--- a/.archive/kubernetes/home-automation/home-assistant/app/kustomization.yaml
+++ b/.archive/kubernetes/home-automation/home-assistant/app/kustomization.yaml
--- a/.archive/kubernetes/home-automation/home-assistant/ks.yaml
+++ b/.archive/kubernetes/home-automation/home-assistant/ks.yaml
--- a/kubernetes/apps/home-automation/kustomization.yaml
+++ b/kubernetes/apps/home-automation/kustomization.yaml
@ -6,4 +6,6 @@ resources:
  # Pre Flux-Kustomizations
  - ./namespace.yaml
  # Flux-Kustomizations
  - ./home-assistant/ks.yaml
  - ./matter-server/ks.yaml
  - ./mosquitto/ks.yaml
--- a/.archive/kubernetes/home-automation/matter-server/app/helmrelease.yaml
+++ b/.archive/kubernetes/home-automation/matter-server/app/helmrelease.yaml
@ -1,6 +1,6 @@
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: &app matter-server
--- a/.archive/kubernetes/home-automation/matter-server/app/kustomization.yaml
+++ b/.archive/kubernetes/home-automation/matter-server/app/kustomization.yaml
--- a/.archive/kubernetes/home-automation/matter-server/ks.yaml
+++ b/.archive/kubernetes/home-automation/matter-server/ks.yaml
--- a/kubernetes/apps/kube-system/fstrim/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/fstrim/app/helmrelease.yaml
@ -28,7 +28,7 @@ spec:
        type: cronjob
        cronjob:
          schedule: "@weekly"
-          parallelism: 1 # Set to my total number of nodes
+          parallelism: 6 # Set to my total number of nodes
        containers:
          app:
            image:
--- a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml
@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: kubelet-csr-approver
-      version: 1.2.1
+      version: 1.2.0
      sourceRef:
        kind: HelmRepository
        name: postfinance
--- a/kubernetes/apps/kube-system/kustomization.yaml
+++ b/kubernetes/apps/kube-system/kustomization.yaml
@ -17,4 +17,3 @@ resources:
  - ./node-feature-discovery/ks.yaml
  - ./reloader/ks.yaml
  - ./spegel/ks.yaml
  - ./zfs-scrub/ks.yaml
--- a/kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: node-feature-discovery
-      version: 0.16.0
+      version: 0.15.4
      sourceRef:
        kind: HelmRepository
        name: kubernetes-sigs-nfd
--- a/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: reloader
-      version: 1.0.98
+      version: 1.0.97
      sourceRef:
        kind: HelmRepository
        name: stakater
--- a/kubernetes/apps/kube-system/zfs-scrub/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/zfs-scrub/app/helmrelease.yaml
@ -1,85 +0,0 @@
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: &app zfs-scrub
 spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 3.1.0
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
      strategy: rollback
  values:
    controllers:
      kubanetics:
        type: cronjob
        cronjob:
          schedule: "@weekly"
          parallelism: 1 # Set to my total number of nodes
        containers:
          app:
            image:
              repository: ghcr.io/onedr0p/kubanetics
              tag: 2024.5.4@sha256:220ceb1bc1adca0b3ac45cedb3682091ff6f7f3725769fc22decbd3bb2091478
            env:
              SCRIPT_NAME: zfs-scrub.sh
            probes:
              liveness:
                enabled: false
              readiness:
                enabled: false
              startup:
                enabled: false
            resources:
              requests:
                cpu: 25m
              limits:
                memory: 128Mi
            securityContext:
              privileged: true
        pod:
          hostNetwork: true
          hostPID: true
          topologySpreadConstraints:
            - maxSkew: 1
              topologyKey: kubernetes.io/hostname
              whenUnsatisfiable: DoNotSchedule
              labelSelector:
                matchLabels:
                  app.kubernetes.io/name: *app
    persistence:
      zfs-scrub:
        type: configMap
        name: zfs-scrub-configmap
        defaultMode: 0775
        globalMounts:
          - path: /app/zfs-scrub.sh
            subPath: zfs-scrub.sh
            readOnly: true
      procfs:
        type: hostPath
        hostPath: /proc
        hostPathType: Directory
        globalMounts:
          - path: /host/proc
            readOnly: true
      netfs:
        type: hostPath
        hostPath: /sys
        hostPathType: Directory
        globalMounts:
          - path: /host/net
            readOnly: true
--- a/kubernetes/apps/kube-system/zfs-scrub/app/kustomization.yaml
+++ b/kubernetes/apps/kube-system/zfs-scrub/app/kustomization.yaml
@ -1,12 +0,0 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./helmrelease.yaml
 configMapGenerator:
  - name: zfs-scrub-configmap
    files:
      - zfs-scrub.sh=./resources/zfs-scrub.sh
 generatorOptions:
  disableNameSuffixHash: true
--- a/kubernetes/apps/kube-system/zfs-scrub/app/resources/zfs-scrub.sh
+++ b/kubernetes/apps/kube-system/zfs-scrub/app/resources/zfs-scrub.sh
@ -1,20 +0,0 @@
 #!/usr/bin/env bash
 KUBELET_BIN="/usr/local/bin/kubelet"
 KUBELET_PID="$(pgrep -f $KUBELET_BIN)"
 ZPOOL="nahar"
 if [ -z "${KUBELET_PID}" ]; then
    echo "kubelet not found"
    exit 1
 fi
 # Enter namespaces and run commands
 nsrun() {
    nsenter \
        --mount="/host/proc/${KUBELET_PID}/ns/mnt" \
        --net="/host/proc/${KUBELET_PID}/ns/net" \
        -- bash -c "$1"
 }
 # Scrub filesystems
 nsrun "zpool scrub ${ZPOOL}"
--- a/kubernetes/apps/kube-system/zfs-scrub/ks.yaml
+++ b/kubernetes/apps/kube-system/zfs-scrub/ks.yaml
@ -1,21 +0,0 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: &app zfs-scrub
  namespace: flux-system
 spec:
  targetNamespace: kube-system
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
  path: ./kubernetes/apps/kube-system/zfs-scrub/app
  prune: true
  sourceRef:
    kind: GitRepository
    name: homelab
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kubevirt/common/storageprofile.yml
+++ b/kubernetes/apps/kubevirt/common/storageprofile.yml
@ -9,18 +9,14 @@ metadata:
    app.kubernetes.io/managed-by: cdi-controller
    cdi.kubevirt.io: ""
  name: openebs-zfs
-spec:
+spec: {}
  claimPropertySets:
    - accessModes:
        - ReadWriteOnce
      volumeMode: Block
 status:
  claimPropertySets:
    - accessModes:
        - ReadWriteOnce
      volumeMode: Block
  cloneStrategy: snapshot
  dataImportCronSourceFormat: pvc
  provisioner: zfs.csi.openebs.io
  snapshotClass: openebs-zfs
  storageClass: openebs-zfs
  claimPropertySets:
    - volumeMode: Block
      accessModes:
        - "ReadWriteOnce"
--- a/kubernetes/apps/kubevirt/vms/fj-runner-01.yaml
+++ b/kubernetes/apps/kubevirt/vms/fj-runner-01.yaml
@ -20,7 +20,7 @@ spec:
        devices:
          disks:
            - disk:
-                bus: sata
+                bus: virtio
              name: disk1
            - cdrom:
                bus: sata
--- a/kubernetes/apps/kubevirt/vms/fj-runner-02-disk1.yaml
+++ b/kubernetes/apps/kubevirt/vms/fj-runner-02-disk1.yaml
@ -1,12 +1,15 @@
---
+# yaml-language-server: $schema=https://ks.hsn.dev/cdi.kubevirt.io/datavolume_v1beta1.json
-apiVersion: v1
+apiVersion: cdi.kubevirt.io/v1beta1
-kind: PersistentVolumeClaim
+kind: DataVolume
 metadata:
-  name: fj-runner-02-disk1
+  name: "fj-runner-02-disk1"
 spec:
-  accessModes:
+  storage:
    - ReadWriteOnce
    resources:
      requests:
        storage: 80Gi
-  storageClassName: openebs-zfs
+    storageClassName: "openebs-zfs"
    accessModes:
      - "ReadWriteOnce"
  source:
    blank: {}
--- a/kubernetes/apps/kubevirt/vms/fj-runner-02.yaml
+++ b/kubernetes/apps/kubevirt/vms/fj-runner-02.yaml
@ -20,7 +20,7 @@ spec:
        devices:
          disks:
            - disk:
-                bus: sata
+                bus: virtio
              name: disk1
            - cdrom:
                bus: sata
@ -46,9 +46,9 @@ spec:
        kubernetes.io/hostname: shadowfax
      priorityClassName: vm-standard
      volumes:
-        - name: disk1
+        - dataVolume:
-          persistentVolumeClaim:
+            name: fj-runner-02-disk1
-            claimName: fj-runner-02-disk1
+          name: disk1
        - dataVolume:
            name: "nixos-minimal"
          name: nixosiso
--- a/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
+++ b/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: kyverno
-      version: 3.2.3
+      version: 3.2.2
      sourceRef:
        kind: HelmRepository
        name: kyverno
--- a/.archive/kubernetes/media/immich/app/configmap.yaml
+++ b/.archive/kubernetes/media/immich/app/configmap.yaml
--- a/.archive/kubernetes/media/immich/app/externalsecret.yaml
+++ b/.archive/kubernetes/media/immich/app/externalsecret.yaml
--- a/.archive/kubernetes/media/immich/app/gatus.yaml
+++ b/.archive/kubernetes/media/immich/app/gatus.yaml
--- a/.archive/kubernetes/media/immich/app/helmrelease.yaml
+++ b/.archive/kubernetes/media/immich/app/helmrelease.yaml
@ -1,6 +1,6 @@
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: &name immich
@ -33,7 +33,7 @@ spec:
          app:
            image:
              repository: ghcr.io/immich-app/immich-server
-              tag: v1.105.1
+              tag: v1.103.1
            command: /bin/sh
            args:
              - ./start-server.sh
--- a/.archive/kubernetes/media/immich/app/kustomization.yaml
+++ b/.archive/kubernetes/media/immich/app/kustomization.yaml
--- a/.archive/kubernetes/media/immich/app/machine-learning/helmrelease.yaml
+++ b/.archive/kubernetes/media/immich/app/machine-learning/helmrelease.yaml
@ -1,6 +1,6 @@
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: immich-machine-learning
@ -37,7 +37,7 @@ spec:
          app:
            image:
              repository: ghcr.io/immich-app/immich-machine-learning
-              tag: v1.105.1
+              tag: v1.103.1
            resources:
              requests:
                cpu: 15m
--- a/.archive/kubernetes/media/immich/app/machine-learning/kustomization.yaml
+++ b/.archive/kubernetes/media/immich/app/machine-learning/kustomization.yaml
--- a/.archive/kubernetes/media/immich/app/microservices/helmrelease.yaml
+++ b/.archive/kubernetes/media/immich/app/microservices/helmrelease.yaml
@ -1,6 +1,6 @@
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: immich-microservices
@ -37,7 +37,7 @@ spec:
          app:
            image:
              repository: ghcr.io/immich-app/immich-server
-              tag: v1.105.1
+              tag: v1.103.1
            command: /bin/sh
            args:
              - ./start-microservices.sh
--- a/.archive/kubernetes/media/immich/app/microservices/kustomization.yaml
+++ b/.archive/kubernetes/media/immich/app/microservices/kustomization.yaml
--- a/.archive/kubernetes/media/immich/app/postgresCluster.yaml
+++ b/.archive/kubernetes/media/immich/app/postgresCluster.yaml
--- a/.archive/kubernetes/media/immich/app/pushsecret.yaml
+++ b/.archive/kubernetes/media/immich/app/pushsecret.yaml
--- a/.archive/kubernetes/media/immich/app/resources/init.sql
+++ b/.archive/kubernetes/media/immich/app/resources/init.sql
--- a/.archive/kubernetes/media/immich/app/service.yaml
+++ b/.archive/kubernetes/media/immich/app/service.yaml
@ -1,4 +1,3 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
--- a/.archive/kubernetes/media/immich/ks.yaml
+++ b/.archive/kubernetes/media/immich/ks.yaml
--- a/.archive/kubernetes/media/kustomization.yaml
+++ b/.archive/kubernetes/media/kustomization.yaml
--- a/.archive/kubernetes/media/namespace.yaml
+++ b/.archive/kubernetes/media/namespace.yaml
--- a/kubernetes/apps/network/cloudflared/app/helmrelease.yaml
+++ b/kubernetes/apps/network/cloudflared/app/helmrelease.yaml
@ -36,7 +36,7 @@ spec:
          app:
            image:
              repository: docker.io/cloudflare/cloudflared
-              tag: 2024.5.0@sha256:5d5f70a59d5e124d4a1a747769e0d27431861877860ca31deaad41b09726ca71
+              tag: 2024.4.1@sha256:fcfafd14a658837c49a794671d5bec2c9e4227730abdc29db7c066f4381acba4
            env:
              NO_AUTOUPDATE: "true"
              TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json
--- a/kubernetes/apps/observability/gatus/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/gatus/app/helmrelease.yaml
@ -31,7 +31,7 @@ spec:
          init-config:
            image:
              repository: ghcr.io/kiwigrid/k8s-sidecar
-              tag: 1.27.2@sha256:e3280f62096bee918a605658505baa8878223b483053396f769bd9f15a2876c0
+              tag: 1.27.1@sha256:df71eab1466c67b84e46fa9cd2d84738372377971d44dbb8699ab4483278c839
            env:
              FOLDER: /config
              LABEL: gatus.io/enabled
--- a/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: kube-prometheus-stack
-      version: 59.0.0
+      version: 58.6.0
      sourceRef:
        kind: HelmRepository
        name: prometheus-community
--- a/kubernetes/apps/observability/loki/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/loki/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: loki
-      version: 6.6.1
+      version: 6.5.2
      sourceRef:
        kind: HelmRepository
        name: grafana
--- a/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml
@ -38,7 +38,7 @@ spec:
            nameOverride: qbittorrent
            image:
              repository: ghcr.io/onedr0p/qbittorrent
-              tag: 4.6.5@sha256:c019af23966ebafcaf1713d4553bc043246858b711a7d57d8bee358a89990a3e
+              tag: 4.6.4@sha256:53ead5ab43027d04efc5d52740aa02308a88d6b4a6eaa90cf6fd2e94fc11ba17
            env:
              UMASK: "022"
              QBITTORRENT__PORT: &port 8080
--- a/kubernetes/bootstrap/flux/kustomization.yaml
+++ b/kubernetes/bootstrap/flux/kustomization.yaml
@ -3,7 +3,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - github.com/fluxcd/flux2/manifests/install?ref=v2.3.0
+  - github.com/fluxcd/flux2/manifests/install?ref=v2.2.3
 patches:
  - patch: |-
      $patch: delete
--- a/kubernetes/bootstrap/talos/apps/helmfile.yaml
+++ b/kubernetes/bootstrap/talos/apps/helmfile.yaml
@ -23,7 +23,7 @@ releases:
  - name: kubelet-csr-approver
    namespace: kube-system
    chart: postfinance/kubelet-csr-approver
-    version: 1.2.1
+    version: 1.2.0
    values: ["../../../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"]
    needs: ["cilium"]
  - name: spegel
--- a/kubernetes/flux/config/flux.yaml
+++ b/kubernetes/flux/config/flux.yaml
@ -9,7 +9,7 @@ spec:
  interval: 10m
  url: oci://ghcr.io/fluxcd/flux-manifests
  ref:
-    tag: v2.3.0
+    tag: v2.2.3
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
--- a/kubernetes/tools/wipeone.yaml
+++ b/kubernetes/tools/wipeone.yaml
@ -9,7 +9,7 @@ spec:
  nodeName: shadowfax
  containers:
    - name: disk-wipe
-      image: docker.io/library/alpine:3.20.0
+      image: docker.io/library/alpine:3.19.1
      securityContext:
        privileged: true
      resources: {}
--- a/kubernetes/tools/wiperook.yaml
+++ b/kubernetes/tools/wiperook.yaml
@ -9,7 +9,7 @@ spec:
  nodeName: talos-fki-fmf
  containers:
    - name: disk-wipe
-      image: docker.io/library/alpine:3.20.0
+      image: docker.io/library/alpine:3.19.1
      securityContext:
        privileged: true
      resources: {}
@ -46,7 +46,7 @@ spec:
  nodeName: talos-xuc-f2e
  containers:
    - name: disk-wipe
-      image: docker.io/library/alpine:3.20.0
+      image: docker.io/library/alpine:3.19.1
      securityContext:
        privileged: true
      resources: {}
@ -83,7 +83,7 @@ spec:
  nodeName: talos-opy-6ij
  containers:
    - name: disk-wipe
-      image: docker.io/library/alpine:3.20.0
+      image: docker.io/library/alpine:3.19.1
      securityContext:
        privileged: true
      resources: {}