Update ghcr.io/onedr0p/sonarr:4.0.3.1413 Docker digest to 4284def

kubernetes/apps/default/prowlarr/app/helmrelease.yaml

@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/prowlarr-develop
-              tag: 1.15.0.4361@sha256:57177eab0676c5912ca7ec776aa2e5f966f795b1837eb9943addbe3c4b2049b8
+              tag: 1.15.0.4361@sha256:bd8092d9136fbdcb58327eacca8d117c1c20ad861bc824ba49730a2e01405a72
             env:
               # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
               # Ref: https://github.com/dotnet/runtime/issues/9336

kubernetes/apps/default/radarr/app/helmrelease.yaml

@@ -34,7 +34,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/radarr
-              tag: 5.3.6.8612@sha256:eacfe696c11ee6211c7cc4342b469b9b6b220a557bf51ca8560afbbef5f9a58b
+              tag: 5.3.6.8612@sha256:4dcf3bb47fb83ca2fc8cfb7a35b3130aabf51e5042a68915e4182ebed203e1bf
             env:
               # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
               # Ref: https://github.com/dotnet/runtime/issues/9336

kubernetes/apps/default/sabnzbd/app/helmrelease.yaml

@@ -36,7 +36,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/sabnzbd
-              tag: 4.2.3@sha256:164f61c67aa79482654920651386b9a26952ce7eb0ef247902cf72b49eedd7cb
+              tag: 4.2.3@sha256:bb20d3940ff32c672111ad7169ce4156f1c4c08bb653241f1b14f6d00f93b3cc
             env:
               TZ: America/Chicago
               SABNZBD__PORT: &port 80

kubernetes/apps/default/sonarr/app/helmrelease.yaml

@@ -34,7 +34,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/sonarr
-              tag: 4.0.3.1413@sha256:a8daeb1690ce2870b291d444de5c69bf27a64248484699dddf07c26dff7074b1
+              tag: 4.0.3.1413@sha256:4284def4b9fd2d3de2898ae3a6adc7aa84b9cd7f4407a35e7c61472519038396
             env:
               # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
               # Ref: https://github.com/dotnet/runtime/issues/9336

kubernetes/apps/default/tautulli/app/helmrelease.yaml

@@ -36,7 +36,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/tautulli
-              tag: 2.13.4@sha256:b3000c0063cc4c0c6f2436fb7174f4bcfd8d91eca05206731edccb8b643ea570
+              tag: 2.13.4@sha256:1fded8af129cd7621d0eed5dff006dbbf69ecc1bcdcfe871d1c842cd76f94342
             env:
               TZ: America/Chicago
             probes:

kubernetes/apps/observability/grafana/app/externalsecret.yaml

@@ -18,10 +18,10 @@ spec:
         GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{ .authentik_grafana_oauth_client_secret }}"
         GF_DATE_FORMATS_USE_BROWSER_LOCALE: "true"
         GF_SERVER_ROOT_URL: https://grafana.hsn.dev
-        GF_DATABASE_NAME: ${DB_NAME}
+        GF_DATABASE_NAME: "{{ .grafana_GF_DATABASE_NAME }}"
-        GF_DATABASE_HOST: "grafana-primary.observability.svc:5432"
+        GF_DATABASE_HOST: "grafana-primary-real.observability.svc:5432"
-        GF_DATABASE_USER: "{{ .grafana_postgres_user }}"
+        GF_DATABASE_USER: "{{ .grafana_GF_DATABASE_USER }}"
-        GF_DATABASE_PASSWORD: "{{ .grafana_postgres_password }}"
+        GF_DATABASE_PASSWORD: "{{ .grafana_GF_DATABASE_PASSWORD }}"
         GF_DATABASE_SSL_MODE: "require"
         GF_DATABASE_TYPE: postgres
         GF_ANALYTICS_CHECK_FOR_UPDATES: "false"

kubernetes/apps/observability/grafana/app/kustomization.yaml

@@ -5,4 +5,5 @@ kind: Kustomization
 resources:
   - ./externalsecret.yaml
   - ./helmrelease.yaml
-  - ../../../../templates/postgres-database
+  - ./postgresCluster.yaml
+  - ./pushsecret.yaml

kubernetes/apps/observability/grafana/app/postgresCluster.yaml

@@ -0,0 +1,86 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/postgres-operator.crunchydata.com/postgrescluster_v1beta1.json
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+  name: "${APP}"
+spec:
+  postgresVersion: 16
+  dataSource:
+    pgbackrest:
+      stanza: db
+      configuration:
+        - secret:
+            name: pgo-s3-creds
+      global:
+        repo1-path: "/${APP}/repo1"
+        repo1-s3-uri-style: path
+      repo:
+        name: repo1
+        s3:
+          bucket: "crunchy-postgres"
+          endpoint: "s3.hsn.dev"
+          region: "us-east-1"
+  patroni:
+    dynamicConfiguration:
+      synchronous_mode: true
+      postgresql:
+        synchronous_commit: "on"
+        pg_hba:
+          - hostnossl all all 10.244.0.0/16 md5
+          - hostssl all all all md5
+  instances:
+    - name: postgres
+      metadata:
+        labels:
+          app.kubernetes.io/name: pgo-${APP}
+      replicas: 2
+      dataVolumeClaimSpec:
+        storageClassName: openebs-hostpath
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 5Gi
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: "kubernetes.io/hostname"
+          whenUnsatisfiable: "DoNotSchedule"
+          labelSelector:
+            matchLabels:
+              postgres-operator.crunchydata.com/cluster: ${APP}
+              postgres-operator.crunchydata.com/data: postgres
+  users:
+    - name: "grafana"
+      databases:
+        - "${DB_NAME}"
+      options: "SUPERUSER"
+      password:
+        type: AlphaNumeric
+  backups:
+    pgbackrest:
+      configuration:
+        - secret:
+            name: pgo-s3-creds
+      global:
+        archive-push-queue-max: 4GiB
+        repo1-retention-full: "14"
+        repo1-retention-full-type: time
+        repo1-path: "/${APP}/repo1"
+        repo1-s3-uri-style: path
+      manual:
+        repoName: repo1
+        options:
+          - --type=full
+      metadata:
+        labels:
+          app.kubernetes.io/name: pgo-${APP}-backup
+      repos:
+        - name: repo1
+          schedules:
+            full: "0 1 * * 0"
+            differential: "0 1 * * 1-6"
+          s3:
+            bucket: "crunchy-postgres"
+            endpoint: "s3.hsn.dev"
+            region: "us-east-1"

kubernetes/apps/observability/grafana/app/pushsecret.yaml

@@ -0,0 +1,35 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/pushsecret_v1alpha1.json
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  name: grafana
+spec:
+  refreshInterval: 1h
+  secretStoreRefs:
+    - name: onepassword-connect
+      kind: ClusterSecretStore
+  selector:
+    secret:
+      name: grafana-pguser-grafana
+  data:
+    - match:
+        secretKey: dbname
+        remoteRef:
+          remoteKey: grafana
+          property: GF_DATABASE_NAME
+    - match:
+        secretKey: host
+        remoteRef:
+          remoteKey: grafana
+          property: GF_DATABASE_HOST
+    - match:
+        secretKey: user
+        remoteRef:
+          remoteKey: grafana
+          property: GF_DATABASE_USER
+    - match:
+        secretKey: password
+        remoteRef:
+          remoteKey: grafana
+          property: GF_DATABASE_PASSWORD

kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml

@@ -23,9 +23,8 @@ spec:
     cleanupOnFail: true
     crds: CreateReplace
     remediation:
+      strategy: rollback
       retries: 3
-  uninstall:
-    keepHistory: false
   dependsOn:
     - name: openebs
       namespace: openebs-system
@@ -107,13 +106,13 @@ spec:
         enabled: true
       thanosServiceMonitor:
         enabled: true
-      thanosServiceExternal:
+      # thanosServiceExternal:
-        enabled: true
+      #   enabled: true
-        type: LoadBalancer
+      #   type: LoadBalancer
-        annotations:
+      #   annotations:
-          external-dns.alpha.kubernetes.io/hostname: thanos.jahanson.tech
+      #     external-dns.alpha.kubernetes.io/hostname: thanos.jahanson.tech
-          io.cilium/lb-ipam-ips: 10.45.0.6
+      #     io.cilium/lb-ipam-ips: 10.45.0.6
-        externalTrafficPolicy: Cluster
+      #   externalTrafficPolicy: Cluster
       prometheusSpec:
         podMetadata:
           annotations:
@@ -129,7 +128,7 @@ spec:
         enableAdminAPI: true
         walCompression: true
         enableFeatures:
-          - auto-gomaxprocs
+          - auto-gomemlimit
           - memory-snapshot-on-shutdown
           - new-service-discovery-manager
         image:
@@ -191,6 +190,8 @@ spec:
       forceDeployDashboards: true
       sidecar:
         dashboards:
+          annotations:
+            grafana_folder: Kubernetes
           multicluster:
             etcd:
               enabled: true

kubernetes/apps/observability/thanos/app/helmrelease.yaml

@@ -74,10 +74,6 @@ spec:
         enabled: true
         storageClass: openebs-hostpath
         size: 10Gi
-    query:
-      replicas: 2
-      extraArgs: ["--alert.query-url=https://thanos.jahanson.tech"]
-      additionalStores: ["thanos.jahanson.tech:10901"]
     queryFrontend:
       enabled: true
       replicas: 2

kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml

@@ -38,7 +38,7 @@ spec:
             nameOverride: qbittorrent
             image:
               repository: ghcr.io/onedr0p/qbittorrent
-              tag: 4.6.4@sha256:055f3bc32d0337de67671c33a67e71c96a1f409e9fa9d168941c00f0839737cc
+              tag: 4.6.4@sha256:cb8a7df4e63bf410834af7846b6d5eee4f10748d03819ee7218015c5b0332a29
             env:
               UMASK: "022"
               QBITTORRENT__PORT: &port 8080