Update chart cert-manager to v1.16.1

Reviewed-on: #702

.forgejo/workflows/schemas.yaml

@@ -0,0 +1,138 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "K8S json Schemas --> Cloudflare R2"
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *" # Every day at midnight
+  push:
+    branches: ["main"]
+    paths: [".forgejo/workflows/schemas.yaml"]
+
+jobs:
+  publish:
+    name: Schemas
+    runs-on: ["ubuntu-x86_64"]
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: https://github.com/actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Workflow Tools
+        shell: bash
+        run: |
+          curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x kubectl
+          mv kubectl /usr/local/bin/
+
+          curl -LO "https://dl.min.io/client/mc/release/linux-amd64/mc"
+          chmod +x mc
+          mv mc /usr/local/bin/
+
+      - name: Setup Python
+        run: |
+          apt-get update
+          apt-get install -y python3 python3-pip python3-yaml
+          pip3 install --upgrade pip
+
+      - name: Write kubeconfig
+        id: kubeconfig
+        uses: https://github.com/timheuer/base64-to-file@v1
+        with:
+          encodedString: "${{ secrets.KUBECONFIG }}"
+          fileName: kubeconfig
+          fileDir: ${{ env.GITHUB_WORKSPACE }}
+      - name: Write mc
+        id: mcconfig
+        uses: https://github.com/timheuer/base64-to-file@v1
+        with:
+          encodedString: "${{ secrets.MCCONFIG }}"
+          fileName: config.json
+          fileDir: ${{ env.GITHUB_WORKSPACE }}
+
+      - name: Extracting CRDs to yaml and converting to JSON schema
+        env:
+          KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}"
+        run: |
+          # kubeconfig
+          echo "kubeconfig location: $KUBECONFIG"
+          # Create temp folder for CRDs
+          TMP_CRD_DIR=$(mktemp -d)
+          echo "Temp directory: $TMP_CRD_DIR"
+
+          # Create final schemas directory
+          SCHEMAS_DIR=$GITHUB_WORKSPACE/crdSchemas
+          mkdir -p $SCHEMAS_DIR
+          echo "Schemas directory: $SCHEMAS_DIR"
+
+          # Create array to store CRD kinds and groups
+          ORGANIZE_BY_GROUP=true
+          declare -A CRD_GROUPS 2>/dev/null
+          if [ $? -ne 0 ]; then
+              # Array creation failed, signal to skip organization by group
+              ORGANIZE_BY_GROUP=false
+          fi
+
+          # Extract CRDs from cluster
+          NUM_OF_CRDS=0
+          while read -r crd
+          do
+              filename=${crd%% *}
+              kubectl get crds "$filename" -o yaml > "$TMP_CRD_DIR/$filename.yaml" 2>&1
+              echo "Extracted CRD: $filename"
+
+              resourceKind=$(grep "kind:" "$TMP_CRD_DIR/$filename.yaml" | awk 'NR==2{print $2}' | tr '[:upper:]' '[:lower:]')
+              resourceGroup=$(grep "group:" "$TMP_CRD_DIR/$filename.yaml" | awk 'NR==1{print $2}')
+
+              # Save name and group for later directory organization
+              CRD_GROUPS["$resourceKind"]="$resourceGroup"
+
+              let ++NUM_OF_CRDS
+          done < <(kubectl get crds 2>&1 | sed -n '/NAME/,$p' | tail -n +2)
+          echo numCRDs: $NUM_OF_CRDS
+
+          # Download converter script
+          curl https://raw.githubusercontent.com/yannh/kubeconform/master/scripts/openapi2jsonschema.py --output $TMP_CRD_DIR/openapi2jsonschema.py 2>/dev/null
+
+          # Convert crds to jsonSchema
+          cd $SCHEMAS_DIR
+          python3 $TMP_CRD_DIR/openapi2jsonschema.py $TMP_CRD_DIR/*.yaml
+          conversionResult=$?
+
+          # Copy and rename files to support kubeval
+          rm -rf $SCHEMAS_DIR/master-standalone
+          mkdir -p $SCHEMAS_DIR/master-standalone
+          cp $SCHEMAS_DIR/*.json $SCHEMAS_DIR/master-standalone
+          find $SCHEMAS_DIR/master-standalone -name '*json' -exec bash -c ' mv -f $0 ${0/\_/-stable-}' {} \;
+
+          # Organize schemas by group
+          if [ $ORGANIZE_BY_GROUP == true ]; then
+              for schema in $SCHEMAS_DIR/*.json
+              do
+              crdFileName=$(basename $schema .json)
+              crdKind=${crdFileName%%_*}
+              crdGroup=${CRD_GROUPS[$crdKind]}
+              if [ -z $crdGroup ]; then
+                  crdGroup="uncategorized"
+                  echo "CRD kind $crdKind has no group, moving to $crdGroup"
+              fi
+              echo making directory $crdGroup
+              mkdir -p $crdGroup
+              mv $schema ./$crdGroup
+              done
+          fi
+
+          rm -rf $TMP_CRD_DIR
+
+      - name: Deploy to Cloudflare R2
+        env:
+          MC_CONFIG_DIR: "${{ steps.mcconfig.outputs.fileDir }}"
+          shell: bash
+        run: |
+          echo $GITHUB_WORKSPACE/crdSchemas/
+          mc cp --recursive $GITHUB_WORKSPACE/crdSchemas/ r2-ks/kubernetes-schema

.gitignore

@@ -16,3 +16,4 @@ kubeconfig*
 omniconfig.yaml
 config.xml
 .idea/
+*.secrets

kubernetes/apps/ai/ollama/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/ai/open-webui/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -33,7 +33,7 @@ spec:
           app:
             image:
               repository: ghcr.io/open-webui/open-webui
-              tag: 0.3.30
+              tag: 0.3.32
             env:
               - name: OLLAMA_BASE_URL
                 value: http://ollama.ai.svc.cluster.local:11434

kubernetes/apps/ai/stable-diffusion/comfyui/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: cert-manager
-      version: v1.16.0
+      version: v1.16.1
       sourceRef:
         kind: HelmRepository
         name: jetstack

kubernetes/apps/cert-manager/webhook-dnsimple/app/helmrelease.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       interval: 30m
       sourceRef:
         kind: HelmRepository

kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/database/dragonfly/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/database/emqx/app/externalsecret.yaml

@@ -43,11 +43,18 @@ spec:
             },
             {
               "user_id": "tasmota",
-              "password": "{{ .x_emqx_tasmota_password }}"
+              "password": "{{ .x_emqx_tasmota_password }}",
+              "is_superuser": true # Until I can figure out authorization in emqx
             },
             {
-              "user_id": "homeassistant",
-              "password": "{{ .x_emqx_homeassistant_password }}"
+              "user_id": "zwave",
+              "password": "{{ .x_emqx_homeassistant_password }}",
+              "is_superuser": true # Until I can figure out authorization in emqx
+            },
+            {
+              "user_id": "zwave",
+              "password": "{{ .x_emqx_zwave_password }}",
+              "is_superuser": true # Until I can figure out authorization in emqx
             }
           ]
 
@@ -66,3 +73,9 @@ spec:
         - regexp:
             source: "(.*)"
             target: "x_emqx_homeassistant_$1"
+    - extract:
+        key: "emqx [zwave]"
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "x_emqx_zwave_$1"

kubernetes/apps/default/atuin/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/autobrr/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/autobrr/autobrr
-              tag: v1.46.1@sha256:4d8dd05ada84e6626eaaf0e60919ebaf5b1b9ffa2f0bf424616ed07bc5a83a72
+              tag: v1.47.0@sha256:42620617db5e2e51bbb4311d57ac3c42e43f0de3c8d158ec09130dd0714876e2
             env:
               AUTOBRR__CHECK_FOR_UPDATES: "false"
               AUTOBRR__HOST: 0.0.0.0

kubernetes/apps/default/excalidraw/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/home-assistant/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -36,7 +36,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/home-assistant
-              tag: 2024.10.0@sha256:1c61cc33a693176b4b6b930080196e204d3df094d7674bad3f62ed54cccef92c
+              tag: 2024.10.1@sha256:04614835418d2bdacd64685b516e58e7c5446f72485d446e7635282ba1a06c43
             env:
               TZ: America/Chicago
             envFrom:

kubernetes/apps/default/it-tools/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/linkwarden/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/maintainerr/app/helmrelease.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       interval: 30m
       sourceRef:
         kind: HelmRepository

kubernetes/apps/default/nicehash/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/omegabrr/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/overseerr/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/piped/app/helmrelease.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       interval: 30m
       sourceRef:
         kind: HelmRepository
@@ -69,7 +69,7 @@ spec:
           app:
             image:
               repository: ghcr.io/bjw-s-labs/piped-frontend
-              tag: latest@sha256:90356f6cc6dc4eb70a1f248f2509898fb1a11d1b5094d6237afe993e4f018273
+              tag: latest@sha256:da2b5578aeb71cc4153ca81201063f18721fd32140588d58aab1f223290fb7c6
             env:
               HTTP_PORT: 8080
               HTTP_WORKERS: 4
@@ -101,7 +101,7 @@ spec:
           app:
             image:
               repository: 1337kavin/piped-proxy
-              tag: latest@sha256:9a0547e412cbb87e0dc8c94a44ea81811541c9d1535b57a9a144901662df94b7
+              tag: latest@sha256:9872edd2c47c9c33dfa44c334e4cef4e2c6ec91638eb2dcf6ca36b7b3037fd59
             command:
               - /app/piped-proxy
             probes:

kubernetes/apps/default/plex/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/prowlarr/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/prowlarr-develop
-              tag: 1.24.3.4754@sha256:9c88257656e4ac893d692abf38a784c80ef1638eb99fae376bdb48f75498ce52
+              tag: 1.25.1.4770@sha256:8b59eb7f9e5321b702bdacae3468b63d71720091ba3b0e9dfaca686a7705d2b8
             env:
               # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
               # Ref: https://github.com/dotnet/runtime/issues/9336

kubernetes/apps/default/radarr/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/recyclarr/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/redlib/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -38,7 +38,7 @@ spec:
           app:
             image:
               repository: quay.io/redlib/redlib
-              tag: latest@sha256:e65e977dee589a3b07274ffca2a1c19cf487176f230d0ff03cbf09c626f3db11
+              tag: latest@sha256:e61e2535518e0b574f92642612f33f6fbee1aa22b2ff36ee740e26a025bb0039
             env:
               REDLIB_DEFAULT_SHOW_NSFW: on
               REDLIB_DEFAULT_WIDE: on

kubernetes/apps/default/sabnzbd/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/sabnzbd
-              tag: 4.3.3@sha256:4ad73733ae11eb03852ba99d6e49bff93f8087f9f77b9b193a1063c3f6f31482
+              tag: 4.3.3@sha256:6614d759bbaa6884926c6aa75018339bd35cd1add0ff92c907087327dd470477
             env:
               TZ: America/Chicago
               SABNZBD__PORT: &port 80

kubernetes/apps/default/searxng/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/sonarr/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/tautulli/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/unpackerr/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/default/zwave/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/kube-system/coredns/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: coredns
-      version: 1.34.0
+      version: 1.35.0
       sourceRef:
         kind: HelmRepository
         name: coredns

kubernetes/apps/kube-system/fstrim/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/network/cloudflared/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/network/echo-server/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       interval: 30m
       sourceRef:
         kind: HelmRepository

kubernetes/apps/observability/alertmanager/app/externalsecret.yaml

@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: alertmanager-secret
+spec:
+  refreshInterval: 5m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: alertmanager-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: pushover_api_token
+      remoteRef:
+        key: Pushover
+        property: alertmanager_token
+    - secretKey: pushover_api_userkey
+      remoteRef:
+        key: Pushover
+        property: userkey_jahanson

kubernetes/apps/observability/alertmanager/app/helmrelease.yaml

@@ -0,0 +1,87 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: alertmanager
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.0
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  values:
+    controllers:
+      alertmanager:
+        type: statefulset
+        annotations:
+          reloader.stakater.com/auto: "true"
+
+        statefulset:
+          volumeClaimTemplates:
+            - name: storage
+              accessMode: ReadWriteOnce
+              size: 50Mi
+              storageClass: ceph-block
+              globalMounts:
+                - path: /alertmanager
+
+        containers:
+          alertmanager:
+            image:
+              repository: quay.io/prometheus/alertmanager
+              tag: v0.27.0
+            ports:
+              - name: http
+                containerPort: 9093
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+            resources:
+              requests:
+                cpu: 11m
+                memory: 50M
+              limits:
+                memory: 99M
+
+    service:
+      app:
+        controller: alertmanager
+        ports:
+          http:
+            port: 9093
+
+    ingress:
+      app:
+        className: internal-nginx
+        hosts:
+          - host: alertmanager.jahanson.tech
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+
+    persistence:
+      config:
+        type: configMap
+        name: alertmanager-configmap
+        globalMounts:
+          - path: /etc/alertmanager
+      secrets:
+        type: secret
+        name: alertmanager-secret
+        globalMounts:
+          - path: /etc/secrets

kubernetes/apps/observability/alertmanager/app/kustomization.yaml

@@ -0,0 +1,15 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: alertmanager-configmap
+    files:
+      - resources/alertmanager.yml
+generatorOptions:
+  disableNameSuffixHash: true
+  annotations:
+    kustomize.toolkit.fluxcd.io/substitute: disabled

kubernetes/apps/observability/alertmanager/app/resources/alertmanager.yml

@@ -0,0 +1,59 @@
+---
+receivers:
+  - name: "null"
+  - name: "pushover"
+    pushover_configs:
+      - html: true
+        token_file: /etc/secrets/pushover_api_token
+        user_key_file: /etc/secrets/pushover_api_userkey
+        send_resolved: true
+        priority: |-
+          {{ if eq .Status "firing" }}1{{ else }}0{{ end }}
+        url_title: View in Alert Manager
+        title: |-
+          [{{ .Status | toUpper }}{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }}
+        message: |-
+          {{- range .Alerts }}
+            {{- if ne .Labels.severity "" }}
+              <b>Severity:</b> <i>{{ .Labels.severity }}</i>
+            {{- else }}
+              <b>Severity:</b> <i>N/A</i>
+            {{- end }}
+            {{- if ne .Annotations.description "" }}
+              <b>Description:</b> <i>{{ .Annotations.description }}</i>
+            {{- else if ne .Annotations.summary "" }}
+              <b>Summary:</b> <i>{{ .Annotations.summary }}</i>
+            {{- else if ne .Annotations.message "" }}
+              <b>Message:</b> <i>{{ .Annotations.message }}</i>
+            {{- else }}
+              <b>Description:</b> <i>N/A</i>
+            {{- end }}
+            {{- if gt (len .Labels.SortedPairs) 0 }}
+              <b>Details:</b>
+              {{- range .Labels.SortedPairs }}
+                • <b>{{ .Name }}:</b> <i>{{ .Value }}</i>
+              {{- end }}
+            {{- end }}
+          {{- end }}
+
+route:
+  group_by: ["alertname", "job"]
+  group_wait: 30s
+  group_interval: 5m
+  repeat_interval: 6h
+  receiver: "pushover"
+  routes:
+    - receiver: "null"
+      matchers:
+        - alertname =~ "InfoInhibitor|Watchdog"
+    - receiver: "pushover"
+      matchers:
+        - severity = critical
+      continue: true
+
+inhibit_rules:
+  - source_matchers:
+      - severity = "critical"
+    target_matchers:
+      - severity = "warning"
+    equal: ["alertname", "namespace"]

kubernetes/apps/observability/alertmanager/ks.yaml

@@ -3,20 +3,21 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: &appname kube-prometheus-stack
+  name: &appname alertmanager
   namespace: flux-system
 spec:
   targetNamespace: observability
   commonMetadata:
     labels:
       app.kubernetes.io/name: *appname
-  interval: 10m
-  path: "./kubernetes/apps/observability/kube-prometheus-stack/app"
+  interval: 30m
+  timeout: 5m
+  path: "./kubernetes/apps/observability/alertmanager/app"
   prune: true
   sourceRef:
     kind: GitRepository
     name: theshire
   wait: true
   dependsOn:
-    # - name: alertmanager
+    - name: external-secrets-stores
     - name: rook-ceph-cluster

kubernetes/apps/observability/gatus/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml

@@ -1,146 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: kube-prometheus-stack
-spec:
-  interval: 30m
-  timeout: 15m
-  chart:
-    spec:
-      chart: kube-prometheus-stack
-      version: 65.0.0
-      sourceRef:
-        kind: HelmRepository
-        name: prometheus-community
-        namespace: flux-system
-      interval: 30m
-  install:
-    crds: Skip
-  upgrade:
-    crds: Skip
-  values:
-    crds:
-      enabled: false
-    cleanPrometheusOperatorObjectNames: true
-
-    ###
-    ### Component values
-    ###
-    alertmanager:
-      enabled: false
-
-    kubeApiServer:
-      enabled: true
-      serviceMonitor:
-        metricRelabelings:
-          # Drop high cardinality labels
-          - action: drop
-            sourceLabels: ["__name__"]
-            regex: (apiserver|etcd|rest_client)_request(|_sli|_slo)_duration_seconds_bucket
-          - action: drop
-            sourceLabels: ["__name__"]
-            regex: (apiserver_response_sizes_bucket|apiserver_watch_events_sizes_bucket)
-
-    kubeControllerManager:
-      enabled: false
-
-    kubeEtcd:
-      enabled: false
-
-    kubelet:
-      enabled: true
-      serviceMonitor:
-        metricRelabelings:
-          # Drop high cardinality labels
-          - action: labeldrop
-            regex: (uid)
-          - action: labeldrop
-            regex: (id|name)
-          - action: drop
-            sourceLabels: ["__name__"]
-            regex: (rest_client_request_duration_seconds_bucket|rest_client_request_duration_seconds_sum|rest_client_request_duration_seconds_count)
-
-    kubeProxy:
-      enabled: false
-
-    kubeScheduler:
-      enabled: false
-
-    kubeStateMetrics:
-      enabled: false
-
-    nodeExporter:
-      enabled: false
-
-    grafana:
-      enabled: false
-      forceDeployDashboards: true
-      sidecar:
-        dashboards:
-          annotations:
-            grafana_folder: Kubernetes
-
-    ###
-    ### Prometheus operator values
-    ###
-    prometheusOperator:
-      resources:
-        requests:
-          cpu: 35m
-          memory: 273M
-        limits:
-          memory: 326M
-
-      prometheusConfigReloader:
-        # resource config for prometheusConfigReloader
-        resources:
-          requests:
-            cpu: 5m
-            memory: 32M
-          limits:
-            memory: 32M
-
-    ###
-    ### Prometheus instance values
-    ###
-    prometheus:
-      ingress:
-        enabled: true
-        ingressClassName: internal-nginx
-        annotations:
-          external-dns.alpha.kubernetes.io/target: internal.jahanson.tech
-        hosts:
-          - prometheus.jahanson.tech
-        pathType: Prefix
-
-      prometheusSpec:
-        enableAdminAPI: true
-        enableFeatures:
-          - auto-gomaxprocs
-          - memory-snapshot-on-shutdown
-          - new-service-discovery-manager
-        podMonitorSelectorNilUsesHelmValues: false
-        probeSelectorNilUsesHelmValues: false
-        replicas: 1
-        replicaExternalLabelName: "__replica__" # must match with thanos value `.query.replicaLabel[0]`
-        resources:
-          requests:
-            cpu: 100m
-          limits:
-            memory: 1500M
-        retention: 14d
-        retentionSize: 50GB
-        ruleSelectorNilUsesHelmValues: false
-        scrapeConfigSelectorNilUsesHelmValues: false
-        scrapeInterval: 1m # Must match interval in Grafana Helm chart
-        serviceMonitorSelectorNilUsesHelmValues: false
-        storageSpec:
-          volumeClaimTemplate:
-            spec:
-              storageClassName: ceph-block
-              resources:
-                requests:
-                  storage: 55Gi
-        walCompression: true

kubernetes/apps/observability/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
-  - ./kube-prometheus-stack/ks.yaml
-  - ./prometheus-operator-crds/ks.yaml
+  - ./alertmanager/ks.yaml
   - ./gatus/ks.yaml
+  - ./prometheus-operator-crds/ks.yaml
+  - ./victoria-metrics/ks.yaml

kubernetes/apps/observability/victoria-metrics/cluster/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - vmalert.yaml
+  - vmsingle.yaml

kubernetes/apps/observability/victoria-metrics/cluster/vmalert.yaml

@@ -0,0 +1,36 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/operator.victoriametrics.com/vmalert_v1beta1.json
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMAlert
+metadata:
+  name: victoria
+spec:
+  evaluationInterval: 1m
+  useStrictSecurity: true
+  selectAllByDefault: true
+  datasource:
+    url: http://vmsingle-victoria.observability.svc:8429
+  notifiers:
+    - url: http://alertmanager.observability.svc:9093
+  remoteRead:
+    url: http://vmsingle-victoria.observability.svc:8429
+  remoteWrite:
+    url: http://vmsingle-victoria.observability.svc:8429
+  securityContext:
+    runAsUser: 65534
+    runAsGroup: 65534
+    runAsNonRoot: true
+    fsGroup: 65534
+  resources:
+    requests:
+      cpu: 3m
+    limits:
+      memory: 128Mi
+  topologySpreadConstraints:
+    - maxSkew: 1
+      topologyKey: kubernetes.io/hostname
+      whenUnsatisfiable: DoNotSchedule
+      labelSelector:
+        matchLabels:
+          app.kubernetes.io/instance: victoria
+          app.kubernetes.io/name: vmalert

kubernetes/apps/observability/victoria-metrics/cluster/vmsingle.yaml

@@ -0,0 +1,31 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/operator.victoriametrics.com/vmsingle_v1beta1.json
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMSingle
+metadata:
+  name: victoria
+spec:
+  # Possible units character: h(ours), d(ays), w(eeks), y(ears). Min 24h.
+  retentionPeriod: "6" # months if not specified
+  useStrictSecurity: true
+  extraArgs:
+    dedup.minScrapeInterval: 10s
+    maxLabelsPerTimeseries: "40"
+    search.minStalenessInterval: 5m
+    vmalert.proxyURL: http://vmalert-victoria.observability.svc:8080
+  securityContext:
+    runAsUser: 65534
+    runAsGroup: 65534
+    runAsNonRoot: true
+    fsGroup: 65534
+  resources:
+    requests:
+      cpu: 5m
+    limits:
+      memory: 2Gi
+  storage:
+    accessModes: [ReadWriteOnce]
+    resources:
+      requests:
+        storage: 10Gi
+    storageClassName: openebs-hostpath

kubernetes/apps/observability/victoria-metrics/ks.yaml

@@ -0,0 +1,43 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app vm-operator
+  namespace: flux-system
+spec:
+  targetNamespace: observability
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/observability/victoria-metrics/operator
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app vm-cluster
+  namespace: flux-system
+spec:
+  targetNamespace: observability
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: openebs
+    - name: vm-operator
+  path: ./kubernetes/apps/observability/victoria-metrics/cluster
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: false
+  interval: 30m
+  retryInterval: 1m

kubernetes/apps/observability/victoria-metrics/operator/helmrelease.yaml

@@ -0,0 +1,38 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vm-operator
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: victoria-metrics-operator
+      version: 0.35.2
+      sourceRef:
+        kind: HelmRepository
+        name: victoria-metrics
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    fullnameOverride: vm-operator
+    rbac:
+      pspEnabled: false
+    operator:
+      enable_converter_ownership: true
+      useCustomConfigReloader: true
+    resources:
+      limits:
+        cpu: 220m
+        memory: 320Mi
+      requests:
+        cpu: 80m
+        memory: 120Mi

kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -35,7 +35,7 @@ spec:
           app:
             image:
               repository: ghcr.io/cross-seed/cross-seed
-              tag: 6.0.0-36@sha256:2611848f319df22a6887d850ff1fc171c214d1aa92ccde64342742d396f1586a
+              tag: 6.0.0-39@sha256:d871f4204840cb67fec4d417bd4cc5b3fe42abd98aa0f3304b309e410c02f40b
             env:
               TZ: America/Chicago
             args: ["daemon"]

kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       interval: 30m
       sourceRef:
         kind: HelmRepository

kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.0
       sourceRef:
         kind: HelmRepository
         name: bjw-s
@@ -39,7 +39,7 @@ spec:
           tagging: &container
             image:
               repository: ghcr.io/buroa/qbtools
-              tag: v0.17.6@sha256:a248dc3e1d885838532830e15743846b73554b8af7e01fd728758f191458c10f
+              tag: v0.17.7@sha256:9f58b7f3f35066ca970951692475d788d328e703840b7fca0f0c2ed8c3102f7d
             env:
               TZ: *timeZone
               POD_NAMESPACE:

kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: rook-ceph
-      version: v1.15.2
+      version: v1.15.3
       sourceRef:
         kind: HelmRepository
         name: rook-ceph

kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: rook-ceph-cluster
-      version: v1.15.2
+      version: v1.15.3
       sourceRef:
         kind: HelmRepository
         name: rook-ceph

kubernetes/bootstrap/helmfile.yaml

@@ -31,7 +31,7 @@ releases:
   - name: coredns
     namespace: kube-system
     chart: coredns/coredns
-    version: 1.34.0
+    version: 1.35.0
     values:
       - ../apps/kube-system/coredns/app/helm-values.yml
     needs:

kubernetes/flux/repositories/helm/kustomization.yaml

@@ -38,3 +38,4 @@ resources:
   - spegel-org.yaml
   - stakater.yaml
   - stevehipwell.yaml
+  - victoria-metrics.yaml

kubernetes/flux/repositories/helm/victoria-metrics.yaml

@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: victoria-metrics
+spec:
+  interval: 30m
+  url: https://victoriametrics.github.io/helm-charts/
+  timeout: 3m