Update renovate/renovate Docker tag to v43.29.2

2026-02-21 00:00:54 +00:00
26 changed files with 145 additions and 379 deletions
--- a/apps/gitea/gitea-shared-volume.yaml
+++ b/apps/gitea/gitea-shared-volume.yaml
@@ -1,46 +0,0 @@
---
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: gitea-shared-storage-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 10Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
---
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: gitea-shared-storage-lvmhdd
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: gitea-shared-storage-lvmhdd
---
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: gitea-shared-storage-lvmhdd
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
-  storageClassName: hdd-lvmpv
-  volumeName: gitea-shared-storage-lvmhdd
--- a/apps/gitea/kustomization.yaml
+++ b/apps/gitea/kustomization.yaml
@@ -4,8 +4,6 @@ resources:
  - namespace.yaml
  - postgres-volume.yaml
  - postgres-cluster.yaml
-  - gitea-shared-volume.yaml
-  - valkey-volume.yaml
  - release.yaml
  - secret.yaml
  - backups.yaml
--- a/apps/gitea/postgres-cluster.yaml
+++ b/apps/gitea/postgres-cluster.yaml
@@ -2,27 +2,15 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: gitea-postgresql-cluster-lvmhdd
+  name: gitea-postgresql-cluster
  namespace: gitea
 spec:
  instances: 1

-  imageName: ghcr.io/cloudnative-pg/postgresql:17.4
-
  storage:
-    pvcTemplate:
-      storageClassName: hdd-lvmpv
-      resources:
-        requests:
-          storage: 20Gi
-      volumeName: gitea-postgresql-cluster-lvmhdd-1
+    size: 10Gi
+    storageClass: mayastor-single-hdd

-  # Just to avoid bootstrapping the instance agian
-  # I migrated data manually using pv_migrate because this feature is broken
-  # when source and target volumes are in different storage classes
-  # CNPG just sets dataSource to the PVC and expects the underlying storage
-  # to handle the migration, but it doesn't work here
-  bootstrap:
-    recovery:
-      backup:
-        name: backup-migration
+  backup:
+    volumeSnapshot:
+      className: csi-mayastor-snapshotclass
--- a/apps/gitea/postgres-volume.yaml
+++ b/apps/gitea/postgres-volume.yaml
@@ -27,7 +27,6 @@ spec:
  volumeMode: Filesystem
  csi:
    driver: local.csi.openebs.io
-    fsType: btrfs
    volumeHandle: gitea-postgresql-cluster-lvmhdd-1
 ---
 # PVCs are dynamically created by the Postgres operator
--- a/apps/gitea/release.yaml
+++ b/apps/gitea/release.yaml
@@ -45,28 +45,26 @@ spec:
      primary:
        persistence:
          enabled: true
-          existingClaim: gitea-valkey-primary-lvmhdd-0
+          storageClass: mayastor-single-hdd
        resources:
          requests:
            cpu: 0

    persistence:
      enabled: true
-      # We'll create PV and PVC manually
-      create: false
-      claimName: gitea-shared-storage-lvmhdd
+      storageClass: mayastor-single-hdd

    gitea:
      additionalConfigFromEnvs:
        - name: GITEA__DATABASE__PASSWD
          valueFrom:
            secretKeyRef:
-              name: gitea-postgresql-cluster-lvmhdd-app
+              name: gitea-postgresql-cluster-app
              key: password
      config:
        database:
          DB_TYPE: postgres
-          HOST: gitea-postgresql-cluster-lvmhdd-rw:5432
+          HOST: gitea-postgresql-cluster-rw:5432
          NAME: app
          USER: app
        indexer:
--- a/apps/gitea/valkey-volume.yaml
+++ b/apps/gitea/valkey-volume.yaml
@@ -1,46 +0,0 @@
---
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: gitea-valkey-primary-lvmhdd-0
-  namespace: openebs
-spec:
-  capacity: 1Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
---
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: gitea-valkey-primary-lvmhdd-0
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: gitea-valkey-primary-lvmhdd-0
---
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: gitea-valkey-primary-lvmhdd-0
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: hdd-lvmpv
-  volumeName: gitea-valkey-primary-lvmhdd-0
--- a/apps/immich/immich-library.yaml
+++ b/apps/immich/immich-library.yaml
@@ -1,46 +0,0 @@
---
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: immich-library-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 150Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
---
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: immich-library-lvmhdd
-spec:
-  capacity:
-    storage: 150Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: immich-library-lvmhdd
---
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: library-lvmhdd
-  namespace: immich
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 150Gi
-  storageClassName: hdd-lvmpv
-  volumeName: immich-library-lvmhdd
--- a/apps/immich/kustomization.yaml
+++ b/apps/immich/kustomization.yaml
@@ -2,10 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - namespace.yaml
-  - valkey-volume.yaml
+  - volume.yaml
  - redis.yaml
  - postgres-password.yaml
-  - postgres-volume.yaml
  - postgres-cluster.yaml
-  - immich-library.yaml
  - release.yaml
--- a/apps/immich/postgres-cluster.yaml
+++ b/apps/immich/postgres-cluster.yaml
@@ -2,31 +2,21 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: immich-db-lvmhdd
+  name: immich-db
  namespace: immich
 spec:
-  # TODO: Configure renovate to handle imageName
  imageName: ghcr.io/tensorchord/cloudnative-vectorchord:14-0.4.3

  instances: 1

  storage:
-    pvcTemplate:
-      storageClassName: hdd-lvmpv
-      resources:
-        requests:
-          storage: 10Gi
-      volumeName: immich-db-lvmhdd-1
-
-  # Just to avoid bootstrapping the instance again
-  # I migrated data manually using pv_migrate because this feature is broken
-  # when source and target volumes are in different storage classes
-  # CNPG just sets dataSource to the PVC and expects the underlying storage
-  # to handle the migration, but it doesn't work here
+    size: 10Gi
+    storageClass: mayastor-single-hdd
  bootstrap:
-    recovery:
-      backup:
-        name: backup-migration
+    initdb:
+      # Defaults of immich chart
+      database: immich
+      owner: immich

  # We need to create custom role because default one does not allow to set up
  # vectorchord extension
--- a/apps/immich/postgres-volume.yaml
+++ b/apps/immich/postgres-volume.yaml
@@ -1,33 +0,0 @@
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: immich-db-lvmhdd-1
-  namespace: openebs
-spec:
-  capacity: 10Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
---
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: immich-db-lvmhdd-1
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: immich-db-lvmhdd-1
---
-# PVCs are dynamically created by the Postgres operator
--- a/apps/immich/redis.yaml
+++ b/apps/immich/redis.yaml
@@ -2,35 +2,28 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
-  name: valkey
+  name: bitnami
  namespace: immich
 spec:
  interval: 24h
-  url: https://valkey.io/valkey-helm/
+  type: "oci"
+  url: oci://registry-1.docker.io/bitnamicharts/
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: valkey
+  name: redis
  namespace: immich
 spec:
  interval: 30m
  chart:
    spec:
-      chart: valkey
-      version: 0.9.3
+      chart: redis
+      version: 24.1.3
      sourceRef:
        kind: HelmRepository
-        name: valkey
+        name: bitnami
  values:
-    dataStorage:
-      enabled: true
-      persistentVolumeClaimName: immich-valkey
-
-    auth:
-      enabled: true
-      usersExistingSecret: redis
-      aclUsers:
-        default:
-          passwordKey: redis-password
-          permissions: "~* &* +@all"
+    global:
+      defaultStorageClass: mayastor-single-hdd
+    architecture: standalone
--- a/apps/immich/release.yaml
+++ b/apps/immich/release.yaml
@@ -27,14 +27,14 @@ spec:
      config:
        vecotrExtension: vectorchord
      postgres:
-        host: immich-db-lvmhdd-rw
+        host: immich-db-rw
        existingSecret:
          enabled: true
          secretName: immich-db-immich
          usernameKey: username
          passwordKey: password
      redis:
-        host: valkey
+        host: redis-master
        existingSecret:
          enabled: true
          secretName: redis
@@ -47,7 +47,7 @@ spec:
      volumes:
        - name: uploads
          persistentVolumeClaim:
-            claimName: library-lvmhdd
+            claimName: library

    machineLearning:
      enabled: true
--- a/apps/immich/valkey-volume.yaml
+++ b/apps/immich/valkey-volume.yaml
@@ -1,46 +0,0 @@
---
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: immich-valkey
-  namespace: openebs
-spec:
-  capacity: 1Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
---
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: immich-valkey
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: immich-valkey
---
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: immich-valkey
-  namespace: immich
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: hdd-lvmpv
-  volumeName: immich-valkey
--- a/apps/immich/volume.yaml
+++ b/apps/immich/volume.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: library
+  namespace: immich
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 150Gi
+  storageClassName: mayastor-single-hdd
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - gitea
+  - registry
  - renovate
  - librechat
  - frigate
--- a/apps/llama/deployment.yaml
+++ b/apps/llama/deployment.yaml
@@ -41,7 +41,7 @@ spec:
      volumes:
        - name: models
          persistentVolumeClaim:
-            claimName: llama-models-lvmhdd
+            claimName: llama-models
        - name: kfd
          hostPath:
            path: /dev/kfd
--- a/apps/llama/pvc.yaml
+++ b/apps/llama/pvc.yaml
@@ -1,46 +1,13 @@
 ---
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: llama-models-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 200Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
---
-kind: PersistentVolume
 apiVersion: v1
-metadata:
-  name: llama-models-lvmhdd
-spec:
-  capacity:
-    storage: 200Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: llama-models-lvmhdd
---
 kind: PersistentVolumeClaim
-apiVersion: v1
 metadata:
-  name: llama-models-lvmhdd
  namespace: llama
+  name: llama-models
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 200Gi
-  storageClassName: hdd-lvmpv
-  volumeName: llama-models-lvmhdd
+  storageClassName: mayastor-single-ssd
--- a/apps/registry/deployment.yaml
+++ b/apps/registry/deployment.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry
+  namespace: registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: registry
+  template:
+    metadata:
+      labels:
+        app: registry
+    spec:
+      containers:
+        - name: registry
+          image: registry:3.0.0
+          ports:
+            - containerPort: 5000
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/registry
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: registry-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-service
+  namespace: registry
+spec:
+  selector:
+    app: registry
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 5000
--- a/apps/registry/ingress.yaml
+++ b/apps/registry/ingress.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: registry
+  name: registry
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+spec:
+  ingressClassName: nginx-ingress
+  rules:
+    - host: registry.lumpiasty.xyz
+      http:
+        paths:
+          - backend:
+              service:
+                name: registry-service
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - registry.lumpiasty.xyz
+      secretName: researcher-ingress
--- a/apps/registry/kustomization.yaml
+++ b/apps/registry/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - volume.yaml
+  - deployment.yaml
+  - ingress.yaml
--- a/apps/registry/namespace.yaml
+++ b/apps/registry/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: registry
--- a/apps/registry/volume.yaml
+++ b/apps/registry/volume.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: registry-data
+  namespace: registry
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+  storageClassName: mayastor-single-hdd
--- a/apps/renovate/cronjob.yaml
+++ b/apps/renovate/cronjob.yaml
@@ -15,7 +15,7 @@ spec:
            - name: renovate
              # Update this to the latest available and then enable Renovate on
              # the manifest
-              image: renovate/renovate:43.31.1-full
+              image: renovate/renovate:43.29.2-full
              envFrom:
                - secretRef:
                    name: renovate-gitea-token
--- a/infra/configs/openbao-volume.yaml
+++ b/infra/configs/openbao-volume.yaml
@@ -1,46 +0,0 @@
---
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: openbao-volume-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 1Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
---
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: openbao-volume-lvmhdd
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: openbao-volume-lvmhdd
---
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: openbao-volume-lvmhdd
-  namespace: openbao
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: hdd-lvmpv
-  volumeName: openbao-volume-lvmhdd
--- a/infra/controllers/openbao.yaml
+++ b/infra/controllers/openbao.yaml
@@ -60,27 +60,21 @@ spec:

            service_registration "kubernetes" {}
        replicas: 1
-      # Disable chart's data storage setting and add data volume manually
-      dataStorage:
-        enabled: false
+      # Mount TLS cert to container
      volumes:
-        # Mount TLS cert to container
        - name: tls
          secret:
            secretName: openbao-lumpiasty-xyz
-        - name: data
-          persistentVolumeClaim:
-            claimName: openbao-volume-lvmhdd
      volumeMounts:
        - name: tls
          mountPath: /tls
          readOnly: true
-        - name: data
-          mountPath: /openbao/data
      service:
        enabled: true
        type: LoadBalancer
        ipFamilyPolicy: RequireDualStack
+      dataStorage:
+        storageClass: mayastor-single-hdd
    csi:
      enabled: true
    injector:
--- a/infra/kustomization.yaml
+++ b/infra/kustomization.yaml
@@ -9,6 +9,7 @@ resources:
  - controllers/cert-manager-webhook-ovh.yaml
  - controllers/openebs.yaml
  - controllers/k8up.yaml
+  - controllers/openbao.yaml
  - controllers/external-secrets.yaml
  - controllers/vault-secrets-operator.yaml
  - controllers/mongodb-operator.yaml
@@ -23,6 +24,3 @@ resources:
  - configs/mayastor-snapshotclass.yaml
  - configs/openbao-cert.yaml
  - configs/ovh-cert-manager-secret.yaml
-
-  - configs/openbao-volume.yaml
-  - controllers/openbao.yaml