Update renovate/renovate Docker tag to v43.29.2

apps/gitea/gitea-shared-volume.yaml

@@ -1,46 +0,0 @@
----
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: gitea-shared-storage-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 10Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: gitea-shared-storage-lvmhdd
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: gitea-shared-storage-lvmhdd
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: gitea-shared-storage-lvmhdd
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
-  storageClassName: hdd-lvmpv
-  volumeName: gitea-shared-storage-lvmhdd

apps/gitea/kustomization.yaml

@@ -4,8 +4,6 @@ resources:
   - namespace.yaml
   - postgres-volume.yaml
   - postgres-cluster.yaml
-  - gitea-shared-volume.yaml
-  - valkey-volume.yaml
   - release.yaml
   - secret.yaml
   - backups.yaml

apps/gitea/postgres-cluster.yaml

@@ -2,27 +2,15 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: gitea-postgresql-cluster-lvmhdd
+  name: gitea-postgresql-cluster
   namespace: gitea
 spec:
   instances: 1
 
-  imageName: ghcr.io/cloudnative-pg/postgresql:17.4
-
   storage:
-    pvcTemplate:
+    size: 10Gi
-      storageClassName: hdd-lvmpv
+    storageClass: mayastor-single-hdd
-      resources:
-        requests:
-          storage: 20Gi
-      volumeName: gitea-postgresql-cluster-lvmhdd-1
 
-  # Just to avoid bootstrapping the instance agian
-  # I migrated data manually using pv_migrate because this feature is broken
-  # when source and target volumes are in different storage classes
-  # CNPG just sets dataSource to the PVC and expects the underlying storage
-  # to handle the migration, but it doesn't work here
-  bootstrap:
-    recovery:
   backup:
-        name: backup-migration
+    volumeSnapshot:
+      className: csi-mayastor-snapshotclass

apps/gitea/postgres-volume.yaml

@@ -27,7 +27,6 @@ spec:
   volumeMode: Filesystem
   csi:
     driver: local.csi.openebs.io
-    fsType: btrfs
     volumeHandle: gitea-postgresql-cluster-lvmhdd-1
 ---
 # PVCs are dynamically created by the Postgres operator

apps/gitea/release.yaml

@@ -45,28 +45,26 @@ spec:
       primary:
         persistence:
           enabled: true
-          existingClaim: gitea-valkey-primary-lvmhdd-0
+          storageClass: mayastor-single-hdd
         resources:
           requests:
             cpu: 0
 
     persistence:
       enabled: true
-      # We'll create PV and PVC manually
+      storageClass: mayastor-single-hdd
-      create: false
-      claimName: gitea-shared-storage-lvmhdd
 
     gitea:
       additionalConfigFromEnvs:
         - name: GITEA__DATABASE__PASSWD
           valueFrom:
             secretKeyRef:
-              name: gitea-postgresql-cluster-lvmhdd-app
+              name: gitea-postgresql-cluster-app
               key: password
       config:
         database:
           DB_TYPE: postgres
-          HOST: gitea-postgresql-cluster-lvmhdd-rw:5432
+          HOST: gitea-postgresql-cluster-rw:5432
           NAME: app
           USER: app
         indexer:

apps/gitea/valkey-volume.yaml

@@ -1,46 +0,0 @@
----
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: gitea-valkey-primary-lvmhdd-0
-  namespace: openebs
-spec:
-  capacity: 1Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: gitea-valkey-primary-lvmhdd-0
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: gitea-valkey-primary-lvmhdd-0
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: gitea-valkey-primary-lvmhdd-0
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: hdd-lvmpv
-  volumeName: gitea-valkey-primary-lvmhdd-0

apps/immich/immich-library.yaml

@@ -1,46 +0,0 @@
----
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: immich-library-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 150Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: immich-library-lvmhdd
-spec:
-  capacity:
-    storage: 150Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: immich-library-lvmhdd
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: library-lvmhdd
-  namespace: immich
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 150Gi
-  storageClassName: hdd-lvmpv
-  volumeName: immich-library-lvmhdd

apps/immich/kustomization.yaml

@@ -2,10 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - namespace.yaml
-  - valkey-volume.yaml
+  - volume.yaml
   - redis.yaml
   - postgres-password.yaml
-  - postgres-volume.yaml
   - postgres-cluster.yaml
-  - immich-library.yaml
   - release.yaml

apps/immich/postgres-cluster.yaml

@@ -2,31 +2,21 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: immich-db-lvmhdd
+  name: immich-db
   namespace: immich
 spec:
-  # TODO: Configure renovate to handle imageName
   imageName: ghcr.io/tensorchord/cloudnative-vectorchord:14-0.4.3
 
   instances: 1
 
   storage:
-    pvcTemplate:
+    size: 10Gi
-      storageClassName: hdd-lvmpv
+    storageClass: mayastor-single-hdd
-      resources:
-        requests:
-          storage: 10Gi
-      volumeName: immich-db-lvmhdd-1
-
-  # Just to avoid bootstrapping the instance again
-  # I migrated data manually using pv_migrate because this feature is broken
-  # when source and target volumes are in different storage classes
-  # CNPG just sets dataSource to the PVC and expects the underlying storage
-  # to handle the migration, but it doesn't work here
   bootstrap:
-    recovery:
+    initdb:
-      backup:
+      # Defaults of immich chart
-        name: backup-migration
+      database: immich
+      owner: immich
 
   # We need to create custom role because default one does not allow to set up
   # vectorchord extension

apps/immich/postgres-volume.yaml

@@ -1,33 +0,0 @@
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: immich-db-lvmhdd-1
-  namespace: openebs
-spec:
-  capacity: 10Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: immich-db-lvmhdd-1
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: immich-db-lvmhdd-1
----
-# PVCs are dynamically created by the Postgres operator

apps/immich/redis.yaml

@@ -2,35 +2,28 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
-  name: valkey
+  name: bitnami
   namespace: immich
 spec:
   interval: 24h
-  url: https://valkey.io/valkey-helm/
+  type: "oci"
+  url: oci://registry-1.docker.io/bitnamicharts/
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: valkey
+  name: redis
   namespace: immich
 spec:
   interval: 30m
   chart:
     spec:
-      chart: valkey
+      chart: redis
-      version: 0.9.3
+      version: 24.1.3
       sourceRef:
         kind: HelmRepository
-        name: valkey
+        name: bitnami
   values:
-    dataStorage:
+    global:
-      enabled: true
+      defaultStorageClass: mayastor-single-hdd
-      persistentVolumeClaimName: immich-valkey
+    architecture: standalone
-
-    auth:
-      enabled: true
-      usersExistingSecret: redis
-      aclUsers:
-        default:
-          passwordKey: redis-password
-          permissions: "~* &* +@all"

apps/immich/release.yaml

@@ -27,14 +27,14 @@ spec:
       config:
         vecotrExtension: vectorchord
       postgres:
-        host: immich-db-lvmhdd-rw
+        host: immich-db-rw
         existingSecret:
           enabled: true
           secretName: immich-db-immich
           usernameKey: username
           passwordKey: password
       redis:
-        host: valkey
+        host: redis-master
         existingSecret:
           enabled: true
           secretName: redis
@@ -47,7 +47,7 @@ spec:
       volumes:
         - name: uploads
           persistentVolumeClaim:
-            claimName: library-lvmhdd
+            claimName: library
 
     machineLearning:
       enabled: true

apps/immich/valkey-volume.yaml

@@ -1,46 +0,0 @@
----
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: immich-valkey
-  namespace: openebs
-spec:
-  capacity: 1Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: immich-valkey
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: immich-valkey
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: immich-valkey
-  namespace: immich
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: hdd-lvmpv
-  volumeName: immich-valkey

apps/immich/volume.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: library
+  namespace: immich
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 150Gi
+  storageClassName: mayastor-single-hdd

apps/kustomization.yaml

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - gitea
+  - registry
   - renovate
   - librechat
   - frigate

apps/llama/deployment.yaml

@@ -41,7 +41,7 @@ spec:
       volumes:
         - name: models
           persistentVolumeClaim:
-            claimName: llama-models-lvmhdd
+            claimName: llama-models
         - name: kfd
           hostPath:
             path: /dev/kfd

apps/llama/pvc.yaml

@@ -1,46 +1,13 @@
 ---
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: llama-models-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 200Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
----
-kind: PersistentVolume
 apiVersion: v1
-metadata:
-  name: llama-models-lvmhdd
-spec:
-  capacity:
-    storage: 200Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: llama-models-lvmhdd
----
 kind: PersistentVolumeClaim
-apiVersion: v1
 metadata:
-  name: llama-models-lvmhdd
   namespace: llama
+  name: llama-models
 spec:
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
       storage: 200Gi
-  storageClassName: hdd-lvmpv
+  storageClassName: mayastor-single-ssd
-  volumeName: llama-models-lvmhdd

apps/registry/deployment.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry
+  namespace: registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: registry
+  template:
+    metadata:
+      labels:
+        app: registry
+    spec:
+      containers:
+        - name: registry
+          image: registry:3.0.0
+          ports:
+            - containerPort: 5000
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/registry
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: registry-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-service
+  namespace: registry
+spec:
+  selector:
+    app: registry
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 5000

apps/registry/ingress.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: registry
+  name: registry
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+spec:
+  ingressClassName: nginx-ingress
+  rules:
+    - host: registry.lumpiasty.xyz
+      http:
+        paths:
+          - backend:
+              service:
+                name: registry-service
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - registry.lumpiasty.xyz
+      secretName: researcher-ingress

apps/registry/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - volume.yaml
+  - deployment.yaml
+  - ingress.yaml

apps/registry/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: registry

apps/registry/volume.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: registry-data
+  namespace: registry
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+  storageClassName: mayastor-single-hdd

apps/renovate/cronjob.yaml

@@ -15,7 +15,7 @@ spec:
             - name: renovate
               # Update this to the latest available and then enable Renovate on
               # the manifest
-              image: renovate/renovate:43.31.1-full
+              image: renovate/renovate:43.29.2-full
               envFrom:
                 - secretRef:
                     name: renovate-gitea-token

infra/configs/openbao-volume.yaml

@@ -1,46 +0,0 @@
----
-apiVersion: local.openebs.io/v1alpha1
-kind: LVMVolume
-metadata:
-  labels:
-    kubernetes.io/nodename: anapistula-delrosalae
-  name: openbao-volume-lvmhdd
-  namespace: openebs
-spec:
-  capacity: 1Gi
-  ownerNodeID: anapistula-delrosalae
-  shared: "yes"
-  thinProvision: "no"
-  vgPattern: ^openebs-hdd$
-  volGroup: openebs-hdd
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: openbao-volume-lvmhdd
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: hdd-lvmpv
-  volumeMode: Filesystem
-  csi:
-    driver: local.csi.openebs.io
-    fsType: btrfs
-    volumeHandle: openbao-volume-lvmhdd
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: openbao-volume-lvmhdd
-  namespace: openbao
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: hdd-lvmpv
-  volumeName: openbao-volume-lvmhdd

infra/controllers/openbao.yaml

@@ -60,27 +60,21 @@ spec:
 
             service_registration "kubernetes" {}
         replicas: 1
-      # Disable chart's data storage setting and add data volume manually
-      dataStorage:
-        enabled: false
-      volumes:
       # Mount TLS cert to container
+      volumes:
         - name: tls
           secret:
             secretName: openbao-lumpiasty-xyz
-        - name: data
-          persistentVolumeClaim:
-            claimName: openbao-volume-lvmhdd
       volumeMounts:
         - name: tls
           mountPath: /tls
           readOnly: true
-        - name: data
-          mountPath: /openbao/data
       service:
         enabled: true
         type: LoadBalancer
         ipFamilyPolicy: RequireDualStack
+      dataStorage:
+        storageClass: mayastor-single-hdd
     csi:
       enabled: true
     injector:

infra/kustomization.yaml

@@ -9,6 +9,7 @@ resources:
   - controllers/cert-manager-webhook-ovh.yaml
   - controllers/openebs.yaml
   - controllers/k8up.yaml
+  - controllers/openbao.yaml
   - controllers/external-secrets.yaml
   - controllers/vault-secrets-operator.yaml
   - controllers/mongodb-operator.yaml
@@ -23,6 +24,3 @@ resources:
   - configs/mayastor-snapshotclass.yaml
   - configs/openbao-cert.yaml
   - configs/ovh-cert-manager-secret.yaml
-
-  - configs/openbao-volume.yaml
-  - controllers/openbao.yaml