Update renovate/renovate Docker tag to v43.31.1

apps/gitea/gitea-shared-volume.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: local.openebs.io/v1alpha1
+kind: LVMVolume
+metadata:
+  labels:
+    kubernetes.io/nodename: anapistula-delrosalae
+  name: gitea-shared-storage-lvmhdd
+  namespace: openebs
+spec:
+  capacity: 10Gi
+  ownerNodeID: anapistula-delrosalae
+  shared: "yes"
+  thinProvision: "no"
+  vgPattern: ^openebs-hdd$
+  volGroup: openebs-hdd
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: gitea-shared-storage-lvmhdd
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: hdd-lvmpv
+  volumeMode: Filesystem
+  csi:
+    driver: local.csi.openebs.io
+    fsType: btrfs
+    volumeHandle: gitea-shared-storage-lvmhdd
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: gitea-shared-storage-lvmhdd
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: hdd-lvmpv
+  volumeName: gitea-shared-storage-lvmhdd

apps/gitea/kustomization.yaml

@@ -4,6 +4,8 @@ resources:
   - namespace.yaml
   - postgres-volume.yaml
   - postgres-cluster.yaml
+  - gitea-shared-volume.yaml
+  - valkey-volume.yaml
   - release.yaml
   - secret.yaml
   - backups.yaml

apps/gitea/postgres-cluster.yaml

@@ -2,15 +2,27 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: gitea-postgresql-cluster
+  name: gitea-postgresql-cluster-lvmhdd
   namespace: gitea
 spec:
   instances: 1
 
-  storage:
-    size: 10Gi
-    storageClass: mayastor-single-hdd
+  imageName: ghcr.io/cloudnative-pg/postgresql:17.4
 
-  backup:
-    volumeSnapshot:
-      className: csi-mayastor-snapshotclass
+  storage:
+    pvcTemplate:
+      storageClassName: hdd-lvmpv
+      resources:
+        requests:
+          storage: 20Gi
+      volumeName: gitea-postgresql-cluster-lvmhdd-1
+
+  # Just to avoid bootstrapping the instance agian
+  # I migrated data manually using pv_migrate because this feature is broken
+  # when source and target volumes are in different storage classes
+  # CNPG just sets dataSource to the PVC and expects the underlying storage
+  # to handle the migration, but it doesn't work here
+  bootstrap:
+    recovery:
+      backup:
+        name: backup-migration

apps/gitea/postgres-volume.yaml

@@ -27,6 +27,7 @@ spec:
   volumeMode: Filesystem
   csi:
     driver: local.csi.openebs.io
+    fsType: btrfs
     volumeHandle: gitea-postgresql-cluster-lvmhdd-1
 ---
 # PVCs are dynamically created by the Postgres operator

apps/gitea/release.yaml

@@ -45,26 +45,28 @@ spec:
       primary:
         persistence:
           enabled: true
-          storageClass: mayastor-single-hdd
+          existingClaim: gitea-valkey-primary-lvmhdd-0
         resources:
           requests:
             cpu: 0
 
     persistence:
       enabled: true
-      storageClass: mayastor-single-hdd
+      # We'll create PV and PVC manually
+      create: false
+      claimName: gitea-shared-storage-lvmhdd
 
     gitea:
       additionalConfigFromEnvs:
         - name: GITEA__DATABASE__PASSWD
           valueFrom:
             secretKeyRef:
-              name: gitea-postgresql-cluster-app
+              name: gitea-postgresql-cluster-lvmhdd-app
               key: password
       config:
         database:
           DB_TYPE: postgres
-          HOST: gitea-postgresql-cluster-rw:5432
+          HOST: gitea-postgresql-cluster-lvmhdd-rw:5432
           NAME: app
           USER: app
         indexer:

apps/gitea/valkey-volume.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: local.openebs.io/v1alpha1
+kind: LVMVolume
+metadata:
+  labels:
+    kubernetes.io/nodename: anapistula-delrosalae
+  name: gitea-valkey-primary-lvmhdd-0
+  namespace: openebs
+spec:
+  capacity: 1Gi
+  ownerNodeID: anapistula-delrosalae
+  shared: "yes"
+  thinProvision: "no"
+  vgPattern: ^openebs-hdd$
+  volGroup: openebs-hdd
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: gitea-valkey-primary-lvmhdd-0
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: hdd-lvmpv
+  volumeMode: Filesystem
+  csi:
+    driver: local.csi.openebs.io
+    fsType: btrfs
+    volumeHandle: gitea-valkey-primary-lvmhdd-0
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: gitea-valkey-primary-lvmhdd-0
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: hdd-lvmpv
+  volumeName: gitea-valkey-primary-lvmhdd-0

apps/immich/immich-library.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: local.openebs.io/v1alpha1
+kind: LVMVolume
+metadata:
+  labels:
+    kubernetes.io/nodename: anapistula-delrosalae
+  name: immich-library-lvmhdd
+  namespace: openebs
+spec:
+  capacity: 150Gi
+  ownerNodeID: anapistula-delrosalae
+  shared: "yes"
+  thinProvision: "no"
+  vgPattern: ^openebs-hdd$
+  volGroup: openebs-hdd
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: immich-library-lvmhdd
+spec:
+  capacity:
+    storage: 150Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: hdd-lvmpv
+  volumeMode: Filesystem
+  csi:
+    driver: local.csi.openebs.io
+    fsType: btrfs
+    volumeHandle: immich-library-lvmhdd
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: library-lvmhdd
+  namespace: immich
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 150Gi
+  storageClassName: hdd-lvmpv
+  volumeName: immich-library-lvmhdd

apps/immich/kustomization.yaml

@@ -2,8 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - namespace.yaml
-  - volume.yaml
+  - valkey-volume.yaml
   - redis.yaml
   - postgres-password.yaml
+  - postgres-volume.yaml
   - postgres-cluster.yaml
+  - immich-library.yaml
   - release.yaml

apps/immich/postgres-cluster.yaml

@@ -2,21 +2,31 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
-  name: immich-db
+  name: immich-db-lvmhdd
   namespace: immich
 spec:
+  # TODO: Configure renovate to handle imageName
   imageName: ghcr.io/tensorchord/cloudnative-vectorchord:14-0.4.3
 
   instances: 1
 
   storage:
-    size: 10Gi
-    storageClass: mayastor-single-hdd
+    pvcTemplate:
+      storageClassName: hdd-lvmpv
+      resources:
+        requests:
+          storage: 10Gi
+      volumeName: immich-db-lvmhdd-1
+
+  # Just to avoid bootstrapping the instance again
+  # I migrated data manually using pv_migrate because this feature is broken
+  # when source and target volumes are in different storage classes
+  # CNPG just sets dataSource to the PVC and expects the underlying storage
+  # to handle the migration, but it doesn't work here
   bootstrap:
-    initdb:
-      # Defaults of immich chart
-      database: immich
-      owner: immich
+    recovery:
+      backup:
+        name: backup-migration
 
   # We need to create custom role because default one does not allow to set up
   # vectorchord extension

apps/immich/postgres-volume.yaml

@@ -0,0 +1,33 @@
+apiVersion: local.openebs.io/v1alpha1
+kind: LVMVolume
+metadata:
+  labels:
+    kubernetes.io/nodename: anapistula-delrosalae
+  name: immich-db-lvmhdd-1
+  namespace: openebs
+spec:
+  capacity: 10Gi
+  ownerNodeID: anapistula-delrosalae
+  shared: "yes"
+  thinProvision: "no"
+  vgPattern: ^openebs-hdd$
+  volGroup: openebs-hdd
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: immich-db-lvmhdd-1
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: hdd-lvmpv
+  volumeMode: Filesystem
+  csi:
+    driver: local.csi.openebs.io
+    fsType: btrfs
+    volumeHandle: immich-db-lvmhdd-1
+---
+# PVCs are dynamically created by the Postgres operator

apps/immich/redis.yaml

@@ -2,28 +2,35 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
-  name: bitnami
+  name: valkey
   namespace: immich
 spec:
   interval: 24h
-  type: "oci"
-  url: oci://registry-1.docker.io/bitnamicharts/
+  url: https://valkey.io/valkey-helm/
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: redis
+  name: valkey
   namespace: immich
 spec:
   interval: 30m
   chart:
     spec:
-      chart: redis
-      version: 24.1.3
+      chart: valkey
+      version: 0.9.3
       sourceRef:
         kind: HelmRepository
-        name: bitnami
+        name: valkey
   values:
-    global:
-      defaultStorageClass: mayastor-single-hdd
-    architecture: standalone
+    dataStorage:
+      enabled: true
+      persistentVolumeClaimName: immich-valkey
+
+    auth:
+      enabled: true
+      usersExistingSecret: redis
+      aclUsers:
+        default:
+          passwordKey: redis-password
+          permissions: "~* &* +@all"

apps/immich/release.yaml

@@ -27,14 +27,14 @@ spec:
       config:
         vecotrExtension: vectorchord
       postgres:
-        host: immich-db-rw
+        host: immich-db-lvmhdd-rw
         existingSecret:
           enabled: true
           secretName: immich-db-immich
           usernameKey: username
           passwordKey: password
       redis:
-        host: redis-master
+        host: valkey
         existingSecret:
           enabled: true
           secretName: redis
@@ -47,7 +47,7 @@ spec:
       volumes:
         - name: uploads
           persistentVolumeClaim:
-            claimName: library
+            claimName: library-lvmhdd
 
     machineLearning:
       enabled: true

apps/immich/valkey-volume.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: local.openebs.io/v1alpha1
+kind: LVMVolume
+metadata:
+  labels:
+    kubernetes.io/nodename: anapistula-delrosalae
+  name: immich-valkey
+  namespace: openebs
+spec:
+  capacity: 1Gi
+  ownerNodeID: anapistula-delrosalae
+  shared: "yes"
+  thinProvision: "no"
+  vgPattern: ^openebs-hdd$
+  volGroup: openebs-hdd
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: immich-valkey
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: hdd-lvmpv
+  volumeMode: Filesystem
+  csi:
+    driver: local.csi.openebs.io
+    fsType: btrfs
+    volumeHandle: immich-valkey
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: immich-valkey
+  namespace: immich
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: hdd-lvmpv
+  volumeName: immich-valkey

apps/immich/volume.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: library
-  namespace: immich
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 150Gi
-  storageClassName: mayastor-single-hdd

apps/kustomization.yaml

@@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - gitea
-  - registry
   - renovate
   - librechat
   - frigate

apps/llama/deployment.yaml

@@ -41,7 +41,7 @@ spec:
       volumes:
         - name: models
           persistentVolumeClaim:
-            claimName: llama-models
+            claimName: llama-models-lvmhdd
         - name: kfd
           hostPath:
             path: /dev/kfd

apps/llama/pvc.yaml

@@ -1,13 +1,46 @@
 ---
-apiVersion: v1
-kind: PersistentVolumeClaim
+apiVersion: local.openebs.io/v1alpha1
+kind: LVMVolume
 metadata:
+  labels:
+    kubernetes.io/nodename: anapistula-delrosalae
+  name: llama-models-lvmhdd
+  namespace: openebs
+spec:
+  capacity: 200Gi
+  ownerNodeID: anapistula-delrosalae
+  shared: "yes"
+  thinProvision: "no"
+  vgPattern: ^openebs-hdd$
+  volGroup: openebs-hdd
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: llama-models-lvmhdd
+spec:
+  capacity:
+    storage: 200Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: hdd-lvmpv
+  volumeMode: Filesystem
+  csi:
+    driver: local.csi.openebs.io
+    fsType: btrfs
+    volumeHandle: llama-models-lvmhdd
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: llama-models-lvmhdd
   namespace: llama
-  name: llama-models
 spec:
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
       storage: 200Gi
-  storageClassName: mayastor-single-ssd
+  storageClassName: hdd-lvmpv
+  volumeName: llama-models-lvmhdd

apps/registry/deployment.yaml

@@ -1,40 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: registry
-  namespace: registry
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: registry
-  template:
-    metadata:
-      labels:
-        app: registry
-    spec:
-      containers:
-        - name: registry
-          image: registry:3.0.0
-          ports:
-            - containerPort: 5000
-          volumeMounts:
-            - name: data
-              mountPath: /var/lib/registry
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: registry-data
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: registry-service
-  namespace: registry
-spec:
-  selector:
-    app: registry
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 5000

apps/registry/ingress.yaml

@@ -1,26 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  namespace: registry
-  name: registry
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
-spec:
-  ingressClassName: nginx-ingress
-  rules:
-    - host: registry.lumpiasty.xyz
-      http:
-        paths:
-          - backend:
-              service:
-                name: registry-service
-                port:
-                  number: 80
-            path: /
-            pathType: Prefix
-  tls:
-    - hosts:
-        - registry.lumpiasty.xyz
-      secretName: researcher-ingress

apps/registry/kustomization.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - volume.yaml
-  - deployment.yaml
-  - ingress.yaml

apps/registry/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: registry

apps/registry/volume.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: registry-data
-  namespace: registry
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 50Gi
-  storageClassName: mayastor-single-hdd

apps/renovate/cronjob.yaml

@@ -15,7 +15,7 @@ spec:
             - name: renovate
               # Update this to the latest available and then enable Renovate on
               # the manifest
-              image: renovate/renovate:43.29.2-full
+              image: renovate/renovate:43.31.1-full
               envFrom:
                 - secretRef:
                     name: renovate-gitea-token

infra/configs/openbao-volume.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: local.openebs.io/v1alpha1
+kind: LVMVolume
+metadata:
+  labels:
+    kubernetes.io/nodename: anapistula-delrosalae
+  name: openbao-volume-lvmhdd
+  namespace: openebs
+spec:
+  capacity: 1Gi
+  ownerNodeID: anapistula-delrosalae
+  shared: "yes"
+  thinProvision: "no"
+  vgPattern: ^openebs-hdd$
+  volGroup: openebs-hdd
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: openbao-volume-lvmhdd
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: hdd-lvmpv
+  volumeMode: Filesystem
+  csi:
+    driver: local.csi.openebs.io
+    fsType: btrfs
+    volumeHandle: openbao-volume-lvmhdd
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: openbao-volume-lvmhdd
+  namespace: openbao
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: hdd-lvmpv
+  volumeName: openbao-volume-lvmhdd

infra/controllers/openbao.yaml

@@ -60,21 +60,27 @@ spec:
 
             service_registration "kubernetes" {}
         replicas: 1
-      # Mount TLS cert to container
+      # Disable chart's data storage setting and add data volume manually
+      dataStorage:
+        enabled: false
       volumes:
+        # Mount TLS cert to container
         - name: tls
           secret:
             secretName: openbao-lumpiasty-xyz
+        - name: data
+          persistentVolumeClaim:
+            claimName: openbao-volume-lvmhdd
       volumeMounts:
         - name: tls
           mountPath: /tls
           readOnly: true
+        - name: data
+          mountPath: /openbao/data
       service:
         enabled: true
         type: LoadBalancer
         ipFamilyPolicy: RequireDualStack
-      dataStorage:
-        storageClass: mayastor-single-hdd
     csi:
       enabled: true
     injector:

infra/kustomization.yaml

@@ -9,7 +9,6 @@ resources:
   - controllers/cert-manager-webhook-ovh.yaml
   - controllers/openebs.yaml
   - controllers/k8up.yaml
-  - controllers/openbao.yaml
   - controllers/external-secrets.yaml
   - controllers/vault-secrets-operator.yaml
   - controllers/mongodb-operator.yaml
@@ -24,3 +23,6 @@ resources:
   - configs/mayastor-snapshotclass.yaml
   - configs/openbao-cert.yaml
   - configs/ovh-cert-manager-secret.yaml
+
+  - configs/openbao-volume.yaml
+  - controllers/openbao.yaml