chore(deps): update renovate/renovate docker tag to v43.76.2

2026-03-16 00:06:07 +00:00
18 changed files with 1 additions and 292 deletions
--- a/apps/crawl4ai-proxy/deployment.yaml
+++ b/apps/crawl4ai-proxy/deployment.yaml
@@ -1,48 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: crawl4ai-proxy
-  namespace: crawl4ai
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: crawl4ai-proxy
-  template:
-    metadata:
-      labels:
-        app: crawl4ai-proxy
-    spec:
-      containers:
-        - name: crawl4ai-proxy
-          image: ghcr.io/lennyerik/crawl4ai-proxy:latest
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: LISTEN_PORT
-              value: "8000"
-            - name: CRAWL4AI_ENDPOINT
-              value: http://crawl4ai.crawl4ai.svc.cluster.local:11235/crawl
-          ports:
-            - name: http
-              containerPort: 8000
-          readinessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: 3
-            periodSeconds: 10
-            timeoutSeconds: 2
-            failureThreshold: 6
-          livenessProbe:
-            tcpSocket:
-              port: http
-            initialDelaySeconds: 10
-            periodSeconds: 15
-            timeoutSeconds: 2
-            failureThreshold: 6
-          resources:
-            requests:
-              cpu: 25m
-              memory: 32Mi
-            limits:
-              cpu: 200m
-              memory: 128Mi
--- a/apps/crawl4ai-proxy/kustomization.yaml
+++ b/apps/crawl4ai-proxy/kustomization.yaml
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - deployment.yaml
-  - service.yaml
--- a/apps/crawl4ai-proxy/service.yaml
+++ b/apps/crawl4ai-proxy/service.yaml
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: crawl4ai-proxy
-  namespace: crawl4ai
-spec:
-  type: ClusterIP
-  selector:
-    app: crawl4ai-proxy
-  ports:
-    - name: http
-      port: 8000
-      targetPort: 8000
-      protocol: TCP
--- a/apps/crawl4ai/deployment.yaml
+++ b/apps/crawl4ai/deployment.yaml
@@ -1,62 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: crawl4ai
-  namespace: crawl4ai
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: crawl4ai
-  template:
-    metadata:
-      labels:
-        app: crawl4ai
-    spec:
-      containers:
-        - name: crawl4ai
-          image: unclecode/crawl4ai:latest
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: CRAWL4AI_API_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: crawl4ai-secret
-                  key: api_token
-                  optional: false
-            - name: MAX_CONCURRENT_TASKS
-              value: "5"
-          ports:
-            - name: http
-              containerPort: 11235
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: http
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            timeoutSeconds: 3
-            failureThreshold: 6
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: http
-            initialDelaySeconds: 30
-            periodSeconds: 15
-            timeoutSeconds: 3
-            failureThreshold: 6
-          resources:
-            requests:
-              cpu: 500m
-              memory: 1Gi
-            limits:
-              cpu: "2"
-              memory: 4Gi
-          volumeMounts:
-            - name: dshm
-              mountPath: /dev/shm
-      volumes:
-        - name: dshm
-          emptyDir:
-            medium: Memory
-            sizeLimit: 1Gi
--- a/apps/crawl4ai/kustomization.yaml
+++ b/apps/crawl4ai/kustomization.yaml
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - secret.yaml
-  - deployment.yaml
-  - service.yaml
--- a/apps/crawl4ai/namespace.yaml
+++ b/apps/crawl4ai/namespace.yaml
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: crawl4ai
--- a/apps/crawl4ai/secret.yaml
+++ b/apps/crawl4ai/secret.yaml
@@ -1,38 +0,0 @@
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: crawl4ai-secret
-  namespace: crawl4ai
---
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultAuth
-metadata:
-  name: crawl4ai
-  namespace: crawl4ai
-spec:
-  method: kubernetes
-  mount: kubernetes
-  kubernetes:
-    role: crawl4ai
-    serviceAccount: crawl4ai-secret
---
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultStaticSecret
-metadata:
-  name: crawl4ai-secret
-  namespace: crawl4ai
-spec:
-  type: kv-v2
-
-  mount: secret
-  path: crawl4ai
-
-  destination:
-    create: true
-    name: crawl4ai-secret
-    type: Opaque
-    transformation:
-      excludeRaw: true
-
-  vaultAuthRef: crawl4ai
--- a/apps/crawl4ai/service.yaml
+++ b/apps/crawl4ai/service.yaml
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: crawl4ai
-  namespace: crawl4ai
-spec:
-  type: ClusterIP
-  selector:
-    app: crawl4ai
-  ports:
-    - name: http
-      port: 11235
-      targetPort: 11235
-      protocol: TCP
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@@ -1,8 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - crawl4ai
-  - crawl4ai-proxy
  - authentik
  - gitea
  - renovate
--- a/apps/llama/configs/config.yaml
+++ b/apps/llama/configs/config.yaml
@@ -10,7 +10,6 @@ macros:
  qwen35_35b_args: "--temp 1.0 --min-p 0.00 --top-p 0.95 --top-k 20 -ctk q4_0 -ctv q4_0"
  qwen35_35b_heretic_mmproj: "--mmproj-url https://huggingface.co/unsloth/Qwen3.5-35B-A3B-GGUF/resolve/main/mmproj-F16.gguf --mmproj /root/.cache/llama.cpp/unsloth_Qwen3.5-35B-A3B-GGUF_mmproj-F16.gguf"
  qwen35_4b_heretic_mmproj: "--mmproj-url https://huggingface.co/unsloth/Qwen3.5-4B-GGUF/resolve/main/mmproj-F16.gguf --mmproj /root/.cache/llama.cpp/unsloth_Qwen3.5-4B-GGUF_mmproj-F16.gguf"
-  glm47_flash_args: "--temp 0.7 --top-p 1.0 --min-p 0.01 --repeat-penalty 1.0"
  thinking_on: "--chat-template-kwargs '{\"enable_thinking\": true}'"
  thinking_off: "--chat-template-kwargs '{\"enable_thinking\": false}'"

@@ -227,10 +226,3 @@ models:
        ${qwen35_sampling}
        ${common_args}
        ${thinking_off}
-
-  "GLM-4.7-Flash-GGUF:Q4_K_M":
-    cmd: |
-      /app/llama-server
-        -hf unsloth/GLM-4.7-Flash-GGUF:Q4_K_M
-        ${glm47_flash_args}
-        ${common_args}
--- a/apps/openwebui/kustomization.yaml
+++ b/apps/openwebui/kustomization.yaml
@@ -4,6 +4,5 @@ resources:
  - namespace.yaml
  - pvc.yaml
  - pvc-pipelines.yaml
-  - secret.yaml
  - release.yaml
  - ingress.yaml
--- a/apps/openwebui/release.yaml
+++ b/apps/openwebui/release.yaml
@@ -44,30 +44,3 @@ spec:
      persistence:
        enabled: true
        existingClaim: openwebui-pipelines-lvmhdd
-
-    # SSO with Authentik
-    extraEnvVars:
-      - name: WEBUI_URL
-        value: "https://openwebui.lumpiasty.xyz"
-      - name: OAUTH_CLIENT_ID
-        valueFrom:
-          secretKeyRef:
-            name: openwebui-authentik
-            key: client_id
-      - name: OAUTH_CLIENT_SECRET
-        valueFrom:
-          secretKeyRef:
-            name: openwebui-authentik
-            key: client_secret
-      - name: OAUTH_PROVIDER_NAME
-        value: "authentik"
-      - name: OPENID_PROVIDER_URL
-        value: "https://authentik.lumpiasty.xyz/application/o/open-web-ui/.well-known/openid-configuration"
-      - name: OPENID_REDIRECT_URI
-        value: "https://openwebui.lumpiasty.xyz/oauth/oidc/callback"
-      - name: ENABLE_OAUTH_SIGNUP
-        value: "true"
-      - name: ENABLE_LOGIN_FORM
-        value: "false"
-      - name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL
-        value: "true"
--- a/apps/openwebui/secret.yaml
+++ b/apps/openwebui/secret.yaml
@@ -1,43 +0,0 @@
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: openwebui-secret
-  namespace: openwebui
---
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultAuth
-metadata:
-  name: openwebui
-  namespace: openwebui
-spec:
-  method: kubernetes
-  mount: kubernetes
-  kubernetes:
-    role: openwebui
-    serviceAccount: openwebui-secret
---
-apiVersion: secrets.hashicorp.com/v1beta1
-kind: VaultStaticSecret
-metadata:
-  name: openwebui-authentik
-  namespace: openwebui
-spec:
-  type: kv-v2
-
-  mount: secret
-  path: authentik/openwebui
-
-  destination:
-    create: true
-    name: openwebui-authentik
-    type: Opaque
-    transformation:
-      excludeRaw: true
-      templates:
-        client_id:
-          text: '{{ get .Secrets "client_id" }}'
-        client_secret:
-          text: '{{ get .Secrets "client_secret" }}'
-
-  vaultAuthRef: openwebui
--- a/apps/renovate/cronjob.yaml
+++ b/apps/renovate/cronjob.yaml
@@ -15,7 +15,7 @@ spec:
            - name: renovate
              # Update this to the latest available and then enable Renovate on
              # the manifest
-              image: renovate/renovate:43.76.5-full
+              image: renovate/renovate:43.76.2-full
              envFrom:
                - secretRef:
                    name: renovate-gitea-token
--- a/vault/kubernetes-roles/crawl4ai.yaml
+++ b/vault/kubernetes-roles/crawl4ai.yaml
@@ -1,6 +0,0 @@
-bound_service_account_names:
-  - crawl4ai-secret
-bound_service_account_namespaces:
-  - crawl4ai
-token_policies:
-  - crawl4ai
--- a/vault/kubernetes-roles/openwebui.yaml
+++ b/vault/kubernetes-roles/openwebui.yaml
@@ -1,6 +0,0 @@
-bound_service_account_names:
-  - openwebui-secret
-bound_service_account_namespaces:
-  - openwebui
-token_policies:
-  - openwebui
--- a/vault/policy/crawl4ai.hcl
+++ b/vault/policy/crawl4ai.hcl
@@ -1,3 +0,0 @@
-path "secret/data/crawl4ai" {
-    capabilities = ["read"]
-}
--- a/vault/policy/openwebui.hcl
+++ b/vault/policy/openwebui.hcl
@@ -1,3 +0,0 @@
-path "secret/data/authentik/openwebui" {
-    capabilities = ["read"]
-}