fix: use correct kustomize file paths

Reviewed-on: #385

kubernetes/common/apps/traefik/app/files/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: traefik
-      version: '30.1.0'
+      version: '31.1.0'
       sourceRef:
         kind: HelmRepository
         name: traefik-charts

kubernetes/main/apps/authentik/helm-release.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: authentik
-      version: 2024.6.4
+      version: 2024.8.2
       sourceRef:
         kind: HelmRepository
         name: authentik-charts

kubernetes/main/apps/database/mysql/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: mysql
-      version: 11.1.15
+      version: 11.1.17
       sourceRef:
         kind: HelmRepository
         name: bitnami-charts

kubernetes/main/apps/database/postgresql/pgadmin4/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: pgadmin4
-      version: "1.28.0"
+      version: "1.29.0"
       sourceRef:
         kind: HelmRepository
         name: runix-charts

kubernetes/main/apps/database/redis/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: redis
-      version: 20.0.x
+      version: 20.1.x
       sourceRef:
         kind: HelmRepository
         name: bitnami-charts

kubernetes/main/apps/default/cdn/helm-release.yaml

@@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@@ -8,58 +9,68 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 1.3.x
+      version: 3.4.0
       sourceRef:
         kind: HelmRepository
         name: bjws-charts
         namespace: flux-system
 
   values:
-    image:
-      repository: oci.seedno.de/seednode/nginx
-      tag: latest
+    controllers:
+      main:
+        pod:
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 65534
+            runAsGroup: 65533
+            fsGroup: 10000
+            fsGroupChangePolicy: OnRootMismatch
 
-    args:
-    - -c
-    - /config/nginx.conf
+        containers:
+          main:
+            image:
+              repository: git.${SECRET_NEW_DOMAIN}/seanomik/nginx
+              tag: 1.27.1
+              pullPolicy: Always
+
+            resources:
+              requests:
+                memory: 500Mi
+
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities: { drop: ["ALL"] }
 
     service:
-      main:
+      app:
+        controller: main
         ports:
           http:
             port: 6544
 
-    probes:
-      liveness:
-        enabled: false
-
     ingress:
       main:
-        enabled: true
         annotations:
           cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: &host "cdn.${SECRET_NEW_DOMAIN}"
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - *host
-            
+        - host: "cdn.${SECRET_NEW_DOMAIN}"
+          paths:
+          - path: /
+            service:
+              identifier: app
+              port: http
+
     persistence:
-      data:
-        enabled: true
-        type: hostPath
-        hostPath: /mnt/MainPool/Kubernetes/cdn/data
-        readOnly: true
-        mountPath: /data
       config:
-        enabled: true
         type: configMap
         name: nginx-cdn-configmap
+        globalMounts:
+        - path: /etc/nginx/nginx.conf
+          subPath: nginx.conf
 
-    resources:
-      requests:
-        cpu: 1m
+      storage:
+        type: hostPath
+        hostPath: /mnt/MainPool/Kubernetes/cdn/data
+        globalMounts:
+        - path: /data

kubernetes/main/apps/default/dendrite/helm-release.yaml

@@ -30,7 +30,7 @@ spec:
           main:
             image:
               repository: matrixdotorg/dendrite-monolith
-              tag: v0.13.7
+              tag: v0.13.8
 
     service:
       app:

kubernetes/main/apps/default/ganymede/helm-release.yaml

@@ -26,21 +26,21 @@ spec:
 #            fsGroup: 10000
 #            fsGroupChangePolicy: OnRootMismatch
 
-        initContainers:
-          copy-config:
-            image:
-              repository: alpine
-              tag: 3.20
-
-            command: [ "sh", "-c", "cat /ganymede-config.json && cp -v /ganymede-config.json /data/config.json" ]
-
         containers:
           api:
             image:
               repository: ghcr.io/zibbp/ganymede
               tag: 3.0.1
 
+            securityContext:
+              #allowPrivilegeEscalation: false
+              #capabilities: { drop: ["ALL"] }
+
             env:
+            - name: PUID
+              value: 555
+            - name: PGID
+              value: 555
             - name: TZ
               value: "America/New_York" # Set to your timezone
             - name: DB_HOST
@@ -103,7 +103,7 @@ spec:
           frontend:
             image:
               repository: ghcr.io/zibbp/ganymede-frontend
-              tag: 3.0.0
+              tag: 3.0.1
 
             env:
             - name: API_URL
@@ -124,6 +124,10 @@ spec:
               repository: nginxinc/nginx-unprivileged
               tag: 1.27.1-alpine
 
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities: { drop: ["ALL"] }
+
     service:
       app:
         controller: main
@@ -155,7 +159,7 @@ spec:
             service:
               identifier: app
               port: api
-          - path: /vods
+          - path: /data/videos
             service:
               identifier: app
               port: nginx
@@ -168,18 +172,18 @@ spec:
         storageClass: mainpool-hostpath
         accessMode: ReadWriteOnce
         globalMounts:
-        - path: /vods
+        - path: /data/videos
 
       ganymede-data:
         type: persistentVolumeClaim
-        size: 5Gi
+        size: 15Gi
         retain: true
         storageClass: mainpool-hostpath
         accessMode: ReadWriteOnce
         advancedMounts:
           main: # controller name
             api: # container name
-            - path: /data
+            - path: /data/temp
 
       ganymede-logs:
         type: persistentVolumeClaim
@@ -190,7 +194,7 @@ spec:
         advancedMounts:
           main: # controller name
             api: # container name
-            - path: /logs
+            - path: /data/logs
 
       nginx-conf:
         name: ganymede-nginx-conf
@@ -199,17 +203,8 @@ spec:
         advancedMounts:
           main: # controller name
             nginx: # container name
-            - subPath: nginx.conf
-              path: /etc/nginx/nginx.conf
-
-      ganymede-temp-conf:
-        type: emptyDir
-        advancedMounts:
-          main: # controller name
-            api: # container name
-            - path: /data
-            copy-config: # container name
-            - path: /data
+            - path: /etc/nginx/nginx.conf
+              subPath: nginx.conf
 
       ganymede-conf:
         name: ganymede-conf
@@ -217,6 +212,7 @@ spec:
         defaultMode: 0777
         advancedMounts:
           main: # controller name
-            copy-config: # container name
-            - subPath: config.json
-              path: /ganymede-config.json
+            api: # container name
+            - path: /data/config/config.json
+              subPath: config.json
+              

kubernetes/main/apps/default/ganymede/nginx-conf.yaml

@@ -26,16 +26,16 @@ data:
 
       server {
         listen 8080;
-        root /vods;
+        root /data/videos;
 
         add_header 'Access-Control-Allow-Origin' '*' always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
         add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
         add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
 
-        location ^~ /vods {
+        location ^~ /data/videos {
           autoindex on;
-          alias /vods;
+          alias /data/videos;
 
           location ~* \.(ico|css|js|gif|jpeg|jpg|png|svg|webp)$ {
               expires 30d;

kubernetes/main/apps/default/ganymede/temporal-helm-release.yaml

@@ -22,7 +22,7 @@ spec:
           main:
             image:
               repository: temporalio/auto-setup
-              tag: 1.24
+              tag: 1.25
 
             env:
             - name: DB

kubernetes/main/apps/dev/woodpecker/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: woodpecker
-      version: "1.5.1"
+      version: "1.6.0"
       sourceRef:
         kind: HelmRepository
         name: woodpecker-charts

kubernetes/main/apps/download/bazarr/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: ghcr.io/onedr0p/bazarr
-      tag: "1.4.3"
+      tag: "1.4.4"
 
     env:
       TZ: America/New_York

kubernetes/main/apps/download/prowlarr/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: ghcr.io/onedr0p/prowlarr-develop
-      tag: "1.21.2.4649"
+      tag: "1.24.0.4721"
 
     # Metrics sidecar
     sidecars:

kubernetes/main/apps/download/qbit-manage/helm-release.yaml

@@ -35,7 +35,7 @@ spec:
 
     image:
       repository: bobokun/qbit_manage
-      tag: "v4.1.7"
+      tag: "v4.1.9"
 
     env:
       QBT_STARTUP_DELAY: 45 # seconds

kubernetes/main/apps/download/qbittorrent/helm-release.yaml

@@ -28,7 +28,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/qbittorrent
-              tag: 4.6.5
+              tag: 4.6.7
 
             env:
               QBITTORRENT__PORT: 8080

kubernetes/main/apps/download/radarr/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: ghcr.io/onedr0p/radarr-develop
-      tag: "5.10.0.9090"
+      tag: "5.10.3.9178"
 
     # Metrics sidecar
     sidecars:

kubernetes/main/apps/download/sonarr/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: ghcr.io/onedr0p/sonarr-develop
-      tag: "4.0.9.2300"
+      tag: "4.0.9.2386"
 
     # Metrics sidecar
     sidecars:

kubernetes/main/apps/game-servers/factorio/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: goofball222/factorio
-      tag: "1.1.109"
+      tag: "1.1.110"
 
     service:
       main:

kubernetes/main/apps/irc/znc/helm-release.yaml

@@ -21,7 +21,7 @@ spec:
     # Add init container for pulling znc modules and putting them into the modules directory
     initContainers:
       pull-module-source:
-        image: alpine:3.20.2
+        image: alpine:3.20.3
         command:
           - "sh"
           - "-c"

kubernetes/main/apps/media/audiobookshelf/helm-release.yaml

@@ -23,7 +23,7 @@ spec:
           main:
             image:
               repository: ghcr.io/advplyr/audiobookshelf
-              tag: 2.13.2
+              tag: 2.13.4
 
     service:
       app:

kubernetes/main/apps/media/freshrss/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: linuxserver/freshrss
-      tag: "1.24.2"
+      tag: "1.24.3"
 
     env:
       PUID: 10000

kubernetes/main/apps/media/jellyfin/helm-release.yaml

@@ -22,7 +22,7 @@ spec:
           app:
             image:
               repository: linuxserver/jellyfin
-              tag: 10.9.10
+              tag: 10.9.11
             
             env:
               PUID: 10000

kubernetes/main/apps/media/komga/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: gotson/komga
-      tag: "1.12.0"
+      tag: "1.13.0"
 
     env:
       TZ: America/New_York

kubernetes/main/apps/monitoring/grafana/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: grafana
-      version: "8.5.0"
+      version: "8.5.1"
       sourceRef:
         kind: HelmRepository
         name: grafana-charts

kubernetes/main/apps/monitoring/kube-prometheus-stack/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: kube-prometheus-stack
-      version: "62.3.1"
+      version: "62.7.0"
       sourceRef:
         kind: HelmRepository
         name: prometheus-community-charts

kubernetes/main/apps/monitoring/proxmoxve-exporter/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: prompve/prometheus-pve-exporter
-      tag: "3.4.4"
+      tag: "3.4.5"
 
     args:
     - --config.file

kubernetes/main/apps/monitoring/victoria-metrics/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: victoria-metrics-single
-      version: 0.11.0
+      version: 0.11.2
       sourceRef:
         kind: HelmRepository
         name: victoria-metrics-charts

kubernetes/main/core/longhorn/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: longhorn
-      version: "1.7.0"
+      version: "1.7.1"
       sourceRef:
         kind: HelmRepository
         name: longhorn-charts

kubernetes/main/crds/traefik/crds.yaml

@@ -9,7 +9,7 @@ spec:
   url: https://github.com/traefik/traefik-helm-chart.git
   ref:
     # renovate: registryUrl=https://helm.traefik.io/traefik chart=traefik
-    tag: v30.1.0
+    tag: v31.1.0
   ignore: |
     # exclude all
     /*