feat(container)!: Update image ghcr.io/onedr0p/qbittorrent to v5

Reviewed-on: #491

kubernetes/common/apps/cert-manager/app/files/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: cert-manager
-      version: v1.15.3
+      version: v1.16.1
       sourceRef:
         kind: HelmRepository
         name: jetstack-charts

kubernetes/common/apps/intel-gpu/files/gpu-plugin.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: intel-device-plugins-gpu
-      version: 0.31.0
+      version: 0.31.1
       sourceRef:
         kind: HelmRepository
         name: intel

kubernetes/common/apps/intel-gpu/files/intel-device-plugins-operator.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: intel-device-plugins-operator
-      version: 0.31.0
+      version: 0.31.1
       sourceRef:
         kind: HelmRepository
         name: intel

kubernetes/common/apps/nfd/files/nfd.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: node-feature-discovery
-      version: 0.16.4
+      version: 0.16.6
       sourceRef:
         kind: HelmRepository
         name: nfd-charts

kubernetes/common/apps/volsync-system/volsync/app/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: volsync
-      version: 0.10.0
+      version: 0.11.0
       sourceRef:
         kind: HelmRepository
         name: backube

kubernetes/main/apps/authentik/app/helm-release.yaml

@@ -11,7 +11,7 @@ spec:
   chart:
     spec:
       chart: authentik
-      version: 2024.8.3
+      version: 2024.10.1
       sourceRef:
         kind: HelmRepository
         name: authentik-charts

kubernetes/main/apps/database/mysql/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: mysql
-      version: 11.1.17
+      version: 11.1.20
       sourceRef:
         kind: HelmRepository
         name: bitnami-charts

kubernetes/main/apps/database/postgresql/app/helm-release.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: cloudnative-pg
-      version: 0.22.0
+      version: 0.22.1
       sourceRef:
         kind: HelmRepository
         name: cloudnative-pg

kubernetes/main/apps/database/redis/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: redis
-      version: 20.1.x
+      version: 20.2.x
       sourceRef:
         kind: HelmRepository
         name: bitnami-charts

kubernetes/main/apps/default/ganymede/helm-release.yaml

@@ -122,7 +122,7 @@ spec:
           nginx:
             image:
               repository: nginxinc/nginx-unprivileged
-              tag: 1.27.1-alpine
+              tag: 1.27.2-alpine
 
             securityContext:
               allowPrivilegeEscalation: false

kubernetes/main/apps/default/mealie/app/helm-release.yaml

@@ -30,7 +30,7 @@ spec:
           main:
             image:
               repository: ghcr.io/mealie-recipes/mealie
-              tag: v1.12.0
+              tag: v2.1.0
 
             env:
               ALLOW_SIGNUP: true

kubernetes/main/apps/default/piwigo/app/helm-release.yaml

@@ -30,7 +30,7 @@ spec:
           main:
             image:
               repository: lscr.io/linuxserver/piwigo
-              tag: 14.5.0
+              tag: 15.0.0
 
             env:
               PUID: 9000

kubernetes/main/apps/default/well-known-site/helm-release.yaml

@@ -23,7 +23,7 @@ spec:
           main:
             image:
               repository: nginxinc/nginx-unprivileged
-              tag: 1.27.1-alpine
+              tag: 1.27.2-alpine
 
     service:
       app:

kubernetes/main/apps/download/prowlarr/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: ghcr.io/onedr0p/prowlarr-develop
-      tag: "1.24.3.4754"
+      tag: "1.26.0.4833"
 
     # Metrics sidecar
     sidecars:

kubernetes/main/apps/download/qbit-manage/helm-release.yaml

@@ -35,7 +35,7 @@ spec:
 
     image:
       repository: bobokun/qbit_manage
-      tag: "v4.1.10"
+      tag: "v4.1.12"
 
     env:
       QBT_STARTUP_DELAY: 45 # seconds

kubernetes/main/apps/download/qbittorrent/helm-release.yaml

@@ -28,7 +28,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/qbittorrent
-              tag: 5.0.1
+              tag: 5.0.2
 
             env:
               QBITTORRENT__PORT: 8080

kubernetes/main/apps/download/radarr/app/helm-release.yaml

@@ -35,7 +35,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/radarr-develop
-              tag: 5.12.0.9255
+              tag: 5.15.0.9412
             envFrom: *envFrom
             env:
               TZ: America/New_York

kubernetes/main/apps/download/sonarr/app/helm-release.yaml

@@ -35,7 +35,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/sonarr-develop
-              tag: 4.0.9.2457
+              tag: 4.0.10.2624
             envFrom: *envFrom
             env:
               TZ: America/New_York

kubernetes/main/apps/game-servers/factorio/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: goofball222/factorio
-      tag: "1.1.110"
+      tag: "2.0.15"
 
     service:
       main:

kubernetes/main/apps/media/audiobookshelf/helm-release.yaml

@@ -23,7 +23,7 @@ spec:
           main:
             image:
               repository: ghcr.io/advplyr/audiobookshelf
-              tag: 2.13.4
+              tag: 2.16.2
 
     service:
       app:

kubernetes/main/apps/media/jellyfin/helm-release.yaml

@@ -22,7 +22,7 @@ spec:
           app:
             image:
               repository: linuxserver/jellyfin
-              tag: 10.9.11
+              tag: 10.10.1
             
             env:
               PUID: 10000

kubernetes/main/apps/media/komga/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: gotson/komga
-      tag: "1.14.0"
+      tag: "1.14.1"
 
     env:
       TZ: America/New_York

kubernetes/main/apps/media/kustomization.yaml

@@ -11,4 +11,5 @@ resources:
 #- ./plex
 - ./tautulli
 - ./ombi
-- ./freshrss
+- ./freshrss
+- ./navidrome/ks.yaml

kubernetes/main/apps/media/navidrome/app/helm-release.yaml

@@ -0,0 +1,103 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: navidrome
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+
+  values:
+    controllers:
+      navidrome:
+        containers:
+          app:
+            image:
+              repository: deluan/navidrome
+              tag: 0.53.3
+            
+            env:
+              ND_SCANSCHEDULE: 1h
+              ND_LOGLEVEL: info
+            
+            probes:
+              liveness: &probes
+                enabled: true
+                custom: true
+                spec:
+                  httpGet:
+                    path: /
+                    port: &port 4533
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+              readiness: *probes
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 10
+
+#            securityContext:
+#              allowPrivilegeEscalation: false
+#              readOnlyRootFilesystem: true
+#              capabilities: { drop: ["ALL"] }
+
+    defaultPodOptions:
+      securityContext:
+#        runAsNonRoot: true
+        runAsUser: 10000
+        runAsGroup: 10000
+        fsGroup: 10000
+        fsGroupChangePolicy: OnRootMismatch
+    
+    service:
+      app:
+        controller: navidrome
+        ports:
+          http:
+            port: *port
+    
+    ingress:
+      app:
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        #className: external
+        hosts:
+          - host: "navidrome.${SECRET_NEW_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+                  
+    persistence:
+      data:
+        existingClaim: navidrome
+        globalMounts:
+          - path: /data
+
+      cache:
+        type: persistentVolumeClaim
+        size: 15Gi
+        retain: true
+        storageClass: mainpool-hostpath
+        accessMode: ReadWriteOnce
+        globalMounts:
+          - path: /data/cache
+      
+      music:
+        type: hostPath
+        hostPath: /mnt/MainPool/Media/Media/Music
+        globalMounts:
+          - path: /music
+            readOnly: true

kubernetes/main/apps/media/navidrome/app/kustomization.yaml

@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+- ../../../../../common/templates/volsync
 - ./helm-release.yaml

kubernetes/main/apps/media/navidrome/ks.yaml

@@ -0,0 +1,31 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app navidrome
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  targetNamespace: media
+  path: ./kubernetes/main/apps/media/navidrome/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  dependsOn:
+    - name: openebs
+    - name: openebs-sc
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 15Gi

kubernetes/main/apps/media/tautulli/helm-release.yaml

@@ -18,7 +18,7 @@ spec:
 
     image:
       repository: ghcr.io/onedr0p/tautulli
-      tag: 2.13.4@sha256:633a57b2f8634feb67811064ec3fa52f40a70641be927fdfda6f5d91ebbd5d73
+      tag: 2.14.6@sha256:267de8bb88e82d9814e9374b0cc847d771cb83a4c5296e4bc083ab6fbac60a22
 
     env:
       TZ: "America/New_York"

kubernetes/main/apps/monitoring/grafana/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: grafana
-      version: "8.5.2"
+      version: "8.5.12"
       sourceRef:
         kind: HelmRepository
         name: grafana-charts

kubernetes/main/apps/monitoring/kube-prometheus-stack/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: kube-prometheus-stack
-      version: "64.0.0"
+      version: "66.0.0"
       sourceRef:
         kind: HelmRepository
         name: prometheus-community-charts

kubernetes/main/apps/monitoring/victoria-metrics/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: victoria-metrics-single
-      version: 0.11.2
+      version: 0.12.6
       sourceRef:
         kind: HelmRepository
         name: victoria-metrics-charts

kubernetes/main/apps/tools/kustomization.yaml

@@ -4,6 +4,6 @@ resources:
 - ./namespace.yaml
 #- ./network_policy.yaml
 - ./transfersh
-- ./vaultwarden
+- ./vaultwarden/ks.yaml
 - ./hastebin
 - ./gotify

kubernetes/main/apps/tools/vaultwarden/app/helm-release.yaml

@@ -0,0 +1,51 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vaultwarden
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+
+  values:
+    controllers:
+      main:
+        containers:
+          main:
+            image:
+              repository: vaultwarden/server
+              tag: 1.32.3
+
+    service:
+      app:
+        controller: main
+
+        ports:
+          http:
+            port: 80
+
+    ingress:
+      main:
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        hosts:
+        - host: "bitwarden.${SECRET_NEW_DOMAIN}"
+          paths:
+          - path: /
+            service:
+              identifier: app
+              port: http
+
+    persistence:
+      data:
+        existingClaim: vaultwarden
+        globalMounts:
+          - path: /data

kubernetes/main/apps/tools/vaultwarden/app/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../../../../common/templates/volsync
+- ./helm-release.yaml

kubernetes/main/apps/tools/vaultwarden/helm-release.yaml

@@ -1,60 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: vaultwarden
-  namespace: tools
-spec:
-  interval: 5m
-  chart:
-    spec:
-      chart: app-template
-      version: 1.3.x
-      sourceRef:
-        kind: HelmRepository
-        name: bjws-charts
-        namespace: flux-system
-
-  values:
-    image:
-      repository: vaultwarden/server
-      tag: "1.32.0"
-
-    service:
-      main:
-        ports:
-          http:
-            port: 80
-
-    probes:
-      liveness:
-        enabled: false
-
-    ingress:
-      main:
-        enabled: true
-        annotations:
-          cert-manager.io/cluster-issuer: letsencrypt-production
-          traefik.ingress.kubernetes.io/router.entrypoints: websecure
-        hosts:
-          - host: &host "bitwarden.${SECRET_NEW_DOMAIN}"
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - *host
-
-    persistence:
-      data:
-        enabled: true
-        type: hostPath
-        hostPath: /mnt/MainPool/Kubernetes/vaultwarden
-        mountPath: /data
-
-    resources:
-      requests:
-        cpu: 1m
-        memory: 50Mi
-        
-      limits:
-        memory: 200Mi

kubernetes/main/apps/tools/vaultwarden/ks.yaml

@@ -0,0 +1,32 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app vaultwarden
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  targetNamespace: tools
+  path: ./kubernetes/main/apps/tools/vaultwarden
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  dependsOn:
+    - name: openebs
+    - name: openebs-sc
+    - name: volsync
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 5Gi

kubernetes/main/core/kube-system/local-path-config.yaml

@@ -25,7 +25,7 @@ data:
     spec:
       containers:
       - name: helper-pod
-        image: rancher/mirrored-library-busybox:1.36.1
+        image: rancher/mirrored-library-busybox:1.37.0
   setup: |-
     #!/bin/sh
     while getopts "m:s:p:" opt

kubernetes/main/core/longhorn/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: longhorn
-      version: "1.7.1"
+      version: "1.7.2"
       sourceRef:
         kind: HelmRepository
         name: longhorn-charts

kubernetes/main/core/traefik/app/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: traefik
-      version: '32.0.0'
+      version: '33.0.0'
       sourceRef:
         kind: HelmRepository
         name: traefik-charts

kubernetes/main/crds/traefik/crds.yaml

@@ -9,7 +9,7 @@ spec:
   url: https://github.com/traefik/traefik-helm-chart.git
   ref:
     # renovate: registryUrl=https://helm.traefik.io/traefik chart=traefik
-    tag: v32.0.0
+    tag: v33.0.0
   ignore: |
     # exclude all
     /*

kubernetes/thin/apps/database/postgresql/app/pgadmin4/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: pgadmin4
-      version: "1.28.0"
+      version: "1.31.0"
       sourceRef:
         kind: HelmRepository
         name: runix-charts

kubernetes/thin/apps/database/redis/app/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: redis
-      version: 20.1.6
+      version: 20.2.1
       sourceRef:
         kind: HelmRepository
         name: bitnami-charts

kubernetes/thin/apps/default/home-assistant/files/helm-release.yaml

@@ -24,7 +24,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/home-assistant
-              tag: 2024.9.3
+              tag: 2024.11.1
             env:
               TZ: America/New_York #${SERVER_TIMEZONE}
               HASS_HTTP_TRUSTED_PROXY_1: 192.168.0.0/16
@@ -46,7 +46,7 @@ spec:
           code-server:
             image:
               repository: ghcr.io/coder/code-server
-              tag: 4.93.1
+              tag: 4.95.1
             args: [
               "--auth", "none",
               "--user-data-dir", "/config/.vscode",

kubernetes/thin/apps/default/nextcloud/files/helm-release.yaml

@@ -23,7 +23,7 @@ spec:
           nextcloud:
             image:
               repository: nextcloud
-              tag: 30.0.0
+              tag: 30.0.2
 
             envFrom:
               - secretRef:

kubernetes/thin/apps/kube-system/cilium/app/helm-release.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: cilium
-      version: 1.16.2
+      version: 1.16.3
       sourceRef:
         kind: HelmRepository
         name: cilium

kubernetes/thin/apps/monitoring/grafana/app/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: grafana
-      version: "8.5.2"
+      version: "8.5.12"
       sourceRef:
         kind: HelmRepository
         name: grafana

kubernetes/thin/apps/monitoring/kube-prometheus-stack/app/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: kube-prometheus-stack
-      version: "64.0.0"
+      version: "66.0.0"
       sourceRef:
         kind: HelmRepository
         name: prometheus-community

kubernetes/thin/apps/monitoring/victoria-metrics/operator/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: victoria-metrics-operator
-      version: 0.35.2
+      version: 0.37.0
       sourceRef:
         kind: HelmRepository
         name: victoria-metrics-charts

kubernetes/thin/apps/monitoring/victoria-metrics/vm/agent.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   image:
     repository: victoriametrics/vmagent
-    tag: v1.104.0
+    tag: v1.106.0
     pullPolicy: IfNotPresent
     
   selectAllByDefault: true

kubernetes/thin/apps/monitoring/victoria-metrics/vm/single.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   image:
     repository: victoriametrics/victoria-metrics
-    tag: v1.104.0
+    tag: v1.106.0
 
   retentionPeriod: "6" # in months
   replicaCount: 1

kubernetes/thin/apps/nginx/external/helm-release.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: ingress-nginx
-      version: 4.11.2
+      version: 4.11.3
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx

kubernetes/thin/apps/nginx/internal/helm-release.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: ingress-nginx
-      version: 4.11.2
+      version: 4.11.3
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx

kubernetes/thin/apps/traefik/app/files/helm-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: traefik
-      version: '32.0.0'
+      version: '33.0.0'
       sourceRef:
         kind: HelmRepository
         name: traefik-charts

kubernetes/thin/apps/traefik/app/files/internal-hr.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: traefik
-      version: '32.0.0'
+      version: '33.0.0'
       sourceRef:
         kind: HelmRepository
         name: traefik-charts