diff --git a/.github/workflows/build-devcontainer.yaml b/.github/workflows/build-devcontainer.yaml index a5aa831..951364b 100644 --- a/.github/workflows/build-devcontainer.yaml +++ b/.github/workflows/build-devcontainer.yaml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 - name: Login to GitHub Container Registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/k8s/apps/media/arr/lidarr/deployment.yaml b/k8s/apps/media/arr/lidarr/deployment.yaml index 15462ac..c7f9048 100644 --- a/k8s/apps/media/arr/lidarr/deployment.yaml +++ b/k8s/apps/media/arr/lidarr/deployment.yaml @@ -30,7 +30,7 @@ spec: type: RuntimeDefault containers: - name: lidarr - image: ghcr.io/home-operations/lidarr:2.14.3 # renovate: docker=ghcr.io/home-operations/lidarr + image: ghcr.io/home-operations/lidarr:3.0.0 # renovate: docker=ghcr.io/home-operations/lidarr securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/k8s/apps/media/arr/prowlarr/deployment.yaml b/k8s/apps/media/arr/prowlarr/deployment.yaml index 98a70e2..b8728aa 100644 --- a/k8s/apps/media/arr/prowlarr/deployment.yaml +++ b/k8s/apps/media/arr/prowlarr/deployment.yaml @@ -30,7 +30,7 @@ spec: type: RuntimeDefault containers: - name: prowlarr - image: ghcr.io/home-operations/prowlarr:2.1.2 # renovate: docker=ghcr.io/home-operations/prowlarr + image: ghcr.io/home-operations/prowlarr:2.1.5 # renovate: docker=ghcr.io/home-operations/prowlarr securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/k8s/apps/media/arr/radarr/deployment.yaml b/k8s/apps/media/arr/radarr/deployment.yaml index ad59ae6..0dc6634 100644 --- a/k8s/apps/media/arr/radarr/deployment.yaml +++ b/k8s/apps/media/arr/radarr/deployment.yaml @@ -30,7 +30,7 @@ spec: type: RuntimeDefault containers: - name: radarr - image: ghcr.io/home-operations/radarr:6.0.0 # renovate: docker=ghcr.io/home-operations/radarr + image: ghcr.io/home-operations/radarr:6.0.2 # renovate: docker=ghcr.io/home-operations/radarr securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/k8s/apps/media/audiobookshelf/deployment.yaml b/k8s/apps/media/audiobookshelf/deployment.yaml index e5b685b..e9d4ce3 100644 --- a/k8s/apps/media/audiobookshelf/deployment.yaml +++ b/k8s/apps/media/audiobookshelf/deployment.yaml @@ -30,7 +30,7 @@ spec: type: RuntimeDefault containers: - name: audiobookshelf - image: ghcr.io/advplyr/audiobookshelf:2.29.0 # renovate: docker=ghcr.io/advplyr/audiobookshelf + image: ghcr.io/advplyr/audiobookshelf:2.30.0 # renovate: docker=ghcr.io/advplyr/audiobookshelf securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/k8s/apps/media/jellyfin/deployment.yaml b/k8s/apps/media/jellyfin/deployment.yaml index 11705c2..5fd271a 100644 --- a/k8s/apps/media/jellyfin/deployment.yaml +++ b/k8s/apps/media/jellyfin/deployment.yaml @@ -25,7 +25,7 @@ spec: type: RuntimeDefault containers: - name: jellyfin - image: ghcr.io/jellyfin/jellyfin:10.10.7 # renovate: docker=ghcr.io/jellyfin/jellyfin + image: ghcr.io/jellyfin/jellyfin:10.11.0 # renovate: docker=ghcr.io/jellyfin/jellyfin securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/k8s/infra/auth/authelia/kustomization.yaml b/k8s/infra/auth/authelia/kustomization.yaml index e1856a3..b220b45 100644 --- a/k8s/infra/auth/authelia/kustomization.yaml +++ b/k8s/infra/auth/authelia/kustomization.yaml @@ -27,7 +27,7 @@ helmCharts: repo: https://charts.authelia.com releaseName: authelia namespace: authelia - version: 0.10.46 + version: 0.10.47 valuesFile: values.yaml patches: diff --git a/k8s/infra/auth/authelia/values.yaml b/k8s/infra/auth/authelia/values.yaml index 8b2eb6c..648bcc6 100644 --- a/k8s/infra/auth/authelia/values.yaml +++ b/k8s/infra/auth/authelia/values.yaml @@ -2,7 +2,7 @@ image: registry: ghcr.io repository: authelia/authelia - tag: 4.39.10 # renovate: docker=ghcr.io/authelia/authelia + tag: 4.39.13 # renovate: docker=ghcr.io/authelia/authelia pullPolicy: IfNotPresent pod: diff --git a/k8s/infra/controllers/argocd/kustomization.yaml b/k8s/infra/controllers/argocd/kustomization.yaml index 7322621..5667d7c 100644 --- a/k8s/infra/controllers/argocd/kustomization.yaml +++ b/k8s/infra/controllers/argocd/kustomization.yaml @@ -20,7 +20,7 @@ resources: helmCharts: - name: argo-cd repo: https://argoproj.github.io/argo-helm - version: 8.5.7 + version: 9.0.5 releaseName: "argocd" namespace: argocd valuesFile: values.yaml diff --git a/k8s/infra/controllers/cert-manager/kustomization.yaml b/k8s/infra/controllers/cert-manager/kustomization.yaml index 30a1596..bcd77b4 100644 --- a/k8s/infra/controllers/cert-manager/kustomization.yaml +++ b/k8s/infra/controllers/cert-manager/kustomization.yaml @@ -10,7 +10,7 @@ resources: helmCharts: - name: cert-manager repo: https://charts.jetstack.io - version: v1.18.2 # renovate: github-releases=cert-manager/cert-manager + version: v1.19.1 # renovate: github-releases=cert-manager/cert-manager releaseName: cert-manager namespace: cert-manager valuesFile: values.yaml diff --git a/k8s/infra/controllers/node-feature-discovery/kustomization.yaml b/k8s/infra/controllers/node-feature-discovery/kustomization.yaml index 0d9928f..38b81ce 100644 --- a/k8s/infra/controllers/node-feature-discovery/kustomization.yaml +++ b/k8s/infra/controllers/node-feature-discovery/kustomization.yaml @@ -10,7 +10,7 @@ resources: helmCharts: - name: node-feature-discovery repo: https://kubernetes-sigs.github.io/node-feature-discovery/charts - version: 0.17.4 + version: 0.18.2 releaseName: nfd includeCRDs: true namespace: node-feature-discovery diff --git a/k8s/infra/database/cnpg/kustomization.yaml b/k8s/infra/database/cnpg/kustomization.yaml index b1fd7bb..959857d 100644 --- a/k8s/infra/database/cnpg/kustomization.yaml +++ b/k8s/infra/database/cnpg/kustomization.yaml @@ -11,5 +11,5 @@ helmCharts: releaseName: cnpg namespace: cnpg-system includeCRDs: true - version: 0.26.0 + version: 0.26.1 valuesFile: values.yaml diff --git a/k8s/infra/monitoring/grafana/grafana.yaml b/k8s/infra/monitoring/grafana/grafana.yaml index d480e5c..76c8dce 100644 --- a/k8s/infra/monitoring/grafana/grafana.yaml +++ b/k8s/infra/monitoring/grafana/grafana.yaml @@ -33,7 +33,7 @@ spec: allow_assign_grafana_admin: "true" role_attribute_path: contains(grafana[*], 'grafana_admin') && 'GrafanaAdmin' || contains(grafana[*], 'admin') && 'Admin' || contains(grafana[*], 'editor') && 'Editor' || 'Viewer' auto_login: "true" - version: 12.2.0 # renovate: docker=docker.io/grafana/grafana + version: 12.2.1 # renovate: docker=docker.io/grafana/grafana deployment: spec: template: diff --git a/k8s/infra/monitoring/grafana/kustomization.yaml b/k8s/infra/monitoring/grafana/kustomization.yaml index 2562150..136f731 100644 --- a/k8s/infra/monitoring/grafana/kustomization.yaml +++ b/k8s/infra/monitoring/grafana/kustomization.yaml @@ -16,6 +16,6 @@ helmCharts: repo: oci://ghcr.io/grafana/helm-charts includeCRDs: true namespace: grafana - version: v5.19.4 # renovate: github-releases=grafana/grafana-operator + version: v5.20.0 # renovate: github-releases=grafana/grafana-operator releaseName: grafana-operator valuesFile: ./values.yaml diff --git a/k8s/infra/monitoring/kube-prometheus-stack/kustomization.yaml b/k8s/infra/monitoring/kube-prometheus-stack/kustomization.yaml index a7eb9bc..1e1ec59 100644 --- a/k8s/infra/monitoring/kube-prometheus-stack/kustomization.yaml +++ b/k8s/infra/monitoring/kube-prometheus-stack/kustomization.yaml @@ -11,6 +11,6 @@ helmCharts: repo: https://prometheus-community.github.io/helm-charts includeCRDs: true namespace: monitoring - version: 77.12.0 + version: 78.5.0 releaseName: kube-prometheus-stack valuesFile: ./values.yaml diff --git a/k8s/infra/network/cilium/kustomization.yaml b/k8s/infra/network/cilium/kustomization.yaml index d831251..1111033 100644 --- a/k8s/infra/network/cilium/kustomization.yaml +++ b/k8s/infra/network/cilium/kustomization.yaml @@ -10,7 +10,7 @@ resources: helmCharts: - name: cilium repo: https://helm.cilium.io - version: 1.18.2 # renovate: github-releases=cilium/cilium + version: 1.18.3 # renovate: github-releases=cilium/cilium releaseName: "cilium" includeCRDs: true namespace: kube-system diff --git a/k8s/infra/network/cloudflared/daemon-set.yaml b/k8s/infra/network/cloudflared/daemon-set.yaml index 11ab102..40909d8 100644 --- a/k8s/infra/network/cloudflared/daemon-set.yaml +++ b/k8s/infra/network/cloudflared/daemon-set.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: cloudflared - image: cloudflare/cloudflared:2025.9.1 # renovate: docker=cloudflare/cloudflared + image: cloudflare/cloudflared:2025.10.0 # renovate: docker=cloudflare/cloudflared imagePullPolicy: IfNotPresent args: - tunnel diff --git a/k8s/infra/network/dns/adguard/deployment.yaml b/k8s/infra/network/dns/adguard/deployment.yaml index 2b099b4..21dc2c1 100644 --- a/k8s/infra/network/dns/adguard/deployment.yaml +++ b/k8s/infra/network/dns/adguard/deployment.yaml @@ -49,7 +49,7 @@ spec: mountPath: /opt/adguardhome/conf containers: - name: adguard - image: docker.io/adguard/adguardhome:v0.107.66 # renovate: docker=docker.io/adguard/adguardhome + image: docker.io/adguard/adguardhome:v0.107.68 # renovate: docker=docker.io/adguard/adguardhome securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/k8s/infra/storage/proxmox-csi/kustomization.yaml b/k8s/infra/storage/proxmox-csi/kustomization.yaml index d1d0b06..f31905f 100644 --- a/k8s/infra/storage/proxmox-csi/kustomization.yaml +++ b/k8s/infra/storage/proxmox-csi/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization helmCharts: - name: proxmox-csi-plugin repo: oci://ghcr.io/sergelogvinov/charts - version: 0.3.14 + version: 0.3.16 releaseName: proxmox-csi-plugin includeCRDs: true namespace: csi-proxmox diff --git a/k8s/infra/vpn/netbird/agent/daemon-set.yaml b/k8s/infra/vpn/netbird/agent/daemon-set.yaml index 5886b83..10c1f21 100644 --- a/k8s/infra/vpn/netbird/agent/daemon-set.yaml +++ b/k8s/infra/vpn/netbird/agent/daemon-set.yaml @@ -22,7 +22,7 @@ spec: value: "1" containers: - name: agent - image: docker.io/netbirdio/netbird:0.58.2 # renovate: docker=docker.io/netbirdio/netbird + image: docker.io/netbirdio/netbird:0.59.8 # renovate: docker=docker.io/netbirdio/netbird securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false diff --git a/k8s/infra/vpn/netbird/dashboard/deployment.yaml b/k8s/infra/vpn/netbird/dashboard/deployment.yaml index 2528e4b..3e546c5 100644 --- a/k8s/infra/vpn/netbird/dashboard/deployment.yaml +++ b/k8s/infra/vpn/netbird/dashboard/deployment.yaml @@ -17,7 +17,7 @@ spec: type: RuntimeDefault containers: - name: dashboard - image: docker.io/netbirdio/dashboard:v2.18.1 # renovate: docker=docker.io/netbirdio/dashboard + image: docker.io/netbirdio/dashboard:v2.20.1 # renovate: docker=docker.io/netbirdio/dashboard securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false diff --git a/k8s/infra/vpn/netbird/management/deployment.yaml b/k8s/infra/vpn/netbird/management/deployment.yaml index 7b874e1..0215cd0 100644 --- a/k8s/infra/vpn/netbird/management/deployment.yaml +++ b/k8s/infra/vpn/netbird/management/deployment.yaml @@ -54,7 +54,7 @@ spec: mountPath: /tmp/netbird containers: - name: management - image: docker.io/netbirdio/management:0.58.2 # renovate: docker=docker.io/netbirdio/management + image: docker.io/netbirdio/management:0.59.8 # renovate: docker=docker.io/netbirdio/management args: [ --dns-domain, $(DNS_DOMAIN), --log-level, $(LOG_LEVEL), --log-file, console, --idp-sign-key-refresh-enabled ] securityContext: allowPrivilegeEscalation: false diff --git a/k8s/infra/vpn/netbird/relay/deployment.yaml b/k8s/infra/vpn/netbird/relay/deployment.yaml index 9828588..c67f9a6 100644 --- a/k8s/infra/vpn/netbird/relay/deployment.yaml +++ b/k8s/infra/vpn/netbird/relay/deployment.yaml @@ -16,7 +16,7 @@ spec: seccompProfile: type: RuntimeDefault containers: - - image: docker.io/netbirdio/relay:0.58.2 # renovate: docker=docker.io/netbirdio/relay + - image: docker.io/netbirdio/relay:0.59.8 # renovate: docker=docker.io/netbirdio/relay imagePullPolicy: IfNotPresent name: relay securityContext: diff --git a/k8s/infra/vpn/netbird/signal/deployment.yaml b/k8s/infra/vpn/netbird/signal/deployment.yaml index 32a0d90..2da5ea7 100644 --- a/k8s/infra/vpn/netbird/signal/deployment.yaml +++ b/k8s/infra/vpn/netbird/signal/deployment.yaml @@ -21,7 +21,7 @@ spec: type: RuntimeDefault containers: - name: signal - image: docker.io/netbirdio/signal:0.58.2 # renovate: docker=docker.io/netbirdio/signal + image: docker.io/netbirdio/signal:0.59.8 # renovate: docker=docker.io/netbirdio/signal args: [ --port, $(PORT), --log-level, $(LOG_LEVEL), --log-file, console ] securityContext: allowPrivilegeEscalation: false diff --git a/tofu/kubernetes/talos/inline-manifests/cilium-install.yaml b/tofu/kubernetes/talos/inline-manifests/cilium-install.yaml index f207e5e..8ebff09 100644 --- a/tofu/kubernetes/talos/inline-manifests/cilium-install.yaml +++ b/tofu/kubernetes/talos/inline-manifests/cilium-install.yaml @@ -59,7 +59,7 @@ spec: hostNetwork: true containers: - name: cilium-install - image: quay.io/cilium/cilium-cli:v0.18.7 # renovate: github-releases=cilium/cilium-cli + image: quay.io/cilium/cilium-cli:v0.18.8 # renovate: github-releases=cilium/cilium-cli env: - name: KUBERNETES_SERVICE_HOST valueFrom: @@ -75,7 +75,7 @@ spec: command: - cilium - install - - --version=v1.18.2 # renovate: github-releases=cilium/cilium + - --version=v1.18.3 # renovate: github-releases=cilium/cilium - --set - kubeProxyReplacement=true - --values