chore: add media section with YouTube video link

Added a section for media with a YouTube video link.

.github/workflows/flux-local.yaml

@@ -21,7 +21,7 @@ jobs:
 
       - name: Get Changed Files
         id: changed-files
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
         with:
           files: kubernetes/**
 

.mise.toml

@@ -5,24 +5,24 @@ SOPS_AGE_KEY_FILE = "{{config_root}}/age.key"
 TALOSCONFIG = "{{config_root}}/talos/clusterconfig/talosconfig"
 
 [tools]
-"python" = "3.14.2" # required:template
-"uv" = "0.9.28" # required:template
+"python" = "3.14.3" # required:template
+"uv" = "0.10.7" # required:template
 "pipx" = "1.8.0" # required:template
 "pipx:makejinja" = "2.8.2" # required:template
-"aqua:budimanjojo/talhelper" = "3.1.3"
-"aqua:cilium/cilium-cli" = "0.19.0"
-"aqua:cli/cli" = "2.86.0"
-"aqua:cloudflare/cloudflared" = "2026.1.2"
+"aqua:budimanjojo/talhelper" = "3.1.5"
+"aqua:cilium/cilium-cli" = "0.19.2"
+"aqua:cli/cli" = "2.87.3"
+"aqua:cloudflare/cloudflared" = "2026.2.0"
 "aqua:cue-lang/cue" = "0.15.4" # required:template
 "aqua:FiloSottile/age" = "1.3.1"
-"aqua:fluxcd/flux2" = "2.7.5"
-"aqua:getsops/sops" = "3.11.0"
+"aqua:fluxcd/flux2" = "2.8.1"
+"aqua:getsops/sops" = "3.12.1"
 "aqua:go-task/task" = "3.48.0"
-"aqua:helm/helm" = "4.1.0"
-"aqua:helmfile/helmfile" = "1.2.3"
+"aqua:helm/helm" = "4.1.1"
+"aqua:helmfile/helmfile" = "1.3.2"
 "aqua:jqlang/jq" = "1.8.1"
 "aqua:kubernetes-sigs/kustomize" = "5.7.1"
-"aqua:kubernetes/kubernetes/kubectl" = "1.35.0"
-"aqua:mikefarah/yq" = "4.52.1"
-"aqua:siderolabs/talos" = "1.12.2"
+"aqua:kubernetes/kubernetes/kubectl" = "1.35.2"
+"aqua:mikefarah/yq" = "4.52.4"
+"aqua:siderolabs/talos" = "1.12.4"
 "aqua:yannh/kubeconform" = "0.7.0"

.renovaterc.json5

@@ -54,14 +54,6 @@
       minimumReleaseAge: "3 days",
       ignoreTests: true,
     },
-    {
-      description: "Auto-merge Mise Tools",
-      matchManagers: ["mise"],
-      automerge: true,
-      automergeType: "branch",
-      matchUpdateTypes: ["minor", "patch"],
-      ignoreTests: true,
-    },
     {
       matchUpdateTypes: ["major"],
       semanticCommitType: "feat",

README.md

@@ -40,7 +40,6 @@ Using **enterprise NVMe or SATA SSDs on Bare Metal** (even used drives) provides
 
 These guidelines provide a strong baseline, but there are always exceptions and nuances. The best way to ensure your hardware configuration works is to **test it thoroughly and benchmark performance** under realistic workloads.
 
-
 ### Stage 2: Machine Preparation
 
 > [!IMPORTANT]
@@ -68,14 +67,15 @@ These guidelines provide a strong baseline, but there are always exceptions and
 > [!TIP]
 > It is recommended to set the visibility of your repository to `Public` so you can easily request help if you get stuck.
 
-1. Create a new repository by clicking the green `Use this template` button at the top of this page, then clone the new repo you just created and `cd` into it. Alternatively you can us the [GitHub CLI](https://cli.github.com/) ...
+1. Create a new repository by clicking the green `Use this template` button at the top of this page, then clone the new repo you just created and `cd` into it. Alternatively you can use the [GitHub CLI](https://cli.github.com/) ...
 
     ```sh
     export REPONAME="home-ops"
-    gh repo create $REPONAME --template onedr0p/cluster-template --disable-wiki --public --clone && cd $REPONAME
+    gh repo create $REPONAME --template onedr0p/cluster-template --public --clone
+    cd $REPONAME
     ```
 
-2. **Install** the [Mise CLI](https://mise.jdx.dev/getting-started.html#installing-mise-cli) on your workstation.
+2. **Install** the [Mise CLI](https://mise.jdx.dev/getting-started.html#installing-mise-cli) on your local workstation.
 
 3. **Activate** Mise in your shell by following the [activation guide](https://mise.jdx.dev/getting-started.html#activate-mise).
 
@@ -91,7 +91,7 @@ These guidelines provide a strong baseline, but there are always exceptions and
 
    📍 _**Having trouble compiling Python?** Try running `mise settings python.compile=0` and then run these commands again_
 
-5. Logout of GitHub Container Registry (GHCR) as this may cause authorization problems when using the public registry:
+5. Logout of the GitHub Container Registry as this may cause authorization problems in future steps when using the public registry:
 
     ```sh
     docker logout ghcr.io
@@ -101,7 +101,7 @@ These guidelines provide a strong baseline, but there are always exceptions and
 ### Stage 4: Cloudflare configuration
 
 > [!WARNING]
-> If any of the commands fail with `command not found` or `unknown command` it means `mise` is either not install or configured incorrectly.
+> If any of the commands fail with `command not found` or `unknown command` it means `mise` is either not installed, activated or it could be configured incorrectly.
 
 1. Create a Cloudflare API token for use with cloudflared and external-dns by reviewing the official [documentation](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) and following the instructions below.
 
@@ -150,7 +150,7 @@ These guidelines provide a strong baseline, but there are always exceptions and
 ### Stage 6: Bootstrap Talos, Kubernetes, and Flux
 
 > [!WARNING]
-> It might take a while for the cluster to be setup (10+ minutes is normal). During which time you will see a variety of error messages like: "couldn't get current server API group list," "error: no matching resources found", etc. 'Ready' will remain "False" as no CNI is deployed yet. **This is a normal.** If this step gets interrupted, e.g. by pressing <kbd>Ctrl</kbd> + <kbd>C</kbd>, you likely will need to [reset the cluster](#-reset) before trying again
+> It might take a while for the cluster to be setup (10+ minutes is normal). During which time you will see a variety of error messages like: "couldn't get current server API group list," "error: no matching resources found", etc. 'Ready' will remain "False" as no CNI is deployed yet. **This is normal.** If this step gets interrupted, e.g. by pressing <kbd>Ctrl</kbd> + <kbd>C</kbd>, you likely will need to [reset the cluster](#-reset) before trying again
 
 1. Install Talos:
 
@@ -237,9 +237,9 @@ The `external-dns` application created in the `network` namespace will handle cr
 
 _... Nothing working? That is expected, this is DNS after all!_
 
-### 🪝 Github Webhook
+### 🪝 GitHub Webhook
 
-By default Flux will periodically check your git repository for changes. In-order to have Flux reconcile on `git push` you must configure Github to send `push` events to Flux.
+By default Flux will periodically check your git repository for changes. In-order to have Flux reconcile on `git push` you must configure GitHub to send `push` events to Flux.
 
 1. Obtain the webhook path:
 
@@ -255,7 +255,7 @@ By default Flux will periodically check your git repository for changes. In-orde
     https://flux-webhook.${cloudflare_domain}/hook/12ebd1e363c641dc3c2e430ecf3cee2b3c7a5ac9e1234506f6f5f3ce1230e123
     ```
 
-3. Navigate to the settings of your repository on Github, under "Settings/Webhooks" press the "Add webhook" button. Fill in the webhook URL and your token from `github-push-token.txt`, Content type: `application/json`, Events: Choose Just the push event, and save.
+3. Navigate to the settings of your repository on GitHub, under "Settings/Webhooks" press the "Add webhook" button. Fill in the webhook URL and your token from `github-push-token.txt`, Content type: `application/json`, Events: Choose Just the push event, and save.
 
 ## 💥 Reset
 
@@ -358,13 +358,13 @@ Below is a general guide on trying to debug an issue with an resource or applica
     kubectl -n <namespace> get pods -o wide
     ```
 
-3. Check the logs of the pod if its there:
+3. Check the logs of the pod if it's there:
 
     ```sh
     kubectl -n <namespace> logs <pod-name> -f
     ```
 
-4. If a resource exists try to describe it to see what problems it might have:
+4. If a resource exists, try to describe it to see what problems it might have:
 
     ```sh
     kubectl -n <namespace> describe <resource> <name>
@@ -417,7 +417,7 @@ This flexibility allows you to integrate seamlessly with a range of DNS solution
 
 ### Secrets
 
-SOPs is an excellent tool for managing secrets in a GitOps workflow. However, it can become cumbersome when rotating secrets or maintaining a single source of truth for secret items.
+SOPS is an excellent tool for managing secrets in a GitOps workflow. However, it can become cumbersome when rotating secrets or maintaining a single source of truth for secret items.
 
 For a more streamlined approach to those issues, consider [External Secrets](https://external-secrets.io/latest/). This tool allows you to move away from SOPs and leverage an external provider for managing your secrets. External Secrets supports a wide range of providers, from cloud-based solutions to self-hosted options.
 
@@ -425,13 +425,11 @@ For a more streamlined approach to those issues, consider [External Secrets](htt
 
 If your workloads require persistent storage with features like replication or connectivity to NFS, SMB, or iSCSI servers, there are several projects worth exploring:
 
-- [rook-ceph](https://github.com/rook/rook)
-- [longhorn](https://github.com/longhorn/longhorn)
-- [openebs](https://github.com/openebs/openebs)
+- [rook-ceph](https://github.com/rook/rook) / [longhorn](https://github.com/longhorn/longhorn) / [openebs](https://github.com/openebs/openebs)
 - [democratic-csi](https://github.com/democratic-csi/democratic-csi)
-- [csi-driver-nfs](https://github.com/kubernetes-csi/csi-driver-nfs)
-- [csi-driver-smb](https://github.com/kubernetes-csi/csi-driver-smb)
+- [csi-driver-nfs](https://github.com/kubernetes-csi/csi-driver-nfs) / [csi-driver-smb](https://github.com/kubernetes-csi/csi-driver-smb)
 - [synology-csi](https://github.com/SynologyOpenSource/synology-csi)
+- [truenas-csi](https://github.com/truenas/truenas-csi) / [tns-csi](https://github.com/fenio/tns-csi)
 
 These tools offer a variety of solutions to meet your persistent storage needs, whether you’re using cloud-native or self-hosted infrastructures.
 
@@ -443,27 +441,20 @@ Community member [@whazor](https://github.com/whazor) created [Kubesearch](https
 
 ### Community
 
-- Make a post in this repository's Github [Discussions](https://github.com/onedr0p/cluster-template/discussions).
+- Make a post in this repository's GitHub [Discussions](https://github.com/onedr0p/cluster-template/discussions).
 - Start a thread in the `#support` or `#cluster-template` channels in the [Home Operations](https://discord.gg/home-operations) Discord server.
 
-### GitHub Sponsors
+## 📺 Media
 
-If you're having difficulty with this project, can't find the answers you need through the community support options above, or simply want to show your appreciation while gaining deeper insights, I’m offering one-on-one paid support through GitHub Sponsors for a limited time. Payment and scheduling will be coordinated through [GitHub Sponsors](https://github.com/sponsors/onedr0p).
+Check out these videos below. If you find them helpful, a like and subscribe goes a long way!
 
-<details>
-
-<summary>Click to expand the details</summary>
-
-<br>
-
-- **Rate**: $50/hour (no longer than 2 hours / day).
-- **What’s Included**: Assistance with deployment, debugging, or answering questions related to this project.
-- **What to Expect**:
-  1. Sessions will focus on specific questions or issues you are facing.
-  2. I will provide guidance, explanations, and actionable steps to help resolve your concerns.
-  3. Support is limited to this project and does not extend to unrelated tools or custom feature development.
-
-</details>
+<a href="https://youtube.com/watch?v=aeUKOpeoiUs">
+  <img src="https://github.com/user-attachments/assets/2dab1c6f-7b27-4b94-a7ad-a6d9c5b17c78" alt="Youtube Video" width="300">
+</a>
+&nbsp;&nbsp;
+<a href="https://youtube.com/watch?v=hoi2GzvJUXM">
+  <img src="https://github.com/user-attachments/assets/5b939b90-0019-4515-b90c-321ffe7448cf" alt="Youtube Video" width="300">
+</a>
 
 ## 🙌 Related Projects
 

templates/config/bootstrap/helmfile.d/00-crds.yaml.j2

@@ -17,9 +17,9 @@ releases:
   - name: envoy-gateway
     namespace: network
     chart: oci://mirror.gcr.io/envoyproxy/gateway-helm
-    version: v1.6.3
+    version: v1.7.0
 
   - name: kube-prometheus-stack
     namespace: observability
     chart: oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack
-    version: 81.4.2
+    version: 82.4.3

templates/config/bootstrap/helmfile.d/01-apps.yaml.j2

@@ -9,7 +9,7 @@ releases:
   - name: cilium
     namespace: kube-system
     chart: oci://quay.io/cilium/charts/cilium
-    version: 1.18.6
+    version: 1.19.1
     values: ['./templates/values.yaml.gotmpl']
 
   - name: coredns
@@ -31,7 +31,7 @@ releases:
   - name: cert-manager
     namespace: cert-manager
     chart: oci://quay.io/jetstack/charts/cert-manager
-    version: v1.19.2
+    version: v1.19.4
     values: ['./templates/values.yaml.gotmpl']
     #% if spegel_enabled %#
     needs: ['kube-system/spegel']
@@ -42,13 +42,13 @@ releases:
   - name: flux-operator
     namespace: flux-system
     chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator
-    version: 0.40.0
+    version: 0.43.0
     values: ['./templates/values.yaml.gotmpl']
     needs: ['cert-manager/cert-manager']
 
   - name: flux-instance
     namespace: flux-system
     chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance
-    version: 0.40.0
+    version: 0.43.0
     values: ['./templates/values.yaml.gotmpl']
     needs: ['flux-system/flux-operator']

templates/config/kubernetes/apps/cert-manager/cert-manager/app/ocirepository.yaml.j2

@@ -9,5 +9,5 @@ spec:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: v1.19.2
+    tag: v1.19.4
   url: oci://quay.io/jetstack/charts/cert-manager

templates/config/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml.j2

@@ -11,7 +11,7 @@ spec:
   values:
     instance:
       distribution:
-        artifact: oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:v0.40.0
+        artifact: oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:v0.43.0
       cluster:
         networkPolicy: false
       components:

templates/config/kubernetes/apps/flux-system/flux-instance/app/ocirepository.yaml.j2

@@ -9,5 +9,5 @@ spec:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: 0.40.0
+    tag: 0.43.0
   url: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance

templates/config/kubernetes/apps/flux-system/flux-operator/app/ocirepository.yaml.j2

@@ -9,5 +9,5 @@ spec:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: 0.40.0
+    tag: 0.43.0
   url: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator

templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2

@@ -49,7 +49,8 @@ spec:
     loadBalancer:
       algorithm: maglev
       mode: "#{ cilium_loadbalancer_mode }#"
-    localRedirectPolicy: true
+    localRedirectPolicies:
+      enabled: true
     operator:
       dashboards:
         enabled: true

templates/config/kubernetes/apps/kube-system/cilium/app/ocirepository.yaml.j2

@@ -9,5 +9,5 @@ spec:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: 1.18.6
+    tag: 1.19.1
   url: oci://quay.io/cilium/charts/cilium

templates/config/kubernetes/apps/kube-system/reloader/app/ocirepository.yaml.j2

@@ -9,5 +9,5 @@ spec:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: 2.2.7
+    tag: 2.2.8
   url: oci://ghcr.io/stakater/charts/reloader

templates/config/kubernetes/apps/network/cloudflare-tunnel/app/helmrelease.yaml.j2

@@ -18,7 +18,7 @@ spec:
           app:
             image:
               repository: docker.io/cloudflare/cloudflared
-              tag: 2026.1.2
+              tag: 2026.2.0
             env:
               NO_AUTOUPDATE: true
               TUNNEL_METRICS: 0.0.0.0:8080

templates/config/kubernetes/apps/network/envoy-gateway/app/ocirepository.yaml.j2

@@ -9,5 +9,5 @@ spec:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: v1.6.3
+    tag: v1.7.0
   url: oci://mirror.gcr.io/envoyproxy/gateway-helm

templates/config/talos/talenv.yaml.j2

@@ -1,4 +1,4 @@
 # renovate: datasource=docker depName=ghcr.io/siderolabs/installer
-talosVersion: v1.12.2
+talosVersion: v1.12.4
 # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
-kubernetesVersion: v1.35.0
+kubernetesVersion: v1.35.2