Update octodns/octodns Docker tag to v2025.08

Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.18.4' (#583 ) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main
Reviewed-on: #583
2025-09-08 12:03:44 +00:00 · 2025-09-08 11:19:35 +00:00 · 2025-09-08 11:19:17 +00:00 · 2025-09-08 11:18:54 +00:00 · 2025-09-08 00:01:38 +00:00 · 2025-09-07 10:01:40 +00:00
20 changed files with 49 additions and 50 deletions
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # Kluster setup and IaaC using argoCD
-### Initial setup
+### Description
 #### Requirements:
 - A running k3s instance
 - `sealedsecrets` deployed
@@ -27,20 +27,21 @@ The app-of-apps will bootstrap a fully featured cluster with the following compo
    - immich
    - ...
-#### Recap
+## Setup instructions
- install sealedsecrets see [README](./infrastructure/sealedsecrets/README.md)
+1. install sealedsecrets see [README](./infrastructure/sealedsecrets/README.md)
    ```bash
    kubectl apply -k infrastructure/sealedsecrets
    kubectl apply -f infrastructure/sealedsecrets/main.key
    kubectl delete pod -n kube-system -l name=sealed-secrets-controller
    ```
- install argocd
+1. install argocd and the app-of-apps bundled with it
    ```bash
    kubectl apply -k infrastructure/argocd
    ```
 - wait...
 > NOTE: The argocd kustomization already mentions some CRDs available only after the full bootstrapping (traefik). You might have to apply the last step twice
 ### Adding an application
 todo
--- a/apps/adguard/kustomization.yaml
+++ b/apps/adguard/kustomization.yaml
@@ -10,7 +10,7 @@ resources:
 images:
  - name: adguard/adguardhome
    newName: adguard/adguardhome
-    newTag: v0.107.64
+    newTag: v0.107.65
 namespace: adguard
--- a/apps/audiobookshelf/kustomization.yaml
+++ b/apps/audiobookshelf/kustomization.yaml
@@ -12,4 +12,4 @@ namespace: audiobookshelf
 images:
  - name: audiobookshelf
    newName: ghcr.io/advplyr/audiobookshelf
-    newTag: "2.27.0"
+    newTag: "2.29.0"
--- a/apps/finance/kustomization.yaml
+++ b/apps/finance/kustomization.yaml
@@ -14,4 +14,4 @@ resources:
 images:
  - name: actualbudget
    newName: actualbudget/actual-server
-    newTag: 25.7.1
+    newTag: 25.9.0
--- a/apps/grafana/kustomization.yaml
+++ b/apps/grafana/kustomization.yaml
@@ -17,5 +17,5 @@ helmCharts:
  - releaseName: grafana
    name: grafana
    repo: https://grafana.github.io/helm-charts
-    version: 9.2.10
+    version: 9.4.4
    valuesFile: grafana.values.yaml
--- a/apps/homeassistant/kustomization.yaml
+++ b/apps/homeassistant/kustomization.yaml
@@ -15,4 +15,4 @@ resources:
 images:
  - name: homeassistant
    newName: homeassistant/home-assistant
-    newTag: "2025.7"
+    newTag: "2025.9"
--- a/apps/immich/kustomization.yaml
+++ b/apps/immich/kustomization.yaml
@@ -22,9 +22,9 @@ helmCharts:
 images:
  - name: ghcr.io/immich-app/immich-machine-learning
-    newTag: v1.136.0
+    newTag: v1.140.1
  - name: ghcr.io/immich-app/immich-server
-    newTag: v1.136.0
+    newTag: v1.140.1
 patches:
--- a/apps/ntfy/kustomization.yaml
+++ b/apps/ntfy/kustomization.yaml
@@ -13,4 +13,4 @@ resources:
 images:
  - name: binwiederhier/ntfy
    newName: binwiederhier/ntfy
-    newTag: v2.13.0
+    newTag: v2.14.0
--- a/apps/paperless/kustomization.yaml
+++ b/apps/paperless/kustomization.yaml
@@ -14,14 +14,14 @@ namespace: paperless
 images:
  - name: paperless
    newName: ghcr.io/paperless-ngx/paperless-ngx
-    newTag: "2.17.1"
+    newTag: "2.18.4"
 helmCharts:
  - name: redis
    releaseName: redis
    repo: https://charts.bitnami.com/bitnami
-    version: 21.2.13
+    version: 21.2.14
    valuesInline:
      auth:
        enabled: false
--- a/apps/recipes/kustomization.yaml
+++ b/apps/recipes/kustomization.yaml
@@ -13,5 +13,5 @@ resources:
 images:
  - name: mealie
-    newTag: v3.0.2
+    newTag: v3.1.2
    newName: ghcr.io/mealie-recipes/mealie
--- a/infrastructure/authelia/kustomization.yaml
+++ b/infrastructure/authelia/kustomization.yaml
@@ -27,6 +27,6 @@ images:
 helmCharts:
  - name: authelia
    releaseName: authelia
-    version: 0.10.41
+    version: 0.10.44
    repo: https://charts.authelia.com
    valuesFile: authelia.values.yaml
--- a/infrastructure/external-dns/kustomization.yaml
+++ b/infrastructure/external-dns/kustomization.yaml
@@ -11,7 +11,7 @@ resources:
 images:
  - name: octodns
    newName: octodns/octodns # has all plugins
-    newTag: "2025.07"
+    newTag: "2025.08"
  - name: git
    newName: alpine/git
--- a/infrastructure/metallb-system/ipaddresspool.yaml
+++ b/infrastructure/metallb-system/ipaddresspool.yaml
@@ -2,7 +2,6 @@ apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
  name: default
  namespace: metallb-system
 spec:
  addresses:
    - 192.168.3.0/24
@@ -10,5 +9,8 @@ spec:
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement
 metadata:
-  name: empty
+  name: default
-  namespace: metallb-system
+# selector is left empty on purpose to match all IPAddressPools
 # spec:
 #   ipAddressPools:
 #   - default
--- a/infrastructure/metallb-system/kustomization.yaml
+++ b/infrastructure/metallb-system/kustomization.yaml
@@ -1,15 +1,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources: 
  - namespace.yaml
  - ipaddresspool.yaml
 namespace: metallb-system
 resources:
  # - namespace.yaml
  # namespace is already included in the remote kustomization
  # - github.com/metallb/metallb/config/native?ref=v0.15.2
  - github.com/metallb/metallb/config/frr?ref=v0.15.2
  - ipaddresspool.yaml
 helmCharts:
  - name: metallb
    repo: https://metallb.github.io/metallb
    version: 0.15.2
    releaseName: metallb
    valuesFile: values.yaml
--- a/infrastructure/metallb-system/namespace.yaml
+++ b/infrastructure/metallb-system/namespace.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: placeholder
+  name: metallb-system
-  labels:
+  # labels:
-    pod-security.kubernetes.io/enforce: privileged 
+    # pod-security.kubernetes.io/enforce: privileged
--- a/infrastructure/monitoring/kustomization.yaml
+++ b/infrastructure/monitoring/kustomization.yaml
@@ -24,7 +24,7 @@ helmCharts:
  - name: loki
    releaseName: loki
    repo: https://grafana.github.io/helm-charts
-    version: 6.31.0
+    version: 6.39.0
    valuesFile: loki.values.yaml
  - name: prometheus-node-exporter
    releaseName: prometheus-node-exporter
--- a/infrastructure/monitoring/loki.values.yaml
+++ b/infrastructure/monitoring/loki.values.yaml
@@ -30,7 +30,6 @@ loki:
    filesystem:
      chunks_directory: /var/loki/chunks
      rules_directory: /var/loki/rules
      admin_api_directory: /var/loki/admin
 minio:
  enabled: false
--- a/infrastructure/sealedsecrets/kustomization.yaml
+++ b/infrastructure/sealedsecrets/kustomization.yaml
@@ -9,4 +9,4 @@ resources:
 images:
  - name: controller
    newName: docker.io/bitnami/sealed-secrets-controller
-    newTag: 0.30.0
+    newTag: 0.31.0
--- a/infrastructure/traefik-system/configmap.yaml
+++ b/infrastructure/traefik-system/configmap.yaml
@@ -71,7 +71,7 @@ data:
        address = ":9100"
      [entryPoints.traefik]
-        address = ":9000"
+        address = ":8080"
      [entryPoints.dnsovertls]
        address = ":8853"
--- a/infrastructure/traefik-system/values.yaml
+++ b/infrastructure/traefik-system/values.yaml
@@ -23,8 +23,7 @@ ingressClass:
  # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
  enabled: true
  isDefaultClass: true
-  # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
+
  fallbackApiVersion: ""
 # Activate Pilot integration
 pilot:
@@ -67,7 +66,8 @@ providers:
  kubernetesIngress:
    enabled: true
    allowExternalNameServices: true
-    ingressClass: traefik
+    # Ingresses missing the annotation, having an empty value, or the value traefik are processed by default.
    # ingressClass: traefik
    # labelSelector: environment=production,method=traefik
Author	SHA1	Message	Date
Renovate Bot	1f67319989	Update octodns/octodns Docker tag to v2025.08	2025-09-08 12:03:44 +00:00
Remy Moll	2e078b68fe	Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.18.4' (#583 ) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main Reviewed-on: #583	2025-09-08 11:19:35 +00:00
Remy Moll	989edb4da2	Merge pull request 'Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.31.0' (#580 ) from renovate/docker.io-bitnami-sealed-secrets-controller-0.x into main Reviewed-on: #580	2025-09-08 11:19:17 +00:00
Remy Moll	0b8a725360	Merge pull request 'Update homeassistant/home-assistant Docker tag to v2025.9' (#585 ) from renovate/homeassistant-home-assistant-2025.x into main Reviewed-on: #585	2025-09-08 11:18:54 +00:00
Renovate Bot	3ebec1dfcc	Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.18.4	2025-09-08 00:01:38 +00:00
Renovate Bot	19e7cf8fc5	Update homeassistant/home-assistant Docker tag to v2025.9	2025-09-07 10:01:40 +00:00
Remy Moll	c55a142946	remove superfluous value	2025-09-07 09:42:46 +00:00
Remy Moll	fbe4a2ba05	Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v3.1.2' (#582 ) from renovate/ghcr.io-mealie-recipes-mealie-3.x into main Reviewed-on: #582	2025-09-07 08:57:05 +00:00
Renovate Bot	d4cbabf15a	Update ghcr.io/mealie-recipes/mealie Docker tag to v3.1.2	2025-09-06 22:01:30 +00:00
Remy Moll	a10b70206d	Merge pull request 'Update Helm release loki to v6.39.0' (#549 ) from renovate/loki-6.x into main Reviewed-on: #549	2025-09-06 21:35:39 +00:00
Remy Moll	f038453389	Merge pull request 'Update actualbudget/actual-server Docker tag to v25.9.0' (#571 ) from renovate/actualbudget-actual-server-25.x into main Reviewed-on: #571	2025-09-06 21:35:08 +00:00
Remy Moll	2d5c52e91a	Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.29.0' (#572 ) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main Reviewed-on: #572	2025-09-06 21:34:50 +00:00
Remy Moll	244d897b9c	Merge pull request 'Update Helm release grafana to v9.4.4' (#565 ) from renovate/grafana-9.x into main Reviewed-on: #565	2025-09-06 21:25:49 +00:00
Renovate Bot	71815928a1	Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.31.0	2025-09-05 18:02:21 +00:00
renovate	e11f68f69a	Merge pull request 'Update Helm release authelia to v0.10.44' (#579 ) from renovate/authelia-0.x into main	2025-09-05 18:02:04 +00:00
Renovate Bot	8fb4642c62	Update Helm release authelia to v0.10.44	2025-09-05 18:01:56 +00:00
Remy Moll	b82731ddaf	Merge pull request 'Update binwiederhier/ntfy Docker tag to v2.14.0' (#576 ) from renovate/binwiederhier-ntfy-2.x into main Reviewed-on: #576	2025-09-05 16:51:00 +00:00
Remy Moll	9229e02482	update immich	2025-09-04 23:30:10 +02:00
Renovate Bot	00bc237aeb	Update Helm release loki to v6.39.0	2025-09-04 16:04:29 +00:00
Renovate Bot	742a30cd0c	Update actualbudget/actual-server Docker tag to v25.9.0	2025-09-04 00:01:39 +00:00
Renovate Bot	48dc85476e	Update Helm release grafana to v9.4.4	2025-09-03 13:45:25 +00:00
Renovate Bot	2917e73559	Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.29.0	2025-09-03 13:45:10 +00:00
Renovate Bot	18c05d49ff	Update binwiederhier/ntfy Docker tag to v2.14.0	2025-09-03 13:45:04 +00:00
renovate	1c3fdde1dd	Merge pull request 'Update Helm release redis to v21.2.14' (#575 ) from renovate/redis-21.x into main	2025-09-03 13:44:49 +00:00
Renovate Bot	4582b19aaf	Update Helm release redis to v21.2.14	2025-09-03 13:40:34 +00:00
renovate	fe46e81fd9	Merge pull request 'Update Helm release authelia to v0.10.42' (#574 ) from renovate/authelia-0.x into main	2025-09-03 12:02:47 +00:00
Renovate Bot	3064d4ec7a	Update Helm release authelia to v0.10.42	2025-09-03 12:02:39 +00:00
renovate	3aa05f3e30	Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.65' (#573 ) from renovate/adguard-adguardhome-0.x into main	2025-09-03 12:02:28 +00:00
Renovate Bot	a2cff0bf55	Update adguard/adguardhome Docker tag to v0.107.65	2025-09-03 12:02:07 +00:00
Remy Moll	b54b6b0f60	updated bootstrapping procedure with more sane defaults	2025-09-03 13:20:17 +02:00