diff --git a/bootstrap/templates/addons/discord-template-notifier/app/helmrelease.yaml.j2 b/bootstrap/templates/addons/discord-template-notifier/app/helmrelease.yaml.j2 index 70837431e2e..4ceeb410e84 100644 --- a/bootstrap/templates/addons/discord-template-notifier/app/helmrelease.yaml.j2 +++ b/bootstrap/templates/addons/discord-template-notifier/app/helmrelease.yaml.j2 @@ -9,7 +9,7 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 interval: 30m sourceRef: kind: HelmRepository @@ -27,29 +27,38 @@ spec: uninstall: keepHistory: false values: - image: - repository: ghcr.io/morphy2k/rss-forwarder - tag: 0.6.1 - env: - TZ: "${TIMEZONE}" + controllers: + main: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: ghcr.io/morphy2k/rss-forwarder + tag: 0.6.1 + env: + TZ: "${TIMEZONE}" + probes: + liveness: &disabled + enabled: false + readiness: *disabled + startup: *disabled + resources: + requests: + cpu: 5m + memory: 10M + limits: + memory: 64M service: - main: &disableSvc - enabled: false + main: *disabled ingress: - main: *disableSvc - probes: - liveness: *disableSvc - readiness: *disableSvc - startup: *disableSvc + main: *disabled persistence: - data: + config: enabled: true type: secret name: discord-template-notifier-secret - resources: - requests: - cpu: 15m - memory: 110M - limits: - cpu: 15m - memory: 110M + globalMounts: + - path: /data/config.toml + subPath: config.toml + readOnly: true diff --git a/bootstrap/templates/kubernetes/apps/networking/cloudflared/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/networking/cloudflared/app/helmrelease.yaml.j2 index 69869ae4422..27b14876c76 100644 --- a/bootstrap/templates/kubernetes/apps/networking/cloudflared/app/helmrelease.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/networking/cloudflared/app/helmrelease.yaml.j2 @@ -9,7 +9,7 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 sourceRef: kind: HelmRepository name: bjw-s @@ -25,78 +25,80 @@ spec: uninstall: keepHistory: false values: - controller: - replicas: 1 - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - image: - repository: docker.io/cloudflare/cloudflared - tag: 2023.10.0 - env: - NO_AUTOUPDATE: "true" - TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json - TUNNEL_METRICS: 0.0.0.0:8080 - TUNNEL_TRANSPORT_PROTOCOL: quic - TUNNEL_POST_QUANTUM: true - TUNNEL_ID: - valueFrom: - secretKeyRef: - name: cloudflared-secret - key: TUNNEL_ID - args: - - tunnel - - --config - - /etc/cloudflared/config/config.yaml - - run - - "$(TUNNEL_ID)" + controllers: + main: + replicas: 2 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: docker.io/cloudflare/cloudflared + tag: 2023.10.0 + env: + NO_AUTOUPDATE: "true" + TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json + TUNNEL_METRICS: 0.0.0.0:8080 + TUNNEL_TRANSPORT_PROTOCOL: quic + TUNNEL_POST_QUANTUM: true + TUNNEL_ID: + valueFrom: + secretKeyRef: + name: cloudflared-secret + key: TUNNEL_ID + args: + - tunnel + - --config + - /etc/cloudflared/config/config.yaml + - run + - "$(TUNNEL_ID)" + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /ready + port: &port 8080 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + resources: + requests: + cpu: 5m + memory: 128M + limits: + memory: 256M + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 service: main: ports: http: - port: 8080 + port: *port serviceMonitor: main: enabled: true - endpoints: - - port: http - scheme: http - path: /metrics - interval: 1m - scrapeTimeout: 30s - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /ready - port: http - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: - enabled: false persistence: config: enabled: true type: configMap name: cloudflared-configmap - subPath: config.yaml - mountPath: /etc/cloudflared/config/config.yaml - readOnly: true + globalMounts: + - path: /etc/cloudflared/config/config.yaml + subPath: config.yaml + readOnly: true creds: - enabled: true type: secret name: cloudflared-secret - subPath: credentials.json - mountPath: /etc/cloudflared/creds/credentials.json - readOnly: true - resources: - requests: - cpu: 5m - memory: 10Mi - limits: - memory: 256Mi + globalMounts: + - path: /etc/cloudflared/creds/credentials.json + subPath: credentials.json + readOnly: true diff --git a/bootstrap/templates/kubernetes/apps/networking/echo-server/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/networking/echo-server/app/helmrelease.yaml.j2 index 407403eac71..a8f41ba5489 100644 --- a/bootstrap/templates/kubernetes/apps/networking/echo-server/app/helmrelease.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/networking/echo-server/app/helmrelease.yaml.j2 @@ -10,7 +10,7 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 sourceRef: kind: HelmRepository name: bjw-s @@ -26,31 +26,47 @@ spec: uninstall: keepHistory: false values: - controller: - strategy: RollingUpdate - image: - repository: docker.io/jmalloc/echo-server - tag: 0.3.6 + controllers: + main: + replicas: 2 + strategy: RollingUpdate + containers: + main: + image: + repository: docker.io/jmalloc/echo-server + tag: 0.3.6 + env: + PORT: &port 8080 + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + resources: + requests: + cpu: 5m + memory: 10M + limits: + memory: 64M + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 service: main: ports: http: - port: &port 8080 - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /health port: *port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: - enabled: false ingress: main: enabled: true @@ -62,13 +78,9 @@ spec: - host: &host "{% raw %}{{ .Release.Name }}{% endraw %}.${SECRET_DOMAIN}" paths: - path: / - pathType: Prefix + service: + name: main + port: http tls: - hosts: - *host - resources: - requests: - cpu: 5m - memory: 10Mi - limits: - memory: 50Mi