feat(container)!: Update image ghcr.io/bjw-s-labs/helm/app-template ( 4.6.2 ➔ 5.0.0 )#1248
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
feat(container)!: Update image ghcr.io/bjw-s-labs/helm/app-template ( 4.6.2 ➔ 5.0.0 )#1248renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
📝 WalkthroughWalkthroughThe ChangesHelm Chart Version Bump
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
--- kubernetes/apps/flux-system/instance/ks Kustomization: flux-system/flux-instance OCIRepository: flux-system/app-template
+++ kubernetes/apps/flux-system/instance/ks Kustomization: flux-system/flux-instance OCIRepository: flux-system/app-template
@@ -11,9 +11,9 @@
spec:
interval: 1h
layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy
ref:
- tag: 4.6.2
+ tag: 5.0.0
url: oci://ghcr.io/bjw-s-labs/helm/app-template
|
--- HelmRelease: network/openspeedtest Deployment: network/openspeedtest
+++ HelmRelease: network/openspeedtest Deployment: network/openspeedtest
@@ -24,14 +24,14 @@
labels:
app.kubernetes.io/controller: openspeedtest
app.kubernetes.io/instance: openspeedtest
app.kubernetes.io/name: openspeedtest
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: openspeedtest
+ automountServiceAccountToken: false
hostIPC: false
hostNetwork: false
hostPID: false
hostUsers: false
dnsPolicy: ClusterFirst
containers:
--- HelmRelease: network/openspeedtest ServiceAccount: network/openspeedtest
+++ HelmRelease: network/openspeedtest ServiceAccount: network/openspeedtest
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: openspeedtest
+ labels:
+ app.kubernetes.io/instance: openspeedtest
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: openspeedtest
+ namespace: network
+
--- HelmRelease: database/influxdb Deployment: database/influxdb
+++ HelmRelease: database/influxdb Deployment: database/influxdb
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: influxdb
app.kubernetes.io/instance: influxdb
app.kubernetes.io/name: influxdb
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: influxdb
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: database/influxdb ServiceAccount: database/influxdb
+++ HelmRelease: database/influxdb ServiceAccount: database/influxdb
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: influxdb
+ labels:
+ app.kubernetes.io/instance: influxdb
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: influxdb
+ namespace: database
+
--- HelmRelease: default/immichframe Deployment: default/immichframe
+++ HelmRelease: default/immichframe Deployment: default/immichframe
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: immichframe
app.kubernetes.io/instance: immichframe
app.kubernetes.io/name: immichframe
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: immichframe
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/immichframe ServiceAccount: default/immichframe
+++ HelmRelease: default/immichframe ServiceAccount: default/immichframe
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: immichframe
+ labels:
+ app.kubernetes.io/instance: immichframe
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: immichframe
+ namespace: default
+
--- HelmRelease: default/homepage Deployment: default/homepage
+++ HelmRelease: default/homepage Deployment: default/homepage
@@ -27,13 +27,13 @@
app.kubernetes.io/controller: homepage
app.kubernetes.io/instance: homepage
app.kubernetes.io/name: homepage
spec:
enableServiceLinks: false
serviceAccountName: homepage
- automountServiceAccountToken: true
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/changedetection Deployment: default/changedetection
+++ HelmRelease: default/changedetection Deployment: default/changedetection
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: changedetection
app.kubernetes.io/instance: changedetection
app.kubernetes.io/name: changedetection
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: changedetection
+ automountServiceAccountToken: false
securityContext:
fsGroup: 999
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 999
runAsNonRoot: true
runAsUser: 999
--- HelmRelease: default/changedetection ServiceAccount: default/changedetection
+++ HelmRelease: default/changedetection ServiceAccount: default/changedetection
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: changedetection
+ labels:
+ app.kubernetes.io/instance: changedetection
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: changedetection
+ namespace: default
+
--- HelmRelease: default/immich-valkey Deployment: default/immich-valkey
+++ HelmRelease: default/immich-valkey Deployment: default/immich-valkey
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: valkey
app.kubernetes.io/instance: immich-valkey
app.kubernetes.io/name: immich-valkey
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: immich-valkey
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/immich-valkey ServiceAccount: default/immich-valkey
+++ HelmRelease: default/immich-valkey ServiceAccount: default/immich-valkey
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: immich-valkey
+ labels:
+ app.kubernetes.io/instance: immich-valkey
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: immich-valkey
+ namespace: default
+
--- HelmRelease: default/gluetun-update CronJob: default/gluetun-update
+++ HelmRelease: default/gluetun-update CronJob: default/gluetun-update
@@ -24,14 +24,14 @@
labels:
app.kubernetes.io/controller: gluetun-update
app.kubernetes.io/instance: gluetun-update
app.kubernetes.io/name: gluetun-update
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: gluetun-update
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/gluetun-update ServiceAccount: default/gluetun-update
+++ HelmRelease: default/gluetun-update ServiceAccount: default/gluetun-update
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: gluetun-update
+ labels:
+ app.kubernetes.io/instance: gluetun-update
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: gluetun-update
+ namespace: default
+
--- HelmRelease: default/esphome-device-builder Deployment: default/esphome-device-builder
+++ HelmRelease: default/esphome-device-builder Deployment: default/esphome-device-builder
@@ -33,14 +33,14 @@
labels:
app.kubernetes.io/controller: esphome-device-builder
app.kubernetes.io/instance: esphome-device-builder
app.kubernetes.io/name: esphome-device-builder
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: esphome-device-builder
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/esphome-device-builder ServiceAccount: default/esphome-device-builder
+++ HelmRelease: default/esphome-device-builder ServiceAccount: default/esphome-device-builder
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: esphome-device-builder
+ labels:
+ app.kubernetes.io/instance: esphome-device-builder
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: esphome-device-builder
+ namespace: default
+
--- HelmRelease: default/memos Deployment: default/memos
+++ HelmRelease: default/memos Deployment: default/memos
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: memos
app.kubernetes.io/instance: memos
app.kubernetes.io/name: memos
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: memos
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/memos ServiceAccount: default/memos
+++ HelmRelease: default/memos ServiceAccount: default/memos
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: memos
+ labels:
+ app.kubernetes.io/instance: memos
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: memos
+ namespace: default
+
--- HelmRelease: default/buildkit Deployment: default/buildkit-amd64
+++ HelmRelease: default/buildkit Deployment: default/buildkit-amd64
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: amd64
app.kubernetes.io/instance: buildkit
app.kubernetes.io/name: buildkit
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: buildkit
+ automountServiceAccountToken: false
hostIPC: false
hostNetwork: false
hostPID: false
hostUsers: false
dnsPolicy: ClusterFirst
affinity:
--- HelmRelease: default/buildkit Deployment: default/buildkit-arm64
+++ HelmRelease: default/buildkit Deployment: default/buildkit-arm64
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: arm64
app.kubernetes.io/instance: buildkit
app.kubernetes.io/name: buildkit
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: buildkit
+ automountServiceAccountToken: false
hostIPC: false
hostNetwork: false
hostPID: false
hostUsers: false
dnsPolicy: ClusterFirst
affinity:
--- HelmRelease: default/buildkit ServiceAccount: default/buildkit
+++ HelmRelease: default/buildkit ServiceAccount: default/buildkit
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: buildkit
+ labels:
+ app.kubernetes.io/instance: buildkit
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: buildkit
+ namespace: default
+
--- HelmRelease: default/pocket-id Deployment: default/pocket-id
+++ HelmRelease: default/pocket-id Deployment: default/pocket-id
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: pocket-id
app.kubernetes.io/instance: pocket-id
app.kubernetes.io/name: pocket-id
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: pocket-id
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/pocket-id ServiceAccount: default/pocket-id
+++ HelmRelease: default/pocket-id ServiceAccount: default/pocket-id
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: pocket-id
+ labels:
+ app.kubernetes.io/instance: pocket-id
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pocket-id
+ namespace: default
+
--- HelmRelease: default/dawarich Deployment: default/dawarich
+++ HelmRelease: default/dawarich Deployment: default/dawarich
@@ -28,14 +28,14 @@
labels:
app.kubernetes.io/controller: dawarich
app.kubernetes.io/instance: dawarich
app.kubernetes.io/name: dawarich
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: dawarich
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/dawarich ServiceAccount: default/dawarich
+++ HelmRelease: default/dawarich ServiceAccount: default/dawarich
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: dawarich
+ labels:
+ app.kubernetes.io/instance: dawarich
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: dawarich
+ namespace: default
+
--- HelmRelease: default/registry Deployment: default/registry
+++ HelmRelease: default/registry Deployment: default/registry
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: registry
app.kubernetes.io/instance: registry
app.kubernetes.io/name: registry
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: registry
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/registry CronJob: default/registry-gc
+++ HelmRelease: default/registry CronJob: default/registry-gc
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: gc
app.kubernetes.io/instance: registry
app.kubernetes.io/name: registry
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: registry
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/registry ServiceMonitor: default/registry
+++ HelmRelease: default/registry ServiceMonitor: default/registry
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: registry
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: registry
namespace: default
spec:
- jobLabel: registry
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- default
selector:
matchLabels:
app.kubernetes.io/service: registry
--- HelmRelease: default/registry ServiceAccount: default/registry
+++ HelmRelease: default/registry ServiceAccount: default/registry
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: registry
+ labels:
+ app.kubernetes.io/instance: registry
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: registry
+ namespace: default
+
--- HelmRelease: default/docker-registry-ui Deployment: default/docker-registry-ui
+++ HelmRelease: default/docker-registry-ui Deployment: default/docker-registry-ui
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: docker-registry-ui
app.kubernetes.io/instance: docker-registry-ui
app.kubernetes.io/name: docker-registry-ui
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: docker-registry-ui
+ automountServiceAccountToken: false
hostIPC: false
hostNetwork: false
hostPID: false
hostUsers: false
dnsPolicy: ClusterFirst
containers:
--- HelmRelease: default/docker-registry-ui ServiceAccount: default/docker-registry-ui
+++ HelmRelease: default/docker-registry-ui ServiceAccount: default/docker-registry-ui
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: docker-registry-ui
+ labels:
+ app.kubernetes.io/instance: docker-registry-ui
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: docker-registry-ui
+ namespace: default
+
--- HelmRelease: default/mealie Deployment: default/mealie
+++ HelmRelease: default/mealie Deployment: default/mealie
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: mealie
app.kubernetes.io/instance: mealie
app.kubernetes.io/name: mealie
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: mealie
+ automountServiceAccountToken: false
securityContext:
fsGroup: 911
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 911
runAsNonRoot: true
runAsUser: 911
--- HelmRelease: default/mealie ServiceAccount: default/mealie
+++ HelmRelease: default/mealie ServiceAccount: default/mealie
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: mealie
+ labels:
+ app.kubernetes.io/instance: mealie
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: mealie
+ namespace: default
+
--- HelmRelease: default/homebox Deployment: default/homebox
+++ HelmRelease: default/homebox Deployment: default/homebox
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: homebox
app.kubernetes.io/instance: homebox
app.kubernetes.io/name: homebox
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: homebox
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/homebox ServiceAccount: default/homebox
+++ HelmRelease: default/homebox ServiceAccount: default/homebox
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: homebox
+ labels:
+ app.kubernetes.io/instance: homebox
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: homebox
+ namespace: default
+
--- HelmRelease: default/karakeep Deployment: default/karakeep-browserless
+++ HelmRelease: default/karakeep Deployment: default/karakeep-browserless
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: browserless
app.kubernetes.io/instance: karakeep
app.kubernetes.io/name: karakeep
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: karakeep
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/karakeep Deployment: default/karakeep
+++ HelmRelease: default/karakeep Deployment: default/karakeep
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: karakeep
app.kubernetes.io/instance: karakeep
app.kubernetes.io/name: karakeep
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: karakeep
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/karakeep Deployment: default/karakeep-meilisearch
+++ HelmRelease: default/karakeep Deployment: default/karakeep-meilisearch
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: meilisearch
app.kubernetes.io/instance: karakeep
app.kubernetes.io/name: karakeep
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: karakeep
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/karakeep ServiceAccount: default/karakeep
+++ HelmRelease: default/karakeep ServiceAccount: default/karakeep
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: karakeep
+ labels:
+ app.kubernetes.io/instance: karakeep
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: karakeep
+ namespace: default
+
--- HelmRelease: default/qui Deployment: default/qui
+++ HelmRelease: default/qui Deployment: default/qui
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: qui
app.kubernetes.io/instance: qui
app.kubernetes.io/name: qui
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: qui
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/qui ServiceAccount: default/qui
+++ HelmRelease: default/qui ServiceAccount: default/qui
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: qui
+ labels:
+ app.kubernetes.io/instance: qui
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: qui
+ namespace: default
+
--- HelmRelease: default/pgadmin Deployment: default/pgadmin
+++ HelmRelease: default/pgadmin Deployment: default/pgadmin
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: pgadmin
app.kubernetes.io/instance: pgadmin
app.kubernetes.io/name: pgadmin
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: pgadmin
+ automountServiceAccountToken: false
securityContext:
fsGroup: 5050
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 5050
runAsNonRoot: true
runAsUser: 5050
--- HelmRelease: default/pgadmin ServiceAccount: default/pgadmin
+++ HelmRelease: default/pgadmin ServiceAccount: default/pgadmin
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: pgadmin
+ labels:
+ app.kubernetes.io/instance: pgadmin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pgadmin
+ namespace: default
+
--- HelmRelease: default/immich Deployment: default/immich-machine-learning
+++ HelmRelease: default/immich Deployment: default/immich-machine-learning
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: machine-learning
app.kubernetes.io/instance: immich
app.kubernetes.io/name: immich
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: immich
+ automountServiceAccountToken: false
runtimeClassName: nvidia
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
--- HelmRelease: default/immich Deployment: default/immich-microservices
+++ HelmRelease: default/immich Deployment: default/immich-microservices
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: microservices
app.kubernetes.io/instance: immich
app.kubernetes.io/name: immich
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: immich
+ automountServiceAccountToken: false
runtimeClassName: nvidia
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
--- HelmRelease: default/immich Deployment: default/immich-server
+++ HelmRelease: default/immich Deployment: default/immich-server
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: server
app.kubernetes.io/instance: immich
app.kubernetes.io/name: immich
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: immich
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/immich ServiceMonitor: default/immich-server
+++ HelmRelease: default/immich ServiceMonitor: default/immich-server
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: immich
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: immich
namespace: default
spec:
- jobLabel: immich-server
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- default
selector:
matchLabels:
app.kubernetes.io/service: server
--- HelmRelease: default/immich ServiceMonitor: default/immich-microservices
+++ HelmRelease: default/immich ServiceMonitor: default/immich-microservices
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: immich
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: immich
namespace: default
spec:
- jobLabel: immich-microservices
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- default
selector:
matchLabels:
app.kubernetes.io/service: microservices
--- HelmRelease: default/immich ServiceAccount: default/immich
+++ HelmRelease: default/immich ServiceAccount: default/immich
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: immich
+ labels:
+ app.kubernetes.io/instance: immich
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: immich
+ namespace: default
+
--- HelmRelease: default/sabnzbd Deployment: default/sabnzbd
+++ HelmRelease: default/sabnzbd Deployment: default/sabnzbd
@@ -27,14 +27,14 @@
app.kubernetes.io/controller: sabnzbd
app.kubernetes.io/instance: sabnzbd
app.kubernetes.io/name: sabnzbd
pod-security.kantai.xyz/allow-added-capabilities: 'true'
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: sabnzbd
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/sabnzbd ServiceAccount: default/sabnzbd
+++ HelmRelease: default/sabnzbd ServiceAccount: default/sabnzbd
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: sabnzbd
+ labels:
+ app.kubernetes.io/instance: sabnzbd
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: sabnzbd
+ namespace: default
+
--- HelmRelease: default/nextflux Deployment: default/nextflux
+++ HelmRelease: default/nextflux Deployment: default/nextflux
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: nextflux
app.kubernetes.io/instance: nextflux
app.kubernetes.io/name: nextflux
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: nextflux
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/nextflux ServiceAccount: default/nextflux
+++ HelmRelease: default/nextflux ServiceAccount: default/nextflux
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: nextflux
+ labels:
+ app.kubernetes.io/instance: nextflux
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nextflux
+ namespace: default
+
--- HelmRelease: default/spoolman Deployment: default/spoolman
+++ HelmRelease: default/spoolman Deployment: default/spoolman
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: spoolman
app.kubernetes.io/instance: spoolman
app.kubernetes.io/name: spoolman
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: spoolman
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/spoolman ServiceMonitor: default/spoolman
+++ HelmRelease: default/spoolman ServiceMonitor: default/spoolman
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: spoolman
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: spoolman
namespace: default
spec:
- jobLabel: spoolman
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- default
selector:
matchLabels:
app.kubernetes.io/service: spoolman
--- HelmRelease: default/spoolman ServiceAccount: default/spoolman
+++ HelmRelease: default/spoolman ServiceAccount: default/spoolman
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: spoolman
+ labels:
+ app.kubernetes.io/instance: spoolman
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: spoolman
+ namespace: default
+
--- HelmRelease: default/plex Deployment: default/plex
+++ HelmRelease: default/plex Deployment: default/plex
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: plex
app.kubernetes.io/instance: plex
app.kubernetes.io/name: plex
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: plex
+ automountServiceAccountToken: false
runtimeClassName: nvidia
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
--- HelmRelease: default/plex ServiceAccount: default/plex
+++ HelmRelease: default/plex ServiceAccount: default/plex
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: plex
+ labels:
+ app.kubernetes.io/instance: plex
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: plex
+ namespace: default
+
--- HelmRelease: default/radarr Deployment: default/radarr
+++ HelmRelease: default/radarr Deployment: default/radarr
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: radarr
app.kubernetes.io/instance: radarr
app.kubernetes.io/name: radarr
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: radarr
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/radarr ServiceAccount: default/radarr
+++ HelmRelease: default/radarr ServiceAccount: default/radarr
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: radarr
+ labels:
+ app.kubernetes.io/instance: radarr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: radarr
+ namespace: default
+
--- HelmRelease: default/miniflux Deployment: default/miniflux
+++ HelmRelease: default/miniflux Deployment: default/miniflux
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: miniflux
app.kubernetes.io/instance: miniflux
app.kubernetes.io/name: miniflux
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: miniflux
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/miniflux ServiceMonitor: default/miniflux
+++ HelmRelease: default/miniflux ServiceMonitor: default/miniflux
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: miniflux
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: miniflux
namespace: default
spec:
- jobLabel: miniflux
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- default
selector:
matchLabels:
app.kubernetes.io/service: miniflux
--- HelmRelease: default/miniflux ServiceAccount: default/miniflux
+++ HelmRelease: default/miniflux ServiceAccount: default/miniflux
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: miniflux
+ labels:
+ app.kubernetes.io/instance: miniflux
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: miniflux
+ namespace: default
+
--- HelmRelease: network/cloudflared Deployment: network/cloudflared
+++ HelmRelease: network/cloudflared Deployment: network/cloudflared
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: cloudflared
app.kubernetes.io/instance: cloudflared
app.kubernetes.io/name: cloudflared
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: cloudflared
+ automountServiceAccountToken: false
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
hostIPC: false
hostNetwork: false
--- HelmRelease: network/cloudflared ServiceMonitor: network/cloudflared
+++ HelmRelease: network/cloudflared ServiceMonitor: network/cloudflared
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: cloudflared
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cloudflared
namespace: network
spec:
- jobLabel: cloudflared
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- network
selector:
matchLabels:
app.kubernetes.io/service: cloudflared
--- HelmRelease: network/cloudflared ServiceAccount: network/cloudflared
+++ HelmRelease: network/cloudflared ServiceAccount: network/cloudflared
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cloudflared
+ labels:
+ app.kubernetes.io/instance: cloudflared
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: cloudflared
+ namespace: network
+
--- HelmRelease: observability/beszel Deployment: observability/beszel
+++ HelmRelease: observability/beszel Deployment: observability/beszel
@@ -24,14 +24,14 @@
labels:
app.kubernetes.io/controller: beszel
app.kubernetes.io/instance: beszel
app.kubernetes.io/name: beszel
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: beszel
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: observability/beszel ServiceAccount: observability/beszel
+++ HelmRelease: observability/beszel ServiceAccount: observability/beszel
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: beszel
+ labels:
+ app.kubernetes.io/instance: beszel
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: beszel
+ namespace: observability
+
--- HelmRelease: kube-system/generic-device-plugin DaemonSet: kube-system/generic-device-plugin
+++ HelmRelease: kube-system/generic-device-plugin DaemonSet: kube-system/generic-device-plugin
@@ -24,14 +24,14 @@
labels:
app.kubernetes.io/controller: generic-device-plugin
app.kubernetes.io/instance: generic-device-plugin
app.kubernetes.io/name: generic-device-plugin
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: generic-device-plugin
+ automountServiceAccountToken: false
priorityClassName: system-node-critical
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
tolerations:
--- HelmRelease: kube-system/generic-device-plugin ServiceAccount: kube-system/generic-device-plugin
+++ HelmRelease: kube-system/generic-device-plugin ServiceAccount: kube-system/generic-device-plugin
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: generic-device-plugin
+ labels:
+ app.kubernetes.io/instance: generic-device-plugin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: generic-device-plugin
+ namespace: kube-system
+
--- HelmRelease: observability/nut-exporter Deployment: observability/nut-exporter
+++ HelmRelease: observability/nut-exporter Deployment: observability/nut-exporter
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: nut-exporter
app.kubernetes.io/instance: nut-exporter
app.kubernetes.io/name: nut-exporter
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: nut-exporter
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: observability/nut-exporter ServiceAccount: observability/nut-exporter
+++ HelmRelease: observability/nut-exporter ServiceAccount: observability/nut-exporter
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: nut-exporter
+ labels:
+ app.kubernetes.io/instance: nut-exporter
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: nut-exporter
+ namespace: observability
+
--- HelmRelease: default/tracearr Deployment: default/tracearr
+++ HelmRelease: default/tracearr Deployment: default/tracearr
@@ -28,14 +28,14 @@
labels:
app.kubernetes.io/controller: tracearr
app.kubernetes.io/instance: tracearr
app.kubernetes.io/name: tracearr
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: tracearr
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/tracearr ServiceAccount: default/tracearr
+++ HelmRelease: default/tracearr ServiceAccount: default/tracearr
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: tracearr
+ labels:
+ app.kubernetes.io/instance: tracearr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: tracearr
+ namespace: default
+
--- HelmRelease: default/stash Deployment: default/stash
+++ HelmRelease: default/stash Deployment: default/stash
@@ -28,14 +28,14 @@
labels:
app.kubernetes.io/controller: stash
app.kubernetes.io/instance: stash
app.kubernetes.io/name: stash
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: stash
+ automountServiceAccountToken: false
runtimeClassName: nvidia
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
--- HelmRelease: default/stash ServiceAccount: default/stash
+++ HelmRelease: default/stash ServiceAccount: default/stash
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: stash
+ labels:
+ app.kubernetes.io/instance: stash
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: stash
+ namespace: default
+
--- HelmRelease: default/sonarr Deployment: default/sonarr
+++ HelmRelease: default/sonarr Deployment: default/sonarr
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: sonarr
app.kubernetes.io/instance: sonarr
app.kubernetes.io/name: sonarr
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: sonarr
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/sonarr ServiceAccount: default/sonarr
+++ HelmRelease: default/sonarr ServiceAccount: default/sonarr
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: sonarr
+ labels:
+ app.kubernetes.io/instance: sonarr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: sonarr
+ namespace: default
+
--- HelmRelease: default/photon Deployment: default/photon
+++ HelmRelease: default/photon Deployment: default/photon
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: photon
app.kubernetes.io/instance: photon
app.kubernetes.io/name: photon
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: photon
+ automountServiceAccountToken: false
securityContext:
fsGroup: 9011
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 9011
runAsNonRoot: true
runAsUser: 9011
--- HelmRelease: default/photon ServiceAccount: default/photon
+++ HelmRelease: default/photon ServiceAccount: default/photon
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: photon
+ labels:
+ app.kubernetes.io/instance: photon
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: photon
+ namespace: default
+
--- HelmRelease: default/recyclarr CronJob: default/recyclarr
+++ HelmRelease: default/recyclarr CronJob: default/recyclarr
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: recyclarr
app.kubernetes.io/instance: recyclarr
app.kubernetes.io/name: recyclarr
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: recyclarr
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/recyclarr ServiceAccount: default/recyclarr
+++ HelmRelease: default/recyclarr ServiceAccount: default/recyclarr
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: recyclarr
+ labels:
+ app.kubernetes.io/instance: recyclarr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: recyclarr
+ namespace: default
+
--- HelmRelease: observability/dozzle Deployment: observability/dozzle
+++ HelmRelease: observability/dozzle Deployment: observability/dozzle
@@ -27,13 +27,13 @@
app.kubernetes.io/controller: dozzle
app.kubernetes.io/instance: dozzle
app.kubernetes.io/name: dozzle
spec:
enableServiceLinks: false
serviceAccountName: dozzle
- automountServiceAccountToken: true
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: observability/kite Deployment: observability/kite
+++ HelmRelease: observability/kite Deployment: observability/kite
@@ -27,13 +27,13 @@
app.kubernetes.io/controller: kite
app.kubernetes.io/instance: kite
app.kubernetes.io/name: kite
spec:
enableServiceLinks: false
serviceAccountName: kite
- automountServiceAccountToken: true
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: kube-system/cpufreq-kantai1 DaemonSet: kube-system/cpufreq-kantai1
+++ HelmRelease: kube-system/cpufreq-kantai1 DaemonSet: kube-system/cpufreq-kantai1
@@ -22,14 +22,14 @@
labels:
app.kubernetes.io/controller: cpufreq
app.kubernetes.io/instance: cpufreq-kantai1
app.kubernetes.io/name: cpufreq-kantai1
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: cpufreq-kantai1
+ automountServiceAccountToken: false
priorityClassName: system-node-critical
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
nodeSelector:
--- HelmRelease: kube-system/cpufreq-kantai1 ServiceAccount: kube-system/cpufreq-kantai1
+++ HelmRelease: kube-system/cpufreq-kantai1 ServiceAccount: kube-system/cpufreq-kantai1
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cpufreq-kantai1
+ labels:
+ app.kubernetes.io/instance: cpufreq-kantai1
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: cpufreq-kantai1
+ namespace: kube-system
+
--- HelmRelease: observability/unpoller Deployment: observability/unpoller
+++ HelmRelease: observability/unpoller Deployment: observability/unpoller
@@ -24,14 +24,14 @@
labels:
app.kubernetes.io/controller: unpoller
app.kubernetes.io/instance: unpoller
app.kubernetes.io/name: unpoller
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: unpoller
+ automountServiceAccountToken: false
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
hostIPC: false
hostNetwork: false
--- HelmRelease: observability/unpoller ServiceMonitor: observability/unpoller
+++ HelmRelease: observability/unpoller ServiceMonitor: observability/unpoller
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: unpoller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: unpoller
namespace: observability
spec:
- jobLabel: unpoller
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- observability
selector:
matchLabels:
app.kubernetes.io/service: unpoller
--- HelmRelease: observability/unpoller ServiceAccount: observability/unpoller
+++ HelmRelease: observability/unpoller ServiceAccount: observability/unpoller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: unpoller
+ labels:
+ app.kubernetes.io/instance: unpoller
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: unpoller
+ namespace: observability
+
--- HelmRelease: kube-system/multus DaemonSet: kube-system/multus
+++ HelmRelease: kube-system/multus DaemonSet: kube-system/multus
@@ -23,13 +23,13 @@
app.kubernetes.io/controller: multus
app.kubernetes.io/instance: multus
app.kubernetes.io/name: multus
spec:
enableServiceLinks: false
serviceAccountName: multus
- automountServiceAccountToken: true
+ automountServiceAccountToken: false
hostIPC: false
hostNetwork: true
hostPID: false
dnsPolicy: ClusterFirstWithHostNet
tolerations:
- effect: NoSchedule
--- HelmRelease: default/qbittorrent Deployment: default/qbittorrent
+++ HelmRelease: default/qbittorrent Deployment: default/qbittorrent
@@ -27,14 +27,14 @@
app.kubernetes.io/controller: qbittorrent
app.kubernetes.io/instance: qbittorrent
app.kubernetes.io/name: qbittorrent
pod-security.kantai.xyz/allow-added-capabilities: 'true'
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: qbittorrent
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/qbittorrent ServiceAccount: default/qbittorrent
+++ HelmRelease: default/qbittorrent ServiceAccount: default/qbittorrent
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: qbittorrent
+ labels:
+ app.kubernetes.io/instance: qbittorrent
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: qbittorrent
+ namespace: default
+
--- HelmRelease: default/prowlarr Deployment: default/prowlarr
+++ HelmRelease: default/prowlarr Deployment: default/prowlarr
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: prowlarr
app.kubernetes.io/instance: prowlarr
app.kubernetes.io/name: prowlarr
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: prowlarr
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: default/prowlarr ServiceAccount: default/prowlarr
+++ HelmRelease: default/prowlarr ServiceAccount: default/prowlarr
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: prowlarr
+ labels:
+ app.kubernetes.io/instance: prowlarr
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: prowlarr
+ namespace: default
+
--- HelmRelease: observability/speedtest-exporter Deployment: observability/speedtest-exporter
+++ HelmRelease: observability/speedtest-exporter Deployment: observability/speedtest-exporter
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: speedtest-exporter
app.kubernetes.io/instance: speedtest-exporter
app.kubernetes.io/name: speedtest-exporter
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: speedtest-exporter
+ automountServiceAccountToken: false
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
hostIPC: false
hostNetwork: false
--- HelmRelease: observability/speedtest-exporter ServiceMonitor: observability/speedtest-exporter
+++ HelmRelease: observability/speedtest-exporter ServiceMonitor: observability/speedtest-exporter
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: speedtest-exporter
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: speedtest-exporter
namespace: observability
spec:
- jobLabel: speedtest-exporter
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- observability
selector:
matchLabels:
app.kubernetes.io/service: speedtest-exporter
--- HelmRelease: observability/speedtest-exporter ServiceAccount: observability/speedtest-exporter
+++ HelmRelease: observability/speedtest-exporter ServiceAccount: observability/speedtest-exporter
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: speedtest-exporter
+ labels:
+ app.kubernetes.io/instance: speedtest-exporter
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: speedtest-exporter
+ namespace: observability
+
--- HelmRelease: observability/netronome Deployment: observability/netronome
+++ HelmRelease: observability/netronome Deployment: observability/netronome
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: netronome
app.kubernetes.io/instance: netronome
app.kubernetes.io/name: netronome
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: netronome
+ automountServiceAccountToken: false
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
hostIPC: false
hostNetwork: false
--- HelmRelease: observability/netronome ServiceAccount: observability/netronome
+++ HelmRelease: observability/netronome ServiceAccount: observability/netronome
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: netronome
+ labels:
+ app.kubernetes.io/instance: netronome
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: netronome
+ namespace: observability
+
--- HelmRelease: network/echo Deployment: network/echo
+++ HelmRelease: network/echo Deployment: network/echo
@@ -24,14 +24,14 @@
labels:
app.kubernetes.io/controller: echo
app.kubernetes.io/instance: echo
app.kubernetes.io/name: echo
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: echo
+ automountServiceAccountToken: false
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
hostIPC: false
hostNetwork: false
--- HelmRelease: network/echo ServiceMonitor: network/echo
+++ HelmRelease: network/echo ServiceMonitor: network/echo
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: echo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: echo
namespace: network
spec:
- jobLabel: echo
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- network
selector:
matchLabels:
app.kubernetes.io/service: echo
--- HelmRelease: network/echo ServiceAccount: network/echo
+++ HelmRelease: network/echo ServiceAccount: network/echo
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: echo
+ labels:
+ app.kubernetes.io/instance: echo
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: echo
+ namespace: network
+
--- HelmRelease: observability/siren Deployment: observability/siren
+++ HelmRelease: observability/siren Deployment: observability/siren
@@ -24,14 +24,14 @@
labels:
app.kubernetes.io/controller: siren
app.kubernetes.io/instance: siren
app.kubernetes.io/name: siren
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: siren
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: observability/siren ServiceAccount: observability/siren
+++ HelmRelease: observability/siren ServiceAccount: observability/siren
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: siren
+ labels:
+ app.kubernetes.io/instance: siren
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: siren
+ namespace: observability
+
--- HelmRelease: observability-agents/scrutiny-collector DaemonSet: observability-agents/scrutiny-collector
+++ HelmRelease: observability-agents/scrutiny-collector DaemonSet: observability-agents/scrutiny-collector
@@ -22,14 +22,14 @@
labels:
app.kubernetes.io/controller: scrutiny-collector
app.kubernetes.io/instance: scrutiny-collector
app.kubernetes.io/name: scrutiny-collector
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: scrutiny-collector
+ automountServiceAccountToken: false
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
tolerations:
- effect: NoSchedule
--- HelmRelease: observability-agents/scrutiny-collector ServiceAccount: observability-agents/scrutiny-collector
+++ HelmRelease: observability-agents/scrutiny-collector ServiceAccount: observability-agents/scrutiny-collector
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: scrutiny-collector
+ labels:
+ app.kubernetes.io/instance: scrutiny-collector
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: scrutiny-collector
+ namespace: observability-agents
+
--- HelmRelease: observability-agents/telegraf-powerwall Deployment: observability-agents/telegraf-powerwall
+++ HelmRelease: observability-agents/telegraf-powerwall Deployment: observability-agents/telegraf-powerwall
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: telegraf-powerwall
app.kubernetes.io/instance: telegraf-powerwall
app.kubernetes.io/name: telegraf-powerwall
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: telegraf-powerwall
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: observability-agents/telegraf-powerwall ServiceAccount: observability-agents/telegraf-powerwall
+++ HelmRelease: observability-agents/telegraf-powerwall ServiceAccount: observability-agents/telegraf-powerwall
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: telegraf-powerwall
+ labels:
+ app.kubernetes.io/instance: telegraf-powerwall
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: telegraf-powerwall
+ namespace: observability-agents
+
--- HelmRelease: observability/scrutiny Deployment: observability/scrutiny
+++ HelmRelease: observability/scrutiny Deployment: observability/scrutiny
@@ -26,14 +26,14 @@
labels:
app.kubernetes.io/controller: scrutiny
app.kubernetes.io/instance: scrutiny
app.kubernetes.io/name: scrutiny
spec:
enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: true
+ serviceAccountName: scrutiny
+ automountServiceAccountToken: false
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
--- HelmRelease: observability/scrutiny ServiceMonitor: observability/scrutiny
+++ HelmRelease: observability/scrutiny ServiceMonitor: observability/scrutiny
@@ -6,13 +6,13 @@
labels:
app.kubernetes.io/instance: scrutiny
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: scrutiny
namespace: observability
spec:
- jobLabel: scrutiny
+ jobLabel: app.kubernetes.io/name
namespaceSelector:
matchNames:
- observability
selector:
matchLabels:
app.kubernetes.io/service: scrutiny
--- HelmRelease: observability/scrutiny ServiceAccount: observability/scrutiny
+++ HelmRelease: observability/scrutiny ServiceAccount: observability/scrutiny
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: scrutiny
+ labels:
+ app.kubernetes.io/instance: scrutiny
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: scrutiny
+ namespace: observability
+
--- HelmRelease: observability/gatus StatefulSet: observability/gatus
+++ HelmRelease: observability/gatus StatefulSet: observability/gatus
@@ -29,13 +29,13 @@
This message was truncated. Download full message |
jfroy
force-pushed
the
main
branch
2 times, most recently
from
cf5ea2f to
30f3f61
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.6.2→5.0.0Release Notes
bjw-s-labs/helm-charts (ghcr.io/bjw-s-labs/helm/app-template)
v5.0.0Changelog:
Changed
Configuration
📅 Schedule: (in timezone America/Los_Angeles)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.