From 33677a6568ca99c158b3b1b5002dbbd45b80bfbf Mon Sep 17 00:00:00 2001
From: rohow <admin@dev.cm>
Date: Fri, 7 Nov 2025 15:09:14 +0800
Subject: [PATCH] =?UTF-8?q?feat(apps):=20=E5=BA=94=E7=94=A8=E7=89=88?=
 =?UTF-8?q?=E6=9C=AC=E5=8D=87=E7=BA=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/apps/halo/helmchart.yaml                 |  3 +-
 apps/apps/proxy/todo.yaml                     | 60 -------------------
 apps/infra/devops/cert-manager/helmchart.yaml |  2 +-
 apps/infra/devops/gitea/helmchart.yaml        |  4 +-
 apps/infra/devops/reflector/helmchart.yaml    |  2 +-
 apps/infra/devops/velero/helmchart.yaml       |  8 ++-
 apps/infra/monitor/loki/helmchart-loki.yaml   |  2 +-
 apps/infra/monitor/prometheus/helmchart.yaml  |  4 +-
 apps/infra/net/crowdsec/helmchart.yaml        |  4 +-
 apps/infra/net/tailscale/helmchart-sh.yaml    | 35 -----------
 .../{helmchart-hk.yaml => helmchart.yaml}     |  0
 install/README.md                             |  3 +-
 12 files changed, 19 insertions(+), 108 deletions(-)
 delete mode 100644 apps/apps/proxy/todo.yaml
 delete mode 100644 apps/infra/net/tailscale/helmchart-sh.yaml
 rename apps/infra/net/tailscale/{helmchart-hk.yaml => helmchart.yaml} (100%)

diff --git a/apps/apps/halo/helmchart.yaml b/apps/apps/halo/helmchart.yaml
index 03df800..6f8cbdb 100644
--- a/apps/apps/halo/helmchart.yaml
+++ b/apps/apps/halo/helmchart.yaml
@@ -7,6 +7,7 @@ spec:
   repo: https://halo-sigs.github.io/charts/
   chart: halo
   targetNamespace: apps
+  # 1.2.3版本报错，暂时回退到1.2.2
   version: 1.2.2
   valuesContent: |-
     affinity:
@@ -22,7 +23,7 @@ spec:
               namespaceSelector: {} 
     image:
       repository: halohub/halo-pro
-      tag: 2.21.9
+      tag: 2.21.10
     service:
       type: ClusterIP
     ingress:
diff --git a/apps/apps/proxy/todo.yaml b/apps/apps/proxy/todo.yaml
deleted file mode 100644
index 542078e..0000000
--- a/apps/apps/proxy/todo.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
-http:
-  routers:
-    router:
-      entryPoints:
-        - websecure
-      rule: "Host(`router.dev.cm`)"
-      service: "router@file"
-      middlewares:
-        - web-base
-    vm:
-      entryPoints:
-        - websecure
-      rule: "Host(`vm.dev.cm`)"
-      service: "vm@file"
-      middlewares:
-        - web-base
-    nas:
-      entryPoints:
-        - websecure
-      rule: "Host(`nas.dev.cm`)"
-      service: "nas@file"
-      middlewares:
-        - web-base
-    download:
-      entryPoints:
-        - websecure
-      rule: "Host(`download.dev.cm`)"
-      service: "download@file"
-      middlewares:
-        - traefik-forward-auth
-        - web-base
-    downloadRpc:
-      entryPoints:
-        - websecure
-      rule: "Host(`download.dev.cm`) && PathPrefix(`/jsonrpc`)"
-      service: "downloadRpc@file"
-      middlewares:
-        - web-base
-
-  services:
-    router:
-      loadBalancer:
-        servers:
-          - url: "https://192.168.21.1/"
-    vm:
-      loadBalancer:
-        servers:
-          - url: "https://192.168.21.2:8006/"
-    nas:
-      loadBalancer:
-        servers:
-          - url: "http://192.168.21.3/"
-    download:
-      loadBalancer:
-        servers:
-          - url: "http://192.168.21.3:6880/"
-    downloadRpc:
-      loadBalancer:
-        servers:
-          - url: "http://192.168.21.3:6800/"
\ No newline at end of file
diff --git a/apps/infra/devops/cert-manager/helmchart.yaml b/apps/infra/devops/cert-manager/helmchart.yaml
index a7ec9b6..f962fa1 100644
--- a/apps/infra/devops/cert-manager/helmchart.yaml
+++ b/apps/infra/devops/cert-manager/helmchart.yaml
@@ -9,7 +9,7 @@ spec:
   repo: https://charts.jetstack.io
   chart: cert-manager
   targetNamespace: infra-devops
-  version: v1.18.2
+  version: v1.19.1
   valuesContent: |-
     affinity:
       nodeAffinity:
diff --git a/apps/infra/devops/gitea/helmchart.yaml b/apps/infra/devops/gitea/helmchart.yaml
index a4555c3..88ec489 100644
--- a/apps/infra/devops/gitea/helmchart.yaml
+++ b/apps/infra/devops/gitea/helmchart.yaml
@@ -7,7 +7,7 @@ spec:
   repo: https://dl.gitea.com/charts
   chart: gitea
   targetNamespace: infra-devops
-  version: 12.1.3
+  version: 12.3.0
   valuesContent: |-
     affinity:
       podAffinity:
@@ -36,7 +36,7 @@ spec:
     postgresql-ha:
       enabled: false
     image:
-      tag: 1.24.5
+      tag: 1.25.1
     ingress:
       enabled: true
       className: nginx
diff --git a/apps/infra/devops/reflector/helmchart.yaml b/apps/infra/devops/reflector/helmchart.yaml
index 7504c24..d3d78b9 100644
--- a/apps/infra/devops/reflector/helmchart.yaml
+++ b/apps/infra/devops/reflector/helmchart.yaml
@@ -7,7 +7,7 @@ spec:
   repo: https://emberstack.github.io/helm-charts
   chart: reflector
   targetNamespace: infra-devops
-  version: 9.1.25
+  version: 9.1.38
   valuesContent: |-
     affinity:
       nodeAffinity:
diff --git a/apps/infra/devops/velero/helmchart.yaml b/apps/infra/devops/velero/helmchart.yaml
index 6db1f30..f00c7f2 100644
--- a/apps/infra/devops/velero/helmchart.yaml
+++ b/apps/infra/devops/velero/helmchart.yaml
@@ -7,7 +7,7 @@ spec:
   repo: https://vmware-tanzu.github.io/helm-charts
   chart: velero
   targetNamespace: infra-devops
-  version: 10.1.0
+  version: 11.1.1
   valuesContent: |-
     affinity:
       nodeAffinity:
@@ -32,7 +32,9 @@ spec:
       backupSyncPeriod: 1h0m0s
       defaultRepoMaintainFrequency: 3h0m0s
       repositoryMaintenanceJob:
-        latestJobsCount: 1
+        repositoryConfigData: 
+          global:
+            keepLatestMaintenanceJobs: 1
       backupStorageLocation:
         - name: devcm-hw
           default: true
@@ -53,7 +55,7 @@ spec:
           aws_secret_access_key = ky1n3OlNNu7wjgctVjCqb03HWxjZucRGhvcEBp51
     initContainers:
       - name: velero-plugin-for-aws
-        image: velero/velero-plugin-for-aws:v1.11.0
+        image: velero/velero-plugin-for-aws:v1.13.0
         volumeMounts:
           - mountPath: /target
             name: plugins
diff --git a/apps/infra/monitor/loki/helmchart-loki.yaml b/apps/infra/monitor/loki/helmchart-loki.yaml
index 9177803..618f5b0 100644
--- a/apps/infra/monitor/loki/helmchart-loki.yaml
+++ b/apps/infra/monitor/loki/helmchart-loki.yaml
@@ -7,7 +7,7 @@ spec:
   repo: https://grafana.github.io/helm-charts
   chart: loki
   targetNamespace: infra-monitor
-  version: 6.36.1
+  version: 6.46.0
   valuesContent: |-
     deploymentMode: SingleBinary
     gateway:
diff --git a/apps/infra/monitor/prometheus/helmchart.yaml b/apps/infra/monitor/prometheus/helmchart.yaml
index 7ca9550..de64bc6 100644
--- a/apps/infra/monitor/prometheus/helmchart.yaml
+++ b/apps/infra/monitor/prometheus/helmchart.yaml
@@ -7,7 +7,7 @@ spec:
   repo: https://prometheus-community.github.io/helm-charts
   chart: kube-prometheus-stack
   targetNamespace: infra-monitor
-  version: 75.13.0
+  version: 79.2.1
   valuesContent: |-
     kubeControllerManager:
       enabled: false
@@ -55,6 +55,8 @@ spec:
           - /
       assertNoLeakedSecrets: false
       grafana.ini:
+        public_dashboards:
+          enabled: false
         help:
           enabled: false
         news:
diff --git a/apps/infra/net/crowdsec/helmchart.yaml b/apps/infra/net/crowdsec/helmchart.yaml
index 5054564..5ad0090 100644
--- a/apps/infra/net/crowdsec/helmchart.yaml
+++ b/apps/infra/net/crowdsec/helmchart.yaml
@@ -7,11 +7,11 @@ spec:
   repo: https://crowdsecurity.github.io/helm-charts
   chart: crowdsec
   targetNamespace: infra-net
-  version: 0.19.5
+  version: 0.20.1
   valuesContent: |-
     container_runtime: containerd
     image:
-      tag: v1.6.11
+      tag: v1.7.3
     agent:
       affinity:
         podAffinity:
diff --git a/apps/infra/net/tailscale/helmchart-sh.yaml b/apps/infra/net/tailscale/helmchart-sh.yaml
deleted file mode 100644
index b2a9f20..0000000
--- a/apps/infra/net/tailscale/helmchart-sh.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: helm.cattle.io/v1
-kind: HelmChart
-metadata:
-  name: tailscale-derp-sh
-  namespace: infra-net
-spec:
-  repo: https://devcm-repo.github.io/helm-charts
-  chart: tailscale-derp
-  version: 0.0.9
-  targetNamespace: infra-net
-  valuesContent: |-
-    nodeSelector:
-      kubernetes.io/hostname: tcd
-    image:
-      tag: v1.90.6
-    hostNetwork: true
-    extraVolumes:
-      - name: cert-volume
-        secret:
-          secretName: dev-cm-crt
-          items:
-            - key: tls.key
-              path: tcd.node.dev.cm.key
-            - key: tls.crt
-              path: tcd.node.dev.cm.crt
-    extraVolumeMounts:
-      - name: cert-volume
-        mountPath: /certs
-    derp:
-      hostname: 'tcd.node.dev.cm'
-      verify_clients: true
-      http_port: -1
-      https_port: 30443
-      stun_port: 33478
-      certdir: /certs
diff --git a/apps/infra/net/tailscale/helmchart-hk.yaml b/apps/infra/net/tailscale/helmchart.yaml
similarity index 100%
rename from apps/infra/net/tailscale/helmchart-hk.yaml
rename to apps/infra/net/tailscale/helmchart.yaml
diff --git a/install/README.md b/install/README.md
index f1cbabb..93cb210 100644
--- a/install/README.md
+++ b/install/README.md
@@ -130,5 +130,6 @@ kubectl taint nodes tca node-role.kubernetes.io/master:NoSchedule
 
 ```shell
 iptables -A OUTPUT -p udp --dport 41641 -d 47.79.16.80 -j DROP && \
-ip6tables -A OUTPUT -p udp --dport 41641 -d 240b:4001:278:8402:0:3a3d:b8a5:3975 -j DROP
+ip6tables -A OUTPUT -p udp --dport 41641 -d 240b:4001:278:8402:0:3a3d:b8a5:3975 -j DROP && \
+ip6tables -A OUTPUT -p udp --dport 41641 -d 2402:4e00:1420:1700:2c34:8fa6:b6ba::/112 -j DROP
 ```