diff --git a/apps/apps/halo/helmchart.yaml b/apps/apps/halo/helmchart.yaml
index 98fca6c..baf8646 100644
--- a/apps/apps/halo/helmchart.yaml
+++ b/apps/apps/halo/helmchart.yaml
@@ -22,7 +22,7 @@ spec:
namespaceSelector: {}
image:
repository: halohub/halo-pro
- tag: 2.22.9
+ tag: 2.22.10
service:
type: ClusterIP
ingress:
diff --git a/apps/infra/devops/gitea/configmap-custom.yaml b/apps/infra/devops/gitea/configmap-custom.yaml
index 2752d62..623467c 100644
--- a/apps/infra/devops/gitea/configmap-custom.yaml
+++ b/apps/infra/devops/gitea/configmap-custom.yaml
@@ -16,7 +16,7 @@ data:
-
+ dev.cm - Git {{ctx.Locale.Tr "repository"}}
@@ -24,4 +24,8 @@ data:
{{template "base/footer" .}}
extra_links.tmpl: |-
- CI
\ No newline at end of file
+ {{if eq ctx.Locale.Lang "zh-CN"}}博客{{else}}Blog{{end}}
+
+
\ No newline at end of file
diff --git a/apps/infra/devops/gitea/helmchart-runner.yaml b/apps/infra/devops/gitea/helmchart-runner.yaml
new file mode 100644
index 0000000..54d1f67
--- /dev/null
+++ b/apps/infra/devops/gitea/helmchart-runner.yaml
@@ -0,0 +1,24 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: gitea-actions
+ namespace: infra-devops
+spec:
+ repo: https://dl.gitea.com/charts
+ chart: actions
+ targetNamespace: infra-devops
+ version: 0.0.2
+ valuesContent: |-
+ enabled: true
+ statefulset:
+ affinity:
+ nodeSelector:
+ dev-cm-runner/enabled: "true"
+ giteaRootURL: http://gitea-http.infra-devops.svc.cluster.local:3000
+ existingSecret: gitea-runner
+ existingSecretKey: token
+
+
+
+
+
diff --git a/apps/infra/devops/gitea/helmchart.yaml b/apps/infra/devops/gitea/helmchart.yaml
index 90b5e07..254a6da 100644
--- a/apps/infra/devops/gitea/helmchart.yaml
+++ b/apps/infra/devops/gitea/helmchart.yaml
@@ -80,6 +80,8 @@ spec:
CONN_STR: redis://:ribiPwYQNU6GWxCYR0Nj@redis-cluster-sh-master.infra-data:6379/0
repository:
DEFAULT_REPO_UNITS: repo.code,repo.releases,repo.issues,repo.pulls
+ actions:
+ ENABLED: true
service:
DISABLE_REGISTRATION: true
NO_REPLY_ADDRESS: noreply.dev.cm
@@ -90,6 +92,7 @@ spec:
NAMES: 简体中文,English
other:
SHOW_FOOTER_VERSION: false
+ SHOW_FOOTER_POWERED_BY: false
log:
LEVEL: Info
valkey-cluster:
diff --git a/apps/infra/devops/reflector/helmchart.yaml b/apps/infra/devops/reflector/helmchart.yaml
index d3d78b9..1d0df90 100644
--- a/apps/infra/devops/reflector/helmchart.yaml
+++ b/apps/infra/devops/reflector/helmchart.yaml
@@ -7,7 +7,7 @@ spec:
repo: https://emberstack.github.io/helm-charts
chart: reflector
targetNamespace: infra-devops
- version: 9.1.38
+ version: 9.1.45
valuesContent: |-
affinity:
nodeAffinity:
diff --git a/apps/infra/devops/velero/helmchart.yaml b/apps/infra/devops/velero/helmchart.yaml
index f00c7f2..7b9e784 100644
--- a/apps/infra/devops/velero/helmchart.yaml
+++ b/apps/infra/devops/velero/helmchart.yaml
@@ -7,7 +7,7 @@ spec:
repo: https://vmware-tanzu.github.io/helm-charts
chart: velero
targetNamespace: infra-devops
- version: 11.1.1
+ version: 11.3.2
valuesContent: |-
affinity:
nodeAffinity:
diff --git a/apps/infra/monitor/loki/helmchart-loki.yaml b/apps/infra/monitor/loki/helmchart-loki.yaml
index 618f5b0..c915f7b 100644
--- a/apps/infra/monitor/loki/helmchart-loki.yaml
+++ b/apps/infra/monitor/loki/helmchart-loki.yaml
@@ -7,7 +7,7 @@ spec:
repo: https://grafana.github.io/helm-charts
chart: loki
targetNamespace: infra-monitor
- version: 6.46.0
+ version: 6.49.0
valuesContent: |-
deploymentMode: SingleBinary
gateway:
diff --git a/apps/infra/monitor/loki/helmchart-promtail.yaml b/apps/infra/monitor/loki/helmchart-promtail.yaml
index 37d2696..fb5f5e3 100644
--- a/apps/infra/monitor/loki/helmchart-promtail.yaml
+++ b/apps/infra/monitor/loki/helmchart-promtail.yaml
@@ -18,11 +18,11 @@ spec:
tenant_id: 1
snippets:
extraRelabelConfigs:
- # 匹配log_collecting_enabled标签 只有为true时才收集日志
- - source_labels: [__meta_kubernetes_pod_label_log_collecting_enabled]
+ # 匹配 devcm-log-collecting/enabled 标签 只有为true时才收集日志
+ - source_labels: [__meta_kubernetes_pod_label_devcm_log_collecting_enabled]
action: keep
regex: true
- # 匹配log_collecting_only_errors标签并只保留stderr流
- - source_labels: [__meta_kubernetes_pod_label_log_collecting_only_errors]
+ # 匹配 devcm-log-collecting/only-errors标签并只保留stderr流
+ - source_labels: [__meta_kubernetes_pod_label_devcm_log_collecting_only_errors]
action: drop
regex: stdout
diff --git a/apps/infra/monitor/prometheus/helmchart.yaml b/apps/infra/monitor/prometheus/helmchart.yaml
index 65c2736..0df5148 100644
--- a/apps/infra/monitor/prometheus/helmchart.yaml
+++ b/apps/infra/monitor/prometheus/helmchart.yaml
@@ -7,7 +7,7 @@ spec:
repo: https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
targetNamespace: infra-monitor
- version: 79.5.0
+ version: 81.0.0
valuesContent: |-
kubeControllerManager:
enabled: false
diff --git a/apps/infra/net/crowdsec/helmchart.yaml b/apps/infra/net/crowdsec/helmchart.yaml
index 5ad0090..6eefc22 100644
--- a/apps/infra/net/crowdsec/helmchart.yaml
+++ b/apps/infra/net/crowdsec/helmchart.yaml
@@ -7,11 +7,11 @@ spec:
repo: https://crowdsecurity.github.io/helm-charts
chart: crowdsec
targetNamespace: infra-net
- version: 0.20.1
+ version: 0.21.1
valuesContent: |-
container_runtime: containerd
image:
- tag: v1.7.3
+ tag: v1.7.4
agent:
affinity:
podAffinity:
diff --git a/apps/infra/net/nginx/helmchart.yaml b/apps/infra/net/nginx/helmchart.yaml
index f0ebc16..02340a5 100644
--- a/apps/infra/net/nginx/helmchart.yaml
+++ b/apps/infra/net/nginx/helmchart.yaml
@@ -6,11 +6,16 @@ metadata:
spec:
repo: https://kubernetes.github.io/ingress-nginx
chart: ingress-nginx
- version: 4.11.8
+ version: 4.13.2
targetNamespace: infra-net
valuesContent: |-
fullnameOverride: ingress-nginx
controller:
+ image:
+ registry: docker.io
+ image: crowdsecurity/controller
+ tag: v1.13.2
+ digest: sha256:4575be24781cad35f8e58437db6a3f492df2a3167fed2b6759a6ff0dc3488d56
nodeSelector:
svccontroller.k3s.cattle.io/enablelb: "true"
tolerations:
@@ -18,7 +23,7 @@ spec:
operator: "Exists"
effect: "NoSchedule"
labels:
- log-collecting/enabled: "true"
+ devcm-log-collecting/enabled: "true"
kind: DaemonSet
hostNetwork: true
hostPort:
@@ -33,6 +38,8 @@ spec:
enabled: false
publishService:
enabled: false
+ # 禁用默认的注解验证以防止冲突
+ enableAnnotationValidations: false
config:
use-forwarded-headers: "true"
allow-snippet-annotations: "true"
@@ -121,13 +128,13 @@ spec:
plugins: "crowdsec"
lua-shared-dicts: "crowdsec_cache: 50m"
# 启用geoip2模块
- maxmindLicenseKey: "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"
+ maxmindLicenseKey: "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"
extraArgs:
default-ssl-certificate: "infra-net/dev-cm-crt"
# crowdsec插件配置
extraInitContainers:
- name: init-clone-crowdsec-bouncer
- image: crowdsecurity/lua-bouncer-plugin:v1.0.5
+ image: crowdsecurity/lua-bouncer-plugin:v1.1.2
imagePullPolicy: IfNotPresent
env:
- name: SHELL