Service and version cleanups

Also smtp-secrets are named to match their namespace in the infisical namespace
for uniqueness.

namespaces/ai/openwebui/patches/chart.yaml

@@ -59,7 +59,7 @@ spec:
       - name: RAG_OLLAMA_BASE_URL
         value: "https://ollama.leechpepin.com:11434"
       - name: TIKA_SERVER_URL
-        value: "http://tika.apps.svc.cluster.local:9998"
+        value: "http://tika-svc.core.svc.cluster.local:9998"
       - name: WEBUI_URL
         value: "https://owui.leechpepin.com"
       - name: ENABLE_RAG_WEB_SEARCH

namespaces/apps/atuin/patches/deployment.yaml

@@ -25,7 +25,8 @@ spec:
           envFrom:
             - configMapRef:
                 name: atuin-config
-          image: ghcr.io/atuinsh/atuin:latest
+          image: ghcr.io/atuinsh/atuin:18.4.0
+          imagePullPolicy: IfNotPresent
           name: atuin
           ports:
             - containerPort: 8888

namespaces/apps/paperless/kustomization.yaml

@@ -96,8 +96,8 @@ configMapGenerator:
       - PAPERLESS_DBUSER=paperless
       - PAPERLESS_DBNAME=paperlessdb
       - PAPERLESS_TIKA_ENABLED="1"
-      - PAPERLESS_TIKA_ENDPOINT="http://tika-svc.apps:9998"
-      - PAPERLESS_TIKA_GOTENBURG_ENDPOINT="http://gotenburg-svc.apps:3000"
+      - PAPERLESS_TIKA_ENDPOINT="http://tika-svc.core:9998"
+      - PAPERLESS_TIKA_GOTENBURG_ENDPOINT="http://gotenburg-svc.core:3000"
       - PAPERLESS_USE_X_FORWARD_HOST="1"
       - PAPERLESS_TIME_ZONE="America/New_York"
       - PAPERLESS_URL="https://paperless.leechpepin.com"

namespaces/apps/paperless/patches/deployment.yaml

@@ -17,7 +17,8 @@ spec:
                       - arthur
       containers:
         - name: paperless
-          image: ghcr.io/paperless-ngx/paperless-ngx:latest
+          image: ghcr.io/paperless-ngx/paperless-ngx:2.14.7
+          imagePullPolicy: IfNotPresent
           volumeMounts:
             - name: consume-volume
               mountPath: /usr/src/paperless/consume

namespaces/apps/smtp-secrets.yaml

@@ -1,7 +1,7 @@
 apiVersion: secrets.infisical.com/v1alpha1
 kind: InfisicalSecret
 metadata:
-  name: smtp-secrets
+  name: smtp-secrets-apps
   namespace: infisical
   labels:
     label-to-be-passed-to-managed-secret: homelab

namespaces/core/gotenburg/kustomization.yaml

@@ -7,7 +7,7 @@ transformers:
     kind: NamespaceTransformer
     metadata:
       name: notImportantHere
-      namespace: apps
+      namespace: core
     unsetOnly: true
 
 namePrefix: gotenburg-
@@ -45,4 +45,4 @@ labels:
     pairs:
       app.kubernetes.io/appName: gotenburg
   - pairs:
-      app.kubernetes.io/appNamespace: apps
+      app.kubernetes.io/appNamespace: core

namespaces/core/tika/kustomization.yaml

@@ -7,7 +7,7 @@ transformers:
     kind: NamespaceTransformer
     metadata:
       name: notImportantHere
-      namespace: apps
+      namespace: core
     unsetOnly: true
 
 namePrefix: tika-
@@ -45,4 +45,4 @@ labels:
     pairs:
       app.kubernetes.io/appName: tika
   - pairs:
-      app.kubernetes.io/appNamespace: apps
+      app.kubernetes.io/appNamespace: core

namespaces/core/tika/patches/deployment.yaml

@@ -7,7 +7,7 @@ spec:
     spec:
       containers:
         - name: tika
-          image: docker.io/apache/tika:latest
+          image: docker.io/apache/tika:3.1.0.0
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 9998

namespaces/monitoring/diun/patches/deployment.yaml

@@ -23,8 +23,8 @@ spec:
       serviceAccountName: diun
       containers:
         - name: diun
-          image: crazymax/diun:latest
-          imagePullPolicy: Always
+          image: crazymax/diun:4.29.0
+          imagePullPolicy: IfNotPresent
           args: ["serve"]
           envFrom:
             - configMapRef:

namespaces/monitoring/healthchecks/patches/deployment.yaml

@@ -22,7 +22,8 @@ spec:
                       - "true"
       containers:
         - name: healthchecks
-          image: healthchecks/healthchecks:latest
+          image: healthchecks/healthchecks:v3.9
+          imagePullPolicy: IfNotPresent
           envFrom:
             - configMapRef:
                 name: healthchecks-config

namespaces/monitoring/smtp-secrets.yaml

@@ -1,7 +1,7 @@
 apiVersion: secrets.infisical.com/v1alpha1
 kind: InfisicalSecret
 metadata:
-  name: smtp-secrets
+  name: smtp-secrets-monitoring
   namespace: infisical
   labels:
     label-to-be-passed-to-managed-secret: homelab

namespaces/monitoring/uptime-kuma/kustomization.yaml

@@ -13,7 +13,7 @@ transformers:
 namePrefix: uptime-kuma-
 resources:
   - ../../../kustomize/deployment/
-  - extra/middleware-auth.yaml
+  # - extra/middleware-auth.yaml
 
 replacements:
   - source:

namespaces/monitoring/uptime-kuma/patches/httproute.yaml

@@ -2,13 +2,13 @@ apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
   name: http
-spec:
-  rules:
-    - backendRefs:
-        - port: 80
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: authentik-forward-auth
+# spec:
+#   rules:
+#     - backendRefs:
+#         - port: 80
+#       filters:
+#         - type: ExtensionRef
+#           extensionRef:
+#             group: traefik.io
+#             kind: Middleware
+#             name: authentik-forward-auth