chore(argocd): enforce api write-back and pin image tags

2025-11-30 14:14:37 +01:00
parent 5d047ba639
commit adcc180ad9
9 changed files with 47 additions and 14 deletions
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-image-updater-config
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: argocd-image-updater-config
+    app.kubernetes.io/part-of: argocd-image-updater
+data:
+  # Force image-updater to use the ArgoCD API for write-back to avoid multi-source git issues.
+  write-back-method: argocd
+  # Keep git identity in case git mode is explicitly used for single-source apps later.
+  git.user: argocd-image-updater
+  git.email: argocd@turing.lan
+  argocd.server_addr: argocd-server.argocd.svc.cluster.local
+  argocd.plaintext: "true"
+  argocd.insecure: "true"
@@ -2,7 +2,7 @@
 image:
  repository: ghcr.io/flaresolverr/flaresolverr
  pullPolicy: IfNotPresent
-  tag: v3.3.21
+  tag: "latest@sha256:f104ee51e5124d83cf3be9b37480649355d223f7d8f9e453d0d5ef06c6e3b31b"

 env:
  TZ: UTC
@@ -18,4 +18,3 @@ ingress:
  # @default -- See values.yaml
  main:
    enabled: false
-
@@ -2,7 +2,7 @@ replicaCount: 1
 image:
  repository: ollama/ollama
  pullPolicy: IfNotPresent
-  tag: "latest"
+  tag: "latest@sha256:d4188c1dfa870386a14e299976aed96daeb83876b69e1a852c9d09ea76463b9f"


 # Ollama parameters
@@ -20,4 +20,3 @@ service:

 nodeSelector:
  kubernetes.io/arch: amd64
-
@@ -2,7 +2,7 @@ claimToken: "claim-E_NxQDtUMMVsLCBFvybK"

 image:
  repository: linuxserver/plex
-  tag: latest
+  tag: "latest@sha256:28f18c27b6822328df994154dbf7c0f511032d9f91bbd10881030b706afd8593"
  pullPolicy: Always


@@ -1,6 +1,6 @@
 image:
  repository: lscr.io/linuxserver/prowlarr
-  tag: 1.37.0.5076-ls121
+  tag: "latest@sha256:4f2a6d597845b2f3e19284b1d982b3e0b4bd7c22472c2979c956aa198b83f472"
  pullPolicy: Always

 env:
@@ -37,4 +37,3 @@ nodeSelector: {}
 tolerations: []

 affinity: {}
-
@@ -3,7 +3,7 @@ replicaCount: 1

 image:
  repository: ghcr.io/linuxserver/radarr
-  tag: latest
+  tag: "latest@sha256:7eb64f5af8bbe48e79bc55c0c37ca8db89b2f073a9ff0094f603916ae1df9de8"
  pullPolicy: Always

 env:
@@ -3,7 +3,7 @@ replicaCount: 1

 image:
  repository: ghcr.io/linuxserver/sonarr
-  tag: latest
+  tag: "latest@sha256:e00e87e0e7c24fdc992093756f120a6ab292790b6a637ff3641bf813091cd726"
  pullPolicy: Always

 env:
@@ -3,7 +3,7 @@ replicaCount: 1

 image:
  repository: "haugene/transmission-openvpn"
-  tag: "latest"
+  tag: "latest@sha256:ecc30da79114d801295fd10a5dbaf8640b19707d012fb55be0671ddbe0503037"
  pullPolicy: "IfNotPresent"

 env:
@@ -58,4 +58,3 @@ securityContext:

 nodeSelector:
  kubernetes.io/arch: arm64
-
@@ -1,7 +1,7 @@
 ---
 image:
  repository: docker.io/jellyfin/jellyfin
-  tag: ""
+  tag: "latest@sha256:96b09723b22fdde74283274bdc1f63b9b76768afd6045dd80d4a4559fc4bb7f3"
  pullPolicy: Always

 service:
@@ -17,9 +17,29 @@ persistence:
 resources:
  requests:
    memory: "2Gi"
-    cpu: "3"
+    cpu: "1"
    ephemeral-storage: "50Mi"
  limits:
    memory: "6Gi"
-    cpu: "4"
+    cpu: "1"
    ephemeral-storage: "1Gi"
+
+nodeSelector:
+  kubernetes.io/arch: amd64
+
+securityContext:
+  capabilities:
+    add:
+      - "SYS_ADMIN"
+    drop:
+      - "ALL"
+  privileged: false
+
+volumes:
+  - name: hwa
+    hostPath:
+      path: /dev/dri
+
+volumeMounts:
+  - name: hwa
+    mountPath: /dev/dri