Update docker.io/swaggerapi/swagger-ui Docker tag to v5.29.0

delete crossplane
update vaultwarden
2025-09-10 09:21:08 +00:00 · 2025-09-01 16:09:18 -05:00 · 2025-09-01 08:31:32 -05:00 · 2025-08-09 12:35:04 +00:00 · 2025-07-23 19:57:42 -05:00 · 2025-07-23 19:51:54 -05:00
116 changed files with 744 additions and 354 deletions
--- a/ansible/roles/base/files/authorized_keys_user
+++ b/ansible/roles/base/files/authorized_keys_user
@@ -1 +1,2 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhPVgL8gXdRTw0E2FvlOUoUI4vd794nB0nZVIsc+U5M
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGilcndatMrXg06VxtNKuIo3scoyyXbYX8Z7cOjeA102AAAABHNzaDo= desktop-arch-09-08-2025-yubikey
 sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINsbNSZ5Wr+50Ahz+IeZxt6F7gZ6wm1J8uKXQLbdbKFaAAAABHNzaDo= desktop-arch-09-08-2025-yubikeyNano
--- a/dev/cert-manager/Chart.yaml
+++ b/dev/cert-manager/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: cert-manager
  repository: https://charts.jetstack.io
-  version: v1.16.3
+  version: v1.17.2
--- a/dev/cert-manager/templates/secretvault.yaml
+++ b/dev/cert-manager/templates/secretvault.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: cloudflare-api-token-secret
--- a/dev/external-dns/Chart.yaml
+++ b/dev/external-dns/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: 0.0.1
 dependencies:
 - name: external-dns
  repository: https://charts.bitnami.com/bitnami
-  version: 8.3.8
+  version: 8.9.2
--- a/dev/external-dns/templates/secrets.yaml
+++ b/dev/external-dns/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: external-dns-secret
--- a/dev/external-secrets/Chart.yaml
+++ b/dev/external-secrets/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: external-secrets
  repository: https://charts.external-secrets.io
-  version: 0.13.0
+  version: 0.17.0
--- a/dev/metallb-system/Chart.yaml
+++ b/dev/metallb-system/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: metallb
  repository: https://metallb.github.io/metallb
-  version: 0.14.9
+  version: 0.15.2
--- a/dev/terraform/main.tf
+++ b/dev/terraform/main.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
    proxmox = {
      source  = "Telmate/proxmox"
-      version = "3.0.1-rc6"
+      version = "3.0.1-rc9"
    }
  }
 }
--- a/dev/traefik/Chart.yaml
+++ b/dev/traefik/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: traefik
  repository: https://traefik.github.io/charts
-  version: 34.0.0
+  version: 34.5.0
--- a/dev/vault/Chart.yaml
+++ b/dev/vault/Chart.yaml
@@ -8,5 +8,5 @@ appVersion: 0.0.1
 dependencies:
 - name: vault
  repository: https://helm.releases.hashicorp.com  
-  version: 0.29.1
+  version: 0.30.0
--- a/dev/vault/templates/secret-store.yaml
+++ b/dev/vault/templates/secret-store.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ClusterSecretStore
 metadata:
  name: vault
--- a/dmz/authentik/templates/ingress.yaml
+++ b/dmz/authentik/templates/ingress.yaml
@@ -0,0 +1,62 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: authentik-tls
 spec:
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  secretName: authentik-tls
  commonName: "authentik.durp.info"
  dnsNames:
    - "authentik.durp.info"
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: authentik-ingress
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
      kind: Rule
      services:
        - name: infra-cluster
          port: 443
  tls:
    secretName: authentik-tls
 ---
 kind: Service
 apiVersion: v1
 metadata:
  name: authentik-external-dns
  annotations:
    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
 spec:
  type: ExternalName
  externalName: durp.info
 ---
 apiVersion: v1
 kind: Endpoints
 metadata:
  name: infra-cluster
 subsets:
  - addresses:
      - ip: 192.168.12.130
    ports:
      - port: 443
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: infra-cluster
 spec:
  ports:
    - protocol: TCP
      port: 443
      targetPort: 443
--- a/dmz/cert-manager/Chart.yaml
+++ b/dmz/cert-manager/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: cert-manager
  repository: https://charts.jetstack.io
-  version: v1.16.3
+  version: v1.17.2
--- a/dmz/cert-manager/templates/secretvault.yaml
+++ b/dmz/cert-manager/templates/secretvault.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: cloudflare-api-token-secret
--- a/dmz/crowdsec/Chart.yaml
+++ b/dmz/crowdsec/Chart.yaml
@@ -0,0 +1,11 @@
 apiVersion: v2
 name: crowdsec
 description: A Helm chart for Kubernetes
 type: application
 version: 0.0.1
 appVersion: 0.0.1
 dependencies:
  - name: crowdsec
    repository: https://crowdsecurity.github.io/helm-charts
    version: 0.19.4
--- a/dmz/crowdsec/templates/secrets.yaml
+++ b/dmz/crowdsec/templates/secrets.yaml
@@ -0,0 +1,29 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: enroll-key
 spec:
  secretStoreRef:
    name: vault
    kind: ClusterSecretStore
  target:
    name: enroll-key
  data:
    - secretKey: ENROLL_INSTANCE_NAME
      remoteRef:
        key: kv/crowdsec/dmz-enroll
        property: ENROLL_INSTANCE_NAME
    - secretKey: ENROLL_KEY
      remoteRef:
        key: kv/crowdsec/dmz-enroll
        property: ENROLL_KEY
    - secretKey: ENROLL_TAGS
      remoteRef:
        key: kv/crowdsec/dmz-enroll
        property: ENROLL_TAGS
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: vault
--- a/dmz/crowdsec/values.yaml
+++ b/dmz/crowdsec/values.yaml
@@ -0,0 +1,24 @@
 crowdsec:
  #
  image:
    repository: registry.durp.info/crowdsecurity/crowdsec
    pullPolicy: Always
  # for raw logs format: json or cri (docker|containerd)
  container_runtime: containerd
  agent:
    # Specify each pod whose logs you want to process
    acquisition:
      # The namespace where the pod is located
      - namespace: traefik
        # The pod name
        podName: traefik-*
        # as in crowdsec configuration, we need to specify the program name to find a matching parser
        program: traefik
    env:
      - name: COLLECTIONS
        value: "crowdsecurity/traefik"
  lapi:
    envFrom:
      - secretRef:
          name: enroll-key
--- a/dmz/external-dns/Chart.yaml
+++ b/dmz/external-dns/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: 0.0.1
 dependencies:
 - name: external-dns
  repository: https://charts.bitnami.com/bitnami
-  version: 8.3.8
+  version: 8.9.2
--- a/dmz/external-dns/templates/secrets.yaml
+++ b/dmz/external-dns/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: external-dns-secret
--- a/dmz/external-dns/values.yaml
+++ b/dmz/external-dns/values.yaml
@@ -1,6 +1,8 @@
 external-dns:
  global:
    imageRegistry: "registry.durp.info"
    security:
      allowInsecureImages: true
  image:
    pullPolicy: Always
--- a/dmz/external-secrets/Chart.yaml
+++ b/dmz/external-secrets/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
  - name: external-secrets
    repository: https://charts.external-secrets.io
-  version: 0.15.0
+    version: 0.17.0
--- a/dmz/external-secrets/values.yaml
+++ b/dmz/external-secrets/values.yaml
@@ -1,7 +1,13 @@
 external-secrets:
-  replicaCount: 3
+  global:
    security:
      allowInsecureImages: true
  log:
    level: debug
  replicaCount: 1
  revisionHistoryLimit: 1
-  leaderElect: true
+  leaderElect: false
  installCRDs: true
  crds:
@@ -27,13 +33,13 @@ external-secrets:
      subPath: vault.pem
      readOnly: true
-  resources: 
+  #  resources:
-    requests:
+  #    requests:
-      memory: 32Mi
+  #      memory: 32Mi
-      cpu: 10m
+  #      cpu: 10m
-    limits:
+  #    limits:
-      memory: 32Mi
+  #      memory: 32Mi
-      cpu: 10m
+  #      cpu: 10m
  webhook:
    create: false
@@ -55,13 +61,13 @@ external-secrets:
        subPath: vault.pem
        readOnly: true
-    resources: 
+  #    resources:
-      requests:
+  #      requests:
-        memory: 32Mi
+  #        memory: 32Mi
-        cpu: 10m
+  #        cpu: 10m
-      limits:
+  #      limits:
-        memory: 32Mi
+  #        memory: 32Mi
-        cpu: 10m
+  #        cpu: 10m
  certController:
    create: false
--- a/dmz/gitlab-runner/Chart.yaml
+++ b/dmz/gitlab-runner/Chart.yaml
@@ -8,8 +8,8 @@ appVersion: 0.0.1
 dependencies:
 - name: gitlab-runner
  repository: https://charts.gitlab.io/
-  version: 0.69.0
+  version: 0.77.2
 - name: gitlab-runner
  repository: https://charts.gitlab.io/
-  version: 0.69.0
+  version: 0.77.2
  alias: personal
--- a/dmz/gitlab-runner/templates/secrets.yaml
+++ b/dmz/gitlab-runner/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: gitlab-secret
@@ -27,7 +27,7 @@ metadata:
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: gitlab-secret-personal
--- a/dmz/internalproxy/templates/authentik.yaml
+++ b/dmz/internalproxy/templates/authentik.yaml
@@ -1,42 +1,40 @@
-apiVersion: traefik.io/v1alpha1
+#apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
+#kind: IngressRoute
-metadata:
+#metadata:
-  name: authentik-ingress
+#  name: authentik-ingress
-spec:
+#spec:
-  entryPoints:
+#  entryPoints:
-    - websecure
+#    - websecure
-  routes:
+#  routes:
-  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
+#    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
-    kind: Rule
+#      kind: Rule
-    services:
+#      services:
-    - name: infra-cluster
+#        - name: infra-cluster
-      port: 443
+#          port: 443
-  tls:
+#  tls:
-    secretName: authentik-tls
+#    secretName: authentik-tls
-
+#
---
+#---
-
+#apiVersion: cert-manager.io/v1
-apiVersion: cert-manager.io/v1
+#kind: Certificate
-kind: Certificate
+#metadata:
-metadata:
+#  name: authentik-tls
-  name: authentik-tls
+#spec:
-spec:
+#  issuerRef:
-  issuerRef:
+#    name: letsencrypt-production
-    name: letsencrypt-production
+#    kind: ClusterIssuer
-    kind: ClusterIssuer
+#  secretName: authentik-tls
-  secretName: authentik-tls
+#  commonName: "authentik.durp.info"
-  commonName: "authentik.durp.info"
+#  dnsNames:
-  dnsNames:
+#    - "authentik.durp.info"
-  - "authentik.durp.info"
+#
-
+#---
---
+#kind: Service
-
+#apiVersion: v1
-kind: Service
+#metadata:
-apiVersion: v1
+#  name: authentik-external-dns
-metadata:
+#  annotations:
-  name: authentik-external-dns
+#    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
-  annotations:
+#spec:
-    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
+#  type: ExternalName
-spec:
+#  externalName: durp.info
  type: ExternalName
  externalName: durp.info
--- a/dmz/internalproxy/templates/n8n.yaml
+++ b/dmz/internalproxy/templates/n8n.yaml
@@ -0,0 +1,72 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: n8n
 spec:
  ports:
    - name: app
      port: 5678
      protocol: TCP
      targetPort: 5678
  clusterIP: None
  type: ClusterIP
 ---
 apiVersion: v1
 kind: Endpoints
 metadata:
  name: n8n
 subsets:
  - addresses:
      - ip: 192.168.20.104
    ports:
      - name: app
        port: 5678
        protocol: TCP
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: n8n-ingress
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`n8n.durp.info`) && PathPrefix(`/`)
      kind: Rule
      services:
        - name: n8n
          port: 5678
          scheme: http
  tls:
    secretName: n8n-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: n8n-tls
 spec:
  secretName: n8n-tls
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: "n8n.durp.info"
  dnsNames:
    - "n8n.durp.info"
 ---
 kind: Service
 apiVersion: v1
 metadata:
  name: n8n-dns
  annotations:
    dns.alpha.kubernetes.io/hostname: n8n.durp.info
 spec:
  type: ExternalName
  externalName: durp.info
--- a/dmz/internalproxy/templates/octopus.yaml
+++ b/dmz/internalproxy/templates/octopus.yaml
@@ -15,7 +15,6 @@ spec:
    secretName: octopus-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -30,7 +29,6 @@ spec:
    - "octopus.durp.info"
 ---
 kind: Service
 apiVersion: v1
 metadata:
--- a/dmz/internalproxy/templates/ollama.yaml
+++ b/dmz/internalproxy/templates/ollama.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: ollama-secret
--- a/dmz/internalproxy/templates/registry.yaml
+++ b/dmz/internalproxy/templates/registry.yaml
@@ -12,7 +12,6 @@ spec:
  type: ClusterIP
 ---
 apiVersion: v1
 kind: Endpoints
 metadata:
@@ -26,7 +25,6 @@ subsets:
        protocol: TCP
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -37,6 +35,9 @@ spec:
  routes:
    - match: Host(`registry.durp.info`) && PathPrefix(`/`)
      kind: Rule
      middlewares:
        - name: whitelist
          namespace: traefik
      services:
        - name: registry
          port: 5000
@@ -44,7 +45,6 @@ spec:
    secretName: registry-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -59,13 +59,12 @@ spec:
    - "registry.durp.info"
 ---
-
+#kind: Service
-kind: Service
+#apiVersion: v1
-apiVersion: v1
+#metadata:
-metadata:
+#  name: registry-external-dns
-  name: registry-external-dns
+#  annotations:
-  annotations:
+#    external-dns.alpha.kubernetes.io/hostname: registry.durp.info
-    external-dns.alpha.kubernetes.io/hostname: registry.durp.info
+#spec:
-spec:
+#  type: ExternalName
-  type: ExternalName
+#  externalName: durp.info
  externalName: durp.info
--- a/dmz/istio-system/Chart.yaml
+++ b/dmz/istio-system/Chart.yaml
@@ -8,10 +8,10 @@ appVersion: 0.0.1
 dependencies:
  - name: base
    repository: https://istio-release.storage.googleapis.com/charts
-    version: 1.25.1
+    version: 1.26.2
  - name: istiod
    repository: https://istio-release.storage.googleapis.com/charts
-    version: 1.25.1
+    version: 1.26.2
  - name: gateway
    repository: https://istio-release.storage.googleapis.com/charts
-    version: 1.25.1
+    version: 1.26.2
--- a/dmz/longhorn/Chart.yaml
+++ b/dmz/longhorn/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: longhorn
  repository: https://charts.longhorn.io
-  version: 1.7.2
+  version: 1.9.0
--- a/dmz/longhorn/templates/secrets.yaml
+++ b/dmz/longhorn/templates/secrets.yaml
@@ -5,7 +5,7 @@ metadata:
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: external-longhorn-backup-token-secret
--- a/dmz/metallb-system/Chart.yaml
+++ b/dmz/metallb-system/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: metallb
  repository: https://metallb.github.io/metallb
-  version: 0.14.9
+  version: 0.15.2
--- a/dmz/redlib/templates/ingress.yaml
+++ b/dmz/redlib/templates/ingress.yaml
@@ -18,7 +18,6 @@ spec:
    secretName: redlib-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -33,7 +32,6 @@ spec:
    - "redlib.durp.info"
 ---
 kind: Service
 apiVersion: v1
 metadata:
--- a/dmz/terraform/main.tf
+++ b/dmz/terraform/main.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
    proxmox = {
      source  = "Telmate/proxmox"
-      version = "3.0.1-rc6"
+      version = "3.0.1-rc9"
    }
  }
 }
--- a/dmz/traefik/Chart.yaml
+++ b/dmz/traefik/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: traefik
  repository: https://traefik.github.io/charts
-  version: 34.0.0
+  version: 34.5.0
--- a/dmz/traefik/templates/middleware.yaml
+++ b/dmz/traefik/templates/middleware.yaml
@@ -5,7 +5,7 @@ metadata:
  namespace: traefik
 spec:
  forwardAuth:
-    address: http://ak-outpost-dmz-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
+    address: http://ak-outpost-authentik-dmz-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
    trustForwardHeader: true
    authResponseHeaders:
      - X-authentik-username
@@ -21,7 +21,6 @@ spec:
      - X-authentik-meta-version
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
@@ -33,3 +32,23 @@ spec:
      - 192.168.0.0/16
      - 172.16.0.0/12
      - 10.0.0.0/8
 ---
 #apiVersion: traefik.io/v1alpha1
 #kind: Middleware
 #metadata:
 #  name: bouncer
 #  namespace: traefik
 #spec:
 #  plugin:
 #    bouncer:
 #      enabled: true
 #      crowdsecMode: stream
 #      crowdsecLapiScheme: https
 #      crowdsecLapiTLSInsecureVerify: true
 #      crowdsecLapiHost: crowdsec-service.crowdsec:8080
 #      crowdsecLapiKey:
 #        valueFrom:
 #          secretKeyRef:
 #            name: crowdsec-lapi-key
 #            key: lapi-key
--- a/dmz/traefik/templates/secrets.yaml
+++ b/dmz/traefik/templates/secrets.yaml
@@ -0,0 +1,21 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: crowdsec-lapi-key
 spec:
  secretStoreRef:
    name: vault
    kind: ClusterSecretStore
  target:
    name: crowdsec-lapi-key
  data:
    - secretKey: lapi-key
      remoteRef:
        key: kv/crowdsec/api
        property: key
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: vault
--- a/dmz/traefik/templates/traefik-dashboard.yaml
+++ b/dmz/traefik/templates/traefik-dashboard.yaml
@@ -1,34 +1,35 @@
-#apiVersion: traefik.io/v1alpha1
+apiVersion: traefik.io/v1alpha1
-#kind: IngressRoute
+kind: IngressRoute
-#metadata:
+metadata:
-#  name: traefik-ingress
+  name: traefik-ingress
-#spec:
+spec:
-#  entryPoints:
+  entryPoints:
-#    - websecure
+    - websecure
-#  routes:
+  routes:
-#  - match: Host(`traefik.durp.info`)
+    - match: Host(`traefik.dmz.durp.info`)
-#    kind: Rule
+      kind: Rule
-#    services:
+      middlewares:
-#    - name: api@internal
+        - name: whitelist
-#      kind: TraefikService
+          namespace: traefik
-#  tls:
+        - name: authentik-proxy-provider
-#    secretName: traefik-tls  
+          namespace: traefik
-#
+      services:
-#---
+        - name: api@internal
-#
+          kind: TraefikService
-#apiVersion: cert-manager.io/v1
+  tls:
-#kind: Certificate
+    secretName: traefik-tls
-#metadata:
+
-#  name: traefik-tls
+---
-#  namespace: traefik
+apiVersion: cert-manager.io/v1
-#spec:
+kind: Certificate
-#  secretName: traefik-tls
+metadata:
-#  issuerRef:
+  name: traefik-tls
-#    name: letsencrypt-production
+  namespace: traefik
-#    kind: ClusterIssuer
+spec:
-#  commonName: "traefik.durp.info"
+  secretName: traefik-tls
-#  dnsNames:
+  issuerRef:
-#  - "traefik.durp.info"
+    name: vault-issuer
-#
+    kind: ClusterIssuer
-#---
+  commonName: "traefik.dmz.durp.info"
-#
+  dnsNames:
    - "traefik.dmz.durp.info"
--- a/dmz/traefik/values.yaml
+++ b/dmz/traefik/values.yaml
@@ -29,6 +29,8 @@ traefik:
    - "--log.level=DEBUG"
    - --experimental.plugins.jwt.moduleName=github.com/traefik-plugins/traefik-jwt-plugin
    - --experimental.plugins.jwt.version=v0.7.0
    - --experimental.plugins.bouncer.moduleName=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
    - --experimental.plugins.bouncer.version=v1.4.2
  autoscaling:
    enabled: true
@@ -49,7 +51,6 @@ traefik:
            value: 1
            periodSeconds: 60
  # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for `traefik` container.
  resources:
    requests:
--- a/dmz/vault/Chart.yaml
+++ b/dmz/vault/Chart.yaml
@@ -8,5 +8,5 @@ appVersion: 0.0.1
 dependencies:
 - name: vault
  repository: https://helm.releases.hashicorp.com  
-  version: 0.29.1
+  version: 0.30.0
--- a/dmz/vault/templates/secret-store.yaml
+++ b/dmz/vault/templates/secret-store.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ClusterSecretStore
 metadata:
  name: vault
--- a/infra/argocd/Chart.yaml
+++ b/infra/argocd/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: argo-cd
  repository: https://argoproj.github.io/argo-helm
-  version: 6.11.1
+  version: 8.1.3
--- a/infra/argocd/templates/argocd-crossplane.yaml
+++ b/infra/argocd/templates/argocd-crossplane.yaml
@@ -0,0 +1,101 @@
 #apiVersion: external-secrets.io/v1
 #kind: ExternalSecret
 #metadata:
 #  name: argocd-secret-crossplane
 #spec:
 #  secretStoreRef:
 #    name: vault
 #    kind: ClusterSecretStore
 #  target:
 #    name: argocd-secret-crossplane
 #  data:
 #    - secretKey: authToken
 #      remoteRef:
 #        key: kv/argocd/provider-argocd
 #        property: token
 #
 #---
 #apiVersion: external-secrets.io/v1
 #kind: ExternalSecret
 #metadata:
 #  name: prod-kubeconfig
 #spec:
 #  secretStoreRef:
 #    name: vault
 #    kind: ClusterSecretStore
 #  target:
 #    name: prod-kubeconfig
 #  data:
 #    - secretKey: kubeconfig
 #      remoteRef:
 #        key: kv/argocd/prd
 #        property: kubeconfig
 #
 #---
 #apiVersion: argocd.crossplane.io/v1alpha1
 #kind: ProviderConfig
 #metadata:
 #  name: argocd-provider
 #spec:
 #  serverAddr: argocd-server.argocd.svc:443
 #  insecure: true
 #  plainText: false
 #  credentials:
 #    source: Secret
 #    secretRef:
 #      namespace: argocd
 #      name: argocd-secret-crossplane
 #      key: authToken
 #
 #---
 #apiVersion: cluster.argocd.crossplane.io/v1alpha1
 #kind: Cluster
 #metadata:
 #  name: prd
 #  labels:
 #    purpose: prd
 #spec:
 #  forProvider:
 #    name: prd
 #    config:
 #      kubeconfigSecretRef:
 #        name: prod-kubeconfig
 #        namespace: argocd
 #        key: kubeconfig
 #  providerConfigRef:
 #    name: argocd-provider
 #
 #---
 #apiVersion: external-secrets.io/v1
 #kind: ExternalSecret
 #metadata:
 #  name: dev-kubeconfig
 #spec:
 #  secretStoreRef:
 #    name: vault
 #    kind: ClusterSecretStore
 #  target:
 #    name: dev-kubeconfig
 #  data:
 #    - secretKey: kubeconfig
 #      remoteRef:
 #        key: kv/argocd/dev
 #        property: kubeconfig
 #
 #---
 #apiVersion: cluster.argocd.crossplane.io/v1alpha1
 #kind: Cluster
 #metadata:
 #  name: dev
 #  labels:
 #    purpose: dev
 #spec:
 #  forProvider:
 #    name: dev
 #    config:
 #      kubeconfigSecretRef:
 #        name: dev-kubeconfig
 #        namespace: argocd
 #        key: kubeconfig
 #  providerConfigRef:
 #    name: argocd-provider
--- a/infra/argocd/templates/argocd.yaml
+++ b/infra/argocd/templates/argocd.yaml
@@ -21,7 +21,7 @@ spec:
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: vault-argocd
--- a/infra/argocd/templates/authentik.yaml
+++ b/infra/argocd/templates/authentik.yaml
@@ -23,7 +23,6 @@ spec:
      - CreateNamespace=true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -44,4 +43,3 @@ spec:
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
--- a/infra/argocd/templates/crowdsec.yaml
+++ b/infra/argocd/templates/crowdsec.yaml
@@ -0,0 +1,20 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: crowdsec
  namespace: argocd
 spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
    path: dmz/crowdsec
  destination:
    namespace: crowdsec
    name: dmz
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
--- a/infra/argocd/templates/istio.yaml
+++ b/infra/argocd/templates/istio.yaml
@@ -28,7 +28,6 @@ spec:
        - /webhooks/0/failurePolicy
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
--- a/infra/argocd/templates/longhorn.yaml
+++ b/infra/argocd/templates/longhorn.yaml
@@ -18,6 +18,11 @@ spec:
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
  ignoreDifferences:
    - group: engineimages.longhorn.io
      jsonPointers:
        - /spec/preserveUnknownFields
      kind: CustomResourceDefinition
 ---
 apiVersion: argoproj.io/v1alpha1
--- a/infra/argocd/templates/octopusdeploy.yaml
+++ b/infra/argocd/templates/octopusdeploy.yaml
@@ -20,7 +20,6 @@ spec:
      - CreateNamespace=true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -33,7 +32,7 @@ spec:
    targetRevision: main
    path: infra/octopus-agent
  destination:
-    namespace: octpus-agent
+    namespace: octopus-agent
    name: in-cluster
  syncPolicy:
    automated:
@@ -41,4 +40,3 @@ spec:
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
--- a/infra/argocd/values.yaml
+++ b/infra/argocd/values.yaml
@@ -34,6 +34,7 @@ argo-cd:
      annotations: {}
      url: https://argocd.infra.durp.info
      oidc.tls.insecure.skip.verify: "true"
      accounts.provider-argocd: apiKey
      dex.config: |
        connectors:
          - config:
@@ -49,11 +50,13 @@ argo-cd:
            name: authentik
            type: oidc
            id: authentik
      resource.exclusions: ""
    rbac:
      create: true
      policy.csv: |
        g, ArgoCD Admins, role:admin
        g, provider-argocd, role:admin
      scopes: "[groups]"
  server:
--- a/infra/authentik/Chart.yaml
+++ b/infra/authentik/Chart.yaml
@@ -9,5 +9,5 @@ appVersion: "1.16.0"
 dependencies:
  - name: authentik
    repository: https://charts.goauthentik.io
-    version: 2025.4.0
+    version: 2025.4.1
--- a/infra/authentik/templates/ingress.yaml
+++ b/infra/authentik/templates/ingress.yaml
@@ -11,11 +11,15 @@ spec:
      services:
        - name: authentik-server
          port: 80
    - match: Host(`authentik.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
      kind: Rule
      services:
        - name: ak-outpost-authentik-embedded-outpost
          port: 9000
  tls:
    secretName: authentik-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -28,4 +32,3 @@ spec:
  commonName: "authentik.durp.info"
  dnsNames:
    - "authentik.durp.info"
--- a/infra/authentik/templates/secrets.yaml
+++ b/infra/authentik/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: authentik-secret
--- a/infra/bitwarden/templates/deployment.yaml
+++ b/infra/bitwarden/templates/deployment.yaml
@@ -17,7 +17,7 @@ spec:
    spec:
      containers:
        - name: bitwarden
-        image: registry.durp.info/vaultwarden/server:1.32.7
+          image: registry.durp.info/vaultwarden/server:1.34.3
          imagePullPolicy: Always
          volumeMounts:
            - name: bitwarden-pvc
--- a/infra/bitwarden/templates/secrets.yaml
+++ b/infra/bitwarden/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: bitwarden-secret
--- a/infra/cert-manager/Chart.yaml
+++ b/infra/cert-manager/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: cert-manager
  repository: https://charts.jetstack.io
-  version: v1.16.3
+  version: v1.17.2
--- a/infra/cert-manager/templates/secretvault.yaml
+++ b/infra/cert-manager/templates/secretvault.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: cloudflare-api-token-secret
--- a/infra/external-secrets/Chart.yaml
+++ b/infra/external-secrets/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: external-secrets
  repository: https://charts.external-secrets.io
-  version: 0.15.0
+  version: 0.17.0
--- a/infra/external-secrets/values.yaml
+++ b/infra/external-secrets/values.yaml
@@ -1,7 +1,13 @@
 external-secrets:
  global:
    security:
      allowInsecureImages: true
  log:
    level: debug
  replicaCount: 1
  revisionHistoryLimit: 1
-  leaderElect: true
+  leaderElect: false
  installCRDs: true
  crds:
@@ -27,13 +33,13 @@ external-secrets:
      subPath: vault.pem
      readOnly: true
-  resources:
+  #  resources:
-    requests:
+  #    requests:
-      memory: 32Mi
+  #      memory: 32Mi
-      cpu: 10m
+  #      cpu: 10m
-    limits:
+  #    limits:
-      memory: 32Mi
+  #      memory: 32Mi
-      cpu: 10m
+  #      cpu: 10m
  webhook:
    log:
@@ -42,13 +48,13 @@ external-secrets:
      repository: registry.durp.info/external-secrets/external-secrets
      pullPolicy: Always
-    resources:
+  #    resources:
-      requests:
+  #      requests:
-        memory: 32Mi
+  #        memory: 32Mi
-        cpu: 10m
+  #        cpu: 10m
-      limits:
+  #      limits:
-        memory: 32Mi
+  #        memory: 32Mi
-        cpu: 10m
+  #        cpu: 10m
  certController:
    create: false
--- a/infra/istio-system/Chart.yaml
+++ b/infra/istio-system/Chart.yaml
@@ -8,10 +8,10 @@ appVersion: 0.0.1
 dependencies:
 - name: base
  repository: https://istio-release.storage.googleapis.com/charts
-  version: 1.25.1
+  version: 1.26.2
 - name: istiod
  repository: https://istio-release.storage.googleapis.com/charts
-  version: 1.25.1
+  version: 1.26.2
 - name: gateway
  repository: https://istio-release.storage.googleapis.com/charts
-  version: 1.25.1
+  version: 1.26.2
--- a/infra/longhorn/Chart.yaml
+++ b/infra/longhorn/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: longhorn
  repository: https://charts.longhorn.io
-  version: 1.7.2
+  version: 1.9.0
--- a/infra/longhorn/templates/secrets.yaml
+++ b/infra/longhorn/templates/secrets.yaml
@@ -5,7 +5,7 @@ metadata:
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: external-longhorn-backup-token-secret
--- a/infra/metallb-system/Chart.yaml
+++ b/infra/metallb-system/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: metallb
  repository: https://metallb.github.io/metallb
-  version: 0.14.9
+  version: 0.15.2
--- a/infra/nebula-sync/templates/secrets.yaml
+++ b/infra/nebula-sync/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: nebula-sync-secret
--- a/infra/octopus-agent/templates/secret.yaml
+++ b/infra/octopus-agent/templates/secret.yaml
@@ -5,7 +5,7 @@ metadata:
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: agent-token
--- a/infra/octopus-agent/values.yaml
+++ b/infra/octopus-agent/values.yaml
@@ -4,7 +4,9 @@ kubernetes-agent:
    acceptEula: "Y"
    serverUrl: "https://octopus.durp.info/"
    serverCommsAddresses:
-      - "https://octopusdeploy-octopus-deploy.octopusdeploy.svc.cluster.local:10943/"
+      - "https://octopus-deploy-node0.octopusdeploy.svc.cluster.local:10943/"
      - "https://octopus-deploy-node1.octopusdeploy.svc.cluster.local:10943/"
      - "https://octopus-deploy-node2.octopusdeploy.svc.cluster.local:10943/"
    space: "Default"
    name: "infra"
    deploymentTarget:
--- a/infra/octopusdeploy/Chart.yaml
+++ b/infra/octopusdeploy/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
  - name: octopusdeploy-helm
    repository: oci://ghcr.io/octopusdeploy
-    version: 1.3.1
+    version: 1.4.0
--- a/infra/octopusdeploy/templates/secrets.yaml
+++ b/infra/octopusdeploy/templates/secrets.yaml
@@ -4,8 +4,7 @@ metadata:
  name: vault
 ---
-
+apiVersion: external-secrets.io/v1
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: octopusdeploy-adminpassword
@@ -22,8 +21,7 @@ spec:
        property: adminpassword
 ---
-
+apiVersion: external-secrets.io/v1
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: octopusdeploy-adminusername
@@ -40,8 +38,7 @@ spec:
        property: adminusername
 ---
-
+apiVersion: external-secrets.io/v1
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: octopusdeploy-connectionstring
@@ -58,8 +55,7 @@ spec:
        property: connectionstring
 ---
-
+apiVersion: external-secrets.io/v1
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: octopusdeploy-masterkey
@@ -76,8 +72,7 @@ spec:
        property: masterkey
 ---
-
+apiVersion: external-secrets.io/v1
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: octopusdeploy-sapassword
@@ -92,3 +87,20 @@ spec:
      remoteRef:
        key: kv/octopusdeploy
        property: sapassword
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: octopusdeploy-licensekey
 spec:
  secretStoreRef:
    name: vault
    kind: ClusterSecretStore
  target:
    name: octopusdeploy-licensekey
  data:
    - secretKey: secret
      remoteRef:
        key: kv/octopusdeploy
        property: licensekey
--- a/infra/openclarity/templates/secret.yaml
+++ b/infra/openclarity/templates/secret.yaml
@@ -5,7 +5,7 @@ metadata:
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: openclarity-postgres-secret
--- a/infra/openclarity/values.yaml
+++ b/infra/openclarity/values.yaml
@@ -317,7 +317,7 @@ openclarity:
      # -- Gateway service container repository
      repository: nginxinc/nginx-unprivileged
      # -- Gateway service container tag
-      tag: 1.27.3
+      tag: 1.29.0
      # -- Gateway image digest. If set will override the tag.
      digest: ""
      # -- Gateway service container pull policy
@@ -542,7 +542,7 @@ openclarity:
      # -- Trivy Server container repository
      repository: aquasec/trivy
      # -- Trivy Server container tag
-      tag: 0.58.2
+      tag: 0.64.1
      # -- Trivy Server image digest. If set will override the tag.
      digest: ""
      # -- Trivy Server image pull policy
@@ -719,7 +719,7 @@ openclarity:
      # -- Swagger UI container repository
      repository: swaggerapi/swagger-ui
      # -- Swagger UI container tag
-      tag: v5.21.0
+      tag: v5.29.0
      # -- Swagger UI image digest. If set will override the tag.
      digest: ""
      # -- Swagger UI image pull policy
--- a/infra/renovate/templates/secrets.yaml
+++ b/infra/renovate/templates/secrets.yaml
@@ -4,7 +4,7 @@ metadata:
  name: vault
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: renovate-config-secret
--- a/infra/renovate/values.yaml
+++ b/infra/renovate/values.yaml
@@ -103,7 +103,8 @@ renovate:
        "autodiscover": "true",
        "dryRun": false,
        "printConfig": false,
-        "autodiscoverFilter": ["developerdurp/*", "durfy/*"]
+        "autodiscoverFilter": ["developerdurp/*", "durfy/*"],
        "assignees": ["developerdurp"],
      }
    # See https://docs.renovatebot.com/self-hosted-configuration
    # config: |
@@ -304,7 +305,7 @@ renovate:
  # -- Create extra manifests via values. Would be passed through `tpl` for templating
  extraObjects: []
  # extraObjects:
-  #   - apiVersion: external-secrets.io/v1beta1
+  #   - apiVersion: external-secrets.io/v1
  #     kind: ExternalSecret
  #     metadata:
  #       name: '{{ include "renovate.fullname" . }}-token'
--- a/infra/terraform/main.tf
+++ b/infra/terraform/main.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
    proxmox = {
      source  = "Telmate/proxmox"
-      version = "3.0.1-rc6"
+      version = "3.0.1-rc9"
    }
  }
 }
--- a/infra/traefik/Chart.yaml
+++ b/infra/traefik/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: traefik
  repository: https://traefik.github.io/charts
-  version: 34.0.0
+  version: 34.5.0
--- a/infra/vault/Chart.yaml
+++ b/infra/vault/Chart.yaml
@@ -8,5 +8,5 @@ appVersion: 0.0.1
 dependencies:
 - name: vault
  repository: https://helm.releases.hashicorp.com  
-  version: 0.29.1
+  version: 0.30.0
--- a/infra/vault/templates/secret-store.yaml
+++ b/infra/vault/templates/secret-store.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ClusterSecretStore
 metadata:
  name: vault
--- a/master/argocd/Chart.yaml
+++ b/master/argocd/Chart.yaml
@@ -9,6 +9,6 @@ appVersion: "1.16.0"
 dependencies:
 - name: argo-cd
  repository: https://argoproj.github.io/argo-helm
-  version: 6.11.1
+  version: 8.1.3
--- a/master/argocd/templates/secrets.yaml
+++ b/master/argocd/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: vault-argocd
--- a/master/authentik/Chart.yaml
+++ b/master/authentik/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: authentik-remote-cluster
  repository: https://charts.goauthentik.io
-  version: 2.0.0
+  version: 2.1.0
--- a/master/authentik/templates/secrets.yaml
+++ b/master/authentik/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: authentik-secret
--- a/master/bitwarden/templates/secrets.yaml
+++ b/master/bitwarden/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: bitwarden-secret
--- a/master/cert-manager/Chart.yaml
+++ b/master/cert-manager/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: cert-manager
  repository: https://charts.jetstack.io
-  version: v1.15.3
+  version: v1.17.2
--- a/master/cert-manager/templates/sealedsecret.yaml
+++ b/master/cert-manager/templates/sealedsecret.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: cloudflare-api-token-secret
--- a/master/crossplane/Chart.yaml
+++ b/master/crossplane/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: crossplane
  repository: https://charts.crossplane.io/stable
-  version: 1.17.1
+  version: 1.20.0
--- a/master/crossplane/templates/gitlab.yml
+++ b/master/crossplane/templates/gitlab.yml
@@ -6,7 +6,7 @@ spec:
  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: gitlab-secret
--- a/master/durpapi/Chart.yaml
+++ b/master/durpapi/Chart.yaml
@@ -8,6 +8,6 @@ appVersion: 0.1.0
 dependencies:
 - condition: postgresql.enabled
-  version: 12.5.*
+  version: 16.7.*
  repository: https://charts.bitnami.com/bitnami
  name: postgresql
--- a/master/durpapi/templates/secrets.yaml
+++ b/master/durpapi/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: durpapi-secret
--- a/master/durpot/templates/secrets.yaml
+++ b/master/durpot/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: durpot-secert
--- a/master/external-dns/Chart.yaml
+++ b/master/external-dns/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: 0.0.1
 dependencies:
 - name: external-dns
  repository: https://charts.bitnami.com/bitnami
-  version: 8.3.8
+  version: 8.9.2
--- a/master/external-dns/templates/secrets.yaml
+++ b/master/external-dns/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: external-dns-secret
--- a/master/external-secrets/Chart.yaml
+++ b/master/external-secrets/Chart.yaml
@@ -8,5 +8,5 @@ appVersion: 0.0.1
 dependencies:
 - name: external-secrets
  repository: https://charts.external-secrets.io
-  version: 0.10.4
+  version: 0.17.0
--- a/master/gatekeeper/Chart.yaml
+++ b/master/gatekeeper/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: gatekeeper
  repository: https://open-policy-agent.github.io/gatekeeper/charts
-  version: 3.17.1
+  version: 3.19.2
--- a/master/gitlab-runner/Chart.yaml
+++ b/master/gitlab-runner/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: gitlab-runner
  repository: https://charts.gitlab.io/
-  version: 0.69.0
+  version: 0.77.2
--- a/master/gitlab-runner/templates/secrets.yaml
+++ b/master/gitlab-runner/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: gitlab-secret
--- a/master/internalproxy/templates/ollama.yaml
+++ b/master/internalproxy/templates/ollama.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: ollama-secret
--- a/master/krakend/templates/secrets.yaml
+++ b/master/krakend/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: krakend-secret
--- a/master/kube-prometheus-stack/Chart.yaml
+++ b/master/kube-prometheus-stack/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: kube-prometheus-stack
  repository: https://prometheus-community.github.io/helm-charts
-  version: 63.1.0
+  version: 72.9.1
--- a/master/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml
+++ b/master/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: vault-grafana-oauth
@@ -20,7 +20,7 @@ spec:
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: vault-admin-credentials
--- a/master/longhorn/Chart.yaml
+++ b/master/longhorn/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: longhorn
  repository: https://charts.longhorn.io
-  version: 1.7.1
+  version: 1.9.0
--- a/Show More
+++ b/Show More
`@@ -1 +1,2 @@`
	`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhPVgL8gXdRTw0E2FvlOUoUI4vd794nB0nZVIsc+U5M`	`sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGilcndatMrXg06VxtNKuIo3scoyyXbYX8Z7cOjeA102AAAABHNzaDo= desktop-arch-09-08-2025-yubikey`
		`sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINsbNSZ5Wr+50Ahz+IeZxt6F7gZ6wm1J8uKXQLbdbKFaAAAABHNzaDo= desktop-arch-09-08-2025-yubikeyNano`