added k3s-upgrade procedure

kubernetes/README.md

@@ -408,7 +408,7 @@ psql -U $POSTGRES_USER -d postgres --host 192.168.1.145 -p 5432
 ## Backup and Restore PostgreSQL Database
 
 ```bash
-# To backup
+# To backup§
 # Dump format is compressed and allows parallel restore
 pg_dump -U $POSTGRES_USER -h 192.168.1.145 -p 5432 -F c \
   -f db_backup.dump postgres
@@ -466,7 +466,7 @@ kubectl get secret wildcard-cert-secret --namespace=cert-manager -o yaml \
   | sed 's/namespace: cert-manager/namespace: gitea/' | kubectl apply -f -
 
 # The configMap contains the app.ini file values for gitea
-kubectl apply -f gitea/configMap.yaml -n gitea
+envsubst < gitea/configMap.yaml | kubectl apply -n gitea -f -
 
 helm install gitea gitea-charts/gitea -f gitea/values.yaml \
   --namespace gitea \
@@ -511,7 +511,8 @@ envsubst < traefik-middleware/auth_secret.yaml | kubectl apply -n my-portfolio -
 kubernetes apply -f traefik-middleware/auth.yaml -n my-portfolio
 ```
 
-Following middleware deployment, the authentication must be enabled by adding the appropriate annotation to the service's Ingress object specification:
+Following middleware deployment, the authentication must be enabled by adding
+the appropriate annotation to the service's Ingress object specification:
 
 ```
 traefik.ingress.kubernetes.io/router.middlewares: my-portfolio-basic-auth@kubernetescrd

kubernetes/gitea/configMap.yaml

@@ -5,4 +5,4 @@ metadata:
   namespace: gitea
 data:
   service: |
-    DISABLE_REGISTRATION = true
+    DISABLE_REGISTRATION = true

kubernetes/gitea/values.yaml

@@ -15,8 +15,8 @@ gitea:
     email: email
 
 image:
-  repository: gitea/gitea
-  tag: 1.23.4
+  repository: gitea
+  tag: 1.23.7
 
 postgresql:
   enabled: false
@@ -32,7 +32,7 @@ redis:
 
 persistence:
   enabled: true
-  accessModes: [ "ReadWriteMany" ]
+  accessModes: ["ReadWriteMany"]
   size: "10Gi"
 
 resources:
@@ -60,4 +60,4 @@ actions:
   runner:
     replicas: 3
   provisioning:
-    enabled: true
+    enabled: true

kubernetes/k3s-upgrade/plan.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: upgrade.cattle.io/v1
+kind: Plan
+metadata:
+  name: k3s-latest
+  namespace: system-upgrade
+spec:
+  concurrency: 1
+  version: v1.32.4-k3s1
+  nodeSelector:
+    matchExpressions:
+      - {key: k3s-upgrade, operator: Exists}
+  serviceAccountName: system-upgrade
+  drain:
+    force: true
+  upgrade:
+    image: rancher/k3s-upgrade

kubernetes/media/jellyfin-deploy.yaml

@@ -72,7 +72,7 @@ spec:
   type: ClusterIP
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: jellyfin-ingress
@@ -91,7 +91,7 @@ spec:
     secretName: wildcard-cert-secret
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: jellyfin-headers

kubernetes/my-portfolio/portfolioManifest.yaml

@@ -15,13 +15,13 @@ spec:
         app: portfolio-app
     spec:
       imagePullSecrets:
-      - name: my-registry-secret
+        - name: my-registry-secret
       containers:
-      - name: portfolio-app
-        image: "${DOCKER_REGISTRY_HOST}/my-portfolio-app:latest"
-        imagePullPolicy: Always
-        ports:
-        - containerPort: 80
+        - name: portfolio-app
+          image: "${DOCKER_REGISTRY_HOST}/my-portfolio-app:latest"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 80
       restartPolicy: Always
       terminationGracePeriodSeconds: 30
 ---
@@ -32,8 +32,8 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-  - port: 80
-    targetPort: 80
+    - port: 80
+      targetPort: 80
   selector:
     app: portfolio-app
 
@@ -46,38 +46,17 @@ metadata:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
   tls:
-  - hosts:
-      - "${DNSNAME}"
-    secretName: wildcard-cert-secret
+    - hosts:
+        - "${DNSNAME}"
+      secretName: wildcard-cert-secret
   rules:
-  - host: "${PORTFOLIO_HOST}"
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: portfolio-app-svc
-            port:
-              number: 80
-      - path: /experience
-        pathType: Prefix
-        backend:
-          service:
-            name: portfolio-app-svc
-            port:
-              number: 80
-      - path: /interest
-        pathType: Prefix
-        backend:
-          service:
-            name: portfolio-app-svc
-            port:
-              number: 80
-      - path: /project
-        pathType: Prefix
-        backend:
-          service:
-            name: portfolio-app-svc
-            port:
-              number: 80
+    - host: "${PORTFOLIO_HOST}"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: portfolio-app-svc
+                port:
+                  number: 80