From 95021e3201410bca07b6d492da9885bb251cc652 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Fri, 13 Feb 2026 17:07:58 -0800 Subject: [PATCH 1/2] Tier 1 version bumps for upstream images, helm charts, and custom containers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upstream images: - kube-state-metrics v2.13.0 → v2.18.0 - prometheus v3.2.1 → v3.9.1 - loki 3.3.2 → 3.6.5 - alloy v1.5.1 → v1.13.1 - tailscale v1.92.5 → v1.94.1 (proxy + operator) - navidrome :latest → v0.60.3 (pin version) Helm charts: - CloudNativePG v0.27.0 → v0.27.1 - 1Password Connect 2.2.1 → 2.3.0 Custom Dockerfiles: - miniflux 2.2.16 → 2.2.17 (security fix), alpine 3.22 - kubectl v1.34.1 → v1.34.4, alpine 3.22 - kiwix-serve alpine 3.22 - nettest alpine 3.22 - transmission alpine 3.22, package 4.0.6-r4 Co-Authored-By: Claude Opus 4.6 --- argocd/apps/1password-connect.yaml | 2 +- argocd/apps/cloudnative-pg.yaml | 2 +- argocd/manifests/alloy-k8s/daemonset.yaml | 2 +- argocd/manifests/kiwix/cronjob-zim-watcher.yaml | 2 +- argocd/manifests/kiwix/deployment.yaml | 4 ++-- argocd/manifests/kube-state-metrics/deployment.yaml | 2 +- argocd/manifests/loki/statefulset.yaml | 2 +- argocd/manifests/miniflux/deployment.yaml | 2 +- argocd/manifests/navidrome/deployment.yaml | 2 +- argocd/manifests/prometheus/statefulset.yaml | 2 +- argocd/manifests/tailscale-operator/operator.yaml | 2 +- argocd/manifests/tailscale-operator/proxyclass.yaml | 4 ++-- argocd/manifests/torrent/deployment.yaml | 2 +- containers/kiwix-serve/Dockerfile | 2 +- containers/kubectl/Dockerfile | 6 +++--- containers/miniflux/Dockerfile | 6 +++--- containers/nettest/Dockerfile | 2 +- containers/transmission/Dockerfile | 4 ++-- 18 files changed, 25 insertions(+), 25 deletions(-) diff --git a/argocd/apps/1password-connect.yaml b/argocd/apps/1password-connect.yaml index 89263da..972a467 100644 --- a/argocd/apps/1password-connect.yaml +++ b/argocd/apps/1password-connect.yaml @@ -21,7 +21,7 @@ spec: project: default sources: - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/connect-helm-charts.git - targetRevision: connect-2.2.1 + targetRevision: connect-2.3.0 path: charts/connect helm: releaseName: onepassword-connect diff --git a/argocd/apps/cloudnative-pg.yaml b/argocd/apps/cloudnative-pg.yaml index 73c3bf0..273bdc3 100644 --- a/argocd/apps/cloudnative-pg.yaml +++ b/argocd/apps/cloudnative-pg.yaml @@ -12,7 +12,7 @@ spec: sources: # Helm chart from forge mirror (SSH via egress) - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/cloudnative-pg-charts.git - targetRevision: cloudnative-pg-v0.27.0 + targetRevision: cloudnative-pg-v0.27.1 path: charts/cloudnative-pg helm: releaseName: cloudnative-pg diff --git a/argocd/manifests/alloy-k8s/daemonset.yaml b/argocd/manifests/alloy-k8s/daemonset.yaml index 95f780b..b78633a 100644 --- a/argocd/manifests/alloy-k8s/daemonset.yaml +++ b/argocd/manifests/alloy-k8s/daemonset.yaml @@ -19,7 +19,7 @@ spec: fsGroup: 473 # alloy user group containers: - name: alloy - image: grafana/alloy:v1.5.1 + image: grafana/alloy:v1.13.1 args: - run - --server.http.listen-addr=0.0.0.0:12345 diff --git a/argocd/manifests/kiwix/cronjob-zim-watcher.yaml b/argocd/manifests/kiwix/cronjob-zim-watcher.yaml index 5de0990..50d6883 100644 --- a/argocd/manifests/kiwix/cronjob-zim-watcher.yaml +++ b/argocd/manifests/kiwix/cronjob-zim-watcher.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: zim-watcher containers: - name: watcher - image: registry.ops.eblu.me/blumeops/kubectl:v1.0.0 + image: registry.ops.eblu.me/blumeops/kubectl:v1.1.0 command: ["/bin/bash", "-c"] args: - | diff --git a/argocd/manifests/kiwix/deployment.yaml b/argocd/manifests/kiwix/deployment.yaml index bf45625..8dbb4d4 100644 --- a/argocd/manifests/kiwix/deployment.yaml +++ b/argocd/manifests/kiwix/deployment.yaml @@ -20,7 +20,7 @@ spec: containers: # Main kiwix-serve container - name: kiwix-serve - image: registry.ops.eblu.me/blumeops/kiwix-serve:v1.0.0 + image: registry.ops.eblu.me/blumeops/kiwix-serve:v1.1.0 args: - "/bin/sh" - "-c" @@ -53,7 +53,7 @@ spec: # Sidecar: Syncs declarative ZIM torrents to transmission - name: torrent-sync - image: registry.ops.eblu.me/blumeops/transmission:v1.0.1 + image: registry.ops.eblu.me/blumeops/transmission:v1.1.0 command: ["/bin/bash", "-c"] args: - | diff --git a/argocd/manifests/kube-state-metrics/deployment.yaml b/argocd/manifests/kube-state-metrics/deployment.yaml index 69d3bd2..2ba12ba 100644 --- a/argocd/manifests/kube-state-metrics/deployment.yaml +++ b/argocd/manifests/kube-state-metrics/deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: kube-state-metrics containers: - name: kube-state-metrics - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.18.0 ports: - containerPort: 8080 name: http-metrics diff --git a/argocd/manifests/loki/statefulset.yaml b/argocd/manifests/loki/statefulset.yaml index 18067b4..d3a75a7 100644 --- a/argocd/manifests/loki/statefulset.yaml +++ b/argocd/manifests/loki/statefulset.yaml @@ -20,7 +20,7 @@ spec: runAsUser: 10001 containers: - name: loki - image: grafana/loki:3.3.2 + image: grafana/loki:3.6.5 args: - -config.file=/etc/loki/loki-config.yaml ports: diff --git a/argocd/manifests/miniflux/deployment.yaml b/argocd/manifests/miniflux/deployment.yaml index f5324ac..ed64246 100644 --- a/argocd/manifests/miniflux/deployment.yaml +++ b/argocd/manifests/miniflux/deployment.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: miniflux - image: registry.ops.eblu.me/blumeops/miniflux:v1.0.0 + image: registry.ops.eblu.me/blumeops/miniflux:v1.1.0 ports: - containerPort: 8080 env: diff --git a/argocd/manifests/navidrome/deployment.yaml b/argocd/manifests/navidrome/deployment.yaml index e30cc99..591caa6 100644 --- a/argocd/manifests/navidrome/deployment.yaml +++ b/argocd/manifests/navidrome/deployment.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: navidrome - image: deluan/navidrome:latest + image: deluan/navidrome:v0.60.3 ports: - containerPort: 4533 name: http diff --git a/argocd/manifests/prometheus/statefulset.yaml b/argocd/manifests/prometheus/statefulset.yaml index 651451f..9cad55d 100644 --- a/argocd/manifests/prometheus/statefulset.yaml +++ b/argocd/manifests/prometheus/statefulset.yaml @@ -20,7 +20,7 @@ spec: runAsUser: 65534 containers: - name: prometheus - image: prom/prometheus:v3.2.1 + image: prom/prometheus:v3.9.1 args: - --config.file=/etc/prometheus/prometheus.yml - --storage.tsdb.path=/prometheus diff --git a/argocd/manifests/tailscale-operator/operator.yaml b/argocd/manifests/tailscale-operator/operator.yaml index 78a84ee..203b8d6 100644 --- a/argocd/manifests/tailscale-operator/operator.yaml +++ b/argocd/manifests/tailscale-operator/operator.yaml @@ -5362,7 +5362,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.uid - image: docker.io/tailscale/k8s-operator:v1.92.5 + image: docker.io/tailscale/k8s-operator:v1.94.1 imagePullPolicy: Always name: operator volumeMounts: diff --git a/argocd/manifests/tailscale-operator/proxyclass.yaml b/argocd/manifests/tailscale-operator/proxyclass.yaml index 3e4e2b4..2591b39 100644 --- a/argocd/manifests/tailscale-operator/proxyclass.yaml +++ b/argocd/manifests/tailscale-operator/proxyclass.yaml @@ -18,6 +18,6 @@ spec: statefulSet: pod: tailscaleContainer: - image: docker.io/tailscale/tailscale:v1.92.5 + image: docker.io/tailscale/tailscale:v1.94.1 tailscaleInitContainer: - image: docker.io/tailscale/tailscale:v1.92.5 + image: docker.io/tailscale/tailscale:v1.94.1 diff --git a/argocd/manifests/torrent/deployment.yaml b/argocd/manifests/torrent/deployment.yaml index 5eafce8..9a2bc1d 100644 --- a/argocd/manifests/torrent/deployment.yaml +++ b/argocd/manifests/torrent/deployment.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: transmission - image: registry.ops.eblu.me/blumeops/transmission:v1.0.1 + image: registry.ops.eblu.me/blumeops/transmission:v1.1.0 env: - name: PUID value: "1000" diff --git a/containers/kiwix-serve/Dockerfile b/containers/kiwix-serve/Dockerfile index 37255a4..5bedee4 100644 --- a/containers/kiwix-serve/Dockerfile +++ b/containers/kiwix-serve/Dockerfile @@ -1,7 +1,7 @@ # kiwix-serve container # Downloads pre-built binary from kiwix mirror -FROM alpine:3.21 +FROM alpine:3.22 ARG TARGETPLATFORM ARG KIWIX_VERSION=3.8.1 diff --git a/containers/kubectl/Dockerfile b/containers/kubectl/Dockerfile index 31a2536..7203520 100644 --- a/containers/kubectl/Dockerfile +++ b/containers/kubectl/Dockerfile @@ -1,10 +1,10 @@ # Minimal kubectl container # Multi-arch build: downloads correct binary for target platform -FROM alpine:3.21 AS downloader +FROM alpine:3.22 AS downloader ARG TARGETARCH -ARG KUBECTL_VERSION=v1.34.1 +ARG KUBECTL_VERSION=v1.34.4 RUN apk add --no-cache curl && \ # Detect architecture - use TARGETARCH if set, otherwise detect from uname @@ -22,7 +22,7 @@ RUN apk add --no-cache curl && \ curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl" && \ chmod +x kubectl -FROM alpine:3.21 +FROM alpine:3.22 COPY --from=downloader /kubectl /usr/local/bin/kubectl diff --git a/containers/miniflux/Dockerfile b/containers/miniflux/Dockerfile index eecee4d..ba5c3c4 100644 --- a/containers/miniflux/Dockerfile +++ b/containers/miniflux/Dockerfile @@ -1,9 +1,9 @@ # Miniflux RSS feed reader # Based on upstream packaging/docker/alpine/Dockerfile -ARG MINIFLUX_VERSION=2.2.16 +ARG MINIFLUX_VERSION=2.2.17 -FROM golang:alpine3.21 AS build +FROM golang:alpine3.22 AS build ARG MINIFLUX_VERSION RUN apk add --no-cache build-base git make @@ -15,7 +15,7 @@ RUN git clone --depth 1 --branch ${MINIFLUX_VERSION} \ WORKDIR /go/src/app RUN make miniflux -FROM alpine:3.21 +FROM alpine:3.22 LABEL org.opencontainers.image.title=Miniflux LABEL org.opencontainers.image.description="Miniflux is a minimalist and opinionated feed reader" diff --git a/containers/nettest/Dockerfile b/containers/nettest/Dockerfile index 1e18861..576bfe5 100644 --- a/containers/nettest/Dockerfile +++ b/containers/nettest/Dockerfile @@ -4,7 +4,7 @@ # - Docker on indri (during CI build) # - Minikube pods (manual testing) -FROM alpine:3.21 +FROM alpine:3.22 RUN apk add --no-cache \ curl \ diff --git a/containers/transmission/Dockerfile b/containers/transmission/Dockerfile index b17a59e..42b9ecc 100644 --- a/containers/transmission/Dockerfile +++ b/containers/transmission/Dockerfile @@ -1,9 +1,9 @@ # Transmission BitTorrent daemon # Simpler alternative to linuxserver image -FROM alpine:3.21 +FROM alpine:3.22 -ARG TRANSMISSION_VERSION=4.0.6-r0 +ARG TRANSMISSION_VERSION=4.0.6-r4 RUN apk add --no-cache \ transmission-daemon=${TRANSMISSION_VERSION} \ -- 2.50.1 (Apple Git-155) From bbe02fab1bebd4d7663303c849a713b85531869e Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Fri, 13 Feb 2026 17:12:34 -0800 Subject: [PATCH 2/2] Add changelog fragment for tier 1 version bumps Co-Authored-By: Claude Opus 4.6 --- docs/changelog.d/feature-tier1-version-bumps.infra.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 docs/changelog.d/feature-tier1-version-bumps.infra.md diff --git a/docs/changelog.d/feature-tier1-version-bumps.infra.md b/docs/changelog.d/feature-tier1-version-bumps.infra.md new file mode 100644 index 0000000..ca21952 --- /dev/null +++ b/docs/changelog.d/feature-tier1-version-bumps.infra.md @@ -0,0 +1 @@ +Tier 1 version bumps: upstream images (prometheus, loki, alloy, kube-state-metrics, tailscale, navidrome), helm charts (CloudNativePG, 1Password Connect), and custom containers (miniflux, kubectl, kiwix-serve, nettest, transmission) updated to latest stable versions with Alpine 3.22 base. -- 2.50.1 (Apple Git-155)