feat(container): update image docker.io/cloudflare/cloudflared ( 2025.10.0 → 2025.11.1 ) #961
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin HelmRelease: media/jellyfin
+++ kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin HelmRelease: media/jellyfin
@@ -1,125 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/namespace: media
- name: jellyfin
- namespace: media
-spec:
- chartRef:
- kind: OCIRepository
- name: app-template
- dependsOn:
- - name: intel-device-plugin-gpu
- namespace: kube-system
- - name: rook-ceph-cluster
- namespace: rook-ceph
- - name: volsync
- namespace: volsync-system
- install:
- createNamespace: true
- remediation:
- retries: 5
- interval: 15m
- upgrade:
- remediation:
- retries: 5
- values:
- controllers:
- jellyfin:
- containers:
- main:
- image:
- repository: ghcr.io/jellyfin/jellyfin
- tag: 10.11.3
- probes:
- liveness:
- enabled: false
- readiness:
- enabled: false
- startup:
- enabled: false
- resources:
- limits:
- gpu.intel.com/i915: 1
- memory: 4Gi
- requests:
- cpu: 100m
- gpu.intel.com/i915: 1
- memory: 512Mi
- pod:
- affinity:
- nodeAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - preference:
- matchExpressions:
- - key: kubernetes.io/hostname
- operator: In
- values:
- - talos-03
- weight: 100
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: intel.feature.node.kubernetes.io/gpu
- operator: In
- values:
- - 'true'
- nodeSelector:
- intel.feature.node.kubernetes.io/gpu: 'true'
- securityContext:
- supplementalGroups:
- - 44
- - 109
- - 122
- defaultPodOptions:
- automountServiceAccountToken: false
- securityContext:
- fsGroup: 3001
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 3001
- runAsUser: 3001
- persistence:
- cache:
- enabled: true
- globalMounts:
- - path: /cache
- type: emptyDir
- config:
- enabled: true
- existingClaim: jellyfin
- globalMounts:
- - path: /config
- media:
- enabled: true
- globalMounts:
- - path: /media
- path: /mnt/core/media
- server: 10.0.2.3
- type: nfs
- transcode:
- enabled: true
- globalMounts:
- - path: /transcode
- type: emptyDir
- route:
- app:
- hostnames:
- - jf...PLACEHOLDER_SECRET_DOMAIN..
- parentRefs:
- - name: envoy-external
- namespace: network
- sectionName: https
- rules:
- - backendRefs:
- - identifier: main
- port: 8096
- service:
- main:
- ports:
- http:
- port: 8096
-
--- kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin PersistentVolumeClaim: media/jellyfin-transcode
+++ kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin PersistentVolumeClaim: media/jellyfin-transcode
@@ -1,18 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app.kubernetes.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/namespace: media
- name: jellyfin-transcode
- namespace: media
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 40Gi
- storageClassName: ceph-block
-
--- kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin PersistentVolumeClaim: media/jellyfin
+++ kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin PersistentVolumeClaim: media/jellyfin
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app.kubernetes.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/namespace: media
- name: jellyfin
- namespace: media
-spec:
- accessModes:
- - ReadWriteOnce
- dataSourceRef:
- apiGroup: volsync.backube
- kind: ReplicationDestination
- name: jellyfin-dst
- resources:
- requests:
- storage: 20Gi
- storageClassName: ceph-block
-
--- kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin ExternalSecret: media/jellyfin-volsync
+++ kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin ExternalSecret: media/jellyfin-volsync
@@ -1,33 +0,0 @@
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/namespace: media
- name: jellyfin-volsync
- namespace: media
-spec:
- dataFrom:
- - extract:
- key: Minio
- - extract:
- key: Restic
- rewrite:
- - regexp:
- source: (.*)
- target: RESTIC_$1
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- name: jellyfin-volsync-secret
- template:
- data:
- AWS_ACCESS_KEY_ID: '{{ .accessKey }}'
- AWS_SECRET_ACCESS_KEY: '{{ .secretKey }}'
- RESTIC_PASSWORD: '{{ .RESTIC_password }}'
- RESTIC_REPOSITORY: '{{ .RESTIC_REPOSITORY_TEMPLATE }}/jellyfin'
- engineVersion: v2
-
--- kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin ReplicationSource: media/jellyfin
+++ kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin ReplicationSource: media/jellyfin
@@ -1,32 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- app.kubernetes.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/namespace: media
- name: jellyfin
- namespace: media
-spec:
- restic:
- accessModes:
- - ReadWriteOnce
- cacheCapacity: 20Gi
- copyMethod: Snapshot
- moverSecurityContext:
- fsGroup: 568
- runAsGroup: 568
- runAsUser: 568
- pruneIntervalDays: 7
- repository: jellyfin-volsync-secret
- retain:
- daily: 7
- hourly: 24
- weekly: 5
- storageClassName: ceph-block
- volumeSnapshotClassName: csi-ceph-blockpool
- sourcePVC: jellyfin
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin ReplicationDestination: media/jellyfin-dst
+++ kubernetes/apps/media/jellyfin/app Kustomization: media/jellyfin ReplicationDestination: media/jellyfin-dst
@@ -1,27 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationDestination
-metadata:
- labels:
- app.kubernetes.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/name: jellyfin
- kustomize.toolkit.fluxcd.io/namespace: media
- name: jellyfin-dst
- namespace: media
-spec:
- restic:
- accessModes:
- - ReadWriteOnce
- cacheCapacity: 20Gi
- capacity: 20Gi
- copyMethod: Snapshot
- moverSecurityContext:
- fsGroup: 568
- runAsGroup: 568
- runAsUser: 568
- repository: jellyfin-volsync-secret
- storageClassName: ceph-block
- volumeSnapshotClassName: csi-ceph-blockpool
- trigger:
- manual: restore-once
-
--- kubernetes/apps/network/cloudflare-tunnel Kustomization: network/cloudflare-tunnel HelmRelease: network/cloudflare-tunnel
+++ kubernetes/apps/network/cloudflare-tunnel Kustomization: network/cloudflare-tunnel HelmRelease: network/cloudflare-tunnel
@@ -46,13 +46,13 @@
TUNNEL_TRANSPORT_PROTOCOL: quic
envFrom:
- secretRef:
name: cloudflare-tunnel-secret
image:
repository: docker.io/cloudflare/cloudflared
- tag: 2025.10.0
+ tag: 2025.11.1
probes:
liveness:
custom: true
enabled: true
spec:
failureThreshold: 3
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: media/jellyfin
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: media/jellyfin
@@ -1,40 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: jellyfin
- namespace: media
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: jellyfin
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 1h
- path: ./kubernetes/apps/media/jellyfin/app
- postBuild:
- substitute:
- APP: jellyfin
- GATUS_SUBDOMAIN: jf
- VOLSYNC_CACHE_CAPACITY: 20Gi
- VOLSYNC_CAPACITY: 20Gi
- substituteFrom:
- - kind: Secret
- name: cluster-secrets
- - kind: ConfigMap
- name: cluster-settings
- prune: true
- retryInterval: 2m
- sourceRef:
- kind: GitRepository
- name: flux-system
- namespace: flux-system
- targetNamespace: media
- timeout: 5m
- wait: false
- |
--- HelmRelease: media/jellyfin Service: media/jellyfin
+++ HelmRelease: media/jellyfin Service: media/jellyfin
@@ -1,23 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: jellyfin
- labels:
- app.kubernetes.io/instance: jellyfin
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: jellyfin
- app.kubernetes.io/service: jellyfin
- namespace: media
-spec:
- type: ClusterIP
- ports:
- - port: 8096
- targetPort: 8096
- protocol: TCP
- name: http
- selector:
- app.kubernetes.io/controller: jellyfin
- app.kubernetes.io/instance: jellyfin
- app.kubernetes.io/name: jellyfin
-
--- HelmRelease: media/jellyfin Deployment: media/jellyfin
+++ HelmRelease: media/jellyfin Deployment: media/jellyfin
@@ -1,92 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: jellyfin
- labels:
- app.kubernetes.io/controller: jellyfin
- app.kubernetes.io/instance: jellyfin
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: jellyfin
- namespace: media
-spec:
- revisionHistoryLimit: 3
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app.kubernetes.io/controller: jellyfin
- app.kubernetes.io/name: jellyfin
- app.kubernetes.io/instance: jellyfin
- template:
- metadata:
- labels:
- app.kubernetes.io/controller: jellyfin
- app.kubernetes.io/instance: jellyfin
- app.kubernetes.io/name: jellyfin
- spec:
- enableServiceLinks: false
- serviceAccountName: default
- automountServiceAccountToken: false
- securityContext:
- supplementalGroups:
- - 44
- - 109
- - 122
- hostIPC: false
- hostNetwork: false
- hostPID: false
- dnsPolicy: ClusterFirst
- nodeSelector:
- intel.feature.node.kubernetes.io/gpu: 'true'
- affinity:
- nodeAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - preference:
- matchExpressions:
- - key: kubernetes.io/hostname
- operator: In
- values:
- - talos-03
- weight: 100
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: intel.feature.node.kubernetes.io/gpu
- operator: In
- values:
- - 'true'
- containers:
- - image: ghcr.io/jellyfin/jellyfin:10.11.3
- name: main
- resources:
- limits:
- gpu.intel.com/i915: 1
- memory: 4Gi
- requests:
- cpu: 100m
- gpu.intel.com/i915: 1
- memory: 512Mi
- volumeMounts:
- - mountPath: /cache
- name: cache
- - mountPath: /config
- name: config
- - mountPath: /media
- name: media
- - mountPath: /transcode
- name: transcode
- volumes:
- - emptyDir: {}
- name: cache
- - name: config
- persistentVolumeClaim:
- claimName: jellyfin
- - name: media
- nfs:
- path: /mnt/core/media
- server: 10.0.2.3
- - emptyDir: {}
- name: transcode
-
--- HelmRelease: media/jellyfin HTTPRoute: media/jellyfin
+++ HelmRelease: media/jellyfin HTTPRoute: media/jellyfin
@@ -1,28 +0,0 @@
----
-apiVersion: gateway.networking.k8s.io/v1alpha2
-kind: HTTPRoute
-metadata:
- name: jellyfin
- labels:
- app.kubernetes.io/instance: jellyfin
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: jellyfin
- namespace: media
-spec:
- parentRefs:
- - group: gateway.networking.k8s.io
- kind: Gateway
- name: envoy-external
- namespace: network
- sectionName: https
- hostnames:
- - jf...PLACEHOLDER_SECRET_DOMAIN..
- rules:
- - backendRefs:
- - group: ''
- kind: Service
- name: jellyfin
- namespace: media
- port: 8096
- weight: 1
-
--- HelmRelease: network/cloudflare-tunnel Deployment: network/cloudflare-tunnel
+++ HelmRelease: network/cloudflare-tunnel Deployment: network/cloudflare-tunnel
@@ -54,13 +54,13 @@
value: 'true'
- name: TUNNEL_TRANSPORT_PROTOCOL
value: quic
envFrom:
- secretRef:
name: cloudflare-tunnel-secret
- image: docker.io/cloudflare/cloudflared:2025.10.0
+ image: docker.io/cloudflare/cloudflared:2025.11.1
livenessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 0 |
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
0d91c31 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
595138d
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
595138d to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
14241b6
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
14241b6 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
3669629
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3669629 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
651b548
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
651b548 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
675ce73
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
675ce73 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
3f96985
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3f96985 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
79e557d
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
79e557d to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
df8b8fe
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
df8b8fe to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
ead179a
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
ead179a to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
a0fadaf
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
a0fadaf to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
ecc71bb
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
ecc71bb to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
8d032e5
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
d6d206c to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
e838b7d
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
e838b7d to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
53c88b6
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
53c88b6 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
e349968
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
e349968 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
da4417c
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
da4417c to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
a8ce9d7
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
a8ce9d7 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
1d55a85
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
1d55a85 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
fc96218
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
fc96218 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
9551421
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
9551421 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
fceb829
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
fceb829 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
71267e8
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
71267e8 to
3539d94
Compare
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
2 times, most recently
from
c55d52e to
96b5234
Compare
zednotdead
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
96b5234 to
3539d94
Compare
….10.0 → 2025.11.1 )
renovate
bot
force-pushed
the
renovate/docker.io-cloudflare-cloudflared-2025.x
branch
from
3539d94 to
bdc4198
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2025.10.0→2025.11.1Release Notes
cloudflare/cloudflared (docker.io/cloudflare/cloudflared)
v2025.11.1Compare Source
SHA256 Checksums:
v2025.10.1Compare Source
SHA256 Checksums:
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.