Update mysql Docker tag to v9

2026-06-06 08:34:11 +00:00
25 changed files with 34 additions and 98 deletions
@@ -62,27 +62,6 @@ data:
          "packageNameTemplate": "Termix-SSH/Termix",
          "versioningTemplate": "regex:^release-(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
          "extractVersionTemplate": "^(?<version>release-\\d+\\.\\d+\\.\\d+)"
-        },
-        {
-          "description": "linuxserver servarr apps (prowlarr, radarr, sonarr) use tag pattern `version-X.Y.Z.B` (4 segments + `version-` prefix). The kubernetes manager's default docker versioning rejects them at the pre-check (same failure class as termix), so no PRs ever open. Use regex versioning to parse the prefixed 4-segment form; depName is captured from the regex so the same customManager handles all three apps.",
-          "customType": "regex",
-          "managerFilePatterns": ["/servarr-system/.+\\.ya?ml$/"],
-          "matchStrings": [
-            "image:\\s+linuxserver/(?<depName>prowlarr|radarr|sonarr):(?<currentValue>version-\\d+\\.\\d+\\.\\d+\\.\\d+)"
-          ],
-          "datasourceTemplate": "docker",
-          "packageNameTemplate": "linuxserver/{{depName}}",
-          "versioningTemplate": "regex:^version-(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)\\.(?<build>\\d+)$"
-        },
-        {
-          "description": "umami: the docker image tag is `postgresql-vX.Y.Z` (the PostgreSQL-flavored variant). Default docker versioning rejects the prefix. Same fix as termix/servarr: regex versioning parses the prefixed value; ghcr.io tag list is filtered to the postgresql-v* track only.",
-          "customType": "regex",
-          "managerFilePatterns": ["/felhom-system/umami\\.ya?ml$/"],
-          "matchStrings": [
-            "image:\\s+(?<depName>ghcr\\.io/umami-software/umami):(?<currentValue>postgresql-v\\d+\\.\\d+\\.\\d+)"
-          ],
-          "datasourceTemplate": "docker",
-          "versioningTemplate": "regex:^postgresql-v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$"
        }
      ],
      "packageRules": [
@@ -130,41 +109,11 @@ data:
          "matchPackageNames": ["flomp/wanderer-db", "flomp/wanderer-web"],
          "groupName": "wanderer"
        },
-        {
-          "description": "meilisearch: every version bump can require an index format migration via dump/restore (see https://www.meilisearch.com/docs/learn/update_and_migration/updating). PR #32 (v1.11.3 -> v1.45.2) on 2026-06-06 broke wanderer with `Your database version (1.11.3) is incompatible with your current engine version (1.45.2)`. Hold ALL meilisearch updates behind dashboard approval so the migration is planned before the PR even opens.",
-          "matchPackageNames": ["getmeili/meilisearch"],
-          "dependencyDashboardApproval": true
-        },
-        {
-          "description": "Postgres-family images: a major bump (e.g. 16 -> 17) requires pg_upgrade or dump/restore — the new server binary refuses to open the old data directory (`database files are incompatible with server`). PR #76 (immich-app/postgres 16 -> 17) on 2026-06-06 crashlooped immich-postgres and immich-server. Renovate's docker versioning treats these custom tag formats inconsistently, so don't trust the major/minor classification: hold ALL updates for these images behind explicit dashboard approval. Includes vanilla postgres, postgis/postgis (where the tag prefix IS the pg major), and ghcr.io/immich-app/postgres (custom `N-vectorchordX.Y.Z` form).",
-          "matchPackageNames": [
-            "postgres",
-            "postgis/postgis",
-            "ghcr.io/immich-app/postgres"
-          ],
-          "dependencyDashboardApproval": true
-        },
        {
          "description": "termix: kubernetes manager would extract the image with versioning=docker and silently skip it (release-1.11.0 fails the docker pre-check). Disable that extraction; customManagers above does the real work via github-releases.",
          "matchManagers": ["kubernetes"],
          "matchPackageNames": ["ghcr.io/lukegus/termix"],
          "enabled": false
-        },
-        {
-          "description": "linuxserver servarr apps: same disable pattern as termix. The customManager above handles extraction with the right versioning; turn off the default kubernetes-manager extraction so it doesn't silently skip + clutter the dashboard.",
-          "matchManagers": ["kubernetes"],
-          "matchPackageNames": [
-            "linuxserver/prowlarr",
-            "linuxserver/radarr",
-            "linuxserver/sonarr"
-          ],
-          "enabled": false
-        },
-        {
-          "description": "umami: same disable pattern. customManager handles extraction; kubernetes-manager would silently skip `postgresql-vX.Y.Z`.",
-          "matchManagers": ["kubernetes"],
-          "matchPackageNames": ["ghcr.io/umami-software/umami"],
-          "enabled": false
        }
      ],
      "labels": ["renovate"]
@@ -178,7 +127,7 @@ metadata:
  labels:
    app.kubernetes.io/instance: renovate
    app.kubernetes.io/name: renovate
-    app.kubernetes.io/version: "43.209.3"
+    app.kubernetes.io/version: "43.197.0"
 spec:
  # Sat 02:00 Europe/Budapest — leaves the full weekend for troubleshooting
  # if a Renovate-merged update breaks something.
@@ -193,14 +142,14 @@ spec:
      labels:
        app.kubernetes.io/instance: renovate
        app.kubernetes.io/name: renovate
-        app.kubernetes.io/version: "43.209.3"
+        app.kubernetes.io/version: "43.197.0"
    spec:
      template:
        metadata:
          labels:
            app.kubernetes.io/instance: renovate
            app.kubernetes.io/name: renovate
-            app.kubernetes.io/version: "43.209.3"
+            app.kubernetes.io/version: "43.197.0"
          annotations:
            # Renovate uses plain X.Y.Z semver tags (no -slim suffix anymore)
            match-regex.version-checker.io/renovate: '^\d+\.\d+\.\d+$'
@@ -56,7 +56,7 @@ spec:
    spec:
      containers:
        - name: redis
-          image: redis:8.8-alpine
+          image: redis:7.4-alpine
          ports:
            - containerPort: 6379
              name: redis
@@ -77,7 +77,7 @@ spec:
    spec:
      containers:
        - name: redis
-          image: redis:8-alpine
+          image: redis:7-alpine
          imagePullPolicy: IfNotPresent
          args:
            - redis-server
@@ -50,7 +50,7 @@ spec:
        fsGroup: 1000
      containers:
        - name: code-server
-          image: codercom/code-server:4.123.0
+          image: codercom/code-server:4.122.1
          args:
            - --bind-addr=0.0.0.0:8080
            - --auth=none
@@ -169,7 +169,7 @@ spec:
          type: RuntimeDefault
      containers:
      - name: reloader
-        image: ghcr.io/stakater/reloader:v1.4.17
+        image: ghcr.io/stakater/reloader:v1.4.12
        imagePullPolicy: IfNotPresent
        env:
        - name: GOMAXPROCS
@@ -57,7 +57,7 @@ replicaCount: 1
 # Image configuration (optional - use defaults)
 image:
  repository: ghcr.io/cloudnative-pg/cloudnative-pg
-  tag: 1.29.1
+  tag: 1.28.1

 # Service configuration
 service:
@@ -187,7 +187,7 @@ spec:
              cpu: "50m"
      containers:
        - name: umami
-          image: ghcr.io/umami-software/umami:postgresql-v1.38.0
+          image: ghcr.io/umami-software/umami:postgresql-latest
          ports:
            - containerPort: 3000
          env:
@@ -100,7 +100,7 @@ spec:
    spec:
      containers:
        - name: filebrowser
-          image: filebrowser/filebrowser:v2.63.13
+          image: filebrowser/filebrowser:v2-alpine
          ports:
            - containerPort: 8080
          volumeMounts:
@@ -258,7 +258,7 @@ spec:
      automountServiceAccountToken: true
      containers:
        - name: headlamp
-          image: ghcr.io/headlamp-k8s/headlamp:v0.42.0
+          image: ghcr.io/headlamp-k8s/headlamp:v0.40.0
          imagePullPolicy: IfNotPresent
          args:
            - "-in-cluster"
@@ -42,5 +42,5 @@ rbac:
 # Image configuration
 image:
  repository: registry.k8s.io/external-dns/external-dns
-  tag: v0.21.0
+  tag: v0.19.0
  pullPolicy: IfNotPresent
@@ -1,11 +1,4 @@
 ---
-# Image tag override: bumps pihole/pihole to 2026.05.0 without changing
-# the chart version. The 2026.05.0 release bundles FTL v6.6.2 which
-# imports 6 upstream dnsmasq CVE fixes (covering the dnsmasq 2.92/2.93
-# disclosures). No FTL-side config or API changes per the release notes.
-# https://github.com/pi-hole/docker-pi-hole/releases/tag/2026.05.0
-image:
-  tag: "2026.05.0"
 DNS1: "1.1.1.1"   # Cloudflare
 DNS2: "8.8.8.8"   # Google
 DNS3: "9.9.9.9"   #Quad9
@@ -4,7 +4,7 @@ image:
  registry: index.docker.io
  repository: plexinc/pms-docker
  # renovate: datasource=custom.plex depName=plex versioning=loose
-  tag: "1.43.2.10687-563d026ea"
+  tag: "1.43.0.10467-2b1ba6e69"
  sha: ""
  pullPolicy: IfNotPresent

@@ -235,10 +235,7 @@ statefulSet:
  annotations: {}
  # -- Optional extra annotations to add to the pods in the statefulset
  podAnnotations: 
-    # Match only `<X.Y.Z.B>-<short-hash>` (the amd64/native tag form) and exclude
-    # per-arch tags (e.g. `-armhf`, `-arm64`) so version-checker doesn't show an
-    # ARM tag as "newer" than our x86_64 install.
-    match-regex.version-checker.io/plex-plex-media-server-pms: '^\d+\.\d+\.\d+\.\d+-[a-f0-9]+$'
+    match-regex.version-checker.io/plex-plex-media-server-pms: ^\d+\.\d+\.\d+\.\d+-.*$

 service:
  type: LoadBalancer
@@ -372,7 +372,7 @@ spec:
      enableServiceLinks: true
      containers:
        - name: homepage
-          image: ghcr.io/gethomepage/homepage:v1.13.1
+          image: ghcr.io/gethomepage/homepage:v1.10.1
          imagePullPolicy: IfNotPresent
          env:
            # Required for external access
@@ -535,7 +535,7 @@ spec:
      enableServiceLinks: true
      containers:
        - name: homepage
-          image: ghcr.io/gethomepage/homepage:v1.13.1
+          image: ghcr.io/gethomepage/homepage:v1.10.1
          imagePullPolicy: IfNotPresent
          env:
            # Required for external access
@@ -241,7 +241,7 @@ spec:
              value: immich-valkey
            - name: TRANSFORMERS_CACHE
              value: /cache
-          image: ghcr.io/immich-app/immich-machine-learning:v2.7.5
+          image: ghcr.io/immich-app/immich-machine-learning:v2.5.5
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 3
@@ -336,7 +336,7 @@ spec:
              value: http://immich-machine-learning:3003
            - name: REDIS_HOSTNAME
              value: immich-valkey
-          image: ghcr.io/immich-app/immich-server:v2.7.5
+          image: ghcr.io/immich-app/immich-server:v2.5.5
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 3
@@ -185,7 +185,7 @@ spec:
    spec:
      containers:
        - name: redis
-          image: redis:8-alpine
+          image: redis:7-alpine
          imagePullPolicy: IfNotPresent
          args:
            - redis-server
@@ -529,7 +529,7 @@ spec:
        runAsGroup: 472
      containers:
        - name: grafana
-          image: grafana/grafana:13.0.2
+          image: grafana/grafana:12.4.4
          ports:
            - containerPort: 3000
              name: http
@@ -392,13 +392,10 @@ spec:
        nextcloud-config-hash: 06b49913be13b1f9a81745166dd75ada59e7ddd39e8f6a2c5538affe2a6d1093
        php-config-hash: 5a497358af870e06b42325eee83d7c0e5466b7f6819cb49b598559d96def7428
        hooks-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
-        # Only match the `X.Y.Z-apache` variant tags so version-checker doesn't
-        # treat the bare `X.Y.Z` server tag as a "newer" version of our apache image.
-        match-regex.version-checker.io/nextcloud: '^\d+\.\d+\.\d+-apache$'
    spec:
      containers:
        - name: nextcloud
-          image: docker.io/library/nextcloud:33.0.5-apache
+          image: docker.io/library/nextcloud:33.0.4-apache
          imagePullPolicy: IfNotPresent
          env:
            - name: SMTP_HOST
@@ -198,7 +198,7 @@ spec:
    spec:
      containers:
        - name: redis
-          image: redis:8-alpine
+          image: redis:7-alpine
          imagePullPolicy: IfNotPresent
          command:
            - redis-server
@@ -71,7 +71,7 @@ spec:
    spec:
      containers:
        - name: redis
-          image: redis:8-alpine
+          image: redis:7-alpine
          imagePullPolicy: IfNotPresent
          ports:
            - name: redis
@@ -158,7 +158,7 @@ spec:
      enableServiceLinks: false
      containers:
        - name: paperless
-          image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15
+          image: ghcr.io/paperless-ngx/paperless-ngx:2.20.6
          imagePullPolicy: IfNotPresent
          env:
            # Database - using shared PostgreSQL in database-system namespace
@@ -43,7 +43,7 @@ spec:
    spec:
      containers:
        - name: mysql
-          image: mysql:8.4
+          image: mysql:9.7
          env:
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
@@ -121,7 +121,7 @@ spec:
    spec:
      containers:
        - name: redis
-          image: redis:8.8.0
+          image: redis:7.4.9
          ports:
            - containerPort: 6379
              name: redis
@@ -30,7 +30,7 @@ spec:
    spec:
      containers:
        - name: prowlarr
-          image: linuxserver/prowlarr:version-2.3.5.5327
+          image: linuxserver/prowlarr:version-2.3.0.5236
          imagePullPolicy: IfNotPresent
          env:
            - name: PUID
@@ -91,7 +91,7 @@ spec:
    spec:
      containers:
        - name: radarr
-          image: linuxserver/radarr:version-6.1.1.10360
+          image: linuxserver/radarr:version-6.0.4.10291
          imagePullPolicy: IfNotPresent
          env:
            - name: PUID
@@ -164,7 +164,7 @@ spec:
    spec:
      containers:
        - name: sonarr
-          image: linuxserver/sonarr:version-4.0.17.2952
+          image: linuxserver/sonarr:version-4.0.16.2944
          imagePullPolicy: IfNotPresent
          env:
            - name: PUID
@@ -705,7 +705,7 @@ spec:
    spec:
      containers:
        - name: radarr
-          image: linuxserver/radarr:version-6.1.1.10360
+          image: linuxserver/radarr:version-6.0.4.10291
          imagePullPolicy: IfNotPresent
          env:
            - name: PUID
@@ -30,7 +30,7 @@ spec:
    spec:
      initContainers:
        - name: create-superuser
-          image: vabene1111/recipes:2.6.9
+          image: vabene1111/recipes:2.6
          workingDir: /opt/recipes
          command:
            - /bin/sh
@@ -106,7 +106,7 @@ spec:
                  key: email
      containers:
        - name: tandoor
-          image: vabene1111/recipes:2.6.9
+          image: vabene1111/recipes:2.6
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
@@ -45,7 +45,7 @@ spec:
          # Renovate handles it via a customManagers regex defined in
          # admin-system/renovate.yaml (the kubernetes manager doesn't
          # process inline `# renovate:` comments).
-          image: ghcr.io/lukegus/termix:release-2.3.2
+          image: ghcr.io/lukegus/termix:release-1.11.0
          imagePullPolicy: IfNotPresent
          ports:
            - name: http
@@ -57,7 +57,7 @@ spec:
    spec:
      containers:
        - name: meilisearch
-          image: getmeili/meilisearch:v1.11.3
+          image: getmeili/meilisearch:v1.45.2
          env:
            - name: MEILI_MASTER_KEY
              valueFrom: