From 19169088f20fbc4e18011d2a1bc80435a874036d Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Fri, 26 Dec 2025 01:19:16 +0000 Subject: [PATCH] chore: Update manifests after change --- .../HTTPRoute-argo-workflows.yaml | 4 +- .../manifests/blocky/ConfigMap-blocky.yaml | 4 +- .../manifests/blocky/Deployment-blocky.yaml | 2 +- .../cilium/ClusterRole-cilium-operator.yaml | 58 ------------------- .../cilium/ConfigMap-cilium-config.yaml | 12 ---- .../manifests/cilium/DaemonSet-cilium.yaml | 2 +- .../cilium/Deployment-cilium-operator.yaml | 2 +- .../cilium/Gateway-cilium-tls-gateway.yaml | 35 ----------- .../manifests/cilium/HTTPRoute-hubble.yaml | 6 +- .../cilium/Role-cilium-gateway-secrets.yaml | 16 ----- .../Role-cilium-operator-gateway-secrets.yaml | 17 ------ .../RoleBinding-cilium-gateway-secrets.yaml | 15 ----- ...nding-cilium-operator-gateway-secrets.yaml | 15 ----- 13 files changed, 10 insertions(+), 178 deletions(-) delete mode 100644 clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml delete mode 100644 clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml delete mode 100644 clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml delete mode 100644 clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml delete mode 100644 clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml diff --git a/clusters/cl01tl/manifests/argo-workflows/HTTPRoute-argo-workflows.yaml b/clusters/cl01tl/manifests/argo-workflows/HTTPRoute-argo-workflows.yaml index f49cc3304..91ed3c729 100644 --- a/clusters/cl01tl/manifests/argo-workflows/HTTPRoute-argo-workflows.yaml +++ b/clusters/cl01tl/manifests/argo-workflows/HTTPRoute-argo-workflows.yaml @@ -11,8 +11,8 @@ spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway - name: cilium-tls-gateway - namespace: kube-system + name: traefik-gateway + namespace: traefik hostnames: - argo-workflows.alexlebens.net rules: diff --git a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml index d2a9013c3..e9bae11cc 100644 --- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml @@ -90,7 +90,7 @@ data: ;; Application Names actual IN CNAME traefik-cl01tl alertmanager IN CNAME traefik-cl01tl - argo-workflows IN CNAME cilium-cl01tl + argo-workflows IN CNAME traefik-cl01tl argocd IN CNAME traefik-cl01tl audiobookshelf IN CNAME traefik-cl01tl authentik IN CNAME traefik-cl01tl @@ -111,7 +111,7 @@ data: home IN CNAME traefik-cl01tl home-assistant IN CNAME traefik-cl01tl home-assistant-code-server IN CNAME traefik-cl01tl - hubble IN CNAME cilium-cl01tl + hubble IN CNAME traefik-cl01tl huntarr IN CNAME traefik-cl01tl immich IN CNAME traefik-cl01tl jellyfin IN CNAME traefik-cl01tl diff --git a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml index 7242870c4..84ebc6f7c 100644 --- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 8104cad96f2074fcfd9ed4c913c5cad186a5a1bd6f711fd94def748712016080 + checksum/configMaps: 2f5e8c1dbe67625fe96fdedf0b39ace82fcf63552744f192712466288f21a002 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky diff --git a/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml b/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml index f7e07eb33..0327f318b 100644 --- a/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml +++ b/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml @@ -69,10 +69,6 @@ rules: - get - list - watch - - create - - update - - delete - - patch - apiGroups: - cilium.io resources: @@ -220,57 +216,3 @@ rules: - create - get - update - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - tlsroutes - - httproutes - - grpcroutes - - referencegrants - - referencepolicies - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - verbs: - - patch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - - gateways/status - - httproutes/status - - grpcroutes/status - - tlsroutes/status - verbs: - - update - - patch - - apiGroups: - - cilium.io - resources: - - ciliumgatewayclassconfigs - verbs: - - get - - list - - watch - - apiGroups: - - cilium.io - resources: - - ciliumgatewayclassconfigs/status - verbs: - - update - - patch - - apiGroups: - - multicluster.x-k8s.io - resources: - - serviceimports - verbs: - - get - - list - - watch diff --git a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml index 161ad6fd9..aae4ecf8e 100644 --- a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml +++ b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml @@ -16,18 +16,6 @@ data: controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services operator-prometheus-serve-addr: ":9963" enable-metrics: "true" - enable-envoy-config: "true" - envoy-config-retry-interval: "15s" - enable-gateway-api: "true" - enable-gateway-api-secrets-sync: "true" - enable-gateway-api-proxy-protocol: "false" - enable-gateway-api-app-protocol: "true" - enable-gateway-api-alpn: "true" - gateway-api-xff-num-trusted-hops: "0" - gateway-api-service-externaltrafficpolicy: "Cluster" - gateway-api-secrets-namespace: "cilium-secrets" - gateway-api-hostnetwork-enabled: "false" - gateway-api-hostnetwork-nodelabelselector: "" enable-policy-secrets-sync: "true" policy-secrets-only-from-secrets-namespace: "true" policy-secrets-namespace: "cilium-secrets" diff --git a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml index af24f1559..0fc0f83fd 100644 --- a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml +++ b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6" + cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8" kubectl.kubernetes.io/default-container: cilium-agent labels: k8s-app: cilium diff --git a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml index e0b8de185..c32c4db6e 100644 --- a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml +++ b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6" + cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8" labels: io.cilium/app: operator name: cilium-operator diff --git a/clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml b/clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml deleted file mode 100644 index 433abd623..000000000 --- a/clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: Gateway -metadata: - name: cilium-tls-gateway - namespace: kube-system - labels: - app.kubernetes.io/name: tls-gateway - app.kubernetes.io/instance: cilium - app.kubernetes.io/part-of: cilium - annotations: - cert-manager.io/cluster-issuer: letsencrypt-issuer -spec: - gatewayClassName: cilium - listeners: - - allowedRoutes: - namespaces: - from: All - hostname: '*.alexlebens.net' - name: http - port: 80 - protocol: HTTP - - allowedRoutes: - namespaces: - from: All - hostname: '*.alexlebens.net' - name: https - port: 443 - protocol: HTTPS - tls: - certificateRefs: - - group: '' - kind: Secret - name: https-gateway-cert - namespace: kube-system - mode: Terminate diff --git a/clusters/cl01tl/manifests/cilium/HTTPRoute-hubble.yaml b/clusters/cl01tl/manifests/cilium/HTTPRoute-hubble.yaml index 2956de8b7..b1f64e09b 100644 --- a/clusters/cl01tl/manifests/cilium/HTTPRoute-hubble.yaml +++ b/clusters/cl01tl/manifests/cilium/HTTPRoute-hubble.yaml @@ -11,15 +11,15 @@ spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway - name: cilium-tls-gateway - namespace: kube-system + name: traefik-gateway + namespace: traefik hostnames: - hubble.alexlebens.net rules: - matches: - path: type: PathPrefix - value: /hubble + value: / backendRefs: - group: '' kind: Service diff --git a/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml deleted file mode 100644 index 5ba0f73b9..000000000 --- a/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cilium-gateway-secrets - namespace: "cilium-secrets" - labels: - app.kubernetes.io/part-of: cilium -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch diff --git a/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml deleted file mode 100644 index 7649b8aa0..000000000 --- a/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cilium-operator-gateway-secrets - namespace: "cilium-secrets" - labels: - app.kubernetes.io/part-of: cilium -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - update - - patch diff --git a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml deleted file mode 100644 index a386746d1..000000000 --- a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cilium-gateway-secrets - namespace: "cilium-secrets" - labels: - app.kubernetes.io/part-of: cilium -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cilium-gateway-secrets -subjects: - - kind: ServiceAccount - name: "cilium" - namespace: kube-system diff --git a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml deleted file mode 100644 index 35c2b1607..000000000 --- a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cilium-operator-gateway-secrets - namespace: "cilium-secrets" - labels: - app.kubernetes.io/part-of: cilium -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cilium-operator-gateway-secrets -subjects: - - kind: ServiceAccount - name: "cilium-operator" - namespace: kube-system