chore: Update manifests after change

2025-12-27 18:38:22 +00:00
parent cc1e9532ac
commit 20bdfe5eb6
26 changed files with 150 additions and 33 deletions
--- a/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml
+++ b/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml
@@ -69,6 +69,10 @@ rules:
      - get
      - list
      - watch
+      - create
+      - update
+      - delete
+      - patch
  - apiGroups:
      - cilium.io
    resources:
@@ -216,3 +220,57 @@ rules:
      - create
      - get
      - update
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses
+      - gateways
+      - tlsroutes
+      - httproutes
+      - grpcroutes
+      - referencegrants
+      - referencepolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses
+    verbs:
+      - patch
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses/status
+      - gateways/status
+      - httproutes/status
+      - grpcroutes/status
+      - tlsroutes/status
+    verbs:
+      - update
+      - patch
+  - apiGroups:
+      - cilium.io
+    resources:
+      - ciliumgatewayclassconfigs
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cilium.io
+    resources:
+      - ciliumgatewayclassconfigs/status
+    verbs:
+      - update
+      - patch
+  - apiGroups:
+      - multicluster.x-k8s.io
+    resources:
+      - serviceimports
+    verbs:
+      - get
+      - list
+      - watch
--- a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml
+++ b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml
@@ -16,6 +16,18 @@ data:
  controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services
  operator-prometheus-serve-addr: ":9963"
  enable-metrics: "true"
+  enable-envoy-config: "true"
+  envoy-config-retry-interval: "15s"
+  enable-gateway-api: "true"
+  enable-gateway-api-secrets-sync: "true"
+  enable-gateway-api-proxy-protocol: "false"
+  enable-gateway-api-app-protocol: "true"
+  enable-gateway-api-alpn: "true"
+  gateway-api-xff-num-trusted-hops: "0"
+  gateway-api-service-externaltrafficpolicy: "Cluster"
+  gateway-api-secrets-namespace: "cilium-secrets"
+  gateway-api-hostnetwork-enabled: "false"
+  gateway-api-hostnetwork-nodelabelselector: ""
  enable-policy-secrets-sync: "true"
  policy-secrets-only-from-secrets-namespace: "true"
  policy-secrets-namespace: "cilium-secrets"
--- a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml
+++ b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml
@@ -18,7 +18,7 @@ spec:
  template:
    metadata:
      annotations:
-        cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8"
+        cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6"
        kubectl.kubernetes.io/default-container: cilium-agent
      labels:
        k8s-app: cilium
--- a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml
+++ b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml
@@ -22,7 +22,7 @@ spec:
  template:
    metadata:
      annotations:
-        cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8"
+        cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6"
      labels:
        io.cilium/app: operator
        name: cilium-operator
--- a/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml
+++ b/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml
@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cilium-gateway-secrets
+  namespace: "cilium-secrets"
+  labels:
+    app.kubernetes.io/part-of: cilium
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
--- a/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml
+++ b/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cilium-operator-gateway-secrets
+  namespace: "cilium-secrets"
+  labels:
+    app.kubernetes.io/part-of: cilium
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+      - update
+      - patch
--- a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml
+++ b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cilium-gateway-secrets
+  namespace: "cilium-secrets"
+  labels:
+    app.kubernetes.io/part-of: cilium
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cilium-gateway-secrets
+subjects:
+  - kind: ServiceAccount
+    name: "cilium"
+    namespace: kube-system
--- a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml
+++ b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cilium-operator-gateway-secrets
+  namespace: "cilium-secrets"
+  labels:
+    app.kubernetes.io/part-of: cilium
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cilium-operator-gateway-secrets
+subjects:
+  - kind: ServiceAccount
+    name: "cilium-operator"
+    namespace: kube-system