From 323adc8c4d206d89d9ae6bf2685af78219e79dcc Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Wed, 25 Mar 2026 00:15:25 +0000 Subject: [PATCH] Automated Manifest Update (#5111) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. ### Details - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `673377e` (on `673377e300b67860b07703d8222c155dd1d2fe29`) - **Charts Updated**: `cert-manager,cilium,cloudnative-pg` Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/5111 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- .../ClusterIssuer-letsencrypt-issuer.yaml | 5 +++++ .../cert-manager/Deployment-cert-manager.yaml | 4 ++++ .../ExternalSecret-cloudflare-api-token.yaml | 3 --- .../PodDisruptionBudget-cert-manager.yaml | 20 +++++++++++++++++++ .../cilium/ConfigMap-cilium-config.yaml | 2 +- .../manifests/cilium/DaemonSet-cilium.yaml | 2 +- .../cilium/Deployment-cilium-operator.yaml | 2 +- .../cilium/Role-cilium-gateway-secrets.yaml | 2 +- .../Role-cilium-operator-gateway-secrets.yaml | 2 +- .../RoleBinding-cilium-gateway-secrets.yaml | 2 +- ...nding-cilium-operator-gateway-secrets.yaml | 2 +- ...nt-cloudnative-pg-plugin-barman-cloud.yaml | 7 +++++-- .../Deployment-cloudnative-pg.yaml | 5 ++++- 13 files changed, 45 insertions(+), 13 deletions(-) create mode 100644 clusters/cl01tl/manifests/cert-manager/PodDisruptionBudget-cert-manager.yaml diff --git a/clusters/cl01tl/manifests/cert-manager/ClusterIssuer-letsencrypt-issuer.yaml b/clusters/cl01tl/manifests/cert-manager/ClusterIssuer-letsencrypt-issuer.yaml index a5d9a90b9..91a80286e 100644 --- a/clusters/cl01tl/manifests/cert-manager/ClusterIssuer-letsencrypt-issuer.yaml +++ b/clusters/cl01tl/manifests/cert-manager/ClusterIssuer-letsencrypt-issuer.yaml @@ -2,6 +2,11 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-issuer + namespace: cert-manager + labels: + app.kubernetes.io/name: letsencrypt-issuer + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/part-of: cert-manager spec: acme: email: alexanderlebens@gmail.com diff --git a/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager.yaml b/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager.yaml index ca5feb2c9..3746b6ca3 100644 --- a/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager.yaml +++ b/clusters/cl01tl/manifests/cert-manager/Deployment-cert-manager.yaml @@ -64,6 +64,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + resources: + requests: + cpu: 10m + memory: 64Mi livenessProbe: httpGet: port: http-healthz diff --git a/clusters/cl01tl/manifests/cert-manager/ExternalSecret-cloudflare-api-token.yaml b/clusters/cl01tl/manifests/cert-manager/ExternalSecret-cloudflare-api-token.yaml index 2eb6a70fd..91e5d55ab 100644 --- a/clusters/cl01tl/manifests/cert-manager/ExternalSecret-cloudflare-api-token.yaml +++ b/clusters/cl01tl/manifests/cert-manager/ExternalSecret-cloudflare-api-token.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: api-token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cloudflare/alexlebens.net/clusterissuer - metadataPolicy: None property: token diff --git a/clusters/cl01tl/manifests/cert-manager/PodDisruptionBudget-cert-manager.yaml b/clusters/cl01tl/manifests/cert-manager/PodDisruptionBudget-cert-manager.yaml new file mode 100644 index 000000000..6b657ec70 --- /dev/null +++ b/clusters/cl01tl/manifests/cert-manager/PodDisruptionBudget-cert-manager.yaml @@ -0,0 +1,20 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: cert-manager + namespace: cert-manager + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.20.0" + app.kubernetes.io/managed-by: Helm + helm.sh/chart: cert-manager-v1.20.0 +spec: + selector: + matchLabels: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/component: "controller" + minAvailable: 1 diff --git a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml index 70b82cf87..d68d9f3b9 100644 --- a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml +++ b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml @@ -25,7 +25,7 @@ data: enable-gateway-api-alpn: "true" gateway-api-xff-num-trusted-hops: "0" gateway-api-service-externaltrafficpolicy: "Cluster" - gateway-api-secrets-namespace: "cilium-secrets" + gateway-api-secrets-namespace: "kube-system" gateway-api-hostnetwork-enabled: "false" gateway-api-hostnetwork-nodelabelselector: "" enable-policy-secrets-sync: "true" diff --git a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml index 6d1c4900f..57d3cc278 100644 --- a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml +++ b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - cilium.io/cilium-configmap-checksum: "e129393f7260ae593c00137d4b9c2c92e786de76c1125c2293f366cfe5b3512b" + cilium.io/cilium-configmap-checksum: "6c5e6123b63f6fc449922e9eb9bd248afa8fd228d8083cc40c920fff386079bb" kubectl.kubernetes.io/default-container: cilium-agent labels: k8s-app: cilium diff --git a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml index 6cb94c37b..d8d9b9b0a 100644 --- a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml +++ b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - cilium.io/cilium-configmap-checksum: "e129393f7260ae593c00137d4b9c2c92e786de76c1125c2293f366cfe5b3512b" + cilium.io/cilium-configmap-checksum: "6c5e6123b63f6fc449922e9eb9bd248afa8fd228d8083cc40c920fff386079bb" labels: io.cilium/app: operator name: cilium-operator diff --git a/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml index 5ba0f73b9..596a326d0 100644 --- a/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml +++ b/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: cilium-gateway-secrets - namespace: "cilium-secrets" + namespace: "kube-system" labels: app.kubernetes.io/part-of: cilium rules: diff --git a/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml index 7649b8aa0..cc6e7ac3c 100644 --- a/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml +++ b/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: cilium-operator-gateway-secrets - namespace: "cilium-secrets" + namespace: "kube-system" labels: app.kubernetes.io/part-of: cilium rules: diff --git a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml index a386746d1..a784d4c34 100644 --- a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml +++ b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cilium-gateway-secrets - namespace: "cilium-secrets" + namespace: "kube-system" labels: app.kubernetes.io/part-of: cilium roleRef: diff --git a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml index 35c2b1607..868c39853 100644 --- a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml +++ b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cilium-operator-gateway-secrets - namespace: "cilium-secrets" + namespace: "kube-system" labels: app.kubernetes.io/part-of: cilium roleRef: diff --git a/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg-plugin-barman-cloud.yaml b/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg-plugin-barman-cloud.yaml index 1791525b6..c3c72abf3 100644 --- a/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg-plugin-barman-cloud.yaml +++ b/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg-plugin-barman-cloud.yaml @@ -10,7 +10,7 @@ metadata: name: cloudnative-pg-plugin-barman-cloud namespace: cloudnative-pg spec: - replicas: 1 + replicas: 2 selector: matchLabels: app.kubernetes.io/name: plugin-barman-cloud @@ -48,7 +48,10 @@ spec: periodSeconds: 10 tcpSocket: port: 9090 - resources: {} + resources: + requests: + cpu: 10m + memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml b/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml index 0b2e0a43c..b34c36467 100644 --- a/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml +++ b/clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml @@ -65,7 +65,10 @@ spec: port: webhook-server scheme: HTTPS initialDelaySeconds: 3 - resources: {} + resources: + requests: + cpu: 10m + memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: