From 51170b8da36456a8a163d25cbce95fec5091967c Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Fri, 8 May 2026 05:41:57 +0000 Subject: [PATCH] chore: Update manifests after change --- .../Deployment-authentik-cloudflared.yaml | 7 +++--- ...alSecret-authentik-cloudflared-secret.yaml | 4 +-- .../Service-authentik-cloudflared.yaml | 23 +++++++++++++++++ .../ServiceAccount-authentik-cloudflared.yaml | 2 +- .../ServiceMonitor-authentik-cloudflared.yaml | 25 +++++++++++++++++++ .../Deployment-element-web-cloudflared.yaml | 9 ++++--- ...Secret-element-web-cloudflared-secret.yaml | 4 +-- .../Service-element-web-cloudflared.yaml | 23 +++++++++++++++++ ...erviceAccount-element-web-cloudflared.yaml | 11 ++++++++ ...erviceMonitor-element-web-cloudflared.yaml | 25 +++++++++++++++++++ .../manifests/eraser/Namespace-eraser.yaml | 11 ++++++++ .../Deployment-foldergram-cloudflared.yaml | 9 ++++--- .../foldergram/Deployment-foldergram.yaml | 2 +- ...lSecret-foldergram-cloudflared-secret.yaml | 4 +-- .../Service-foldergram-cloudflared.yaml | 23 +++++++++++++++++ ...ServiceAccount-foldergram-cloudflared.yaml | 11 ++++++++ .../foldergram/ServiceAccount-foldergram.yaml | 10 ++++++++ ...ServiceMonitor-foldergram-cloudflared.yaml | 25 +++++++++++++++++++ .../Deployment-freshrss-cloudflared.yaml | 9 ++++--- .../freshrss/Deployment-freshrss.yaml | 2 +- ...nalSecret-freshrss-cloudflared-secret.yaml | 4 +-- .../Service-freshrss-cloudflared.yaml | 23 +++++++++++++++++ .../ServiceAccount-freshrss-cloudflared.yaml | 11 ++++++++ .../freshrss/ServiceAccount-freshrss.yaml | 10 ++++++++ .../ServiceMonitor-freshrss-cloudflared.yaml | 25 +++++++++++++++++++ .../gitea/Deployment-gitea-cloudflared.yaml | 7 +++--- ...ternalSecret-gitea-cloudflared-secret.yaml | 4 +-- .../gitea/Service-gitea-cloudflared.yaml | 23 +++++++++++++++++ .../ServiceAccount-gitea-cloudflared.yaml | 2 +- .../ServiceMonitor-gitea-cloudflared.yaml | 25 +++++++++++++++++++ ...akeep-karakeep-assets-external-rclone.yaml | 2 +- ...onJob-karakeep-karakeep-assets-rclone.yaml | 2 +- .../Deployment-karakeep-cloudflared.yaml | 9 ++++--- .../karakeep/Deployment-karakeep.yaml | 2 +- ...nalSecret-karakeep-cloudflared-secret.yaml | 4 +-- .../Service-karakeep-cloudflared.yaml | 23 +++++++++++++++++ .../ServiceAccount-karakeep-cloudflared.yaml | 11 ++++++++ ...akeep-karakeep-assets-external-rclone.yaml | 11 ++++++++ ...count-karakeep-karakeep-assets-rclone.yaml | 11 ++++++++ .../karakeep/ServiceAccount-karakeep.yaml | 10 ++++++++ .../ServiceMonitor-karakeep-cloudflared.yaml | 25 +++++++++++++++++++ .../karakeep/ServiceMonitor-karakeep.yaml | 2 +- ...t-matrix-synapse-hookshot-cloudflared.yaml | 7 +++--- ...nt-matrix-synapse-synapse-cloudflared.yaml | 7 +++--- ...x-synapse-hookshot-cloudflared-secret.yaml | 4 +-- ...ix-synapse-synapse-cloudflared-secret.yaml | 4 +-- ...e-matrix-synapse-hookshot-cloudflared.yaml | 23 +++++++++++++++++ ...ce-matrix-synapse-synapse-cloudflared.yaml | 23 +++++++++++++++++ ...t-matrix-synapse-hookshot-cloudflared.yaml | 2 +- ...nt-matrix-synapse-synapse-cloudflared.yaml | 2 +- ...r-matrix-synapse-hookshot-cloudflared.yaml | 25 +++++++++++++++++++ ...or-matrix-synapse-synapse-cloudflared.yaml | 25 +++++++++++++++++++ .../Deployment-outline-cloudflared.yaml | 7 +++--- ...rnalSecret-outline-cloudflared-secret.yaml | 4 +-- .../outline/Service-outline-cloudflared.yaml | 23 +++++++++++++++++ .../ServiceAccount-outline-cloudflared.yaml | 2 +- .../ServiceMonitor-outline-cloudflared.yaml | 25 +++++++++++++++++++ .../postiz/Deployment-postiz-cloudflared.yaml | 7 +++--- ...ernalSecret-postiz-cloudflared-secret.yaml | 4 +-- .../postiz/Service-postiz-cloudflared.yaml | 23 +++++++++++++++++ .../ServiceAccount-postiz-cloudflared.yaml | 2 +- .../ServiceMonitor-postiz-cloudflared.yaml | 25 +++++++++++++++++++ .../rybbit/Deployment-rybbit-backend.yaml | 2 +- .../rybbit/Deployment-rybbit-clickhouse.yaml | 2 +- .../rybbit/Deployment-rybbit-client.yaml | 2 +- .../rybbit/Deployment-rybbit-cloudflared.yaml | 9 ++++--- ...ernalSecret-rybbit-cloudflared-secret.yaml | 4 +-- .../rybbit/Service-rybbit-cloudflared.yaml | 23 +++++++++++++++++ .../ServiceAccount-rybbit-cloudflared.yaml | 11 ++++++++ .../rybbit/ServiceAccount-rybbit.yaml | 10 ++++++++ .../ServiceMonitor-rybbit-cloudflared.yaml | 25 +++++++++++++++++++ .../rybbit/ServiceMonitor-rybbit.yaml | 2 +- ...oyment-site-documentation-cloudflared.yaml | 9 ++++--- .../Deployment-site-documentation.yaml | 2 +- ...site-documentation-cloudflared-secret.yaml | 4 +-- ...ervice-site-documentation-cloudflared.yaml | 23 +++++++++++++++++ ...ccount-site-documentation-cloudflared.yaml | 11 ++++++++ .../ServiceAccount-site-documentation.yaml | 10 ++++++++ ...onitor-site-documentation-cloudflared.yaml | 25 +++++++++++++++++++ .../Deployment-site-profile-cloudflared.yaml | 9 ++++--- .../site-profile/Deployment-site-profile.yaml | 2 +- ...ecret-site-profile-cloudflared-secret.yaml | 4 +-- .../Service-site-profile-cloudflared.yaml | 23 +++++++++++++++++ ...rviceAccount-site-profile-cloudflared.yaml | 11 ++++++++ .../ServiceAccount-site-profile.yaml | 10 ++++++++ ...rviceMonitor-site-profile-cloudflared.yaml | 25 +++++++++++++++++++ ...eployment-site-saralebens-cloudflared.yaml | 9 ++++--- .../Deployment-site-saralebens.yaml | 2 +- ...et-site-saralebens-cloudflared-secret.yaml | 4 +-- .../Service-site-saralebens-cloudflared.yaml | 23 +++++++++++++++++ ...ceAccount-site-saralebens-cloudflared.yaml | 11 ++++++++ .../ServiceAccount-site-saralebens.yaml | 10 ++++++++ ...ceMonitor-site-saralebens-cloudflared.yaml | 25 +++++++++++++++++++ .../Deployment-vaultwarden-cloudflared.yaml | 9 ++++--- .../vaultwarden/Deployment-vaultwarden.yaml | 2 +- ...Secret-vaultwarden-cloudflared-secret.yaml | 4 +-- .../Service-vaultwarden-cloudflared.yaml | 23 +++++++++++++++++ ...erviceAccount-vaultwarden-cloudflared.yaml | 11 ++++++++ .../ServiceAccount-vaultwarden.yaml | 10 ++++++++ ...erviceMonitor-vaultwarden-cloudflared.yaml | 25 +++++++++++++++++++ 100 files changed, 1051 insertions(+), 104 deletions(-) create mode 100644 clusters/cl01tl/manifests/authentik/Service-authentik-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/authentik/ServiceMonitor-authentik-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/element-web/Service-element-web-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/element-web/ServiceAccount-element-web-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/element-web/ServiceMonitor-element-web-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/eraser/Namespace-eraser.yaml create mode 100644 clusters/cl01tl/manifests/foldergram/Service-foldergram-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/foldergram/ServiceAccount-foldergram-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/foldergram/ServiceAccount-foldergram.yaml create mode 100644 clusters/cl01tl/manifests/foldergram/ServiceMonitor-foldergram-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/freshrss/Service-freshrss-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/freshrss/ServiceAccount-freshrss-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/freshrss/ServiceAccount-freshrss.yaml create mode 100644 clusters/cl01tl/manifests/freshrss/ServiceMonitor-freshrss-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/gitea/Service-gitea-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/karakeep/Service-karakeep-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-karakeep-assets-external-rclone.yaml create mode 100644 clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-karakeep-assets-rclone.yaml create mode 100644 clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep.yaml create mode 100644 clusters/cl01tl/manifests/karakeep/ServiceMonitor-karakeep-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-hookshot-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-synapse-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-hookshot-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-synapse-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/outline/Service-outline-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/outline/ServiceMonitor-outline-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/postiz/Service-postiz-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/postiz/ServiceMonitor-postiz-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/rybbit/Service-rybbit-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/rybbit/ServiceAccount-rybbit-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/rybbit/ServiceAccount-rybbit.yaml create mode 100644 clusters/cl01tl/manifests/rybbit/ServiceMonitor-rybbit-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-documentation/Service-site-documentation-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-documentation/ServiceAccount-site-documentation-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-documentation/ServiceAccount-site-documentation.yaml create mode 100644 clusters/cl01tl/manifests/site-documentation/ServiceMonitor-site-documentation-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-profile/Service-site-profile-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-profile/ServiceAccount-site-profile-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-profile/ServiceAccount-site-profile.yaml create mode 100644 clusters/cl01tl/manifests/site-profile/ServiceMonitor-site-profile-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-saralebens/Service-site-saralebens-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-saralebens/ServiceAccount-site-saralebens-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/site-saralebens/ServiceAccount-site-saralebens.yaml create mode 100644 clusters/cl01tl/manifests/site-saralebens/ServiceMonitor-site-saralebens-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/vaultwarden/Service-vaultwarden-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/vaultwarden/ServiceAccount-vaultwarden-cloudflared.yaml create mode 100644 clusters/cl01tl/manifests/vaultwarden/ServiceAccount-vaultwarden.yaml create mode 100644 clusters/cl01tl/manifests/vaultwarden/ServiceMonitor-vaultwarden-cloudflared.yaml diff --git a/clusters/cl01tl/manifests/authentik/Deployment-authentik-cloudflared.yaml b/clusters/cl01tl/manifests/authentik/Deployment-authentik-cloudflared.yaml index 2de658fe1..9d8f812ca 100644 --- a/clusters/cl01tl/manifests/authentik/Deployment-authentik-cloudflared.yaml +++ b/clusters/cl01tl/manifests/authentik/Deployment-authentik-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 namespace: authentik spec: revisionHistoryLimit: 3 @@ -28,7 +28,7 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: authentik + serviceAccountName: authentik-cloudflared automountServiceAccountToken: false hostIPC: false hostNetwork: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-cloudflared-secret.yaml b/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-cloudflared-secret.yaml index a13a359a0..2f572375a 100644 --- a/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/authentik/ExternalSecret-authentik-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: authentik-cloudflared-secret namespace: authentik labels: - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: authentik app.kubernetes.io/part-of: authentik - app.kubernetes.io/version: "2.7.1" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: authentik-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/authentik/Service-authentik-cloudflared.yaml b/clusters/cl01tl/manifests/authentik/Service-authentik-cloudflared.yaml new file mode 100644 index 000000000..3c6c4ab10 --- /dev/null +++ b/clusters/cl01tl/manifests/authentik/Service-authentik-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: authentik-cloudflared + labels: + app.kubernetes.io/instance: authentik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: authentik-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: authentik +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: authentik + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/authentik/ServiceAccount-authentik-cloudflared.yaml b/clusters/cl01tl/manifests/authentik/ServiceAccount-authentik-cloudflared.yaml index 9163704f9..f2937b88d 100644 --- a/clusters/cl01tl/manifests/authentik/ServiceAccount-authentik-cloudflared.yaml +++ b/clusters/cl01tl/manifests/authentik/ServiceAccount-authentik-cloudflared.yaml @@ -7,5 +7,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 namespace: authentik diff --git a/clusters/cl01tl/manifests/authentik/ServiceMonitor-authentik-cloudflared.yaml b/clusters/cl01tl/manifests/authentik/ServiceMonitor-authentik-cloudflared.yaml new file mode 100644 index 000000000..dd207d85a --- /dev/null +++ b/clusters/cl01tl/manifests/authentik/ServiceMonitor-authentik-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: authentik-cloudflared + labels: + app.kubernetes.io/instance: authentik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: authentik +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - authentik + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/element-web/Deployment-element-web-cloudflared.yaml b/clusters/cl01tl/manifests/element-web/Deployment-element-web-cloudflared.yaml index f2f0238fc..070c445b2 100644 --- a/clusters/cl01tl/manifests/element-web/Deployment-element-web-cloudflared.yaml +++ b/clusters/cl01tl/manifests/element-web/Deployment-element-web-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: element-web spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: element-web-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/element-web/ExternalSecret-element-web-cloudflared-secret.yaml b/clusters/cl01tl/manifests/element-web/ExternalSecret-element-web-cloudflared-secret.yaml index 19da4f19e..cb8feb6ed 100644 --- a/clusters/cl01tl/manifests/element-web/ExternalSecret-element-web-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/element-web/ExternalSecret-element-web-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: element-web-cloudflared-secret namespace: element-web labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: element-web app.kubernetes.io/part-of: element-web - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: element-web-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/element-web/Service-element-web-cloudflared.yaml b/clusters/cl01tl/manifests/element-web/Service-element-web-cloudflared.yaml new file mode 100644 index 000000000..78ac917b2 --- /dev/null +++ b/clusters/cl01tl/manifests/element-web/Service-element-web-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: element-web-cloudflared + labels: + app.kubernetes.io/instance: element-web + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: element-web-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: element-web +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: element-web + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/element-web/ServiceAccount-element-web-cloudflared.yaml b/clusters/cl01tl/manifests/element-web/ServiceAccount-element-web-cloudflared.yaml new file mode 100644 index 000000000..e2f53f12a --- /dev/null +++ b/clusters/cl01tl/manifests/element-web/ServiceAccount-element-web-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: element-web-cloudflared + labels: + app.kubernetes.io/instance: element-web + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: element-web diff --git a/clusters/cl01tl/manifests/element-web/ServiceMonitor-element-web-cloudflared.yaml b/clusters/cl01tl/manifests/element-web/ServiceMonitor-element-web-cloudflared.yaml new file mode 100644 index 000000000..7b9100480 --- /dev/null +++ b/clusters/cl01tl/manifests/element-web/ServiceMonitor-element-web-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: element-web-cloudflared + labels: + app.kubernetes.io/instance: element-web + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: element-web +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - element-web + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/eraser/Namespace-eraser.yaml b/clusters/cl01tl/manifests/eraser/Namespace-eraser.yaml new file mode 100644 index 000000000..e953b5855 --- /dev/null +++ b/clusters/cl01tl/manifests/eraser/Namespace-eraser.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: eraser + labels: + app.kubernetes.io/name: eraser + app.kubernetes.io/instance: eraser + app.kubernetes.io/part-of: eraser + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram-cloudflared.yaml b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram-cloudflared.yaml index b033a5e99..832a43efe 100644 --- a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram-cloudflared.yaml +++ b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: foldergram spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: foldergram-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml index 69ced1359..0648126d3 100644 --- a/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml +++ b/clusters/cl01tl/manifests/foldergram/Deployment-foldergram.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: foldergram spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: foldergram automountServiceAccountToken: false securityContext: fsGroup: 1000 diff --git a/clusters/cl01tl/manifests/foldergram/ExternalSecret-foldergram-cloudflared-secret.yaml b/clusters/cl01tl/manifests/foldergram/ExternalSecret-foldergram-cloudflared-secret.yaml index 3e44a263c..36e2ae3f1 100644 --- a/clusters/cl01tl/manifests/foldergram/ExternalSecret-foldergram-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/foldergram/ExternalSecret-foldergram-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: foldergram-cloudflared-secret namespace: foldergram labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: foldergram app.kubernetes.io/part-of: foldergram - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: foldergram-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/foldergram/Service-foldergram-cloudflared.yaml b/clusters/cl01tl/manifests/foldergram/Service-foldergram-cloudflared.yaml new file mode 100644 index 000000000..3cc6d3fe0 --- /dev/null +++ b/clusters/cl01tl/manifests/foldergram/Service-foldergram-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: foldergram-cloudflared + labels: + app.kubernetes.io/instance: foldergram + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: foldergram-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: foldergram +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: foldergram + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/foldergram/ServiceAccount-foldergram-cloudflared.yaml b/clusters/cl01tl/manifests/foldergram/ServiceAccount-foldergram-cloudflared.yaml new file mode 100644 index 000000000..b17d17aa5 --- /dev/null +++ b/clusters/cl01tl/manifests/foldergram/ServiceAccount-foldergram-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: foldergram-cloudflared + labels: + app.kubernetes.io/instance: foldergram + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: foldergram diff --git a/clusters/cl01tl/manifests/foldergram/ServiceAccount-foldergram.yaml b/clusters/cl01tl/manifests/foldergram/ServiceAccount-foldergram.yaml new file mode 100644 index 000000000..dc57ea366 --- /dev/null +++ b/clusters/cl01tl/manifests/foldergram/ServiceAccount-foldergram.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: foldergram + labels: + app.kubernetes.io/instance: foldergram + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: foldergram + helm.sh/chart: foldergram-5.0.0 + namespace: foldergram diff --git a/clusters/cl01tl/manifests/foldergram/ServiceMonitor-foldergram-cloudflared.yaml b/clusters/cl01tl/manifests/foldergram/ServiceMonitor-foldergram-cloudflared.yaml new file mode 100644 index 000000000..44cd349e7 --- /dev/null +++ b/clusters/cl01tl/manifests/foldergram/ServiceMonitor-foldergram-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: foldergram-cloudflared + labels: + app.kubernetes.io/instance: foldergram + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: foldergram +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - foldergram + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/freshrss/Deployment-freshrss-cloudflared.yaml b/clusters/cl01tl/manifests/freshrss/Deployment-freshrss-cloudflared.yaml index e6458af57..4422a6812 100644 --- a/clusters/cl01tl/manifests/freshrss/Deployment-freshrss-cloudflared.yaml +++ b/clusters/cl01tl/manifests/freshrss/Deployment-freshrss-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: freshrss spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: freshrss-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml b/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml index 55a2aaf21..ef03086a4 100644 --- a/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml +++ b/clusters/cl01tl/manifests/freshrss/Deployment-freshrss.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: freshrss spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: freshrss automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-cloudflared-secret.yaml b/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-cloudflared-secret.yaml index 32afa07ee..1b02287bc 100644 --- a/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/freshrss/ExternalSecret-freshrss-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: freshrss-cloudflared-secret namespace: freshrss labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: freshrss app.kubernetes.io/part-of: freshrss - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: freshrss-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/freshrss/Service-freshrss-cloudflared.yaml b/clusters/cl01tl/manifests/freshrss/Service-freshrss-cloudflared.yaml new file mode 100644 index 000000000..6ff187be0 --- /dev/null +++ b/clusters/cl01tl/manifests/freshrss/Service-freshrss-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: freshrss-cloudflared + labels: + app.kubernetes.io/instance: freshrss + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: freshrss-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: freshrss +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: freshrss + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/freshrss/ServiceAccount-freshrss-cloudflared.yaml b/clusters/cl01tl/manifests/freshrss/ServiceAccount-freshrss-cloudflared.yaml new file mode 100644 index 000000000..17ceb68be --- /dev/null +++ b/clusters/cl01tl/manifests/freshrss/ServiceAccount-freshrss-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: freshrss-cloudflared + labels: + app.kubernetes.io/instance: freshrss + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: freshrss diff --git a/clusters/cl01tl/manifests/freshrss/ServiceAccount-freshrss.yaml b/clusters/cl01tl/manifests/freshrss/ServiceAccount-freshrss.yaml new file mode 100644 index 000000000..5015344f0 --- /dev/null +++ b/clusters/cl01tl/manifests/freshrss/ServiceAccount-freshrss.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: freshrss + labels: + app.kubernetes.io/instance: freshrss + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: freshrss + helm.sh/chart: freshrss-5.0.0 + namespace: freshrss diff --git a/clusters/cl01tl/manifests/freshrss/ServiceMonitor-freshrss-cloudflared.yaml b/clusters/cl01tl/manifests/freshrss/ServiceMonitor-freshrss-cloudflared.yaml new file mode 100644 index 000000000..a6d950902 --- /dev/null +++ b/clusters/cl01tl/manifests/freshrss/ServiceMonitor-freshrss-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: freshrss-cloudflared + labels: + app.kubernetes.io/instance: freshrss + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: freshrss +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - freshrss + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/gitea/Deployment-gitea-cloudflared.yaml b/clusters/cl01tl/manifests/gitea/Deployment-gitea-cloudflared.yaml index e007dacd0..2f640f42b 100644 --- a/clusters/cl01tl/manifests/gitea/Deployment-gitea-cloudflared.yaml +++ b/clusters/cl01tl/manifests/gitea/Deployment-gitea-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 namespace: gitea spec: revisionHistoryLimit: 3 @@ -28,7 +28,7 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: gitea + serviceAccountName: gitea-cloudflared automountServiceAccountToken: false hostIPC: false hostNetwork: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-cloudflared-secret.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-cloudflared-secret.yaml index 7e6b26e50..9ddf0569a 100644 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: gitea-cloudflared-secret namespace: gitea labels: - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: gitea app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "2.7.1" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: gitea-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-cloudflared.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-cloudflared.yaml new file mode 100644 index 000000000..dc1535207 --- /dev/null +++ b/clusters/cl01tl/manifests/gitea/Service-gitea-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitea-cloudflared + labels: + app.kubernetes.io/instance: gitea + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: gitea-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: gitea +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: gitea + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-cloudflared.yaml b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-cloudflared.yaml index ccd9067ab..46ff46a56 100644 --- a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-cloudflared.yaml +++ b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-cloudflared.yaml @@ -7,5 +7,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 namespace: gitea diff --git a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-cloudflared.yaml b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-cloudflared.yaml new file mode 100644 index 000000000..be5e61e19 --- /dev/null +++ b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: gitea-cloudflared + labels: + app.kubernetes.io/instance: gitea + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: gitea +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - gitea + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-external-rclone.yaml b/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-external-rclone.yaml index e97ed8a95..2b1e112a7 100644 --- a/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-external-rclone.yaml +++ b/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-external-rclone.yaml @@ -30,7 +30,7 @@ spec: app.kubernetes.io/name: karakeep-assets-external-rclone spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: karakeep automountServiceAccountToken: true hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-rclone.yaml b/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-rclone.yaml index a35870137..475e792c6 100644 --- a/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-rclone.yaml +++ b/clusters/cl01tl/manifests/karakeep/CronJob-karakeep-karakeep-assets-rclone.yaml @@ -30,7 +30,7 @@ spec: app.kubernetes.io/name: karakeep-assets-rclone spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: karakeep automountServiceAccountToken: true hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/karakeep/Deployment-karakeep-cloudflared.yaml b/clusters/cl01tl/manifests/karakeep/Deployment-karakeep-cloudflared.yaml index 98ed6c169..59a89652a 100644 --- a/clusters/cl01tl/manifests/karakeep/Deployment-karakeep-cloudflared.yaml +++ b/clusters/cl01tl/manifests/karakeep/Deployment-karakeep-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: karakeep spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: karakeep-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/karakeep/Deployment-karakeep.yaml b/clusters/cl01tl/manifests/karakeep/Deployment-karakeep.yaml index 41b6ee78b..e8f525e06 100644 --- a/clusters/cl01tl/manifests/karakeep/Deployment-karakeep.yaml +++ b/clusters/cl01tl/manifests/karakeep/Deployment-karakeep.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: karakeep spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: karakeep automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-cloudflared-secret.yaml b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-cloudflared-secret.yaml index 4c08b7c21..fbb9583cb 100644 --- a/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/karakeep/ExternalSecret-karakeep-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: karakeep-cloudflared-secret namespace: karakeep labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: karakeep app.kubernetes.io/part-of: karakeep - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: karakeep-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/karakeep/Service-karakeep-cloudflared.yaml b/clusters/cl01tl/manifests/karakeep/Service-karakeep-cloudflared.yaml new file mode 100644 index 000000000..12b6dfd06 --- /dev/null +++ b/clusters/cl01tl/manifests/karakeep/Service-karakeep-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: karakeep-cloudflared + labels: + app.kubernetes.io/instance: karakeep + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: karakeep-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: karakeep +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: karakeep + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-cloudflared.yaml b/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-cloudflared.yaml new file mode 100644 index 000000000..c73070ca7 --- /dev/null +++ b/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karakeep-cloudflared + labels: + app.kubernetes.io/instance: karakeep + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: karakeep diff --git a/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-karakeep-assets-external-rclone.yaml b/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-karakeep-assets-external-rclone.yaml new file mode 100644 index 000000000..650f9f785 --- /dev/null +++ b/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-karakeep-assets-external-rclone.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karakeep-karakeep-assets-external-rclone + labels: + app.kubernetes.io/instance: karakeep + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: karakeep-assets-external-rclone + app.kubernetes.io/version: v1.74.0 + helm.sh/chart: rclone-karakeep-assets-external-0.7.0 + namespace: karakeep diff --git a/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-karakeep-assets-rclone.yaml b/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-karakeep-assets-rclone.yaml new file mode 100644 index 000000000..dec95f5d2 --- /dev/null +++ b/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep-karakeep-assets-rclone.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karakeep-karakeep-assets-rclone + labels: + app.kubernetes.io/instance: karakeep + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: karakeep-assets-rclone + app.kubernetes.io/version: v1.74.0 + helm.sh/chart: rclone-karakeep-assets-remote-0.7.0 + namespace: karakeep diff --git a/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep.yaml b/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep.yaml new file mode 100644 index 000000000..1883030ad --- /dev/null +++ b/clusters/cl01tl/manifests/karakeep/ServiceAccount-karakeep.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karakeep + labels: + app.kubernetes.io/instance: karakeep + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: karakeep + helm.sh/chart: karakeep-5.0.0 + namespace: karakeep diff --git a/clusters/cl01tl/manifests/karakeep/ServiceMonitor-karakeep-cloudflared.yaml b/clusters/cl01tl/manifests/karakeep/ServiceMonitor-karakeep-cloudflared.yaml new file mode 100644 index 000000000..e975faf34 --- /dev/null +++ b/clusters/cl01tl/manifests/karakeep/ServiceMonitor-karakeep-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: karakeep-cloudflared + labels: + app.kubernetes.io/instance: karakeep + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: karakeep +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - karakeep + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/karakeep/ServiceMonitor-karakeep.yaml b/clusters/cl01tl/manifests/karakeep/ServiceMonitor-karakeep.yaml index 41e99cabf..e459fab80 100644 --- a/clusters/cl01tl/manifests/karakeep/ServiceMonitor-karakeep.yaml +++ b/clusters/cl01tl/manifests/karakeep/ServiceMonitor-karakeep.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: karakeep-5.0.0 namespace: karakeep spec: - jobLabel: karakeep + jobLabel: app.kubernetes.io/name namespaceSelector: matchNames: - karakeep diff --git a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse-hookshot-cloudflared.yaml b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse-hookshot-cloudflared.yaml index 35dee7113..6cdf50447 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse-hookshot-cloudflared.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse-hookshot-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: hookshot-cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-hookshot-2.7.1 + helm.sh/chart: cloudflared-hookshot-3.2.0 namespace: matrix-synapse spec: revisionHistoryLimit: 3 @@ -28,7 +28,7 @@ spec: app.kubernetes.io/name: hookshot-cloudflared spec: enableServiceLinks: false - serviceAccountName: matrix-synapse + serviceAccountName: matrix-synapse-hookshot-cloudflared automountServiceAccountToken: false hostIPC: false hostNetwork: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse-synapse-cloudflared.yaml b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse-synapse-cloudflared.yaml index 221559db0..3d1b26c00 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse-synapse-cloudflared.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-synapse-synapse-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: synapse-cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-synapse-2.7.1 + helm.sh/chart: cloudflared-synapse-3.2.0 namespace: matrix-synapse spec: revisionHistoryLimit: 3 @@ -28,7 +28,7 @@ spec: app.kubernetes.io/name: synapse-cloudflared spec: enableServiceLinks: false - serviceAccountName: matrix-synapse + serviceAccountName: matrix-synapse-synapse-cloudflared automountServiceAccountToken: false hostIPC: false hostNetwork: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-matrix-synapse-hookshot-cloudflared-secret.yaml b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-matrix-synapse-hookshot-cloudflared-secret.yaml index 8f753322b..10d073d09 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-matrix-synapse-hookshot-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-matrix-synapse-hookshot-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: matrix-synapse-hookshot-cloudflared-secret namespace: matrix-synapse labels: - helm.sh/chart: cloudflared-hookshot-2.7.1 + helm.sh/chart: cloudflared-hookshot-3.2.0 app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/part-of: matrix-synapse - app.kubernetes.io/version: "2.7.1" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse-hookshot-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-matrix-synapse-synapse-cloudflared-secret.yaml b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-matrix-synapse-synapse-cloudflared-secret.yaml index e14894b5b..244bd76d9 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-matrix-synapse-synapse-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ExternalSecret-matrix-synapse-synapse-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: matrix-synapse-synapse-cloudflared-secret namespace: matrix-synapse labels: - helm.sh/chart: cloudflared-synapse-2.7.1 + helm.sh/chart: cloudflared-synapse-3.2.0 app.kubernetes.io/instance: matrix-synapse app.kubernetes.io/part-of: matrix-synapse - app.kubernetes.io/version: "2.7.1" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: matrix-synapse-synapse-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-hookshot-cloudflared.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-hookshot-cloudflared.yaml new file mode 100644 index 000000000..a03d9aab4 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-hookshot-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: matrix-synapse-hookshot-cloudflared + labels: + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hookshot-cloudflared + app.kubernetes.io/service: matrix-synapse-hookshot-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-hookshot-3.2.0 + namespace: matrix-synapse +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/name: hookshot-cloudflared diff --git a/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-synapse-cloudflared.yaml b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-synapse-cloudflared.yaml new file mode 100644 index 000000000..4b9782d87 --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/Service-matrix-synapse-synapse-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: matrix-synapse-synapse-cloudflared + labels: + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: synapse-cloudflared + app.kubernetes.io/service: matrix-synapse-synapse-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-synapse-3.2.0 + namespace: matrix-synapse +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/name: synapse-cloudflared diff --git a/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-hookshot-cloudflared.yaml b/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-hookshot-cloudflared.yaml index 942bbe57e..a60dba8e4 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-hookshot-cloudflared.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-hookshot-cloudflared.yaml @@ -7,5 +7,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: hookshot-cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-hookshot-2.7.1 + helm.sh/chart: cloudflared-hookshot-3.2.0 namespace: matrix-synapse diff --git a/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-synapse-cloudflared.yaml b/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-synapse-cloudflared.yaml index 12256cda7..cc5266c08 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-synapse-cloudflared.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/ServiceAccount-matrix-synapse-synapse-cloudflared.yaml @@ -7,5 +7,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: synapse-cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-synapse-2.7.1 + helm.sh/chart: cloudflared-synapse-3.2.0 namespace: matrix-synapse diff --git a/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-hookshot-cloudflared.yaml b/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-hookshot-cloudflared.yaml new file mode 100644 index 000000000..2575f2fce --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-hookshot-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: matrix-synapse-hookshot-cloudflared + labels: + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hookshot-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-hookshot-3.2.0 + namespace: matrix-synapse +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - matrix-synapse + selector: + matchLabels: + app.kubernetes.io/instance: hookshot-cloudflared + app.kubernetes.io/name: hookshot-cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-synapse-cloudflared.yaml b/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-synapse-cloudflared.yaml new file mode 100644 index 000000000..24e37dd8d --- /dev/null +++ b/clusters/cl01tl/manifests/matrix-synapse/ServiceMonitor-matrix-synapse-synapse-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: matrix-synapse-synapse-cloudflared + labels: + app.kubernetes.io/instance: matrix-synapse + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: synapse-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-synapse-3.2.0 + namespace: matrix-synapse +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - matrix-synapse + selector: + matchLabels: + app.kubernetes.io/instance: synapse-cloudflared + app.kubernetes.io/name: synapse-cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/outline/Deployment-outline-cloudflared.yaml b/clusters/cl01tl/manifests/outline/Deployment-outline-cloudflared.yaml index 047d03606..3956c574c 100644 --- a/clusters/cl01tl/manifests/outline/Deployment-outline-cloudflared.yaml +++ b/clusters/cl01tl/manifests/outline/Deployment-outline-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 namespace: outline spec: revisionHistoryLimit: 3 @@ -28,7 +28,7 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: outline + serviceAccountName: outline-cloudflared automountServiceAccountToken: false hostIPC: false hostNetwork: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/outline/ExternalSecret-outline-cloudflared-secret.yaml b/clusters/cl01tl/manifests/outline/ExternalSecret-outline-cloudflared-secret.yaml index f47054b54..a4eeb7f67 100644 --- a/clusters/cl01tl/manifests/outline/ExternalSecret-outline-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/outline/ExternalSecret-outline-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: outline-cloudflared-secret namespace: outline labels: - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: outline app.kubernetes.io/part-of: outline - app.kubernetes.io/version: "2.7.1" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: outline-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/outline/Service-outline-cloudflared.yaml b/clusters/cl01tl/manifests/outline/Service-outline-cloudflared.yaml new file mode 100644 index 000000000..8b96429fa --- /dev/null +++ b/clusters/cl01tl/manifests/outline/Service-outline-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: outline-cloudflared + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: outline-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: outline +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: outline + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/outline/ServiceAccount-outline-cloudflared.yaml b/clusters/cl01tl/manifests/outline/ServiceAccount-outline-cloudflared.yaml index c5eb02f43..905eb7f0b 100644 --- a/clusters/cl01tl/manifests/outline/ServiceAccount-outline-cloudflared.yaml +++ b/clusters/cl01tl/manifests/outline/ServiceAccount-outline-cloudflared.yaml @@ -7,5 +7,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 namespace: outline diff --git a/clusters/cl01tl/manifests/outline/ServiceMonitor-outline-cloudflared.yaml b/clusters/cl01tl/manifests/outline/ServiceMonitor-outline-cloudflared.yaml new file mode 100644 index 000000000..a9872f64e --- /dev/null +++ b/clusters/cl01tl/manifests/outline/ServiceMonitor-outline-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: outline-cloudflared + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: outline +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - outline + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/postiz/Deployment-postiz-cloudflared.yaml b/clusters/cl01tl/manifests/postiz/Deployment-postiz-cloudflared.yaml index 94d94957d..e9464a9e7 100644 --- a/clusters/cl01tl/manifests/postiz/Deployment-postiz-cloudflared.yaml +++ b/clusters/cl01tl/manifests/postiz/Deployment-postiz-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 namespace: postiz spec: revisionHistoryLimit: 3 @@ -28,7 +28,7 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: postiz + serviceAccountName: postiz-cloudflared automountServiceAccountToken: false hostIPC: false hostNetwork: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-cloudflared-secret.yaml b/clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-cloudflared-secret.yaml index 648552e96..3d9425e54 100644 --- a/clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/postiz/ExternalSecret-postiz-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: postiz-cloudflared-secret namespace: postiz labels: - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: postiz app.kubernetes.io/part-of: postiz - app.kubernetes.io/version: "2.7.1" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postiz-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/postiz/Service-postiz-cloudflared.yaml b/clusters/cl01tl/manifests/postiz/Service-postiz-cloudflared.yaml new file mode 100644 index 000000000..80ac5dfb9 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/Service-postiz-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: postiz-cloudflared + labels: + app.kubernetes.io/instance: postiz + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: postiz-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: postiz +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: postiz + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-cloudflared.yaml b/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-cloudflared.yaml index d67610346..14dcd9a65 100644 --- a/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-cloudflared.yaml +++ b/clusters/cl01tl/manifests/postiz/ServiceAccount-postiz-cloudflared.yaml @@ -7,5 +7,5 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.7.1 + helm.sh/chart: cloudflared-3.2.0 namespace: postiz diff --git a/clusters/cl01tl/manifests/postiz/ServiceMonitor-postiz-cloudflared.yaml b/clusters/cl01tl/manifests/postiz/ServiceMonitor-postiz-cloudflared.yaml new file mode 100644 index 000000000..2ea140a32 --- /dev/null +++ b/clusters/cl01tl/manifests/postiz/ServiceMonitor-postiz-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: postiz-cloudflared + labels: + app.kubernetes.io/instance: postiz + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: postiz +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - postiz + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-backend.yaml b/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-backend.yaml index f105c95bd..abc959638 100644 --- a/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-backend.yaml +++ b/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-backend.yaml @@ -29,7 +29,7 @@ spec: app.kubernetes.io/name: rybbit spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: rybbit automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-clickhouse.yaml b/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-clickhouse.yaml index 71d59e00e..d823016a7 100644 --- a/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-clickhouse.yaml +++ b/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-clickhouse.yaml @@ -29,7 +29,7 @@ spec: app.kubernetes.io/name: rybbit spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: rybbit automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-client.yaml b/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-client.yaml index a6266a237..a458128b8 100644 --- a/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-client.yaml +++ b/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-client.yaml @@ -29,7 +29,7 @@ spec: app.kubernetes.io/name: rybbit spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: rybbit automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-cloudflared.yaml b/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-cloudflared.yaml index e19ba7691..5636de181 100644 --- a/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-cloudflared.yaml +++ b/clusters/cl01tl/manifests/rybbit/Deployment-rybbit-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: rybbit spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: rybbit-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/rybbit/ExternalSecret-rybbit-cloudflared-secret.yaml b/clusters/cl01tl/manifests/rybbit/ExternalSecret-rybbit-cloudflared-secret.yaml index d4bf7547d..3e48efb35 100644 --- a/clusters/cl01tl/manifests/rybbit/ExternalSecret-rybbit-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/rybbit/ExternalSecret-rybbit-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: rybbit-cloudflared-secret namespace: rybbit labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: rybbit app.kubernetes.io/part-of: rybbit - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: rybbit-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/rybbit/Service-rybbit-cloudflared.yaml b/clusters/cl01tl/manifests/rybbit/Service-rybbit-cloudflared.yaml new file mode 100644 index 000000000..a973c84f3 --- /dev/null +++ b/clusters/cl01tl/manifests/rybbit/Service-rybbit-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: rybbit-cloudflared + labels: + app.kubernetes.io/instance: rybbit + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: rybbit-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: rybbit +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: rybbit + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/rybbit/ServiceAccount-rybbit-cloudflared.yaml b/clusters/cl01tl/manifests/rybbit/ServiceAccount-rybbit-cloudflared.yaml new file mode 100644 index 000000000..e93f8408f --- /dev/null +++ b/clusters/cl01tl/manifests/rybbit/ServiceAccount-rybbit-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rybbit-cloudflared + labels: + app.kubernetes.io/instance: rybbit + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: rybbit diff --git a/clusters/cl01tl/manifests/rybbit/ServiceAccount-rybbit.yaml b/clusters/cl01tl/manifests/rybbit/ServiceAccount-rybbit.yaml new file mode 100644 index 000000000..7a1a2650f --- /dev/null +++ b/clusters/cl01tl/manifests/rybbit/ServiceAccount-rybbit.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rybbit + labels: + app.kubernetes.io/instance: rybbit + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rybbit + helm.sh/chart: rybbit-5.0.0 + namespace: rybbit diff --git a/clusters/cl01tl/manifests/rybbit/ServiceMonitor-rybbit-cloudflared.yaml b/clusters/cl01tl/manifests/rybbit/ServiceMonitor-rybbit-cloudflared.yaml new file mode 100644 index 000000000..999ced4cb --- /dev/null +++ b/clusters/cl01tl/manifests/rybbit/ServiceMonitor-rybbit-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: rybbit-cloudflared + labels: + app.kubernetes.io/instance: rybbit + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: rybbit +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - rybbit + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/rybbit/ServiceMonitor-rybbit.yaml b/clusters/cl01tl/manifests/rybbit/ServiceMonitor-rybbit.yaml index 9a08e9cef..e43bdb17b 100644 --- a/clusters/cl01tl/manifests/rybbit/ServiceMonitor-rybbit.yaml +++ b/clusters/cl01tl/manifests/rybbit/ServiceMonitor-rybbit.yaml @@ -9,7 +9,7 @@ metadata: helm.sh/chart: rybbit-5.0.0 namespace: rybbit spec: - jobLabel: rybbit + jobLabel: app.kubernetes.io/name namespaceSelector: matchNames: - rybbit diff --git a/clusters/cl01tl/manifests/site-documentation/Deployment-site-documentation-cloudflared.yaml b/clusters/cl01tl/manifests/site-documentation/Deployment-site-documentation-cloudflared.yaml index 69a6404e4..78f6de09b 100644 --- a/clusters/cl01tl/manifests/site-documentation/Deployment-site-documentation-cloudflared.yaml +++ b/clusters/cl01tl/manifests/site-documentation/Deployment-site-documentation-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: site-documentation spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: site-documentation-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/site-documentation/Deployment-site-documentation.yaml b/clusters/cl01tl/manifests/site-documentation/Deployment-site-documentation.yaml index db7e76934..d519c45d6 100644 --- a/clusters/cl01tl/manifests/site-documentation/Deployment-site-documentation.yaml +++ b/clusters/cl01tl/manifests/site-documentation/Deployment-site-documentation.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: site-documentation spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: site-documentation automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/site-documentation/ExternalSecret-site-documentation-cloudflared-secret.yaml b/clusters/cl01tl/manifests/site-documentation/ExternalSecret-site-documentation-cloudflared-secret.yaml index b46ab4f90..4e53028d0 100644 --- a/clusters/cl01tl/manifests/site-documentation/ExternalSecret-site-documentation-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/site-documentation/ExternalSecret-site-documentation-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: site-documentation-cloudflared-secret namespace: site-documentation labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: site-documentation app.kubernetes.io/part-of: site-documentation - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: site-documentation-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/site-documentation/Service-site-documentation-cloudflared.yaml b/clusters/cl01tl/manifests/site-documentation/Service-site-documentation-cloudflared.yaml new file mode 100644 index 000000000..b6a6ff639 --- /dev/null +++ b/clusters/cl01tl/manifests/site-documentation/Service-site-documentation-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: site-documentation-cloudflared + labels: + app.kubernetes.io/instance: site-documentation + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: site-documentation-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-documentation +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: site-documentation + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/site-documentation/ServiceAccount-site-documentation-cloudflared.yaml b/clusters/cl01tl/manifests/site-documentation/ServiceAccount-site-documentation-cloudflared.yaml new file mode 100644 index 000000000..6cb716c10 --- /dev/null +++ b/clusters/cl01tl/manifests/site-documentation/ServiceAccount-site-documentation-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: site-documentation-cloudflared + labels: + app.kubernetes.io/instance: site-documentation + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-documentation diff --git a/clusters/cl01tl/manifests/site-documentation/ServiceAccount-site-documentation.yaml b/clusters/cl01tl/manifests/site-documentation/ServiceAccount-site-documentation.yaml new file mode 100644 index 000000000..941dd40d8 --- /dev/null +++ b/clusters/cl01tl/manifests/site-documentation/ServiceAccount-site-documentation.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: site-documentation + labels: + app.kubernetes.io/instance: site-documentation + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: site-documentation + helm.sh/chart: site-documentation-5.0.0 + namespace: site-documentation diff --git a/clusters/cl01tl/manifests/site-documentation/ServiceMonitor-site-documentation-cloudflared.yaml b/clusters/cl01tl/manifests/site-documentation/ServiceMonitor-site-documentation-cloudflared.yaml new file mode 100644 index 000000000..6a02b2957 --- /dev/null +++ b/clusters/cl01tl/manifests/site-documentation/ServiceMonitor-site-documentation-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: site-documentation-cloudflared + labels: + app.kubernetes.io/instance: site-documentation + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-documentation +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - site-documentation + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/site-profile/Deployment-site-profile-cloudflared.yaml b/clusters/cl01tl/manifests/site-profile/Deployment-site-profile-cloudflared.yaml index f9b49509b..1509e3606 100644 --- a/clusters/cl01tl/manifests/site-profile/Deployment-site-profile-cloudflared.yaml +++ b/clusters/cl01tl/manifests/site-profile/Deployment-site-profile-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: site-profile spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: site-profile-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/site-profile/Deployment-site-profile.yaml b/clusters/cl01tl/manifests/site-profile/Deployment-site-profile.yaml index fd889515e..f72124200 100644 --- a/clusters/cl01tl/manifests/site-profile/Deployment-site-profile.yaml +++ b/clusters/cl01tl/manifests/site-profile/Deployment-site-profile.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: site-profile spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: site-profile automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/site-profile/ExternalSecret-site-profile-cloudflared-secret.yaml b/clusters/cl01tl/manifests/site-profile/ExternalSecret-site-profile-cloudflared-secret.yaml index 5609cad95..29097724b 100644 --- a/clusters/cl01tl/manifests/site-profile/ExternalSecret-site-profile-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/site-profile/ExternalSecret-site-profile-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: site-profile-cloudflared-secret namespace: site-profile labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: site-profile app.kubernetes.io/part-of: site-profile - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: site-profile-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/site-profile/Service-site-profile-cloudflared.yaml b/clusters/cl01tl/manifests/site-profile/Service-site-profile-cloudflared.yaml new file mode 100644 index 000000000..250dec8d8 --- /dev/null +++ b/clusters/cl01tl/manifests/site-profile/Service-site-profile-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: site-profile-cloudflared + labels: + app.kubernetes.io/instance: site-profile + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: site-profile-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-profile +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: site-profile + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/site-profile/ServiceAccount-site-profile-cloudflared.yaml b/clusters/cl01tl/manifests/site-profile/ServiceAccount-site-profile-cloudflared.yaml new file mode 100644 index 000000000..632595890 --- /dev/null +++ b/clusters/cl01tl/manifests/site-profile/ServiceAccount-site-profile-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: site-profile-cloudflared + labels: + app.kubernetes.io/instance: site-profile + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-profile diff --git a/clusters/cl01tl/manifests/site-profile/ServiceAccount-site-profile.yaml b/clusters/cl01tl/manifests/site-profile/ServiceAccount-site-profile.yaml new file mode 100644 index 000000000..375ea6d27 --- /dev/null +++ b/clusters/cl01tl/manifests/site-profile/ServiceAccount-site-profile.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: site-profile + labels: + app.kubernetes.io/instance: site-profile + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: site-profile + helm.sh/chart: site-profile-5.0.0 + namespace: site-profile diff --git a/clusters/cl01tl/manifests/site-profile/ServiceMonitor-site-profile-cloudflared.yaml b/clusters/cl01tl/manifests/site-profile/ServiceMonitor-site-profile-cloudflared.yaml new file mode 100644 index 000000000..cc9506467 --- /dev/null +++ b/clusters/cl01tl/manifests/site-profile/ServiceMonitor-site-profile-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: site-profile-cloudflared + labels: + app.kubernetes.io/instance: site-profile + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-profile +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - site-profile + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/site-saralebens/Deployment-site-saralebens-cloudflared.yaml b/clusters/cl01tl/manifests/site-saralebens/Deployment-site-saralebens-cloudflared.yaml index 64eb7edcc..d3dc09928 100644 --- a/clusters/cl01tl/manifests/site-saralebens/Deployment-site-saralebens-cloudflared.yaml +++ b/clusters/cl01tl/manifests/site-saralebens/Deployment-site-saralebens-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: site-saralebens spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: site-saralebens-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/site-saralebens/Deployment-site-saralebens.yaml b/clusters/cl01tl/manifests/site-saralebens/Deployment-site-saralebens.yaml index 5dc6b430d..9693eba3b 100644 --- a/clusters/cl01tl/manifests/site-saralebens/Deployment-site-saralebens.yaml +++ b/clusters/cl01tl/manifests/site-saralebens/Deployment-site-saralebens.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: site-saralebens spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: site-saralebens automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/site-saralebens/ExternalSecret-site-saralebens-cloudflared-secret.yaml b/clusters/cl01tl/manifests/site-saralebens/ExternalSecret-site-saralebens-cloudflared-secret.yaml index 57ae28b72..495597163 100644 --- a/clusters/cl01tl/manifests/site-saralebens/ExternalSecret-site-saralebens-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/site-saralebens/ExternalSecret-site-saralebens-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: site-saralebens-cloudflared-secret namespace: site-saralebens labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: site-saralebens app.kubernetes.io/part-of: site-saralebens - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: site-saralebens-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/site-saralebens/Service-site-saralebens-cloudflared.yaml b/clusters/cl01tl/manifests/site-saralebens/Service-site-saralebens-cloudflared.yaml new file mode 100644 index 000000000..7feb2aa50 --- /dev/null +++ b/clusters/cl01tl/manifests/site-saralebens/Service-site-saralebens-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: site-saralebens-cloudflared + labels: + app.kubernetes.io/instance: site-saralebens + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: site-saralebens-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-saralebens +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: site-saralebens + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/site-saralebens/ServiceAccount-site-saralebens-cloudflared.yaml b/clusters/cl01tl/manifests/site-saralebens/ServiceAccount-site-saralebens-cloudflared.yaml new file mode 100644 index 000000000..9baff6c0d --- /dev/null +++ b/clusters/cl01tl/manifests/site-saralebens/ServiceAccount-site-saralebens-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: site-saralebens-cloudflared + labels: + app.kubernetes.io/instance: site-saralebens + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-saralebens diff --git a/clusters/cl01tl/manifests/site-saralebens/ServiceAccount-site-saralebens.yaml b/clusters/cl01tl/manifests/site-saralebens/ServiceAccount-site-saralebens.yaml new file mode 100644 index 000000000..970f0340b --- /dev/null +++ b/clusters/cl01tl/manifests/site-saralebens/ServiceAccount-site-saralebens.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: site-saralebens + labels: + app.kubernetes.io/instance: site-saralebens + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: site-saralebens + helm.sh/chart: site-saralebens-5.0.0 + namespace: site-saralebens diff --git a/clusters/cl01tl/manifests/site-saralebens/ServiceMonitor-site-saralebens-cloudflared.yaml b/clusters/cl01tl/manifests/site-saralebens/ServiceMonitor-site-saralebens-cloudflared.yaml new file mode 100644 index 000000000..14ba879fa --- /dev/null +++ b/clusters/cl01tl/manifests/site-saralebens/ServiceMonitor-site-saralebens-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: site-saralebens-cloudflared + labels: + app.kubernetes.io/instance: site-saralebens + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: site-saralebens +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - site-saralebens + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden-cloudflared.yaml b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden-cloudflared.yaml index fbac1e3fb..9134ea385 100644 --- a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden-cloudflared.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden-cloudflared.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cloudflared app.kubernetes.io/version: 2026.3.0 - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 namespace: vaultwarden spec: revisionHistoryLimit: 3 @@ -28,8 +28,8 @@ spec: app.kubernetes.io/name: cloudflared spec: enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true + serviceAccountName: vaultwarden-cloudflared + automountServiceAccountToken: false hostIPC: false hostNetwork: false hostPID: false @@ -38,8 +38,9 @@ spec: - args: - tunnel - --protocol - - http2 + - auto - --no-autoupdate + - --metrics 0.0.0.0:20241 - run - --token - $(CF_MANAGED_TUNNEL_TOKEN) diff --git a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml index d294f3227..e731f5d8b 100644 --- a/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/Deployment-vaultwarden.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: vaultwarden spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: vaultwarden automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-cloudflared-secret.yaml b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-cloudflared-secret.yaml index 8e3d67ee3..6cca6f7e6 100644 --- a/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-cloudflared-secret.yaml +++ b/clusters/cl01tl/manifests/vaultwarden/ExternalSecret-vaultwarden-cloudflared-secret.yaml @@ -4,10 +4,10 @@ metadata: name: vaultwarden-cloudflared-secret namespace: vaultwarden labels: - helm.sh/chart: cloudflared-2.6.0 + helm.sh/chart: cloudflared-3.2.0 app.kubernetes.io/instance: vaultwarden app.kubernetes.io/part-of: vaultwarden - app.kubernetes.io/version: "2.6.0" + app.kubernetes.io/version: "3.2.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vaultwarden-cloudflared-secret spec: diff --git a/clusters/cl01tl/manifests/vaultwarden/Service-vaultwarden-cloudflared.yaml b/clusters/cl01tl/manifests/vaultwarden/Service-vaultwarden-cloudflared.yaml new file mode 100644 index 000000000..fbeb84c75 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/Service-vaultwarden-cloudflared.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden-cloudflared + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/service: vaultwarden-cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: vaultwarden +spec: + type: ClusterIP + ports: + - port: 20241 + targetPort: 20241 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/vaultwarden/ServiceAccount-vaultwarden-cloudflared.yaml b/clusters/cl01tl/manifests/vaultwarden/ServiceAccount-vaultwarden-cloudflared.yaml new file mode 100644 index 000000000..2426c8c13 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ServiceAccount-vaultwarden-cloudflared.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vaultwarden-cloudflared + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: vaultwarden diff --git a/clusters/cl01tl/manifests/vaultwarden/ServiceAccount-vaultwarden.yaml b/clusters/cl01tl/manifests/vaultwarden/ServiceAccount-vaultwarden.yaml new file mode 100644 index 000000000..8b8897c6c --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ServiceAccount-vaultwarden.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vaultwarden + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + helm.sh/chart: vaultwarden-5.0.0 + namespace: vaultwarden diff --git a/clusters/cl01tl/manifests/vaultwarden/ServiceMonitor-vaultwarden-cloudflared.yaml b/clusters/cl01tl/manifests/vaultwarden/ServiceMonitor-vaultwarden-cloudflared.yaml new file mode 100644 index 000000000..9fa46e669 --- /dev/null +++ b/clusters/cl01tl/manifests/vaultwarden/ServiceMonitor-vaultwarden-cloudflared.yaml @@ -0,0 +1,25 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: vaultwarden-cloudflared + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cloudflared + app.kubernetes.io/version: 2026.3.0 + helm.sh/chart: cloudflared-3.2.0 + namespace: vaultwarden +spec: + jobLabel: app.kubernetes.io/name + namespaceSelector: + matchNames: + - vaultwarden + selector: + matchLabels: + app.kubernetes.io/instance: cloudflared + app.kubernetes.io/name: cloudflared + endpoints: + - interval: 30s + path: /metrics + port: metrics + scrapeTimeout: 10s