Automated Manifest Update (#2886)

This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

Reviewed-on: #2886
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>

clusters/cl01tl/manifests/authentik/RedisReplication-redis-replication-authentik.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: authentik
     app.kubernetes.io/part-of: authentik
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml

@@ -122,7 +122,6 @@ data:
         lidatube                        IN      CNAME   traefik-cl01tl
         listenarr                       IN      CNAME   traefik-cl01tl
         mail                            IN      CNAME   traefik-cl01tl
-        n8n                             IN      CNAME   traefik-cl01tl
         navidrome                       IN      CNAME   traefik-cl01tl
         ntfy                            IN      CNAME   traefik-cl01tl
         objects                         IN      CNAME   traefik-cl01tl

clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml

@@ -22,7 +22,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/configMaps: 7fc49c433a568728ef1931ffe08ebcf917f00194e90f8b8254618f2d03e4db71
+        checksum/configMaps: 9a3603c737b118606d688be17dbdafaac878cfb4e20fc072a65f466620352f23
       labels:
         app.kubernetes.io/controller: main
         app.kubernetes.io/instance: blocky

clusters/cl01tl/manifests/blocky/RedisReplication-redis-replication-blocky.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: blocky
     app.kubernetes.io/part-of: blocky
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml

@@ -69,6 +69,10 @@ rules:
       - get
       - list
       - watch
+      - create
+      - update
+      - delete
+      - patch
   - apiGroups:
       - cilium.io
     resources:
@@ -216,3 +220,57 @@ rules:
       - create
       - get
       - update
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses
+      - gateways
+      - tlsroutes
+      - httproutes
+      - grpcroutes
+      - referencegrants
+      - referencepolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses
+    verbs:
+      - patch
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses/status
+      - gateways/status
+      - httproutes/status
+      - grpcroutes/status
+      - tlsroutes/status
+    verbs:
+      - update
+      - patch
+  - apiGroups:
+      - cilium.io
+    resources:
+      - ciliumgatewayclassconfigs
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cilium.io
+    resources:
+      - ciliumgatewayclassconfigs/status
+    verbs:
+      - update
+      - patch
+  - apiGroups:
+      - multicluster.x-k8s.io
+    resources:
+      - serviceimports
+    verbs:
+      - get
+      - list
+      - watch

clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml

@@ -16,6 +16,18 @@ data:
   controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services
   operator-prometheus-serve-addr: ":9963"
   enable-metrics: "true"
+  enable-envoy-config: "true"
+  envoy-config-retry-interval: "15s"
+  enable-gateway-api: "true"
+  enable-gateway-api-secrets-sync: "true"
+  enable-gateway-api-proxy-protocol: "false"
+  enable-gateway-api-app-protocol: "true"
+  enable-gateway-api-alpn: "true"
+  gateway-api-xff-num-trusted-hops: "0"
+  gateway-api-service-externaltrafficpolicy: "Cluster"
+  gateway-api-secrets-namespace: "cilium-secrets"
+  gateway-api-hostnetwork-enabled: "false"
+  gateway-api-hostnetwork-nodelabelselector: ""
   enable-policy-secrets-sync: "true"
   policy-secrets-only-from-secrets-namespace: "true"
   policy-secrets-namespace: "cilium-secrets"

clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml

@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8"
+        cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6"
         kubectl.kubernetes.io/default-container: cilium-agent
       labels:
         k8s-app: cilium

clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml

@@ -22,7 +22,7 @@ spec:
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8"
+        cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6"
       labels:
         io.cilium/app: operator
         name: cilium-operator

clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cilium-gateway-secrets
+  namespace: "cilium-secrets"
+  labels:
+    app.kubernetes.io/part-of: cilium
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch

clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cilium-operator-gateway-secrets
+  namespace: "cilium-secrets"
+  labels:
+    app.kubernetes.io/part-of: cilium
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+      - update
+      - patch

clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cilium-gateway-secrets
+  namespace: "cilium-secrets"
+  labels:
+    app.kubernetes.io/part-of: cilium
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cilium-gateway-secrets
+subjects:
+  - kind: ServiceAccount
+    name: "cilium"
+    namespace: kube-system

clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cilium-operator-gateway-secrets
+  namespace: "cilium-secrets"
+  labels:
+    app.kubernetes.io/part-of: cilium
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cilium-operator-gateway-secrets
+subjects:
+  - kind: ServiceAccount
+    name: "cilium-operator"
+    namespace: kube-system

clusters/cl01tl/manifests/directus/RedisReplication-redis-replication-directus.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: directus
     app.kubernetes.io/part-of: directus
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml

@@ -240,15 +240,6 @@ data:
       interval: 30s
       name: argo-workflows
       url: https://argo-workflows.alexlebens.net
-    - alerts:
-      - type: ntfy
-      conditions:
-      - '[STATUS] == 200'
-      - '[CERTIFICATE_EXPIRATION] > 240h'
-      group: core
-      interval: 30s
-      name: n8n
-      url: https://n8n.alexlebens.net
     - alerts:
       - type: ntfy
       conditions:

clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml

@@ -26,7 +26,7 @@ spec:
         app.kubernetes.io/name: gatus
         app.kubernetes.io/instance: gatus
       annotations:
-        checksum/config: 22219bb69a5a2c6c7f40125317614abbb00caca6256e11cbcfc7d794bd02786d
+        checksum/config: a27bce6e839f41833f0b751d9d88ab35de7db50bef8812d5e7d4fecb1c9eab92
     spec:
       serviceAccountName: default
       automountServiceAccountToken: false

clusters/cl01tl/manifests/harbor/RedisReplication-redis-replication-harbor.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: harbor
     app.kubernetes.io/part-of: harbor
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml

@@ -264,12 +264,6 @@ data:
             href: https://argo-workflows.alexlebens.net
             siteMonitor: http://argo-workflows-server.argo-workflows:2746
             statusStyle: dot
-        - API Workflows:
-            icon: sh-n8n.webp
-            description: n8n
-            href: https://n8n.alexlebens.net
-            siteMonitor: http://n8n-main.n8n:80
-            statusStyle: dot
         - Uptime:
             icon: sh-gatus.webp
             description: Gatus

clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml

@@ -24,7 +24,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/configMaps: 16f7b0211335aaa868ba89444e89b88983678849e85a224c3c664e9a63f85379
+        checksum/configMaps: fa7257eb82e808fc51a47d8d063b49a933662c94a1c712587c420152b7679dc9
         checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378
       labels:
         app.kubernetes.io/controller: main

clusters/cl01tl/manifests/immich/RedisReplication-redis-replication-immich.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: immich
     app.kubernetes.io/part-of: immich
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/kube-prometheus-stack/RedisReplication-redis-replication-kube-prometheus-stack.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: kube-prometheus-stack
     app.kubernetes.io/part-of: kube-prometheus-stack
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/outline/RedisReplication-redis-replication-outline.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: outline
     app.kubernetes.io/part-of: outline
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/postiz/RedisReplication-redis-replication-postiz.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: postiz
     app.kubernetes.io/part-of: postiz
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/rayflume/RedisReplication-redis-replication-rayflume.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: rayflume
     app.kubernetes.io/part-of: rayflume
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/stalwart/RedisReplication-redis-replication-stalwart.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: stalwart
     app.kubernetes.io/part-of: stalwart
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/tubearchivist/RedisReplication-redis-replication-tubearchivist.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: tubearchivist
     app.kubernetes.io/part-of: tubearchivist
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000

clusters/cl01tl/manifests/yamtrack/RedisReplication-redis-replication-yamtrack.yaml

@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: yamtrack
     app.kubernetes.io/part-of: yamtrack
 spec:
-  clusterSize: 3
+  clusterSize: 1
   podSecurityContext:
     fsGroup: 1000
     runAsUser: 1000