From 608674835e66656c5db362633e08f724d706a52b Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Sat, 27 Dec 2025 18:41:32 +0000 Subject: [PATCH] Automated Manifest Update (#2886) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2886 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- ...plication-redis-replication-authentik.yaml | 2 +- .../manifests/blocky/ConfigMap-blocky.yaml | 1 - .../manifests/blocky/Deployment-blocky.yaml | 2 +- ...sReplication-redis-replication-blocky.yaml | 2 +- .../cilium/ClusterRole-cilium-operator.yaml | 58 +++++++++++++++++++ .../cilium/ConfigMap-cilium-config.yaml | 12 ++++ .../manifests/cilium/DaemonSet-cilium.yaml | 2 +- .../cilium/Deployment-cilium-operator.yaml | 2 +- .../cilium/Role-cilium-gateway-secrets.yaml | 16 +++++ .../Role-cilium-operator-gateway-secrets.yaml | 17 ++++++ .../RoleBinding-cilium-gateway-secrets.yaml | 15 +++++ ...nding-cilium-operator-gateway-secrets.yaml | 15 +++++ ...eplication-redis-replication-directus.yaml | 2 +- .../manifests/gatus/ConfigMap-gatus.yaml | 9 --- .../manifests/gatus/Deployment-gatus.yaml | 2 +- ...sReplication-redis-replication-harbor.yaml | 2 +- .../homepage/ConfigMap-homepage.yaml | 6 -- .../homepage/Deployment-homepage.yaml | 2 +- ...sReplication-redis-replication-immich.yaml | 2 +- ...dis-replication-kube-prometheus-stack.yaml | 2 +- ...Replication-redis-replication-outline.yaml | 2 +- ...sReplication-redis-replication-postiz.yaml | 2 +- ...eplication-redis-replication-rayflume.yaml | 2 +- ...eplication-redis-replication-stalwart.yaml | 2 +- ...ation-redis-replication-tubearchivist.yaml | 2 +- ...eplication-redis-replication-yamtrack.yaml | 2 +- 26 files changed, 150 insertions(+), 33 deletions(-) create mode 100644 clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml create mode 100644 clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml create mode 100644 clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml create mode 100644 clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml diff --git a/clusters/cl01tl/manifests/authentik/RedisReplication-redis-replication-authentik.yaml b/clusters/cl01tl/manifests/authentik/RedisReplication-redis-replication-authentik.yaml index 3f0d92682..b2e35582d 100644 --- a/clusters/cl01tl/manifests/authentik/RedisReplication-redis-replication-authentik.yaml +++ b/clusters/cl01tl/manifests/authentik/RedisReplication-redis-replication-authentik.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: authentik app.kubernetes.io/part-of: authentik spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml index de7bfb83b..64b0ce45c 100644 --- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml @@ -122,7 +122,6 @@ data: lidatube IN CNAME traefik-cl01tl listenarr IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl - n8n IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl ntfy IN CNAME traefik-cl01tl objects IN CNAME traefik-cl01tl diff --git a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml index 5f4c7b655..fe9b5a376 100644 --- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 7fc49c433a568728ef1931ffe08ebcf917f00194e90f8b8254618f2d03e4db71 + checksum/configMaps: 9a3603c737b118606d688be17dbdafaac878cfb4e20fc072a65f466620352f23 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: blocky diff --git a/clusters/cl01tl/manifests/blocky/RedisReplication-redis-replication-blocky.yaml b/clusters/cl01tl/manifests/blocky/RedisReplication-redis-replication-blocky.yaml index 80e5f12d2..29aac546b 100644 --- a/clusters/cl01tl/manifests/blocky/RedisReplication-redis-replication-blocky.yaml +++ b/clusters/cl01tl/manifests/blocky/RedisReplication-redis-replication-blocky.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: blocky app.kubernetes.io/part-of: blocky spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml b/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml index 0327f318b..f7e07eb33 100644 --- a/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml +++ b/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml @@ -69,6 +69,10 @@ rules: - get - list - watch + - create + - update + - delete + - patch - apiGroups: - cilium.io resources: @@ -216,3 +220,57 @@ rules: - create - get - update + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - tlsroutes + - httproutes + - grpcroutes + - referencegrants + - referencepolicies + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + verbs: + - patch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - httproutes/status + - grpcroutes/status + - tlsroutes/status + verbs: + - update + - patch + - apiGroups: + - cilium.io + resources: + - ciliumgatewayclassconfigs + verbs: + - get + - list + - watch + - apiGroups: + - cilium.io + resources: + - ciliumgatewayclassconfigs/status + verbs: + - update + - patch + - apiGroups: + - multicluster.x-k8s.io + resources: + - serviceimports + verbs: + - get + - list + - watch diff --git a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml index aae4ecf8e..161ad6fd9 100644 --- a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml +++ b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml @@ -16,6 +16,18 @@ data: controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services operator-prometheus-serve-addr: ":9963" enable-metrics: "true" + enable-envoy-config: "true" + envoy-config-retry-interval: "15s" + enable-gateway-api: "true" + enable-gateway-api-secrets-sync: "true" + enable-gateway-api-proxy-protocol: "false" + enable-gateway-api-app-protocol: "true" + enable-gateway-api-alpn: "true" + gateway-api-xff-num-trusted-hops: "0" + gateway-api-service-externaltrafficpolicy: "Cluster" + gateway-api-secrets-namespace: "cilium-secrets" + gateway-api-hostnetwork-enabled: "false" + gateway-api-hostnetwork-nodelabelselector: "" enable-policy-secrets-sync: "true" policy-secrets-only-from-secrets-namespace: "true" policy-secrets-namespace: "cilium-secrets" diff --git a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml index 0fc0f83fd..af24f1559 100644 --- a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml +++ b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8" + cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6" kubectl.kubernetes.io/default-container: cilium-agent labels: k8s-app: cilium diff --git a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml index c32c4db6e..e0b8de185 100644 --- a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml +++ b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml @@ -22,7 +22,7 @@ spec: template: metadata: annotations: - cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8" + cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6" labels: io.cilium/app: operator name: cilium-operator diff --git a/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml new file mode 100644 index 000000000..5ba0f73b9 --- /dev/null +++ b/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cilium-gateway-secrets + namespace: "cilium-secrets" + labels: + app.kubernetes.io/part-of: cilium +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch diff --git a/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml new file mode 100644 index 000000000..7649b8aa0 --- /dev/null +++ b/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cilium-operator-gateway-secrets + namespace: "cilium-secrets" + labels: + app.kubernetes.io/part-of: cilium +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - update + - patch diff --git a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml new file mode 100644 index 000000000..a386746d1 --- /dev/null +++ b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cilium-gateway-secrets + namespace: "cilium-secrets" + labels: + app.kubernetes.io/part-of: cilium +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cilium-gateway-secrets +subjects: + - kind: ServiceAccount + name: "cilium" + namespace: kube-system diff --git a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml new file mode 100644 index 000000000..35c2b1607 --- /dev/null +++ b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cilium-operator-gateway-secrets + namespace: "cilium-secrets" + labels: + app.kubernetes.io/part-of: cilium +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cilium-operator-gateway-secrets +subjects: + - kind: ServiceAccount + name: "cilium-operator" + namespace: kube-system diff --git a/clusters/cl01tl/manifests/directus/RedisReplication-redis-replication-directus.yaml b/clusters/cl01tl/manifests/directus/RedisReplication-redis-replication-directus.yaml index 823fc8d71..8c87be599 100644 --- a/clusters/cl01tl/manifests/directus/RedisReplication-redis-replication-directus.yaml +++ b/clusters/cl01tl/manifests/directus/RedisReplication-redis-replication-directus.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: directus app.kubernetes.io/part-of: directus spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml index 8c3318b8c..56683b202 100644 --- a/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/ConfigMap-gatus.yaml @@ -240,15 +240,6 @@ data: interval: 30s name: argo-workflows url: https://argo-workflows.alexlebens.net - - alerts: - - type: ntfy - conditions: - - '[STATUS] == 200' - - '[CERTIFICATE_EXPIRATION] > 240h' - group: core - interval: 30s - name: n8n - url: https://n8n.alexlebens.net - alerts: - type: ntfy conditions: diff --git a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml index d6860ddf8..92666c616 100644 --- a/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml +++ b/clusters/cl01tl/manifests/gatus/Deployment-gatus.yaml @@ -26,7 +26,7 @@ spec: app.kubernetes.io/name: gatus app.kubernetes.io/instance: gatus annotations: - checksum/config: 22219bb69a5a2c6c7f40125317614abbb00caca6256e11cbcfc7d794bd02786d + checksum/config: a27bce6e839f41833f0b751d9d88ab35de7db50bef8812d5e7d4fecb1c9eab92 spec: serviceAccountName: default automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/harbor/RedisReplication-redis-replication-harbor.yaml b/clusters/cl01tl/manifests/harbor/RedisReplication-redis-replication-harbor.yaml index 9901260f6..3e4e42e60 100644 --- a/clusters/cl01tl/manifests/harbor/RedisReplication-redis-replication-harbor.yaml +++ b/clusters/cl01tl/manifests/harbor/RedisReplication-redis-replication-harbor.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: harbor app.kubernetes.io/part-of: harbor spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml index 6d1ee5687..8b28d3d5b 100644 --- a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml @@ -264,12 +264,6 @@ data: href: https://argo-workflows.alexlebens.net siteMonitor: http://argo-workflows-server.argo-workflows:2746 statusStyle: dot - - API Workflows: - icon: sh-n8n.webp - description: n8n - href: https://n8n.alexlebens.net - siteMonitor: http://n8n-main.n8n:80 - statusStyle: dot - Uptime: icon: sh-gatus.webp description: Gatus diff --git a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml index d8524ffb0..0d070cfc9 100644 --- a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 16f7b0211335aaa868ba89444e89b88983678849e85a224c3c664e9a63f85379 + checksum/configMaps: fa7257eb82e808fc51a47d8d063b49a933662c94a1c712587c420152b7679dc9 checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 labels: app.kubernetes.io/controller: main diff --git a/clusters/cl01tl/manifests/immich/RedisReplication-redis-replication-immich.yaml b/clusters/cl01tl/manifests/immich/RedisReplication-redis-replication-immich.yaml index 659077d00..11d29c954 100644 --- a/clusters/cl01tl/manifests/immich/RedisReplication-redis-replication-immich.yaml +++ b/clusters/cl01tl/manifests/immich/RedisReplication-redis-replication-immich.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: immich app.kubernetes.io/part-of: immich spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/RedisReplication-redis-replication-kube-prometheus-stack.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/RedisReplication-redis-replication-kube-prometheus-stack.yaml index 0a92f3c92..f7a7065b4 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/RedisReplication-redis-replication-kube-prometheus-stack.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/RedisReplication-redis-replication-kube-prometheus-stack.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/outline/RedisReplication-redis-replication-outline.yaml b/clusters/cl01tl/manifests/outline/RedisReplication-redis-replication-outline.yaml index e76e90ac6..326562c2d 100644 --- a/clusters/cl01tl/manifests/outline/RedisReplication-redis-replication-outline.yaml +++ b/clusters/cl01tl/manifests/outline/RedisReplication-redis-replication-outline.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: outline app.kubernetes.io/part-of: outline spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/postiz/RedisReplication-redis-replication-postiz.yaml b/clusters/cl01tl/manifests/postiz/RedisReplication-redis-replication-postiz.yaml index 2ff373db6..ee8f83827 100644 --- a/clusters/cl01tl/manifests/postiz/RedisReplication-redis-replication-postiz.yaml +++ b/clusters/cl01tl/manifests/postiz/RedisReplication-redis-replication-postiz.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: postiz app.kubernetes.io/part-of: postiz spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/rayflume/RedisReplication-redis-replication-rayflume.yaml b/clusters/cl01tl/manifests/rayflume/RedisReplication-redis-replication-rayflume.yaml index 886c91fb3..63dc2d75b 100644 --- a/clusters/cl01tl/manifests/rayflume/RedisReplication-redis-replication-rayflume.yaml +++ b/clusters/cl01tl/manifests/rayflume/RedisReplication-redis-replication-rayflume.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: rayflume app.kubernetes.io/part-of: rayflume spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/stalwart/RedisReplication-redis-replication-stalwart.yaml b/clusters/cl01tl/manifests/stalwart/RedisReplication-redis-replication-stalwart.yaml index ec027aab4..53c3c408d 100644 --- a/clusters/cl01tl/manifests/stalwart/RedisReplication-redis-replication-stalwart.yaml +++ b/clusters/cl01tl/manifests/stalwart/RedisReplication-redis-replication-stalwart.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: stalwart app.kubernetes.io/part-of: stalwart spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/tubearchivist/RedisReplication-redis-replication-tubearchivist.yaml b/clusters/cl01tl/manifests/tubearchivist/RedisReplication-redis-replication-tubearchivist.yaml index 63122b51d..4208dc0bb 100644 --- a/clusters/cl01tl/manifests/tubearchivist/RedisReplication-redis-replication-tubearchivist.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/RedisReplication-redis-replication-tubearchivist.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: tubearchivist app.kubernetes.io/part-of: tubearchivist spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000 diff --git a/clusters/cl01tl/manifests/yamtrack/RedisReplication-redis-replication-yamtrack.yaml b/clusters/cl01tl/manifests/yamtrack/RedisReplication-redis-replication-yamtrack.yaml index 6146d89c7..dd2d9818f 100644 --- a/clusters/cl01tl/manifests/yamtrack/RedisReplication-redis-replication-yamtrack.yaml +++ b/clusters/cl01tl/manifests/yamtrack/RedisReplication-redis-replication-yamtrack.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/instance: yamtrack app.kubernetes.io/part-of: yamtrack spec: - clusterSize: 3 + clusterSize: 1 podSecurityContext: fsGroup: 1000 runAsUser: 1000