Automated Manifest Update (#2858)

This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

Reviewed-on: #2858
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>

clusters/cl01tl/manifests/argo-workflows/HTTPRoute-argo-workflows.yaml

@@ -11,8 +11,8 @@ spec:
   parentRefs:
     - group: gateway.networking.k8s.io
       kind: Gateway
-      name: cilium-tls-gateway
+      name: traefik-gateway
-      namespace: kube-system
+      namespace: traefik
   hostnames:
     - argo-workflows.alexlebens.net
   rules:

clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml

@@ -90,7 +90,7 @@ data:
         ;; Application Names
         actual                          IN      CNAME   traefik-cl01tl
         alertmanager                    IN      CNAME   traefik-cl01tl
-        argo-workflows                  IN      CNAME   cilium-cl01tl
+        argo-workflows                  IN      CNAME   traefik-cl01tl
         argocd                          IN      CNAME   traefik-cl01tl
         audiobookshelf                  IN      CNAME   traefik-cl01tl
         authentik                       IN      CNAME   traefik-cl01tl
@@ -111,7 +111,7 @@ data:
         home                            IN      CNAME   traefik-cl01tl
         home-assistant                  IN      CNAME   traefik-cl01tl
         home-assistant-code-server      IN      CNAME   traefik-cl01tl
-        hubble                          IN      CNAME   cilium-cl01tl
+        hubble                          IN      CNAME   traefik-cl01tl
         huntarr                         IN      CNAME   traefik-cl01tl
         immich                          IN      CNAME   traefik-cl01tl
         jellyfin                        IN      CNAME   traefik-cl01tl

clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml

@@ -22,7 +22,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/configMaps: 8104cad96f2074fcfd9ed4c913c5cad186a5a1bd6f711fd94def748712016080
+        checksum/configMaps: 2f5e8c1dbe67625fe96fdedf0b39ace82fcf63552744f192712466288f21a002
       labels:
         app.kubernetes.io/controller: main
         app.kubernetes.io/instance: blocky

clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml

@@ -69,10 +69,6 @@ rules:
       - get
       - list
       - watch
-      - create
-      - update
-      - delete
-      - patch
   - apiGroups:
       - cilium.io
     resources:
@@ -220,57 +216,3 @@ rules:
       - create
       - get
       - update
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - gatewayclasses
-      - gateways
-      - tlsroutes
-      - httproutes
-      - grpcroutes
-      - referencegrants
-      - referencepolicies
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - gatewayclasses
-    verbs:
-      - patch
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - gatewayclasses/status
-      - gateways/status
-      - httproutes/status
-      - grpcroutes/status
-      - tlsroutes/status
-    verbs:
-      - update
-      - patch
-  - apiGroups:
-      - cilium.io
-    resources:
-      - ciliumgatewayclassconfigs
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - cilium.io
-    resources:
-      - ciliumgatewayclassconfigs/status
-    verbs:
-      - update
-      - patch
-  - apiGroups:
-      - multicluster.x-k8s.io
-    resources:
-      - serviceimports
-    verbs:
-      - get
-      - list
-      - watch

clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml

@@ -16,18 +16,6 @@ data:
   controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services
   operator-prometheus-serve-addr: ":9963"
   enable-metrics: "true"
-  enable-envoy-config: "true"
-  envoy-config-retry-interval: "15s"
-  enable-gateway-api: "true"
-  enable-gateway-api-secrets-sync: "true"
-  enable-gateway-api-proxy-protocol: "false"
-  enable-gateway-api-app-protocol: "true"
-  enable-gateway-api-alpn: "true"
-  gateway-api-xff-num-trusted-hops: "0"
-  gateway-api-service-externaltrafficpolicy: "Cluster"
-  gateway-api-secrets-namespace: "cilium-secrets"
-  gateway-api-hostnetwork-enabled: "false"
-  gateway-api-hostnetwork-nodelabelselector: ""
   enable-policy-secrets-sync: "true"
   policy-secrets-only-from-secrets-namespace: "true"
   policy-secrets-namespace: "cilium-secrets"

clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml

@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6"
+        cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8"
         kubectl.kubernetes.io/default-container: cilium-agent
       labels:
         k8s-app: cilium

clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml

@@ -22,7 +22,7 @@ spec:
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6"
+        cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8"
       labels:
         io.cilium/app: operator
         name: cilium-operator

clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml

@@ -1,35 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: cilium-tls-gateway
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: tls-gateway
-    app.kubernetes.io/instance: cilium
-    app.kubernetes.io/part-of: cilium
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
-spec:
-  gatewayClassName: cilium
-  listeners:
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: '*.alexlebens.net'
-      name: http
-      port: 80
-      protocol: HTTP
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: '*.alexlebens.net'
-      name: https
-      port: 443
-      protocol: HTTPS
-      tls:
-        certificateRefs:
-          - group: ''
-            kind: Secret
-            name: https-gateway-cert
-            namespace: kube-system
-        mode: Terminate

clusters/cl01tl/manifests/cilium/HTTPRoute-hubble.yaml

@@ -11,15 +11,15 @@ spec:
   parentRefs:
     - group: gateway.networking.k8s.io
       kind: Gateway
-      name: cilium-tls-gateway
+      name: traefik-gateway
-      namespace: kube-system
+      namespace: traefik
   hostnames:
     - hubble.alexlebens.net
   rules:
     - matches:
         - path:
             type: PathPrefix
-            value: /hubble
+            value: /
       backendRefs:
         - group: ''
           kind: Service

clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml

@@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cilium-gateway-secrets
-  namespace: "cilium-secrets"
-  labels:
-    app.kubernetes.io/part-of: cilium
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch

clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml

@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cilium-operator-gateway-secrets
-  namespace: "cilium-secrets"
-  labels:
-    app.kubernetes.io/part-of: cilium
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - create
-      - delete
-      - update
-      - patch

clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml

@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cilium-gateway-secrets
-  namespace: "cilium-secrets"
-  labels:
-    app.kubernetes.io/part-of: cilium
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cilium-gateway-secrets
-subjects:
-  - kind: ServiceAccount
-    name: "cilium"
-    namespace: kube-system

clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml

@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cilium-operator-gateway-secrets
-  namespace: "cilium-secrets"
-  labels:
-    app.kubernetes.io/part-of: cilium
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cilium-operator-gateway-secrets
-subjects:
-  - kind: ServiceAccount
-    name: "cilium-operator"
-    namespace: kube-system