alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Automated Manifest Update (#5173)

Browse Source 
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

### Details
- **Trigger**: `pull_request` by `@alexlebens`
- **Commit**: `c3e134f` (on `c3e134ffba591e2752db6fe0a1721ea0de524b87`)
- **Charts Updated**: `eraser,excalidraw,external-dns,external-secrets`

### Update Details (2026-03-27 00:30 UTC)
- **Trigger**: `pull_request` by `@alexlebens`
- **Commit**: `f09911d` (on `f09911d84f8bf423991c1d2d52318926b66eef76`)
- **Charts Updated**: `external-dns`

Reviewed-on: #5173
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
This commit was merged in pull request #5173.
This commit is contained in:
Gitea
2026-03-27 00:31:38 +00:00
committed by Alex Lebens
parent 6c6f69ca49
commit 9163bdf6ca
11 changed files with 83 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
clusters/cl01tl/manifests/eraser/ConfigMap-eraser-manager-config.yaml
View File

@@ -10,27 +10,27 @@ data:
collector:
enabled: true
image:
tag: v1.4.1
repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
limit: {}
request:
cpu: 10m
memory: 128Mi
cpu: 1m
memory: 20Mi
remover:
image:
tag: v1.4.1
repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
limit: {}
request:
cpu: 10m
memory: 128Mi
cpu: 1m
memory: 20Mi
scanner:
config: ""
enabled: false
image:
tag: v1.4.1
limit: {}
request:
cpu: 100m
memory: 128Mi
request: {}
health: {}
kind: EraserConfig
leaderElection: {}
@@ -49,9 +49,7 @@ data:
type: exclude
otlpEndpoint: ""
priorityClassName: ""
profile:
enabled: false
port: 6060
profile: {}
pullSecrets: []
runtime:
address: unix:///run/containerd/containerd.sock

9
clusters/cl01tl/manifests/eraser/Deployment-eraser-controller-manager.yaml
View File

@@ -41,7 +41,7 @@ spec:
fieldPath: metadata.namespace
- name: OTEL_SERVICE_NAME
value: eraser-manager
image: 'ghcr.io/eraser-dev/eraser-manager:v1.4.1'
image: 'ghcr.io/eraser-dev/eraser-manager:v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d'
imagePullPolicy: 'IfNotPresent'
livenessProbe:
httpGet:
@@ -57,11 +57,10 @@ spec:
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
memory: 30Mi
limits: {}
requests:
cpu: 10m
memory: 30Mi
cpu: 1m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:

5
clusters/cl01tl/manifests/excalidraw/Deployment-excalidraw.yaml
View File

@@ -40,9 +40,8 @@ spec:
- name: TZ
value: America/Chicago
image: excalidraw/excalidraw:latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi
cpu: 1m
memory: 10Mi

2
clusters/cl01tl/manifests/excalidraw/HTTPRoute-excalidraw.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: excalidraw
namespace: excalidraw
port: 80
weight: 100
weight: 1
matches:
- path:
type: PathPrefix

3
clusters/cl01tl/manifests/external-dns/ClusterRole-external-dns-unifi.yaml
View File

@@ -9,9 +9,6 @@ metadata:
app.kubernetes.io/version: "0.20.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: ["externaldns.k8s.io"]
resources: ["dnsendpoints"]
verbs: ["get", "watch", "list"]

14
clusters/cl01tl/manifests/external-dns/Deployment-external-dns-unifi.yaml
View File

@@ -47,8 +47,7 @@ spec:
args:
- --log-level=info
- --log-format=text
- --interval=1m
- --source=ingress
- --interval=360m
- --source=crd
- --source=gateway-httproute
- --source=gateway-tlsroute
@@ -57,6 +56,7 @@ spec:
- --txt-owner-id=default
- --txt-prefix=k8s.
- --domain-filter=alexlebens.net
- --exclude-domains=alexlebens.dev
- --provider=webhook
- --ignore-ingress-tls-spec
ports:
@@ -81,8 +81,12 @@ spec:
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: 1m
memory: 80Mi
- name: webhook
image: ghcr.io/kashalls/external-dns-unifi-webhook:v0.8.2
image: ghcr.io/kashalls/external-dns-unifi-webhook:v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0
imagePullPolicy: IfNotPresent
env:
- name: UNIFI_HOST
@@ -93,7 +97,7 @@ spec:
key: api-key
name: external-dns-unifi-secret
- name: LOG_LEVEL
value: debug
value: info
ports:
- name: http-webhook
protocol: TCP
@@ -112,7 +116,7 @@ spec:
httpGet:
path: /readyz
port: http-webhook
initialDelaySeconds: 10
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5

3
clusters/cl01tl/manifests/external-dns/ExternalSecret-external-dns-unifi-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data:
- secretKey: api-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key

7
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml
View File

@@ -40,7 +40,7 @@ spec:
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
imagePullPolicy: IfNotPresent
args:
- certcontroller
@@ -54,6 +54,7 @@ spec:
- --loglevel=info
- --zap-time-encoding=epoch
- --enable-partial-cache=true
- --enable-leader-election=true
ports:
- containerPort: 8080
protocol: TCP
@@ -67,3 +68,7 @@ spec:
path: /readyz
initialDelaySeconds: 20
periodSeconds: 5
resources:
requests:
cpu: 1m
memory: 60Mi

6
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml
View File

@@ -40,7 +40,7 @@ spec:
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
imagePullPolicy: IfNotPresent
args:
- webhook
@@ -68,6 +68,10 @@ spec:
path: /readyz
initialDelaySeconds: 20
periodSeconds: 5
resources:
requests:
cpu: 1m
memory: 30Mi
volumeMounts:
- name: certs
mountPath: /tmp/certs

30
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml
View File

@@ -40,15 +40,43 @@ spec:
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0
image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
imagePullPolicy: IfNotPresent
args:
- --enable-leader-election=true
- --enable-extended-metric-labels=true
- --concurrent=1
- --metrics-addr=:8080
- --loglevel=info
- --zap-time-encoding=epoch
- --live-addr=:8082
ports:
- containerPort: 8080
protocol: TCP
name: metrics
- name: live
protocol: TCP
containerPort: 8082
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: live
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: live
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: 5m
memory: 50Mi
dnsPolicy: ClusterFirst

17
clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: "external-secrets-pdb"
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/managed-by: Helm
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets