alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

Automated Manifest Update (#5173)

Browse Source 
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

### Details
- **Trigger**: `pull_request` by `@alexlebens`
- **Commit**: `c3e134f` (on `c3e134ffba591e2752db6fe0a1721ea0de524b87`)
- **Charts Updated**: `eraser,excalidraw,external-dns,external-secrets`

### Update Details (2026-03-27 00:30 UTC)
- **Trigger**: `pull_request` by `@alexlebens`
- **Commit**: `f09911d` (on `f09911d84f8bf423991c1d2d52318926b66eef76`)
- **Charts Updated**: `external-dns`

Reviewed-on: #5173
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
This commit was merged in pull request #5173.
This commit is contained in:
Gitea
2026-03-27 00:31:38 +00:00
committed by Alex Lebens
parent 6c6f69ca49
commit 9163bdf6ca
11 changed files with 83 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
clusters/cl01tl/manifests/eraser/ConfigMap-eraser-manager-config.yaml
View File

@@ -10,27 +10,27 @@ data:
collector: collector:
enabled: true enabled: true
image: image:
tag: v1.4.1 repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
limit: {} limit: {}
request: request:
cpu: 10m cpu: 1m
memory: 128Mi memory: 20Mi
remover: remover:
image: image:
tag: v1.4.1 repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
limit: {} limit: {}
request: request:
cpu: 10m cpu: 1m
memory: 128Mi memory: 20Mi
scanner: scanner:
config: "" config: ""
enabled: false enabled: false
image: image:
tag: v1.4.1 tag: v1.4.1
limit: {} limit: {}
request: request: {}
cpu: 100m
memory: 128Mi
health: {} health: {}
kind: EraserConfig kind: EraserConfig
leaderElection: {} leaderElection: {}
@@ -49,9 +49,7 @@ data:
type: exclude type: exclude
otlpEndpoint: "" otlpEndpoint: ""
priorityClassName: "" priorityClassName: ""
profile: profile: {}
enabled: false
port: 6060
pullSecrets: [] pullSecrets: []
runtime: runtime:
address: unix:///run/containerd/containerd.sock address: unix:///run/containerd/containerd.sock

9
clusters/cl01tl/manifests/eraser/Deployment-eraser-controller-manager.yaml
View File

@@ -41,7 +41,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: OTEL_SERVICE_NAME - name: OTEL_SERVICE_NAME
value: eraser-manager value: eraser-manager
image: 'ghcr.io/eraser-dev/eraser-manager:v1.4.1' image: 'ghcr.io/eraser-dev/eraser-manager:v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d'
imagePullPolicy: 'IfNotPresent' imagePullPolicy: 'IfNotPresent'
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -57,11 +57,10 @@ spec:
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
resources: resources:
limits: limits: {}
memory: 30Mi
requests: requests:
cpu: 10m cpu: 1m
memory: 30Mi memory: 20Mi
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:

5
clusters/cl01tl/manifests/excalidraw/Deployment-excalidraw.yaml
View File

@@ -40,9 +40,8 @@ spec:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
image: excalidraw/excalidraw:latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c image: excalidraw/excalidraw:latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
imagePullPolicy: IfNotPresent
name: main name: main
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 128Mi memory: 10Mi

2
clusters/cl01tl/manifests/excalidraw/HTTPRoute-excalidraw.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: excalidraw name: excalidraw
namespace: excalidraw namespace: excalidraw
port: 80 port: 80
weight: 100 weight: 1
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

3
clusters/cl01tl/manifests/external-dns/ClusterRole-external-dns-unifi.yaml
View File

@@ -9,9 +9,6 @@ metadata:
app.kubernetes.io/version: "0.20.0" app.kubernetes.io/version: "0.20.0"
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
rules: rules:
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: ["externaldns.k8s.io"] - apiGroups: ["externaldns.k8s.io"]
resources: ["dnsendpoints"] resources: ["dnsendpoints"]
verbs: ["get", "watch", "list"] verbs: ["get", "watch", "list"]

14
clusters/cl01tl/manifests/external-dns/Deployment-external-dns-unifi.yaml
View File

@@ -47,8 +47,7 @@ spec:
args: args:
- --log-level=info - --log-level=info
- --log-format=text - --log-format=text
- --interval=1m - --interval=360m
- --source=ingress
- --source=crd - --source=crd
- --source=gateway-httproute - --source=gateway-httproute
- --source=gateway-tlsroute - --source=gateway-tlsroute
@@ -57,6 +56,7 @@ spec:
- --txt-owner-id=default - --txt-owner-id=default
- --txt-prefix=k8s. - --txt-prefix=k8s.
- --domain-filter=alexlebens.net - --domain-filter=alexlebens.net
- --exclude-domains=alexlebens.dev
- --provider=webhook - --provider=webhook
- --ignore-ingress-tls-spec - --ignore-ingress-tls-spec
ports: ports:
@@ -81,8 +81,12 @@ spec:
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 5 timeoutSeconds: 5
resources:
requests:
cpu: 1m
memory: 80Mi
- name: webhook - name: webhook
image: ghcr.io/kashalls/external-dns-unifi-webhook:v0.8.2 image: ghcr.io/kashalls/external-dns-unifi-webhook:v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: UNIFI_HOST - name: UNIFI_HOST
@@ -93,7 +97,7 @@ spec:
key: api-key key: api-key
name: external-dns-unifi-secret name: external-dns-unifi-secret
- name: LOG_LEVEL - name: LOG_LEVEL
value: debug value: info
ports: ports:
- name: http-webhook - name: http-webhook
protocol: TCP protocol: TCP
@@ -112,7 +116,7 @@ spec:
httpGet: httpGet:
path: /readyz path: /readyz
port: http-webhook port: http-webhook
initialDelaySeconds: 10 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 5 timeoutSeconds: 5

3
clusters/cl01tl/manifests/external-dns/ExternalSecret-external-dns-unifi-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data: data:
- secretKey: api-key - secretKey: api-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key property: api-key

7
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-cert-controller.yaml
View File

@@ -40,7 +40,7 @@ spec:
runAsUser: 1000 runAsUser: 1000
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0 image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- certcontroller - certcontroller
@@ -54,6 +54,7 @@ spec:
- --loglevel=info - --loglevel=info
- --zap-time-encoding=epoch - --zap-time-encoding=epoch
- --enable-partial-cache=true - --enable-partial-cache=true
- --enable-leader-election=true
ports: ports:
- containerPort: 8080 - containerPort: 8080
protocol: TCP protocol: TCP
@@ -67,3 +68,7 @@ spec:
path: /readyz path: /readyz
initialDelaySeconds: 20 initialDelaySeconds: 20
periodSeconds: 5 periodSeconds: 5
resources:
requests:
cpu: 1m
memory: 60Mi

6
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets-webhook.yaml
View File

@@ -40,7 +40,7 @@ spec:
runAsUser: 1000 runAsUser: 1000
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0 image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- webhook - webhook
@@ -68,6 +68,10 @@ spec:
path: /readyz path: /readyz
initialDelaySeconds: 20 initialDelaySeconds: 20
periodSeconds: 5 periodSeconds: 5
resources:
requests:
cpu: 1m
memory: 30Mi
volumeMounts: volumeMounts:
- name: certs - name: certs
mountPath: /tmp/certs mountPath: /tmp/certs

30
clusters/cl01tl/manifests/external-secrets/Deployment-external-secrets.yaml
View File

@@ -40,15 +40,43 @@ spec:
runAsUser: 1000 runAsUser: 1000
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
image: ghcr.io/external-secrets/external-secrets:v2.2.0 image: ghcr.io/external-secrets/external-secrets:v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- --enable-leader-election=true
- --enable-extended-metric-labels=true
- --concurrent=1 - --concurrent=1
- --metrics-addr=:8080 - --metrics-addr=:8080
- --loglevel=info - --loglevel=info
- --zap-time-encoding=epoch - --zap-time-encoding=epoch
- --live-addr=:8082
ports: ports:
- containerPort: 8080 - containerPort: 8080
protocol: TCP protocol: TCP
name: metrics name: metrics
- name: live
protocol: TCP
containerPort: 8082
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: live
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: live
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
requests:
cpu: 5m
memory: 50Mi
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst

17
clusters/cl01tl/manifests/external-secrets/PodDisruptionBudget-external-secrets-pdb.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: "external-secrets-pdb"
namespace: external-secrets
labels:
helm.sh/chart: external-secrets-2.2.0
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets
app.kubernetes.io/version: "v2.2.0"
app.kubernetes.io/managed-by: Helm
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: external-secrets