diff --git a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-gitea-actions-act-runner.yaml b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-gitea-actions-act-runner.yaml index 176d0f2a8..c022a0d8a 100644 --- a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-gitea-actions-act-runner.yaml +++ b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-gitea-actions-act-runner.yaml @@ -47,7 +47,7 @@ spec: done echo "Gitea has been reached!" - name: dind - image: "docker.io/docker:29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029" + image: "docker.io/docker:29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821" restartPolicy: Always imagePullPolicy: IfNotPresent securityContext: diff --git a/clusters/cl01tl/manifests/seerr/HTTPRoute-seerr-seerr-chart.yaml b/clusters/cl01tl/manifests/seerr/HTTPRoute-seerr-seerr-chart.yaml index a1bd17ceb..bd2fc50d6 100644 --- a/clusters/cl01tl/manifests/seerr/HTTPRoute-seerr-seerr-chart.yaml +++ b/clusters/cl01tl/manifests/seerr/HTTPRoute-seerr-seerr-chart.yaml @@ -3,7 +3,7 @@ kind: HTTPRoute metadata: name: seerr-seerr-chart labels: - helm.sh/chart: seerr-chart-3.3.1 + helm.sh/chart: seerr-chart-3.4.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" diff --git a/clusters/cl01tl/manifests/seerr/PersistentVolumeClaim-seerr-seerr-chart-config.yaml b/clusters/cl01tl/manifests/seerr/PersistentVolumeClaim-seerr-seerr-chart-config.yaml index 839d84fa0..3cdfdabfe 100644 --- a/clusters/cl01tl/manifests/seerr/PersistentVolumeClaim-seerr-seerr-chart-config.yaml +++ b/clusters/cl01tl/manifests/seerr/PersistentVolumeClaim-seerr-seerr-chart-config.yaml @@ -3,7 +3,7 @@ kind: PersistentVolumeClaim metadata: name: seerr-seerr-chart-config labels: - helm.sh/chart: seerr-chart-3.3.1 + helm.sh/chart: seerr-chart-3.4.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" diff --git a/clusters/cl01tl/manifests/seerr/Pod-seerr-seerr-chart-test-connection.yaml b/clusters/cl01tl/manifests/seerr/Pod-seerr-seerr-chart-test-connection.yaml index 7199a5842..0c35d0ae3 100644 --- a/clusters/cl01tl/manifests/seerr/Pod-seerr-seerr-chart-test-connection.yaml +++ b/clusters/cl01tl/manifests/seerr/Pod-seerr-seerr-chart-test-connection.yaml @@ -3,7 +3,7 @@ kind: Pod metadata: name: "seerr-seerr-chart-test-connection" labels: - helm.sh/chart: seerr-chart-3.3.1 + helm.sh/chart: seerr-chart-3.4.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" diff --git a/clusters/cl01tl/manifests/seerr/Service-seerr-seerr-chart.yaml b/clusters/cl01tl/manifests/seerr/Service-seerr-seerr-chart.yaml index f23ec90c9..8471afb63 100644 --- a/clusters/cl01tl/manifests/seerr/Service-seerr-seerr-chart.yaml +++ b/clusters/cl01tl/manifests/seerr/Service-seerr-seerr-chart.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: seerr-seerr-chart labels: - helm.sh/chart: seerr-chart-3.3.1 + helm.sh/chart: seerr-chart-3.4.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" diff --git a/clusters/cl01tl/manifests/seerr/ServiceAccount-seerr-seerr-chart.yaml b/clusters/cl01tl/manifests/seerr/ServiceAccount-seerr-seerr-chart.yaml index d2526d6be..276ad3414 100644 --- a/clusters/cl01tl/manifests/seerr/ServiceAccount-seerr-seerr-chart.yaml +++ b/clusters/cl01tl/manifests/seerr/ServiceAccount-seerr-seerr-chart.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: name: seerr-seerr-chart labels: - helm.sh/chart: seerr-chart-3.3.1 + helm.sh/chart: seerr-chart-3.4.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" diff --git a/clusters/cl01tl/manifests/seerr/StatefulSet-seerr-seerr-chart.yaml b/clusters/cl01tl/manifests/seerr/StatefulSet-seerr-seerr-chart.yaml index 468901924..37ed92ea3 100644 --- a/clusters/cl01tl/manifests/seerr/StatefulSet-seerr-seerr-chart.yaml +++ b/clusters/cl01tl/manifests/seerr/StatefulSet-seerr-seerr-chart.yaml @@ -3,7 +3,7 @@ kind: StatefulSet metadata: name: seerr-seerr-chart labels: - helm.sh/chart: seerr-chart-3.3.1 + helm.sh/chart: seerr-chart-3.4.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" @@ -18,7 +18,7 @@ spec: template: metadata: labels: - helm.sh/chart: seerr-chart-3.3.1 + helm.sh/chart: seerr-chart-3.4.0 app.kubernetes.io/name: seerr-chart app.kubernetes.io/instance: seerr app.kubernetes.io/version: "v3.1.0" @@ -70,6 +70,7 @@ spec: volumeMounts: - name: config mountPath: /app/config + subPath: volumes: - name: config persistentVolumeClaim: diff --git a/clusters/cl01tl/manifests/tailscale-operator/ClusterRole-tailscale-operator.yaml b/clusters/cl01tl/manifests/tailscale-operator/ClusterRole-tailscale-operator.yaml index 4518978e9..1fbdc7f09 100644 --- a/clusters/cl01tl/manifests/tailscale-operator/ClusterRole-tailscale-operator.yaml +++ b/clusters/cl01tl/manifests/tailscale-operator/ClusterRole-tailscale-operator.yaml @@ -24,6 +24,12 @@ rules: - apiGroups: ["tailscale.com"] resources: ["dnsconfigs", "dnsconfigs/status"] verbs: ["get", "list", "watch", "update"] + - apiGroups: ["tailscale.com"] + resources: ["tailnets", "tailnets/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["tailscale.com"] + resources: ["proxygrouppolicies", "proxygrouppolicies/status"] + verbs: ["get", "list", "watch", "update"] - apiGroups: ["tailscale.com"] resources: ["recorders", "recorders/status"] verbs: ["get", "list", "watch", "update"] @@ -31,3 +37,6 @@ rules: resources: ["customresourcedefinitions"] verbs: ["get", "list", "watch"] resourceNames: ["servicemonitors.monitoring.coreos.com"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingadmissionpolicies", "validatingadmissionpolicybindings"] + verbs: ["list", "create", "delete", "update", "get", "watch"] diff --git a/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-connectors.tailscale.com.yaml b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-connectors.tailscale.com.yaml index 74d32d53d..03c51c755 100644 --- a/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-connectors.tailscale.com.yaml +++ b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-connectors.tailscale.com.yaml @@ -181,6 +181,14 @@ spec: items: type: string pattern: ^tag:[a-zA-Z][a-zA-Z0-9-]*$ + tailnet: + description: |- + Tailnet specifies the tailnet this Connector should join. If blank, the default tailnet is used. When set, this + name must match that of a valid Tailnet resource. This field is immutable and cannot be changed once set. + type: string + x-kubernetes-validations: + - rule: self == oldSelf + message: Connector tailnet is immutable x-kubernetes-validations: - rule: has(self.subnetRouter) || (has(self.exitNode) && self.exitNode == true) || has(self.appConnector) message: A Connector needs to have at least one of exit node, subnet router or app connector configured. diff --git a/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-proxygrouppolicies.tailscale.com.yaml b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-proxygrouppolicies.tailscale.com.yaml new file mode 100644 index 000000000..d1425fba8 --- /dev/null +++ b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-proxygrouppolicies.tailscale.com.yaml @@ -0,0 +1,135 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.0 + name: proxygrouppolicies.tailscale.com +spec: + group: tailscale.com + names: + kind: ProxyGroupPolicy + listKind: ProxyGroupPolicyList + plural: proxygrouppolicies + shortNames: + - pgp + singular: proxygrouppolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec describes the desired state of the ProxyGroupPolicy. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + properties: + egress: + description: |- + Names of ProxyGroup resources that can be used by Service resources within this namespace. An empty list + denotes that no egress via ProxyGroups is allowed within this namespace. + type: array + items: + type: string + ingress: + description: |- + Names of ProxyGroup resources that can be used by Ingress resources within this namespace. An empty list + denotes that no ingress via ProxyGroups is allowed within this namespace. + type: array + items: + type: string + status: + description: |- + Status describes the status of the ProxyGroupPolicy. This is set + and managed by the Tailscale operator. + type: object + properties: + conditions: + type: array + items: + description: Condition contains details for one aspect of the current state of this API Resource. + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + served: true + storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-proxygroups.tailscale.com.yaml b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-proxygroups.tailscale.com.yaml index 98ca1c378..0254f01b8 100644 --- a/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-proxygroups.tailscale.com.yaml +++ b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-proxygroups.tailscale.com.yaml @@ -139,6 +139,14 @@ spec: items: type: string pattern: ^tag:[a-zA-Z][a-zA-Z0-9-]*$ + tailnet: + description: |- + Tailnet specifies the tailnet this ProxyGroup should join. If blank, the default tailnet is used. When set, this + name must match that of a valid Tailnet resource. This field is immutable and cannot be changed once set. + type: string + x-kubernetes-validations: + - rule: self == oldSelf + message: ProxyGroup tailnet is immutable type: description: |- Type of the ProxyGroup proxies. Supported types are egress, ingress, and kube-apiserver. diff --git a/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-recorders.tailscale.com.yaml b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-recorders.tailscale.com.yaml index 3d80c55e1..ca43a72a5 100644 --- a/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-recorders.tailscale.com.yaml +++ b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-recorders.tailscale.com.yaml @@ -72,6 +72,7 @@ spec: description: Replicas specifies how many instances of tsrecorder to run. Defaults to 1. type: integer format: int32 + default: 1 minimum: 0 statefulSet: description: |- @@ -1680,6 +1681,14 @@ spec: items: type: string pattern: ^tag:[a-zA-Z][a-zA-Z0-9-]*$ + tailnet: + description: |- + Tailnet specifies the tailnet this Recorder should join. If blank, the default tailnet is used. When set, this + name must match that of a valid Tailnet resource. This field is immutable and cannot be changed once set. + type: string + x-kubernetes-validations: + - rule: self == oldSelf + message: Recorder tailnet is immutable x-kubernetes-validations: - rule: '!(self.replicas > 1 && (!has(self.storage) || !has(self.storage.s3)))' message: S3 storage must be used when deploying multiple Recorder replicas diff --git a/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-tailnets.tailscale.com.yaml b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-tailnets.tailscale.com.yaml new file mode 100644 index 000000000..200d83943 --- /dev/null +++ b/clusters/cl01tl/manifests/tailscale-operator/CustomResourceDefinition-tailnets.tailscale.com.yaml @@ -0,0 +1,141 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.0 + name: tailnets.tailscale.com +spec: + group: tailscale.com + names: + kind: Tailnet + listKind: TailnetList + plural: tailnets + shortNames: + - tn + singular: tailnet + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Status of the deployed Tailnet resources. + jsonPath: .status.conditions[?(@.type == "TailnetReady")].reason + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Spec describes the desired state of the Tailnet. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + type: object + required: + - credentials + properties: + credentials: + description: Denotes the location of the OAuth credentials to use for authenticating with this Tailnet. + type: object + required: + - secretName + properties: + secretName: + description: |- + The name of the secret containing the OAuth credentials. This secret must contain two fields "client_id" and + "client_secret". + type: string + loginUrl: + description: URL of the control plane to be used by all resources managed by the operator using this Tailnet. + type: string + status: + description: |- + Status describes the status of the Tailnet. This is set + and managed by the Tailscale operator. + type: object + properties: + conditions: + type: array + items: + description: Condition contains details for one aspect of the current state of this API Resource. + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + served: true + storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/tailscale-operator/DNSConfig-ts-dns.yaml b/clusters/cl01tl/manifests/tailscale-operator/DNSConfig-ts-dns.yaml index 355e465a1..b13e09ee0 100644 --- a/clusters/cl01tl/manifests/tailscale-operator/DNSConfig-ts-dns.yaml +++ b/clusters/cl01tl/manifests/tailscale-operator/DNSConfig-ts-dns.yaml @@ -11,4 +11,4 @@ spec: nameserver: image: repo: tailscale/k8s-nameserver - tag: v1.94.2 + tag: v1.96.5