Update ghcr.io/immich-app/immich-server Docker tag to v1.135.1

clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml

@@ -1,19 +1,19 @@
-apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPAdvertisement
-metadata:
-  name: cilium-bgp-advertisements
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: cilium-bgp-advertisements
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  advertisements:
-    - advertisementType: "Service"
-      service:
-        addresses:
-          - ExternalIP
-          - LoadBalancerIP
-      selector:
-        matchExpressions:
-         - {key: somekey, operator: NotIn, values: ['never-used-value']}
+# apiVersion: cilium.io/v2alpha1
+# kind: CiliumBGPAdvertisement
+# metadata:
+#   name: cilium-bgp-advertisements
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: cilium-bgp-advertisements
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   advertisements:
+#     - advertisementType: "Service"
+#       service:
+#         addresses:
+#           - ExternalIP
+#           - LoadBalancerIP
+#       selector:
+#         matchExpressions:
+#          - {key: somekey, operator: NotIn, values: ['never-used-value']}

clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml

@@ -1,22 +1,22 @@
-apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPClusterConfig
-metadata:
-  name: cilium-bgp
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: cilium-bgp
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  nodeSelector:
-    matchLabels:
-      node-role.kubernetes.io/bgp: "65020"
-  bgpInstances:
-    - name: "65020"
-      localASN: 65020
-      peers:
-        - name: "udm-65000"
-          peerASN: 65000
-          peerAddress: 192.168.1.1
-          peerConfigRef:
-            name: "cilium-peer"
+# apiVersion: cilium.io/v2alpha1
+# kind: CiliumBGPClusterConfig
+# metadata:
+#   name: cilium-bgp
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: cilium-bgp
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   nodeSelector:
+#     matchLabels:
+#       node-role.kubernetes.io/bgp: "65020"
+#   bgpInstances:
+#     - name: "65020"
+#       localASN: 65020
+#       peers:
+#         - name: "udm-65000"
+#           peerASN: 65000
+#           peerAddress: 192.168.1.1
+#           peerConfigRef:
+#             name: "cilium-peer"

clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml

@@ -1,23 +1,23 @@
-apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPPeerConfig
-metadata:
-  name: cilium-peer
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: cilium-peer
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  timers:
-    holdTimeSeconds: 9
-    keepAliveTimeSeconds: 3
-  ebgpMultihop: 4
-  gracefulRestart:
-    enabled: true
-    restartTimeSeconds: 15
-  families:
-    - afi: ipv4
-      safi: unicast
-      advertisements:
-        matchLabels:
-          app.kubernetes.io/name: cilium-bgp-advertisements
+# apiVersion: cilium.io/v2alpha1
+# kind: CiliumBGPPeerConfig
+# metadata:
+#   name: cilium-peer
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: cilium-peer
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   timers:
+#     holdTimeSeconds: 9
+#     keepAliveTimeSeconds: 3
+#   ebgpMultihop: 4
+#   gracefulRestart:
+#     enabled: true
+#     restartTimeSeconds: 15
+#   families:
+#     - afi: ipv4
+#       safi: unicast
+#       advertisements:
+#         matchLabels:
+#           app.kubernetes.io/name: cilium-bgp-advertisements

clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml

@@ -11,5 +11,26 @@ spec:
   blocks:
     - start: "10.232.1.21"
       stop: "10.232.1.23"
-    - start: "10.232.1.200"
-      stop: "10.232.1.240"
+    - start: "10.232.2.21"
+      stop: "10.232.2.23"
+  serviceSelector:
+    matchLabels:
+      io.kubernetes.service.namespace: blocky
+      io.kubernetes.service.namespace: traefik
+      io.kubernetes.service.namespace: plex
+
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: bgp-ip-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: bgp-ip-pool
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  blocks:
+    - start: "10.232.2.100"
+      stop: "10.232.2.200"
+  disabled: true

clusters/cl01tl/standalone/cilium/templates/gateway.yaml

@@ -1,35 +1,35 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: tls-gateway
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: tls-gateway
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
-spec:
-  gatewayClassName: cilium
-  listeners:
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: '*.alexlebens.net'
-      name: http
-      port: 80
-      protocol: HTTP
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: '*.alexlebens.net'
-      name: https
-      port: 443
-      protocol: HTTPS
-      tls:
-        certificateRefs:
-          - group: ''
-            kind: Secret
-            name: https-gateway-cert
-            namespace: kube-system
-        mode: Terminate
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: Gateway
+# metadata:
+#   name: tls-gateway
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: tls-gateway
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+#   annotations:
+#     cert-manager.io/cluster-issuer: letsencrypt-issuer
+# spec:
+#   gatewayClassName: cilium
+#   listeners:
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: '*.alexlebens.net'
+#       name: http
+#       port: 80
+#       protocol: HTTP
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: '*.alexlebens.net'
+#       name: https
+#       port: 443
+#       protocol: HTTPS
+#       tls:
+#         certificateRefs:
+#           - group: ''
+#             kind: Secret
+#             name: https-gateway-cert
+#             namespace: kube-system
+#         mode: Terminate

clusters/cl01tl/standalone/cilium/templates/http-route.yaml

@@ -11,8 +11,8 @@ spec:
   parentRefs:
     - group: gateway.networking.k8s.io
       kind: Gateway
-      name: tls-gateway
-      namespace: kube-system
+      name: traefik-gateway
+      namespace: traefik
   hostnames:
     - hubble.alexlebens.net
   rules:

clusters/cl01tl/standalone/cilium/values.yaml

@@ -28,7 +28,7 @@ cilium:
   l2announcements:
     enabled: false
   bgpControlPlane:
-    enabled: true
+    enabled: false
     secretsNamespace:
       name: kube-system
     statusReport: