chore(deps): update ghcr.io/traefik/traefik docker tag to v3.6.8

clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml

@@ -1,17 +0,0 @@
-apiVersion: "cilium.io/v2alpha1"
-kind: CiliumL2AnnouncementPolicy
-metadata:
-  name: node-gateway-l2-policy
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: node-gateway-l2-policy
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  nodeSelector:
-    matchLabels:
-      kubernetes.io/hostname: talos-ix7-xku
-  interfaces:
-    - "^enp.*"
-  externalIPs: true
-  loadBalancerIPs: true

clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml

@@ -11,8 +11,6 @@ spec:
   blocks:
     - start: "10.232.1.21"
       stop: "10.232.1.23"
-    - start: "10.232.1.100"
-      stop: "10.232.1.200"
 
 ---
 apiVersion: cilium.io/v2

clusters/cl01tl/helm/cilium/templates/gateway.yaml

@@ -1,46 +1,45 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: cilium-tls-gateway
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: cilium-tls-gateway
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
-    io.cilium/lb-ipam-ips: "10.232.1.100"
-spec:
-  addresses:
-    - type: IPAddress
-      value: 10.232.1.100
-  gatewayClassName: cilium
-  listeners:
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: '*.alexlebens.net'
-      name: https
-      port: 443
-      protocol: HTTPS
-      tls:
-        certificateRefs:
-          - group: ''
-            kind: Secret
-            name: https-gateway-cert
-            namespace: kube-system
-        mode: Terminate
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: 'alexlebens.net'
-      name: https-domain
-      port: 443
-      protocol: HTTPS
-      tls:
-        certificateRefs:
-          - group: ''
-            kind: Secret
-            name: https-gateway-cert
-            namespace: kube-system
-        mode: Terminate
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: Gateway
+# metadata:
+#   name: cilium-tls-gateway
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: cilium-tls-gateway
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+#   annotations:
+#     cert-manager.io/cluster-issuer: letsencrypt-issuer
+# spec:
+#   addresses:
+#     - type: IPAddress
+#       value: 10.232.1.23
+#   gatewayClassName: cilium
+#   listeners:
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: '*.alexlebens.net'
+#       name: https
+#       port: 443
+#       protocol: HTTPS
+#       tls:
+#         certificateRefs:
+#           - group: ''
+#             kind: Secret
+#             name: https-gateway-cert
+#             namespace: kube-system
+#         mode: Terminate
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: 'alexlebens.net'
+#       name: https-domain
+#       port: 443
+#       protocol: HTTPS
+#       tls:
+#         certificateRefs:
+#           - group: ''
+#             kind: Secret
+#             name: https-gateway-cert
+#             namespace: kube-system
+#         mode: Terminate

clusters/cl01tl/helm/cilium/values.yaml

@@ -26,7 +26,7 @@ cilium:
         - SYS_ADMIN
         - SYS_RESOURCE
   l2announcements:
-    enabled: true
+    enabled: false
   bgpControlPlane:
     enabled: false
     secretsNamespace:
@@ -37,8 +37,7 @@ cilium:
       mode: "default"
   bpf:
     hostLegacyRouting: true
-  devices: '^(enp|end|eth)[0-9a-z]*'
-  enableK8sEndpointSlice: true
+  devices: end0 enp6s0
   ciliumEndpointSlice:
     enabled: true
   ingressController:

clusters/cl01tl/helm/ollama/Chart.yaml

@@ -31,4 +31,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
 # renovate: datasource=github-releases depName=ollama/ollama
-appVersion: 0.16.0
+appVersion: 0.15.6

clusters/cl01tl/helm/ollama/values.yaml

@@ -22,7 +22,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.16.0
+            tag: 0.15.6
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.16.0
+            tag: 0.15.6
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
         main:
           image:
             repository: ollama/ollama
-            tag: 0.16.0
+            tag: 0.15.6
             pullPolicy: IfNotPresent
           env:
             - name: OLLAMA_KEEP_ALIVE

hosts/ps08rp/traefik/compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
     traefik:
-        image: ghcr.io/traefik/traefik:v3.6.7
+        image: ghcr.io/traefik/traefik:v3.6.8
         container_name: traefik
         command:
             - "--global.checkNewVersion=false"

hosts/ps09rp/traefik/compose.yaml

@@ -1,7 +1,7 @@
 ---
 services:
     traefik:
-        image: ghcr.io/traefik/traefik:v3.6.7
+        image: ghcr.io/traefik/traefik:v3.6.8
         container_name: traefik
         command:
             - "--global.checkNewVersion=false"

hosts/ps10rp/traefik/compose.yaml

@@ -20,7 +20,7 @@ services:
             - /dev/net/tun:/dev/net/tun
 
     traefik:
-        image: ghcr.io/traefik/traefik:v3.6.7
+        image: ghcr.io/traefik/traefik:v3.6.8
         container_name: traefik
         command:
             - "--global.checkNewVersion=false"