chore(deps): update cilium to v1.19.3

Reviewed-on: #6105

clusters/cl01tl/helm/argocd/templates/_helpers.tpl

@@ -1,14 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "argocd.labels" -}}
-{{ include "argocd.selectorLabels" $ }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "argocd.selectorLabels" -}}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
-{{- end }}

clusters/cl01tl/helm/argocd/templates/external-secret.yaml

@@ -4,8 +4,9 @@ metadata:
   name: argocd-oidc-authentik
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: argocd-oidc-authentik
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "argocd.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -27,8 +28,9 @@ metadata:
   name: argocd-notifications-ntfy
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: argocd-notifications-ntfy
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "argocd.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl

@@ -1,27 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "audiobookshelf.labels" -}}
-{{ include "audiobookshelf.selectorLabels" $ }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "audiobookshelf.selectorLabels" -}}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-NFS names
-*/}}
-{{- define "audiobookshelf.booksNfsName" -}}
-audiobookshelf-books-nfs-storage
-{{- end -}}
-{{- define "audiobookshelf.audiobooksNfsName" -}}
-audiobookshelf-audiobooks-nfs-storage
-{{- end -}}
-{{- define "audiobookshelf.podcastsNfsName" -}}
-audiobookshelf-podcasts-nfs-storage
-{{- end -}}

clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml

@@ -4,8 +4,9 @@ metadata:
   name: audiobookshelf-config-apprise
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: audiobookshelf-config-apprise
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml

@@ -1,13 +1,14 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "audiobookshelf.booksNfsName" . }}
+  name: audiobookshelf-books-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "audiobookshelf.booksNfsName" . }}
+  volumeName: {{ .Template.Name }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "audiobookshelf.audiobooksNfsName" . }}
+  name: audiobookshelf-audiobooks-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "audiobookshelf.audiobooksNfsName" . }}
+  volumeName: {{ .Template.Name }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany
@@ -37,13 +39,14 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "audiobookshelf.podcastsNfsName" . }}
+  name: audiobookshelf-podcasts-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "audiobookshelf.podcastsNfsName" . }}
+  volumeName: {{ .Template.Name }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany

clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml

@@ -1,11 +1,12 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "audiobookshelf.booksNfsName" . }}
+  name: audiobookshelf-books-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "audiobookshelf.audiobooksNfsName" . }}
+  name: audiobookshelf-audiobooks-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client
@@ -49,11 +51,12 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "audiobookshelf.podcastsNfsName" . }}
+  name: audiobookshelf-podcasts-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "audiobookshelf.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client

clusters/cl01tl/helm/authentik/templates/_helpers.tpl

@@ -1,14 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "authentik.labels" -}}
-{{ include "authentik.selectorLabels" $ }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "authentik.selectorLabels" -}}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
-{{- end }}

clusters/cl01tl/helm/authentik/templates/external-secret.yaml

@@ -4,8 +4,9 @@ metadata:
   name: authentik-key
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: authentik-key
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "authentik.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/authentik/templates/ingress.yaml

@@ -1,12 +1,13 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ .Release.Name }}-tailscale
+  name: authentik-tailscale
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}-tailscale
+    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
     tailscale.com/proxy-class: no-metrics
-    {{- include "authentik.labels" . | nindent 4 }}
   annotations:
     tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
 spec:

clusters/cl01tl/helm/authentik/templates/reference-grant.yaml

@@ -4,8 +4,9 @@ metadata:
   name: allow-outpost-cross-namespace-access
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: allow-outpost-cross-namespace-access
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "authentik.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   from:
     - group: gateway.networking.k8s.io

clusters/cl01tl/helm/backrest/templates/_helpers.tpl

@@ -1,24 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "backrest.labels" -}}
-{{ include "backrest.selectorLabels" $ }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "backrest.selectorLabels" -}}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-NFS names
-*/}}
-{{- define "backrest.storageNfsName" -}}
-backrest-nfs-storage
-{{- end -}}
-{{- define "backrest.shareNfsName" -}}
-backrest-nfs-share
-{{- end -}}

clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml

@@ -1,13 +1,14 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "backrest.storageNfsName" . }}
+  name: backrest-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "backrest.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "backrest.storageNfsName" . }}
+  volumeName: {{ .Template.Name }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "backrest.shareNfsName" . }}
+  name: backrest-nfs-share
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "backrest.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{- include "backrest.shareNfsName" . }}
+  volumeName: {{ .Template.Name }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany

clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml

@@ -1,11 +1,12 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "backrest.storageNfsName" . }}
+  name: backrest-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "backrest.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "backrest.shareNfsName" . }}
+  name: backrest-nfs-share
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "backrest.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client

clusters/cl01tl/helm/bazarr/templates/_helpers.tpl

@@ -1,21 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "bazarr.labels" -}}
-{{ include "bazarr.selectorLabels" $ }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "bazarr.selectorLabels" -}}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-NFS names
-*/}}
-{{- define "bazarr.storageNfsName" -}}
-bazarr-nfs-storage
-{{- end -}}

clusters/cl01tl/helm/bazarr/templates/external-secret.yaml

@@ -4,8 +4,9 @@ metadata:
   name: bazarr-key
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: bazarr-key
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "bazarr.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml

@@ -1,11 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{- include "bazarr.storageNfsName" . }}
+  name: bazarr-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "bazarr.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   volumeName: {{ .Template.Name }}
   storageClassName: nfs-client

clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml

@@ -1,11 +1,12 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: {{- include "bazarr.storageNfsName" . }}
+  name: bazarr-nfs-storage
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "bazarr.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client

clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl

@@ -1,24 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "cert-manager.labels" -}}
-{{ include "cert-manager.selectorLabels" $ }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "cert-manager.selectorLabels" -}}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-NFS names
-*/}}
-{{- define "cert-manager.cloudflareSecretName" -}}
-cert-manager-cloudflare-api-token
-{{- end -}}
-{{- define "cert-manager.cloudflareSecretKey" -}}
-api-token
-{{- end -}}

clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml

@@ -4,8 +4,9 @@ metadata:
   name: letsencrypt-issuer
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: letsencrypt-issuer
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "cert-manager.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   acme:
     email: alexanderlebens@gmail.com
@@ -21,5 +22,5 @@ spec:
           cloudflare:
             email: alexanderlebens@gmail.com
             apiTokenSecretRef:
-              name: {{- include "cert-manager.cloudflareSecretName" . }}
+              name: cloudflare-api-token
-              key: {{- include "cert-manager.cloudflareSecretKey" . }}
+              key: api-token

clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml

@@ -1,17 +1,18 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: {{- include "cert-manager.cloudflareSecretName" . }}
+  name: cloudflare-api-token
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{- include "cert-manager.cloudflareSecretName" . }}
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "cert-manager.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
     name: openbao
   data:
-    - secretKey: {{- include "cert-manager.cloudflareSecretKey" . }}
+    - secretKey: api-token
       remoteRef:
         key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
         property: token

clusters/cl01tl/helm/cilium/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: cilium
   repository: https://helm.cilium.io/
-  version: 1.18.6
+  version: 1.19.3
-digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
+digest: sha256:0fb32249f6ab7d68568a1e44796a8ee1ee5da2294b29a9c720153db8f055888b
-generated: "2026-02-05T12:00:20.15778-06:00"
+generated: "2026-04-20T02:13:20.512588721Z"

clusters/cl01tl/helm/cilium/Chart.yaml

@@ -14,8 +14,8 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: cilium
-    version: 1.18.6
+    version: 1.19.3
     repository: https://helm.cilium.io/
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
 # renovate: datasource=github-releases depName=cilium/cilium
-appVersion: 1.18.6
+appVersion: 1.19.3

clusters/cl01tl/helm/cilium/templates/_helpers.tpl

@@ -1,14 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "cilium.labels" -}}
-{{ include "cilium.selectorLabels" $ }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "cilium.selectorLabels" -}}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
-{{- end }}

clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml

@@ -0,0 +1,19 @@
+# apiVersion: cilium.io/v2
+# kind: CiliumBGPAdvertisement
+# metadata:
+#   name: cilium-bgp-advertisements
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: {{ .Template.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   advertisements:
+#     - advertisementType: "Service"
+#       service:
+#         addresses:
+#           - ExternalIP
+#           - LoadBalancerIP
+#       selector:
+#         matchExpressions:
+#          - {key: somekey, operator: NotIn, values: ['never-used-value']}

clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml

@@ -0,0 +1,22 @@
+# apiVersion: cilium.io/v2
+# kind: CiliumBGPClusterConfig
+# metadata:
+#   name: cilium-bgp
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: {{ .Template.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   nodeSelector:
+#     matchLabels:
+#       node-role.kubernetes.io/bgp: "65020"
+#   bgpInstances:
+#     - name: "65020"
+#       localASN: 65020
+#       peers:
+#         - name: "udm-65000"
+#           peerASN: 65000
+#           peerAddress: 192.168.1.1
+#           peerConfigRef:
+#             name: "cilium-peer"

clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml

@@ -0,0 +1,23 @@
+# apiVersion: cilium.io/v2
+# kind: CiliumBGPPeerConfig
+# metadata:
+#   name: cilium-peer
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: {{ .Template.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   timers:
+#     holdTimeSeconds: 9
+#     keepAliveTimeSeconds: 3
+#   ebgpMultihop: 4
+#   gracefulRestart:
+#     enabled: true
+#     restartTimeSeconds: 15
+#   families:
+#     - afi: ipv4
+#       safi: unicast
+#       advertisements:
+#         matchLabels:
+#           app.kubernetes.io/name: cilium-bgp-advertisements

clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml

@@ -4,8 +4,9 @@ metadata:
   name: default-ip-pool
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: default-ip-pool
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "cilium.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   blocks:
     - start: "10.232.1.21"
@@ -18,8 +19,9 @@ metadata:
   name: bgp-ip-pool
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: bgp-ip-pool
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "cilium.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   blocks:
     - start: "10.232.2.100"

clusters/cl01tl/helm/cilium/templates/gateway.yaml

@@ -0,0 +1,45 @@
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: Gateway
+# metadata:
+#   name: cilium-tls-gateway
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: {{ .Template.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+#   annotations:
+#     cert-manager.io/cluster-issuer: letsencrypt-issuer
+# spec:
+#   addresses:
+#     - type: IPAddress
+#       value: 10.232.1.23
+#   gatewayClassName: cilium
+#   listeners:
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: '*.alexlebens.net'
+#       name: https
+#       port: 443
+#       protocol: HTTPS
+#       tls:
+#         certificateRefs:
+#           - group: ''
+#             kind: Secret
+#             name: https-gateway-cert
+#             namespace: kube-system
+#         mode: Terminate
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: 'alexlebens.net'
+#       name: https-domain
+#       port: 443
+#       protocol: HTTPS
+#       tls:
+#         certificateRefs:
+#           - group: ''
+#             kind: Secret
+#             name: https-gateway-cert
+#             namespace: kube-system
+#         mode: Terminate

clusters/cl01tl/helm/cilium/templates/http-route.yaml

@@ -4,8 +4,9 @@ metadata:
   name: hubble
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: hubble
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "cilium.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   parentRefs:
     - group: gateway.networking.k8s.io

clusters/cl01tl/helm/dawarich/templates/_helpers.tpl

@@ -1,14 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "dawarich.labels" -}}
-{{ include "dawarich.selectorLabels" $ }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "dawarich.selectorLabels" -}}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: {{ .Release.Name }}
-{{- end }}

clusters/cl01tl/helm/dawarich/templates/external-secret.yaml

@@ -4,8 +4,9 @@ metadata:
   name: dawarich-key
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: dawarich-key
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "dawarich.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -23,8 +24,9 @@ metadata:
   name: dawarich-oidc-authentik
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: dawarich-oidc-authentik
+    app.kubernetes.io/name: {{ .Template.Name }}
-    {{- include "dawarich.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/medialyze/Chart.yaml

@@ -24,4 +24,4 @@ dependencies:
     repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
 # renovate: datasource=github-releases depName=frederikemmer/MediaLyze
-appVersion: 0.7.1
+appVersion: 0.8.0

clusters/cl01tl/helm/medialyze/values.yaml

@@ -12,7 +12,7 @@ medialyze:
         main:
           image:
             repository: ghcr.io/frederikemmer/medialyze
-            tag: 0.7.1@sha256:c28cfd5cafe2b34136efaba5ba825440a2160cda3116ecb266454eac07a37e49
+            tag: 0.8.0@sha256:80aa5ce70d8644ce8321f97856a1c0ede5dfeaaba305c514ceefebf89c8985ef
           env:
             - name: HOST_PORT
               value: 8080