2025-12-26 01:22:00 +00:00
13 changed files with 10 additions and 178 deletions
--- a/clusters/cl01tl/manifests/argo-workflows/HTTPRoute-argo-workflows.yaml
+++ b/clusters/cl01tl/manifests/argo-workflows/HTTPRoute-argo-workflows.yaml
@@ -11,8 +11,8 @@ spec:
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
-      name: cilium-tls-gateway
-      namespace: kube-system
+      name: traefik-gateway
+      namespace: traefik
  hostnames:
    - argo-workflows.alexlebens.net
  rules:
--- a/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml
+++ b/clusters/cl01tl/manifests/blocky/ConfigMap-blocky.yaml
@@ -90,7 +90,7 @@ data:
        ;; Application Names
        actual                          IN      CNAME   traefik-cl01tl
        alertmanager                    IN      CNAME   traefik-cl01tl
-        argo-workflows                  IN      CNAME   cilium-cl01tl
+        argo-workflows                  IN      CNAME   traefik-cl01tl
        argocd                          IN      CNAME   traefik-cl01tl
        audiobookshelf                  IN      CNAME   traefik-cl01tl
        authentik                       IN      CNAME   traefik-cl01tl
@@ -111,7 +111,7 @@ data:
        home                            IN      CNAME   traefik-cl01tl
        home-assistant                  IN      CNAME   traefik-cl01tl
        home-assistant-code-server      IN      CNAME   traefik-cl01tl
-        hubble                          IN      CNAME   cilium-cl01tl
+        hubble                          IN      CNAME   traefik-cl01tl
        huntarr                         IN      CNAME   traefik-cl01tl
        immich                          IN      CNAME   traefik-cl01tl
        jellyfin                        IN      CNAME   traefik-cl01tl
--- a/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml
+++ b/clusters/cl01tl/manifests/blocky/Deployment-blocky.yaml
@@ -22,7 +22,7 @@ spec:
  template:
    metadata:
      annotations:
-        checksum/configMaps: 8104cad96f2074fcfd9ed4c913c5cad186a5a1bd6f711fd94def748712016080
+        checksum/configMaps: 2f5e8c1dbe67625fe96fdedf0b39ace82fcf63552744f192712466288f21a002
      labels:
        app.kubernetes.io/controller: main
        app.kubernetes.io/instance: blocky
--- a/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml
+++ b/clusters/cl01tl/manifests/cilium/ClusterRole-cilium-operator.yaml
@@ -69,10 +69,6 @@ rules:
      - get
      - list
      - watch
-      - create
-      - update
-      - delete
-      - patch
  - apiGroups:
      - cilium.io
    resources:
@@ -220,57 +216,3 @@ rules:
      - create
      - get
      - update
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - gatewayclasses
-      - gateways
-      - tlsroutes
-      - httproutes
-      - grpcroutes
-      - referencegrants
-      - referencepolicies
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - gatewayclasses
-    verbs:
-      - patch
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - gatewayclasses/status
-      - gateways/status
-      - httproutes/status
-      - grpcroutes/status
-      - tlsroutes/status
-    verbs:
-      - update
-      - patch
-  - apiGroups:
-      - cilium.io
-    resources:
-      - ciliumgatewayclassconfigs
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - cilium.io
-    resources:
-      - ciliumgatewayclassconfigs/status
-    verbs:
-      - update
-      - patch
-  - apiGroups:
-      - multicluster.x-k8s.io
-    resources:
-      - serviceimports
-    verbs:
-      - get
-      - list
-      - watch
--- a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml
+++ b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml
@@ -16,18 +16,6 @@ data:
  controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services
  operator-prometheus-serve-addr: ":9963"
  enable-metrics: "true"
-  enable-envoy-config: "true"
-  envoy-config-retry-interval: "15s"
-  enable-gateway-api: "true"
-  enable-gateway-api-secrets-sync: "true"
-  enable-gateway-api-proxy-protocol: "false"
-  enable-gateway-api-app-protocol: "true"
-  enable-gateway-api-alpn: "true"
-  gateway-api-xff-num-trusted-hops: "0"
-  gateway-api-service-externaltrafficpolicy: "Cluster"
-  gateway-api-secrets-namespace: "cilium-secrets"
-  gateway-api-hostnetwork-enabled: "false"
-  gateway-api-hostnetwork-nodelabelselector: ""
  enable-policy-secrets-sync: "true"
  policy-secrets-only-from-secrets-namespace: "true"
  policy-secrets-namespace: "cilium-secrets"
--- a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml
+++ b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml
@@ -18,7 +18,7 @@ spec:
  template:
    metadata:
      annotations:
-        cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6"
+        cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8"
        kubectl.kubernetes.io/default-container: cilium-agent
      labels:
        k8s-app: cilium
--- a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml
+++ b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml
@@ -22,7 +22,7 @@ spec:
  template:
    metadata:
      annotations:
-        cilium.io/cilium-configmap-checksum: "4555792065138db5a26f8d9354c9717239cb1a7dbafa0d5357696e6bb3d6f2f6"
+        cilium.io/cilium-configmap-checksum: "bd764e7caadd4421d347d9c049e8d9cab101306c511512f127d7ffb839cf97d8"
      labels:
        io.cilium/app: operator
        name: cilium-operator
--- a/clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml
+++ b/clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml
@@ -1,35 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: cilium-tls-gateway
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: tls-gateway
-    app.kubernetes.io/instance: cilium
-    app.kubernetes.io/part-of: cilium
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
-spec:
-  gatewayClassName: cilium
-  listeners:
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: '*.alexlebens.net'
-      name: http
-      port: 80
-      protocol: HTTP
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: '*.alexlebens.net'
-      name: https
-      port: 443
-      protocol: HTTPS
-      tls:
-        certificateRefs:
-          - group: ''
-            kind: Secret
-            name: https-gateway-cert
-            namespace: kube-system
-        mode: Terminate
--- a/clusters/cl01tl/manifests/cilium/HTTPRoute-hubble.yaml
+++ b/clusters/cl01tl/manifests/cilium/HTTPRoute-hubble.yaml
@@ -11,15 +11,15 @@ spec:
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
-      name: cilium-tls-gateway
-      namespace: kube-system
+      name: traefik-gateway
+      namespace: traefik
  hostnames:
    - hubble.alexlebens.net
  rules:
    - matches:
        - path:
            type: PathPrefix
-            value: /hubble
+            value: /
      backendRefs:
        - group: ''
          kind: Service
--- a/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml
+++ b/clusters/cl01tl/manifests/cilium/Role-cilium-gateway-secrets.yaml
@@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cilium-gateway-secrets
-  namespace: "cilium-secrets"
-  labels:
-    app.kubernetes.io/part-of: cilium
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
--- a/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml
+++ b/clusters/cl01tl/manifests/cilium/Role-cilium-operator-gateway-secrets.yaml
@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cilium-operator-gateway-secrets
-  namespace: "cilium-secrets"
-  labels:
-    app.kubernetes.io/part-of: cilium
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - create
-      - delete
-      - update
-      - patch
--- a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml
+++ b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-gateway-secrets.yaml
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cilium-gateway-secrets
-  namespace: "cilium-secrets"
-  labels:
-    app.kubernetes.io/part-of: cilium
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cilium-gateway-secrets
-subjects:
-  - kind: ServiceAccount
-    name: "cilium"
-    namespace: kube-system
--- a/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml
+++ b/clusters/cl01tl/manifests/cilium/RoleBinding-cilium-operator-gateway-secrets.yaml
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cilium-operator-gateway-secrets
-  namespace: "cilium-secrets"
-  labels:
-    app.kubernetes.io/part-of: cilium
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cilium-operator-gateway-secrets
-subjects:
-  - kind: ServiceAccount
-    name: "cilium-operator"
-    namespace: kube-system