From 58dd2b8709604f78ba75cf470d3c5f331c5772fb Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Fri, 23 Jan 2026 18:59:04 +0000 Subject: [PATCH] chore: Update manifests after change --- .../traefik/ClusterRole-traefik-traefik.yaml | 2 +- .../ClusterRoleBinding-traefik-traefik.yaml | 2 +- ...rceDefinition-apiauths.hub.traefik.io.yaml | 109 +++++++++- ...eDefinition-apibundles.hub.traefik.io.yaml | 82 +++++++ ...nition-apicatalogitems.hub.traefik.io.yaml | 84 ++++++++ ...rceDefinition-apiplans.hub.traefik.io.yaml | 67 +++++- ...inition-apiportalauths.hub.traefik.io.yaml | 57 +++++ ...eDefinition-apiportals.hub.traefik.io.yaml | 57 +++++ ...esourceDefinition-apis.hub.traefik.io.yaml | 57 +++++ ...Definition-apiversions.hub.traefik.io.yaml | 58 ++++- ...on-managedapplications.hub.traefik.io.yaml | 58 +++++ ...n-managedsubscriptions.hub.traefik.io.yaml | 82 +++++++ .../manifests/traefik/DaemonSet-traefik.yaml | 201 +++++++++--------- .../traefik/Gateway-traefik-gateway.yaml | 2 +- .../traefik/GatewayClass-traefik.yaml | 2 +- .../IngressRoute-traefik-dashboard.yaml | 2 +- .../traefik/Service-traefik-metrics.yaml | 2 +- .../manifests/traefik/Service-traefik.yaml | 2 +- .../traefik/ServiceAccount-traefik.yaml | 2 +- .../traefik/ServiceMonitor-traefik.yaml | 2 +- 20 files changed, 809 insertions(+), 121 deletions(-) diff --git a/clusters/cl01tl/manifests/traefik/ClusterRole-traefik-traefik.yaml b/clusters/cl01tl/manifests/traefik/ClusterRole-traefik-traefik.yaml index 33b1b5385..de27e98d8 100644 --- a/clusters/cl01tl/manifests/traefik/ClusterRole-traefik-traefik.yaml +++ b/clusters/cl01tl/manifests/traefik/ClusterRole-traefik-traefik.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm rules: - apiGroups: diff --git a/clusters/cl01tl/manifests/traefik/ClusterRoleBinding-traefik-traefik.yaml b/clusters/cl01tl/manifests/traefik/ClusterRoleBinding-traefik-traefik.yaml index 0e4cff4a9..cbbd3e688 100644 --- a/clusters/cl01tl/manifests/traefik/ClusterRoleBinding-traefik-traefik.yaml +++ b/clusters/cl01tl/manifests/traefik/ClusterRoleBinding-traefik-traefik.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiauths.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiauths.hub.traefik.io.yaml index fcded8599..26e7988c0 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiauths.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiauths.hub.traefik.io.yaml @@ -61,21 +61,29 @@ spec: description: ForwardHeaders specifies additional headers to forward with the request. type: object jwksFile: - description: JWKSFile contains the JWKS file content for JWT verification. + description: |- + JWKSFile contains the JWKS file content for JWT verification. + Mutually exclusive with SigningSecretName, PublicKey, JWKSURL, and TrustedIssuers. type: string jwksUrl: - description: JWKSURL is the URL to fetch the JWKS for JWT verification. + description: |- + JWKSURL is the URL to fetch the JWKS for JWT verification. + Mutually exclusive with SigningSecretName, PublicKey, JWKSFile, and TrustedIssuers. + Deprecated: Use TrustedIssuers instead for more flexible JWKS configuration with issuer validation. type: string x-kubernetes-validations: - - message: must be a valid URL - rule: isURL(self) + - message: must be a valid HTTPS URL + rule: isURL(self) && self.startsWith('https://') publicKey: - description: PublicKey is the PEM-encoded public key for JWT verification. + description: |- + PublicKey is the PEM-encoded public key for JWT verification. + Mutually exclusive with SigningSecretName, JWKSFile, JWKSURL, and TrustedIssuers. type: string signingSecretName: description: |- SigningSecretName is the name of the Kubernetes Secret containing the signing secret. The secret must be of type Opaque and contain a key named 'value'. + Mutually exclusive with PublicKey, JWKSFile, JWKSURL, and TrustedIssuers. maxLength: 253 type: string stripAuthorizationHeader: @@ -89,12 +97,42 @@ spec: tokenQueryKey: description: TokenQueryKey specifies the query parameter name for the JWT token. type: string + trustedIssuers: + description: |- + TrustedIssuers defines multiple JWKS providers with optional issuer validation. + Mutually exclusive with SigningSecretName, PublicKey, JWKSFile, and JWKSURL. + items: + description: TrustedIssuer represents a trusted JWT issuer with its associated JWKS endpoint for token verification. + properties: + issuer: + description: |- + Issuer is the expected value of the "iss" claim. + If specified, tokens must have this exact issuer to be validated against this JWKS. + The issuer value must match exactly, including trailing slashes and URL encoding. + If omitted, this JWKS acts as a fallback for any issuer. + type: string + jwksUrl: + description: JWKSURL is the URL to fetch the JWKS from. + type: string + x-kubernetes-validations: + - message: must be a valid HTTPS URL + rule: isURL(self) && self.startsWith('https://') + required: + - jwksUrl + type: object + maxItems: 100 + minItems: 1 + type: array required: - appIdClaim type: object x-kubernetes-validations: - - message: exactly one of signingSecretName, publicKey, jwksFile, or jwksUrl must be specified - rule: '[has(self.signingSecretName), has(self.publicKey), has(self.jwksFile), has(self.jwksUrl)].filter(x, x).size() == 1' + - message: exactly one of signingSecretName, publicKey, jwksFile, jwksUrl, or trustedIssuers must be specified + rule: '[has(self.signingSecretName), has(self.publicKey), has(self.jwksFile), has(self.jwksUrl), has(self.trustedIssuers)].filter(x, x).size() == 1' + - message: trustedIssuers must not be empty when specified + rule: '!has(self.trustedIssuers) || size(self.trustedIssuers) > 0' + - message: only one entry in trustedIssuers may omit the issuer field + rule: '!has(self.trustedIssuers) || self.trustedIssuers.filter(x, !has(x.issuer) || x.issuer == "").size() <= 1' ldap: description: LDAP configures LDAP authentication. properties: @@ -154,6 +192,61 @@ spec: status: description: The current status of this APIAuth. properties: + conditions: + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the APIAuth. type: string @@ -166,3 +259,5 @@ spec: type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apibundles.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apibundles.hub.traefik.io.yaml index 69ee91207..cc524f3bc 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apibundles.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apibundles.hub.traefik.io.yaml @@ -114,15 +114,97 @@ spec: status: description: The current status of this APIBundle. properties: + conditions: + description: Conditions is the list of status conditions. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the APIBundle. type: string + resolvedApis: + description: ResolvedAPIs is the list of APIs that were successfully resolved. + items: + description: ResolvedAPIReference references a resolved API. + properties: + name: + description: Name of the API. + type: string + required: + - name + type: object + type: array syncedAt: format: date-time type: string + unresolvedApis: + description: UnresolvedAPIs is the list of APIs that could not be resolved. + items: + description: ResolvedAPIReference references a resolved API. + properties: + name: + description: Name of the API. + type: string + required: + - name + type: object + type: array version: type: string type: object type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apicatalogitems.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apicatalogitems.hub.traefik.io.yaml index 6654ca10b..166dcacdf 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apicatalogitems.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apicatalogitems.hub.traefik.io.yaml @@ -163,18 +163,102 @@ spec: x-kubernetes-validations: - message: groups and everyone are mutually exclusive rule: '(has(self.everyone) && has(self.groups)) ? !(self.everyone && self.groups.size() > 0) : true' + - message: groups is required when everyone is false + rule: (has(self.everyone) && self.everyone) || (has(self.groups) && self.groups.size() > 0) status: description: The current status of this APICatalogItem. properties: + conditions: + description: Conditions is the list of status conditions. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the APICatalogItem. type: string + resolvedApis: + description: ResolvedAPIs is the list of APIs that were successfully resolved. + items: + description: ResolvedAPIReference references a resolved API. + properties: + name: + description: Name of the API. + type: string + required: + - name + type: object + type: array syncedAt: format: date-time type: string + unresolvedApis: + description: UnresolvedAPIs is the list of APIs that could not be resolved. + items: + description: ResolvedAPIReference references a resolved API. + properties: + name: + description: Name of the API. + type: string + required: + - name + type: object + type: array version: type: string type: object type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiplans.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiplans.hub.traefik.io.yaml index 5aaf79bfb..575259b03 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiplans.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiplans.hub.traefik.io.yaml @@ -53,7 +53,7 @@ spec: - application type: string limit: - description: Limit is the maximum number of token in the bucket. + description: Limit is the maximum number of requests per sliding Period. type: integer x-kubernetes-validations: - message: must be a positive number @@ -80,13 +80,17 @@ spec: - application type: string limit: - description: Limit is the maximum number of token in the bucket. + description: |- + Limit is the number of requests per Period used to calculate the regeneration rate. + Traffic will converge to this rate over time by delaying requests when possible, and dropping them when throttling alone is not enough. type: integer x-kubernetes-validations: - message: must be a positive number rule: self >= 0 period: - description: Period is the unit of time for the Limit. + description: |- + Period is the time unit used to express the rate. + Combined with Limit, it defines the rate at which request capacity regenerates (Limit รท Period). format: duration type: string x-kubernetes-validations: @@ -104,6 +108,61 @@ spec: status: description: The current status of this APIPlan. properties: + conditions: + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the APIPlan. type: string @@ -116,3 +175,5 @@ spec: type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiportalauths.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiportalauths.hub.traefik.io.yaml index 33761d116..c0a9332c0 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiportalauths.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiportalauths.hub.traefik.io.yaml @@ -195,6 +195,61 @@ spec: status: description: The current status of this APIPortalAuth. properties: + conditions: + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the APIPortalAuth. type: string @@ -207,3 +262,5 @@ spec: type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiportals.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiportals.hub.traefik.io.yaml index 226c1fcd9..079388fb6 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiportals.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiportals.hub.traefik.io.yaml @@ -77,6 +77,61 @@ spec: status: description: The current status of this APIPortal. properties: + conditions: + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the APIPortal. type: string @@ -131,3 +186,5 @@ spec: type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apis.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apis.hub.traefik.io.yaml index f112eb2ae..4cd6c2065 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apis.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apis.hub.traefik.io.yaml @@ -216,6 +216,61 @@ spec: status: description: The current status of this API. properties: + conditions: + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the API. type: string @@ -228,3 +283,5 @@ spec: type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiversions.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiversions.hub.traefik.io.yaml index f08fb23a0..0aae488c7 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiversions.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiversions.hub.traefik.io.yaml @@ -215,6 +215,61 @@ spec: status: description: The current status of this APIVersion. properties: + conditions: + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the APIVersion. type: string @@ -227,4 +282,5 @@ spec: type: object served: true storage: true - subresources: {} + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedapplications.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedapplications.hub.traefik.io.yaml index 8ad8edfa7..275394793 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedapplications.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedapplications.hub.traefik.io.yaml @@ -41,6 +41,7 @@ spec: apiKeys: description: APIKeys references the API keys used to authenticate the application when calling APIs. items: + description: APIKey describes an API key used to authenticate the application when calling APIs. properties: secretName: description: SecretName references the name of the secret containing the API key. @@ -88,6 +89,61 @@ spec: additionalProperties: type: string type: object + conditions: + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the ManagedApplication. type: string @@ -100,3 +156,5 @@ spec: type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedsubscriptions.hub.traefik.io.yaml b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedsubscriptions.hub.traefik.io.yaml index 808cc3397..a4646f410 100644 --- a/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedsubscriptions.hub.traefik.io.yaml +++ b/clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedsubscriptions.hub.traefik.io.yaml @@ -206,15 +206,97 @@ spec: status: description: The current status of this ManagedSubscription. properties: + conditions: + description: Conditions is the list of status conditions. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array hash: description: Hash is a hash representing the ManagedSubscription. type: string + resolvedApis: + description: ResolvedAPIs is the list of APIs that were successfully resolved. + items: + description: ResolvedAPIReference references a resolved API. + properties: + name: + description: Name of the API. + type: string + required: + - name + type: object + type: array syncedAt: format: date-time type: string + unresolvedApis: + description: UnresolvedAPIs is the list of APIs that could not be resolved. + items: + description: ResolvedAPIReference references a resolved API. + properties: + name: + description: Name of the API. + type: string + required: + - name + type: object + type: array version: type: string type: object type: object served: true storage: true + subresources: + status: {} diff --git a/clusters/cl01tl/manifests/traefik/DaemonSet-traefik.yaml b/clusters/cl01tl/manifests/traefik/DaemonSet-traefik.yaml index 28e27be93..3822881f2 100644 --- a/clusters/cl01tl/manifests/traefik/DaemonSet-traefik.yaml +++ b/clusters/cl01tl/manifests/traefik/DaemonSet-traefik.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm annotations: spec: @@ -22,107 +22,51 @@ spec: minReadySeconds: 0 template: metadata: - annotations: + annotations: null labels: - app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: traefik + helm.sh/chart: traefik-39.0.0 spec: - serviceAccountName: traefik automountServiceAccountToken: true - terminationGracePeriodSeconds: 60 - hostNetwork: false containers: - - image: docker.io/traefik:v3.6.6 - imagePullPolicy: IfNotPresent - name: traefik - resources: - readinessProbe: - httpGet: - path: /ping - port: 8080 - scheme: HTTP - failureThreshold: 1 - initialDelaySeconds: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - path: /ping - port: 8080 - scheme: HTTP - failureThreshold: 3 - initialDelaySeconds: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - lifecycle: - ports: - - name: metrics - containerPort: 9100 - protocol: TCP - - name: ssh - containerPort: 22 - protocol: TCP - - name: traefik - containerPort: 8080 - protocol: TCP - - name: web - containerPort: 8000 - protocol: TCP - - name: websecure - containerPort: 8443 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - name: data - mountPath: /data - - name: tmp - mountPath: /tmp - args: - - "--entryPoints.metrics.address=:9100/tcp" - - "--entryPoints.ssh.address=:22/tcp" - - "--entryPoints.traefik.address=:8080/tcp" - - "--entryPoints.web.address=:8000/tcp" - - "--entryPoints.websecure.address=:8443/tcp" - - "--api.dashboard=true" - - "--ping=true" - - "--metrics.prometheus=true" - - "--metrics.prometheus.entrypoint=metrics" - - "--providers.kubernetescrd" - - "--providers.kubernetescrd.allowCrossNamespace=true" - - "--providers.kubernetescrd.allowEmptyServices=true" - - "--providers.kubernetesgateway" - - "--providers.kubernetesgateway.statusaddress.ip=10.232.1.21" - - "--providers.kubernetesgateway.statusaddress.service.name=traefik" - - "--providers.kubernetesgateway.statusaddress.service.namespace=traefik" - - "--providers.kubernetesgateway.experimentalchannel=true" - - "--entryPoints.ssh.http.tls=true" - - "--entryPoints.ssh.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7" - - "--entryPoints.ssh.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7" - - "--entryPoints.web.http.redirections.entryPoint.to=:443" - - "--entryPoints.web.http.redirections.entryPoint.scheme=https" - - "--entryPoints.web.http.redirections.entryPoint.permanent=true" - - "--entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7" - - "--entryPoints.web.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7" - - "--entryPoints.websecure.http.encodedCharacters.allowEncodedSlash=true" - - "--entryPoints.websecure.http.encodedCharacters.allowEncodedBackSlash=true" - - "--entryPoints.websecure.http.encodedCharacters.allowEncodedNullCharacter=true" - - "--entryPoints.websecure.http.encodedCharacters.allowEncodedSemicolon=true" - - "--entryPoints.websecure.http.encodedCharacters.allowEncodedPercent=true" - - "--entryPoints.websecure.http.encodedCharacters.allowEncodedQuestionMark=true" - - "--entryPoints.websecure.http.encodedCharacters.allowEncodedHash=true" - - "--entryPoints.websecure.http.tls=true" - - "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7" - - "--entryPoints.websecure.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7" - - "--log.level=INFO" + - args: + - --entryPoints.metrics.address=:9100/tcp + - --entryPoints.ssh.address=:22/tcp + - --entryPoints.traefik.address=:8080/tcp + - --entryPoints.web.address=:8000/tcp + - --entryPoints.websecure.address=:8443/tcp + - --api.dashboard=true + - --ping=true + - --metrics.prometheus=true + - --metrics.prometheus.entrypoint=metrics + - --providers.kubernetescrd + - --providers.kubernetescrd.allowCrossNamespace=true + - --providers.kubernetescrd.allowEmptyServices=true + - --providers.kubernetesgateway + - --providers.kubernetesgateway.statusaddress.ip=10.232.1.21 + - --providers.kubernetesgateway.statusaddress.service.name=traefik + - --providers.kubernetesgateway.statusaddress.service.namespace=traefik + - --providers.kubernetesgateway.experimentalchannel=true + - --entryPoints.ssh.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 + - --entryPoints.ssh.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 + - --entryPoints.web.http.redirections.entryPoint.to=:443 + - --entryPoints.web.http.redirections.entryPoint.scheme=https + - --entryPoints.web.http.redirections.entryPoint.permanent=true + - --entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 + - --entryPoints.web.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 + - --entryPoints.websecure.http.encodedCharacters.allowEncodedBackSlash=true + - --entryPoints.websecure.http.encodedCharacters.allowEncodedHash=true + - --entryPoints.websecure.http.encodedCharacters.allowEncodedNullCharacter=true + - --entryPoints.websecure.http.encodedCharacters.allowEncodedPercent=true + - --entryPoints.websecure.http.encodedCharacters.allowEncodedQuestionMark=true + - --entryPoints.websecure.http.encodedCharacters.allowEncodedSemicolon=true + - --entryPoints.websecure.http.encodedCharacters.allowEncodedSlash=true + - --entryPoints.websecure.http.tls=true + - --entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 + - --entryPoints.websecure.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 + - --log.level=INFO env: - name: POD_NAME valueFrom: @@ -134,14 +78,69 @@ spec: fieldPath: metadata.namespace - name: USER value: traefik - volumes: - - name: data - emptyDir: {} - - name: tmp - emptyDir: {} + image: docker.io/traefik:v3.6.7 + imagePullPolicy: IfNotPresent + lifecycle: null + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 8080 + scheme: HTTP + initialDelaySeconds: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + name: traefik + ports: + - containerPort: 9100 + name: metrics + protocol: TCP + - containerPort: 22 + name: ssh + protocol: TCP + - containerPort: 8080 + name: traefik + protocol: TCP + - containerPort: 8000 + name: web + protocol: TCP + - containerPort: 8443 + name: websecure + protocol: TCP + readinessProbe: + failureThreshold: 1 + httpGet: + path: /ping + port: 8080 + scheme: HTTP + initialDelaySeconds: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: null + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + hostNetwork: false securityContext: runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault + serviceAccountName: traefik + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp diff --git a/clusters/cl01tl/manifests/traefik/Gateway-traefik-gateway.yaml b/clusters/cl01tl/manifests/traefik/Gateway-traefik-gateway.yaml index c9ed15d54..993901922 100644 --- a/clusters/cl01tl/manifests/traefik/Gateway-traefik-gateway.yaml +++ b/clusters/cl01tl/manifests/traefik/Gateway-traefik-gateway.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm annotations: cert-manager.io/cluster-issuer: letsencrypt-issuer diff --git a/clusters/cl01tl/manifests/traefik/GatewayClass-traefik.yaml b/clusters/cl01tl/manifests/traefik/GatewayClass-traefik.yaml index 7fd0605e5..fb25c9d91 100644 --- a/clusters/cl01tl/manifests/traefik/GatewayClass-traefik.yaml +++ b/clusters/cl01tl/manifests/traefik/GatewayClass-traefik.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm spec: controllerName: traefik.io/gateway-controller diff --git a/clusters/cl01tl/manifests/traefik/IngressRoute-traefik-dashboard.yaml b/clusters/cl01tl/manifests/traefik/IngressRoute-traefik-dashboard.yaml index f9408fba3..e8caf659c 100644 --- a/clusters/cl01tl/manifests/traefik/IngressRoute-traefik-dashboard.yaml +++ b/clusters/cl01tl/manifests/traefik/IngressRoute-traefik-dashboard.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm spec: entryPoints: diff --git a/clusters/cl01tl/manifests/traefik/Service-traefik-metrics.yaml b/clusters/cl01tl/manifests/traefik/Service-traefik-metrics.yaml index 25238a30e..adda982fd 100644 --- a/clusters/cl01tl/manifests/traefik/Service-traefik-metrics.yaml +++ b/clusters/cl01tl/manifests/traefik/Service-traefik-metrics.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik app.kubernetes.io/component: metrics - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm annotations: spec: diff --git a/clusters/cl01tl/manifests/traefik/Service-traefik.yaml b/clusters/cl01tl/manifests/traefik/Service-traefik.yaml index fc6681914..d04846ab5 100644 --- a/clusters/cl01tl/manifests/traefik/Service-traefik.yaml +++ b/clusters/cl01tl/manifests/traefik/Service-traefik.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm annotations: spec: diff --git a/clusters/cl01tl/manifests/traefik/ServiceAccount-traefik.yaml b/clusters/cl01tl/manifests/traefik/ServiceAccount-traefik.yaml index d2ee68aef..9d3a633ad 100644 --- a/clusters/cl01tl/manifests/traefik/ServiceAccount-traefik.yaml +++ b/clusters/cl01tl/manifests/traefik/ServiceAccount-traefik.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm annotations: automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/traefik/ServiceMonitor-traefik.yaml b/clusters/cl01tl/manifests/traefik/ServiceMonitor-traefik.yaml index 413d860c2..e8f4fd1d6 100644 --- a/clusters/cl01tl/manifests/traefik/ServiceMonitor-traefik.yaml +++ b/clusters/cl01tl/manifests/traefik/ServiceMonitor-traefik.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik app.kubernetes.io/component: metrics - helm.sh/chart: traefik-38.0.2 + helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm spec: jobLabel: traefik -- 2.49.1