alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

Automated Manifest Update #6611

Merged
alexlebens merged 2 commits from auto/update-manifests into manifests 2026-05-07 01:19:59 +00:00
Conversation 0 Commits 2 Files Changed 46 +411 -18
17 changed files with 411 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 07798df78f - Show all commits

5
clusters/cl01tl/manifests/traefik/ClusterRole-traefik-traefik.yaml
View File

@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
@@ -69,10 +69,7 @@ rules:
- ""
resources:
- namespaces
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:

2
clusters/cl01tl/manifests/traefik/ClusterRoleBinding-traefik-traefik.yaml
View File

@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io

26
clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiauths.hub.traefik.io.yaml
View File

@@ -40,8 +40,31 @@ spec:
properties:
apiKey:
description: APIKey configures API key authentication.
properties:
keySource:
description: |-
KeySource defines where to extract the API key from requests.
When not specified, defaults to "Authorization" header with "Bearer" scheme and "api_key" query parameter.
When specified, it completely overrides defaults - fields left empty will disable that extraction method.
minProperties: 1
properties:
header:
description: Header is the name of the header containing the API key.
type: string
headerAuthScheme:
description: |-
HeaderAuthScheme is the authentication scheme prefix in the header value.
The scheme is used to parse headers in the format "<scheme> <token>".
Only applies when header is "Authorization".
type: string
query:
description: Query is the name of the query parameter containing the API key.
type: string
type: object
x-kubernetes-validations:
- message: headerAuthScheme can only be used when header is 'Authorization'
rule: '!has(self.headerAuthScheme) || self.header == ''Authorization'''
type: object
x-kubernetes-preserve-unknown-fields: true
isDefault:
description: |-
IsDefault specifies if this APIAuth should be used as the default API authentication method for the namespace.
@@ -69,6 +92,7 @@ spec:
description: |-
JWKSURL is the URL to fetch the JWKS for JWT verification.
Mutually exclusive with SigningSecretName, PublicKey, JWKSFile, and TrustedIssuers.
Deprecated: Use TrustedIssuers instead for more flexible JWKS configuration with issuer validation.
type: string
x-kubernetes-validations:

5
clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apis.hub.traefik.io.yaml
View File

@@ -184,6 +184,11 @@ spec:
x-kubernetes-validations:
- message: must be a valid URL
rule: isURL(self)
validateRequestBodySchema:
description: |-
ValidateRequestBodySchema validates the request body against the OpenAPI specification.
This option overrides the default behavior configured in the static configuration.
type: boolean
validateRequestMethodAndPath:
description: |-
ValidateRequestMethodAndPath validates that the path and method matches an operation defined in the OpenAPI specification.

5
clusters/cl01tl/manifests/traefik/CustomResourceDefinition-apiversions.hub.traefik.io.yaml
View File

@@ -188,6 +188,11 @@ spec:
x-kubernetes-validations:
- message: must be a valid URL
rule: isURL(self)
validateRequestBodySchema:
description: |-
ValidateRequestBodySchema validates the request body against the OpenAPI specification.
This option overrides the default behavior configured in the static configuration.
type: boolean
validateRequestMethodAndPath:
description: |-
ValidateRequestMethodAndPath validates that the path and method matches an operation defined in the OpenAPI specification.

164
clusters/cl01tl/manifests/traefik/CustomResourceDefinition-contentitems.hub.traefik.io.yaml Normal file
View File

@@ -0,0 +1,164 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
name: contentitems.hub.traefik.io
spec:
group: hub.traefik.io
names:
kind: ContentItem
listKind: ContentItemList
plural: contentitems
singular: contentitem
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ContentItem defines additional documentation for given resource.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Defines the documentation to attach to the referenced resource.
properties:
content:
description: Content is the valid markdown content.
maxLength: 1500000
type: string
link:
description: Link is the link to the content.
properties:
href:
description: Href is the public URL of the content.
type: string
x-kubernetes-validations:
- message: must be a valid URL
rule: isURL(self)
required:
- href
type: object
order:
description: Order defines the order of the content in the UI.
format: int32
minimum: 0
type: integer
parentRef:
description: ParentRef is the reference to the resource that this content belongs to.
properties:
kind:
description: Kind is the kind of the resource that this content belongs to.
enum:
- APIPortal
- API
- APIBundle
type: string
name:
description: Name is the name of the resource that this content belongs to.
maxLength: 253
type: string
required:
- kind
- name
type: object
title:
description: Title is the public-facing name of the ContentItem.
maxLength: 253
minLength: 1
type: string
required:
- order
- parentRef
- title
type: object
x-kubernetes-validations:
- message: exactly one of content or link must be specified
rule: '[has(self.content), has(self.link)].filter(x, x).size() == 1'
status:
description: The current status of this ContentItem.
properties:
conditions:
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
hash:
description: Hash is a hash representing the ContentItem.
type: string
syncedAt:
format: date-time
type: string
version:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

1
clusters/cl01tl/manifests/traefik/CustomResourceDefinition-managedsubscriptions.hub.traefik.io.yaml
View File

@@ -141,6 +141,7 @@ spec:
description: |-
Applications references the Applications that will gain access to the specified APIs.
Multiple ManagedSubscriptions can select the same AppID.
Deprecated: Use ManagedApplications instead.
items:
description: ApplicationReference references an Application.

199
clusters/cl01tl/manifests/traefik/CustomResourceDefinition-uplinks.hub.traefik.io.yaml Normal file
View File

@@ -0,0 +1,199 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.1
name: uplinks.hub.traefik.io
spec:
group: hub.traefik.io
names:
kind: Uplink
listKind: UplinkList
plural: uplinks
singular: uplink
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
Uplink is an inter-cluster service advertisement: a child cluster declares an Uplink to advertise
to a parent cluster that it can handle a particular workload.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: UplinkSpec describes the Uplink.
properties:
entryPoints:
description: EntryPoints references uplinkEntryPoints. When omitted, uses default uplinkEntrypoints.
items:
type: string
type: array
exposeName:
description: |-
ExposeName is the name of the service to expose.
By default it uses <namespace>-<name>.
type: string
healthCheck:
description: HealthCheck configures the active health check on the parent cluster for this uplink's load balancer.
properties:
followRedirects:
description: |-
FollowRedirects defines whether redirects should be followed during the health check calls.
Default: true
type: boolean
headers:
additionalProperties:
type: string
description: Headers defines custom headers to be sent to the health check endpoint.
type: object
hostname:
description: Hostname defines the value of hostname in the Host header of the health check request.
type: string
interval:
anyOf:
- type: integer
- type: string
description: |-
Interval defines the frequency of the health check calls for healthy targets.
Default: 30s
x-kubernetes-int-or-string: true
method:
description: Method defines the healthcheck method.
type: string
mode:
description: |-
Mode defines the health check mode.
If defined to grpc, will use the gRPC health check protocol to probe the server.
Default: http
type: string
path:
description: Path defines the server URL path for the health check endpoint.
type: string
port:
description: Port defines the server URL port for the health check endpoint.
type: integer
scheme:
description: Scheme replaces the server URL scheme for the health check endpoint.
type: string
status:
description: Status defines the expected HTTP status code of the response to the health check request.
type: integer
timeout:
anyOf:
- type: integer
- type: string
description: |-
Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
Default: 5s
x-kubernetes-int-or-string: true
unhealthyInterval:
anyOf:
- type: integer
- type: string
description: |-
UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
When UnhealthyInterval is not defined, it defaults to the Interval value.
Default: 30s
x-kubernetes-int-or-string: true
type: object
passiveHealthCheck:
description: PassiveHealthCheck configures the passive health check on the parent cluster for this uplink's load balancer.
properties:
failureWindow:
anyOf:
- type: integer
- type: string
description: FailureWindow defines the time window during which the failed attempts must occur for the server to be marked as unhealthy. It also defines for how long the server will be considered unhealthy.
x-kubernetes-int-or-string: true
maxFailedAttempts:
description: MaxFailedAttempts is the number of consecutive failed attempts allowed within the failure window before marking the server as unhealthy.
type: integer
type: object
weight:
description: Weight for WRR on the parent.
type: integer
x-kubernetes-validations:
- message: must be a positive number
rule: self >= 0
type: object
status:
description: The current status of this Uplink.
properties:
conditions:
items:
description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

4
clusters/cl01tl/manifests/traefik/DaemonSet-traefik.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
annotations:
spec:
@@ -27,7 +27,7 @@ spec:
app.kubernetes.io/instance: traefik-traefik
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
spec:
automountServiceAccountToken: true
containers:

2
clusters/cl01tl/manifests/traefik/Gateway-traefik-gateway.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer

2
clusters/cl01tl/manifests/traefik/GatewayClass-traefik.yaml
View File

@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
spec:
controllerName: traefik.io/gateway-controller

2
clusters/cl01tl/manifests/traefik/IngressRoute-traefik-dashboard.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
spec:
entryPoints:

2
clusters/cl01tl/manifests/traefik/PrometheusRule-traefik.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
spec:
groups:

2
clusters/cl01tl/manifests/traefik/Service-traefik-metrics.yaml
View File

@@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
app.kubernetes.io/component: metrics
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
annotations:
spec:

4
clusters/cl01tl/manifests/traefik/Service-traefik.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
annotations:
spec:
@@ -14,8 +14,6 @@ spec:
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
externalIPs:
- 10.232.1.21
ports:
- port: 22
name: ssh

2
clusters/cl01tl/manifests/traefik/ServiceAccount-traefik.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
annotations:
automountServiceAccountToken: false

2
clusters/cl01tl/manifests/traefik/ServiceMonitor-traefik.yaml
View File

@@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-traefik
app.kubernetes.io/component: metrics
helm.sh/chart: traefik-39.0.9
helm.sh/chart: traefik-40.0.0
app.kubernetes.io/managed-by: Helm
spec:
jobLabel: traefik