From aa379269e5d5dc649e051e6b7134cf9614cb3954 Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Mon, 11 May 2026 14:43:50 +0000 Subject: [PATCH 1/6] Use my own email as cert issuer. Signed-off-by: Kurt Garloff --- kubernetes/certmanager-issuer/base/letsencrypt-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/certmanager-issuer/base/letsencrypt-prod.yaml b/kubernetes/certmanager-issuer/base/letsencrypt-prod.yaml index 663dd0d..b1e2edb 100644 --- a/kubernetes/certmanager-issuer/base/letsencrypt-prod.yaml +++ b/kubernetes/certmanager-issuer/base/letsencrypt-prod.yaml @@ -6,7 +6,7 @@ metadata: spec: acme: server: https://acme-v02.api.letsencrypt.org/directory - email: goncharov@osb-alliance.com + email: kgarloff@osb-alliance.com privateKeySecretRef: name: letsencrypt-prodr-account-key solvers: From 0c883bf9bf4297aac8a77496ae35efb8f6a0acdd Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Mon, 11 May 2026 14:44:36 +0000 Subject: [PATCH 2/6] cnpg-1.23.2 -> 1.29.1 Signed-off-by: Kurt Garloff --- kubernetes/cloudnative-pg/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/cloudnative-pg/base/kustomization.yaml b/kubernetes/cloudnative-pg/base/kustomization.yaml index 08fcf3d..f660251 100644 --- a/kubernetes/cloudnative-pg/base/kustomization.yaml +++ b/kubernetes/cloudnative-pg/base/kustomization.yaml @@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.23/releases/cnpg-1.23.2.yaml + - https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.29/releases/cnpg-1.29.1.yaml From b78602eca11df47ed89388b73ceaf3f7640217e7 Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Mon, 11 May 2026 14:53:45 +0000 Subject: [PATCH 3/6] Update ingress-ngins to the latest. Signed-off-by: Kurt Garloff --- kubernetes/ingress/base/kustomization.yaml | 2 +- kubernetes/ingress/overlays/mgmt/all.yaml | 112 ++++---- .../ingress/overlays/mgmt/kustomization.yaml | 2 +- kubernetes/ingress/overlays/zuul/all.yaml | 239 +++++++++--------- .../ingress/overlays/zuul/kustomization.yaml | 2 +- 5 files changed, 185 insertions(+), 172 deletions(-) diff --git a/kubernetes/ingress/base/kustomization.yaml b/kubernetes/ingress/base/kustomization.yaml index 5946ee3..111f5ce 100644 --- a/kubernetes/ingress/base/kustomization.yaml +++ b/kubernetes/ingress/base/kustomization.yaml @@ -3,5 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization #resources: -# - https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml +# - https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.15.1/deploy/static/provider/cloud/deploy.yaml # diff --git a/kubernetes/ingress/overlays/mgmt/all.yaml b/kubernetes/ingress/overlays/mgmt/all.yaml index 8da2c2f..1ad5e32 100644 --- a/kubernetes/ingress/overlays/mgmt/all.yaml +++ b/kubernetes/ingress/overlays/mgmt/all.yaml @@ -4,10 +4,10 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -20,28 +20,26 @@ apiVersion: v1 kind: ConfigMap metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-mgmt-controller namespace: ingress-nginx data: - allow-snippet-annotations: "false" - use-forwarded-headers: "true" --- # Source: ingress-nginx/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm name: ingress-nginx-mgmt @@ -122,10 +120,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm name: ingress-nginx-mgmt @@ -143,10 +141,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -237,10 +235,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -260,10 +258,10 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -287,10 +285,10 @@ kind: Service metadata: annotations: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -322,10 +320,10 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -343,10 +341,10 @@ spec: template: metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -354,13 +352,13 @@ spec: dnsPolicy: ClusterFirst containers: - name: controller - image: registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a + image: registry.k8s.io/ingress-nginx/controller:v1.15.1@sha256:594ceea76b01c592858f803f9ff4d2cb40542cae2060410b2c95f75907d659e1 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - - /wait-shutdown + - /wait-shutdown args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-mgmt-controller @@ -371,18 +369,18 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key - - --enable-metrics=false securityContext: runAsNonRoot: true runAsUser: 101 + runAsGroup: 82 allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop: - - ALL + - ALL add: - - NET_BIND_SERVICE + - NET_BIND_SERVICE readOnlyRootFilesystem: false env: - name: POD_NAME @@ -436,6 +434,7 @@ spec: nodeSelector: kubernetes.io/os: linux serviceAccountName: ingress-nginx-mgmt + automountServiceAccountToken: true terminationGracePeriodSeconds: 300 volumes: - name: webhook-cert @@ -447,10 +446,10 @@ apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -470,10 +469,10 @@ kind: ValidatingWebhookConfiguration metadata: annotations: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -499,6 +498,7 @@ webhooks: service: name: ingress-nginx-mgmt-controller-admission namespace: ingress-nginx + port: 443 path: /networking/v1/ingresses --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml @@ -511,10 +511,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -529,10 +529,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -554,10 +554,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -580,10 +580,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -606,10 +606,10 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -632,29 +632,30 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: + ttlSecondsAfterFinished: 0 template: metadata: name: ingress-nginx-mgmt-admission-create labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: - name: create - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.9@sha256:01038e7de14b78d702d2849c3aad72fd25903c4765af63cf16aa3398f5d5f2dd imagePullPolicy: IfNotPresent args: - create @@ -670,14 +671,16 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true + runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault restartPolicy: OnFailure serviceAccountName: ingress-nginx-mgmt-admission + automountServiceAccountToken: true nodeSelector: kubernetes.io/os: linux --- @@ -691,29 +694,30 @@ metadata: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: + ttlSecondsAfterFinished: 0 template: metadata: name: ingress-nginx-mgmt-admission-patch labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx-mgmt - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: - name: patch - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.9@sha256:01038e7de14b78d702d2849c3aad72fd25903c4765af63cf16aa3398f5d5f2dd imagePullPolicy: IfNotPresent args: - patch @@ -731,13 +735,15 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true + runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault restartPolicy: OnFailure serviceAccountName: ingress-nginx-mgmt-admission + automountServiceAccountToken: true nodeSelector: kubernetes.io/os: linux diff --git a/kubernetes/ingress/overlays/mgmt/kustomization.yaml b/kubernetes/ingress/overlays/mgmt/kustomization.yaml index c45220e..97e0331 100644 --- a/kubernetes/ingress/overlays/mgmt/kustomization.yaml +++ b/kubernetes/ingress/overlays/mgmt/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -# all.yaml generated with `helm template ingress-nginx-mgmt ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace --kube-version 1.30 > kubernetes/ingress/overlays/mgmt/all.yaml` +# all.yaml generated with `helm template ingress-nginx-mgmt ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace --kube-version 1.34 > kubernetes/ingress/overlays/mgmt/all.yaml` resources: - namespace.yaml - all.yaml diff --git a/kubernetes/ingress/overlays/zuul/all.yaml b/kubernetes/ingress/overlays/zuul/all.yaml index 394cc1b..1ad5e32 100644 --- a/kubernetes/ingress/overlays/zuul/all.yaml +++ b/kubernetes/ingress/overlays/zuul/all.yaml @@ -4,14 +4,14 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-zuul + name: ingress-nginx-mgmt namespace: ingress-nginx automountServiceAccountToken: true --- @@ -20,30 +20,29 @@ apiVersion: v1 kind: ConfigMap metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-zuul-controller + name: ingress-nginx-mgmt-controller namespace: ingress-nginx data: - allow-snippet-annotations: "false" --- # Source: ingress-nginx/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm - name: ingress-nginx-zuul + name: ingress-nginx-mgmt rules: - apiGroups: - "" @@ -121,20 +120,20 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm - name: ingress-nginx-zuul + name: ingress-nginx-mgmt roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: ingress-nginx-zuul + name: ingress-nginx-mgmt subjects: - kind: ServiceAccount - name: ingress-nginx-zuul + name: ingress-nginx-mgmt namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-role.yaml @@ -142,14 +141,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-zuul + name: ingress-nginx-mgmt namespace: ingress-nginx rules: - apiGroups: @@ -205,7 +204,7 @@ rules: resources: - leases resourceNames: - - ingress-nginx-zuul-leader + - ingress-nginx-mgmt-leader verbs: - get - update @@ -236,22 +235,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-zuul + name: ingress-nginx-mgmt namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: ingress-nginx-zuul + name: ingress-nginx-mgmt subjects: - kind: ServiceAccount - name: ingress-nginx-zuul + name: ingress-nginx-mgmt namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-service-webhook.yaml @@ -259,14 +258,14 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-zuul-controller-admission + name: ingress-nginx-mgmt-controller-admission namespace: ingress-nginx spec: type: ClusterIP @@ -277,7 +276,7 @@ spec: appProtocol: https selector: app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul + app.kubernetes.io/instance: ingress-nginx-mgmt app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-service.yaml @@ -286,14 +285,14 @@ kind: Service metadata: annotations: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-zuul-controller + name: ingress-nginx-mgmt-controller namespace: ingress-nginx spec: type: LoadBalancer @@ -313,7 +312,7 @@ spec: appProtocol: https selector: app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul + app.kubernetes.io/instance: ingress-nginx-mgmt app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-deployment.yaml @@ -321,20 +320,20 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-zuul-controller + name: ingress-nginx-mgmt-controller namespace: ingress-nginx spec: selector: matchLabels: app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul + app.kubernetes.io/instance: ingress-nginx-mgmt app.kubernetes.io/component: controller replicas: 1 revisionHistoryLimit: 10 @@ -342,10 +341,10 @@ spec: template: metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -353,35 +352,35 @@ spec: dnsPolicy: ClusterFirst containers: - name: controller - image: registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a + image: registry.k8s.io/ingress-nginx/controller:v1.15.1@sha256:594ceea76b01c592858f803f9ff4d2cb40542cae2060410b2c95f75907d659e1 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - - /wait-shutdown + - /wait-shutdown args: - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-zuul-controller - - --election-id=ingress-nginx-zuul-leader + - --publish-service=$(POD_NAMESPACE)/ingress-nginx-mgmt-controller + - --election-id=ingress-nginx-mgmt-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-zuul-controller + - --configmap=$(POD_NAMESPACE)/ingress-nginx-mgmt-controller - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key - - --enable-metrics=false securityContext: runAsNonRoot: true runAsUser: 101 + runAsGroup: 82 allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop: - - ALL + - ALL add: - - NET_BIND_SERVICE + - NET_BIND_SERVICE readOnlyRootFilesystem: false env: - name: POD_NAME @@ -434,22 +433,23 @@ spec: memory: 90Mi nodeSelector: kubernetes.io/os: linux - serviceAccountName: ingress-nginx-zuul + serviceAccountName: ingress-nginx-mgmt + automountServiceAccountToken: true terminationGracePeriodSeconds: 300 volumes: - name: webhook-cert secret: - secretName: ingress-nginx-zuul-admission + secretName: ingress-nginx-mgmt-admission --- # Source: ingress-nginx/templates/controller-ingressclass.yaml apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller @@ -469,14 +469,14 @@ kind: ValidatingWebhookConfiguration metadata: annotations: labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission webhooks: - name: validate.nginx.ingress.kubernetes.io matchPolicy: Equivalent @@ -496,24 +496,25 @@ webhooks: - v1 clientConfig: service: - name: ingress-nginx-zuul-controller-admission + name: ingress-nginx-mgmt-controller-admission namespace: ingress-nginx + port: 443 path: /networking/v1/ingresses --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission namespace: ingress-nginx annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -523,15 +524,15 @@ automountServiceAccountToken: true apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -548,41 +549,41 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission subjects: - kind: ServiceAccount - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission namespace: ingress-nginx annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook @@ -599,67 +600,68 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission namespace: ingress-nginx annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission subjects: - kind: ServiceAccount - name: ingress-nginx-zuul-admission + name: ingress-nginx-mgmt-admission namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml apiVersion: batch/v1 kind: Job metadata: - name: ingress-nginx-zuul-admission-create + name: ingress-nginx-mgmt-admission-create namespace: ingress-nginx annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: + ttlSecondsAfterFinished: 0 template: metadata: - name: ingress-nginx-zuul-admission-create + name: ingress-nginx-mgmt-admission-create labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: - name: create - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.9@sha256:01038e7de14b78d702d2849c3aad72fd25903c4765af63cf16aa3398f5d5f2dd imagePullPolicy: IfNotPresent args: - create - - --host=ingress-nginx-zuul-controller-admission,ingress-nginx-zuul-controller-admission.$(POD_NAMESPACE).svc + - --host=ingress-nginx-mgmt-controller-admission,ingress-nginx-mgmt-controller-admission.$(POD_NAMESPACE).svc - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-zuul-admission + - --secret-name=ingress-nginx-mgmt-admission env: - name: POD_NAMESPACE valueFrom: @@ -669,14 +671,16 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true + runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault restartPolicy: OnFailure - serviceAccountName: ingress-nginx-zuul-admission + serviceAccountName: ingress-nginx-mgmt-admission + automountServiceAccountToken: true nodeSelector: kubernetes.io/os: linux --- @@ -684,42 +688,43 @@ spec: apiVersion: batch/v1 kind: Job metadata: - name: ingress-nginx-zuul-admission-patch + name: ingress-nginx-mgmt-admission-patch namespace: ingress-nginx annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: + ttlSecondsAfterFinished: 0 template: metadata: - name: ingress-nginx-zuul-admission-patch + name: ingress-nginx-mgmt-admission-patch labels: - helm.sh/chart: ingress-nginx-4.11.1 + helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-zuul - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: - name: patch - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1@sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366 + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.9@sha256:01038e7de14b78d702d2849c3aad72fd25903c4765af63cf16aa3398f5d5f2dd imagePullPolicy: IfNotPresent args: - patch - - --webhook-name=ingress-nginx-zuul-admission + - --webhook-name=ingress-nginx-mgmt-admission - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - - --secret-name=ingress-nginx-zuul-admission + - --secret-name=ingress-nginx-mgmt-admission - --patch-failure-policy=Fail env: - name: POD_NAMESPACE @@ -730,13 +735,15 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true + runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault restartPolicy: OnFailure - serviceAccountName: ingress-nginx-zuul-admission + serviceAccountName: ingress-nginx-mgmt-admission + automountServiceAccountToken: true nodeSelector: kubernetes.io/os: linux diff --git a/kubernetes/ingress/overlays/zuul/kustomization.yaml b/kubernetes/ingress/overlays/zuul/kustomization.yaml index 3824697..084ef10 100644 --- a/kubernetes/ingress/overlays/zuul/kustomization.yaml +++ b/kubernetes/ingress/overlays/zuul/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization # all.yaml generated with `helm template ingress-nginx-mgmt ingress-nginx # --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx -# --create-namespace --kube-version 1.30 > +# --create-namespace --kube-version 1.34 > # kubernetes/ingress/overlays/mgmt/all.yaml` resources: - namespace.yaml From 0430194425c589f096734f85ee94d60191ef8914 Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Mon, 11 May 2026 14:57:27 +0000 Subject: [PATCH 4/6] Go from keycloak 25.0.2 to keycloak 26.6.1. Initcontainer was outdated before Signed-off-by: Kurt Garloff --- kubernetes/keycloak/base/statefulset.yaml | 2 +- kubernetes/keycloak/overlays/infra/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/keycloak/base/statefulset.yaml b/kubernetes/keycloak/base/statefulset.yaml index c5dcc73..bc762a5 100644 --- a/kubernetes/keycloak/base/statefulset.yaml +++ b/kubernetes/keycloak/base/statefulset.yaml @@ -131,7 +131,7 @@ spec: initContainers: - name: init-quarkus-directory - image: keycloak/keycloak:24.0.3 + image: keycloak/keycloak:26.6.1 imagePullPolicy: IfNotPresent command: - /bin/bash diff --git a/kubernetes/keycloak/overlays/infra/kustomization.yaml b/kubernetes/keycloak/overlays/infra/kustomization.yaml index 09e9cb9..9134ec3 100644 --- a/kubernetes/keycloak/overlays/infra/kustomization.yaml +++ b/kubernetes/keycloak/overlays/infra/kustomization.yaml @@ -12,7 +12,7 @@ labels: images: - name: keycloak/keycloak newName: quay.io/keycloak/keycloak - newTag: 25.0.2 + newTag: 26.6.1 resources: - pgsql-cloudnative.yaml From 114a7ef059b5cfe0861508beff88c7970f21b953 Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Mon, 11 May 2026 14:58:44 +0000 Subject: [PATCH 5/6] dependencytrack 4.11.7 -> 4.14.2 Signed-off-by: Kurt Garloff --- kubernetes/dep-track/base/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/dep-track/base/kustomization.yaml b/kubernetes/dep-track/base/kustomization.yaml index 6cd4319..904df2e 100644 --- a/kubernetes/dep-track/base/kustomization.yaml +++ b/kubernetes/dep-track/base/kustomization.yaml @@ -4,10 +4,10 @@ kind: Kustomization images: - name: "dependencytrack/apiserver" newName: "docker.io/dependencytrack/apiserver" - newTag: "4.11.7" + newTag: "4.14.2" - name: "dependencytrack/frontend" newName: "docker.io/dependencytrack/frontend" - newTag: "4.11.7" + newTag: "4.14.2" labels: - includeSelectors: true From c73acdee743fb6655cd090fe9cc8db27436cd1ab Mon Sep 17 00:00:00 2001 From: Kurt Garloff Date: Mon, 11 May 2026 15:11:41 +0000 Subject: [PATCH 6/6] Consistent naming. Signed-off-by: Kurt Garloff --- kubernetes/ingress/overlays/zuul/all.yaml | 128 +++++++++--------- .../ingress/overlays/zuul/kustomization.yaml | 4 +- 2 files changed, 66 insertions(+), 66 deletions(-) diff --git a/kubernetes/ingress/overlays/zuul/all.yaml b/kubernetes/ingress/overlays/zuul/all.yaml index 1ad5e32..78ccd11 100644 --- a/kubernetes/ingress/overlays/zuul/all.yaml +++ b/kubernetes/ingress/overlays/zuul/all.yaml @@ -6,12 +6,12 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-mgmt + name: ingress-nginx-zuul namespace: ingress-nginx automountServiceAccountToken: true --- @@ -22,12 +22,12 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-mgmt-controller + name: ingress-nginx-zuul-controller namespace: ingress-nginx data: --- @@ -38,11 +38,11 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm - name: ingress-nginx-mgmt + name: ingress-nginx-zuul rules: - apiGroups: - "" @@ -122,18 +122,18 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm - name: ingress-nginx-mgmt + name: ingress-nginx-zuul roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: ingress-nginx-mgmt + name: ingress-nginx-zuul subjects: - kind: ServiceAccount - name: ingress-nginx-mgmt + name: ingress-nginx-zuul namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-role.yaml @@ -143,12 +143,12 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-mgmt + name: ingress-nginx-zuul namespace: ingress-nginx rules: - apiGroups: @@ -204,7 +204,7 @@ rules: resources: - leases resourceNames: - - ingress-nginx-mgmt-leader + - ingress-nginx-zuul-leader verbs: - get - update @@ -237,20 +237,20 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-mgmt + name: ingress-nginx-zuul namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: ingress-nginx-mgmt + name: ingress-nginx-zuul subjects: - kind: ServiceAccount - name: ingress-nginx-mgmt + name: ingress-nginx-zuul namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-service-webhook.yaml @@ -260,12 +260,12 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-mgmt-controller-admission + name: ingress-nginx-zuul-controller-admission namespace: ingress-nginx spec: type: ClusterIP @@ -276,7 +276,7 @@ spec: appProtocol: https selector: app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-service.yaml @@ -287,12 +287,12 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-mgmt-controller + name: ingress-nginx-zuul-controller namespace: ingress-nginx spec: type: LoadBalancer @@ -312,7 +312,7 @@ spec: appProtocol: https selector: app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-deployment.yaml @@ -322,18 +322,18 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller - name: ingress-nginx-mgmt-controller + name: ingress-nginx-zuul-controller namespace: ingress-nginx spec: selector: matchLabels: app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/component: controller replicas: 1 revisionHistoryLimit: 10 @@ -343,7 +343,7 @@ spec: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -361,11 +361,11 @@ spec: - /wait-shutdown args: - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/ingress-nginx-mgmt-controller - - --election-id=ingress-nginx-mgmt-leader + - --publish-service=$(POD_NAMESPACE)/ingress-nginx-zuul-controller + - --election-id=ingress-nginx-zuul-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-mgmt-controller + - --configmap=$(POD_NAMESPACE)/ingress-nginx-zuul-controller - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key @@ -433,13 +433,13 @@ spec: memory: 90Mi nodeSelector: kubernetes.io/os: linux - serviceAccountName: ingress-nginx-mgmt + serviceAccountName: ingress-nginx-zuul automountServiceAccountToken: true terminationGracePeriodSeconds: 300 volumes: - name: webhook-cert secret: - secretName: ingress-nginx-mgmt-admission + secretName: ingress-nginx-zuul-admission --- # Source: ingress-nginx/templates/controller-ingressclass.yaml apiVersion: networking.k8s.io/v1 @@ -448,7 +448,7 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -471,12 +471,12 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission webhooks: - name: validate.nginx.ingress.kubernetes.io matchPolicy: Equivalent @@ -496,7 +496,7 @@ webhooks: - v1 clientConfig: service: - name: ingress-nginx-mgmt-controller-admission + name: ingress-nginx-zuul-controller-admission namespace: ingress-nginx port: 443 path: /networking/v1/ingresses @@ -505,7 +505,7 @@ webhooks: apiVersion: v1 kind: ServiceAccount metadata: - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission namespace: ingress-nginx annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade @@ -513,7 +513,7 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -524,14 +524,14 @@ automountServiceAccountToken: true apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -549,14 +549,14 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -564,17 +564,17 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission subjects: - kind: ServiceAccount - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission namespace: ingress-nginx annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade @@ -582,7 +582,7 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission namespace: ingress-nginx annotations: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade @@ -608,7 +608,7 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -616,17 +616,17 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission subjects: - kind: ServiceAccount - name: ingress-nginx-mgmt-admission + name: ingress-nginx-zuul-admission namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml apiVersion: batch/v1 kind: Job metadata: - name: ingress-nginx-mgmt-admission-create + name: ingress-nginx-zuul-admission-create namespace: ingress-nginx annotations: "helm.sh/hook": pre-install,pre-upgrade @@ -634,7 +634,7 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -643,11 +643,11 @@ spec: ttlSecondsAfterFinished: 0 template: metadata: - name: ingress-nginx-mgmt-admission-create + name: ingress-nginx-zuul-admission-create labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -659,9 +659,9 @@ spec: imagePullPolicy: IfNotPresent args: - create - - --host=ingress-nginx-mgmt-controller-admission,ingress-nginx-mgmt-controller-admission.$(POD_NAMESPACE).svc + - --host=ingress-nginx-zuul-controller-admission,ingress-nginx-zuul-controller-admission.$(POD_NAMESPACE).svc - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-mgmt-admission + - --secret-name=ingress-nginx-zuul-admission env: - name: POD_NAMESPACE valueFrom: @@ -679,7 +679,7 @@ spec: seccompProfile: type: RuntimeDefault restartPolicy: OnFailure - serviceAccountName: ingress-nginx-mgmt-admission + serviceAccountName: ingress-nginx-zuul-admission automountServiceAccountToken: true nodeSelector: kubernetes.io/os: linux @@ -688,7 +688,7 @@ spec: apiVersion: batch/v1 kind: Job metadata: - name: ingress-nginx-mgmt-admission-patch + name: ingress-nginx-zuul-admission-patch namespace: ingress-nginx annotations: "helm.sh/hook": post-install,post-upgrade @@ -696,7 +696,7 @@ metadata: labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -705,11 +705,11 @@ spec: ttlSecondsAfterFinished: 0 template: metadata: - name: ingress-nginx-mgmt-admission-patch + name: ingress-nginx-zuul-admission-patch labels: helm.sh/chart: ingress-nginx-4.15.1 app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/instance: ingress-nginx-mgmt + app.kubernetes.io/instance: ingress-nginx-zuul app.kubernetes.io/version: "1.15.1" app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/managed-by: Helm @@ -721,10 +721,10 @@ spec: imagePullPolicy: IfNotPresent args: - patch - - --webhook-name=ingress-nginx-mgmt-admission + - --webhook-name=ingress-nginx-zuul-admission - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - - --secret-name=ingress-nginx-mgmt-admission + - --secret-name=ingress-nginx-zuul-admission - --patch-failure-policy=Fail env: - name: POD_NAMESPACE @@ -743,7 +743,7 @@ spec: seccompProfile: type: RuntimeDefault restartPolicy: OnFailure - serviceAccountName: ingress-nginx-mgmt-admission + serviceAccountName: ingress-nginx-zuul-admission automountServiceAccountToken: true nodeSelector: kubernetes.io/os: linux diff --git a/kubernetes/ingress/overlays/zuul/kustomization.yaml b/kubernetes/ingress/overlays/zuul/kustomization.yaml index 084ef10..e3c7f00 100644 --- a/kubernetes/ingress/overlays/zuul/kustomization.yaml +++ b/kubernetes/ingress/overlays/zuul/kustomization.yaml @@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -# all.yaml generated with `helm template ingress-nginx-mgmt ingress-nginx +# all.yaml generated with `helm template ingress-nginx-zuul ingress-nginx # --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx # --create-namespace --kube-version 1.34 > -# kubernetes/ingress/overlays/mgmt/all.yaml` +# kubernetes/ingress/overlays/zuul/all.yaml` resources: - namespace.yaml - all.yaml