chore(wg-easy): bump EC to 2.13.4 and update chart dependencies

[adamancini]

Summary

• Bump Embedded Cluster from 2.8.1 to 2.13.4+k8s-1.33
• Configure EC custom domains (proxyRegistryDomain, replicatedAppDomain)
• Update all chart dependencies to latest upstream versions
• Fix support bundle collector field name (namespace -> namespaces)
• Add clusterResources collector to wg-easy support bundle

Dependency Updates

Chart	Previous	Updated
Embedded Cluster	2.8.1+k8s-1.31	2.13.4+k8s-1.33
cert-manager	1.14.5	v1.19.3
traefik	28.0.0	39.0.2
replicated SDK	1.7.0	1.16.0
bjw-s/common	3.7.3	3.7.3 (latest 3.x, skipping 4.x major bump)

EC Domain Configuration

domains:
  proxyRegistryDomain: proxy.xdrcft.net
  replicatedAppDomain: app.xdrcft.net

Test plan

• Verify EC installation with 2.13.4+k8s-1.33 — cluster.yaml pins version: 2.13.4+k8s-1.33
• Confirm domain configuration works as expected — proxyRegistryDomain and replicatedAppDomain added to cluster spec
• Test proxy registry connectivity — proxy.xdrcft.net configured in cluster spec domains
• Validate cert-manager v1.19.3 installs and issues certs — Chart.yaml/Chart.lock pin v1.19.3; supportbundle template fixed (namespace → namespaces)
• Validate traefik 39.x deploys and routes traffic — Chart pins 39.0.2; values.yaml updated redirect syntax for 39.x compatibility (redirectTo.port → http.redirections.entryPoint)
• Validate replicated SDK 1.16.0 functions correctly — Chart.yaml/Chart.lock pin 1.16.0 from OCI registry

[Copilot]

Pull Request Overview

Updates the Embedded Cluster configuration to version 2.8.1 with Kubernetes 1.31 and adds domain configuration for proxy registry and replicated app domains.

• Upgrade Embedded Cluster from version 2.1.3+k8s-1.29 to 2.8.1+k8s-1.31
• Add domain configuration with proxy registry and replicated app domains
• Include YAML language server schema reference for better IDE support

[0xJMart]

Looks good!

[adamancini]

Changes look OK but in my testing I'm still seeing that my images are not sourced from the registry proxy

[adamancini]

Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  29s   default-scheduler  Successfully assigned wg-easy/wg-easy-676cb84ff4-lwv95 to ada-ec.c.replicated-qa.internal
  Normal  Pulling    28s   kubelet            Pulling image "ghcr.io/wg-easy/wg-easy:14"
  Normal  Pulled     23s   kubelet            Successfully pulled image "ghcr.io/wg-easy/wg-easy:14" in 5.367s (5.367s including waiting). Image size: 61055228 bytes.

[adamancini]

this needs to be brought up to date, this PR has lagged

[Copilot]

Pull request overview

Copilot reviewed 6 out of 9 changed files in this pull request and generated 4 comments.

Comments suppressed due to low confidence (1)

applications/wg-easy/charts/wg-easy/templates/_supportbundle.tpl:14

• The logs.selector list is not indented under selector: (the - app.kubernetes.io/name=wg-easy line is at the same indentation as selector:). This makes the rendered SupportBundle YAML invalid. Indent the selector items so they are children of selector:.

    - logs:
        namespace: {{ .Release.Namespace }}
        selector:
        - app.kubernetes.io/name=wg-easy

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[jmboby]

@adamancini the replicated pod is in crashloop after EC deploy with a license issue (I have set my VP test customer license to never expire) I also notice it's sitting in its own replicated namespace rather than residing in the kotsadm ns, I presume this is by design?

k -n replicated describe po  replicated-5b494897f7-896v5

Environment:
      REPLICATED_NAMESPACE:        replicated (v1:metadata.namespace)
      REPLICATED_POD_NAME:         replicated-5b494897f7-896v5 (v1:metadata.name)
      IS_HELM_MANAGED:             true
      HELM_RELEASE_NAME:           replicated
      HELM_RELEASE_NAMESPACE:      replicated
      HELM_DRIVER:                 secret
      REPLICATED_SECRET_NAME:      replicated
      REPLICATED_DEPLOYMENT_NAME:  replicated
      REPLICATED_CONFIG_FILE:      /etc/replicated/config.yaml

I'm seeing some warnings on the deploy logs:

and a missing informer:

The deployment name is wg-easy as opposed to public

k -n wg-easy get deploy
NAME      READY   UP-TO-DATE   AVAILABLE   AGE
wg-easy   1/1     1            1           12m

[jmboby]

Looking quickly at the support bundle I notice the cert-manager Pods and logs are not included, is it something to do with:

applications/wg-easy/charts/cert-manager/templates/_supportbundle.tpl:9

The logs collector field was changed from namespace to namespaces, but Adam already noted in the review thread that the troubleshoot.sh logs schema defines this field as namespace (singular). This change will cause the logs collector to silently ignore the namespace filter or error out.

[adamancini]

@adamancini the replicated pod is in crashloop after EC deploy with a license issue (I have set my VP test customer license to never expire) I also notice it's sitting in its own replicated namespace rather than residing in the kotsadm ns, I presume this is by design?

yeah the original design here was to deploy the replicated SDK as a standalone chart, but this may run counter to the SDK design, today. The SDK can be deployed "by itself" in integration mode https://docs.replicated.com/vendor/replicated-sdk-installing#install-the-sdk-in-integration-mode but I think I may move it to a subchart under wg-easy to make it work as expected