Update ghcr.io/goauthentik/proxy Docker tag to v2024.12.0

2024-12-19 19:03:16 +00:00
9 changed files with 37 additions and 116 deletions
--- a/app-files/apps.yaml
+++ b/app-files/apps.yaml
@ -29,7 +29,7 @@ spec:
  sources:
    - chart: woodpecker
      repoURL: https://woodpecker-ci.org/
-      targetRevision: 2.0.3
+      targetRevision: 2.0.2
      helm:
        releaseName: woodpecker
        valueFiles:
--- a/app-files/core-deployments.yaml
+++ b/app-files/core-deployments.yaml
@ -39,7 +39,7 @@ spec:
  sources:
    - repoURL: https://argoproj.github.io/argo-helm
      chart: argo-cd
-      targetRevision: 7.7.11
+      targetRevision: 7.7.10
      helm:
        releaseName: argo
        valueFiles:
@ -460,23 +460,3 @@ spec:
      - CreateNamespace=true
    automated:
      prune: false
---
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: traefik-certmanager
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://git.ar21.de/yolokube/core-deployments.git
-    targetRevision: HEAD
-    path: traefik-certmanager/overlay
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: traefik
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-    automated:
-      prune: false
--- a/authentik/manifest.yaml
+++ b/authentik/manifest.yaml
@ -92,7 +92,7 @@ spec:
                secretKeyRef:
                  key: authentik_host_insecure
                  name: authentik-outpost-api
-          image: ghcr.io/goauthentik/proxy:2024.12.1
+          image: ghcr.io/goauthentik/proxy:2024.12.0
          name: proxy
          ports:
            - containerPort: 9000
--- a/longhorn/values.yaml
+++ b/longhorn/values.yaml
@ -12,7 +12,6 @@ persistence:
      "isGroup":false
    }
  ]'
-  disableRevisionCounter: false
 defaultSettings:
  defaultDataPath: /storage1
  backupTarget: "s3://yolokube-backups@weur/"
--- a/traefik-certmanager/base/kustomization.yaml
+++ b/traefik-certmanager/base/kustomization.yaml
@ -1,5 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - traefik-certmanager.yaml
--- a/traefik-certmanager/base/traefik-certmanager.yaml
+++ b/traefik-certmanager/base/traefik-certmanager.yaml
@ -1,66 +0,0 @@
-# from https://github.com/ncsa/traefik-certmanager
-#
-# Used to automatically create cert request for IngressRoute Objects
-#
-# Added by Aaron
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: traefik-certmanager
-  namespace: traefik
---
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: traefik-certmanager
-rules:
- apiGroups: ["traefik.io"]
-  resources: ["ingressroutes"]
-  verbs: ["watch", "patch"]
- apiGroups: ["cert-manager.io"]
-  resources: ["certificates"]
-  verbs: ["get", "create", "delete"]
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: traefik-certmanager
-subjects:
- kind: ServiceAccount
-  name: traefik-certmanager
-  namespace: traefik
-roleRef:
-  kind: ClusterRole
-  name: traefik-certmanager
-  apiGroup: rbac.authorization.k8s.io
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: traefik-certmanager
-  namespace: traefik
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: traefik-certmanager
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: traefik-certmanager
-    spec:
-      serviceAccount: traefik-certmanager
-      containers:
-      - name: traefik-certmanager
-        image: git.ar21.de/yolokube/traefik-certmanager:latest
-        imagePullPolicy: Always
-        env:
-        - name: ISSUER_NAME
-          value: letsencrypt-prod
-        - name: ISSUER_KIND
-          value: ClusterIssuer
-        - name: CERT_CLEANUP
-          value: "true"
-        - name: PATCH_SECRETNAME
-          value: "true"
--- a/traefik-certmanager/overlay/kustomization.yaml
+++ b/traefik-certmanager/overlay/kustomization.yaml
@ -1,8 +0,0 @@
-resources:
- ../base
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-images:
- name: git.ar21.de/yolokube/traefik-certmanager
-  newName: git.ar21.de/yolokube/traefik-certmanager
-  newTag: "2"
--- a/traefik/dashboard-cert.yaml
+++ b/traefik/dashboard-cert.yaml
@ -0,0 +1,13 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: traefik-cert
+  namespace: traefik
+spec:
+  secretName: traefik-tls-key
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - traefik.services.yolokube.de
--- a/woodpecker/grpc-ingress/ingress.yaml
+++ b/woodpecker/grpc-ingress/ingress.yaml
@ -16,20 +16,28 @@ spec:
      port: 9000
      targetPort: grpc
 ---
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
+apiVersion: networking.k8s.io/v1
+kind: Ingress
 metadata:
-  namespace: woodpecker
+  annotations:
+    kubernetes.io/tls-acme: "true"
+    traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c
+    traefik.ingress.kubernetes.io/service.serversscheme: h2c
  name: woodpecker-grpc
+  namespace: woodpecker
 spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`)
-      services:
-        - name: woodpecker-grpc
-          port: grpc
-          scheme: h2c
+  rules:
+    - host: "woodpecker-grpc.apps.yolokube.de"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: woodpecker-grpc
+                port:
+                  name: grpc
  tls:
-    secretName: woodpecker-grpc-tls-key
+    - hosts:
+        - woodpecker-grpc.apps.yolokube.de
+      secretName: woodpecker-grpc-tls-key