Compare commits

...

96 Commits

Author SHA1 Message Date
renovate b5e5168811 chore(deps): update helm release external-secrets to v2.7.0 (#285) 2026-06-29 14:07:00 +00:00
renovate 7bd7ec8165 chore(deps): update helm release cert-manager to v1.20.3 (#284) 2026-06-28 15:06:23 +00:00
renovate f11944af19 chore(deps): update cloudamqp/lavinmq docker tag to v2.9.0 (#283) 2026-06-28 10:06:49 +00:00
renovate b4b29395a6 chore(deps): update cloudamqp/lavinmq docker tag to v2.8.2 (#282) 2026-06-27 15:08:37 +00:00
renovate c491ff60bf chore(deps): update helm release traefik to v41 (#281)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [traefik](https://traefik.io/) ([source](https://github.com/traefik/traefik-helm-chart)) | HelmChart | major | `40.3.0` → `41.0.0` |

---

### Release Notes

<details>
<summary>traefik/traefik-helm-chart (traefik)</summary>

### [`v41.0.0`](https://github.com/traefik/traefik-helm-chart/releases/tag/v41.0.0)

[Compare Source](https://github.com/traefik/traefik-helm-chart/compare/v40.3.0...v41.0.0)

**Upgrade Notes**

1. **Logs & access logs syntax**: The chart now aligns its logging keys with the upstream Traefik syntax with PR [#&#8203;1887](https://github.com/traefik/traefik-helm-chart/pull/1887).
   - `logs.general` is renamed to `log` (e.g. `logs.general.level` → `log.level`).
   - `logs.access` is renamed to `accessLog` (e.g. `logs.access.format` → `accessLog.format`).
   - Filter and field keys are now camelCased: `filters.statuscodes` → `filters.statusCodes`, `filters.retryattempts` → `filters.retryAttempts`, `filters.minduration` → `filters.minDuration`, and `fields.*.defaultmode` → `fields.*.defaultMode`.
   - The `accessLog.fields.general` nesting level is removed: `fields.general.defaultmode` → `fields.defaultMode`.Expand commentComment on line R27Resolved
2. **File provider content**: `providers.file.content` is now an object (`{}`) instead of a string (`""`).

> \[!TIP]
> Image `registry` and `repository` now default to `null`.
> The chart now automatically resolves the full official image URI for both Traefik Proxy and Traefik Hub.

#### 💥 BREAKING CHANGES

- feat(providers.file)!: switch content to an object [#&#8203;1861](https://github.com/traefik/traefik-helm-chart/issues/1861) by [@&#8203;minrk](https://github.com/minrk)
- fix(logs)!: align syntax with upstream [#&#8203;1887](https://github.com/traefik/traefik-helm-chart/issues/1887) by [@&#8203;mloiseleur](https://github.com/mloiseleur)

#### 🚀 Features

- feat(version):  relax max-version guard to warn on minor/patch, fail only on major mismatch [#&#8203;1884](https://github.com/traefik/traefik-helm-chart/issues/1884) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- feat(hub):  install out-of-box with only hub.token set [#&#8203;1885](https://github.com/traefik/traefik-helm-chart/issues/1885) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- feat(deps): update traefik docker tag to v3.7.5 [#&#8203;1888](https://github.com/traefik/traefik-helm-chart/issues/1888) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]

#### 🐛 Bug fixes

- fix(notes): 📝 use traefik.image-name so NOTES match deployed image [#&#8203;1886](https://github.com/traefik/traefik-helm-chart/issues/1886) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- fix(deployment): omit spec.replicas when replicas is null [#&#8203;1891](https://github.com/traefik/traefik-helm-chart/issues/1891) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- fix(provider): 🐛 emit kubernetesIngressNGINX publishService for external service [#&#8203;1897](https://github.com/traefik/traefik-helm-chart/issues/1897) by [@&#8203;mloiseleur](https://github.com/mloiseleur)

#### 📦 Others

- ci: track max-version assertions with relaxed guard wording [#&#8203;1889](https://github.com/traefik/traefik-helm-chart/issues/1889) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- ci(renovate): restore update on appVersion [#&#8203;1892](https://github.com/traefik/traefik-helm-chart/issues/1892) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- chore(deps): update dependency helm to v4.2.1 [#&#8203;1893](https://github.com/traefik/traefik-helm-chart/issues/1893) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update losisin/helm-values-schema-json-action action to v3.0.1 [#&#8203;1894](https://github.com/traefik/traefik-helm-chart/issues/1894) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- ci(security): declare contents:write on release workflow [#&#8203;1855](https://github.com/traefik/traefik-helm-chart/issues/1855) by [@&#8203;arpitjain099](https://github.com/arpitjain099)
- chore(release): publish 41.0.0 [#&#8203;1895](https://github.com/traefik/traefik-helm-chart/issues/1895) by [@&#8203;mloiseleur](https://github.com/mloiseleur)

#### 👌 Traefik version support

- Traefik Proxy: v3.6.0 -> v3.7.5 (default)
- Traefik Hub: v3.19.3 -> v3.20.4

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Reviewed-on: https://gitea.unbound.se/unboundsoftware/local-k8s/pulls/281
Co-authored-by: Renovate Bot <renovate@unbound.se>
Co-committed-by: Renovate Bot <renovate@unbound.se>
2026-06-19 16:36:53 +00:00
renovate 4cc387ad4d chore(deps): update postgres:18.4-alpine docker digest to 1b1689b (#280) 2026-06-18 03:06:25 +00:00
renovate d79ac7797f chore(deps): update postgres:18.4-alpine docker digest to d3e64d3 (#279) 2026-06-17 07:06:51 +00:00
renovate 64561c1a9d chore(deps): update helm release traefik to v40.3.0 (#278) 2026-06-12 09:06:16 +00:00
renovate 22fd59e8f6 chore(deps): update helm release external-secrets to v2.6.0 (#277) 2026-06-10 07:07:07 +00:00
renovate 966b70717f chore(deps): update cloudamqp/lavinmq docker tag to v2.8.1 (#276) 2026-05-21 12:06:52 +00:00
renovate 661c5f89d6 chore(deps): update postgres docker tag to v18.4 (#275) 2026-05-19 06:09:06 +00:00
renovate d6ec45eb04 chore(deps): update helm release external-secrets to v2.5.0 (#274) 2026-05-18 13:18:36 +00:00
renovate d00e4f518d chore(deps): update helm release traefik to v40.2.0 (#273) 2026-05-16 15:05:45 +00:00
renovate e22b521311 chore(deps): update helm release traefik to v40.1.0 (#272) 2026-05-15 09:06:38 +00:00
renovate 229c3ba1a9 chore(deps): update helm release traefik to v40.1.0 (#272) 2026-05-15 09:06:36 +00:00
renovate 17e3222521 chore(deps): update helm release traefik to v40.0.1 (#271) 2026-05-14 15:06:58 +00:00
renovate 2bb1203bcb chore(deps): update cloudamqp/lavinmq docker tag to v2.8.0 (#270) 2026-05-10 10:07:22 +00:00
renovate 779078fb20 chore(deps): update helm release traefik to v40 (#269)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [traefik](https://traefik.io/) ([source](https://github.com/traefik/traefik-helm-chart)) | HelmChart | major | `39.0.9` → `40.0.0` |

---

### Release Notes

<details>
<summary>traefik/traefik-helm-chart (traefik)</summary>

### [`v40.0.0`](https://github.com/traefik/traefik-helm-chart/releases/tag/v40.0.0)

[Compare Source](https://github.com/traefik/traefik-helm-chart/compare/v39.0.9...v40.0.0)

**Upgrade Notes**

> \[!IMPORTANT]
> Traefik v3.7.0 comes with CRDs update. See [UPGRADING](https://github.com/traefik/traefik-helm-chart?tab=readme-ov-file#upgrading) instructions and upstream [migration guide](https://doc.traefik.io/traefik/v3.7/migrate/v3/#v370).

> \[!NOTE]
> Gateway API CRDs will no longer be shipped with this chart in the next future major version. See [#&#8203;1669](https://github.com/traefik/traefik-helm-chart/issues/1669) for more details.

- The `Service` spec syntax in *values.yaml* is now aligned with Kubernetes syntax (cf. before / after example in the [PR](https://github.com/traefik/traefik-helm-chart/pull/1686) description)
- `providers.kubernetesIngressNginx` has been renamed to `providers.kubernetesIngressNGINX` to align with Traefik proxy naming (cf. before / after example in the [PR](https://github.com/traefik/traefik-helm-chart/pull/1714) description)

#### 👌 Traefik version support

- Traefik Proxy: v3.6.0 -> v3.7.0 (default)
- Traefik Hub: v3.19.3 -> v3.20.0

#### 💥 BREAKING CHANGES

- refactor(chart)!: support only Proxy v3.6+ & Kubernetes v25+ [#&#8203;1718](https://github.com/traefik/traefik-helm-chart/issues/1718) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- fix(providers)!: kubernetesIngressNginx => kubernetesIngressNGINX [#&#8203;1714](https://github.com/traefik/traefik-helm-chart/issues/1714) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- fix(service)!: align syntax with upstream [#&#8203;1686](https://github.com/traefik/traefik-helm-chart/issues/1686) by [@&#8203;parkerfath](https://github.com/parkerfath)

#### 🚀 Features

- feat: support templated values in service annotations [#&#8203;1696](https://github.com/traefik/traefik-helm-chart/issues/1696) by [@&#8203;DrFaust92](https://github.com/DrFaust92)
- feat(ingress): add native ingressEndpoint hostname and ip support [#&#8203;1695](https://github.com/traefik/traefik-helm-chart/issues/1695) by [@&#8203;DrFaust92](https://github.com/DrFaust92)
- feat(logs): add accesslog.dualOutput option [#&#8203;1725](https://github.com/traefik/traefik-helm-chart/issues/1725) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- feat(CRDs): 🚀 update CRDs to v3.7 [#&#8203;1721](https://github.com/traefik/traefik-helm-chart/issues/1721) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- feat(providers): 🚀 update NGINX with v3.7 options [#&#8203;1720](https://github.com/traefik/traefik-helm-chart/issues/1720) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- feat(entrypoints): add forwardedHeaders.notAppendXForwardedFor option [#&#8203;1723](https://github.com/traefik/traefik-helm-chart/issues/1723) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- feat(api): add dashboardName option [#&#8203;1726](https://github.com/traefik/traefik-helm-chart/issues/1726) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- feat(deployment): add hostUsers support [#&#8203;1744](https://github.com/traefik/traefik-helm-chart/issues/1744) by [@&#8203;DrFaust92](https://github.com/DrFaust92)
- feat(ports): add allowACMEByPass to web port values [#&#8203;1734](https://github.com/traefik/traefik-helm-chart/issues/1734) by [@&#8203;jnoordsij](https://github.com/jnoordsij)
- feat(ingressroute): support templating in annotations and labels [#&#8203;1728](https://github.com/traefik/traefik-helm-chart/issues/1728) by [@&#8203;DrFaust92](https://github.com/DrFaust92)
- feat(deps): update traefik docker tag to v3.6.12 (master) [#&#8203;1767](https://github.com/traefik/traefik-helm-chart/issues/1767) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- feat(deps): update traefik docker tag to v3.6.13 (master) [#&#8203;1793](https://github.com/traefik/traefik-helm-chart/issues/1793) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- feat(podtemplate): allow disabling automatic GOMEMLIMIT [#&#8203;1796](https://github.com/traefik/traefik-helm-chart/issues/1796) by [@&#8203;johnvanhienen](https://github.com/johnvanhienen)
- feat(deps): update traefik docker tag to v3.6.15 (master) [#&#8203;1818](https://github.com/traefik/traefik-helm-chart/issues/1818) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- feat(proxy): add support of kubernetesIngressNGINX.ipAllowListStrategy [#&#8203;1828](https://github.com/traefik/traefik-helm-chart/issues/1828) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- feat(image): add image.digest for digest-based pinning [#&#8203;1821](https://github.com/traefik/traefik-helm-chart/issues/1821) by [@&#8203;zalbiraw](https://github.com/zalbiraw)
- feat(deps): support traefik v3.7.0 & hub v3.20.0 [#&#8203;1835](https://github.com/traefik/traefik-helm-chart/issues/1835) by [@&#8203;mloiseleur](https://github.com/mloiseleur)

#### 🐛 Bug fixes

- fix(traefik-hub): set token using a file [#&#8203;1679](https://github.com/traefik/traefik-helm-chart/issues/1679) by [@&#8203;komalsukhani](https://github.com/komalsukhani)
- fix(providers.kubernetesIngressNGINX): 🐛 clarify int defaults [#&#8203;1829](https://github.com/traefik/traefik-helm-chart/issues/1829) by [@&#8203;darkweaver87](https://github.com/darkweaver87)

#### 📦 Others

- refactor(providers): 🎨 kubernetes ingress nginx [#&#8203;1717](https://github.com/traefik/traefik-helm-chart/issues/1717) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- chore(ci): upgrade helm unittest to 1.0.1 [#&#8203;1713](https://github.com/traefik/traefik-helm-chart/issues/1713) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- docs(gateway): improve wording on namespaces [#&#8203;1716](https://github.com/traefik/traefik-helm-chart/issues/1716) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- test(acme): add certificateTimeout option coverage [#&#8203;1724](https://github.com/traefik/traefik-helm-chart/issues/1724) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- chore: 🍱 merge back 39.1.0-ea.2 into master [#&#8203;1727](https://github.com/traefik/traefik-helm-chart/issues/1727) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- chore(deps): update github actions (major) [#&#8203;1731](https://github.com/traefik/traefik-helm-chart/issues/1731) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update github actions [#&#8203;1730](https://github.com/traefik/traefik-helm-chart/issues/1730) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update github actions (major) [#&#8203;1756](https://github.com/traefik/traefik-helm-chart/issues/1756) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update github actions [#&#8203;1755](https://github.com/traefik/traefik-helm-chart/issues/1755) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- docs(values): update reference links [#&#8203;1762](https://github.com/traefik/traefik-helm-chart/issues/1762) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- docs(values): clarify that kubernetesIngressNGINX.watchNamespace only watches one namespace [#&#8203;1759](https://github.com/traefik/traefik-helm-chart/issues/1759) by [@&#8203;parkerfath](https://github.com/parkerfath)
- docs: clarify DaemonSet updateStrategy to prevent rollout deadlock [#&#8203;1761](https://github.com/traefik/traefik-helm-chart/issues/1761) by [@&#8203;Ahmed-Sameh-MM](https://github.com/Ahmed-Sameh-MM)
- ci: fix renovate config and extend to v40.0 branch [#&#8203;1765](https://github.com/traefik/traefik-helm-chart/issues/1765) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- ci(renovate): add v40.0 baseBranch on traefik updates [#&#8203;1770](https://github.com/traefik/traefik-helm-chart/issues/1770) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- ci(renovate): disable gha update on previous branches [#&#8203;1774](https://github.com/traefik/traefik-helm-chart/issues/1774) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- ci(renovate): enable stable updates on v39.0 [#&#8203;1775](https://github.com/traefik/traefik-helm-chart/issues/1775) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- chore(deps): update ghcr.io/traefik/helm-changelog docker tag to v1 (master) [#&#8203;1771](https://github.com/traefik/traefik-helm-chart/issues/1771) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update github actions (master) [#&#8203;1776](https://github.com/traefik/traefik-helm-chart/issues/1776) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update dawidd6/action-download-artifact action to v20 (master) [#&#8203;1786](https://github.com/traefik/traefik-helm-chart/issues/1786) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update github actions (master) [#&#8203;1785](https://github.com/traefik/traefik-helm-chart/issues/1785) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update github actions (master) [#&#8203;1794](https://github.com/traefik/traefik-helm-chart/issues/1794) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update renovatebot/github-action action to v46.1.10 (master) [#&#8203;1811](https://github.com/traefik/traefik-helm-chart/issues/1811) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- docs(examples): 📚 Azure Application Gateway and Load Balancer [#&#8203;1797](https://github.com/traefik/traefik-helm-chart/issues/1797) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- docs(examples): 📚 deployment with FluxCD OCI [#&#8203;1792](https://github.com/traefik/traefik-helm-chart/issues/1792) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- docs: add example for binding to privileged ports [#&#8203;1783](https://github.com/traefik/traefik-helm-chart/issues/1783) by [@&#8203;tmchow](https://github.com/tmchow)
- chore(deps): update renovatebot/github-action action to v46.1.13 (master) [#&#8203;1817](https://github.com/traefik/traefik-helm-chart/issues/1817) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore(deps): update dawidd6/action-download-artifact action to v21 (master) [#&#8203;1822](https://github.com/traefik/traefik-helm-chart/issues/1822) by [@&#8203;renovate-with-github-actions](https://github.com/renovate-with-github-actions)\[bot]
- chore: 🍱 merge back v40.0 into master [#&#8203;1827](https://github.com/traefik/traefik-helm-chart/issues/1827) by [@&#8203;darkweaver87](https://github.com/darkweaver87)
- docs(readme): fix latest patch versions for legacy [#&#8203;1830](https://github.com/traefik/traefik-helm-chart/issues/1830) by [@&#8203;jnoordsij](https://github.com/jnoordsij)
- ci(renovate): switch to master branch [#&#8203;1833](https://github.com/traefik/traefik-helm-chart/issues/1833) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- ci(renovate): disable renovate self rate limit [#&#8203;1834](https://github.com/traefik/traefik-helm-chart/issues/1834) by [@&#8203;mloiseleur](https://github.com/mloiseleur)
- chore(release): 🚀 publish traefik 40.0.0 and crds 1.18.0 [#&#8203;1836](https://github.com/traefik/traefik-helm-chart/issues/1836) by [@&#8203;mloiseleur](https://github.com/mloiseleur)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE2MC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Reviewed-on: https://gitea.unbound.se/unboundsoftware/local-k8s/pulls/269
Co-authored-by: Renovate Bot <renovate@unbound.se>
Co-committed-by: Renovate Bot <renovate@unbound.se>
2026-05-09 15:13:20 +00:00
renovate ed03fe24dd chore(deps): update helm release traefik to v39.0.9 (#268) 2026-05-07 16:09:31 +00:00
renovate 72b5509c75 chore(deps): update helm release external-secrets to v2.4.1 (#267)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [external-secrets](https://github.com/external-secrets/external-secrets) | HelmChart | patch | `2.4.0` → `2.4.1` |

---

### Release Notes

<details>
<summary>external-secrets/external-secrets (external-secrets)</summary>

### [`v2.4.1`](https://github.com/external-secrets/external-secrets/releases/tag/v2.4.1)

[Compare Source](https://github.com/external-secrets/external-secrets/compare/v2.4.0...v2.4.1)

Image: `ghcr.io/external-secrets/external-secrets:v2.4.1`
Image: `ghcr.io/external-secrets/external-secrets:v2.4.1-ubi`
Image: `ghcr.io/external-secrets/external-secrets:v2.4.1-ubi-boringssl`

<!-- Release notes generated using configuration in .github/release.yml at main -->

#### What's Changed

##### General

- chore: release chart for v2.4.0 by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;6277](https://github.com/external-secrets/external-secrets/pull/6277)
- feat(gcp): support multiple replicationLocations on PushSecret by [@&#8203;alliasgher](https://github.com/alliasgher) in [#&#8203;6225](https://github.com/external-secrets/external-secrets/pull/6225)
- feat(passbolt): add custom CA bundle / CA provider support by [@&#8203;alliasgher](https://github.com/alliasgher) in [#&#8203;6224](https://github.com/external-secrets/external-secrets/pull/6224)
- feat(azure): add contentType support for PushSecret by [@&#8203;ppatel1604](https://github.com/ppatel1604) in [#&#8203;6249](https://github.com/external-secrets/external-secrets/pull/6249)
- feat(charts): add liveness probes to cert-controller and webhook by [@&#8203;mattcarp12](https://github.com/mattcarp12) in [#&#8203;6147](https://github.com/external-secrets/external-secrets/pull/6147)
- fix: prevent creation of specific type of secrets by [@&#8203;Skarlso](https://github.com/Skarlso) in [#&#8203;6280](https://github.com/external-secrets/external-secrets/pull/6280)

##### Dependencies

- chore(deps): bump golang from `f853308` to `f853308` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6282](https://github.com/external-secrets/external-secrets/pull/6282)
- chore(deps): bump alpine from `2510918` to `5b10f43` in /hack/api-docs by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6285](https://github.com/external-secrets/external-secrets/pull/6285)
- chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6283](https://github.com/external-secrets/external-secrets/pull/6283)
- chore(deps): bump goreleaser/goreleaser-action from 7.1.0 to 7.2.1 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6284](https://github.com/external-secrets/external-secrets/pull/6284)
- chore(deps): bump ubi9/ubi from `cf13fe2` to `fd3612e` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;6281](https://github.com/external-secrets/external-secrets/pull/6281)

**Full Changelog**: <https://github.com/external-secrets/external-secrets/compare/v2.4.0...v2.4.1>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE0MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Reviewed-on: #267
Co-authored-by: Renovate Bot <renovate@unbound.se>
Co-committed-by: Renovate Bot <renovate@unbound.se>
2026-05-01 16:23:36 +00:00
renovate 58c8846f89 chore(deps): update cloudamqp/lavinmq docker tag to v2.7.2 (#266) 2026-05-01 13:06:13 +00:00
renovate 91db221d07 chore(deps): update cloudamqp/lavinmq docker tag to v2.7.2 (#266) 2026-05-01 13:06:10 +00:00
renovate 0dabff3525 chore(deps): update helm release external-secrets to v2.4.0 (#265) 2026-04-27 19:06:35 +00:00
renovate 9339ceae0e chore(deps): update helm release external-secrets to v2.4.0 (#265) 2026-04-27 19:06:33 +00:00
renovate 95aaf27dd5 chore(deps): update cloudamqp/lavinmq docker tag to v2.7.1 (#264) 2026-04-27 09:09:57 +00:00
renovate e2957f15de chore(deps): update postgres:18.3-alpine docker digest to 54451ec (#263) 2026-04-22 09:06:58 +00:00
renovate e2d5d970b7 chore(deps): update postgres:18.3-alpine docker digest to d164db0 (#262) 2026-04-22 03:05:30 +00:00
renovate 4ac39f87fb chore(deps): update helm release traefik to v39.0.8 (#261) 2026-04-20 14:06:54 +00:00
renovate 4f0115148d chore(deps): update cloudamqp/lavinmq docker tag to v2.7.0 (#260) 2026-04-19 11:07:49 +00:00
argoyle 73ccafab68 fix(postgres): remove memory limit and add document database (#259)
## Summary

- Remove the 600Mi memory limit on the local Postgres Deployment. With `shared_buffers=384MB` + `max_connections=300` the pod was being repeatedly OOMKilled under real workloads, leaving clients with intermittent `connect: connection refused`. Keep the 400Mi request for scheduling.
- Add `document` to the seeded database list in `initdb.sh`.

## Test plan

- [x] `kubectl --context kind-unbound apply -f k8s/infra/postgres.yaml` — rollout succeeds
- [x] Postgres pod stable (0 restarts) after apply
- [ ] On a fresh cluster (`./setup`), verify the `document` database is created (requires empty `data/postgres/`)

Reviewed-on: #259
2026-04-18 16:34:17 +00:00
renovate b6918819aa chore(deps): update cloudamqp/lavinmq docker tag to v2.6.11 (#258) 2026-04-18 13:06:24 +00:00
renovate eb3ca05bfb chore(deps): update postgres:18.3-alpine docker digest to 5209801 (#257) 2026-04-16 16:11:16 +00:00
renovate bf2332e1ac chore(deps): update postgres:18.3-alpine docker digest to c48f944 (#256) 2026-04-16 02:07:49 +00:00
renovate 8ed20f7e58 chore(deps): update postgres:18.3-alpine docker digest to b73cfac (#255) 2026-04-16 00:06:36 +00:00
argoyle a62ee9efb1 refactor: migrate from ingress-nginx to Traefik v3 (#254)
## Summary

- Replace ingress-nginx 4.15.1 with Traefik v3 (Helm chart 39.0.7) as ingress controller
- Convert nginx-specific annotations to Traefik Middleware CRDs
- Update setup script selectors, namespaces, and readiness checks
- Add `.claude/settings.local.json` to `.gitignore`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #254
2026-04-15 13:05:43 +00:00
renovate 17c97b4333 chore(deps): update helm release cert-manager to v1.20.2 (#253) 2026-04-14 15:06:49 +00:00
renovate e6a410f926 chore(deps): update helm release external-secrets to v2.3.0 (#252) 2026-04-13 16:05:57 +00:00
renovate a79fb8df5a chore(deps): update helm release external-secrets to v2.3.0 (#252) 2026-04-13 16:05:54 +00:00
renovate 068537b11d chore(deps): update helm release cert-manager to v1.20.1 (#251) 2026-03-27 20:05:31 +00:00
renovate 5c3d6736dc chore(deps): update helm release external-secrets to v2.2.0 (#250) 2026-03-20 17:05:24 +00:00
renovate 62e363f01e chore(deps): update helm release ingress-nginx to v4.15.1 (#249) 2026-03-19 22:05:19 +00:00
renovate 99968b13b7 chore(deps): update helm release cert-manager to v1.20.0 (#248) 2026-03-10 16:06:09 +00:00
renovate 1de8e79a05 chore(deps): update helm release ingress-nginx to v4.15.0 (#247) 2026-03-09 21:06:11 +00:00
renovate 03bfdf847f chore(deps): update cloudamqp/lavinmq docker tag to v2.6.10 (#246) 2026-03-09 11:13:40 +00:00
renovate 9a066ac5d0 chore(deps): update helm release external-secrets to v2.1.0 (#245) 2026-03-07 18:05:18 +00:00
renovate b7f407e2d5 chore(deps): update cloudamqp/lavinmq docker tag to v2.6.9 (#244) 2026-03-03 18:08:05 +00:00
renovate f5aac44bd6 chore(deps): update postgres:18.3-alpine docker digest to 4da1a48 (#243) 2026-02-28 09:05:40 +00:00
renovate 9ff876b158 chore(deps): pin cloudamqp/lavinmq docker tag to b564dd1 (#242) 2026-02-27 14:07:24 +00:00
argoyle c93f98c93c Merge pull request 'feat(infra): replace RabbitMQ with LavinMQ' (#241) from replace-rabbitmq-with-lavinmq into main
Reviewed-on: #241
2026-02-27 13:43:44 +00:00
argoyle d89ec816a0 feat(infra): replace RabbitMQ with LavinMQ 2026-02-27 14:42:27 +01:00
renovate 5c0d102410 chore(deps): update postgres:18.3-alpine docker digest to 97e0c20 (#240) 2026-02-26 23:06:05 +00:00
renovate 34d214609d chore(deps): update postgres docker tag to v18.3 (#239) 2026-02-26 19:27:55 +00:00
renovate ed5068ae50 chore(deps): update rabbitmq:4.2.4-management docker digest to d998227 (#238) 2026-02-25 10:07:04 +00:00
renovate 5048ff2c75 chore(deps): update rabbitmq:4.2.4-management docker digest to d957c24 (#237) 2026-02-25 05:05:35 +00:00
argoyle 500f7a899b Merge pull request 'chore(deps): update helm release cert-manager to v1.19.4' (#236) from renovate/cert-manager-1.x into main
Reviewed-on: #236
2026-02-24 16:37:18 +00:00
renovate 30d9343114 chore(deps): update helm release cert-manager to v1.19.4 2026-02-24 16:08:09 +00:00
argoyle 1d3db2a586 Merge pull request 'chore(deps): update rabbitmq:4.2.4-management docker digest to ae4a462' (#235) from renovate/rabbitmq-4.2.4-management into main
Reviewed-on: #235
2026-02-21 07:55:44 +00:00
renovate 1d9202c985 chore(deps): update rabbitmq:4.2.4-management docker digest to ae4a462 2026-02-21 00:05:23 +00:00
argoyle 4708f6c4f8 Merge pull request 'chore(deps): update helm release external-secrets to v2.0.1' (#234) from renovate/external-secrets-2.x into main
Reviewed-on: #234
2026-02-20 17:09:52 +00:00
renovate 96b2c82124 chore(deps): update helm release external-secrets to v2.0.1 2026-02-20 14:18:52 +00:00
argoyle ac362db912 Merge pull request 'chore(deps): update postgres:18.2-alpine docker digest to 035b9ab' (#233) from renovate/postgres-18.2-alpine into main
Reviewed-on: #233
2026-02-19 06:33:56 +00:00
renovate 88074eac07 chore(deps): update postgres:18.2-alpine docker digest to 035b9ab 2026-02-19 02:21:07 +00:00
argoyle 57e17c6c37 Merge pull request 'chore(deps): update rabbitmq:4.2.4-management docker digest to 1b5ac1f' (#232) from renovate/rabbitmq-4.2.4-management into main
Reviewed-on: #232
2026-02-18 12:45:37 +00:00
renovate 3fde6c72da chore(deps): update rabbitmq:4.2.4-management docker digest to 1b5ac1f 2026-02-18 11:07:09 +00:00
argoyle 7196f49a7e Merge pull request 'chore(deps): update rabbitmq:4.2.4-management docker digest to f88cfa9' (#231) from renovate/rabbitmq-4.2.4-management into main
Reviewed-on: #231
2026-02-18 07:16:41 +00:00
renovate dddf77edaa chore(deps): update rabbitmq:4.2.4-management docker digest to f88cfa9 2026-02-18 02:06:06 +00:00
argoyle 4d28a314f3 Merge pull request 'chore(deps): update rabbitmq docker tag to v4.2.4' (#230) from renovate/rabbitmq-4.x into main
Reviewed-on: #230
2026-02-17 20:33:27 +00:00
renovate 0f1e7d4fb3 chore(deps): update rabbitmq docker tag to v4.2.4 2026-02-17 20:05:57 +00:00
renovate 2fd4ac7dc7 chore(deps): update postgres:18.2-alpine docker digest to 88f300b (#229) 2026-02-13 02:05:25 +00:00
renovate 50d01cf6a5 chore(deps): update postgres docker tag to v18.2 (#228) 2026-02-12 22:05:30 +00:00
renovate 00d4bb401f chore(deps): update rabbitmq:4.2.3-management docker digest to be25dc3 (#227) 2026-02-10 02:04:49 +00:00
renovate a6cbc05f1e chore(deps): update rabbitmq:4.2.3-management docker digest to 55d9fa8 (#226) 2026-02-08 06:05:53 +00:00
argoyle f9c98b09b4 Merge pull request 'chore(deps): update helm release external-secrets to v2' (#225) from renovate/external-secrets-2.x into main
Reviewed-on: #225
2026-02-06 16:56:49 +00:00
renovate 5915562f2b chore(deps): update helm release external-secrets to v2 2026-02-06 16:06:28 +00:00
renovate 02f7fe89a5 chore(deps): update rabbitmq:4.2.3-management docker digest to 1c04fc9 (#224) 2026-02-05 23:05:56 +00:00
renovate 5e87c78b4a chore(deps): update rabbitmq:4.2.3-management docker digest to 497a531 (#223) 2026-02-03 23:30:20 +00:00
renovate 0e110bc22a chore(deps): update helm release external-secrets to v1.3.2 (#222) 2026-02-03 21:45:59 +00:00
renovate 4e1b3562bf chore(deps): update rabbitmq:4.2.3-management docker digest to c4249e1 (#221) 2026-02-03 20:10:55 +00:00
renovate 1b89e1799f chore(deps): update helm release ingress-nginx to v4.14.3 (#220) 2026-02-03 00:07:23 +00:00
renovate 59bdf465da chore(deps): update helm release cert-manager to v1.19.3 (#219) 2026-02-02 15:05:05 +00:00
renovate 8faa9c3e3a chore(deps): update postgres:18.1-alpine docker digest to aa6eb30 (#218) 2026-02-01 05:04:45 +00:00
renovate 787b2e9257 chore(deps): update postgres:18.1-alpine docker digest to 4eb15de (#217) 2026-01-29 22:07:04 +00:00
renovate 721e602cc9 chore(deps): update postgres:18.1-alpine docker digest to 30f2a9b (#216) 2026-01-28 10:05:25 +00:00
renovate 8f7acb4903 chore(deps): update postgres:18.1-alpine docker digest to bff1479 (#215) 2026-01-28 07:05:35 +00:00
renovate 5b91974a0b chore(deps): update rabbitmq:4.2.3-management docker digest to 9e53716 (#214) 2026-01-28 06:04:55 +00:00
renovate b3033c46c4 chore(deps): update rabbitmq:4.2.3-management docker digest to ab92245 (#213) 2026-01-28 02:05:28 +00:00
renovate e869c76414 chore(deps): update helm release ingress-nginx to v4.14.2 (#212) 2026-01-26 22:05:31 +00:00
renovate 72e07497dc chore(deps): update helm release external-secrets to v1.3.1 (#211) 2026-01-23 19:09:28 +00:00
renovate 731a2d21ad chore(deps): update rabbitmq:4.2.3-management docker digest to b4377a3 (#210) 2026-01-23 14:12:10 +00:00
renovate 958211d7a3 chore(deps): update rabbitmq:4.2.3-management docker digest to 91dc2a2 (#209) 2026-01-23 02:07:58 +00:00
renovate 125258a57d chore(deps): update rabbitmq docker tag to v4.2.3 (#208) 2026-01-22 23:07:02 +00:00
renovate 48cbe78c84 chore(deps): update rabbitmq:4.2.2-management docker digest to ec89397 (#207) 2026-01-22 14:06:34 +00:00
renovate 8408f8c260 chore(deps): update rabbitmq:4.2.2-management docker digest to e96344e (#206) 2026-01-20 20:07:43 +00:00
renovate 60610b3039 chore(deps): update rabbitmq:4.2.2-management docker digest to de1b5b1 (#205) 2026-01-17 02:06:47 +00:00
renovate 94f17d207a chore(deps): update rabbitmq:4.2.2-management docker digest to 9d4d7f8 (#204) 2026-01-16 08:16:23 +00:00
renovate dc1018387a chore(deps): update rabbitmq:4.2.2-management docker digest to d629e47 (#203) 2026-01-16 02:13:08 +00:00
12 changed files with 182 additions and 195 deletions
+1
View File
@@ -1,2 +1,3 @@
data
charts
.claude/settings.local.json
+22 -4
View File
@@ -24,9 +24,9 @@ kind: Ingress
metadata:
name: frontend
annotations:
nginx.ingress.kubernetes.io/upstream-vhost: "localhost:3300"
traefik.ingress.kubernetes.io/router.middlewares: default-frontend-host@kubernetescrd
spec:
ingressClassName: nginx
ingressClassName: traefik
tls:
- hosts:
- staging-shiny.unbound.se
@@ -59,9 +59,9 @@ kind: Ingress
metadata:
name: api
annotations:
nginx.ingress.kubernetes.io/upstream-vhost: "localhost:4444"
traefik.ingress.kubernetes.io/router.middlewares: default-api-host@kubernetescrd
spec:
ingressClassName: nginx
ingressClassName: traefik
tls:
- hosts:
- staging-shiny-api.unbound.se
@@ -77,3 +77,21 @@ spec:
name: api-external
port:
number: 4444
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: frontend-host
spec:
headers:
customRequestHeaders:
Host: "localhost:3300"
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: api-host
spec:
headers:
customRequestHeaders:
Host: "localhost:4444"
+1 -1
View File
@@ -33,6 +33,6 @@ spec:
- key: "rds/postgres/prod-psql"
value: '{"POSTGRES_URL": "postgres://postgres:postgres@postgres:5432/postgres?sslmode=disable", "DB_HOST": "postgres", "DB_NAME": "postgres", "DB_PASSWORD": "postgres", "DB_PORT": "5432", "DB_USERNAME": "postgres"}'
- key: "mq/rabbit/prod"
value: '{"AMQP_URL": "amqp://user:password@rabbitmq:5672/"}'
value: '{"AMQP_URL": "amqp://guest:guest@lavinmq:5672/"}'
- key: "services/schemas"
value: '{"ISSUER": "auth0", "STRICT_SSL": "false"}'
+3 -3
View File
@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- postgres.yaml
- rabbitmq.yaml
- lavinmq.yaml
- namespaces.yaml
helmCharts:
- name: external-secrets
@@ -10,13 +10,13 @@ helmCharts:
includeCRDs: true
releaseName: external-secrets
repo: https://charts.external-secrets.io
version: 1.2.1
version: 2.7.0
- name: cert-manager
namespace: cert-manager
includeCRDs: true
releaseName: cert-manager
repo: https://charts.jetstack.io
version: v1.19.2
version: v1.20.3
valuesInline:
crds:
enabled: true
+100
View File
@@ -0,0 +1,100 @@
apiVersion: v1
kind: Secret
metadata:
name: lavinmq
stringData:
AMQP_URL: "amqp://guest:guest@lavinmq:5672/"
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: lavinmq
release: lavinmq
name: lavinmq
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: lavinmq
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: lavinmq
spec:
containers:
- image: cloudamqp/lavinmq:2.9.0@sha256:fe85633d8af4f19cb2cedfd69f2f2a771139150406ef751ccdbc5e3c33c2874f
imagePullPolicy: Always
livenessProbe:
tcpSocket:
port: 5672
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: lavinmq
ports:
- containerPort: 5672
name: amqp
protocol: TCP
- containerPort: 15672
name: stats
protocol: TCP
readinessProbe:
httpGet:
port: 15672
path: /api/whoami
httpHeaders:
- name: "Authorization"
value: "Basic Z3Vlc3Q6Z3Vlc3Q="
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 3
resources:
requests:
cpu: 100m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- name: data
mountPath: /var/lib/lavinmq
volumes:
- name: data
hostPath:
path: /data/lavinmq
dnsPolicy: ClusterFirst
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: lavinmq
release: lavinmq
name: lavinmq
spec:
externalTrafficPolicy: Cluster
ports:
- name: amqp
nodePort: 5672
port: 5672
protocol: TCP
targetPort: amqp
- name: stats
nodePort: 15672
port: 15672
protocol: TCP
targetPort: stats
selector:
app.kubernetes.io/name: lavinmq
sessionAffinity: None
type: NodePort
+2 -3
View File
@@ -23,6 +23,7 @@ data:
CREATE DATABASE authz WITH OWNER postgres ENCODING utf8;
CREATE DATABASE company WITH OWNER postgres ENCODING utf8;
CREATE DATABASE consumer WITH OWNER postgres ENCODING utf8;
CREATE DATABASE document WITH OWNER postgres ENCODING utf8;
CREATE DATABASE employee WITH OWNER postgres ENCODING utf8;
CREATE DATABASE invoice WITH OWNER postgres ENCODING utf8;
CREATE DATABASE notification WITH OWNER postgres ENCODING utf8;
@@ -52,7 +53,7 @@ spec:
spec:
containers:
- name: postgres
image: postgres:18.1-alpine@sha256:b40d931bd0e7ce6eecc59a5a6ac3b3c04a01e559750e73e7086b6dbd7f8bf545
image: postgres:18.4-alpine@sha256:1b1689b20d16a014a3d195653381cf2caa75a41a92d93b255a9d6ea29fd353aa
args:
- -c
- shared_buffers=384MB
@@ -62,8 +63,6 @@ spec:
resources:
requests:
memory: 400Mi
limits:
memory: 600Mi
ports:
- containerPort: 5432
env:
-166
View File
@@ -1,166 +0,0 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: shared-rabbitmq
data:
RABBITMQ_SERVERS: rabbitmq
RABBITMQ_VHOST: /
RABBITMQ_USERNAME: user
---
apiVersion: v1
kind: ConfigMap
metadata:
name: rabbitmq-env-config
data:
memory.conf: |-
total_memory_available_override_value = 1GB
---
apiVersion: v1
kind: Secret
metadata:
name: rabbitmq
stringData:
AMQP_URL: "amqp://user:password@rabbitmq:5672/"
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: rabbitmq
release: rabbitmq
name: rabbitmq
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: rabbitmq
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: rabbitmq
spec:
securityContext:
fsGroup: 999
runAsUser: 999
runAsGroup: 999
containers:
- env:
- name: RABBITMQ_DEFAULT_USER
value: user
- name: RABBITMQ_DEFAULT_PASS
value: password
- name: RABBITMQ_NODE_PORT_NUMBER
value: "5672"
- name: RABBITMQ_NODE_TYPE
value: stats
- name: RABBITMQ_NODENAME
value: rabbit@localhost
- name: RABBITMQ_CLUSTER_NODE_NAME
- name: RABBITMQ_DEFAULT_VHOST
value: /
- name: RABBITMQ_MANAGER_PORT_NUMBER
value: "15672"
- name: RABBITMQ_DISK_FREE_LIMIT
value: '"8GiB"'
- name: RABBITMQ_CONFIG_FILES
value: /etc/rabbitmq/conf.d
image: rabbitmq:4.2.2-management@sha256:5b38b93d6f8cecc6263c0b774b31acd60849bf4d06b2e61169f0c28c1c55c232
imagePullPolicy: Always
livenessProbe:
exec:
command:
- rabbitmqctl
- status
failureThreshold: 6
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: rabbitmq
ports:
- containerPort: 4369
name: epmd
protocol: TCP
- containerPort: 5672
name: amqp
protocol: TCP
- containerPort: 25672
name: dist
protocol: TCP
- containerPort: 15672
name: stats
protocol: TCP
readinessProbe:
httpGet:
port: 15672
path: /api/aliveness-test/%2F
httpHeaders:
- name: "Authorization"
value: "Basic dXNlcjpwYXNzd29yZA=="
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 3
resources:
requests:
cpu: 100m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- name: data
mountPath: /var/lib/rabbitmq
- name: config
mountPath: /etc/rabbitmq/conf.d/20-memory.conf
subPath: memory.conf
readOnly: true
volumes:
- name: data
hostPath:
path: /data/rabbitmq
- name: config
configMap:
name: rabbitmq-env-config
dnsPolicy: ClusterFirst
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: rabbitmq
release: rabbitmq
name: rabbitmq
spec:
externalTrafficPolicy: Cluster
ports:
- name: epmd
nodePort: 31799
port: 4369
protocol: TCP
targetPort: epmd
- name: amqp
nodePort: 5672
port: 5672
protocol: TCP
targetPort: amqp
- name: dist
nodePort: 32687
port: 25672
protocol: TCP
targetPort: dist
- name: stats
nodePort: 15672
port: 15672
protocol: TCP
targetPort: stats
selector:
app.kubernetes.io/name: rabbitmq
sessionAffinity: None
type: NodePort
-12
View File
@@ -1,12 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces.yaml
helmCharts:
- name: ingress-nginx
namespace: ingress-nginx
includeCRDs: true
releaseName: ingress-nginx
repo: https://kubernetes.github.io/ingress-nginx
version: 4.14.1
valuesFile: https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/manifest-templates/provider/kind/values.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces.yaml
helmCharts:
- name: traefik
namespace: traefik
includeCRDs: true
releaseName: traefik
repo: https://traefik.github.io/charts
version: 41.0.0
valuesFile: values.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik
+31
View File
@@ -0,0 +1,31 @@
deployment:
kind: DaemonSet
ports:
web:
hostPort: 80
websecure:
hostPort: 443
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Equal"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
effect: "NoSchedule"
nodeSelector:
ingress-ready: "true"
providers:
kubernetesIngress:
publishedService:
enabled: false
service:
type: ClusterIP
ingressClass:
enabled: true
isDefaultClass: true
+6 -6
View File
@@ -12,20 +12,20 @@ kubectl create secret docker-registry gitlab \
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gitlab"}]}'
kustomized="$(mktemp -t unboundnginx.yaml.XXXXXX)"
kustomized="$(mktemp -t unboundtraefik.yaml.XXXXXX)"
kubectl kustomize --enable-helm "k8s/nginx" >> "${kustomized}"
kubectl kustomize --enable-helm "k8s/traefik" >> "${kustomized}"
kubectl apply -f "${kustomized}" --server-side || true
printf "\nWait for pod app.kubernetes.io/component=controller to be created."
printf "\nWait for pod app.kubernetes.io/name=traefik to be created."
while :; do
sleep 2
[ -n "$(kubectl -n ingress-nginx get pod --selector=app.kubernetes.io/component=controller 2>/dev/null)" ] && printf "\n\n" && break
[ -n "$(kubectl -n traefik get pod --selector=app.kubernetes.io/name=traefik 2>/dev/null)" ] && printf "\n\n" && break
printf "."
done
echo "Wait for nginx to be available."
until [[ $(kubectl -n ingress-nginx get endpointslices -l 'kubernetes.io/service-name=ingress-nginx-controller' -o=jsonpath='{.items[*].endpoints[*].addresses[*]}') ]]; do sleep 5; done
echo "Wait for traefik to be available."
until [[ $(kubectl -n traefik get endpointslices -l 'kubernetes.io/service-name=traefik' -o=jsonpath='{.items[*].endpoints[*].addresses[*]}') ]]; do sleep 5; done
kustomized="$(mktemp -t unboundinfra.yaml.XXXXXX)"