Skip to content

Deploy releases/k8s-manifests 454249c #146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
themightychris merged 8 commits into from
May 18, 2026
Merged

Deploy releases/k8s-manifests 454249c #146

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
50c87fa
feat(envoy-gateway): bump civic-cloud v1.9.2 + add Gateway API founda…
themightychris May 18, 2026
0db3585
feat(cert-manager): add parallel gateway ClusterIssuers (phase 2)
themightychris May 18, 2026
56a2240
feat(gateways): pre-populate per-app Gateway + HTTPRoute (phase 3)
themightychris May 18, 2026
0385d6b
feat(envoy-gateway): add global HTTP→HTTPS redirect HTTPRoute (phase …
themightychris May 18, 2026
a9a1ab6
refactor: prefix non-workloads with _
themightychris May 18, 2026
311f397
docs(claude): add repo-local agent instructions
themightychris May 18, 2026
f39e903
Merge pull request #145 from CodeForPhilly/migrate-envoy-gateway
themightychris May 18, 2026
454249c
☀ projected k8s-manifests-github from f39e903
themightychris May 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion .github/workflows/k8s-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,14 @@ jobs:
echo -n '' > /tmp/kube.err

- name: 'Apply manifests: CRD resources'
# Server-side apply avoids the 256KB metadata.annotations limit hit by
# client-side apply's last-applied-configuration on large CRDs (e.g.
# cnpg's poolers.postgresql.cnpg.io). --force-conflicts lets us reclaim
# ownership from any prior client-side annotation during migration.
run: |
if [ -d ./_/CustomResourceDefinition ]; then
# Capture errors and add context
dir_errors=$(kubectl apply -Rf ./_/CustomResourceDefinition 2>&1 1>>/tmp/kube.log || true)
dir_errors=$(kubectl apply --server-side --force-conflicts -Rf ./_/CustomResourceDefinition 2>&1 1>>/tmp/kube.log || true)

# Filter and append errors with context if meaningful
filtered_errors=$(echo "$dir_errors" | \
Expand Down
18 changes: 18 additions & 0 deletions _/ClusterIssuer/letsencrypt-prod-gateway.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod-gateway
spec:
acme:
email: services@codeforphilly.org
privateKeySecretRef:
name: letsencrypt-prod-gateway
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
gatewayHTTPRoute:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: main-gateway
namespace: envoy-gateway-system
18 changes: 18 additions & 0 deletions _/ClusterIssuer/letsencrypt-staging-gateway.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging-gateway
spec:
acme:
email: services@codeforphilly.org
privateKeySecretRef:
name: letsencrypt-staging-gateway
server: https://acme-staging-v02.api.letsencrypt.org/directory
solvers:
- http01:
gatewayHTTPRoute:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: main-gateway
namespace: envoy-gateway-system
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-cainjector.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-cainjector
rules:
- apiGroups:
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-cluster-view.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
rbac.authorization.k8s.io/aggregate-to-cluster-reader: 'true'
name: cert-manager-cluster-view
rules:
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-controller-approve:cert-manager-io.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-controller-approve:cert-manager-io
rules:
- apiGroups:
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-controller-certificates.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-controller-certificates
rules:
- apiGroups:
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-controller-certificatesigningrequests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-controller-certificatesigningrequests
rules:
- apiGroups:
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-controller-challenges.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-controller-challenges
rules:
- apiGroups:
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-controller-clusterissuers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-controller-clusterissuers
rules:
- apiGroups:
Expand Down
6 changes: 4 additions & 2 deletions _/ClusterRole/cert-manager-controller-ingress-shim.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-controller-ingress-shim
rules:
- apiGroups:
Expand Down Expand Up @@ -50,6 +50,7 @@ rules:
resources:
- gateways
- httproutes
- listenersets
verbs:
- get
- list
Expand All @@ -59,6 +60,7 @@ rules:
resources:
- gateways/finalizers
- httproutes/finalizers
- listenersets/finalizers
verbs:
- update
- apiGroups:
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-controller-issuers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-controller-issuers
rules:
- apiGroups:
Expand Down
11 changes: 9 additions & 2 deletions _/ClusterRole/cert-manager-controller-orders.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-controller-orders
rules:
- apiGroups:
Expand Down Expand Up @@ -50,6 +50,13 @@ rules:
- orders/finalizers
verbs:
- update
- apiGroups:
- cert-manager.io
resources:
- clusterissuers/finalizers
- issuers/finalizers
verbs:
- update
- apiGroups:
- ''
resources:
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-edit.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
rbac.authorization.k8s.io/aggregate-to-admin: 'true'
rbac.authorization.k8s.io/aggregate-to-edit: 'true'
name: cert-manager-edit
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-view.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
rbac.authorization.k8s.io/aggregate-to-admin: 'true'
rbac.authorization.k8s.io/aggregate-to-cluster-reader: 'true'
rbac.authorization.k8s.io/aggregate-to-edit: 'true'
Expand Down
4 changes: 2 additions & 2 deletions _/ClusterRole/cert-manager-webhook:subjectaccessreviews.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ metadata:
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.10.1
helm.sh/chart: cert-manager-v1.10.1
app.kubernetes.io/version: v1.20.2
helm.sh/chart: cert-manager-v1.20.2
name: cert-manager-webhook:subjectaccessreviews
rules:
- apiGroups:
Expand Down
31 changes: 31 additions & 0 deletions _/ClusterRole/envoy-gateway-gateway-helm-certgen:envoy-gateway-system.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
helm.sh/hook: pre-install, pre-upgrade
helm.sh/hook-weight: '-1'
labels:
app.kubernetes.io/instance: envoy-gateway
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gateway-helm
app.kubernetes.io/version: v1.7.3
helm.sh/chart: gateway-helm-v1.7.3
name: envoy-gateway-gateway-helm-certgen:envoy-gateway-system
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resourceNames:
- envoy-gateway-topology-injector.envoy-gateway-system
resources:
- mutatingwebhookconfigurations
verbs:
- update
- patch
Loading
Loading