Deploy releases/k8s-manifests a4fd1c8 by github-actions[bot] · Pull Request #149 · CodeForPhilly/cfp-sandbox-cluster

github-actions · 2026-05-17T05:14:59Z

kubectl diff reports that applying a4fd1c8 will change:

diff -uN /tmp/LIVE-1361287896/v1.ConfigMap.cert-manager.cert-manager /tmp/MERGED-2572503226/v1.ConfigMap.cert-manager.cert-manager
--- /tmp/LIVE-1361287896/v1.ConfigMap.cert-manager.cert-manager	2026-05-17 05:14:45.940231608 +0000
+++ /tmp/MERGED-2572503226/v1.ConfigMap.cert-manager.cert-manager	2026-05-17 05:14:45.952231893 +0000
@@ -4,7 +4,7 @@
     apiVersion: controller.config.cert-manager.io/v1alpha1
     enableGatewayAPI: true
     featureGates:
-      ListenerSet: true
+      ListenerSets: true
     kind: ControllerConfiguration
 kind: ConfigMap
 metadata:
diff -uN /tmp/LIVE-532157609/batch.v1.Job.envoy-gateway-system.envoy-gateway-gateway-helm-certgen /tmp/MERGED-2003707267/batch.v1.Job.envoy-gateway-system.envoy-gateway-gateway-helm-certgen
--- /tmp/LIVE-532157609/batch.v1.Job.envoy-gateway-system.envoy-gateway-gateway-helm-certgen	2026-05-17 05:14:49.370313101 +0000
+++ /tmp/MERGED-2003707267/batch.v1.Job.envoy-gateway-system.envoy-gateway-gateway-helm-certgen	2026-05-17 05:14:49.380313339 +0000
@@ -1 +1,70 @@
-{}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    helm.sh/hook: pre-install, pre-upgrade
+  labels:
+    app.kubernetes.io/instance: envoy-gateway
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: gateway-helm
+    app.kubernetes.io/version: v1.7.3
+    helm.sh/chart: gateway-helm-v1.7.3
+  name: envoy-gateway-gateway-helm-certgen
+  namespace: envoy-gateway-system
+spec:
+  backoffLimit: 1
+  completionMode: NonIndexed
+  completions: 1
+  manualSelector: false
+  parallelism: 1
+  podReplacementPolicy: TerminatingOrFailed
+  selector:
+    matchLabels:
+      batch.kubernetes.io/controller-uid: 7823fc51-49cb-4871-b57f-837e043a901f
+  suspend: false
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: certgen
+        batch.kubernetes.io/controller-uid: 7823fc51-49cb-4871-b57f-837e043a901f
+        batch.kubernetes.io/job-name: envoy-gateway-gateway-helm-certgen
+        controller-uid: 7823fc51-49cb-4871-b57f-837e043a901f
+        job-name: envoy-gateway-gateway-helm-certgen
+    spec:
+      containers:
+      - command:
+        - envoy-gateway
+        - certgen
+        env:
+        - name: ENVOY_GATEWAY_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: KUBERNETES_CLUSTER_DOMAIN
+          value: cluster.local
+        image: docker.io/envoyproxy/gateway:v1.7.3
+        imagePullPolicy: IfNotPresent
+        name: envoy-gateway-certgen
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsGroup: 65532
+          runAsNonRoot: true
+          runAsUser: 65532
+          seccompProfile:
+            type: RuntimeDefault
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Never
+      schedulerName: default-scheduler
+      serviceAccount: envoy-gateway-gateway-helm-certgen
+      serviceAccountName: envoy-gateway-gateway-helm-certgen
+      terminationGracePeriodSeconds: 30
+  ttlSecondsAfterFinished: 30

Picks up the cert-manager ListenerSets feature gate name fix from upstream. v1.9.0 deployed with the wrong gate name (`ListenerSet` singular) and cert-manager controller crash-looped on startup. v1.9.1 has the correct name (`ListenerSets` plural). See JarvusInnovations/cluster-template#61, civic-cloud/cluster-template#20. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

fix(deps): bump civic-cloud to v1.9.1 (cert-manager gate name)

Source-holobranch: k8s-manifests-github Source-commit: ac02e85 Source: ac02e85

github-actions · 2026-05-18T00:30:06Z

kubectl apply output (excluding unchanged) for 2e457a3 was:

customresourcedefinition.apiextensions.k8s.io/backends.gateway.envoyproxy.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/backendtlspolicies.gateway.networking.k8s.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/backendtrafficpolicies.gateway.envoyproxy.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/backups.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clienttrafficpolicies.gateway.envoyproxy.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusterimagecatalogs.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusters.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/databases.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/envoyextensionpolicies.gateway.envoyproxy.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/envoypatchpolicies.gateway.envoyproxy.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/envoyproxies.gateway.envoyproxy.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/failoverquorums.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/grpcroutes.gateway.networking.k8s.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/httproutefilters.gateway.envoyproxy.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/imagecatalogs.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/listenersets.gateway.networking.k8s.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/poolers.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/publications.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/scheduledbackups.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/sealedsecrets.bitnami.com serverside-applied
customresourcedefinition.apiextensions.k8s.io/securitypolicies.gateway.envoyproxy.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/subscriptions.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/tlsroutes.gateway.networking.k8s.io serverside-applied
clusterrole.rbac.authorization.k8s.io/envoy-gateway-gateway-helm-envoy-gateway-role configured
clusterrole.rbac.authorization.k8s.io/grafana-clusterrole configured
clusterrole.rbac.authorization.k8s.io/prometheus-alertmanager configured
clusterrole.rbac.authorization.k8s.io/prometheus-pushgateway configured
clusterrolebinding.rbac.authorization.k8s.io/sealed-secrets configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/cnpg-mutating-webhook-configuration configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/envoy-gateway-topology-injector.envoy-gateway-system configured
validatingadmissionpolicy.admissionregistration.k8s.io/safe-upgrades.gateway.networking.k8s.io configured
validatingadmissionpolicybinding.admissionregistration.k8s.io/safe-upgrades.gateway.networking.k8s.io configured
validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
validatingwebhookconfiguration.admissionregistration.k8s.io/cnpg-validating-webhook-configuration configured
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission configured
configmap/cert-manager configured
deployment.apps/choose-native-plants configured
cluster.postgresql.cnpg.io/shared-cluster configured
configmap/cnpg-controller-manager-config configured
statefulset.apps/data-warehouse-postgresql configured
deployment.apps/envoy-gateway configured
job.batch/envoy-gateway-gateway-helm-certgen created
configmap/grafana-dashboards-default configured
deployment.apps/grafana configured
deployment.apps/ingress-nginx-controller configured
deployment.apps/metrics-server configured
secret/promtail configured
statefulset.apps/loki configured
statefulset.apps/database configured
deployment.apps/prometheus-alertmanager configured
deployment.apps/prometheus-kube-state-metrics configured
deployment.apps/prometheus-pushgateway configured
deployment.apps/prometheus-server configured
serviceaccount/prometheus-kube-state-metrics configured
deployment.apps/sealed-secrets configured
rolebinding.rbac.authorization.k8s.io/sealed-secrets-key-admin configured
service/sealed-secrets configured

themightychris and others added 3 commits May 13, 2026 00:17

Merge pull request #148 from CodeForPhilly/fix/civic-cloud-1.9.1

ac02e85

fix(deps): bump civic-cloud to v1.9.1 (cert-manager gate name)

☀ projected k8s-manifests-github from ac02e85

a4fd1c8

Source-holobranch: k8s-manifests-github Source-commit: ac02e85 Source: ac02e85

themightychris merged commit 2e457a3 into deploys/k8s-manifests May 18, 2026
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy releases/k8s-manifests a4fd1c8#149

Deploy releases/k8s-manifests a4fd1c8#149
themightychris merged 3 commits into
deploys/k8s-manifestsfrom
releases/k8s-manifests

github-actions Bot commented May 17, 2026

Uh oh!

Uh oh!

github-actions Bot commented May 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

github-actions Bot commented May 17, 2026

Uh oh!

Uh oh!

github-actions Bot commented May 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant