diff --git a/flake.lock b/flake.lock index b09a16e..eb77cec 100644 --- a/flake.lock +++ b/flake.lock @@ -196,11 +196,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1732929744, - "narHash": "sha256-EFyi+utu/oL8U5+XmAdQgDbDSeto8phfCPBn9eFO2Vw=", + "lastModified": 1733534688, + "narHash": "sha256-sLX5drdXmvzHp9GWbbEwAsPvYWPZbP2XqZT4Szs28CQ=", "owner": "farcaller", "repo": "nixhelm", - "rev": "b291732322ba63833ce4e9375e76ee0680c5b0fd", + "rev": "50a4c3cc934fe99f69b2c1bd37768a03b01ca0fe", "type": "github" }, "original": { diff --git a/manifests/.revision b/manifests/.revision index 9a14ccb..f646e57 100644 --- a/manifests/.revision +++ b/manifests/.revision @@ -1 +1 @@ -2e41f1ecf14c5375dab44564107b47e828af035f +11cedace8a2f2754fcfd89dde16208203043ac48 diff --git a/manifests/argocd/Deployment-argocd-applicationset-controller.yaml b/manifests/argocd/Deployment-argocd-applicationset-controller.yaml index 5abfa6c..f2cf45e 100644 --- a/manifests/argocd/Deployment-argocd-applicationset-controller.yaml +++ b/manifests/argocd/Deployment-argocd-applicationset-controller.yaml @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - checksum/cmd-params: 8e706d7db04d815e68f42e1dcc293c310afe8734f56268ccecf66301d8e401ad + checksum/cmd-params: 0b5ffbffe4d81a9b54ef9b90278d920e2bb86a7d8f47befb9e60deb606ca255c labels: app.kubernetes.io/component: applicationset-controller app.kubernetes.io/instance: argocd diff --git a/manifests/argocd/Deployment-argocd-dex-server.yaml b/manifests/argocd/Deployment-argocd-dex-server.yaml index fd19f12..3d8e11f 100644 --- a/manifests/argocd/Deployment-argocd-dex-server.yaml +++ b/manifests/argocd/Deployment-argocd-dex-server.yaml @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - checksum/cmd-params: 8e706d7db04d815e68f42e1dcc293c310afe8734f56268ccecf66301d8e401ad + checksum/cmd-params: 0b5ffbffe4d81a9b54ef9b90278d920e2bb86a7d8f47befb9e60deb606ca255c labels: app.kubernetes.io/component: dex-server app.kubernetes.io/instance: argocd diff --git a/manifests/argocd/Deployment-argocd-repo-server.yaml b/manifests/argocd/Deployment-argocd-repo-server.yaml index 8006859..3a230a6 100644 --- a/manifests/argocd/Deployment-argocd-repo-server.yaml +++ b/manifests/argocd/Deployment-argocd-repo-server.yaml @@ -18,8 +18,8 @@ spec: template: metadata: annotations: - checksum/cm: 5538ae9ae592877df8f242edf9aa787a7e4884ce380704c3a015f9f5a3a48226 - checksum/cmd-params: 8e706d7db04d815e68f42e1dcc293c310afe8734f56268ccecf66301d8e401ad + checksum/cm: 8227e504f8c098463e9484b6bed1c1e7fc242d9fd036133f5e4a2b32c79862e4 + checksum/cmd-params: 0b5ffbffe4d81a9b54ef9b90278d920e2bb86a7d8f47befb9e60deb606ca255c labels: app.kubernetes.io/component: repo-server app.kubernetes.io/instance: argocd diff --git a/manifests/argocd/Deployment-argocd-server.yaml b/manifests/argocd/Deployment-argocd-server.yaml index 7863eb8..06e75f4 100644 --- a/manifests/argocd/Deployment-argocd-server.yaml +++ b/manifests/argocd/Deployment-argocd-server.yaml @@ -18,8 +18,8 @@ spec: template: metadata: annotations: - checksum/cm: 5538ae9ae592877df8f242edf9aa787a7e4884ce380704c3a015f9f5a3a48226 - checksum/cmd-params: 8e706d7db04d815e68f42e1dcc293c310afe8734f56268ccecf66301d8e401ad + checksum/cm: 8227e504f8c098463e9484b6bed1c1e7fc242d9fd036133f5e4a2b32c79862e4 + checksum/cmd-params: 0b5ffbffe4d81a9b54ef9b90278d920e2bb86a7d8f47befb9e60deb606ca255c labels: app.kubernetes.io/component: server app.kubernetes.io/instance: argocd diff --git a/manifests/argocd/StatefulSet-argocd-application-controller.yaml b/manifests/argocd/StatefulSet-argocd-application-controller.yaml index 554aeb6..296bdd9 100644 --- a/manifests/argocd/StatefulSet-argocd-application-controller.yaml +++ b/manifests/argocd/StatefulSet-argocd-application-controller.yaml @@ -19,8 +19,8 @@ spec: template: metadata: annotations: - checksum/cm: 5538ae9ae592877df8f242edf9aa787a7e4884ce380704c3a015f9f5a3a48226 - checksum/cmd-params: 8e706d7db04d815e68f42e1dcc293c310afe8734f56268ccecf66301d8e401ad + checksum/cm: 8227e504f8c098463e9484b6bed1c1e7fc242d9fd036133f5e4a2b32c79862e4 + checksum/cmd-params: 0b5ffbffe4d81a9b54ef9b90278d920e2bb86a7d8f47befb9e60deb606ca255c labels: app.kubernetes.io/component: application-controller app.kubernetes.io/instance: argocd diff --git a/manifests/traefik/CustomResourceDefinition-aiservices-hub-traefik-io.yaml b/manifests/traefik/CustomResourceDefinition-aiservices-hub-traefik-io.yaml new file mode 100644 index 0000000..17fd23c --- /dev/null +++ b/manifests/traefik/CustomResourceDefinition-aiservices-hub-traefik-io.yaml @@ -0,0 +1,242 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: aiservices.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: AIService + listKind: AIServiceList + plural: aiservices + singular: aiservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AIService is a Kubernetes-like Service to interact with a text-based LLM provider. It defines the parameters and credentials required to interact with various LLM providers. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: The desired behavior of this AIService. + properties: + anthropic: + description: Anthropic configures Anthropic backend. + properties: + model: + type: string + params: + description: Params holds the LLM hyperparameters. + properties: + frequencyPenalty: + type: number + maxTokens: + type: integer + presencePenalty: + type: number + temperature: + type: number + topP: + type: number + type: object + token: + type: string + required: + - token + type: object + azureOpenai: + description: AzureOpenAI configures AzureOpenAI. + properties: + apiKey: + type: string + baseUrl: + type: string + deploymentName: + type: string + model: + type: string + params: + description: Params holds the LLM hyperparameters. + properties: + frequencyPenalty: + type: number + maxTokens: + type: integer + presencePenalty: + type: number + temperature: + type: number + topP: + type: number + type: object + required: + - apiKey + - baseUrl + - deploymentName + type: object + bedrock: + description: Bedrock configures Bedrock backend. + properties: + model: + type: string + params: + description: Params holds the LLM hyperparameters. + properties: + frequencyPenalty: + type: number + maxTokens: + type: integer + presencePenalty: + type: number + temperature: + type: number + topP: + type: number + type: object + region: + type: string + systemMessage: + type: boolean + type: object + cohere: + description: Cohere configures Cohere backend. + properties: + model: + type: string + params: + description: Params holds the LLM hyperparameters. + properties: + frequencyPenalty: + type: number + maxTokens: + type: integer + presencePenalty: + type: number + temperature: + type: number + topP: + type: number + type: object + token: + type: string + required: + - token + type: object + gemini: + description: Gemini configures Gemini backend. + properties: + apiKey: + type: string + model: + type: string + params: + description: Params holds the LLM hyperparameters. + properties: + frequencyPenalty: + type: number + maxTokens: + type: integer + presencePenalty: + type: number + temperature: + type: number + topP: + type: number + type: object + required: + - apiKey + type: object + mistral: + description: Mistral configures Mistral AI backend. + properties: + apiKey: + type: string + model: + type: string + params: + description: Params holds the LLM hyperparameters. + properties: + frequencyPenalty: + type: number + maxTokens: + type: integer + presencePenalty: + type: number + temperature: + type: number + topP: + type: number + type: object + required: + - apiKey + type: object + ollama: + description: Ollama configures Ollama backend. + properties: + baseUrl: + type: string + model: + type: string + params: + description: Params holds the LLM hyperparameters. + properties: + frequencyPenalty: + type: number + maxTokens: + type: integer + presencePenalty: + type: number + temperature: + type: number + topP: + type: number + type: object + required: + - baseUrl + type: object + openai: + description: OpenAI configures OpenAI. + properties: + model: + type: string + params: + description: Params holds the LLM hyperparameters. + properties: + frequencyPenalty: + type: number + maxTokens: + type: integer + presencePenalty: + type: number + temperature: + type: number + topP: + type: number + type: object + token: + type: string + required: + - token + type: object + type: object + type: object + served: true + storage: true diff --git a/manifests/traefik/CustomResourceDefinition-apiaccesses-hub-traefik-io.yaml b/manifests/traefik/CustomResourceDefinition-apiaccesses-hub-traefik-io.yaml index c1965f1..5407e78 100644 --- a/manifests/traefik/CustomResourceDefinition-apiaccesses-hub-traefik-io.yaml +++ b/manifests/traefik/CustomResourceDefinition-apiaccesses-hub-traefik-io.yaml @@ -13,7 +13,9 @@ spec: singular: apiaccess scope: Namespaced versions: - - name: v1alpha1 + - deprecated: true + deprecationWarning: APIAccess is deprecated in favor of APICatalogItems and ManagedSubscription + name: v1alpha1 schema: openAPIV3Schema: description: APIAccess defines who can access to a set of APIs. diff --git a/manifests/traefik/CustomResourceDefinition-apicatalogitems-hub-traefik-io.yaml b/manifests/traefik/CustomResourceDefinition-apicatalogitems-hub-traefik-io.yaml new file mode 100644 index 0000000..f109e94 --- /dev/null +++ b/manifests/traefik/CustomResourceDefinition-apicatalogitems-hub-traefik-io.yaml @@ -0,0 +1,178 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: apicatalogitems.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: APICatalogItem + listKind: APICatalogItemList + plural: apicatalogitems + singular: apicatalogitem + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: APICatalogItem defines APIs that will be part of the API catalog on the portal. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: The desired behavior of this APICatalogItem. + properties: + apiBundles: + description: |- + APIBundles defines a set of APIBundle that will be visible to the configured audience. + Multiple APICatalogItem can select the same APIBundles. + items: + description: APIBundleReference references an APIBundle. + properties: + name: + description: Name of the APIBundle. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-validations: + - message: duplicated apiBundles + rule: self.all(x, self.exists_one(y, x.name == y.name)) + apiPlan: + description: |- + APIPlan defines which APIPlan will be available. + If multiple APICatalogItem specify the same API with different APIPlan, the API consumer will be able to pick + a plan from this list. + properties: + name: + description: Name of the APIPlan. + maxLength: 253 + type: string + required: + - name + type: object + apiSelector: + description: |- + APISelector selects the APIs that will be visible to the configured audience. + Multiple APICatalogItem can select the same set of APIs. + This field is optional and follows standard label selector semantics. + An empty APISelector matches any API. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + apis: + description: |- + APIs defines a set of APIs that will be visible to the configured audience. + Multiple APICatalogItem can select the same APIs. + When combined with APISelector, this set of APIs is appended to the matching APIs. + items: + description: APIReference references an API. + properties: + name: + description: Name of the API. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-validations: + - message: duplicated apis + rule: self.all(x, self.exists_one(y, x.name == y.name)) + everyone: + description: Everyone indicates that all users will see these APIs. + type: boolean + groups: + description: Groups are the consumer groups that will see the APIs. + items: + type: string + type: array + operationFilter: + description: |- + OperationFilter specifies the visible operations on APIs and APIVersions. + If not set, all operations are available. + An empty OperationFilter prohibits all operations. + properties: + include: + description: Include defines the names of OperationSets that will be accessible. + items: + type: string + maxItems: 100 + type: array + type: object + type: object + x-kubernetes-validations: + - message: groups and everyone are mutually exclusive + rule: '(has(self.everyone) && has(self.groups)) ? !(self.everyone && self.groups.size() > 0) : true' + status: + description: The current status of this APICatalogItem. + properties: + hash: + description: Hash is a hash representing the APICatalogItem. + type: string + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true diff --git a/manifests/traefik/CustomResourceDefinition-managedsubscriptions-hub-traefik-io.yaml b/manifests/traefik/CustomResourceDefinition-managedsubscriptions-hub-traefik-io.yaml new file mode 100644 index 0000000..e4fa6ab --- /dev/null +++ b/manifests/traefik/CustomResourceDefinition-managedsubscriptions-hub-traefik-io.yaml @@ -0,0 +1,199 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: managedsubscriptions.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: ManagedSubscription + listKind: ManagedSubscriptionList + plural: managedsubscriptions + singular: managedsubscription + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ManagedSubscription defines a Subscription managed by the API manager as the result of a pre-negotiation with its + API consumers. This subscription grant consuming access to a set of APIs to a set of Applications. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: The desired behavior of this ManagedSubscription. + properties: + apiBundles: + description: |- + APIBundles defines a set of APIBundle that will be accessible. + Multiple ManagedSubscriptions can select the same APIBundles. + items: + description: APIBundleReference references an APIBundle. + properties: + name: + description: Name of the APIBundle. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-validations: + - message: duplicated apiBundles + rule: self.all(x, self.exists_one(y, x.name == y.name)) + apiPlan: + description: APIPlan defines which APIPlan will be used. + properties: + name: + description: Name of the APIPlan. + maxLength: 253 + type: string + required: + - name + type: object + apiSelector: + description: |- + APISelector selects the APIs that will be accessible. + Multiple ManagedSubscriptions can select the same set of APIs. + This field is optional and follows standard label selector semantics. + An empty APISelector matches any API. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + apis: + description: |- + APIs defines a set of APIs that will be accessible. + Multiple ManagedSubscriptions can select the same APIs. + When combined with APISelector, this set of APIs is appended to the matching APIs. + items: + description: APIReference references an API. + properties: + name: + description: Name of the API. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-validations: + - message: duplicated apis + rule: self.all(x, self.exists_one(y, x.name == y.name)) + applications: + description: |- + Applications references the Applications that will gain access to the specified APIs. + Multiple ManagedSubscriptions can select the same AppID. + items: + description: ApplicationReference references an Application. + properties: + appId: + description: |- + AppID is the public identifier of the application. + In the case of OIDC, it corresponds to the clientId. + maxLength: 253 + type: string + required: + - appId + type: object + maxItems: 100 + minItems: 1 + type: array + claims: + description: Claims specifies an expression that validate claims in order to authorize the request. + type: string + operationFilter: + description: |- + OperationFilter specifies the allowed operations on APIs and APIVersions. + If not set, all operations are available. + An empty OperationFilter prohibits all operations. + properties: + include: + description: Include defines the names of OperationSets that will be accessible. + items: + type: string + maxItems: 100 + type: array + type: object + weight: + description: |- + Weight specifies the evaluation order of the APIPlan. + When multiple ManagedSubscriptions targets the same API and Application with different APIPlan, + the APIPlan with the highest weight will be enforced. If weights are equal, alphabetical order is used. + type: integer + x-kubernetes-validations: + - message: must be a positive number + rule: self >= 0 + required: + - applications + type: object + status: + description: The current status of this ManagedSubscription. + properties: + hash: + description: Hash is a hash representing the ManagedSubscription. + type: string + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true diff --git a/manifests/traefik/Deployment-traefik.yaml b/manifests/traefik/Deployment-traefik.yaml index ce9e917..49dcc55 100644 --- a/manifests/traefik/Deployment-traefik.yaml +++ b/manifests/traefik/Deployment-traefik.yaml @@ -65,7 +65,7 @@ spec: envFrom: - secretRef: name: acme-env - image: docker.io/traefik:v3.2.0 + image: docker.io/traefik:v3.2.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3