Adds kustomization.yaml to enforce explicit resource ordering
(namespace before deployment/service). Updates CI to use
kubectl apply -k instead of kubectl apply -f.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add build and kubernetes-deploy Gitea Actions workflows, and split deploy/manifests.yaml into individual manifest files.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Kubernetes operator that automates HTTPS listener configuration on
Gateway API Gateway resources whenever a cert-manager Certificate is
created or updated.
Core behaviour:
- Watches cert-manager Certificate resources for the annotation
gateway-cert-operator.io/gateway-name to identify the target Gateway
- Builds HTTPS listeners (prefixed "auto-") from each Certificate's
DNS SANs and merges them into the target Gateway's listener list
- Preserves any manually-managed listeners; removes stale auto-listeners
when Certificates are deleted or their annotations are removed
- Supports optional annotations to override the target namespace and
listener port (default 443)
Components:
- main.go – manager setup, scheme registration,
health/readiness probes
- internal/controller/ – Certificate reconciler with field
indexing and dual-watch pattern
- internal/gateway/patch.go – listener construction, merge, and
equality helpers
- deploy/manifests.yaml – Namespace, RBAC, and Deployment
- docs/README.md – usage guide and architecture notes
- Dockerfile – distroless multi-stage build
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
