gitops: upgrade Cilium to 1.19.1, add fujarna app, flux web UI, OIDC RBAC, and experiments

- Upgrade Cilium helm release from 1.18.5 to 1.19.1 with gatewayClass creation enabled - Escalate gitea CI service account to cluster-admin, add OIDC cluster-admin binding - Deploy fujarna app with full manifest set (deployment, service, PVC, httproutes, external secret) - Add Flux web UI via flux-operator OCI repository and helm release - Add experiments kustomization with test resources for gateway API and certificates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-01 22:23:12 +02:00
parent 96ba77a606
commit 5ca27a832b
21 changed files with 413 additions and 3 deletions
--- a/gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml
+++ b/gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml
@@ -7,6 +7,14 @@ subjects:
    name: "gitea_ci@idm.home.hrajfrisbee.cz"  # matches preferred_username claim
    apiGroup: rbac.authorization.k8s.io
 roleRef:
+  # kind: ClusterRole
+  # name: edit  # scope down as needed
+  # apiGroup: rbac.authorization.k8s.io
+
+  # this is obviously too much permissions
+  # but we can live with it for homelab 
  kind: ClusterRole
-  name: edit  # scope down as needed
-  apiGroup: rbac.authorization.k8s.io
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+
+