diff --git a/stacks/blog/main.tf b/stacks/blog/main.tf index 4701f953..de39bd16 100644 --- a/stacks/blog/main.tf +++ b/stacks/blog/main.tf @@ -169,3 +169,5 @@ module "ingress-www" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/calico/main.tf b/stacks/calico/main.tf index 38a3d1cd..09b14621 100644 --- a/stacks/calico/main.tf +++ b/stacks/calico/main.tf @@ -75,3 +75,5 @@ resource "kubernetes_namespace" "tigera_operator" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/cyberchef/main.tf b/stacks/cyberchef/main.tf index 52e0181f..58909a18 100644 --- a/stacks/cyberchef/main.tf +++ b/stacks/cyberchef/main.tf @@ -144,3 +144,5 @@ module "ingress" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/descheduler/main.tf b/stacks/descheduler/main.tf index 9ae48b0b..5bcd5ff5 100644 --- a/stacks/descheduler/main.tf +++ b/stacks/descheduler/main.tf @@ -102,3 +102,5 @@ resource "helm_release" "descheduler" { # rename me # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/f1-stream/main.tf b/stacks/f1-stream/main.tf index 02f1c1c6..d29f5aa6 100644 --- a/stacks/f1-stream/main.tf +++ b/stacks/f1-stream/main.tf @@ -314,3 +314,5 @@ module "ingress" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/homepage/main.tf b/stacks/homepage/main.tf index 6887e7a6..58a3cc0c 100644 --- a/stacks/homepage/main.tf +++ b/stacks/homepage/main.tf @@ -177,3 +177,5 @@ module "ingress" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/instagram-poster/modules/instagram-poster/main.tf b/stacks/instagram-poster/modules/instagram-poster/main.tf index 2308f7b1..c5c133fe 100644 --- a/stacks/instagram-poster/modules/instagram-poster/main.tf +++ b/stacks/instagram-poster/modules/instagram-poster/main.tf @@ -15,6 +15,7 @@ resource "kubernetes_namespace" "instagram_poster" { labels = { tier = var.tier "istio-injection" = "disabled" + "keel.sh/enrolled" = "true" } } lifecycle { @@ -361,7 +362,12 @@ resource "kubernetes_deployment" "instagram_poster" { } lifecycle { - ignore_changes = [spec[0].template[0].spec[0].dns_config] # KYVERNO_LIFECYCLE_V1 + ignore_changes = [ + spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + ] } depends_on = [ diff --git a/stacks/jsoncrack/main.tf b/stacks/jsoncrack/main.tf index 0ed01454..55a4b503 100644 --- a/stacks/jsoncrack/main.tf +++ b/stacks/jsoncrack/main.tf @@ -124,3 +124,5 @@ module "ingress" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/k8s-dashboard/main.tf b/stacks/k8s-dashboard/main.tf index 676db18a..39f4c4a0 100644 --- a/stacks/k8s-dashboard/main.tf +++ b/stacks/k8s-dashboard/main.tf @@ -254,3 +254,5 @@ resource "kubernetes_secret" "kubernetes-dashboard-viewonly-token" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/k8s-portal/modules/k8s-portal/main.tf b/stacks/k8s-portal/modules/k8s-portal/main.tf index 96825174..60057635 100644 --- a/stacks/k8s-portal/modules/k8s-portal/main.tf +++ b/stacks/k8s-portal/modules/k8s-portal/main.tf @@ -10,6 +10,7 @@ resource "kubernetes_namespace" "k8s_portal" { name = "k8s-portal" labels = { tier = var.tier + "keel.sh/enrolled" = "true" } } lifecycle { diff --git a/stacks/k8s-version-upgrade/main.tf b/stacks/k8s-version-upgrade/main.tf index 3467669f..4bb4ddcb 100644 --- a/stacks/k8s-version-upgrade/main.tf +++ b/stacks/k8s-version-upgrade/main.tf @@ -466,3 +466,5 @@ resource "kubernetes_cron_job_v1" "k8s_version_check" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/kms/main.tf b/stacks/kms/main.tf index fba094f0..fe824914 100644 --- a/stacks/kms/main.tf +++ b/stacks/kms/main.tf @@ -350,3 +350,5 @@ resource "kubernetes_service" "windows_kms" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/local-path/main.tf b/stacks/local-path/main.tf index fcbf4a4e..db39c78d 100644 --- a/stacks/local-path/main.tf +++ b/stacks/local-path/main.tf @@ -201,3 +201,5 @@ resource "kubernetes_deployment" "local_path_provisioner" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/osm_routing/main.tf b/stacks/osm_routing/main.tf index 2711ba3a..f81fa5cc 100644 --- a/stacks/osm_routing/main.tf +++ b/stacks/osm_routing/main.tf @@ -330,3 +330,5 @@ resource "kubernetes_service" "otp" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/postiz/modules/postiz/main.tf b/stacks/postiz/modules/postiz/main.tf index 4740703c..485729b6 100644 --- a/stacks/postiz/modules/postiz/main.tf +++ b/stacks/postiz/modules/postiz/main.tf @@ -22,6 +22,7 @@ resource "kubernetes_namespace" "postiz" { name = var.namespace labels = { tier = var.tier + "keel.sh/enrolled" = "true" } } lifecycle { @@ -409,7 +410,12 @@ resource "kubernetes_deployment" "temporal" { } } lifecycle { - ignore_changes = [spec[0].template[0].spec[0].dns_config] # KYVERNO_LIFECYCLE_V1 + ignore_changes = [ + spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + ] } depends_on = [helm_release.postiz] } @@ -580,7 +586,12 @@ resource "kubernetes_job" "temporal_search_attr_cleanup" { } wait_for_completion = false lifecycle { - ignore_changes = [spec[0].template[0].spec[0].dns_config] # KYVERNO_LIFECYCLE_V1 + ignore_changes = [ + spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + ] } depends_on = [kubernetes_deployment.temporal] } diff --git a/stacks/real-estate-crawler/main.tf b/stacks/real-estate-crawler/main.tf index a9ad967c..90b1255b 100644 --- a/stacks/real-estate-crawler/main.tf +++ b/stacks/real-estate-crawler/main.tf @@ -653,3 +653,5 @@ resource "kubernetes_deployment" "realestate-crawler-celery-beat" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/travel_blog/main.tf b/stacks/travel_blog/main.tf index f086f9b0..aa07ede4 100644 --- a/stacks/travel_blog/main.tf +++ b/stacks/travel_blog/main.tf @@ -141,3 +141,5 @@ module "ingress" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/uptime-kuma/modules/uptime-kuma/main.tf b/stacks/uptime-kuma/modules/uptime-kuma/main.tf index b3e71e18..f62ea402 100644 --- a/stacks/uptime-kuma/modules/uptime-kuma/main.tf +++ b/stacks/uptime-kuma/modules/uptime-kuma/main.tf @@ -27,6 +27,7 @@ resource "kubernetes_namespace" "uptime-kuma" { name = "uptime-kuma" labels = { tier = var.tier + "keel.sh/enrolled" = "true" } # labels = { # "istio-injection" : "enabled" @@ -164,8 +165,12 @@ resource "kubernetes_deployment" "uptime-kuma" { } } lifecycle { - # KYVERNO_LIFECYCLE_V1: Kyverno admission webhook mutates dns_config with ndots=2 - ignore_changes = [spec[0].template[0].spec[0].dns_config] + ignore_changes = [ + spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + ] } } resource "kubernetes_service" "uptime-kuma" { diff --git a/stacks/vault/main.tf b/stacks/vault/main.tf index 978685a5..0abfe8e5 100644 --- a/stacks/vault/main.tf +++ b/stacks/vault/main.tf @@ -1085,3 +1085,5 @@ resource "vault_kubernetes_secret_backend_role" "user_deployer" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z diff --git a/stacks/vaultwarden/modules/vaultwarden/main.tf b/stacks/vaultwarden/modules/vaultwarden/main.tf index 2ad070f6..f3a90523 100644 --- a/stacks/vaultwarden/modules/vaultwarden/main.tf +++ b/stacks/vaultwarden/modules/vaultwarden/main.tf @@ -10,6 +10,7 @@ resource "kubernetes_namespace" "vaultwarden" { labels = { "istio-injection" : "disabled" tier = var.tier + "keel.sh/enrolled" = "true" } } lifecycle { @@ -176,8 +177,12 @@ resource "kubernetes_deployment" "vaultwarden" { } } lifecycle { - # KYVERNO_LIFECYCLE_V1: Kyverno admission webhook mutates dns_config with ndots=2 - ignore_changes = [spec[0].template[0].spec[0].dns_config] + ignore_changes = [ + spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 + metadata[0].annotations["keel.sh/policy"], + metadata[0].annotations["keel.sh/trigger"], + metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2 + ] } } diff --git a/stacks/webhook_handler/main.tf b/stacks/webhook_handler/main.tf index 8178a9f7..130f2469 100644 --- a/stacks/webhook_handler/main.tf +++ b/stacks/webhook_handler/main.tf @@ -318,3 +318,5 @@ resource "kubernetes_manifest" "external_secret" { # CI retrigger v3 2026-05-16T14:06:39Z # CI retrigger v4 2026-05-16T14:13:59Z + +# CI retrigger v5 2026-05-16T23:10:38Z