remove gw from k8s manifest, add agent fix ctrl vault for certs

[Flo4604]

What does this PR do?

Cleans up our k8s manfiests and adds agent and changes ctrl plane to use seperate vault for acme and normal vault.

If there is not an issue for this, please create one first. This is used to tracking purposes and also helps us understand why this PR exists

Type of change

• Bug fix (non-breaking change which fixes an issue)
• Chore (refactoring code, technical debt, workflow improvements)
• Enhancement (small improvements)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How should this be tested?

• Test A
• Test B

Checklist

Required

• Filled out the "How to test" section in this PR
• Read Contributing Guide
• Self-reviewed my own code
• Commented on my code in hard-to-understand areas
• Ran pnpm build
• Ran pnpm fmt
• Ran make fmt on /go directory
• Checked for warnings, there are none
• Removed all console.logs
• Merged the latest changes from main onto my branch with git pull origin main
• My changes don't cause any responsiveness issues

Appreciated

• If a UI change was made: Added a screen recording or screenshots to this PR
• Updated the Unkey Docs if changes were necessary

[changeset-bot]

⚠️ No Changeset found

Latest commit: e566197

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
dashboard	Error			Dec 9, 2025 4:19pm

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
engineering	Ignored	Preview		Dec 9, 2025 4:19pm

[Flo4604]

• fix golint issues #4477
• feat: better env var injection #4468
• remove gw from k8s manifest, add agent fix ctrl vault for certs #4463 👈 (View in Graphite)
• feat: add customer-workload service account for pod isolation #4455
• feat: inject env vars into pod spec via Krane #4454
• feat: decrypt env vars in CTRL workflow before passing to Krane #4453
• feat: dashboard UI for environment variables management #4452
• feat: add SecretsConfig proto for encrypted env vars #4451
• feat: add environment variables db schema and queries #4450
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Warning

Rate limit exceeded

@chronark has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 25 minutes and 11 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 2a0d2d0 and e566197.

📒 Files selected for processing (10)

• deployment/docker-compose.yaml (2 hunks)
• go/Tiltfile (7 hunks)
• go/apps/ctrl/config.go (1 hunks)
• go/apps/ctrl/run.go (3 hunks)
• go/cmd/ctrl/main.go (2 hunks)
• go/k8s/manifests/agent.yaml (1 hunks)
• go/k8s/manifests/ctrl.yaml (1 hunks)
• go/k8s/manifests/dashboard.yaml (2 hunks)
• go/k8s/manifests/gw.yaml (0 hunks)
• go/k8s/manifests/s3.yaml (3 hunks)

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/clean-local-k8s

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}