K3S-HOME/applications
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

REFACTOR(immich): remove Gitea, add Homer dashboard

Browse Source 
- Remove Gitea integration
- Add Homer dashboard entry
This commit is contained in:
Mayne0213
2026-01-01 00:24:19 +09:00
parent 48b719c229
commit 93858e5088
14 changed files with 244 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
gitea/argocd.yaml
View File

@@ -7,17 +7,8 @@ metadata:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://dl.gitea.com/charts/
chart: gitea
targetRevision: 12.4.0
helm:
valueFiles:
- $values/gitea/helm-values.yaml
- repoURL: https://github.com/Mayne0213/applications.git
targetRevision: main
ref: values
- repoURL: https://github.com/Mayne0213/applications.git
source:
repoURL: https://github.com/Mayne0213/applications.git
targetRevision: main
path: gitea
destination:
@@ -38,7 +29,4 @@ spec:
duration: 5s
factor: 2
maxDuration: 3m
managedNamespaceMetadata:
labels:
goldilocks.fairwinds.com/enabled: 'true'
revisionHistoryLimit: 10

175
gitea/helm-values.yaml
View File

@@ -1,175 +0,0 @@
# Gitea Helm Values
# Chart: https://gitea.com/gitea/helm-chart
# Self-hosted Git service
fullnameOverride: gitea
replicaCount: 1
image:
registry: docker.io
repository: gitea/gitea
tag: "1.25.2"
pullPolicy: IfNotPresent
rootless: false
# Gitea configuration
gitea:
admin:
# Admin credentials managed via environment variables
existingSecret: gitea-admin-secret
# Do not update password on every restart
passwordMode: initialOnlyNoReset
config:
server:
DOMAIN: gitea0213.kro.kr
ROOT_URL: https://gitea0213.kro.kr
SSH_DOMAIN: gitea0213.kro.kr
SSH_PORT: 2222
DISABLE_SSH: true
START_SSH_SERVER: false
SSH_LISTEN_PORT: 2222
database:
DB_TYPE: postgres
HOST: postgresql-rw.postgresql.svc.cluster.local:5432
NAME: gitea
USER: bluemayne
SCHEMA: public
SSL_MODE: disable
service:
DISABLE_REGISTRATION: false
REQUIRE_SIGNIN_VIEW: false
ENABLE_NOTIFY_MAIL: false
cache:
ENABLED: true
ADAPTER: memory
session:
PROVIDER: memory
git:
PATH: /usr/bin/git
actions:
ENABLED: true
DEFAULT_ACTIONS_URL: github
packages:
ENABLED: true
CHUNKED_UPLOAD_PATH: /data/packages/chunked-upload
container:
ENABLED: true
REGISTRY_HOST: gitea0213.kro.kr
# Health checks
livenessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
readinessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
# PostgreSQL dependency (using existing PostgreSQL instance)
postgresql:
enabled: false
# Use existing PostgreSQL
postgresql-ha:
enabled: false
# Valkey cluster (disabled, using memory for cache/session)
valkey-cluster:
enabled: false
# Redis (optional, for caching)
redis-cluster:
enabled: false
# Deployment strategy: Recreate to avoid leveldb lock conflicts
strategy:
type: Recreate
# Environment variables for database password
deployment:
env:
- name: GITEA__database__PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgres-password
key: password
# Persistence for Gitea data
persistence:
enabled: true
size: 10Gi
storageClass: longhorn
accessModes:
- ReadWriteOnce
claimName: gitea-data
# Service configuration
service:
http:
type: ClusterIP
port: 3000
ssh:
type: LoadBalancer
port: 2222
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: gitea
# Ingress configuration
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: gitea0213.kro.kr
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls
hosts:
- gitea0213.kro.kr
# Resource limits
resources:
limits:
memory: 512Mi
requests:
cpu: 10m # Reduced from 50m based on actual usage (5m)
memory: 256Mi
# Security context
securityContext: {}
# Init containers for database setup
initPreScript: |
#!/bin/sh
echo "Waiting for PostgreSQL..."
until nc -z postgresql-rw.postgresql.svc.cluster.local 5432; do
echo "Waiting for PostgreSQL to be ready..."
sleep 2
done
echo "PostgreSQL is ready"

5
gitea/kustomization.yaml
View File

@@ -1,8 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- vault/gitea-admin-secret.yaml
- vault/gitea-postgres-password.yaml
- vault/gitea-minio-credentials.yaml
- vault/minio-root-password.yaml
- redirect.yaml
namespace: gitea

70
gitea/redirect.yaml Normal file
View File

@@ -0,0 +1,70 @@
# Traefik Middleware for GitHub redirect
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-to-github
namespace: gitea
spec:
redirectRegex:
regex: ".*"
replacement: "https://github.com/mayne0213"
permanent: true
---
# IngressRoute for HTTPS
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-redirect-https
namespace: gitea
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
kind: Rule
middlewares:
- name: redirect-to-github
services:
- name: noop@internal
kind: TraefikService
tls:
secretName: gitea-tls
domains:
- main: gitea0213.kro.kr
sans:
- www.gitea0213.kro.kr
---
# IngressRoute for HTTP (redirect to HTTPS first, then to GitHub)
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-redirect-http
namespace: gitea
spec:
entryPoints:
- web
routes:
- match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`)
kind: Rule
middlewares:
- name: redirect-to-github
services:
- name: noop@internal
kind: TraefikService
---
# Certificate for TLS
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-certificate
namespace: gitea
spec:
secretName: gitea-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- gitea0213.kro.kr
- www.gitea0213.kro.kr

22
gitea/vault/gitea-admin-secret.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-admin-secret
namespace: gitea
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: gitea-admin-secret
creationPolicy: Owner
data:
- secretKey: username
remoteRef:
key: gitea/admin
property: USERNAME
- secretKey: password
remoteRef:
key: gitea/admin
property: PASSWORD

18
gitea/vault/gitea-minio-credentials.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-minio-credentials
namespace: gitea
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: gitea-minio-credentials
creationPolicy: Owner
data:
- secretKey: password
remoteRef:
key: gitea/minio
property: GITEA_MINIO_PASSWORD

22
gitea/vault/minio-root-password.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: minio-root-password
namespace: gitea
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: minio-root-password
creationPolicy: Owner
data:
- secretKey: root-user
remoteRef:
key: gitea/minio
property: ROOT_USER
- secretKey: root-password
remoteRef:
key: gitea/minio
property: ROOT_PASSWORD

0
homer/assets/icons/tetton.webp → homer/assets/icons/tekton.webp
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

2
homer/config.yml
View File

@@ -324,7 +324,7 @@ services:
tag: "monitoring"
tagstyle: "is-warning"
keywords: "traefik dashboard"
url: "https://traefik0213.kro.kr/dashboard"
url: "https://traefik0213.kro.kr/dashboard/#/"
target: "_blank"
- name: "Trivy"
logo: "/assets/icons/trivy.svg"

44
immich/argocd.yaml Normal file
View File

@@ -0,0 +1,44 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: immich
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: ghcr.io/immich-app/immich-charts
chart: immich
targetRevision: 0.9.0
helm:
valueFiles:
- $values/immich/helm-values.yaml
- repoURL: https://github.com/Mayne0213/applications.git
targetRevision: main
ref: values
- repoURL: https://github.com/Mayne0213/applications.git
targetRevision: main
path: immich
destination:
server: https://kubernetes.default.svc
namespace: immich
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
managedNamespaceMetadata:
labels:
goldilocks.fairwinds.com/enabled: 'true'
revisionHistoryLimit: 10

104
immich/helm-values.yaml Normal file
View File

@@ -0,0 +1,104 @@
# Immich Helm Values
# Chart: https://github.com/immich-app/immich-charts
# Self-hosted photo and video management solution
# Immich configuration
immich:
persistence:
library:
existingClaim: immich-library
# Server component
server:
enabled: true
image:
repository: ghcr.io/immich-app/immich-server
pullPolicy: IfNotPresent
ingress:
main:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: immich0213.kro.kr
paths:
- path: /
pathType: Prefix
tls:
- secretName: immich-tls
hosts:
- immich0213.kro.kr
resources:
requests:
cpu: 10m
memory: 256Mi
limits:
memory: 1Gi
# Machine Learning component
machine-learning:
enabled: true
image:
repository: ghcr.io/immich-app/immich-machine-learning
pullPolicy: IfNotPresent
persistence:
cache:
enabled: true
size: 10Gi
storageClass: longhorn
accessMode: ReadWriteOnce
resources:
requests:
cpu: 10m
memory: 512Mi
limits:
memory: 4Gi
# Redis/Valkey for job queue
valkey:
enabled: true
image:
repository: docker.io/valkey/valkey
tag: 9.0-alpine
persistence:
data:
enabled: true
size: 1Gi
storageClass: longhorn
accessMode: ReadWriteOnce
resources:
requests:
cpu: 5m
memory: 64Mi
limits:
memory: 256Mi
# External PostgreSQL configuration (using existing cloudnative-pg)
# Database connection via environment variables
env:
DB_HOSTNAME: postgresql-rw.postgresql.svc.cluster.local
DB_PORT: "5432"
DB_DATABASE_NAME: immich
DB_USERNAME: bluemayne
DB_PASSWORD:
valueFrom:
secretKeyRef:
name: immich-postgres-password
key: password
# S3/MinIO storage for assets (optional - can use local storage instead)
# Uncomment below if you want to use MinIO for storage
# env:
# UPLOAD_LOCATION: /usr/src/app/upload
# IMMICH_MEDIA_LOCATION: /usr/src/app/upload
# Disable internal PostgreSQL (using external)
postgresql:
enabled: false

6
immich/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pvc.yaml
- vault/immich-postgres-password.yaml
namespace: immich

12
immich/pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-library
namespace: immich
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 50Gi

8
gitea/vault/gitea-postgres-password.yaml → immich/vault/immich-postgres-password.yaml
View File

@@ -1,18 +1,18 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-postgres-password
namespace: gitea
name: immich-postgres-password
namespace: immich
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: gitea-postgres-password
name: immich-postgres-password
creationPolicy: Owner
data:
- secretKey: password
remoteRef:
key: gitea/postgres
key: databases/postgresql
property: PASSWORD