From 93858e50880bcab797bbb1569c032e98b05ee3c3 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Thu, 1 Jan 2026 00:24:19 +0900 Subject: [PATCH] REFACTOR(immich): remove Gitea, add Homer dashboard - Remove Gitea integration - Add Homer dashboard entry --- gitea/argocd.yaml | 16 +- gitea/helm-values.yaml | 175 ------------------ gitea/kustomization.yaml | 5 +- gitea/redirect.yaml | 70 +++++++ gitea/vault/gitea-admin-secret.yaml | 22 --- gitea/vault/gitea-minio-credentials.yaml | 18 -- gitea/vault/minio-root-password.yaml | 22 --- .../assets/icons/{tetton.webp => tekton.webp} | Bin homer/config.yml | 2 +- immich/argocd.yaml | 44 +++++ immich/helm-values.yaml | 104 +++++++++++ immich/kustomization.yaml | 6 + immich/pvc.yaml | 12 ++ .../vault/immich-postgres-password.yaml | 8 +- 14 files changed, 244 insertions(+), 260 deletions(-) delete mode 100644 gitea/helm-values.yaml create mode 100644 gitea/redirect.yaml delete mode 100644 gitea/vault/gitea-admin-secret.yaml delete mode 100644 gitea/vault/gitea-minio-credentials.yaml delete mode 100644 gitea/vault/minio-root-password.yaml rename homer/assets/icons/{tetton.webp => tekton.webp} (100%) create mode 100644 immich/argocd.yaml create mode 100644 immich/helm-values.yaml create mode 100644 immich/kustomization.yaml create mode 100644 immich/pvc.yaml rename gitea/vault/gitea-postgres-password.yaml => immich/vault/immich-postgres-password.yaml (69%) diff --git a/gitea/argocd.yaml b/gitea/argocd.yaml index e95cc81..10d91fd 100644 --- a/gitea/argocd.yaml +++ b/gitea/argocd.yaml @@ -7,17 +7,8 @@ metadata: - resources-finalizer.argocd.argoproj.io spec: project: default - sources: - - repoURL: https://dl.gitea.com/charts/ - chart: gitea - targetRevision: 12.4.0 - helm: - valueFiles: - - $values/gitea/helm-values.yaml - - repoURL: https://github.com/Mayne0213/applications.git - targetRevision: main - ref: values - - repoURL: https://github.com/Mayne0213/applications.git + source: + repoURL: https://github.com/Mayne0213/applications.git targetRevision: main path: gitea destination: @@ -38,7 +29,4 @@ spec: duration: 5s factor: 2 maxDuration: 3m - managedNamespaceMetadata: - labels: - goldilocks.fairwinds.com/enabled: 'true' revisionHistoryLimit: 10 diff --git a/gitea/helm-values.yaml b/gitea/helm-values.yaml deleted file mode 100644 index e27b579..0000000 --- a/gitea/helm-values.yaml +++ /dev/null @@ -1,175 +0,0 @@ -# Gitea Helm Values -# Chart: https://gitea.com/gitea/helm-chart -# Self-hosted Git service - -fullnameOverride: gitea - -replicaCount: 1 - -image: - registry: docker.io - repository: gitea/gitea - tag: "1.25.2" - pullPolicy: IfNotPresent - rootless: false - -# Gitea configuration -gitea: - admin: - # Admin credentials managed via environment variables - existingSecret: gitea-admin-secret - # Do not update password on every restart - passwordMode: initialOnlyNoReset - - config: - server: - DOMAIN: gitea0213.kro.kr - ROOT_URL: https://gitea0213.kro.kr - SSH_DOMAIN: gitea0213.kro.kr - SSH_PORT: 2222 - DISABLE_SSH: true - START_SSH_SERVER: false - SSH_LISTEN_PORT: 2222 - - database: - DB_TYPE: postgres - HOST: postgresql-rw.postgresql.svc.cluster.local:5432 - NAME: gitea - USER: bluemayne - SCHEMA: public - SSL_MODE: disable - - service: - DISABLE_REGISTRATION: false - REQUIRE_SIGNIN_VIEW: false - ENABLE_NOTIFY_MAIL: false - - cache: - ENABLED: true - ADAPTER: memory - - session: - PROVIDER: memory - - git: - PATH: /usr/bin/git - - actions: - ENABLED: true - DEFAULT_ACTIONS_URL: github - - packages: - ENABLED: true - CHUNKED_UPLOAD_PATH: /data/packages/chunked-upload - - container: - ENABLED: true - REGISTRY_HOST: gitea0213.kro.kr - - # Health checks - livenessProbe: - enabled: true - tcpSocket: - port: http - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 10 - - readinessProbe: - enabled: true - tcpSocket: - port: http - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - -# PostgreSQL dependency (using existing PostgreSQL instance) -postgresql: - enabled: false - -# Use existing PostgreSQL -postgresql-ha: - enabled: false - -# Valkey cluster (disabled, using memory for cache/session) -valkey-cluster: - enabled: false - -# Redis (optional, for caching) -redis-cluster: - enabled: false - -# Deployment strategy: Recreate to avoid leveldb lock conflicts -strategy: - type: Recreate - -# Environment variables for database password -deployment: - env: - - name: GITEA__database__PASSWD - valueFrom: - secretKeyRef: - name: gitea-postgres-password - key: password - -# Persistence for Gitea data -persistence: - enabled: true - size: 10Gi - storageClass: longhorn - accessModes: - - ReadWriteOnce - claimName: gitea-data - -# Service configuration -service: - http: - type: ClusterIP - port: 3000 - ssh: - type: LoadBalancer - port: 2222 - externalTrafficPolicy: Local - annotations: - metallb.universe.tf/allow-shared-ip: gitea - -# Ingress configuration -ingress: - enabled: true - className: traefik - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - host: gitea0213.kro.kr - paths: - - path: / - pathType: Prefix - tls: - - secretName: gitea-tls - hosts: - - gitea0213.kro.kr - -# Resource limits -resources: - limits: - memory: 512Mi - requests: - cpu: 10m # Reduced from 50m based on actual usage (5m) - memory: 256Mi - -# Security context -securityContext: {} - -# Init containers for database setup -initPreScript: | - #!/bin/sh - echo "Waiting for PostgreSQL..." - until nc -z postgresql-rw.postgresql.svc.cluster.local 5432; do - echo "Waiting for PostgreSQL to be ready..." - sleep 2 - done - echo "PostgreSQL is ready" diff --git a/gitea/kustomization.yaml b/gitea/kustomization.yaml index 6cbfbf2..40722a9 100644 --- a/gitea/kustomization.yaml +++ b/gitea/kustomization.yaml @@ -1,8 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- vault/gitea-admin-secret.yaml -- vault/gitea-postgres-password.yaml -- vault/gitea-minio-credentials.yaml -- vault/minio-root-password.yaml +- redirect.yaml namespace: gitea diff --git a/gitea/redirect.yaml b/gitea/redirect.yaml new file mode 100644 index 0000000..b9b5a8b --- /dev/null +++ b/gitea/redirect.yaml @@ -0,0 +1,70 @@ +# Traefik Middleware for GitHub redirect +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: redirect-to-github + namespace: gitea +spec: + redirectRegex: + regex: ".*" + replacement: "https://github.com/mayne0213" + permanent: true +--- +# IngressRoute for HTTPS +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: gitea-redirect-https + namespace: gitea + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + entryPoints: + - websecure + routes: + - match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`) + kind: Rule + middlewares: + - name: redirect-to-github + services: + - name: noop@internal + kind: TraefikService + tls: + secretName: gitea-tls + domains: + - main: gitea0213.kro.kr + sans: + - www.gitea0213.kro.kr +--- +# IngressRoute for HTTP (redirect to HTTPS first, then to GitHub) +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: gitea-redirect-http + namespace: gitea +spec: + entryPoints: + - web + routes: + - match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`) + kind: Rule + middlewares: + - name: redirect-to-github + services: + - name: noop@internal + kind: TraefikService +--- +# Certificate for TLS +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: gitea-certificate + namespace: gitea +spec: + secretName: gitea-tls + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + dnsNames: + - gitea0213.kro.kr + - www.gitea0213.kro.kr diff --git a/gitea/vault/gitea-admin-secret.yaml b/gitea/vault/gitea-admin-secret.yaml deleted file mode 100644 index 635dbfb..0000000 --- a/gitea/vault/gitea-admin-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-admin-secret - namespace: gitea -spec: - refreshInterval: 1h - secretStoreRef: - kind: ClusterSecretStore - name: vault-backend - target: - name: gitea-admin-secret - creationPolicy: Owner - data: - - secretKey: username - remoteRef: - key: gitea/admin - property: USERNAME - - secretKey: password - remoteRef: - key: gitea/admin - property: PASSWORD diff --git a/gitea/vault/gitea-minio-credentials.yaml b/gitea/vault/gitea-minio-credentials.yaml deleted file mode 100644 index 0032ad0..0000000 --- a/gitea/vault/gitea-minio-credentials.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-minio-credentials - namespace: gitea -spec: - refreshInterval: 1h - secretStoreRef: - kind: ClusterSecretStore - name: vault-backend - target: - name: gitea-minio-credentials - creationPolicy: Owner - data: - - secretKey: password - remoteRef: - key: gitea/minio - property: GITEA_MINIO_PASSWORD diff --git a/gitea/vault/minio-root-password.yaml b/gitea/vault/minio-root-password.yaml deleted file mode 100644 index 03ff80f..0000000 --- a/gitea/vault/minio-root-password.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: minio-root-password - namespace: gitea -spec: - refreshInterval: 1h - secretStoreRef: - kind: ClusterSecretStore - name: vault-backend - target: - name: minio-root-password - creationPolicy: Owner - data: - - secretKey: root-user - remoteRef: - key: gitea/minio - property: ROOT_USER - - secretKey: root-password - remoteRef: - key: gitea/minio - property: ROOT_PASSWORD diff --git a/homer/assets/icons/tetton.webp b/homer/assets/icons/tekton.webp similarity index 100% rename from homer/assets/icons/tetton.webp rename to homer/assets/icons/tekton.webp diff --git a/homer/config.yml b/homer/config.yml index 86ecea1..e9da4d8 100644 --- a/homer/config.yml +++ b/homer/config.yml @@ -324,7 +324,7 @@ services: tag: "monitoring" tagstyle: "is-warning" keywords: "traefik dashboard" - url: "https://traefik0213.kro.kr/dashboard" + url: "https://traefik0213.kro.kr/dashboard/#/" target: "_blank" - name: "Trivy" logo: "/assets/icons/trivy.svg" diff --git a/immich/argocd.yaml b/immich/argocd.yaml new file mode 100644 index 0000000..4a0bcda --- /dev/null +++ b/immich/argocd.yaml @@ -0,0 +1,44 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: immich + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + sources: + - repoURL: ghcr.io/immich-app/immich-charts + chart: immich + targetRevision: 0.9.0 + helm: + valueFiles: + - $values/immich/helm-values.yaml + - repoURL: https://github.com/Mayne0213/applications.git + targetRevision: main + ref: values + - repoURL: https://github.com/Mayne0213/applications.git + targetRevision: main + path: immich + destination: + server: https://kubernetes.default.svc + namespace: immich + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + managedNamespaceMetadata: + labels: + goldilocks.fairwinds.com/enabled: 'true' + revisionHistoryLimit: 10 diff --git a/immich/helm-values.yaml b/immich/helm-values.yaml new file mode 100644 index 0000000..01494e2 --- /dev/null +++ b/immich/helm-values.yaml @@ -0,0 +1,104 @@ +# Immich Helm Values +# Chart: https://github.com/immich-app/immich-charts +# Self-hosted photo and video management solution + +# Immich configuration +immich: + persistence: + library: + existingClaim: immich-library + +# Server component +server: + enabled: true + image: + repository: ghcr.io/immich-app/immich-server + pullPolicy: IfNotPresent + + ingress: + main: + enabled: true + className: traefik + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: immich0213.kro.kr + paths: + - path: / + pathType: Prefix + tls: + - secretName: immich-tls + hosts: + - immich0213.kro.kr + + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + memory: 1Gi + +# Machine Learning component +machine-learning: + enabled: true + image: + repository: ghcr.io/immich-app/immich-machine-learning + pullPolicy: IfNotPresent + + persistence: + cache: + enabled: true + size: 10Gi + storageClass: longhorn + accessMode: ReadWriteOnce + + resources: + requests: + cpu: 10m + memory: 512Mi + limits: + memory: 4Gi + +# Redis/Valkey for job queue +valkey: + enabled: true + image: + repository: docker.io/valkey/valkey + tag: 9.0-alpine + + persistence: + data: + enabled: true + size: 1Gi + storageClass: longhorn + accessMode: ReadWriteOnce + + resources: + requests: + cpu: 5m + memory: 64Mi + limits: + memory: 256Mi + +# External PostgreSQL configuration (using existing cloudnative-pg) +# Database connection via environment variables +env: + DB_HOSTNAME: postgresql-rw.postgresql.svc.cluster.local + DB_PORT: "5432" + DB_DATABASE_NAME: immich + DB_USERNAME: bluemayne + DB_PASSWORD: + valueFrom: + secretKeyRef: + name: immich-postgres-password + key: password + +# S3/MinIO storage for assets (optional - can use local storage instead) +# Uncomment below if you want to use MinIO for storage +# env: +# UPLOAD_LOCATION: /usr/src/app/upload +# IMMICH_MEDIA_LOCATION: /usr/src/app/upload + +# Disable internal PostgreSQL (using external) +postgresql: + enabled: false diff --git a/immich/kustomization.yaml b/immich/kustomization.yaml new file mode 100644 index 0000000..b717b46 --- /dev/null +++ b/immich/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- pvc.yaml +- vault/immich-postgres-password.yaml +namespace: immich diff --git a/immich/pvc.yaml b/immich/pvc.yaml new file mode 100644 index 0000000..ef9325a --- /dev/null +++ b/immich/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: immich-library + namespace: immich +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 50Gi diff --git a/gitea/vault/gitea-postgres-password.yaml b/immich/vault/immich-postgres-password.yaml similarity index 69% rename from gitea/vault/gitea-postgres-password.yaml rename to immich/vault/immich-postgres-password.yaml index a8a0e3f..2ab759e 100644 --- a/gitea/vault/gitea-postgres-password.yaml +++ b/immich/vault/immich-postgres-password.yaml @@ -1,18 +1,18 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: gitea-postgres-password - namespace: gitea + name: immich-postgres-password + namespace: immich spec: refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore name: vault-backend target: - name: gitea-postgres-password + name: immich-postgres-password creationPolicy: Owner data: - secretKey: password remoteRef: - key: gitea/postgres + key: databases/postgresql property: PASSWORD