diff --git a/gitea/argocd.yaml b/gitea/argocd.yaml index 76422b5..580378b 100644 --- a/gitea/argocd.yaml +++ b/gitea/argocd.yaml @@ -7,8 +7,17 @@ metadata: - resources-finalizer.argocd.argoproj.io spec: project: default - source: - repoURL: https://github.com/K3S-HOME/applications.git + sources: + - repoURL: https://dl.gitea.com/charts/ + chart: gitea + targetRevision: 12.4.0 + helm: + valueFiles: + - $values/gitea/helm-values.yaml + - repoURL: https://github.com/K3S-HOME/applications.git + targetRevision: main + ref: values + - repoURL: https://github.com/K3S-HOME/applications.git targetRevision: main path: gitea destination: @@ -29,4 +38,7 @@ spec: duration: 5s factor: 2 maxDuration: 3m + managedNamespaceMetadata: + labels: + goldilocks.fairwinds.com/enabled: 'true' revisionHistoryLimit: 10 diff --git a/gitea/helm-values.yaml b/gitea/helm-values.yaml new file mode 100644 index 0000000..7a689d2 --- /dev/null +++ b/gitea/helm-values.yaml @@ -0,0 +1,125 @@ +# Gitea Helm Chart Values +# Self-contained deployment with SQLite and local-path storage + +# ============================================================================= +# DISABLE ALL EXTERNAL DEPENDENCIES +# ============================================================================= +postgresql-ha: + enabled: false + +postgresql: + enabled: false + +valkey-cluster: + enabled: false + +valkey: + enabled: false + +# ============================================================================= +# PERSISTENCE - local-path StorageClass +# ============================================================================= +persistence: + enabled: true + create: true + mount: true + size: 10Gi + accessModes: + - ReadWriteOnce + storageClass: local-path + annotations: + helm.sh/resource-policy: keep + +# ============================================================================= +# ADMIN USER +# ============================================================================= +gitea: + admin: + existingSecret: gitea-admin-secret + username: gitea_admin + email: admin@gitea.local + passwordMode: keepUpdated + + # Gitea configuration (app.ini) + config: + APP_NAME: Gitea - K3S-HOME + + server: + DOMAIN: gitea0213.kro.kr + ROOT_URL: https://gitea0213.kro.kr + HTTP_PORT: 3000 + SSH_DOMAIN: gitea0213.kro.kr + SSH_PORT: 22 + SSH_LISTEN_PORT: 2222 + LFS_START_SERVER: true + + database: + DB_TYPE: sqlite3 + PATH: /data/gitea/gitea.db + SQLITE_TIMEOUT: 500 + SQLITE_JOURNAL_MODE: WAL + + session: + PROVIDER: memory + + cache: + ADAPTER: memory + + queue: + TYPE: level + + security: + INSTALL_LOCK: true + + service: + DISABLE_REGISTRATION: false + REQUIRE_SIGNIN_VIEW: false + DEFAULT_KEEP_EMAIL_PRIVATE: true + + log: + MODE: console + LEVEL: info + +# ============================================================================= +# INGRESS +# ============================================================================= +ingress: + enabled: true + className: traefik + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: gitea0213.kro.kr + paths: + - path: / + pathType: Prefix + tls: + - secretName: gitea-tls + hosts: + - gitea0213.kro.kr + +# ============================================================================= +# RESOURCES +# ============================================================================= +resources: + requests: + cpu: 100m + memory: 256Mi + limits: + memory: 512Mi + +# ============================================================================= +# POD CONFIGURATION +# ============================================================================= +tolerations: +- key: node-role.kubernetes.io/master + operator: Exists + effect: NoExecute + +# ============================================================================= +# SSH SERVICE +# ============================================================================= +service: + ssh: + type: ClusterIP + port: 22 diff --git a/gitea/kustomization.yaml b/gitea/kustomization.yaml index 40722a9..7393c43 100644 --- a/gitea/kustomization.yaml +++ b/gitea/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: -- redirect.yaml -namespace: gitea +# Secret is created manually via kubectl +resources: [] diff --git a/gitea/redirect.yaml b/gitea/redirect.yaml deleted file mode 100644 index b9b5a8b..0000000 --- a/gitea/redirect.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Traefik Middleware for GitHub redirect -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: redirect-to-github - namespace: gitea -spec: - redirectRegex: - regex: ".*" - replacement: "https://github.com/mayne0213" - permanent: true ---- -# IngressRoute for HTTPS -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: gitea-redirect-https - namespace: gitea - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod -spec: - entryPoints: - - websecure - routes: - - match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`) - kind: Rule - middlewares: - - name: redirect-to-github - services: - - name: noop@internal - kind: TraefikService - tls: - secretName: gitea-tls - domains: - - main: gitea0213.kro.kr - sans: - - www.gitea0213.kro.kr ---- -# IngressRoute for HTTP (redirect to HTTPS first, then to GitHub) -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: gitea-redirect-http - namespace: gitea -spec: - entryPoints: - - web - routes: - - match: Host(`gitea0213.kro.kr`) || Host(`www.gitea0213.kro.kr`) - kind: Rule - middlewares: - - name: redirect-to-github - services: - - name: noop@internal - kind: TraefikService ---- -# Certificate for TLS -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: gitea-certificate - namespace: gitea -spec: - secretName: gitea-tls - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - dnsNames: - - gitea0213.kro.kr - - www.gitea0213.kro.kr