lazorgurl/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Gitea self-hosted git/CI/registry to replace GitHub

Browse Source 
Deploy Gitea via Helm with dedicated CloudNativePG database,
in-cluster Actions runner (DinD), and built-in container registry.
ArgoCD repoURLs updated to use in-cluster Gitea SSH. Preview
ApplicationSet switched from GitHub PR generator to Gitea PR
generator. App images now pull from gitea.coreworlds.io registry.

Remaining setup after deploy: seal runner token, ArgoCD API token,
and registry pull secret once Gitea is running. Add ArgoCD deploy
key to Gitea repo settings.
This commit is contained in:
Julia McGhee
2026-03-21 15:43:30 +00:00
parent 06ae2c7d46
commit f04ecbf5cd
36 changed files with 640 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/kubernetes/argocd/app-of-apps.yaml
View File

@@ -8,7 +8,7 @@ metadata:
spec:
project: default
source:
repoURL: git@github.com:lazorgurl/homelab.git
repoURL: ssh://git@gitea-ssh.platform.svc:2222/julia/homelab.git
targetRevision: main
path: infra/kubernetes/argocd
destination:

4
infra/kubernetes/argocd/appsets/apps.yaml
View File

@@ -8,7 +8,7 @@ spec:
goTemplateOptions: ["missingkey=error"]
generators:
- git:
repoURL: git@github.com:lazorgurl/homelab.git
repoURL: ssh://git@gitea-ssh.platform.svc:2222/julia/homelab.git
revision: main
directories:
- path: apps/*/k8s/overlays/production
@@ -18,7 +18,7 @@ spec:
spec:
project: default
source:
repoURL: git@github.com:lazorgurl/homelab.git
repoURL: ssh://git@gitea-ssh.platform.svc:2222/julia/homelab.git
targetRevision: main
path: "{{ .path.path }}"
destination:

4
infra/kubernetes/argocd/appsets/platform.yaml
View File

@@ -8,7 +8,7 @@ spec:
goTemplateOptions: ["missingkey=error"]
generators:
- git:
repoURL: git@github.com:lazorgurl/homelab.git
repoURL: ssh://git@gitea-ssh.platform.svc:2222/julia/homelab.git
revision: main
directories:
- path: infra/kubernetes/platform/*
@@ -18,7 +18,7 @@ spec:
spec:
project: default
source:
repoURL: git@github.com:lazorgurl/homelab.git
repoURL: ssh://git@gitea-ssh.platform.svc:2222/julia/homelab.git
targetRevision: main
path: "{{ .path.path }}"
destination:

10
infra/kubernetes/argocd/appsets/previews.yaml
View File

@@ -8,9 +8,13 @@ spec:
goTemplateOptions: ["missingkey=error"]
generators:
- pullRequest:
github:
owner: lazorgurl
gitea:
owner: julia
repo: homelab
api: http://gitea-http.platform.svc:3000
tokenRef:
secretName: argocd-gitea-token
key: token
requeueAfterSeconds: 60
template:
metadata:
@@ -18,7 +22,7 @@ spec:
spec:
project: default
source:
repoURL: git@github.com:lazorgurl/homelab.git
repoURL: ssh://git@gitea-ssh.platform.svc:2222/julia/homelab.git
targetRevision: "{{ .branch }}"
path: apps/*/k8s/overlays/preview
kustomize:

17
infra/kubernetes/argocd/argocd-gitea-repo-sealed.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: argocd-gitea-repo
namespace: argocd
spec:
encryptedData:
sshPrivateKey: AgCF7JM8/SG7P9QziuakXwRkDjfTRdOgu+Qk7OcEqrZGcXmZ4mivymYkBnD4jWR0eEg+ZN4FUmhYX04eFbYJX4HyqfvC4nPlofP3E58JlWYd8khr5mkai9XLK2v3zRs3hMAJASCNBfJdKYcgpoY0G8qFe7RddemoBlqugD+xyiEKcgc349w0W69CdBRpXTG2jcvwgeaWFABMvZdZj6SIkxonpcPZTh5TuXFRjByqvWGfIu1n3pitQ1jAcQ9zogezMrYVQ/aqWFWuEoV1hc5C7cslSNC5L+r790M630yNyFuhaESkrUGEACjb6uY0/BfqW3iW5jOYkk8OEpQ+ZU0PiEREHBrz1xL+1p1mtf+4j2yBIBPkKqiuUNeKIeDF6uF22SIfZukJfYkQlmZp7V41bt1kU3I29RgLlBEsQgr3l1yPFTwI0MFBr5IJZEnPjqPiFdItZCtwUknyqEmzXUZOtjHfOCXqKmeJob99XqLGK3pUpYL2GXJMCS57C1CIkwBUG08DpUIga0NldYT8ihTiXh+4JpcWSy+mS6Oqr+KbU0o/MwpZk6ZeAan4ctM28vh5Zv4vdkISiVNmuxP2vyEnQIBmBRxKfs6059jRZ5yJIyWlP5VPnI1aZkJAhj+nxo9pCakHdC5tlqXWJB7jvBonELK/Xqgi8aU/HYnjQL7CoaCr37ld3GHmT6J30PYtPUWaAKuBy1CQKsg3O0WU4gGLsjERql3UCjIx1fsww4xw4aHPeyrNMRURhkZXDJHUs5NWeoAd8EPAPAJ774tU44fPkQ+apDJKHkD1WOtle159GRqHqfCkEwkthFuq2fTDj/km4w4x6r3HtuXG+yvI5gVgelQxmL12zb8B4DlEBRh06nVujXCbSHfMDVu2j8xYF/yLBkrN7FE+VMbYPQiw5dbLNvmOoxn+O0m/ayyunbcWO8rYsr1FVnOFK9jv+extjirESHDb06xkZodt87X5OGSrYziM+e/IZWznJHxvmpMnRMJKxWLQ/adSPZQsFfmPf7NuOjta75glVWhnvbA2qSaaOUI5H+o23yNDA7eLZTyBeTPW/ms2nsL1mAOmJYpbzkMHX4pQRD9E/zPeNgXp+fsLWfimuyXc46CWQwFPUHF28d0SS0DG8e2gqdjUYTw/scuvI1dQbhFmIlM4hUKqEoKPTPskHlaoOs2Sm6bn1pPrQ6NLNPSpZ6S10S1Bd54CP35Y+VnZxi8vGrRG4U0M+7O7GYGiF0v2hqmxT1Xiz/g=
type: AgAUNa57yRMSeMyoGBVn4xTGQTWd1XC0sO870PMf3m+53crp5iO2kOGFdvBcOSox8BbUez1Zg/m+ugQ2D1OdNjaPEZhmLmKwPFwSxFDI/s/YkwJRoUWEC7sBI5AjLccViWvw2ggqy6Mskjx2wH8WGs5p4uxufEc/3agV4Eu6kSFHkwUHfqy07p3BRF033s9NX2KprHIX+yFm1M27fbNEVGc+vzYnarbeCdk4noFZmuhFj3MkPkHlrayRIFhegOPcpp7/nioG8W+CpWWQgCMkVa5BuU0XdaAOfcd03JeO4l7A3GPn2DcOEjGf5C+CWO1HSAdT4+pMxFsagtLRyxEuc0e9I7xYsf4LslMGDlzMqiL8f9RXs2+Apcvku8DjkMiso+i8WPBHS8MkHIB0r4uAASUvPrfbd9hLTVTd7gUJfxXZhm8JBWgHf3ga2YaBtfrxvonhl5ns+YaODzK1NMW891oj5FvuHke26uqT1LRMTK0dQrazX5CeBik47GZiq58r/LJgmbArqseI2wi7frcIglCF2bcWUAaoZ0eWy15UVSKlwBYvtYcHj7BrYzyt1VlQ2bnW0Hmtan1wmEQ2RVuzWl59FLgNMv3pqNcgW77sUcCP1naSTYAnmhjw0f+te4r7ZNnH+RNpfQAIctj/x61z7mzY7zuDPVammQlGW3NzMclZK9OQ2fFzlj1n44M1wfOmFgvYMA8=
url: AgB6CwiasFG/1p3V4dx5JdLnG/E7wOtOJQ/Y8qKciyNn1LSBoDVTiD/DpbClt4xmNuX1DvDKDmhIOcHnj8MYSwKSdMVTVypl4wXyuJkupB+lV4dbAChC6NwsY08uuSbpA3aQfUmQrlYGwknlbXKNHCcVP3wnquWckXwJH4Mgt2dCTbQ1Tuiz1aCFZgljs1HwT5sZFqXWSZNdqvw62B4wOwXOrtHIPZSE4pUUFeFl6uev+HHue8xou24kQR9h3+suZWex5ntT9zRbjtO/HxnH8zTx9rtGZ3lkNVNfn6jo55jP8SQF9RHTFewkIbBa1YPGSChEkHTTR/UTcIraHNX6iT2nKNlwMfcq/i6Pjoj9CUsXa1pBT8ol/cf7HymXARssOwPgwihLdgXkFGB9ZzK/qlr9VQis0kpqcj42TlubNMcYcRyMIsFleaJf2wrmgp5N3IU/CDpMf3ube7iK+UPPCyoqEvo2CE6pUEYLb1FAT4DfvxD8yBBofnIQSQLfW0jscKxwpXSnw+6jERtQTUj/qhsRqXV1/ZsPP8PWbMY3SQ2pBWokUxFgtE5a9uHb4LN7qfAczllt9hn1F6jReC2HPRq3OY14TiSSASCnx7FfM+Fo0QaRNfxel4P/AT2zvbOBx2uy6X0KDd66V9KHxRptBAdc4KvP05T7PpvO/c3NY76q9NhwxVmcNkg08Mu/qPmt75W6O2pUcBB1q8Qauqa1TGPxzBZykS0Xu7P/LCfEONgAkmk3F7W3gGt0n+rtA7Y6FRHcpYpW0ft8
template:
metadata:
name: argocd-gitea-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository

15
infra/kubernetes/argocd/argocd-gitea-token-sealed.yaml Normal file
View File

@@ -0,0 +1,15 @@
# PLACEHOLDER: Re-seal with Gitea API token for PR generator
# ./scripts/seal-secret.sh argocd-gitea-token argocd token=<gitea-api-token>
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: argocd-gitea-token
namespace: argocd
spec:
encryptedData:
token: PLACEHOLDER_SEAL_ME
template:
metadata:
name: argocd-gitea-token
namespace: argocd

2
infra/kubernetes/argocd/kustomization.yaml
View File

@@ -8,6 +8,8 @@ resources:
- appsets/platform.yaml
- appsets/apps.yaml
- appsets/previews.yaml
- argocd-gitea-repo-sealed.yaml
- argocd-gitea-token-sealed.yaml
- servicemonitor.yaml
patches:
- target:

44
infra/kubernetes/platform/gitea-pg/cluster.yaml Normal file
View File

@@ -0,0 +1,44 @@
# Prerequisites: CloudNativePG operator must be installed first.
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: gitea-pg
namespace: platform
spec:
instances: 1
primaryUpdateStrategy: unsupervised
storage:
storageClass: longhorn-nvme
size: 5Gi
postgresql:
parameters:
max_connections: "100"
shared_buffers: 128MB
effective_cache_size: 256MB
work_mem: 4MB
bootstrap:
initdb:
database: gitea
owner: gitea
secret:
name: gitea-pg-credentials
backup:
barmanObjectStore:
destinationPath: s3://gitea-pg-backups/
endpointURL: http://minio.platform.svc:9000
s3Credentials:
accessKeyId:
name: pg-backup-s3-credentials
key: ACCESS_KEY_ID
secretAccessKey:
name: pg-backup-s3-credentials
key: SECRET_ACCESS_KEY
retentionPolicy: "30d"
monitoring:
enablePodMonitor: true

14
infra/kubernetes/platform/gitea-pg/gitea-pg-credentials-sealed.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: gitea-pg-credentials
namespace: platform
spec:
encryptedData:
password: AgCOM3lECbwltUOFNj4QZtwaPR+jBO+1L16Si8YETh5B5cC5eArOPpHGMQ7yK7ov9X+S/iIhPiolyHrQb7Tw3kSX/NHj933YHx1bITf1i5wF1LKRDbsw4XXox6bsG+GITMhUxtlVYdfY0OdoStHSpjGDHChHDHL74BjgdMS/jBSQGyicOXH6RYYH3/N7QeiwDmTAFrkhNp0DPQXG/xJ7Qi+lp9PR7ddwFZ5B1R2bVRB3KhwtMbPs4Qlo22tJh+khGgBv2yuWXB13Eu1QWOTTL58qRbwjPMB+jNMdyvGq/bWzulkIyjn17ijGn4R1XMJNyhsLSphnrqceDHyT5RroryO6cxMkFn06ZJ9xSk9GqTm4b8Rf7Hq5vvzVpeZ2MBxBO4teOyuWPED0SL4eAp36DOmczSHM1U7Uyq4sYgHJjYwnFjviaw0kmS/nhL2ZBpsuXpSd2qh2fJlZzp+pW6i54Ckvggt7ukMqT8XaENTYHLVD1uqCBwTiOJpB8VqpKXpnOLvGj44NAkub3t5ScNFzQtVcR+25zT3YaIr8g1SRoxmlPWqLcDsqnqCowYU95Vah3VWWytEToax5J3iNWRFByjNucRWHFssNsnKEXGZOuyG0tIQ1U2a/uPx7yiz1sCaxnSkai6es3GTX7Azi7OOWio5jGYJpF9iNRsHlRH8FadhjkGiIj7EUl858AfX8EPzXaMvyEMcgpOzxsanItwmMBhsVO38t1AN2Q/xbkNJBOX8=
username: AgB551yjCY/y0tZFq7gj4iCBmyvHZqEu9kwwqWrLMUUqMfQ3p+3hpprEJROt+Egixz7LTX5iv/YcJLLMsAJJSws70+Cm0l3buRPeVLuL5aQ1xCLOAHLrimg432eVnQ+FuEXxZhOWXfimZFNSW5IsyLabtt4SsSoA99WD4srZmfXcQCbIS1lO9fPNtLyvOp2o1BtYAstW5NOHE+/bEDAQoyAAn3ZQ5k59xjlBrLSlC6xt/QoivEiA20YBYnwaaLDpxEI1hpsFf9Jp9NC0nJfuFnBKnIuxhcU5tWyfxGmnpWtVQ1t5TgsktuxjBE65fXIqEYQOu2J2OPbjMjVyS1maNTj6s9OZgFi1gsNG8oRxoaVgs5lyDOzkJTtbGmSua09UEY7Lux4PWxQsc2P11sPA9zCJgPF7kN+sGXrx2WrQ01qE7z7p67rvLGAgXH4js0hUXaa57Ip+2tk0qQUUySENv0ufPCG9zOe3zkMh9c844HoJoZ1y+s3QoD7veLMS5UlLrNF9U888yGQtpwaxTb9EBGwvfiXwRO4C0r6ylm/nqroQrS073NKee4+CP/B1N6sMVp6/476eAmpgEn2Gb/TP601PxIXS76HKCn9yJ8+Y9JWCQ4rhLOR6q8SbNMmCch6W9wSoKVL8PYP5n2453Ie3Npd4YlBzu5P24yhWzmqdoUwKuNIPGsemFNoU4pYHJtn0h7E1/ovS8Q==
template:
metadata:
name: gitea-pg-credentials
namespace: platform

5
infra/kubernetes/platform/gitea-pg/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml
- gitea-pg-credentials-sealed.yaml

75
infra/kubernetes/platform/gitea-runner/deployment.yaml Normal file
View File

@@ -0,0 +1,75 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-runner
namespace: platform
labels:
app: gitea-runner
spec:
replicas: 1
selector:
matchLabels:
app: gitea-runner
template:
metadata:
labels:
app: gitea-runner
spec:
containers:
- name: runner
image: gitea/act_runner:latest
env:
- name: GITEA_INSTANCE_URL
value: http://gitea-http.platform.svc:3000
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: gitea-runner-token
key: token
- name: GITEA_RUNNER_LABELS
value: "ubuntu-latest:docker://node:20-bookworm,linux/amd64:docker://node:20-bookworm,cluster:docker://node:20-bookworm"
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_TLS_VERIFY
value: "1"
- name: DOCKER_CERT_PATH
value: /certs/client
volumeMounts:
- name: docker-certs
mountPath: /certs/client
readOnly: true
- name: runner-data
mountPath: /data
resources:
requests:
memory: 256Mi
cpu: 200m
limits:
memory: 1Gi
- name: dind
image: docker:dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: dind-storage
mountPath: /var/lib/docker
resources:
requests:
memory: 512Mi
cpu: 500m
limits:
memory: 4Gi
volumes:
- name: docker-certs
emptyDir: {}
- name: runner-data
emptyDir: {}
- name: dind-storage
emptyDir: {}

15
infra/kubernetes/platform/gitea-runner/gitea-runner-token-sealed.yaml Normal file
View File

@@ -0,0 +1,15 @@
# PLACEHOLDER: Generate token from Gitea admin panel, then re-seal with:
# ./scripts/seal-secret.sh gitea-runner-token platform token=<registration-token>
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: gitea-runner-token
namespace: platform
spec:
encryptedData:
token: PLACEHOLDER_SEAL_ME
template:
metadata:
name: gitea-runner-token
namespace: platform

5
infra/kubernetes/platform/gitea-runner/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- gitea-runner-token-sealed.yaml

77
infra/kubernetes/platform/gitea/application.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitea-helm
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "1"
spec:
project: default
source:
repoURL: https://dl.gitea.com/charts/
chart: gitea
targetRevision: 10.6.0
helm:
valuesObject:
# Disable bundled dependencies — we use external DB and Valkey
postgresql:
enabled: false
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
redis:
enabled: false
gitea:
admin:
existingSecret: gitea-admin-credentials
config:
database:
DB_TYPE: postgres
HOST: gitea-pg-rw.platform.svc:5432
NAME: gitea
USER: gitea
PASSWD:
_secret: gitea-pg-credentials
_key: password
cache:
ADAPTER: redis
HOST: redis://valkey.platform.svc:6379/0
session:
PROVIDER: redis
PROVIDER_CONFIG: redis://valkey.platform.svc:6379/1
server:
DOMAIN: gitea.coreworlds.io
ROOT_URL: https://gitea.coreworlds.io
SSH_DOMAIN: gitea.coreworlds.io
SSH_PORT: 2222
SSH_LISTEN_PORT: 2222
actions:
ENABLED: true
DEFAULT_ACTIONS_URL: github
packages:
ENABLED: true
persistence:
enabled: true
storageClass: longhorn-nvme
size: 20Gi
service:
http:
type: ClusterIP
port: 3000
ssh:
type: NodePort
port: 2222
nodePort: 30022
destination:
server: https://kubernetes.default.svc
namespace: platform
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

15
infra/kubernetes/platform/gitea/gitea-admin-credentials-sealed.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: gitea-admin-credentials
namespace: platform
spec:
encryptedData:
email: AgCUJ0iYfg51FPWXoSXTzpMk3ReEZudIevqdAPHGtLiK6lMEe0bmhjcjEvB2hokfZvSunRcdUi7a1w7ADsqNe6E2rhbnuHs9pZ6cRsY6ugYPj5BPShK+5rSS2Q4mnG/XjU9/qk73TheV2aaWMWRcZSicsbOddpl+f9OVMoG7lqwfwbO+ooW++2r7avmx2lqx2Cw7fr8rBqojxh3lRMjO2emcvPZj/H+tNiguNFecicKl9c0I8fE1lJZXNOUGpj12dvr0zUuCoZW9lGMGa4gbDH9mntvx+VG2P3dO866gcOwtdN/Ra7JuddG+ipV3plp8woYqY9DDsHY2HHqXEOTPXIvihQilAfPBCMS2tC6Qu/bOISVK7D79iV2aYYiPXKKKIYaa0JuUHA8vI+RAuDdvpwzGqFHJ5WuYS7v4eN2ASOj5COufwKDeq9g83hbL6khT7HzUeEqk6cfZCeWliZCi/Nndgh0a7Y64YpvIcGWO2zuNhf0HRtnoVbvym1TTfORhWEUcR3wX7RuEE1l74MY86g6UuqsQIVtV5YnMqn45X3/HolyjEl77R4IF64MVyqa7+b3NErMrlv0WzFhyBGDQYyGc+7mRTfkapn1RSvOfP+HRntKZTHVQSg8AvE9qSockqhj3Di0AsbYqlhvCfuPqHDEbF72+6r4Nf0vwk4R5iSNS4xL0cFOa5s64QSFmsn140D2F7YKWqsXR7+oKn4H7SvXmzczL
password: AgB7JW83nITsjEE9/0IBogh9DoZy/5VRhmmDkhh20O1IMfxLiSCcWa4N06hTWKZNN9+w1ISbwu4MQqOQF2P2v5gJa7m9Ofb82H0mzBWyXqNHWAmZrH/FWVy18Z8ZR7vTr2c0WnD2awXKcVxxwA2NREHLSC8N1MTKaCKkqA1F4ICSmWsaOK6F9drJOej7m7QlgQ5kBMgGgAy5UmZEOLrIFn4w7qMg68o7OSBSrcjSYbLUJwvAY58Alaa+8cfsqpmaDvLEvKM+13d+B2qfduGla9lKL++alN4Jz3g3BJplQw7x2vdui2uNvMMiCEzlAZVfLdnVk0N+vnCUUWpYodTKjagC19yhNl+dPEweYnM3/bUIciwuhr6LinFy5HpOABZSlVkuGmYoSQldDTu+XmLXW5glPl9NcCSL4c8NQ6dWXy3SzBxIEKZoWzRs/uW+yNvLx8Dh4SApRObKiBmRmiPwQT1JqNzjccdjt/RUOxWYfqfAp0eJePmT+3uqjAaYC6eutFV61clFbmmTJq73FBjPL0j5gIG3Q/ujWvot7QTfGk6GUYflz3J5gkU/rTWp6M/rRTQ4DV0GEozz25dvN1mQcT9ic2NmvN7jO0xNb76wAw2SYzzwEyMZpT259dFcyZL7XQuf1nqagdUiqfQwpiMW6ANQhojuM/x8CxdgPFmcAHD/21ypYOXZTipkdLd9cD+tRsjhk6cq1rx/G7TamiRaU0B424V1djbe/xsFCfaMyiNSfg==
username: AgB6BwW09UpcuuaSleENE6cSq7scTB0i0TJenoV9Jj0XPWiMY+PV+S5evntouQejSd8ULcHs7A3g1Gmz3VofQiHck/V1+BJQByEbm4W3s5xn1rVnAfSHiApS7EaJwOEvUIPVmah/f7oKttHyOSEs7C0jTVbZViHoJemNo1KR+PE3+N1g4Gvse6/4LsoQ9+OTRZ1HDGKA8XybpZhrcNE/iSC9yqAxw4hblHnSsUSo9zDz7erz6MUwmz/ExBwLqIdOp5FUL6DEjdnOucXFW6Fi0v1iKOjqz1SPqnFFrRvqR6WK9aYS2iOYQVre5WosdQokV843mc6akjyJ4lvqL27h3vpJsHmfETbhVO/UBLyUMXOVnXNHBeJU0sjDz1wkM+Ffsjm8R+nG/99PUpTNzZfSWRPdpCyUWJP2n31TfeUteYubfQOZTtjMZWAZjcR9KB7grku5rNMSTyg9QTOhqsi0gxPTQ5KWeN3JRf5G+rCInRmISw8YMHqnIIUZrTuQSgxzXmN9TPXqjxhyWZcPtR3w7W51xwqPyBp4whdA8W8NTcUOSP1lgUWJroevPGz0bfOxnudq6W8myhtlALF39KNnJZMbn8v9ND6UJkOZ8X1OxiupwmwV8rrd9+8vQ2d601/u35gwJqXkMzZ8SaWTH6nh1iM37fqerrp6KKqQ21QSBPIXjLls9zm99XdDjEYqHcytCUlBnK9ZDg==
template:
metadata:
name: gitea-admin-credentials
namespace: platform

5
infra/kubernetes/platform/gitea/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- application.yaml
- gitea-admin-credentials-sealed.yaml

13
infra/kubernetes/platform/traefik/certificate-internal.yaml
View File

@@ -49,3 +49,16 @@ spec:
kind: ClusterIssuer
dnsNames:
- harness.coreworlds.io
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-tls
namespace: platform
spec:
secretName: gitea-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
dnsNames:
- gitea.coreworlds.io

19
infra/kubernetes/platform/traefik/ingressroute-gitea.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea
namespace: platform
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea.coreworlds.io`)
kind: Rule
services:
- name: gitea-http
namespace: platform
port: 3000
tls:
secretName: gitea-tls

1
infra/kubernetes/platform/traefik/kustomization.yaml
View File

@@ -8,5 +8,6 @@ resources:
- ingressroute-grafana.yaml
- ingressroute-longhorn.yaml
- ingressroute-harness.yaml
- ingressroute-gitea.yaml
- certificate-internal.yaml
- servicemonitor.yaml