github-actions[bot]
commented
1 month ago kustomization changes in kubernetes/main
--- kubernetes/main/flux Kustomization: flux-system/cluster HelmRepository: flux-system/forgejo
+++ kubernetes/main/flux Kustomization: flux-system/cluster HelmRepository: flux-system/forgejo
@@ -0,0 +1,14 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo
+ namespace: flux-system
+spec:
+ interval: 5m
+ type: oci
+ url: oci://code.forgejo.org/forgejo-helm
+
--- kubernetes/main/apps/database/redis-commander/app Kustomization: flux-system/redis-commander ConfigMap: database/redis-commander
+++ kubernetes/main/apps/database/redis-commander/app Kustomization: flux-system/redis-commander ConfigMap: database/redis-commander
@@ -21,12 +21,19 @@
{
"label": "authentik",
"host": "dragonfly.database.svc.cluster.local",
"port": "6379",
"password": "..PLACEHOLDER..",
"dbIndex": 2
+ },
+ {
+ "label": "forgejo",
+ "host": "dragonfly.database.svc.cluster.local",
+ "port": "6379",
+ "password": "..PLACEHOLDER..",
+ "dbIndex": 3
}
]
}
kind: ConfigMap
metadata:
labels:
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/forgejo-init-db
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/forgejo-init-db
@@ -0,0 +1,35 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo-init-db
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: forgejo-init-db
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: cloudnative-pg-cluster
+ force: true
+ interval: 2h
+ path: ./kubernetes/main/apps/default/forgejo/init-db
+ postBuild:
+ substituteFrom:
+ - kind: Secret
+ name: cluster-secrets
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: default
+ timeout: 5m
+ wait: true
+
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/forgejo
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/forgejo
@@ -0,0 +1,46 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: forgejo
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: forgejo-init-db
+ - name: cloudnative-pg-cluster
+ - name: dragonfly-cluster
+ interval: 2h
+ path: ./kubernetes/main/apps/default/forgejo/app
+ postBuild:
+ substitute:
+ APP: forgejo
+ GATUS_PATH: /api/healthz
+ GATUS_SUBDOMAIN: forgejo
+ VOLSYNC_CAPACITY: 20Gi
+ VOLSYNC_MOVER_FS_GROUP: '1000'
+ VOLSYNC_MOVER_GROUP: '1000'
+ VOLSYNC_MOVER_USER: '1000'
+ VOLSYNC_SCHEDULE_B2: 0 3 * * 0
+ VOLSYNC_SCHEDULE_MINIO: 0 3 * * *
+ substituteFrom:
+ - kind: Secret
+ name: cluster-secrets
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: default
+ timeout: 5m
+ wait: false
+
--- kubernetes/main/apps/default/forgejo/init-db Kustomization: flux-system/forgejo-init-db Job: default/forgejo-init-db
+++ kubernetes/main/apps/default/forgejo/init-db Kustomization: flux-system/forgejo-init-db Job: default/forgejo-init-db
@@ -0,0 +1,21 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ labels:
+ app.kubernetes.io/name: forgejo-init-db
+ kustomize.toolkit.fluxcd.io/name: forgejo-init-db
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo-init-db
+ namespace: default
+spec:
+ template:
+ spec:
+ containers:
+ - envFrom:
+ - secretRef:
+ name: forgejo-init-db
+ image: ghcr.io/onedr0p/postgres-init:16.3@sha256:8ba3204f6b293dd168766009aae2ce4fa986a29b931c2d30ac1b30238ac750b8
+ name: init-db
+ restartPolicy: OnFailure
+
--- kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo PersistentVolumeClaim: default/forgejo
+++ kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo PersistentVolumeClaim: default/forgejo
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ labels:
+ app.kubernetes.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo
+ namespace: default
+spec:
+ accessModes:
+ - ReadWriteOnce
+ dataSourceRef:
+ apiGroup: volsync.backube
+ kind: ReplicationDestination
+ name: forgejo-dst
+ resources:
+ requests:
+ storage: 20Gi
+ storageClassName: longhorn
+
--- kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo ReplicationSource: default/forgejo
+++ kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo ReplicationSource: default/forgejo
@@ -0,0 +1,36 @@
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ labels:
+ app.kubernetes.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo
+ namespace: default
+spec:
+ restic:
+ accessModes:
+ - ReadWriteOnce
+ cacheAccessModes:
+ - ReadWriteOnce
+ cacheCapacity: 1Gi
+ cacheStorageClassName: openebs-hostpath
+ copyMethod: Snapshot
+ moverSecurityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsUser: 1000
+ pruneIntervalDays: 7
+ repository: forgejo-volsync
+ retain:
+ daily: 7
+ hourly: 24
+ monthly: 6
+ weekly: 4
+ storageClassName: longhorn
+ volumeSnapshotClassName: longhorn
+ sourcePVC: forgejo
+ trigger:
+ schedule: 0 3 * * *
+
--- kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo ReplicationDestination: default/forgejo-dst
+++ kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo ReplicationDestination: default/forgejo-dst
@@ -0,0 +1,30 @@
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+ labels:
+ app.kubernetes.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo-dst
+ namespace: default
+spec:
+ restic:
+ accessModes:
+ - ReadWriteOnce
+ cacheAccessModes:
+ - ReadWriteOnce
+ cacheCapacity: 1Gi
+ cacheStorageClassName: openebs-hostpath
+ capacity: 20Gi
+ copyMethod: Snapshot
+ moverSecurityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsUser: 1000
+ repository: forgejo-volsync
+ storageClassName: longhorn
+ volumeSnapshotClassName: longhorn
+ trigger:
+ manual: restore-once
+
--- kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo ReplicationSource: default/forgejo-b2
+++ kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo ReplicationSource: default/forgejo-b2
@@ -0,0 +1,34 @@
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ labels:
+ app.kubernetes.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo-b2
+ namespace: default
+spec:
+ restic:
+ accessModes:
+ - ReadWriteOnce
+ cacheAccessModes:
+ - ReadWriteOnce
+ cacheCapacity: 1Gi
+ cacheStorageClassName: openebs-hostpath
+ copyMethod: Snapshot
+ moverSecurityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsUser: 1000
+ pruneIntervalDays: 7
+ repository: forgejo-b2-volsync
+ retain:
+ daily: 7
+ weekly: 4
+ storageClassName: longhorn
+ volumeSnapshotClassName: longhorn
+ sourcePVC: forgejo
+ trigger:
+ schedule: 0 3 * * 0
+
--- kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo HelmRelease: default/forgejo
+++ kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo HelmRelease: default/forgejo
@@ -0,0 +1,174 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo
+ namespace: default
+spec:
+ chart:
+ spec:
+ chart: forgejo
+ sourceRef:
+ kind: HelmRepository
+ name: forgejo
+ namespace: flux-system
+ version: 7.0.2
+ install:
+ remediation:
+ retries: 3
+ interval: 2h
+ uninstall:
+ keepHistory: false
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ values:
+ deployment:
+ annotations:
+ secret.reloader.stakater.com/reload: forgejo-secret,forgejo-admin-secret,forgejo-oauth-secret,forgejo-init-db
+ gitea:
+ admin:
+ existingSecret: forgejo-admin-secret
+ config:
+ cache:
+ ADAPTER: redis
+ HOST: redis://:..PLACEHOLDER..@dragonfly.database.svc.cluster.local:6379/3?pool_size=100&idle_timeout=180s
+ database:
+ DB_TYPE: postgres
+ SSL_MODE: require
+ mailer:
+ ENABLED: true
+ FROM: Forgejo <..PLACEHOLDER..>
+ PROTOCOL: smtp
+ SMTP_ADDR: smtp-relay.default.svc.cluster.local
+ SMTP_PORT: 25
+ oauth2:
+ ACCOUNT_LINKING: auto
+ ENABLE_AUTO_REGISTRATION: true
+ OPENID_CONNECT_SCOPES: openid email groups
+ UPDATE_AVATAR: true
+ USERNAME: nickname
+ openid:
+ ENABLE_OPENID_SIGNIN: false
+ ENABLE_OPENID_SIGNUP: true
+ WHITELISTED_URIS: identity.18b.haus
+ queue:
+ CONN_STR: redis://:..PLACEHOLDER..@dragonfly.database.svc.cluster.local:6379/3?pool_size=100&idle_timeout=180s
+ TYPE: redis
+ repository:
+ DEFAULT_PRIVATE: private
+ security:
+ PASSWORD_COMPLEXITY: spec
+ server:
+ SSH_DOMAIN: forgejo-ssh.18b.haus
+ SSH_LISTEN_PORT: 2222
+ SSH_PORT: 22
+ service:
+ ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+ DISABLE_REGISTRATION: false
+ ENABLE_NOTIFY_MAIL: true
+ REQUIRE_SIGNIN_VIEW: true
+ SHOW_REGISTRATION_BUTTON: false
+ session:
+ PROVIDER: redis
+ PROVIDER_CONFIG: redis://:..PLACEHOLDER..@dragonfly.database.svc.cluster.local:6379/3?pool_size=100&idle_timeout=180s
+ storage:
+ MINIO_BUCKET: forgejo
+ MINIO_ENDPOINT: s3.storage.18b.haus
+ MINIO_USE_SSL: true
+ STORAGE_TYPE: minio
+ webhook:
+ ALLOWED_HOST_LIST: private
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ oauth:
+ - adminGroup: admins
+ autoDiscoverUrl: https://identity.18b.haus/application/o/forgejo/.well-known/openid-configuration
+ existingSecret: forgejo-oauth-secret
+ groupClaimName: groups
+ iconUrl: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/authentik.png
+ name: Authentik
+ provider: openidConnect
+ scopes: openid profile email
+ ingress:
+ annotations:
+ gethomepage.dev/enabled: 'true'
+ gethomepage.dev/group: Tools
+ gethomepage.dev/icon: forgejo.png
+ gethomepage.dev/name: Forgejo
+ nginx.ingress.kubernetes.io/proxy-body-size: 8000m
+ nginx.ingress.kubernetes.io/server-snippet: |
+ # Do not expose metrics to the outside.
+ location = /metrics {
+ return 404;
+ }
+ className: internal
+ enabled: true
+ hosts:
+ - host: forgejo.18b.haus
+ paths:
+ - path: /
+ pathType: Prefix
+ tls:
+ - hosts:
+ - forgejo.18b.haus
+ persistence:
+ claimName: forgejo
+ create: false
+ enabled: true
+ postgresql:
+ enabled: false
+ postgresql-ha:
+ enabled: false
+ redis-cluster:
+ enabled: false
+ service:
+ ssh:
+ annotations:
+ external-dns.alpha.kubernetes.io/hostname: forgejo-ssh.18b.haus
+ io.cilium/lb-ipam-ips: 192.168.40.245
+ port: 22
+ type: LoadBalancer
+ strategy:
+ type: Recreate
+ valuesFrom:
+ - kind: Secret
+ name: forgejo-init-db
+ targetPath: gitea.config.database.HOST
+ valuesKey: INIT_POSTGRES_HOST
+ - kind: Secret
+ name: forgejo-init-db
+ targetPath: gitea.config.database.NAME
+ valuesKey: INIT_POSTGRES_DBNAME
+ - kind: Secret
+ name: forgejo-init-db
+ targetPath: gitea.config.database.USER
+ valuesKey: INIT_POSTGRES_USER
+ - kind: Secret
+ name: forgejo-init-db
+ targetPath: gitea.config.database.PASSWD
+ valuesKey: INIT_POSTGRES_PASS
+ - kind: Secret
+ name: forgejo-admin-secret
+ targetPath: gitea.admin.email
+ valuesKey: email
+ - kind: Secret
+ name: forgejo-secret
+ targetPath: gitea.config.security.SECRET_KEY
+ valuesKey: secret-key
+ - kind: Secret
+ name: forgejo-secret
+ targetPath: gitea.config.storage.MINIO_ACCESS_KEY_ID
+ valuesKey: minio-access-key-id
+ - kind: Secret
+ name: forgejo-secret
+ targetPath: gitea.config.storage.MINIO_SECRET_ACCESS_KEY
+ valuesKey: minio-secret-access-key
+
--- kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo ConfigMap: default/forgejo-gatus-ep
+++ kubernetes/main/apps/default/forgejo/app Kustomization: flux-system/forgejo ConfigMap: default/forgejo-gatus-ep
@@ -0,0 +1,41 @@
+---
+apiVersion: v1
+data:
+ config.yaml: |
+ endpoints:
+ - name: "forgejo"
+ group: internal
+ url: "https://forgejo.18b.haus/api/healthz"
+ interval: 2m
+ ui:
+ hide-hostname: true
+ hide-url: true
+ conditions:
+ - "[STATUS] == 200"
+ alerts:
+ - type: telegram
+ - name: "forgejo"
+ group: guarded
+ url: 1.1.1.1
+ interval: 1m
+ ui:
+ hide-hostname: true
+ hide-url: true
+ dns:
+ query-name: "forgejo.18b.haus"
+ query-type: A
+ conditions:
+ - "len([BODY]) == 0"
+ alerts:
+ - type: telegram
+ description: exposed to the internet
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: forgejo
+ gatus.io/enabled: 'true'
+ kustomize.toolkit.fluxcd.io/name: forgejo
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: forgejo-gatus-ep
+ namespace: default
+
This will replace gitea. I'm going to move the repos over later.