fix gitea

whole bunch of fixes
2023-12-10 23:45:27 +01:00 · 2023-12-10 16:17:14 +01:00
24 changed files with 208 additions and 93 deletions
--- a/apps/adguard/configmap.yaml
+++ b/apps/adguard/configmap.yaml
@ -2,7 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: adguard-home-config
-  namespace: adguard
 data:
  AdGuardHome.yaml: |-
    bind_host: 0.0.0.0
--- a/apps/adguard/deployment.yaml
+++ b/apps/adguard/deployment.yaml
@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: adguard-home
-  namespace: adguard
 spec:
  replicas: 1
  revisionHistoryLimit: 3
--- a/apps/adguard/ingress.yaml
+++ b/apps/adguard/ingress.yaml
@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRouteTCP
 metadata:
  name: adguard-tls-ingress
-  namespace: adguard
 spec:
  entryPoints:
    - dnsovertls
--- a/apps/adguard/kustomization.yaml
+++ b/apps/adguard/kustomization.yaml
@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+  - namespace.yaml
+  - configmap.yaml
+  - ingress.yaml
+  - service.yaml
+  - deployment.yaml
+
+namespace: adguard
+
--- a/apps/adguard/namespace.yaml
+++ b/apps/adguard/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
--- a/apps/adguard/service.yaml
+++ b/apps/adguard/service.yaml
@ -1,8 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: adguard-home
-  namespace: adguard
+  name: adguard-home-web
 spec:
  ports:
  - name: http
@ -22,7 +21,6 @@ metadata:
    metallb.universe.tf/allow-shared-ip: adguard-svc

  name: adguard-home-dns-tcp
-  namespace: adguard
 spec:
  allocateLoadBalancerNodePorts: true
  loadBalancerIP: 192.168.3.2
@ -45,7 +43,6 @@ metadata:
    metallb.universe.tf/allow-shared-ip: adguard-svc

  name: adguard-home-dns-udp
-  namespace: adguard
 spec:
  allocateLoadBalancerNodePorts: true
  loadBalancerIP: 192.168.3.2
--- a/apps/media/jellyfin.ingress.yaml
+++ b/apps/media/jellyfin.ingress.yaml
@ -12,8 +12,8 @@ spec:
        - name: jellyfin-websocket
      kind: Rule
      services:
-        - name: jellyfin
-          port: 8096
+        - name: jellyfin-web
+          port: 8080
  tls:
    certResolver: default-tls

--- a/apps/media/kustomization.yaml
+++ b/apps/media/kustomization.yaml
@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+  - namespace.yaml
+  - pvc.yaml
+  - server.deployment.yaml
+  - server.service.yaml
+  - web.deployment.yaml
+  - web.service.yaml
+  - ingress.yaml
+
+namespace: media
--- a/apps/media/namespace.yaml
+++ b/apps/media/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
--- a/apps/media/jellyfin.pvc.yaml
+++ b/apps/media/jellyfin.pvc.yaml
@ -4,12 +4,9 @@ kind: PersistentVolume
 metadata:
  namespace: media
  name: jellyfin-config-nfs
-
 spec:
-  # storageClassName: slow
  capacity:
    storage: "1Gi"
-  # volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  nfs:
@ -29,6 +26,7 @@ spec:
    requests:
      storage: "1Gi"
  volumeName: jellyfin-config-nfs
+
 ---

 apiVersion: v1
@ -37,10 +35,8 @@ metadata:
  namespace: media
  name: jellyfin-data-nfs
 spec:
-  # storageClassName: slow
  capacity:
    storage: "1Ti"
-  # volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  nfs:
@ -53,7 +49,7 @@ metadata:
  namespace: media
  name: jellyfin-data-nfs
 spec:
-  storageClassName: nfs-client
+  storageClassName: ""
  accessModes:
    - ReadWriteOnce
  resources:
--- a/apps/media/server.deployment.yaml
+++ b/apps/media/server.deployment.yaml
@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin-server
+spec:
+  selector:
+    matchLabels:
+      app: jellyfin-server
+  template:
+    metadata:
+      labels:
+        app: jellyfin-server
+    spec:
+      containers:
+      - name: jellyfin-server
+        image: jellyfin/jellyfin:10.8.9
+        resources:
+          limits:
+            memory: "500Mi"
+            cpu: "2"
+        ports:
+        - containerPort: 8096
+        env:
+        - name: TZ
+          value: Europe/Berlin
+        volumeMounts:
+        - name: jellyfin-config
+          mountPath: /config
+        - name: jellyfin-data
+          mountPath: /media
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8096
+          initialDelaySeconds: 100
+          periodSeconds: 15
+      volumes:
+      - name: jellyfin-config
+        persistentVolumeClaim:
+          claimName: jellyfin-config-nfs
+      - name: jellyfin-data
+        persistentVolumeClaim:
+          claimName: jellyfin-data-nfs
+
--- a/apps/media/server.service.yaml
+++ b/apps/media/server.service.yaml
@ -0,0 +1,12 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-server
+spec:
+  selector:
+    app: jellyfin-server
+  ports:
+    - protocol: TCP
+      port: 8096
+      targetPort: 8096
--- a/apps/media/web.deployment.yaml
+++ b/apps/media/web.deployment.yaml
@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin-web
+spec:
+  selector:
+    matchLabels:
+      app: jellyfin-web
+  template:
+    metadata:
+      labels:
+        app: jellyfin-web
+    spec:
+      containers:
+      - name: jellyfin-web
+        image: ghcr.io/jellyfin/jellyfin-vue
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "30m"
+        ports:
+        - containerPort: 8080
+        env:
+        - name: TZ
+          value: Europe/Berlin
+        - name: DEFAULT_SERVERS
+          value: "jellyfin-server:8096"
--- a/apps/media/web.service.yaml
+++ b/apps/media/web.service.yaml
@ -0,0 +1,12 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-web
+spec:
+  selector:
+    app: jellyfin-web
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
--- a/infrastructure/argocd/known-hosts.configmap.yaml
+++ b/infrastructure/argocd/known-hosts.configmap.yaml
@ -8,5 +8,4 @@ metadata:
 data:
  # this is the fingerprint of the host key of git.kluster.moll.re
  ssh_known_hosts: |
-    [git.kluster.moll.re]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTtII97BheLIPWTpxMLmuFGFb7C96kqdhf78x7yWhlu
-    github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+    [git.kluster.moll.re]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgoKSgzXDvMelTDIWDToGnxr+1CjcFK4k0DxS47vaRWYenfGExB4uKhLg1pMyMQkPh2Zl62KyRa8kFXl1b7GtaH+1ty1YebxE18ooktkAViPr+Ct1U2ez3mWDnb6bhwQOdzpxX8O/THAxIsEXc2vkIQCL1L4GeaHb7QY6t1WwaboOYE+xDPtU2nZNnfIYklBBgU1XFpAGBxu2xN856hW9g/S0vNaNKciAanALq97G4+8o6/ZN7G0OLV+KIWHvbeBG7lEB8e7mH1b+pALxyBwN0GEFm34iocObSLRKV1wqFotu3NWk6I67mWrPuXTbbR0uo+wfZ/ZdiV5+C5eT7g9nKzkJT5YEc53yyodxFUay1bbwWDs6xeF9iWHpuN3ebL2+gZcdqprfaMyhJDk0/HgtmKrhsJdnpbP18E40qBUcEZUUvp7Wjy6/JzVm75NU/gVGauRgepVEYhCrG6s7kTDb7kCxkIxMKpc8oQpfXtjJYW+BgPSr6Y2wzYS+JjoQ5bHxV/VHDMEKd+lk/qxqFcLy+0mc/PQl4YCFVkyIFFAqinFLHW/FrWy9rWeSfnrefJGxsl8chVuHJe/eEE87JY2zQVWf7+m7MIXoh9QEEufmkqYkUg5BnVfg2B1UFYWMS8DqlP1Rtx7QG11w9tAC1hBdI7JrrPVX2xzzUivGQQs9CAw==
--- a/infrastructure/gitea/drone-server.deployment.yaml
+++ b/infrastructure/gitea/drone-server.deployment.yaml
@ -92,13 +92,9 @@ apiVersion: v1
 kind: PersistentVolume
 metadata:
  name: drone-data-nfs
-  labels:
-    directory: drone
 spec:
-  # storageClassName: fast
  capacity:
    storage: "1Gi"
-  # volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  nfs:
@ -110,15 +106,10 @@ kind: PersistentVolumeClaim
 metadata:
  name: drone-data-nfs
 spec:
-  # storageClassName: fast
+  storageClassName: ""
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: "1Gi"
-  selector:
-    matchLabels:
-      directory: drone
-
-
-
+  volumeName: drone-data-nfs
--- a/infrastructure/gitea/gitea.pvc.yaml
+++ b/infrastructure/gitea/gitea.pvc.yaml
@ -39,13 +39,12 @@ spec:
    server: 192.168.1.157

 ---
-
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: gitea-postgresql-data-nfs
 spec:
-  storageClassName: nfs-client
+  storageClassName: ""
  accessModes:
    - ReadWriteOnce
  resources:
--- a/infrastructure/gitea/gitea.values.yaml
+++ b/infrastructure/gitea/gitea.values.yaml
@ -68,26 +68,12 @@ resources:


 ## @section Persistence
-#
-## @param persistence.enabled Enable persistent storage
-## @param persistence.existingClaim Use an existing claim to store repository information
-## @param persistence.size Size for persistence to store repo information
-## @param persistence.accessModes AccessMode for persistence
-## @param persistence.labels Labels for the persistence volume claim to be created
-## @param persistence.annotations Annotations for the persistence volume claim to be created
-## @param persistence.storageClass Name of the storage class to use
-## @param persistence.subPath Subdirectory of the volume to mount at
 persistence:
  enabled: true
-  existingClaim: gitea-data-nfs
+  create: false
+  mount: true
+  claimName: gitea-data-nfs

-  size: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  labels: {}
-  annotations: {}
-  storageClass:
-  subPath:


 # Configure commit/action signing prerequisites
@ -99,13 +85,6 @@ persistence:
 ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
 signing:
  enabled: false
-  gpgHome: /data/git/.gnupg
-  privateKey: ""
-  # privateKey: |-
-  #   -----BEGIN PGP PRIVATE KEY BLOCK-----
-  #   ...
-  #   -----END PGP PRIVATE KEY BLOCK-----
-  existingSecret: ""

 ## @section Gitea
 #
@ -116,8 +95,9 @@ gitea:
  ## @param gitea.admin.email Email for the Gitea admin user
  admin:
    username: gitea_admin
-    password: r8sA8CPHD9!bt6d
-    email: "gitea@local.domain"
+    # this user needs to stay admin, and active. But we change its password to be unusable
+    password: changedalready
+    email: "gitea@delete.me"

  ## @param gitea.metrics.enabled Enable Gitea metrics
  ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
@ -134,7 +114,7 @@ gitea:
    server:
      DOMAIN: git.kluster.moll.re
      ROOT_URL: https://git.kluster.moll.re
-      SSH_LISTEN_PORT: 2222
+      SSH_PORT: 2222
    actions:
      ENABLED: true

@ -145,23 +125,6 @@ gitea:
    logLevel: "INFO"


-## @section Memcached
-#
-## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
-## ref: https://hub.docker.com/r/bitnami/memcached/tags/
-## @param memcached.service.ports.memcached Port for Memcached
-memcached:
-  enabled: true
-  # image:
-  #   registry: docker.io
-  #   repository: bitnami/memcached
-  #   tag: ""
-  #   digest: ""
-  #   pullPolicy: IfNotPresent
-  #   pullSecrets: []
-  service:
-    ports:
-      memcached: 11211

 ## @section PostgreSQL
 #
@ -177,8 +140,8 @@ postgresql:
    tag: 11
  # diagnosticMode:
  #   enabled: true
-  # containerSecurityContext:
-  #   runAsUser: 0
+  containerSecurityContext:
+    runAsUser: 0
  global:
    postgresql:
      auth:
@ -192,7 +155,16 @@ postgresql:
    persistence:
      size: 10Gi
      existingClaim: gitea-postgresql-data-nfs
-      mountPath: /bitnami/postgresql/data
+      # mountPath: /bitnami/postgresql/data
+
+
+
+redis-cluster:
+  enabled: true
+  usePassword: false
+  cluster:
+    nodes: 3 # default: 6
+    replicas: 0 # default: 1


 postgresql-ha:
@ -206,12 +178,3 @@ postgresql-ha:
 ## @param test.image.name Image name for the wget container used in the test-connection Pod.
 ## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
 checkDeprecation: true
-test:
-  enabled: true
-  image:
-    name: busybox
-    tag: latest
-
-## @param extraDeploy Array of extra objects to deploy with the release
-##
-extraDeploy: []
--- a/infrastructure/gitea/kustomization.yaml
+++ b/infrastructure/gitea/kustomization.yaml
@ -1,18 +1,19 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources: 
- namespace.yaml
- gitea.pvc.yaml
- gitea.ingress.yaml
- drone-kube-runner.deployment.yaml
- drone-server.deployment.yaml
- drone-server.sealedsecret.yaml
+  - namespace.yaml
+  - gitea.pvc.yaml
+  - gitea.ingress.yaml
+  - drone-kube-runner.deployment.yaml
+  - drone-server.deployment.yaml
+  - drone-server.sealedsecret.yaml

 namespace: gitea


 helmCharts:
  - name: gitea
+    namespace: gitea # needs to be set explicitly for svc to be referenced correctly
    releaseName: gitea
    version: 9.6.1
    valuesFile: gitea.values.yaml
--- a/kluster-deployments/adguard/application.yaml
+++ b/kluster-deployments/adguard/application.yaml
@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: adguard-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/adguard
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: adguard
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
--- a/kluster-deployments/adguard/kustomization.yaml
+++ b/kluster-deployments/adguard/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - application.yaml
--- a/kluster-deployments/kustomization.yaml
+++ b/kluster-deployments/kustomization.yaml
@ -24,3 +24,5 @@ resources:
  - homeassistant/
  - ntfy/
  - rss/
+  - adguard/
+  - media/
--- a/kluster-deployments/media/application.yaml
+++ b/kluster-deployments/media/application.yaml
@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: media-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/media/
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: media
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
--- a/kluster-deployments/media/kustomization.yaml
+++ b/kluster-deployments/media/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- application.yaml
Author	SHA1	Message	Date
Remy Moll	9012ec927c	fix gitea	2023-12-10 23:45:27 +01:00
Remy Moll	45aa9c96dc	whole bunch of fixes	2023-12-10 16:17:14 +01:00