gitea to minimal kustomize

to track the secrets
2026-01-05 06:24:39 +02:00
parent dab8b990a8
commit c8262cec6a
4 changed files with 21 additions and 18 deletions
--- a/gitea/README.md
+++ b/gitea/README.md
@@ -5,7 +5,7 @@ This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/a
 Should ArgoCD be down manifests here can be applied with:

 ```
-kubectl apply -n gitea -f application.yaml
+kustomize build . | kubectl apply -f -
 ```

 Gitea DOES NOT go through Traefik. It has its own IP because ssh :22 would conflict with kube worker ssh. On its own IP, at the moment it doesn't flirt with Traefik — also has its own certificate.
--- a/gitea/application.yaml
+++ b/gitea/application.yaml
@@ -19,21 +19,15 @@ spec:
 apiVersion: codemowers.cloud/v1beta1
 kind: SecretClaim
 metadata:
-  name: gitea-security-secret-key
+  name: gitea-random
 spec:
  size: 32
  mapping:
-    - key: secret
+    - key: GITEA__SECURITY__SECRET_KEY
      value: "%(plaintext)s"
---
-apiVersion: codemowers.cloud/v1beta1
-kind: SecretClaim
-metadata:
-  name: gitea-security-internal-token
-spec:
-  size: 32
-  mapping:
-    - key: secret
+    - key: GITEA__SECURITY__INTERNAL_TOKEN
+      value: "%(plaintext)s"
+    - key: GITEA__OAUTH2__JWT_SECRET
      value: "%(plaintext)s"
 ---
 apiVersion: codemowers.cloud/v1beta1
@@ -214,23 +208,23 @@ spec:
            - name: GITEA__MAILER__PASSWD
              valueFrom:
                secretKeyRef:
-                  name: gitea-secrets
+                  name: gitea-mail
                  key: GITEA__MAILER__PASSWD
            - name: GITEA__OAUTH2__JWT_SECRET
              valueFrom:
                secretKeyRef:
-                  name: gitea-secrets
+                  name: gitea-random
                  key: GITEA__OAUTH2__JWT_SECRET
            - name: GITEA__SECURITY__INTERNAL_TOKEN
              valueFrom:
                secretKeyRef:
-                  name: gitea-security-internal-token
-                  key: secret
+                  name: gitea-random
+                  key: GITEA__SECURITY__INTERNAL_TOKEN
            - name: GITEA__SECURITY__SECRET_KEY
              valueFrom:
                secretKeyRef:
-                  name: gitea-security-secret-key
-                  key: secret
+                  name: gitea-random
+                  key: GITEA__SECURITY__SECRET_KEY
          ports:
            - containerPort: 8080
              name: http
--- a/gitea/kustomization.yaml
+++ b/gitea/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: gitea
+
+resources:
+- ssh://git@git.k-space.ee/secretspace/kube/gitea
+- ./application.yaml
+- ./mariadb.yaml
--- a/gitea/mariadb.yaml
+++ b/gitea/mariadb.yaml