k-space/kube
12
1
Fork 3
Code Issues 64 Pull Requests Wiki Activity

gitea to minimal kustomize

Browse Source 
to track the secrets
This commit is contained in:
Rasmus Kallas
2026-01-05 06:24:39 +02:00
parent dab8b990a8
commit c8262cec6a
4 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gitea/README.md
View File

@@ -5,7 +5,7 @@ This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/a
Should ArgoCD be down manifests here can be applied with: Should ArgoCD be down manifests here can be applied with:
``` ```
kubectl apply -n gitea -f application.yaml kustomize build . | kubectl apply -f -
``` ```
Gitea DOES NOT go through Traefik. It has its own IP because ssh :22 would conflict with kube worker ssh. On its own IP, at the moment it doesn't flirt with Traefik — also has its own certificate. Gitea DOES NOT go through Traefik. It has its own IP because ssh :22 would conflict with kube worker ssh. On its own IP, at the moment it doesn't flirt with Traefik — also has its own certificate.

28
gitea/application.yaml
View File

@@ -19,21 +19,15 @@ spec:
apiVersion: codemowers.cloud/v1beta1 apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim kind: SecretClaim
metadata: metadata:
name: gitea-security-secret-key name: gitea-random
spec: spec:
size: 32 size: 32
mapping: mapping:
- key: secret - key: GITEA__SECURITY__SECRET_KEY
value: "%(plaintext)s" value: "%(plaintext)s"
--- - key: GITEA__SECURITY__INTERNAL_TOKEN
apiVersion: codemowers.cloud/v1beta1 value: "%(plaintext)s"
kind: SecretClaim - key: GITEA__OAUTH2__JWT_SECRET
metadata:
name: gitea-security-internal-token
spec:
size: 32
mapping:
- key: secret
value: "%(plaintext)s" value: "%(plaintext)s"
--- ---
apiVersion: codemowers.cloud/v1beta1 apiVersion: codemowers.cloud/v1beta1
@@ -214,23 +208,23 @@ spec:
- name: GITEA__MAILER__PASSWD - name: GITEA__MAILER__PASSWD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-secrets name: gitea-mail
key: GITEA__MAILER__PASSWD key: GITEA__MAILER__PASSWD
- name: GITEA__OAUTH2__JWT_SECRET - name: GITEA__OAUTH2__JWT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-secrets name: gitea-random
key: GITEA__OAUTH2__JWT_SECRET key: GITEA__OAUTH2__JWT_SECRET
- name: GITEA__SECURITY__INTERNAL_TOKEN - name: GITEA__SECURITY__INTERNAL_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-security-internal-token name: gitea-random
key: secret key: GITEA__SECURITY__INTERNAL_TOKEN
- name: GITEA__SECURITY__SECRET_KEY - name: GITEA__SECURITY__SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-security-secret-key name: gitea-random
key: secret key: GITEA__SECURITY__SECRET_KEY
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http name: http

9
gitea/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: gitea
resources:
- ssh://git@git.k-space.ee/secretspace/kube/gitea
- ./application.yaml
- ./mariadb.yaml

0
gitea/mariadb.yml → gitea/mariadb.yaml
View File