diff --git a/k8s/development/gitea.secret.yml b/k8s/development/gitea.secret.yml index 4bdb885..2963444 100644 --- a/k8s/development/gitea.secret.yml +++ b/k8s/development/gitea.secret.yml @@ -1,42 +1,119 @@ -persistence: - annotations: - "helm.sh/resource-policy": keep +# --- Resource Optimization: Disable HA Clusters --- +postgresql-ha: + enabled: false +valkey-cluster: + enabled: false + +# --- Lightweight Database (PostgreSQL) --- +postgresql: enabled: true - storageClass: openebs-hostpath - accessMode: ReadWriteOnce - + global: + postgresql: + auth: + database: gitea + username: gitea + password: "eexai7ohHoameo3aefah" # <--- [1] DB Password + # Reduce DB resources for private use + primary: + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + memory: 512Mi + persistence: + size: 5Gi + storageClass: openebs-hostpath + +# --- Lightweight Cache (Valkey Standalone) --- +valkey: + enabled: true + architecture: standalone + global: + valkey: + password: "Aid0eiy1ohghoagahjo3" # <--- [2] Cache Password + master: + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + memory: 128Mi + persistence: + enabled: false # Ephemeral cache is fine for home use (saves disk I/O) + +# --- Gitea Configuration --- +image: + tag: "1.21.5" + rootless: true + +# Limit Gitea's own resources resources: gitea: requests: - memory: 200Mi + memory: 256Mi cpu: 100m + limits: + memory: 1Gi + cpu: 1000m -mariadb: +persistence: enabled: true - rootUser: - password: chu6ohzat4zae2iPhuoy - db: - user: gitea - name: gitea - password: OohoX6vahsh1mahshujo + storageClass: openebs-hostpath + size: 10Gi + accessModes: + - ReadWriteOnce -ingress: - enabled: true - certManager: true - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - cert-manager.io/cluster-issuer: "letsencrypt-prod" - hosts: - - name: git.moritzgraf.de - tls: - - hosts: - - "git.moritzgraf.de" - secretName: git-moritzgraf-de +gitea: + admin: + username: "moritz" + password: "oongaeY9ohw4eith2Aiv" # <--- [3] Admin Password + email: "moritz@moritzgraf.de" + + config: + security: + INSTALL_LOCK: true + SECRET_KEY: "eew5quoo3jeiPheeb7eereeTaik2Ieth" # <--- [4] Secret Key + server: + DOMAIN: git.moritzgraf.de + ROOT_URL: "https://git.moritzgraf.de/" + SSH_DOMAIN: git.moritzgraf.de + SSH_PORT: "2222" # External display port + SSH_LISTEN_PORT: "2222" # Internal container port + START_SSH_SERVER: true + + # Connect to our standalone Valkey instance + # The default host for the subchart is usually: -valkey-master + cache: + ADAPTER: redis + HOST: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password + session: + PROVIDER: redis + PROVIDER_CONFIG: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password + queue: + TYPE: redis + CONN_STR: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password service: ssh: - serviceType: ClusterIP - port: 22 - externalPort: 2222 - externalHost: git.moritzgraf.de + type: NodePort + port: 2222 + targetPort: 2222 + nodePort: 30222 # Open this port on your firewall/router if needed + +ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/proxy-body-size: "512m" + hosts: + - host: git.moritzgraf.de + paths: + - path: / + pathType: Prefix + tls: + - secretName: git-moritzgraf-de + hosts: + - git.moritzgraf.de \ No newline at end of file diff --git a/k8s/development/registry.secret.yaml b/k8s/development/registry.secret.yaml index f63cdb3..74d27eb 100644 Binary files a/k8s/development/registry.secret.yaml and b/k8s/development/registry.secret.yaml differ diff --git a/k8s/development/registry_ingress.yaml b/k8s/development/registry_ingress.yaml new file mode 100644 index 0000000..d44a200 --- /dev/null +++ b/k8s/development/registry_ingress.yaml @@ -0,0 +1,42 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: docker-registry + namespace: development + annotations: + # --- ADDED: Match the working configuration --- + kubernetes.io/tls-acme: "true" + # ---------------------------------------------- + cert-manager.io/cluster-issuer: letsencrypt-prod + kubernetes.io/ingress.class: nginx + meta.helm.sh/release-name: docker-registry + meta.helm.sh/release-namespace: development + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + labels: + app: docker-registry + app.kubernetes.io/managed-by: Helm + chart: docker-registry-1.9.2 + heritage: Helm + release: docker-registry +spec: + # --- ADDED: Critical for modern K8s --- + ingressClassName: nginx + # -------------------------------------- + rules: + - host: registry.haumdaucher.de + http: + paths: + - backend: + service: + name: docker-registry + port: + number: 5000 + path: / + # --- CHANGED: Recommended for consistency --- + pathType: Prefix + # -------------------------------------------- + tls: + - hosts: + - registry.haumdaucher.de + secretName: registry-haumdaucher-de \ No newline at end of file