feat: refactor apps

2026-03-26 20:55:22 -05:00
parent f011dcfe85
commit 2785e92c41
8 changed files with 45 additions and 157 deletions
--- a/clusters/cl01tl/helm/gitea/Chart.yaml
+++ b/clusters/cl01tl/helm/gitea/Chart.yaml
@@ -5,29 +5,28 @@ description: Gitea
 keywords:
  - gitea
  - git
-  - code
-home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd
+home: https://docs.alexlebens.dev/applications/gitea/
 sources:
  - https://github.com/go-gitea/gitea
  - https://github.com/renovatebot/renovate
  - https://github.com/Angatar/s3cmd
  - https://github.com/meilisearch/meilisearch
-  - https://github.com/cloudflare/cloudflared
-  - https://github.com/cloudnative-pg/cloudnative-pg
  - https://hub.docker.com/r/gitea/gitea
  - https://hub.docker.com/r/renovate/renovate
  - https://hub.docker.com/r/d3fk/s3cmd/
  - https://gitea.com/gitea/helm-chart
-  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://gitea.com/gitea/helm-actions
  - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
 maintainers:
  - name: alexlebens
 dependencies:
  - name: gitea
    version: 12.5.0
-    repository: https://dl.gitea.io/charts/
+    repository: https://dl.gitea.com/charts/
  - name: actions
    alias: gitea-actions
    repository: https://dl.gitea.com/charts/
@@ -54,6 +53,6 @@ dependencies:
    alias: volsync-target-storage
    version: 0.8.0
    repository: oci://harbor.alexlebens.net/helm-charts
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
 # renovate: datasource=github-releases depName=go-gitea/gitea
 appVersion: 1.25.5
--- a/clusters/cl01tl/helm/gitea/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/gitea/templates/external-secret.yaml
@@ -14,17 +14,11 @@ spec:
  data:
    - secretKey: username
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/auth/admin
-        metadataPolicy: None
        property: username
    - secretKey: password
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/auth/admin
-        metadataPolicy: None
        property: password

 ---
@@ -44,17 +38,11 @@ spec:
  data:
    - secretKey: secret
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/gitea
-        metadataPolicy: None
        property: secret
    - secretKey: key
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/gitea
-        metadataPolicy: None
        property: client

 ---
@@ -74,10 +62,7 @@ spec:
  data:
    - secretKey: token
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/runner
-        metadataPolicy: None
        property: token

 ---
@@ -97,38 +82,23 @@ spec:
  data:
    - secretKey: RENOVATE_ENDPOINT
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/renovate
-        metadataPolicy: None
        property: RENOVATE_ENDPOINT
    - secretKey: RENOVATE_GIT_AUTHOR
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/renovate
-        metadataPolicy: None
        property: RENOVATE_GIT_AUTHOR
    - secretKey: RENOVATE_TOKEN
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/renovate
-        metadataPolicy: None
        property: RENOVATE_TOKEN
    - secretKey: RENOVATE_GIT_PRIVATE_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/renovate
-        metadataPolicy: None
        property: id_rsa
    - secretKey: RENOVATE_GITHUB_COM_TOKEN
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /github/gitea-cl01tl
-        metadataPolicy: None
        property: token

 ---
@@ -148,24 +118,15 @@ spec:
  data:
    - secretKey: config
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/renovate
-        metadataPolicy: None
        property: ssh_config
    - secretKey: id_rsa
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/renovate
-        metadataPolicy: None
        property: id_rsa
    - secretKey: id_rsa.pub
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/renovate
-        metadataPolicy: None
        property: id_rsa.pub

 ---
@@ -191,8 +152,5 @@ spec:
  data:
    - secretKey: MEILI_MASTER_KEY
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /cl01tl/gitea/meilisearch
-        metadataPolicy: None
        property: MEILI_MASTER_KEY
--- a/clusters/cl01tl/helm/gitea/values.yaml
+++ b/clusters/cl01tl/helm/gitea/values.yaml
@@ -2,9 +2,14 @@ gitea:
  global:
    imageRegistry: registry.hub.docker.com
  replicaCount: 3
+  strategy:
+    type: "RollingUpdate"
+    rollingUpdate:
+      maxSurge: "100%"
+      maxUnavailable: 1
  image:
    repository: gitea/gitea
-    tag: 1.25.5
+    tag: 1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472
  service:
    http:
      type: ClusterIP
@@ -14,8 +19,10 @@ gitea:
      type: ClusterIP
      port: 22
      clusterIP: 10.103.160.140
-  ingress:
-    enabled: false
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 600Mi
  persistence:
    storageClass: ceph-filesystem
    size: 40Gi
@@ -41,7 +48,7 @@ gitea:
    metrics:
      enabled: true
      serviceMonitor:
-        enabled: false
+        enabled: true
    oauth:
      - name: Authentik
        provider: openidConnect
@@ -139,9 +146,10 @@ gitea-actions:
    replicas: 6
    timezone: America/Chicago
    actRunner:
-      registry: ""
+      registry: registry.hub.docker.com
      repository: gitea/act_runner
-      tag: 0.2.13
+      # renovate: datasource=docker depName=gitea/act_runner
+      tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
      config: |
        log:
          level: debug
@@ -154,17 +162,19 @@ gitea-actions:
            - "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
            - "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
    dind:
-      registry: ""
+      registry: registry.hub.docker.com
      repository: docker
-      tag: 28.3.3-dind
+      # renovate: datasource=docker depName=docker
+      tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
    persistence:
      storageClass: ceph-block
-      size: 5Gi
+      size: 10Gi
  init:
    image:
-      registry: ""
+      registry: registry.hub.docker.com
      repository: busybox
-      tag: "1.37.0"
+      # renovate: datasource=docker depName=busybox
+      tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
  existingSecret: gitea-runner-secret
  existingSecretKey: token
  giteaRootURL: http://gitea-http.gitea:3000
@@ -175,17 +185,14 @@ meilisearch:
    MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
  auth:
    existingMasterKeySecret: gitea-meilisearch-master-key-secret
-  service:
-    type: ClusterIP
-    port: 7700
  persistence:
    enabled: true
    storageClass: ceph-block
    size: 5Gi
  resources:
    requests:
-      cpu: 10m
-      memory: 128Mi
+      cpu: 1m
+      memory: 160Mi
  serviceMonitor:
    enabled: true
 postgres-18-cluster:
@@ -193,8 +200,8 @@ postgres-18-cluster:
  cluster:
    resources:
      requests:
-        memory: 1Gi
-        cpu: 200m
+        cpu: 100m
+        memory: 100Mi
  recovery:
    method: objectStore
    objectStore:
@@ -206,41 +213,18 @@ postgres-18-cluster:
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
-      # - name: garage-remote
-      #   index: 1
-      #   destinationBucket: postgres-backups
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   retentionPolicy: "90d"
-      #   data:
-      #     compression: bzip2
-      # - name: external
-      #   index: 1
-      #   endpointURL: https://nyc3.digitaloceanspaces.com
-      #   destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
-      #   externalSecretCredentialPath: /garage/home-infra/postgres-backups
-      #   isWALArchiver: false
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 0 7 * * *"
        backupName: garage-local
-      # - name: weekly-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 4 * * SAT"
-      #   backupName: garage-remote
-      # - name: daily-backup
-      #   suspend: true
-      #   immediate: true
-      #   schedule: "0 0 0 * * *"
-      #   backupName: external
 valkey-gitea:
  valkey:
    resources:
      requests:
        cpu: 20m
-        memory: 256Mi
+        memory: 2Gi
    dataStorage:
      requestedSize: 10Gi
    replica: