diff --git a/clusters/cl01tl/applications/homepage/values.yaml b/clusters/cl01tl/applications/homepage/values.yaml index 1da0ec8de..6bef50d44 100644 --- a/clusters/cl01tl/applications/homepage/values.yaml +++ b/clusters/cl01tl/applications/homepage/values.yaml @@ -416,6 +416,12 @@ homepage: href: https://vault.alexlebens.net siteMonitor: http://vault.vault:8200 statusStyle: dot + - Object Storage (Outline): + icon: sh-minio.svg + description: Minio Tenant + href: https://minio-gitea.alexlebens.net + siteMonitor: http://minio-gitea-console.gitea:9090 + statusStyle: dot - Object Storage (Outline): icon: sh-minio.svg description: Minio Tenant diff --git a/clusters/cl01tl/platform/gitea/Chart.yaml b/clusters/cl01tl/platform/gitea/Chart.yaml index 1ec768fa4..55ca48eb8 100644 --- a/clusters/cl01tl/platform/gitea/Chart.yaml +++ b/clusters/cl01tl/platform/gitea/Chart.yaml @@ -25,6 +25,13 @@ dependencies: alias: backup repository: https://bjw-s.github.io/helm-charts/ version: 3.7.2 + - name: tenant + alias: minio + version: 7.0.0 + repository: https://operator.min.io/ + - name: meilisearch + version: 0.12.0 + repository: https://meilisearch.github.io/meilisearch-kubernetes - name: valkey version: 2.4.4 repository: https://charts.bitnami.com/bitnami diff --git a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml index a4a36064d..616eb8551 100644 --- a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml @@ -61,31 +61,6 @@ spec: metadataPolicy: None property: client ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitea-cloudflared-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-cloudflared-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: cf-tunnel-token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cloudflare/tunnels/gitea - metadataPolicy: None - property: token - --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret @@ -150,6 +125,138 @@ spec: metadataPolicy: None property: s3cfg +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gitea-minio-user-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-minio-user-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/minio/auth + metadataPolicy: None + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/minio/auth + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gitea-minio-root-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-minio-root-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.env + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/minio/config + metadataPolicy: None + property: root-config.env + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gitea-minio-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-minio-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.env + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/minio/config + metadataPolicy: None + property: config.env + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gitea-meilisearch-master-key-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-meilisearch-master-key-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: meilisearch + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: MEILI_MASTER_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/meilisearch + metadataPolicy: None + property: MEILI_MASTER_KEY + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gitea-cloudflared-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-cloudflared-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/gitea + metadataPolicy: None + property: token + --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret diff --git a/clusters/cl01tl/platform/gitea/templates/http-route.yaml b/clusters/cl01tl/platform/gitea/templates/http-route.yaml index 6d5ace299..39a1f5f62 100644 --- a/clusters/cl01tl/platform/gitea/templates/http-route.yaml +++ b/clusters/cl01tl/platform/gitea/templates/http-route.yaml @@ -28,3 +28,35 @@ spec: name: gitea-http port: 3000 weight: 100 + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-route-gitea-minio + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: http-route-gitea-minio + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - minio-gitea.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: minio-gitea-console + port: 9090 + weight: 100 diff --git a/clusters/cl01tl/platform/gitea/values.yaml b/clusters/cl01tl/platform/gitea/values.yaml index b849f07d8..746d95706 100644 --- a/clusters/cl01tl/platform/gitea/values.yaml +++ b/clusters/cl01tl/platform/gitea/values.yaml @@ -69,6 +69,11 @@ gitea: session: PROVIDER: redis PROVIDER_CONFIG: redis://gitea-valkey-primary.gitea:6379 + indexer: + ISSUE_INDEXER_CONN_STR: http://gitea-meilisearch.gitea:7700 + ISSUE_INDEXER_ENABLED: true + ISSUE_INDEXER_TYPE: meilisearch + REPO_INDEXER_ENABLED: false service: REGISTER_MANUAL_CONFIRM: true SHOW_REGISTRATION_BUTTON: false @@ -221,6 +226,49 @@ backup: readOnly: true mountPropagation: None subPath: .s3cfg +minio: + existingSecret: + name: gitea-minio-root-secret + tenant: + name: minio-gitea + configuration: + name: gitea-minio-config-secret + pools: + - servers: 3 + name: pool + volumesPerServer: 2 + size: 10Gi + storageClassName: ceph-block + mountPath: /export + subPath: /data + metrics: + enabled: true + port: 9000 + protocol: http + certificate: + requestAutoCert: false + ingress: + console: + enabled: false +meilisearch: + environment: + MEILI_NO_ANALYTICS: true + MEILI_ENV: production + auth: + existingMasterKeySecret: gitea-meilisearch-master-key-secret + service: + type: ClusterIP + port: 7700 + persistence: + enabled: true + storageClass: ceph-block + size: 5Gi + resources: + requests: + cpu: 10m + memory: 128Mi + serviceMonitor: + enabled: true valkey: architecture: replication auth: