convert to dev domain

2024-06-02 15:28:22 -05:00
parent 038543de2b
commit c5f609454f
3 changed files with 41 additions and 23 deletions
--- a/clusters/cl01tl/platform/gitea/Chart.yaml
+++ b/clusters/cl01tl/platform/gitea/Chart.yaml
@@ -4,13 +4,18 @@ version: 1.0.0
 sources:
  - https://github.com/go-gitea/gitea
  - https://gitea.com/gitea/helm-chart
+  - https://github.com/cloudflare/cloudflared
  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
 dependencies:
  - name: gitea
    version: 10.1.4
    repository: https://dl.gitea.io/charts/
+  - name: cloudflared
+    alias: cloudflared
+    repository: http://alexlebens.github.io/helm-charts
+    version: 1.2.0
  - name: postgres-cluster
    alias: postgres-16-cluster
    version: 3.1.0
-    repository: http://alexlebens.github.io/helm-charts       
+    repository: http://alexlebens.github.io/helm-charts
 appVersion: "1.21.7"
--- a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml
+++ b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml
@@ -4,7 +4,7 @@ metadata:
  name: gitea-admin-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: gitea-admin-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
@@ -18,14 +18,14 @@ spec:
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /gitea/auth/admin
+        key: /cl01tl/gitea/auth/admin
        metadataPolicy: None
-        property: username  
+        property: username
    - secretKey: password
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /gitea/auth/admin
+        key: /cl01tl/gitea/auth/admin
        metadataPolicy: None
        property: password

@@ -36,7 +36,7 @@ metadata:
  name: gitea-oidc-secret
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: gitea-oidc-secret
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: web
@@ -61,6 +61,31 @@ spec:
        metadataPolicy: None
        property: client

+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: gitea-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: gitea-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/gitea
+        metadataPolicy: None
+        property: token
+
 ---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
--- a/clusters/cl01tl/platform/gitea/values.yaml
+++ b/clusters/cl01tl/platform/gitea/values.yaml
@@ -1,20 +1,6 @@
 gitea:
  ingress:
-    enabled: true
-    className: traefik
-    annotations:
-      traefik.ingress.kubernetes.io/router.entrypoints: websecure
-      traefik.ingress.kubernetes.io/router.tls: "true"
-      cert-manager.io/cluster-issuer: letsencrypt-issuer
-    hosts:
-      - host: gitea.alexlebens.net
-        paths:
-          - path: /
-            pathType: Prefix
-    tls:
-      - secretName: gitea-secret-tls
-        hosts:
-          - gitea.alexlebens.net
+    enabled: false
  gitea:
    admin:
      existingSecret: gitea-admin-secret
@@ -25,7 +11,7 @@ gitea:
    config:
      server:
        LANDING_PAGE: explore
-        ROOT_URL: https://gitea.alexlebens.net
+        ROOT_URL: https://gitea.alexlebens.dev
        ENABLE_PPROF: true
      webhook:
        ALLOWED_HOST_LIST: private
@@ -63,7 +49,7 @@ gitea:
      - name: Authentik
        provider: openidConnect
        existingSecret: gitea-oidc-secret
-        autoDiscoverUrl: "https://authentik.alexlebens.net/application/o/gitea/.well-known/openid-configuration"
+        autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
        iconUrl: https://goauthentik.io/img/icon.png
        scopes: "email profile"
  persistence:
@@ -76,6 +62,8 @@ gitea:
    enabled: true
    persistence:
      enabled: false
+cloudflared:
+  existingSecretName: gitea-cloudflared-secret      
 postgres-16-cluster:
  mode: standalone
  cluster: