diff --git a/clusters/cl01tl/manifests/gitea/-.yaml b/clusters/cl01tl/manifests/gitea/-.yaml new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/clusters/cl01tl/manifests/gitea/-.yaml @@ -0,0 +1 @@ + diff --git a/clusters/cl01tl/manifests/gitea/Cluster-gitea-postgresql-18-cluster.yaml b/clusters/cl01tl/manifests/gitea/Cluster-gitea-postgresql-18-cluster.yaml deleted file mode 100644 index e03ba64fe..000000000 --- a/clusters/cl01tl/manifests/gitea/Cluster-gitea-postgresql-18-cluster.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: gitea-postgresql-18-cluster - namespace: gitea - labels: - app.kubernetes.io/name: gitea-postgresql-18-cluster - helm.sh/chart: postgres-18-cluster-7.12.1 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "7.12.1" - app.kubernetes.io/managed-by: Helm -spec: - instances: 3 - imageName: "ghcr.io/cloudnative-pg/postgresql:18.3-standard-trixie" - imagePullPolicy: IfNotPresent - postgresUID: 26 - postgresGID: 26 - storage: - size: 10Gi - storageClass: local-path - walStorage: - size: 2Gi - storageClass: local-path - resources: - limits: - hugepages-2Mi: 256Mi - requests: - cpu: 100m - memory: 80Mi - affinity: - enablePodAntiAffinity: true - topologyKey: kubernetes.io/hostname - primaryUpdateMethod: switchover - primaryUpdateStrategy: unsupervised - logLevel: info - enableSuperuserAccess: false - enablePDB: true - postgresql: - parameters: - hot_standby_feedback: "on" - max_slot_wal_keep_size: 2000MB - shared_buffers: 128MB - monitoring: - enablePodMonitor: true - disableDefaultQueries: false - plugins: - - name: barman-cloud.cloudnative-pg.io - enabled: true - isWALArchiver: true - parameters: - barmanObjectName: "gitea-postgresql-18-backup-garage-local" - serverName: "gitea-postgresql-18-backup-1" - bootstrap: - recovery: - database: app - source: gitea-postgresql-18-backup-1 - externalClusters: - - name: gitea-postgresql-18-backup-1 - plugin: - name: barman-cloud.cloudnative-pg.io - enabled: true - isWALArchiver: false - parameters: - barmanObjectName: "gitea-postgresql-18-recovery" - serverName: gitea-postgresql-18-backup-1 diff --git a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-custom-templates.yaml b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-custom-templates.yaml deleted file mode 100644 index 21f432e64..000000000 --- a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-custom-templates.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-custom-templates - namespace: gitea - labels: - app.kubernetes.io/name: gitea-custom-templates - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -data: - header.tmpl: | - diff --git a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-gitea-actions-act-runner-config.yaml b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-gitea-actions-act-runner-config.yaml deleted file mode 100644 index 697c5616a..000000000 --- a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-gitea-actions-act-runner-config.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-gitea-actions-act-runner-config - namespace: gitea - labels: - helm.sh/chart: gitea-actions-0.1.0 - app: gitea-actions - app.kubernetes.io/name: gitea-actions - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "0.261.3" - version: "0.261.3" - app.kubernetes.io/managed-by: Helm -data: - config.yaml: | - log: - level: debug - cache: - enabled: true - runner: - labels: - - "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - - "ubuntu-latest-slim:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04-slim" - - "ubuntu-js:docker://harbor.alexlebens.net/proxy-ghcr.io/catthehacker/ubuntu:js-24.04" diff --git a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-meilisearch-environment.yaml b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-meilisearch-environment.yaml deleted file mode 100644 index 8a45fd119..000000000 --- a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-meilisearch-environment.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-meilisearch-environment - labels: - helm.sh/chart: meilisearch-0.32.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "v1.42.1" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -data: - MEILI_ENV: "production" - MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: "true" - MEILI_NO_ANALYTICS: "true" - MEILI_EXPERIMENTAL_ENABLE_METRICS: "true" diff --git a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-init-scripts.yaml b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-init-scripts.yaml deleted file mode 100644 index fe255e968..000000000 --- a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-init-scripts.yaml +++ /dev/null @@ -1,87 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-valkey-init-scripts - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm -data: - init.sh: |- - #!/bin/sh - set -eu - - # Default config paths - VALKEY_CONFIG=${VALKEY_CONFIG_PATH:-/data/conf/valkey.conf} - - LOGFILE="/data/init.log" - DATA_DIR="/data/conf" - - # Logging function (outputs to stderr and file) - log() { - echo "$(date) $1" | tee -a "$LOGFILE" >&2 - } - - # Clean old log if requested - if [ "${KEEP_OLD_LOGS:-false}" != "true" ]; then - rm -f "$LOGFILE" - fi - - if [ -f "$LOGFILE" ]; then - log "Detected restart of this instance ($HOSTNAME)" - fi - - log "Creating configuration in $DATA_DIR..." - mkdir -p "$DATA_DIR" - rm -f "$VALKEY_CONFIG" - - - # Base valkey.conf - log "Generating base valkey.conf" - { - echo "port 6379" - echo "protected-mode no" - echo "bind * -::*" - echo "dir /data" - } >>"$VALKEY_CONFIG" - # Replica mode configuration - log "Configuring replication mode" - - # Use POD_INDEX from Kubernetes metadata - POD_INDEX=${POD_INDEX:-0} - IS_MASTER=false - - # Check if this is pod-0 (master) - if [ "$POD_INDEX" = "0" ]; then - IS_MASTER=true - log "This pod (index $POD_INDEX) is configured as MASTER" - else - log "This pod (index $POD_INDEX) is configured as REPLICA" - fi - - # Configure replica settings - if [ "$IS_MASTER" = "false" ]; then - MASTER_HOST="gitea-valkey-0.gitea-valkey-headless.gitea.svc.cluster.local" - MASTER_PORT="6379" - - log "Configuring replica to follow master at $MASTER_HOST:$MASTER_PORT" - - { - echo "" - echo "# Replica Configuration" - echo "replicaof $MASTER_HOST $MASTER_PORT" - echo "replica-announce-ip gitea-valkey-$POD_INDEX.gitea-valkey-headless.gitea.svc.cluster.local" - } >>"$VALKEY_CONFIG" - fi - - # Append extra configs if present - if [ -f /usr/local/etc/valkey/valkey.conf ]; then - log "Appending /usr/local/etc/valkey/valkey.conf" - cat /usr/local/etc/valkey/valkey.conf >>"$VALKEY_CONFIG" - fi - if [ -d /extravalkeyconfigs ]; then - log "Appending files in /extravalkeyconfigs/" - cat /extravalkeyconfigs/* >>"$VALKEY_CONFIG" - fi diff --git a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-renovate-init-scripts.yaml b/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-renovate-init-scripts.yaml deleted file mode 100644 index eadf01864..000000000 --- a/clusters/cl01tl/manifests/gitea/ConfigMap-gitea-valkey-renovate-init-scripts.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-valkey-renovate-init-scripts - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm -data: - init.sh: |- - #!/bin/sh - set -eu - - # Default config paths - VALKEY_CONFIG=${VALKEY_CONFIG_PATH:-/data/conf/valkey.conf} - - LOGFILE="/data/init.log" - DATA_DIR="/data/conf" - - # Logging function (outputs to stderr and file) - log() { - echo "$(date) $1" | tee -a "$LOGFILE" >&2 - } - - # Clean old log if requested - if [ "${KEEP_OLD_LOGS:-false}" != "true" ]; then - rm -f "$LOGFILE" - fi - - if [ -f "$LOGFILE" ]; then - log "Detected restart of this instance ($HOSTNAME)" - fi - - log "Creating configuration in $DATA_DIR..." - mkdir -p "$DATA_DIR" - rm -f "$VALKEY_CONFIG" - - - # Base valkey.conf - log "Generating base valkey.conf" - { - echo "port 6379" - echo "protected-mode no" - echo "bind * -::*" - echo "dir /data" - } >>"$VALKEY_CONFIG" - - # Append extra configs if present - if [ -f /usr/local/etc/valkey/valkey.conf ]; then - log "Appending /usr/local/etc/valkey/valkey.conf" - cat /usr/local/etc/valkey/valkey.conf >>"$VALKEY_CONFIG" - fi - if [ -d /extravalkeyconfigs ]; then - log "Appending files in /extravalkeyconfigs/" - cat /extravalkeyconfigs/* >>"$VALKEY_CONFIG" - fi diff --git a/clusters/cl01tl/manifests/gitea/Deployment-gitea-cloudflared.yaml b/clusters/cl01tl/manifests/gitea/Deployment-gitea-cloudflared.yaml deleted file mode 100644 index cd188711c..000000000 --- a/clusters/cl01tl/manifests/gitea/Deployment-gitea-cloudflared.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea-cloudflared - labels: - app.kubernetes.io/controller: main - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cloudflared - app.kubernetes.io/version: 2026.5.0 - helm.sh/chart: cloudflared-3.3.1 - namespace: gitea -spec: - revisionHistoryLimit: 3 - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/controller: main - app.kubernetes.io/name: cloudflared - app.kubernetes.io/instance: gitea - template: - metadata: - labels: - app.kubernetes.io/controller: main - app.kubernetes.io/instance: gitea - app.kubernetes.io/name: cloudflared - spec: - enableServiceLinks: false - serviceAccountName: gitea-cloudflared - automountServiceAccountToken: false - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - containers: - - args: - - tunnel - - --protocol - - auto - - --no-autoupdate - - --metrics - - 0.0.0.0:20241 - - run - - --token - - $(CF_MANAGED_TUNNEL_TOKEN) - env: - - name: CF_MANAGED_TUNNEL_TOKEN - valueFrom: - secretKeyRef: - key: cf-tunnel-token - name: gitea-cloudflared-secret - image: cloudflare/cloudflared:2026.5.0@sha256:59bab8d3aceec09bf6bdb07d6beca0225ca5cd7ab79436a87ea97978fe1dc4f9 - imagePullPolicy: IfNotPresent - name: main - resources: - requests: - cpu: 100m - memory: 30Mi diff --git a/clusters/cl01tl/manifests/gitea/Deployment-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/Deployment-gitea-valkey-renovate.yaml deleted file mode 100644 index f59398329..000000000 --- a/clusters/cl01tl/manifests/gitea/Deployment-gitea-valkey-renovate.yaml +++ /dev/null @@ -1,117 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea-valkey-renovate - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - template: - metadata: - labels: - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - annotations: - checksum/initconfig: ec5d1c08a6657961bb2582aeddf9f127 - spec: - automountServiceAccountToken: false - serviceAccountName: gitea-valkey-renovate - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - initContainers: - - name: gitea-valkey-renovate-init - image: docker.io/valkey/valkey:9.0.4@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193 - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - command: ["/scripts/init.sh"] - volumeMounts: - - name: valkey-data - mountPath: /data - - name: scripts - mountPath: /scripts - containers: - - name: gitea-valkey-renovate - image: docker.io/valkey/valkey:9.0.4@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193 - imagePullPolicy: IfNotPresent - command: ["valkey-server"] - args: ["/data/conf/valkey.conf"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - env: - - name: VALKEY_LOGLEVEL - value: "notice" - ports: - - name: tcp - containerPort: 6379 - protocol: TCP - startupProbe: - exec: - command: ["sh", "-c", "valkey-cli ping"] - livenessProbe: - exec: - command: ["sh", "-c", "valkey-cli ping"] - resources: - requests: - cpu: 10m - memory: 20Mi - volumeMounts: - - name: valkey-data - mountPath: /data - - name: metrics - image: ghcr.io/oliver006/redis_exporter:v1.83.0@sha256:e8c209894d4c0cc55b1259ddd47e0b769ad1ff864b356736ee885462a3b0e48c - imagePullPolicy: "IfNotPresent" - ports: - - name: metrics - containerPort: 9121 - startupProbe: - tcpSocket: - port: metrics - livenessProbe: - tcpSocket: - port: metrics - readinessProbe: - httpGet: - path: / - port: metrics - resources: - requests: - cpu: 1m - memory: 10M - env: - - name: REDIS_ALIAS - value: gitea-valkey-renovate - volumes: - - name: scripts - configMap: - name: gitea-valkey-renovate-init-scripts - defaultMode: 0555 - - name: valkey-data - persistentVolumeClaim: - claimName: gitea-valkey-renovate diff --git a/clusters/cl01tl/manifests/gitea/Deployment-gitea.yaml b/clusters/cl01tl/manifests/gitea/Deployment-gitea.yaml deleted file mode 100644 index 91fba25c9..000000000 --- a/clusters/cl01tl/manifests/gitea/Deployment-gitea.yaml +++ /dev/null @@ -1,264 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea - namespace: gitea - annotations: - labels: - helm.sh/chart: gitea-12.6.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.26.1" - version: "1.26.1" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 3 - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - maxSurge: 100% - selector: - matchLabels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - template: - metadata: - annotations: - checksum/config: 1d046b0cafb712fb3e5553c0b3a474ca01065ef84c46850716aa5ad9f38cef92 - checksum/oauth_0: 03073bf48e66f48f622bd02092a5f93bfd06dbcb5fd833aded3b0d40980be93d - labels: - helm.sh/chart: gitea-12.6.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.26.1" - version: "1.26.1" - app.kubernetes.io/managed-by: Helm - spec: - securityContext: - fsGroup: 1000 - initContainers: - - name: init-directories - image: "registry.hub.docker.com/gitea/gitea:1.26.1-rootless" - imagePullPolicy: IfNotPresent - command: - - "/usr/sbinx/init_directory_structure.sh" - env: - - name: GITEA_APP_INI - value: /data/gitea/conf/app.ini - - name: GITEA_CUSTOM - value: /data/gitea - - name: GITEA_WORK_DIR - value: /data - - name: GITEA_TEMP - value: /tmp/gitea - volumeMounts: - - name: init - mountPath: /usr/sbinx - - name: temp - mountPath: /tmp - - name: data - mountPath: /data - - mountPath: /data/gitea/public/assets/css - name: gitea-themes-storage - readOnly: false - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - - name: init-app-ini - image: "registry.hub.docker.com/gitea/gitea:1.26.1-rootless" - imagePullPolicy: IfNotPresent - command: - - "/usr/sbinx/config_environment.sh" - env: - - name: GITEA_APP_INI - value: /data/gitea/conf/app.ini - - name: GITEA_CUSTOM - value: /data/gitea - - name: GITEA_WORK_DIR - value: /data - - name: GITEA_TEMP - value: /tmp/gitea - - name: TMP_EXISTING_ENVS_FILE - value: /tmp/existing-envs - - name: ENV_TO_INI_MOUNT_POINT - value: /env-to-ini-mounts - - name: GITEA__DATABASE__HOST - valueFrom: - secretKeyRef: - key: host - name: gitea-postgresql-18-cluster-app - - name: GITEA__DATABASE__NAME - valueFrom: - secretKeyRef: - key: dbname - name: gitea-postgresql-18-cluster-app - - name: GITEA__DATABASE__USER - valueFrom: - secretKeyRef: - key: user - name: gitea-postgresql-18-cluster-app - - name: GITEA__DATABASE__PASSWD - valueFrom: - secretKeyRef: - key: password - name: gitea-postgresql-18-cluster-app - - name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR - valueFrom: - secretKeyRef: - key: ISSUE_INDEXER_CONN_STR - name: gitea-meilisearch-key - volumeMounts: - - name: config - mountPath: /usr/sbinx - - name: temp - mountPath: /tmp - - name: data - mountPath: /data - - name: inline-config-sources - mountPath: /env-to-ini-mounts/inlines/ - - mountPath: /data/gitea/public/assets/css - name: gitea-themes-storage - readOnly: false - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - - name: configure-gitea - image: "registry.hub.docker.com/gitea/gitea:1.26.1-rootless" - command: - - "/usr/sbinx/configure_gitea.sh" - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 1000 - env: - - name: GITEA_APP_INI - value: /data/gitea/conf/app.ini - - name: GITEA_CUSTOM - value: /data/gitea - - name: GITEA_WORK_DIR - value: /data - - name: GITEA_TEMP - value: /tmp/gitea - - name: HOME - value: /data/gitea/git - - name: GITEA_OAUTH_KEY_0 - valueFrom: - secretKeyRef: - key: key - name: gitea-oidc-authentik - - name: GITEA_OAUTH_SECRET_0 - valueFrom: - secretKeyRef: - key: secret - name: gitea-oidc-authentik - - name: GITEA_ADMIN_USERNAME - value: "gitea_admin" - - name: GITEA_ADMIN_PASSWORD - value: "r8sA8CPHD9!bt6d" - - name: GITEA_ADMIN_PASSWORD_MODE - value: keepUpdated - volumeMounts: - - name: init - mountPath: /usr/sbinx - - name: temp - mountPath: /tmp - - name: data - mountPath: /data - - mountPath: /data/gitea/public/assets/css - name: gitea-themes-storage - readOnly: false - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - terminationGracePeriodSeconds: 60 - containers: - - name: gitea - image: "registry.hub.docker.com/gitea/gitea:1.26.1-rootless" - imagePullPolicy: IfNotPresent - env: - - name: SSH_LISTEN_PORT - value: "22" - - name: SSH_PORT - value: "22" - - name: GITEA_APP_INI - value: /data/gitea/conf/app.ini - - name: GITEA_CUSTOM - value: /data/gitea - - name: GITEA_WORK_DIR - value: /data - - name: GITEA_TEMP - value: /tmp/gitea - - name: TMPDIR - value: /tmp/gitea - - name: HOME - value: /data/gitea/git - ports: - - name: ssh - containerPort: 22 - - name: http - containerPort: 3000 - - name: profiler - containerPort: 6060 - livenessProbe: - failureThreshold: 10 - initialDelaySeconds: 200 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: http - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: http - timeoutSeconds: 1 - resources: - requests: - cpu: 1000m - memory: 600Mi - volumeMounts: - - name: temp - mountPath: /tmp - - name: data - mountPath: /data - - mountPath: /data/gitea/public/assets/css - name: gitea-themes-storage - readOnly: true - - mountPath: /data/gitea/templates/custom/header.tmpl - name: gitea-custom-templates - readOnly: true - subPath: header.tmpl - volumes: - - name: init - secret: - secretName: gitea-init - defaultMode: 110 - - name: config - secret: - secretName: gitea - defaultMode: 110 - - name: gitea-themes-storage - persistentVolumeClaim: - claimName: gitea-themes-storage - - configMap: - name: gitea-custom-templates - name: gitea-custom-templates - - name: inline-config-sources - secret: - secretName: gitea-inline-config - - name: temp - emptyDir: {} - - name: data - persistentVolumeClaim: - claimName: gitea-shared-storage diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-cloudflared-secret.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-cloudflared-secret.yaml deleted file mode 100644 index f8ed93674..000000000 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-cloudflared-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-cloudflared-secret - namespace: gitea - labels: - helm.sh/chart: cloudflared-3.3.1 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "3.3.1" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: gitea-cloudflared-secret -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: cf-tunnel-token - remoteRef: - key: /cloudflare/tunnels/gitea - property: token diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-meilisearch-key.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-meilisearch-key.yaml deleted file mode 100644 index db81c34c7..000000000 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-meilisearch-key.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-meilisearch-key - namespace: gitea - labels: - app.kubernetes.io/name: gitea-meilisearch-key - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - ISSUE_INDEXER_CONN_STR: "http://:{{ .MEILI_MASTER_KEY }}@gitea-meilisearch.gitea:7700/" - data: - - secretKey: MEILI_MASTER_KEY - remoteRef: - key: /cl01tl/gitea/meilisearch - property: master-key diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-oidc-authentik.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-oidc-authentik.yaml deleted file mode 100644 index 69f2454c5..000000000 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-oidc-authentik.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-oidc-authentik - namespace: gitea - labels: - app.kubernetes.io/name: gitea-oidc-authentik - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: secret - remoteRef: - key: /cl01tl/authentik/oidc/gitea - property: secret - - secretKey: key - remoteRef: - key: /cl01tl/authentik/oidc/gitea - property: client diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-postgresql-18-backup-garage-local-secret.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-postgresql-18-backup-garage-local-secret.yaml deleted file mode 100644 index de6d7c4e0..000000000 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-postgresql-18-backup-garage-local-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-postgresql-18-backup-garage-local-secret - namespace: gitea - labels: - app.kubernetes.io/name: gitea-postgresql-18-backup-garage-local-secret - helm.sh/chart: postgres-18-cluster-7.12.1 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "7.12.1" - app.kubernetes.io/managed-by: Helm -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_REGION - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-postgresql-18-recovery-secret.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-postgresql-18-recovery-secret.yaml deleted file mode 100644 index dbae75f31..000000000 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-postgresql-18-recovery-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-postgresql-18-recovery-secret - namespace: gitea - labels: - helm.sh/chart: postgres-18-cluster-7.12.1 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "7.12.1" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: gitea-postgresql-18-recovery-secret -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_REGION - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-runner-secret.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-runner-secret.yaml deleted file mode 100644 index bc71e8d92..000000000 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-runner-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-runner-secret - namespace: gitea - labels: - app.kubernetes.io/name: gitea-runner-secret - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - data: - - secretKey: token - remoteRef: - key: /cl01tl/gitea/runner - property: token diff --git a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-shared-storage-backup-secret-local.yaml b/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-shared-storage-backup-secret-local.yaml deleted file mode 100644 index 285535c16..000000000 --- a/clusters/cl01tl/manifests/gitea/ExternalSecret-gitea-shared-storage-backup-secret-local.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-shared-storage-backup-secret-local - namespace: gitea - labels: - helm.sh/chart: volsync-target-storage-2.0.0 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "2.0.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: gitea-shared-storage-backup-secret-local -spec: - secretStoreRef: - kind: ClusterSecretStore - name: openbao - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "s3:{{ .ENDPOINT }}/{{ .BUCKET }}/cl01tl/gitea/gitea-shared-storage" - data: - - secretKey: ENDPOINT - remoteRef: - key: /garage/config - property: ENDPOINT_LOCAL - - secretKey: BUCKET - remoteRef: - key: /garage/home-infra/volsync-backups - property: BUCKET - - secretKey: RESTIC_PASSWORD - remoteRef: - key: /garage/home-infra/volsync-backups - property: RESTIC_PASSWORD_LOCAL - - secretKey: AWS_DEFAULT_REGION - remoteRef: - key: /garage/home-infra/volsync-backups - property: ACCESS_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - key: /garage/home-infra/volsync-backups - property: ACCESS_KEY_ID - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - key: /garage/home-infra/volsync-backups - property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/gitea/HTTPRoute-gitea.yaml b/clusters/cl01tl/manifests/gitea/HTTPRoute-gitea.yaml deleted file mode 100644 index f1e5178ef..000000000 --- a/clusters/cl01tl/manifests/gitea/HTTPRoute-gitea.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: gitea - namespace: gitea - labels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - gitea.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - kind: Service - name: gitea-http - port: 3000 diff --git a/clusters/cl01tl/manifests/gitea/Ingress-gitea-tailscale.yaml b/clusters/cl01tl/manifests/gitea/Ingress-gitea-tailscale.yaml deleted file mode 100644 index 2f7521ab4..000000000 --- a/clusters/cl01tl/manifests/gitea/Ingress-gitea-tailscale.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: gitea-tailscale - namespace: gitea - labels: - app.kubernetes.io/name: gitea-tailscale - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - tailscale.com/proxy-class: no-metrics - annotations: - tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -spec: - ingressClassName: tailscale - tls: - - hosts: - - gitea-cl01tl - secretName: gitea-cl01tl - rules: - - host: gitea-cl01tl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: gitea-http - port: - name: http diff --git a/clusters/cl01tl/manifests/gitea/Namespace-gitea.yaml b/clusters/cl01tl/manifests/gitea/Namespace-gitea.yaml deleted file mode 100644 index 426528c99..000000000 --- a/clusters/cl01tl/manifests/gitea/Namespace-gitea.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: gitea - labels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/gitea/ObjectStore-gitea-postgresql-18-backup-garage-local.yaml b/clusters/cl01tl/manifests/gitea/ObjectStore-gitea-postgresql-18-backup-garage-local.yaml deleted file mode 100644 index 550e6968e..000000000 --- a/clusters/cl01tl/manifests/gitea/ObjectStore-gitea-postgresql-18-backup-garage-local.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: barmancloud.cnpg.io/v1 -kind: ObjectStore -metadata: - name: gitea-postgresql-18-backup-garage-local - namespace: gitea - labels: - app.kubernetes.io/name: gitea-postgresql-18-backup-garage-local - helm.sh/chart: postgres-18-cluster-7.12.1 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "7.12.1" - app.kubernetes.io/managed-by: Helm -spec: - retentionPolicy: 7d - instanceSidecarConfiguration: - env: - - name: AWS_REQUEST_CHECKSUM_CALCULATION - value: when_required - - name: AWS_RESPONSE_CHECKSUM_VALIDATION - value: when_required - configuration: - destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 - s3Credentials: - accessKeyId: - name: gitea-postgresql-18-backup-garage-local-secret - key: ACCESS_KEY_ID - secretAccessKey: - name: gitea-postgresql-18-backup-garage-local-secret - key: ACCESS_SECRET_KEY - region: - name: gitea-postgresql-18-backup-garage-local-secret - key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/gitea/ObjectStore-gitea-postgresql-18-recovery.yaml b/clusters/cl01tl/manifests/gitea/ObjectStore-gitea-postgresql-18-recovery.yaml deleted file mode 100644 index ea96e1f13..000000000 --- a/clusters/cl01tl/manifests/gitea/ObjectStore-gitea-postgresql-18-recovery.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: barmancloud.cnpg.io/v1 -kind: ObjectStore -metadata: - name: "gitea-postgresql-18-recovery" - namespace: gitea - labels: - helm.sh/chart: postgres-18-cluster-7.12.1 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "7.12.1" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: "gitea-postgresql-18-recovery" -spec: - configuration: - destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster - endpointURL: http://garage-main.garage:3900 - wal: - compression: snappy - maxParallel: 1 - data: - compression: snappy - jobs: 1 - s3Credentials: - accessKeyId: - name: gitea-postgresql-18-recovery-secret - key: ACCESS_KEY_ID - secretAccessKey: - name: gitea-postgresql-18-recovery-secret - key: ACCESS_SECRET_KEY - region: - name: gitea-postgresql-18-recovery-secret - key: ACCESS_REGION diff --git a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-meilisearch.yaml b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-meilisearch.yaml deleted file mode 100644 index 1b03ad5a1..000000000 --- a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-meilisearch.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: gitea-meilisearch - labels: - helm.sh/chart: meilisearch-0.32.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "v1.42.1" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "5Gi" - storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-shared-storage.yaml b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-shared-storage.yaml deleted file mode 100644 index 25d9a34d7..000000000 --- a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-shared-storage.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: gitea-shared-storage - namespace: gitea - annotations: - helm.sh/resource-policy: keep - labels: {} -spec: - accessModes: - - ReadWriteMany - volumeMode: Filesystem - storageClassName: "ceph-filesystem" - resources: - requests: - storage: 40Gi diff --git a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-themes-storage.yaml b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-themes-storage.yaml deleted file mode 100644 index 0e74321f0..000000000 --- a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-themes-storage.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: gitea-themes-storage - namespace: gitea - labels: - app.kubernetes.io/name: gitea-themes-storage - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - volumeMode: Filesystem - storageClassName: ceph-filesystem - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-valkey-renovate.yaml deleted file mode 100644 index 59b4d6de4..000000000 --- a/clusters/cl01tl/manifests/gitea/PersistentVolumeClaim-gitea-valkey-renovate.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: gitea-valkey-renovate - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 1Gi - storageClassName: ceph-block diff --git a/clusters/cl01tl/manifests/gitea/Pod-gitea-meilisearch-test-connection.yaml b/clusters/cl01tl/manifests/gitea/Pod-gitea-meilisearch-test-connection.yaml deleted file mode 100644 index 366f10a6f..000000000 --- a/clusters/cl01tl/manifests/gitea/Pod-gitea-meilisearch-test-connection.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: gitea-meilisearch-test-connection - labels: - app.kubernetes.io/name: meilisearch - helm.sh/chart: meilisearch-0.32.0 - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['--spider', '--timeout=5', 'gitea-meilisearch:7700'] - restartPolicy: Never diff --git a/clusters/cl01tl/manifests/gitea/Pod-gitea-test-connection.yaml b/clusters/cl01tl/manifests/gitea/Pod-gitea-test-connection.yaml deleted file mode 100644 index 70c326d5c..000000000 --- a/clusters/cl01tl/manifests/gitea/Pod-gitea-test-connection.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "gitea-test-connection" - namespace: gitea - labels: - helm.sh/chart: gitea-12.6.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.26.1" - version: "1.26.1" - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: "busybox:latest" - command: ['wget'] - args: ['gitea-http:3000'] - restartPolicy: Never diff --git a/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey-renovate.yaml deleted file mode 100644 index 5c1b6438c..000000000 --- a/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey-renovate.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: gitea-valkey-renovate - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: valkey - app.kubernetes.io/component: podmonitor -spec: - podMetricsEndpoints: - - port: metrics - interval: 30s - namespaceSelector: - matchNames: - - gitea - selector: - matchLabels: - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey.yaml deleted file mode 100644 index 3d493a73e..000000000 --- a/clusters/cl01tl/manifests/gitea/PodMonitor-gitea-valkey.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: gitea-valkey - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: valkey - app.kubernetes.io/component: podmonitor -spec: - podMetricsEndpoints: - - port: metrics - interval: 30s - namespaceSelector: - matchNames: - - gitea - selector: - matchLabels: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-postgresql-18-alert-rules.yaml b/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-postgresql-18-alert-rules.yaml deleted file mode 100644 index 9ac64a76d..000000000 --- a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-postgresql-18-alert-rules.yaml +++ /dev/null @@ -1,270 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: gitea-postgresql-18-alert-rules - namespace: gitea - labels: - app.kubernetes.io/name: gitea-postgresql-18-alert-rules - helm.sh/chart: postgres-18-cluster-7.12.1 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "7.12.1" - app.kubernetes.io/managed-by: Helm -spec: - groups: - - name: cloudnative-pg/gitea-postgresql-18 - rules: - - alert: CNPGClusterBackendsWaitingWarning - annotations: - summary: CNPG Cluster a backend is waiting for longer than 5 minutes. - description: |- - Pod {{ $labels.pod }} - has been waiting for longer than 5 minutes - expr: | - cnpg_backends_waiting_total{namespace="gitea"} > 300 - for: 1m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterDatabaseDeadlockConflictsWarning - annotations: - summary: CNPG Cluster has over 10 deadlock conflicts. - description: |- - There are over 10 deadlock conflicts in - {{ $labels.pod }} - expr: | - cnpg_pg_stat_database_deadlocks{namespace="gitea"} > 10 - for: 1m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterHACritical - annotations: - summary: CNPG Cluster has no standby replicas! - description: |- - CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has no ready standby replicas. Your cluster at a severe - risk of data loss and downtime if the primary instance fails. - - The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint - will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main. - - This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less - instances. The replaced instance may need some time to catch-up with the cluster primary instance. - - This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this - case you may want to silence it. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md - expr: | - max by (job) (cnpg_pg_replication_streaming_replicas{namespace="gitea"} - cnpg_pg_replication_is_wal_receiver_up{namespace="gitea"}) < 1 - for: 5m - labels: - severity: critical - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterHAWarning - annotations: - summary: CNPG Cluster less than 2 standby replicas. - description: |- - CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has only {{`{{`}} $value {{`}}`}} standby replicas, putting - your cluster at risk if another instance fails. The cluster is still able to operate normally, although - the `-ro` and `-r` endpoints operate at reduced capacity. - - This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may - need some time to catch-up with the cluster primary instance. - - This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances. - In this case you may want to silence it. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md - expr: | - max by (job) (cnpg_pg_replication_streaming_replicas{namespace="gitea"} - cnpg_pg_replication_is_wal_receiver_up{namespace="gitea"}) < 2 - for: 5m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterHighConnectionsCritical - annotations: - summary: CNPG Instance maximum number of connections critical! - description: |- - CloudNativePG Cluster "gitea/gitea-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of - the maximum number of connections. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md - expr: | - sum by (pod) (cnpg_backends_total{namespace="gitea", pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="gitea", pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 95 - for: 5m - labels: - severity: critical - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterHighConnectionsWarning - annotations: - summary: CNPG Instance is approaching the maximum number of connections. - description: |- - CloudNativePG Cluster "gitea/gitea-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of - the maximum number of connections. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md - expr: | - sum by (pod) (cnpg_backends_total{namespace="gitea", pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="gitea", pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 80 - for: 5m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterHighReplicationLag - annotations: - summary: CNPG Cluster high replication lag - description: |- - CloudNativePG Cluster "gitea/gitea-postgresql-18-cluster" is experiencing a high replication lag of - {{`{{`}} $value {{`}}`}}ms. - - High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md - expr: | - max(cnpg_pg_replication_lag{namespace="gitea",pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"}) * 1000 > 1000 - for: 5m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterInstancesOnSameNode - annotations: - summary: CNPG Cluster instances are located on the same node. - description: |- - CloudNativePG Cluster "gitea/gitea-postgresql-18-cluster" has {{`{{`}} $value {{`}}`}} - instances on the same node {{`{{`}} $labels.node {{`}}`}}. - - A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md - expr: | - count by (node) (kube_pod_info{namespace="gitea", pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"}) > 1 - for: 5m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterLongRunningTransactionWarning - annotations: - summary: CNPG Cluster query is taking longer than 5 minutes. - description: |- - CloudNativePG Cluster Pod {{ $labels.pod }} - is taking more than 5 minutes (300 seconds) for a query. - expr: |- - cnpg_backends_max_tx_duration_seconds{namespace="gitea"} > 300 - for: 1m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterLowDiskSpaceCritical - annotations: - summary: CNPG Instance is running out of disk space! - description: |- - CloudNativePG Cluster "gitea/gitea-postgresql-18-cluster" is running extremely low on disk space. Check attached PVCs! - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md - expr: | - max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.9 OR - max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.9 OR - max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) - / - sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) - * - on(namespace, persistentvolumeclaim) group_left(volume) - kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"} - ) > 0.9 - for: 5m - labels: - severity: critical - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterLowDiskSpaceWarning - annotations: - summary: CNPG Instance is running out of disk space. - description: |- - CloudNativePG Cluster "gitea/gitea-postgresql-18-cluster" is running low on disk space. Check attached PVCs. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md - expr: | - max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.7 OR - max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.7 OR - max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) - / - sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"}) - * - on(namespace, persistentvolumeclaim) group_left(volume) - kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"} - ) > 0.7 - for: 5m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterOffline - annotations: - summary: CNPG Cluster has no running instances! - description: |- - CloudNativePG Cluster "gitea/gitea-postgresql-18-cluster" has no ready instances. - - Having an offline cluster means your applications will not be able to access the database, leading to - potential service disruption and/or data loss. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md - expr: | - (count(cnpg_collector_up{namespace="gitea",pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"}) OR on() vector(0)) == 0 - for: 5m - labels: - severity: critical - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterPGDatabaseXidAgeWarning - annotations: - summary: CNPG Cluster has a number of transactions from the frozen XID to the current one. - description: |- - Over 300,000,000 transactions from frozen xid - on pod {{ $labels.pod }} - expr: | - cnpg_pg_database_xid_age{namespace="gitea"} > 300000000 - for: 1m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterPGReplicationWarning - annotations: - summary: CNPG Cluster standby is lagging behind the primary. - description: |- - Standby is lagging behind by over 300 seconds (5 minutes) - expr: | - cnpg_pg_replication_lag{namespace="gitea"} > 300 - for: 1m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterReplicaFailingReplicationWarning - annotations: - summary: CNPG Cluster has a replica is failing to replicate. - description: |- - Replica {{ $labels.pod }} - is failing to replicate - expr: | - cnpg_pg_replication_in_recovery{namespace="gitea"} > cnpg_pg_replication_is_wal_receiver_up{namespace="gitea"} - for: 1m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster - - alert: CNPGClusterZoneSpreadWarning - annotations: - summary: CNPG Cluster instances in the same zone. - description: |- - CloudNativePG Cluster "gitea/gitea-postgresql-18-cluster" has instances in the same availability zone. - - A disaster in one availability zone will lead to a potential service disruption and/or data loss. - runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md - expr: | - 3 > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="gitea", pod=~"gitea-postgresql-18-cluster-([1-9][0-9]*)$"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3 - for: 5m - labels: - severity: warning - namespace: gitea - cnpg_cluster: gitea-postgresql-18-cluster diff --git a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-shared-storage-backup-source-local.yaml b/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-shared-storage-backup-source-local.yaml deleted file mode 100644 index ca6d18f84..000000000 --- a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-shared-storage-backup-source-local.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: gitea-shared-storage-backup-source-local - namespace: gitea - labels: - helm.sh/chart: volsync-target-storage-2.0.0 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "2.0.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: gitea-shared-storage-backup-source-local -spec: - groups: - - name: volsync.alerts - rules: - - alert: VolSyncBackupPodFailed - expr: | - (kube_pod_container_status_last_terminated_exitcode > 0) - * on(pod, namespace) group_left(owner_name) - kube_pod_owner{owner_kind="Job", owner_name=~"volsync-.*"} - for: 1m - labels: - severity: critical - annotations: - summary: "VolSync Backup Pod failed in {{ $labels.namespace }}" - description: | - A pod for the VolSync backup of PVC 'gitea-shared-storage' failed with exit code {{ $value }}. - Job: {{ $labels.owner_name }} - Namespace: {{ $labels.namespace }} diff --git a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey-renovate.yaml deleted file mode 100644 index 33f2f7d6b..000000000 --- a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey-renovate.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: gitea-valkey-renovate - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: valkey -spec: - groups: - - name: gitea-valkey-renovate - rules: - - alert: ValkeyDown - annotations: - description: Valkey instance {{ $labels.instance }} is down. - summary: Valkey instance {{ $labels.instance }} down - expr: | - redis_up{service="gitea-valkey-renovate-metrics"} == 0 - for: 2m - labels: - severity: error - - alert: ValkeyMemoryHigh - annotations: - description: | - Valkey instance {{ $labels.instance }} is using {{ $value }}% of its available memory. - summary: Valkey instance {{ $labels.instance }} is using too much memory - expr: | - redis_memory_used_bytes{service="gitea-valkey-renovate-metrics"} * 100 - / - redis_memory_max_bytes{service="gitea-valkey-renovate-metrics"} - > 90 <= 100 - for: 2m - labels: - severity: error - - alert: ValkeyKeyEviction - annotations: - description: | - Valkey instance {{ $labels.instance }} has evicted {{ $value }} keys in the last 5 minutes. - summary: Valkey instance {{ $labels.instance }} has evicted keys - expr: | - increase(redis_evicted_keys_total{service="gitea-valkey-renovate-metrics"}[5m]) > 0 - for: 1s - labels: - severity: error diff --git a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey.yaml deleted file mode 100644 index c61278a39..000000000 --- a/clusters/cl01tl/manifests/gitea/PrometheusRule-gitea-valkey.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: gitea-valkey - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: valkey -spec: - groups: - - name: gitea-valkey - rules: - - alert: ValkeyDown - annotations: - description: Valkey instance {{ $labels.instance }} is down. - summary: Valkey instance {{ $labels.instance }} down - expr: | - redis_up{service="gitea-valkey-metrics"} == 0 - for: 2m - labels: - severity: error - - alert: ValkeyMemoryHigh - annotations: - description: | - Valkey instance {{ $labels.instance }} is using {{ $value }}% of its available memory. - summary: Valkey instance {{ $labels.instance }} is using too much memory - expr: | - redis_memory_used_bytes{service="gitea-valkey-metrics"} * 100 - / - redis_memory_max_bytes{service="gitea-valkey-metrics"} - > 90 <= 100 - for: 2m - labels: - severity: error - - alert: ValkeyKeyEviction - annotations: - description: | - Valkey instance {{ $labels.instance }} has evicted {{ $value }} keys in the last 5 minutes. - summary: Valkey instance {{ $labels.instance }} has evicted keys - expr: | - increase(redis_evicted_keys_total{service="gitea-valkey-metrics"}[5m]) > 0 - for: 1s - labels: - severity: error diff --git a/clusters/cl01tl/manifests/gitea/PrometheusRule-meilisearch.yaml b/clusters/cl01tl/manifests/gitea/PrometheusRule-meilisearch.yaml deleted file mode 100644 index 22bdae5ac..000000000 --- a/clusters/cl01tl/manifests/gitea/PrometheusRule-meilisearch.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: meilisearch - namespace: gitea - labels: - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - groups: - - name: EmbeddedExporter - rules: - - alert: MeilisearchIndexIsEmpty - expr: meilisearch_index_docs_count == 0 - for: 0m - labels: - severity: warning - annotations: - summary: Meilisearch index is empty (instance {{ $labels.instance }}) - description: "Meilisearch index {{ $labels.index }} has zero documents\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" - - alert: MeilisearchHttpResponseTime - expr: meilisearch_http_response_time_seconds > 0.5 - for: 0m - labels: - severity: warning - annotations: - summary: Meilisearch http response time (instance {{ $labels.instance }}) - description: "Meilisearch http response time is too high\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" diff --git a/clusters/cl01tl/manifests/gitea/ReplicationSource-gitea-shared-storage-backup-source-local.yaml b/clusters/cl01tl/manifests/gitea/ReplicationSource-gitea-shared-storage-backup-source-local.yaml deleted file mode 100644 index 14084d0c8..000000000 --- a/clusters/cl01tl/manifests/gitea/ReplicationSource-gitea-shared-storage-backup-source-local.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: gitea-shared-storage-backup-source-local - namespace: gitea - labels: - helm.sh/chart: volsync-target-storage-2.0.0 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "2.0.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: gitea-shared-storage-backup-source-local -spec: - sourcePVC: gitea-shared-storage - trigger: - schedule: 0 0 7 * * * - restic: - pruneIntervalDays: 3 - repository: gitea-shared-storage-backup-secret-local - retain: - daily: 1 - hourly: 1 - monthly: 0 - weekly: 3 - yearly: 0 - moverSecurityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 1000 - runAsUser: 1000 - copyMethod: Snapshot - storageClassName: ceph-filesystem - volumeSnapshotClassName: ceph-filesystem-snapshot - cacheCapacity: 10Gi diff --git a/clusters/cl01tl/manifests/gitea/ScheduledBackup-gitea-postgresql-18-scheduled-backup-live-backup.yaml b/clusters/cl01tl/manifests/gitea/ScheduledBackup-gitea-postgresql-18-scheduled-backup-live-backup.yaml deleted file mode 100644 index b4c825433..000000000 --- a/clusters/cl01tl/manifests/gitea/ScheduledBackup-gitea-postgresql-18-scheduled-backup-live-backup.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: ScheduledBackup -metadata: - name: "gitea-postgresql-18-scheduled-backup-live-backup" - namespace: gitea - labels: - app.kubernetes.io/name: "gitea-postgresql-18-scheduled-backup-live-backup" - helm.sh/chart: postgres-18-cluster-7.12.1 - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea - app.kubernetes.io/version: "7.12.1" - app.kubernetes.io/managed-by: Helm -spec: - immediate: true - suspend: false - schedule: "0 0 7 * * *" - backupOwnerReference: self - cluster: - name: gitea-postgresql-18-cluster - method: plugin - pluginConfiguration: - name: barman-cloud.cloudnative-pg.io - parameters: - barmanObjectName: "gitea-postgresql-18-backup-garage-local" diff --git a/clusters/cl01tl/manifests/gitea/Secret-gitea-init.yaml b/clusters/cl01tl/manifests/gitea/Secret-gitea-init.yaml deleted file mode 100644 index c5e0ea931..000000000 --- a/clusters/cl01tl/manifests/gitea/Secret-gitea-init.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: gitea-init - namespace: gitea - labels: - helm.sh/chart: gitea-12.6.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.26.1" - version: "1.26.1" - app.kubernetes.io/managed-by: Helm -type: Opaque -stringData: - configure_gpg_environment.sh: | - #!/usr/bin/env bash - set -eu - - gpg --batch --import "$TMP_RAW_GPG_KEY" - init_directory_structure.sh: |- - #!/usr/bin/env bash - - set -euo pipefail - # BEGIN: initPreScript - wget https://github.com/catppuccin/gitea/releases/latest/download/catppuccin-gitea.tar.gz; - tar -xvzf catppuccin-gitea.tar.gz -C /data/gitea/public/assets/css; - rm catppuccin-gitea.tar.gz; - # END: initPreScript - mkdir -pv /data/git/.ssh - chmod -Rv 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf - - # prepare temp directory structure - mkdir -pv "${GITEA_TEMP}" - chmod -v ug+rwx "${GITEA_TEMP}" - configure_gitea.sh: "#!/usr/bin/env bash\n\nset -euo pipefail\n\necho '==== BEGIN GITEA CONFIGURATION ===='\n\n{ # try\n gitea migrate\n} || { # catch\n echo \"Gitea migrate might fail due to database connection...This init-container will try again in a few seconds\"\n exit 1\n}\nfunction configure_admin_user() {\n local full_admin_list=$(gitea admin user list --admin)\n local actual_user_table=''\n\n # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line\n local regex=\"(.*)(ID\\s+Username\\s+Email\\s+IsActive.*)\"\n if [[ \"${full_admin_list}\" =~ $regex ]]; then\n actual_user_table=$(echo \"${BASH_REMATCH[2]}\" | tail -n+2) # tail'ing to drop the table headline\n else\n # This code block should never be reached, as long as the output table header remains the same.\n # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.\n\n echo \"ERROR: 'configure_admin_user' was not able to determine the current list of admin users.\"\n echo \" Please review the output of 'gitea admin user list --admin' shown below.\"\n echo \" If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues.\"\n echo \"DEBUG: Output of 'gitea admin user list --admin'\"\n echo \"--\"\n echo \"${full_admin_list}\"\n echo \"--\"\n exit 1\n fi\n\n local ACCOUNT_ID=$(echo \"${actual_user_table}\" | grep -E \"\\s+${GITEA_ADMIN_USERNAME}\\s+\" | awk -F \" \" \"{printf \\$1}\")\n if [[ -z \"${ACCOUNT_ID}\" ]]; then\n local -a create_args\n create_args=(--admin --username \"${GITEA_ADMIN_USERNAME}\" --password \"${GITEA_ADMIN_PASSWORD}\" --email \"gitea@local.domain\")\n if [[ \"${GITEA_ADMIN_PASSWORD_MODE}\" = initialOnlyRequireReset ]]; then\n create_args+=(--must-change-password=true)\n else\n create_args+=(--must-change-password=false)\n fi\n echo \"No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now...\"\n gitea admin user create \"${create_args[@]}\"\n echo '...created.'\n else\n if [[ \"${GITEA_ADMIN_PASSWORD_MODE}\" = keepUpdated ]]; then\n echo \"Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password...\"\n # See https://gitea.com/gitea/helm-gitea/issues/673\n # --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior\n # which acted as if it were provided with =false. If the argument is present in this version of gitea, then we\n # should add it to prevent requiring frequent admin password resets.\n local -a change_args\n change_args=(--username \"${GITEA_ADMIN_USERNAME}\" --password \"${GITEA_ADMIN_PASSWORD}\")\n if gitea admin user change-password --help | grep -F -- '--must-change-password' >/dev/null; then\n change_args+=(--must-change-password=false)\n fi\n gitea admin user change-password \"${change_args[@]}\"\n echo '...password sync done.'\n else\n echo \"Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping.\"\n fi\n fi\n}\n\nconfigure_admin_user\n\nfunction configure_ldap() {\n echo 'no ldap configuration... skipping.'\n}\n\nconfigure_ldap\n\nfunction configure_oauth() {\n local OAUTH_NAME='Authentik'\n local full_auth_list=$(gitea admin auth list --vertical-bars)\n local actual_auth_table=''\n\n # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line\n local regex=\"(.*)(ID\\s+\\|Name\\s+\\|Type\\s+\\|Enabled.*)\"\n if [[ \"${full_auth_list}\" =~ $regex ]]; then\n actual_auth_table=$(echo \"${BASH_REMATCH[2]}\" | tail -n+2) # tail'ing to drop the table headline\n else\n # This code block should never be reached, as long as the output table header remains the same.\n # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.\n\n echo \"ERROR: 'configure_oauth' was not able to determine the current list of authentication sources.\"\n echo \" Please review the output of 'gitea admin auth list --vertical-bars' shown below.\"\n echo \" If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-gitea/issues.\"\n echo \"DEBUG: Output of 'gitea admin auth list --vertical-bars'\"\n echo \"--\"\n echo \"${full_auth_list}\"\n echo \"--\"\n exit 1\n fi\n\n local AUTH_ID=$(echo \"${actual_auth_table}\" | grep -E \"\\|${OAUTH_NAME}\\s+\\|\" | grep -iE '\\|OAuth2\\s+\\|' | awk -F \" \" \"{print \\$1}\")\n\n if [[ -z \"${AUTH_ID}\" ]]; then\n echo \"No oauth configuration found with name '${OAUTH_NAME}'. Installing it now...\"\n gitea admin auth add-oauth --auto-discover-url \"https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration\" --icon-url \"https://goauthentik.io/img/icon.png\" --key \"${GITEA_OAUTH_KEY_0}\" --name \"Authentik\" --provider \"openidConnect\" --scopes \"email profile\" --secret \"${GITEA_OAUTH_SECRET_0}\" \n echo '...installed.'\n else\n echo \"Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings...\"\n gitea admin auth update-oauth --id \"${AUTH_ID}\" --auto-discover-url \"https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration\" --icon-url \"https://goauthentik.io/img/icon.png\" --key \"${GITEA_OAUTH_KEY_0}\" --name \"Authentik\" --provider \"openidConnect\" --scopes \"email profile\" --secret \"${GITEA_OAUTH_SECRET_0}\" \n echo '...sync settings done.'\n fi\n}\n\nconfigure_oauth\n\necho '==== END GITEA CONFIGURATION ===='" diff --git a/clusters/cl01tl/manifests/gitea/Secret-gitea-inline-config.yaml b/clusters/cl01tl/manifests/gitea/Secret-gitea-inline-config.yaml deleted file mode 100644 index 043ae8a60..000000000 --- a/clusters/cl01tl/manifests/gitea/Secret-gitea-inline-config.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: gitea-inline-config - namespace: gitea - labels: - helm.sh/chart: gitea-12.6.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.26.1" - version: "1.26.1" - app.kubernetes.io/managed-by: Helm -type: Opaque -stringData: - _generals_: APP_NAME=Gitea - actions: ENABLED=true - cache: |- - ADAPTER=redis - ENABLED=true - HOST=redis://gitea-valkey.gitea:6379 - database: |- - DB_TYPE=postgres - SCHEMA=public - explore: REQUIRE_SIGNIN_VIEW=true - indexer: |- - ISSUE_INDEXER_ENABLED=true - ISSUE_INDEXER_TYPE=meilisearch - REPO_INDEXER_ENABLED=false - metrics: ENABLED=true - mirror: DEFAULT_INTERVAL=10m - oauth2_client: ENABLE_AUTO_REGISTRATION=true - queue: |- - CONN_STR=redis://gitea-valkey.gitea:6379 - TYPE=redis - repo-archive: ENABLED=false - repository: ROOT=/data/git/gitea-repositories - security: INSTALL_LOCK=true - server: |- - APP_DATA_PATH=/data - DOMAIN=gitea.alexlebens.dev - ENABLE_PPROF=true - HTTP_PORT=3000 - LANDING_PAGE=explore - LOCAL_ROOT_URL=http://gitea-http.gitea.svc.cluster.local:3000 - PROTOCOL=http - ROOT_URL=https://gitea.alexlebens.dev - SSH_DOMAIN=gitea.alexlebens.net - SSH_LISTEN_PORT=22 - SSH_PORT=22 - START_SSH_SERVER=true - service: |- - ALLOW_ONLY_EXTERNAL_REGISTRATION=true - REGISTER_MANUAL_CONFIRM=true - SHOW_REGISTRATION_BUTTON=false - session: |- - PROVIDER=redis - PROVIDER_CONFIG=redis://gitea-valkey.gitea:6379 - ui: |- - DEFAULT_THEME=gitea-auto - THEMES=gitea-light,gitea-dark,gitea-auto,catppuccin-rosewater-auto,catppuccin-flamingo-auto,catppuccin-pink-auto,catppuccin-mauve-auto,catppuccin-red-auto,catppuccin-maroon-auto,catppuccin-peach-auto,catppuccin-yellow-auto,catppuccin-green-auto,catppuccin-teal-auto,catppuccin-sky-auto,catppuccin-sapphire-auto,catppuccin-blue-auto,catppuccin-lavender-auto,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender - webhook: ALLOWED_HOST_LIST=private diff --git a/clusters/cl01tl/manifests/gitea/Secret-gitea.yaml b/clusters/cl01tl/manifests/gitea/Secret-gitea.yaml deleted file mode 100644 index 431620b39..000000000 --- a/clusters/cl01tl/manifests/gitea/Secret-gitea.yaml +++ /dev/null @@ -1,170 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: gitea - namespace: gitea - labels: - helm.sh/chart: gitea-12.6.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.26.1" - version: "1.26.1" - app.kubernetes.io/managed-by: Helm -type: Opaque -stringData: - config_environment.sh: | - #!/usr/bin/env bash - set -euo pipefail - - function env2ini::log() { - printf "${1}\n" - } - - function env2ini::read_config_to_env() { - local section="${1}" - local line="${2}" - - if [[ -z "${line}" ]]; then - # skip empty line - return - fi - - # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line - local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" - - if [[ -z "${setting}" ]]; then - env2ini::log ' ! invalid setting' - exit 1 - fi - - local value='' - local regex="^${setting}(\s*)=(\s*)(.*)" - if [[ $line =~ $regex ]]; then - value="${BASH_REMATCH[3]}" - else - env2ini::log ' ! invalid setting' - exit 1 - fi - - env2ini::log " + '${setting}'" - - if [[ -z "${section}" ]]; then - export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase - return - fi - - local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches - masked_section="${masked_section//-/_0X2D_}" - - export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase - } - - function env2ini::reload_preset_envs() { - env2ini::log "Reloading preset envs..." - - while read -r line; do - if [[ -z "${line}" ]]; then - # skip empty line - return - fi - - # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line - local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" - - if [[ -z "${setting}" ]]; then - env2ini::log ' ! invalid setting' - exit 1 - fi - - local value='' - local regex="^${setting}(\s*)=(\s*)(.*)" - if [[ $line =~ $regex ]]; then - value="${BASH_REMATCH[3]}" - else - env2ini::log ' ! invalid setting' - exit 1 - fi - - env2ini::log " + '${setting}'" - - export "${setting^^}=${value}" # '^^' makes the variable content uppercase - done < "$TMP_EXISTING_ENVS_FILE" - - rm $TMP_EXISTING_ENVS_FILE - } - - function env2ini::process_config_file() { - local config_file="${1}" - local section="$(basename "${config_file}")" - - if [[ $section == '_generals_' ]]; then - env2ini::log " [ini root]" - section='' - else - env2ini::log " ${section}" - fi - - while read -r line; do - env2ini::read_config_to_env "${section}" "${line}" - done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading - } - - function env2ini::load_config_sources() { - local path="${1}" - - if [[ -d "${path}" ]]; then - env2ini::log "Processing $(basename "${path}")..." - - while read -d '' configFile; do - env2ini::process_config_file "${configFile}" - done < <(find "${path}" -type l -not -name '..data' -print0) - - env2ini::log "\n" - fi - } - - function env2ini::generate_initial_secrets() { - # These environment variables will either be - # - overwritten with user defined values, - # - initially used to set up Gitea - # Anyway, they won't harm existing app.ini files - - export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) - export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) - export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) - export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) - - env2ini::log "...Initial secrets generated\n" - } - - # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs - env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > $TMP_EXISTING_ENVS_FILE - - # MUST BE CALLED BEFORE OTHER CONFIGURATION - env2ini::generate_initial_secrets - - env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/inlines/" - env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/additionals/" - - # load existing envs to override auto generated envs - env2ini::reload_preset_envs - - env2ini::log "=== All configuration sources loaded ===\n" - - # safety to prevent rewrite of secret keys if an app.ini already exists - if [ -f ${GITEA_APP_INI} ]; then - env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:' - env2ini::log ' - security.INTERNAL_TOKEN' - env2ini::log ' - security.SECRET_KEY' - env2ini::log ' - oauth2.JWT_SECRET' - env2ini::log ' - server.LFS_JWT_SECRET' - - unset GITEA__SECURITY__INTERNAL_TOKEN - unset GITEA__SECURITY__SECRET_KEY - unset GITEA__OAUTH2__JWT_SECRET - unset GITEA__SERVER__LFS_JWT_SECRET - fi - - gitea config edit-ini --apply-env --config "$GITEA_APP_INI" --out "$GITEA_APP_INI" - assertions: "" diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-cloudflared.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-cloudflared.yaml deleted file mode 100644 index a699da0a8..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-cloudflared.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-cloudflared - labels: - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cloudflared - app.kubernetes.io/service: gitea-cloudflared - app.kubernetes.io/version: 2026.5.0 - helm.sh/chart: cloudflared-3.3.1 - namespace: gitea -spec: - type: ClusterIP - ports: - - port: 20241 - targetPort: 20241 - protocol: TCP - name: metrics - selector: - app.kubernetes.io/controller: main - app.kubernetes.io/instance: gitea - app.kubernetes.io/name: cloudflared diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-http.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-http.yaml deleted file mode 100644 index 492f4b92b..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-http.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-http - namespace: gitea - labels: - helm.sh/chart: gitea-12.6.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.26.1" - version: "1.26.1" - app.kubernetes.io/managed-by: Helm - annotations: {} -spec: - type: ClusterIP - clusterIP: 10.103.160.139 - ports: - - name: http - port: 3000 - targetPort: 3000 - selector: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-meilisearch.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-meilisearch.yaml deleted file mode 100644 index f9f1f280a..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-meilisearch.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-meilisearch - labels: - helm.sh/chart: meilisearch-0.32.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "v1.42.1" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - ports: - - port: 7700 - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-ssh.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-ssh.yaml deleted file mode 100644 index 6aaa0ad2a..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-ssh.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-ssh - namespace: gitea - labels: - helm.sh/chart: gitea-12.6.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.26.1" - version: "1.26.1" - app.kubernetes.io/managed-by: Helm - annotations: {} -spec: - type: ClusterIP - clusterIP: 10.103.160.140 - ports: - - name: ssh - port: 22 - targetPort: 22 - protocol: TCP - selector: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-headless.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-headless.yaml deleted file mode 100644 index edff414d4..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-headless.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-valkey-headless - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: headless -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: tcp - port: 6379 - targetPort: tcp - protocol: TCP - selector: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-metrics.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-metrics.yaml deleted file mode 100644 index 01eb6d5ca..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-metrics.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-valkey-metrics - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: valkey - annotations: -spec: - type: ClusterIP - ports: - - name: metrics - port: 9121 - protocol: TCP - targetPort: metrics - selector: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-read.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-read.yaml deleted file mode 100644 index a02032906..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-read.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-valkey-read - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: read -spec: - type: ClusterIP - ports: - - name: tcp - port: 6379 - targetPort: tcp - protocol: TCP - selector: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate-metrics.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate-metrics.yaml deleted file mode 100644 index 53d94936a..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate-metrics.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-valkey-renovate-metrics - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: metrics - app.kubernetes.io/part-of: valkey - annotations: -spec: - type: ClusterIP - ports: - - name: metrics - port: 9121 - protocol: TCP - targetPort: metrics - selector: - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate.yaml deleted file mode 100644 index d35356e13..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey-renovate.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-valkey-renovate - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary -spec: - type: ClusterIP - ports: - - port: 6379 - targetPort: tcp - protocol: TCP - name: tcp - selector: - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea diff --git a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/Service-gitea-valkey.yaml deleted file mode 100644 index 3018dcc26..000000000 --- a/clusters/cl01tl/manifests/gitea/Service-gitea-valkey.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea-valkey - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary -spec: - type: ClusterIP - ports: - - port: 6379 - targetPort: tcp - protocol: TCP - name: tcp - selector: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - statefulset.kubernetes.io/pod-name: gitea-valkey-0 diff --git a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-cloudflared.yaml b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-cloudflared.yaml deleted file mode 100644 index 8a8db068e..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-cloudflared.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitea-cloudflared - labels: - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cloudflared - app.kubernetes.io/version: 2026.5.0 - helm.sh/chart: cloudflared-3.3.1 - namespace: gitea diff --git a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-meilisearch.yaml b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-meilisearch.yaml deleted file mode 100644 index e3564f1ad..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-meilisearch.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitea-meilisearch - labels: - helm.sh/chart: meilisearch-0.32.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "v1.42.1" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey-renovate.yaml deleted file mode 100644 index 389901694..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey-renovate.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitea-valkey-renovate - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm -automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey.yaml deleted file mode 100644 index bf11b8103..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceAccount-gitea-valkey.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitea-valkey - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm -automountServiceAccountToken: false diff --git a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-cloudflared.yaml b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-cloudflared.yaml deleted file mode 100644 index be049e0ae..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-cloudflared.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: gitea-cloudflared - labels: - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cloudflared - app.kubernetes.io/version: 2026.5.0 - helm.sh/chart: cloudflared-3.3.1 - namespace: gitea -spec: - jobLabel: app.kubernetes.io/name - namespaceSelector: - matchNames: - - gitea - selector: - matchLabels: - app.kubernetes.io/instance: gitea - app.kubernetes.io/name: cloudflared - endpoints: - - interval: 30s - path: /metrics - port: metrics - scrapeTimeout: 10s diff --git a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-meilisearch.yaml b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-meilisearch.yaml deleted file mode 100644 index 9e220a45e..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-meilisearch.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: gitea-meilisearch - namespace: gitea - labels: - helm.sh/chart: meilisearch-0.32.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "v1.42.1" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -spec: - jobLabel: gitea - namespaceSelector: - matchNames: - - gitea - selector: - matchLabels: - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - endpoints: - - port: http - path: /metrics - interval: 1m - scrapeTimeout: 10s - bearerTokenSecret: - name: gitea-meilisearch-key - key: MEILI_MASTER_KEY diff --git a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey-renovate.yaml b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey-renovate.yaml deleted file mode 100644 index 20a4d48e8..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey-renovate.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: gitea-valkey-renovate - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: valkey - app.kubernetes.io/component: service-monitor -spec: - endpoints: - - port: metrics - interval: 30s - namespaceSelector: - matchNames: - - gitea - selector: - matchLabels: - app.kubernetes.io/name: valkey-renovate - app.kubernetes.io/instance: gitea - app.kubernetes.io/component: metrics diff --git a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey.yaml deleted file mode 100644 index 1dc544c15..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea-valkey.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: gitea-valkey - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: valkey - app.kubernetes.io/component: service-monitor -spec: - endpoints: - - port: metrics - interval: 30s - namespaceSelector: - matchNames: - - gitea - selector: - matchLabels: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/component: metrics diff --git a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea.yaml b/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea.yaml deleted file mode 100644 index 040682426..000000000 --- a/clusters/cl01tl/manifests/gitea/ServiceMonitor-gitea.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: gitea - namespace: gitea - labels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - selector: - matchLabels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - endpoints: - - port: http diff --git a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-gitea-actions-act-runner.yaml b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-gitea-actions-act-runner.yaml deleted file mode 100644 index d52f68b6e..000000000 --- a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-gitea-actions-act-runner.yaml +++ /dev/null @@ -1,154 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - helm.sh/chart: gitea-actions-0.1.0 - app: gitea-actions-act-runner - app.kubernetes.io/name: gitea-actions-act-runner - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "0.261.3" - version: "0.261.3" - app.kubernetes.io/managed-by: Helm - annotations: - name: gitea-gitea-actions-act-runner - namespace: gitea -spec: - replicas: 6 - selector: - matchLabels: - app.kubernetes.io/name: gitea-actions-act-runner - app.kubernetes.io/instance: gitea - template: - metadata: - annotations: - checksum/config: 6a9d82ad20f62c2e827a0639a2122bcb195c331a21688599f9fa9bbfd96be37a - labels: - helm.sh/chart: gitea-actions-0.1.0 - app: gitea-actions-act-runner - app.kubernetes.io/name: gitea-actions-act-runner - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "0.261.3" - version: "0.261.3" - app.kubernetes.io/managed-by: Helm - spec: - restartPolicy: Always - initContainers: - - name: init-gitea - image: "docker.io/busybox:1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e" - command: - - sh - - -c - - | - echo 'Trying to reach Gitea on http://gitea-http.gitea:3000' - until timeout 10 wget --no-check-certificate --spider http://gitea-http.gitea:3000; do - sleep 3 - echo "Trying again in 3 seconds..." - done - echo "Gitea has been reached!" - - name: dind - image: "docker.io/docker:29.5.0-dind@sha256:8e3fae900cbfbdc14e8abca89a9e44363065cb535f34a09283c59cc0dde2de20" - restartPolicy: Always - imagePullPolicy: IfNotPresent - securityContext: - privileged: true - startupProbe: - exec: - command: - - /usr/bin/test - - -S - - /var/run/docker.sock - livenessProbe: - exec: - command: - - /usr/bin/test - - -S - - /var/run/docker.sock - resources: - limits: - ephemeral-storage: 15Gi - requests: - ephemeral-storage: 2Gi - volumeMounts: - - mountPath: /var/run/ - name: docker-socket - - mountPath: /var/lib/docker - name: docker-vol - containers: - - name: act-runner - image: "docker.io/gitea/act_runner:0.6.1@sha256:b5c35d6bdbb9bb25e531230bfc7cc663cb751406cbec90a2a891b85fea54de86" - imagePullPolicy: IfNotPresent - workingDir: /data - env: - - name: GITEA_RUNNER_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: "gitea-runner-secret" - key: "token" - - name: GITEA_INSTANCE_URL - value: http://gitea-http.gitea:3000 - - name: CONFIG_FILE - value: /actrunner/config.yaml - - name: TZ - value: America/Chicago - resources: - limits: - ephemeral-storage: 15Gi - requests: - ephemeral-storage: 2Gi - volumeMounts: - - mountPath: /actrunner/config.yaml - name: act-runner-config - subPath: config.yaml - - mountPath: /var/run/docker.sock - name: docker-socket - subPath: docker.sock - - mountPath: /data - name: data-act-runner - - mountPath: /workspace - name: workspace-vol - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - gitea-actions-act-runner - topologyKey: kubernetes.io/hostname - weight: 100 - volumes: - - name: act-runner-config - configMap: - name: gitea-gitea-actions-act-runner-config - - name: docker-socket - emptyDir: {} - - ephemeral: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - storageClassName: ceph-block - name: workspace-vol - - ephemeral: - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 50Gi - storageClassName: ceph-block - name: docker-vol - volumeClaimTemplates: - - metadata: - name: data-act-runner - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 10Gi diff --git a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-meilisearch.yaml b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-meilisearch.yaml deleted file mode 100644 index 2be9d3cfc..000000000 --- a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-meilisearch.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: gitea-meilisearch - labels: - helm.sh/chart: meilisearch-0.32.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "v1.42.1" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - serviceName: gitea-meilisearch - selector: - matchLabels: - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - template: - metadata: - labels: - helm.sh/chart: meilisearch-0.32.0 - app.kubernetes.io/name: meilisearch - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "v1.42.1" - app.kubernetes.io/component: search-engine - app.kubernetes.io/part-of: meilisearch - app.kubernetes.io/managed-by: Helm - annotations: - checksum/config: d3bf0c4ecf25fba4c09c449d0ab9d3009cf932f951f23092f6db1b039dbc9778 - spec: - serviceAccountName: gitea-meilisearch - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - volumes: - - name: tmp - emptyDir: {} - - name: data - persistentVolumeClaim: - claimName: gitea-meilisearch - containers: - - name: meilisearch - image: "getmeili/meilisearch:v1.42.1" - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - name: tmp - mountPath: /tmp - - name: data - mountPath: /meili_data - envFrom: - - configMapRef: - name: gitea-meilisearch-environment - - secretRef: - name: gitea-meilisearch-key - ports: - - name: http - containerPort: 7700 - protocol: TCP - startupProbe: - httpGet: - path: /health - port: http - periodSeconds: 1 - initialDelaySeconds: 1 - failureThreshold: 60 - timeoutSeconds: 1 - livenessProbe: - httpGet: - path: /health - port: http - periodSeconds: 10 - initialDelaySeconds: 0 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: /health - port: http - periodSeconds: 10 - initialDelaySeconds: 0 - timeoutSeconds: 10 - resources: - requests: - cpu: 10m - memory: 150Mi diff --git a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-valkey.yaml b/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-valkey.yaml deleted file mode 100644 index 85e3566a6..000000000 --- a/clusters/cl01tl/manifests/gitea/StatefulSet-gitea-valkey.yaml +++ /dev/null @@ -1,133 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: gitea-valkey - labels: - helm.sh/chart: valkey-0.9.4 - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "9.0.4" - app.kubernetes.io/managed-by: Helm -spec: - serviceName: gitea-valkey-headless - replicas: 3 - podManagementPolicy: OrderedReady - selector: - matchLabels: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - volumeClaimTemplates: - - metadata: - name: valkey-data - spec: - accessModes: - - ReadWriteOnce - storageClassName: "ceph-block" - resources: - requests: - storage: "20Gi" - template: - metadata: - labels: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: gitea - annotations: - checksum/initconfig: "88e964ad8690829ad09a86ad90173244" - spec: - automountServiceAccountToken: false - serviceAccountName: gitea-valkey - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - initContainers: - - name: gitea-valkey-init - image: docker.io/valkey/valkey:9.0.4@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193 - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - command: ["/scripts/init.sh"] - env: - - name: POD_INDEX - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - volumeMounts: - - name: valkey-data - mountPath: /data - - name: scripts - mountPath: /scripts - containers: - - name: gitea-valkey - image: docker.io/valkey/valkey:9.0.4@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193 - imagePullPolicy: IfNotPresent - command: ["valkey-server"] - args: ["/data/conf/valkey.conf"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - env: - - name: POD_INDEX - valueFrom: - fieldRef: - fieldPath: metadata.labels['apps.kubernetes.io/pod-index'] - - name: VALKEY_LOGLEVEL - value: "notice" - ports: - - name: tcp - containerPort: 6379 - protocol: TCP - startupProbe: - exec: - command: ["sh", "-c", "valkey-cli ping"] - livenessProbe: - exec: - command: ["sh", "-c", "valkey-cli ping"] - resources: - requests: - cpu: 20m - memory: 1Gi - volumeMounts: - - name: valkey-data - mountPath: /data - - name: metrics - image: ghcr.io/oliver006/redis_exporter:v1.83.0@sha256:e8c209894d4c0cc55b1259ddd47e0b769ad1ff864b356736ee885462a3b0e48c - imagePullPolicy: "IfNotPresent" - ports: - - name: metrics - containerPort: 9121 - startupProbe: - tcpSocket: - port: metrics - livenessProbe: - tcpSocket: - port: metrics - readinessProbe: - httpGet: - path: / - port: metrics - resources: - requests: - cpu: 1m - memory: 10M - env: - - name: REDIS_ALIAS - value: gitea-valkey - volumes: - - name: scripts - configMap: - name: gitea-valkey-init-scripts - defaultMode: 0555 diff --git a/clusters/cl01tl/manifests/gitea/TCPRoute-gitea-ssh.yaml b/clusters/cl01tl/manifests/gitea/TCPRoute-gitea-ssh.yaml deleted file mode 100644 index 375447900..000000000 --- a/clusters/cl01tl/manifests/gitea/TCPRoute-gitea-ssh.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1alpha2 -kind: TCPRoute -metadata: - name: gitea-ssh - namespace: gitea - labels: - app.kubernetes.io/name: gitea-ssh - app.kubernetes.io/instance: gitea - app.kubernetes.io/part-of: gitea -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - sectionName: ssh - rules: - - backendRefs: - - kind: Service - name: gitea-ssh - port: 22