add replica

clusters/cl01tl/applications/homepage/values.yaml

@@ -416,12 +416,6 @@ homepage:
                   href: https://vault.alexlebens.net
                   siteMonitor: http://vault.vault:8200
                   statusStyle: dot
-              - Object Storage (Gitea):
-                  icon: sh-minio.svg
-                  description: Minio Tenant
-                  href: https://minio-gitea.alexlebens.net
-                  siteMonitor: http://minio-gitea-console.gitea:9090
-                  statusStyle: dot
               - Object Storage (Outline):
                   icon: sh-minio.svg
                   description: Minio Tenant

clusters/cl01tl/deployment/stack/values.yaml

@@ -2,8 +2,8 @@ cluster:
   name: cl01tl
 git:
   # repo: git@github.com:alexlebens/infrastructure.git
-  # repo: https://github.com/alexlebens/infrastructure.git
+  repo: https://github.com/alexlebens/infrastructure.git
-  repo: http://gitea-http.gitea:3000/alexlebens/infrastructure
+  # repo: http://gitea-http.gitea:3000/alexlebens/infrastructure
   # repo: ssh://git@gitea-ssh.gitea:2222/alexlebens/infrastructure
   revision: HEAD
 applicationSet:

clusters/cl01tl/monitoring/grafana/Chart.yaml

@@ -15,7 +15,7 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: grafana
-    version: 8.10.1
+    version: 8.10.2
     repository: https://grafana.github.io/helm-charts
 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/grafana.png
 appVersion: 11.4.0

clusters/cl01tl/platform/gitea/Chart.yaml

@@ -9,10 +9,15 @@ keywords:
 home: https://wiki.alexlebens.dev/doc/gitea-OgqW6bQWrW
 sources:
   - https://github.com/go-gitea/gitea
+  - https://github.com/meilisearch/meilisearch
+  - https://github.com/valkey-io/valkey
   - https://github.com/cloudflare/cloudflared
   - https://github.com/cloudnative-pg/cloudnative-pg
   - https://hub.docker.com/r/gitea/gitea
   - https://gitea.com/gitea/helm-chart
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
+  - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
+  - https://github.com/bitnami/charts/tree/main/bitnami/valkey
   - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
   - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster
 maintainers:
@@ -25,10 +30,6 @@ dependencies:
     alias: backup
     repository: https://bjw-s.github.io/helm-charts/
     version: 3.7.2
-  - name: tenant
-    alias: minio
-    version: 7.0.0
-    repository: https://operator.min.io/
   - name: meilisearch
     version: 0.12.0
     repository: https://meilisearch.github.io/meilisearch-kubernetes
@@ -44,4 +45,4 @@ dependencies:
     version: 4.2.1
     repository: http://alexlebens.github.io/helm-charts
 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
-appVersion: 1.22.4
+appVersion: 1.23.5

clusters/cl01tl/platform/gitea/templates/external-secret.yaml

@@ -125,88 +125,6 @@ spec:
         metadataPolicy: None
         property: s3cfg
 
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: gitea-minio-user-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-minio-user-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/gitea/minio/auth
-        metadataPolicy: None
-        property: AWS_ACCESS_KEY_ID
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/gitea/minio/auth
-        metadataPolicy: None
-        property: AWS_SECRET_ACCESS_KEY
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: gitea-minio-root-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-minio-root-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: config.env
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/gitea/minio/config
-        metadataPolicy: None
-        property: root-config.env
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: gitea-minio-config-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-minio-config-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: config.env
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/gitea/minio/config
-        metadataPolicy: None
-        property: config.env
-
 ---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret

clusters/cl01tl/platform/gitea/templates/http-route.yaml

@@ -28,35 +28,3 @@ spec:
           name: gitea-http
           port: 3000
           weight: 100
-
----
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-gitea-minio
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-gitea-minio
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - minio-gitea.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: minio-gitea-console
-          port: 9090
-          weight: 100

clusters/cl01tl/platform/gitea/templates/persistent-volume-claim.yaml

@@ -17,24 +17,3 @@ spec:
   resources:
     requests:
       storage: 1Gi
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: gitea-primary-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-primary-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeMode: Filesystem
-  storageClassName: ceph-filesystem
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 20Gi

clusters/cl01tl/platform/gitea/values.yaml

@@ -1,8 +1,12 @@
 gitea:
   global:
     imageRegistry: registry.hub.docker.com
+  replicaCount: 3
   strategy:
-    type: "Recreate"
+    type: "RollingUpdate"
+    rollingUpdate:
+      maxSurge: "100%"
+      maxUnavailable: 0
   image:
     repository: gitea/gitea
     tag: 1.23.5
@@ -18,7 +22,10 @@ gitea:
   ingress:
     enabled: false
   persistence:
-    storageClass: ceph-block
+    storageClass: ceph-filesystem
+    size: 10Gi
+    accessModes:
+      - ReadWriteMany
   extraVolumes:
     - name: gitea-nfs-storage-backup
       persistentVolumeClaim:
@@ -73,6 +80,8 @@ gitea:
         ISSUE_INDEXER_ENABLED: true
         ISSUE_INDEXER_TYPE: meilisearch
         REPO_INDEXER_ENABLED: false
+      # actions:
+      #   ENABLED: true
       service:
         REGISTER_MANUAL_CONFIRM: true
         SHOW_REGISTRATION_BUTTON: false
@@ -230,30 +239,6 @@ backup:
               readOnly: true
               mountPropagation: None
               subPath: .s3cfg
-minio:
-  existingSecret:
-    name: gitea-minio-root-secret
-  tenant:
-    name: minio-gitea
-    configuration:
-      name: gitea-minio-config-secret
-    pools:
-      - servers: 3
-        name: pool
-        volumesPerServer: 2
-        size: 10Gi
-        storageClassName: ceph-block
-    mountPath: /export
-    subPath: /data
-    metrics:
-      enabled: true
-      port: 9000
-      protocol: http
-    certificate:
-      requestAutoCert: false
-  ingress:
-    console:
-      enabled: false
 meilisearch:
   environment:
     MEILI_NO_ANALYTICS: true

clusters/cl01tl/storage/rook-ceph/values.yaml

@@ -3,6 +3,7 @@ rook-ceph:
     enabled: true
   csi:
     enableMetadata: true
+    cephFSKernelMountOptions: "ms_mode=secure"
     provisionerReplicas: 3
     serviceMonitor:
       enabled: true