From 1d2c18ee6494c37713c0ec9fc4f0a3a35c8b3333 Mon Sep 17 00:00:00 2001
From: Jonathan Leech-Pepin <jonathan@leechpepin.com>
Date: Wed, 5 Feb 2025 16:26:51 -0500
Subject: [PATCH] Diun uses noservice kustomization

---
 charts/traefik.yaml                      |  5 +++++
 kustomize/noservice/configmap.yaml       |  5 +++++
 kustomize/noservice/deployment.yaml      | 11 ++++++++++
 kustomize/noservice/httproute-http.yaml  | 20 ++++++++++++++++++
 kustomize/noservice/httproute-https.yaml | 20 ++++++++++++++++++
 kustomize/noservice/kustomization.yaml   | 14 ++++++++++++
 kustomize/noservice/pvc.yaml             | 11 ++++++++++
 kustomize/noservice/secret.yaml          | 27 ++++++++++++++++++++++++
 kustomize/noservice/service.yaml         | 11 ++++++++++
 namespaces/homelab/gateway.yaml          |  9 ++++++++
 10 files changed, 133 insertions(+)
 create mode 100644 kustomize/noservice/configmap.yaml
 create mode 100644 kustomize/noservice/deployment.yaml
 create mode 100644 kustomize/noservice/httproute-http.yaml
 create mode 100644 kustomize/noservice/httproute-https.yaml
 create mode 100644 kustomize/noservice/kustomization.yaml
 create mode 100644 kustomize/noservice/pvc.yaml
 create mode 100644 kustomize/noservice/secret.yaml
 create mode 100644 kustomize/noservice/service.yaml

diff --git a/charts/traefik.yaml b/charts/traefik.yaml
index 5dae9a2..19ce81a 100644
--- a/charts/traefik.yaml
+++ b/charts/traefik.yaml
@@ -29,6 +29,11 @@ spec:
           default: true
         port: 6379
         exposedPort: 6379
+      forgejo-ssh:
+        expose:
+          default: true
+        port: 2222
+        exposedPort: 2222
     tolerations:
       - key: "public"
         value: "true"
diff --git a/kustomize/noservice/configmap.yaml b/kustomize/noservice/configmap.yaml
new file mode 100644
index 0000000..d8641b6
--- /dev/null
+++ b/kustomize/noservice/configmap.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config
+data:
diff --git a/kustomize/noservice/deployment.yaml b/kustomize/noservice/deployment.yaml
new file mode 100644
index 0000000..d275155
--- /dev/null
+++ b/kustomize/noservice/deployment.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    spec:
diff --git a/kustomize/noservice/httproute-http.yaml b/kustomize/noservice/httproute-http.yaml
new file mode 100644
index 0000000..43f5c01
--- /dev/null
+++ b/kustomize/noservice/httproute-http.yaml
@@ -0,0 +1,20 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http
+spec:
+  parentRefs:
+    - name: homelab-gateway
+      sectionName: web
+      kind: Gateway
+      namespace: homelab
+  hostnames:
+    - web.leechpepin.com
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: web
+          port: 80
diff --git a/kustomize/noservice/httproute-https.yaml b/kustomize/noservice/httproute-https.yaml
new file mode 100644
index 0000000..b38ea13
--- /dev/null
+++ b/kustomize/noservice/httproute-https.yaml
@@ -0,0 +1,20 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: https
+spec:
+  parentRefs:
+    - name: homelab-gateway
+      sectionName: websecure
+      kind: Gateway
+      namespace: homelab
+  hostnames:
+    - web.leechpepin.com
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: web
+          port: 80
diff --git a/kustomize/noservice/kustomization.yaml b/kustomize/noservice/kustomization.yaml
new file mode 100644
index 0000000..19265b6
--- /dev/null
+++ b/kustomize/noservice/kustomization.yaml
@@ -0,0 +1,14 @@
+### deployment/kustomization.yaml ###
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Define resources:
+resources:
+  - deployment.yaml
+  - pvc.yaml
+  - secret.yaml
+  # - configmap.yaml
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/managed-by: kustomize
diff --git a/kustomize/noservice/pvc.yaml b/kustomize/noservice/pvc.yaml
new file mode 100644
index 0000000..65e4fb0
--- /dev/null
+++ b/kustomize/noservice/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc
+spec:
+  storageClassName: longhorn-private
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
diff --git a/kustomize/noservice/secret.yaml b/kustomize/noservice/secret.yaml
new file mode 100644
index 0000000..e7ab759
--- /dev/null
+++ b/kustomize/noservice/secret.yaml
@@ -0,0 +1,27 @@
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+  name: secrets
+  namespace: infisical
+  labels:
+    label-to-be-passed-to-managed-secret: homelab
+  annotations:
+    example.com/annotation-to-be-passed-to-managed-secret: "homelab"
+spec:
+  hostAPI: https://app.infisical.com/api
+  resyncInterval: 10
+  authentication:
+    # Universal Auth
+    universalAuth:
+      secretsScope:
+        projectSlug: homelab-n-f-yj
+        envSlug: prod
+        secretsPath: "/apps/appname" # Root is "/"
+        recursive: false # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
+      credentialsRef:
+        secretName: universal-auth-credentials
+        secretNamespace: infisical
+  managedSecretReference:
+    secretName: app-secrets
+    secretNamespace: ns
+    creationPolicy: "Orphan" ## Owner | Orphan
diff --git a/kustomize/noservice/service.yaml b/kustomize/noservice/service.yaml
new file mode 100644
index 0000000..2d0c61a
--- /dev/null
+++ b/kustomize/noservice/service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: svc
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      name: test
+      targetPort: test
+      protocol: TCP
diff --git a/namespaces/homelab/gateway.yaml b/namespaces/homelab/gateway.yaml
index 6ad6a19..1eb8e55 100644
--- a/namespaces/homelab/gateway.yaml
+++ b/namespaces/homelab/gateway.yaml
@@ -62,3 +62,12 @@ spec:
         certificateRefs:
           - kind: Secret
             name: wildcard-leechpepin-tls
+    - allowedRoutes:
+        namespaces:
+          from: Selector
+          selector:
+            matchLabels:
+              homelab-access: "true"
+      name: forgejo-ssh
+      port: 2222
+      protocol: TCP