Diun uses noservice kustomization

charts/traefik.yaml

@@ -29,6 +29,11 @@ spec:
           default: true
         port: 6379
         exposedPort: 6379
+      forgejo-ssh:
+        expose:
+          default: true
+        port: 2222
+        exposedPort: 2222
     tolerations:
       - key: "public"
         value: "true"

kustomize/noservice/configmap.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config
+data:

kustomize/noservice/deployment.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    spec:

kustomize/noservice/httproute-http.yaml

@@ -0,0 +1,20 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http
+spec:
+  parentRefs:
+    - name: homelab-gateway
+      sectionName: web
+      kind: Gateway
+      namespace: homelab
+  hostnames:
+    - web.leechpepin.com
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: web
+          port: 80

kustomize/noservice/httproute-https.yaml

@@ -0,0 +1,20 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: https
+spec:
+  parentRefs:
+    - name: homelab-gateway
+      sectionName: websecure
+      kind: Gateway
+      namespace: homelab
+  hostnames:
+    - web.leechpepin.com
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: web
+          port: 80

kustomize/noservice/kustomization.yaml

@@ -0,0 +1,14 @@
+### deployment/kustomization.yaml ###
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Define resources:
+resources:
+  - deployment.yaml
+  - pvc.yaml
+  - secret.yaml
+  # - configmap.yaml
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/managed-by: kustomize

kustomize/noservice/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc
+spec:
+  storageClassName: longhorn-private
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi

kustomize/noservice/secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+  name: secrets
+  namespace: infisical
+  labels:
+    label-to-be-passed-to-managed-secret: homelab
+  annotations:
+    example.com/annotation-to-be-passed-to-managed-secret: "homelab"
+spec:
+  hostAPI: https://app.infisical.com/api
+  resyncInterval: 10
+  authentication:
+    # Universal Auth
+    universalAuth:
+      secretsScope:
+        projectSlug: homelab-n-f-yj
+        envSlug: prod
+        secretsPath: "/apps/appname" # Root is "/"
+        recursive: false # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
+      credentialsRef:
+        secretName: universal-auth-credentials
+        secretNamespace: infisical
+  managedSecretReference:
+    secretName: app-secrets
+    secretNamespace: ns
+    creationPolicy: "Orphan" ## Owner | Orphan

kustomize/noservice/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: svc
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      name: test
+      targetPort: test
+      protocol: TCP

namespaces/homelab/gateway.yaml

@@ -62,3 +62,12 @@ spec:
         certificateRefs:
           - kind: Secret
             name: wildcard-leechpepin-tls
+    - allowedRoutes:
+        namespaces:
+          from: Selector
+          selector:
+            matchLabels:
+              homelab-access: "true"
+      name: forgejo-ssh
+      port: 2222
+      protocol: TCP