diff --git a/namespaces/apps/forgejo/extra/ssh-service.yaml b/namespaces/apps/forgejo/extra/ssh-service.yaml new file mode 100644 index 0000000..75c3859 --- /dev/null +++ b/namespaces/apps/forgejo/extra/ssh-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: ssh-svc +spec: + type: ClusterIP + ports: + - port: 2222 + name: forgejo-ssh + targetPort: ssh + protocol: TCP diff --git a/namespaces/apps/forgejo/extra/ssh-tcproute.yaml b/namespaces/apps/forgejo/extra/ssh-tcproute.yaml new file mode 100644 index 0000000..ef2e2ba --- /dev/null +++ b/namespaces/apps/forgejo/extra/ssh-tcproute.yaml @@ -0,0 +1,15 @@ +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TCPRoute +metadata: + name: ssh +spec: + parentRefs: + - name: homelab-gateway + sectionName: forgejo-ssh + kind: Gateway + namespace: homelab + rules: + - backendRefs: + - name: forgejo-ssh-svc + namespace: apps + port: 2222 diff --git a/namespaces/apps/forgejo/kustomization.yaml b/namespaces/apps/forgejo/kustomization.yaml new file mode 100644 index 0000000..e86a48a --- /dev/null +++ b/namespaces/apps/forgejo/kustomization.yaml @@ -0,0 +1,114 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: apps + unsetOnly: true + +namePrefix: forgejo- +resources: + - ../../../kustomize/deployment/ + - extra/ssh-service.yaml + - extra/ssh-tcproute.yaml + +replacements: + - source: + kind: Service + name: svc + targets: + - select: + kind: HTTPRoute + options: + create: true + fieldPaths: + - spec.rules.0.backendRefs.0.name + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/appName] + targets: + - select: + kind: InfisicalSecret + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.managedSecretReference.secretName + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 2 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - select: + kind: Service + name: svc + fieldPaths: + - spec.ports.0.name + - spec.ports.0.targetPort + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] + targets: + - select: + kind: InfisicalSecret + fieldPaths: + - spec.managedSecretReference.secretNamespace + - source: + kind: Deployment + name: app + fieldPath: metadata.labels.[app.kubernetes.io/routePrefix] + targets: + - select: + kind: HTTPRoute + options: + create: true + delimiter: "." + index: 0 + fieldPaths: + - spec.hostnames.0 + +patches: + - path: patches/deployment.yaml + target: + kind: Deployment + name: app + - path: patches/pvc.yaml + target: + kind: PersistentVolumeClaim + name: pvc + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: forgejo + - pairs: + app.kubernetes.io/appNamespace: apps + - pairs: + app.kubernetes.io/routePrefix: forgejo + +configMapGenerator: + - name: config + literals: + - USER_UID=1000 + - USER_GID=1000 + - FORGEJO__database__DB_TYPE=postgres + - FORGEJO__database__HOST=postgres.core.svc.cluster.local:5432 + - FORGEJO__database__NAME=forgejo + - FORGEJO__database__USER=forgejo + - FORGEJO__mailer__ENABLED=true + - FORGEJO__mailer__PROTOCOL=smtps + - FORGEJO__mailer__SMTP_ADDR=blizzard.mxrouting.net + - FORGEJO__mailer__SMTP_PORT=465 + - FORGEJO__mailer__USER=homelab@leechpepin.com + - FORGEJO__mailer__FROM=Forgejo + - FORGEJO__service__DISABLE_REGISTRATION=true + - FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION=true + - FORGEJO__openid__ENABLE_OPENID_SIGNIN=false diff --git a/namespaces/apps/forgejo/patches/deployment.yaml b/namespaces/apps/forgejo/patches/deployment.yaml new file mode 100644 index 0000000..a0da095 --- /dev/null +++ b/namespaces/apps/forgejo/patches/deployment.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app +spec: + template: + spec: + tolerations: + - key: "public" + operator: "Equal" + value: "true" + effect: "NoSchedule" + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: public + operator: In + values: + - "true" + containers: + - name: forgejo + image: codeberg.org/forgejo/forgejo:10 + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: forgejo-config + env: + - name: FORGEJO__database__PASSWD + valueFrom: + secretKeyRef: + name: forgejo-secrets + key: FORGEJO_DB_PASSWORD + optional: false + - name: FORGEJO__mailer__PASSWD + valueFrom: + secretKeyRef: + name: smtp-secrets + key: SMTP_PASSWORD + optional: false + - name: FORGEJO__security__SECRET_KEY + valueFrom: + secretKeyRef: + name: forgejo-secrets + key: SECRET_KEY + optional: false + ports: + - containerPort: 3000 + name: forgejo + - containerPort: 22 + name: ssh + # livenessProbe: + # tcpSocket: + # port: forgejo + # initialDelaySeconds: 60 + # periodSeconds: 10 + # readinessProbe: + # httpGet: + # scheme: HTTP + # path: / + # port: forgejo + # initialDelaySeconds: 30 + # periodSeconds: 10 + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: forgejo-pvc diff --git a/namespaces/apps/forgejo/patches/pvc.yaml b/namespaces/apps/forgejo/patches/pvc.yaml new file mode 100644 index 0000000..8985946 --- /dev/null +++ b/namespaces/apps/forgejo/patches/pvc.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc +spec: + storageClassName: longhorn-public