diff --git a/README.md b/README.md index b6e9abb..ce1d89c 100644 --- a/README.md +++ b/README.md @@ -115,6 +115,15 @@ PGPASSWORD=$(kubectl -n datastore get secrets "postgres-pguser-grant" -o go-tem kubectl -n datastore exec -it "$PRIMARY_POD" -- psql -c 'DROP DATABASE gitea;' kubectl -n datastore exec -it "$PRIMARY_POD" -- createdb --encoding=UTF8 --locale=C --template=template0 --owner=gitea gitea ``` +create runner token +```sh +kubectl exec -it -- gitea --config /data/gitea/conf/app.ini actions generate-runner-token +kubectl create secret generic gitea-runner-token --from-literal=token='' +``` +allow priviledge pods +```sh +kubectl label namespace gitea pod-security.kubernetes.io/enforce=privileged +``` #### Ghost Blogs I got tired of fighting the docker container so I manually overrode the `config.production.json` diff --git a/gitea/ssh_ingress.yaml b/gitea/ssh_ingress.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/gitea/values.yaml b/gitea/values.yaml index 7f628be..e88dbb4 100644 --- a/gitea/values.yaml +++ b/gitea/values.yaml @@ -38,6 +38,7 @@ gitea: strategy: type: Recreate + ingress: enabled: true hosts: @@ -54,7 +55,11 @@ service: port: 22 clusterIP: - +actions: + enabled: true + existingSecret: gitea-runner-token + existingSecretKey: token + redis: enabled: true redis-cluster: diff --git a/helmfile.lock b/helmfile.lock index 35cdc21..326dcb2 100644 --- a/helmfile.lock +++ b/helmfile.lock @@ -14,7 +14,7 @@ dependencies: version: 11.0.0 - name: grafana repository: https://grafana.github.io/helm-charts - version: 8.10.3 + version: 8.10.4 - name: k8up repository: https://k8up-io.github.io/k8up version: 4.8.4 @@ -42,11 +42,14 @@ dependencies: - name: rook-ceph-cluster repository: https://charts.rook.io/release version: v1.16.5 +- name: static-site + repository: git+https://github.com/cfpb/static-site@charts?ref=main + version: 0.1.1 - name: tailscale-operator repository: https://pkgs.tailscale.com/helmcharts version: 1.80.3 - name: traefik repository: https://traefik.github.io/charts version: 34.4.1 -digest: sha256:b28767f0ec4d8549e0b1de7446f3468555a2a67bf88d2b554e9a12c2de723d2d -generated: "2025-03-15T14:34:49.001292746-06:00" +digest: sha256:256e38bc7feb044a2b643abcc7f3fa2efbdfc7bad65647543be1917abde8b709 +generated: "2025-03-16T18:36:00.677364313-06:00" diff --git a/helmfile.yaml b/helmfile.yaml index 067a52b..ff45b91 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -23,6 +23,9 @@ repositories: url: https://grafana.github.io/helm-charts - name: prometheus-community url: https://prometheus-community.github.io/helm-charts + - name: static-site + url: git+https://github.com/cfpb/static-site@charts?ref=main + releases: # networking - name: metallb @@ -145,6 +148,13 @@ releases: - name: adminApiSharedSecret value: {{ requiredEnv "GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET"}} + # website + - name: incngrnt-web + namespace: incngrnt-web + createNamespace: true + chart: static-site/static-site + values: + - incngrnt-web/values.yaml # ghost blogs - name: kgnot-ghost namespace: ghost diff --git a/incngrnt-web/values.yaml b/incngrnt-web/values.yaml new file mode 100644 index 0000000..1a374a9 --- /dev/null +++ b/incngrnt-web/values.yaml @@ -0,0 +1,14 @@ +init: + method: wget + wget: + url: https://git.incngrnt.ca/grant/incngrnt/releases/download/v0.0.7/v0.0.7.tar + +ingress: + enabled: true + annotations: + "traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt" + hosts: + - host: incngrnt.ca + paths: + - path: / + pathType: ImplementationSpecific diff --git a/rook-ceph-cluster/middleware.yaml b/rook-ceph-cluster/middleware.yaml new file mode 100644 index 0000000..ae097e2 --- /dev/null +++ b/rook-ceph-cluster/middleware.yaml @@ -0,0 +1,8 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: ceph-stripprefix +spec: + stripPrefix: + prefixes: + - /fog/ceph diff --git a/rook-ceph-cluster/route.yaml b/rook-ceph-cluster/route.yaml deleted file mode 100644 index a0364d4..0000000 --- a/rook-ceph-cluster/route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: rook-ceph-mgr-dashboard -spec: - entryPoints: - - websecure - routes: - - match: Host(`fog.goatchat.ca`) && PathPrefix(`/fog/ceph`) - kind: Rule - middlewares: - - name: ceph-stripprefix - services: - - kind: Service - name: rook-ceph-mgr-dashboard - port: 7000 - tls: - certResolver: letsencrypt - ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: ceph-stripprefix -spec: - stripPrefix: - prefixes: - - /fog/ceph diff --git a/rook-ceph-cluster/values.yaml b/rook-ceph-cluster/values.yaml index 5a76acc..fd136f6 100644 --- a/rook-ceph-cluster/values.yaml +++ b/rook-ceph-cluster/values.yaml @@ -25,6 +25,17 @@ cephClusterSpec: memory: 256Mi limits: cpu: "1" + +ingress: + dashboard: + host: + name: fog.incngrnt.ca + path: /fog/ceph + pathType: Prefix + annotations: + "traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt" + "traefik.ingress.kubernetes.io/router.middlewares": "rook-ceph-ceph-stripprefix@kubernetescrd" + cephFileSystems: - name: ceph-filesystem # see https://github.com/rook/rook/blob/master/Documentation/ceph-filesystem-crd.md#filesystem-settings for available configuration diff --git a/traefik/values.yaml b/traefik/values.yaml index 035fe79..ebcf4ae 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -36,7 +36,7 @@ service: ingressRoute: dashboard: enabled: true - matchRule: Host(`fog.goatchat.ca`) && (PathPrefix(`/fog/traefik/dashboard`) || PathPrefix(`/fog/traefik/api`)) + matchRule: Host(`fog.incngrnt.ca`) && (PathPrefix(`/fog/traefik/dashboard`) || PathPrefix(`/fog/traefik/api`)) entryPoints: ["websecure"] middlewares: - name: traefik-dashboard-auth