From 56131f8759e78decb37bd469d2710c0ad443dba2 Mon Sep 17 00:00:00 2001 From: David Landry Date: Mon, 30 Jun 2025 17:24:53 -0400 Subject: [PATCH 1/4] chore(games): disable --- projects/{games.yaml => games.yaml.disabled} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename projects/{games.yaml => games.yaml.disabled} (100%) diff --git a/projects/games.yaml b/projects/games.yaml.disabled similarity index 100% rename from projects/games.yaml rename to projects/games.yaml.disabled From 9ead7d4516e63a898d1a216c28f54bba7f1c3e30 Mon Sep 17 00:00:00 2001 From: David Landry Date: Mon, 30 Jun 2025 17:25:24 -0400 Subject: [PATCH 2/4] feat(forgejo): add documentation on forgejo --- bootstrap/forgejo/README.md | 6 + bootstrap/forgejo/values.yaml | 640 ++++++++++++++++++++++++++++++++++ 2 files changed, 646 insertions(+) create mode 100644 bootstrap/forgejo/README.md create mode 100644 bootstrap/forgejo/values.yaml diff --git a/bootstrap/forgejo/README.md b/bootstrap/forgejo/README.md new file mode 100644 index 0000000..359ec82 --- /dev/null +++ b/bootstrap/forgejo/README.md @@ -0,0 +1,6 @@ +The manifests in this folder are not managed by ArgoCD. Instead, they document +the git repo that's in-use by the cluster. + +``` +helm install forgejo -f values.yaml oci://code.forgejo.org/forgejo-helm/forgejo --version 11.0.5 +``` diff --git a/bootstrap/forgejo/values.yaml b/bootstrap/forgejo/values.yaml new file mode 100644 index 0000000..44afc1f --- /dev/null +++ b/bootstrap/forgejo/values.yaml @@ -0,0 +1,640 @@ +# Default values for gitea. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "git-system" + +## @param replicaCount number of replicas for the deployment +replicaCount: 1 + +## @section strategy +## @param strategy.type strategy type +## @param strategy.rollingUpdate.maxSurge maxSurge +## @param strategy.rollingUpdate.maxUnavailable maxUnavailable +strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: "100%" + maxUnavailable: 0 + +## @param clusterDomain cluster domain +clusterDomain: cluster.local + +## @section Image +## @param image.registry image registry, e.g. gcr.io,docker.io +## @param image.repository Image to start for this pod +## @param image.tag Visit: [Image tag](https://code.forgejo.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml. +## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` +## @param image.pullPolicy Image pull policy +## @param image.rootless Wether or not to pull the rootless version of Forgejo +## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** +image: + registry: code.forgejo.org + repository: forgejo/forgejo + pullPolicy: IfNotPresent + rootless: true + +## @section Security +# Security context is only usable with rootless image due to image design +## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. +podSecurityContext: + fsGroup: 1000 + +## @param containerSecurityContext Security context +containerSecurityContext: {} +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - ALL +# # Add the SYS_CHROOT capability for root and rootless images if you intend to +# # run pods on nodes that use the container runtime cri-o. Otherwise, you will +# # get an error message from the SSH server that it is not possible to read from +# # the repository. +# # https://gitea.com/gitea/helm-chart/issues/161 +# add: +# - SYS_CHROOT +# privileged: false +# readOnlyRootFilesystem: true +# runAsGroup: 1000 +# runAsNonRoot: true +# runAsUser: 1000 + +## @param podDisruptionBudget Pod disruption budget +podDisruptionBudget: + minAvailable: 1 + +## @section Service +service: + ## @param service.http.type Kubernetes service type for web traffic + ## @param service.http.port Port number for web traffic + ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment + ## @param service.http.loadBalancerIP LoadBalancer IP setting + ## @param service.http.nodePort NodePort for http service + ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.http.externalIPs External IPs for service + ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy + ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer + ## @param service.http.annotations HTTP service annotations + ## @param service.http.labels HTTP service additional labels + ## @param service.http.loadBalancerClass Loadbalancer class + http: + type: ClusterIP + port: 3000 + clusterIP: + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + loadBalancerSourceRanges: [] + annotations: {} + labels: {} + loadBalancerClass: + ## @param service.ssh.type Kubernetes service type for ssh traffic + ## @param service.ssh.port Port number for ssh traffic + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment + ## @param service.ssh.loadBalancerIP LoadBalancer IP setting + ## @param service.ssh.nodePort NodePort for ssh service + ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.ssh.externalIPs External IPs for service + ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy + ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.ssh.hostPort HostPort for ssh service + ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer + ## @param service.ssh.annotations SSH service annotations + ## @param service.ssh.labels SSH service additional labels + ## @param service.ssh.loadBalancerClass Loadbalancer class + ssh: + type: ClusterIP + port: 22 + clusterIP: + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + hostPort: + loadBalancerSourceRanges: [] + annotations: {} + labels: {} + loadBalancerClass: + +## @section Ingress +## @param ingress.enabled Enable ingress +## @param ingress.className Ingress class name +## @param ingress.annotations Ingress annotations +## @param ingress.hosts[0].host Default Ingress host +## @param ingress.hosts[0].paths[0].path Default Ingress path +## @param ingress.hosts[0].paths[0].pathType Ingress path type +## @param ingress.tls Ingress tls settings +ingress: + # className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-issuer + enabled: true + hosts: + - host: git.nc.landry.land + paths: + - path: / + pathType: Prefix + - host: git.mgmt-k8s.nc.landry.land + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - git.nc.landry.land + - git.mgmt-k8s.nc.landry.land + secretName: forgejo-tls + +## @section deployment +# +## @param resources Kubernetes resources +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +## @section ServiceAccount + +## @param serviceAccount.create Enable the creation of a ServiceAccount +## @param serviceAccount.name Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. +## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token +## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount +## @param serviceAccount.annotations Custom annotations for the ServiceAccount +## @param serviceAccount.labels Custom labels for the ServiceAccount +serviceAccount: + create: false + name: "" + automountServiceAccountToken: false + imagePullSecrets: [] + # - name: private-registry-access + annotations: {} + labels: {} + +## @section Persistence +# +## @param persistence.enabled Enable persistent storage +## @param persistence.create Whether to create the persistentVolumeClaim for shared storage +## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created) +## @param persistence.claimName Use an existing claim to store repository information +## @param persistence.size Size for persistence to store repo information +## @param persistence.accessModes AccessMode for persistence +## @param persistence.labels Labels for the persistence volume claim to be created +## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim +## @param persistence.storageClass Name of the storage class to use +## @param persistence.subPath Subdirectory of the volume to mount at +## @param persistence.volumeName Name of persistent volume in PVC +persistence: + enabled: true + create: true + mount: true + claimName: forgejo-shared-storage + size: 10Gi + accessModes: + - ReadWriteOnce + labels: {} + storageClass: local-path + annotations: + helm.sh/resource-policy: keep + +## @param extraVolumes Additional volumes to mount to the Forgejo deployment +extraVolumes: [] +# - name: postgres-ssl-vol +# secret: +# secretName: gitea-postgres-ssl + +## @param extraContainerVolumeMounts Mounts that are only mapped into the Forgejo runtime/main container, to e.g. override custom templates. +extraContainerVolumeMounts: [] + +## @section Init + +## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers +## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers +## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers +initContainers: + resources: + limits: {} + requests: + cpu: 100m + memory: 128Mi + +# Configure commit/action signing prerequisites +## @section Signing +# +## @param signing.enabled Enable commit/action signing +## @param signing.gpgHome GPG home directory +## @param signing.privateKey Inline private GPG key for signed internal Git activity +## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` +signing: + enabled: false + gpgHome: /data/git/.gnupg + privateKey: "" + # privateKey: |- + # -----BEGIN PGP PRIVATE KEY BLOCK----- + # ... + # -----END PGP PRIVATE KEY BLOCK----- + existingSecret: "" + +## @section Gitea +# +gitea: + ## @param gitea.admin.username Username for the Forgejo admin user + ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials + ## @param gitea.admin.password Password for the Forgejo admin user + ## @param gitea.admin.email Email for the Forgejo admin user + ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated + admin: + username: davad + password: r8sdA8CPHD9!bt6d + email: "me@davad.me" + passwordMode: initialOnlyRequireReset + + ## @param gitea.metrics.enabled Enable Forgejo metrics + ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor + ## @param gitea.metrics.serviceMonitor.namespace Namespace in which Prometheus is running + metrics: + enabled: false + serviceMonitor: + enabled: false + namespace: "" + # additionalLabels: + # prometheus-release: prom1 + + ## @param gitea.ldap LDAP configuration + ldap: + [] + # - name: "LDAP 1" + # existingSecret: + # securityProtocol: + # host: + # port: + # userSearchBase: + # userFilter: + # adminFilter: + # emailAttribute: + # bindDn: + # bindPassword: + # usernameAttribute: + # publicSSHKeyAttribute: + + # Either specify inline `key` and `secret` or refer to them via `existingSecret` + ## @param gitea.oauth OAuth configuration + oauth: + [] + # - name: 'OAuth 1' + # provider: + # key: + # secret: + # existingSecret: + # autoDiscoverUrl: + # useCustomUrls: + # customAuthUrl: + # customTokenUrl: + # customProfileUrl: + # customEmailUrl: + + ## @param gitea.additionalConfigSources Additional configuration from secret or configmap + additionalConfigSources: [] + # - configMap: + # name: gitea-app-ini-plaintext + # - secret: + # secretName: gitea-app-ini-oauth + # - configMap: + # name: gitea-app-ini-plaintext + + ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Forgejo image. + ssh: + logLevel: "INFO" + + ## @section `app.ini` overrides + ## @descriptionStart + ## Every value described in the [Cheat + ## Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be + ## set as a Helm value. Configuration sections map to (lowercased) YAML + ## blocks, while the keys themselves remain in all caps. + ## @descriptionEnd + config: + # values in the DEFAULT section + # (https://forgejo.org/docs/latest/admin/config-cheat-sheet/#overall-default) + # are un-namespaced + + ## @param gitea.config.APP_NAME Application name, used in the page title + APP_NAME: "Forgejo: Beyond coding. We forge." + + ## @param gitea.config.RUN_MODE Application run mode, affects performance and debugging: `dev` or `prod` + RUN_MODE: prod + + ## @param gitea.config.repository General repository settings + repository: {} + + ## @param gitea.config.cors Cross-origin resource sharing settings + cors: {} + + ## @param gitea.config.ui User interface settings + ui: {} + + ## @param gitea.config.markdown Markdown parser settings + markdown: {} + + ## @param gitea.config.server [object] General server settings + server: + SSH_PORT: 22 # rootful image + SSH_LISTEN_PORT: 2222 # rootless image + LFS_START_SERVER: true + + ## @param gitea.config.database Database configuration (only necessary with an [externally managed DB](https://code.forgejo.org/forgejo-helm/forgejo-helm#external-database)). + database: {} + + ## @param gitea.config.indexer Settings for what content is indexed and how + indexer: {} + + ## @param gitea.config.queue Job queue configuration + queue: {} + + ## @param gitea.config.admin Admin user settings + admin: {} + + ## @param gitea.config.security Site security settings + security: {} + + ## @param gitea.config.camo Settings for the [camo](https://github.com/cactus/go-camo) media proxy server (disabled by default) + camo: {} + + ## @param gitea.config.openid Configuration for authentication with OpenID (disabled by default) + openid: {} + + ## @param gitea.config.oauth2_client OAuth2 client settings + oauth2_client: {} + + ## @param gitea.config.service Configuration for miscellaneous Forgejo services + service: {} + + ## @param gitea.config.ssh.minimum_key_sizes SSH minimum key sizes + ssh.minimum_key_sizes: {} + + ## @param gitea.config.webhook Webhook settings + webhook: {} + + ## @param gitea.config.mailer Mailer configuration (disabled by default) + mailer: {} + + ## @param gitea.config.email.incoming Configuration for handling incoming mail (disabled by default) + email.incoming: {} + + ## @param gitea.config.cache Cache configuration + cache: {} + + ## @param gitea.config.session Session/cookie handling + session: {} + + ## @param gitea.config.picture User avatar settings + picture: {} + + ## @param gitea.config.project Project board defaults + project: {} + + ## @param gitea.config.attachment Issue and PR attachment configuration + attachment: {} + + ## @param gitea.config.log Logging configuration + log: {} + + ## @param gitea.config.cron Cron job configuration + cron: {} + + ## @param gitea.config.git Global settings for Git + git: {} + + ## @param gitea.config.metrics Settings for the Prometheus endpoint (disabled by default) + metrics: {} + + ## @param gitea.config.api Settings for the Swagger API documentation endpoints + api: {} + + ## @param gitea.config.oauth2 Settings for the [OAuth2 provider](https://forgejo.org/docs/latest/admin/oauth2-provider/) + oauth2: {} + + ## @param gitea.config.i18n Internationalization settings + i18n: {} + + ## @param gitea.config.markup Configuration for advanced markup processors + markup: {} + + ## @param gitea.config.highlight.mapping File extension to language mapping overrides for syntax highlighting + highlight.mapping: {} + + ## @param gitea.config.time Locale settings + time: {} + + ## @param gitea.config.migrations Settings for Git repository migrations + migrations: {} + + ## @param gitea.config.federation Federation configuration + federation: {} + + ## @param gitea.config.packages Package registry settings + packages: {} + + ## @param gitea.config.mirror Configuration for repository mirroring + mirror: {} + + ## @param gitea.config.lfs Large File Storage configuration + lfs: + STORAGE_TYPE: local + + ## @param gitea.config.repo-avatar Repository avatar storage configuration + repo-avatar: {} + + ## @param gitea.config.avatar User/org avatar storage configuration + avatar: {} + + ## @param gitea.config.storage General storage settings + storage: + STORAGE_TYPE: local + + ## @param gitea.config.proxy Proxy configuration (disabled by default) + proxy: {} + + ## @param gitea.config.actions Configuration for [Forgejo Actions](https://forgejo.org/docs/latest/user/actions/) + actions: {} + + ## @param gitea.config.other Uncategorized configuration options + other: {} + + ## @section LivenessProbe + # + ## @param gitea.livenessProbe.enabled Enable liveness probe + ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness + ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated + ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe + ## @param gitea.livenessProbe.periodSeconds Period for liveness probe + ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe + ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe + # Modify the liveness probe for your needs or completely disable it by commenting out. + livenessProbe: + enabled: true + tcpSocket: + port: http + initialDelaySeconds: 200 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + + ## @section ReadinessProbe + # + ## @param gitea.readinessProbe.enabled Enable readiness probe + ## @param gitea.readinessProbe.httpGet.path Path to probe for readiness + ## @param gitea.readinessProbe.httpGet.port Port to probe for readiness + ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated + ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe + ## @param gitea.readinessProbe.periodSeconds Period for readiness probe + ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe + ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe + # Modify the readiness probe for your needs or completely disable it by commenting out. + readinessProbe: + enabled: true + httpGet: + path: /api/healthz + port: http + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + + # # Uncomment the startup probe to enable and modify it for your needs. + ## @section StartupProbe + # + ## @param gitea.startupProbe.enabled Enable startup probe + ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup + ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated + ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe + ## @param gitea.startupProbe.periodSeconds Period for startup probe + ## @param gitea.startupProbe.successThreshold Success threshold for startup probe + ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe + startupProbe: + enabled: false + tcpSocket: + port: http + initialDelaySeconds: 200 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + +## @section Redis® Cluster +## @descriptionStart +## Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. +## Full configuration options are available on their website. +## Redis cluster and [Redis](#redis) cannot be enabled at the same time. +## @descriptionEnd +# +## @param redis-cluster.enabled Enable redis cluster +## @param redis-cluster.usePassword Whether to use password authentication +## @param redis-cluster.cluster.nodes Number of redis cluster master nodes +## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas +redis-cluster: + enabled: false + usePassword: false + cluster: + nodes: 3 # default: 6 + replicas: 0 # default: 1 + +## @section Redis® +## @descriptionStart +## Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. +## Full configuration options are available on their website. +## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. +## @descriptionEnd +# +## @param redis.enabled Enable redis standalone or replicated +## @param redis.architecture Whether to use standalone or replication +## @param redis.global.redis.password Required password +## @param redis.master.count Number of Redis master instances to deploy +redis: + enabled: true + architecture: standalone + master: + count: 1 + +## @section PostgreSQL HA +## @descriptionStart +## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. +## Full configuration options are available on their website. +## @descriptionEnd +# +## @param postgresql-ha.enabled Enable PostgreSQL HA chart +## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`) +## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password +## @param postgresql-ha.postgresql.postgresPassword postgres Password +## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword +## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) +## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume +postgresql-ha: + enabled: false + global: + postgresql: + database: gitea + password: gitea + username: gitea + postgresql: + repmgrPassword: changeme2 + postgresPassword: changeme1 + password: changeme4 + pgpool: + adminPassword: changeme3 + service: + ports: + postgresql: 5432 + primary: + persistence: + size: 10Gi + +## @section PostgreSQL +## @descriptionStart +## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. +## Full configuration options are available on their website. +## @descriptionEnd +# +## @param postgresql.enabled Enable PostgreSQL +## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) +## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume +postgresql: + enabled: true + primary: + persistence: + size: 10Gi + +# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. +# Set it to false to skip this basic validation check. +## @section Advanced +## @param checkDeprecation Whether to run this basic validation check. +## @param test.enabled Whether to use test-connection Pod. +## @param test.image.name Image name for the wget container used in the test-connection Pod. +## @param test.image.tag Image tag for the wget container used in the test-connection Pod. +checkDeprecation: true +test: + enabled: true + image: + name: busybox + tag: latest + +## @param extraDeploy Array of extra objects to deploy with the release. +## +extraDeploy: [] From 564ec57cc72b4f11c7ada13dd56f4163222ceabf Mon Sep 17 00:00:00 2001 From: David Landry Date: Mon, 7 Jul 2025 13:21:20 -0400 Subject: [PATCH 3/4] chore(forgejo): update chart Chart version 12.5.3 App version 11.0.2 --- bootstrap/forgejo/values.yaml | 212 +++++++++++++++++++++++++++++++--- 1 file changed, 199 insertions(+), 13 deletions(-) diff --git a/bootstrap/forgejo/values.yaml b/bootstrap/forgejo/values.yaml index 44afc1f..d1e08dd 100644 --- a/bootstrap/forgejo/values.yaml +++ b/bootstrap/forgejo/values.yaml @@ -1,6 +1,24 @@ # Default values for gitea. # This is a YAML-formatted file. # Declare variables to be passed into your templates. +## @section Global +# +## @param global.imageRegistry global image registry override +## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` +## @param global.storageClass global storage class override +## @param global.hostAliases global hostAliases which will be added to the pod's hosts files +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + hostAliases: [] + # - ip: 192.168.137.2 + # hostnames: + # - example.com ## @param namespaceOverride String to fully override common.names.namespace ## @@ -28,14 +46,17 @@ clusterDomain: cluster.local ## @param image.tag Visit: [Image tag](https://code.forgejo.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml. ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.pullPolicy Image pull policy -## @param image.rootless Wether or not to pull the rootless version of Forgejo +## @param image.rootless Whether or not to pull the rootless version of Forgejo ## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** image: registry: code.forgejo.org repository: forgejo/forgejo - pullPolicy: IfNotPresent + pullPolicy: Always rootless: true +## @param imagePullSecrets Secret to use for pulling the image +imagePullSecrets: [] + ## @section Security # Security context is only usable with rootless image due to image design ## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. @@ -61,6 +82,12 @@ containerSecurityContext: {} # runAsNonRoot: true # runAsUser: 1000 +## @deprecated The securityContext variable has been split two: +## - containerSecurityContext +## - podSecurityContext. +## @param securityContext Run init and Forgejo containers as a specific securityContext +securityContext: {} + ## @param podDisruptionBudget Pod disruption budget podDisruptionBudget: minAvailable: 1 @@ -75,11 +102,12 @@ service: ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation ## @param service.http.externalIPs External IPs for service ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy - ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.http.ipFamilies HTTP service dual-stack family selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations ## @param service.http.labels HTTP service additional labels ## @param service.http.loadBalancerClass Loadbalancer class + ## @param service.http.extraPorts Additional ports http: type: ClusterIP port: 3000 @@ -94,6 +122,7 @@ service: annotations: {} labels: {} loadBalancerClass: + extraPorts: [] ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment @@ -102,7 +131,7 @@ service: ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation ## @param service.ssh.externalIPs External IPs for service ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy - ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.ssh.ipFamilies SSH service dual-stack family selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). ## @param service.ssh.hostPort HostPort for ssh service ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations @@ -131,11 +160,12 @@ service: ## @param ingress.hosts[0].host Default Ingress host ## @param ingress.hosts[0].paths[0].path Default Ingress path ## @param ingress.hosts[0].paths[0].pathType Ingress path type +## @param ingress.hosts[0].paths[0].port Target port for Ingress ## @param ingress.tls Ingress tls settings ingress: # className: nginx annotations: - cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/cluster-issuer: letsencrypt-issuer-dns01 enabled: true hosts: - host: git.nc.landry.land @@ -146,12 +176,89 @@ ingress: paths: - path: / pathType: Prefix + port: http tls: - hosts: - git.nc.landry.land - git.mgmt-k8s.nc.landry.land secretName: forgejo-tls +# Enables Gateway API HTTPRoute as a replacement for traditional Ingress resources +## @section Gateway-API HTTPRoute +## @param httpRoute.enabled Enables Gateway API HTTPRoute as a replacement for traditional Ingress resources +## @param httpRoute.annotations Annotations to add to the HTTPRoute resource +## @param httpRoute.parentRefs List of parentRefs for the HTTPRoute, typically referencing the Gateway(name, namespace) +## @param httpRoute.hostnames Hostnames this HTTPRoute applies to +## @param httpRoute.matches.path.type Type of path match (e.g., PathPrefix or Exact or RegularExpression) +## @param httpRoute.matches.path.value Path value for matching incoming requests +## @param httpRoute.matches.timeouts Object containing timeouts. +## @param httpRoute.filters Filters to apply on HTTP requests, such as header rewrites or request redirects +httpRoute: + enabled: false + annotations: {} + parentRefs: + [] + # - name: contour #name of the gateway resource + # namespace: projectcontour #name space where gateway resource running + hostnames: [] + # - my-filter.example.com + matches: + path: + type: PathPrefix + value: "/" + timeouts: + {} + # request: 10s #Maximum time the Gateway waits to complete the full client request and response cycle. + # backendRequest: 10s # Maximum time the Gateway waits for a response from the backend service. + filters: [] + # - type: RequestHeaderModifier + # requestHeaderModifier: + # set: + # - name: X-Forwarded-Proto + # value: https + +## @section Route +## @param route.enabled Enable route +## @param route.annotations Route annotations +## @param route.host Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) +## @param route.wildcardPolicy Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. +## @param route.tls.termination termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) +## @param route.tls.insecureEdgeTerminationPolicy the desired behavior for insecure connections to a route (e.g. with http) +## @param route.tls.existingSecret the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) +## @param route.tls.certificate PEM encoded single certificate +## @param route.tls.privateKey PEM encoded private key +## @param route.tls.caCertificate PEM encoded CA certificate or chain that issued the certificate +## @param route.tls.destinationCACertificate PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) +route: + enabled: false + annotations: {} + host: + wildcardPolicy: + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + existingSecret: + certificate: + # certificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + privateKey: + # privateKey: |- + # -----BEGIN PRIVATE KEY----- + # ... + # -----END PRIVATE KEY----- + caCertificate: + # caCertificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + destinationCACertificate: + # destinationCACertificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + ## @section deployment # ## @param resources Kubernetes resources @@ -163,6 +270,43 @@ resources: cpu: 100m memory: 128Mi +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +## @param schedulerName Use an alternate scheduler, e.g. "stork" +schedulerName: "" + +## @param nodeSelector NodeSelector for the deployment +nodeSelector: {} + +## @param tolerations Tolerations for the deployment +tolerations: [] + +## @param affinity Affinity for the deployment +affinity: {} + +## @param topologySpreadConstraints TopologySpreadConstraints for the deployment +topologySpreadConstraints: [] + +## @param dnsConfig dnsConfig for the deployment +dnsConfig: {} + +## @param priorityClassName priorityClassName for the deployment +priorityClassName: "" + +## @param deployment.env Additional environment variables to pass to containers +## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod +## @param deployment.labels Labels for the deployment +## @param deployment.annotations Annotations for the Forgejo deployment to be created +deployment: + env: + [] + # - name: VARIABLE + # value: my-value + terminationGracePeriodSeconds: 60 + labels: {} + annotations: {} + ## @section ServiceAccount ## @param serviceAccount.create Enable the creation of a ServiceAccount @@ -206,6 +350,12 @@ persistence: annotations: helm.sh/resource-policy: keep +## @param extraContainers Additional sidecar containers to run in the pod +extraContainers: [] +# - name: sidecar-bob +# image: busybox +# command: [/bin/sh, -c, 'echo "Hello world"; sleep 86400'] + ## @param extraVolumes Additional volumes to mount to the Forgejo deployment extraVolumes: [] # - name: postgres-ssl-vol @@ -215,7 +365,28 @@ extraVolumes: [] ## @param extraContainerVolumeMounts Mounts that are only mapped into the Forgejo runtime/main container, to e.g. override custom templates. extraContainerVolumeMounts: [] +## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. +extraInitVolumeMounts: [] + +## @deprecated The extraVolumeMounts variable has been split two: +## - extraContainerVolumeMounts +## - extraInitVolumeMounts +## As an example, can be used to mount a client cert when connecting to an external Postgres server. +## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Forgejo main container +extraVolumeMounts: [] +# - name: postgres-ssl-vol +# readOnly: true +# mountPath: "/pg-ssl" + ## @section Init +## @param initPreScript Bash shell script copied verbatim to the start of the init-container. +initPreScript: "" +# +# initPreScript: | +# mkdir -p /data/git/.postgresql +# cp /pg-ssl/* /data/git/.postgresql/ +# chown -R git:git /data/git/.postgresql/ +# chmod 400 /data/git/.postgresql/postgresql.key ## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers ## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers @@ -254,7 +425,7 @@ gitea: ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: username: davad - password: r8sdA8CPHD9!bt6d + password: r8sA8CPHD9!bt6d email: "me@davad.me" passwordMode: initialOnlyRequireReset @@ -304,13 +475,17 @@ gitea: ## @param gitea.additionalConfigSources Additional configuration from secret or configmap additionalConfigSources: [] - # - configMap: - # name: gitea-app-ini-plaintext # - secret: # secretName: gitea-app-ini-oauth # - configMap: # name: gitea-app-ini-plaintext + ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables + additionalConfigFromEnvs: [] + + ## @param gitea.podAnnotations Annotations for the Forgejo pod + podAnnotations: {} + ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Forgejo image. ssh: logLevel: "INFO" @@ -526,7 +701,7 @@ gitea: enabled: false tcpSocket: port: http - initialDelaySeconds: 200 + initialDelaySeconds: 60 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 @@ -564,6 +739,9 @@ redis-cluster: redis: enabled: true architecture: standalone + global: + redis: + password: changeme master: count: 1 @@ -582,7 +760,7 @@ redis: ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) -## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume +## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume postgresql-ha: enabled: false global: @@ -599,9 +777,8 @@ postgresql-ha: service: ports: postgresql: 5432 - primary: - persistence: - size: 10Gi + persistence: + size: 10Gi ## @section PostgreSQL ## @descriptionStart @@ -617,6 +794,15 @@ postgresql-ha: ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume postgresql: enabled: true + global: + postgresql: + auth: + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql: 5432 primary: persistence: size: 10Gi From 29297a35410ba598fd1a7e2d91b5b64657c92e64 Mon Sep 17 00:00:00 2001 From: David Landry Date: Thu, 10 Jul 2025 16:26:39 -0400 Subject: [PATCH 4/4] chore(forgejo): update probes --- bootstrap/forgejo/values.yaml | 5 +- projects/media.yaml | 93 --------------------------------- projects/prod-sites.yaml | 98 ----------------------------------- projects/staging-sites.yaml | 98 ----------------------------------- projects/work.yaml | 98 ----------------------------------- 5 files changed, 3 insertions(+), 389 deletions(-) delete mode 100644 projects/media.yaml delete mode 100644 projects/prod-sites.yaml delete mode 100644 projects/staging-sites.yaml delete mode 100644 projects/work.yaml diff --git a/bootstrap/forgejo/values.yaml b/bootstrap/forgejo/values.yaml index d1e08dd..6d4413d 100644 --- a/bootstrap/forgejo/values.yaml +++ b/bootstrap/forgejo/values.yaml @@ -657,7 +657,8 @@ gitea: # Modify the liveness probe for your needs or completely disable it by commenting out. livenessProbe: enabled: true - tcpSocket: + httpGet: + path: /api/healthz port: http initialDelaySeconds: 200 timeoutSeconds: 1 @@ -677,7 +678,7 @@ gitea: ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: - enabled: true + enabled: false httpGet: path: /api/healthz port: http diff --git a/projects/media.yaml b/projects/media.yaml deleted file mode 100644 index a84bc19..0000000 --- a/projects/media.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - annotations: - argocd-autopilot.argoproj-labs.io/default-dest-server: https://kubernetes.default.svc - argocd.argoproj.io/sync-options: PruneLast=true - argocd.argoproj.io/sync-wave: "-2" - creationTimestamp: null - name: media - namespace: argocd -spec: - clusterResourceWhitelist: - - group: "*" - kind: "*" - description: media project - destinations: - - namespace: "*" - server: "*" - namespaceResourceWhitelist: - - group: "*" - kind: "*" - sourceRepos: - - "*" -status: {} - ---- -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - annotations: - argocd.argoproj.io/sync-wave: "0" - creationTimestamp: null - name: media - namespace: argocd -spec: - generators: - - git: - files: - - path: apps/**/media/config.json - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - requeueAfterSeconds: 20 - revision: "" - template: - metadata: {} - spec: - destination: {} - project: "" - - git: - files: - - path: apps/**/media/config_dir.json - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - requeueAfterSeconds: 20 - revision: "" - template: - metadata: {} - spec: - destination: {} - project: "" - source: - directory: - exclude: "{{ exclude }}" - include: "{{ include }}" - jsonnet: {} - recurse: true - repoURL: "" - syncPolicy: {} - template: - metadata: - labels: - app.kubernetes.io/managed-by: argocd-autopilot - app.kubernetes.io/name: "{{ appName }}" - name: media-{{ userGivenName }} - namespace: argocd - spec: - destination: - namespace: "{{ destNamespace }}" - server: "{{ destServer }}" - ignoreDifferences: - - group: argoproj.io - jsonPointers: - - /status - kind: Application - project: media - source: - path: "{{ srcPath }}" - repoURL: "{{ srcRepoURL }}" - targetRevision: "{{ srcTargetRevision }}" - syncPolicy: - automated: - allowEmpty: true - prune: true - selfHeal: true -status: {} diff --git a/projects/prod-sites.yaml b/projects/prod-sites.yaml deleted file mode 100644 index a06df9e..0000000 --- a/projects/prod-sites.yaml +++ /dev/null @@ -1,98 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - annotations: - argocd-autopilot.argoproj-labs.io/default-dest-server: https://kubernetes.default.svc - argocd.argoproj.io/sync-options: PruneLast=true - argocd.argoproj.io/sync-wave: "-2" - creationTimestamp: null - name: prod-sites - namespace: argocd -spec: - clusterResourceWhitelist: - - group: "*" - kind: "*" - description: prod version of static sites - destinations: - - namespace: "prod-sites" - server: "*" - namespaceResourceWhitelist: - - group: "*" - kind: "*" - sourceRepos: - - "*" -status: {} - ---- -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - annotations: - argocd.argoproj.io/sync-wave: "0" - creationTimestamp: null - name: prod-sites - namespace: argocd -spec: - generators: - - git: - files: - - path: apps/**/prod-sites/config.json - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - requeueAfterSeconds: 20 - revision: "" - template: - metadata: {} - spec: - destination: {} - project: "" - - git: - files: - - path: apps/**/prod-sites/config_dir.json - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - requeueAfterSeconds: 20 - revision: "" - template: - metadata: {} - spec: - destination: {} - project: "" - source: - directory: - exclude: "{{ exclude }}" - include: "{{ include }}" - jsonnet: {} - recurse: true - repoURL: "" - syncPolicy: {} - template: - metadata: - labels: - app.kubernetes.io/managed-by: argocd-autopilot - app.kubernetes.io/name: "{{ appName }}" - name: prod-sites-{{ userGivenName }} - namespace: argocd - spec: - destination: - namespace: "{{ destNamespace }}" - server: "{{ destServer }}" - ignoreDifferences: - - group: argoproj.io - jsonPointers: - - /status - kind: Application - project: prod-sites - source: - path: "{{ srcPath }}" - repoURL: "{{ srcRepoURL }}" - targetRevision: "{{ srcTargetRevision }}" - syncPolicy: - automated: - allowEmpty: true - prune: true - selfHeal: true -status: {} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: prod-sites diff --git a/projects/staging-sites.yaml b/projects/staging-sites.yaml deleted file mode 100644 index 94ebad8..0000000 --- a/projects/staging-sites.yaml +++ /dev/null @@ -1,98 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - annotations: - argocd-autopilot.argoproj-labs.io/default-dest-server: https://kubernetes.default.svc - argocd.argoproj.io/sync-options: PruneLast=true - argocd.argoproj.io/sync-wave: "-2" - creationTimestamp: null - name: staging-sites - namespace: argocd -spec: - clusterResourceWhitelist: - - group: "*" - kind: "*" - description: staging version of static sites - destinations: - - namespace: "staging-sites" - server: "*" - namespaceResourceWhitelist: - - group: "*" - kind: "*" - sourceRepos: - - "*" -status: {} - ---- -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - annotations: - argocd.argoproj.io/sync-wave: "0" - creationTimestamp: null - name: staging-sites - namespace: argocd -spec: - generators: - - git: - files: - - path: apps/**/staging-sites/config.json - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - requeueAfterSeconds: 20 - revision: "" - template: - metadata: {} - spec: - destination: {} - project: "" - - git: - files: - - path: apps/**/staging-sites/config_dir.json - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - requeueAfterSeconds: 20 - revision: "" - template: - metadata: {} - spec: - destination: {} - project: "" - source: - directory: - exclude: "{{ exclude }}" - include: "{{ include }}" - jsonnet: {} - recurse: true - repoURL: "" - syncPolicy: {} - template: - metadata: - labels: - app.kubernetes.io/managed-by: argocd-autopilot - app.kubernetes.io/name: "{{ appName }}" - name: staging-sites-{{ userGivenName }} - namespace: argocd - spec: - destination: - namespace: "{{ destNamespace }}" - server: "{{ destServer }}" - ignoreDifferences: - - group: argoproj.io - jsonPointers: - - /status - kind: Application - project: staging-sites - source: - path: "{{ srcPath }}" - repoURL: "{{ srcRepoURL }}" - targetRevision: "{{ srcTargetRevision }}" - syncPolicy: - automated: - allowEmpty: true - prune: true - selfHeal: true -status: {} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: staging-sites diff --git a/projects/work.yaml b/projects/work.yaml deleted file mode 100644 index 8417b60..0000000 --- a/projects/work.yaml +++ /dev/null @@ -1,98 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - annotations: - argocd-autopilot.argoproj-labs.io/default-dest-server: https://kubernetes.default.svc - argocd.argoproj.io/sync-options: PruneLast=true - argocd.argoproj.io/sync-wave: "-2" - creationTimestamp: null - name: work - namespace: argocd -spec: - clusterResourceWhitelist: - - group: "*" - kind: "*" - description: playground for work projects - destinations: - - namespace: "work-*" # Change back to 'work-*' after I finish testing the rabbitmq operators - server: "*" - namespaceResourceWhitelist: - - group: "*" - kind: "*" - sourceRepos: - - "*" -status: {} - ---- -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - annotations: - argocd.argoproj.io/sync-wave: "0" - creationTimestamp: null - name: work - namespace: argocd -spec: - generators: - - git: - files: - - path: apps/**/work/config.json - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - requeueAfterSeconds: 20 - revision: "" - template: - metadata: {} - spec: - destination: {} - project: "" - - git: - files: - - path: apps/**/work/config_dir.json - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - requeueAfterSeconds: 20 - revision: "" - template: - metadata: {} - spec: - destination: {} - project: "" - source: - directory: - exclude: "{{ exclude }}" - include: "{{ include }}" - jsonnet: {} - recurse: true - repoURL: "" - syncPolicy: {} - template: - metadata: - labels: - app.kubernetes.io/managed-by: argocd-autopilot - app.kubernetes.io/name: "{{ appName }}" - name: work-{{ userGivenName }} - namespace: argocd - spec: - destination: - namespace: "{{ destNamespace }}" - server: "{{ destServer }}" - ignoreDifferences: - - group: argoproj.io - jsonPointers: - - /status - kind: Application - project: work - source: - path: "{{ srcPath }}" - repoURL: "{{ srcRepoURL }}" - targetRevision: "{{ srcTargetRevision }}" - syncPolicy: - # automated: - # allowEmpty: true - # prune: true - # selfHeal: true -status: {} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: work