From 242f6d905b72a016c012ce80db9f5684dce36aab Mon Sep 17 00:00:00 2001 From: cloudymax Date: Fri, 20 Dec 2024 13:13:06 +0100 Subject: [PATCH] separate out existign secrets --- demo/forgejo/forgejo_argocd_appset.yaml | 32 ++++-- demo/forgejo/forgejo_valkey_appset.yaml | 108 +++++++++++++++++++++ demo/forgejo/gitea-pgsql-credentials.yaml | 9 ++ demo/forgejo/gitea-redis-creds.yaml | 8 ++ demo/forgejo/gitea-valkey-credentials.yaml | 9 ++ 5 files changed, 158 insertions(+), 8 deletions(-) create mode 100644 demo/forgejo/forgejo_valkey_appset.yaml create mode 100644 demo/forgejo/gitea-pgsql-credentials.yaml create mode 100644 demo/forgejo/gitea-redis-creds.yaml create mode 100644 demo/forgejo/gitea-valkey-credentials.yaml diff --git a/demo/forgejo/forgejo_argocd_appset.yaml b/demo/forgejo/forgejo_argocd_appset.yaml index 11572c611..24524188d 100644 --- a/demo/forgejo/forgejo_argocd_appset.yaml +++ b/demo/forgejo/forgejo_argocd_appset.yaml @@ -395,13 +395,11 @@ spec: # prometheus-release: prom1 ## @param gitea.ldap LDAP configuration - ldap: - [] + ldap: [] # Either specify inline `key` and `secret` or refer to them via `existingSecret` ## @param gitea.oauth OAuth configuration - oauth: - [] + oauth: [] # - name: 'OAuth 1' # provider: # key: @@ -422,7 +420,27 @@ spec: # name: gitea-app-ini-plaintext ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables - additionalConfigFromEnvs: [] + additionalConfigFromEnvs: + - name: FORGEJO__CACHE__HOST + valueFrom: + secretKeyRef: + name: redis-creds + key: REDIS_URL + - name: FORGEJO__QUEUE__CONN_STR + valueFrom: + secretKeyRef: + name: redis-creds + key: REDIS_URL + - name: FORGEJO__DATABASE__USER + valueFrom: + secretKeyRef: + name: forgejo-pgsql-credentials + key: username + - name: FORGEJO__DATABASE__PASSWD + valueFrom: + secretKeyRef: + name: forgejo-pgsql-credentials + key: password ## @param gitea.podAnnotations Annotations for the Forgejo pod podAnnotations: {} @@ -462,10 +480,8 @@ spec: ## @param gitea.config.database Database configuration (only necessary with an [externally managed DB](https://code.forgejo.org/forgejo-helm/forgejo-helm#external-database)). database: DB_TYPE: postgres + USER: forgejo HOST: forgejo-postgres:5432 - NAME: forgejo - USER: root - PASSWD: "your-password-here" SSL_MODE: disable ## @param gitea.config.indexer Settings for what content is indexed and how diff --git a/demo/forgejo/forgejo_valkey_appset.yaml b/demo/forgejo/forgejo_valkey_appset.yaml new file mode 100644 index 000000000..7c51b64a6 --- /dev/null +++ b/demo/forgejo/forgejo_valkey_appset.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: forgejo-valkey-cluster-appset + namespace: argocd +spec: + # enable go templating + goTemplate: true + generators: + - plugin: + configMapRef: + name: secret-var-plugin-generator + input: + parameters: + secret_vars: + - global_time_zone + template: + metadata: + name: forgejo-valkey-cluster-app + annotations: + argocd.argoproj.io/sync-wave: "1" + spec: + project: default + destination: + server: https://kubernetes.default.svc + namespace: forgejo + + syncPolicy: + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + automated: + prune: true + selfHeal: true + + source: + repoURL: 'registry-1.docker.io' + chart: bitnamicharts/valkey-cluster + targetRevision: 1.0.2 + helm: + valuesObject: + + global: + storageClass: "local-path" + + fullnameOverride: "valkey" + + usePassword: true + existingSecret: "forgejo-valkey-credentials" + existingSecretPasswordKey: "valkey-password" + + tls: + enabled: false + authClients: true + autoGenerated: false + + persistence: + enabled: true + path: /bitnami/valkey/data + storageClass: local-path + annotations: + k8up.io/backup: 'true' + accessModes: + - ReadWriteOnce + size: 8G + + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Retain + whenDeleted: Retain + + valkey: + command: [] + args: [] + updateStrategy: + type: RollingUpdate + rollingUpdate: + partition: 0 + + podManagementPolicy: Parallel + automountServiceAccountToken: false + hostNetwork: false + containerPorts: + valkey: 6379 + bus: 16379 + + resourcesPreset: "nano" + + cluster: + init: true + nodes: 3 + replicas: 0 + externalAccess: + enabled: false + hostMode: false + service: + disableLoadBalancerIP: false + type: LoadBalancer + port: 6379 + loadBalancerIP: [] + loadBalancerSourceRanges: [] + + # metrics on valkey cluster + metrics: + # we use a grafana exporter that logs into valkey directly + enabled: true + resourcesPreset: nano diff --git a/demo/forgejo/gitea-pgsql-credentials.yaml b/demo/forgejo/gitea-pgsql-credentials.yaml new file mode 100644 index 000000000..9c1212870 --- /dev/null +++ b/demo/forgejo/gitea-pgsql-credentials.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: gitea-pgsql-credentials + namespace: forgejo +stringData: + password: "your-password-here" + username: "forgejo" diff --git a/demo/forgejo/gitea-redis-creds.yaml b/demo/forgejo/gitea-redis-creds.yaml new file mode 100644 index 000000000..7cb08ab5f --- /dev/null +++ b/demo/forgejo/gitea-redis-creds.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: redis-creds + namespace: forgejo +stringData: + REDIS_URL: "redis://your-password-here@valkey:6379/0" diff --git a/demo/forgejo/gitea-valkey-credentials.yaml b/demo/forgejo/gitea-valkey-credentials.yaml new file mode 100644 index 000000000..90fd8227d --- /dev/null +++ b/demo/forgejo/gitea-valkey-credentials.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: forgejo-valkey-credentials + namespace: forgejo +stringData: + valkey-password: "your-password-here" +