From 4a5c9fda342b64a36a5658fb67b788536afb3593 Mon Sep 17 00:00:00 2001 From: Shahab Dogar Date: Tue, 1 Oct 2024 16:04:52 +0500 Subject: [PATCH] feat: Gitea | expose service to public internet without cloudflared --- 1password/secrets.yaml | 10 ++++++++++ cert-manager/cert-manager.yaml | 18 ++++++++++++++++++ helm/values/gitea.values.yaml | 11 +---------- helm/values/nginx-internal.values.yaml | 2 +- 4 files changed, 30 insertions(+), 11 deletions(-) diff --git a/1password/secrets.yaml b/1password/secrets.yaml index b3ab9a6..fe6627e 100644 --- a/1password/secrets.yaml +++ b/1password/secrets.yaml @@ -48,3 +48,13 @@ metadata: operator.1password.io/auto-restart: "true" spec: itemPath: "vaults/Lab/items/Gitea" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: cloudflare-token + namespace: cert-manager + annotations: + operator.1password.io/auto-restart: "true" +spec: + itemPath: "vaults/Lab/items/Cloudflare" diff --git a/cert-manager/cert-manager.yaml b/cert-manager/cert-manager.yaml index 86bb452..58b34f0 100644 --- a/cert-manager/cert-manager.yaml +++ b/cert-manager/cert-manager.yaml @@ -32,3 +32,21 @@ metadata: spec: ca: secretName: root-secret +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cloudflare-issuer + namespace: cert-manager +spec: + acme: + email: shahab@dogar.dev + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: cloudflare-cluster-issuer-account-key + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-token + key: credential diff --git a/helm/values/gitea.values.yaml b/helm/values/gitea.values.yaml index e06ef18..efa7749 100644 --- a/helm/values/gitea.values.yaml +++ b/helm/values/gitea.values.yaml @@ -1,17 +1,8 @@ -service: - http: - annotations: - external-dns.alpha.kubernetes.io/hostname: git.dogar.dev - metallb.universe.tf/allow-shared-ip: gitea - ssh: - annotations: - external-dns.alpha.kubernetes.io/hostname: git.dogar.dev - metallb.universe.tf/allow-shared-ip: gitea ingress: enabled: true className: nginx-internal annotations: - cert-manager.io/cluster-issuer: cluster-issuer + cert-manager.io/cluster-issuer: cloudflare-issuer hosts: - host: git.dogar.dev paths: diff --git a/helm/values/nginx-internal.values.yaml b/helm/values/nginx-internal.values.yaml index cce1473..2d4d21a 100644 --- a/helm/values/nginx-internal.values.yaml +++ b/helm/values/nginx-internal.values.yaml @@ -11,4 +11,4 @@ controller: external-dns.alpha.kubernetes.io/hostname: postgres.home tcp: 5432: "postgres-system/postgres-cluster-rw:5432" - 2222: "gitea-system/gitea-ssh:22" + 22: "gitea-system/gitea-ssh:22"