feat: Gitea | expose service to public internet without cloudflared

1password/secrets.yaml

@@ -48,3 +48,13 @@ metadata:
     operator.1password.io/auto-restart: "true"
 spec:
   itemPath: "vaults/Lab/items/Gitea"
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: cloudflare-token
+  namespace: cert-manager
+  annotations:
+    operator.1password.io/auto-restart: "true"
+spec:
+  itemPath: "vaults/Lab/items/Cloudflare"

cert-manager/cert-manager.yaml

@@ -32,3 +32,21 @@ metadata:
 spec:
   ca:
     secretName: root-secret
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-issuer
+  namespace: cert-manager
+spec:
+  acme:
+    email: shahab@dogar.dev
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-cluster-issuer-account-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-token
+            key: credential

helm/values/gitea.values.yaml

@@ -1,17 +1,8 @@
-service:
-  http:
-    annotations:
-      external-dns.alpha.kubernetes.io/hostname: git.dogar.dev
-      metallb.universe.tf/allow-shared-ip: gitea
-  ssh:
-    annotations:
-      external-dns.alpha.kubernetes.io/hostname: git.dogar.dev
-      metallb.universe.tf/allow-shared-ip: gitea
 ingress:
   enabled: true
   className: nginx-internal
   annotations:
-    cert-manager.io/cluster-issuer: cluster-issuer
+    cert-manager.io/cluster-issuer: cloudflare-issuer
   hosts:
     - host: git.dogar.dev
       paths:

helm/values/nginx-internal.values.yaml

@@ -11,4 +11,4 @@ controller:
       external-dns.alpha.kubernetes.io/hostname: postgres.home
 tcp:
   5432: "postgres-system/postgres-cluster-rw:5432"
-  2222: "gitea-system/gitea-ssh:22"
+  22: "gitea-system/gitea-ssh:22"