add flaresolverr

fix: configure Gitea with proper domain and HTTPS
- Update domain from gitea.turing.lan to gitea.gilgamezh.me - Configure Traefik ingress with TLS termination - Set ROOT_URL to https while keeping internal protocol as http - Enable Let's Encrypt certificate generation Gitea is now accessible at https://gitea.gilgamezh.me with proper styling. CSS 404 errors in dev tools are expected - assets are embedded in binary. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-30 13:12:19 +02:00 · 2025-08-16 11:35:50 +02:00 · 2025-08-16 11:00:20 +02:00
3 changed files with 107 additions and 9 deletions
@@ -272,4 +272,67 @@ Before migrating any application to ArgoCD:
 4. **Confirm Configuration Persistence**:
   ```bash
   kubectl exec -it deployment/<app-name> -- ls -la /config
-   ```
+   ```
+
+### ArgoCD Image-Updater Multi-Source Application Issues
+
+#### Problem: Credential Errors with Multi-Source Applications
+When using ArgoCD image-updater with multi-source applications (chart from external repo + values from Git), the image-updater may fail with credential errors like:
+```
+Could not update application spec: could not get creds for repo 'https://chart-repository.com': credentials for 'https://chart-repository.com' are not configured in Argo CD settings
+```
+
+#### Root Cause Analysis
+1. **Multi-Source Confusion**: Image-updater tries to write back changes to the chart repository instead of the values repository
+2. **Git Write-Back Limitations**: The `git` write-back method doesn't handle multi-source applications properly
+3. **Repository Credentials**: External chart repositories (like Bananaspliff) don't have write credentials configured
+
+#### Solution: Use ArgoCD API Write-Back Method
+Instead of using `git` write-back method, use the `argocd` API method for multi-source applications:
+
+```yaml
+metadata:
+  annotations:
+    argocd-image-updater.argoproj.io/image-list: app=registry/image:latest
+    argocd-image-updater.argoproj.io/app.update-strategy: digest
+    argocd-image-updater.argoproj.io/write-back-method: argocd  # Use ArgoCD API instead of git
+    argocd-image-updater.argoproj.io/write-back-target: http://git-repo.local/values.git  # Optional: specify target repo
+```
+
+#### Implementation Steps
+1. **Update Image-Updater Configuration**:
+   ```bash
+   kubectl patch configmap argocd-image-updater-config -n argocd --patch '{"data":{"git.user":"argocd-image-updater","git.email":"argocd@turing.lan"}}'
+   ```
+
+2. **Change Application Write-Back Method**:
+   ```bash
+   kubectl patch application <app-name> -n argocd --type='merge' --patch='{"metadata":{"annotations":{"argocd-image-updater.argoproj.io/write-back-method":"argocd"}}}'
+   ```
+
+3. **Restart Image-Updater**:
+   ```bash
+   kubectl rollout restart deployment argocd-image-updater -n argocd
+   ```
+
+#### Verification Commands
+```bash
+# Check image-updater logs for success
+kubectl logs -n argocd deployment/argocd-image-updater --tail=20
+
+# Look for these success indicators:
+# - "Successfully updated the live application spec" 
+# - "Processing results: applications=X images_considered=X images_skipped=0 images_updated=X errors=0"
+
+# Verify applications remain healthy
+argocd app list
+
+# Check that pods are updated with new images
+kubectl get pods -l app=<app-name>
+```
+
+#### Key Learnings
+- **ArgoCD API Method**: Works better than Git write-back for multi-source applications
+- **No Repository Credentials Needed**: ArgoCD API method doesn't require external repository write credentials
+- **Application Spec Updates**: Changes are applied directly to ArgoCD application specs, not Git files
+- **Multi-Source Compatibility**: This approach handles complex application configurations properly
@@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: flaresolverr
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - repoURL: https://k8s-at-home.com/charts/
+      chart: flaresolverr
+      targetRevision: "*"
+      ref: charts
+      helm:
+        releaseName: flaresolverr
+        valueFiles:
+          - $values/flaresolverr_values.yaml
+    - repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/turingpi.git
+      targetRevision: HEAD
+      ref: values
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - ServerSideApply=true
+
@@ -18,17 +18,21 @@ service:
 # Ingress for web access  
 ingress:
  enabled: true
-  className: nginx
+  className: traefik
  pathType: Prefix
  annotations:
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    # Restrict to LAN access (matching your existing pattern)
-    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
+    traefik.ingress.kubernetes.io/whitelist.sourcerange: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  hosts:
-    - host: gitea.turing.lan
+    - host: gitea.gilgamezh.me
      paths:
        - path: /
          pathType: Prefix
+  tls:
+    - secretName: gitea-tls
+      hosts:
+        - gitea.gilgamezh.me

 # Storage using your NFS setup
 persistence:
@@ -67,16 +71,17 @@ gitea:
  admin:
    username: admin
    password: "gitea-admin-pass"  # Change this!
-    email: "admin@turing.lan"
+    email: "admin@gilgamezh.me"

  config:
    APP_NAME: "TuringPi Gitea"
    RUN_MODE: prod
    
    server:
-      DOMAIN: gitea.turing.lan
-      SSH_DOMAIN: gitea.turing.lan
-      ROOT_URL: http://gitea.turing.lan
+      DOMAIN: gitea.gilgamezh.me
+      SSH_DOMAIN: gitea.gilgamezh.me
+      ROOT_URL: https://gitea.gilgamezh.me
+      PROTOCOL: http
      DISABLE_SSH: false
      SSH_PORT: 22
      LFS_START_SERVER: true