add flaresolverr

fix: configure Gitea with proper domain and HTTPS
- Update domain from gitea.turing.lan to gitea.gilgamezh.me - Configure Traefik ingress with TLS termination - Set ROOT_URL to https while keeping internal protocol as http - Enable Let's Encrypt certificate generation Gitea is now accessible at https://gitea.gilgamezh.me with proper styling. CSS 404 errors in dev tools are expected - assets are embedded in binary. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-30 13:12:19 +02:00 · 2025-08-16 11:35:50 +02:00 · 2025-08-16 11:00:20 +02:00
3 changed files with 107 additions and 9 deletions
@@ -273,3 +273,66 @@ Before migrating any application to ArgoCD:
   ```bash
   kubectl exec -it deployment/<app-name> -- ls -la /config
   ```
 ### ArgoCD Image-Updater Multi-Source Application Issues
 #### Problem: Credential Errors with Multi-Source Applications
 When using ArgoCD image-updater with multi-source applications (chart from external repo + values from Git), the image-updater may fail with credential errors like:
 ```
 Could not update application spec: could not get creds for repo 'https://chart-repository.com': credentials for 'https://chart-repository.com' are not configured in Argo CD settings
 ```
 #### Root Cause Analysis
 1. **Multi-Source Confusion**: Image-updater tries to write back changes to the chart repository instead of the values repository
 2. **Git Write-Back Limitations**: The `git` write-back method doesn't handle multi-source applications properly
 3. **Repository Credentials**: External chart repositories (like Bananaspliff) don't have write credentials configured
 #### Solution: Use ArgoCD API Write-Back Method
 Instead of using `git` write-back method, use the `argocd` API method for multi-source applications:
 ```yaml
 metadata:
  annotations:
    argocd-image-updater.argoproj.io/image-list: app=registry/image:latest
    argocd-image-updater.argoproj.io/app.update-strategy: digest
    argocd-image-updater.argoproj.io/write-back-method: argocd  # Use ArgoCD API instead of git
    argocd-image-updater.argoproj.io/write-back-target: http://git-repo.local/values.git  # Optional: specify target repo
 ```
 #### Implementation Steps
 1. **Update Image-Updater Configuration**:
   ```bash
   kubectl patch configmap argocd-image-updater-config -n argocd --patch '{"data":{"git.user":"argocd-image-updater","git.email":"argocd@turing.lan"}}'
   ```
 2. **Change Application Write-Back Method**:
   ```bash
   kubectl patch application <app-name> -n argocd --type='merge' --patch='{"metadata":{"annotations":{"argocd-image-updater.argoproj.io/write-back-method":"argocd"}}}'
   ```
 3. **Restart Image-Updater**:
   ```bash
   kubectl rollout restart deployment argocd-image-updater -n argocd
   ```
 #### Verification Commands
 ```bash
 # Check image-updater logs for success
 kubectl logs -n argocd deployment/argocd-image-updater --tail=20
 # Look for these success indicators:
 # - "Successfully updated the live application spec" 
 # - "Processing results: applications=X images_considered=X images_skipped=0 images_updated=X errors=0"
 # Verify applications remain healthy
 argocd app list
 # Check that pods are updated with new images
 kubectl get pods -l app=<app-name>
 ```
 #### Key Learnings
 - **ArgoCD API Method**: Works better than Git write-back for multi-source applications
 - **No Repository Credentials Needed**: ArgoCD API method doesn't require external repository write credentials
 - **Application Spec Updates**: Changes are applied directly to ArgoCD application specs, not Git files
 - **Multi-Source Compatibility**: This approach handles complex application configurations properly
@@ -0,0 +1,30 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: flaresolverr
  namespace: argocd
 spec:
  project: default
  sources:
    - repoURL: https://k8s-at-home.com/charts/
      chart: flaresolverr
      targetRevision: "*"
      ref: charts
      helm:
        releaseName: flaresolverr
        valueFiles:
          - $values/flaresolverr_values.yaml
    - repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/turingpi.git
      targetRevision: HEAD
      ref: values
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
    - ServerSideApply=true
@@ -18,17 +18,21 @@ service:
 # Ingress for web access  
 ingress:
  enabled: true
-  className: nginx
+  className: traefik
  pathType: Prefix
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    # Restrict to LAN access (matching your existing pattern)
-    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
+    traefik.ingress.kubernetes.io/whitelist.sourcerange: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
  hosts:
-    - host: gitea.turing.lan
+    - host: gitea.gilgamezh.me
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: gitea-tls
      hosts:
        - gitea.gilgamezh.me
 # Storage using your NFS setup
 persistence:
@@ -67,16 +71,17 @@ gitea:
  admin:
    username: admin
    password: "gitea-admin-pass"  # Change this!
-    email: "admin@turing.lan"
+    email: "admin@gilgamezh.me"
  config:
    APP_NAME: "TuringPi Gitea"
    RUN_MODE: prod
    server:
-      DOMAIN: gitea.turing.lan
+      DOMAIN: gitea.gilgamezh.me
-      SSH_DOMAIN: gitea.turing.lan
+      SSH_DOMAIN: gitea.gilgamezh.me
-      ROOT_URL: http://gitea.turing.lan
+      ROOT_URL: https://gitea.gilgamezh.me
      PROTOCOL: http
      DISABLE_SSH: false
      SSH_PORT: 22
      LFS_START_SERVER: true