admin/turingpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ace05a695aba6196131794da86baf37af4dc037
turingpi/non_argo_values/gitea_values.yaml
T
gilgamezh 3ace05a695 build: migrate ingresses for Traefik v3 (k3s upgrade) 
k3s update bumped Traefik chart 37 → 39, dropping v2 support. Replace
the v2-only `whitelist.sourcerange` annotation on the gitea ingress
with an `ipAllowList` Middleware (resources/gitea-middleware.yaml),
referenced via `router.middlewares`. Switch the default-ns ingresses
(kube-plex, radarr, sonarr, lidarr) from the deprecated
`kubernetes.io/ingress.class` annotation to `spec.ingressClassName`.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-12 09:24:50 +02:00

128 lines
2.9 KiB
YAML
Raw Blame History

# Gitea configuration for TuringPi K3s cluster
# Self-hosted Git server for ArgoCD integration
# Single replica for homelab
replicaCount: 1
# Service configuration - LoadBalancer for direct access
service:
http:
type: LoadBalancer
port: 3000
# MetalLB will assign an IP
ssh:
type: LoadBalancer
port: 22
# For git SSH access
# Ingress for web access
ingress:
enabled: true
className: traefik
pathType: Prefix
annotations:
# Restrict to LAN access via Traefik v3 Middleware (resources/gitea-middleware.yaml)
traefik.ingress.kubernetes.io/router.middlewares: "gitea-lan-only@kubernetescrd"
cert-manager.io/cluster-issuer: "letsencrypt-production"
hosts:
- host: gitea.gilgamezh.me
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls
hosts:
- gitea.gilgamezh.me
# Storage using your NFS setup
persistence:
enabled: true
create: true
storageClass: "nfs-client" # Your existing NFS storage class
size: 20Gi
accessModes:
- ReadWriteOnce
# Database - use PostgreSQL for production-ready setup
postgresql:
enabled: true
auth:
username: gitea
database: gitea
# Password will be auto-generated
primary:
persistence:
enabled: true
storageClass: "nfs-client"
size: 10Gi
# Disable PostgreSQL HA (since we're enabling regular postgresql)
postgresql-ha:
enabled: false
# Disable Valkey cluster (Redis alternative) - not needed for homelab
valkey-cluster:
enabled: false
# Gitea configuration
gitea:
cache:
enabled: false
admin:
username: admin
password: "gitea-admin-pass" # Change this!
email: "admin@gilgamezh.me"
config:
APP_NAME: "TuringPi Gitea"
RUN_MODE: prod
server:
DOMAIN: gitea.gilgamezh.me
SSH_DOMAIN: gitea.gilgamezh.me
ROOT_URL: https://gitea.gilgamezh.me
PROTOCOL: http
DISABLE_SSH: false
SSH_PORT: 22
LFS_START_SERVER: true
database:
DB_TYPE: postgres
security:
INSTALL_LOCK: true
service:
DISABLE_REGISTRATION: false # Allow user registration
REQUIRE_SIGNIN_VIEW: false # Allow anonymous viewing of public repos
ui:
DEFAULT_THEME: gitea-dark
repository:
DEFAULT_PRIVATE: false # Public repos by default for easier ArgoCD access
ssh.minimum_key_sizes:
RSA: 1024 # Allow 2048-bit RSA keys
ECDSA: 256
ED25519: 256
# Resource limits (adjust based on your node capacity)
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi
# Node affinity (prefer worker nodes, avoid control plane)
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
Reference in New Issue View Git Blame Copy Permalink