bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture 12

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-21 16:21:24 +01:00
parent 2512de4173
commit 66dfd50fbc
20 changed files with 4082 additions and 480 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
infrastructure/cicd/gitea/values.yaml
View File

@@ -1,9 +1,12 @@
# Gitea Helm values configuration for Bakery-IA CI/CD
# This configuration sets up Gitea with registry support and appropriate storage
#
# Prerequisites:
# 1. Run setup-admin-secret.sh to create the gitea-admin-secret
# 2. Apply the post-install job: kubectl apply -f gitea-init-job.yaml
#
# Installation:
# helm repo add gitea https://dl.gitea.io/charts
# kubectl create namespace gitea
# helm install gitea gitea/gitea -n gitea -f infrastructure/cicd/gitea/values.yaml
#
# NOTE: The namespace is determined by the -n flag during helm install, not in this file.
@@ -43,22 +46,6 @@ ingress:
hosts:
- gitea.bakery-ia.local
- registry.bakery-ia.local
# Additional ingress for container registry (same backend, different hostname)
apiIngress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "500m"
hosts:
- host: registry.bakery-ia.local
paths:
- path: /
pathType: Prefix
tls:
- secretName: bakery-dev-tls-cert
hosts:
- registry.bakery-ia.local
persistence:
enabled: true
@@ -68,39 +55,44 @@ persistence:
# For Kind: leave empty or use "standard"
storageClass: ""
# =============================================================================
# ADMIN USER CONFIGURATION
# =============================================================================
# The admin user is automatically created on first install.
# Credentials are read from the 'gitea-admin-secret' Kubernetes secret.
#
# Create the secret BEFORE installing Gitea:
# ./setup-admin-secret.sh
#
# The secret must contain:
# - username: admin username (default: bakery-admin)
# - password: admin password
# =============================================================================
gitea:
admin:
username: bakery-admin
# IMPORTANT: Override this with --set gitea.admin.password=<secure-password>
# or use existingSecret
password: ""
email: admin@bakery-ia.local
# Use existing secret for admin credentials (created by setup-admin-secret.sh)
existingSecret: gitea-admin-secret
# keepUpdated ensures password changes in secret are applied
passwordMode: keepUpdated
config:
server:
DOMAIN: gitea.bakery-ia.local
SSH_DOMAIN: gitea.bakery-ia.local
SSH_PORT: 2222
# Use HTTPS for external access; TLS termination happens at ingress
ROOT_URL: https://gitea.bakery-ia.local
HTTP_PORT: 3000
# Enable package registry
PACKAGES_ENABLED: true
# Disable built-in HTTPS since ingress handles TLS
PROTOCOL: http
repository:
ENABLE_PUSH_CREATE_USER: true
ENABLE_PUSH_CREATE_ORG: true
DEFAULT_BRANCH: main
packages:
ENABLED: true
registry:
ENABLE: true
ROOT: /var/lib/gitea-registry
STORAGE_TYPE: local
# NOTE: PORT config here is internal - registry is accessed via HTTP port on /v2/ path
# Additional registry configuration for proper external access
docker:
ENABLE: true
REGISTRY_SSL_REDIRECT: false # SSL termination happens at ingress
webhook:
ALLOWED_HOST_LIST: "*"
# Allow internal cluster URLs for Tekton EventListener
@@ -109,21 +101,6 @@ gitea:
DISABLE_REGISTRATION: false
REQUIRE_SIGNIN_VIEW: false
# Initial repositories to create automatically after Gitea installation
# These will be created with the admin user as owner
initialRepositories:
- name: bakery-ia
description: "Main repository for Bakery IA project - Automatically created by Helm"
private: false
auto_init: true
default_branch: main
owner: "{{ .Values.gitea.admin.username }}"
# Enable issues, wiki, and other features
enable_issues: true
enable_wiki: true
enable_pull_requests: true
enable_projects: true
# Use embedded SQLite for simpler local development
# For production, enable postgresql
postgresql: