Add new infra architecture 13

2026-01-21 23:16:19 +01:00
parent 66dfd50fbc
commit aeff6b1537
22 changed files with 552 additions and 151 deletions
--- a/infrastructure/cicd/gitea/values-prod.yaml
+++ b/infrastructure/cicd/gitea/values-prod.yaml
@@ -11,36 +11,29 @@ ingress:
  className: nginx
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/proxy-body-size: "500m"
+    nginx.ingress.kubernetes.io/proxy-body-size: "2G"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    cert-manager.io/cluster-issuer: "letsencrypt-production"
  hosts:
    - host: gitea.bakewise.ai
      paths:
        - path: /
          pathType: Prefix
+    - host: registry.bakewise.ai
+      paths:
+        - path: /
+          pathType: Prefix
  tls:
    - secretName: gitea-tls-cert
      hosts:
        - gitea.bakewise.ai
-  apiIngress:
-    enabled: true
-    className: nginx
-    annotations:
-      nginx.ingress.kubernetes.io/ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/proxy-body-size: "500m"
-      cert-manager.io/cluster-issuer: "letsencrypt-production"
-    hosts:
-      - host: registry.bakewise.ai
-        paths:
-          - path: /
-            pathType: Prefix
-    tls:
-      - secretName: registry-tls-cert
-        hosts:
-          - registry.bakewise.ai
+        - registry.bakewise.ai
+
+# NOTE: The Gitea Helm chart (v12.4.0) does not natively support separate registry ingress.
+# For registry access, we include registry.bakewise.ai in the main ingress above.
+# This works because Gitea serves both UI and registry on the same port (3000).

 gitea:
  admin:
@@ -62,4 +55,4 @@ resources:

 # Larger storage for production
 persistence:
-  size: 50Gi
+  size: 50Gi
--- a/infrastructure/cicd/gitea/values.yaml
+++ b/infrastructure/cicd/gitea/values.yaml
@@ -32,7 +32,7 @@ ingress:
  className: nginx
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/proxy-body-size: "500m"
+    nginx.ingress.kubernetes.io/proxy-body-size: "2G"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"