From 9877b093e88ed44bbc10a8191706f84b6b195a38 Mon Sep 17 00:00:00 2001 From: Jan Novak Date: Sun, 1 Mar 2026 14:33:56 +0100 Subject: [PATCH] gitops: add rbac kustomization + store some forgotten older changes in repo --- .../00-rbac/clusterRoleBinding_gitea-ci.yaml | 12 ++++++++++++ .../home-kubernetes/cilium/helmrelelase_cilium.yaml | 2 ++ .../flux-system/extra-kustomizations.yaml | 13 +++++++++++++ gitops/home-kubernetes/oauth-proxy/helmrelease.yaml | 1 + gitops/home-kubernetes/podinfo/helmRelease.yaml | 2 +- .../home-kubernetes/seafile/conf/seahub_settings.py | 12 ++++++++++++ 6 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml diff --git a/gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml b/gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml new file mode 100644 index 0000000..53ac34b --- /dev/null +++ b/gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitea-ci-deploy +subjects: + - kind: User + name: "gitea_ci@idm.home.hrajfrisbee.cz" # matches preferred_username claim + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: edit # scope down as needed + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml b/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml index 266dff3..59024f2 100644 --- a/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml +++ b/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml @@ -24,6 +24,8 @@ spec: enabled: true ui: enabled: true + ingressController: + enabled: true ipam: mode: cluster-pool operator: diff --git a/gitops/home-kubernetes/flux-system/extra-kustomizations.yaml b/gitops/home-kubernetes/flux-system/extra-kustomizations.yaml index fe4c326..cf367a8 100644 --- a/gitops/home-kubernetes/flux-system/extra-kustomizations.yaml +++ b/gitops/home-kubernetes/flux-system/extra-kustomizations.yaml @@ -14,6 +14,19 @@ spec: --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization +metadata: + name: 00-rbac + namespace: flux-system +spec: + interval: 10m0s + path: ./gitops/home-kubernetes/00-crds + prune: true + sourceRef: + kind: GitRepository + name: flux-system +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization metadata: name: cilium namespace: flux-system diff --git a/gitops/home-kubernetes/oauth-proxy/helmrelease.yaml b/gitops/home-kubernetes/oauth-proxy/helmrelease.yaml index e27d8e7..46967e2 100644 --- a/gitops/home-kubernetes/oauth-proxy/helmrelease.yaml +++ b/gitops/home-kubernetes/oauth-proxy/helmrelease.yaml @@ -39,6 +39,7 @@ spec: ingress: enabled: true className: nginx + pathType: Prefix annotations: cert-manager.io/cluster-issuer: letsencrypt-prod hosts: diff --git a/gitops/home-kubernetes/podinfo/helmRelease.yaml b/gitops/home-kubernetes/podinfo/helmRelease.yaml index d98ca10..8b56055 100644 --- a/gitops/home-kubernetes/podinfo/helmRelease.yaml +++ b/gitops/home-kubernetes/podinfo/helmRelease.yaml @@ -24,7 +24,7 @@ spec: - host: podinfo.lab.home.hrajfrisbee.cz paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix tls: [] # - secretName: chart-example-tls # hosts: diff --git a/gitops/home-kubernetes/seafile/conf/seahub_settings.py b/gitops/home-kubernetes/seafile/conf/seahub_settings.py index e69de29..823313e 100644 --- a/gitops/home-kubernetes/seafile/conf/seahub_settings.py +++ b/gitops/home-kubernetes/seafile/conf/seahub_settings.py @@ -0,0 +1,12 @@ +EMAIL_USE_TLS = True +EMAIL_HOST = 'smtp.gmail.com' +EMAIL_HOST_USER = 'kacerr.cz@gmail.com' +EMAIL_HOST_PASSWORD = 'zeyd ppmy gfqu gaws' # App Password, not your login password +EMAIL_PORT = 587 +DEFAULT_FROM_EMAIL = EMAIL_HOST_USER +SERVER_EMAIL = EMAIL_HOST_USER + + +FILE_SERVER_ROOT = 'https://seafile.lab.home.hrajfrisbee.cz/seafhttp' + +DEBUG = True \ No newline at end of file