kacerr/home-kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gitops: add rbac kustomization + store some forgotten older changes in

Browse Source 
repo
This commit is contained in:
Jan Novak
2026-03-01 14:33:56 +01:00
parent 0eab64c954
commit 9877b093e8
6 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gitea-ci-deploy
subjects:
- kind: User
name: "gitea_ci@idm.home.hrajfrisbee.cz" # matches preferred_username claim
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: edit # scope down as needed
apiGroup: rbac.authorization.k8s.io

2
gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml
View File

@@ -24,6 +24,8 @@ spec:
enabled: true enabled: true
ui: ui:
enabled: true enabled: true
ingressController:
enabled: true
ipam: ipam:
mode: cluster-pool mode: cluster-pool
operator: operator:

13
gitops/home-kubernetes/flux-system/extra-kustomizations.yaml
View File

@@ -14,6 +14,19 @@ spec:
--- ---
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata:
name: 00-rbac
namespace: flux-system
spec:
interval: 10m0s
path: ./gitops/home-kubernetes/00-crds
prune: true
sourceRef:
kind: GitRepository
name: flux-system
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata: metadata:
name: cilium name: cilium
namespace: flux-system namespace: flux-system

1
gitops/home-kubernetes/oauth-proxy/helmrelease.yaml
View File

@@ -39,6 +39,7 @@ spec:
ingress: ingress:
enabled: true enabled: true
className: nginx className: nginx
pathType: Prefix
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/cluster-issuer: letsencrypt-prod
hosts: hosts:

2
gitops/home-kubernetes/podinfo/helmRelease.yaml
View File

@@ -24,7 +24,7 @@ spec:
- host: podinfo.lab.home.hrajfrisbee.cz - host: podinfo.lab.home.hrajfrisbee.cz
paths: paths:
- path: / - path: /
pathType: ImplementationSpecific pathType: Prefix
tls: [] tls: []
# - secretName: chart-example-tls # - secretName: chart-example-tls
# hosts: # hosts:

12
gitops/home-kubernetes/seafile/conf/seahub_settings.py
View File

@@ -0,0 +1,12 @@
EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = 'kacerr.cz@gmail.com'
EMAIL_HOST_PASSWORD = 'zeyd ppmy gfqu gaws' # App Password, not your login password
EMAIL_PORT = 587
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER
FILE_SERVER_ROOT = 'https://seafile.lab.home.hrajfrisbee.cz/seafhttp'
DEBUG = True