gitops: add rbac kustomization + store some forgotten older changes in

repo
2026-03-01 14:33:56 +01:00
parent 0eab64c954
commit 9877b093e8
6 changed files with 41 additions and 1 deletions
--- a/gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml
+++ b/gitops/home-kubernetes/00-rbac/clusterRoleBinding_gitea-ci.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitea-ci-deploy
+subjects:
+  - kind: User
+    name: "gitea_ci@idm.home.hrajfrisbee.cz"  # matches preferred_username claim
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: edit  # scope down as needed
+  apiGroup: rbac.authorization.k8s.io
--- a/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml
+++ b/gitops/home-kubernetes/cilium/helmrelelase_cilium.yaml
@@ -24,6 +24,8 @@ spec:
        enabled: true
      ui:
        enabled: true
+    ingressController:
+      enabled: true
    ipam:
      mode: cluster-pool
      operator:
--- a/gitops/home-kubernetes/flux-system/extra-kustomizations.yaml
+++ b/gitops/home-kubernetes/flux-system/extra-kustomizations.yaml
@@ -14,6 +14,19 @@ spec:
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
+metadata:
+  name: 00-rbac
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./gitops/home-kubernetes/00-crds
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
 metadata:
  name: cilium
  namespace: flux-system
--- a/gitops/home-kubernetes/oauth-proxy/helmrelease.yaml
+++ b/gitops/home-kubernetes/oauth-proxy/helmrelease.yaml
@@ -39,6 +39,7 @@ spec:
    ingress:
      enabled: true
      className: nginx
+      pathType: Prefix
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
      hosts:
--- a/gitops/home-kubernetes/podinfo/helmRelease.yaml
+++ b/gitops/home-kubernetes/podinfo/helmRelease.yaml
@@ -24,7 +24,7 @@ spec:
        - host: podinfo.lab.home.hrajfrisbee.cz
          paths:
            - path: /
-              pathType: ImplementationSpecific
+              pathType: Prefix
      tls: []
      #  - secretName: chart-example-tls
      #    hosts:
--- a/gitops/home-kubernetes/seafile/conf/seahub_settings.py
+++ b/gitops/home-kubernetes/seafile/conf/seahub_settings.py
@@ -0,0 +1,12 @@
+EMAIL_USE_TLS = True
+EMAIL_HOST = 'smtp.gmail.com'
+EMAIL_HOST_USER = 'kacerr.cz@gmail.com'
+EMAIL_HOST_PASSWORD = 'zeyd ppmy gfqu gaws'  # App Password, not your login password
+EMAIL_PORT = 587
+DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
+SERVER_EMAIL = EMAIL_HOST_USER
+
+
+FILE_SERVER_ROOT = 'https://seafile.lab.home.hrajfrisbee.cz/seafhttp'
+
+DEBUG = True