From cd0c3876edff1d0d157b805c1d973d7d7a8add54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sat, 29 Nov 2025 11:28:14 +0000 Subject: [PATCH] fix: deploy/app, added continuos-deploy gitea workflow template --- .gitea/workflows/app-continous-deploy.yaml | 34 ++++++++++++++ README.md | 1 - deploy/helm/values.yaml | 22 ++++++++- deploy/infra/cd-service-account-rbac.yaml | 4 +- deploy/infra/ingress.yaml | 53 ---------------------- deploy/infra/kustomization.yaml | 1 - 6 files changed, 56 insertions(+), 59 deletions(-) create mode 100644 .gitea/workflows/app-continous-deploy.yaml delete mode 100644 deploy/infra/ingress.yaml diff --git a/.gitea/workflows/app-continous-deploy.yaml b/.gitea/workflows/app-continous-deploy.yaml new file mode 100644 index 0000000..933388c --- /dev/null +++ b/.gitea/workflows/app-continous-deploy.yaml @@ -0,0 +1,34 @@ +on: + push: + branches: + - main + pull_request: + branches: + - main +jobs: + continuous-deploy: + runs-on: ubuntu-latest + container: + image: git.limbosolutions.com/kb/gitea/act:latest-network-stack + env: + GITHUB_TEMP: ${{ runner.temp }} # fix missing GITHUB_TEMP on gitea + steps: + + - name: Checkout code + uses: actions/checkout@v3 + + - name: limbo public actions + env: + WORKSPACE: "${{ gitea.workspace }}" + run: | + curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1 + + + # my custom actions https://git.limbosolutions.com/kb/gitea/raw/branch/main + - name: Configure kubectl config + uses: ./.gitea/limbo_actions/kubectl-setup + with: + kube_server: ${{ secrets.HOSTING_KUBE_SERVER }} + kube_ca_base64: ${{ secrets.HOSTING_KUBE_CA_BASE64 }} + kube_token: ${{ secrets.HOSTING_KUBE_TOKEN }} + diff --git a/README.md b/README.md index 91acb29..904f3ab 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,6 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server. ### Continuous Deploy Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-deploy.yaml). -kubectl get secret continuous-deploy -o jsonpath='{.data.token}' | base64 -d ### Infra diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index 992cfbc..3521e51 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -58,7 +58,10 @@ service: port: 2222 annotations: metallb.universe.tf/allow-shared-ip: test - + http: + clusterIP: "" # empty string → Kubernetes assigns a routable ClusterIP + type: ClusterIP + port: 3000 gitea: admin: username: "???" @@ -126,6 +129,21 @@ gitea: PASSWORD_HASH_ALGO: "???" ingress: - enabled: false + enabled: true + className: traefik + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: "letsencrypt-prod" + traefik.ingress.kubernetes.io/router.entrypoints: websecure, public-https + hosts: + - host: git.limbosolutions.com + paths: + - path: / + pathType: Prefix + tls: + - secretName: limbosolutions-com-tls + hosts: + - "git.limbosolutions.com" + diff --git a/deploy/infra/cd-service-account-rbac.yaml b/deploy/infra/cd-service-account-rbac.yaml index 392671f..7bd4ec8 100644 --- a/deploy/infra/cd-service-account-rbac.yaml +++ b/deploy/infra/cd-service-account-rbac.yaml @@ -17,8 +17,8 @@ rules: verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["networking.k8s.io"] - resources: ["networkpolicies"] - verbs: ["get", "list", "watch", "patch", "update"] + resources: ["networkpolicies", "ingresses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] diff --git a/deploy/infra/ingress.yaml b/deploy/infra/ingress.yaml deleted file mode 100644 index 5c8854f..0000000 --- a/deploy/infra/ingress.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP -metadata: - name: git-limbosolutions-com-ssh - namespace: git-limbosolutions-com -spec: - entryPoints: - - ssh-git - routes: - - match: HostSNI(`*`) - services: - - name: gitea-ssh - port: 2222 - weight: 10 - terminationDelay: 90000 - proxyProtocol: - version: 1 ---- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: gitea - namespace: git-limbosolutions-com - labels: - helm.sh/chart: gitea-12.4.0 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1" - version: "1" - app.kubernetes.io/managed-by: Helm - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - kubernetes.io/ingress.class: "traefik" - traefik.ingress.kubernetes.io/router.entrypoints: "websecure, public-https" -spec: - ingressClassName: traefik - tls: - - hosts: - - "git.limbosolutions.com" - secretName: limbosolutions-com-tls - rules: - - host: "git.limbosolutions.com" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: gitea-http - port: - number: 3000 \ No newline at end of file diff --git a/deploy/infra/kustomization.yaml b/deploy/infra/kustomization.yaml index 2e5bb31..ac112a2 100644 --- a/deploy/infra/kustomization.yaml +++ b/deploy/infra/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml - - ingress.yaml - cd-service-account.yaml - cd-service-account-token.yaml - cd-service-account-rbac.yaml