studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
mainline
sbbb/base/devtools/kustomization.yaml

23 lines
616 B
YAML
Raw Permalink Normal View History

chore: initial infrastructure scaffold Kustomize base + overlays for the full Sunbeam k3s stack: - base/mesh — Linkerd edge (crds + control-plane + viz) - base/ingress — custom Pingora edge proxy - base/ory — Kratos 0.60.1 + Hydra 0.60.1 + login-ui - base/data — CloudNativePG 0.27.1, Valkey 8, OpenSearch 2 - base/storage — SeaweedFS master + volume + filer (S3 on :8333) - base/lasuite — Hive sync daemon + La Suite app placeholders - base/media — LiveKit livekit-server 1.9.0 - base/devtools — Gitea 12.5.0 (external PG + Valkey) overlays/local — sslip.io domain, mkcert TLS, Lima hostPort overlays/production — stub (TODOs for sunbeam.pt values) scripts/ — local-up/down/certs/urls helpers justfile — up / down / certs / urls targets
2026-02-28 13:42:27 +00:00
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: devtools
resources:
- namespace.yaml
feat(devtools): migrate Gitea to OpenBao DB static role; sync admin creds via VSO - gitea-db-credentials is now a VaultDynamicSecret reading from database/static-creds/gitea (OpenBao static role, 24h password rotation). Replaces the previous KV-based Secret that used a hardcoded localdev password. - gitea-admin-credentials and gitea-s3-credentials remain VaultStaticSecrets synced from secret/gitea and secret/seaweedfs respectively. - gitea-values.yaml adds gitea.admin.existingSecret so the chart reads the admin username/password from the VSO-managed Secret instead of values.
2026-03-02 18:33:16 +00:00
- vault-secrets.yaml
feat(infra): data, storage, devtools, and ory layer updates - data: CNPG cluster tuning, OpenBao values, OpenSearch deployment fixes, OpenSearch PVC, barman vault secret for S3 backup credentials - storage: SeaweedFS filer updates (s3.json via secret subPath), PVC for filer persistent storage - devtools: Gitea values (SSH service, custom theme), gitea-theme-cm ConfigMap - ory: add kratos-selfservice-urls.yaml for self-service flow URLs - media: LiveKit values updated (TURN config, STUN, resource limits) - vso: kustomization cleanup
2026-03-06 12:07:28 +00:00
- gitea-theme-cm.yaml
feat: add PrometheusRule alerts for all services 28 alert rules across 9 PrometheusRule files covering infrastructure (Longhorn, cert-manager), data (PostgreSQL, OpenBao, OpenSearch), storage (SeaweedFS), devtools (Gitea), identity (Hydra, Kratos), media (LiveKit), and mesh (Linkerd golden signals for all services). Severity routing: critical alerts fire to Matrix + email, warnings to Matrix only (AlertManager config updated in separate commit).
2026-03-24 12:20:55 +00:00
- gitea-servicemonitor.yaml
- gitea-alertrules.yaml
chore: initial infrastructure scaffold Kustomize base + overlays for the full Sunbeam k3s stack: - base/mesh — Linkerd edge (crds + control-plane + viz) - base/ingress — custom Pingora edge proxy - base/ory — Kratos 0.60.1 + Hydra 0.60.1 + login-ui - base/data — CloudNativePG 0.27.1, Valkey 8, OpenSearch 2 - base/storage — SeaweedFS master + volume + filer (S3 on :8333) - base/lasuite — Hive sync daemon + La Suite app placeholders - base/media — LiveKit livekit-server 1.9.0 - base/devtools — Gitea 12.5.0 (external PG + Valkey) overlays/local — sslip.io domain, mkcert TLS, Lima hostPort overlays/production — stub (TODOs for sunbeam.pt values) scripts/ — local-up/down/certs/urls helpers justfile — up / down / certs / urls targets
2026-02-28 13:42:27 +00:00
helmCharts:
# helm repo add gitea-charts https://dl.gitea.com/charts/
# Note: Gitea chart v10+ replaced Redis with Valkey-cluster by default.
# We disable bundled DB/cache (external CloudNativePG + Redis — see gitea-values.yaml).
- name: gitea
repo: https://dl.gitea.com/charts/
version: "12.5.0"
releaseName: gitea
namespace: devtools
valuesFile: gitea-values.yaml
Reference in New Issue Copy Permalink