Sienna Meridian Satterwhite
fcb80f1f37
Penpot (designer.sunbeam.pt): - Frontend/backend/exporter deployments with OIDC-only auth via Hydra - VSO-managed DB, S3, and app secrets from OpenBao - PostgreSQL user/db in CNPG postInitSQL - Hydra Maester enabledNamespaces extended to devtools Penpot MCP server (mcp-designer.sunbeam.pt): - Pre-built Node.js image pushed to Gitea registry - Auth-gated via Pingora auth_request → Hydra /userinfo - WebSocket path for browser plugin connection Wildcard TLS: - Switched cert-manager from HTTP-01 (per-SAN) to DNS-01 via Scaleway webhook - Certificate collapsed to *.sunbeam.pt + sunbeam.pt - Added scaleway-certmanager-webhook Helm chart - VSO secret for Scaleway DNS API credentials in cert-manager namespace - Added cert-manager to OpenBao VSO auth role
27 lines
694 B
YAML
27 lines
694 B
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namespace: devtools
|
|
|
|
resources:
|
|
- namespace.yaml
|
|
- vault-secrets.yaml
|
|
- gitea-theme-cm.yaml
|
|
- gitea-servicemonitor.yaml
|
|
- gitea-alertrules.yaml
|
|
- beam-design.yaml
|
|
- penpot.yaml
|
|
- penpot-oidc.yaml
|
|
- penpot-mcp.yaml
|
|
|
|
helmCharts:
|
|
# helm repo add gitea-charts https://dl.gitea.com/charts/
|
|
# Note: Gitea chart v10+ replaced Redis with Valkey-cluster by default.
|
|
# We disable bundled DB/cache (external CloudNativePG + Redis — see gitea-values.yaml).
|
|
- name: gitea
|
|
repo: https://dl.gitea.com/charts/
|
|
version: "12.5.0"
|
|
releaseName: gitea
|
|
namespace: devtools
|
|
valuesFile: gitea-values.yaml
|