4dd68859d8
- .sops.yaml with 3 age keys (admin, dev, prod) - infra/gitea/values/*.enc.yaml — per-env encrypted Helm values - infra/kargo/values/*.enc.yaml — per-env encrypted Kargo admin secrets - kargo/credentials/*.enc.yaml — per-env encrypted git credentials (ksops) - infra/kargo-credentials/ — ArgoCD app for deploying Kargo creds via ksops - All repoURLs point to deploy-app-kargo-private Structure from deploy-app-kargo (reference), adapted for SOPS workflow
42 lines
938 B
YAML
42 lines
938 B
YAML
# Gitea HTTPS IngressRoute via Traefik
|
|
# Uses default TLS store (wildcard-tls from kube-system via TLSStore)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: gitea-https
|
|
namespace: gitea
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: HostRegexp(`gitea.k3s\..+\.local`)
|
|
kind: Rule
|
|
middlewares:
|
|
- name: sslheader
|
|
namespace: kube-system
|
|
- name: gitea-buffer-timeout
|
|
namespace: gitea
|
|
services:
|
|
- name: gitea-http
|
|
port: 3000
|
|
tls: {}
|
|
---
|
|
# HTTP → HTTPS redirect for Gitea
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: gitea-http-redirect
|
|
namespace: gitea
|
|
spec:
|
|
entryPoints:
|
|
- web
|
|
routes:
|
|
- match: HostRegexp(`gitea.k3s\..+\.local`)
|
|
kind: Rule
|
|
middlewares:
|
|
- name: redirect-https
|
|
namespace: kube-system
|
|
services:
|
|
- name: gitea-http
|
|
port: 3000
|