first commit

apps/gitea/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea-ingress
+  namespace: gitea
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  rules:
+    - host: gitea.duylai.duckdns.org
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: gitea-http
+                port:
+                  number: 3000
+  tls:
+    - hosts:
+        - gitea.duylai.duckdns.org
+      secretName: gitea-tls-secret

apps/gitea/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: gitea
+
+resources:
+  - namespace.yaml
+  - ingress.yaml
+
+# Helm values are in values.yaml
+# Deploy with:
+# helm upgrade --install gitea gitea-charts/gitea -f values.yaml -n gitea --create-namespace

apps/gitea/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+  labels:
+    name: gitea

apps/gitea/values.yaml

@@ -0,0 +1,83 @@
+# Gitea Helm Values
+# Reference: https://gitea.com/gitea/helm-chart/
+
+# Gitea server configuration
+gitea:
+  config:
+    server:
+      DOMAIN: gitea.duylai.duckdns.org
+      ROOT_URL: https://gitea.duylai.duckdns.org/
+      SSH_DOMAIN: gitea.duylai.duckdns.org
+      SSH_LISTEN_PORT: 22
+      SSH_PORT: 30222
+
+# Service configuration
+service:
+  http:
+    type: ClusterIP
+    clusterIP: ""
+  ssh:
+    type: NodePort
+    nodePort: 30222
+
+# Persistence for Git data
+persistence:
+  enabled: true
+  create: true
+  claimName: gitea-shared-storage
+  size: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  annotations:
+    helm.sh/resource-policy: keep
+
+# PostgreSQL HA configuration
+postgresql-ha:
+  enabled: true
+
+  postgresql:
+    # Number of PostgreSQL replicas (minimum 3 for HA)
+    replicaCount: 3
+
+    # Resource limits (fixed for OOM issues)
+    resources:
+      limits:
+        cpu: 375m
+        memory: 768Mi
+      requests:
+        cpu: 250m
+        memory: 512Mi
+
+    persistence:
+      size: 10Gi
+
+  pgpool:
+    enabled: true
+
+    # Resource limits (fixed for OOM issues)
+    resources:
+      limits:
+        cpu: 375m
+        memory: 512Mi
+      requests:
+        cpu: 250m
+        memory: 384Mi
+
+# Valkey (Redis) cluster configuration
+valkey-cluster:
+  cluster:
+    # Number of nodes (minimum 3 for cluster)
+    nodes: 3
+
+  # Resource limits
+  resources:
+    limits:
+      cpu: 150m
+      memory: 192Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+
+# Disable single PostgreSQL (using HA version)
+postgresql:
+  enabled: false

apps/headlamp/ingress.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: headlamp-ingress
+  namespace: headlamp
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+    - host: headlamp.duylai.duckdns.org
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: headlamp
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - headlamp.duylai.duckdns.org
+      secretName: headlamp-tls

apps/headlamp/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: headlamp
+
+resources:
+  - namespace.yaml
+  - ingress.yaml
+
+# Helm values are in values.yaml
+# Use: helm upgrade --install headlamp headlamp/headlamp -f values.yaml -n headlamp

apps/headlamp/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: headlamp
+  labels:
+    name: headlamp

apps/headlamp/values.yaml

@@ -0,0 +1,43 @@
+# Headlamp Helm Values
+# Reference: https://artifacthub.io/packages/helm/headlamp/headlamp
+
+replicaCount: 1
+
+image:
+  repository: ghcr.io/headlamp-k8s/headlamp
+  tag: ""
+  pullPolicy: IfNotPresent
+
+# Service configuration
+service:
+  type: ClusterIP
+  port: 80
+
+# Ingress managed via kustomize (see ingress.yaml)
+ingress:
+  enabled: false
+
+# Resources
+resources:
+  limits:
+    cpu: 200m
+    memory: 256Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+# Persistent volume for plugins
+persistentVolumeClaim:
+  enabled: false
+
+# Service account for cluster access
+serviceAccount:
+  create: true
+  annotations: {}
+
+# RBAC - give Headlamp full cluster access
+rbac:
+  create: true
+  clusterRole:
+    create: true
+    name: cluster-admin