niko/gitea-ci-library
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

git-pages helm chart

Browse Source
This commit is contained in:
moilanik
2026-06-10 05:18:58 +03:00
parent 14cf2eaeed
commit 26a8b9efa8
29 changed files with 2610 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tmp/git-pages.yaml
+259
View File
@@ -0,0 +1,259 @@
# DEPRECATED — käytä Helm chartia: git-pages/
# helm upgrade --install git-pages ./git-pages -n git-pages -f dev-values.yaml
#
# git-pages — k3s homelab (Codeberg git-pages)
#
# Yksi apex index-site (pages.helm-dev.../.index). Sisältö Gitea-poluissa:
# {owner}/{repo}/reports/{sha8}/index.html
#
# Julkaisu (CI → Traefik → git-pages):
# PATCH https://pages.helm-dev.keskikuja.site/ Authorization: Basic publish:<token>
# Traefik basicAuth middleware — token K8s-secretissä (htpasswd)
# git-pages PAGES_INSECURE=1 takana — ei forge/DNS/Gitea write
#
# Secret (kerran, ennen ensimmäistä publishia):
# export GIT_PAGES_PUBLISH_TOKEN="$(openssl rand -base64 32)"
# kubectl -n git-pages create secret generic git-pages-publish-auth \
# --from-literal=users="$(docker run --rm httpd:2-alpine htpasswd -nb publish "$GIT_PAGES_PUBLISH_TOKEN")"
# # Sama arvo → Gitea Actions secret GIT_PAGES_PUBLISH_TOKEN
#
# Lukeminen: GET/HEAD julkinen (OIDC myöhemmin Traefikissä)
#
# URL-esimerkki:
# https://pages.helm-dev.keskikuja.site/niko/gitea-ci-library/reports/abc12345/index.html
#
# Image: codeberg.org/git-pages/git-pages:0.9.1
# CI: GIT_PAGES_PUBLISH_URL=https://pages.helm-dev.keskikuja.site
# GIT_PAGES_PUBLISH_TOKEN → Gitea Actions secret
---
apiVersion: v1
kind: Namespace
metadata:
name: git-pages
labels:
app.kubernetes.io/name: git-pages
app.kubernetes.io/component: pages-server
---
apiVersion: v1
kind: ConfigMap
metadata:
name: git-pages-config
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
data:
config.toml: |
log-format = "text"
[server]
pages = "tcp/:3000"
caddy = "-"
metrics = "tcp/:3002"
[storage]
type = "fs"
[storage.fs]
root = "/app/data"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: git-pages-data
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: git-pages
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
app.kubernetes.io/component: pages-server
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: git-pages
template:
metadata:
labels:
app.kubernetes.io/name: git-pages
app.kubernetes.io/component: pages-server
spec:
securityContext:
fsGroup: 1000
containers:
- name: git-pages
image: codeberg.org/git-pages/git-pages:0.9.1
imagePullPolicy: IfNotPresent
command:
- git-pages
args:
- -config
- /etc/git-pages/config.toml
env:
- name: PAGES_INSECURE
value: "1"
ports:
- name: http
containerPort: 3000
protocol: TCP
- name: metrics
containerPort: 3002
protocol: TCP
volumeMounts:
- name: config
mountPath: /etc/git-pages
readOnly: true
- name: data
mountPath: /app/data
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 3
periodSeconds: 10
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 10
periodSeconds: 20
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 512Mi
volumes:
- name: config
configMap:
name: git-pages-config
- name: data
persistentVolumeClaim:
claimName: git-pages-data
---
apiVersion: v1
kind: Service
metadata:
name: git-pages
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: git-pages
ports:
- name: http
port: 3000
targetPort: http
protocol: TCP
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: git-pages-tls
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
spec:
secretName: git-pages-tls
dnsNames:
- pages.helm-dev.keskikuja.site
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
---
# PATCH/PUT vaatii BasicAuth (publish-token). Ilman tokenia → 401.
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: git-pages-publish-auth
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
spec:
basicAuth:
secret: git-pages-publish-auth
---
# Julkinen luku: GET/HEAD. Julkaisu: PATCH/PUT + basicAuth (erillinen reitti).
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: git-pages
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
spec:
entryPoints:
- websecure
routes:
- match: >-
Host(`pages.helm-dev.keskikuja.site`) &&
(Method(`PATCH`) || Method(`PUT`))
kind: Rule
middlewares:
- name: git-pages-publish-auth
services:
- name: git-pages
port: 3000
- match: Host(`pages.helm-dev.keskikuja.site`) && (Method(`GET`) || Method(`HEAD`))
kind: Rule
services:
- name: git-pages
port: 3000
tls:
secretName: git-pages-tls
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: https-redirect
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
spec:
redirectScheme:
scheme: https
permanent: true
---
# HTTP → HTTPS. Jätä /.well-known/acme-challenge/ pois — cert-manager HTTP-01 (web :80).
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: git-pages-http
namespace: git-pages
labels:
app.kubernetes.io/name: git-pages
spec:
entryPoints:
- web
routes:
- match: >-
Host(`pages.helm-dev.keskikuja.site`) &&
!PathPrefix(`/.well-known/acme-challenge/`)
kind: Rule
middlewares:
- name: https-redirect
services:
- name: git-pages
port: 3000