argocd and cert-manager

change traefik file size limit to 5gb for nas.rogi.casa
fix liveness proba for myorg-assistant app
2026-06-22 23:40:37 +02:00 · 2026-03-10 19:59:54 +01:00 · 2026-02-14 12:04:37 +01:00 · 2026-02-10 23:49:54 +01:00 · 2026-02-10 23:40:42 +01:00 · 2026-02-08 14:25:46 +00:00
9 changed files with 124 additions and 31 deletions
--- a/argocd/ingress.yaml
+++ b/argocd/ingress.yaml
@@ -0,0 +1,25 @@
+# argocd-ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd
+  namespace: argocd
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - argocd.rogi.casa
+    secretName: argocd-tls
+  rules:
+  - host: argocd.rogi.casa
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80
--- a/cert-manager/cluster-issuer.yaml
+++ b/cert-manager/cluster-issuer.yaml
@@ -0,0 +1,15 @@
+# cluster-issuer.yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: roger@ruxu.dev
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    solvers:
+    - http01:
+        ingress:
+          ingressClassName: traefik
--- a/cert-manager/install.sh
+++ b/cert-manager/install.sh
@@ -0,0 +1,2 @@
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
+kubectl wait --for=condition=available --timeout=120s deployment/cert-manager -n cert-manager
--- a/gitea/gitea-ingress.yaml
+++ b/gitea/gitea-ingress.yaml
@@ -0,0 +1,25 @@
+# gitea-ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - git.rogi.casa
+    secretName: gitea-tls
+  rules:
+  - host: git.rogi.casa
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea
+            port:
+              number: 80
--- a/ingress.yaml
+++ b/ingress.yaml
@@ -59,16 +59,6 @@ spec:
              name: open-webui-service
              port:
                number: 80
-  - host: nas.rogi.casa
-    http:
-      paths:
-        - pathType: Prefix
-          backend:
-            service:
-              name: external-ip
-              port:
-                number: 80
-          path: /
  - host: gym.rogi.casa
    http:
      paths:
@@ -281,3 +271,37 @@ spec:
              name: argocd-server
              port:
                number: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nas-ingress
+  namespace: default
+  annotations:
+    # Use Traefik as the ingress controller (default in k3s)
+    kubernetes.io/ingress.class: "traefik"
+    # Enable SSL redirect
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    # Optional: enable compression
+    traefik.ingress.kubernetes.io/compress: "true"
+    # Allow large file uploads (5GB) for NAS
+    traefik.ingress.kubernetes.io/max-request-body-bytes: "5368709120"
+    cert-manager.io/issuer: prod-issuer
+    cert-manager.io/issuer-kind: OriginIssuer
+    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
+spec:
+  tls:
+    - hosts:
+      - "*.rogi.casa"
+      secretName: rogicasa-tls
+  rules:
+  - host: nas.rogi.casa
+    http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: external-ip
+              port:
+                number: 80
--- a/1
+++ b/1
--- a/myorg-assistant/deployment.yaml
+++ b/myorg-assistant/deployment.yaml
@@ -27,9 +27,9 @@ spec:
              git clone ${GIT_REPO_URL} /data/myorg
              cd /data/myorg
              git config user.name "${GIT_USERNAME}"
-              git config user.email "${GIT_USERNAME}@users.noreply.github.com"
+              git config user.email "${GIT_USERNAME}@rogi.casa"
              git config credential.helper store
-              echo "https://${GIT_USERNAME}:${GIT_TOKEN}@github.com" > ~/.git-credentials
+              echo "https://${GIT_USERNAME}:${GIT_TOKEN}@gitea.rogi.casa" > ~/.git-credentials
            else
              echo "Repository already exists, pulling latest changes..."
              cd /data/myorg
@@ -54,11 +54,12 @@ spec:
        volumeMounts:
        - name: myorg-data
          mountPath: /data/myorg
-      
+      imagePullSecrets:
+      - name: gitea-registry
      containers:
      - name: myorg-assistant
-        image: myorg-assistant:latest
-        imagePullPolicy: IfNotPresent
+        image: gitea.rogi.casa/roger/myorg-assistant/myorg-assistant:5215cd9
+        imagePullPolicy: Always
        command: ["./start.sh"]
        ports:
        - containerPort: 8000
@@ -158,11 +159,8 @@ spec:
            cpu: "500m"
        
        livenessProbe:
-          exec:
-            command:
-            - sh
-            - -c
-            - "ps aux | grep 'python -m src.main bot' | grep -v grep"
+          tcpSocket:
+            port: 8000
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
--- a/myorg-assistant/ingress.yaml
+++ b/myorg-assistant/ingress.yaml
@@ -1,15 +1,25 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: myorg-assistant-ingress
+  name: myorg-ingress
  namespace: default
  annotations:
+    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
-    # Add SSL/TLS annotations if needed
-    # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    # Enable SSL redirect
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    # Optional: enable compression
+    traefik.ingress.kubernetes.io/compress: "true"
+    cert-manager.io/issuer: prod-issuer
+    cert-manager.io/issuer-kind: OriginIssuer
+    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
 spec:
+  tls:
+    - hosts:
+      - "*.rogi.casa"
+      secretName: rogicasa-tls
  rules:
-  - host: myorg.yourdomain.com  # Replace with your domain
+  - host: myorg.rogi.casa
    http:
      paths:
      - path: /
@@ -19,8 +29,3 @@ spec:
            name: myorg-assistant-service
            port:
              number: 8000
-  # Optional: TLS configuration
-  # tls:
-  # - hosts:
-  #   - myorg.yourdomain.com
-  #   secretName: myorg-tls-secret
--- a/pihole/pihole.yaml
+++ b/pihole/pihole.yaml
@@ -113,7 +113,7 @@ metadata:
  labels:
    app: pihole
 spec:
-  type: LoadBalancer  # Change to NodePort or ClusterIP as needed
+  type: LoadBalancer
  ports:
  - port: 53
    targetPort: 53
Author	SHA1	Message	Date
Roger Oriol	fe2f1b85f8	argocd and cert-manager	2026-06-22 23:40:37 +02:00
Roger Oriol	12c2832ec0	change traefik file size limit to 5gb for nas.rogi.casa	2026-03-10 19:59:54 +01:00
Roger Oriol	3ff8312e35	fix liveness proba for myorg-assistant app	2026-02-14 12:04:37 +01:00
Roger Oriol	4fa91f8724	git init script	2026-02-10 23:49:54 +01:00
Roger Oriol	a0976f4731	myorg ingress	2026-02-10 23:40:42 +01:00
Gitea Actions	83d4d68719	Update myorg-assistant image to 5215cd9	2026-02-08 14:25:46 +00:00
Gitea Actions	44234982b7	Update myorg-assistant image to 0060430	2026-02-08 11:14:55 +00:00
Roger Oriol	4007b102e8	upgrade myorg-assitant image to latest	2026-02-07 18:54:32 +01:00
Roger Oriol	6f00fd1e51	use gitea imatge pull secret for myorg assistant	2026-02-07 18:03:19 +01:00
Roger Oriol	51c8daeb0c	use gitea imatge pull secret for myorg assistant	2026-02-07 17:56:57 +01:00
Gitea Actions	7205f57028	Update myorg-assistant image to 518b350	2026-02-07 16:21:06 +00:00
Roger Oriol	83b2dbda38	myorg-assitant image	2026-02-07 17:18:00 +01:00