mirror of
https://github.com/jeffusion/gitea-ai-assistant.git
synced 2026-03-27 10:05:50 +00:00
0bc147cbc5
- Replace file-based master key (data/master.key) with ENCRYPTION_KEY env var (hex-encoded) - App now requires ENCRYPTION_KEY to start, removing MASTER_KEY_PATH entirely - Fix k8s: add missing gitea-assistant-data volume, replace PVC with hostPath for single-node - Fix k8s: change qdrant from StatefulSet+PVC to Deployment+hostPath - Add K8s Secret for ENCRYPTION_KEY injection - Update all tests, .env.example, and documentation
113 lines
2.9 KiB
YAML
113 lines
2.9 KiB
YAML
---
|
|
# Secret: sensitive configuration (create before deploying)
|
|
# Generate a 64-char hex key: openssl rand -hex 32
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: gitea-assistant-secret
|
|
namespace: gitea-assistant
|
|
labels:
|
|
app.kubernetes.io/name: gitea-assistant
|
|
app.kubernetes.io/part-of: gitea-assistant
|
|
type: Opaque
|
|
stringData:
|
|
ENCRYPTION_KEY: "" # REQUIRED: run `openssl rand -hex 32` and paste here
|
|
|
|
---
|
|
# ConfigMap: only infrastructure-level env vars that must be known before DB init
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: gitea-assistant-config
|
|
namespace: gitea-assistant
|
|
labels:
|
|
app.kubernetes.io/name: gitea-assistant
|
|
app.kubernetes.io/part-of: gitea-assistant
|
|
data:
|
|
PORT: "3000"
|
|
# All settings (Gitea connection, webhook secret, admin password, review engine,
|
|
# Feishu, memory, etc.) are managed through the Admin Dashboard Web UI.
|
|
# They are auto-seeded with secure defaults on first boot.
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: gitea-assistant
|
|
namespace: gitea-assistant
|
|
labels:
|
|
app.kubernetes.io/name: gitea-assistant
|
|
app.kubernetes.io/part-of: gitea-assistant
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: gitea-assistant
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: gitea-assistant
|
|
app.kubernetes.io/part-of: gitea-assistant
|
|
spec:
|
|
containers:
|
|
- name: gitea-assistant
|
|
image: ghcr.io/jeffusion/gitea-ai-assistant:latest
|
|
ports:
|
|
- name: http
|
|
containerPort: 3000
|
|
protocol: TCP
|
|
envFrom:
|
|
- configMapRef:
|
|
name: gitea-assistant-config
|
|
- secretRef:
|
|
name: gitea-assistant-secret
|
|
resources:
|
|
limits:
|
|
memory: "512Mi"
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "100m"
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /app/data
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 30
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
volumes:
|
|
- name: data
|
|
hostPath:
|
|
# Customize this path to match your node's storage layout
|
|
path: /opt/gitea-assistant/data
|
|
type: DirectoryOrCreate
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: gitea-assistant
|
|
namespace: gitea-assistant
|
|
labels:
|
|
app.kubernetes.io/name: gitea-assistant
|
|
app.kubernetes.io/part-of: gitea-assistant
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app.kubernetes.io/name: gitea-assistant
|
|
ports:
|
|
- name: http
|
|
port: 3000
|
|
targetPort: http
|
|
protocol: TCP
|