move the gitea installation to the gitea namespace

README.md

@@ -256,8 +256,8 @@ Access Gitea:
 ```bash
 export KUBECONFIG=$PWD/kubeconfig.yml
 export SSL_CERT_FILE="$PWD/kubernetes-ingress-ca-crt.pem"
-gitea_ip="$(kubectl get ingress/gitea -o json | jq -r .status.loadBalancer.ingress[0].ip)"
-gitea_fqdn="$(kubectl get ingress/gitea -o json | jq -r .spec.rules[0].host)"
+gitea_ip="$(kubectl get -n gitea ingress/gitea -o json | jq -r .status.loadBalancer.ingress[0].ip)"
+gitea_fqdn="$(kubectl get -n gitea ingress/gitea -o json | jq -r .spec.rules[0].host)"
 gitea_url="https://$gitea_fqdn"
 echo "gitea_url: $gitea_url"
 echo "gitea_username: gitea"
@@ -348,7 +348,7 @@ argocd cluster list
 #     argocd cert add-tls gitea.example.test --from "$SSL_CERT_FILE"
 #     argocd cert list --cert-type https
 argocd repo add \
-  http://gitea-http.default.svc:3000/gitea/argocd-example.git \
+  http://gitea-http.gitea.svc:3000/gitea/argocd-example.git \
   --username gitea \
   --password gitea
 argocd app create \
@@ -359,7 +359,7 @@ argocd app create \
   --auto-prune \
   --self-heal \
   --sync-policy automatic \
-  --repo http://gitea-http.default.svc:3000/gitea/argocd-example.git \
+  --repo http://gitea-http.gitea.svc:3000/gitea/argocd-example.git \
   --path .
 argocd app list
 argocd app wait argocd-example --health --timeout 300
@@ -404,7 +404,7 @@ argocd app delete \
   argocd-example \
   --yes
 argocd repo rm \
-  http://gitea-http.default.svc:3000/gitea/argocd-example.git
+  http://gitea-http.gitea.svc:3000/gitea/argocd-example.git
 curl \
   --silent \
   --show-error \

gitea.tf

@@ -1,10 +1,14 @@
 locals {
-  gitea_domain = "gitea.${var.ingress_domain}"
-  # TODO use a non-default namespace when the helm chart is correctly setting the
-  #      namespace in all the resources
-  #      see https://gitea.com/gitea/helm-chart/issues/630
-  gitea_namespace = "default"
+  gitea_domain    = "gitea.${var.ingress_domain}"
+  gitea_namespace = "gitea"
   gitea_manifests = [
+    {
+      apiVersion = "v1"
+      kind       = "Namespace"
+      metadata = {
+        name = local.gitea_namespace
+      }
+    },
     {
       apiVersion = "cert-manager.io/v1"
       kind       = "Certificate"
@@ -38,7 +42,7 @@ locals {
       }
     },
   ]
-  gitea_manifest = join("---\n", [for d in local.gitea_manifests : yamlencode(d)])
+  gitea_manifest = join("---\n", [data.kustomizer_manifest.gitea.manifest], [for d in local.gitea_manifests : yamlencode(d)])
 }
 
 # set the configuration.
@@ -133,3 +137,20 @@ data "helm_template" "gitea" {
     }
   })]
 }
+
+# NB we mainly use the Kustomization to set the gitea namespace (because the
+#    helm chart cannot do it).
+#    see https://gitea.com/gitea/helm-chart/issues/630
+# see https://registry.terraform.io/providers/rgl/kustomizer/latest/docs/data-sources/manifest
+data "kustomizer_manifest" "gitea" {
+  files = {
+    "kustomization.yaml"       = <<-EOF
+      apiVersion: kustomize.config.k8s.io/v1beta1
+      kind: Kustomization
+      namespace: ${yamlencode(local.gitea_namespace)}
+      resources:
+        - resources/resources.yaml
+    EOF
+    "resources/resources.yaml" = data.helm_template.gitea.manifest
+  }
+}

providers.tf

@@ -26,6 +26,12 @@ terraform {
       source  = "hashicorp/helm"
       version = "2.15.0"
     }
+    # see https://registry.terraform.io/providers/rgl/kustomizer
+    # see https://github.com/rgl/terraform-provider-kustomizer
+    kustomizer = {
+      source  = "rgl/kustomizer"
+      version = "0.0.1"
+    }
   }
 }
 

talos.tf

@@ -144,18 +144,8 @@ data "talos_machine_configuration" "controller" {
             contents = data.helm_template.reloader.manifest
           },
           {
-            name = "gitea"
-            contents = join("---\n", [
-              yamlencode({
-                apiVersion = "v1"
-                kind       = "Namespace"
-                metadata = {
-                  name = local.gitea_namespace
-                }
-              }),
-              data.helm_template.gitea.manifest,
-              "# Source gitea.tf\n${local.gitea_manifest}",
-            ])
+            name     = "gitea"
+            contents = local.gitea_manifest
           },
           {
             name = "argocd"