feat(infra-net): add new Secret for Infra Net credentials and configure HelmRelease dependencies

2026-05-28 15:15:50 +08:00
@@ -12,3 +12,9 @@ GITEA_ACTIONS_TOKEN=placeholder
 # Flux Operator Web OIDC 凭据（Gitea 启动后创建 OAuth2 应用获取，Redirect URI: https://cd.dev.cm/oauth2/callback）
 FLUX_WEB_OIDC_CLIENT_ID=placeholder
 FLUX_WEB_OIDC_CLIENT_SECRET=placeholder
 # Infra Net 凭据
 NET_MAXMIND_LICENSE_KEY=placeholder
 NET_CROWDSEC_BOUNCER_API_KEY=placeholder
 NET_TURNSTILE_SITE_KEY=placeholder
 NET_TURNSTILE_SECRET_KEY=placeholder
@@ -18,7 +18,7 @@ spec:
  values:
    image:
      repository: halohub/halo-pro
-      tag: 2.24.0
+      tag: 2.24.2
    service:
      type: ClusterIP
    ingress:
@@ -26,7 +26,6 @@ spec:
                nameservers:
                  - "169.254.20.10"
                  - "10.43.0.10"
              maxmindLicenseKey: "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"
            defaultBackend:
              affinity:
                nodeAffinity:
@@ -9,7 +9,7 @@ spec:
  chart:
    spec:
      chart: gitea
-      version: 12.5.0
+      version: 12.6.0
      sourceRef:
        kind: HelmRepository
        name: gitea
@@ -21,7 +21,7 @@ spec:
    postgresql-ha:
      enabled: false
    image:
-      tag: 1.25.5
+      tag: 1.26.2
    ingress:
      enabled: true
      className: nginx
@@ -15,6 +15,10 @@ spec:
        name: ingress-nginx
        namespace: infra-gitops
      interval: 12h
  valuesFrom:
    - kind: Secret
      name: infra-net-env
      valuesKey: ingress-nginx-values.yaml
  values:
    fullnameOverride: ingress-nginx
    controller:
@@ -125,8 +129,6 @@ spec:
        # crowdsec插件配置
        plugins: "crowdsec"
        lua-shared-dicts: "crowdsec_cache: 50m"
      # 启用geoip2模块
      maxmindLicenseKey: ""
      extraArgs:
        default-ssl-certificate: "infra-net/dev-cm-crt"
      # crowdsec插件配置
@@ -140,7 +142,10 @@ spec:
            - name: API_URL
              value: "http://crowdsec-service.infra-net.svc.cluster.local:8080"
            - name: API_KEY
-              value: "ImxBThnyiNm224V5DHYPY63KPAcyJ+WF0rm18Gr4M80"
+              valueFrom:
                secretKeyRef:
                  name: infra-net-env
                  key: NET_CROWDSEC_BOUNCER_API_KEY
            - name: BOUNCER_CONFIG
              value: "/crowdsec/crowdsec-bouncer.conf"
            - name: MODE
@@ -154,9 +159,15 @@ spec:
            - name: CAPTCHA_PROVIDER
              value: "turnstile"
            - name: SITE_KEY
-              value: "0x4AAAAAAAxJ2RPNWzn2LCc-"
+              valueFrom:
                secretKeyRef:
                  name: infra-net-env
                  key: NET_TURNSTILE_SITE_KEY
            - name: SECRET_KEY
-              value: "0x4AAAAAAAxJ2dwFOaNg5ae3c6wYTmWH0bU"
+              valueFrom:
                secretKeyRef:
                  name: infra-net-env
                  key: NET_TURNSTILE_SECRET_KEY
            - name: CAPTCHA_TEMPLATE_PATH
              value: /etc/nginx/static/captcha.html
          command: ['/bin/sh', '-c']
@@ -0,0 +1,16 @@
 # Infra Net 凭据
 # 变量来源: flux-env Secret (通过postBuild.substituteFrom注入)
 apiVersion: v1
 kind: Secret
 metadata:
  name: infra-net-env
  namespace: infra-net
 type: Opaque
 stringData:
  NET_MAXMIND_LICENSE_KEY: "${NET_MAXMIND_LICENSE_KEY}"
  NET_CROWDSEC_BOUNCER_API_KEY: "${NET_CROWDSEC_BOUNCER_API_KEY}"
  NET_TURNSTILE_SITE_KEY: "${NET_TURNSTILE_SITE_KEY}"
  NET_TURNSTILE_SECRET_KEY: "${NET_TURNSTILE_SECRET_KEY}"
  ingress-nginx-values.yaml: |
    controller:
      maxmindLicenseKey: "${NET_MAXMIND_LICENSE_KEY}"
@@ -5,3 +5,4 @@ resources:
  - s3-devcm-hw.yaml
  - dnspod-secret.yaml
  - gitea-actions.yaml
  - infra-net.yaml
@@ -14,3 +14,8 @@ apiVersion: v1
 kind: Namespace
 metadata:
  name: infra-gitops
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: infra-net