apiVersion: v1 kind: Secret metadata: name: ci-controller-secret namespace: build type: Opaque stringData: GITEA_PASSWORD: "InfiniCare2026!" WEBHOOK_SECRET: "ci-controller-webhook-secret-2026" --- apiVersion: v1 kind: ConfigMap metadata: name: ci-controller-config namespace: build data: GITEA_URL: "http://gitea-http.gitea.svc:3000" GITEA_USER: "gitea_admin" REGISTRY: "10.0.0.3:31427" BUILD_NAMESPACE: "build" REGISTRY_SECRET: "gitea-registry" IGNORED_REPOS: "gitops-infra" --- apiVersion: apps/v1 kind: Deployment metadata: name: ci-controller namespace: build labels: app: ci-controller spec: replicas: 1 selector: matchLabels: app: ci-controller template: metadata: labels: app: ci-controller spec: serviceAccountName: gitea-runner nodeSelector: kubernetes.io/hostname: kubemaster1 tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule containers: - name: controller image: python:3.12-alpine command: ["sh", "-c"] args: - | apk add --no-cache git curl kubectl cd /app python3 controller.py ports: - containerPort: 8080 name: http envFrom: - configMapRef: name: ci-controller-config - secretRef: name: ci-controller-secret volumeMounts: - name: controller-code mountPath: /app resources: requests: cpu: 50m memory: 64Mi limits: cpu: 500m memory: 512Mi livenessProbe: httpGet: path: / port: http periodSeconds: 30 readinessProbe: httpGet: path: / port: http periodSeconds: 10 volumes: - name: controller-code configMap: name: ci-controller-code --- apiVersion: v1 kind: Service metadata: name: ci-controller namespace: build spec: type: ClusterIP ports: - port: 8080 targetPort: http protocol: TCP name: http selector: app: ci-controller