garm
This app deploys garm with external garm-provider-k8s.
- API/UI ingress:
https://garm.lumpiasty.xyz - Internal service DNS:
http://garm.garm.svc.cluster.local:9997
Vault secret requirements
VaultStaticSecret reads secret/data/garm and expects at least:
jwt_auth_secretdatabase_passphrase(must be 32 characters)
Connect garm to Gitea
After Flux reconciles this app, initialize garm and add Gitea endpoint/credentials.
# 1) Initialize garm (from your local devenv shell)
garm-cli init \
--name homelab \
--url https://garm.lumpiasty.xyz \
--username admin \
--email admin@lumpiasty.xyz \
--password '<STRONG_ADMIN_PASSWORD>' \
--metadata-url http://garm.garm.svc.cluster.local:9997/api/v1/metadata \
--callback-url http://garm.garm.svc.cluster.local:9997/api/v1/callbacks \
--webhook-url http://garm.garm.svc.cluster.local:9997/webhooks
# 2) Add Gitea endpoint
garm-cli gitea endpoint create \
--name local-gitea \
--description 'Cluster Gitea' \
--base-url http://gitea-http.gitea.svc.cluster.local:80 \
--api-base-url http://gitea-http.gitea.svc.cluster.local:80/api/v1
# 3) Add Gitea PAT credentials
garm-cli gitea credentials add \
--name gitea-pat \
--description 'PAT for garm' \
--endpoint local-gitea \
--auth-type pat \
--pat-oauth-token '<GITEA_PAT_WITH_write:repository,write:organization>'
Then add repositories/orgs and create pools against provider kubernetes_external.
If Gitea refuses webhook installation to cluster-local URLs, set gitea.config.webhook.ALLOWED_HOST_LIST in apps/gitea/release.yaml.