feat(s3): add gitea-db NetworkPolicies and Valkey values template

- gitea-db-networkpolicies.yaml: allow-egress-kube-api and
  allow-ingress-from-cnpg-operator for gitea-db cluster pods;
  required because databases namespace has default-deny-all policy
  and existing allow rules only covered net-kingdom-pg
- valkey-values.sops.yaml.template: standalone Valkey Helm values
  template with Gitea connection string documentation
- .gitignore: allow *-networkpolicies.yaml alongside *-cluster.yaml

Fixes gitea-db initdb failure (T03); gitea-db cluster now healthy.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-27 02:23:00 +01:00
parent 2a4312643d
commit e29f430b8d
3 changed files with 65 additions and 0 deletions

1
.gitignore vendored
View File

@@ -4,6 +4,7 @@ helm/*.yaml
!helm/*.yaml.template
# Kubernetes manifests (no secrets) are safe to commit
!helm/*-cluster.yaml
!helm/*-networkpolicies.yaml
# Kubeconfig
*.kubeconfig