vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-14 16:28:38 +02:00
parent e58f82534c
commit b725a2abb0
10 changed files with 139 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
apps/gitea/apps_v1_Deployment_gitea.yaml
View File

@@ -5,12 +5,12 @@ metadata:
name: gitea name: gitea
annotations: annotations:
labels: labels:
helm.sh/chart: gitea-9.5.0 helm.sh/chart: gitea-10.1.4
app: gitea app: gitea
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: gitea app.kubernetes.io/instance: gitea
app.kubernetes.io/version: "1.20.5" app.kubernetes.io/version: "1.21.11"
version: "1.20.5" version: "1.21.11"
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
spec: spec:
replicas: 1 replicas: 1
@@ -26,15 +26,15 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
checksum/config: ad2ce0a245d17a13676e98bfc6d1833351e36e913af45f98b89299cc83f3fc11 checksum/config: d717f60ade106d6c565601b0ad889768e36e11d1355dfa3556467d525646fab9
checksum/oauth_0: 8082487c20cf56dc3aff5b15ecf79483bc184c497ffb48237cf48c1a8757fcf2 checksum/oauth_0: 8082487c20cf56dc3aff5b15ecf79483bc184c497ffb48237cf48c1a8757fcf2
labels: labels:
helm.sh/chart: gitea-9.5.0 helm.sh/chart: gitea-10.1.4
app: gitea app: gitea
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: gitea app.kubernetes.io/instance: gitea
app.kubernetes.io/version: "1.20.5" app.kubernetes.io/version: "1.21.11"
version: "1.20.5" version: "1.21.11"
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
spec: spec:
@@ -42,8 +42,8 @@ spec:
fsGroup: 1000 fsGroup: 1000
initContainers: initContainers:
- name: init-directories - name: init-directories
image: "gitea/gitea:1.20.5-rootless" image: "gitea/gitea:1.21.11-rootless"
imagePullPolicy: Always imagePullPolicy: IfNotPresent
command: ["/usr/sbin/init_directory_structure.sh"] command: ["/usr/sbin/init_directory_structure.sh"]
env: env:
- name: GITEA_APP_INI - name: GITEA_APP_INI
@@ -72,8 +72,8 @@ spec:
cpu: 100m cpu: 100m
memory: 128Mi memory: 128Mi
- name: init-app-ini - name: init-app-ini
image: "gitea/gitea:1.20.5-rootless" image: "gitea/gitea:1.21.11-rootless"
imagePullPolicy: Always imagePullPolicy: IfNotPresent
command: ["/usr/sbin/config_environment.sh"] command: ["/usr/sbin/config_environment.sh"]
env: env:
- name: GITEA_APP_INI - name: GITEA_APP_INI
@@ -108,9 +108,9 @@ spec:
cpu: 100m cpu: 100m
memory: 128Mi memory: 128Mi
- name: configure-gitea - name: configure-gitea
image: "gitea/gitea:1.20.5-rootless" image: "gitea/gitea:1.21.11-rootless"
command: ["/usr/sbin/configure_gitea.sh"] command: ["/usr/sbin/configure_gitea.sh"]
imagePullPolicy: Always imagePullPolicy: IfNotPresent
securityContext: securityContext:
capabilities: capabilities:
add: add:
@@ -163,8 +163,8 @@ spec:
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
containers: containers:
- name: gitea - name: gitea
image: "gitea/gitea:1.20.5-rootless" image: "gitea/gitea:1.21.11-rootless"
imagePullPolicy: Always imagePullPolicy: IfNotPresent
env: env:
# SSH Port values have to be set here as well for openssh configuration # SSH Port values have to be set here as well for openssh configuration
- name: SSH_LISTEN_PORT - name: SSH_LISTEN_PORT

13
apps/gitea/check.rhai Normal file
View File

@@ -0,0 +1,13 @@
const DOMAIN = config.domain;
fn check_domain() {
assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`);
}
fn check_authentik() {
assert(have_namespace(`${global::DOMAIN}-auth`), `There is no ${global::DOMAIN}-auth namespace`);
assert(have_install(`${global::DOMAIN}-auth`, "authentik"), `No authentik installation in ${global::DOMAIN}-auth`);
assert(have_secret(`${global::DOMAIN}-auth`, "authentik"), `No authentik secret in ${global::DOMAIN}-auth`);
}
fn pre_check() {
check_domain();
check_authentik();
}

1
apps/gitea/datas.tf
View File

@@ -136,6 +136,7 @@ data "kustomization_overlay" "data" {
- name: gitea - name: gitea
image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}" image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: ${jsonencode(var.resources)}
volumeMounts: volumeMounts:
- name: certs - name: certs
mountPath: /etc/ssl/certs mountPath: /etc/ssl/certs

5
apps/gitea/index.rhai Normal file
View File

@@ -0,0 +1,5 @@
const NS=config.namespace;
const SRC=src;
fn pre_install() {
shell(`kubectl create -n ${global::NS} -f ${global::SRC}/v1_ConfigMap_gitea-themes.yaml || :`);
}

49
apps/gitea/index.yaml
View File

@@ -161,7 +161,7 @@ options:
pull_policy: IfNotPresent pull_policy: IfNotPresent
registry: docker.io registry: docker.io
repository: gitea/gitea repository: gitea/gitea
tag: 1.20.5-rootless tag: 1.21.11-rootless
postgresql: postgresql:
registry: ghcr.io registry: ghcr.io
repository: cloudnative-pg/postgresql repository: cloudnative-pg/postgresql
@@ -181,7 +181,7 @@ options:
pull_policy: IfNotPresent pull_policy: IfNotPresent
registry: docker.io registry: docker.io
repository: gitea/gitea repository: gitea/gitea
tag: 1.20.5-rootless tag: 1.21.11-rootless
postgresql: postgresql:
registry: ghcr.io registry: ghcr.io
repository: cloudnative-pg/postgresql repository: cloudnative-pg/postgresql
@@ -202,7 +202,7 @@ options:
pull_policy: IfNotPresent pull_policy: IfNotPresent
registry: docker.io registry: docker.io
repository: gitea/gitea repository: gitea/gitea
tag: 1.20.5-rootless tag: 1.21.11-rootless
properties: properties:
pull_policy: pull_policy:
default: IfNotPresent default: IfNotPresent
@@ -218,7 +218,7 @@ options:
default: gitea/gitea default: gitea/gitea
type: string type: string
tag: tag:
default: 1.20.5-rootless default: 1.21.11-rootless
type: string type: string
type: object type: object
postgresql: postgresql:
@@ -363,6 +363,47 @@ options:
examples: examples:
- 1 - 1
type: integer type: integer
resources:
default:
limits:
cpu: 1000m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
examples:
- limits:
cpu: 1000m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
properties:
limits:
default:
cpu: 1000m
memory: 512Mi
properties:
cpu:
default: 1000m
type: string
memory:
default: 512Mi
type: string
type: object
requests:
default:
cpu: 100m
memory: 256Mi
properties:
cpu:
default: 100m
type: string
memory:
default: 256Mi
type: string
type: object
type: object
ssh-port: ssh-port:
default: 2222 default: 2222
examples: examples:

3
apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml
View File

@@ -6,10 +6,13 @@ metadata:
namespace: vynil-ci namespace: vynil-ci
annotations: annotations:
helm.sh/resource-policy: keep helm.sh/resource-policy: keep
labels:
{}
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
volumeMode: Filesystem volumeMode: Filesystem
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi

52
apps/gitea/v1_Secret_gitea-init.yaml
View File

@@ -4,12 +4,12 @@ kind: Secret
metadata: metadata:
name: gitea-init name: gitea-init
labels: labels:
helm.sh/chart: gitea-9.5.0 helm.sh/chart: gitea-10.1.4
app: gitea app: gitea
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: gitea app.kubernetes.io/instance: gitea
app.kubernetes.io/version: "1.20.5" app.kubernetes.io/version: "1.21.11"
version: "1.20.5" version: "1.21.11"
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
type: Opaque type: Opaque
stringData: stringData:
@@ -48,7 +48,28 @@ stringData:
exit 1 exit 1
} }
function configure_admin_user() { function configure_admin_user() {
local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") local full_admin_list=$(gitea admin user list --admin)
local actual_user_table=''
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)"
if [[ "${full_admin_list}" =~ $regex ]]; then
actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
else
# This code block should never be reached, as long as the output table header remains the same.
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users."
echo " Please review the output of 'gitea admin user list --admin' shown below."
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
echo "DEBUG: Output of 'gitea admin user list --admin'"
echo "--"
echo "${full_admin_list}"
echo "--"
exit 1
fi
local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}")
if [[ -z "${ACCOUNT_ID}" ]]; then if [[ -z "${ACCOUNT_ID}" ]]; then
echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email "git-admin@local.com" --must-change-password=false gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email "git-admin@local.com" --must-change-password=false
@@ -70,7 +91,28 @@ stringData:
function configure_oauth() { function configure_oauth() {
local OAUTH_NAME='vynil' local OAUTH_NAME='vynil'
local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") local full_auth_list=$(gitea admin auth list --vertical-bars)
local actual_auth_table=''
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
if [[ "${full_auth_list}" =~ $regex ]]; then
actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
else
# This code block should never be reached, as long as the output table header remains the same.
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources."
echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below."
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
echo "--"
echo "${full_auth_list}"
echo "--"
exit 1
fi
local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${AUTH_ID}" ]]; then if [[ -z "${AUTH_ID}" ]]; then
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."

8
apps/gitea/v1_Secret_gitea.yaml
View File

@@ -4,12 +4,12 @@ kind: Secret
metadata: metadata:
name: gitea name: gitea
labels: labels:
helm.sh/chart: gitea-9.5.0 helm.sh/chart: gitea-10.1.4
app: gitea app: gitea
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: gitea app.kubernetes.io/instance: gitea
app.kubernetes.io/version: "1.20.5" app.kubernetes.io/version: "1.21.11"
version: "1.20.5" version: "1.21.11"
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
type: Opaque type: Opaque
stringData: stringData:
@@ -141,7 +141,7 @@ stringData:
} }
# save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs
# MUST BE CALLED BEFORE OTHER CONFIGURATION # MUST BE CALLED BEFORE OTHER CONFIGURATION
env2ini::generate_initial_secrets env2ini::generate_initial_secrets

6
apps/gitea/v1_Service_gitea-http.yaml
View File

@@ -4,12 +4,12 @@ kind: Service
metadata: metadata:
name: gitea-http name: gitea-http
labels: labels:
helm.sh/chart: gitea-9.5.0 helm.sh/chart: gitea-10.1.4
app: gitea app: gitea
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: gitea app.kubernetes.io/instance: gitea
app.kubernetes.io/version: "1.20.5" app.kubernetes.io/version: "1.21.11"
version: "1.20.5" version: "1.21.11"
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
annotations: annotations:
{} {}

6
apps/gitea/v1_Service_gitea-ssh.yaml
View File

@@ -4,12 +4,12 @@ kind: Service
metadata: metadata:
name: gitea-ssh name: gitea-ssh
labels: labels:
helm.sh/chart: gitea-9.5.0 helm.sh/chart: gitea-10.1.4
app: gitea app: gitea
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: gitea app.kubernetes.io/instance: gitea
app.kubernetes.io/version: "1.20.5" app.kubernetes.io/version: "1.21.11"
version: "1.20.5" version: "1.21.11"
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
annotations: annotations:
metallb.universe.tf/address-pool: mlb-pool-public metallb.universe.tf/address-pool: mlb-pool-public