diff --git a/apps/gitea/apps_v1_Deployment_gitea-memcached.yaml b/apps/gitea/apps_v1_Deployment_gitea-memcached.yaml deleted file mode 100644 index 7f3e048..0000000 --- a/apps/gitea/apps_v1_Deployment_gitea-memcached.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# Source: gitea/charts/memcached/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea-memcached - namespace: vynil-ci - labels: - app.kubernetes.io/name: memcached - helm.sh/chart: memcached-6.3.13 - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm -spec: - selector: - matchLabels: - app.kubernetes.io/name: memcached - app.kubernetes.io/instance: gitea - replicas: 1 - strategy: - rollingUpdate: {} - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/name: memcached - helm.sh/chart: memcached-6.3.13 - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - annotations: - spec: - - affinity: - podAffinity: - - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: memcached - app.kubernetes.io/instance: gitea - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - securityContext: - fsGroup: 1001 - serviceAccountName: default - containers: - - name: memcached - image: docker.io/bitnami/memcached:1.6.19-debian-11-r3 - imagePullPolicy: "IfNotPresent" - securityContext: - runAsNonRoot: true - runAsUser: 1001 - env: - - name: BITNAMI_DEBUG - value: "false" - - name: MEMCACHED_PORT_NUMBER - value: "11211" - ports: - - name: memcache - containerPort: 11211 - livenessProbe: - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - tcpSocket: - port: memcache - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 3 - tcpSocket: - port: memcache - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - volumeMounts: - - name: tmp - mountPath: /tmp - volumes: - - name: tmp - emptyDir: {} \ No newline at end of file diff --git a/apps/gitea/apps_v1_StatefulSet_gitea.yaml b/apps/gitea/apps_v1_StatefulSet_gitea.yaml deleted file mode 100644 index 85d1522..0000000 --- a/apps/gitea/apps_v1_StatefulSet_gitea.yaml +++ /dev/null @@ -1,247 +0,0 @@ -# Source: gitea/templates/gitea/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: gitea - annotations: - labels: - helm.sh/chart: gitea-8.0.3 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.19.1" - version: "1.19.1" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - serviceName: gitea - template: - metadata: - annotations: - checksum/config: 92a115496ca24d008eee552477c9d92637e4c5dafa30a3f43dbffed1ea616881 - checksum/ldap_0: 9356e28431e375c7fc7d624460a9f41c243f14c3f9765c40aa2b13cf46203eaf - labels: - helm.sh/chart: gitea-8.0.3 - app: gitea - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.19.1" - version: "1.19.1" - app.kubernetes.io/managed-by: Helm - spec: - - securityContext: - fsGroup: 1000 - initContainers: - - name: init-directories - image: "gitea/gitea:1.19.1" - imagePullPolicy: Always - command: ["/usr/sbin/init_directory_structure.sh"] - env: - - name: GITEA_APP_INI - value: /data/gitea/conf/app.ini - - name: GITEA_CUSTOM - value: /data/gitea - - name: GITEA_WORK_DIR - value: /data - - name: GITEA_TEMP - value: /tmp/gitea - - name: TZ - value: Europe/Paris - volumeMounts: - - name: init - mountPath: /usr/sbin - - name: temp - mountPath: /tmp - - name: data - mountPath: /data - - securityContext: - capabilities: - add: - - SYS_CHROOT - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - - name: init-app-ini - image: "gitea/gitea:1.19.1" - imagePullPolicy: Always - command: ["/usr/sbin/config_environment.sh"] - env: - - name: GITEA_APP_INI - value: /data/gitea/conf/app.ini - - name: GITEA_CUSTOM - value: /data/gitea - - name: GITEA_WORK_DIR - value: /data - - name: GITEA_TEMP - value: /tmp/gitea - - name: TZ - value: Europe/Paris - - name: ENV_TO_INI__DATABASE__LOG_SQL - value: "false" - - name: ENV_TO_INI__LOG__LEVEL - value: Debug - volumeMounts: - - name: config - mountPath: /usr/sbin - - name: temp - mountPath: /tmp - - name: data - mountPath: /data - - name: inline-config-sources - mountPath: /env-to-ini-mounts/inlines/ - - securityContext: - capabilities: - add: - - SYS_CHROOT - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - - name: configure-gitea - image: "gitea/gitea:1.19.1" - command: ["/usr/sbin/configure_gitea.sh"] - imagePullPolicy: Always - securityContext: - capabilities: - add: - - SYS_CHROOT - runAsUser: 1000 - env: - - name: GITEA_APP_INI - value: /data/gitea/conf/app.ini - - name: GITEA_CUSTOM - value: /data/gitea - - name: GITEA_WORK_DIR - value: /data - - name: GITEA_TEMP - value: /tmp/gitea - - name: GITEA_LDAP_BIND_DN_0 - valueFrom: - secretKeyRef: - key: bindDn - name: gitea-ldap - - name: GITEA_LDAP_PASSWORD_0 - valueFrom: - secretKeyRef: - key: bindPassword - name: gitea-ldap - - name: GITEA_ADMIN_USERNAME - valueFrom: - secretKeyRef: - key: username - name: gitea-admin-user - - name: GITEA_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: gitea-admin-user - - name: TZ - value: Europe/Paris - volumeMounts: - - name: init - mountPath: /usr/sbin - - name: temp - mountPath: /tmp - - name: data - mountPath: /data - - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - terminationGracePeriodSeconds: 60 - containers: - - name: gitea - image: "gitea/gitea:1.19.1" - imagePullPolicy: Always - env: - # SSH Port values have to be set here as well for openssh configuration - - name: SSH_LISTEN_PORT - value: "2222" - - name: SSH_PORT - value: "2222" - - name: SSH_LOG_LEVEL - value: "INFO" - - name: GITEA_APP_INI - value: /data/gitea/conf/app.ini - - name: GITEA_CUSTOM - value: /data/gitea - - name: GITEA_WORK_DIR - value: /data - - name: GITEA_TEMP - value: /tmp/gitea - - name: TMPDIR - value: /tmp/gitea - - name: TZ - value: Europe/Paris - ports: - - name: ssh - containerPort: 2222 - - name: http - containerPort: 3000 - livenessProbe: - failureThreshold: 10 - initialDelaySeconds: 200 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: http - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: http - timeoutSeconds: 1 - resources: - {} - securityContext: - capabilities: - add: - - SYS_CHROOT - volumeMounts: - - name: temp - mountPath: /tmp - - name: data - mountPath: /data - - mountPath: /data/gitea/public/css - name: gitea-themes - volumes: - - name: init - secret: - secretName: gitea-init - defaultMode: 110 - - name: config - secret: - secretName: gitea - defaultMode: 110 - - configMap: - name: gitea-themes - name: gitea-themes - - name: inline-config-sources - secret: - secretName: gitea-inline-config - - name: temp - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "10Gi" \ No newline at end of file diff --git a/apps/gitea/index.rhai b/apps/gitea/index.rhai index dc1610c..04ad77f 100644 --- a/apps/gitea/index.rhai +++ b/apps/gitea/index.rhai @@ -4,7 +4,7 @@ const SRC=src; const DEST=dest; fn pre_pack() { shell("helm repo add gitea-charts https://dl.gitea.io/charts/"); - shell(`helm template gitea gitea-charts/gitea --version 8.0.3 --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`); + shell(`helm template gitea gitea-charts/gitea --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`); } fn post_pack() { shell(`rm -f ${global::DEST}/v1_Pod_gitea-test-connection.yaml`); diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index a504a97..5092434 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -9,6 +9,66 @@ metadata: A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. options: + domain: + default: your-company + examples: + - your-company + type: string + volume: + default: + size: 10Gi + examples: + - size: 10Gi + properties: + size: + default: 10Gi + type: string + type: object + webhook: + default: + allowed-hosts: private + skip-tls-verify: false + examples: + - allowed-hosts: private + skip-tls-verify: false + properties: + allowed-hosts: + default: private + type: string + skip-tls-verify: + default: false + type: boolean + type: object + disable-registration: + default: true + examples: + - true + type: boolean + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + release: + default: 8.3.0 + examples: + - 8.3.0 + type: string + timezone: + default: Europe/Paris + examples: + - Europe/Paris + type: string + load-balancer: + default: + ip: '' + examples: + - ip: '' + properties: + ip: + default: '' + type: string + type: object postgres: default: replicas: 1 @@ -29,10 +89,15 @@ options: default: '14' type: string type: object - domain-name: - default: your_company.com + issuer: + default: letsencrypt-prod examples: - - your_company.com + - letsencrypt-prod + type: string + ingress-class: + default: traefik + examples: + - traefik type: string push-create: default: @@ -54,51 +119,6 @@ options: default: 'true' type: string type: object - theme: - default: gitea-modern - examples: - - gitea-modern - type: string - release: - default: 8.3.0 - examples: - - 8.3.0 - type: string - default-branch: - default: main - examples: - - main - type: string - webhook: - default: - allowed-hosts: private - skip-tls-verify: false - examples: - - allowed-hosts: private - skip-tls-verify: false - properties: - allowed-hosts: - default: private - type: string - skip-tls-verify: - default: false - type: boolean - type: object - replicas: - default: 1 - examples: - - 1 - type: integer - volume: - default: - size: 10Gi - examples: - - size: 10Gi - properties: - size: - default: 10Gi - type: string - type: object admin: default: email: git-admin@git.your_company.com @@ -177,51 +197,31 @@ options: type: string type: object type: object - timezone: - default: Europe/Paris - examples: - - Europe/Paris - type: string - domain: - default: your-company - examples: - - your-company - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string ssh-port: default: 2222 examples: - 2222 type: integer - load-balancer: - default: - ip: '' + default-branch: + default: main examples: - - ip: '' - properties: - ip: - default: '' - type: string - type: object - disable-registration: - default: true + - main + type: string + replicas: + default: 1 examples: - - true - type: boolean + - 1 + type: integer sub-domain: default: git examples: - git type: string + theme: + default: gitea-modern + examples: + - gitea-modern + type: string dependencies: - dist: null category: share @@ -239,3 +239,4 @@ providers: postgresql: null restapi: true http: true +tfaddtype: null diff --git a/apps/gitea/ingress.tf b/apps/gitea/ingress.tf index 5c05743..2e94dca 100644 --- a/apps/gitea/ingress.tf +++ b/apps/gitea/ingress.tf @@ -1,6 +1,6 @@ locals { dns-names = ["${var.sub-domain}.${var.domain-name}"] - middlewares = [{"name" = "${var.instance}-https"}] + middlewares = ["${var.instance}-https"] service = { "name" = "gitea-http" "port" = { diff --git a/apps/gitea/v1_Secret_gitea-init.yaml b/apps/gitea/v1_Secret_gitea-init.yaml index 3bae4fc..1feb147 100644 --- a/apps/gitea/v1_Secret_gitea-init.yaml +++ b/apps/gitea/v1_Secret_gitea-init.yaml @@ -4,12 +4,12 @@ kind: Secret metadata: name: gitea-init labels: - helm.sh/chart: gitea-8.0.3 + helm.sh/chart: gitea-9.0.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.19.1" - version: "1.19.1" + app.kubernetes.io/version: "1.20.1" + version: "1.20.1" app.kubernetes.io/managed-by: Helm type: Opaque stringData: @@ -24,14 +24,12 @@ stringData: set -euo pipefail set -x - chown 1000:1000 /data mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf # prepare temp directory structure mkdir -p "${GITEA_TEMP}" - chown 1000:1000 "${GITEA_TEMP}" chmod ug+rwx "${GITEA_TEMP}" @@ -49,6 +47,24 @@ stringData: echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds" exit 1 } + function test_redis_connection() { + local RETRY=0 + local MAX=30 + + echo 'Wait for redis to become avialable...' + until [ "${RETRY}" -ge "${MAX}" ]; do + nc -vz -w2 gitea-redis-cluster-headless.vynil-ci.svc.cluster.local 6379 && break + RETRY=$[${RETRY}+1] + echo "...not ready yet (${RETRY}/${MAX})" + done + + if [ "${RETRY}" -ge "${MAX}" ]; then + echo "Redis not reachable after '${MAX}' attempts!" + exit 1 + fi + } + + test_redis_connection function configure_admin_user() { local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then diff --git a/apps/gitea/v1_Secret_gitea.yaml b/apps/gitea/v1_Secret_gitea.yaml index 3afe6d0..49644e9 100644 --- a/apps/gitea/v1_Secret_gitea.yaml +++ b/apps/gitea/v1_Secret_gitea.yaml @@ -4,15 +4,16 @@ kind: Secret metadata: name: gitea labels: - helm.sh/chart: gitea-8.0.3 + helm.sh/chart: gitea-9.0.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.19.1" - version: "1.19.1" + app.kubernetes.io/version: "1.20.1" + version: "1.20.1" app.kubernetes.io/managed-by: Helm type: Opaque stringData: + assertions: | config_environment.sh: |- #!/usr/bin/env bash set -euo pipefail @@ -50,14 +51,14 @@ stringData: env2ini::log " + '${setting}'" if [[ -z "${section}" ]]; then - export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase + export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase return fi local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches masked_section="${masked_section//-/_0X2D_}" - export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase + export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase } function env2ini::reload_preset_envs() { @@ -131,15 +132,16 @@ stringData: # - initially used to set up Gitea # Anyway, they won't harm existing app.ini files - export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) - export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) - export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) - export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) + export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) + export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) + export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) + export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) env2ini::log "...Initial secrets generated\n" } - - env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs + + # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs + env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION env2ini::generate_initial_secrets @@ -160,10 +162,10 @@ stringData: env2ini::log ' - oauth2.JWT_SECRET' env2ini::log ' - server.LFS_JWT_SECRET' - unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN - unset ENV_TO_INI__SECURITY__SECRET_KEY - unset ENV_TO_INI__OAUTH2__JWT_SECRET - unset ENV_TO_INI__SERVER__LFS_JWT_SECRET + unset GITEA__SECURITY__INTERNAL_TOKEN + unset GITEA__SECURITY__SECRET_KEY + unset GITEA__OAUTH2__JWT_SECRET + unset GITEA__SERVER__LFS_JWT_SECRET fi - environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI \ No newline at end of file + environment-to-ini -o $GITEA_APP_INI \ No newline at end of file diff --git a/apps/gitea/v1_Service_gitea-http.yaml b/apps/gitea/v1_Service_gitea-http.yaml index 26fed0f..b92895f 100644 --- a/apps/gitea/v1_Service_gitea-http.yaml +++ b/apps/gitea/v1_Service_gitea-http.yaml @@ -4,12 +4,12 @@ kind: Service metadata: name: gitea-http labels: - helm.sh/chart: gitea-8.0.3 + helm.sh/chart: gitea-9.0.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.19.1" - version: "1.19.1" + app.kubernetes.io/version: "1.20.1" + version: "1.20.1" app.kubernetes.io/managed-by: Helm annotations: {} @@ -19,7 +19,7 @@ spec: ports: - name: http port: 3000 - targetPort: 3000 + targetPort: selector: app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea \ No newline at end of file diff --git a/apps/gitea/v1_Service_gitea-memcached.yaml b/apps/gitea/v1_Service_gitea-memcached.yaml deleted file mode 100644 index 92bf309..0000000 --- a/apps/gitea/v1_Service_gitea-memcached.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Source: gitea/charts/memcached/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: gitea-memcached - namespace: vynil-ci - labels: - app.kubernetes.io/name: memcached - helm.sh/chart: memcached-6.3.13 - app.kubernetes.io/instance: gitea - app.kubernetes.io/managed-by: Helm - annotations: -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: memcache - port: 11211 - targetPort: memcache - nodePort: null - selector: - app.kubernetes.io/name: memcached - app.kubernetes.io/instance: gitea \ No newline at end of file diff --git a/apps/gitea/v1_Service_gitea-ssh.yaml b/apps/gitea/v1_Service_gitea-ssh.yaml index b1b1751..17dbdc6 100644 --- a/apps/gitea/v1_Service_gitea-ssh.yaml +++ b/apps/gitea/v1_Service_gitea-ssh.yaml @@ -4,12 +4,12 @@ kind: Service metadata: name: gitea-ssh labels: - helm.sh/chart: gitea-8.0.3 + helm.sh/chart: gitea-9.0.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.19.1" - version: "1.19.1" + app.kubernetes.io/version: "1.20.1" + version: "1.20.1" app.kubernetes.io/managed-by: Helm annotations: metallb.universe.tf/address-pool: mlb-pool-public