From 0d388407844269a34781ac9bc7710d80662289d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Tue, 28 Nov 2023 13:30:08 +0100 Subject: [PATCH] fix --- apps/gitea/datas.tf | 35 ++++++ apps/gitea/index.yaml | 240 ++++++++++++++++++------------------- apps/gitea/ldap.tf | 10 -- apps/gitea/presentation.tf | 10 ++ 4 files changed, 165 insertions(+), 130 deletions(-) delete mode 100644 apps/gitea/ldap.tf diff --git a/apps/gitea/datas.tf b/apps/gitea/datas.tf index a465672..1f89d1f 100644 --- a/apps/gitea/datas.tf +++ b/apps/gitea/datas.tf @@ -44,6 +44,24 @@ data "kustomization_overlay" "data" { common_labels = local.common-labels namespace = var.namespace resources = [for file in fileset(path.module, "*.yaml"): file if ! contains(["index.yaml", "v1_ConfigMap_gitea-themes.yaml"], file)] + patches { + target { + kind = "Secret" + name = "gitea-init" + } + patch = <<-EOF + apiVersion: v1 + kind: Secret + metadata: + name: gitea-init + stringData: + configure_local_certs.sh: |- + #!/usr/bin/env bash + cp /etc/ssl/certs/ca-certificates.crt /etc/local-certs + cat /etc/local-ca/ca.crt >>/etc/local-certs/ca-certificates.crt + exec ./configure_gitea.sh + EOF + } patches { target { kind = "Deployment" @@ -60,6 +78,13 @@ data "kustomization_overlay" "data" { replicas: ${var.replicas} template: spec: + volumes: + - name: certs + emptyDir: {} + - name: localcerts + secret: + secretName: "${var.instance}-cert" + defaultMode: 0444 initContainers: - name: init-directories image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}" @@ -68,8 +93,15 @@ data "kustomization_overlay" "data" { image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}" imagePullPolicy: IfNotPresent - name: configure-gitea + command: ["/usr/sbin/configure_local_certs.sh"] image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}" imagePullPolicy: IfNotPresent + volumeMounts: + - name: localcerts + mountPath: /etc/local-ca + readOnly: true + - name: certs + mountPath: /etc/local-certs env: - name: VYNIL_OAUTH_DISCOVERY value: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/${var.component}-${var.instance}/.well-known/openid-configuration" @@ -109,6 +141,9 @@ data "kustomization_overlay" "data" { - name: gitea image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}" imagePullPolicy: IfNotPresent + volumeMounts: + - name: certs + mountPath: /etc/ssl/certs env: - name: SSH_LISTEN_PORT value: "2222" diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index 47a14ff..9233474 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -9,11 +9,71 @@ metadata: A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. options: + ingress-class: + default: traefik + examples: + - traefik + type: string + domain: + default: your-company + examples: + - your-company + type: string + app-group: + default: dev + examples: + - dev + type: string + release: + default: 8.3.0 + examples: + - 8.3.0 + type: string + load-balancer: + default: + ip: '' + examples: + - ip: '' + properties: + ip: + default: '' + type: string + type: object + theme: + default: gitea-modern + examples: + - gitea-modern + type: string + postgres: + default: + replicas: 1 + storage: 10Gi + version: '14' + examples: + - replicas: 1 + storage: 10Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 10Gi + type: string + version: + default: '14' + type: string + type: object timezone: default: Europe/Paris examples: - Europe/Paris type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string push-create: default: org: 'true' @@ -34,90 +94,11 @@ options: default: 'true' type: string type: object - volume: - default: - accessMode: ReadWriteOnce - size: 10Gi - examples: - - accessMode: ReadWriteOnce - size: 10Gi - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: object - postgres: - default: - replicas: 1 - storage: 10Gi - version: '14' - examples: - - replicas: 1 - storage: 10Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 10Gi - type: string - version: - default: '14' - type: string - type: object - theme: - default: gitea-modern - examples: - - gitea-modern - type: string - disable-registration: - default: true - examples: - - true - type: boolean - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - load-balancer: - default: - ip: '' - examples: - - ip: '' - properties: - ip: - default: '' - type: string - type: object - domain: - default: your-company - examples: - - your-company - type: string - sub-domain: + ssh-sub-domain: default: git examples: - git type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string redis: default: exporter: @@ -151,26 +132,6 @@ options: default: 2Gi type: string type: object - admin: - default: - email: git-admin@git.your_company.com - name: gitea_admin - examples: - - email: git-admin@git.your_company.com - name: gitea_admin - properties: - email: - default: git-admin@git.your_company.com - type: string - name: - default: gitea_admin - type: string - type: object - ssh-port: - default: 2222 - examples: - - 2222 - type: integer images: default: gitea: @@ -210,6 +171,16 @@ options: type: string type: object type: object + replicas: + default: 1 + examples: + - 1 + type: integer + disable-registration: + default: true + examples: + - true + type: boolean backups: default: enable: false @@ -316,26 +287,6 @@ options: default: false type: boolean type: object - replicas: - default: 1 - examples: - - 1 - type: integer - release: - default: 8.3.0 - examples: - - 8.3.0 - type: string - ssh-sub-domain: - default: git - examples: - - git - type: string - app-group: - default: dev - examples: - - dev - type: string webhook: default: allowed-hosts: private @@ -351,11 +302,60 @@ options: default: false type: boolean type: object + sub-domain: + default: git + examples: + - git + type: string + ssh-port: + default: 2222 + examples: + - 2222 + type: integer default-branch: default: main examples: - main type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + admin: + default: + email: git-admin@git.your_company.com + name: gitea_admin + examples: + - email: git-admin@git.your_company.com + name: gitea_admin + properties: + email: + default: git-admin@git.your_company.com + type: string + name: + default: gitea_admin + type: string + type: object + volume: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object dependencies: - dist: null category: share diff --git a/apps/gitea/ldap.tf b/apps/gitea/ldap.tf deleted file mode 100644 index c324958..0000000 --- a/apps/gitea/ldap.tf +++ /dev/null @@ -1,10 +0,0 @@ - -provider "restapi" { - uri = "http://authentik.${var.domain}-auth.svc/api/v3/" - headers = local.request_headers - create_method = "PATCH" - update_method = "PATCH" - destroy_method = "PATCH" - write_returns_object = true - id_attribute = "name" -} diff --git a/apps/gitea/presentation.tf b/apps/gitea/presentation.tf index 58e5f3a..b79471f 100644 --- a/apps/gitea/presentation.tf +++ b/apps/gitea/presentation.tf @@ -71,3 +71,13 @@ module "oauth2" { authentik = authentik } } + +provider "restapi" { + uri = "http://authentik.${var.domain}-auth.svc/api/v3/" + headers = local.request_headers + create_method = "PATCH" + update_method = "PATCH" + destroy_method = "PATCH" + write_returns_object = true + id_attribute = "name" +}