diff --git a/apps/gitea/apps_v1_Deployment_gitea-memcached.yaml b/apps/gitea/apps_v1_Deployment_gitea-memcached.yaml new file mode 100644 index 0000000..b69e2c8 --- /dev/null +++ b/apps/gitea/apps_v1_Deployment_gitea-memcached.yaml @@ -0,0 +1,89 @@ +# Source: gitea/charts/memcached/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea-memcached + namespace: vynil-ci + labels: + app.kubernetes.io/name: memcached + helm.sh/chart: memcached-6.3.14 + app.kubernetes.io/instance: gitea + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: memcached + app.kubernetes.io/instance: gitea + replicas: 1 + strategy: + rollingUpdate: {} + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: memcached + helm.sh/chart: memcached-6.3.14 + app.kubernetes.io/instance: gitea + app.kubernetes.io/managed-by: Helm + annotations: + spec: + + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: memcached + app.kubernetes.io/instance: gitea + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + serviceAccountName: default + containers: + - name: memcached + image: docker.io/bitnami/memcached:1.6.19-debian-11-r7 + imagePullPolicy: "IfNotPresent" + securityContext: + runAsNonRoot: true + runAsUser: 1001 + env: + - name: BITNAMI_DEBUG + value: "false" + - name: MEMCACHED_PORT_NUMBER + value: "11211" + ports: + - name: memcache + containerPort: 11211 + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + tcpSocket: + port: memcache + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + tcpSocket: + port: memcache + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + volumeMounts: + - name: tmp + mountPath: /tmp + volumes: + - name: tmp + emptyDir: {} \ No newline at end of file diff --git a/apps/gitea/apps_v1_Deployment_gitea.yaml b/apps/gitea/apps_v1_StatefulSet_gitea.yaml similarity index 85% rename from apps/gitea/apps_v1_Deployment_gitea.yaml rename to apps/gitea/apps_v1_StatefulSet_gitea.yaml index 9a955f7..d4a5c5f 100644 --- a/apps/gitea/apps_v1_Deployment_gitea.yaml +++ b/apps/gitea/apps_v1_StatefulSet_gitea.yaml @@ -1,40 +1,36 @@ -# Source: gitea/templates/gitea/deployment.yaml +# Source: gitea/templates/gitea/statefulset.yaml apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: gitea annotations: labels: - helm.sh/chart: gitea-9.5.1 + helm.sh/chart: gitea-8.3.0 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.19.3" + version: "1.19.3" app.kubernetes.io/managed-by: Helm spec: replicas: 1 - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - maxSurge: 100% selector: matchLabels: app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea + serviceName: gitea template: metadata: annotations: - checksum/config: 3750661fde9544c4bcf051be08d34cffcf6e0a25cbaa798dcc9cbfced9a9c50b + checksum/config: 234d12dce3bffb5b46e857b1e3afc54c872531615a53a40b15776bb4e1e23fa0 checksum/ldap_0: 9356e28431e375c7fc7d624460a9f41c243f14c3f9765c40aa2b13cf46203eaf labels: - helm.sh/chart: gitea-9.5.1 + helm.sh/chart: gitea-8.3.0 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.19.3" + version: "1.19.3" app.kubernetes.io/managed-by: Helm spec: @@ -42,7 +38,7 @@ spec: fsGroup: 1000 initContainers: - name: init-directories - image: "gitea/gitea:1.20.5-rootless" + image: "gitea/gitea:1.19.3" imagePullPolicy: Always command: ["/usr/sbin/init_directory_structure.sh"] env: @@ -54,6 +50,8 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea + - name: TZ + value: Europe/Paris volumeMounts: - name: init mountPath: /usr/sbin @@ -72,7 +70,7 @@ spec: cpu: 100m memory: 128Mi - name: init-app-ini - image: "gitea/gitea:1.20.5-rootless" + image: "gitea/gitea:1.19.3" imagePullPolicy: Always command: ["/usr/sbin/config_environment.sh"] env: @@ -84,6 +82,8 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea + - name: TZ + value: Europe/Paris - name: ENV_TO_INI__DATABASE__LOG_SQL value: "false" - name: ENV_TO_INI__LOG__LEVEL @@ -108,7 +108,7 @@ spec: cpu: 100m memory: 128Mi - name: configure-gitea - image: "gitea/gitea:1.20.5-rootless" + image: "gitea/gitea:1.19.3" command: ["/usr/sbin/configure_gitea.sh"] imagePullPolicy: Always securityContext: @@ -125,8 +125,6 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea - - name: HOME - value: /data/gitea/git - name: GITEA_LDAP_BIND_DN_0 valueFrom: secretKeyRef: @@ -147,6 +145,8 @@ spec: secretKeyRef: key: password name: gitea-admin-user + - name: TZ + value: Europe/Paris volumeMounts: - name: init mountPath: /usr/sbin @@ -163,7 +163,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: gitea - image: "gitea/gitea:1.20.5-rootless" + image: "gitea/gitea:1.19.3" imagePullPolicy: Always env: # SSH Port values have to be set here as well for openssh configuration @@ -171,6 +171,8 @@ spec: value: "2222" - name: SSH_PORT value: "2222" + - name: SSH_LOG_LEVEL + value: "INFO" - name: GITEA_APP_INI value: /data/gitea/conf/app.ini - name: GITEA_CUSTOM @@ -181,8 +183,8 @@ spec: value: /tmp/gitea - name: TMPDIR value: /tmp/gitea - - name: HOME - value: /data/gitea/git + - name: TZ + value: Europe/Paris ports: - name: ssh containerPort: 2222 @@ -234,6 +236,12 @@ spec: secretName: gitea-inline-config - name: temp emptyDir: {} - - name: data - persistentVolumeClaim: - claimName: gitea-shared-storage \ No newline at end of file + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "10Gi" \ No newline at end of file diff --git a/apps/gitea/index.rhai b/apps/gitea/index.rhai index cd6f3e2..c02ded2 100644 --- a/apps/gitea/index.rhai +++ b/apps/gitea/index.rhai @@ -4,10 +4,9 @@ const SRC=src; const DEST=dest; fn pre_pack() { shell("helm repo add gitea-charts https://dl.gitea.io/charts/"); - shell(`helm template gitea --version 9.5.1 gitea-charts/gitea --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`); + shell(`helm template gitea --version 8.3.0 gitea-charts/gitea --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`); } fn post_pack() { - shell(`rm -f ${global::DEST}/v1_Pod_gitea-test-connection.yaml`); shell(`rm -f ${global::DEST}/v1_Pod_gitea-test-connection.yaml`); shell(`rm -f ${global::DEST}/v1_Secret_gitea-inline-config.yaml`); let regex = "'\\\\\\${\\(LDAP_[A-Z_]*\\)}'"; diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index 1f37dbf..5b6166d 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -9,16 +9,76 @@ metadata: A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. options: - volume: + push-create: default: - size: 10Gi + org: 'true' + private: 'false' + user: 'true' examples: - - size: 10Gi + - org: 'true' + private: 'false' + user: 'true' properties: - size: - default: 10Gi + org: + default: 'true' + type: string + private: + default: 'false' + type: string + user: + default: 'true' type: string type: object + disable-registration: + default: true + examples: + - true + type: boolean + domain: + default: your-company + examples: + - your-company + type: string + timezone: + default: Europe/Paris + examples: + - Europe/Paris + type: string + replicas: + default: 1 + examples: + - 1 + type: integer + ssh-port: + default: 2222 + examples: + - 2222 + type: integer + admin: + default: + email: git-admin@git.your_company.com + name: gitea_admin + examples: + - email: git-admin@git.your_company.com + name: gitea_admin + properties: + email: + default: git-admin@git.your_company.com + type: string + name: + default: gitea_admin + type: string + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + app-group: + default: dev + examples: + - dev + type: string postgres: default: replicas: 1 @@ -39,10 +99,123 @@ options: default: '14' type: string type: object - issuer: - default: letsencrypt-prod + release: + default: 8.3.0 examples: - - letsencrypt-prod + - 8.3.0 + type: string + volume: + default: + size: 10Gi + examples: + - size: 10Gi + properties: + size: + default: 10Gi + type: string + type: object + images: + default: + gitea: + pullPolicy: IfNotPresent + registry: docker.io + repository: gitea/gitea + tag: 1.19.3 + memcached: + registry: docker.io + repository: bitnami/memcached + tag: 1.6.22 + examples: + - gitea: + pullPolicy: IfNotPresent + registry: docker.io + repository: gitea/gitea + tag: 1.19.3 + memcached: + registry: docker.io + repository: bitnami/memcached + tag: 1.6.22 + properties: + gitea: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: gitea/gitea + tag: 1.19.3 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: gitea/gitea + type: string + tag: + default: 1.19.3 + type: string + type: object + memcached: + default: + registry: docker.io + repository: bitnami/memcached + tag: 1.6.22 + properties: + registry: + default: docker.io + type: string + repository: + default: bitnami/memcached + type: string + tag: + default: 1.6.22 + type: string + type: object + type: object + theme: + default: gitea-modern + examples: + - gitea-modern + type: string + load-balancer: + default: + ip: '' + examples: + - ip: '' + properties: + ip: + default: '' + type: string + type: object + sub-domain: + default: git + examples: + - git + type: string + webhook: + default: + allowed-hosts: private + skip-tls-verify: false + examples: + - allowed-hosts: private + skip-tls-verify: false + properties: + allowed-hosts: + default: private + type: string + skip-tls-verify: + default: false + type: boolean + type: object + domain-name: + default: your_company.com + examples: + - your_company.com type: string backups: default: @@ -150,189 +323,16 @@ options: default: false type: boolean type: object - domain-name: - default: your_company.com + ingress-class: + default: traefik examples: - - your_company.com + - traefik type: string default-branch: default: main examples: - main type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - timezone: - default: Europe/Paris - examples: - - Europe/Paris - type: string - images: - default: - gitea: - pullPolicy: IfNotPresent - registry: docker.io - repository: gitea/gitea - tag: 1.20.5-rootless - memcached: - registry: docker.io - repository: bitnami/memcached - tag: 1.6.22 - examples: - - gitea: - pullPolicy: IfNotPresent - registry: docker.io - repository: gitea/gitea - tag: 1.20.5-rootless - memcached: - registry: docker.io - repository: bitnami/memcached - tag: 1.6.22 - properties: - gitea: - default: - pullPolicy: IfNotPresent - registry: docker.io - repository: gitea/gitea - tag: 1.20.5-rootless - properties: - pullPolicy: - default: IfNotPresent - enum: - - Always - - Never - - IfNotPresent - type: string - registry: - default: docker.io - type: string - repository: - default: gitea/gitea - type: string - tag: - default: 1.20.5-rootless - type: string - type: object - memcached: - default: - registry: docker.io - repository: bitnami/memcached - tag: 1.6.22 - properties: - registry: - default: docker.io - type: string - repository: - default: bitnami/memcached - type: string - tag: - default: 1.6.22 - type: string - type: object - type: object - release: - default: 8.3.0 - examples: - - 8.3.0 - type: string - replicas: - default: 1 - examples: - - 1 - type: integer - load-balancer: - default: - ip: '' - examples: - - ip: '' - properties: - ip: - default: '' - type: string - type: object - theme: - default: gitea-modern - examples: - - gitea-modern - type: string - push-create: - default: - org: 'true' - private: 'false' - user: 'true' - examples: - - org: 'true' - private: 'false' - user: 'true' - properties: - org: - default: 'true' - type: string - private: - default: 'false' - type: string - user: - default: 'true' - type: string - type: object - webhook: - default: - allowed-hosts: private - skip-tls-verify: false - examples: - - allowed-hosts: private - skip-tls-verify: false - properties: - allowed-hosts: - default: private - type: string - skip-tls-verify: - default: false - type: boolean - type: object - domain: - default: your-company - examples: - - your-company - type: string - sub-domain: - default: git - examples: - - git - type: string - disable-registration: - default: true - examples: - - true - type: boolean - app-group: - default: dev - examples: - - dev - type: string - ssh-port: - default: 2222 - examples: - - 2222 - type: integer - admin: - default: - email: git-admin@git.your_company.com - name: gitea_admin - examples: - - email: git-admin@git.your_company.com - name: gitea_admin - properties: - email: - default: git-admin@git.your_company.com - type: string - name: - default: gitea_admin - type: string - type: object dependencies: - dist: null category: share diff --git a/apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml b/apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml deleted file mode 100644 index bc8d999..0000000 --- a/apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Source: gitea/templates/gitea/pvc.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: gitea-shared-storage - namespace: vynil-ci - annotations: - helm.sh/resource-policy: keep -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 10Gi \ No newline at end of file diff --git a/apps/gitea/v1_Secret_gitea-init.yaml b/apps/gitea/v1_Secret_gitea-init.yaml index d06e8c7..dc3c0db 100644 --- a/apps/gitea/v1_Secret_gitea-init.yaml +++ b/apps/gitea/v1_Secret_gitea-init.yaml @@ -4,12 +4,12 @@ kind: Secret metadata: name: gitea-init labels: - helm.sh/chart: gitea-9.5.1 + helm.sh/chart: gitea-8.3.0 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.19.3" + version: "1.19.3" app.kubernetes.io/managed-by: Helm type: Opaque stringData: @@ -24,12 +24,14 @@ stringData: set -euo pipefail set -x + chown 1000:1000 /data mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf # prepare temp directory structure mkdir -p "${GITEA_TEMP}" + chown 1000:1000 "${GITEA_TEMP}" chmod ug+rwx "${GITEA_TEMP}" diff --git a/apps/gitea/v1_Secret_gitea.yaml b/apps/gitea/v1_Secret_gitea.yaml index 0406029..c280f38 100644 --- a/apps/gitea/v1_Secret_gitea.yaml +++ b/apps/gitea/v1_Secret_gitea.yaml @@ -4,16 +4,15 @@ kind: Secret metadata: name: gitea labels: - helm.sh/chart: gitea-9.5.1 + helm.sh/chart: gitea-8.3.0 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.19.3" + version: "1.19.3" app.kubernetes.io/managed-by: Helm type: Opaque stringData: - assertions: | config_environment.sh: |- #!/usr/bin/env bash set -euo pipefail @@ -51,14 +50,14 @@ stringData: env2ini::log " + '${setting}'" if [[ -z "${section}" ]]; then - export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase + export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase return fi local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches masked_section="${masked_section//-/_0X2D_}" - export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase + export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase } function env2ini::reload_preset_envs() { @@ -132,16 +131,15 @@ stringData: # - initially used to set up Gitea # Anyway, they won't harm existing app.ini files - export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) - export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) - export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) - export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) + export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) + export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) + export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) + export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) env2ini::log "...Initial secrets generated\n" } - - # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs - env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs + + env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION env2ini::generate_initial_secrets @@ -162,10 +160,10 @@ stringData: env2ini::log ' - oauth2.JWT_SECRET' env2ini::log ' - server.LFS_JWT_SECRET' - unset GITEA__SECURITY__INTERNAL_TOKEN - unset GITEA__SECURITY__SECRET_KEY - unset GITEA__OAUTH2__JWT_SECRET - unset GITEA__SERVER__LFS_JWT_SECRET + unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN + unset ENV_TO_INI__SECURITY__SECRET_KEY + unset ENV_TO_INI__OAUTH2__JWT_SECRET + unset ENV_TO_INI__SERVER__LFS_JWT_SECRET fi - environment-to-ini -o $GITEA_APP_INI \ No newline at end of file + environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI \ No newline at end of file diff --git a/apps/gitea/v1_Service_gitea-http.yaml b/apps/gitea/v1_Service_gitea-http.yaml index af58765..7992d59 100644 --- a/apps/gitea/v1_Service_gitea-http.yaml +++ b/apps/gitea/v1_Service_gitea-http.yaml @@ -4,12 +4,12 @@ kind: Service metadata: name: gitea-http labels: - helm.sh/chart: gitea-9.5.1 + helm.sh/chart: gitea-8.3.0 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.19.3" + version: "1.19.3" app.kubernetes.io/managed-by: Helm annotations: {} @@ -19,7 +19,7 @@ spec: ports: - name: http port: 3000 - targetPort: + targetPort: 3000 selector: app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea \ No newline at end of file diff --git a/apps/gitea/v1_Service_gitea-memcached.yaml b/apps/gitea/v1_Service_gitea-memcached.yaml new file mode 100644 index 0000000..8b7bcd2 --- /dev/null +++ b/apps/gitea/v1_Service_gitea-memcached.yaml @@ -0,0 +1,23 @@ +# Source: gitea/charts/memcached/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: gitea-memcached + namespace: vynil-ci + labels: + app.kubernetes.io/name: memcached + helm.sh/chart: memcached-6.3.14 + app.kubernetes.io/instance: gitea + app.kubernetes.io/managed-by: Helm + annotations: +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: memcache + port: 11211 + targetPort: memcache + nodePort: null + selector: + app.kubernetes.io/name: memcached + app.kubernetes.io/instance: gitea \ No newline at end of file diff --git a/apps/gitea/v1_Service_gitea-ssh.yaml b/apps/gitea/v1_Service_gitea-ssh.yaml index d640cd8..30b5f5d 100644 --- a/apps/gitea/v1_Service_gitea-ssh.yaml +++ b/apps/gitea/v1_Service_gitea-ssh.yaml @@ -4,12 +4,12 @@ kind: Service metadata: name: gitea-ssh labels: - helm.sh/chart: gitea-9.5.1 + helm.sh/chart: gitea-8.3.0 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.19.3" + version: "1.19.3" app.kubernetes.io/managed-by: Helm annotations: metallb.universe.tf/address-pool: mlb-pool-public