From f450870184f0db95f7424923fabdcc71a4084849 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sun, 21 Nov 2021 11:24:34 +0100 Subject: [PATCH] --gitea --- apps/gitea/.helmignore | 23 -- apps/gitea/Chart.yaml | 24 -- apps/gitea/README.md | 6 - apps/gitea/templates/deployment.yaml | 233 ------------------ .../templates/tests/test-connection.yaml | 13 - apps/gitea/values.yaml | 8 - 6 files changed, 307 deletions(-) delete mode 100644 apps/gitea/.helmignore delete mode 100644 apps/gitea/Chart.yaml delete mode 100644 apps/gitea/README.md delete mode 100644 apps/gitea/templates/deployment.yaml delete mode 100644 apps/gitea/templates/tests/test-connection.yaml delete mode 100644 apps/gitea/values.yaml diff --git a/apps/gitea/.helmignore b/apps/gitea/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/apps/gitea/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/apps/gitea/Chart.yaml b/apps/gitea/Chart.yaml deleted file mode 100644 index c339278..0000000 --- a/apps/gitea/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: gitea -description: ungleich managed gitea - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.14.5" diff --git a/apps/gitea/README.md b/apps/gitea/README.md deleted file mode 100644 index 7d68f32..0000000 --- a/apps/gitea/README.md +++ /dev/null @@ -1,6 +0,0 @@ -## Missing - -- db secret generation (sops?) -- SMTP settings / secrets (ungleich mail + sops?) -- Exposing sizes in value.yaml (db, gitea) - - Maybe reducing to 1 PVC? diff --git a/apps/gitea/templates/deployment.yaml b/apps/gitea/templates/deployment.yaml deleted file mode 100644 index 1e66932..0000000 --- a/apps/gitea/templates/deployment.yaml +++ /dev/null @@ -1,233 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-gitea -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-gitea - replicas: 1 - template: - metadata: - labels: - app: {{ .Release.Name }}-gitea - use-as-service: {{ .Release.Name }} - spec: - initContainers: - - name: wait-for-cert - image: busybox - command: - - sh - - -c - - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done - volumeMounts: - - name: etcletsencrypt - mountPath: "/etc/letsencrypt" - containers: - # This container will only start *after* the cert has been placed - - name: nginx - image: nginx:1.21-alpine - ports: - - containerPort: 443 - volumeMounts: - - name: nginx-config - mountPath: "/etc/nginx/conf.d/" - - name: etcletsencrypt - mountPath: "/etc/letsencrypt" - - name: postgres - image: postgres:13 - ports: - - containerPort: 5432 - envFrom: - - configMapRef: - name: {{ tpl .Values.identifier . }}-postgres-config - # Use subpath to avoid lost+found error - volumeMounts: - - name: postgres-data - mountPath: "/var/lib/postgresql/data" - subPath: postgres - - name: gitea - image: gitea/gitea:{{ .Chart.AppVersion }} - ports: - - containerPort: 22 - - containerPort: 3000 - securityContext: - capabilities: - add: - - SYS_CHROOT - env: - - name: USER_UID - value: "1000" - - name: USER_GID - value: "1000" - - name: GITEA__server__DOMAIN - value: "{{ tpl .Values.fqdn . }}" - - name: GITEA__server__ROOT_URL - value: "https://{{ tpl .Values.fqdn . }}" - - name: GITEA__database__DB_TYPE - value: "postgres" - - name: GITEA__database__HOST - value: "localhost" - - name: GITEA__database__NAME - valueFrom: - configMapKeyRef: - name: {{ tpl .Values.identifier . }}-postgres-config - key: POSTGRES_DB - - name: GITEA__database__USER - valueFrom: - configMapKeyRef: - name: {{ tpl .Values.identifier . }}-postgres-config - key: POSTGRES_USER - - name: GITEA__database__PASSWD - valueFrom: - configMapKeyRef: - name: {{ tpl .Values.identifier . }}-postgres-config - key: POSTGRES_PASSWORD - volumeMounts: - - name: etcletsencrypt - mountPath: "/etc/letsencrypt" - - name: data - mountPath: "/data" - volumes: - - name: etcletsencrypt - persistentVolumeClaim: - claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs - - name: data - persistentVolumeClaim: - claimName: {{ tpl .Values.identifier . }}-data - - name: postgres-data - persistentVolumeClaim: - claimName: {{ tpl .Values.identifier . }}-postgres-data - - name: nginx-config - configMap: - name: {{ tpl .Values.identifier . }}-nginx-config - ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tpl .Values.identifier . }} - labels: - app: {{ tpl .Values.identifier . }} -spec: - type: ClusterIP - ports: - - port: 22 - name: ssh - # Required for letsencrypt - - port: 80 - name: http - - port: 443 - name: https - selector: - use-as-service: {{ .Release.Name }} -# --- -# apiVersion: v1 -# kind: ConfigMap -# metadata: -# name: {{ tpl .Values.identifier . }}-giteaconfig -# data: -# {{ tpl (.Files.Glob "gitea/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ tpl .Values.identifier . }}-letsencrypt-certs -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 50Mi - storageClassName: rook-cephfs ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ tpl .Values.identifier . }}-data -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - storageClassName: rook-cephfs ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ tpl .Values.identifier . }}-postgres-data -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 500Mi - storageClassName: rook-ceph-block ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ tpl .Values.identifier . }}-getcert -spec: - template: - metadata: - labels: - app: certbot-letsencrypt-getcert - use-as-service: {{ .Release.Name }} - spec: - restartPolicy: Never - containers: - - name: certbot - image: ungleich/ungleich-certbot - ports: - - containerPort: 80 - env: - - name: DOMAIN - value: "{{ tpl .Values.fqdn . }}" - - name: EMAIL - value: "{{ .Values.email }}" - {{ if eq .Values.letsencryptStaging "no" }} - - name: STAGING - value: "no" - {{ end }} - volumeMounts: - - name: etcletsencrypt - mountPath: "/etc/letsencrypt" - volumes: - - name: etcletsencrypt - persistentVolumeClaim: - claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs - backoffLimit: 3 ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ tpl .Values.identifier . }}-nginx-config -data: - default.conf: | - server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name {{ tpl .Values.fqdn . }}; - - ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem; - - client_max_body_size 256m; - - location / { - proxy_pass http://localhost:3000; - } - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ tpl .Values.identifier . }}-postgres-config -data: - POSTGRES_USER: gitea - POSTGRES_PASSWORD: aiJohtoqueeng0oosh8ohfoh1chahPh3 - POSTGRES_DB: gitea diff --git a/apps/gitea/templates/tests/test-connection.yaml b/apps/gitea/templates/tests/test-connection.yaml deleted file mode 100644 index 85cbdda..0000000 --- a/apps/gitea/templates/tests/test-connection.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ tpl .Values.identifier . }}-test-connection" - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['https://{{ tpl .Values.fqdn . }}'] - restartPolicy: Never diff --git a/apps/gitea/values.yaml b/apps/gitea/values.yaml deleted file mode 100644 index aef81ae..0000000 --- a/apps/gitea/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -clusterDomain: c2.k8s.ooo -email: technik@ungleich.ch -letsencryptStaging: "yes" - -# This is how the service and the data volumes are named - i.e. the -# persistent thing -identifier: "{{ .Release.Name }}" -fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"