SYS-616 add gitea helm chart with git-dump updates (#147)

instantlinux · Feb 29, 2024 · 74aff01 · 74aff01
1 parent fbe4fbe
commit 74aff01
Show file tree

Hide file tree

Showing 15 changed files with 222 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -48,7 +48,7 @@ The cluster-deployment tools here include helm charts and ansible playbooks to s
 | Service | Version | Notes |
 | --- | --- | --- |
 | artifactory | ** | binary repo |
-| gitlab | ** | CI server and git repo |
+| gitea | ** | git repo |
 | admin-git | [![](https://img.shields.io/docker/v/instantlinux/git-pull?sort=date)](https://hub.docker.com/r/instantlinux/git-pull "Version badge") | sync git repo across swarm |
 | jira | ** | ticket tracking |
 | mariadb-galera | [![](https://img.shields.io/docker/v/instantlinux/mariadb-galera?sort=date)](https://hub.docker.com/r/instantlinux/mariadb-galera "Version badge") | automatic cluster setup|

diff --git a/images/git-dump/Dockerfile b/images/git-dump/Dockerfile
@@ -11,8 +11,10 @@ ENV API_TOKEN_SECRET= \
     DEST_DIR=/var/backup/git \
     HOUR=0 MINUTE=45 \
     KEEP_DAYS=31 \
+    ORG= \
     [email protected]:instantlinux/ \
     REPOS= \
+    SCM_TYPE=github \
     SSHKEY_SECRET=git-dump_sshkey \
     SSH_PORT=22 \
     USERNAME=git-dump \

diff --git a/images/git-dump/README.md b/images/git-dump/README.md
@@ -48,8 +48,10 @@ These variables can be passed to the image from kubernetes.yaml or docker-compos
 | HOUR | 0 |cron-syntax backup hour |
 | KEEP_DAYS | 31 | days of snapshots to keep |
 | MINUTE | 45 | cron-syntax minutes past hour |
+| ORG | | org in SCM |
 | REPO_PREFIX | [email protected]:instantlinux/ | prefix for each repository URI |
 | REPOS | | repository URIs to back up |
+| SCM_TYPE | github | type - github, gitlab, or gitea |
 | SSHKEY_SECRET | git-dump_sshkey | docker secret name as below |
 | SSH_PORT | 22 | TCP port of git service |
 | TZ | UTC | time zone |

diff --git a/images/git-dump/entrypoint.sh b/images/git-dump/entrypoint.sh
@@ -23,7 +23,7 @@ Host *
  Port $SSH_PORT
 EOF
   if [ ! -z "$REPO_PREFIX" ]; then
-    SSH_HOST=$(echo $REPO_PREFIX | cut -d@ -f 2 | cut -d: -f 1)
+    SSH_HOST=$(echo $REPO_PREFIX | cut -d@ -f 2 | cut -d/ -f 1| cut -d: -f 1)
     RETRIES=10
     while [ ! -s /tmp/sshkey ]; do
       sleep 5

diff --git a/images/git-dump/git-dump.sh b/images/git-dump/git-dump.sh
@@ -31,8 +31,6 @@ ERROR_STATE=0
 [ -e /etc/opt/git-dump ] && source /etc/opt/git-dump
 log_entry info status=START
 
-API_VERSION=v4
-
 # Dumps will be kept in directories named as day of week or
 # day of month if 31 or less; else combine month+day if longer
 
@@ -47,11 +45,30 @@ else
 fi
 
 if [ ! -z "$API_TOKEN_SECRET" ] && [ -e /run/secrets/$API_TOKEN_SECRET ]; then
-  SSH_HOST=$(echo $REPO_PREFIX | cut -d@ -f 2 | cut -d: -f 1)
+  SSH_HOST=$(echo $REPO_PREFIX | cut -d@ -f 2 | cut -d/ -f 1 | cut -d: -f 1)
   TOKEN=$(cat /run/secrets/$API_TOKEN_SECRET)
-  curl -s -k --header "PRIVATE-TOKEN: $TOKEN" \
-    https://$SSH_HOST/api/$API_VERSION/projects > /tmp/projects.json
-  ITEMS=$(jq -r .[].name /tmp/projects.json | sort)
+  if [ $SCM_TYPE == github ]; then
+    API_VERSION=v3
+    API_PATH=repo
+    AUTH_HEADER='Authorization: token'
+    RESULT_PATH='.[].name'
+    # TODO github not yet working
+  elif [ $SCM_TYPE == gitlab ]; then
+    API_VERSION=v4
+    API_PATH=projects
+    AUTH_HEADER=PRIVATE-TOKEN:
+    RESULT_PATH='.[].name'
+  elif [ $SCM_TYPE == gitea ]; then
+    API_VERSION=v1
+    API_PATH=repos/search
+    AUTH_HEADER='Authorization: token'
+    RESULT_PATH='.data[].full_name'
+    [[ $REPO_PREFIX = git@* ]] && REPO_PREFIX=ssh://$REPO_PREFIX
+  fi
+
+  curl -s -k --header "$AUTH_HEADER $TOKEN" \
+    https://$SSH_HOST/api/$API_VERSION/$API_PATH > /tmp/projects.json
+  ITEMS=$(jq -r $RESULT_PATH /tmp/projects.json | sort)
 else
   ITEMS=$@
 fi

diff --git a/k8s/helm/gitea/.helmignore b/k8s/helm/gitea/.helmignore
@@ -0,0 +1,2 @@
+*~
+.git
diff --git a/k8s/helm/gitea/Chart.yaml b/k8s/helm/gitea/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: gitea
+description: Gitea source code management
+home: https://github.com/instantlinux/docker-tools
+sources:
+- https://github.com/instantlinux/docker-tools
+- https://github.com/go-gitea/gitea
+type: application
+version: 0.1.0
+appVersion: 1.21.7-rootless
+dependencies:
+- name: chartlib
+  version: 0.1.8
+  repository: https://instantlinux.github.io/docker-tools
diff --git a/k8s/helm/gitea/templates/NOTES.txt b/k8s/helm/gitea/templates/NOTES.txt
@@ -0,0 +1,28 @@
+{{- if hasKey .Values "service" }}
+{{- if or .Values.service.enabled (not (hasKey .Values.service "enabled")) }}
+1. Get the application URL by running these commands:
+{{- if hasKey .Values "ingress" }}
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "local.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "local.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "local.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "local.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/k8s/helm/gitea/templates/app.yaml b/k8s/helm/gitea/templates/app.yaml
@@ -0,0 +1,15 @@
+{{- include "chartlib.configmap" . }}
+---
+{{- include "chartlib.deployment" . }}
+---
+{{- include "chartlib.hpa" . }}
+---
+{{- include "chartlib.ingress" . }}
+---
+{{- include "chartlib.ingresstotp" . }}
+---
+{{- include "chartlib.service" . }}
+---
+{{- include "chartlib.serviceaccount" . }}
+---
+{{- include "chartlib.statefulset" . }}
diff --git a/k8s/helm/gitea/templates/service-nodeport.yaml b/k8s/helm/gitea/templates/service-nodeport.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "local.fullname" . }}-nodeport
+  labels:
+    {{- include "local.labels" . | nindent 4 }}
+spec:
+  type: NodePort
+  ports:
+  - { port: 2222, nodePort: {{ .Values.nodeportSSH }}, name: ssh }
+  selector:
+    {{- include "local.selectorLabels" . | nindent 4 }}
diff --git a/k8s/helm/gitea/templates/tests/test-connection.yaml b/k8s/helm/gitea/templates/tests/test-connection.yaml
@@ -0,0 +1,17 @@
+{{- if hasKey .Values "service" }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "local.fullname" . }}-test-connection"
+  labels:
+    {{- include "local.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "local.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
+{{- end }}
diff --git a/k8s/helm/gitea/values.yaml b/k8s/helm/gitea/values.yaml
@@ -0,0 +1,83 @@
+# Default values for gitea.
+tlsHostname: gitea.example.com
+nodeportSSH: 30999
+deployment:
+  env:
+    gitea__database__host: "db00:3306"
+    gitea__database__name: gitea
+    gitea__database__user: gitea
+    gitea__mailer__from: [email protected]
+    gitea__mailer__protocol: smtp
+    gitea__mailer__smtp_addr: smtp
+    gitea__service__disable_registration: "false"
+    gitea__service__require_signin_view: "true"
+    tz: UTC
+    # runAsUser unsupported - leave these at default
+    user_gid: 1000
+    user_uid: 1000
+  xenv:
+  - name: gitea__database__passwd
+    valueFrom:
+      secretKeyRef:
+        key: gitea-db-password
+        name: gitea-db-password
+  containerPorts:
+  - containerPort: 2222
+  - containerPort: 3000
+  livenessProbe:
+    httpGet:
+      path: /api/healthz
+      port: http
+    initialDelaySeconds: 200
+    timeoutSeconds: 5
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 10
+  nodeSelector:
+    service.gitea: allow
+  resources:
+    limits:
+      memory: 2048Mi
+    requests:
+      cpu: 300m
+      memory: 128Mi
+volumeMounts:
+- mountPath: /var/lib/gitea
+  name: data
+  subPath: data
+- mountPath: /etc/gitea
+  name: data
+  subPath: etc
+  # readOnly: true
+volumes:
+- name: data
+  hostPath: { path: /var/lib/docker/k8s-volumes/share/gitea }
+
+image:
+  repository: gitea/gitea
+  pullPolicy: IfNotPresent
+  # tag: default
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount: {}
+service:
+service:
+  clusterIP: None
+  ports:
+  - { port: 80, targetPort: 3000, name: gitea }
+  - { port: 8999, targetPort: 2222, name: ssh }
+  type: ClusterIP
+autoscaling:
+  enabled: false
+
+authelia:
+  fqdn: authtotp.example.com
+  ip: 10.101.1.5
+  path: /user/login
+ingress:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/enable-access-log: "false"
diff --git a/k8s/helm/gitlab/Chart.yaml b/k8s/helm/gitlab/Chart.yaml
@@ -7,7 +7,16 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://gitlab.com/gitlab-org/gitlab
 type: application
-version: 0.1.9
+version: 0.1.10
+############################
+##
+##
+##
+# Held back - No longer using GitLab - see the gitea helm chart instead
+##
+##
+##
+############################
 appVersion: "16.6.2-ce.0"
 dependencies:
 - name: chartlib

diff --git a/k8s/helm/gitlab/values.yaml b/k8s/helm/gitlab/values.yaml
@@ -1,4 +1,13 @@
 # Default values for gitlab.
+############################
+##
+##
+##
+# No longer using GitLab - for self-hosted git, see the gitea helm chart
+##
+##
+##
+############################
 gitlab_shell:
   log_level: WARN
 nginx:

diff --git a/k8s/install/ingress-nginx.yaml b/k8s/install/ingress-nginx.yaml
@@ -271,7 +271,9 @@ metadata:
   name: ingress-tcp-services
   namespace: $K8S_NAMESPACE
 data:
-  $PORT_GITLAB_SSH: $K8S_NAMESPACE/gitlab:$PORT_GITLAB_SSH
+  ## TODO document this
+  # $PORT_GITLAB_SSH: $K8S_NAMESPACE/gitlab:$PORT_GITLAB_SSH
+  $PORT_GITLAB_SSH: $K8S_NAMESPACE/gitea:$PORT_GITLAB_SSH
   $PORT_POSTFIX_EXTERNAL: $K8S_NAMESPACE/postfix:$PORT_POSTFIX_EXTERNAL
   $PORT_DOVECOT_IMAPD: $K8S_NAMESPACE/dovecot:$PORT_DOVECOT_IMAPD
   $PORT_DOVECOT_IMAPS: $K8S_NAMESPACE/dovecot:$PORT_DOVECOT_IMAPS