feat(kubernetes): install github-mirror

This will replace `github-to-gitea-mirror`. Running in dry-run mode for now.
martinohmann · Jun 7, 2024 · 61d2878 · 61d2878
1 parent 35c0683
commit 61d2878
Show file tree

Hide file tree

Showing 5 changed files with 121 additions and 0 deletions.
diff --git a/kubernetes/main/apps/default/github-mirror/app/helmrelease.yaml b/kubernetes/main/apps/default/github-mirror/app/helmrelease.yaml
@@ -0,0 +1,65 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app github-mirror
+spec:
+  interval: 2h
+  chart:
+    spec:
+      chart: app-template
+      version: 3.2.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  dependsOn:
+    - name: gitea
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: uninstall
+  uninstall:
+    keepHistory: false
+  values:
+    controllers:
+      github-mirror:
+        type: cronjob
+        cronjob:
+          backoffLimit: 6
+          concurrencyPolicy: Forbid
+          failedJobsHistory: 1
+          schedule: '01 23 * * 4'
+          successfulJobsHistory: 0
+          suspend: false
+        containers:
+          app:
+            envFrom:
+              - secretRef:
+                  name: github-mirror
+            image:
+              repository: ghcr.io/martinohmann/scm-migrator
+              tag: latest@sha256:920ba60346b860aace1a57a9c28f92ecc18f89c8e9fa491a46083520ee781363
+            args:
+              - migrate
+              - github-to-gitea
+              - --gitea-url=https://git.18b.haus
+              - --exclude-forks
+              - --include='martinohmann/.*'
+              - --mirror-interval=12h
+              - --repo-owner=martinohmann-github-mirror
+    defaultPodOptions:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 568
+        runAsGroup: 568
+        fsGroup: 568
+        fsGroupChangePolicy: OnRootMismatch
+        seccompProfile:
+          type: RuntimeDefault
diff --git a/kubernetes/main/apps/default/github-mirror/app/kustomization.yaml b/kubernetes/main/apps/default/github-mirror/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./secret.sops.yaml
+  - ./helmrelease.yaml
diff --git a/kubernetes/main/apps/default/github-mirror/app/secret.sops.yaml b/kubernetes/main/apps/default/github-mirror/app/secret.sops.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: github-mirror
+stringData:
+    GITEA_TOKEN: ENC[AES256_GCM,data:wK5DiezSYhokpXju21D66NsOrh4dqWBSWsiUwoXxH3v1pYL2FR9Rvg==,iv:si5xTnBeoSm2TjuuLLTHOAkAYBntbqPn8GmLCxiRgQA=,tag:4aa+IM4nGBPqJwQbbLxEHQ==,type:str]
+    GITHUB_TOKEN: ENC[AES256_GCM,data:tsT00n1Fug4VPAlARfnkhnbkid/iTqXTWjqq1/ySd9fnCzxRpLM3ig==,iv:bZsqCzsa68l9xk7aDK+faC3Uk+FVr83sP9WMWvPa50s=,tag:wFxLt1gJslC07lebSBHGYQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1u79ltfzz5k79ddwgv59r76p2532xnaehzz7vggttctudr6gdkvhq33edn6
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6SHhyQ3c0dGlEelVhdEJh
+            ZUlOVkpvdGQwWmJhdVJhZTRuNEN2QzN3Rm5ZCm83aFBCRjBrZlNZdW54TTgrcTFk
+            Q0U1aWhtUERRcVNqUjBMNHd5UW4waDgKLS0tIGpFK0JuMWp2VEJFeVV3VUVtSnhp
+            RkhYalRqWC8weVJsTTFnb0FjaFJjajAKIGyngQRAzE5NendeTjuhov4NREGTJHow
+            n3mqTpNLEDX/yX8L88hUrNLAPeyjXHs/Nu54pxbragT/5BS/jvhPBw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-07T19:35:22Z"
+    mac: ENC[AES256_GCM,data:Q67M04PvUDvLoJrlpvkei3Y7ZJmgcGcIdz/11+j2U4F/romJHr3BuulBc/d6HMjU24dcC/SxkgKgeMjjwpkHA5eJqo6I8z8VNljw4TPcGTf8Aph5aO8CbBrHGsUorbhYbQ/eEOT5fuJ1U7OnWlw4AGjOzMJjw+z+3kTZSJkmn64=,iv:aGAAmS+MkDgrL/8XJB7QRkmpfpk9h+vRq/I8tgjf7+M=,tag:0mcpvE+wbl6Aa8fkJqjD2Q==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1
diff --git a/kubernetes/main/apps/default/github-mirror/ks.yaml b/kubernetes/main/apps/default/github-mirror/ks.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.18b.haus/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app github-mirror
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/main/apps/default/github-mirror/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 2h
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kubernetes/main/apps/default/kustomization.yaml b/kubernetes/main/apps/default/kustomization.yaml
@@ -6,6 +6,7 @@ resources:
   - ./namespace.yaml
   - ./external-apps/ks.yaml
   - ./gitea/ks.yaml
+  - ./github-mirror/ks.yaml
   - ./github-to-gitea-mirror/ks.yaml
   - ./go2rtc/ks.yaml
   - ./home-assistant/ks.yaml