Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commit

Browse Source
This commit is contained in:
Gitea Root Administrator
2025-09-02 17:56:58 +02:00
parent a9bf77f872
commit 0da3ec3ed9
2 changed files with 72 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

143
gitea/gitea.yaml
View File

@@ -27,7 +27,7 @@ data:
DOMAIN = localhost DOMAIN = localhost
SSH_DOMAIN = localhost SSH_DOMAIN = localhost
HTTP_PORT = 3000 HTTP_PORT = 3000
ROOT_URL = https://gitea.undercloud.cf/ ROOT_URL = https://gitea.apps.undercloud.dev/
DISABLE_SSH = false DISABLE_SSH = false
SSH_PORT = 22 SSH_PORT = 22
SSH_LISTEN_PORT = 22 SSH_LISTEN_PORT = 22
@@ -115,93 +115,94 @@ metadata:
data: data:
startup.sh: | startup.sh: |
#!/bin/sh #!/bin/sh
echo "startup..." set -eu
if test ! -f "/data/startup.ran"; then
echo "waiting 60s for startup..." echo "startup..."
sleep 60s if [ ! -f /data/startup.ran ]; then
echo "writing pw to files" echo "waiting for gitea API..."
echo $SHODAN_PW > /data/shodan.pw for i in $(seq 1 60); do
echo $ARGOCD_PW > /data/argocd.pw if curl -sSf http://localhost:3000/api/v1/version >/dev/null 2>&1; then
echo $GITEA_PW > /data/gitea.pw break
echo "creating users..." fi
echo $ARGOCD_PW sleep 2
su git -c 'echo $ARGOCD_PW' done
su git -c 'SHODAN_PW=`cat /data/shodan.pw` && gitea admin user create --username shodan --admin --password $SHODAN_PW --email thrawn235@gmail.com'
su git -c 'ARGOCD_PW=`cat /data/argocd.pw` && gitea admin user create --username argocd --password $ARGOCD_PW --email argocd@undercloud.cf --must-change-password=false' echo "writing pw to files"
su git -c 'GITEA_PW=`cat /data/gitea.pw` && gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.cf. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password $GITEA_PW --attributes-in-bind --firstname-attribute cn --surname-attribute sn' printf '%s' "${SHODAN_PW:-}" > /data/shodan.pw
printf '%s' "${ARGOCD_PW:-}" > /data/argocd.pw
printf '%s' "${GITEA_PW:-}" > /data/gitea.pw
echo "creating users..."
su git -c 'SHODAN_PW=$(cat /data/shodan.pw); gitea admin user create --username shodan --admin --password "$SHODAN_PW" --email thrawn235@gmail.com || true'
su git -c 'ARGOCD_PW=$(cat /data/argocd.pw); gitea admin user create --username argocd --password "$ARGOCD_PW" --email argocd@undercloud.local --must-change-password=false || true'
su git -c 'GITEA_PW=$(cat /data/gitea.pw); gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.local. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password "$GITEA_PW" --attributes-in-bind --firstname-attribute cn --surname-attribute sn || true'
sleep 30s
echo "wget tea..."
wget http://aux-balancer.undercloud.cf.:3000/undercloud/kube-binaries/raw/branch/main/tea
echo "wget ctea..."
wget http://aux-balancer.undercloud.cf.:3000/undercloud/kube-binaries/raw/branch/main/ctea
chmod +x tea
chmod +x ctea
#echo "using tea to create login..."
#./tea login add --url http://localhost:3000 -i --user shodan --password $SHODAN_PW
#./tea login default localhost:3000
echo "creating undercloud organisation"
sleep 30s
#./tea organization create undercloud
./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateOrg undercloud
sleep 5s
echo "creating undercloud team"
./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateTeam undercloud undercloud
sleep 5s sleep 5s
API="http://localhost:3000/api/v1"
AUTH_USER="shodan"
AUTH_PASS="$(cat /data/shodan.pw)"
AUTH="-u ${AUTH_USER}:${AUTH_PASS}"
echo "create organization undercloud"
curl -sS $AUTH -H 'Content-Type: application/json' \
-X POST "$API/orgs" \
-d '{"username":"undercloud","full_name":"undercloud"}' || true
echo "create team undercloud"
curl -sS $AUTH -H 'Content-Type: application/json' \
-X POST "$API/orgs/undercloud/teams" \
-d '{"name":"undercloud","permission":"write","includes_all_repositories":false}' || true
echo "fetch team id"
TEAM_ID="$(curl -sS $AUTH "$API/orgs/undercloud/teams" \
| sed 's/},{/}\n{/g' | grep '"name":"undercloud"' \
| sed -n 's/.*"id":\([0-9][0-9]*\).*/\1/p' | head -n1)"
if [ -z "${TEAM_ID:-}" ]; then
echo "failed to determine TEAM_ID"; exit 1
fi
echo "TEAM_ID=$TEAM_ID"
echo "add argocd to undercloud team" echo "add argocd to undercloud team"
./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddUserToTeam undercloud undercloud argocd curl -sS $AUTH -X PUT "$API/teams/$TEAM_ID/members/argocd" >/dev/null || true
sleep 5s
echo "ensure repo undercloud/k8aux-apps exists"
curl -sS $AUTH -H 'Content-Type: application/json' \
-X POST "$API/orgs/undercloud/repos" \
-d '{"name":"k8aux-apps","private":false,"auto_init":false}' || true
echo "grant team access to repo"
curl -sS $AUTH -X PUT "$API/teams/$TEAM_ID/repos/undercloud/k8aux-apps" >/dev/null || true
echo "cloning k8aux-apps" echo "cloning k8aux-apps"
execline-cd /data git clone http://aux-balancer.undercloud.cf.:3000/undercloud/k8aux-apps.git execline-cd /data git clone http://git.undercloud.local:3000/undercloud/k8aux-apps.git
execline-cd /data/k8aux-apps rm -Rf .git execline-cd /data/k8aux-apps rm -Rf .git
execline-cd /data/k8aux-apps git init execline-cd /data/k8aux-apps git init
execline-cd /data/k8aux-apps git config --global user.email "thrawn235@gmail.com" execline-cd /data/k8aux-apps git config --global user.email "thrawn235@gmail.com"
execline-cd /data/k8aux-apps git config --global user.name "shodan" execline-cd /data/k8aux-apps git config --global user.name "shodan"
execline-cd /data/k8aux-apps git add . execline-cd /data/k8aux-apps git add .
execline-cd /data/k8aux-apps git commit -m "upload" execline-cd /data/k8aux-apps git commit -m "upload"
echo "push k8aux-apps to localhost" echo "push k8aux-apps to localhost"
execline-cd /data/k8aux-apps git push http://shodan:$SHODAN_PW@localhost:3000/undercloud/k8aux-apps.git --all execline-cd /data/k8aux-apps git push "http://shodan:${AUTH_PASS}@localhost:3000/undercloud/k8aux-apps.git" --all
echo "delete local copy..."
#execline-cd /data rm -Rf k8aux-apps echo "create push mirrors"
echo "create PushMirror.." for DST in \
./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror undercloud k8aux-apps "http://aux1.undercloud.cf.:3000/undercloud/k8aux-apps.git" shodan $SHODAN_PW 1h0m0s "http://git.undercloud.local:3000/undercloud/k8aux-apps.git"
./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror undercloud k8aux-apps "http://aux2.undercloud.cf.:3000/undercloud/k8aux-apps.git" shodan $SHODAN_PW 1h0m0s do
curl -sS $AUTH -H 'Content-Type: application/json' \
-X POST "$API/repos/undercloud/k8aux-apps/push_mirrors" \
-d "{\"remote_address\":\"${DST}\",\"remote_username\":\"shodan\",\"remote_password\":\"${AUTH_PASS}\",\"interval\":\"1h0m0s\",\"sync_on_commit\":false}" \
|| true
done
echo "create startup.ran file..." echo "create startup.ran file..."
touch /data/startup.ran touch /data/startup.ran
else else
echo "startup ran already!" echo "startup ran already!"
fi fi
echo "startup done." echo "startup done."
#exit 123
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: gitea
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.cephfs.csi.ceph.com
parameters:
# clusterID is the namespace where the rook cluster is running
# If you change this namespace, also change the namespace below where the secret namespaces are defined
clusterID: rook-ceph
# CephFS filesystem name into which the volume shall be created
fsName: gitea
# Ceph pool into which the volume shall be created
# Required for provisionVolume: "true"
pool: gitea-replicated
# The secrets contain Ceph admin credentials. These are generated automatically by the operator
# in the same namespace as the cluster.
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
reclaimPolicy: Delete
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@@ -214,7 +215,7 @@ spec:
resources: resources:
requests: requests:
storage: 32Gi storage: 32Gi
storageClassName: gitea storageClassName: cephfs-hyper
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment