apiVersion: v1 kind: ConfigMap metadata: name: app-ini namespace: gitea data: # file-like keys app.ini: | APP_NAME = Gitea: Undercloud Code Repository RUN_MODE = prod RUN_USER = git [repository] ROOT = /data/git/repositories ENABLE_PUSH_CREATE_USER=true ENABLE_PUSH_CREATE_ORG=true ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET=false [repository.local] LOCAL_COPY_PATH = /data/gitea/tmp/local-repo [repository.upload] TEMP_PATH = /data/gitea/uploads [server] APP_DATA_PATH = /data/gitea DOMAIN = localhost SSH_DOMAIN = localhost HTTP_PORT = 3000 ROOT_URL = https://gitea.apps.undercloud.dev/ DISABLE_SSH = false SSH_PORT = 22 SSH_LISTEN_PORT = 22 LFS_START_SERVER = true LFS_JWT_SECRET = LvgbTqg7kmthqjp39gQcTr1nhNgi13A7CNAPOmZHeAc OFFLINE_MODE = false [database] PATH = /data/gitea/gitea.db DB_TYPE = sqlite3 HOST = localhost:3306 NAME = gitea USER = root PASSWD = LOG_SQL = false SCHEMA = SSL_MODE = disable CHARSET = utf8 [indexer] ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve [session] PROVIDER_CONFIG = /data/gitea/sessions PROVIDER = file [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars ENABLE_FEDERATED_AVATAR = false [attachment] PATH = /data/gitea/attachments [log] MODE = console LEVEL = info ROUTER = console ROOT_PATH = /data/gitea/log [security] INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzI2MTA0MzB9.MnlX0rQXUl9QQTc2Hy878Tp2SqKRCDwcl9Y6rX2d4t0 PASSWORD_HASH_ALGO = pbkdf2 [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.localhost [lfs] PATH = /data/git/lfs [mailer] ENABLED = false [openid] ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNUP = true [repository.pull-request] DEFAULT_MERGE_STYLE = merge [repository.signing] DEFAULT_TRUST_MODEL = committer [metrics] ENABLED=true [migrations] ALLOW_LOCALNETWORKS = true ALLOWED_DOMAINS = *.undercloud.local, *.undercloud.dev BLOCKED_DOMAINS = [mirror] ENABLED = true DISABLE_NEW_PUSH = false --- apiVersion: v1 kind: ConfigMap metadata: name: startup namespace: gitea data: startup.sh: | #!/bin/sh echo "startup..." if test ! -f "/data/startup.ran"; then echo "waiting 60s for startup..." sleep 60s echo "writing pw to files" echo $SHODAN_PW > /data/shodan.pw echo $ARGOCD_PW > /data/argocd.pw echo $GITEA_PW > /data/gitea.pw echo "creating users..." echo $ARGOCD_PW su git -c 'echo $ARGOCD_PW' su git -c 'SHODAN_PW=`cat /data/shodan.pw` && gitea admin user create --username shodan --admin --password $SHODAN_PW --email thrawn235@gmail.com' su git -c 'ARGOCD_PW=`cat /data/argocd.pw` && gitea admin user create --username argocd --password $ARGOCD_PW --email argocd@undercloud.local --must-change-password=false' su git -c 'GITEA_PW=`cat /data/gitea.pw` && gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.local. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password $GITEA_PW --attributes-in-bind --firstname-attribute cn --surname-attribute sn' sleep 30s echo "wget tea..." wget http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/tea #echo "wget ctea..." #wget https://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/ctea chmod +x tea #chmod +x ctea #echo "using tea to create login..." #./tea login add --url http://localhost:3000 -i --user shodan --password $SHODAN_PW #./tea login default localhost:3000 echo "creating Undercloud organisation" sleep 30s #./tea organization create Undercloud #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateOrg Undercloud curl -s -u "shodan:$SHODAN_PW" \ -H 'Content-Type: application/json' \ -X POST http://localhost:3000/api/v1/orgs \ -d '{"username":"Undercloud","full_name":"Undercloud"}' sleep 5s echo "creating undercloud team" #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateTeam undercloud undercloud #sleep 5s #echo "add argocd to undercloud team" #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddUserToTeam undercloud undercloud argocd sleep 5s # create team "Undercloud" in org "undercloud" curl -s -u "shodan:$SHODAN_PW" -H 'Content-Type: application/json' \ -X POST http://localhost:3000/api/v1/orgs/undercloud/teams \ -d '{"name":"Undercloud","permission":"write","includes_all_repositories":false, "units":["repo.code","repo.issues","repo.pulls","repo.releases","repo.wiki","repo.projects"]}' # get team id without jq TEAM_ID=$( curl -s -u "shodan:$SHODAN_PW" \ "http://localhost:3000/api/v1/orgs/undercloud/teams/search?q=Undercloud&limit=1" | sed -n 's/.*"id":\([0-9][0-9]*\).*/\1/p' ) # add user argocd to that team curl -s -u "shodan:$SHODAN_PW" -X PUT \ "http://localhost:3000/api/v1/teams/${TEAM_ID}/members/argocd" echo "cloning k8s-apps" #execline-cd /data git clone http://git.undercloud.local:3000/undercloud/k8s-apps.git execline-cd /data git clone "http://shodan:${SHODAN_PW}@git.undercloud.local:3000/Undercloud/k8s-apps.git" execline-cd /data/k8s-apps rm -Rf .git execline-cd /data/k8s-apps git init -b main execline-cd /data/k8s-apps git config --global user.email "thrawn235@gmail.com" execline-cd /data/k8s-apps git config --global user.name "shodan" execline-cd /data/k8s-apps git add . execline-cd /data/k8s-apps git commit -m "upload" echo "push k8s-apps to localhost" execline-cd /data/k8s-apps git push http://shodan:$SHODAN_PW@localhost:3000/Undercloud/k8s-apps.git --all echo "delete local copy..." #execline-cd /data rm -Rf k8s-apps echo "create PushMirror.." #./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror Undercloud k8s-apps "http://git.undercloud.local:3000/Undercloud/k8s-apps.git" shodan $SHODAN_PW 1h0m0s # Add push mirror to Undercloud/k8s-apps curl -sS -u "shodan:${SHODAN_PW}" \ -H 'Content-Type: application/json' \ -X POST http://localhost:3000/api/v1/repos/Undercloud/k8s-apps/push_mirrors \ -d '{"remote_address":"http://git.undercloud.local:3000/Undercloud/k8s-apps.git","remote_username":"shodan","remote_password":"'"$SHODAN_PW"'","interval":"1h0m0s","sync_on_commit":true}' # optional: trigger immediate sync of all push mirrors for this repo # curl -sS -u "shodan:${SHODAN_PW}" -X POST http://localhost:3000/api/v1/repos/Undercloud/k8s-apps/push_mirrors-sync echo "cloning assets" execline-cd /data git clone "http://shodan:${SHODAN_PW}@git.undercloud.local:3000/Undercloud/assets.git" execline-cd /data/assets rm -Rf .git execline-cd /data/assets git init -b main execline-cd /data/assets git config --global user.email "thrawn235@gmail.com" execline-cd /data/assets git config --global user.name "shodan" execline-cd /data/assets git add . execline-cd /data/assets git commit -m "upload" echo "push assets to localhost" execline-cd /data/assets git push http://shodan:$SHODAN_PW@localhost:3000/Undercloud/assets.git --all echo "delete local copy..." #execline-cd /data rm -Rf assets echo "create PushMirror.." # Add push mirror to Undercloud/assets curl -sS -u "shodan:${SHODAN_PW}" \ -H 'Content-Type: application/json' \ -X POST http://localhost:3000/api/v1/repos/Undercloud/assets/push_mirrors \ -d '{"remote_address":"http://git.undercloud.local:3000/Undercloud/assets.git","remote_username":"shodan","remote_password":"'"$SHODAN_PW"'","interval":"1h0m0s","sync_on_commit":true}' echo "create startup.ran file..." touch /data/startup.ran else echo "startup ran already!" fi echo "startup done." #exit 123 --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitea namespace: gitea spec: accessModes: - ReadWriteMany resources: requests: storage: 32Gi storageClassName: cephfs-hyper --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea namespace: gitea labels: app: gitea spec: replicas: 1 selector: matchLabels: app: gitea template: metadata: labels: app: gitea spec: initContainers: - name: copyappini image: gitea/gitea:1.19 command: ["bash", "-c", "mkdir -p /data/gitea/conf && cp -f /copy/app.ini /data/gitea/conf/app.ini"] volumeMounts: - mountPath: /data name: data - mountPath: /copy name: app-ini containers: - name: gitea image: gitea/gitea:1.19 imagePullPolicy: IfNotPresent ports: - containerPort: 3000 - containerPort: 22 lifecycle: postStart: exec: command: - "/bin/startup.sh" env: - name: USER_UID value: "1000" - name: USER_GID value: "1000" - name: GITEA__database__DB_TYPE value: mysql - name: GITEA__database__HOST value: db:3306 - name: GITEA__database__NAME value: gitea - name: GITEA__database__USER valueFrom: secretKeyRef: name: gitea-db key: username optional: false - name: GITEA__database__PASSWD valueFrom: secretKeyRef: name: gitea-db key: user.pw optional: false - name: SHODAN_PW valueFrom: secretKeyRef: name: shodan key: pw optional: false - name: ARGOCD_PW valueFrom: secretKeyRef: name: argocd-user key: pw optional: false - name: GITEA_PW valueFrom: secretKeyRef: name: gitea-user key: pw optional: false livenessProbe: httpGet: path: /api/healthz port: http initialDelaySeconds: 200 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 volumeMounts: - mountPath: /data name: data - mountPath: /bin/startup.sh name: startup subPath: startup.sh volumes: - name: data persistentVolumeClaim: claimName: gitea readOnly: false - name: app-ini configMap: name: app-ini items: - key: "app.ini" path: "app.ini" - name: startup configMap: name: startup defaultMode: 0700 items: - key: "startup.sh" path: "startup.sh" --- apiVersion: v1 kind: Service metadata: name: gitea namespace: gitea labels: app: gitea spec: internalTrafficPolicy: Cluster clusterIP: 2001:470:7116:f:1::111 clusterIPs: - 2001:470:7116:f:1::111 - 10.0.91.111 ipFamilies: - IPv6 - IPv4 ipFamilyPolicy: PreferDualStack ports: - name: http port: 3000 protocol: TCP targetPort: 3000 - name: ssh port: 22 protocol: TCP targetPort: 22 selector: app: gitea sessionAffinity: None type: ClusterIP