402 lines
13 KiB
YAML
402 lines
13 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: app-ini
|
|
namespace: gitea
|
|
data:
|
|
# file-like keys
|
|
app.ini: |
|
|
APP_NAME = Gitea: Undercloud Code Repository
|
|
RUN_MODE = prod
|
|
RUN_USER = git
|
|
|
|
[repository]
|
|
ROOT = /data/git/repositories
|
|
ENABLE_PUSH_CREATE_USER=true
|
|
ENABLE_PUSH_CREATE_ORG=true
|
|
ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET=false
|
|
|
|
[repository.local]
|
|
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
|
|
|
|
[repository.upload]
|
|
TEMP_PATH = /data/gitea/uploads
|
|
|
|
[server]
|
|
APP_DATA_PATH = /data/gitea
|
|
DOMAIN = localhost
|
|
SSH_DOMAIN = localhost
|
|
HTTP_PORT = 3000
|
|
ROOT_URL = https://gitea.apps.undercloud.dev/
|
|
DISABLE_SSH = false
|
|
SSH_PORT = 22
|
|
SSH_LISTEN_PORT = 22
|
|
LFS_START_SERVER = true
|
|
LFS_JWT_SECRET = LvgbTqg7kmthqjp39gQcTr1nhNgi13A7CNAPOmZHeAc
|
|
OFFLINE_MODE = false
|
|
|
|
[database]
|
|
PATH = /data/gitea/gitea.db
|
|
DB_TYPE = sqlite3
|
|
HOST = localhost:3306
|
|
NAME = gitea
|
|
USER = root
|
|
PASSWD =
|
|
LOG_SQL = false
|
|
SCHEMA =
|
|
SSL_MODE = disable
|
|
CHARSET = utf8
|
|
|
|
[indexer]
|
|
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
|
|
|
[session]
|
|
PROVIDER_CONFIG = /data/gitea/sessions
|
|
PROVIDER = file
|
|
|
|
[picture]
|
|
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
|
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
|
ENABLE_FEDERATED_AVATAR = false
|
|
|
|
[attachment]
|
|
PATH = /data/gitea/attachments
|
|
|
|
[log]
|
|
MODE = console
|
|
LEVEL = info
|
|
ROUTER = console
|
|
ROOT_PATH = /data/gitea/log
|
|
|
|
[security]
|
|
INSTALL_LOCK = true
|
|
SECRET_KEY =
|
|
REVERSE_PROXY_LIMIT = 1
|
|
REVERSE_PROXY_TRUSTED_PROXIES = *
|
|
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzI2MTA0MzB9.MnlX0rQXUl9QQTc2Hy878Tp2SqKRCDwcl9Y6rX2d4t0
|
|
PASSWORD_HASH_ALGO = pbkdf2
|
|
|
|
[service]
|
|
DISABLE_REGISTRATION = false
|
|
REQUIRE_SIGNIN_VIEW = false
|
|
REGISTER_EMAIL_CONFIRM = false
|
|
ENABLE_NOTIFY_MAIL = false
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
|
ENABLE_CAPTCHA = false
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
|
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
|
DEFAULT_ENABLE_TIMETRACKING = true
|
|
NO_REPLY_ADDRESS = noreply.localhost
|
|
|
|
[lfs]
|
|
PATH = /data/git/lfs
|
|
|
|
[mailer]
|
|
ENABLED = false
|
|
|
|
[openid]
|
|
ENABLE_OPENID_SIGNIN = true
|
|
ENABLE_OPENID_SIGNUP = true
|
|
|
|
[repository.pull-request]
|
|
DEFAULT_MERGE_STYLE = merge
|
|
|
|
[repository.signing]
|
|
DEFAULT_TRUST_MODEL = committer
|
|
|
|
[metrics]
|
|
ENABLED=true
|
|
|
|
[migrations]
|
|
ALLOW_LOCALNETWORKS = true
|
|
ALLOWED_DOMAINS = *.undercloud.local, *.undercloud.dev
|
|
BLOCKED_DOMAINS =
|
|
|
|
[mirror]
|
|
ENABLED = true
|
|
DISABLE_NEW_PUSH = false
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: startup
|
|
namespace: gitea
|
|
data:
|
|
startup.sh: |
|
|
#!/bin/sh
|
|
echo "startup..."
|
|
if test ! -f "/data/startup.ran"; then
|
|
echo "waiting 60s for startup..."
|
|
sleep 60s
|
|
echo "writing pw to files"
|
|
echo $SHODAN_PW > /data/shodan.pw
|
|
echo $ARGOCD_PW > /data/argocd.pw
|
|
echo $GITEA_PW > /data/gitea.pw
|
|
echo "creating users..."
|
|
echo $ARGOCD_PW
|
|
su git -c 'echo $ARGOCD_PW'
|
|
su git -c 'SHODAN_PW=`cat /data/shodan.pw` && gitea admin user create --username shodan --admin --password $SHODAN_PW --email thrawn235@gmail.com'
|
|
su git -c 'ARGOCD_PW=`cat /data/argocd.pw` && gitea admin user create --username argocd --password $ARGOCD_PW --email argocd@undercloud.local --must-change-password=false'
|
|
su git -c 'GITEA_PW=`cat /data/gitea.pw` && gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.local. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password $GITEA_PW --attributes-in-bind --firstname-attribute cn --surname-attribute sn'
|
|
|
|
sleep 30s
|
|
echo "wget tea..."
|
|
wget http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/tea
|
|
#echo "wget ctea..."
|
|
#wget https://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/ctea
|
|
chmod +x tea
|
|
#chmod +x ctea
|
|
|
|
#echo "using tea to create login..."
|
|
#./tea login add --url http://localhost:3000 -i --user shodan --password $SHODAN_PW
|
|
#./tea login default localhost:3000
|
|
|
|
echo "creating Undercloud organisation"
|
|
sleep 30s
|
|
#./tea organization create Undercloud
|
|
#./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateOrg Undercloud
|
|
curl -s -u "shodan:$SHODAN_PW" \
|
|
-H 'Content-Type: application/json' \
|
|
-X POST http://localhost:3000/api/v1/orgs \
|
|
-d '{"username":"Undercloud","full_name":"Undercloud"}'
|
|
sleep 5s
|
|
|
|
echo "creating undercloud team"
|
|
#./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateTeam undercloud undercloud
|
|
#sleep 5s
|
|
#echo "add argocd to undercloud team"
|
|
#./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddUserToTeam undercloud undercloud argocd
|
|
|
|
sleep 5s
|
|
# create team "Undercloud" in org "undercloud"
|
|
curl -s -u "shodan:$SHODAN_PW" -H 'Content-Type: application/json' \
|
|
-X POST http://localhost:3000/api/v1/orgs/undercloud/teams \
|
|
-d '{"name":"Undercloud","permission":"write","includes_all_repositories":false,
|
|
"units":["repo.code","repo.issues","repo.pulls","repo.releases","repo.wiki","repo.projects"]}'
|
|
|
|
# get team id without jq
|
|
TEAM_ID=$(
|
|
curl -s -u "shodan:$SHODAN_PW" \
|
|
"http://localhost:3000/api/v1/orgs/undercloud/teams/search?q=Undercloud&limit=1" |
|
|
sed -n 's/.*"id":\([0-9][0-9]*\).*/\1/p'
|
|
)
|
|
|
|
# add user argocd to that team
|
|
curl -s -u "shodan:$SHODAN_PW" -X PUT \
|
|
"http://localhost:3000/api/v1/teams/${TEAM_ID}/members/argocd"
|
|
|
|
|
|
|
|
|
|
echo "cloning k8s-apps"
|
|
#execline-cd /data git clone http://git.undercloud.local:3000/undercloud/k8s-apps.git
|
|
execline-cd /data git clone "http://shodan:${SHODAN_PW}@git.undercloud.local:3000/Undercloud/k8s-apps.git"
|
|
|
|
execline-cd /data/k8s-apps rm -Rf .git
|
|
execline-cd /data/k8s-apps git init
|
|
execline-cd /data/k8s-apps git config --global user.email "thrawn235@gmail.com"
|
|
execline-cd /data/k8s-apps git config --global user.name "shodan"
|
|
execline-cd /data/k8s-apps git add .
|
|
execline-cd /data/k8s-apps git commit -m "upload"
|
|
echo "push k8s-apps to localhost"
|
|
execline-cd /data/k8s-apps git push http://shodan:$SHODAN_PW@localhost:3000/Undercloud/k8s-apps.git --all
|
|
echo "delete local copy..."
|
|
#execline-cd /data rm -Rf k8s-apps
|
|
|
|
echo "create PushMirror.."
|
|
#./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror Undercloud k8s-apps "http://git.undercloud.local:3000/Undercloud/k8s-apps.git" shodan $SHODAN_PW 1h0m0s
|
|
|
|
# Add push mirror to Undercloud/k8s-apps
|
|
curl -sS -u "shodan:${SHODAN_PW}" \
|
|
-H 'Content-Type: application/json' \
|
|
-X POST http://localhost:3000/api/v1/repos/Undercloud/k8s-apps/push_mirrors \
|
|
-d '{"remote_address":"http://git.undercloud.local:3000/Undercloud/k8s-apps.git","remote_username":"shodan","remote_password":"'"$SHODAN_PW"'","interval":"1h0m0s","sync_on_commit":true}'
|
|
|
|
# optional: trigger immediate sync of all push mirrors for this repo
|
|
# curl -sS -u "shodan:${SHODAN_PW}" -X POST http://localhost:3000/api/v1/repos/Undercloud/k8s-apps/push_mirrors-sync
|
|
|
|
|
|
echo "cloning assets"
|
|
execline-cd /data git clone "http://shodan:${SHODAN_PW}@git.undercloud.local:3000/Undercloud/assets.git"
|
|
|
|
execline-cd /data/assets rm -Rf .git
|
|
execline-cd /data/assets git init
|
|
execline-cd /data/assets git config --global user.email "thrawn235@gmail.com"
|
|
execline-cd /data/assets git config --global user.name "shodan"
|
|
execline-cd /data/assets git add .
|
|
execline-cd /data/assets git commit -m "upload"
|
|
echo "push assets to localhost"
|
|
execline-cd /data/assets git push http://shodan:$SHODAN_PW@localhost:3000/Undercloud/assets.git --all
|
|
echo "delete local copy..."
|
|
#execline-cd /data rm -Rf assets
|
|
|
|
echo "create PushMirror.."
|
|
# Add push mirror to Undercloud/assets
|
|
curl -sS -u "shodan:${SHODAN_PW}" \
|
|
-H 'Content-Type: application/json' \
|
|
-X POST http://localhost:3000/api/v1/repos/Undercloud/assets/push_mirrors \
|
|
-d '{"remote_address":"http://git.undercloud.local:3000/Undercloud/assets.git","remote_username":"shodan","remote_password":"'"$SHODAN_PW"'","interval":"1h0m0s","sync_on_commit":true}'
|
|
|
|
|
|
echo "create startup.ran file..."
|
|
touch /data/startup.ran
|
|
else
|
|
echo "startup ran already!"
|
|
fi
|
|
echo "startup done."
|
|
#exit 123
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: gitea
|
|
namespace: gitea
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 32Gi
|
|
storageClassName: cephfs-hyper
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: gitea
|
|
namespace: gitea
|
|
labels:
|
|
app: gitea
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: gitea
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: gitea
|
|
spec:
|
|
initContainers:
|
|
- name: copyappini
|
|
image: gitea/gitea:1.19
|
|
command: ["bash", "-c", "mkdir -p /data/gitea/conf && cp -f /copy/app.ini /data/gitea/conf/app.ini"]
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: data
|
|
- mountPath: /copy
|
|
name: app-ini
|
|
containers:
|
|
- name: gitea
|
|
image: gitea/gitea:1.19
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 3000
|
|
- containerPort: 22
|
|
lifecycle:
|
|
postStart:
|
|
exec:
|
|
command:
|
|
- "/bin/startup.sh"
|
|
env:
|
|
- name: USER_UID
|
|
value: "1000"
|
|
- name: USER_GID
|
|
value: "1000"
|
|
- name: GITEA__database__DB_TYPE
|
|
value: mysql
|
|
- name: GITEA__database__HOST
|
|
value: db:3306
|
|
- name: GITEA__database__NAME
|
|
value: gitea
|
|
- name: GITEA__database__USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-db
|
|
key: username
|
|
optional: false
|
|
- name: GITEA__database__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-db
|
|
key: user.pw
|
|
optional: false
|
|
- name: SHODAN_PW
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: shodan
|
|
key: pw
|
|
optional: false
|
|
- name: ARGOCD_PW
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: argocd-user
|
|
key: pw
|
|
optional: false
|
|
- name: GITEA_PW
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-user
|
|
key: pw
|
|
optional: false
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /api/healthz
|
|
port: http
|
|
initialDelaySeconds: 200
|
|
timeoutSeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 10
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: data
|
|
- mountPath: /bin/startup.sh
|
|
name: startup
|
|
subPath: startup.sh
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: gitea
|
|
readOnly: false
|
|
- name: app-ini
|
|
configMap:
|
|
name: app-ini
|
|
items:
|
|
- key: "app.ini"
|
|
path: "app.ini"
|
|
- name: startup
|
|
configMap:
|
|
name: startup
|
|
defaultMode: 0700
|
|
items:
|
|
- key: "startup.sh"
|
|
path: "startup.sh"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: gitea
|
|
namespace: gitea
|
|
labels:
|
|
app: gitea
|
|
spec:
|
|
internalTrafficPolicy: Cluster
|
|
ipFamilies:
|
|
- IPv6
|
|
- IPv4
|
|
ipFamilyPolicy: PreferDualStack
|
|
ports:
|
|
- name: http
|
|
port: 3000
|
|
protocol: TCP
|
|
targetPort: 3000
|
|
- name: ssh
|
|
port: 22
|
|
protocol: TCP
|
|
targetPort: 22
|
|
selector:
|
|
app: gitea
|
|
sessionAffinity: None
|
|
type: ClusterIP
|