undercloud-infrastructure/gitea/gitea.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-ini
  namespace: gitea
data:
  # file-like keys
  app.ini: |
    APP_NAME = Gitea: Undercloud Code Repository
    RUN_MODE = prod
    RUN_USER = git

    [repository]
    ROOT = /data/git/repositories
    ENABLE_PUSH_CREATE_USER=true
    ENABLE_PUSH_CREATE_ORG=true
    ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET=false

    [repository.local]
    LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

    [repository.upload]
    TEMP_PATH = /data/gitea/uploads

    [server]
    APP_DATA_PATH    = /data/gitea
    DOMAIN           = localhost
    SSH_DOMAIN       = localhost
    HTTP_PORT        = 3000
    ROOT_URL         = https://gitea.apps.undercloud.dev/
    DISABLE_SSH      = false
    SSH_PORT         = 22
    SSH_LISTEN_PORT  = 22
    LFS_START_SERVER = true
    LFS_JWT_SECRET   = LvgbTqg7kmthqjp39gQcTr1nhNgi13A7CNAPOmZHeAc
    OFFLINE_MODE     = false

    [database]
    PATH     = /data/gitea/gitea.db
    DB_TYPE  = sqlite3
    HOST     = localhost:3306
    NAME     = gitea
    USER     = root
    PASSWD   = 
    LOG_SQL  = false
    SCHEMA   = 
    SSL_MODE = disable
    CHARSET  = utf8

    [indexer]
    ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

    [session]
    PROVIDER_CONFIG = /data/gitea/sessions
    PROVIDER        = file

    [picture]
    AVATAR_UPLOAD_PATH            = /data/gitea/avatars
    REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
    ENABLE_FEDERATED_AVATAR       = false

    [attachment]
    PATH = /data/gitea/attachments

    [log]
    MODE      = console
    LEVEL     = info
    ROUTER    = console
    ROOT_PATH = /data/gitea/log

    [security]
    INSTALL_LOCK                  = true
    SECRET_KEY                    = 
    REVERSE_PROXY_LIMIT           = 1
    REVERSE_PROXY_TRUSTED_PROXIES = *
    INTERNAL_TOKEN                = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NzI2MTA0MzB9.MnlX0rQXUl9QQTc2Hy878Tp2SqKRCDwcl9Y6rX2d4t0
    PASSWORD_HASH_ALGO            = pbkdf2

    [service]
    DISABLE_REGISTRATION              = false
    REQUIRE_SIGNIN_VIEW               = false
    REGISTER_EMAIL_CONFIRM            = false
    ENABLE_NOTIFY_MAIL                = false
    ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
    ENABLE_CAPTCHA                    = false
    DEFAULT_KEEP_EMAIL_PRIVATE        = false
    DEFAULT_ALLOW_CREATE_ORGANIZATION = true
    DEFAULT_ENABLE_TIMETRACKING       = true
    NO_REPLY_ADDRESS                  = noreply.localhost

    [lfs]
    PATH = /data/git/lfs

    [mailer]
    ENABLED = false

    [openid]
    ENABLE_OPENID_SIGNIN = true
    ENABLE_OPENID_SIGNUP = true

    [repository.pull-request]
    DEFAULT_MERGE_STYLE = merge

    [repository.signing]
    DEFAULT_TRUST_MODEL = committer

    [metrics]
    ENABLED=true   
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: startup
  namespace: gitea
data:
  startup.sh: |
    #!/bin/sh
    echo "startup..."
    if test ! -f "/data/startup.ran"; then
      echo "waiting 60s for startup..."
      sleep 60s
      echo "writing pw to files"
      echo $SHODAN_PW > /data/shodan.pw
      echo $ARGOCD_PW > /data/argocd.pw
      echo $GITEA_PW > /data/gitea.pw
      echo "creating users..."
      echo $ARGOCD_PW
      su git -c 'echo $ARGOCD_PW' 
      su git -c 'SHODAN_PW=`cat /data/shodan.pw` && gitea admin user create --username shodan --admin --password $SHODAN_PW --email thrawn235@gmail.com'
      su git -c 'ARGOCD_PW=`cat /data/argocd.pw` && gitea admin user create --username argocd --password $ARGOCD_PW --email argocd@undercloud.local --must-change-password=false'
      su git -c 'GITEA_PW=`cat /data/gitea.pw` && gitea admin auth add-ldap --name ldap --security-protocol StartTLS --host ldap.undercloud.local. --port 389 --user-search-base "ou=users,dc=undercloud,dc=cf" --user-filter "(&(objectClass=person)(uid=%s))" --admin-filter "(&(memberOf=cn=gitea-admins,ou=groups,dc=undercloud,dc=cf))" --email-attribute mail --avatar-attribute jpegPhoto --synchronize-users --skip-tls-verify --username-attribute uid --bind-dn "cn=gitea,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf" --bind-password $GITEA_PW --attributes-in-bind --firstname-attribute cn --surname-attribute sn'

      sleep 30s
      echo "wget tea..."
      wget https://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/tea
      echo "wget ctea..."
      wget https://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/ctea
      chmod +x tea
      chmod +x ctea
      #echo "using tea to create login..."
      #./tea login add --url http://localhost:3000 -i --user shodan --password $SHODAN_PW
      #./tea login default localhost:3000
      echo "creating undercloud organisation"
      sleep 30s
      #./tea organization create undercloud
      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateOrg undercloud
      sleep 5s
      echo "creating undercloud team"
      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 CreateTeam undercloud undercloud
      sleep 5s
      echo "add argocd to undercloud team"
      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddUserToTeam undercloud undercloud argocd
      sleep 5s
      echo "cloning k8aux-apps"
      execline-cd /data git clone http://git.undercloud.local:3000/undercloud/k8aux-apps.git
      execline-cd /data/k8aux-apps rm -Rf .git
      execline-cd /data/k8aux-apps git init
      execline-cd /data/k8aux-apps git config --global user.email "thrawn235@gmail.com"
      execline-cd /data/k8aux-apps git config --global user.name "shodan"
      execline-cd /data/k8aux-apps git add .
      execline-cd /data/k8aux-apps git commit -m "upload"
      echo "push k8aux-apps to localhost"
      execline-cd /data/k8aux-apps git push http://shodan:$SHODAN_PW@localhost:3000/undercloud/k8aux-apps.git --all
      echo "delete local copy..."
      #execline-cd /data rm -Rf k8aux-apps
      echo "create PushMirror.."
      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror undercloud k8aux-apps "http://aux1.undercloud.cf.:3000/undercloud/k8aux-apps.git" shodan $SHODAN_PW 1h0m0s
      ./ctea --username shodan --password $SHODAN_PW --url http://localhost:3000 AddPushMirror undercloud k8aux-apps "http://aux2.undercloud.cf.:3000/undercloud/k8aux-apps.git" shodan $SHODAN_PW 1h0m0s
      echo "create startup.ran file..."
      touch /data/startup.ran
    else
      echo "startup ran already!"
    fi
    echo "startup done."
    #exit 123
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gitea
  namespace: gitea
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 32Gi
  storageClassName: cephfs-hyper
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea
  namespace: gitea
  labels:
    app: gitea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea
  template:
    metadata:
      labels:
        app: gitea
    spec:
      initContainers:
      - name: copyappini
        image: gitea/gitea:1.19
        command: ["bash", "-c", "mkdir -p /data/gitea/conf && cp -f /copy/app.ini /data/gitea/conf/app.ini"]
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /copy
          name: app-ini
      containers:
      - name: gitea
        image: gitea/gitea:1.19
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 3000
        - containerPort: 22
        #lifecycle:
        #    postStart:
        #      exec:
        #        command:
        #          - "/bin/startup.sh"
        env:
        - name: USER_UID
          value: "1000"
        - name: USER_GID
          value: "1000"
        - name: GITEA__database__DB_TYPE
          value: mysql
        - name: GITEA__database__HOST
          value: db:3306
        - name: GITEA__database__NAME
          value: gitea
        - name: GITEA__database__USER
          valueFrom:
            secretKeyRef:
              name: gitea-db
              key: username
              optional: false
        - name: GITEA__database__PASSWD
          valueFrom:
            secretKeyRef:
              name: gitea-db
              key: user.pw
              optional: false
        - name: SHODAN_PW
          valueFrom:
            secretKeyRef:
              name: shodan
              key: pw
              optional: false
        - name: ARGOCD_PW
          valueFrom:
            secretKeyRef:
              name: argocd-user
              key: pw
              optional: false
        - name: GITEA_PW
          valueFrom:
            secretKeyRef:
              name: gitea-user
              key: pw
              optional: false
        livenessProbe:
          httpGet:
            path: /api/healthz
            port: http
          initialDelaySeconds: 200
          timeoutSeconds: 5
          periodSeconds: 10
          successThreshold: 1
          failureThreshold: 10
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /bin/startup.sh
          name: startup
          subPath: startup.sh
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: gitea
          readOnly: false
      - name: app-ini
        configMap:
          name: app-ini
          items:
          - key: "app.ini"
            path: "app.ini"
      - name: startup
        configMap:
          name: startup
          defaultMode: 0700
          items:
          - key: "startup.sh"
            path: "startup.sh"
---
apiVersion: v1
kind: Service
metadata:
  name: gitea
  namespace: gitea
  labels:
    app: gitea
spec:
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv6
  - IPv4
  ipFamilyPolicy: PreferDualStack
  ports:
  - name: http
    port: 3000
    protocol: TCP
    targetPort: 3000
  - name: ssh
    port: 22
    protocol: TCP
    targetPort: 22
  selector:
    app: gitea
  sessionAffinity: None
  type: ClusterIP