remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 4 Packages Projects Releases Wiki Activity

big architectural shift to use gitea for most deployments

Browse Source
This commit is contained in:
Remy Moll
2023-12-08 20:32:00 +01:00
parent 504535c907
commit fe60755d53
34 changed files with 344 additions and 598 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
infrastructure/argocd-imageupdate/argocd-image-updater-config.configmap.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-image-updater-config
data:
git.commit-message-template: |
[CI SKIP] automatic update of {{ .AppName }}
{{ range .AppChanges -}}
updates image {{ .Image }} tag '{{ .OldTag }}' to '{{ .NewTag }}'
{{ end -}}

13
infrastructure/argocd-imageupdate/kustomization.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
# - https://github.com/argoproj-labs/argocd-image-updater/manifests/base
- https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/manifests/install.yaml
patchesStrategicMerge:
- argocd-image-updater-config.configmap.yaml

6
infrastructure/argocd/argo-apps.application.yaml
View File

@@ -6,8 +6,8 @@ metadata:
spec:
project: default
source:
repoURL: https://github.com/moll-re/k3s-infra.git
targetRevision: HEAD
repoURL: ssh://git@github.com:moll-re/bootstrap-k3s-infra.git
targetRevision: main
path: kluster-deployments
destination:
server: https://kubernetes.default.svc
@@ -15,4 +15,4 @@ spec:
syncPolicy:
automated:
prune: true
# selfHeal: true
# selfHeal: true

26
infrastructure/argocd/bootstrap-repo.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,26 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "bootstrap-repo",
"namespace": "argocd",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "bootstrap-repo",
"namespace": "argocd",
"creationTimestamp": null,
"labels": {
"argocd.argoproj.io/secret-type": "repository"
}
}
},
"encryptedData": {
"sshPrivateKey": "AgBHHe0LWnuOpQ+9LTItn8pWnga7J/n1x3EYTqh7m9nillUGXLkEeaduVW6dghaeoQ7QVIeVkPO7Vy3WqHMoZ7O8+cwP2pdy2jhIZy1VUyj56/AMSWOBBKyZpfpUMDnGpD8o8GPX4Ru66WDV5R7i4v7wuT7aYkeYLw3Kle3SOvjstTrsI93j2d328VJGb2f4Ci4bj4N87/L/AQcDh2EnAzPQ884CjwW9W3+1ihQZ85WNlryKaAB0Pl0Hvrq+Kmfaw4XFJnfWfzymzgvLjoDJ7SyYdKwX4yT0UjTl/cyCKcQgUgXlLOUCG/kEy42U/nXwBn9cRNwzd7R5laeCJzyks0Acm06JjUCvXNxUPEVQt0Jj1nlLOBR+dWqxQPFGwwA1eOs286I+kuOaR5l+5UVLrlqm64vcKIa/A5sSAAu3afjPY2XZ3ahJ0A8d3KGeTTKNOfXPxAu94oqG3fapDeSladcHlyINkrctGWaMG3e8x1Gn9l1cLeOs8gEXEBkUt/RADMtDC5vris3Xx8mCiRT43Y0x+ApGTZ6bmCNHaXphbB2hDzqKrHr570rr4fby/oDwxl65qydtaiapRto1s7QInkJLMR/ogoC653/7zsoofo3Uuh9Pvy4cx0kcDEhpi6I7Qzoa038blf0oqPwsUjNfmY/+fnf86CXCJDynZxy82d0PCqPbTp0HLFM+5//NA1556LXyJALDii4Gr0eBv5la+T2oZY5QPAyZm5Lh18ipyC/EtB6Xikmxsc0Q1e1k40DSMO728el+eKpNf5pgowaufuimh13vfUP3CzqGHVcexPTHQHe6l1LW4dSyxZJ2AJUiRDe4fZseyHk7qAlJrsfm1tRhXqEUmZnnUL1GNRWyp1icz2WztNou2u/XiO/tC9UBAGkmm4TnEV1N054pi9l5GyWkeZ02jZWtie0kXt/l0194nBzCsgLDW1nvIinX3wDCG7jBfhw7/ut0G/AyvIFgpIvs3jiIcuKgWiNczSwOjiH9wWuFL3jGJnnMdZ0XB7RJTtMmurpoqAfwQcuBmJJ0t2v/aJO0RA76bvEC4IkRUnhI3hoNseIdiVVr/0YfcSuvHLN92YgFGT57FmQrYPhZkbRbSBTIVT2/2ovNC/k++/FRHeGWTgUrpe9WFHusNJI9xOfvc4KhEqBiRjvoLH+c0UF5/t0C1et8uMkfPFOvRRkUyF4HgRhnA1MlzLuXjGc2At3+gy3TOGypbd9fwXE+wGBd/2EViJjMnIYvKLc=",
"type": "AgAL1BYxeqsLKWq6aHTCSc7PUGrcyX8X8DCn6xCP6cY+4VjmSD0B9/9wp56DWAPI+bpCRG0uEzgFofB7NdgB2HFnkMxDZeP0TzNhcGZSmXw2e7V89JHS5V/d1f63TDiYfU+Btbgap6P7dL4onfcp6DVzgJ/DMAF9dNAlfV23O9TooclWGRbJ2S5OcmFn/m88atledYnKEF6UOIUYOdwVUEC3DdC4zFhs53wA1KJBrgKNI2e/CsjCNBpM6hl2pCGguJJsEQSdmwDxBQ+juR+HYiacutdKCsDVpYwmNTmxiqUUyCW/i2SkIKoGKfo3RbsW/B0bne+cZPtWU5H2TJRThhMyrMaEwev4ijlT5yvKb5EybZ4Kf2ARxjgrkyRy+eEo93gIXb36fVM4Dahc8byRWLoJbYuDxzSbyrHP8VdFXAhqIiVrU0BGrUYdKBxUlh/8Ga2IlX4KSZm/9Fb9vC0GhCSKH2uYjBIvakOsRC3NreM53C/DHnzodRxom1mhaLAQk0OcD2EhpA3tRoIl0X32sLI2BC9TgS7NM/DNBgQRLefUUtz/cjw/h4D1DdA29iZbJdjefTDVj2PlypG/CU91nC1vnZKy2JcP+c066KQHcNPhYXyAyoaaxyM59XTNNdzsLaLKnnrPGz2VAW4UYu/WEblE8VcjNuXkKV0L4e3KZHVKdrJHFr0uKN28M8yQZyAihrq9Ejk=",
"url": "AgCP08jVVXsx9i7pj3Y7THiICavOZe3yJ5pB+TaphXthaQgnsqCGJ6QiK/7ibS+qc+K6XIP0GhEQL+uMk0/DCtxflYoBTTzCYodCdhXWUwInetegcfoyTPVbdStTbYyeFZ1drsdpAazUHrwyQ+imFUCyNw6UzCiEptyEM7xcmaAAGlj/7IFqgzJey/Qrt3Uwn/R7OtVQsHUUzp4ftXMajz9sNNNMbAAVN+W1e7UGdDmQjYvInCTR6ju4t//9WgnMp2jRpLT4kFFIgW4YuuBbZNp3kcFytGwdiiuguRvpfbI7wNS92zUWNI/AO7iCdgkba/hZ48gEM4GCbbFxp7/RRHSLQUaeuNZi/7NPYlx46A/GilA5/XwnXOwxWL8TG0HdLfU6UJwG62AILxxtisUtMrSyAQC0IO6zKDctK5j/uJ9LnpSzRcBChJ0SPaB6qye/MlOXjx+i7bkSNssq21aUCVYJgoBc5PfUU0i6msNlMHEH//yhGPnqU+wL+BKNTBGNxs/e1vNkl2ZwIGcaigViQX4/PsvoF/iMXJJTugQAKaamZDYZSzEIdZAcNX9QJzDYc++VvFNVZ4qAvfMtDSGQ/kWEwYFjQBPJ/+jziG9ZNua8OzKdOMovDNqzG2tmJhB4S6JEvw7N/41UTIy+52PQL15Cx+U5UYdrEutz88DsXht6wlW9zyfVWMRAOgkrQWu268rwYRU37XfXfrIJB0Znoz8khrDZMJTKuo8tkcCztxqMF0/xGYHY1vMoyVQg1FJcZ3uULsen"
}
}
}

2
infrastructure/argocd/known-hosts.configmap.yaml
View File

@@ -6,5 +6,7 @@ metadata:
app.kubernetes.io/part-of: argocd
name: argocd-ssh-known-hosts-cm
data:
# this is the fingerprint of the host key of git.kluster.moll.re
ssh_known_hosts: |
[git.kluster.moll.re]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTtII97BheLIPWTpxMLmuFGFb7C96kqdhf78x7yWhlu
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=

13
infrastructure/argocd/kustomization.yaml
View File

@@ -3,12 +3,13 @@ kind: Kustomization
namespace: argocd
resources:
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
- namespace.yaml
- ingress.yaml
- argo-apps.application.yaml
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
- namespace.yaml
- ingress.yaml
- argo-apps.application.yaml
- bootstrap-repo.sealedsecret.yaml
patches:
- path: known-hosts.configmap.yaml
- path: argocd.configmap.yaml
- path: known-hosts.configmap.yaml
- path: argocd.configmap.yaml

84
infrastructure/gitea/drone-kube-runner.deployment.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone-runner
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner
subjects:
- kind: ServiceAccount
name: drone-runner
roleRef:
kind: Role
name: drone-runner
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
labels:
app.kubernetes.io/name: drone-runner
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: drone-runner
template:
metadata:
labels:
app.kubernetes.io/name: drone-runner
spec:
serviceAccountName: drone-runner
containers:
- name: runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_HOST
value: drone-server:80
- name: DRONE_RPC_PROTO
value: http
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-server-secret
key: rpc_secret
- name: DRONE_NAMESPACE_DEFAULT
value: gitea
# - name: DRONE_NAMESPACE_RULES
# value: "drone-runner:*"
- name: DRONE_SERVICE_ACCOUNT_DEFAULT
value: drone-runner

124
infrastructure/gitea/drone-server.deployment.yaml Normal file
View File

@@ -0,0 +1,124 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server
labels:
app: drone-server
spec:
replicas: 1
selector:
matchLabels:
app: drone-server
template:
metadata:
labels:
app: drone-server
spec:
containers:
- name: drone
image: drone/drone:latest
env:
- name: DRONE_SERVER_PORT # because the deployment is called drone-server, override this var again!
value: ":80"
- name: DRONE_GITEA_SERVER
value: https://git.kluster.moll.re
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone-server-secret
key: client_id
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone-server-secret
key: client_secret
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-server-secret
key: rpc_secret
- name: DRONE_SERVER_HOST
value: drone.kluster.moll.re
- name: DRONE_SERVER_PROTO
value: https
resources:
requests:
memory: "1Gi"
cpu: 1.5
volumeMounts:
- mountPath: /data
name: drone-data-nfs
volumes:
- name: drone-data-nfs
persistentVolumeClaim:
claimName: drone-data-nfs
---
apiVersion: v1
kind: Service
metadata:
name: drone-server
labels:
app: drone-server
spec:
type: ClusterIP
ports:
- port: 80
name: http
selector:
app: drone-server
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: drone-server-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`drone.kluster.moll.re`)
kind: Rule
services:
- name: drone-server
port: 80
tls:
certResolver: default-tls
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: drone-data-nfs
labels:
directory: drone
spec:
# storageClassName: fast
capacity:
storage: "1Gi"
# volumeMode: Filesystem
accessModes:
- ReadWriteOnce
nfs:
path: /export/kluster/drone
server: 192.168.1.157
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: drone-data-nfs
spec:
# storageClassName: fast
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "1Gi"
selector:
matchLabels:
directory: drone

23
infrastructure/gitea/drone-server.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,23 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "drone-server-secret",
"namespace": "gitea",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "drone-server-secret",
"namespace": "gitea",
"creationTimestamp": null
}
},
"encryptedData": {
"client_id": "AgA53a7kGJ6zZcx2ooTvTNwxaW2FvfzHJnxg6co54+HXinTJKsc4+GJ1PtdIbsZ7Dgu/sLi/4X90fT+PT2sgEx9jIilmHPdJeRtwV1UID3Y46A7cJlfcAKwNOFzp2PWvBvizbNp7tbJwxeAYnVX8GfN6fi700QxBGqAI3u8qQvLpU6UGW2RM96gCXI7s1QhE1Le6TgoESy5HX95pB7csDRNSwVE02OWfDHKEjH8QD8UvBB9xct6uwDfu7KrsJiNJvWMP6arvpfhy/X+UtCTFmj5wmFYL7oc6vSiCkq+QyHgQTEHTmGpEjEGKcQxPQaus3KhbhcxQBYLMEMYRlLPH0AEAA4dzbSpoVXM3LuIe9FppgrTCknK1uRB8wyrHUeInWO8mG7UraV6m5PUS+UYODMvfjwY3PyiGhTSf6LgMlhMl8e+2rb+OsWphT8Pbeom33PucrYaRFr9RpQkJSwE6HU3JEh25YLfIJ7caqRND8C/p8kD679C8UMcNpBN8WS4Cswn5jzmwbeJNM5DGp9yQVZNx7Bv3dHzx9i3ShjJ6QQnR/zWJZ/dWLy6weGYmdZMMXRAO8CCdruvcX5YyeieXZfchSIlZ/GqqBHptdcLpwLiZsfmyTWeBvk5pMAsZaKJ1tfWpQ84s4epzMoieTfhTueGXmeRKX+DJBBcriU+5YoqNxpU1lPL+LoInorJSKN7c3ouFx78N3GDOCq7mlWI94lY0bIs5zhrfUN137ITCcED62AJ7vks=",
"client_secret": "AgDQXU7x6RLhE9Hc+goeR2+3rW316SLLLA8tfqx3tsykL+vxhRkY5UCEaak3Rgei0k14jB/Rmme+/O/D1/5tc/i885+sGn0yjU7Jo4L5nkIssUOHlmRSGkRJDb9ABPauFXAjap9KLix9bd8ewI7R0lS3tOK9ZhThYhcfDUqV9qkkbSHzwNptkH7gYWt9qzG/rqqqpFP+PCtjzKVve4LCBgaxetcnh1t+d5oh7VAFnSI9Bt1G/DRzi+K3YZ+YG5+XKevBp06GMiLUMiv/eUvmOfAB/KO79LnNVbOcRsAHfnqLbXgNjFzspr5xDiGMC/ma1245LavywqXDp0S9jjNEe48i51PPQMwHWV8XEovsM6LHcteluNogt+VkL4mOnmP+sba/V3NO51rt1WXl+ca+U4kBq4dLMsdpWUKemz9BlIRC4etEXjwKJ5DznT7u6GUTrXx2RCm1j0OYWM++P10SdyD6tGjKnZf88a33Wrwm8Y7c47JrPTlP4PqLq9gzvD310uVfs1vGYGULaToGy+D/th8qiWWlu7BIfwqlIj8lruVnOhQ4GeEZmUAsqYf8JfsBwuDc0Y+8qbwjFrr2z+5x+2XBL8KGZVopyme45SHijlBZs7YsJqTBsg5oW09grM8/oO731GtzSYmpat2VZlaILuTjALqo/cu//kxwmqh7UX+jnTJ/2N3bKKSAfHWbHDeHeS2XJ+eKaI4onNYW9J70EfAP3vOpU+zmQ8rOzJuJjRt0HarLwzc5CXb1Xhlgsaoj7zKXPQMnqIDngg==",
"rpc_secret": "AgAcJNCFtOhK28vnLredkTgsVpnMPwaXss5NT5ysc0IbVid2vWRk2CTjBZc5DzjxxLwI1Ok88MFXHP08ZGCYy4rIbwoi7Ei1OEevGWfaI4n5CvAxr4ZamQHSfIX9dVAm9BSSx2M/mDtCKqVEGJEzyHCedrxf6LXM/YTNgjD43BuCZZMu35mRsHItpYFZQSttlHiUvR8y2YKrhV2P7fiWRD3cCVao8ldzKfGuvRfal8ByGoxpsYLj2D9CdtPvRF/TQsWUJJWwzbI9DmbW1MMI4/b26Jfa5TBvHxS1MQxFJpSXuMIengO+b0bi7WaR36y/FrKSNxIrQDHI7XCb00yYaSfj3RkSBVoAD0a2p8vNupHCqsKBoaWd8tMv/wGP8wbBk4DgGeQiTIvfhbQZU/Q2/LVDDficjXVn3IuKP/cqgGVf6lUh5YsUSs8qwpMil7XySiHvaZn+iFAnsXoejd4S2e/pbRvyaxP1aa7TCxnINjpU7IrnUEUiI4glQmAte3MqZWLXcc0Uk3Qz9PP0cD+V8qCOryrPMP2kTAI8LT/K4DgcEMAEGes4Vx1l0oBMF0xJvhM2kZXcEcf0NzuQJvYTgZpQF5xp0TchezLshmEUSIkII9NvAvn+iEYJeHsJUDijjmBloSYe4+QTgdYh6FakVUwYI5U4ztDNrvgqhWjExfbn8HxaFzsNTsuzGoYs+jwXH8Wk2z1Q1oQjDdO5YTjmdqvkSTdin/5CiuCDHaQX6a4gNQ=="
}
}
}

17
infrastructure/gitea/gitea.ingress.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitea-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`git.kluster.moll.re`)
kind: Rule
services:
- name: gitea-http
port: 3000
tls:
certResolver: default-tls

54
infrastructure/gitea/gitea.pvc.yaml Normal file
View File

@@ -0,0 +1,54 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitea-data-nfs
spec:
capacity:
storage: "10Gi"
accessModes:
- ReadWriteOnce
nfs:
path: /export/kluster/gitea/data
server: 192.168.1.157
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-data-nfs
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"
volumeName: gitea-data-nfs
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitea-postgresql-data-nfs
spec:
capacity:
storage: "5Gi"
accessModes:
- ReadWriteOnce
nfs:
path: /export/kluster/gitea/postgres
server: 192.168.1.157
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-postgresql-data-nfs
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "5Gi"
volumeName: gitea-postgresql-data-nfs

217
infrastructure/gitea/gitea.values.yaml Normal file
View File

@@ -0,0 +1,217 @@
## @section Service
service:
## @param service.http.type Kubernetes service type for web traffic
## @param service.http.port Port number for web traffic
## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
## @param service.http.loadBalancerIP LoadBalancer IP setting
## @param service.http.nodePort NodePort for http service
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
## @param service.http.externalIPs External IPs for service
## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
## @param service.http.annotations HTTP service annotations
http:
type: ClusterIP
port: 3000
clusterIP: None
nodePort:
externalTrafficPolicy:
externalIPs:
ipFamilyPolicy:
ipFamilies:
loadBalancerSourceRanges: []
annotations: {}
## @param service.ssh.type Kubernetes service type for ssh traffic
## @param service.ssh.port Port number for ssh traffic
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
## @param service.ssh.loadBalancerIP LoadBalancer IP setting
## @param service.ssh.nodePort NodePort for ssh service
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
## @param service.ssh.externalIPs External IPs for service
## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.ssh.hostPort HostPort for ssh service
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
## @param service.ssh.annotations SSH service annotations
ssh:
type: LoadBalancer
port: 2222
loadBalancerIP: 192.168.3.3
nodePort:
externalTrafficPolicy:
externalIPs:
ipFamilyPolicy:
ipFamilies:
hostPort:
loadBalancerSourceRanges: []
annotations: {}
## @section Ingress
ingress:
enabled: false
## @param resources Kubernetes resources
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @section Persistence
#
## @param persistence.enabled Enable persistent storage
## @param persistence.existingClaim Use an existing claim to store repository information
## @param persistence.size Size for persistence to store repo information
## @param persistence.accessModes AccessMode for persistence
## @param persistence.labels Labels for the persistence volume claim to be created
## @param persistence.annotations Annotations for the persistence volume claim to be created
## @param persistence.storageClass Name of the storage class to use
## @param persistence.subPath Subdirectory of the volume to mount at
persistence:
enabled: true
existingClaim: gitea-data-nfs
size: 10Gi
accessModes:
- ReadWriteOnce
labels: {}
annotations: {}
storageClass:
subPath:
# Configure commit/action signing prerequisites
## @section Signing
#
## @param signing.enabled Enable commit/action signing
## @param signing.gpgHome GPG home directory
## @param signing.privateKey Inline private gpg key for signed Gitea actions
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
signing:
enabled: false
gpgHome: /data/git/.gnupg
privateKey: ""
# privateKey: |-
# -----BEGIN PGP PRIVATE KEY BLOCK-----
# ...
# -----END PGP PRIVATE KEY BLOCK-----
existingSecret: ""
## @section Gitea
#
gitea:
## @param gitea.admin.username Username for the Gitea admin user
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
## @param gitea.admin.password Password for the Gitea admin user
## @param gitea.admin.email Email for the Gitea admin user
admin:
username: gitea_admin
password: r8sA8CPHD9!bt6d
email: "gitea@local.domain"
## @param gitea.metrics.enabled Enable Gitea metrics
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
config:
APP_NAME: "Remy's personal git hosting"
server:
DOMAIN: git.kluster.moll.re
ROOT_URL: https://git.kluster.moll.re
SSH_LISTEN_PORT: 2222
actions:
ENABLED: true
## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image.
ssh:
logLevel: "INFO"
## @section Memcached
#
## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
## ref: https://hub.docker.com/r/bitnami/memcached/tags/
## @param memcached.service.ports.memcached Port for Memcached
memcached:
enabled: true
# image:
# registry: docker.io
# repository: bitnami/memcached
# tag: ""
# digest: ""
# pullPolicy: IfNotPresent
# pullSecrets: []
service:
ports:
memcached: 11211
## @section PostgreSQL
#
## @param postgresql.enabled Enable PostgreSQL
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
postgresql:
enabled: true
image:
tag: 11
# diagnosticMode:
# enabled: true
# containerSecurityContext:
# runAsUser: 0
global:
postgresql:
auth:
password: gitea
database: gitea
username: gitea
service:
ports:
postgresql: 5432
primary:
persistence:
size: 10Gi
existingClaim: gitea-postgresql-data-nfs
mountPath: /bitnami/postgresql/data
postgresql-ha:
enabled: false
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
# Set it to false to skip this basic validation check.
## @section Advanced
## @param checkDeprecation Set it to false to skip this basic validation check.
## @param test.enabled Set it to false to disable test-connection Pod.
## @param test.image.name Image name for the wget container used in the test-connection Pod.
## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
checkDeprecation: true
test:
enabled: true
image:
name: busybox
tag: latest
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []

19
infrastructure/gitea/kustomization.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- gitea.pvc.yaml
- gitea.ingress.yaml
- drone-kube-runner.deployment.yaml
- drone-server.deployment.yaml
- drone-server.sealedsecret.yaml
namespace: gitea
helmCharts:
- name: gitea
releaseName: gitea
version: 9.6.1
valuesFile: gitea.values.yaml
repo: https://dl.gitea.io/charts/

4
infrastructure/gitea/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder