From e7685f2c62d7683033da3d88a6617fdd8dbdff79 Mon Sep 17 00:00:00 2001 From: Moritz Graf Date: Fri, 1 May 2020 19:11:16 +0200 Subject: [PATCH] Adding everything to let gitea work via https --- .gitignore | 1 + bootstrap/README.md | 2 +- bootstrap/init.sh | 2 +- k8s/README.md | 58 +++++++++++++++++++++++++++ k8s/development/gitea-phpmyadmin.yml | 13 ++++++ k8s/development/gitea.secret.yaml | Bin 529 -> 0 bytes k8s/development/gitea.secret.yml | 36 +++++++++++++++++ terraform/ovh.tf | 4 +- terraform/terraform.tfstate | 41 +++++++------------ terraform/terraform.tfstate.backup | 8 ++-- 10 files changed, 130 insertions(+), 35 deletions(-) create mode 100644 k8s/development/gitea-phpmyadmin.yml delete mode 100644 k8s/development/gitea.secret.yaml create mode 100644 k8s/development/gitea.secret.yml diff --git a/.gitignore b/.gitignore index 997ca2f..b5e2664 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +k8s/gitea-chart/ .vagrant \ No newline at end of file diff --git a/bootstrap/README.md b/bootstrap/README.md index 86c04e9..20f9022 100644 --- a/bootstrap/README.md +++ b/bootstrap/README.md @@ -68,7 +68,7 @@ Check the current default value of `kube_version` in cloned repository. ```sh cd kubespray -ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.8 -e upgrade_cluster_setup=true cluster.yml +ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.9 -e upgrade_cluster_setup=true cluster.yml ``` History: diff --git a/bootstrap/init.sh b/bootstrap/init.sh index 1364cf0..b27370d 100755 --- a/bootstrap/init.sh +++ b/bootstrap/init.sh @@ -43,4 +43,4 @@ rm kubespray/inventory/prod/inventory.ini cp ./prod.ini kubespray/inventory/prod/inventory.ini gsed -i "s/kube_network_plugin: .*/kube_network_plugin: flannel/" ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml #echo 'calico_iptables_backend: "NFT"' >> ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-net-cluster.yml -gsed -i "s/metrics_server_enabled: .*/metrics_server_enabled: true/" ./kubespray/inventory/prod/group_vars/k8s-cluster/addons.yml \ No newline at end of file +gsed -i "s/metrics_server_enabled: .*/metrics_server_enabled: true/" ./kubespray/inventory/prod/group_vars/k8s-cluster/addons.yml diff --git a/k8s/README.md b/k8s/README.md index 7e7aa71..82b73ca 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -39,6 +39,7 @@ done helm repo add stable https://kubernetes-charts.storage.googleapis.com helm repo add jetstack https://charts.jetstack.io helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo add k8s-land https://charts.k8s.land helm repo update ``` @@ -128,6 +129,63 @@ kubectl apply -f tt-rss/ helm upgrade --install prometheus-operator stable/prometheus-operator -n monitoring -f monitoring/prometheus-operator.secret.yml ``` +## gitea + +In case my PRs have been accepted this is no longer necessary: + +```sh +git clone git@github.com:iptizer/gitea-chart.git +``` + +```sh +# from chart repo +helm upgrade --install gitea k8s-land/gitea -n development -f development/gitea.secret.yml +# from local folder +helm upgrade --install gitea ./gitea-chart -n development -f development/gitea.secret.yml + +# phpmyadmin +helm upgrade --install gitea-phpmyadmin bitnami/phpmyadmin -n development -f development/gitea-phpmyadmin.yml +``` + +### backup + +//TODO something with gitea dump to stdout and rclone to dropbox + +### restore + +For backup & restore see [gitea documentation](https://docs.gitea.io/en-us/backup-and-restore/). + +Download the `gitea-dump` locally and proceed with the following commands: + +```sh +❯ mkdir gitea_restore +❯ mv gitea-dump-1587901016.zip gitea_restore +❯ cd gitea_restore +❯ unzip gitea-dump-1587901016.zip +Archive: gitea-dump-1587901016.zip + inflating: gitea-repo.zip + creating: custom/ +[...] +``` + +Import of sql may be done via phpmyadmin. + +Copy to remote pod: + +```sh +kubectl cp ./gitea-repo.zip gitea-gitea-69cd9bc59b-q2b2f:/data/git/ +``` + +And finally unzip inside shell on pod: + +```sh +cd /data/git/ +unzip gitea-repo.zip +mv repositories/ gitea-repositories/ +``` + +Then login to git.moritzgraf.de and proceed with default values, or adjust them. + ## minio ```sh diff --git a/k8s/development/gitea-phpmyadmin.yml b/k8s/development/gitea-phpmyadmin.yml new file mode 100644 index 0000000..0ddcfc2 --- /dev/null +++ b/k8s/development/gitea-phpmyadmin.yml @@ -0,0 +1,13 @@ +--- +db: + host: gitea-mariadb +ingress: + enabled: true + hosts: + - path: "/" + tls: true + name: "gitea.phpmyadmin.haumdaucher.de" + tlsSecret: "gitea-phpmyadmin-haumdaucher-de" + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/proxy-body-size: "0" \ No newline at end of file diff --git a/k8s/development/gitea.secret.yaml b/k8s/development/gitea.secret.yaml deleted file mode 100644 index 2cfb586e0bf6c865fbf445bd34db8a555eae12c3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 529 zcmV+s0`C0)M@dveQdv+`0HNx)LaX9sUIos)NPl@K0->~8 z%vL-Sg&logpk?_Sa+s>)h!6Bog67zh?F=0k;wtz#hNlgq))eb8;e_zW$1>WQb|*Fb z?XyoqkS6^bzlSFrrRfeKiT_fF8FF1%0Z~0gJG#M*WX*9o?U&PO{WGjPNLV7ll7gJdA<&F6fN0msE#Xkmeg45yZpjX zod7PUQrm%QF6|MYD1=bThghsxw8jDcPnz$QEJtDgV=D)I3$yy#Ru|h-y)ua;L&5` Tfns_7j{hDZ)HEMurhWGz+Fk=g diff --git a/k8s/development/gitea.secret.yml b/k8s/development/gitea.secret.yml new file mode 100644 index 0000000..1073e0a --- /dev/null +++ b/k8s/development/gitea.secret.yml @@ -0,0 +1,36 @@ +persistence: + annotations: + "helm.sh/resource-policy": keep + enabled: true + storageClass: openebs-hostpath + accessMode: ReadWriteOnce + +mariadb: + enabled: true + rootUser: + password: chu6ohzat4zae2iPhuoy + db: + user: gitea + name: gitea + password: OohoX6vahsh1mahshujo + +ingress: + enabled: true + certManager: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + cert-manager.io/cluster-issuer: "letsencrypt-prod" + hosts: + - name: git.moritzgraf.de + tls: + - hosts: + - "git.moritzgraf.de" + secretName: git-moritzgraf-de + +service: + ssh: + serviceType: ClusterIP + port: 22 + externalPort: 2222 + externalHost: git.moritzgraf.de diff --git a/terraform/ovh.tf b/terraform/ovh.tf index 1258e7f..11df989 100644 --- a/terraform/ovh.tf +++ b/terraform/ovh.tf @@ -12,7 +12,7 @@ locals { ## old moritzgrafde variable "subdomains_moritzgraf" { - default = ["git","auth","prometheus","alertmanager","chat","mqtt", "cloud", + default = ["auth","prometheus","alertmanager","chat","mqtt", "cloud", "monitoring","smtp","pop3","imap","jaeger","ldap","code","hub", "grafana","phpmyadmin","webapp","kc","phppgadmin","www","rstudio","code" ] } @@ -30,7 +30,7 @@ resource "ovh_domain_zone_record" "moritzgraf_subdomains" { ## new haumdaucher k8s variable "subdomains_moritzgraf_k8s" { - default = ["corona","corona-api","tt-rss" ] + default = ["corona","corona-api","tt-rss","git" ] } resource "ovh_domain_zone_record" "moritzgraf_subdomains_k8s" { diff --git a/terraform/terraform.tfstate b/terraform/terraform.tfstate index 9f17038..5117fcb 100644 --- a/terraform/terraform.tfstate +++ b/terraform/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.12.24", - "serial": 117, + "serial": 121, "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "outputs": {}, "resources": [ @@ -317,19 +317,6 @@ }, "private": "bnVsbA==" }, - { - "index_key": "git", - "schema_version": 0, - "attributes": { - "fieldtype": "CNAME", - "id": "5113532220", - "subdomain": "git", - "target": "krassescheisse.de.", - "ttl": 60, - "zone": "krassescheisse.de" - }, - "private": "bnVsbA==" - }, { "index_key": "grafana", "schema_version": 0, @@ -632,19 +619,6 @@ }, "private": "bnVsbA==" }, - { - "index_key": "git", - "schema_version": 0, - "attributes": { - "fieldtype": "CNAME", - "id": "5106870436", - "subdomain": "git", - "target": "moritzgraf.de.", - "ttl": 60, - "zone": "moritzgraf.de" - }, - "private": "bnVsbA==" - }, { "index_key": "grafana", "schema_version": 0, @@ -888,6 +862,19 @@ }, "private": "bnVsbA==" }, + { + "index_key": "git", + "schema_version": 0, + "attributes": { + "fieldtype": "CNAME", + "id": "5116593521", + "subdomain": "git", + "target": "haumdaucher.de.", + "ttl": 60, + "zone": "moritzgraf.de" + }, + "private": "bnVsbA==" + }, { "index_key": "tt-rss", "schema_version": 0, diff --git a/terraform/terraform.tfstate.backup b/terraform/terraform.tfstate.backup index c1cde96..9f17038 100644 --- a/terraform/terraform.tfstate.backup +++ b/terraform/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.12.24", - "serial": 113, + "serial": 117, "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "outputs": {}, "resources": [ @@ -1014,7 +1014,7 @@ "attributes": { "fieldtype": "A", "id": "5114515103", - "subdomain": "1", + "subdomain": "one", "target": "91.121.84.190", "ttl": 60, "zone": "haumdaucher.de" @@ -1234,7 +1234,7 @@ "attributes": { "fieldtype": "A", "id": "5114515102", - "subdomain": "3", + "subdomain": "three", "target": "37.59.61.198", "ttl": 60, "zone": "haumdaucher.de" @@ -1254,7 +1254,7 @@ "attributes": { "fieldtype": "A", "id": "5114515101", - "subdomain": "2", + "subdomain": "two", "target": "37.59.40.95", "ttl": 60, "zone": "haumdaucher.de"