moritz
/
infrapuzzle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding everything to let gitea work via https

This commit is contained in:
Moritz Graf 2020-05-01 19:11:16 +02:00
parent bb9c9ccb13
commit e7685f2c62
10 changed files with 130 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
k8s/gitea-chart/
.vagrant .vagrant

2
bootstrap/README.md
View File

@ -68,7 +68,7 @@ Check the current default value of `kube_version` in cloned repository.
```sh ```sh
cd kubespray cd kubespray
ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.8 -e upgrade_cluster_setup=true cluster.yml ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.9 -e upgrade_cluster_setup=true cluster.yml
``` ```
History: History:

58
k8s/README.md
View File

@ -39,6 +39,7 @@ done
helm repo add stable https://kubernetes-charts.storage.googleapis.com helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add jetstack https://charts.jetstack.io helm repo add jetstack https://charts.jetstack.io
helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add k8s-land https://charts.k8s.land
helm repo update helm repo update
``` ```
@ -128,6 +129,63 @@ kubectl apply -f tt-rss/
helm upgrade --install prometheus-operator stable/prometheus-operator -n monitoring -f monitoring/prometheus-operator.secret.yml helm upgrade --install prometheus-operator stable/prometheus-operator -n monitoring -f monitoring/prometheus-operator.secret.yml
``` ```
## gitea
In case my PRs have been accepted this is no longer necessary:
```sh
git clone git@github.com:iptizer/gitea-chart.git
```
```sh
# from chart repo
helm upgrade --install gitea k8s-land/gitea -n development -f development/gitea.secret.yml
# from local folder
helm upgrade --install gitea ./gitea-chart -n development -f development/gitea.secret.yml
# phpmyadmin
helm upgrade --install gitea-phpmyadmin bitnami/phpmyadmin -n development -f development/gitea-phpmyadmin.yml
```
### backup
//TODO something with gitea dump to stdout and rclone to dropbox
### restore
For backup & restore see [gitea documentation](https://docs.gitea.io/en-us/backup-and-restore/).
Download the `gitea-dump` locally and proceed with the following commands:
```sh
mkdir gitea_restore
mv gitea-dump-1587901016.zip gitea_restore
cd gitea_restore
unzip gitea-dump-1587901016.zip
Archive: gitea-dump-1587901016.zip
inflating: gitea-repo.zip
creating: custom/
[...]
```
Import of sql may be done via phpmyadmin.
Copy to remote pod:
```sh
kubectl cp ./gitea-repo.zip gitea-gitea-69cd9bc59b-q2b2f:/data/git/
```
And finally unzip inside shell on pod:
```sh
cd /data/git/
unzip gitea-repo.zip
mv repositories/ gitea-repositories/
```
Then login to git.moritzgraf.de and proceed with default values, or adjust them.
## minio ## minio
```sh ```sh

13
k8s/development/gitea-phpmyadmin.yml Normal file
View File

@ -0,0 +1,13 @@
---
db:
host: gitea-mariadb
ingress:
enabled: true
hosts:
- path: "/"
tls: true
name: "gitea.phpmyadmin.haumdaucher.de"
tlsSecret: "gitea-phpmyadmin-haumdaucher-de"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: "0"

BIN
k8s/development/gitea.secret.yaml
View File

Binary file not shown.

36
k8s/development/gitea.secret.yml Normal file
View File

@ -0,0 +1,36 @@
persistence:
annotations:
"helm.sh/resource-policy": keep
enabled: true
storageClass: openebs-hostpath
accessMode: ReadWriteOnce
mariadb:
enabled: true
rootUser:
password: chu6ohzat4zae2iPhuoy
db:
user: gitea
name: gitea
password: OohoX6vahsh1mahshujo
ingress:
enabled: true
certManager: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- name: git.moritzgraf.de
tls:
- hosts:
- "git.moritzgraf.de"
secretName: git-moritzgraf-de
service:
ssh:
serviceType: ClusterIP
port: 22
externalPort: 2222
externalHost: git.moritzgraf.de

4
terraform/ovh.tf
View File

@ -12,7 +12,7 @@ locals {
## old moritzgrafde ## old moritzgrafde
variable "subdomains_moritzgraf" { variable "subdomains_moritzgraf" {
default = ["git","auth","prometheus","alertmanager","chat","mqtt", "cloud", default = ["auth","prometheus","alertmanager","chat","mqtt", "cloud",
"monitoring","smtp","pop3","imap","jaeger","ldap","code","hub", "monitoring","smtp","pop3","imap","jaeger","ldap","code","hub",
"grafana","phpmyadmin","webapp","kc","phppgadmin","www","rstudio","code" ] "grafana","phpmyadmin","webapp","kc","phppgadmin","www","rstudio","code" ]
} }
@ -30,7 +30,7 @@ resource "ovh_domain_zone_record" "moritzgraf_subdomains" {
## new haumdaucher k8s ## new haumdaucher k8s
variable "subdomains_moritzgraf_k8s" { variable "subdomains_moritzgraf_k8s" {
default = ["corona","corona-api","tt-rss" ] default = ["corona","corona-api","tt-rss","git" ]
} }
resource "ovh_domain_zone_record" "moritzgraf_subdomains_k8s" { resource "ovh_domain_zone_record" "moritzgraf_subdomains_k8s" {

41
terraform/terraform.tfstate
View File

@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "0.12.24", "terraform_version": "0.12.24",
"serial": 117, "serial": 121,
"lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@ -317,19 +317,6 @@
}, },
"private": "bnVsbA==" "private": "bnVsbA=="
}, },
{
"index_key": "git",
"schema_version": 0,
"attributes": {
"fieldtype": "CNAME",
"id": "5113532220",
"subdomain": "git",
"target": "krassescheisse.de.",
"ttl": 60,
"zone": "krassescheisse.de"
},
"private": "bnVsbA=="
},
{ {
"index_key": "grafana", "index_key": "grafana",
"schema_version": 0, "schema_version": 0,
@ -632,19 +619,6 @@
}, },
"private": "bnVsbA==" "private": "bnVsbA=="
}, },
{
"index_key": "git",
"schema_version": 0,
"attributes": {
"fieldtype": "CNAME",
"id": "5106870436",
"subdomain": "git",
"target": "moritzgraf.de.",
"ttl": 60,
"zone": "moritzgraf.de"
},
"private": "bnVsbA=="
},
{ {
"index_key": "grafana", "index_key": "grafana",
"schema_version": 0, "schema_version": 0,
@ -888,6 +862,19 @@
}, },
"private": "bnVsbA==" "private": "bnVsbA=="
}, },
{
"index_key": "git",
"schema_version": 0,
"attributes": {
"fieldtype": "CNAME",
"id": "5116593521",
"subdomain": "git",
"target": "haumdaucher.de.",
"ttl": 60,
"zone": "moritzgraf.de"
},
"private": "bnVsbA=="
},
{ {
"index_key": "tt-rss", "index_key": "tt-rss",
"schema_version": 0, "schema_version": 0,

8
terraform/terraform.tfstate.backup
View File

@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "0.12.24", "terraform_version": "0.12.24",
"serial": 113, "serial": 117,
"lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@ -1014,7 +1014,7 @@
"attributes": { "attributes": {
"fieldtype": "A", "fieldtype": "A",
"id": "5114515103", "id": "5114515103",
"subdomain": "1", "subdomain": "one",
"target": "91.121.84.190", "target": "91.121.84.190",
"ttl": 60, "ttl": 60,
"zone": "haumdaucher.de" "zone": "haumdaucher.de"
@ -1234,7 +1234,7 @@
"attributes": { "attributes": {
"fieldtype": "A", "fieldtype": "A",
"id": "5114515102", "id": "5114515102",
"subdomain": "3", "subdomain": "three",
"target": "37.59.61.198", "target": "37.59.61.198",
"ttl": 60, "ttl": 60,
"zone": "haumdaucher.de" "zone": "haumdaucher.de"
@ -1254,7 +1254,7 @@
"attributes": { "attributes": {
"fieldtype": "A", "fieldtype": "A",
"id": "5114515101", "id": "5114515101",
"subdomain": "2", "subdomain": "two",
"target": "37.59.40.95", "target": "37.59.40.95",
"ttl": 60, "ttl": 60,
"zone": "haumdaucher.de" "zone": "haumdaucher.de"