Adding everything to let gitea work via https

.gitignore

@@ -1 +1,2 @@
+k8s/gitea-chart/
 .vagrant

bootstrap/README.md

@@ -68,7 +68,7 @@ Check the current default value of `kube_version` in cloned repository.
 
 ```sh
 cd kubespray
-ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.8 -e upgrade_cluster_setup=true cluster.yml
+ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.9 -e upgrade_cluster_setup=true cluster.yml
 ```
 
 History:

bootstrap/init.sh

@@ -43,4 +43,4 @@ rm kubespray/inventory/prod/inventory.ini
 cp ./prod.ini kubespray/inventory/prod/inventory.ini
 gsed -i "s/kube_network_plugin: .*/kube_network_plugin: flannel/" ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml
 #echo 'calico_iptables_backend: "NFT"' >> ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-net-cluster.yml
-gsed -i "s/metrics_server_enabled: .*/metrics_server_enabled: true/" ./kubespray/inventory/prod/group_vars/k8s-cluster/addons.yml
+gsed -i "s/metrics_server_enabled: .*/metrics_server_enabled: true/" ./kubespray/inventory/prod/group_vars/k8s-cluster/addons.yml

k8s/README.md

@@ -39,6 +39,7 @@ done
 helm repo add stable https://kubernetes-charts.storage.googleapis.com
 helm repo add jetstack https://charts.jetstack.io
 helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo add k8s-land https://charts.k8s.land
 helm repo update
 ```
 
@@ -128,6 +129,63 @@ kubectl apply -f tt-rss/
 helm upgrade --install prometheus-operator stable/prometheus-operator -n monitoring -f monitoring/prometheus-operator.secret.yml
 ```
 
+## gitea
+
+In case my PRs have been accepted this is no longer necessary:
+
+```sh
+git clone git@github.com:iptizer/gitea-chart.git
+```
+
+```sh
+# from chart repo
+helm upgrade --install gitea k8s-land/gitea -n development -f development/gitea.secret.yml
+# from local folder
+helm upgrade --install gitea ./gitea-chart -n development -f development/gitea.secret.yml
+
+# phpmyadmin
+helm upgrade --install gitea-phpmyadmin bitnami/phpmyadmin -n development -f development/gitea-phpmyadmin.yml
+```
+
+### backup
+
+//TODO something with gitea dump to stdout and rclone to dropbox
+
+### restore
+
+For backup & restore see [gitea documentation](https://docs.gitea.io/en-us/backup-and-restore/).
+
+Download the `gitea-dump` locally and proceed with the following commands:
+
+```sh
+❯ mkdir gitea_restore
+❯ mv gitea-dump-1587901016.zip gitea_restore
+❯ cd gitea_restore
+❯ unzip gitea-dump-1587901016.zip
+Archive:  gitea-dump-1587901016.zip
+  inflating: gitea-repo.zip          
+   creating: custom/
+[...]
+```
+
+Import of sql may be done via phpmyadmin.
+
+Copy to remote pod:
+
+```sh
+kubectl cp ./gitea-repo.zip gitea-gitea-69cd9bc59b-q2b2f:/data/git/
+```
+
+And finally unzip inside shell on pod:
+
+```sh
+cd /data/git/
+unzip gitea-repo.zip
+mv repositories/ gitea-repositories/
+```
+
+Then login to git.moritzgraf.de and proceed with default values, or adjust them.
+
 ## minio
 
 ```sh

k8s/development/gitea-phpmyadmin.yml

@@ -0,0 +1,13 @@
+---
+db:
+  host: gitea-mariadb
+ingress:
+  enabled: true
+  hosts:
+  - path: "/"
+    tls: true
+    name: "gitea.phpmyadmin.haumdaucher.de"
+    tlsSecret: "gitea-phpmyadmin-haumdaucher-de"
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"

k8s/development/gitea.secret.yml

@@ -0,0 +1,36 @@
+persistence:
+  annotations:
+    "helm.sh/resource-policy": keep
+  enabled: true
+  storageClass: openebs-hostpath
+  accessMode: ReadWriteOnce
+
+mariadb:
+  enabled: true
+  rootUser:
+    password: chu6ohzat4zae2iPhuoy
+  db:
+    user: gitea
+    name: gitea
+    password: OohoX6vahsh1mahshujo
+
+ingress:
+  enabled: true
+  certManager: true
+  annotations:
+    kubernetes.io/ingress.class: "nginx"    
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  hosts:
+  - name: git.moritzgraf.de
+  tls:
+  - hosts:
+    - "git.moritzgraf.de"
+    secretName: git-moritzgraf-de
+
+service:
+  ssh:
+    serviceType: ClusterIP
+    port: 22
+    externalPort: 2222
+    externalHost: git.moritzgraf.de

terraform/ovh.tf

@@ -12,7 +12,7 @@ locals {
 ## old moritzgrafde
 
 variable "subdomains_moritzgraf" {
-  default = ["git","auth","prometheus","alertmanager","chat","mqtt", "cloud",
+  default = ["auth","prometheus","alertmanager","chat","mqtt", "cloud",
   "monitoring","smtp","pop3","imap","jaeger","ldap","code","hub",
   "grafana","phpmyadmin","webapp","kc","phppgadmin","www","rstudio","code" ]
 }
@@ -30,7 +30,7 @@ resource "ovh_domain_zone_record" "moritzgraf_subdomains" {
 ## new haumdaucher k8s
 
 variable "subdomains_moritzgraf_k8s" {
-  default = ["corona","corona-api","tt-rss" ]
+  default = ["corona","corona-api","tt-rss","git" ]
 }
 
 resource "ovh_domain_zone_record" "moritzgraf_subdomains_k8s" {

terraform/terraform.tfstate

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "0.12.24",
-  "serial": 117,
+  "serial": 121,
   "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e",
   "outputs": {},
   "resources": [
@@ -317,19 +317,6 @@
           },
           "private": "bnVsbA=="
         },
-        {
-          "index_key": "git",
-          "schema_version": 0,
-          "attributes": {
-            "fieldtype": "CNAME",
-            "id": "5113532220",
-            "subdomain": "git",
-            "target": "krassescheisse.de.",
-            "ttl": 60,
-            "zone": "krassescheisse.de"
-          },
-          "private": "bnVsbA=="
-        },
         {
           "index_key": "grafana",
           "schema_version": 0,
@@ -632,19 +619,6 @@
           },
           "private": "bnVsbA=="
         },
-        {
-          "index_key": "git",
-          "schema_version": 0,
-          "attributes": {
-            "fieldtype": "CNAME",
-            "id": "5106870436",
-            "subdomain": "git",
-            "target": "moritzgraf.de.",
-            "ttl": 60,
-            "zone": "moritzgraf.de"
-          },
-          "private": "bnVsbA=="
-        },
         {
           "index_key": "grafana",
           "schema_version": 0,
@@ -888,6 +862,19 @@
           },
           "private": "bnVsbA=="
         },
+        {
+          "index_key": "git",
+          "schema_version": 0,
+          "attributes": {
+            "fieldtype": "CNAME",
+            "id": "5116593521",
+            "subdomain": "git",
+            "target": "haumdaucher.de.",
+            "ttl": 60,
+            "zone": "moritzgraf.de"
+          },
+          "private": "bnVsbA=="
+        },
         {
           "index_key": "tt-rss",
           "schema_version": 0,

terraform/terraform.tfstate.backup

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "0.12.24",
-  "serial": 113,
+  "serial": 117,
   "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e",
   "outputs": {},
   "resources": [
@@ -1014,7 +1014,7 @@
           "attributes": {
             "fieldtype": "A",
             "id": "5114515103",
-            "subdomain": "1",
+            "subdomain": "one",
             "target": "91.121.84.190",
             "ttl": 60,
             "zone": "haumdaucher.de"
@@ -1234,7 +1234,7 @@
           "attributes": {
             "fieldtype": "A",
             "id": "5114515102",
-            "subdomain": "3",
+            "subdomain": "three",
             "target": "37.59.61.198",
             "ttl": 60,
             "zone": "haumdaucher.de"
@@ -1254,7 +1254,7 @@
           "attributes": {
             "fieldtype": "A",
             "id": "5114515101",
-            "subdomain": "2",
+            "subdomain": "two",
             "target": "37.59.40.95",
             "ttl": 60,
             "zone": "haumdaucher.de"