Rebase gitea

2024-11-26 21:20:36 +11:00
parent a90954368e
commit f661cfce5f
21 changed files with 75 additions and 32 deletions
--- a/services/Gitea/_namespace-gitea.yaml
+++ b/services/Gitea/_namespace-gitea.yaml
@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: gitea
--- a/services/Gitea/configmap-runner-config.yaml
+++ b/services/Gitea/configmap-runner-config.yaml
@ -1,26 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: runner-config
-  namespace: gitea
-data:
-  dind-config.yml: |
-    runner:
-      capacity: 2
-      labels: [dind:docker://node:21-bullseye]
-    container:
-      options: "--add-host=docker:host-gateway -v /certs:/certs -v /scratch:/scratch -v /output:/output"
-      valid_volumes:
-        - /certs
-        - /scratch
-        - /output
-  dind-rootless-config.yml: |
-    runner:
-      capacity: 2
-      labels: [dind-rootless:docker://node:21-bullseye]
-    container:
-      options: "-v /certs:/certs -v /scratch:/scratch -v /output:/output"
-      valid_volumes:
-        - /certs
-        - /scratch
-        - /output
--- a/services/Gitea/deployment-act-runner-dind-rootless.yaml
+++ b/services/Gitea/deployment-act-runner-dind-rootless.yaml
@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: act-runner-dind-rootless
-  name: act-runner-dind-rootless
-  namespace: gitea
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: act-runner-dind-rootless
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: act-runner-dind-rootless
-    spec:
-      hostname: act-runner-dind-rootless
-      restartPolicy: Always
-      volumes:
-      - name: runner-config
-        configMap:
-          name: runner-config
-          items:
-          - key: dind-rootless-config.yml
-            path: dind-rootless-config.yml
-      - name: docker-certs
-        emptyDir: {}
-      - name: runner-data
-        persistentVolumeClaim:
-          claimName: act-runner-dind-rootless
-      - name: flexvolsmb-runner-output
-        persistentVolumeClaim:
-          claimName: flexvolsmb-runner-output
-      - name: flexvolsmb-runner-scratch
-        persistentVolumeClaim:
-          claimName: flexvolsmb-runner-scratch
-      securityContext:
-        fsGroup: 1000
-      containers:
-      - name: runner
-        image: gitea/act_runner:nightly-dind-rootless
-        imagePullPolicy: Always
-        env:
-        - name: CONFIG_FILE
-          value: /opt/act/config.yml
-        - name: DOCKER_HOST
-          value: tcp://localhost:2376
-        - name: DOCKER_CERT_PATH
-          value: /certs/client
-        - name: DOCKER_TLS_VERIFY
-          value: "1"
-        - name: GITEA_INSTANCE_URL
-          value: http://gitea.gitea.svc.cluster.local:3000
-        - name: GITEA_RUNNER_LABELS
-          value: dind-rootless:docker://node:21-bullseye
-        - name: GITEA_RUNNER_REGISTRATION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: runner-secret
-              key: token
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: runner-data
-          mountPath: /data
-        - name: runner-config
-          mountPath: /opt/act/config.yml
-          subPath: dind-rootless-config.yml
-        - name: flexvolsmb-runner-output
-          mountPath: /output
-        - name: flexvolsmb-runner-scratch
-          mountPath: /scratch
--- a/services/Gitea/deployment-act-runner-dind.yaml
+++ b/services/Gitea/deployment-act-runner-dind.yaml
@ -1,90 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: act-runner-dind
-  name: act-runner-dind
-  namespace: gitea
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: act-runner-dind
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: act-runner-dind
-    spec:
-      hostname: act-runner-dind
-      restartPolicy: Always
-      volumes:
-      - name: runner-config
-        configMap:
-          name: runner-config
-          items:
-          - key: dind-config.yml
-            path: dind-config.yml
-      - name: docker-certs
-        emptyDir: {}
-      - name: runner-data
-        persistentVolumeClaim:
-          claimName: act-runner-dind
-      - name: flexvolsmb-runner-output
-        persistentVolumeClaim:
-          claimName: flexvolsmb-runner-output
-      - name: flexvolsmb-runner-scratch
-        persistentVolumeClaim:
-          claimName: flexvolsmb-runner-scratch
-      containers:
-      - name: runner
-        image: gitea/act_runner:nightly
-        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
-        env:
-        - name: CONFIG_FILE
-          value: /opt/act/config.yml
-        - name: DOCKER_HOST
-          value: tcp://localhost:2376
-        - name: DOCKER_CERT_PATH
-          value: /certs/client
-        - name: DOCKER_TLS_VERIFY
-          value: "1"
-        - name: GITEA_INSTANCE_URL
-          value: http://gitea.gitea.svc.cluster.local:3000
-        - name: GITEA_RUNNER_LABELS
-          value: dind:docker://node:21-bullseye
-        - name: GITEA_RUNNER_REGISTRATION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: runner-secret
-              key: token
-        volumeMounts:
-        - name: runner-config
-          mountPath: /opt/act/config.yml
-          subPath: dind-config.yml
-        - name: docker-certs
-          mountPath: /certs
-        - name: runner-data
-          mountPath: /data
-        - name: flexvolsmb-runner-output
-          mountPath: /output
-        - name: flexvolsmb-runner-scratch
-          mountPath: /scratch
-      - name: daemon
-        image: docker:26.1-dind
-        args:
-          - --mtu=1400
-        env:
-        - name: DOCKER_TLS_CERTDIR
-          value: /certs
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
-        - name: flexvolsmb-runner-output
-          mountPath: /output
-        - name: flexvolsmb-runner-scratch
-          mountPath: /scratch
--- a/services/Gitea/deployment-gitea.yaml
+++ b/services/Gitea/deployment-gitea.yaml
@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gitea
-  namespace: gitea
-  labels:
-    app: gitea
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: gitea
-  template:
-    metadata:
-      labels:
-        app: gitea
-    spec:
-      containers:
-      - name: gitea
-        image: gitea/gitea:1.22
-        imagePullPolicy: Always
-        env:
-        - name: DB_TYPE
-          value: 'sqlite3'
-        - name: ROOT_URL
-          value: 'https://code.spamasaurus.com'
-        - name: USER_UID
-          value: "1000"
-        - name: USER_GID
-          value: "1000"
-        ports:
-          - name: ui
-            containerPort: 3000
-        volumeMounts:
-        - mountPath: /data
-          name: flexvolsmb-gitea-data
-        - mountPath: /data/ssh
-          name: flexvolsmb-gitea-ssh
-          subPath: ssh
-#      securityContext:
-#        runAsUser: 1000
-#        runAsGroup: 1000
-#        fsGroup: 1000
-      volumes:
-      - name: flexvolsmb-gitea-data
-        persistentVolumeClaim:
-          claimName: flexvolsmb-gitea-data
-      - name: flexvolsmb-gitea-ssh
-        persistentVolumeClaim:
-          claimName: flexvolsmb-gitea-ssh
--- a/services/Gitea/ingressroute-gitea.yaml
+++ b/services/Gitea/ingressroute-gitea.yaml
@ -1,17 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: gitea
-  namespace: gitea
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`code.spamasaurus.com`)
-    kind: Rule
-    services:
-    - name: gitea
-      port: 3000
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
--- a/services/Gitea/persistentvolume-flexvolsmb-gitea-data.yaml
+++ b/services/Gitea/persistentvolume-flexvolsmb-gitea-data.yaml
@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-gitea-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gitea-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/gitea/data
--- a/services/Gitea/persistentvolume-flexvolsmb-gitea-ssh.yaml
+++ b/services/Gitea/persistentvolume-flexvolsmb-gitea-ssh.yaml
@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-gitea-ssh
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gitea-ssh
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0600,dir_mode=0600,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/gitea/ssh
--- a/services/Gitea/persistentvolume-flexvolsmb-runner-output.yaml
+++ b/services/Gitea/persistentvolume-flexvolsmb-runner-output.yaml
@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-runner-output
-spec:
-  capacity:
-    storage: 50Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-runner-output
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/websites/sn.itch.fyi/Repository/rel
--- a/services/Gitea/persistentvolume-flexvolsmb-runner-scratch.yaml
+++ b/services/Gitea/persistentvolume-flexvolsmb-runner-scratch.yaml
@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-runner-scratch
-spec:
-  capacity:
-    storage: 50Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-runner-scratch
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/gitea/runner/scratch
--- a/services/Gitea/persistentvolumeclaim-act-runner-dind-rootless.yaml
+++ b/services/Gitea/persistentvolumeclaim-act-runner-dind-rootless.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: act-runner-dind-rootless
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
-  resources:
-    requests:
-      storage: 1Gi
--- a/services/Gitea/persistentvolumeclaim-act-runner-dind.yaml
+++ b/services/Gitea/persistentvolumeclaim-act-runner-dind.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: act-runner-dind
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
-  resources:
-    requests:
-      storage: 1Gi
--- a/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-data.yaml
+++ b/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-data.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-gitea-data
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gitea-data
-  resources:
-    requests:
-      storage: 1Gi
--- a/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-ssh.yaml
+++ b/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-ssh.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-gitea-ssh
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gitea-ssh
-  resources:
-    requests:
-      storage: 1Gi
--- a/services/Gitea/persistentvolumeclaim-flexvolsmb-runner-output.yaml
+++ b/services/Gitea/persistentvolumeclaim-flexvolsmb-runner-output.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-runner-output
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-runner-output
-  resources:
-    requests:
-      storage: 50Gi
--- a/services/Gitea/persistentvolumeclaim-flexvolsmb-runner-scratch.yaml
+++ b/services/Gitea/persistentvolumeclaim-flexvolsmb-runner-scratch.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-runner-scratch
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-runner-scratch
-  resources:
-    requests:
-      storage: 50Gi
--- a/services/Gitea/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/Gitea/sealedsecret-flexvolsmb-credentials.yaml
@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: gitea
-spec:
-  encryptedData:
-    password: AgBXexS/ciX+5APi07J2Y/UtRfRlI+EIls9TAabPnVaRWjeAUVzTlJ9duv491QalcLEZaDzu4jWCXhcYJqLVax+FFJJxaewPYfingS/Foaw03p6tE70CF3Dddeu0oNK2jwldDHL5/NHvH1o5QF7WgMu9gdrYPnUEwJ5vAInf7FOn+K35ewomAN5BBV23a3faohRGMYNms/JdNip456GSiVqKXbUL04eSvqKHhxgwqdLHD7mijV2a2GGmC9QQ886NKh+EDTsqg6skTQ7oEMejAQQOt6LyTr8OP2Phy6kkD++MTkSH5y6z9UJE4214WVE1Evhse94q9leS5pi/DD1s9xFXVXOGBScYOqrzm6dFjVaRrL4688ALcOykN92iIQJtPbBU9zV2mI1WwKet000AyJU5sr7yzl+d7dFOULPdkF5Wtuf0oAK6z6JLCmVZSPvrimKzsPNpuT1ziDaay/XBONU9KyjQG1Jf28THiXJni0/K8vEfjB/pp7010vBI+cW/c/zhi9dfzT1z0fVkA4tl4yjelRCEtFwj5b5qKPNrLjmcU5FPeIK+mv6iRW15Rn/cxK60vn61bHHI6NW+ozRuYJbknPd7AO5utjTntzAOZErLdqzXOmTWh8mJMqjoeeEwq9lROYRBjUWRGiTG8sOh4Z3NUcGH4oL7T2m8g9gUBEz99A3/lXurWBdYvssDCyxS9UXDPEUaI+yeLCepbVgcJeQd
-    username: AgBZQjEVHei5IOl9qZgBfA88DeP6aOridfWHKEY2e8JzqDb6xS0YXYHgc0LZwZ/HuhQljnhSfu+L/YbAfbaK0LJPSuq2pqfDMjbufBHZ9vmDHa/vVn5oWdAIaRViwohvjvQRtxMfQ53Q/zuKGQla0O7yB0J570F7/dnC52MvszwGs6Yfrp7M9OztC2P5zj7LoM7R8IkxJSihOA6K4Cmfs4yWzYFMwihoHg9LKS9QlpfjGlmpkfSfIOczJo3PMZjd+m4bhpa5phiUqGUYzqWdeIixTaLXmUP/x9psbsd/wDpYlZnKEXmVQnW4tQ/QSbNGFIYg28QamYvg1Qmd78zJ40D2n6VSg9krk8rDg/5TVd0Mqj0dPgRRauJpMm62o41SE6U3LdXvrQnfqtquHLig7wKCMt6+E/brKsULcFtK8X90PRqESUlywZHXBAzpk9+ALD5RwrrClyO+DqKLoYO+2TtFnVwJOPTDRQzUa5uXHOGHDTsDuZyL5IODPz+nodtQ9ty+qpruszLc45nAc1hEiNSKaqH824AKgRr790gvg0AqIvttAoxt9cE/d73F1MHyFd1uoBliL15JmxnNkn7gO3DPWvj9M1GTOFkrYFKNrH1WB+ines9zW0FHsbK+eRXC6YizTvuMg1YPNZfVE9gnKGw8RX92LWZft+dWLtgHmaMF0A3LYxF2Dnj6HyOhx8s2T2HcaC6D+TQ=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: gitea
-    type: mount/smb
--- a/services/Gitea/secret-runner-secret.yaml
+++ b/services/Gitea/secret-runner-secret.yaml
@ -1,8 +0,0 @@
-apiVersion: v1
-data:
-  token: bjF2R1hHZXVjRVlyaU95aXZaREhrVDlFNVJ0MHptMTJ6Z1kzcTE1TQ==
-kind: Secret
-metadata:
-  name: runner-secret
-  namespace: gitea
-type: Opaque
--- a/services/Gitea/service-gitea.yaml
+++ b/services/Gitea/service-gitea.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea
-  namespace: gitea
-spec:
-  ports:
-    - protocol: TCP
-      name: ui
-      port: 3000
-  selector:
-    app: gitea
--- a/services/Gitea/values.yaml
+++ b/services/Gitea/values.yaml
@ -0,0 +1,43 @@
+actions:
+  enabled: true
+  provisioning:
+    enabled: true
+gitea:
+  admin:
+    username: djpbessems
+    email: danny@bessems.eu
+  config:
+    APP_NAME: "code.spamasaurus.com"
+    database:
+      DB_TYPE: sqlite3
+    session:
+      PROVIDER: memory
+    cache:
+      ADAPTER: memory
+    queue:
+      TYPE: level
+    server:
+      APP_DATA_PATH: /data/gitea
+      OFFLINE_MODE: true
+      PROTOCOL: http
+      ROOT_URL: https://code.spamasaurus.com/
+image:
+  pullPolicy: IfNotPresent
+  debug:
+ingress:
+  enabled: true
+  hosts:
+    - host: code.spamasaurus.com
+      paths:
+        - path: /
+          pathType: Prefix
+persistence:
+  storageClass: smb-csi
+postgresql:
+  enabled: false
+postgresql-ha:
+  enabled: false
+redis-cluster:
+  enabled: false
+strategy:
+  type: Recreate