From 251f012e9ae112fcc39b5b11f140faab3cf01ca6 Mon Sep 17 00:00:00 2001 From: Massaki Archambault Date: Tue, 7 Feb 2023 00:02:13 -0500 Subject: [PATCH] fix gitea configuration, install external-secrets --- .../drone-runner/drone-runner-deployment.yaml | 2 +- .../drone-server/drone-server-deployment.yaml | 4 +- .../external-secrets-helmchart.yaml | 12 +++++ .../external-secrets-namespace.yaml | 4 ++ .../bases/external-secrets/kustomization.yaml | 6 +++ kustomize/bases/gitea/gitea-deployment.yaml | 8 +-- .../prometheus-operator/kustomization.yaml | 2 + kustomize/bases/traefik/kustomization.yaml | 2 + .../namespaces/kube-system/kustomization.yaml | 3 +- .../namespaces/monitoring/kustomization.yaml | 2 +- .../overlays/prod-cluster/kustomization.yaml | 1 - kustomize/overlays/prod/kustomization.yaml | 49 ++++++++++++++++--- 12 files changed, 78 insertions(+), 17 deletions(-) create mode 100644 kustomize/bases/external-secrets/external-secrets-helmchart.yaml create mode 100644 kustomize/bases/external-secrets/external-secrets-namespace.yaml create mode 100644 kustomize/bases/external-secrets/kustomization.yaml diff --git a/kustomize/bases/drone-runner/drone-runner-deployment.yaml b/kustomize/bases/drone-runner/drone-runner-deployment.yaml index c98dfe1..4cee85b 100644 --- a/kustomize/bases/drone-runner/drone-runner-deployment.yaml +++ b/kustomize/bases/drone-runner/drone-runner-deployment.yaml @@ -25,7 +25,7 @@ spec: fieldRef: fieldPath: metadata.namespace - name: DRONE_RPC_HOST - value: drone-server.$(DRONE_NAMESPACE_DEFAULT).svc.cluster.local + value: drone-server.gitea.svc.cluster.local # TODO: not hardcode - name: DRONE_RPC_PROTO value: http - name: DRONE_RPC_SECRET diff --git a/kustomize/bases/drone-server/drone-server-deployment.yaml b/kustomize/bases/drone-server/drone-server-deployment.yaml index c3b8c9a..0403aa8 100644 --- a/kustomize/bases/drone-server/drone-server-deployment.yaml +++ b/kustomize/bases/drone-server/drone-server-deployment.yaml @@ -23,14 +23,14 @@ spec: - name: drone image: drone/drone env: + - name: DRONE_GITEA_SERVER + value: https://${GITEA_EXTERNAL_HOST} - name: DRONE_SERVER_HOST value: ${DRONE_EXTERNAL_HOST} - name: DRONE_SERVER_PORT value: ":80" - name: DRONE_SERVER_PROTO value: https - - name: DRONE_GITEA_SERVER - value: https://${GITEA_EXTERNAL_HOST} - name: DRONE_GITEA_CLIENT_ID valueFrom: secretKeyRef: diff --git a/kustomize/bases/external-secrets/external-secrets-helmchart.yaml b/kustomize/bases/external-secrets/external-secrets-helmchart.yaml new file mode 100644 index 0000000..10c6bc5 --- /dev/null +++ b/kustomize/bases/external-secrets/external-secrets-helmchart.yaml @@ -0,0 +1,12 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: external-secrets + namespace: kube-system +spec: + repo: https://charts.external-secrets.io + chart: external-secrets + version: 0.7.2 + targetNamespace: external-secrets + set: + installCRDs: "true" \ No newline at end of file diff --git a/kustomize/bases/external-secrets/external-secrets-namespace.yaml b/kustomize/bases/external-secrets/external-secrets-namespace.yaml new file mode 100644 index 0000000..55ff7cd --- /dev/null +++ b/kustomize/bases/external-secrets/external-secrets-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: external-secrets \ No newline at end of file diff --git a/kustomize/bases/external-secrets/kustomization.yaml b/kustomize/bases/external-secrets/kustomization.yaml new file mode 100644 index 0000000..f553ccb --- /dev/null +++ b/kustomize/bases/external-secrets/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - external-secrets-namespace.yaml + - external-secrets-helmchart.yaml + +commonLabels: + app.kubernetes.io/name: external-secrets diff --git a/kustomize/bases/gitea/gitea-deployment.yaml b/kustomize/bases/gitea/gitea-deployment.yaml index 0a9296b..913f391 100644 --- a/kustomize/bases/gitea/gitea-deployment.yaml +++ b/kustomize/bases/gitea/gitea-deployment.yaml @@ -20,12 +20,14 @@ spec: - name: gitea image: gitea/gitea env: + - name: GITEA__SERVER__ROOT_URL + value: https://${GITEA_EXTERNAL_HOST} + - name: GITEA__WEBHOOK_ALLOWED_HOST_LIST + value: ${DRONE_EXTERNAL_HOST} - name: GITEA__DEFAULT__APP_NAME value: Badjware's code stash - name: GITEA__SERVICE__DISABLE_REGISTRATION value: "yes" - - name: GITEA__SERVER__ROOT_URL - value: https://${GITEA_EXTERNAL_HOST} - name: GITEA__SERVER__SSH_DOMAIN value: ${GITEA_EXTERNAL_HOST} - name: GITEA__SERVER__SSH_PORT @@ -36,8 +38,6 @@ spec: value: repo.wiki - name: GITEA__REPOSITORY__DEFAULT_REPO_UNITS value: repo.code,repo.releases - - name: GITEA__WEBHOOK_ALLOWED_HOST_LIST - value: ${DRONE_EXTERNAL_HOST} ports: - name: http containerPort: 3000 diff --git a/kustomize/bases/prometheus-operator/kustomization.yaml b/kustomize/bases/prometheus-operator/kustomization.yaml index b14def4..4720e89 100644 --- a/kustomize/bases/prometheus-operator/kustomization.yaml +++ b/kustomize/bases/prometheus-operator/kustomization.yaml @@ -1,5 +1,7 @@ resources: - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.50/bundle.yaml +namespace: kube-system + commonLabels: app.kubernetes.io/part-of: monitoring \ No newline at end of file diff --git a/kustomize/bases/traefik/kustomization.yaml b/kustomize/bases/traefik/kustomization.yaml index fc12a86..68a0175 100644 --- a/kustomize/bases/traefik/kustomization.yaml +++ b/kustomize/bases/traefik/kustomization.yaml @@ -4,5 +4,7 @@ resources: - traefik-helmchartconfig.yaml - traefik-ingress.yaml +namespace: kube-system + commonLabels: app.kubernetes.io/name: traefik diff --git a/kustomize/namespaces/kube-system/kustomization.yaml b/kustomize/namespaces/kube-system/kustomization.yaml index 1dbed0f..8d82b6b 100644 --- a/kustomize/namespaces/kube-system/kustomization.yaml +++ b/kustomize/namespaces/kube-system/kustomization.yaml @@ -1,5 +1,4 @@ resources: - ../../bases/traefik - ../../bases/prometheus-operator - -namespace: kube-system + - ../../bases/external-secrets \ No newline at end of file diff --git a/kustomize/namespaces/monitoring/kustomization.yaml b/kustomize/namespaces/monitoring/kustomization.yaml index 2d7eb7f..74ed5d1 100644 --- a/kustomize/namespaces/monitoring/kustomization.yaml +++ b/kustomize/namespaces/monitoring/kustomization.yaml @@ -3,7 +3,7 @@ resources: - ../../bases/prometheus # - ../../bases/node-exporter - ../../bases/blackbox-exporter - - ../../bases/ecommerce-exporter + # - ../../bases/ecommerce-exporter - ../../bases/kube-state-metrics - ../../bases/grafana-agent - ../../bases/grafana diff --git a/kustomize/overlays/prod-cluster/kustomization.yaml b/kustomize/overlays/prod-cluster/kustomization.yaml index 12304b1..623f903 100644 --- a/kustomize/overlays/prod-cluster/kustomization.yaml +++ b/kustomize/overlays/prod-cluster/kustomization.yaml @@ -4,7 +4,6 @@ resources: buildMetadata: - originAnnotations - - transformerAnnotations commonLabels: app.kubernetes.io/managed-by: kustomize-cluster diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml index caea4ab..8729114 100644 --- a/kustomize/overlays/prod/kustomization.yaml +++ b/kustomize/overlays/prod/kustomization.yaml @@ -9,7 +9,6 @@ resources: buildMetadata: - originAnnotations - - transformerAnnotations images: - name: gitea/gitea @@ -38,15 +37,17 @@ configMapGenerator: namespace: default literals: - GITEA_EXTERNAL_HOST=code.badjware.dev + - GITEA_EXTERNAL_URL=https://code.badjware.dev + - DRONE_EXTERNAL_HOST=drone.badjware.dev - NEXTCLOUD_EXTERNAL_HOST=cloud.badjware.dev - GRAFANA_EXTERNAL_HOST=grafana.badjware.dev - PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.home - - name: ecommerce-exporter-config - namespace: monitoring - behavior: replace - files: - - ecommerce-exporter.yml=configurations/ecommerce-exporter/ecommerce-exporter.yml + # - name: ecommerce-exporter-config + # namespace: monitoring + # behavior: replace + # files: + # - ecommerce-exporter.yml=configurations/ecommerce-exporter/ecommerce-exporter.yml secretGenerator: - name: drone-secret @@ -138,6 +139,24 @@ replacements: namespace: gitea fieldPaths: - spec.rules.0.host + - source: + kind: ConfigMap + name: replacements + namespace: default + fieldPath: data.GITEA_EXTERNAL_URL + targets: + - select: + kind: Deployment + name: gitea + namespace: gitea + fieldPaths: + - spec.template.spec.containers.0.env.0.value + - select: + kind: Deployment + name: drone-server + namespace: gitea + fieldPaths: + - spec.template.spec.containers.0.env.0.value - source: kind: ConfigMap name: replacements @@ -150,6 +169,24 @@ replacements: namespace: gitea fieldPaths: - spec.rules.0.host + - select: + kind: Deployment + name: drone-server + namespace: gitea + fieldPaths: + - spec.template.spec.containers.0.env.1.value + - select: + kind: Deployment + name: gitea + namespace: gitea + fieldPaths: + - spec.template.spec.containers.0.env.1.value + - select: + kind: Deployment + name: drone-server + namespace: gitea + fieldPaths: + - spec.template.spec.containers.0.env.1.value - source: kind: ConfigMap name: replacements