gitea+drone configuration
This commit is contained in:
parent
58c28a85aa
commit
5863098572
|
@ -0,0 +1,71 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: drone-runner-deployment
|
||||
labels:
|
||||
app: drone
|
||||
component: runner
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: drone
|
||||
component: runner
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: drone
|
||||
component: runner
|
||||
spec:
|
||||
containers:
|
||||
- name: drone
|
||||
image: drone/drone-runner-kube:1.0.0-beta.3
|
||||
env:
|
||||
- name: DRONE_RPC_HOST
|
||||
value: drone.gitea.svc
|
||||
- name: DRONE_RPC_PROTO
|
||||
value: http
|
||||
- name: DRONE_RPC_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-secret
|
||||
key: rpc_secret
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: drone-runner-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/log
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- delete
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: drone-runner-rolebinding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: drone-runner-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
|
@ -0,0 +1,78 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: drone-server-deployment
|
||||
labels:
|
||||
app: drone
|
||||
component: server
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: drone
|
||||
component: server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: drone
|
||||
component: server
|
||||
spec:
|
||||
containers:
|
||||
- name: drone
|
||||
image: drone/drone:1.7.0
|
||||
env:
|
||||
- name: DRONE_SERVER_HOST
|
||||
value: $(DRONE_EXTERNAL_HOST)
|
||||
- name: DRONE_GITEA_SERVER
|
||||
value: https://$(GITEA_EXTERNAL_HOST)
|
||||
- name: DRONE_GITEA_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-gitea-oauth-secret
|
||||
key: client_id
|
||||
- name: DRONE_GITEA_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-gitea-oauth-secret
|
||||
key: client_secret
|
||||
- name: DRONE_RPC_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: drone-secret
|
||||
key: rpc_secret
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: drone
|
||||
labels:
|
||||
app: drone
|
||||
spec:
|
||||
selector:
|
||||
app: drone
|
||||
component: server
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: drone-ingress
|
||||
labels:
|
||||
app: drone
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
spec:
|
||||
rules:
|
||||
- host: drone.127.0.0.1.nip.io
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: drone
|
||||
servicePort: http
|
|
@ -0,0 +1,129 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gitea-deployment
|
||||
labels:
|
||||
app: gitea
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: gitea
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: gitea
|
||||
spec:
|
||||
containers:
|
||||
- name: gitea
|
||||
image: gitea/gitea:1.11.4
|
||||
env:
|
||||
- name: INSTALL_LOCK
|
||||
value: "yes"
|
||||
- name: DISABLE_REGISTRATION
|
||||
value: "yes"
|
||||
- name: APP_NAME
|
||||
value: Badjware's code stash
|
||||
- name: RUN_MODE
|
||||
value: prod
|
||||
- name: ROOT_URL
|
||||
value: https://$(GITEA_EXTERNAL_HOST)
|
||||
- name: SSH_DOMAIN
|
||||
value: $(GITEA_EXTERNAL_HOST)
|
||||
- name: DB_TYPE
|
||||
value: mysql
|
||||
- name: DB_HOST
|
||||
value: mariadb.gitea.svc:3306
|
||||
- name: DB_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mariadb-credentials-secret
|
||||
key: database
|
||||
- name: DB_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mariadb-credentials-secret
|
||||
key: username
|
||||
- name: DB_PASSWD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mariadb-credentials-secret
|
||||
key: password
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
- name: ssh
|
||||
containerPort: 22
|
||||
volumeMounts:
|
||||
- name: gitea-pvc
|
||||
mountPath: /data
|
||||
# - name: gitea-app-ini
|
||||
# mountPath: /data/gitea/conf/
|
||||
# readOnly: true
|
||||
volumes:
|
||||
- name: gitea-pvc
|
||||
persistentVolumeClaim:
|
||||
claimName: gitea-pvc
|
||||
# - name: gitea-app-ini
|
||||
# secret:
|
||||
# secretName: gitea-app-ini-secret
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gitea-pvc
|
||||
labels:
|
||||
app: gitea
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: gitea-http
|
||||
labels:
|
||||
app: gitea
|
||||
spec:
|
||||
selector:
|
||||
app: gitea
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: gitea-ssh
|
||||
labels:
|
||||
app: gitea
|
||||
spec:
|
||||
selector:
|
||||
app: gitea
|
||||
ports:
|
||||
- name: ssh
|
||||
protocol: TCP
|
||||
port: 22
|
||||
targetPort: ssh
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: gitea-ingress
|
||||
labels:
|
||||
app: gitea
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
spec:
|
||||
rules:
|
||||
- host: gitea.127.0.0.1.nip.io
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: gitea-http
|
||||
servicePort: http
|
|
@ -0,0 +1,41 @@
|
|||
resources:
|
||||
- namespace.yaml
|
||||
- gitea-deployment.yaml
|
||||
- drone-server-deployment.yaml
|
||||
- drone-runner-deployment.yaml
|
||||
- mariadb-deployment.yaml
|
||||
|
||||
secretGenerator:
|
||||
- name: mariadb-credentials-secret
|
||||
type: Opaque
|
||||
literals:
|
||||
- database=gitea
|
||||
- username=gitea
|
||||
- password=replaceme
|
||||
- name: drone-secret
|
||||
type: Opaque
|
||||
literals:
|
||||
- rpc_secret=replaceme
|
||||
- name: drone-gitea-oauth-secret
|
||||
type: Opaque
|
||||
literals:
|
||||
- client_id=replaceme
|
||||
- client_secret=replaceme
|
||||
|
||||
namespace: gitea
|
||||
|
||||
vars:
|
||||
- name: GITEA_EXTERNAL_HOST
|
||||
objref:
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
name: gitea-ingress
|
||||
fieldref:
|
||||
fieldpath: spec.rules[0].host
|
||||
- name: DRONE_EXTERNAL_HOST
|
||||
objref:
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
name: drone-ingress
|
||||
fieldref:
|
||||
fieldpath: spec.rules[0].host
|
|
@ -0,0 +1,72 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mariadb-deployment
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mariadb
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mariadb
|
||||
spec:
|
||||
containers:
|
||||
- name: mariadb
|
||||
image: mariadb:10.5.2
|
||||
env:
|
||||
- name: MYSQL_DATABASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mariadb-credentials-secret
|
||||
key: database
|
||||
- name: MYSQL_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mariadb-credentials-secret
|
||||
key: username
|
||||
- name: MYSQL_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mariadb-credentials-secret
|
||||
key: password
|
||||
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
||||
value: "yes"
|
||||
ports:
|
||||
- name: mariadb
|
||||
containerPort: 3306
|
||||
volumeMounts:
|
||||
- name: mariadb-pvc
|
||||
mountPath: /var/lib/mysql
|
||||
volumes:
|
||||
- name: mariadb-pvc
|
||||
persistentVolumeClaim:
|
||||
claimName: mariadb-pvc
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: mariadb-pvc
|
||||
labels:
|
||||
app: mariadb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mariadb
|
||||
labels:
|
||||
app: mariadb
|
||||
spec:
|
||||
selector:
|
||||
app: mariadb
|
||||
ports:
|
||||
- name: mariadb
|
||||
port: 3306
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: gitea
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChart
|
||||
metadata:
|
||||
name: nginx-ingress-controller
|
||||
spec:
|
||||
repo: https://kubernetes.github.io/ingress-nginx
|
||||
chart: ingress-nginx
|
|
@ -0,0 +1,5 @@
|
|||
resources:
|
||||
- namespace.yaml
|
||||
- helmchart.yaml
|
||||
|
||||
namespace: ingress-controller
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: ingress-controller
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: admin-user
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: admin-user
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: admin-user
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChart
|
||||
metadata:
|
||||
name: kubernetes-dashboard
|
||||
spec:
|
||||
repo: https://funkypenguin.github.io/helm-charts
|
||||
chart: kubernetes-dashboard
|
||||
version: 2.0.0-rc7-fp6
|
||||
valuesContent: |-
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts: ["kubernetes-dashboard.127.0.0.1.nip.io"]
|
|
@ -0,0 +1,6 @@
|
|||
resources:
|
||||
- namespace.yaml
|
||||
- admin-user.yaml
|
||||
- helmchart.yaml
|
||||
|
||||
namespace: kubernetes-dashboard
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: kubernetes-dashboard
|
|
@ -0,0 +1,4 @@
|
|||
resources:
|
||||
- namespace.yaml
|
||||
|
||||
namespace: nextcloud
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: gitea
|
|
@ -0,0 +1,17 @@
|
|||
bases:
|
||||
- ../../base/ingress-controller
|
||||
- ../../base/kubernetes-dashboard
|
||||
- ../../base/gitea
|
||||
|
||||
# secretGenerator:
|
||||
# - name: drone-gitea-oauth-secret
|
||||
# type: Opaque
|
||||
# namespace: gitea
|
||||
# behavior: replace
|
||||
# literals:
|
||||
# - client_id=749cde98-9b3b-4e19-8933-2937e12625f2
|
||||
# - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg=
|
||||
|
||||
# allow "kubectl apply -l managed-by=kustomize --prune ..."
|
||||
commonlabels:
|
||||
managed-by: kustomize
|
|
@ -0,0 +1,84 @@
|
|||
APP_NAME = Badjware's code stash
|
||||
RUN_MODE = prod
|
||||
RUN_USER = git
|
||||
|
||||
[repository]
|
||||
ROOT = /data/git/repositories
|
||||
|
||||
[repository.local]
|
||||
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
|
||||
|
||||
[repository.upload]
|
||||
TEMP_PATH = /data/gitea/uploads
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = /data/gitea
|
||||
SSH_DOMAIN = gitea.127.0.0.1.nip.io
|
||||
HTTP_PORT = 3000
|
||||
ROOT_URL = http://gitea.127.0.0.1.nip.io/
|
||||
DISABLE_SSH = false
|
||||
SSH_PORT = 22
|
||||
SSH_LISTEN_PORT = 22
|
||||
LFS_START_SERVER = true
|
||||
LFS_CONTENT_PATH = /data/git/lfs
|
||||
DOMAIN = gitea.127.0.0.1.nip.io
|
||||
LFS_JWT_SECRET = EiPLMzu-LGvjhcByu5_t3PszAVCg1RP_8e8A1oI_-FA
|
||||
OFFLINE_MODE = false
|
||||
|
||||
[database]
|
||||
PATH = /data/gitea/gitea.db
|
||||
DB_TYPE = mysql
|
||||
HOST = mariadb.gitea.svc:3306
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
PASSWD = replaceme
|
||||
SSL_MODE = disable
|
||||
CHARSET = utf8
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
||||
|
||||
[session]
|
||||
PROVIDER_CONFIG = /data/gitea/sessions
|
||||
PROVIDER = file
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
||||
DISABLE_GRAVATAR = false
|
||||
ENABLE_FEDERATED_AVATAR = true
|
||||
|
||||
[attachment]
|
||||
PATH = /data/gitea/attachments
|
||||
|
||||
[log]
|
||||
ROOT_PATH = /data/gitea/log
|
||||
MODE = file
|
||||
LEVEL = info
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY = Y38P9GDsbUe28RO5y04GlMv7Zbw14plInI7N4zYrZPjTGqANdFHfVlC2XY1UayLu
|
||||
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1ODgyMTgxODR9.ljBAqOJAIHV14GXmAAoKXOXUho4WaY-Js4XnEHz3qoY
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = false
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
ENABLE_CAPTCHA = false
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
NO_REPLY_ADDRESS = noreply.localhost
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = L1Aei9Ggp0Lc4g2DSDDFVclLlOT0IAP-zGbVD1XQEXI
|
||||
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = true
|
||||
ENABLE_OPENID_SIGNUP = true
|
Loading…
Reference in New Issue