badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

gitea+drone configuration

This commit is contained in:
Massaki Archambault 2020-05-01 18:08:35 -04:00
parent 58c28a85aa
commit 5863098572
17 changed files with 558 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
kustomize/base/gitea/drone-runner-deployment.yaml Normal file
View File

@ -0,0 +1,71 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner-deployment
labels:
app: drone
component: runner
spec:
selector:
matchLabels:
app: drone
component: runner
template:
metadata:
labels:
app: drone
component: runner
spec:
containers:
- name: drone
image: drone/drone-runner-kube:1.0.0-beta.3
env:
- name: DRONE_RPC_HOST
value: drone.gitea.svc
- name: DRONE_RPC_PROTO
value: http
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secret
key: rpc_secret
ports:
- name: http
containerPort: 80
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner-rolebinding
subjects:
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: drone-runner-role
apiGroup: rbac.authorization.k8s.io

78
kustomize/base/gitea/drone-server-deployment.yaml Normal file
View File

@ -0,0 +1,78 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server-deployment
labels:
app: drone
component: server
spec:
selector:
matchLabels:
app: drone
component: server
template:
metadata:
labels:
app: drone
component: server
spec:
containers:
- name: drone
image: drone/drone:1.7.0
env:
- name: DRONE_SERVER_HOST
value: $(DRONE_EXTERNAL_HOST)
- name: DRONE_GITEA_SERVER
value: https://$(GITEA_EXTERNAL_HOST)
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone-gitea-oauth-secret
key: client_id
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone-gitea-oauth-secret
key: client_secret
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secret
key: rpc_secret
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: drone
labels:
app: drone
spec:
selector:
app: drone
component: server
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: drone-ingress
labels:
app: drone
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: drone.127.0.0.1.nip.io
http:
paths:
- path: /
backend:
serviceName: drone
servicePort: http

129
kustomize/base/gitea/gitea-deployment.yaml Normal file
View File

@ -0,0 +1,129 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-deployment
labels:
app: gitea
spec:
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea:1.11.4
env:
- name: INSTALL_LOCK
value: "yes"
- name: DISABLE_REGISTRATION
value: "yes"
- name: APP_NAME
value: Badjware's code stash
- name: RUN_MODE
value: prod
- name: ROOT_URL
value: https://$(GITEA_EXTERNAL_HOST)
- name: SSH_DOMAIN
value: $(GITEA_EXTERNAL_HOST)
- name: DB_TYPE
value: mysql
- name: DB_HOST
value: mariadb.gitea.svc:3306
- name: DB_NAME
valueFrom:
secretKeyRef:
name: mariadb-credentials-secret
key: database
- name: DB_USER
valueFrom:
secretKeyRef:
name: mariadb-credentials-secret
key: username
- name: DB_PASSWD
valueFrom:
secretKeyRef:
name: mariadb-credentials-secret
key: password
ports:
- name: http
containerPort: 3000
- name: ssh
containerPort: 22
volumeMounts:
- name: gitea-pvc
mountPath: /data
# - name: gitea-app-ini
# mountPath: /data/gitea/conf/
# readOnly: true
volumes:
- name: gitea-pvc
persistentVolumeClaim:
claimName: gitea-pvc
# - name: gitea-app-ini
# secret:
# secretName: gitea-app-ini-secret
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-pvc
labels:
app: gitea
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
name: gitea-http
labels:
app: gitea
spec:
selector:
app: gitea
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
apiVersion: v1
kind: Service
metadata:
name: gitea-ssh
labels:
app: gitea
spec:
selector:
app: gitea
ports:
- name: ssh
protocol: TCP
port: 22
targetPort: ssh
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: gitea-ingress
labels:
app: gitea
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: gitea.127.0.0.1.nip.io
http:
paths:
- path: /
backend:
serviceName: gitea-http
servicePort: http

41
kustomize/base/gitea/kustomization.yaml Normal file
View File

@ -0,0 +1,41 @@
resources:
- namespace.yaml
- gitea-deployment.yaml
- drone-server-deployment.yaml
- drone-runner-deployment.yaml
- mariadb-deployment.yaml
secretGenerator:
- name: mariadb-credentials-secret
type: Opaque
literals:
- database=gitea
- username=gitea
- password=replaceme
- name: drone-secret
type: Opaque
literals:
- rpc_secret=replaceme
- name: drone-gitea-oauth-secret
type: Opaque
literals:
- client_id=replaceme
- client_secret=replaceme
namespace: gitea
vars:
- name: GITEA_EXTERNAL_HOST
objref:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
name: gitea-ingress
fieldref:
fieldpath: spec.rules[0].host
- name: DRONE_EXTERNAL_HOST
objref:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
name: drone-ingress
fieldref:
fieldpath: spec.rules[0].host

72
kustomize/base/gitea/mariadb-deployment.yaml Normal file
View File

@ -0,0 +1,72 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb-deployment
spec:
selector:
matchLabels:
app: mariadb
strategy:
type: Recreate
template:
metadata:
labels:
app: mariadb
spec:
containers:
- name: mariadb
image: mariadb:10.5.2
env:
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: mariadb-credentials-secret
key: database
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mariadb-credentials-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-credentials-secret
key: password
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
ports:
- name: mariadb
containerPort: 3306
volumeMounts:
- name: mariadb-pvc
mountPath: /var/lib/mysql
volumes:
- name: mariadb-pvc
persistentVolumeClaim:
claimName: mariadb-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-pvc
labels:
app: mariadb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
name: mariadb
labels:
app: mariadb
spec:
selector:
app: mariadb
ports:
- name: mariadb
port: 3306

4
kustomize/base/gitea/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: gitea

7
kustomize/base/ingress-controller/helmchart.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: nginx-ingress-controller
spec:
repo: https://kubernetes.github.io/ingress-nginx
chart: ingress-nginx

5
kustomize/base/ingress-controller/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- namespace.yaml
- helmchart.yaml
namespace: ingress-controller

4
kustomize/base/ingress-controller/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: ingress-controller

16
kustomize/base/kubernetes-dashboard/admin-user.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user

12
kustomize/base/kubernetes-dashboard/helmchart.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: kubernetes-dashboard
spec:
repo: https://funkypenguin.github.io/helm-charts
chart: kubernetes-dashboard
version: 2.0.0-rc7-fp6
valuesContent: |-
ingress:
enabled: true
hosts: ["kubernetes-dashboard.127.0.0.1.nip.io"]

6
kustomize/base/kubernetes-dashboard/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
resources:
- namespace.yaml
- admin-user.yaml
- helmchart.yaml
namespace: kubernetes-dashboard

4
kustomize/base/kubernetes-dashboard/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard

4
kustomize/base/nextcloud/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
resources:
- namespace.yaml
namespace: nextcloud

4
kustomize/base/nextcloud/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: gitea

17
kustomize/environment/dev/kustomization.yaml Normal file
View File

@ -0,0 +1,17 @@
bases:
- ../../base/ingress-controller
- ../../base/kubernetes-dashboard
- ../../base/gitea
# secretGenerator:
# - name: drone-gitea-oauth-secret
# type: Opaque
# namespace: gitea
# behavior: replace
# literals:
# - client_id=749cde98-9b3b-4e19-8933-2937e12625f2
# - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg=
# allow "kubectl apply -l managed-by=kustomize --prune ..."
commonlabels:
managed-by: kustomize

84
kustomize/environment/prod/gitea/app.ini Normal file
View File

@ -0,0 +1,84 @@
APP_NAME = Badjware's code stash
RUN_MODE = prod
RUN_USER = git
[repository]
ROOT = /data/git/repositories
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = gitea.127.0.0.1.nip.io
HTTP_PORT = 3000
ROOT_URL = http://gitea.127.0.0.1.nip.io/
DISABLE_SSH = false
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /data/git/lfs
DOMAIN = gitea.127.0.0.1.nip.io
LFS_JWT_SECRET = EiPLMzu-LGvjhcByu5_t3PszAVCg1RP_8e8A1oI_-FA
OFFLINE_MODE = false
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = mysql
HOST = mariadb.gitea.svc:3306
NAME = gitea
USER = gitea
PASSWD = replaceme
SSL_MODE = disable
CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
ROOT_PATH = /data/gitea/log
MODE = file
LEVEL = info
[security]
INSTALL_LOCK = true
SECRET_KEY = Y38P9GDsbUe28RO5y04GlMv7Zbw14plInI7N4zYrZPjTGqANdFHfVlC2XY1UayLu
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1ODgyMTgxODR9.ljBAqOJAIHV14GXmAAoKXOXUho4WaY-Js4XnEHz3qoY
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[oauth2]
JWT_SECRET = L1Aei9Ggp0Lc4g2DSDDFVclLlOT0IAP-zGbVD1XQEXI
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true