From 58630985720bbab136327b8bf0ef2b34241576d5 Mon Sep 17 00:00:00 2001
From: Massaki Archambault <marchambault@badjware.dev>
Date: Fri, 1 May 2020 18:08:35 -0400
Subject: [PATCH] gitea+drone configuration

---
 .../base/gitea/drone-runner-deployment.yaml   |  71 ++++++++++
 .../base/gitea/drone-server-deployment.yaml   |  78 +++++++++++
 kustomize/base/gitea/gitea-deployment.yaml    | 129 ++++++++++++++++++
 kustomize/base/gitea/kustomization.yaml       |  41 ++++++
 kustomize/base/gitea/mariadb-deployment.yaml  |  72 ++++++++++
 kustomize/base/gitea/namespace.yaml           |   4 +
 .../base/ingress-controller/helmchart.yaml    |   7 +
 .../ingress-controller/kustomization.yaml     |   5 +
 .../base/ingress-controller/namespace.yaml    |   4 +
 .../base/kubernetes-dashboard/admin-user.yaml |  16 +++
 .../base/kubernetes-dashboard/helmchart.yaml  |  12 ++
 .../kubernetes-dashboard/kustomization.yaml   |   6 +
 .../base/kubernetes-dashboard/namespace.yaml  |   4 +
 kustomize/base/nextcloud/kustomization.yaml   |   4 +
 kustomize/base/nextcloud/namespace.yaml       |   4 +
 kustomize/environment/dev/kustomization.yaml  |  17 +++
 kustomize/environment/prod/gitea/app.ini      |  84 ++++++++++++
 17 files changed, 558 insertions(+)
 create mode 100644 kustomize/base/gitea/drone-runner-deployment.yaml
 create mode 100644 kustomize/base/gitea/drone-server-deployment.yaml
 create mode 100644 kustomize/base/gitea/gitea-deployment.yaml
 create mode 100644 kustomize/base/gitea/kustomization.yaml
 create mode 100644 kustomize/base/gitea/mariadb-deployment.yaml
 create mode 100644 kustomize/base/gitea/namespace.yaml
 create mode 100644 kustomize/base/ingress-controller/helmchart.yaml
 create mode 100644 kustomize/base/ingress-controller/kustomization.yaml
 create mode 100644 kustomize/base/ingress-controller/namespace.yaml
 create mode 100644 kustomize/base/kubernetes-dashboard/admin-user.yaml
 create mode 100644 kustomize/base/kubernetes-dashboard/helmchart.yaml
 create mode 100644 kustomize/base/kubernetes-dashboard/kustomization.yaml
 create mode 100644 kustomize/base/kubernetes-dashboard/namespace.yaml
 create mode 100644 kustomize/base/nextcloud/kustomization.yaml
 create mode 100644 kustomize/base/nextcloud/namespace.yaml
 create mode 100644 kustomize/environment/dev/kustomization.yaml
 create mode 100644 kustomize/environment/prod/gitea/app.ini

diff --git a/kustomize/base/gitea/drone-runner-deployment.yaml b/kustomize/base/gitea/drone-runner-deployment.yaml
new file mode 100644
index 0000000..353d937
--- /dev/null
+++ b/kustomize/base/gitea/drone-runner-deployment.yaml
@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-runner-deployment
+  labels:
+    app: drone
+    component: runner
+spec:
+  selector:
+    matchLabels:
+      app: drone
+      component: runner
+  template:
+    metadata:
+      labels:
+        app: drone
+        component: runner
+    spec:
+      containers:
+        - name: drone
+          image: drone/drone-runner-kube:1.0.0-beta.3
+          env:
+            - name: DRONE_RPC_HOST
+              value: drone.gitea.svc
+            - name: DRONE_RPC_PROTO
+              value: http
+            - name: DRONE_RPC_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: rpc_secret
+          ports:
+            - name: http
+              containerPort: 80
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone-runner-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - create
+  - delete
+  - list
+  - watch
+  - update
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone-runner-rolebinding
+subjects:
+- kind: ServiceAccount
+  name: default
+roleRef:
+  kind: Role
+  name: drone-runner-role
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/kustomize/base/gitea/drone-server-deployment.yaml b/kustomize/base/gitea/drone-server-deployment.yaml
new file mode 100644
index 0000000..0c84d9b
--- /dev/null
+++ b/kustomize/base/gitea/drone-server-deployment.yaml
@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-server-deployment
+  labels:
+    app: drone
+    component: server
+spec:
+  selector:
+    matchLabels:
+      app: drone
+      component: server
+  template:
+    metadata:
+      labels:
+        app: drone
+        component: server
+    spec:
+      containers:
+        - name: drone
+          image: drone/drone:1.7.0
+          env:
+            - name: DRONE_SERVER_HOST
+              value: $(DRONE_EXTERNAL_HOST)
+            - name: DRONE_GITEA_SERVER
+              value: https://$(GITEA_EXTERNAL_HOST)
+            - name: DRONE_GITEA_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: drone-gitea-oauth-secret
+                  key: client_id
+            - name: DRONE_GITEA_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-gitea-oauth-secret
+                  key: client_secret
+            - name: DRONE_RPC_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: rpc_secret
+          ports:
+            - name: http
+              containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: drone
+  labels:
+    app: drone
+spec:
+  selector:
+    app: drone
+    component: server
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: http
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: drone-ingress
+  labels:
+    app: drone
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  rules:
+  - host: drone.127.0.0.1.nip.io
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: drone
+          servicePort: http
\ No newline at end of file
diff --git a/kustomize/base/gitea/gitea-deployment.yaml b/kustomize/base/gitea/gitea-deployment.yaml
new file mode 100644
index 0000000..bc9e8ca
--- /dev/null
+++ b/kustomize/base/gitea/gitea-deployment.yaml
@@ -0,0 +1,129 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea-deployment
+  labels:
+    app: gitea
+spec:
+  selector:
+    matchLabels:
+      app: gitea
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      containers:
+        - name: gitea
+          image: gitea/gitea:1.11.4
+          env:
+            - name: INSTALL_LOCK
+              value: "yes"
+            - name: DISABLE_REGISTRATION
+              value: "yes"
+            - name: APP_NAME
+              value: Badjware's code stash
+            - name: RUN_MODE
+              value: prod
+            - name: ROOT_URL
+              value: https://$(GITEA_EXTERNAL_HOST)
+            - name: SSH_DOMAIN
+              value: $(GITEA_EXTERNAL_HOST)
+            - name: DB_TYPE
+              value: mysql
+            - name: DB_HOST
+              value: mariadb.gitea.svc:3306
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: database
+            - name: DB_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: username
+            - name: DB_PASSWD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: password
+          ports:
+            - name: http
+              containerPort: 3000
+            - name: ssh
+              containerPort: 22   
+          volumeMounts:
+            - name: gitea-pvc
+              mountPath: /data
+            # - name: gitea-app-ini
+            #   mountPath: /data/gitea/conf/
+            #   readOnly: true
+      volumes:
+        - name: gitea-pvc
+          persistentVolumeClaim:
+            claimName: gitea-pvc
+        # - name: gitea-app-ini
+        #   secret:
+        #     secretName: gitea-app-ini-secret
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-pvc
+  labels:
+    app: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-http
+  labels:
+    app: gitea
+spec:
+  selector:
+    app: gitea
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-ssh
+  labels:
+    app: gitea
+spec:
+  selector:
+    app: gitea
+  ports:
+    - name: ssh
+      protocol: TCP
+      port: 22
+      targetPort: ssh
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: gitea-ingress
+  labels:
+    app: gitea
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  rules:
+  - host: gitea.127.0.0.1.nip.io
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: gitea-http
+          servicePort: http
\ No newline at end of file
diff --git a/kustomize/base/gitea/kustomization.yaml b/kustomize/base/gitea/kustomization.yaml
new file mode 100644
index 0000000..d9e85a0
--- /dev/null
+++ b/kustomize/base/gitea/kustomization.yaml
@@ -0,0 +1,41 @@
+resources:
+  - namespace.yaml
+  - gitea-deployment.yaml
+  - drone-server-deployment.yaml
+  - drone-runner-deployment.yaml
+  - mariadb-deployment.yaml
+
+secretGenerator:
+  - name: mariadb-credentials-secret
+    type: Opaque
+    literals:
+      - database=gitea
+      - username=gitea
+      - password=replaceme
+  - name: drone-secret
+    type: Opaque
+    literals:
+      - rpc_secret=replaceme
+  - name: drone-gitea-oauth-secret
+    type: Opaque
+    literals:
+      - client_id=replaceme
+      - client_secret=replaceme
+
+namespace: gitea
+
+vars:
+  - name: GITEA_EXTERNAL_HOST
+    objref:
+      apiVersion: networking.k8s.io/v1beta1
+      kind: Ingress
+      name: gitea-ingress
+    fieldref:
+      fieldpath: spec.rules[0].host
+  - name: DRONE_EXTERNAL_HOST
+    objref:
+      apiVersion: networking.k8s.io/v1beta1
+      kind: Ingress
+      name: drone-ingress
+    fieldref:
+      fieldpath: spec.rules[0].host
\ No newline at end of file
diff --git a/kustomize/base/gitea/mariadb-deployment.yaml b/kustomize/base/gitea/mariadb-deployment.yaml
new file mode 100644
index 0000000..866efa3
--- /dev/null
+++ b/kustomize/base/gitea/mariadb-deployment.yaml
@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mariadb-deployment
+spec:
+  selector:
+    matchLabels:
+      app: mariadb
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mariadb
+    spec:
+      containers:
+        - name: mariadb
+          image: mariadb:10.5.2
+          env:
+            - name: MYSQL_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: database
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: username
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-credentials-secret
+                  key: password
+            - name: MYSQL_RANDOM_ROOT_PASSWORD
+              value: "yes"
+          ports:
+            - name: mariadb
+              containerPort: 3306
+          volumeMounts:
+            - name: mariadb-pvc
+              mountPath: /var/lib/mysql
+      volumes:
+        - name: mariadb-pvc
+          persistentVolumeClaim:
+            claimName: mariadb-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-pvc
+  labels:
+    app: mariadb
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb
+  labels:
+    app: mariadb
+spec:
+  selector:
+    app: mariadb
+  ports:
+    - name: mariadb
+      port: 3306
\ No newline at end of file
diff --git a/kustomize/base/gitea/namespace.yaml b/kustomize/base/gitea/namespace.yaml
new file mode 100644
index 0000000..d884423
--- /dev/null
+++ b/kustomize/base/gitea/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
\ No newline at end of file
diff --git a/kustomize/base/ingress-controller/helmchart.yaml b/kustomize/base/ingress-controller/helmchart.yaml
new file mode 100644
index 0000000..0ef2fb5
--- /dev/null
+++ b/kustomize/base/ingress-controller/helmchart.yaml
@@ -0,0 +1,7 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: nginx-ingress-controller
+spec:
+  repo:  https://kubernetes.github.io/ingress-nginx
+  chart: ingress-nginx
diff --git a/kustomize/base/ingress-controller/kustomization.yaml b/kustomize/base/ingress-controller/kustomization.yaml
new file mode 100644
index 0000000..a9a44bc
--- /dev/null
+++ b/kustomize/base/ingress-controller/kustomization.yaml
@@ -0,0 +1,5 @@
+resources:
+  - namespace.yaml
+  - helmchart.yaml
+
+namespace: ingress-controller
diff --git a/kustomize/base/ingress-controller/namespace.yaml b/kustomize/base/ingress-controller/namespace.yaml
new file mode 100644
index 0000000..1b0fcc9
--- /dev/null
+++ b/kustomize/base/ingress-controller/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-controller
\ No newline at end of file
diff --git a/kustomize/base/kubernetes-dashboard/admin-user.yaml b/kustomize/base/kubernetes-dashboard/admin-user.yaml
new file mode 100644
index 0000000..20763b4
--- /dev/null
+++ b/kustomize/base/kubernetes-dashboard/admin-user.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
\ No newline at end of file
diff --git a/kustomize/base/kubernetes-dashboard/helmchart.yaml b/kustomize/base/kubernetes-dashboard/helmchart.yaml
new file mode 100644
index 0000000..d542525
--- /dev/null
+++ b/kustomize/base/kubernetes-dashboard/helmchart.yaml
@@ -0,0 +1,12 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: kubernetes-dashboard 
+spec:
+  repo:  https://funkypenguin.github.io/helm-charts
+  chart: kubernetes-dashboard
+  version: 2.0.0-rc7-fp6
+  valuesContent: |-
+    ingress:
+        enabled: true
+        hosts: ["kubernetes-dashboard.127.0.0.1.nip.io"]
diff --git a/kustomize/base/kubernetes-dashboard/kustomization.yaml b/kustomize/base/kubernetes-dashboard/kustomization.yaml
new file mode 100644
index 0000000..af964ca
--- /dev/null
+++ b/kustomize/base/kubernetes-dashboard/kustomization.yaml
@@ -0,0 +1,6 @@
+resources:
+  - namespace.yaml
+  - admin-user.yaml
+  - helmchart.yaml
+
+namespace: kubernetes-dashboard
diff --git a/kustomize/base/kubernetes-dashboard/namespace.yaml b/kustomize/base/kubernetes-dashboard/namespace.yaml
new file mode 100644
index 0000000..47783df
--- /dev/null
+++ b/kustomize/base/kubernetes-dashboard/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubernetes-dashboard
\ No newline at end of file
diff --git a/kustomize/base/nextcloud/kustomization.yaml b/kustomize/base/nextcloud/kustomization.yaml
new file mode 100644
index 0000000..c1d9b9a
--- /dev/null
+++ b/kustomize/base/nextcloud/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+  - namespace.yaml
+
+namespace: nextcloud
diff --git a/kustomize/base/nextcloud/namespace.yaml b/kustomize/base/nextcloud/namespace.yaml
new file mode 100644
index 0000000..d884423
--- /dev/null
+++ b/kustomize/base/nextcloud/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
\ No newline at end of file
diff --git a/kustomize/environment/dev/kustomization.yaml b/kustomize/environment/dev/kustomization.yaml
new file mode 100644
index 0000000..395c155
--- /dev/null
+++ b/kustomize/environment/dev/kustomization.yaml
@@ -0,0 +1,17 @@
+bases:
+  - ../../base/ingress-controller
+  - ../../base/kubernetes-dashboard
+  - ../../base/gitea
+
+# secretGenerator:
+#   - name: drone-gitea-oauth-secret
+#     type: Opaque
+#     namespace: gitea
+#     behavior: replace
+#     literals:
+#       - client_id=749cde98-9b3b-4e19-8933-2937e12625f2
+#       - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg=
+
+# allow "kubectl apply -l managed-by=kustomize --prune ..."
+commonlabels:
+  managed-by: kustomize
diff --git a/kustomize/environment/prod/gitea/app.ini b/kustomize/environment/prod/gitea/app.ini
new file mode 100644
index 0000000..ba5fddf
--- /dev/null
+++ b/kustomize/environment/prod/gitea/app.ini
@@ -0,0 +1,84 @@
+APP_NAME = Badjware's code stash
+RUN_MODE = prod
+RUN_USER = git
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH    = /data/gitea
+SSH_DOMAIN       = gitea.127.0.0.1.nip.io
+HTTP_PORT        = 3000
+ROOT_URL         = http://gitea.127.0.0.1.nip.io/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+SSH_LISTEN_PORT  = 22
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = /data/git/lfs
+DOMAIN           = gitea.127.0.0.1.nip.io
+LFS_JWT_SECRET   = EiPLMzu-LGvjhcByu5_t3PszAVCg1RP_8e8A1oI_-FA
+OFFLINE_MODE     = false
+
+[database]
+PATH     = /data/gitea/gitea.db
+DB_TYPE  = mysql
+HOST     = mariadb.gitea.svc:3306
+NAME     = gitea
+USER     = gitea
+PASSWD   = replaceme
+SSL_MODE = disable
+CHARSET  = utf8
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER        = file
+
+[picture]
+AVATAR_UPLOAD_PATH            = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+DISABLE_GRAVATAR              = false
+ENABLE_FEDERATED_AVATAR       = true
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+MODE      = file
+LEVEL     = info
+
+[security]
+INSTALL_LOCK   = true
+SECRET_KEY     = Y38P9GDsbUe28RO5y04GlMv7Zbw14plInI7N4zYrZPjTGqANdFHfVlC2XY1UayLu
+INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1ODgyMTgxODR9.ljBAqOJAIHV14GXmAAoKXOXUho4WaY-Js4XnEHz3qoY
+
+[service]
+DISABLE_REGISTRATION              = false
+REQUIRE_SIGNIN_VIEW               = false
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.localhost
+
+[oauth2]
+JWT_SECRET = L1Aei9Ggp0Lc4g2DSDDFVclLlOT0IAP-zGbVD1XQEXI
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true