install gitea chart 10.4.0 (app version 1.22.1)

rgl · Jul 27, 2024 · 87f0a97 · 87f0a97
1 parent 1685cae
commit 87f0a97
Show file tree

Hide file tree

Showing 5 changed files with 173 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -10,4 +10,5 @@ support.zip
 support/
 talosconfig.yml
 kubeconfig.yml
+kubernetes-ingress-ca-crt.pem
 tmp/
diff --git a/README.md b/README.md
@@ -251,6 +251,22 @@ xdg-open "$example_spin_url"
 kubectl delete -f example-spin.yml
 ```
 
+Access Gitea:
+
+```bash
+export KUBECONFIG=$PWD/kubeconfig.yml
+export SSL_CERT_FILE="$PWD/kubernetes-ingress-ca-crt.pem"
+gitea_ip="$(kubectl get ingress/gitea -o json | jq -r .status.loadBalancer.ingress[0].ip)"
+gitea_fqdn="$(kubectl get ingress/gitea -o json | jq -r .spec.rules[0].host)"
+gitea_url="https://$gitea_fqdn"
+echo "gitea_url: $gitea_url"
+echo "gitea_username: gitea"
+echo "gitea_password: gitea"
+curl --resolve "$gitea_fqdn:443:$gitea_ip" "$gitea_url"
+echo "$gitea_ip $gitea_fqdn" | sudo tee -a /etc/hosts
+xdg-open "$gitea_url"
+```
+
 Access Argo CD:
 
 ```bash

diff --git a/do b/do
@@ -111,6 +111,7 @@ function apply {
   terraform output -raw kubeconfig >kubeconfig.yml
   health
   piraeus-install
+  export-kubernetes-ingress-ca-crt
   info
 }
 
@@ -250,6 +251,12 @@ function info {
   piraeus-info
 }
 
+function export-kubernetes-ingress-ca-crt {
+  kubectl get -n cert-manager secret/ingress-tls -o jsonpath='{.data.tls\.crt}' \
+    | base64 -d \
+    > kubernetes-ingress-ca-crt.pem
+}
+
 function upgrade {
   step 'talosctl upgrade'
   local controllers=($(terraform output -raw controllers | tr ',' ' '))

diff --git a/gitea.tf b/gitea.tf
@@ -0,0 +1,135 @@
+locals {
+  gitea_domain = "gitea.${var.ingress_domain}"
+  # TODO use a non-default namespace when the helm chart is correctly setting the
+  #      namespace in all the resources
+  #      see https://gitea.com/gitea/helm-chart/issues/630
+  gitea_namespace = "default"
+  gitea_manifests = [
+    {
+      apiVersion = "cert-manager.io/v1"
+      kind       = "Certificate"
+      metadata = {
+        name      = "gitea"
+        namespace = local.gitea_namespace
+      }
+      spec = {
+        subject = {
+          organizations = [
+            var.ingress_domain,
+          ]
+          organizationalUnits = [
+            "Kubernetes",
+          ]
+        }
+        commonName = "gitea"
+        dnsNames = [
+          local.gitea_domain,
+        ]
+        privateKey = {
+          algorithm = "ECDSA" # NB Ed25519 is not yet supported by chrome 93 or firefox 91.
+          size      = 256
+        }
+        duration   = "4320h" # NB 4320h (180 days). default is 2160h (90 days).
+        secretName = "gitea-tls"
+        issuerRef = {
+          kind = "ClusterIssuer"
+          name = "ingress"
+        }
+      }
+    },
+  ]
+  gitea_manifest = join("---\n", [for d in local.gitea_manifests : yamlencode(d)])
+}
+
+# set the configuration.
+# NB the default values are described at:
+#       https://gitea.com/gitea/helm-chart/src/tag/v10.4.0/values.yaml
+#    NB make sure you are seeing the same version of the chart that you are installing.
+# see https://registry.terraform.io/providers/hashicorp/helm/latest/docs/data-sources/template
+data "helm_template" "gitea" {
+  namespace  = local.gitea_namespace
+  name       = "gitea"
+  repository = "https://dl.gitea.com/charts"
+  chart      = "gitea"
+  # see https://artifacthub.io/packages/helm/gitea/gitea
+  # renovate: datasource=helm depName=gitea registryUrl=https://dl.gitea.com/charts
+  version      = "10.4.0" # app version 1.22.1.
+  kube_version = var.kubernetes_version
+  api_versions = [
+    "networking.k8s.io/v1/Ingress",
+  ]
+  values = [yamlencode({
+    redis-cluster = {
+      enabled = false
+    }
+    redis = {
+      enabled = false
+    }
+    postgresql = {
+      enabled = false
+    }
+    postgresql-ha = {
+      enabled = false
+    }
+    persistence = {
+      enabled      = true
+      storageClass = "linstor-lvm-r1"
+      claimName    = "gitea"
+    }
+    gitea = {
+      config = {
+        database = {
+          DB_TYPE = "sqlite3"
+        }
+        session = {
+          PROVIDER = "memory"
+        }
+        cache = {
+          ADAPTER = "memory"
+        }
+        queue = {
+          TYPE = "level"
+        }
+      }
+      admin = {
+        username = "gitea"
+        password = "gitea"
+        email    = "gitea@${var.ingress_domain}"
+      }
+    }
+    service = {
+      http = {
+        type      = "ClusterIP"
+        port      = 3000
+        clusterIP = null
+      }
+      ssh = {
+        type      = "ClusterIP"
+        port      = 22
+        clusterIP = null
+      }
+    }
+    ingress = {
+      enabled = true
+      hosts = [
+        {
+          host = local.gitea_domain
+          paths = [
+            {
+              path     = "/"
+              pathType = "Prefix"
+            }
+          ]
+        }
+      ]
+      tls = [
+        {
+          secretName = "gitea-tls"
+          hosts = [
+            local.gitea_domain,
+          ]
+        }
+      ]
+    }
+  })]
+}
diff --git a/talos.tf b/talos.tf
@@ -143,6 +143,20 @@ data "talos_machine_configuration" "controller" {
             name     = "reloader"
             contents = data.helm_template.reloader.manifest
           },
+          {
+            name = "gitea"
+            contents = join("---\n", [
+              yamlencode({
+                apiVersion = "v1"
+                kind       = "Namespace"
+                metadata = {
+                  name = local.gitea_namespace
+                }
+              }),
+              data.helm_template.gitea.manifest,
+              "# Source gitea.tf\n${local.gitea_manifest}",
+            ])
+          },
           {
             name = "argocd"
             contents = join("---\n", [