WIP gitea

2020-07-14 12:10:19 +02:00 · 2020-07-14 12:10:19 +02:00 · 3dc27886cb
commit 3dc27886cb
parent 7670dfe469
12 changed files with 218 additions and 45 deletions
--- a/templates/drone/drone-IngressRoute.yml.j2
+++ b/templates/drone/drone-IngressRoute.yml.j2
@ -0,0 +1,53 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: drone
+  namespace: drone
+  labels:
+    app.kubernetes.io/name: drone
+    app.kubernetes.io/instance: drone
+    app.kubernetes.io/component: server
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  entryPoints:
+    - https
+  routes:
+  # Match is the rule corresponding to an underlying router.
+  # Later on, match could be the simple form of a path prefix, e.g. just "/bar",
+  # but for now we only support a traefik style matching rule.
+  - match: Host(`drone.{{ traefik_domain }}`)
+    # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header",
+    # "Parameter", etc, to support simpler forms of rule matching, but for now we
+    # only support "Rule".
+    kind: Rule
+    # (optional) Priority disambiguates rules of the same length, for route matching.
+    priority: 12
+{% if basic_auth is defined or ingress_whitelist is defined %}
+    middlewares:
+{% if ingress_whitelist is defined %}
+      - name: traefik-ipwhitelist
+{% endif %}
+{% if basic_auth is defined %}
+      - name: basic-auth
+{% endif %}
+{% endif %}
+    services:
+    - name: drone
+      port: 3000
+      # (default 1) A weight used by the weighted round-robin strategy (WRR).  
+      weight: 1
+      # (default true) PassHostHeader controls whether to leave the request's Host
+      # Header as it was before it reached the proxy, or whether to let the proxy set it
+      # to the destination (backend) host.
+      passHostHeader: true
+      responseForwarding:
+        # (default 100ms) Interval between flushes of the buffered response body to the client.
+        flushInterval: 100ms
+  tls:
+{% if drone_certificate is defined %}
+    secretName: {{ drone_certificate }}
+{% endif %}
+    options:
+      name: default
+      namespace: {{ traefik_namespace }}
--- a/templates/drone/drone-PersistentVolumeClaim.yaml
+++ b/templates/drone/drone-PersistentVolumeClaim.yaml
@ -1,19 +0,0 @@
-# Source: drone/templates/pvc.yaml
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    helm.sh/chart: drone-0.1.5
-    app.kubernetes.io/name: drone
-    app.kubernetes.io/instance: drone
-    app.kubernetes.io/component: server
-    app.kubernetes.io/version: "1.6.5"
-    app.kubernetes.io/managed-by: Helm
-  name: drone
-  namespace: drone
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: "8Gi"
--- a/templates/drone/drone-PersistentVolumeClaim.yml.j2
+++ b/templates/drone/drone-PersistentVolumeClaim.yml.j2
@ -0,0 +1,32 @@
+# Source: drone/templates/pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    helm.sh/chart: drone-0.1.5
+    app.kubernetes.io/name: drone
+    app.kubernetes.io/instance: drone
+    app.kubernetes.io/component: server
+    app.kubernetes.io/version: "1.6.5"
+    app.kubernetes.io/managed-by: Helm
+  name: drone
+  namespace: drone
+spec:
+{% if drone_storage_classname is defined %}
+{% if drone_storage_classname == "manual" %}
+  storageClassName: manual
+{% elif drone_storage_classname == "local" %}
+  storageClassName: local-path
+{% elif drone_storage_classname == "do-block-storage" %}
+  storageClassName: do-block-storage
+{% elif drone_storage_classname == "linode-block-storage" %}
+  storageClassName: linode-block-storage
+{% elif drone_storage_classname == "nfs" %}
+  storageClassName: nfs
+{% endif %}
+{% endif %}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: "8Gi"
--- a/templates/gitea/gitea-IngressRoute.yml.j2
+++ b/templates/gitea/gitea-IngressRoute.yml.j2
@ -0,0 +1,49 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app.kubernetes.io/name: drone
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/component: server
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+
+spec:
+  entryPoints:
+    - https
+  routes:
+  # Match is the rule corresponding to an underlying router.
+  # Later on, match could be the simple form of a path prefix, e.g. just "/bar",
+  # but for now we only support a traefik style matching rule.
+  - match: Host(`gitea.{{ traefik_domain }}`)
+    # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header",
+    # "Parameter", etc, to support simpler forms of rule matching, but for now we
+    # only support "Rule".
+    kind: Rule
+    # (optional) Priority disambiguates rules of the same length, for route matching.
+    priority: 12
+{% if ingress_whitelist is defined %}
+    middlewares:
+      - name: traefik-ipwhitelist
+{% endif %}
+    services:
+    - name: gitea
+      port: 3000
+      # (default 1) A weight used by the weighted round-robin strategy (WRR).  
+      weight: 1
+      # (default true) PassHostHeader controls whether to leave the request's Host
+      # Header as it was before it reached the proxy, or whether to let the proxy set it
+      # to the destination (backend) host.
+      passHostHeader: true
+      responseForwarding:
+        # (default 100ms) Interval between flushes of the buffered response body to the client.
+        flushInterval: 100ms
+  tls:
+{% if gitea_certificate is defined %}
+    secretName: {{ gitea_certificate }}
+{% endif %}
+    options:
+      name: default
+      namespace: {{ traefik_namespace }}
--- a/templates/gitea/gitea-IngressRouteTCP.yml.j2
+++ b/templates/gitea/gitea-IngressRouteTCP.yml.j2
@ -0,0 +1,14 @@
+kind: IngressRouteTCP
+metadata:
+  name: gitea-ssh
+  namespace: gitea
+spec:
+  entryPoints:
+    - gitea-ssh
+  routes:
+  - match: HostSNI(`*`)
+    services:
+    - name: gitea-ssh
+      port: 2222
+      weight: 10
+      terminationDelay: 400
--- a/templates/gitea/gitea-Namespace.yaml.j2
+++ b/templates/gitea/gitea-Namespace.yaml.j2
@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+
--- a/templates/gitea/gitea-pvc.yml.j2
+++ b/templates/gitea/gitea-pvc.yml.j2
@ -0,0 +1,24 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+{% if gitea_storage_classname is defined %}
+{% if gitea_storage_classname == "manual" %}
+  storageClassName: manual
+{% elif gitea_storage_classname == "local" %}
+  storageClassName: local-path
+{% elif gitea_storage_classname == "do-block-storage" %}
+  storageClassName: do-block-storage
+{% elif gitea_storage_classname == "linode-block-storage" %}
+  storageClassName: linode-block-storage
+{% elif gitea_storage_classname == "nfs" %}
+  storageClassName: nfs
+{% endif %}
+{% endif %}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi