WIP gitea

defaults/main.yml

@@ -1,3 +1,7 @@
 my_context: minikube
 #traefik_version: "2.1"
-#traefik_namespace: traefik
+#traefik_namespace: traefik
+#drone_certificate: certificate_secret_name
+#drone_storage_classname:
+#gitea_certificate: certificate_secret_name
+#drone_storage_classname:

files/gitea/gitea-Deployment.yaml

@@ -40,7 +40,7 @@ spec:
           name: git-ssh
         volumeMounts:
         - mountPath: /data
-          name: git-data
+          name: gitea-data
         - name: gitea-config
           mountPath: /data/gitea/conf
         resources:
@@ -51,13 +51,10 @@ spec:
             cpu: 1
             memory: 200Mi
       volumes:
-      - name: git-data
+      - name: gitea-data
-#        hostPath:
+        persistentVolumeClaim:
-#          path: /mnt/kube-data/gitea
+          claimName: gitea
-#          type: Directory
+#        emptyDir: {}
-#        persistentVolumeClaim:
-#          claimName: gitea
-        emptyDir: {}
       - name: gitea-config
         configMap:
           name: gitea

files/gitea/gitea-ingress.yaml

@@ -4,7 +4,7 @@ metadata:
   name: gitea
   namespace: gitea
   annotations:
-      kubernetes.io/ingress.class: nginx
+      kubernetes.io/ingress.class: traefik
       nginx.ingress.kubernetes.io/rewrite-target: /
 spec:
   tls:

files/gitea/gitea-pvc.yaml

@@ -1,13 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: gitea
-  namespace: gitea
-  annotations:
-    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi

tasks/main.yml

@@ -1,3 +1,30 @@
+---
+- name: Gitea setup
+  block:
+  - name: Install Gitea dynamic files
+    k8s:
+      state: present
+      context: "{{ my_context }}"
+      merge_type: merge
+      resource_definition: "{{ lookup('template', 'gitea/' + item) | from_yaml }}"
+    with_items:
+      - gitea-Namespace.yaml.j2
+      - gitea-pvc.yml.j2
+      - gitea-IngressRoute.yml.j2
+#      - gitea-IngressRouteTCP.yml.j2
+  - name: Install Gitea static files
+    k8s:
+      state: present
+      context: "{{ my_context }}"
+      merge_type: merge
+      resource_definition: "{{ lookup('file', 'gitea/' + item) | from_yaml }}"
+    with_items:
+      - gitea-ConfigMap.yaml
+      - gitea-Deployment.yaml
+      - gitea-Service.yaml
+  tags:
+    - gitea
+
 - name: Drone setup
   block:
   - name: Configure environnement
@@ -9,7 +36,6 @@
     with_items:
       - drone-Namespace.yaml.j2
     tags:
-#      - drone
       - drone-server
       - drone-runner
 
@@ -22,8 +48,9 @@
         merge_type: merge
         resource_definition: "{{ lookup('template', item) | from_yaml }}"
       with_items:
-        - drone/drone-PersistentVolumeClaim.yaml
+        - drone/drone-PersistentVolumeClaim.yml.j2
         - drone/drone-Secret.yaml.j2
+        - drone/drone-IngressRoute.yml.j2
     - name: Install Drone Static files
       k8s:
         state: present
@@ -64,4 +91,4 @@
     tags:
       - drone-runner
   tags:
-    - drone
+    - drone

templates/drone/drone-IngressRoute.yml.j2

@@ -0,0 +1,53 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: drone
+  namespace: drone
+  labels:
+    app.kubernetes.io/name: drone
+    app.kubernetes.io/instance: drone
+    app.kubernetes.io/component: server
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  entryPoints:
+    - https
+  routes:
+  # Match is the rule corresponding to an underlying router.
+  # Later on, match could be the simple form of a path prefix, e.g. just "/bar",
+  # but for now we only support a traefik style matching rule.
+  - match: Host(`drone.{{ traefik_domain }}`)
+    # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header",
+    # "Parameter", etc, to support simpler forms of rule matching, but for now we
+    # only support "Rule".
+    kind: Rule
+    # (optional) Priority disambiguates rules of the same length, for route matching.
+    priority: 12
+{% if basic_auth is defined or ingress_whitelist is defined %}
+    middlewares:
+{% if ingress_whitelist is defined %}
+      - name: traefik-ipwhitelist
+{% endif %}
+{% if basic_auth is defined %}
+      - name: basic-auth
+{% endif %}
+{% endif %}
+    services:
+    - name: drone
+      port: 3000
+      # (default 1) A weight used by the weighted round-robin strategy (WRR).  
+      weight: 1
+      # (default true) PassHostHeader controls whether to leave the request's Host
+      # Header as it was before it reached the proxy, or whether to let the proxy set it
+      # to the destination (backend) host.
+      passHostHeader: true
+      responseForwarding:
+        # (default 100ms) Interval between flushes of the buffered response body to the client.
+        flushInterval: 100ms
+  tls:
+{% if drone_certificate is defined %}
+    secretName: {{ drone_certificate }}
+{% endif %}
+    options:
+      name: default
+      namespace: {{ traefik_namespace }}

templates/drone/drone-PersistentVolumeClaim.yaml

@@ -1,19 +0,0 @@
-# Source: drone/templates/pvc.yaml
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    helm.sh/chart: drone-0.1.5
-    app.kubernetes.io/name: drone
-    app.kubernetes.io/instance: drone
-    app.kubernetes.io/component: server
-    app.kubernetes.io/version: "1.6.5"
-    app.kubernetes.io/managed-by: Helm
-  name: drone
-  namespace: drone
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: "8Gi"

templates/drone/drone-PersistentVolumeClaim.yml.j2

@@ -0,0 +1,32 @@
+# Source: drone/templates/pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    helm.sh/chart: drone-0.1.5
+    app.kubernetes.io/name: drone
+    app.kubernetes.io/instance: drone
+    app.kubernetes.io/component: server
+    app.kubernetes.io/version: "1.6.5"
+    app.kubernetes.io/managed-by: Helm
+  name: drone
+  namespace: drone
+spec:
+{% if drone_storage_classname is defined %}
+{% if drone_storage_classname == "manual" %}
+  storageClassName: manual
+{% elif drone_storage_classname == "local" %}
+  storageClassName: local-path
+{% elif drone_storage_classname == "do-block-storage" %}
+  storageClassName: do-block-storage
+{% elif drone_storage_classname == "linode-block-storage" %}
+  storageClassName: linode-block-storage
+{% elif drone_storage_classname == "nfs" %}
+  storageClassName: nfs
+{% endif %}
+{% endif %}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: "8Gi"

templates/gitea/gitea-IngressRoute.yml.j2

@@ -0,0 +1,49 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app.kubernetes.io/name: drone
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/component: server
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+
+spec:
+  entryPoints:
+    - https
+  routes:
+  # Match is the rule corresponding to an underlying router.
+  # Later on, match could be the simple form of a path prefix, e.g. just "/bar",
+  # but for now we only support a traefik style matching rule.
+  - match: Host(`gitea.{{ traefik_domain }}`)
+    # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header",
+    # "Parameter", etc, to support simpler forms of rule matching, but for now we
+    # only support "Rule".
+    kind: Rule
+    # (optional) Priority disambiguates rules of the same length, for route matching.
+    priority: 12
+{% if ingress_whitelist is defined %}
+    middlewares:
+      - name: traefik-ipwhitelist
+{% endif %}
+    services:
+    - name: gitea
+      port: 3000
+      # (default 1) A weight used by the weighted round-robin strategy (WRR).  
+      weight: 1
+      # (default true) PassHostHeader controls whether to leave the request's Host
+      # Header as it was before it reached the proxy, or whether to let the proxy set it
+      # to the destination (backend) host.
+      passHostHeader: true
+      responseForwarding:
+        # (default 100ms) Interval between flushes of the buffered response body to the client.
+        flushInterval: 100ms
+  tls:
+{% if gitea_certificate is defined %}
+    secretName: {{ gitea_certificate }}
+{% endif %}
+    options:
+      name: default
+      namespace: {{ traefik_namespace }}

templates/gitea/gitea-IngressRouteTCP.yml.j2

@@ -0,0 +1,14 @@
+kind: IngressRouteTCP
+metadata:
+  name: gitea-ssh
+  namespace: gitea
+spec:
+  entryPoints:
+    - gitea-ssh
+  routes:
+  - match: HostSNI(`*`)
+    services:
+    - name: gitea-ssh
+      port: 2222
+      weight: 10
+      terminationDelay: 400

templates/gitea/gitea-Namespace.yaml.j2

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+

templates/gitea/gitea-pvc.yml.j2

@@ -0,0 +1,24 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+{% if gitea_storage_classname is defined %}
+{% if gitea_storage_classname == "manual" %}
+  storageClassName: manual
+{% elif gitea_storage_classname == "local" %}
+  storageClassName: local-path
+{% elif gitea_storage_classname == "do-block-storage" %}
+  storageClassName: do-block-storage
+{% elif gitea_storage_classname == "linode-block-storage" %}
+  storageClassName: linode-block-storage
+{% elif gitea_storage_classname == "nfs" %}
+  storageClassName: nfs
+{% endif %}
+{% endif %}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi