From 5452633f37ba25ee5cff53c2905424364315f5c5 Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Tue, 4 Jul 2023 17:15:04 +0200 Subject: [PATCH] feat(init): Add initial installation for admin user --- README.md | 4 + manifests/admin-creator.yaml | 16 ++++ manifests/configmap.yaml | 139 ++++++++++++++++++----------------- manifests/deployment.yaml | 41 +++++++++-- manifests/kustomization.yaml | 1 + 5 files changed, 128 insertions(+), 73 deletions(-) create mode 100644 README.md create mode 100644 manifests/admin-creator.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..e632cb7 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +# Gitea + +Front end for Git, with integrated Container Registry and CI/CD capabilities. +This repository only contains configuration used for Kubernetes. diff --git a/manifests/admin-creator.yaml b/manifests/admin-creator.yaml new file mode 100644 index 0000000..761172e --- /dev/null +++ b/manifests/admin-creator.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-admin-creator + namespace: gitea +data: + admin-creator.sh: | + #!/bin/sh + + gitea admin user list --admin | grep $(echo ' ' $ADMIN_USER ' ') >/dev/null 2>&1 + + if [ $? -eq 1 ]; + then + gitea admin user create --username $ADMIN_USER --password $ADMIN_PASSWORD --email $ADMIN_MAIL --admin + fi + diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml index 298a310..fb249f3 100644 --- a/manifests/configmap.yaml +++ b/manifests/configmap.yaml @@ -4,88 +4,91 @@ metadata: name: gitea-config namespace: gitea data: - app.ini: "| - APP_NAME = Migration playground for Halia gitlab - RUN_MODE = prod - RUN_USER = git + APP_NAME: Halia hosted git solution + RUN_MODE: prod + GITEA__server__DISABLE_SSH: "true" + GITEA__security__INSTALL_LOCK: "true" + GITEA__service__DISABLE_REGISTRATION: "true" + #app.ini: | + # APP_NAME = K8s implementation + # RUN_MODE = prod + # RUN_USER = git - [repository] - ROOT = /data/git/repositories + # [repository] + # ROOT = /data/git/repositories - [repository.local] - LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + # [repository.local] + # LOCAL_COPY_PATH = /data/gitea/tmp/local-repo - [repository.upload] - TEMP_PATH = /data/gitea/uploads + # [repository.upload] + # TEMP_PATH = /data/gitea/uploads - [server] - APP_DATA_PATH = /data/gitea - DOMAIN = localhost - SSH_DOMAIN = localhost - HTTP_PORT = 3000 - ROOT_URL = http://localhost:3000/ - DISABLE_SSH = false - SSH_PORT = 22 - SSH_LISTEN_PORT = 22 - LFS_START_SERVER = true - OFFLINE_MODE = false + # [server] + # APP_DATA_PATH = /data/gitea + # DOMAIN = localhost + # SSH_DOMAIN = localhost + # HTTP_PORT = 3000 + # ROOT_URL = http://localhost:3000/ + # SSH_PORT = 22 + # SSH_LISTEN_PORT = 22 + # LFS_START_SERVER = true + # OFFLINE_MODE = false - [indexer] - ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + # [indexer] + # ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve - [session] - PROVIDER_CONFIG = /data/gitea/sessions - PROVIDER = file + # [session] + # PROVIDER_CONFIG = /data/gitea/sessions + # PROVIDER = file - [picture] - AVATAR_UPLOAD_PATH = /data/gitea/avatars - REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars + # [picture] + # AVATAR_UPLOAD_PATH = /data/gitea/avatars + # REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars - [attachment] - PATH = /data/gitea/attachments + # [attachment] + # PATH = /data/gitea/attachments - [log] - MODE = console - LEVEL = info - ROUTER = console - ROOT_PATH = /data/gitea/log + # [log] + # MODE = console + # LEVEL = info + # ROUTER = console + # ROOT_PATH = /data/gitea/log - [security] - INSTALL_LOCK = true - SECRET_KEY = - REVERSE_PROXY_LIMIT = 1 - REVERSE_PROXY_TRUSTED_PROXIES = * - INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2ODUzNTc4ODZ9.TWDx6Xj8JIHFAajS-V6PdHNdofUcFfxPnAlBbxBXDl0 - PASSWORD_HASH_ALGO = pbkdf2 + # [security] + # SECRET_KEY = NONE + # REVERSE_PROXY_LIMIT = 1 + # REVERSE_PROXY_TRUSTED_PROXIES = * + # PASSWORD_HASH_ALGO = pbkdf2 - [service] - DISABLE_REGISTRATION = false - REQUIRE_SIGNIN_VIEW = false - REGISTER_EMAIL_CONFIRM = false - ENABLE_NOTIFY_MAIL = false - ALLOW_ONLY_EXTERNAL_REGISTRATION = false - ENABLE_CAPTCHA = false - DEFAULT_KEEP_EMAIL_PRIVATE = false - DEFAULT_ALLOW_CREATE_ORGANIZATION = true - DEFAULT_ENABLE_TIMETRACKING = true - NO_REPLY_ADDRESS = noreply.localhost + # [service] + # REQUIRE_SIGNIN_VIEW = false + # REGISTER_EMAIL_CONFIRM = false + # ENABLE_NOTIFY_MAIL = false + # ALLOW_ONLY_EXTERNAL_REGISTRATION = false + # ENABLE_CAPTCHA = false + # DEFAULT_KEEP_EMAIL_PRIVATE = false + # DEFAULT_ALLOW_CREATE_ORGANIZATION = true + # DEFAULT_ENABLE_TIMETRACKING = true + # NO_REPLY_ADDRESS = noreply.localhost - [lfs] - PATH = /data/git/lfs + # [lfs] + # PATH = /data/git/lfs - [mailer] - ENABLED = false + # [mailer] + # ENABLED = false - [openid] - ENABLE_OPENID_SIGNIN = true - ENABLE_OPENID_SIGNUP = true + # [openid] + # ENABLE_OPENID_SIGNIN = true + # ENABLE_OPENID_SIGNUP = true - [cron.update_checker] - ENABLED = false + # [cron.update_checker] + # ENABLED = false - [repository.pull-request] - DEFAULT_MERGE_STYLE = merge + # [repository.pull-request] + # DEFAULT_MERGE_STYLE = merge - [repository.signing] - DEFAULT_TRUST_MODEL = committer - " + # [repository.signing] + # DEFAULT_TRUST_MODEL = committer + + # [oauth2] + # ENABLE = false diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml index 0d38675..c34afaa 100644 --- a/manifests/deployment.yaml +++ b/manifests/deployment.yaml @@ -15,11 +15,16 @@ spec: spec: hostname: gitea subdomain: gitea + nodeName: hb-wide-1 containers: - name: gitea image: gitea/gitea:1.19.3 ports: - containerPort: 3000 + lifecycle: + postStart: + exec: + command: ["sh", "-c", "sleep 1 && su git -c 'sh /admin-creator.sh'"] env: - name: GITEA__database__DB_TYPE value: "postgres" @@ -27,8 +32,13 @@ spec: value: "gitea.gitea.svc.cluster.local:5432" - name: GITEA__database__NAME value: "gitea" + - name: GITEA__database__SSL_MODE + value: "require" - name: GITEA__database__USER - value: "gitea" + valueFrom: + secretKeyRef: + name: gitea.gitea.credentials.postgresql.acid.zalan.do + key: username - name: GITEA__database__PASSWD valueFrom: secretKeyRef: @@ -42,12 +52,30 @@ spec: - name: GITEA__security__INTERNAL_TOKEN valueFrom: secretKeyRef: - name: gitea-lfs-jwt-secret + name: gitea-internal-token key: token + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: gitea-admin-user + key: token + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: gitea-admin-password + key: token + - name: ADMIN_MAIL + valueFrom: + secretKeyRef: + name: gitea-admin-mail + key: token + envFrom: + - configMapRef: + name: gitea-config volumeMounts: - - mountPath: "/data/gitea/conf/app.ini" - name: gitea-config-volume - subPath: app.ini + - mountPath: "/admin-creator.sh" + name: gitea-admin-creator + subPath: admin-creator.sh volumes: - name: gitea-pv hostPath: @@ -55,3 +83,6 @@ spec: - name: gitea-config-volume configMap: name: gitea-config + - name: gitea-admin-creator + configMap: + name: gitea-admin-creator diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml index 98004e4..5d352c3 100644 --- a/manifests/kustomization.yaml +++ b/manifests/kustomization.yaml @@ -7,4 +7,5 @@ resources: - service.yaml - ingress.yaml - configmap.yaml + - admin-creator.yaml - deployment.yaml