AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
dev/gitea/catalog-info.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: dev-gitea
title: Gitea (dev)
description: Gitea instance running in Kubernetes
annotations:
backstage.io/kubernetes-label-selector: "app=gitea"
links:
- url: https://github.com/AllardKrings/kubernetes/dev/gitea
title: gitea-configuration
docs:
- url: ./README.md
spec:
type: service
lifecycle: production
owner: group:default/allarddcs
subcomponentOf: component:default/DEV-cluster

38
dev/gitea/dev/README.md Executable file
View File

@@ -0,0 +1,38 @@
#Installatie via Helm:
helm repo add bitnami https://charts.bitnami
kubectl apply -f gitea-pvc.yaml
kubectl apply -f ingressrouteTCP-http.yaml
kubectl apply -f ingressrouteTCP-tls.yaml
kubectl apply -f ingressrouteTCP-ssh.yaml
helm install gitea bitnami/gitea -f values.yaml -n gitea
- er wordt via cert-manager een certificaat aangemaakt:
gitea.alldcs.nl-tls kubernetes.io/tls
gitea-externaldb Opaque
gitea Opaque
sh.helm.release.v1.gitea.v1 helm.sh/release.v1
#repository koppelen:
https://gitea.alldcs.nl/allard/kubernetes DUS ZONDER .git!
user: allard
password: Gitea01@
project: default
#webhook definieren bij je repository:
http://el-gitea-listener.default.svc.cluster.local:8080
http://192.168.2.170:31234
en in app.ini:
[webhook]
ALLOWED_HOST_LIST=el-gitea-listener.default.svc.cluster.local
#dus zonder http:// en :8080

33
dev/gitea/dev/gitea-pvc.yaml Executable file
View File

@@ -0,0 +1,33 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitea-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/gitea-helm
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-pvc
namespace: gitea
spec:
storageClassName: ""
volumeName: gitea-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 2Gi

14
dev/gitea/dev/ingressroute-http.yaml Executable file
View File

@@ -0,0 +1,14 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-http
namespace: gitea
spec:
entryPoints:
- web
routes:
- match: Host(`gitea-dev.allarddcs.nl`)
kind: Rule
services:
- name: gitea
port: 3000

16
dev/gitea/dev/ingressroute-tls.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-tls
namespace: gitea
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea-dev.allarddcs.nl`)
kind: Rule
services:
- name: gitea
port: 3000
tls:
secretName: gitea-dev.allarddcs.nl-tls

13
dev/gitea/dev/ingressrouteTCP-http.yaml Executable file
View File

@@ -0,0 +1,13 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: gitea-tcp-http
namespace: gitea
spec:
entryPoints:
- web
routes:
- match: HostSNI(`gitea-dev.allarddcs.nl`)
services:
- name: gitea
port: 3000

14
dev/gitea/dev/ingressrouteTCP-ssh.yaml Executable file
View File

@@ -0,0 +1,14 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: gitea-ssh
namespace: gitea
spec:
entryPoints:
- gitea-ssh
routes:
- match: HostSNI(`gitea-dev.allarddcs.nl`)
services:
- name: gitea
port: 22

15
dev/gitea/dev/ingressrouteTCP-tls.yaml Executable file
View File

@@ -0,0 +1,15 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: gitea-tcp-https
namespace: gitea
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`gitea-dev.allarddcs.nl`)
services:
- name: gitea
port: 3000
tls:
passthrough: true

677
dev/gitea/dev/values.yaml Executable file
View File

@@ -0,0 +1,677 @@
# @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
##
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override gitea.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override gitea.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonAnnotations Common annotations to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}
## @param commonLabels Common labels to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
##
extraDeploy: []
## @section Gitea parameters
##
## Bitnami Gitea image version
## ref: https://hub.docker.com/r/bitnami/gitea/tags/
## @param image.registry Gitea image registry
## @param image.repository Gitea Image name
## @param image.tag Gitea Image tag
## @param image.digest Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Gitea image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: docker.io
repository: bitnami/gitea
# tag: 1.19.3-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: false
## @param replicaCount Number of Gitea Pods to run (requires ReadWriteMany PVC support)
##
replicaCount: 1
## @param adminUsername User of the application
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminUsername: admin
## @param adminPassword Application password
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminPassword: "Gitea01@"
## @param adminEmail Admin email
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminEmail: admin@allarddcs.nl
## @param appName Gitea application name
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
appName: gitea
## @param runMode Gitea application host
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
runMode: prod
## @param exposeSSH Make the SSH server accesible
##
exposeSSH: true
## @param rootURL UI Root URL (for link generation)
##
rootURL: ""
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
##
updateStrategy:
type: RollingUpdate
## @param priorityClassName Gitea pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param extraEnvVars Extra environment variables
## For example:
##
extraEnvVars: []
# - name: BEARER_AUTH
# value: true
## @param extraEnvVarsCM ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data)
##
extraEnvVarsSecret: ""
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
##
extraVolumeMounts: []
## @param initContainers Add additional init containers to the pod (evaluated as a template)
##
initContainers: []
## @param sidecars Attach additional containers to the pod (evaluated as a template)
##
sidecars: []
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param existingSecret Name of a secret with the application password
##
existingSecret: ""
## @param existingSecretKey Key inside the existing secret containing the password
##
existingSecretKey: "admin-password"
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea/#smtp-configuration
## @param smtpHost SMTP host
## @param smtpPort SMTP port
## @param smtpUser SMTP user
## @param smtpPassword SMTP password
##
smtpHost: ""
smtpPort: ""
smtpUser: ""
smtpPassword: ""
## @param smtpExistingSecret The name of an existing secret with SMTP credentials
## NOTE: Must contain key `smtp-password`
## NOTE: When it's set, the `smtpPassword` parameter is ignored
##
smtpExistingSecret: ""
## @param containerPorts [object] Container ports
##
containerPorts:
http: 3000
ssh: 2222
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: true
## @param persistence.storageClass PVC Storage Class for Gitea volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessModes PVC Access Mode for Gitea volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for Gitea volume
##
size: 2Gi
## @param persistence.dataSource Custom PVC data source
##
dataSource: {}
## @param persistence.existingClaim A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: "gitea-pvc"
## @param persistence.hostPath If defined, the gitea-data volume will mount to the specified hostPath.
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param persistence.selector Selector to match an existing Persistent Volume for Gitea data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Gitea container's resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## @param resources.requests [object] The requested resources for the init container
## @param resources.limits The resources limits for the init container
##
resources:
limits: {}
requests: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable Gitea pods' Security Context
## @param podSecurityContext.fsGroup Gitea pods' group ID
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enable Gitea containers' Security Context
## @param containerSecurityContext.runAsUser Gitea containers' Security Context
## @param containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
## Configure extra options for startup probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.path Request path for startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /
initialDelaySeconds: 600
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## Configure extra options for liveness probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default liveness and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.path Request path for livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
path: /
initialDelaySeconds: 600
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## Configure extra options for readiness probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default liveness and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.path Request path for readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
path: /
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 5
successThreshold: 1
## @param customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template
##
lifecycleHooks: {}
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Add additional labels to the pod (evaluated as a template)
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @section Traffic Exposure Parameters
##
## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer
##
service:
## @param service.type Kubernetes Service type
##
type: ClusterIP
# type: ClusterIP
## @param service.ports.http Service HTTP port
## @param service.ports.ssh Service SSH port
##
ports:
http: 3000
ssh: 22
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP loadBalancerIP for the Gitea Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.nodePorts [object] Kubernetes node port
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
ssh: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.clusterIP Gitea service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Additional custom annotations for Gitea service
##
annotations: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Configure the ingress resource that allows you to access the
## Gitea installation. Set up the URL
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: true
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: "traefik"
## @param ingress.hostname Default host for the ingress resource
##
hostname: "gitea-dev.allarddcs.nl"
## @param ingress.path The Path to Gitea. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations:
ingress.kubernetes.io/ssl-redirect: 'true'
ingress.kubernetes.io/proxy-body-size: '0'
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/proxy-body-size: '0'
cert-manager.io/cluster-issuer: 'letsencrypt'
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: true
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: gitea.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - gitea.local
## secretName: gitea.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: gitea.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Other Parameters
##
## Service account for Gitea to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for Gitea pod
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: true
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## @section Database parameters
##
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
## @param postgresql.service.ports.postgresql PostgreSQL service port
##
postgresql:
enabled: false
auth:
username: bn_gitea
password: ""
database: bitnami_gitea
existingSecret: ""
architecture: standalone
service:
ports:
postgresql: 5432
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username for JupyterHub
## @param externalDatabase.password Password for the non-root username for JupyterHub
## @param externalDatabase.database JupyterHub database name
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
##
externalDatabase:
host: "postgres14.postgres.svc.cluster.local"
port: 5432
user: gitea
database: gitea
password: "gitea"
# existingSecret: ""
# existingSecretPasswordKey: "POSTGRES_PASSWORD"
## @section Volume Permissions parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## @param volumePermissions.image.registry Init container volume-permissions image registry
## @param volumePermissions.image.repository Init container volume-permissions image name
## @param volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/os-shell
# tag: 11-debian-11-r113
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resources.limits The resources limits for the container
## @param volumePermissions.resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
##
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
##
requests: {}

119
dev/gitea/handmatig/gitea.yaml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: v1
kind: Service
metadata:
name: gitea
namespace: "gitea"
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
spec:
type: ClusterIP
sessionAffinity: None
ports:
- name: http
port: 3000
targetPort: http
nodePort: null
- name: ssh
port: 2222
targetPort: ssh
nodePort: null
selector:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: "gitea"
spec:
selector:
matchLabels:
app.kubernetes.io/name: gitea
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
spec:
containers:
- name: gitea
image: gitea/gitea
env:
- name: GITEA__database__DB_TYPE
value: postgres
- name: GITEA__database__HOST
value: postgres14.postgres:5432
- name: GITEA__database__NAME
value: gitea
- name: GITEA__database__USER
value: gitea
- name: GITEA__database__PASSWD
value: gitea
ports:
- name: http
containerPort: 3000
- name: ssh
containerPort: 2222
volumeMounts:
- name: gitea-data
mountPath: /data
volumes:
- name: gitea-data
persistentVolumeClaim:
claimName: gitea-pvc
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-tls
namespace: gitea
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea-dev.allarddcs.nl`)
kind: Rule
services:
- name: gitea
port: 3000
tls:
certResolver: letsencrypt
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitea-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/gitea
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-pvc
namespace: gitea
spec:
storageClassName: ""
volumeName: gitea-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 2Gi

15
dev/gitea/tekton-triggers/README.md Normal file
View File

@@ -0,0 +1,15 @@
#eventlistener voor gitea installeren:
serviceaccount tekton-robot aanmaken:
kubectl apply -f rbac.yaml
kubectl apply -f gitea-binding.yaml
kubectl apply -f gitea-listener.yaml
kubectl apply -f gitea-pipeline-template.yaml
webhook aanmaken in gitea:
http://el-gitea-listener.default:8080

13
dev/gitea/tekton-triggers/gitea-binding.yaml Executable file
View File

@@ -0,0 +1,13 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-binding
spec:
params:
- name: repo-url
value: $(body.repository.clone_url)
- name: git-revision
# value: $(body.repository.description)
value: $(extensions.image-tag)
- name: image-reference
value: harbor-dev.allarddcs.nl/$(body.repository.full_name):$(extensions.image-tag)

34
dev/gitea/tekton-triggers/gitea-listener.yaml Executable file
View File

@@ -0,0 +1,34 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: gitea-listener
spec:
namespaceSelector: {}
resources: {}
serviceAccountName: tekton-robot
triggers:
- bindings:
- kind: TriggerBinding
ref: gitea-binding
interceptors:
- params:
- name: overlays
value:
# - key: image-tag
# expression: '''harbor-dev.alldcs.nl'''
- key: image-name
expression: '[''harbor-dev.allarddcs.nl'',body.repository.full_name].join(''/'')'
- key: registry
expression: body.repository.description.split('/')[0]
- key: repository
expression: body.repository.description.split('/')[1]
- key: version
expression: body.repository.description.split('/')[2]
- key: image-tag
expression: body.ref.split('/')[2]
ref:
kind: ClusterInterceptor
name: cel
name: gitea-trigger
template:
ref: gitea-pipeline-template

79
dev/gitea/tekton-triggers/gitea-pipeline-template.yaml Executable file
View File

@@ -0,0 +1,79 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: gitea-pipeline-template
spec:
params:
- name: git-revision
description: The git revision (SHA)
default: master
- description: The git repository url
name: repo-url
- name: sonar-project-key
default: olproperties
description: sonar project key
- name: source-to-scan
description: location of th source that sonarqube should scan
default: ./src
- name: image-reference
description: imagename
- name: deptrack-apiKey
description: key to upload sbom to dependency-track
default: odt_UPC8l0R9vzQILZIphSoK15J4u4Ns3HEy
- name: deptrack-projectName
description: projectname in dependency-track
default: olproperties
- name: deptrack-projectVersion
description: projectversion in dependency-track
default: "1.1"
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: openliberty-pipeline-run-
spec:
params:
- name: repo-url
value: $(tt.params.repo-url)
- name: image-reference
value: $(tt.params.image-reference)
- name: git-revision
value: $(tt.params.git-revision)
- name: sonar-project-key
value: $(tt.params.sonar-project-key)
- name: source-to-scan
value: $(tt.params.source-to-scan)
- name: deptrack-apiKey
value: $(tt.params.deptrack-apiKey)
- name: deptrack-projectName
value: $(tt.params.deptrack-projectName)
- name: deptrack-projectVersion
value: $(tt.params.deptrack-projectVersion)
pipelineRef:
name: openliberty-pipeline
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: maven-settings
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- configmap:
name: sonar-properties
name: sonar-settings
- name: registry-credentials
secret:
items:
- key: .dockerconfigjson
path: config.json
secretName: registry-credentials

202
dev/gitea/tekton-triggers/gitea-trigger.yaml Normal file
View File

@@ -0,0 +1,202 @@
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
name: gitea-listener
spec:
namespaceSelector: {}
resources: {}
serviceAccountName: tekton-robot
triggers:
- bindings:
- kind: TriggerBinding
ref: gitea-binding
interceptors:
- params:
- name: overlays
value:
- key: version
expression: body.ref.split('/')[2]
ref:
kind: ClusterInterceptor
name: cel
name: gitea-trigger
template:
ref: gitea-pipeline-template
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
name: gitea-binding
spec:
params:
- name: repo-url
value: $(body.repository.clone_url)
- name: git-revision
value: $(extensions.version)
- name: image-reference
value: harbor-dev.allarddcs.nl/$(body.repository.full_name):$(extensions.version)
# value: harbor-dev.allarddcs.nl/$(body.repository.full_name)
---
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
name: gitea-pipeline-template
spec:
params:
- name: git-revision
description: The git revision
#geen default waarde, komt uit trigger-binding.
- name: repo-url
description: The git repository url
#geen default waarde, komt uit trigger-binding.
- name: maven-mirror-url
description: url van de nexus-server die als proxy dient voor java-libraries
default: 'http://nexus.nexus.svc.cluster.local:8081/repository/maven-public/'
- name: sonar-host-url
description: url van de sonarqube-server
default: "https://sonarqube-dev.allarddcs.nl"
- name: sonar-organization
description: Organisatienaam in sonar waar vulnerabilities onder vallen
default: "allarddcs"
- name: sonar-token
description: authenticatiemiddel voor sonar (komt uit sonar)
default: sqp_214ee7c92e1b82b0d43dd9b1d9462eac8f50434c
- name: sonar-project-key
default: olproperties
description: sonar project key
- name: source-to-scan
description: location of the source that sonarqube should scan
default: ./src
#- name: image-reference
#description: imagename
#geen default waarde, komt uit trigger-binding.
- name: image
description: image
- name: registry
default: harbor-dev.allarddcs.nl
- name: project
default: allard
- name: image-name
default: olproperties
- name: cosign-image-url
default:
- name: tlsverify
description: wel of geen tls gebruiken bij push
default: "true"
- name: deptrack-url
description: url of deptrack api-server
default: https://deptracka-dev.allarddcs.nl
- name: deptrack-apiKey
description: key to upload sbom to dependency-track
default: odt_BRpq4el8T0XqdeunYMnefniaS0n8Yxd8
- name: deptrack-projectName
description: projectname in dependency-track
default: olproperties
- name: deptrack-projectVersion
description: projectversion in dependency-track
default: "1.1"
resourcetemplates:
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: openliberty-pipeline-run-
spec:
params:
- name: repo-url
value: $(tt.params.repo-url)
- name: git-revision
value: $(tt.params.git-revision)
- name: maven-mirror-url
value: $(tt.params.maven-mirror-url)
- name: sonar-host-url
value: $(tt.params.sonar-host-url)
- name: sonar-organization
value: $(tt.params.sonar-organization)
- name: sonar-token
value: $(tt.params.sonar-token)
- name: sonar-project-key
value: $(tt.params.sonar-project-key)
- name: source-to-scan
value: $(tt.params.source-to-scan)
# - name: image-reference
# value: $(tt.params.image-reference)
# - name: image
# value: $(tt.params.registry)/$(tt.params.project)/$(tt.params.image-name):$(tt.params.git-revision)
- name: registry
value: $(tt.params.registry)
- name: project
value: $(tt.params.project)
- name: image-name
value: $(tt.params.image-name)
- name: cosign-image-url
value: $(tt.params.cosign-image-url)
- name: deptrack-url
value: $(tt.params.deptrack-url)
- name: tlsverify
value: $(tt.params.tlsverify)
- name: deptrack-apiKey
value: $(tt.params.deptrack-apiKey)
- name: deptrack-projectName
value: $(tt.params.deptrack-projectName)
- name: deptrack-projectVersion
value: $(tt.params.deptrack-projectVersion)
pipelineRef:
name: openliberty-pipeline
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: maven-settings
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- configmap:
name: sonar-properties
name: sonar-settings
- name: registry-credentials
secret:
items:
- key: .dockerconfigjson
path: config.json
secretName: registry-credentials
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-robot
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: triggers-example-eventlistener-binding
subjects:
- kind: ServiceAccount
name: tekton-robot
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-eventlistener-roles
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: triggers-example-eventlistener-clusterbinding
subjects:
- kind: ServiceAccount
name: tekton-robot
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-eventlistener-clusterroles
---

29
dev/gitea/tekton-triggers/rbac.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-robot
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: triggers-example-eventlistener-binding
subjects:
- kind: ServiceAccount
name: tekton-robot
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-eventlistener-roles
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: triggers-example-eventlistener-clusterbinding
subjects:
- kind: ServiceAccount
name: tekton-robot
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-triggers-eventlistener-clusterroles