commit b79b125e4ad5018410c173ac937b0d5566ebc5a7 Author: Jim Nicholson Date: Thu Oct 28 13:42:52 2021 -0700 Initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..a28b2b8 --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# gitea kubernetes deployment + +Deploys gita with a postgresql database + +## ToDo + ++ Replace literal passwords with https://github.com/mittwald/kubernetes-secret-generator + diff --git a/configuration.yaml b/configuration.yaml new file mode 100644 index 0000000..72de932 --- /dev/null +++ b/configuration.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-config + namespace: gitea + labels: + app: postgres +data: + PGDATA: "/var/lib/postgresql/data" + POSTGRES_DB: "gitea" + POSTGRES_USER: "postgres" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-env + namespace: gitea + labels: + app: gitea +data: + APP_NAME: "Gitea" + USER_UID: "1000" + USER_GID: "1000" + ROOT_URL: "https://git.thejimnicholson.com" + HTTP_PORT: "3000" + DB_TYPE: postgres + DB_HOST: postgres.gitea.svc.cluster.local:5432 + DB_NAME: gitea + DB_USER: postgres diff --git a/deployment.yaml b/deployment.yaml new file mode 100644 index 0000000..d366eb2 --- /dev/null +++ b/deployment.yaml @@ -0,0 +1,97 @@ +--- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: postgres + namespace: gitea + labels: + app: postgres + spec: + selector: + matchLabels: + app: postgres # has to match .spec.template.metadata.labels + tier: postgres + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: postgres + tier: postgres + spec: + containers: + - image: postgres:12 + securityContext: + runAsUser: 1000 + name: postgres +# command: ["chown", "-R", "1000:1000", "/var/lib/postgresql/data"] + envFrom: + - configMapRef: + name: postgres-config + env: + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: gitea-secrets + key: pg_password + ports: + - containerPort: 5432 + name: postgres + volumeMounts: + - name: postgres-persistent-storage + mountPath: /var/lib/postgresql/data + subPath: pgdata + volumes: + - name: postgres-persistent-storage + persistentVolumeClaim: + claimName: postgres-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea + namespace: gitea + labels: + app: gitea +spec: + selector: + matchLabels: + app: gitea + strategy: + #type: Recreate + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: gitea + spec: + containers: + - image: gitea/gitea:1.15.4 + name: gitea + envFrom: + - configMapRef: + name: gitea-env + env: + - name: DB_PASSWD + valueFrom: + secretKeyRef: + name: gitea-secrets + key: pg_password + ports: + - containerPort: 3000 + name: gitea + volumeMounts: + - name: gitea-persistent-storage + mountPath: /data + volumes: + - name: gitea-persistent-storage + persistentVolumeClaim: + claimName: gitea-pvc \ No newline at end of file diff --git a/ingress.yaml b/ingress.yaml new file mode 100644 index 0000000..d686269 --- /dev/null +++ b/ingress.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea-ingress + namespace: gitea + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/redirect-entry-point: https + cert-manager.io/cluster-issuer: http-clusterissuer +spec: + rules: + - host: git.thejimnicholson.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gitea + port: + number: 3000 + tls: + - hosts: + - git.thejimnicholson.com + secretName: git.thejimnicholson.com \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..39169aa --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: gitea +secretGenerator: +- literals: + - pg_password=some1pass5here9 + name: gitea-secrets +generatorOptions: + disableNameSuffixHash: true + labels: + type: generated +resources: +- namespace.yaml +- storage.yaml +- configuration.yaml +- deployment.yaml +- service.yaml +- ingress.yaml diff --git a/namespace.yaml b/namespace.yaml new file mode 100644 index 0000000..6b678c1 --- /dev/null +++ b/namespace.yaml @@ -0,0 +1,5 @@ +--- +kind: Namespace +apiVersion: v1 +metadata: + name: gitea \ No newline at end of file diff --git a/service.yaml b/service.yaml new file mode 100644 index 0000000..b3c7f0d --- /dev/null +++ b/service.yaml @@ -0,0 +1,28 @@ +--- + apiVersion: v1 + kind: Service + metadata: + name: postgres + namespace: gitea + labels: + app: postgres + spec: + ports: + - name: postgres + port: 5432 + targetPort: 5432 + selector: + app: postgres + clusterIP: None +--- + apiVersion: v1 + kind: Service + metadata: + name: gitea + namespace: gitea + spec: + selector: + app: gitea + ports: + - protocol: TCP + port: 3000 \ No newline at end of file diff --git a/storage.yaml b/storage.yaml new file mode 100644 index 0000000..3e7c09a --- /dev/null +++ b/storage.yaml @@ -0,0 +1,68 @@ +--- + apiVersion: v1 + kind: PersistentVolume + metadata: + name: postgres-pv + namespace: gitea + labels: + app: gitea + spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 10.0.96.2 + path: "/volume1/storage/git-database" + claimRef: + namespace: gitea + name: postgres-pvc +--- + apiVersion: v1 + kind: PersistentVolume + metadata: + name: gitea-pv + namespace: gitea + labels: + app: gitea + spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 10.0.96.2 + path: "/volume1/storage/git-repo" + claimRef: + namespace: gitea + name: gitea-pvc +--- + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: postgres-pvc + namespace: gitea + labels: + app: gitea + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: gitea-pvc + namespace: gitea + labels: + app: gitea + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi \ No newline at end of file