From 29792938256ca0a72b910e5092a2eb6e60101bf8 Mon Sep 17 00:00:00 2001 From: "marcio.fernandes" Date: Sun, 2 Mar 2025 01:33:28 +0000 Subject: [PATCH] moved from docker to kubernetes (k3s) (#14) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Márcio Fernandes Reviewed-on: https://git.limbosolutions.com/limbosolutions.com/git.limbosolutions.com/pulls/14 --- .gitignore | 11 +-- README.md | 49 ++---------- backup/backup-cronjob.yaml | 101 ++++++++++++++++++++++++ backup/gitea-backup-secret-deploy.sh | 8 ++ backup/gitea-backup-secret.yaml | 14 ++++ docker-compose.yml | 61 -------------- gitea/helm-up.sh | 4 + gitea/ssh-ingress.yaml | 17 ++++ gitea/values.yaml | 114 +++++++++++++++++++++++++++ namespace.yaml | 6 ++ 10 files changed, 274 insertions(+), 111 deletions(-) create mode 100644 backup/backup-cronjob.yaml create mode 100755 backup/gitea-backup-secret-deploy.sh create mode 100644 backup/gitea-backup-secret.yaml delete mode 100644 docker-compose.yml create mode 100644 gitea/helm-up.sh create mode 100644 gitea/ssh-ingress.yaml create mode 100644 gitea/values.yaml create mode 100644 namespace.yaml diff --git a/.gitignore b/.gitignore index 9bd7321..1e4d619 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,4 @@ -**.env -_volumes -_volumes -.vscode -*.env -*.env.d/* -localSettings/ +tmp +**.env +**.private.** +**.local.** \ No newline at end of file diff --git a/README.md b/README.md index c5f2a33..a6e7737 100644 --- a/README.md +++ b/README.md @@ -2,51 +2,14 @@ Welcome to public repository of my [Git Server](https://git.limbosolutions.com) -Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server and [duplicati](https://git.limbosolutions.com/kb/duplicati) for backups. +Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server. -- [Requirements](#requirements) -- [Setup](#setup) -- [Backup and Restore](#backup-and-restore) - - [Duplicati - git job Options](#duplicati---git-job-options) - - [Restore Database](#restore-database) -- [Git Action](#git-action) -- [runners](#runners) -- [lxc container - proxmox](#lxc-container---proxmox) - - [act tunner](#act-tunner) +## gitea helm chart -## Requirements - -- Docker -- Docker Compose -- Portainer (optional) - -## Setup - -[Docker Compose File](docker-compose.yaml) - -## Backup and Restore - -Using [custom duplicati image](https://git.limbosolutions.com/kb/duplicati) to daily backups files and database with custom logs for grafana. - -Docker Log. - ---run-script-after=dockerlog - -### Duplicati - git job Options - -Create db dump. - -run-script-before-required:duplicati-mysql-backup - -### Restore Database - -```bash -#select a file to import -ls /db-dumps -#select a file to import -DB_FILE= "file name to import" -mysql --host db -uroot -p ${MYSQL_DATABASE} < /db-dumps/$DB_FILE -#root password (root password is the enviromnent variable ${MYSQL_ROOT_PASSWORD}) +``` yaml +helm repo add gitea-charts https://dl.gitea.com/charts/ +helm repo update +helm upgrade --install gitea gitea-charts/gitea -f ./values.yaml -f ./values.private.yml --namespace=git-limbosolutions-com ``` ## Git Action diff --git a/backup/backup-cronjob.yaml b/backup/backup-cronjob.yaml new file mode 100644 index 0000000..baf1260 --- /dev/null +++ b/backup/backup-cronjob.yaml @@ -0,0 +1,101 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: gitea-backup + namespace: git-limbosolutions-com +spec: + schedule: "0 1 * * *" + jobTemplate: + spec: + backoffLimit: 1 + template: + spec: + restartPolicy: Never + initContainers: + - name: postgres-export + image: postgres:latest + command: ["sh", "-c"] + args: + - | + echo "INFO: Starting export" + . /run/database-access-secret/database + export PGPASSWORD=$PASSWD + echo "INFO: Exporting database" + pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql + if [ $? -ne 0 ]; then + echo "ERROR: Exporting database failed" + exit 1 + fi + echo "INFO: Exporting database finished" + + volumeMounts: + - name: db-postgresql-data + mountPath: /var/lib/postgresql/data + + - name: backup-run-data + mountPath: /data/postgresql-export + subPath: postgresql-export + + - name: database-access-secret + mountPath: /run/database-access-secret + readOnly: true + + containers: + - name: gitea-pbs-client + image: git.limbosolutions.com/kb/pbsclient + env: + - name: MODE + value: shell + - name: PBS_REPOSITORY + valueFrom: + secretKeyRef: + name: gitea-backup-secret + key: PBS_REPOSITORY + - name: PBS_PASSWORD + valueFrom: + secretKeyRef: + name: gitea-backup-secret + key: PBS_PASSWORD + - name: PBS_FINGERPRINT + valueFrom: + secretKeyRef: + name: gitea-backup-secret + key: PBS_FINGERPRINT + + command: ["bash", "-c"] + args: + - | + proxmox-backup-client backup gitea-data.pxar:/data/gitea-data postgresql-data.pxar:/data/postgresql-data postgresql-export.pxar:/data/postgresql-export --include-dev /data/postgresql-data --include-dev /data/postgresql-export --include-dev /data/gitea-data --backup-id "gitea-full" -ns git.limbosolutions.com + echo "INFO: git.limbosolutions.com finished" + + volumeMounts: + - name: gitea-shared-storage + mountPath: /data/gitea-data + + - name: db-postgresql-data + mountPath: /data/postgresql-data + + - name: backup-run-data + mountPath: /data/postgresql-export + subPath: postgresql-export + + - name: backup-run-data + mountPath: /tmp + subPath: tmp + + + volumes: + - name: gitea-shared-storage + persistentVolumeClaim: + claimName: gitea-shared-storage + + - name: db-postgresql-data + persistentVolumeClaim: + claimName: data-gitea-postgresql-0 + + - name: backup-run-data + emptyDir: {} + + - name: database-access-secret + secret: + secretName: gitea-inline-config \ No newline at end of file diff --git a/backup/gitea-backup-secret-deploy.sh b/backup/gitea-backup-secret-deploy.sh new file mode 100755 index 0000000..2cd37b8 --- /dev/null +++ b/backup/gitea-backup-secret-deploy.sh @@ -0,0 +1,8 @@ +#/bin/bash + +# set source env variables +. ./.env +export $(cut -d= -f1 ./.env) + + +envsubst < secret.yaml | kubectl apply -f - \ No newline at end of file diff --git a/backup/gitea-backup-secret.yaml b/backup/gitea-backup-secret.yaml new file mode 100644 index 0000000..9164fde --- /dev/null +++ b/backup/gitea-backup-secret.yaml @@ -0,0 +1,14 @@ + +apiVersion: v1 +kind: Secret +metadata: + name: gitea-backup-secret + namespace: git-limbosolutions-com +data: + PBS_REPOSITORY: ${PBS_REPOSITORY} + PBS_PASSWORD: ${PBS_PASSWORD} + PBS_FINGERPRINT: ${PBS_FINGERPRINT} + DB_USER: ${DB_USER} + DB_PASSWORD: ${DB_PASSWORD} + DB_NAME: ${DB_NAME} + DB_HOST: ${DB_HOST} diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index c3ad29b..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,61 +0,0 @@ -version: "3" -services: - app: - image: gitea/gitea:1 - container_name: git_limbosolutions_com-gitea - environment: - - GITEA__database__DB_TYPE=mysql - - GITEA__database__HOST=db:3306 - - GITEA__database__NAME=${DB_NAME} - - GITEA__database__USER=${DB_USER} - - GITEA__database__PASSWD=${DB_PASSWORD} - restart: unless-stopped - volumes: - - data:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - networks: - - gitea - - wan_reverse_proxy_public - db: - image: mysql:8 - networks: - - gitea - restart: unless-stopped - environment: - - MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD} - - MYSQL_USER=${DB_USER} - - MYSQL_PASSWORD=${DB_PASSWORD} - - MYSQL_DATABASE=${DB_NAME} - volumes: - - db:/var/lib/mysql - - /etc/timezone:/etc/timezone:ro - - db-dumps:/db-dumps:ro - duplicati: - image: git.limbosolutions.com/kb/duplicati:mysql-latest - container_name: git_limbosolutions_com-duplicati - networks: - - gitea - - wan_reverse_proxy_public - environment: - - MYSQL_HOST=db - - MYSQL_DATABASE=${DB_NAME} - - MYSQL_USER=${DB_USER} - - MYSQL_PASSWORD=${DB_PASSWORD} - - MYSQL_BACKUP_FOLDER=/bck/db-dumps - volumes: - - duplicati-data:/data - - duplicati-data:/bck/duplicati-data:ro - - data:/bck/data:ro - - db:/bck/db:ro - - db-dumps:/bck/db-dumps - restart: unless-stopped -volumes: - duplicati-data: - data: - db: - db-dumps: -networks: - gitea: - wan_reverse_proxy_public: - external: true \ No newline at end of file diff --git a/gitea/helm-up.sh b/gitea/helm-up.sh new file mode 100644 index 0000000..ef0014c --- /dev/null +++ b/gitea/helm-up.sh @@ -0,0 +1,4 @@ +helm upgrade --install gitea gitea-charts/gitea \ +-f ./values.yaml \ +-f ./values.private.yml \ +--namespace=git-limbosolutions-com diff --git a/gitea/ssh-ingress.yaml b/gitea/ssh-ingress.yaml new file mode 100644 index 0000000..bf24113 --- /dev/null +++ b/gitea/ssh-ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: git-limbosolutions-com-ssh-ingress + namespace: git-limbosolutions-com +spec: + entryPoints: + - ssh-git + routes: + - match: HostSNI(`*`) + services: + - name: gitea-ssh + port: 2222 + weight: 10 + terminationDelay: 90000 + proxyProtocol: + version: 1 \ No newline at end of file diff --git a/gitea/values.yaml b/gitea/values.yaml new file mode 100644 index 0000000..d7c898c --- /dev/null +++ b/gitea/values.yaml @@ -0,0 +1,114 @@ +image: + registry: "" + repository: gitea/gitea + imagePullPolicy: Always + tag: "1" +redis-cluster: + enabled: false + +redis: + enabled: true + +postgresql: + enabled: true + global: + postgresql: + auth: + postgresPassword: "???" + password: "???" + database: "???" + username: "???" + service: + ports: + postgresql: "???" + primary: + persistence: + size: 10Gi + metrics: + enabled: true + + +postgresql-ha: + enabled: false + +persistence: + enabled: true +service: + ssh: + enabled: true + port: 2222 + annotations: + metallb.universe.tf/allow-shared-ip: test + +gitea: + + admin: + username: "???" + password: "???" + email: "???" + config: + actions: + ENABLED: true + database: + DB_TYPE: postgres + indexer: + ISSUE_INDEXER_TYPE: bleve + REPO_INDEXER_ENABLED: true + picture: + AVATAR_UPLOAD_PATH: /data/avatars + server: + DOMAIN: git.limbosolutions.com + SSH_DOMAIN: git.limbosolutions.com + #HTTP_PORT: 3000 + ROOT_URL: https://git.limbosolutions.com + DISABLE_SSH: false + SSH_PORT: 2222 + SSH_LISTEN_PORT: 2222 + LFS_START_SERVER: true + START_SSH_SERVER: true + LFS_PATH: /data/git/lfs + #LFS_JWT_SECRET: "???" + OFFLINE_MODE: false + #MFF 03/08/2024 + REPO_INDEXER_ENABLED: true + REPO_INDEXER_PATH: indexers/repos.bleve + MAX_FILE_SIZE: 1048576 + REPO_INDEXER_INCLUDE: + REPO_INDEXER_EXCLUDE: resources/bin/** + #### + SERVICE: + DISABLE_REGISTRATION: true + REQUIRE_SIGNIN_VIEW: false + REGISTER_EMAIL_CONFIRM: false + ENABLE_NOTIFY_MAIL: false + ALLOW_ONLY_EXTERNAL_REGISTRATION: false + ENABLE_CAPTCHA: true + DEFAULT_KEEP_EMAIL_PRIVATE : false + DEFAULT_ALLOW_CREATE_ORGANIZATION: true + DEFAULT_ENABLE_TIMETRACKING: true + NO_REPLY_ADDRESS: noreply.localhost + + mailer: + ENABLED: false + + openid: + ENABLE_OPENID_SIGNIN: true + ENABLE_OPENID_SIGNUP: true + + +ingress: + enabled: true + className: traefik + annotations: + kubernetes.io/ingress.class: traefik + hosts: + - host: git.limbosolutions.com + paths: + - path: / + pathType: Prefix + tls: + - secretName: limbosolutions-com-secret-tls + hosts: + - "git.limbosolutions.com" + + diff --git a/namespace.yaml b/namespace.yaml new file mode 100644 index 0000000..2493f59 --- /dev/null +++ b/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: git-limbosolutions-com + labels: + name: git-limbosolutions-com \ No newline at end of file