Compare commits
2 Commits
f32d574347
...
cd0c3876ed
| Author | SHA1 | Date | |
|---|---|---|---|
| cd0c3876ed | |||
| 26a8867587 |
34
.gitea/workflows/app-continous-deploy.yaml
Normal file
34
.gitea/workflows/app-continous-deploy.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
jobs:
|
||||
continuous-deploy:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: git.limbosolutions.com/kb/gitea/act:latest-network-stack
|
||||
env:
|
||||
GITHUB_TEMP: ${{ runner.temp }} # fix missing GITHUB_TEMP on gitea
|
||||
steps:
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: limbo public actions
|
||||
env:
|
||||
WORKSPACE: "${{ gitea.workspace }}"
|
||||
run: |
|
||||
curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1
|
||||
|
||||
|
||||
# my custom actions https://git.limbosolutions.com/kb/gitea/raw/branch/main
|
||||
- name: Configure kubectl config
|
||||
uses: ./.gitea/limbo_actions/kubectl-setup
|
||||
with:
|
||||
kube_server: ${{ secrets.HOSTING_KUBE_SERVER }}
|
||||
kube_ca_base64: ${{ secrets.HOSTING_KUBE_CA_BASE64 }}
|
||||
kube_token: ${{ secrets.HOSTING_KUBE_TOKEN }}
|
||||
|
||||
@@ -30,7 +30,6 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
|
||||
### Continuous Deploy
|
||||
|
||||
Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-deploy.yaml).
|
||||
kubectl get secret continuous-deploy -o jsonpath='{.data.token}' | base64 -d
|
||||
|
||||
### Infra
|
||||
|
||||
|
||||
@@ -58,7 +58,10 @@ service:
|
||||
port: 2222
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: test
|
||||
|
||||
http:
|
||||
clusterIP: "" # empty string → Kubernetes assigns a routable ClusterIP
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
gitea:
|
||||
admin:
|
||||
username: "???"
|
||||
@@ -126,6 +129,21 @@ gitea:
|
||||
PASSWORD_HASH_ALGO: "???"
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
enabled: true
|
||||
className: traefik
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure, public-https
|
||||
hosts:
|
||||
- host: git.limbosolutions.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: limbosolutions-com-tls
|
||||
hosts:
|
||||
- "git.limbosolutions.com"
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
name: continuous-deploy
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
|
||||
resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints", "serviceaccounts"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
|
||||
|
||||
- apiGroups: ["apps"]
|
||||
@@ -15,6 +15,16 @@ rules:
|
||||
- apiGroups: ["batch"]
|
||||
resources: ["cronjobs", "jobs"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["networkpolicies", "ingresses"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
|
||||
- apiGroups: ["policy"]
|
||||
resources: ["poddisruptionbudgets"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
|
||||
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
||||
@@ -1,53 +0,0 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: git-limbosolutions-com-ssh
|
||||
namespace: git-limbosolutions-com
|
||||
spec:
|
||||
entryPoints:
|
||||
- ssh-git
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: gitea-ssh
|
||||
port: 2222
|
||||
weight: 10
|
||||
terminationDelay: 90000
|
||||
proxyProtocol:
|
||||
version: 1
|
||||
---
|
||||
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: gitea
|
||||
namespace: git-limbosolutions-com
|
||||
labels:
|
||||
helm.sh/chart: gitea-12.4.0
|
||||
app: gitea
|
||||
app.kubernetes.io/name: gitea
|
||||
app.kubernetes.io/instance: gitea
|
||||
app.kubernetes.io/version: "1"
|
||||
version: "1"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
kubernetes.io/ingress.class: "traefik"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure, public-https"
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts:
|
||||
- "git.limbosolutions.com"
|
||||
secretName: limbosolutions-com-tls
|
||||
rules:
|
||||
- host: "git.limbosolutions.com"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: gitea-http
|
||||
port:
|
||||
number: 3000
|
||||
@@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- ingress.yaml
|
||||
- cd-service-account.yaml
|
||||
- cd-service-account-token.yaml
|
||||
- cd-service-account-rbac.yaml
|
||||
|
||||
Reference in New Issue
Block a user