add rewrite for gitea nginx ingress host port to https container port

Signed-off-by: Jesse Sanford <[email protected]> update gitea to latest helm chart Signed-off-by: Jesse Sanford <[email protected]> Use CNOE patched gitea Signed-off-by: Jesse Sanford <[email protected]>
cnoe-io · Mar 4, 2024 · d32794c · d32794c
1 parent 988756c
commit d32794c
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 35 deletions.
diff --git a/hack/gitea/generate-manifests.sh b/hack/gitea/generate-manifests.sh
@@ -3,7 +3,7 @@ set -e
 
 INSTALL_YAML="pkg/controllers/localbuild/resources/gitea/k8s/install.yaml"
 GITEA_DIR="./hack/gitea"
-CHART_VERSION="9.5.1"
+CHART_VERSION="10.1.3"
 
 echo "# GITEA INSTALL RESOURCES" > ${INSTALL_YAML}
 echo "# This file is auto-generated with 'hack/gitea/generate-manifests.sh'" >> ${INSTALL_YAML}

diff --git a/hack/gitea/values.yaml b/hack/gitea/values.yaml
@@ -34,4 +34,11 @@ service:
     externalTrafficPolicy: Local
 
 ingress:
+  # NOTE: The ingress is generated in a later step for path based routing feature See: hack/argo-cd/generate-manifests.sh
   enabled: false
+
+image:
+  registry: "ghcr.io"
+  repository: jessesanford/gitea
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "1.21.7-cnoe-patches-rootless"
diff --git a/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml b/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml
@@ -6,21 +6,25 @@ kind: Secret
 metadata:
   name: my-gitea-inline-config
   labels:
-    helm.sh/chart: gitea-9.5.1
+    helm.sh/chart: gitea-10.1.3
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: my-gitea
-    app.kubernetes.io/version: "1.20.5"
-    version: "1.20.5"
+    app.kubernetes.io/version: "1.21.7-cnoe-patches-rootless"
+    version: "1.21.7-cnoe-patches-rootless"
     app.kubernetes.io/managed-by: Helm
 type: Opaque
 stringData:
   _generals_: ""
-  cache: ADAPTER=memory
+  cache: |-
+    ADAPTER=memory
+    HOST=
   database: DB_TYPE=sqlite3
   indexer: ISSUE_INDEXER_TYPE=db
   metrics: ENABLED=false
-  queue: TYPE=level
+  queue: |-
+    CONN_STR=
+    TYPE=level
   repository: ROOT=/data/git/gitea-repositories
   security: INSTALL_LOCK=true
   server: |-
@@ -44,12 +48,12 @@ kind: Secret
 metadata:
   name: my-gitea
   labels:
-    helm.sh/chart: gitea-9.5.1
+    helm.sh/chart: gitea-10.1.3
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: my-gitea
-    app.kubernetes.io/version: "1.20.5"
-    version: "1.20.5"
+    app.kubernetes.io/version: "1.21.7-cnoe-patches-rootless"
+    version: "1.21.7-cnoe-patches-rootless"
     app.kubernetes.io/managed-by: Helm
 type: Opaque
 stringData:
@@ -181,7 +185,7 @@ stringData:
     }
     
     # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
-    env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs
+    env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs
     
     # MUST BE CALLED BEFORE OTHER CONFIGURATION
     env2ini::generate_initial_secrets
@@ -216,12 +220,12 @@ kind: Secret
 metadata:
   name: my-gitea-init
   labels:
-    helm.sh/chart: gitea-9.5.1
+    helm.sh/chart: gitea-10.1.3
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: my-gitea
-    app.kubernetes.io/version: "1.20.5"
-    version: "1.20.5"
+    app.kubernetes.io/version: "1.21.7-cnoe-patches-rootless"
+    version: "1.21.7-cnoe-patches-rootless"
     app.kubernetes.io/managed-by: Helm
 type: Opaque
 stringData:
@@ -260,7 +264,28 @@ stringData:
       exit 1
     }
     function configure_admin_user() {
-      local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}")
+      local full_admin_list=$(gitea admin user list --admin)
+      local actual_user_table=''
+
+      # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
+      local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)"
+      if [[ "${full_admin_list}" =~ $regex ]]; then
+        actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
+      else
+        # This code block should never be reached, as long as the output table header remains the same.
+        # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
+
+        echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users."
+        echo "       Please review the output of 'gitea admin user list --admin' shown below."
+        echo "       If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
+        echo "DEBUG: Output of 'gitea admin user list --admin'"
+        echo "--"
+        echo "${full_admin_list}"
+        echo "--"
+        exit 1
+      fi
+
+      local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}")
       if [[ -z "${ACCOUNT_ID}" ]]; then
         echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
         gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email "[email protected]" --must-change-password=false
@@ -294,12 +319,12 @@ kind: Service
 metadata:
   name: my-gitea-http
   labels:
-    helm.sh/chart: gitea-9.5.1
+    helm.sh/chart: gitea-10.1.3
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: my-gitea
-    app.kubernetes.io/version: "1.20.5"
-    version: "1.20.5"
+    app.kubernetes.io/version: "1.21.7-cnoe-patches-rootless"
+    version: "1.21.7-cnoe-patches-rootless"
     app.kubernetes.io/managed-by: Helm
   annotations:
     {}
@@ -320,12 +345,12 @@ kind: Service
 metadata:
   name: my-gitea-ssh
   labels:
-    helm.sh/chart: gitea-9.5.1
+    helm.sh/chart: gitea-10.1.3
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: my-gitea
-    app.kubernetes.io/version: "1.20.5"
-    version: "1.20.5"
+    app.kubernetes.io/version: "1.21.7-cnoe-patches-rootless"
+    version: "1.21.7-cnoe-patches-rootless"
     app.kubernetes.io/managed-by: Helm
   annotations:
     {}
@@ -349,12 +374,12 @@ metadata:
   name: my-gitea
   annotations:
   labels:
-    helm.sh/chart: gitea-9.5.1
+    helm.sh/chart: gitea-10.1.3
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: my-gitea
-    app.kubernetes.io/version: "1.20.5"
-    version: "1.20.5"
+    app.kubernetes.io/version: "1.21.7-cnoe-patches-rootless"
+    version: "1.21.7-cnoe-patches-rootless"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -370,23 +395,23 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: a727070bdf60a2bb53744cb0893234188ca3917339f231a79454d661720f50b0
+        checksum/config: c9d18a167e70978b5e69aedb88b0f9a079d10e7f4db84626cb7affedcd1c1514
       labels:
-        helm.sh/chart: gitea-9.5.1
+        helm.sh/chart: gitea-10.1.3
         app: gitea
         app.kubernetes.io/name: gitea
         app.kubernetes.io/instance: my-gitea
-        app.kubernetes.io/version: "1.20.5"
-        version: "1.20.5"
+        app.kubernetes.io/version: "1.21.7-cnoe-patches-rootless"
+        version: "1.21.7-cnoe-patches-rootless"
         app.kubernetes.io/managed-by: Helm
     spec:
 
       securityContext:
         fsGroup: 1000
       initContainers:
         - name: init-directories
-          image: "gitea/gitea:1.20.5-rootless"
-          imagePullPolicy: Always
+          image: "ghcr.io/jessesanford/gitea:1.21.7-cnoe-patches-rootless-rootless"
+          imagePullPolicy: IfNotPresent
           command: ["/usr/sbin/init_directory_structure.sh"]
           env:
             - name: GITEA_APP_INI
@@ -413,8 +438,8 @@ spec:
               cpu: 100m
               memory: 128Mi
         - name: init-app-ini
-          image: "gitea/gitea:1.20.5-rootless"
-          imagePullPolicy: Always
+          image: "ghcr.io/jessesanford/gitea:1.21.7-cnoe-patches-rootless-rootless"
+          imagePullPolicy: IfNotPresent
           command: ["/usr/sbin/config_environment.sh"]
           env:
             - name: GITEA_APP_INI
@@ -443,9 +468,9 @@ spec:
               cpu: 100m
               memory: 128Mi
         - name: configure-gitea
-          image: "gitea/gitea:1.20.5-rootless"
+          image: "ghcr.io/jessesanford/gitea:1.21.7-cnoe-patches-rootless-rootless"
           command: ["/usr/sbin/configure_gitea.sh"]
-          imagePullPolicy: Always
+          imagePullPolicy: IfNotPresent
           securityContext:
             runAsUser: 1000
           env:
@@ -485,8 +510,8 @@ spec:
       terminationGracePeriodSeconds: 60
       containers:
         - name: gitea
-          image: "gitea/gitea:1.20.5-rootless"
-          imagePullPolicy: Always
+          image: "ghcr.io/jessesanford/gitea:1.21.7-cnoe-patches-rootless-rootless"
+          imagePullPolicy: IfNotPresent
           env:
             # SSH Port values have to be set here as well for openssh configuration
             - name: SSH_LISTEN_PORT

diff --git a/pkg/kind/resources/kind.yaml.tmpl b/pkg/kind/resources/kind.yaml.tmpl
@@ -20,3 +20,9 @@ nodes:
     hostPort: {{ .HostPort }}
     protocol: TCP
   {{ end }}
+containerdConfigPatches:
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gitea.cnoe.localtest.me:8443"]
+    endpoint = ["https://gitea.cnoe.localtest.me"]
+  [plugins."io.containerd.grpc.v1.cri".registry.configs."gitea.cnoe.localtest.me".tls]
+    insecure_skip_verify = true