diff options
Diffstat (limited to '')
| -rwxr-xr-x | grumpy/gitolite/Chart.yaml | 14 | ||||
| -rw-r--r-- | grumpy/gitolite/README.md | 116 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/NOTES.txt | 1 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/_helpers.tpl | 26 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/git-pvc.yaml | 24 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/gitolite-deployment.yaml | 96 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/gitolite-ingress.yaml | 22 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/gitolite-networkpolicy.yaml | 14 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/gitolite-svc.yaml | 31 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/ssh-keys-pvc.yaml | 24 | ||||
| -rw-r--r-- | grumpy/gitolite/values.yaml | 96 |
11 files changed, 464 insertions, 0 deletions
diff --git a/grumpy/gitolite/Chart.yaml b/grumpy/gitolite/Chart.yaml new file mode 100755 index 0000000..83da0ff --- /dev/null +++ b/grumpy/gitolite/Chart.yaml @@ -0,0 +1,14 @@ +name: gitolite +home: http://gitolite.com +version: 0.0.1 +appVersion: 3.6.11 +description: Hosting git repositories -- Gitolite allows you to setup git hosting on + a central server, with very fine-grained access control and many (many!) more + powerful features. +sources: +- https://github.com/sitaramc/gitolite +- https://github.com/jgiannuzzi/docker-gitolite +maintainers: +- name: amiga23 + email: amiga@scheller.es +#icon: https://gitolite.com/logo.png diff --git a/grumpy/gitolite/README.md b/grumpy/gitolite/README.md new file mode 100644 index 0000000..f44f05f --- /dev/null +++ b/grumpy/gitolite/README.md @@ -0,0 +1,116 @@ +# Gitolite Helm Chart + +Gitolite to be used in a kubernetes cluster + +Hosting git repositories -- Gitolite allows you to setup git hosting on +a central server, with very fine-grained access control and many (many!) more +powerful features. + +* http://gitolite.com + +Using the docker image created by jgiannuzzi +* https://hub.docker.com/r/jgiannuzzi/gitolite/ + +## Chart Details +This chart will do the following: + +* Installs gitolite with port 22 exposed +* Installs your public key as administrator + +## Installing the Chart + +To install the chart: + +```bash +$ helm install --set SSH_KEY="$(cat ~/.ssh/id_rsa.pub)" --set SSH_KEY_NAME="$(whoami)" gitolite +``` + +## Configuration + +The following tables lists the configurable parameters of the chart and their default values. + +| Parameter | Description | Default | +| -------------------------- | ------------------------------------ | ---------------------------------------------------------------------------- | +| `SSH_KEY` | Public key of admin | `` | +| `SSH_KEY_NAME` | Admin user name | `admin` | +| `Name` | Name | `gitolite` | +| `Image` | Image name | `jgiannuzzi/gitolite` | +| `ImageTag` | Image tag | `latest` | +| `ImagePullPolicy` | Image pull policy | `IfNotPresent` | +| `Component` | k8s selector key | `gitolite` | +| `Cpu` | Requested cpu | `200m` | +| `Memory` | Requested memory | `256Mi` | +| `ServiceType` | k8s service type | `LoadBalancer` | +| `ServicePort` | k8s service port | `22` | +| `NodePort` | k8s node port | Not set | +| `ContainerPort` | Listening port | `22` | +| `LoadBalancerSourceRanges` | Allowed inbound IP addresses | `0.0.0.0/0` | +| `LoadBalancerIP` | Optional fixed external IP | Not set | +| `Ingress.Annotations` | Ingress annotations | `{}` | +| `Ingress.TLS` | Ingress TLS configuration | `[]` | +| `NodeSelector` | Node labels for pod assignment | `{}` | +| `Tolerations` | Toleration labels for pod assignment | `{}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --set SSH_KEY="$(cat ~/.ssh/id_rsa.pub)" --set SSH_KEY_NAME="$(whoami)" -f values.yaml gitolite +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## NetworkPolicy + +To make use of the NetworkPolicy resources created by default, +install [a networking plugin that implements the Kubernetes +NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin). + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting +the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + + kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" + +## Persistence + +The Gitolite image stores persistence under `/var/lib/git` path of the container. A dynamically managed Persistent Volume +Claim is used to keep the data across deployments, by default. This is known to work in GCE, AWS, and minikube. Alternatively, +a previously configured Persistent Volume Claim can be used. + +It is possible to mount several volumes using `Persistence.volumes` and `Persistence.mounts` parameters. + +### Persistence Values for ssh-keys of openssh server + +| Parameter | Description | Default | +| ----------------------------------- | ------------------------- | --------------- | +| `Persistence.SshKeys.Enabled` | Enable the use of a PVC | `true` | +| `Persistence.SshKeys.ExistingClaim` | Provide the name of a PVC | `nil` | +| `Persistence.SshKeys.AccessMode` | The PVC access mode | `ReadWriteOnce` | +| `Persistence.SshKeys.Size` | The size of the PVC | `1Gi` | + +### Persistence Values for git repository + +| Parameter | Description | Default | +| ------------------------------- | ------------------------- | --------------- | +| `Persistence.Git.Enabled` | Enable the use of a PVC | `true` | +| `Persistence.Git.ExistingClaim` | Provide the name of a PVC | `nil` | +| `Persistence.Git.AccessMode` | The PVC access mode | `ReadWriteOnce` | +| `Persistence.Git.Size` | The size of the PVC | `8Gi` | + +### Additional volumes/mounts + +| Parameter | Description | Default | +| ----------------------------| ------------------------- | --------------- | +| `Persistence.volumes` | Additional volumes | `nil` | +| `Persistence.mounts` | Additional mounts | `nil` | + +#### Existing PersistentVolumeClaim + +1. Create the PersistentVolume +1. Create the PersistentVolumeClaim +1. Install the chart +```bash +$ helm install --name my-release --set Persistence.ExistingClaim=PVC_NAME gitolite +``` + diff --git a/grumpy/gitolite/templates/NOTES.txt b/grumpy/gitolite/templates/NOTES.txt new file mode 100644 index 0000000..a965a70 --- /dev/null +++ b/grumpy/gitolite/templates/NOTES.txt @@ -0,0 +1 @@ +Done diff --git a/grumpy/gitolite/templates/_helpers.tpl b/grumpy/gitolite/templates/_helpers.tpl new file mode 100644 index 0000000..b2da145 --- /dev/null +++ b/grumpy/gitolite/templates/_helpers.tpl @@ -0,0 +1,26 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gitolite.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "gitolite.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "gitolite.claimname.ssh-keys" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s-ssh-keys" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "gitolite.claimname.git" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s-git" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/grumpy/gitolite/templates/git-pvc.yaml b/grumpy/gitolite/templates/git-pvc.yaml new file mode 100644 index 0000000..8d10d3e --- /dev/null +++ b/grumpy/gitolite/templates/git-pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.Persistence.Git.Enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "gitolite.claimname.git" . }} + labels: + app: {{ template "gitolite.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.Persistence.Git.AccessMode | quote }} + resources: + requests: + storage: {{ .Values.Persistence.Git.Size | quote }} +{{- if .Values.Persistence.Git.StorageClass }} +{{- if (eq "-" .Values.Persistence.Git.StorageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.Persistence.Git.StorageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/grumpy/gitolite/templates/gitolite-deployment.yaml b/grumpy/gitolite/templates/gitolite-deployment.yaml new file mode 100644 index 0000000..14aceaa --- /dev/null +++ b/grumpy/gitolite/templates/gitolite-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "gitolite.fullname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Release.Name }}-{{ .Values.Name }}" +spec: + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: + component: "{{ .Release.Name }}-{{ .Values.Component }}" + template: + metadata: + labels: + app: {{ template "gitolite.fullname" . }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Release.Name }}-{{ .Values.Component }}" + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.NodeSelector }} + nodeSelector: +{{ toYaml .Values.NodeSelector | indent 8 }} + {{- end }} + {{- if .Values.Tolerations }} + tolerations: +{{ toYaml .Values.Tolerations | indent 8 }} + {{- end }} + containers: + - name: {{ template "gitolite.fullname" . }} + image: "{{ .Values.Image }}:{{ .Values.ImageTag }}" + #command: + # - tail + # - -f + # - /dev/null + + imagePullPolicy: "{{ .Values.ImagePullPolicy }}" + env: + - name: SSH_KEY + value: "{{ default "" .Values.SSH_KEY}}" + - name: SSH_KEY_NAME + value: "{{ default "admin" .Values.SSH_KEY_NAME}}" + - name: UMASK + value: "0027" + ports: + - containerPort: {{ .Values.ContainerPort }} + name: ssh + resources: + requests: + cpu: "{{ .Values.Cpu }}" + memory: "{{ .Values.Memory }}" + volumeMounts: +{{- if .Values.Persistence.mounts }} +{{ toYaml .Values.Persistence.mounts | indent 12 }} +{{- end }} + - + mountPath: /etc/ssh/keys + name: gitolite-ssh-keys + readOnly: false + - + mountPath: /var/lib/git + name: gitolite-git + readOnly: false + initContainers: + - name: setup + image: busybox + command: + - "chmod" + - "755" + - "/var/lib/git" + volumeMounts: + - + mountPath: /var/lib/git + name: gitolite-git + readOnly: false + volumes: + - name: gitolite-ssh-keys + persistentVolumeClaim: + claimName: {{ .Values.Persistence.SshKeys.ExistingClaim | default (include "gitolite.claimname.ssh-keys" .) }} + - name: gitolite-git + {{- if .Values.Persistence.Git.ExistingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.Persistence.Git.ExistingClaim | default (include "gitolite.claimname.git" .) }} + {{- else }} + emptyDir: {} + {{- end -}} + diff --git a/grumpy/gitolite/templates/gitolite-ingress.yaml b/grumpy/gitolite/templates/gitolite-ingress.yaml new file mode 100644 index 0000000..e6bf450 --- /dev/null +++ b/grumpy/gitolite/templates/gitolite-ingress.yaml @@ -0,0 +1,22 @@ +{{- if .Values.HostName }} +apiVersion: {{ .Values.NetworkPolicy.ApiVersion }} +kind: Ingress +metadata: +{{- if .Values.Ingress.Annotations }} + annotations: +{{ toYaml .Values.Ingress.Annotations | indent 4 }} +{{- end }} + name: {{ template "gitolite.fullname" . }} +spec: + rules: + - host: {{ .Values.HostName | quote }} + http: + paths: + - backend: + serviceName: {{ template "gitolite.fullname" . }} + servicePort: {{ .Values.ServicePort }} +{{- if .Values.Ingress.TLS }} + tls: +{{ toYaml .Values.Ingress.TLS | indent 4 }} +{{- end -}} +{{- end }} diff --git a/grumpy/gitolite/templates/gitolite-networkpolicy.yaml b/grumpy/gitolite/templates/gitolite-networkpolicy.yaml new file mode 100644 index 0000000..23b4180 --- /dev/null +++ b/grumpy/gitolite/templates/gitolite-networkpolicy.yaml @@ -0,0 +1,14 @@ +{{- if .Values.NetworkPolicy.Enabled }} +kind: NetworkPolicy +apiVersion: {{ .Values.NetworkPolicy.ApiVersion }} +metadata: + name: "{{ .Release.Name }}-{{ .Values.Component }}" +spec: + podSelector: + matchLabels: + component: "{{ .Release.Name }}-{{ .Values.Component }}" + ingress: + # Allow web access to the UI + - ports: + - port: {{ .Values.ContainerPort }} +{{- end }} diff --git a/grumpy/gitolite/templates/gitolite-svc.yaml b/grumpy/gitolite/templates/gitolite-svc.yaml new file mode 100644 index 0000000..eec57da --- /dev/null +++ b/grumpy/gitolite/templates/gitolite-svc.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{template "gitolite.fullname" . }} + labels: + app: {{ template "gitolite.fullname" . }} + heritage: {{.Release.Service | quote }} + release: {{.Release.Name | quote }} + chart: "{{.Chart.Name}}-{{.Chart.Version}}" + component: "{{.Release.Name}}-{{.Values.Component}}" +{{- if .Values.ServiceAnnotations }} + annotations: +{{ toYaml .Values.ServiceAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: {{.Values.ServicePort}} + name: http + targetPort: {{.Values.ContainerPort}} + {{if (and (eq .Values.ServiceType "NodePort") (not (empty .Values.NodePort)))}} + nodePort: {{.Values.NodePort}} + {{end}} + selector: + component: "{{.Release.Name}}-{{.Values.Component}}" + type: {{.Values.ServiceType}} + {{if eq .Values.ServiceType "LoadBalancer"}} + loadBalancerSourceRanges: {{.Values.LoadBalancerSourceRanges}} + {{if .Values.LoadBalancerIP}} + loadBalancerIP: {{.Values.LoadBalancerIP}} + {{end}} + {{end}} diff --git a/grumpy/gitolite/templates/ssh-keys-pvc.yaml b/grumpy/gitolite/templates/ssh-keys-pvc.yaml new file mode 100644 index 0000000..02d59f3 --- /dev/null +++ b/grumpy/gitolite/templates/ssh-keys-pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.Persistence.SshKeys.Enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "gitolite.claimname.ssh-keys" . }} + labels: + app: {{ template "gitolite.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.Persistence.SshKeys.AccessMode | quote }} + resources: + requests: + storage: {{ .Values.Persistence.SshKeys.Size | quote }} +{{- if .Values.Persistence.SshKeys.StorageClass }} +{{- if (eq "-" .Values.Persistence.SshKeys.StorageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.Persistence.SshKeys.StorageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/grumpy/gitolite/values.yaml b/grumpy/gitolite/values.yaml new file mode 100644 index 0000000..e2cfe19 --- /dev/null +++ b/grumpy/gitolite/values.yaml @@ -0,0 +1,96 @@ +# Default values for gitolite. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +Name: gitolite +Image: "registry.gitlab.com/grumps/grumpy-containers/gitolite" +ImageTag: "v0.0.4" +ImagePullPolicy: "Always" +Component: "gitolite" +imagePullSecrets: + - name: gitlabsec +Cpu: "200m" +Memory: "256Mi" +ServicePort: 22 +# For minikube, set this to NodePort, elsewhere use LoadBalancer +# Use ClusterIP if your setup includes ingress controller +ServiceType: LoadBalancer +ServiceAnnotations: {} + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https +# Used to create Ingress record (should used with ServiceType: ClusterIP) +# HostName: gitolite.cluster.local +# NodePort: <to set explicitly, choose port between 30000-32767 +ContainerPort: 22 +LoadBalancerSourceRanges: +- 0.0.0.0/0 +# Optionally assign a known public LB IP +# LoadBalancerIP: 1.2.3.4 +# Node labels and tolerations for pod assignment +# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature +NodeSelector: {} +Tolerations: {} + +Ingress: + Annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + TLS: + # - secretName: gitolite.cluster.local + # hosts: + # - gitolite.cluster.local + +Persistence: + SshKeys: + Enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires Persistence.Enabled: true + ## If defined, PVC must be created manually before volume will be bound + # ExistingClaim: + + ## Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # StorageClass: "-" + + AccessMode: ReadWriteOnce + Size: 1Gi + Git: + Enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires Persistence.Enabled: true + ## If defined, PVC must be created manually before volume will be bound + # ExistingClaim: + + ## Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # StorageClass: "-" + + AccessMode: ReadWriteOnce + Size: 8Gi + volumes: +# - name: nothing +# emptyDir: {} + mounts: +# - mountPath: /var/nothing +# name: nothing +# readOnly: true + +NetworkPolicy: + # Enable creation of NetworkPolicy resources. + Enabled: false + # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' + # For Kubernetes v1.7, use 'networking.k8s.io/v1' + ApiVersion: 'networking.k8s.io/v1' + |