diff options
Diffstat (limited to '')
| -rw-r--r--[-rwxr-xr-x] | grumpy/gitolite/Kube-descriptor.yaml (renamed from grumpy/gitolite/Chart.yaml) | 17 | ||||
| -rw-r--r-- | grumpy/gitolite/README.md | 116 | ||||
| -rw-r--r-- | grumpy/gitolite/gitolite-gitolite-deploy.yaml | 64 | ||||
| -rw-r--r-- | grumpy/gitolite/gitolite-gitolite-svc.yaml | 12 | ||||
| -rw-r--r-- | grumpy/gitolite/kustomization.yaml | 20 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/NOTES.txt | 1 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/_helpers.tpl | 26 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/gitolite-deployment.yaml | 89 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/gitolite-ingress.yaml | 22 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/gitolite-networkpolicy.yaml | 14 | ||||
| -rw-r--r-- | grumpy/gitolite/templates/gitolite-svc.yaml | 22 | ||||
| -rw-r--r-- | grumpy/gitolite/values.yaml | 96 |
12 files changed, 104 insertions, 395 deletions
diff --git a/grumpy/gitolite/Chart.yaml b/grumpy/gitolite/Kube-descriptor.yaml index 83da0ff..7db65ca 100755..100644 --- a/grumpy/gitolite/Chart.yaml +++ b/grumpy/gitolite/Kube-descriptor.yaml @@ -1,14 +1,13 @@ -name: gitolite -home: http://gitolite.com -version: 0.0.1 appVersion: 3.6.11 -description: Hosting git repositories -- Gitolite allows you to setup git hosting on - a central server, with very fine-grained access control and many (many!) more +description: Hosting git repositories -- Gitolite allows you to setup git hosting + on a central server, with very fine-grained access control and many (many!) more powerful features. +home: http://gitolite.com +maintainers: +- email: amiga@scheller.es + name: amiga23 +name: gitolite sources: - https://github.com/sitaramc/gitolite - https://github.com/jgiannuzzi/docker-gitolite -maintainers: -- name: amiga23 - email: amiga@scheller.es -#icon: https://gitolite.com/logo.png +version: 0.0.1 diff --git a/grumpy/gitolite/README.md b/grumpy/gitolite/README.md deleted file mode 100644 index f44f05f..0000000 --- a/grumpy/gitolite/README.md +++ /dev/null @@ -1,116 +0,0 @@ -# Gitolite Helm Chart - -Gitolite to be used in a kubernetes cluster - -Hosting git repositories -- Gitolite allows you to setup git hosting on -a central server, with very fine-grained access control and many (many!) more -powerful features. - -* http://gitolite.com - -Using the docker image created by jgiannuzzi -* https://hub.docker.com/r/jgiannuzzi/gitolite/ - -## Chart Details -This chart will do the following: - -* Installs gitolite with port 22 exposed -* Installs your public key as administrator - -## Installing the Chart - -To install the chart: - -```bash -$ helm install --set SSH_KEY="$(cat ~/.ssh/id_rsa.pub)" --set SSH_KEY_NAME="$(whoami)" gitolite -``` - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -| -------------------------- | ------------------------------------ | ---------------------------------------------------------------------------- | -| `SSH_KEY` | Public key of admin | `` | -| `SSH_KEY_NAME` | Admin user name | `admin` | -| `Name` | Name | `gitolite` | -| `Image` | Image name | `jgiannuzzi/gitolite` | -| `ImageTag` | Image tag | `latest` | -| `ImagePullPolicy` | Image pull policy | `IfNotPresent` | -| `Component` | k8s selector key | `gitolite` | -| `Cpu` | Requested cpu | `200m` | -| `Memory` | Requested memory | `256Mi` | -| `ServiceType` | k8s service type | `LoadBalancer` | -| `ServicePort` | k8s service port | `22` | -| `NodePort` | k8s node port | Not set | -| `ContainerPort` | Listening port | `22` | -| `LoadBalancerSourceRanges` | Allowed inbound IP addresses | `0.0.0.0/0` | -| `LoadBalancerIP` | Optional fixed external IP | Not set | -| `Ingress.Annotations` | Ingress annotations | `{}` | -| `Ingress.TLS` | Ingress TLS configuration | `[]` | -| `NodeSelector` | Node labels for pod assignment | `{}` | -| `Tolerations` | Toleration labels for pod assignment | `{}` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --set SSH_KEY="$(cat ~/.ssh/id_rsa.pub)" --set SSH_KEY_NAME="$(whoami)" -f values.yaml gitolite -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## NetworkPolicy - -To make use of the NetworkPolicy resources created by default, -install [a networking plugin that implements the Kubernetes -NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin). - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting -the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - - kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" - -## Persistence - -The Gitolite image stores persistence under `/var/lib/git` path of the container. A dynamically managed Persistent Volume -Claim is used to keep the data across deployments, by default. This is known to work in GCE, AWS, and minikube. Alternatively, -a previously configured Persistent Volume Claim can be used. - -It is possible to mount several volumes using `Persistence.volumes` and `Persistence.mounts` parameters. - -### Persistence Values for ssh-keys of openssh server - -| Parameter | Description | Default | -| ----------------------------------- | ------------------------- | --------------- | -| `Persistence.SshKeys.Enabled` | Enable the use of a PVC | `true` | -| `Persistence.SshKeys.ExistingClaim` | Provide the name of a PVC | `nil` | -| `Persistence.SshKeys.AccessMode` | The PVC access mode | `ReadWriteOnce` | -| `Persistence.SshKeys.Size` | The size of the PVC | `1Gi` | - -### Persistence Values for git repository - -| Parameter | Description | Default | -| ------------------------------- | ------------------------- | --------------- | -| `Persistence.Git.Enabled` | Enable the use of a PVC | `true` | -| `Persistence.Git.ExistingClaim` | Provide the name of a PVC | `nil` | -| `Persistence.Git.AccessMode` | The PVC access mode | `ReadWriteOnce` | -| `Persistence.Git.Size` | The size of the PVC | `8Gi` | - -### Additional volumes/mounts - -| Parameter | Description | Default | -| ----------------------------| ------------------------- | --------------- | -| `Persistence.volumes` | Additional volumes | `nil` | -| `Persistence.mounts` | Additional mounts | `nil` | - -#### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart -```bash -$ helm install --name my-release --set Persistence.ExistingClaim=PVC_NAME gitolite -``` - diff --git a/grumpy/gitolite/gitolite-gitolite-deploy.yaml b/grumpy/gitolite/gitolite-gitolite-deploy.yaml new file mode 100644 index 0000000..825f863 --- /dev/null +++ b/grumpy/gitolite/gitolite-gitolite-deploy.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitolite-gitolite +spec: + replicas: 1 + selector: + matchLabels: + component: gitolite-gitolite + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: gitolite-gitolite + component: gitolite-gitolite + spec: + containers: + - args: + - sshd + env: + - name: SSH_KEY + value: "" + - name: SSH_KEY_NAME + value: admin + - name: UMASK + value: "0027" + image: registry.gitlab.com/grumps/grumpy-containers/gitolite:v0.0.4 + imagePullPolicy: Always + name: gitolite-gitolite + ports: + - containerPort: 22 + name: ssh + resources: + requests: + cpu: 200m + memory: 256Mi + volumeMounts: + - mountPath: /etc/ssh/keys + name: gitolite-ssh-keys + readOnly: false + - mountPath: /var/lib/git + name: gitolite-git + readOnly: false + imagePullSecrets: + - name: regcred + initContainers: + - command: + - chmod + - "755" + - /var/lib/git + image: registry.gitlab.com/grumps/grumpy-containers/gitolite:v0.0.4 + name: setup + volumeMounts: + - mountPath: /var/lib/git + name: gitolite-git + readOnly: false + volumes: + - name: gitolite-ssh-keys + persistentVolumeClaim: + claimName: gitolite-storage-ssh + - name: gitolite-git + persistentVolumeClaim: + claimName: gitolite-storage diff --git a/grumpy/gitolite/gitolite-gitolite-svc.yaml b/grumpy/gitolite/gitolite-gitolite-svc.yaml new file mode 100644 index 0000000..fdb9571 --- /dev/null +++ b/grumpy/gitolite/gitolite-gitolite-svc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitolite-gitolite +spec: + ports: + - name: http + port: 30000 + targetPort: 22 + selector: + component: gitolite-gitolite + type: NodePort diff --git a/grumpy/gitolite/kustomization.yaml b/grumpy/gitolite/kustomization.yaml new file mode 100644 index 0000000..7bfd82a --- /dev/null +++ b/grumpy/gitolite/kustomization.yaml @@ -0,0 +1,20 @@ +# Labels to add to all resources and selectors. +commonLabels: + app: gitolite-gitolite + component: gitolite-gitolite + +# Images modify the tags for images without +# creating patches. +images: +- name: registry.gitlab.com/grumps/grumpy-containers/gitolite + newTag: v0.0.4 + +# Value of this field is prepended to the +# names of all resources +namePrefix: gitolite-gitolite + +# List of resource files that kustomize reads, modifies +# and emits as a YAML string +resources: +- gitolite-gitolite-deploy.yaml +- gitolite-gitolite-svc.yaml
\ No newline at end of file diff --git a/grumpy/gitolite/templates/NOTES.txt b/grumpy/gitolite/templates/NOTES.txt deleted file mode 100644 index a965a70..0000000 --- a/grumpy/gitolite/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -Done diff --git a/grumpy/gitolite/templates/_helpers.tpl b/grumpy/gitolite/templates/_helpers.tpl deleted file mode 100644 index b2da145..0000000 --- a/grumpy/gitolite/templates/_helpers.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "gitolite.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "gitolite.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "gitolite.claimname.ssh-keys" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s-ssh-keys" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "gitolite.claimname.git" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s-git" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/grumpy/gitolite/templates/gitolite-deployment.yaml b/grumpy/gitolite/templates/gitolite-deployment.yaml deleted file mode 100644 index 1632b93..0000000 --- a/grumpy/gitolite/templates/gitolite-deployment.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "gitolite.fullname" . }} - labels: - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - component: "{{ .Release.Name }}-{{ .Values.Name }}" -spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - component: "{{ .Release.Name }}-{{ .Values.Component }}" - template: - metadata: - labels: - app: {{ template "gitolite.fullname" . }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - component: "{{ .Release.Name }}-{{ .Values.Component }}" - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.NodeSelector }} - nodeSelector: -{{ toYaml .Values.NodeSelector | indent 8 }} - {{- end }} - {{- if .Values.Tolerations }} - tolerations: -{{ toYaml .Values.Tolerations | indent 8 }} - {{- end }} - containers: - - name: {{ template "gitolite.fullname" . }} - image: "{{ .Values.Image }}:{{ .Values.ImageTag }}" - imagePullPolicy: "{{ .Values.ImagePullPolicy }}" - args: - - sshd - env: - - name: SSH_KEY - value: "{{ default "" .Values.SSH_KEY}}" - - name: SSH_KEY_NAME - value: "{{ default "admin" .Values.SSH_KEY_NAME}}" - - name: UMASK - value: "0027" - ports: - - containerPort: {{ .Values.ContainerPort }} - name: ssh - resources: - requests: - cpu: "{{ .Values.Cpu }}" - memory: "{{ .Values.Memory }}" - volumeMounts: -{{- if .Values.Persistence.mounts }} -{{ toYaml .Values.Persistence.mounts | indent 12 }} -{{- end }} - - - mountPath: /etc/ssh/keys - name: gitolite-ssh-keys - readOnly: false - - - mountPath: /var/lib/git - name: gitolite-git - readOnly: false - initContainers: - - name: setup - image: "{{ .Values.Image }}:{{ .Values.ImageTag }}" - command: - - "chmod" - - "755" - - "/var/lib/git" - volumeMounts: - - - mountPath: /var/lib/git - name: gitolite-git - readOnly: false - volumes: - - name: gitolite-ssh-keys - persistentVolumeClaim: - claimName: gitolite-storage-ssh - - name: gitolite-git - persistentVolumeClaim: - claimName: gitolite-storage - diff --git a/grumpy/gitolite/templates/gitolite-ingress.yaml b/grumpy/gitolite/templates/gitolite-ingress.yaml deleted file mode 100644 index e6bf450..0000000 --- a/grumpy/gitolite/templates/gitolite-ingress.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.HostName }} -apiVersion: {{ .Values.NetworkPolicy.ApiVersion }} -kind: Ingress -metadata: -{{- if .Values.Ingress.Annotations }} - annotations: -{{ toYaml .Values.Ingress.Annotations | indent 4 }} -{{- end }} - name: {{ template "gitolite.fullname" . }} -spec: - rules: - - host: {{ .Values.HostName | quote }} - http: - paths: - - backend: - serviceName: {{ template "gitolite.fullname" . }} - servicePort: {{ .Values.ServicePort }} -{{- if .Values.Ingress.TLS }} - tls: -{{ toYaml .Values.Ingress.TLS | indent 4 }} -{{- end -}} -{{- end }} diff --git a/grumpy/gitolite/templates/gitolite-networkpolicy.yaml b/grumpy/gitolite/templates/gitolite-networkpolicy.yaml deleted file mode 100644 index 23b4180..0000000 --- a/grumpy/gitolite/templates/gitolite-networkpolicy.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.NetworkPolicy.Enabled }} -kind: NetworkPolicy -apiVersion: {{ .Values.NetworkPolicy.ApiVersion }} -metadata: - name: "{{ .Release.Name }}-{{ .Values.Component }}" -spec: - podSelector: - matchLabels: - component: "{{ .Release.Name }}-{{ .Values.Component }}" - ingress: - # Allow web access to the UI - - ports: - - port: {{ .Values.ContainerPort }} -{{- end }} diff --git a/grumpy/gitolite/templates/gitolite-svc.yaml b/grumpy/gitolite/templates/gitolite-svc.yaml deleted file mode 100644 index e181a57..0000000 --- a/grumpy/gitolite/templates/gitolite-svc.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{template "gitolite.fullname" . }} - labels: - app: {{ template "gitolite.fullname" . }} - heritage: {{.Release.Service | quote }} - release: {{.Release.Name | quote }} - chart: "{{.Chart.Name}}-{{.Chart.Version}}" - component: "{{.Release.Name}}-{{.Values.Component}}" -{{- if .Values.ServiceAnnotations }} - annotations: -{{ toYaml .Values.ServiceAnnotations | indent 4 }} -{{- end }} -spec: - ports: - - port: {{.Values.ServicePort}} - name: http - targetPort: {{.Values.ContainerPort}} - selector: - component: "{{.Release.Name}}-{{.Values.Component}}" - type: {{.Values.ServiceType}} diff --git a/grumpy/gitolite/values.yaml b/grumpy/gitolite/values.yaml deleted file mode 100644 index 2bc1e07..0000000 --- a/grumpy/gitolite/values.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# Default values for gitolite. -# This is a YAML-formatted file. -# Declare name/value pairs to be passed into your templates. -# name: value - -Name: gitolite -Image: "registry.gitlab.com/grumps/grumpy-containers/gitolite" -ImageTag: "v0.0.4" -ImagePullPolicy: "Always" -Component: "gitolite" -imagePullSecrets: - - name: regcred -Cpu: "200m" -Memory: "256Mi" -ServicePort: 30000 -# For minikube, set this to NodePort, elsewhere use LoadBalancer -# Use ClusterIP if your setup includes ingress controller -ServiceType: NodePort -ServiceAnnotations: {} - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https -# Used to create Ingress record (should used with ServiceType: ClusterIP) -# HostName: gitolite.cluster.local -# NodePort: <to set explicitly, choose port between 30000-32767 -ContainerPort: 22 -LoadBalancerSourceRanges: -- 0.0.0.0/0 -# Optionally assign a known public LB IP -# LoadBalancerIP: 1.2.3.4 -# Node labels and tolerations for pod assignment -# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector -# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature -NodeSelector: {} -Tolerations: {} - -Ingress: - Annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - TLS: - # - secretName: gitolite.cluster.local - # hosts: - # - gitolite.cluster.local - -Persistence: - SshKeys: - Enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires Persistence.Enabled: true - ## If defined, PVC must be created manually before volume will be bound - # ExistingClaim: - - ## Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # StorageClass: "-" - - AccessMode: ReadWriteOnce - Size: 1Gi - Git: - Enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires Persistence.Enabled: true - ## If defined, PVC must be created manually before volume will be bound - # ExistingClaim: - - ## Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # StorageClass: "-" - - AccessMode: ReadWriteOnce - Size: 8Gi - volumes: -# - name: nothing -# emptyDir: {} - mounts: -# - mountPath: /var/nothing -# name: nothing -# readOnly: true - -NetworkPolicy: - # Enable creation of NetworkPolicy resources. - Enabled: false - # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' - # For Kubernetes v1.7, use 'networking.k8s.io/v1' - ApiVersion: 'networking.k8s.io/v1' - |