Meta repo for gitea.kosmos.org operation, issues, suggestions, and feedback.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

71 lines
2.8 KiB

  1. # Kubernetes / GKE
  2. This Gitea instance is currently hosted on Google Kubernetes Engine.
  3. ## Apply changes to resources
  4. ```
  5. kubectl apply -f gitea-db.yaml
  6. kubectl apply -f gitea-server.yaml
  7. ```
  8. ## Write the secrets to the local filesystem
  9. ```
  10. ./script/get_secrets
  11. ```
  12. It writes the secrets (currently the app.ini file, as well as auto-generated
  13. TLS certificates that are only used when no Let's Encrypt cert is available)
  14. to the `kubernetes/config/` folder. These files are not in Git because they
  15. contain credentials.
  16. Once you have edited them locally, you need to delete the secrets stored on
  17. Kubernetes before uploading them again. This is done by this script:
  18. ```
  19. ./script/replace_secrets
  20. ```
  21. ## Reuse a released persistent volume:
  22. > When you delete a PVC, corresponding PV becomes `Released`. This PV can contain sensitive data (say credit card numbers) and therefore nobody can ever bind to it, even if it is a PVC with the same name and in the same namespace as the previous one - who knows who's trying to steal the data!
  23. >
  24. > Admin intervention is required here. He has two options:
  25. >
  26. > * Make the PV available to everybody - delete `PV.Spec.ClaimRef`, Such PV can bound to any PVC (assuming that capacity, access mode and selectors match)
  27. >
  28. > * Make the PV available to a specific PVC - pre-fill `PV.Spec.ClaimRef` with a pointer to a PVC. Leave the `PV.Spec.ClaimRef,UID` empty, as the PVC does not to need exist at this point and you don't know PVC's UID. This PV can be bound only to the specified PVC.
  29. >
  30. >
  31. > @whitecolor, in your case you should be fine by clearing `PV.Spec.ClaimRef.UID` in the PV. Only the re-created PVC (with any UID) can then use the PV. And it's your responsibility that only the right person can craft appropriate PVC so nobody can steal your data.
  32. https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616
  33. ## Update Gitea
  34. ### Released version
  35. Change the image for the gitea-server container
  36. (`kubernetes/gitea-server.yaml`) to `gitea/gitea:TAG`, for example:
  37. `gitea/gitea:1.7.0-rc2`
  38. ### Unreleased version
  39. This is useful to deploy features that are in master but not yet in a release.
  40. $ docker pull gitea/gitea
  41. $ docker tag gitea/gitea:latest kosmosorg/gitea:production
  42. $ docker push kosmosorg/gitea
  43. Set the image for the gitea-server container to `kosmosorg/gitea:latest`, or run
  44. this command to force a deployment if it is already set to it
  45. $ kubectl patch deployment gitea-server -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}"
  46. ### Build our own image
  47. At the root of the [https://github.com/go-gitea/gitea](gitea repo)
  48. $ DOCKER_TAG=production DOCKER_IMAGE=kosmosorg/gitea make docker # builds and tags kosmosorg/gitea:production locally
  49. $ docker push kosmosorg/gitea