Add initial Kubernetes config files

This includes all the resources currently running on https://gitea.kosmos.org It sets up a persistent data volume for the MySQL database, one for the Gitea data, that Gitea calls the custom folder (config, attachment, avatars, logs, etc). We mount that persistent data volume as /data/gitea. It also creates a Let's Encrypt certificate for gitea.kosmos.org, also saved to the custom folder. This also includes two scripts: * `./script/get_secrets` downloads the secrets to the local filesystem so they can be edited * `./script/replace_secrets` deletes the remote secrets and creates them again from the local ones in kubernetes/config/* Closes #6
2018-12-14 17:14:00 +01:00
parent bdc9294260
commit 4c463adcda
7 changed files with 234 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -7,3 +7,34 @@ Feel free to [open issues] for questions, suggestions, bugs, to-do items, and
 whatever else you want to discuss or resolve.

 [open issues]: https://gitea.kosmos.org/kosmos/gitea.kosmos.org/issues
+
+## Kubernetes
+
+### Apply changes to resources
+
+```
+kubectl apply -f gitea-db.yaml
+kubectl apply -f gitea-server.yaml
+```
+
+### Write the secrets to the local filesystem
+
+```
+./script/get_secrets
+```
+
+It writes the secrets (currently the app.ini file, as well as auto-generated
+TLS certificates that are only used when no Let's Encrypt cert is available)
+to the `kubernetes/config/` folder. These files are not in Git because they
+contain credentials.
+
+Once you have edited them locally, you need to delete the secrets stored on
+Kubernetes before uploading them again. This is done by this script:
+
+```
+./script/replace_secrets
+```
+
+### Reuse a released persistent volume:
+
+https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616