From 21238a032dbe88cd6a41d43e23133b32e3a8fab0 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 27 Jan 2019 16:19:19 +0800 Subject: [PATCH 1/5] Add default and Kosmos label sets Adds custom label set configs, overriding the default set and adding a new one for Kosmos (that includes kredits labels). closes #4 --- custom/options/label/Default | 11 +++++++++++ custom/options/label/Kosmos | 14 ++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 custom/options/label/Default create mode 100644 custom/options/label/Kosmos diff --git a/custom/options/label/Default b/custom/options/label/Default new file mode 100644 index 0000000..0bdfe06 --- /dev/null +++ b/custom/options/label/Default @@ -0,0 +1,11 @@ +#db231d bug ; Something is not working +#76db1d enhancement ; Improving existing functionality +#1d76db feature ; New functionality +#db1d76 idea ; Something to consider +#db1d76 question ; Looking for an answer +#fbca04 security ; All your base are belong to us +#1dd5db ui/ux ; User interface, process design, etc. +#333333 dev environment ; Config, builds, CI, deployment, etc. +#cccccc duplicate ; This issue or pull request already exists +#cccccc invalid ; Not a bug +#cccccc wontfix ; This won't be fixed diff --git a/custom/options/label/Kosmos b/custom/options/label/Kosmos new file mode 100644 index 0000000..5b29e23 --- /dev/null +++ b/custom/options/label/Kosmos @@ -0,0 +1,14 @@ +#db231d bug ; Something is not working +#76db1d enhancement ; Improving existing functionality +#1d76db feature ; New functionality +#db1d76 idea ; Something to consider +#db1d76 question ; Looking for an answer +#fbca04 security ; All your base are belong to us +#1dd5db ui/ux ; User interface, process design, etc. +#333333 dev environment ; Config, builds, CI, deployment, etc. +#008080 kredits-1 ; Small contribution +#008080 kredits-2 ; Medium contribution +#008080 kredits-3 ; Large contribution +#cccccc duplicate ; This issue or pull request already exists +#cccccc invalid ; Not a bug +#cccccc wontfix ; This won't be fixed From eba722992fe7faf6157b5b3ba5e1d5d1fddb9cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Tue, 5 Feb 2019 20:29:08 +0100 Subject: [PATCH 2/5] Copy the labels to the persistent data volume Move the custom label definitions to a custom folder in the kubernetes folder, as well as the config files --- .gitignore | 2 +- kubernetes/{ => custom}/config/.gitkeep | 0 .../custom}/options/label/Default | 0 .../custom}/options/label/Kosmos | 0 kubernetes/gitea-server.yaml | 16 ++++++++++++---- script/get_secrets | 2 +- script/replace_secrets | 4 ++-- 7 files changed, 16 insertions(+), 8 deletions(-) rename kubernetes/{ => custom}/config/.gitkeep (100%) rename {custom => kubernetes/custom}/options/label/Default (100%) rename {custom => kubernetes/custom}/options/label/Kosmos (100%) diff --git a/.gitignore b/.gitignore index 769e3a7..748794d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/kubernetes/config/ +/kubernetes/custom/config/ diff --git a/kubernetes/config/.gitkeep b/kubernetes/custom/config/.gitkeep similarity index 100% rename from kubernetes/config/.gitkeep rename to kubernetes/custom/config/.gitkeep diff --git a/custom/options/label/Default b/kubernetes/custom/options/label/Default similarity index 100% rename from custom/options/label/Default rename to kubernetes/custom/options/label/Default diff --git a/custom/options/label/Kosmos b/kubernetes/custom/options/label/Kosmos similarity index 100% rename from custom/options/label/Kosmos rename to kubernetes/custom/options/label/Kosmos diff --git a/kubernetes/gitea-server.yaml b/kubernetes/gitea-server.yaml index 61ad820..90eb3d5 100644 --- a/kubernetes/gitea-server.yaml +++ b/kubernetes/gitea-server.yaml @@ -15,16 +15,21 @@ spec: initContainers: - name: init-config image: busybox - command: ['sh', '-c', 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && chown -R 1000:1000 /data/gitea'] + command: [ + 'sh', '-c', + 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && mkdir -p /data/gitea/options/label && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && cp /root/options/label/* /data/gitea/options/label/ && chown -R 1000:1000 /data/gitea' + ] volumeMounts: - mountPath: /data name: gitea-server-data - mountPath: /root/conf name: config + # The labels have been created as a ConfigMap from local files using this command: + # + # kubectl create configmap gitea-options-label --from-file=custom/options/label/ + - mountPath: /root/options/label + name: label containers: - # This is only used for the initial setup, it does nothing once a app.ini - # file exists in the conf/ directory of the data directory - # (/data/gitea/conf in our case) - name: gitea-server image: gitea/gitea:1.7.1 ports: @@ -52,6 +57,9 @@ spec: - key: key.pem path: key.pem mode: 256 + - name: label + configMap: + name: gitea-options-label --- apiVersion: v1 kind: PersistentVolumeClaim diff --git a/script/get_secrets b/script/get_secrets index 0a7dcc2..310929c 100755 --- a/script/get_secrets +++ b/script/get_secrets @@ -7,7 +7,7 @@ secret = `kubectl get secret gitea-config -o yaml` yaml = YAML.load(secret) yaml['data'].each do |key, data| - filename = File.join('kubernetes', 'config', key) + filename = File.join('kubernetes', 'custom', 'config', key) File.open(filename, "w+") do |f| puts "Writing #{filename}" f.write Base64.decode64(data) diff --git a/script/replace_secrets b/script/replace_secrets index 2a3de09..c2ef0cf 100755 --- a/script/replace_secrets +++ b/script/replace_secrets @@ -2,8 +2,8 @@ # Delete the gitea-config secrets kubectl delete secret gitea-config -# Replace it from the local files in kubernetes/config/* (acquired by running +# Replace it from the local files in kubernetes/custom/config/* (acquired by running # ./script/get_secrets) -kubectl create secret generic gitea-config --from-file=cert.pem=kubernetes/config/cert.pem --from-file=key.pem=kubernetes/config/key.pem --from-file=app.ini=kubernetes/config/app.ini +kubectl create secret generic gitea-config --from-file=cert.pem=kubernetes/custom/config/cert.pem --from-file=key.pem=kubernetes/custom/config/key.pem --from-file=app.ini=kubernetes/custom/config/app.ini # Force the pod to restart by patching the deployment resource kubectl patch deployment gitea-server -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}" From bbfa3f29641fdc083d46b0fde6da1e5e0d347101 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Wed, 27 Feb 2019 17:47:48 +0100 Subject: [PATCH 3/5] Add a script to copy the content of the custom folder to a running pod For now it is only labels, but adding anything supported will work (robots.txt, public files, templates, etc) The content will be copied to the /data/gitea/ folder that is a mounted persistent volume https://docs.gitea.io/en-us/customizing-gitea/ --- .gitignore | 2 +- README.md | 6 ++++++ kubernetes/{custom => }/config/.gitkeep | 0 kubernetes/gitea-server.yaml | 10 +--------- script/copy_customization | 11 +++++++++++ script/get_secrets | 2 +- script/replace_secrets | 4 ++-- 7 files changed, 22 insertions(+), 13 deletions(-) rename kubernetes/{custom => }/config/.gitkeep (100%) create mode 100755 script/copy_customization diff --git a/.gitignore b/.gitignore index 748794d..769e3a7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/kubernetes/custom/config/ +/kubernetes/config/ diff --git a/README.md b/README.md index f9bc1dc..bbf687a 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,12 @@ This repository contains configuration files and other assets, that are used to deploy and operate this Gitea instance. +To upload the customization files to the running pod: + +``` +./script/copy_customization +``` + Feel free to [open issues] for questions, suggestions, bugs, to-do items, and whatever else you want to discuss or resolve. diff --git a/kubernetes/custom/config/.gitkeep b/kubernetes/config/.gitkeep similarity index 100% rename from kubernetes/custom/config/.gitkeep rename to kubernetes/config/.gitkeep diff --git a/kubernetes/gitea-server.yaml b/kubernetes/gitea-server.yaml index 802fd8e..7284ed5 100644 --- a/kubernetes/gitea-server.yaml +++ b/kubernetes/gitea-server.yaml @@ -17,18 +17,13 @@ spec: image: busybox command: [ 'sh', '-c', - 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && mkdir -p /data/gitea/options/label && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && cp /root/options/label/* /data/gitea/options/label/ && chown -R 1000:1000 /data/gitea' + 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && chown -R 1000:1000 /data/gitea' ] volumeMounts: - mountPath: /data name: gitea-server-data - mountPath: /root/conf name: config - # The labels have been created as a ConfigMap from local files using this command: - # - # kubectl create configmap gitea-options-label --from-file=custom/options/label/ - - mountPath: /root/options/label - name: label containers: - name: gitea-server image: gitea/gitea:1.7.2 @@ -57,9 +52,6 @@ spec: - key: key.pem path: key.pem mode: 256 - - name: label - configMap: - name: gitea-options-label --- apiVersion: v1 kind: PersistentVolumeClaim diff --git a/script/copy_customization b/script/copy_customization new file mode 100755 index 0000000..9b4ee13 --- /dev/null +++ b/script/copy_customization @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +for podname in $(kubectl get pods -l name=gitea-server -o json \ + | jq -r '.items[].metadata.name'); do + for path in ./kubernetes/custom/*; do + echo "Copying ${path}..." + kubectl cp "${path}" "${podname}":"/data/gitea/" + done + # Fix permissions + kubectl exec "${podname}" -- chown -R 1000:1000 /data/gitea/ + done diff --git a/script/get_secrets b/script/get_secrets index 310929c..0a7dcc2 100755 --- a/script/get_secrets +++ b/script/get_secrets @@ -7,7 +7,7 @@ secret = `kubectl get secret gitea-config -o yaml` yaml = YAML.load(secret) yaml['data'].each do |key, data| - filename = File.join('kubernetes', 'custom', 'config', key) + filename = File.join('kubernetes', 'config', key) File.open(filename, "w+") do |f| puts "Writing #{filename}" f.write Base64.decode64(data) diff --git a/script/replace_secrets b/script/replace_secrets index c2ef0cf..2a3de09 100755 --- a/script/replace_secrets +++ b/script/replace_secrets @@ -2,8 +2,8 @@ # Delete the gitea-config secrets kubectl delete secret gitea-config -# Replace it from the local files in kubernetes/custom/config/* (acquired by running +# Replace it from the local files in kubernetes/config/* (acquired by running # ./script/get_secrets) -kubectl create secret generic gitea-config --from-file=cert.pem=kubernetes/custom/config/cert.pem --from-file=key.pem=kubernetes/custom/config/key.pem --from-file=app.ini=kubernetes/custom/config/app.ini +kubectl create secret generic gitea-config --from-file=cert.pem=kubernetes/config/cert.pem --from-file=key.pem=kubernetes/config/key.pem --from-file=app.ini=kubernetes/config/app.ini # Force the pod to restart by patching the deployment resource kubectl patch deployment gitea-server -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}" From 915fd7db8a54bd222a85ddec56ea8e69969998ce Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Mon, 4 Mar 2019 13:48:07 +0700 Subject: [PATCH 4/5] Add resource requests and limits for Gitea Based on recent usage stats. If these are not set, the scheduler's capacity check doesn't work and it will place new pods on nodes that are actually not free enough for them. --- kubernetes/gitea-db.yaml | 8 +++++++- kubernetes/gitea-server.yaml | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/kubernetes/gitea-db.yaml b/kubernetes/gitea-db.yaml index 6b262cd..e66ed21 100644 --- a/kubernetes/gitea-db.yaml +++ b/kubernetes/gitea-db.yaml @@ -32,13 +32,19 @@ spec: value: gitea image: mariadb:10.3.10 name: gitea-db - resources: {} ports: - containerPort: 3306 name: mysql volumeMounts: - mountPath: /var/lib/mysql name: gitea-db-data + resources: + requests: + cpu: 250m + memory: 150Mi + limits: + cpu: 500m + memory: 300Mi restartPolicy: Always volumes: - name: gitea-db-data diff --git a/kubernetes/gitea-server.yaml b/kubernetes/gitea-server.yaml index 2709f9a..f2a035a 100644 --- a/kubernetes/gitea-server.yaml +++ b/kubernetes/gitea-server.yaml @@ -34,6 +34,13 @@ spec: volumeMounts: - mountPath: /data name: gitea-server-data + resources: + requests: + cpu: 250m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi restartPolicy: Always volumes: - name: gitea-server-data From e0741b443816ba5952f9aa50808d9094a9f1bb5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Mon, 1 Apr 2019 17:01:16 +0200 Subject: [PATCH 5/5] Ship the customizations as a Docker image The Docker image is used in the initialization process, to copy everything in the custom folder to the Gitea data dir (mounted as a persistent volume). It is built using Packer and is based on the busybox image, so we can use its minimalist shell system to copy files and set permissions --- README.md | 16 ++++++++-- .../custom => custom}/options/label/Default | 0 .../custom => custom}/options/label/Kosmos | 0 kubernetes/gitea-server.yaml | 7 +++-- packer/custom.json | 29 +++++++++++++++++++ script/build_customizations_image | 7 +++++ script/copy_customization | 11 ------- 7 files changed, 55 insertions(+), 15 deletions(-) rename {kubernetes/custom => custom}/options/label/Default (100%) rename {kubernetes/custom => custom}/options/label/Kosmos (100%) create mode 100644 packer/custom.json create mode 100755 script/build_customizations_image delete mode 100755 script/copy_customization diff --git a/README.md b/README.md index bbf687a..af0054b 100644 --- a/README.md +++ b/README.md @@ -3,10 +3,22 @@ This repository contains configuration files and other assets, that are used to deploy and operate this Gitea instance. -To upload the customization files to the running pod: +To create a new image containing the customizations: + +Edit `packer/custom.json` to increment the tag, then run this script (needs +[Packer](https://www.packer.io/) in your path) ``` -./script/copy_customization +./script/build_customizations_image +``` + +Then edit `kubernetes/gitea-server.yaml` to use the new tag +(`image: eu.gcr.io/fluted-magpie-218106/gitea_custom:$VERSION`) and apply the +change: + +``` +cd kubernetes +kubectl apply -f gitea-server.yaml ``` Feel free to [open issues] for questions, suggestions, bugs, to-do items, and diff --git a/kubernetes/custom/options/label/Default b/custom/options/label/Default similarity index 100% rename from kubernetes/custom/options/label/Default rename to custom/options/label/Default diff --git a/kubernetes/custom/options/label/Kosmos b/custom/options/label/Kosmos similarity index 100% rename from kubernetes/custom/options/label/Kosmos rename to custom/options/label/Kosmos diff --git a/kubernetes/gitea-server.yaml b/kubernetes/gitea-server.yaml index c4dfd9e..15cc123 100644 --- a/kubernetes/gitea-server.yaml +++ b/kubernetes/gitea-server.yaml @@ -14,10 +14,13 @@ spec: spec: initContainers: - name: init-config - image: busybox + # This is a busybox image with our gitea customizations saved to + # /custom, built using ./script/build_customizations_image from the + # root of the repo + image: eu.gcr.io/fluted-magpie-218106/gitea_custom:0.1 command: [ 'sh', '-c', - 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && chown -R 1000:1000 /data/gitea' + 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && cp -R /custom/* /data/gitea && chown -R 1000:1000 /data/gitea' ] volumeMounts: - mountPath: /data diff --git a/packer/custom.json b/packer/custom.json new file mode 100644 index 0000000..cbbffad --- /dev/null +++ b/packer/custom.json @@ -0,0 +1,29 @@ +{ + "builders": [{ + "type": "docker", + "image": "busybox", + "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/sh"], + "commit": true + }], + "provisioners": [ + { + "inline": ["mkdir /custom"], + "type": "shell" + }, + { + "type": "file", + "source": "../custom/", + "destination": "/custom" + } + ], + "post-processors": [ + [ + { + "type": "docker-tag", + "repository": "eu.gcr.io/fluted-magpie-218106/gitea_custom", + "tag": "0.1" + }, + "docker-push" + ] + ] +} diff --git a/script/build_customizations_image b/script/build_customizations_image new file mode 100755 index 0000000..da61186 --- /dev/null +++ b/script/build_customizations_image @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +# fail fast +set -e + +cd packer/ +packer build custom.json +cd - diff --git a/script/copy_customization b/script/copy_customization deleted file mode 100755 index 9b4ee13..0000000 --- a/script/copy_customization +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash - -for podname in $(kubectl get pods -l name=gitea-server -o json \ - | jq -r '.items[].metadata.name'); do - for path in ./kubernetes/custom/*; do - echo "Copying ${path}..." - kubectl cp "${path}" "${podname}":"/data/gitea/" - done - # Fix permissions - kubectl exec "${podname}" -- chown -R 1000:1000 /data/gitea/ - done