diff --git a/prototypes/forgejo/helm/forgejo.yaml b/prototypes/forgejo/helm/forgejo.yaml index d21542b..b9bf750 100644 --- a/prototypes/forgejo/helm/forgejo.yaml +++ b/prototypes/forgejo/helm/forgejo.yaml @@ -26,6 +26,10 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt +service: + ssh: + type: ClusterIP + gitea: admin: existingSecret: forgejo-admin-secret @@ -42,6 +46,7 @@ gitea: server: DOMAIN: git.tr1ceracop.de ROOT_URL: https://git.tr1ceracop.de/ + SSH_PORT: 222 service: DISABLE_REGISTRATION: true actions: diff --git a/prototypes/forgejo/ytt/ssh-hostport.ytt.yaml b/prototypes/forgejo/ytt/ssh-hostport.ytt.yaml new file mode 100644 index 0000000..e891a2b --- /dev/null +++ b/prototypes/forgejo/ytt/ssh-hostport.ytt.yaml @@ -0,0 +1,17 @@ +#@ load("@ytt:overlay", "overlay") + +#! Add hostPort 22 to the SSH container port and pin to the DNS target node +#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata": {"name": "forgejo"}}) +--- +spec: + template: + spec: + #@overlay/match missing_ok=True + nodeSelector: + kubernetes.io/hostname: ubuntu-4gb-nbg1-3 + containers: + #@overlay/match by=overlay.subset({"name": "forgejo"}) + - ports: + #@overlay/match by=overlay.subset({"name": "ssh"}) + #@overlay/match-child-defaults missing_ok=True + - hostPort: 222 diff --git a/rendered/argocd/production/app-forgejo.yaml b/rendered/argocd/production/app-forgejo.yaml index e961079..bd712f0 100644 --- a/rendered/argocd/production/app-forgejo.yaml +++ b/rendered/argocd/production/app-forgejo.yaml @@ -14,7 +14,7 @@ spec: project: env-production source: path: rendered/envs/production/forgejo - repoURL: "" + repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git targetRevision: main syncPolicy: automated: diff --git a/rendered/envs/production/forgejo/deployment-forgejo.yaml b/rendered/envs/production/forgejo/deployment-forgejo.yaml index 99c0d5f..8474701 100644 --- a/rendered/envs/production/forgejo/deployment-forgejo.yaml +++ b/rendered/envs/production/forgejo/deployment-forgejo.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: app: forgejo app.kubernetes.io/instance: forgejo @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/config: 76b90927e318c6c351bd4820494876eba431085b375f4c446a0b2fa312636c54 + checksum/config: 507b290a6b8e8566a121f0f35baf2cd5e6fc4b3b8560e8452ce70c812b11fde5 labels: app: forgejo app.kubernetes.io/instance: forgejo @@ -39,7 +39,7 @@ spec: - name: SSH_LISTEN_PORT value: "2222" - name: SSH_PORT - value: "22" + value: "222" - name: GITEA_APP_INI value: /data/gitea/conf/app.ini - name: GITEA_CUSTOM @@ -65,6 +65,7 @@ spec: name: forgejo ports: - containerPort: 2222 + hostPort: 222 name: ssh - containerPort: 3000 name: http @@ -180,6 +181,8 @@ spec: name: temp - mountPath: /data name: data + nodeSelector: + kubernetes.io/hostname: ubuntu-4gb-nbg1-3 securityContext: fsGroup: 1000 terminationGracePeriodSeconds: 60 diff --git a/rendered/envs/production/forgejo/ingress-forgejo.yaml b/rendered/envs/production/forgejo/ingress-forgejo.yaml index c279db4..f509ae6 100644 --- a/rendered/envs/production/forgejo/ingress-forgejo.yaml +++ b/rendered/envs/production/forgejo/ingress-forgejo.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git cert-manager.io/cluster-issuer: letsencrypt labels: app: forgejo diff --git a/rendered/envs/production/forgejo/job-forgejo-admin-secret-init.yaml b/rendered/envs/production/forgejo/job-forgejo-admin-secret-init.yaml index 2f33204..b6cbe06 100644 --- a/rendered/envs/production/forgejo/job-forgejo-admin-secret-init.yaml +++ b/rendered/envs/production/forgejo/job-forgejo-admin-secret-init.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git name: forgejo-admin-secret-init namespace: forgejo spec: diff --git a/rendered/envs/production/forgejo/namespace-forgejo.yaml b/rendered/envs/production/forgejo/namespace-forgejo.yaml index 5c6d471..8a109df 100644 --- a/rendered/envs/production/forgejo/namespace-forgejo.yaml +++ b/rendered/envs/production/forgejo/namespace-forgejo.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: pod-security.kubernetes.io/enforce: privileged name: forgejo diff --git a/rendered/envs/production/forgejo/persistentvolumeclaim-gitea-shared-storage.yaml b/rendered/envs/production/forgejo/persistentvolumeclaim-gitea-shared-storage.yaml index b349bf1..442f099 100644 --- a/rendered/envs/production/forgejo/persistentvolumeclaim-gitea-shared-storage.yaml +++ b/rendered/envs/production/forgejo/persistentvolumeclaim-gitea-shared-storage.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git helm.sh/resource-policy: keep name: gitea-shared-storage namespace: forgejo diff --git a/rendered/envs/production/forgejo/role-forgejo-admin-secret-init.yaml b/rendered/envs/production/forgejo/role-forgejo-admin-secret-init.yaml index f5030f2..1e859e0 100644 --- a/rendered/envs/production/forgejo/role-forgejo-admin-secret-init.yaml +++ b/rendered/envs/production/forgejo/role-forgejo-admin-secret-init.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git name: forgejo-admin-secret-init namespace: forgejo rules: diff --git a/rendered/envs/production/forgejo/rolebinding-forgejo-admin-secret-init.yaml b/rendered/envs/production/forgejo/rolebinding-forgejo-admin-secret-init.yaml index 55d600d..665a150 100644 --- a/rendered/envs/production/forgejo/rolebinding-forgejo-admin-secret-init.yaml +++ b/rendered/envs/production/forgejo/rolebinding-forgejo-admin-secret-init.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git name: forgejo-admin-secret-init namespace: forgejo roleRef: diff --git a/rendered/envs/production/forgejo/secret-forgejo-init.yaml b/rendered/envs/production/forgejo/secret-forgejo-init.yaml index f5168bb..0b954a3 100644 --- a/rendered/envs/production/forgejo/secret-forgejo-init.yaml +++ b/rendered/envs/production/forgejo/secret-forgejo-init.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: app: forgejo app.kubernetes.io/instance: forgejo diff --git a/rendered/envs/production/forgejo/secret-forgejo-inline-config.yaml b/rendered/envs/production/forgejo/secret-forgejo-inline-config.yaml index d2f73f2..36fb205 100644 --- a/rendered/envs/production/forgejo/secret-forgejo-inline-config.yaml +++ b/rendered/envs/production/forgejo/secret-forgejo-inline-config.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: app: forgejo app.kubernetes.io/instance: forgejo @@ -38,7 +38,7 @@ stringData: ROOT_URL=https://git.tr1ceracop.de/ SSH_DOMAIN=git.tr1ceracop.de SSH_LISTEN_PORT=2222 - SSH_PORT=22 + SSH_PORT=222 START_SSH_SERVER=true service: DISABLE_REGISTRATION=true session: |- diff --git a/rendered/envs/production/forgejo/secret-forgejo.yaml b/rendered/envs/production/forgejo/secret-forgejo.yaml index 4d83e86..fc538f4 100644 --- a/rendered/envs/production/forgejo/secret-forgejo.yaml +++ b/rendered/envs/production/forgejo/secret-forgejo.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: app: forgejo app.kubernetes.io/instance: forgejo diff --git a/rendered/envs/production/forgejo/service-forgejo-http.yaml b/rendered/envs/production/forgejo/service-forgejo-http.yaml index f7e0f0d..f4ac1fa 100644 --- a/rendered/envs/production/forgejo/service-forgejo-http.yaml +++ b/rendered/envs/production/forgejo/service-forgejo-http.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: app: forgejo app.kubernetes.io/instance: forgejo diff --git a/rendered/envs/production/forgejo/service-forgejo-ssh.yaml b/rendered/envs/production/forgejo/service-forgejo-ssh.yaml index 8b033b6..3d520a0 100644 --- a/rendered/envs/production/forgejo/service-forgejo-ssh.yaml +++ b/rendered/envs/production/forgejo/service-forgejo-ssh.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: app: forgejo app.kubernetes.io/instance: forgejo diff --git a/rendered/envs/production/forgejo/serviceaccount-forgejo-admin-secret-init.yaml b/rendered/envs/production/forgejo/serviceaccount-forgejo-admin-secret-init.yaml index 105651a..9da922c 100644 --- a/rendered/envs/production/forgejo/serviceaccount-forgejo-admin-secret-init.yaml +++ b/rendered/envs/production/forgejo/serviceaccount-forgejo-admin-secret-init.yaml @@ -2,6 +2,6 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - a8r.io/repository: "" + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git name: forgejo-admin-secret-init namespace: forgejo