bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new infra architecture 12

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-21 16:21:24 +01:00
parent 2512de4173
commit 66dfd50fbc
20 changed files with 4082 additions and 480 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
infrastructure/cicd/gitea/README.md
View File

@@ -4,124 +4,185 @@ This directory contains the Helm values and scripts for setting up Gitea as the
## Features
- **Automatic Repository Creation**: When Gitea is installed via Helm, it automatically creates a `bakery-ia` repository owned by the admin user.
- **Pre-configured Settings**: The repository comes with issues, wiki, pull requests, and projects enabled.
- **Easy Setup Script**: A script to push your existing code to the new Gitea repository.
- **Automatic Admin User**: Admin user is created automatically from Kubernetes secret
- **Automatic Repository Creation**: The `bakery-ia` repository is created via a Kubernetes Job after Gitea starts
- **Registry Support**: Container registry enabled for storing Docker images
- **Tekton Integration**: Webhook automatically configured if Tekton is installed
## Installation
## Quick Start
### 1. Install Gitea with Helm
### Development
```bash
# Add Gitea Helm repository
# 1. Setup secrets and init job (uses default dev password)
./infrastructure/cicd/gitea/setup-admin-secret.sh
# 2. Install Gitea
helm repo add gitea https://dl.gitea.io/charts
helm repo update
helm install gitea gitea/gitea -n gitea -f infrastructure/cicd/gitea/values.yaml
# Create namespace
kubectl create namespace gitea
# Install Gitea with automatic repository creation
helm install gitea gitea/gitea -n gitea \
-f infrastructure/cicd/gitea/values.yaml \
--set gitea.admin.password=your-secure-password
```
### 2. Wait for Gitea to be ready
```bash
# 3. Wait for everything to be ready
kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s
# 4. Check init job completed
kubectl logs -n gitea -l app.kubernetes.io/component=init --tail=50
```
### 3. Push your code to the new repository
### Production
```bash
# Set the admin password as environment variable
export GITEA_ADMIN_PASSWORD="your-secure-password"
# 1. Generate and export secure password
export GITEA_ADMIN_PASSWORD=$(openssl rand -base64 32)
# Run the setup script
./infrastructure/cicd/gitea/setup-gitea-repository.sh
# 2. Setup secrets with production flag (requires GITEA_ADMIN_PASSWORD)
./infrastructure/cicd/gitea/setup-admin-secret.sh --production
# 3. Install Gitea with production values
helm repo add gitea https://dl.gitea.io/charts
helm upgrade --install gitea gitea/gitea -n gitea \
-f infrastructure/cicd/gitea/values.yaml \
-f infrastructure/cicd/gitea/values-prod.yaml
# 4. Wait for everything to be ready
kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s
# 5. Install Tekton CI/CD (see tekton-helm/README.md for details)
export TEKTON_WEBHOOK_TOKEN=$(openssl rand -hex 32)
helm upgrade --install tekton-cicd infrastructure/cicd/tekton-helm \
-n tekton-pipelines \
-f infrastructure/cicd/tekton-helm/values.yaml \
-f infrastructure/cicd/tekton-helm/values-prod.yaml \
--set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN \
--set secrets.registry.password=$GITEA_ADMIN_PASSWORD \
--set secrets.git.password=$GITEA_ADMIN_PASSWORD
```
## Configuration Details
## Files
### Automatic Repository Creation
| File | Description |
|------|-------------|
| `values.yaml` | Helm values for Gitea chart |
| `values-prod.yaml` | Production Helm values |
| `setup-admin-secret.sh` | Creates secrets and applies init job |
| `gitea-init-job.yaml` | Kubernetes Job to create initial repository |
| `setup-gitea-repository.sh` | Helper to push local code to Gitea |
The `values.yaml` file includes the following configuration to automatically create the `bakery-ia` repository:
## How It Works
### 1. Admin User Initialization
The Gitea Helm chart automatically creates the admin user on first install. Credentials are read from a Kubernetes secret:
```yaml
gitea:
initialRepositories:
- name: bakery-ia
description: "Main repository for Bakery IA project - Automatically created by Helm"
private: false
auto_init: true
default_branch: main
owner: "{{ .Values.gitea.admin.username }}"
enable_issues: true
enable_wiki: true
enable_pull_requests: true
enable_projects: true
admin:
username: bakery-admin
email: admin@bakery-ia.local
existingSecret: gitea-admin-secret # Secret with username/password keys
passwordMode: keepUpdated # Sync password changes from secret
```
### Repository Features
The `setup-admin-secret.sh` script creates this secret before Helm install.
The automatically created repository includes:
- **Issues**: For tracking bugs and feature requests
- **Wiki**: For project documentation
- **Pull Requests**: For code review workflow
- **Projects**: For project management
- **Auto Initialization**: Creates an initial README.md file
### 2. Repository Initialization
Since the Gitea Helm chart doesn't support automatic repository creation, we use a Kubernetes Job (`gitea-init-job.yaml`) that:
1. Waits for Gitea to be ready
2. Creates the `bakery-ia` repository via Gitea API
3. Optionally configures a webhook for Tekton CI/CD
The Job is idempotent - it skips creation if the repository already exists.
## Detailed Installation
### Step 1: Create Secrets
```bash
# Using default password (for dev environments)
./infrastructure/cicd/gitea/setup-admin-secret.sh
# Or specify a custom password
./infrastructure/cicd/gitea/setup-admin-secret.sh "your-secure-password"
# Or use environment variable
export GITEA_ADMIN_PASSWORD="your-secure-password"
./infrastructure/cicd/gitea/setup-admin-secret.sh
```
This creates:
- `gitea-admin-secret` in `gitea` namespace - used by Gitea for admin credentials
- `gitea-registry-secret` in `bakery-ia` namespace - used for `imagePullSecrets`
- Applies `gitea-init-job.yaml` (ConfigMap + Job)
### Step 2: Install Gitea
```bash
helm repo add gitea https://dl.gitea.io/charts
helm repo update
helm install gitea gitea/gitea -n gitea \
-f infrastructure/cicd/gitea/values.yaml
```
### Step 3: Verify Installation
```bash
# Wait for Gitea pod
kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s
# Check init job logs
kubectl logs -n gitea job/gitea-init-repo
# Verify repository was created
curl -u bakery-admin:pvYUkGWJijqc0QfIZEXw \
https://gitea.bakery-ia.local/api/v1/repos/bakery-admin/bakery-ia
```
## CI/CD Integration
Once the repository is created and your code is pushed, you can configure your CI/CD pipelines to use this repository. The repository URL will be:
Repository URL:
```
https://gitea.bakery-ia.local/bakery-admin/bakery-ia.git
```
### Example Tekton Pipeline Configuration
```yaml
# In your Tekton PipelineRun or Task
spec:
params:
- name: git-url
value: "https://gitea.bakery-ia.local/bakery-admin/bakery-ia.git"
- name: git-revision
value: "main"
Internal cluster URL (for pipelines):
```
http://gitea-http.gitea.svc.cluster.local:3000/bakery-admin/bakery-ia.git
```
## Troubleshooting
### Repository not created
### Init Job Failed
If the repository is not automatically created:
1. Check Gitea logs: `kubectl logs -n gitea -l app.kubernetes.io/name=gitea`
2. Verify the Helm values were applied correctly
3. Manually create the repository using the setup script
```bash
# Check job status
kubectl get jobs -n gitea
### Authentication issues
# View logs
kubectl logs -n gitea job/gitea-init-repo
If you have authentication problems when pushing:
1. Verify the admin password is correct
2. Check that the Gitea service is accessible
3. Ensure your kubeconfig has access to the Gitea namespace
# Re-run the job
kubectl delete job gitea-init-repo -n gitea
kubectl apply -f infrastructure/cicd/gitea/gitea-init-job.yaml
```
## Security Notes
### Repository Not Created
- Always use a strong password for the Gitea admin user
- Consider using Kubernetes secrets for sensitive data
- The setup script uses basic authentication - for production, consider using SSH keys or tokens
1. Check if Gitea is ready: `kubectl get pods -n gitea`
2. Check init job logs: `kubectl logs -n gitea job/gitea-init-repo`
3. Manually create via API or use `setup-gitea-repository.sh`
### Authentication Issues
1. Verify secret exists: `kubectl get secret gitea-admin-secret -n gitea`
2. Check credentials: `kubectl get secret gitea-admin-secret -n gitea -o jsonpath='{.data.password}' | base64 -d`
## Upgrading
To upgrade Gitea while preserving your repositories:
```bash
helm upgrade gitea gitea/gitea -n gitea \
-f infrastructure/cicd/gitea/values.yaml \
--set gitea.admin.password=your-secure-password
-f infrastructure/cicd/gitea/values.yaml
```
The existing repositories and their contents will be preserved during upgrades.
Repositories and data are preserved during upgrades (stored in PVC).