# Gitea Configuration for Bakery-IA CI/CD This directory contains the Helm values and scripts for setting up Gitea as the Git server for the Bakery-IA project. ## Features - **Automatic Admin User**: Admin user is created automatically from Kubernetes secret - **Automatic Repository Creation**: The `bakery-ia` repository is created via a Kubernetes Job after Gitea starts - **Registry Support**: Container registry enabled for storing Docker images - **Tekton Integration**: Webhook automatically configured if Tekton is installed ## Quick Start ### Development ```bash # 1. Setup secrets and init job (uses default dev password) ./infrastructure/cicd/gitea/setup-admin-secret.sh # 2. Install Gitea helm repo add gitea https://dl.gitea.io/charts helm install gitea gitea/gitea -n gitea -f infrastructure/cicd/gitea/values.yaml # 3. Wait for everything to be ready kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s # 4. Check init job completed kubectl logs -n gitea -l app.kubernetes.io/component=init --tail=50 ``` ### Production ```bash # 1. Generate and export secure password export GITEA_ADMIN_PASSWORD=$(openssl rand -base64 32) # 2. Setup secrets with production flag (requires GITEA_ADMIN_PASSWORD) ./infrastructure/cicd/gitea/setup-admin-secret.sh --production # 3. Install Gitea with production values helm repo add gitea https://dl.gitea.io/charts helm upgrade --install gitea gitea/gitea -n gitea \ -f infrastructure/cicd/gitea/values.yaml \ -f infrastructure/cicd/gitea/values-prod.yaml # 4. Wait for everything to be ready kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s # 5. Install Tekton CI/CD (see tekton-helm/README.md for details) export TEKTON_WEBHOOK_TOKEN=$(openssl rand -hex 32) helm upgrade --install tekton-cicd infrastructure/cicd/tekton-helm \ -n tekton-pipelines \ -f infrastructure/cicd/tekton-helm/values.yaml \ -f infrastructure/cicd/tekton-helm/values-prod.yaml \ --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN \ --set secrets.registry.password=$GITEA_ADMIN_PASSWORD \ --set secrets.git.password=$GITEA_ADMIN_PASSWORD ``` ## Files | File | Description | |------|-------------| | `values.yaml` | Helm values for Gitea chart | | `values-prod.yaml` | Production Helm values | | `setup-admin-secret.sh` | Creates secrets and applies init job | | `gitea-init-job.yaml` | Kubernetes Job to create initial repository | | `setup-gitea-repository.sh` | Helper to push local code to Gitea | ## How It Works ### 1. Admin User Initialization The Gitea Helm chart automatically creates the admin user on first install. Credentials are read from a Kubernetes secret: ```yaml gitea: admin: username: bakery-admin email: admin@bakery-ia.local existingSecret: gitea-admin-secret # Secret with username/password keys passwordMode: keepUpdated # Sync password changes from secret ``` The `setup-admin-secret.sh` script creates this secret before Helm install. ### 2. Repository Initialization Since the Gitea Helm chart doesn't support automatic repository creation, we use a Kubernetes Job (`gitea-init-job.yaml`) that: 1. Waits for Gitea to be ready 2. Creates the `bakery-ia` repository via Gitea API 3. Optionally configures a webhook for Tekton CI/CD The Job is idempotent - it skips creation if the repository already exists. ## Detailed Installation ### Step 1: Create Secrets ```bash # Using default password (for dev environments) ./infrastructure/cicd/gitea/setup-admin-secret.sh # Or specify a custom password ./infrastructure/cicd/gitea/setup-admin-secret.sh "your-secure-password" # Or use environment variable export GITEA_ADMIN_PASSWORD="your-secure-password" ./infrastructure/cicd/gitea/setup-admin-secret.sh ``` This creates: - `gitea-admin-secret` in `gitea` namespace - used by Gitea for admin credentials - `gitea-registry-secret` in `bakery-ia` namespace - used for `imagePullSecrets` - Applies `gitea-init-job.yaml` (ConfigMap + Job) ### Step 2: Install Gitea ```bash helm repo add gitea https://dl.gitea.io/charts helm repo update helm install gitea gitea/gitea -n gitea \ -f infrastructure/cicd/gitea/values.yaml ``` ### Step 3: Verify Installation ```bash # Wait for Gitea pod kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s # Check init job logs kubectl logs -n gitea job/gitea-init-repo # Verify repository was created curl -u bakery-admin:pvYUkGWJijqc0QfIZEXw \ https://gitea.bakery-ia.local/api/v1/repos/bakery-admin/bakery-ia ``` ## CI/CD Integration Repository URL: ``` https://gitea.bakery-ia.local/bakery-admin/bakery-ia.git ``` Internal cluster URL (for pipelines): ``` http://gitea-http.gitea.svc.cluster.local:3000/bakery-admin/bakery-ia.git ``` ## Troubleshooting ### Init Job Failed ```bash # Check job status kubectl get jobs -n gitea # View logs kubectl logs -n gitea job/gitea-init-repo # Re-run the job kubectl delete job gitea-init-repo -n gitea kubectl apply -f infrastructure/cicd/gitea/gitea-init-job.yaml ``` ### Repository Not Created 1. Check if Gitea is ready: `kubectl get pods -n gitea` 2. Check init job logs: `kubectl logs -n gitea job/gitea-init-repo` 3. Manually create via API or use `setup-gitea-repository.sh` ### Authentication Issues 1. Verify secret exists: `kubectl get secret gitea-admin-secret -n gitea` 2. Check credentials: `kubectl get secret gitea-admin-secret -n gitea -o jsonpath='{.data.password}' | base64 -d` ## Upgrading ```bash helm upgrade gitea gitea/gitea -n gitea \ -f infrastructure/cicd/gitea/values.yaml ``` Repositories and data are preserved during upgrades (stored in PVC).