bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c23d00dd929cc710f3b5d83ad01a965a3b561ba8
bakery-ia/infrastructure/cicd/gitea/README.md

5.6 KiB
Raw Blame History

Gitea Configuration for Bakery-IA CI/CD

This directory contains the Helm values and scripts for setting up Gitea as the Git server for the Bakery-IA project.

Features

  • Automatic Admin User: Admin user is created automatically from Kubernetes secret
  • Automatic Repository Creation: The bakery-ia repository is created via a Kubernetes Job after Gitea starts
  • Registry Support: Container registry enabled for storing Docker images
  • Tekton Integration: Webhook automatically configured if Tekton is installed

Quick Start

Development

# 1. Setup secrets and init job (uses default dev password)
./infrastructure/cicd/gitea/setup-admin-secret.sh

# 2. Install Gitea
helm repo add gitea https://dl.gitea.io/charts
helm install gitea gitea/gitea -n gitea -f infrastructure/cicd/gitea/values.yaml

# 3. Wait for everything to be ready
kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s

# 4. Check init job completed
kubectl logs -n gitea -l app.kubernetes.io/component=init --tail=50

Production

# 1. Generate and export secure password
export GITEA_ADMIN_PASSWORD=$(openssl rand -base64 32)

# 2. Setup secrets with production flag (requires GITEA_ADMIN_PASSWORD)
./infrastructure/cicd/gitea/setup-admin-secret.sh --production

# 3. Install Gitea with production values
helm repo add gitea https://dl.gitea.io/charts
helm upgrade --install gitea gitea/gitea -n gitea \
  -f infrastructure/cicd/gitea/values.yaml \
  -f infrastructure/cicd/gitea/values-prod.yaml

# 4. Wait for everything to be ready
kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s

# 5. Install Tekton CI/CD (see tekton-helm/README.md for details)
export TEKTON_WEBHOOK_TOKEN=$(openssl rand -hex 32)
helm upgrade --install tekton-cicd infrastructure/cicd/tekton-helm \
  -n tekton-pipelines \
  -f infrastructure/cicd/tekton-helm/values.yaml \
  -f infrastructure/cicd/tekton-helm/values-prod.yaml \
  --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN \
  --set secrets.registry.password=$GITEA_ADMIN_PASSWORD \
  --set secrets.git.password=$GITEA_ADMIN_PASSWORD

Files

File Description
values.yaml Helm values for Gitea chart
values-prod.yaml Production Helm values
setup-admin-secret.sh Creates secrets and applies init job
gitea-init-job.yaml Kubernetes Job to create initial repository
setup-gitea-repository.sh Helper to push local code to Gitea

How It Works

1. Admin User Initialization

The Gitea Helm chart automatically creates the admin user on first install. Credentials are read from a Kubernetes secret:

gitea:
  admin:
    username: bakery-admin
    email: admin@bakery-ia.local
    existingSecret: gitea-admin-secret  # Secret with username/password keys
    passwordMode: keepUpdated           # Sync password changes from secret

The setup-admin-secret.sh script creates this secret before Helm install.

2. Repository Initialization

Since the Gitea Helm chart doesn't support automatic repository creation, we use a Kubernetes Job (gitea-init-job.yaml) that:

  1. Waits for Gitea to be ready
  2. Creates the bakery-ia repository via Gitea API
  3. Optionally configures a webhook for Tekton CI/CD

The Job is idempotent - it skips creation if the repository already exists.

Detailed Installation

Step 1: Create Secrets

# Using default password (for dev environments)
./infrastructure/cicd/gitea/setup-admin-secret.sh

# Or specify a custom password
./infrastructure/cicd/gitea/setup-admin-secret.sh "your-secure-password"

# Or use environment variable
export GITEA_ADMIN_PASSWORD="your-secure-password"
./infrastructure/cicd/gitea/setup-admin-secret.sh

This creates:

  • gitea-admin-secret in gitea namespace - used by Gitea for admin credentials
  • gitea-registry-secret in bakery-ia namespace - used for imagePullSecrets
  • Applies gitea-init-job.yaml (ConfigMap + Job)

Step 2: Install Gitea

helm repo add gitea https://dl.gitea.io/charts
helm repo update

helm install gitea gitea/gitea -n gitea \
  -f infrastructure/cicd/gitea/values.yaml

Step 3: Verify Installation

# Wait for Gitea pod
kubectl wait --for=condition=ready pod -n gitea -l app.kubernetes.io/name=gitea --timeout=300s

# Check init job logs
kubectl logs -n gitea job/gitea-init-repo

# Verify repository was created
curl -u bakery-admin:pvYUkGWJijqc0QfIZEXw \
  https://gitea.bakery-ia.local/api/v1/repos/bakery-admin/bakery-ia

CI/CD Integration

Repository URL:

https://gitea.bakery-ia.local/bakery-admin/bakery-ia.git

Internal cluster URL (for pipelines):

http://gitea-http.gitea.svc.cluster.local:3000/bakery-admin/bakery-ia.git

Troubleshooting

Init Job Failed

# Check job status
kubectl get jobs -n gitea

# View logs
kubectl logs -n gitea job/gitea-init-repo

# Re-run the job
kubectl delete job gitea-init-repo -n gitea
kubectl apply -f infrastructure/cicd/gitea/gitea-init-job.yaml

Repository Not Created

  1. Check if Gitea is ready: kubectl get pods -n gitea
  2. Check init job logs: kubectl logs -n gitea job/gitea-init-repo
  3. Manually create via API or use setup-gitea-repository.sh

Authentication Issues

  1. Verify secret exists: kubectl get secret gitea-admin-secret -n gitea
  2. Check credentials: kubectl get secret gitea-admin-secret -n gitea -o jsonpath='{.data.password}' | base64 -d

Upgrading

helm upgrade gitea gitea/gitea -n gitea \
  -f infrastructure/cicd/gitea/values.yaml

Repositories and data are preserved during upgrades (stored in PVC).