diff options
Diffstat (limited to 'f3s/git-server/helm-chart/templates')
5 files changed, 209 insertions, 0 deletions
diff --git a/f3s/git-server/helm-chart/templates/configmap-cgit.yaml b/f3s/git-server/helm-chart/templates/configmap-cgit.yaml new file mode 100644 index 0000000..840fbd4 --- /dev/null +++ b/f3s/git-server/helm-chart/templates/configmap-cgit.yaml @@ -0,0 +1,23 @@ +# CGit Configuration +# Configures cgit to scan /repos for git repositories + +apiVersion: v1 +kind: ConfigMap +metadata: + name: cgit-config + namespace: cicd +data: + cgitrc: | + # Global settings + root-title=f3s Git Repository Browser + root-desc=Browse git repositories in f3s cluster + + # Enable git-config for per-repo settings + enable-git-config=1 + + # Remove .git suffix from repository URLs + remove-suffix=1 + + # Scan for repositories in /repos + # This must be the last setting in the file + scan-path=/repos diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml new file mode 100644 index 0000000..7e262f8 --- /dev/null +++ b/f3s/git-server/helm-chart/templates/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: git-server + namespace: cicd + labels: + app: git-server +spec: + replicas: 1 + selector: + matchLabels: + app: git-server + template: + metadata: + labels: + app: git-server + spec: + # Allow both git (1000) and www-data (33) to access shared files + securityContext: + fsGroup: 1000 + + containers: + # Container 1: SSH Git Server + - name: git-server + image: r0.lan.buetow.org:30001/git-server:1.0 + ports: + - containerPort: 22 + name: ssh + protocol: TCP + volumeMounts: + - name: repos + mountPath: /repos + - name: git-ssh-keys + mountPath: /home/git/.ssh/authorized_keys + subPath: authorized_keys + readOnly: true + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 250m + memory: 256Mi + + # Container 2: CGit Web UI + - name: cgit + image: joseluisq/alpine-cgit:latest + ports: + - containerPort: 8080 + name: http + protocol: TCP + env: + - name: CGIT_TITLE + value: "f3s Git Repository Browser" + - name: CGIT_DESC + value: "Browse git repositories" + volumeMounts: + - name: repos + mountPath: /repos + readOnly: true + - name: cgit-config + mountPath: /etc/cgitrc + subPath: cgitrc + readOnly: true + securityContext: + runAsUser: 33 + runAsGroup: 33 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + add: ["NET_BIND_SERVICE"] + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 250m + memory: 256Mi + + volumes: + - name: repos + persistentVolumeClaim: + claimName: git-server-pvc + - name: git-ssh-keys + secret: + secretName: git-server-authorized-keys + defaultMode: 0400 + - name: cgit-config + configMap: + name: cgit-config diff --git a/f3s/git-server/helm-chart/templates/ingress.yaml b/f3s/git-server/helm-chart/templates/ingress.yaml new file mode 100644 index 0000000..e47ff7f --- /dev/null +++ b/f3s/git-server/helm-chart/templates/ingress.yaml @@ -0,0 +1,24 @@ +# CGit Web UI Ingress +# Exposes cgit web interface at cgit.f3s.buetow.org +# Following f3s cluster ingress pattern (Traefik) + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: cgit-ingress + namespace: cicd + annotations: + spec.ingressClassName: traefik + traefik.ingress.kubernetes.io/router.entrypoints: web +spec: + rules: + - host: cgit.f3s.buetow.org + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: git-server + port: + number: 80 diff --git a/f3s/git-server/helm-chart/templates/persistent-volume.yaml b/f3s/git-server/helm-chart/templates/persistent-volume.yaml new file mode 100644 index 0000000..174e66e --- /dev/null +++ b/f3s/git-server/helm-chart/templates/persistent-volume.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: git-server-pv +spec: + capacity: + storage: 5Gi + volumeMode: Filesystem + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /data/nfs/k3svolumes/git-server + type: Directory +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: git-server-pvc + namespace: cicd +spec: + storageClassName: "" + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi diff --git a/f3s/git-server/helm-chart/templates/service.yaml b/f3s/git-server/helm-chart/templates/service.yaml new file mode 100644 index 0000000..9675e86 --- /dev/null +++ b/f3s/git-server/helm-chart/templates/service.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: git-server + namespace: cicd + labels: + app: git-server +spec: + selector: + app: git-server + ports: + - name: ssh + protocol: TCP + port: 22 + targetPort: 22 + - name: http + protocol: TCP + port: 80 + targetPort: 8080 + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + name: git-server-ssh + namespace: cicd + labels: + app: git-server +spec: + selector: + app: git-server + ports: + - name: ssh + protocol: TCP + port: 22 + targetPort: 22 + nodePort: 30022 + type: NodePort |