Compare commits
2 commits
f5225b73b9
...
8dcb9cf510
| Author | SHA1 | Date | |
|---|---|---|---|
| 8dcb9cf510 | |||
| 79d8dab666 |
8 changed files with 69 additions and 39 deletions
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
CHART_VERSION=1.1.2
|
||||
CHART_VERSION=4.0.2
|
||||
NAMESPACE=gitea
|
||||
VAULT_AUTH_NAMESPACE="k8s-teapot"
|
||||
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
CHART_VERSION=9.0.4
|
||||
NAMESPACE=gitea
|
||||
VAULT_AUTH_NAMESPACE="k8s-teapot"
|
||||
|
||||
helm repo add gitea-charts https://dl.gitea.io/charts/
|
||||
helm repo update
|
||||
|
||||
kubectl create ns gitea
|
||||
kubectl create serviceaccount -n ${NAMESPACE} gitea
|
||||
kubectl apply -n ${NAMESPACE} -f external-secrets.yaml
|
||||
cat << EOH > gitea.hcl
|
||||
path "kv/data/git" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
EOH
|
||||
vault policy write gitea gitea.hcl
|
||||
rm gitea.hcl
|
||||
|
||||
HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+')
|
||||
TOKEN="$(kubectl get secret serviceaccounttoken -n gitea -o go-template='{{ .data.token }}' | base64 -d)"
|
||||
|
||||
vault write auth/${VAULT_AUTH_NAMESPACE}/role/gitea \
|
||||
bound_service_account_names=gitea \
|
||||
bound_service_account_namespaces=gitea \
|
||||
policies=gitea \
|
||||
ttl=24h
|
||||
|
||||
vault write auth/${VAULT_AUTH_NAMESPACE}/login role=gitea jwt=${TOKEN} iss=https://${HOST_IP}:6443
|
||||
|
||||
helm upgrade --install \
|
||||
gitea \
|
||||
gitea-charts/gitea \
|
||||
-f values.yaml \
|
||||
-n ${NAMESPACE} \
|
||||
--version ${CHART_VERSION} \
|
||||
--cleanup-on-fail
|
||||
12
helm/longhorn/install.sh
Executable file
12
helm/longhorn/install.sh
Executable file
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
CHART_VERSION=1.4.4
|
||||
|
||||
helm repo add longhorn https://charts.longhorn.io
|
||||
helm repo update
|
||||
helm upgrade --install \
|
||||
longhorn \
|
||||
longhorn/longhorn \
|
||||
-n longhorn-system \
|
||||
--version ${CHART_VERSION} \
|
||||
--create-namespace \
|
||||
--cleanup-on-fail
|
||||
56
helm/longhorn/istio-ingress.yaml
Normal file
56
helm/longhorn/istio-ingress.yaml
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: longhorn-cert
|
||||
namespace: istio-system
|
||||
spec:
|
||||
secretName: longhorn-cert
|
||||
commonName: longhorn.teapot.masked.name
|
||||
dnsNames:
|
||||
- longhorn.teapot.masked.name
|
||||
issuerRef:
|
||||
name: vault-issuer
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
...
|
||||
---
|
||||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: longhorn-gateway
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
selector:
|
||||
istio: ingressgateway-internal
|
||||
servers:
|
||||
- port:
|
||||
number: 443
|
||||
name: https
|
||||
protocol: HTTPS
|
||||
tls:
|
||||
mode: SIMPLE
|
||||
credentialName: longhorn-cert
|
||||
hosts:
|
||||
- longhorn.teapot.masked.name
|
||||
...
|
||||
---
|
||||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
name: longhorn-gateway
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
hosts:
|
||||
- longhorn.teapot.masked.name
|
||||
gateways:
|
||||
- longhorn-gateway
|
||||
http:
|
||||
- match:
|
||||
- uri:
|
||||
prefix: /
|
||||
route:
|
||||
- destination:
|
||||
port:
|
||||
number: 80
|
||||
host: longhorn-frontend
|
||||
Loading…
Reference in a new issue