diff --git a/helm/gitea-mirror/.yamllint b/helm/gitea-mirror/.yamllint new file mode 100644 index 0000000..111146a --- /dev/null +++ b/helm/gitea-mirror/.yamllint @@ -0,0 +1,21 @@ +--- +extends: default + +ignore: | + .yamllint + node_modules + templates + unittests/bash + +rules: + truthy: + allowed-values: ['true', 'false'] + check-keys: False + level: error + line-length: disable + document-start: disable + comments: + min-spaces-from-content: 1 + braces: + max-spaces-inside: 2 + diff --git a/helm/gitea-mirror/Chart.yaml b/helm/gitea-mirror/Chart.yaml new file mode 100644 index 0000000..042a837 --- /dev/null +++ b/helm/gitea-mirror/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: gitea-mirror +description: Kubernetes helm chart for gitea-mirror +type: application +version: 0.0.1 +appVersion: 3.7.2 +icon: https://github.com/RayLabsHQ/gitea-mirror/blob/main/.github/assets/logo.png +keywords: + - git + - gitea +sources: + - https://github.com/RayLabsHQ/gitea-mirror diff --git a/helm/gitea-mirror/templates/_helpers.tpl b/helm/gitea-mirror/templates/_helpers.tpl new file mode 100644 index 0000000..e01bff9 --- /dev/null +++ b/helm/gitea-mirror/templates/_helpers.tpl @@ -0,0 +1,59 @@ +{{/* +Expand the name of the chart. +*/}} + +{{- define "gitea-mirror.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitea-mirror.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitea-mirror.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gitea-mirror.labels" -}} +helm.sh/chart: {{ include "gitea-mirror.chart" . }} +app: {{ include "gitea-mirror.name" . }} +{{ include "gitea-mirror.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "gitea-mirror.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gitea-mirror.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +ServiceAccount name +*/}} +{{- define "gitea-mirror.serviceAccountName" -}} +{{ .Values.serviceAccount.name | default (include "gitea-mirror.fullname" .) }} +{{- end -}} diff --git a/helm/gitea-mirror/templates/configmap.yaml b/helm/gitea-mirror/templates/configmap.yaml new file mode 100644 index 0000000..edc3bb8 --- /dev/null +++ b/helm/gitea-mirror/templates/configmap.yaml @@ -0,0 +1,35 @@ +{{- $gm := index .Values "gitea-mirror" -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "gitea-mirror.fullname" . }} + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} +data: + # Core configuration + DATABASE_URL: {{ $gm.core.databaseUrl }} + BETTER_AUTH_SECRET: {{ $gm.core.be }} + BETTER_AUTH_URL: {{ $gm.betterAuthSecret }} + # GitHub Config + GITHUB_USERNAME: {{ $gm.github.username }} + PRIVATE_REPOSITORIES: {{ $gm.privateRepositories }} + MIRROR_STARRED: {{ $gm.mirror.starred }} + SKIP_FORKS: {{ $gm.github.skipForks }} + SKIP_STARRED_ISSUES: {{ $gm.github.skipStarredIssues }} + # Gitea Config + GITEA_URL: {{ $gm.gitea.url }} + GITEA_USERNAME: {{ $gm.gitea.username }} + GITEA_ORGANIZATION: {{ $gm.gitea.organization }} + GITEA_ORG_VISIBILITY: {{ $gm.gitea.visibility }} + # Mirror Options + MIRROR_RELEASES: {{ $gm.mirror.releases }} + MIRROR_WIKI: {{ $gm.mirror.wiki }} + MIRROR_METADATA: {{ $gm.mirror.metadata }} + MIRROR_ISSUES: {{ $gm.mirror.issues }} + MIRROR_PULL_REQUESTS: {{ $gm.mirror.pullRequests }} + # Automation + SCHEDULE_ENABLED: {{ $gm.automation.schedule_enabled }} + SCHEDULE_INTERVAL: {{ $gm.automation.schedule_interval }} + # Cleanup + CLEANUP_ENABLED: {{ $gm.cleanup.enabled }} + CLEANUP_INTERVAL: {{ $gm.cleanup.interval }} diff --git a/helm/gitea-mirror/templates/deployment.yaml b/helm/gitea-mirror/templates/deployment.yaml new file mode 100644 index 0000000..eff6e7f --- /dev/null +++ b/helm/gitea-mirror/templates/deployment.yaml @@ -0,0 +1,92 @@ +{{- $gm := index .Values "gitea-mirror" -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "gitea-mirror.fullname" . }} + annotations: + {{- if .Values.deployment.annotations }} + {{- toYaml .Values.deployment.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.deployment.strategy.type }} + {{- if eq .Values.deployment.strategy.type "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.deployment.strategy.rollingUpdate.maxUnavailable }} + maxSurge: {{ .Values.deployment.strategy.rollingUpdate.maxSurge }} + {{- end }} + selector: + matchLabels: + {{- include "gitea-mirror.selectorLabels" . | nindent 6 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 6 }} + {{- end }} + template: + metadata: + labels: + {{- include "gitea-mirror.labels" . | nindent 8 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 8 }} + {{- end }} + spec: + {{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }} + serviceAccountName: {{ include "gitea-mirror.serviceAccountName" . }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- with .Values.imagePullSecrets }} + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} + containers: + - name: gitea-mirror + image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion | toString }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "gitea-mirror.fullname" . }} + {{- if $gm.existingSecret }} + - secretRef: + name: {{ $gm.existingSecret }} + {{- else }} + - secretRef: + name: {{ include "gitea-mirror.fullname" . }} + {{- end }} + env: + - name: NODE_ENV + value: "production" + - name: PORT + value: "{{ .Values.deployment.port }}" + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.deployment.port }} + resources: + {{- toYaml .Values.deployment.resources | nindent 12 }} + {{- range $key, $value := .Values.nodeSelector }} + nodeSelector: + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/gitea-mirror/templates/httproute.yaml b/helm/gitea-mirror/templates/httproute.yaml new file mode 100644 index 0000000..11c184f --- /dev/null +++ b/helm/gitea-mirror/templates/httproute.yaml @@ -0,0 +1,77 @@ +{{- if .Values.route.enabled }} +{{- if .Values.route.forceHTTPS }} +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "gitea-mirror.fullname" . }}-http + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} +spec: + parentRefs: + - name: {{ .Values.route.gateway }} + sectionName: {{ .Values.route.http.gatewaySection }} + namespace: {{ .Values.route.gatewayNamespace }} + hostnames: {{ .Values.route.domain }} + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 + {{- with .Values.route.http.filters }} + {{ toYaml . | nindent 4 }} + {{- end }} +{{- else }} +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "gitea-mirror.fullname" . }}-http + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} +spec: + parentRefs: + - name: {{ .Values.route.gateway }} + sectionName: {{ .Values.route.http.gatewaySection }} + namespace: {{ .Values.route.gatewayNamespace }} + hostnames: {{ .Values.route.domain }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: {{ include "gitea-mirror.fullname" . }} + port: {{ .Values.service.port }} + {{- with .Values.route.http.filters }} + filters: + {{ toYaml . | nindent 4 }} + {{- end }} +{{- end }} +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "gitea-mirror.fullname" . }}-https + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} +spec: + parentRefs: + - name: {{ .Values.route.gateway }} + sectionName: {{ .Values.route.https.gatewaySection }} + namespace: {{ .Values.route.gatewayNamespace }} + hostnames: {{ .Values.route.domain }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: {{ include "gitea-mirror.fullname" . }} + port: {{ .Values.service.port }} + {{- with .Values.route.https.filters }} + filters: + {{ toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/gitea-mirror/templates/ingress.yaml b/helm/gitea-mirror/templates/ingress.yaml new file mode 100644 index 0000000..1fff62c --- /dev/null +++ b/helm/gitea-mirror/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "gitea-mirror.fullname" . }} + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- . | toYaml | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + - path: "/" + pathType: "Prefix" + backend: + service: + name: {{ include "gitea-mirror.fullname" $ }} + port: + number: {{ $.Values.service.port }} + {{- end }} +{{- end }} + diff --git a/helm/gitea-mirror/templates/secret.yaml b/helm/gitea-mirror/templates/secret.yaml new file mode 100644 index 0000000..0cae2e2 --- /dev/null +++ b/helm/gitea-mirror/templates/secret.yaml @@ -0,0 +1,14 @@ +{{- $gm := index .Values "gitea-mirror" -}} +{{- if (empty $gm.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitea-mirror.fullname" . }} + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} +type: Opaque +stringData: + GITHUB_TOKEN: {{ $gm.github.token | quote }} + GITEA_TOKEN: {{ $gm.gitea.token | quote }} + ENCRYPTION_SECRET: {{ $gm.core.encryptionSecret | quote }} +{{- end }} diff --git a/helm/gitea-mirror/templates/service.yaml b/helm/gitea-mirror/templates/service.yaml new file mode 100644 index 0000000..5ceebae --- /dev/null +++ b/helm/gitea-mirror/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gitea-mirror.fullname" . }} + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} + {{- if .Values.service.labels }} + {{- toYaml .Values.service.labels | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + type: {{ .Values.service.type }} + {{- if eq .Values.service.type "LoadBalancer" }} + {{- if .Values.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} + {{- if and .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- end }} + {{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.port }} + protocol: TCP + targetPort: http + selector: + {{- include "gitea-mirror.selectorLabels" . | nindent 4 }} + \ No newline at end of file diff --git a/helm/gitea-mirror/templates/serviceaccount.yaml b/helm/gitea-mirror/templates/serviceaccount.yaml new file mode 100644 index 0000000..34249c9 --- /dev/null +++ b/helm/gitea-mirror/templates/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gitea-mirror.serviceAccountName" . }} + labels: + {{- include "gitea-mirror.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- . | toYaml | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- . | toYaml | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} + diff --git a/helm/gitea-mirror/values.yaml b/helm/gitea-mirror/values.yaml new file mode 100644 index 0000000..ac427db --- /dev/null +++ b/helm/gitea-mirror/values.yaml @@ -0,0 +1,105 @@ +image: + registry: ghcr.io + repository: raylabshq/gitea-mirror + # Leave blank to use the Appversion tag + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] + +ingress: + enabled: false + className: "" + pathType: Prefix + annotations: {} + hosts: + - host: mirror.example.com + paths: + - path: / + tls: [] + # - secretName: chart-example-tls + # hosts: + # - mirror.example.com + +route: + enabled: false + forceHTTPS: true + domain: ["mirror.example.com"] + gateway: "" + gatewayNamespace: "" + http: + gatewaySection: "" + filters: [] + https: + gatewaySection: "" + filters: + - type: ResponseHeaderModifier + responseHeaderModifier: + add: + - name: Strict-Transport-Security + value: "max-age=31536000; includeSubDomains; preload" + +service: + type: ClusterIP + port: 8080 + clusterIP: None + annotations: {} + externalTrafficPolicy: + labels: {} + loadBalancerIP: + loadBalancerClass: + +deployment: + port: 8080 + strategy: + type: Recreate + env: [] + terminationGracePeriodSeconds: 60 + labels: {} + annotations: {} + resources: {} + +serviceAccount: + create: false + name: "" + annotations: {} + labels: {} + automountServiceAccountToken: false + +gitea-mirror: + existingSecret: "" + core: + databaseUrl: file:data/gitea-mirror.db + encryptionSecret: "" + betterAuthSecret: "" + betterAuthUrl: "http://localhost:4321" + + github: + username: "" + token: "" + privateRepositories: true + mirrorStarred: false + skipForks: false + skipStarredIssues: false + + gitea: + url: "" + token: "" + username: "" + organization: "github-mirrors" + visibility: "public" + + mirror: + releases: true + wiki: true + metadata: true + issues: true + pullRequests: true + + automation: + schedule_enabled: true + schedule_interval: 3600 + + cleanup: + enabled: true + retentionDays: 30