Features 11017 and 11018: setup of mgmt cluster and git repo
This change incorporates the changes to setup a mgmt cluster for
cloud-native operations in OSM following a GitOps model, which includes
the setup of an internal git repository.
Change-Id: If828d18ad64d852a9a89ec9ba7c2d3a96d281565
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/installers/mgmt-cluster/gitea/values-all.yaml b/installers/mgmt-cluster/gitea/values-all.yaml
new file mode 100644
index 0000000..82be6fc
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/values-all.yaml
@@ -0,0 +1,505 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Default values for gitea.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+## @section Global
+#
+## @param global.imageRegistry global image registry override
+## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
+## @param global.storageClass global storage class override
+## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
+global:
+ imageRegistry: ""
+ ## E.g.
+ ## imagePullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ imagePullSecrets: []
+ storageClass: ""
+ hostAliases: []
+ # - ip: 192.168.137.2
+ # hostnames:
+ # - example.com
+
+## @param replicaCount number of replicas for the statefulset
+replicaCount: 1
+
+## @param clusterDomain cluster domain
+clusterDomain: cluster.local
+
+## @section Image
+## @param image.registry image registry, e.g. gcr.io,docker.io
+## @param image.repository Image to start for this pod
+## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
+## @param image.pullPolicy Image pull policy
+## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
+image:
+ registry: ""
+ repository: gitea/gitea
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ pullPolicy: Always
+ rootless: false # only possible when running 1.14 or later
+
+## @param imagePullSecrets Secret to use for pulling the image
+imagePullSecrets: []
+
+## @section Security
+# Security context is only usable with rootless image due to image design
+## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
+podSecurityContext:
+ fsGroup: 1000
+
+## @param containerSecurityContext Security context
+containerSecurityContext: {}
+# allowPrivilegeEscalation: false
+# capabilities:
+# drop:
+# - ALL
+# # Add the SYS_CHROOT capability for root and rootless images if you intend to
+# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
+# # get an error message from the SSH server that it is not possible to read from
+# # the repository.
+# # https://gitea.com/gitea/helm-chart/issues/161
+# add:
+# - SYS_CHROOT
+# privileged: false
+# readOnlyRootFilesystem: true
+# runAsGroup: 1000
+# runAsNonRoot: true
+# runAsUser: 1000
+
+## @deprecated The securityContext variable has been split two:
+## - containerSecurityContext
+## - podSecurityContext.
+## @param securityContext Run init and Gitea containers as a specific securityContext
+securityContext: {}
+
+## @section Service
+service:
+ ## @param service.http.type Kubernetes service type for web traffic
+ ## @param service.http.port Port number for web traffic
+ ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
+ ## @param service.http.loadBalancerIP LoadBalancer IP setting
+ ## @param service.http.nodePort NodePort for http service
+ ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.http.externalIPs External IPs for service
+ ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
+ ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
+ ## @param service.http.annotations HTTP service annotations
+ http:
+ type: ClusterIP
+ port: 3000
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ loadBalancerSourceRanges: []
+ annotations: {}
+ ## @param service.ssh.type Kubernetes service type for ssh traffic
+ ## @param service.ssh.port Port number for ssh traffic
+ ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
+ ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
+ ## @param service.ssh.nodePort NodePort for ssh service
+ ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.ssh.externalIPs External IPs for service
+ ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
+ ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.ssh.hostPort HostPort for ssh service
+ ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
+ ## @param service.ssh.annotations SSH service annotations
+ ssh:
+ type: ClusterIP
+ port: 22
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ hostPort:
+ loadBalancerSourceRanges: []
+ annotations: {}
+
+
+## @section Ingress
+## @param ingress.enabled Enable ingress
+## @param ingress.className Ingress class name
+## @param ingress.annotations Ingress annotations
+## @param ingress.hosts[0].host Default Ingress host
+## @param ingress.hosts[0].paths[0].path Default Ingress path
+## @param ingress.hosts[0].paths[0].pathType Ingress path type
+## @param ingress.tls Ingress tls settings
+## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
+ingress:
+ enabled: false
+ # className: nginx
+ className:
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: git.example.com
+ paths:
+ - path: /
+ pathType: Prefix
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - git.example.com
+ # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
+ # If helm doesn't correctly detect your ingress API version you can set it here.
+ # apiVersion: networking.k8s.io/v1
+
+## @section StatefulSet
+#
+## @param resources Kubernetes resources
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+## @param schedulerName Use an alternate scheduler, e.g. "stork"
+schedulerName: ""
+
+## @param nodeSelector NodeSelector for the statefulset
+nodeSelector: {}
+
+## @param tolerations Tolerations for the statefulset
+tolerations: []
+
+## @param affinity Affinity for the statefulset
+affinity: {}
+
+## @param dnsConfig dnsConfig for the statefulset
+dnsConfig: {}
+
+## @param statefulset.env Additional environment variables to pass to containers
+## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
+## @param statefulset.labels Labels for the statefulset
+## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
+statefulset:
+ env: []
+ # - name: VARIABLE
+ # value: my-value
+ terminationGracePeriodSeconds: 60
+ labels: {}
+ annotations: {}
+
+## @section Persistence
+#
+## @param persistence.enabled Enable persistent storage
+## @param persistence.existingClaim Use an existing claim to store repository information
+## @param persistence.size Size for persistence to store repo information
+## @param persistence.accessModes AccessMode for persistence
+## @param persistence.labels Labels for the persistence volume claim to be created
+## @param persistence.annotations Annotations for the persistence volume claim to be created
+## @param persistence.storageClass Name of the storage class to use
+## @param persistence.subPath Subdirectory of the volume to mount at
+persistence:
+ enabled: true
+ existingClaim:
+ size: 10Gi
+ accessModes:
+ - ReadWriteOnce
+ labels: {}
+ annotations: {}
+ storageClass:
+ subPath:
+
+## @param extraVolumes Additional volumes to mount to the Gitea statefulset
+extraVolumes: []
+# - name: postgres-ssl-vol
+# secret:
+# secretName: gitea-postgres-ssl
+
+## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
+extraContainerVolumeMounts: []
+
+## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
+extraInitVolumeMounts: []
+
+## @deprecated The extraVolumeMounts variable has been split two:
+## - extraContainerVolumeMounts
+## - extraInitVolumeMounts
+## As an example, can be used to mount a client cert when connecting to an external Postgres server.
+## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
+extraVolumeMounts: []
+# - name: postgres-ssl-vol
+# readOnly: true
+# mountPath: "/pg-ssl"
+
+## @section Init
+## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
+initPreScript: ""
+#
+# initPreScript: |
+# mkdir -p /data/git/.postgresql
+# cp /pg-ssl/* /data/git/.postgresql/
+# chown -R git:git /data/git/.postgresql/
+# chmod 400 /data/git/.postgresql/postgresql.key
+
+# Configure commit/action signing prerequisites
+## @section Signing
+#
+## @param signing.enabled Enable commit/action signing
+## @param signing.gpgHome GPG home directory
+## @param signing.privateKey Inline private gpg key for signed Gitea actions
+## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
+signing:
+ enabled: false
+ gpgHome: /data/git/.gnupg
+ privateKey: ""
+ # privateKey: |-
+ # -----BEGIN PGP PRIVATE KEY BLOCK-----
+ # ...
+ # -----END PGP PRIVATE KEY BLOCK-----
+ existingSecret: ""
+
+## @section Gitea
+#
+gitea:
+ ## @param gitea.admin.username Username for the Gitea admin user
+ ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
+ ## @param gitea.admin.password Password for the Gitea admin user
+ ## @param gitea.admin.email Email for the Gitea admin user
+ admin:
+ #existingSecret: gitea-admin-secret
+ existingSecret:
+ username: gitea_admin
+ password: r8sA8CPHD9!bt6d
+ email: "gitea@local.domain"
+
+ ## @param gitea.metrics.enabled Enable Gitea metrics
+ ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
+ metrics:
+ enabled: false
+ serviceMonitor:
+ enabled: false
+ # additionalLabels:
+ # prometheus-release: prom1
+
+ ## @param gitea.ldap LDAP configuration
+ ldap: []
+ # - name: "LDAP 1"
+ # existingSecret:
+ # securityProtocol:
+ # host:
+ # port:
+ # userSearchBase:
+ # userFilter:
+ # adminFilter:
+ # emailAttribute:
+ # bindDn:
+ # bindPassword:
+ # usernameAttribute:
+ # publicSSHKeyAttribute:
+
+ # Either specify inline `key` and `secret` or refer to them via `existingSecret`
+ ## @param gitea.oauth OAuth configuration
+ oauth: []
+ # - name: 'OAuth 1'
+ # provider:
+ # key:
+ # secret:
+ # existingSecret:
+ # autoDiscoverUrl:
+ # useCustomUrls:
+ # customAuthUrl:
+ # customTokenUrl:
+ # customProfileUrl:
+ # customEmailUrl:
+
+ ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
+ config: {}
+ # APP_NAME: "Gitea: Git with a cup of tea"
+ # RUN_MODE: dev
+ #
+ # server:
+ # SSH_PORT: 22
+ #
+ # security:
+ # PASSWORD_COMPLEXITY: spec
+
+ ## @param gitea.additionalConfigSources Additional configuration from secret or configmap
+ additionalConfigSources: []
+ # - secret:
+ # secretName: gitea-app-ini-oauth
+ # - configMap:
+ # name: gitea-app-ini-plaintext
+
+ ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
+ additionalConfigFromEnvs: []
+
+ ## @param gitea.podAnnotations Annotations for the Gitea pod
+ podAnnotations: {}
+
+ ## @section LivenessProbe
+ #
+ ## @param gitea.livenessProbe.enabled Enable liveness probe
+ ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
+ ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
+ ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
+ ## @param gitea.livenessProbe.periodSeconds Period for liveness probe
+ ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
+ ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
+ # Modify the liveness probe for your needs or completely disable it by commenting out.
+ livenessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 200
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+ ## @section ReadinessProbe
+ #
+ ## @param gitea.readinessProbe.enabled Enable readiness probe
+ ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
+ ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
+ ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
+ ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
+ ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
+ ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
+ # Modify the readiness probe for your needs or completely disable it by commenting out.
+ readinessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ # # Uncomment the startup probe to enable and modify it for your needs.
+ ## @section StartupProbe
+ #
+ ## @param gitea.startupProbe.enabled Enable startup probe
+ ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
+ ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
+ ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
+ ## @param gitea.startupProbe.periodSeconds Period for startup probe
+ ## @param gitea.startupProbe.successThreshold Success threshold for startup probe
+ ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
+ startupProbe:
+ enabled: false
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 60
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+## @section Memcached
+#
+## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
+## @param memcached.service.port Port for Memcached
+memcached:
+ enabled: true
+ service:
+ port: 11211
+
+## @section PostgreSQL
+#
+## @param postgresql.enabled Enable PostgreSQL
+## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase)
+## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername)
+## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword)
+## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port)
+## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume
+postgresql:
+ enabled: true
+ global:
+ postgresql:
+ postgresqlDatabase: gitea
+ postgresqlUsername: gitea
+ postgresqlPassword: gitea
+ servicePort: 5432
+ persistence:
+ size: 10Gi
+
+## @section MySQL
+#
+## @param mysql.enabled Enable MySQL
+## @param mysql.root.password Password for the root user. Ignored if existing secret is provided
+## @param mysql.db.user Username of new user to create.
+## @param mysql.db.password Password for the new user.Ignored if existing secret is provided
+## @param mysql.db.name Name for new database to create.
+## @param mysql.service.port Port to connect to MySQL service
+## @param mysql.persistence.size PVC Storage Request for MySQL volume
+mysql:
+ enabled: false
+ root:
+ password: gitea
+ db:
+ user: gitea
+ password: gitea
+ name: gitea
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+## @section MariaDB
+#
+## @param mariadb.enabled Enable MariaDB
+## @param mariadb.auth.database Name of the database to create.
+## @param mariadb.auth.username Username of the new user to create.
+## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided
+## @param mariadb.auth.rootPassword Password for the root user.
+## @param mariadb.primary.service.port Port to connect to MariaDB service
+## @param mariadb.primary.persistence.size Persistence size for MariaDB
+mariadb:
+ enabled: false
+ auth:
+ database: gitea
+ username: gitea
+ password: gitea
+ rootPassword: gitea
+ primary:
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
+# Set it to false to skip this basic validation check.
+## @section Advanced
+## @param checkDeprecation Set it to false to skip this basic validation check.
+checkDeprecation: true
+