Merge branch 'develop'

Author: codejsha

.gitignore

@@ -7,7 +7,6 @@ __pycache__/
 venv/
 
 temp/
-temp.*
 *-temp.*
 
 nohup.*

git/gitea/all.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+trap 'echo "${BASH_SOURCE[0]}: line ${LINENO}: status ${?}: user ${USER}: func ${FUNCNAME[0]}"' ERR
+set -o errexit
+set -o errtrace
+
+export VAULT_ADDR="https://vault.example.com"
+export VAULT_TOKEN="$(cat ${HOME}/.vault/root_token.txt)"
+export VAULT_CACERT="${HOME}/.vault/ca.crt"
+
+cd helm
+./helm-install-gitea.sh
+cd ..
+
+kubectl apply --filename gitea-namespace.yaml
+
+cd istio
+kubectl apply --filename gitea-traffic-management.yaml
+cd ..
+
+cd vault
+bash ./create-kubernetes-role.sh
+bash ./create-pki-role.sh
+kubectl apply --filename issuer-serviceaccount.yaml
+bash ./create-issuer.sh
+kubectl apply --filename gitea-certificate.yaml
+cd ..

git/gitea/gitea-namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+  labels:
+    istio-injection: enabled

git/gitea/vault/create-issuer.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+trap 'echo "${BASH_SOURCE[0]}: line ${LINENO}: status ${?}: user ${USER}: func ${FUNCNAME[0]}"' ERR
+set -o errexit
+set -o errtrace
+
+NAMESPACE="gitea"
+
+export GITEA_ISSUER_SECRET_REF="$(kubectl get secrets --namespace ${NAMESPACE} --output=json | jq -r '.items[].metadata | select(.name|startswith("gitea-issuer-secret")).name')"
+export BASE64_ENCODED_CABUNDLE="$(kubectl get secrets vault-ha-tls --namespace vault --output jsonpath='{.data.kubernetes-ca\.crt}')"
+
+envsubst < ./issuer.yaml > ./issuer-temp.yaml
+kubectl apply --namespace ${NAMESPACE} --filename ./issuer-temp.yaml

git/gitea/vault/issuer-serviceaccount.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitea-issuer
+  namespace: gitea
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-issuer-secret
+  namespace: gitea
+  annotations:
+    kubernetes.io/service-account.name: gitea-issuer
+type: kubernetes.io/service-account-token

git/gitea/vault/vault-issuer.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: gitea-issuer
+spec:
+  vault:
+    server: http://my-vault.vault.svc.cluster.local:8200
+    path: pki/sign/gitea
+    auth:
+      kubernetes:
+        mountPath: /v1/auth/kubernetes
+        role: gitea-issuer
+        secretRef:
+          name: ${GITEA_ISSUER_SECRET_REF}
+          key: token

istio/addon/install-addon.sh

@@ -1,11 +1,20 @@
 #!/bin/bash
-# trap 'echo "${BASH_SOURCE[0]}: line ${LINENO}: status ${?}: user ${USER}: func ${FUNCNAME[0]}"' ERR
-# set -o errexit
-# set -o errtrace
+trap 'echo "${BASH_SOURCE[0]}: line ${LINENO}: status ${?}: user ${USER}: func ${FUNCNAME[0]}"' ERR
+set -o errexit
+set -o errtrace
 
-cd ../istio-*/
-kubectl apply --namespace istio-system --filename samples/addons
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/refs/heads/master/samples/addons/grafana.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/refs/heads/master/samples/addons/jaeger.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/refs/heads/master/samples/addons/kiali.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/refs/heads/master/samples/addons/loki.yaml
+kubectl apply -f https://raw.githubusercontent.com/istio/istio/refs/heads/master/samples/addons/prometheus.yaml
+
+######################################################################
+
+### install
+# cd ../istio-*/
+# kubectl apply -f samples/addons
 
 ### delete
 # cd ../istio-*/
-# kubectl delete --filename samples/addons
+# kubectl delete -f samples/addons

istio/addon/istio/grafana-traffic-management.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: Gateway
 metadata:
   name: grafana-gw
@@ -26,7 +26,7 @@ spec:
         credentialName: grafana-cert
         mode: SIMPLE
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: VirtualService
 metadata:
   name: grafana-vs
@@ -43,7 +43,7 @@ spec:
             port:
               number: 3000
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: grafana-dr

istio/addon/istio/jaeger-traffic-management.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: Gateway
 metadata:
   name: jaeger-gw
@@ -26,7 +26,7 @@ spec:
         credentialName: jaeger-cert
         mode: SIMPLE
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: VirtualService
 metadata:
   name: jaeger-vs
@@ -43,7 +43,7 @@ spec:
             port:
               number: 80
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: jaeger-dr

istio/addon/istio/kiali-traffic-management.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: Gateway
 metadata:
   name: kiali-gw
@@ -26,7 +26,7 @@ spec:
         credentialName: kiali-cert
         mode: SIMPLE
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: VirtualService
 metadata:
   name: kiali-vs
@@ -43,7 +43,7 @@ spec:
             port:
               number: 20001
 ---
-apiVersion: networking.istio.io/v1alpha3
+apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: kiali-dr