feat: gitea app operator (#1624)

Co-authored-by: Jehoszafat Zimnowoda <[email protected]>

Author: ferruhcihan

charts/gitea-operator/.helmignore charts/apl-gitea-operator/.helmignore

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: gitea-operator
+name: apl-gitea-operator
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.

charts/gitea-operator/Chart.yaml charts/apl-gitea-operator/Chart.yaml

@@ -0,0 +1 @@
+The apl-gitea-operator has been deployed.

charts/apl-gitea-operator/templates/NOTES.txt

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "gitea-operator.name" -}}
+{{- define "apl-gitea-operator.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "gitea-operator.fullname" -}}
+{{- define "apl-gitea-operator.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "gitea-operator.chart" -}}
+{{- define "apl-gitea-operator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "gitea-operator.labels" -}}
-helm.sh/chart: {{ include "gitea-operator.chart" . }}
-{{ include "gitea-operator.selectorLabels" . }}
+{{- define "apl-gitea-operator.labels" -}}
+helm.sh/chart: {{ include "apl-gitea-operator.chart" . }}
+{{ include "apl-gitea-operator.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "gitea-operator.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "gitea-operator.name" . }}
+{{- define "apl-gitea-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "apl-gitea-operator.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "gitea-operator.serviceAccountName" -}}
+{{- define "apl-gitea-operator.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "gitea-operator.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "apl-gitea-operator.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- .Values.serviceAccount.name }}
 {{- end }}

charts/gitea-operator/templates/_helpers.tpl charts/apl-gitea-operator/templates/_helpers.tpl

@@ -1,28 +1,28 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "gitea-operator.fullname" . }}
+  name: {{ include "apl-gitea-operator.fullname" . }}
   labels:
-    {{- include "gitea-operator.labels" . | nindent 4 }}
+    {{- include "apl-gitea-operator.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      {{- include "gitea-operator.selectorLabels" . | nindent 6 }}
+      {{- include "apl-gitea-operator.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       {{- with .Values.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "gitea-operator.selectorLabels" . | nindent 8 }}
+        {{- include "apl-gitea-operator.selectorLabels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "gitea-operator.serviceAccountName" . }}
+      serviceAccountName: {{ include "apl-gitea-operator.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
@@ -32,20 +32,13 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command: [npm, run, operator:gitea]
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          # livenessProbe:
-          #   httpGet:
-          #     path: /live
-          #     port: 8080
-          #   failureThreshold: 3
-          #   initialDelaySeconds: 10
-          #   # Allow sufficient amount of time (90 seconds = periodSeconds * failureThreshold)
-          #   # for the registered shutdown handlers to run to completion.
-          #   periodSeconds: 30
-          #   successThreshold: 1
+          env:
+            - name: GITEA_URL
+              value: "{{ .Values.env.GITEA_URL }}"
+            - name: GITEA_URL_PORT
+              value: "{{ .Values.env.GITEA_URL_PORT }}"
+            - name: GITEA_OPERATOR_NAMESPACE
+              value: "{{ .Values.env.GITEA_OPERATOR_NAMESPACE }}"
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

charts/gitea-operator/templates/deployment.yaml charts/apl-gitea-operator/templates/deployment.yaml

@@ -0,0 +1,62 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "apl-gitea-operator.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+automountServiceAccountToken: true
+---
+# Role for configmaps and secrets in apl-gitea-operator namespace
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "apl-gitea-operator.fullname" . }}-configs-secrets
+  namespace: apl-gitea-operator
+rules:
+# Allows the operator to read and watch configmaps and secrets in the operator namespace. This is necessary to set up the gitea configuration.
+- apiGroups: [""]
+  resources: ["configmaps", "secrets"]
+  verbs: ["get", "watch", "list"]
+---
+# RoleBinding for the above Role in apl-gitea-operator namespace
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "apl-gitea-operator.fullname" . }}-configs-secrets-binding
+  namespace: apl-gitea-operator
+subjects:
+- kind: ServiceAccount
+  namespace: {{ .Release.Namespace }}
+  name: {{ include "apl-gitea-operator.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "apl-gitea-operator.fullname" . }}-configs-secrets
+  apiGroup: rbac.authorization.k8s.io
+---
+# Role for pods/exec in gitea namespace
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "apl-gitea-operator.fullname" . }}-pod-exec
+  namespace: gitea
+rules:
+# Allows the operator to execute commands within pods in the gitea namespace. This is necessary to set up gitea group mapping and OIDC configuration.
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["create", "get", "post"]
+---
+# RoleBinding for the above Role in gitea namespace
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "apl-gitea-operator.fullname" . }}-pod-exec-binding
+  namespace: gitea
+subjects:
+- kind: ServiceAccount
+  namespace: {{ .Release.Namespace }}
+  name: {{ include "apl-gitea-operator.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "apl-gitea-operator.fullname" . }}-pod-exec
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

charts/apl-gitea-operator/templates/rbac.yaml

@@ -1,4 +1,4 @@
-# Default values for gitea-operator.
+# Default values for apl-gitea-operator.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
@@ -13,13 +13,11 @@ image:
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
-service:
-  port: 8080
 
 # Service Account requires access to gitea pod to edit the oauth through CLI commands
 serviceAccount:
   create: true
-  name: "gitea-operator"
+  name: "apl-gitea-operator"
   annotations: {}
 
 podAnnotations: {}
@@ -57,3 +55,5 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+env: {}

charts/gitea-operator/values.yaml charts/apl-gitea-operator/values.yaml

@@ -24,7 +24,7 @@ k8s:
     - name: harbor
       app: harbor
     - name: gitea
-    - name: gitea-operator
+    - name: apl-gitea-operator
       disableIstioInjection: true
     - name: grafana
       app: grafana

charts/gitea-operator/templates/NOTES.txt

@@ -40,11 +40,17 @@ releases:
     labels:
       pkg: gitea
     <<: *raw
-  - name: gitea-operator
-    installed: true
-    namespace: gitea-operator
+  - name: apl-gitea-operator-artifacts
+    installed: {{ $a | get "gitea.enabled" }}
+    namespace: apl-gitea-operator
+    labels:
+      pkg: apl-gitea-operator
+    <<: *raw
+  - name: apl-gitea-operator
+    installed: {{ $a | get "gitea.enabled" }}
+    namespace: apl-gitea-operator
     labels:
-      pkg: gitea-operator
+      pkg: apl-gitea-operator
     <<: *default
   - name: kiali-operator-artifacts
     installed: {{ $a | get "kiali.enabled" }}

charts/gitea-operator/templates/rbac.yaml

@@ -181,7 +181,7 @@ environments:
           gitea:
             enabled: true
             adminUsername: otomi-admin
-          gitea-operator:
+          apl-gitea-operator:
             resources:
               operator:
                 requests:

charts/gitea-operator/templates/tests/test-connection.yaml

@@ -2538,6 +2538,16 @@ properties:
             properties:
               operator:
                 $ref: '#/definitions/resources'
+      apl-gitea-operator:
+        additionalProperties: false
+        properties:
+          _rawValues:
+            $ref: '#/definitions/rawValues'
+          resources:
+            additionalProperties: false
+            properties:
+              operator:
+                $ref: '#/definitions/resources'
       apl-keycloak-operator:
         additionalProperties: false
         properties: