From fd9d65e3fb6951637bf454236493af589a88f37b Mon Sep 17 00:00:00 2001 From: Andy Krohg Date: Fri, 5 Feb 2021 13:29:24 -0500 Subject: [PATCH 1/7] Expose SSH service - still need a route for external traffic --- hack/operate.conf | 2 +- roles/gitea-ocp/templates/deployment.yml.j2 | 2 ++ roles/gitea-ocp/templates/service.yml.j2 | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/hack/operate.conf b/hack/operate.conf index 279aced..b512ad2 100644 --- a/hack/operate.conf +++ b/hack/operate.conf @@ -1,5 +1,5 @@ IMG=quay.io/redhatgov/gitea-operator KIND=Gitea CR_SAMPLE=redhatgov_v1alpha1_gitea_openshift.yaml -VERSION=0.0.5 +VERSION=0.0.6 CHANNELS=alpha diff --git a/roles/gitea-ocp/templates/deployment.yml.j2 b/roles/gitea-ocp/templates/deployment.yml.j2 index 43fd909..f128cf8 100644 --- a/roles/gitea-ocp/templates/deployment.yml.j2 +++ b/roles/gitea-ocp/templates/deployment.yml.j2 @@ -23,6 +23,8 @@ spec: ports: - containerPort: 3000 protocol: TCP + - containerPort: 2022 + protocol: TCP readinessProbe: httpGet: path: / diff --git a/roles/gitea-ocp/templates/service.yml.j2 b/roles/gitea-ocp/templates/service.yml.j2 index 5e5d5a3..0bc83e7 100644 --- a/roles/gitea-ocp/templates/service.yml.j2 +++ b/roles/gitea-ocp/templates/service.yml.j2 @@ -13,5 +13,9 @@ spec: port: 3000 protocol: TCP targetPort: 3000 + - name: gitea-ssh + port: 2022 + protocol: TCP + targetPort: 2022 sessionAffinity: None type: ClusterIP From cc7d089bcd4ea4388f443e3ccf4972207fd655fd Mon Sep 17 00:00:00 2001 From: Andy Krohg Date: Mon, 8 Feb 2021 10:43:33 -0500 Subject: [PATCH 2/7] Use LoadBalancer type on gitea service (if configured) to allow external SSH (if supported by cloud provider) --- config/crd/bases/redhatgov.io_giteas.yaml | 6 ++++++ playbooks/gitea-operator.yml | 1 + roles/gitea-ocp/templates/service.yml.j2 | 4 +++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/config/crd/bases/redhatgov.io_giteas.yaml b/config/crd/bases/redhatgov.io_giteas.yaml index ea8df73..ef5fbac 100644 --- a/config/crd/bases/redhatgov.io_giteas.yaml +++ b/config/crd/bases/redhatgov.io_giteas.yaml @@ -67,6 +67,12 @@ spec: description: Defines SSL/TLS state, if your IngressController/Router supports it type: boolean default: True + externalIp: + description: | + Defines whether the gitea service should request an external IP address. + Required for external SSH. + type: boolean + default: False image: description: Defines the ways in which the Gitea image should be sourced and managed type: object diff --git a/playbooks/gitea-operator.yml b/playbooks/gitea-operator.yml index 8e74c3f..354f01c 100644 --- a/playbooks/gitea-operator.yml +++ b/playbooks/gitea-operator.yml @@ -36,6 +36,7 @@ _gitea_expose_method: "{{ gitea.expose.kind | default('Route') }}" _gitea_expose_uri: "{{ gitea.expose.uri | default('') }}" _gitea_ssl: "{{ gitea.expose.ssl | default(True) }}" + _gitea_external_ip: "{{ gitea.expose.external_ip | default(False) }}" _gitea_image: "{{ gitea.image.src | default('quay.io/redhatgov/gitea') }}" _gitea_image_tag: "{{ gitea.image.tag | default('latest') }}" diff --git a/roles/gitea-ocp/templates/service.yml.j2 b/roles/gitea-ocp/templates/service.yml.j2 index 0bc83e7..848f027 100644 --- a/roles/gitea-ocp/templates/service.yml.j2 +++ b/roles/gitea-ocp/templates/service.yml.j2 @@ -18,4 +18,6 @@ spec: protocol: TCP targetPort: 2022 sessionAffinity: None - type: ClusterIP +{% if _gitea_external_ssh|bool %} + type: LoadBalancer +{% endif %} From 1bcf6f46656f224c3568a597858e1ce41e3235c8 Mon Sep 17 00:00:00 2001 From: Andy Krohg Date: Mon, 8 Feb 2021 10:55:28 -0500 Subject: [PATCH 3/7] Use load balancer hostname for SSH --- roles/gitea-ocp/tasks/main.yml | 9 +++++++++ roles/gitea-ocp/templates/config_map.yml.j2 | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index 3f368b6..59857d4 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -52,6 +52,15 @@ set_fact: _gitea_actual_route: "{{ r_route.resources[0].spec.host }}" +- name: Get External IP for SSH + k8s_info: + api_version: v1 + kind: Service + name: "{{ _gitea_name }}" + namespace: "{{ _gitea_namespace }}" + register: gitea_service + when: _gitea_external_ip + - name: Set Route dependant OpenShift Objects for Gitea to {{ _gitea_state }} k8s: state: "{{ _gitea_state }}" diff --git a/roles/gitea-ocp/templates/config_map.yml.j2 b/roles/gitea-ocp/templates/config_map.yml.j2 index 692eb69..39e9dad 100644 --- a/roles/gitea-ocp/templates/config_map.yml.j2 +++ b/roles/gitea-ocp/templates/config_map.yml.j2 @@ -31,7 +31,7 @@ data: [server] ROOT_URL = {{ 'http' if not _gitea_ssl|bool else 'https' }}://{{ _gitea_actual_route|default(_gitea_expose_uri) }} - SSH_DOMAIN = {{ _gitea_actual_route|default(_gitea_expose_uri) }} + SSH_DOMAIN = {{ gitea_service.resources[0].status.loadBalancer.ingress[0].hostname | default(_gitea_expose_uri) }} DOMAIN = {{ _gitea_actual_route|default(_gitea_expose_uri) }} HTTP_PORT = 3000 SSH_PORT = 2022 From ff3e3c3a26734b4c5f3d57d1483c23102364c600 Mon Sep 17 00:00:00 2001 From: Andy Krohg Date: Mon, 8 Feb 2021 11:26:27 -0500 Subject: [PATCH 4/7] Rename property to better suited values on CRD --- config/crd/bases/redhatgov.io_giteas.yaml | 6 +++--- playbooks/gitea-operator.yml | 2 +- roles/gitea-ocp/tasks/main.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/crd/bases/redhatgov.io_giteas.yaml b/config/crd/bases/redhatgov.io_giteas.yaml index ef5fbac..57e7138 100644 --- a/config/crd/bases/redhatgov.io_giteas.yaml +++ b/config/crd/bases/redhatgov.io_giteas.yaml @@ -67,10 +67,10 @@ spec: description: Defines SSL/TLS state, if your IngressController/Router supports it type: boolean default: True - externalIp: + loadBalancer: description: | - Defines whether the gitea service should request an external IP address. - Required for external SSH. + Defines whether the gitea service should create an exernal load-balancer + in supported cloud providers. Required for external SSH. type: boolean default: False image: diff --git a/playbooks/gitea-operator.yml b/playbooks/gitea-operator.yml index 354f01c..c433107 100644 --- a/playbooks/gitea-operator.yml +++ b/playbooks/gitea-operator.yml @@ -36,7 +36,7 @@ _gitea_expose_method: "{{ gitea.expose.kind | default('Route') }}" _gitea_expose_uri: "{{ gitea.expose.uri | default('') }}" _gitea_ssl: "{{ gitea.expose.ssl | default(True) }}" - _gitea_external_ip: "{{ gitea.expose.external_ip | default(False) }}" + _gitea_load_balancer: "{{ gitea.expose.load_balancer | default(False) }}" _gitea_image: "{{ gitea.image.src | default('quay.io/redhatgov/gitea') }}" _gitea_image_tag: "{{ gitea.image.tag | default('latest') }}" diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index 59857d4..977fd5c 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -52,14 +52,14 @@ set_fact: _gitea_actual_route: "{{ r_route.resources[0].spec.host }}" -- name: Get External IP for SSH +- name: Get external hostname from Service if external SSH is needed k8s_info: api_version: v1 kind: Service name: "{{ _gitea_name }}" namespace: "{{ _gitea_namespace }}" register: gitea_service - when: _gitea_external_ip + when: _gitea_load_balancer - name: Set Route dependant OpenShift Objects for Gitea to {{ _gitea_state }} k8s: From 4309314b35ff9054b33c4f3c9ed878ccdcf6854c Mon Sep 17 00:00:00 2001 From: James Harmison Date: Wed, 17 Feb 2021 16:29:26 -0500 Subject: [PATCH 5/7] Split services apart --- roles/gitea-ocp/templates/service.yml.j2 | 58 ++++++++++++++++-------- 1 file changed, 38 insertions(+), 20 deletions(-) diff --git a/roles/gitea-ocp/templates/service.yml.j2 b/roles/gitea-ocp/templates/service.yml.j2 index 848f027..3bac3ee 100644 --- a/roles/gitea-ocp/templates/service.yml.j2 +++ b/roles/gitea-ocp/templates/service.yml.j2 @@ -1,23 +1,41 @@ -kind: Service apiVersion: v1 -metadata: - name: "{{ _gitea_name }}" - namespace: "{{ _gitea_namespace }}" - labels: - app: "{{ _gitea_name }}" -spec: - selector: - app: "{{ _gitea_name }}" - ports: - - name: gitea - port: 3000 - protocol: TCP - targetPort: 3000 - - name: gitea-ssh - port: 2022 - protocol: TCP - targetPort: 2022 - sessionAffinity: None +kind: List +items: +- kind: Service + apiVersion: v1 + metadata: + name: "{{ _gitea_name }}" + namespace: "{{ _gitea_namespace }}" + labels: + app: "{{ _gitea_name }}" + spec: + selector: + app: "{{ _gitea_name }}" + ports: + - name: gitea + port: 3000 + protocol: TCP + targetPort: 3000 + sessionAffinity: None + type: ClusterIP {% if _gitea_external_ssh|bool %} - type: LoadBalancer +- kind: Service + apiVersion: v1 + metadata: + name: "{{ _gitea_name }}-ssh" + namespace: "{{ _gitea_namespace }}" + labels: + app: "{{ _gitea_name }}" + spec: + selector: + app: "{{ _gitea_name }}" + ports: + - name: gitea-ssh + port: 2022 + protocol: TCP + targetPort: 2022 + sessionAffinity: None + type: LoadBalancer {% endif %} +metadata: + resourceVersion: "" From e6e401fd32248a134d4109541f6e28fd4b466cd4 Mon Sep 17 00:00:00 2001 From: James Harmison Date: Wed, 17 Feb 2021 16:32:06 -0500 Subject: [PATCH 6/7] Correct boolean condition name --- roles/gitea-ocp/templates/service.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea-ocp/templates/service.yml.j2 b/roles/gitea-ocp/templates/service.yml.j2 index 3bac3ee..f680899 100644 --- a/roles/gitea-ocp/templates/service.yml.j2 +++ b/roles/gitea-ocp/templates/service.yml.j2 @@ -18,7 +18,7 @@ items: targetPort: 3000 sessionAffinity: None type: ClusterIP -{% if _gitea_external_ssh|bool %} +{% if _gitea_load_balancer|bool %} - kind: Service apiVersion: v1 metadata: From f3906cb4554188456128ac63cd181dbf4b3372c8 Mon Sep 17 00:00:00 2001 From: James Harmison Date: Wed, 17 Feb 2021 16:36:27 -0500 Subject: [PATCH 7/7] Added extra steps for LoadBalancer handling in templating of SSH configuration --- roles/gitea-ocp/tasks/main.yml | 17 +++++++++++------ roles/gitea-ocp/templates/config_map.yml.j2 | 2 +- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index 977fd5c..f1cbd41 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -53,12 +53,17 @@ _gitea_actual_route: "{{ r_route.resources[0].spec.host }}" - name: Get external hostname from Service if external SSH is needed - k8s_info: - api_version: v1 - kind: Service - name: "{{ _gitea_name }}" - namespace: "{{ _gitea_namespace }}" - register: gitea_service + block: + - name: Recover LB service details + k8s_info: + api_version: v1 + kind: Service + name: "{{ _gitea_name }}-ssh" + namespace: "{{ _gitea_namespace }}" + register: _gitea_lb_service + - name: Register LB service hostname + set_fact: + _gitea_lb_address: '{{ _gitea_lb_service.resources[0].status.loadBalancer.ingress[0].hostname }}' when: _gitea_load_balancer - name: Set Route dependant OpenShift Objects for Gitea to {{ _gitea_state }} diff --git a/roles/gitea-ocp/templates/config_map.yml.j2 b/roles/gitea-ocp/templates/config_map.yml.j2 index 39e9dad..a71b455 100644 --- a/roles/gitea-ocp/templates/config_map.yml.j2 +++ b/roles/gitea-ocp/templates/config_map.yml.j2 @@ -31,7 +31,7 @@ data: [server] ROOT_URL = {{ 'http' if not _gitea_ssl|bool else 'https' }}://{{ _gitea_actual_route|default(_gitea_expose_uri) }} - SSH_DOMAIN = {{ gitea_service.resources[0].status.loadBalancer.ingress[0].hostname | default(_gitea_expose_uri) }} + SSH_DOMAIN = {{ _gitea_lb_address|default(_gitea_actual_route|default(_gitea_expose_uri)) }} DOMAIN = {{ _gitea_actual_route|default(_gitea_expose_uri) }} HTTP_PORT = 3000 SSH_PORT = 2022