Compare commits
8 commits
78beb0c099
...
65958b52f8
Author | SHA1 | Date | |
---|---|---|---|
65958b52f8 | |||
3a7c868f36 | |||
|
c8ad539a25 | ||
|
bf89f3c5a9 | ||
|
11123e253f | ||
|
786c06cc0a | ||
ba649f4c28 | |||
ecbe0feae4 |
10 changed files with 67 additions and 98 deletions
|
@ -1,7 +1,7 @@
|
|||
# convention 4 kubernetes: c4k-forgejo
|
||||
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-forgejo.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-forgejo) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-forgejo/-/commits/main)
|
||||
|
||||
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
|
||||
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de)
|
||||
|
||||
## Purpose
|
||||
|
||||
|
@ -55,6 +55,6 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei
|
|||
|
||||
## License
|
||||
|
||||
Copyright © 2023 meissa GmbH
|
||||
Copyright © 2024 meissa GmbH
|
||||
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
|
||||
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)
|
|
@ -9,70 +9,70 @@
|
|||
|
||||
## Preparations
|
||||
|
||||
1. Stop Forgejo Prod: `k scale deployment forgejo --replicas=0`
|
||||
1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
|
||||
1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
|
||||
1. Execute Manual Backup: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
|
||||
1. Stop Forgejo Prod: `k scale -n forgejo deployment forgejo --replicas=0`
|
||||
1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
|
||||
1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
|
||||
1. Execute Manual Backup: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
|
||||
|
||||
### Create 2nd Repo Prod Server
|
||||
|
||||
1. Terraform Preparations for 2nd Server: TODO
|
||||
1. Install c4k-forgejo Version TODO
|
||||
with config `"forgejo-image-version-overwrite": "1.19.3-0"`
|
||||
1. Stop Forgejo Deployment: `k scale deployment forgejo --replicas=0`
|
||||
1. Disable Backup Cron: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
|
||||
1. Scale up Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
|
||||
1. Stop Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
||||
1. Disable Backup Cron: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : true }}'`
|
||||
1. Scale up Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
|
||||
1. Restore Forgejo Backup: See [BackupAndRestore.md](BackupAndRestore.md)
|
||||
1. Check for `..._INSTALL_LOCK: true` in ConfigMap `forgejo-env`
|
||||
1. Scale up Forgejo Deployment and check for (startup) problems: `k scale deployment forgejo --replicas=1`
|
||||
1. Scale up Forgejo Deployment and check for (startup) problems: `k scale -n forgejo deployment forgejo --replicas=1`
|
||||
|
||||
## Upgrade to 1.20.1-0
|
||||
|
||||
1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
|
||||
1. Adjust configmap: `k edit cm forgejo-env`
|
||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
||||
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
|
||||
1. Remove `FORGEJO__database__CHARSET: utf8` (This was a misconfiguration, since this option only had effect for mysql dbs)
|
||||
1. Change `FORGEJO__mailer__MAILER_TYPE: smtp+startls` TO `FORGEJO__mailer__PROTOCOL: smtp+starttls` (Missed deprecation from 1.19)
|
||||
1. Change `FORGEJO__service__EMAIL_DOMAIN_WHITELIST: repo.test.meissa.de` TO `FORGEJO__service__EMAIL_DOMAIN_ALLOWLIST: repo.test.meissa.de` (Fallback deprecation in 1.21)
|
||||
1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
||||
1. Set version to `1.20.1-0` with `k edit deployment forgejo`
|
||||
1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
|
||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
||||
1. Set version to `1.20.1-0` with `k edit -n forgejo deployment forgejo`
|
||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
||||
1. Check for errors
|
||||
|
||||
## Upgrade to 1.21.1-0
|
||||
|
||||
1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
|
||||
1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
||||
1. Set version to `1.21.1-0` with `k edit deployment forgejo`
|
||||
1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
|
||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
||||
1. Set version to `1.21.1-0` with `k edit -n forgejo deployment forgejo`
|
||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
||||
1. Check for errors
|
||||
1. After upgrading, login as an admin, go to the `/admin` page and click run `Sync missed branches from git data to databases` (`Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren`). If this is not done there will be messages such as `LoadBranches: branch does not exist in the logs`.
|
||||
|
||||
## Upgrade to 7.0.0
|
||||
|
||||
1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
|
||||
1. Adjust configmap: `k edit cm forgejo-env`
|
||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
||||
1. Adjust configmap: `k edit -n forgejo cm forgejo-env`
|
||||
1. Change `FORGEJO__oauth2__ENABLE: "true"` TO `FORGEJO__oauth2__ENABLED: "true"`
|
||||
1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
||||
1. Set version to `7.0.0` with `k edit deployment forgejo`
|
||||
1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
|
||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
||||
1. Set version to `7.0.0` with `k edit -n forgejo deployment forgejo`
|
||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
||||
1. Check for errors
|
||||
|
||||
## Upgrade to 7.0.5 (no breaking changes)
|
||||
|
||||
TODO: Upgrade to 8.0.0 instead after Release!
|
||||
|
||||
1. Scale down Forgejo Deployment: `k scale deployment forgejo --replicas=0`
|
||||
1. Delete app.ini: `k exec -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
||||
1. Set version to `7.0.5` with `k edit deployment forgejo`
|
||||
1. Scale up Forgejo Deployment: `k scale deployment forgejo --replicas=1`
|
||||
1. Scale down Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=0`
|
||||
1. Delete app.ini: `k exec -n forgejo -it backup-restore-... -- rm /var/backups/gitea/conf/app.ini`
|
||||
1. Set version to `7.0.5` with `k edit -n forgejo deployment forgejo`
|
||||
1. Scale up Forgejo Deployment: `k scale -n forgejo deployment forgejo --replicas=1`
|
||||
1. Check for errors
|
||||
|
||||
## Post Work
|
||||
|
||||
1. Switch DNS to new server
|
||||
1. Reenable Backup Cron on new server: `k patch cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
|
||||
1. Execute manual Backup on new server: `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
|
||||
1. Scale down Backup-Restore Deployment: `kubectl scale deployment backup-restore --replicas=1`
|
||||
1. Reenable Backup Cron on new server: `k patch -n forgejo cronjobs forgejo-backup -p '{"spec" : {"suspend" : false }}'`
|
||||
1. Execute manual Backup on new server: `kubectl exec -n forgejo -it backup-restore-... -- /usr/local/bin/backup.sh`
|
||||
1. Scale down Backup-Restore Deployment: `kubectl scale -n forgejo deployment backup-restore --replicas=1`
|
||||
1. The scope of all access tokens might (invisibly) have changed (in v1.20). Thus, rotate all tokens!
|
||||
1. Users should check their ssh keys: if they use rsa keys the minimum length should be 3072 bits! However, shorter keys should still work.
|
||||
|
||||
|
@ -85,3 +85,23 @@ In the logs the following error can be found. This will be resolved automaticall
|
|||
```
|
||||
2024/07/08 08:31:30 ...g/config_provider.go:321:deprecatedSetting() [E] Deprecated fallback `[log]` `ROUTER` present. Use `[log]` `logger.router.MODE` instead. This fallback will be/has been removed in 1.21
|
||||
```
|
||||
|
||||
# Add Shynet Analytics
|
||||
|
||||
1. Log into shynet & create new Service
|
||||
1. Copy the generated html snippet and save it somewhere you remember
|
||||
1. SSH into prod server
|
||||
1. Make the necessary folders and files in forgejo data dir:
|
||||
1. `kubectl exec -n forgejo -it forgejo-... -- bash`
|
||||
1. `mkdir -p /data/gitea/templates/custom`
|
||||
1. `touch /data/gitea/templates/custom/footer.tmpl`
|
||||
1. Open the `footer.tmpl` and paste the saved snippet
|
||||
1. Restart the pod
|
||||
1. `k scale -n forgejo deployment forgejo --replicas=0`
|
||||
1. `k scale -n forgejo deployment forgejo --replicas=1`
|
||||
1. Add Information about analytics: Clone Datenschutz Repo
|
||||
1. `git clone ssh://git@repo.prod.meissa.de:2222/meissa/Datenschutz.git`
|
||||
1. Merge forgejo-upgrade into main
|
||||
1. `git merge forgejo-upgrade`
|
||||
1. Push to origin
|
||||
1. `git push`
|
||||
|
|
|
@ -6,7 +6,7 @@ from ddadevops import *
|
|||
name = "c4k-forgejo"
|
||||
MODULE = "backup"
|
||||
PROJECT_ROOT_PATH = "../.."
|
||||
version = "3.4.4-dev"
|
||||
version = "3.4.5-dev"
|
||||
|
||||
|
||||
@init
|
||||
|
|
|
@ -6,7 +6,7 @@ from ddadevops import *
|
|||
name = 'c4k-forgejo'
|
||||
MODULE = 'federated'
|
||||
PROJECT_ROOT_PATH = '../..'
|
||||
version = "3.4.4-dev"
|
||||
version = "3.4.5-dev"
|
||||
|
||||
@init
|
||||
def initialize(project):
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "c4k-forgejo",
|
||||
"description": "Generate c4k yaml for a forgejo deployment.",
|
||||
"author": "meissa GmbH",
|
||||
"version": "3.4.4-SNAPSHOT",
|
||||
"version": "3.4.5-SNAPSHOT",
|
||||
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-forgejo#readme",
|
||||
"repository": "https://www.npmjs.com/package/c4k-forgejo",
|
||||
"license": "APACHE2",
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
(defproject org.domaindrivenarchitecture/c4k-forgejo "3.4.4-SNAPSHOT"
|
||||
(defproject org.domaindrivenarchitecture/c4k-forgejo "3.4.5-SNAPSHOT"
|
||||
:description "forgejo c4k-installation package"
|
||||
:url "https://domaindrivenarchitecture.org"
|
||||
:license {:name "Apache License, Version 2.0"
|
||||
|
|
|
@ -59,9 +59,8 @@
|
|||
(forgejo/generate-service-ssh)
|
||||
(forgejo/generate-data-volume resolved-config)
|
||||
(forgejo/generate-appini-env resolved-config)
|
||||
(forgejo/generate-secrets auth)
|
||||
(forgejo/generate-rate-limit-middleware rate-limit-defaults)] ; this does not have a vector as output
|
||||
(forgejo/generate-rate-limit-ingress-and-cert resolved-config) ; this function has a vector as output
|
||||
(forgejo/generate-secrets auth)] ; this does not have a vector as output
|
||||
(forgejo/generate-ratelimit-ingress-and-cert resolved-config) ; this function has a vector as output
|
||||
(when (contains? resolved-config :restic-repository)
|
||||
[(backup/generate-config resolved-config)
|
||||
(backup/generate-secret auth)
|
||||
|
|
|
@ -128,36 +128,18 @@
|
|||
(cm/replace-all-matching "MAILERUSER" (b64/encode mailer-user))
|
||||
(cm/replace-all-matching "MAILERPW" (b64/encode mailer-pw)))))
|
||||
|
||||
(defn generate-ingress-and-cert
|
||||
[config]
|
||||
(let [{:keys [fqdn]} config]
|
||||
(ing/generate-ingress-and-cert
|
||||
(merge
|
||||
(defn-spec generate-ratelimit-ingress-and-cert seq?
|
||||
[config config?]
|
||||
(let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
|
||||
(ing/generate-simple-ingress (merge
|
||||
{:service-name "forgejo-service"
|
||||
:service-port 3000
|
||||
:fqdns [fqdn]}
|
||||
:fqdns [fqdn]
|
||||
:average-rate max-rate
|
||||
:burst-rate max-concurrent-requests
|
||||
:namespace namespace}
|
||||
config))))
|
||||
|
||||
(defn-spec generate-rate-limit-ingress-and-cert pred/map-or-seq?
|
||||
[config config?]
|
||||
(->
|
||||
(generate-ingress-and-cert config) ; returns a vector
|
||||
(#(assoc-in % ; Attention: heavily relying on the output order of ing/generate-ingress-and-cert
|
||||
[1 :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares]
|
||||
(str
|
||||
(-> (second %) :metadata :annotations :traefik.ingress.kubernetes.io/router.middlewares)
|
||||
", default-ratelimit@kubernetescrd")))))
|
||||
|
||||
|
||||
; using :average and :burst seems sensible, :period may be interesting for fine tuning later on
|
||||
(defn-spec generate-rate-limit-middleware pred/map-or-seq?
|
||||
[config rate-limit-config?]
|
||||
(let [{:keys [max-rate max-concurrent-requests]} config]
|
||||
(->
|
||||
(yaml/load-as-edn "forgejo/middleware-ratelimit.yaml")
|
||||
(cm/replace-key-value :average max-rate)
|
||||
(cm/replace-key-value :burst max-concurrent-requests))))
|
||||
|
||||
(defn-spec generate-data-volume pred/map-or-seq?
|
||||
[config vol?]
|
||||
(let [{:keys [volume-total-storage-size]} config
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: ratelimit
|
||||
namespace: forgejo
|
||||
spec:
|
||||
rateLimit: # Config options for rate limiting: https://doc.traefik.io/traefik/middlewares/http/ratelimit/
|
||||
average: AVG
|
||||
burst: BRS
|
|
@ -163,26 +163,3 @@
|
|||
:storage-c2 "15Gi"}
|
||||
(th/map-diff (cut/generate-data-volume {:volume-total-storage-size 1})
|
||||
(cut/generate-data-volume {:volume-total-storage-size 15})))))
|
||||
|
||||
(deftest should-generate-middleware-ratelimit
|
||||
(is (= {:apiVersion "traefik.containo.us/v1alpha1",
|
||||
:kind "Middleware",
|
||||
:metadata {:name "ratelimit", :namespace "forgejo"},
|
||||
:spec {:rateLimit {:average 10, :burst 5}}}
|
||||
(cut/generate-rate-limit-middleware {:max-rate 10, :max-concurrent-requests 5}))))
|
||||
|
||||
(deftest should-generate-middleware-ratelimit-ingress-and-cert
|
||||
(is (= {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
|
||||
:traefik.ingress.kubernetes.io/router.middlewares
|
||||
"default-redirect-https@kubernetescrd, default-ratelimit@kubernetescrd",
|
||||
:metallb.universe.tf/address-pool "public"}
|
||||
(-> (second
|
||||
(cut/generate-rate-limit-ingress-and-cert
|
||||
{:fqdn "test.de"
|
||||
:mailer-from ""
|
||||
:mailer-host "m.t.de"
|
||||
:mailer-port "123"
|
||||
:service-noreply-address ""
|
||||
:average 10
|
||||
:burst 5}))
|
||||
:metadata :annotations))))
|
||||
|
|
Loading…
Reference in a new issue