system-config/kubernetes/gitea/gitea-playbook.yaml

- hosts: localhost
  tasks:
    - name: Set up gitea namespace
      k8s:
        context: gitea
        state: present
        definition: "{{ lookup('template', 'k8s/namespace.yaml') | from_yaml }}"
    # This is not in a file because that doesn't seem to handle multiline
    # strings well.
    - name: Set up gitea secrets
      k8s:
        context: gitea
        state: present
        definition:
          apiVersion: v1
          kind: Secret
          metadata:
            name: gitea-app
            namespace: gitea
          type: Opaque
          stringData:
            secret_key: "{{ gitea_secret_key }}"
            internal_token: "{{ gitea_internal_token }}"
            lfs_jwt_secret: "{{ gitea_lfs_jwt_secret }}"
            db_username: "{{ gitea_db_username }}"
            db_password: "{{ gitea_db_password }}"
            gitea_tls_cert: "{{ gitea_tls_cert }}"
            gitea_tls_key: "{{ gitea_tls_key }}"
    - name: Set up gitea configmap
      k8s:
        context: gitea
        state: present
        definition:
          apiVersion: v1
          kind: ConfigMap
          metadata:
            name: gitea-conf
            namespace: gitea
          data:
            # Note: we are not asking ansible to template this, it
            # will be run by jinja-init
            app.ini.j2: "{{ lookup('file', 'app.ini.j2') }}"
    - name: Set up gitea deployment
      k8s:
        context: gitea
        state: present
        definition: "{{ lookup('template', 'k8s/deployment.yaml') | from_yaml }}"
    - name: Set up gitea service
      k8s:
        context: gitea
        state: present
        definition: "{{ lookup('template', 'k8s/service.yaml') | from_yaml }}"
    - name: Get service IP
      k8s:
        context: gitea
        namespace: gitea
        kind: Service
        name: gitea-service
      register: gitea_service
      until: gitea_service.result.status.loadBalancer and gitea_service.result.status.loadBalancer.ingress and gitea_service.result.status.loadBalancer.ingress | length > 0 and gitea_service.result.status.loadBalancer.ingress[0].ip
      delay: 1
      retries: 300
    - name: Set service url fact
      set_fact:
        gitea_url: "http://{{ gitea_service.result.status.loadBalancer.ingress[0].ip }}"
    - name: Check if root user exists
      uri:
        url: "{{ gitea_url }}/api/v1/users/root"
        status_code: 200, 404
      register: root_user_check
    - name: Create root user
      when: root_user_check.status==404
      block:
        - name: Find gitea pods
          k8s_facts:
            namespace: gitea
            kind: Pod
            label_selectors:
              - "app = gitea"
          register: gitea_pods
        - name: Create root user
          command: "kubectl --context gitea exec {{ gitea_pods.resources[0].metadata.name }} -n gitea -c gitea -- gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
          no_log: true
    - name: Check if gerrit user exists
      uri:
        url: "{{ gitea_url }}/api/v1/users/gerrit"
        status_code: 200, 404
      register: gerrit_user_check
    - name: Create gerrit user
      when: gerrit_user_check.status==404
      no_log: true
      uri:
        url: "{{ gitea_url }}/api/v1/admin/users"
        method: POST
        user: root
        password: "{{ gitea_root_password }}"
        force_basic_auth: true
        status_code: 201
        body_format: json
        body:
          email: "gerrit@review.opendev.org"
          full_name: Gerrit
          login_name: gerrit
          password: "{{ gitea_gerrit_password }}"
          send_notify: false
          source_id: 0
          username: gerrit
    - name: Check if gerrit ssh key exists
      uri:
        user: root
        password: "{{ gitea_root_password }}"
        force_basic_auth: true
        url: "{{ gitea_url }}/api/v1/users/gerrit/keys"
        status_code: 200
      register: gerrit_key_check
      no_log: true
    - name: Delete old gerrit ssh key
      when: gerrit_key_check.json | length > 0 and gerrit_key_check.json[0].key != gitea_gerrit_public_key
      no_log: true
      uri:
        user: root
        password: "{{ gitea_root_password }}"
        force_basic_auth: true
        url: "{{ gitea_url }}/api/v1/user/keys/{{ gerrit_key_check.json[0].id }}"
        method: DELETE
        status_code: 204
    - name: Add gerrit ssh key
      when: gerrit_key_check.json | length == 0
      no_log: true
      uri:
        user: root
        password: "{{ gitea_root_password }}"
        force_basic_auth: true
        url: "{{ gitea_url }}/api/v1/admin/users/gerrit/keys"
        method: POST
        status_code: 201
        body_format: json
        body:
          key: "{{ gitea_gerrit_public_key }}"
          read_only: false
          title: "Gerrit replication key"