Host on Gitea

DKP supports using an external catalog git repository to install applications. In cases where an external repository is not accessible from within the cluster, to install applications, use the Gitea server that comes out-of-box with a Kommander deployment.

Prerequisites

• Install git in the local environment (from where a connection to air-gapped cluster is established).

Host external repository on Gitea

To configure the Gitea server, follow these steps:

1. Set the VERSION environment variable to the version of Kommander you want to install, for example:

   export VERSION=v2.1.1
   

2. Set the TARGET_NAMESPACE to the workspace (or project) namespace in which the catalog repository will be created.

   export TARGET_NAMESPACE=<WORKSPACE_OR_PROJECT_NAMESPACE>
   

3. Go to the Gitea UI below and register a new user account:

   GITEA_HOSTNAME=$((kubectl -n kommander get cm konvoyconfig-kubeaddons -o go-template='{{if ne .data.clusterHostname ""}}{{.data.clusterHostname}}{{"\n"}}{{end}}' ; kubectl -n kommander get ingress gitea -o jsonpath="{.status.loadBalancer.ingress[0]['ip','hostname']}") | head -1) && echo https://${GITEA_HOSTNAME}/dkp/kommander/git/
   

4. Create a new repository under the new user account. Rest of this guide assumes you created a private repository named dkp-catalog-applications with main as default branch. You can substitute these values as needed. Create environment variables that contain the Gitea credentials and repository metadata:

   GITEA_USERNAME=<YOUR_GITEA_USERNAME>
   GITEA_PASSWORD=<YOUR_GITEA_PASSWORD>
   GITEA_REPOSITORY_NAME=dkp-catalog-applications
   GITEA_REPOSITORY_DEFAULT_BRANCH=main
   

5. Clone the newly created repository on your local machine:

   kubectl -n kommander get secret kommander-traefik-certificate -o go-template='{{index .data "ca.crt"|base64decode}}' > /tmp/ca.crt
   git clone -c http.sslCAInfo=/tmp/ca.crt https://${GITEA_USERNAME}:${GITEA_PASSWORD}@${GITEA_HOSTNAME}/dkp/kommander/git/${GITEA_USERNAME}/${GITEA_REPOSITORY_NAME}
   

6. Download and extract the catalog repository bundle to your local machine from the download portal and extract the contents into the ${GITEA_REPOSITORY_NAME} repository cloned in the above step:

   curl -fsSL https://github.com/mesosphere/dkp-catalog-applications/archive/refs/tags/${VERSION}.tar.gz | tar zxf - --strip-components=1 -C ${GITEA_REPOSITORY_NAME}
   

7. Navigate into the ${GITEA_REPOSITORY_NAME} directory and push the changes:

   cd ${GITEA_REPOSITORY_NAME}
   git add .
   git commit -m "feat: initialize ${GITEA_REPOSITORY_NAME} for air-gapped"
   git push --set-upstream origin ${GITEA_REPOSITORY_DEFAULT_BRANCH}
   cd ..
   

8. Run the following command to create a secret containing Gitea credentials in TARGET_NAMESPACE:

   kubectl create secret generic -n${TARGET_NAMESPACE} ${TARGET_NAMESPACE} --type opaque \
       --from-literal=caFile="$(cat /tmp/ca.crt)" \
       --from-literal=username="${GITEA_USERNAME}" \
       --from-literal=password="${GITEA_PASSWORD}"
   

   NOTE: This command needs to be run in Management cluster (where Kommander is installed) and ALL target clusters that belong to the specific Workspace or Project.

9. Optionally, cleanup the certificate and locally cloned repository:

   rm -rf ${GITEA_REPOSITORY_NAME}
   rm /tmp/ca.crt
   

10. Run the following command to create the catalog GitRepository:

    kubectl apply -f - <<EOF
    apiVersion: source.toolkit.fluxcd.io/v1beta1
    kind: GitRepository
    metadata:
      name: ${GITEA_REPOSITORY_NAME}
      namespace: ${TARGET_NAMESPACE}
      labels:
        kommander.d2iq.io/gitapps-gitrepository-type: catalog
        kommander.d2iq.io/gitrepository-type: catalog
    spec:
      interval: 1m0s
      ref:
        branch: ${GITEA_REPOSITORY_DEFAULT_BRANCH}
      timeout: 20s
      url: https://${GITEA_HOSTNAME}/dkp/kommander/git/${GITEA_USERNAME}/${GITEA_REPOSITORY_NAME}
      secretRef:
        name: ${TARGET_NAMESPACE}
    EOF
    

11. After the newly created GitRepository on the management cluster reconciles, any corresponding Apps are loaded by Kommander controller.

This Docker image includes code from the MinIO Project (“MinIO”), which is © 2015-2021 MinIO, Inc. MinIO is made available subject to the terms and conditions of the [GNU Affero General Public License 3.0][https://www.gnu.org/licenses/agpl-3.0.en.html]. The complete source code for the versions of MinIO packaged with DKP 2.1.0 are available at these URLs:

• https://github.com/minio/minio/tree/RELEASE.2021-07-30T00-02-00Z
• https://github.com/minio/minio/tree/RELEASE.2020-12-03T05-49-24Z