From a7a37a383ba607dc18f348d31929c6ca894ab5c0 Mon Sep 17 00:00:00 2001 From: Nima Kaviani Date: Fri, 15 Dec 2023 19:09:29 -0800 Subject: [PATCH 1/2] fix: use https for gitea - enable skipTLSVerify - fix documentation closes #113 Signed-off-by: Nima Kaviani --- CONTRIBUTING.md | 4 +-- api/v1alpha1/custom_package_types.go | 2 +- pkg/controllers/gitrepository/controller.go | 25 +++++++++++++------ pkg/controllers/localbuild/gitea.go | 3 ++- .../resources/gitea/k8s/install.yaml | 2 +- .../localbuild/resources/gitea/values.yaml | 2 +- .../idpbuilder.cnoe.io_custompackages.yaml | 2 +- pkg/kind/cluster_test.go | 6 ----- pkg/kind/resources/kind.yaml | 3 --- 9 files changed, 25 insertions(+), 24 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6e24a645..f317627d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,8 +50,8 @@ This command creates a kind cluster, expose associated endpoints to your local m They are deployed as ArgoCD Applications with the Gitea repositories set as their sources. UIs for Backstage, Gitea, and ArgoCD are accessible on the machine: -* Gitea: http://gitea.cnoe.localtest.me:8443/explore/repos -* Backstage: http://backstage.cnoe.localtest.me:8880/ +* Gitea: https://gitea.cnoe.localtest.me:8443/explore/repos +* Backstage: https://backstage.cnoe.localtest.me:8443/ * ArgoCD: https://argocd.cnoe.localtest.me:8443/applications ArgoCD username is `admin` and the password can be obtained with diff --git a/api/v1alpha1/custom_package_types.go b/api/v1alpha1/custom_package_types.go index 1e44de0c..58f4886f 100644 --- a/api/v1alpha1/custom_package_types.go +++ b/api/v1alpha1/custom_package_types.go @@ -27,7 +27,7 @@ type CustomPackageSpec struct { // +kubebuilder:default:=false Replicate bool `json:"replicate"` // GitServerURL specifies the base URL for the git server for API calls. - // for example, http://gitea.cnoe.localtest.me:8880 + // for example, https://gitea.cnoe.localtest.me:8443 GitServerURL string `json:"gitServerURL"` // InternalGitServeURL specifies the base URL for the git server accessible within the cluster. // for example, http://my-gitea-http.gitea.svc.cluster.local:3000 diff --git a/pkg/controllers/gitrepository/controller.go b/pkg/controllers/gitrepository/controller.go index 7b3d30a8..1c9834bc 100644 --- a/pkg/controllers/gitrepository/controller.go +++ b/pkg/controllers/gitrepository/controller.go @@ -2,7 +2,9 @@ package gitrepository import ( "context" + "crypto/tls" "fmt" + "net/http" "os" "path/filepath" "time" @@ -13,7 +15,7 @@ import ( "github.com/cnoe-io/idpbuilder/pkg/util" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing/object" - "github.com/go-git/go-git/v5/plumbing/transport/http" + gohttp "github.com/go-git/go-git/v5/plumbing/transport/http" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -75,12 +77,12 @@ func (r *RepositoryReconciler) getCredentials(ctx context.Context, repo *v1alpha return string(username), string(password), nil } -func (r *RepositoryReconciler) getBasicAuth(ctx context.Context, repo *v1alpha1.GitRepository) (http.BasicAuth, error) { +func (r *RepositoryReconciler) getBasicAuth(ctx context.Context, repo *v1alpha1.GitRepository) (gohttp.BasicAuth, error) { u, p, err := r.getCredentials(ctx, repo) if err != nil { - return http.BasicAuth{}, err + return gohttp.BasicAuth{}, err } - return http.BasicAuth{ + return gohttp.BasicAuth{ Username: u, Password: p, }, nil @@ -123,7 +125,12 @@ func (r *RepositoryReconciler) postProcessReconcile(ctx context.Context, req ctr func (r *RepositoryReconciler) reconcileGitRepo(ctx context.Context, repo *v1alpha1.GitRepository) (ctrl.Result, error) { logger := log.FromContext(ctx) logger.Info("reconciling", "name", repo.Name, "dir", repo.Spec.Source) - giteaClient, err := r.GiteaClientFunc(repo.Spec.GitURL) + + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + client := &http.Client{Transport: tr} + giteaClient, err := r.GiteaClientFunc(repo.Spec.GitURL, gitea.SetHTTPClient(client)) if err != nil { return ctrl.Result{Requeue: true, RequeueAfter: requeueTime}, fmt.Errorf("failed to get gitea client: %w", err) } @@ -159,8 +166,9 @@ func (r *RepositoryReconciler) reconcileRepoContent(ctx context.Context, repo *v } clonedRepo, err := git.PlainClone(tempDir, false, &git.CloneOptions{ - URL: giteaRepo.CloneURL, - NoCheckout: true, + URL: giteaRepo.CloneURL, + NoCheckout: true, + InsecureSkipTLS: true, }) if err != nil { return fmt.Errorf("cloning repo: %w", err) @@ -210,7 +218,8 @@ func (r *RepositoryReconciler) reconcileRepoContent(ctx context.Context, repo *v return fmt.Errorf("getting basic auth: %w", err) } err = clonedRepo.Push(&git.PushOptions{ - Auth: &auth, + Auth: &auth, + InsecureSkipTLS: true, }) if err != nil { return fmt.Errorf("pushing to git: %w", err) diff --git a/pkg/controllers/localbuild/gitea.go b/pkg/controllers/localbuild/gitea.go index a243a29a..a74ef305 100644 --- a/pkg/controllers/localbuild/gitea.go +++ b/pkg/controllers/localbuild/gitea.go @@ -3,6 +3,7 @@ package localbuild import ( "context" "embed" + "github.com/cnoe-io/idpbuilder/api/v1alpha1" "github.com/cnoe-io/idpbuilder/pkg/util" "k8s.io/apimachinery/pkg/runtime/schema" @@ -14,7 +15,7 @@ const ( giteaNamespace = "gitea" giteaAdminSecret = "gitea-admin-secret" // this is the URL accessible outside cluster. resolves to localhost - giteaIngressURL = "http://gitea.cnoe.localtest.me:8880" + giteaIngressURL = "https://gitea.cnoe.localtest.me:8443" // this is the URL accessible within cluster for ArgoCD to fetch resources. // resolves to cluster ip giteaSvcURL = "http://my-gitea-http.gitea.svc.cluster.local:3000" diff --git a/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml b/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml index 8e8c518a..cf691748 100644 --- a/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml +++ b/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml @@ -28,7 +28,7 @@ stringData: ENABLE_PPROF=false HTTP_PORT=3000 PROTOCOL=http - ROOT_URL=http://gitea.cnoe.localtest.me:8880 + ROOT_URL=https://gitea.cnoe.localtest.me:8443 SSH_DOMAIN=gitea.cnoe.localtest.me SSH_LISTEN_PORT=2222 SSH_PORT=22 diff --git a/pkg/controllers/localbuild/resources/gitea/values.yaml b/pkg/controllers/localbuild/resources/gitea/values.yaml index 8237ee04..3622b38c 100644 --- a/pkg/controllers/localbuild/resources/gitea/values.yaml +++ b/pkg/controllers/localbuild/resources/gitea/values.yaml @@ -25,7 +25,7 @@ gitea: TYPE: level server: DOMAIN: gitea.cnoe.localtest.me - ROOT_URL: 'http://gitea.cnoe.localtest.me:8880' + ROOT_URL: 'https://gitea.cnoe.localtest.me:8443' service: ssh: diff --git a/pkg/controllers/resources/idpbuilder.cnoe.io_custompackages.yaml b/pkg/controllers/resources/idpbuilder.cnoe.io_custompackages.yaml index def2ab81..24539119 100644 --- a/pkg/controllers/resources/idpbuilder.cnoe.io_custompackages.yaml +++ b/pkg/controllers/resources/idpbuilder.cnoe.io_custompackages.yaml @@ -61,7 +61,7 @@ spec: type: object gitServerURL: description: GitServerURL specifies the base URL for the git server - for API calls. for example, http://gitea.cnoe.localtest.me:8880 + for API calls. for example, https://gitea.cnoe.localtest.me:8443 type: string internalGitServeURL: description: InternalGitServeURL specifies the base URL for the git diff --git a/pkg/kind/cluster_test.go b/pkg/kind/cluster_test.go index 9698866b..06d59217 100644 --- a/pkg/kind/cluster_test.go +++ b/pkg/kind/cluster_test.go @@ -34,9 +34,6 @@ nodes: system-reserved: memory=4Gi node-labels: "ingress-ready=true" extraPortMappings: - - containerPort: 80 - hostPort: 8880 - protocol: TCP - containerPort: 443 hostPort: 8443 protocol: TCP @@ -73,9 +70,6 @@ nodes: system-reserved: memory=4Gi node-labels: "ingress-ready=true" extraPortMappings: - - containerPort: 80 - hostPort: 8880 - protocol: TCP - containerPort: 443 hostPort: 8443 protocol: TCP diff --git a/pkg/kind/resources/kind.yaml b/pkg/kind/resources/kind.yaml index 944b57f4..0868c109 100644 --- a/pkg/kind/resources/kind.yaml +++ b/pkg/kind/resources/kind.yaml @@ -16,9 +16,6 @@ nodes: system-reserved: memory=4Gi node-labels: "ingress-ready=true" extraPortMappings: - - containerPort: 80 - hostPort: 8880 - protocol: TCP - containerPort: 443 hostPort: 8443 protocol: TCP From 3549d1d0307da263dcbcc3b677d9fd46117ecab9 Mon Sep 17 00:00:00 2001 From: Nima Kaviani Date: Tue, 19 Dec 2023 11:54:40 -0800 Subject: [PATCH 2/2] gohttp -> githttp Signed-off-by: Nima Kaviani --- pkg/controllers/gitrepository/controller.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/controllers/gitrepository/controller.go b/pkg/controllers/gitrepository/controller.go index 1c9834bc..1fe9b7fc 100644 --- a/pkg/controllers/gitrepository/controller.go +++ b/pkg/controllers/gitrepository/controller.go @@ -15,7 +15,7 @@ import ( "github.com/cnoe-io/idpbuilder/pkg/util" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing/object" - gohttp "github.com/go-git/go-git/v5/plumbing/transport/http" + githttp "github.com/go-git/go-git/v5/plumbing/transport/http" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -77,12 +77,12 @@ func (r *RepositoryReconciler) getCredentials(ctx context.Context, repo *v1alpha return string(username), string(password), nil } -func (r *RepositoryReconciler) getBasicAuth(ctx context.Context, repo *v1alpha1.GitRepository) (gohttp.BasicAuth, error) { +func (r *RepositoryReconciler) getBasicAuth(ctx context.Context, repo *v1alpha1.GitRepository) (githttp.BasicAuth, error) { u, p, err := r.getCredentials(ctx, repo) if err != nil { - return gohttp.BasicAuth{}, err + return githttp.BasicAuth{}, err } - return gohttp.BasicAuth{ + return githttp.BasicAuth{ Username: u, Password: p, }, nil