auto reload config

2025-09-05 14:12:46 +02:00 · 2025-09-05 14:12:46 +02:00 · 0ee64fc64a
commit 0ee64fc64a
parent 95e8de49f9
2 changed files with 175 additions and 0 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@ -0,0 +1,46 @@
+name: Deploy to Kubernetes
+
+on:
+  push:
+    branches: [ main, master ]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: production
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      
+    - name: Setup kubectl
+      uses: azure/setup-kubectl@v3
+      with:
+        version: 'v1.28.0'
+    
+    - name: Configure kubectl
+      run: |
+        mkdir -p ~/.kube
+        echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > ~/.kube/config
+        chmod 600 ~/.kube/config
+        
+    - name: Verify cluster connection
+      run: |
+        kubectl version --client
+        kubectl cluster-info
+        
+    - name: Deploy to Kubernetes
+      run: |
+        kubectl apply -k k8s/
+        kubectl rollout status deployment/homepage -n homepage --timeout=300s
+        
+    - name: Verify deployment
+      run: |
+        kubectl get pods -n homepage
+        kubectl get services -n homepage
+        
+    - name: Cleanup
+      if: always()
+      run: |
+        rm -f ~/.kube/config
--- a/GITEA-SETUP.md
+++ b/GITEA-SETUP.md
@ -0,0 +1,129 @@
+# Gitea Actions Auto-Deploy Setup
+
+## Prerequisites
+
+- Gitea instance with Actions enabled
+- Kubernetes cluster access
+- kubectl configured locally
+
+## Setup Steps
+
+### 1. Enable Gitea Actions
+
+In your Gitea instance admin panel:
+- Go to **Site Administration** → **Actions**  
+- Enable **Actions** if not already enabled
+- Ensure **Actions runners** are configured
+
+### 2. Configure Repository Secrets
+
+Go to your repository → **Settings** → **Secrets**
+
+Add the following secret:
+
+#### `KUBE_CONFIG`
+Your base64-encoded kubeconfig file:
+
+```bash
+# Get your kubeconfig in base64 format
+cat ~/.kube/config | base64 -w 0
+```
+
+Copy the output and paste it as the value for `KUBE_CONFIG` secret.
+
+### 3. Configure Environment (Optional but Recommended)
+
+Go to repository → **Settings** → **Environments**
+
+Create environment named: `production`
+- Add environment protection rules if needed
+- Set required reviewers for production deployments
+
+### 4. Verify Actions Runner
+
+Ensure you have an Actions runner available:
+- Check **Repository Settings** → **Actions** → **Runners**
+- If no runners, set up a self-hosted runner or use Gitea's shared runners
+
+## How It Works
+
+1. **Push to main/master** triggers the workflow automatically
+2. **Manual trigger** available via Actions tab → "Deploy to Kubernetes"
+3. Workflow applies Kustomize configuration
+4. ConfigMap changes automatically restart pods
+5. Deployment status is verified before completion
+
+## Workflow Features
+
+- ✅ Automatic deployment on push to main/master
+- ✅ Manual deployment trigger available
+- ✅ Kubernetes connection verification
+- ✅ Deployment rollout status monitoring
+- ✅ Security cleanup (kubeconfig removed after use)
+- ✅ Pod and service verification
+
+## Monitoring Deployments
+
+### Via Gitea
+- Go to **Actions** tab to see workflow runs
+- Click on specific run for detailed logs
+
+### Via kubectl
+```bash
+# Check deployment status
+kubectl rollout status deployment/homepage -n homepage
+
+# View pods
+kubectl get pods -n homepage
+
+# View services  
+kubectl get svc -n homepage
+
+# View configmap (note the hash suffix)
+kubectl get configmap -n homepage
+```
+
+## Troubleshooting
+
+### Runner Issues
+- Verify Actions runner is online in repository settings
+- Check runner has sufficient resources and network access to K8s
+
+### Authentication Issues  
+- Ensure `KUBE_CONFIG` secret is properly base64 encoded
+- Verify the kubeconfig has necessary permissions for the homepage namespace
+- Test kubeconfig locally: `kubectl --kubeconfig=<path> get pods -n homepage`
+
+### Deployment Issues
+- Check workflow logs in Gitea Actions tab
+- Verify namespace exists: `kubectl get namespace homepage`
+- Check for resource quotas or RBAC restrictions
+
+## Security Notes
+
+- `KUBE_CONFIG` secret contains cluster admin access - keep secure
+- Workflow automatically cleans up kubeconfig after each run
+- Consider using service accounts with limited permissions instead of admin kubeconfig
+- Environment protection can require manual approval for production deployments
+
+## Configuration Updates
+
+To update your homepage configuration:
+
+1. Edit files in `k8s/configmap-files/`
+2. Commit and push to main/master
+3. Actions workflow automatically deploys changes
+4. ConfigMap hash changes trigger pod restart with new config
+
+Example:
+```bash
+# Edit configuration
+nano k8s/configmap-files/services.yaml
+
+# Commit and push
+git add k8s/configmap-files/services.yaml
+git commit -m "Update services configuration"
+git push origin main
+
+# Deployment happens automatically!
+```