fix: use https for gitea (#121)

* fix: use https for gitea - enable skipTLSVerify - fix documentation - gohttp -> githttp closes #113 Signed-off-by: Nima Kaviani <[email protected]>
cnoe-io · Dec 19, 2023 · 9cf1434 · 9cf1434
1 parent 3ddb5dd
commit 9cf1434
Show file tree

Hide file tree

Showing 9 changed files with 25 additions and 24 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -50,8 +50,8 @@ This command creates a kind cluster, expose associated endpoints to your local m
 They are deployed as ArgoCD Applications with the Gitea repositories set as their sources. 
 
 UIs for Backstage, Gitea, and ArgoCD are accessible on the machine:
-* Gitea: http://gitea.cnoe.localtest.me:8443/explore/repos
-* Backstage: http://backstage.cnoe.localtest.me:8880/
+* Gitea: https://gitea.cnoe.localtest.me:8443/explore/repos
+* Backstage: https://backstage.cnoe.localtest.me:8443/
 * ArgoCD: https://argocd.cnoe.localtest.me:8443/applications
 
 ArgoCD username is `admin` and the password can be obtained with 

diff --git a/api/v1alpha1/custom_package_types.go b/api/v1alpha1/custom_package_types.go
@@ -27,7 +27,7 @@ type CustomPackageSpec struct {
 	// +kubebuilder:default:=false
 	Replicate bool `json:"replicate"`
 	// GitServerURL specifies the base URL for the git server for API calls.
-	// for example, http://gitea.cnoe.localtest.me:8880
+	// for example, https://gitea.cnoe.localtest.me:8443
 	GitServerURL string `json:"gitServerURL"`
 	// InternalGitServeURL specifies the base URL for the git server accessible within the cluster.
 	// for example, http://my-gitea-http.gitea.svc.cluster.local:3000

diff --git a/pkg/controllers/gitrepository/controller.go b/pkg/controllers/gitrepository/controller.go
@@ -2,7 +2,9 @@ package gitrepository
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
+	"net/http"
 	"os"
 	"path/filepath"
 	"time"
@@ -13,7 +15,7 @@ import (
 	"github.com/cnoe-io/idpbuilder/pkg/util"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
-	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	githttp "github.com/go-git/go-git/v5/plumbing/transport/http"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
@@ -75,12 +77,12 @@ func (r *RepositoryReconciler) getCredentials(ctx context.Context, repo *v1alpha
 	return string(username), string(password), nil
 }
 
-func (r *RepositoryReconciler) getBasicAuth(ctx context.Context, repo *v1alpha1.GitRepository) (http.BasicAuth, error) {
+func (r *RepositoryReconciler) getBasicAuth(ctx context.Context, repo *v1alpha1.GitRepository) (githttp.BasicAuth, error) {
 	u, p, err := r.getCredentials(ctx, repo)
 	if err != nil {
-		return http.BasicAuth{}, err
+		return githttp.BasicAuth{}, err
 	}
-	return http.BasicAuth{
+	return githttp.BasicAuth{
 		Username: u,
 		Password: p,
 	}, nil
@@ -123,7 +125,12 @@ func (r *RepositoryReconciler) postProcessReconcile(ctx context.Context, req ctr
 func (r *RepositoryReconciler) reconcileGitRepo(ctx context.Context, repo *v1alpha1.GitRepository) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
 	logger.Info("reconciling", "name", repo.Name, "dir", repo.Spec.Source)
-	giteaClient, err := r.GiteaClientFunc(repo.Spec.GitURL)
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	client := &http.Client{Transport: tr}
+	giteaClient, err := r.GiteaClientFunc(repo.Spec.GitURL, gitea.SetHTTPClient(client))
 	if err != nil {
 		return ctrl.Result{Requeue: true, RequeueAfter: requeueTime}, fmt.Errorf("failed to get gitea client: %w", err)
 	}
@@ -159,8 +166,9 @@ func (r *RepositoryReconciler) reconcileRepoContent(ctx context.Context, repo *v
 	}
 
 	clonedRepo, err := git.PlainClone(tempDir, false, &git.CloneOptions{
-		URL:        giteaRepo.CloneURL,
-		NoCheckout: true,
+		URL:             giteaRepo.CloneURL,
+		NoCheckout:      true,
+		InsecureSkipTLS: true,
 	})
 	if err != nil {
 		return fmt.Errorf("cloning repo: %w", err)
@@ -210,7 +218,8 @@ func (r *RepositoryReconciler) reconcileRepoContent(ctx context.Context, repo *v
 		return fmt.Errorf("getting basic auth: %w", err)
 	}
 	err = clonedRepo.Push(&git.PushOptions{
-		Auth: &auth,
+		Auth:            &auth,
+		InsecureSkipTLS: true,
 	})
 	if err != nil {
 		return fmt.Errorf("pushing to git: %w", err)

diff --git a/pkg/controllers/localbuild/gitea.go b/pkg/controllers/localbuild/gitea.go
@@ -3,6 +3,7 @@ package localbuild
 import (
 	"context"
 	"embed"
+
 	"github.com/cnoe-io/idpbuilder/api/v1alpha1"
 	"github.com/cnoe-io/idpbuilder/pkg/util"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -14,7 +15,7 @@ const (
 	giteaNamespace   = "gitea"
 	giteaAdminSecret = "gitea-admin-secret"
 	// this is the URL accessible outside cluster. resolves to localhost
-	giteaIngressURL = "http://gitea.cnoe.localtest.me:8880"
+	giteaIngressURL = "https://gitea.cnoe.localtest.me:8443"
 	// this is the URL accessible within cluster for ArgoCD to fetch resources.
 	// resolves to cluster ip
 	giteaSvcURL = "http://my-gitea-http.gitea.svc.cluster.local:3000"

diff --git a/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml b/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml
@@ -28,7 +28,7 @@ stringData:
     ENABLE_PPROF=false
     HTTP_PORT=3000
     PROTOCOL=http
-    ROOT_URL=http://gitea.cnoe.localtest.me:8880
+    ROOT_URL=https://gitea.cnoe.localtest.me:8443
     SSH_DOMAIN=gitea.cnoe.localtest.me
     SSH_LISTEN_PORT=2222
     SSH_PORT=22

diff --git a/pkg/controllers/localbuild/resources/gitea/values.yaml b/pkg/controllers/localbuild/resources/gitea/values.yaml
@@ -25,7 +25,7 @@ gitea:
       TYPE: level
     server:
       DOMAIN: gitea.cnoe.localtest.me
-      ROOT_URL: 'http://gitea.cnoe.localtest.me:8880'
+      ROOT_URL: 'https://gitea.cnoe.localtest.me:8443'
 
 service:
   ssh:

diff --git a/pkg/controllers/resources/idpbuilder.cnoe.io_custompackages.yaml b/pkg/controllers/resources/idpbuilder.cnoe.io_custompackages.yaml
@@ -61,7 +61,7 @@ spec:
                 type: object
               gitServerURL:
                 description: GitServerURL specifies the base URL for the git server
-                  for API calls. for example, http://gitea.cnoe.localtest.me:8880
+                  for API calls. for example, https://gitea.cnoe.localtest.me:8443
                 type: string
               internalGitServeURL:
                 description: InternalGitServeURL specifies the base URL for the git

diff --git a/pkg/kind/cluster_test.go b/pkg/kind/cluster_test.go
@@ -34,9 +34,6 @@ nodes:
         system-reserved: memory=4Gi
         node-labels: "ingress-ready=true"
   extraPortMappings:
-  - containerPort: 80
-    hostPort: 8880
-    protocol: TCP
   - containerPort: 443
     hostPort: 8443
     protocol: TCP
@@ -73,9 +70,6 @@ nodes:
         system-reserved: memory=4Gi
         node-labels: "ingress-ready=true"
   extraPortMappings:
-  - containerPort: 80
-    hostPort: 8880
-    protocol: TCP
   - containerPort: 443
     hostPort: 8443
     protocol: TCP

diff --git a/pkg/kind/resources/kind.yaml b/pkg/kind/resources/kind.yaml
@@ -16,9 +16,6 @@ nodes:
         system-reserved: memory=4Gi
         node-labels: "ingress-ready=true"
   extraPortMappings:
-  - containerPort: 80
-    hostPort: 8880
-    protocol: TCP
   - containerPort: 443
     hostPort: 8443
     protocol: TCP