Nerd For Tech
Published in

Nerd For Tech

OneDev with Kubernetes and LetsEncrypt

OneDev is an open source git server with built-in issue boards, and CI/CD capability.

This tutorial explains how to deploy OneDev into a Kubernetes cluster to get a full-blown CI/CD farm, and protect it with LetsEncrypt.

We will demonstrate with Google Kubernetes Engine, which is the most convenient to set up and maintain according to my experience.

  1. Create a standard GKE cluster with all default options

2. After cluster is created, configure kubectl to connect to the cluster

3. Make sure helm is installed, run below commands to install ingress Nginx controller and cert manager:

$ helm install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.yaml

4. Run below command to get external ip address of nginx controller:

$ kubectl get service ingress-nginx-controller -n ingress-nginx

5. Configure your dns provider to add a A record to associate OneDev DNS name with external ip address above. Wait for some time for the DNS entry to spread out (you may ping the DNS name to see if it returns the correct ip address to make sure)

6. Now deploy OneDev into the cluster with below command (replacing <OneDev DNS name> with above DNS name, and <an email address> with an email address using to receive LetsEncrypt certificate notifications):

$ helm install onedev onedev --repo https://dl.cloudsmith.io/public/onedev/onedev/helm/charts --namespace onedev --create-namespace --set ingress.host=<OneDev DNS name> --set ingress.tls=true --set letsencrypt.email=<an email address>

For a complete list of configurable values of OneDev chart, please check the values.yaml file

7. Wait a while for OneDev to get deployed. If things work fine, you should be able to visit OneDev at https://<OneDev DNS name> follow In case it does not work, follow this guide to trouble shoot certificate onedev-tlsin namespace onedev

8. If you also want to enable SSH access to OneDev repositories, run below command to configure tcp port of the Nginx controller

helm upgrade ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace --set tcp.22=onedev/onedev:22 --reuse-values

Then update SSH server urlat OneDev side (via menu Administration / Security Setting / SSH Setting) as ssh://<OneDev DNS name>

Thanks for reading!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store