The svn-operator is a simple, opinionated operator that has following features:
- Does not guarantee extremely high availability. (if an SVN server crashes, just wait for a second and retry.)
- Only basic authentication is allowed.
- Can manage users and repositories declaratively.
- Does not provide path-based authorization.
$ kubectl apply -f https://github.com/genkami/svn-operator/releases/download/v0.2.1/svn-operator.yaml
The following example creates following resources:
- An SVN server
svnserver-sample
. - A single SVN repository named
svnrepository-sample
whcih belongs tosvnserver-sample
. - Two groups named
svngroup-sample-reader
andsvngroup-sample-writer
.
The former group has only read permission to the repository and the latter has full access to the repository. - Two users
svnuser-sample-reader
who belongs tosvngroup-sample-reader
, andsvnuser-sample-writer
who belongs tosvngroup-sample-writer
.
apiVersion: svn.k8s.oyasumi.club/v1alpha1
kind: SVNServer
metadata:
name: svnserver-sample
spec:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 512M
---
apiVersion: svn.k8s.oyasumi.club/v1alpha1
kind: SVNRepository
metadata:
name: svnrepository-sample
spec:
svnServer: svnserver-sample
---
apiVersion: svn.k8s.oyasumi.club/v1alpha1
kind: SVNGroup
metadata:
name: svngroup-sample-reader
spec:
svnServer: svnserver-sample
permissions:
- repository: svnrepository-sample
permission: r
---
apiVersion: svn.k8s.oyasumi.club/v1alpha1
kind: SVNGroup
metadata:
name: svngroup-sample-writer
spec:
svnServer: svnserver-sample
permissions:
- repository: svnrepository-sample
permission: rw
---
apiVersion: svn.k8s.oyasumi.club/v1alpha1
kind: SVNUser
metadata:
name: svnuser-sample-reader
spec:
svnServer: svnserver-sample
groups:
- name: svngroup-sample-reader
# The password is 'foobar'
encryptedPassword: $2y$05$lHorekjyyp9w2fXD/ppQLOJ2N1KmY.9yiJ0mZQlkIeUpUg8enPN4e
---
apiVersion: svn.k8s.oyasumi.club/v1alpha1
kind: SVNUser
metadata:
name: svnuser-sample-writer
spec:
svnServer: svnserver-sample
groups:
- name: svngroup-sample-writer
# The password is 'quux'
encryptedPassword: $2y$05$skzShfjCsTKCYcvr55ByIO5G7icGU8Lofs2CpmR5AoGho9OzBLb4O
Additionally, if you want to expose SVN server to the internet, you have to set up ingress (or LoadBalancer, etc.) like this:
apiVersion: v1
kind: Service
metadata:
name: svnserver-sample-lb
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
selector:
# These two labels are generated by svn-operator
app: subversion
svn.k8s.oyasumi.club/name: svnserver-sample
---
# WARNING: This configuration is INSECURE since svn-operator uses basic auth.
# You must use HTTPS in production environments.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: svnserver-sample-lb
spec:
backend:
serviceName: svnserver-sample-lb
servicePort: 80
Then you can checkout repositories served under http://<INGRESS_IP_ADDRESS>/repos/
.
$ svn checkout http://<INGRESS_IP_ADDRESS>/repos/svnrepository-sample
Authentication realm: <http://<INGRESS_IP_ADDRESS>:80> SVN Server
Username: svnuser-sample-writer
Password for 'svnuser-sample-writer': ****
Checked out revision 0.
The EncryptedPassword
field can be generated by using htpasswd
command:
$ htpasswd -nB john | cut -d : -f 2-
New password:
Re-type new password:
$2y$05$sZw4te5XgfiRjNVNhLRVuO7cgiqbTAcdPRvzRog0r8Tj.lNAnpKyi
Or dedicated CLI tool that we provide:
$ go get github.com/genkami/svn-operator/cmd/svn-user-gen
$ svn-user-gen -user john
Password:
Re-type Password:
apiVersion: svn.k8s.oyasumi.club/v1alpha1
kind: SVNUser
metadata:
name: john
spec:
svnServer: TYPE_THE_SERVER_NAME_HERE
encryptedPassword: $2a$10$teGKPe/vdxOvSRwpCN7iH.Neu.KH8sc.33ylcNSO3bDriKbua/48u
Distributed under the Apache License Version 2.0. See LICENSE for more information.