# After deployment create admin user with below command in gitea container: # # su git # gitea admin user create --username admin --password '' --email --admin --- apiVersion: v1 kind: Namespace metadata: name: gitea-system --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: gitea app.kubernetes.io/name: gitea name: gitea namespace: gitea-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: gitea app.kubernetes.io/name: gitea strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: gitea app.kubernetes.io/name: gitea spec: initContainers: - name: init-directories image: busybox:1.36 command: - sh - -c - | mkdir -p /data/gitea/conf chown -R 1000:1000 /data volumeMounts: - name: data mountPath: /data containers: - name: gitea image: gitea/gitea:1.25.3 imagePullPolicy: IfNotPresent env: - name: USER_UID value: "1000" - name: USER_GID value: "1000" - name: GITEA__database__DB_TYPE value: postgres # Database - using shared PostgreSQL in database-system namespace - name: GITEA__database__HOST value: postgresql-rw.database-system.svc.cluster.local:5432 - name: GITEA__database__NAME value: gitea - name: GITEA__database__USER valueFrom: secretKeyRef: name: gitea-db key: username - name: GITEA__database__PASSWD valueFrom: secretKeyRef: name: gitea-db key: password - name: GITEA__server__DOMAIN value: gitea.dooplex.hu - name: GITEA__server__ROOT_URL value: https://gitea.dooplex.hu/ - name: GITEA__server__HTTP_PORT value: "3000" - name: GITEA__server__SSH_DOMAIN value: gitea.dooplex.hu - name: GITEA__server__SSH_PORT value: "22" - name: GITEA__server__SSH_LISTEN_PORT value: "2222" - name: GITEA__server__LFS_START_SERVER value: "true" - name: GITEA__security__INSTALL_LOCK value: "true" - name: GITEA__security__SECRET_KEY valueFrom: secretKeyRef: name: gitea-app key: secret-key - name: GITEA__security__INTERNAL_TOKEN valueFrom: secretKeyRef: name: gitea-app key: internal-token - name: GITEA__server__LFS_JWT_SECRET valueFrom: secretKeyRef: name: gitea-app key: lfs-jwt-secret - name: GITEA__service__DISABLE_REGISTRATION value: "true" - name: GITEA__mailer__ENABLED value: "true" - name: GITEA__mailer__PROTOCOL value: smtp+starttls - name: GITEA__mailer__SMTP_ADDR valueFrom: secretKeyRef: name: smtp-credentials key: host - name: GITEA__mailer__SMTP_PORT valueFrom: secretKeyRef: name: smtp-credentials key: port - name: GITEA__mailer__USER valueFrom: secretKeyRef: name: smtp-credentials key: username - name: GITEA__mailer__PASSWD valueFrom: secretKeyRef: name: smtp-credentials key: password - name: GITEA__mailer__FROM valueFrom: secretKeyRef: name: smtp-credentials key: from-address - name: GITEA__time__DEFAULT_UI_LOCATION value: Europe/Budapest ports: - containerPort: 3000 name: http protocol: TCP - containerPort: 2222 name: ssh protocol: TCP livenessProbe: httpGet: path: /api/healthz port: http initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 5 readinessProbe: httpGet: path: /api/healthz port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 resources: limits: cpu: "1" memory: 1Gi requests: cpu: 100m memory: 256Mi volumeMounts: - name: data mountPath: /data - name: repos mountPath: /data/git/repositories securityContext: fsGroup: 1000 volumes: - name: data persistentVolumeClaim: claimName: gitea-data - name: repos hostPath: path: /mnt/4_hdd/data/gitea/repositories type: DirectoryOrCreate --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: gitea app.kubernetes.io/name: gitea name: gitea namespace: gitea-system spec: type: LoadBalancer loadBalancerIP: 192.168.0.203 ports: - name: http port: 3000 protocol: TCP targetPort: http - name: ssh port: 2222 protocol: TCP targetPort: 22 selector: app.kubernetes.io/instance: gitea app.kubernetes.io/name: gitea --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: gitea.dooplex.hu,gitea.home nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | set $geo_allowed 0; if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } if ($geoip2_country_code = "HU") { set $geo_allowed 1; } if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: app.kubernetes.io/instance: gitea app.kubernetes.io/name: gitea name: gitea namespace: gitea-system spec: ingressClassName: nginx-internal rules: - host: gitea.dooplex.hu http: paths: - backend: service: name: gitea port: number: 3000 path: / pathType: Prefix - host: gitea.home http: paths: - backend: service: name: gitea port: number: 3000 path: / pathType: Prefix tls: - hosts: - gitea.dooplex.hu secretName: gitea-tls --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: gitea app.kubernetes.io/name: gitea name: gitea-data namespace: gitea-system spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: longhorn