kisfenyo
358 lines
8.6 KiB
YAML
358 lines
8.6 KiB
YAML
# After deployment create admin user with below command in gitea container:
|
|
#
|
|
# su git
|
|
# gitea admin user create --username admin --password '<password>' --email <email> --admin
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: gitea-system
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: gitea
|
|
name: gitea
|
|
namespace: gitea-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: gitea
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: gitea
|
|
spec:
|
|
initContainers:
|
|
- name: init-directories
|
|
image: busybox:1.36
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
mkdir -p /data/gitea/conf
|
|
chown -R 1000:1000 /data
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
containers:
|
|
- name: gitea
|
|
image: gitea/gitea:1.25.3
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: USER_UID
|
|
value: "1000"
|
|
- name: USER_GID
|
|
value: "1000"
|
|
- name: GITEA__database__DB_TYPE
|
|
value: postgres
|
|
- name: GITEA__database__HOST
|
|
value: gitea-postgres:5432
|
|
- name: GITEA__database__NAME
|
|
value: gitea
|
|
- name: GITEA__database__USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-db
|
|
key: username
|
|
- name: GITEA__database__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-db
|
|
key: password
|
|
- name: GITEA__server__DOMAIN
|
|
value: gitea.dooplex.hu
|
|
- name: GITEA__server__ROOT_URL
|
|
value: https://gitea.dooplex.hu/
|
|
- name: GITEA__server__HTTP_PORT
|
|
value: "3000"
|
|
- name: GITEA__server__SSH_DOMAIN
|
|
value: gitea.dooplex.hu
|
|
- name: GITEA__server__SSH_PORT
|
|
value: "22"
|
|
- name: GITEA__server__SSH_LISTEN_PORT
|
|
value: "2222"
|
|
- name: GITEA__server__LFS_START_SERVER
|
|
value: "true"
|
|
- name: GITEA__security__INSTALL_LOCK
|
|
value: "true"
|
|
- name: GITEA__security__SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-app
|
|
key: secret-key
|
|
- name: GITEA__security__INTERNAL_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-app
|
|
key: internal-token
|
|
- name: GITEA__server__LFS_JWT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-app
|
|
key: lfs-jwt-secret
|
|
- name: GITEA__service__DISABLE_REGISTRATION
|
|
value: "true"
|
|
- name: GITEA__mailer__ENABLED
|
|
value: "true"
|
|
- name: GITEA__mailer__PROTOCOL
|
|
value: smtp+starttls
|
|
- name: GITEA__mailer__SMTP_ADDR
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: smtp-credentials
|
|
key: host
|
|
- name: GITEA__mailer__SMTP_PORT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: smtp-credentials
|
|
key: port
|
|
- name: GITEA__mailer__USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: smtp-credentials
|
|
key: username
|
|
- name: GITEA__mailer__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: smtp-credentials
|
|
key: password
|
|
- name: GITEA__mailer__FROM
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: smtp-credentials
|
|
key: from-address
|
|
- name: GITEA__time__DEFAULT_UI_LOCATION
|
|
value: Europe/Budapest
|
|
ports:
|
|
- containerPort: 3000
|
|
name: http
|
|
protocol: TCP
|
|
- containerPort: 2222
|
|
name: ssh
|
|
protocol: TCP
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /api/healthz
|
|
port: http
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 30
|
|
timeoutSeconds: 10
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /api/healthz
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
resources:
|
|
limits:
|
|
cpu: "1"
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
- name: repos
|
|
mountPath: /data/git/repositories
|
|
securityContext:
|
|
fsGroup: 1000
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: gitea-data
|
|
- name: repos
|
|
hostPath:
|
|
path: /mnt/4_hdd/data/gitea/repositories
|
|
type: DirectoryOrCreate
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: postgres
|
|
name: gitea-postgres
|
|
namespace: gitea-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: postgres
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: postgres
|
|
spec:
|
|
containers:
|
|
- name: postgres
|
|
image: postgres:16-alpine
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-db
|
|
key: username
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-db
|
|
key: password
|
|
- name: POSTGRES_DB
|
|
value: gitea
|
|
- name: PGDATA
|
|
value: /var/lib/postgresql/data/pgdata
|
|
ports:
|
|
- containerPort: 5432
|
|
name: postgres
|
|
protocol: TCP
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /var/lib/postgresql/data
|
|
subPath: data
|
|
securityContext:
|
|
fsGroup: 999
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: gitea-postgres
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: gitea
|
|
name: gitea
|
|
namespace: gitea-system
|
|
spec:
|
|
type: LoadBalancer
|
|
loadBalancerIP: 192.168.0.203
|
|
ports:
|
|
- name: http
|
|
port: 3000
|
|
protocol: TCP
|
|
targetPort: http
|
|
- name: ssh
|
|
port: 22
|
|
protocol: TCP
|
|
targetPort: 22
|
|
selector:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: gitea
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: postgres
|
|
name: gitea-postgres
|
|
namespace: gitea-system
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- name: postgres
|
|
port: 5432
|
|
protocol: TCP
|
|
targetPort: postgres
|
|
selector:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: postgres
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
external-dns.alpha.kubernetes.io/hostname: gitea.dooplex.hu,gitea.home
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: gitea
|
|
name: gitea
|
|
namespace: gitea-system
|
|
spec:
|
|
ingressClassName: nginx-internal
|
|
rules:
|
|
- host: gitea.dooplex.hu
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: gitea
|
|
port:
|
|
number: 3000
|
|
path: /
|
|
pathType: Prefix
|
|
- host: gitea.home
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: gitea
|
|
port:
|
|
number: 3000
|
|
path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- gitea.dooplex.hu
|
|
secretName: gitea-tls
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: gitea
|
|
name: gitea-data
|
|
namespace: gitea-system
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
storageClassName: longhorn
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: gitea
|
|
app.kubernetes.io/name: postgres
|
|
name: gitea-postgres
|
|
namespace: gitea-system
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
storageClassName: longhorn
|