add gitea

2025-02-17 20:21:41 -06:00
parent b7fea99102
commit e3bc94b203
7 changed files with 56 additions and 54 deletions
--- a/clusters/cl01tl/platform/gitea/values.yaml
+++ b/clusters/cl01tl/platform/gitea/values.yaml
@@ -0,0 +1,186 @@
+gitea:
+  image:
+    repository: gitea/gitea
+    tag: 1.23.3
+  service:
+    http:
+      type: ClusterIP
+      port: 3000
+      clusterIP: 10.103.160.139
+    ssh:
+      type: ClusterIP
+      port: 2222
+      clusterIP: 10.103.160.140
+  ingress:
+    enabled: false
+  persistence:
+    storageClass: ceph-block
+  extraVolumes:
+    - name: gitea-nfs-storage-backup
+      persistentVolumeClaim:
+        claimName: gitea-nfs-storage-backup
+  extraVolumeMounts:
+    - mountPath: /opt/backup
+      name: gitea-nfs-storage-backup
+      readOnly: false
+  gitea:
+    admin:
+      existingSecret: gitea-admin-secret
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+    oauth:
+      - name: Authentik
+        provider: openidConnect
+        existingSecret: gitea-oidc-secret
+        autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
+        iconUrl: https://goauthentik.io/img/icon.png
+        scopes: "email profile"
+    config:
+      APP_NAME: Gitea
+      server:
+        PROTOCOL: http
+        DOMAIN: gitea.alexlebens.dev
+        ROOT_URL: https://gitea.alexlebens.dev
+        LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
+        START_SSH_SERVER: true
+        SSH_DOMAIN: gitea.alexlebens.dev
+        SSH_PORT: 2222
+        SSH_LISTEN_PORT: 2222
+        ENABLE_PPROF: true
+        LANDING_PAGE: explore
+      database:
+        DB_TYPE: postgres
+        SCHEMA: public
+      oauth2_client:
+        ENABLE_AUTO_REGISTRATION: true
+      service:
+        REGISTER_MANUAL_CONFIRM: true
+        SHOW_REGISTRATION_BUTTON: false
+        ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+      explore:
+        REQUIRE_SIGNIN_VIEW: true
+      webhook:
+        ALLOWED_HOST_LIST: private
+      mirror:
+        DEFAULT_INTERVAL: 10m
+    additionalConfigFromEnvs:
+      - name: GITEA__DATABASE__HOST
+        valueFrom:
+          secretKeyRef:
+            name: gitea-postgresql-17-cluster-app
+            key: host
+      - name: GITEA__DATABASE__NAME
+        valueFrom:
+          secretKeyRef:
+            name: gitea-postgresql-17-cluster-app
+            key: dbname
+      - name: GITEA__DATABASE__USER
+        valueFrom:
+          secretKeyRef:
+            name: gitea-postgresql-17-cluster-app
+            key: user
+      - name: GITEA__DATABASE__PASSWD
+        valueFrom:
+          secretKeyRef:
+            name: gitea-postgresql-17-cluster-app
+            key: password
+  memcached:
+    enabled: true
+  redis:
+    enabled: false
+  redis-cluster:
+    enabled: false
+  postgresql:
+    enabled: false
+  postgresql-ha:
+    enabled: false
+  mysql:
+    enabled: false
+  mariadb:
+    enabled: false
+cloudflared:
+  existingSecretName: gitea-cloudflared-secret
+backup:
+  global:
+    fullnameOverride: gitea-backup
+  controllers:
+    backup:
+      type: cronjob
+      cronjob:
+        suspend: false
+        concurrencyPolicy: Forbid
+        timeZone: US/Central
+        schedule: 0 4 * * *
+        startingDeadlineSeconds: 90
+        successfulJobsHistory: 3
+        failedJobsHistory: 3
+        backoffLimit: 3
+        parallelism: 1
+      containers:
+        backup:
+          image:
+            repository: bitnami/kubectl
+            tag: 1.32.2
+            pullPolicy: IfNotPresent
+          command:
+            - sh
+          args:
+            - -ec
+            - |
+              kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
+              kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+        s3:
+          image:
+            repository: amazon/aws-cli
+            tag: 2.24.0
+            pullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+          args:
+            - -ec
+            - |
+              until [ -f /opt/backup/gitea-backup.zip ]; do sleep 5; done;
+              aws s3 cp /opt/backup/gitea-backup.zip s3://cl01tl-gitea-backups/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
+              mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
+          envFrom:
+            - secretRef:
+                name: gitea-backup-s3
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+  serviceAccount:
+    create: true
+  persistence:
+    config:
+      existingClaim: gitea-nfs-storage-backup
+      advancedMounts:
+        backup:
+          s3:
+            - path: /opt/backup
+              readOnly: false
+postgres-17-cluster:
+  mode: recovery
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+  recovery:
+    endpointURL: https://nyc3.digitaloceanspaces.com
+    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
+    recoveryIndex: 1
+  backup:
+    enabled: false
+    endpointURL: https://nyc3.digitaloceanspaces.com
+    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
+    endpointCredentials: gitea-postgresql-17-cluster-backup-secret
+    backupIndex: 2