gitea: global: imageRegistry: registry.hub.docker.com replicaCount: 3 strategy: type: "RollingUpdate" rollingUpdate: maxSurge: "100%" maxUnavailable: 0 image: repository: gitea/gitea tag: 1.23.8 service: http: type: ClusterIP port: 3000 clusterIP: 10.103.160.139 ssh: type: ClusterIP port: 22 clusterIP: 10.103.160.140 ingress: enabled: false persistence: storageClass: ceph-filesystem size: 10Gi accessModes: - ReadWriteMany extraVolumes: - name: gitea-nfs-storage-backup persistentVolumeClaim: claimName: gitea-nfs-storage-backup extraVolumeMounts: - mountPath: /opt/backup name: gitea-nfs-storage-backup readOnly: false actions: enabled: true statefulset: resources: requests: cpu: 100m memory: 256Mi actRunner: repository: gitea/act_runner tag: 0.2.11 config: | log: level: debug cache: enabled: false container: privileged: true provisioning: enabled: false existingSecret: gitea-runner-secret existingSecretKey: token gitea: metrics: enabled: true serviceMonitor: enabled: false oauth: - name: Authentik provider: openidConnect existingSecret: gitea-oidc-secret autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration iconUrl: https://goauthentik.io/img/icon.png scopes: "email profile" config: APP_NAME: Gitea server: PROTOCOL: http DOMAIN: gitea.alexlebens.dev ROOT_URL: https://gitea.alexlebens.dev LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000 START_SSH_SERVER: true SSH_DOMAIN: gitea.alexlebens.net SSH_PORT: 22 SSH_LISTEN_PORT: 22 ENABLE_PPROF: true LANDING_PAGE: explore database: DB_TYPE: postgres SCHEMA: public oauth2_client: ENABLE_AUTO_REGISTRATION: true cache: ENABLED: true ADAPTER: redis HOST: redis://gitea-valkey-primary.gitea:6379 queue: TYPE: redis CONN_STR: redis://gitea-valkey-primary.gitea:6379 session: PROVIDER: redis PROVIDER_CONFIG: redis://gitea-valkey-primary.gitea:6379 indexer: ISSUE_INDEXER_ENABLED: true ISSUE_INDEXER_TYPE: meilisearch REPO_INDEXER_ENABLED: false actions: ENABLED: true service: REGISTER_MANUAL_CONFIRM: true SHOW_REGISTRATION_BUTTON: false ALLOW_ONLY_EXTERNAL_REGISTRATION: true explore: REQUIRE_SIGNIN_VIEW: true webhook: ALLOWED_HOST_LIST: private mirror: DEFAULT_INTERVAL: 10m additionalConfigFromEnvs: - name: GITEA__DATABASE__HOST valueFrom: secretKeyRef: name: gitea-postgresql-17-cluster-app key: host - name: GITEA__DATABASE__NAME valueFrom: secretKeyRef: name: gitea-postgresql-17-cluster-app key: dbname - name: GITEA__DATABASE__USER valueFrom: secretKeyRef: name: gitea-postgresql-17-cluster-app key: user - name: GITEA__DATABASE__PASSWD valueFrom: secretKeyRef: name: gitea-postgresql-17-cluster-app key: password - name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR valueFrom: secretKeyRef: name: gitea-meilisearch-master-key-secret key: ISSUE_INDEXER_CONN_STR memcached: enabled: false redis: enabled: false redis-cluster: enabled: false postgresql: enabled: false postgresql-ha: enabled: false mysql: enabled: false mariadb: enabled: false # renovate: # global: # fullnameOverride: gitea-renovate # controllers: # renovate: # type: cronjob # cronjob: # suspend: false # concurrencyPolicy: Forbid # timeZone: US/Central # schedule: "0 4 * * *" # startingDeadlineSeconds: 90 # successfulJobsHistory: 3 # failedJobsHistory: 3 # backoffLimit: 3 # parallelism: 1 # containers: # main: # image: # repository: renovate/renovate # tag: 40 # pullPolicy: IfNotPresent # env: # - name: RENOVATE_PLATFORM # value: gitea # - name: RENOVATE_AUTODISCOVER # value: 'true' # - name: RENOVATE_ONBOARDING # value: 'true' # - name: RENOVATE_BASE_DIR # value: /tmp/renovate # - name: RENOVATE_PERSIST_REPO_DATA # value: true # - name: RENOVATE_REPOSITORY_CACHE # value: true # - name: RENOVATE_REDIS_URL # value: redis://gitea-renovate-valkey-primary.gitea:6379 # - name: LOG_LEVEL # value: info # envFrom: # - secretRef: # name: gitea-renovate-secret # resources: # requests: # cpu: 100m # memory: 128Mi # persistence: # base: # storageClass: ceph-block # accessMode: ReadWriteOnce # size: 5Gi # retain: true # advancedMounts: # renovate: # main: # - path: /tmp/renovate # readOnly: false # ssh: # enabled: true # type: secret # name: gitea-renovate-ssh-secret # advancedMounts: # renovate: # main: # - path: /home/ubuntu/.ssh # readOnly: true # mountPropagation: None # cache: # type: emptyDir # advancedMounts: # renovate: # main: # - path: /tmp/renovate/cache # readOnly: false backup: global: fullnameOverride: gitea-backup controllers: backup: type: cronjob cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: 0 4 * * * startingDeadlineSeconds: 90 successfulJobsHistory: 3 failedJobsHistory: 3 backoffLimit: 3 parallelism: 1 serviceAccount: name: gitea-backup pod: automountServiceAccountToken: true initContainers: backup: image: repository: bitnami/kubectl tag: 1.33.1 pullPolicy: IfNotPresent command: - sh args: - -ec - | kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip; kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip; resources: requests: cpu: 100m memory: 128Mi containers: s3-backup: image: repository: d3fk/s3cmd tag: latest@sha256:5664c8a61fe6d250120e1d56850cf09cb90ad2f3955254e120ee656ba67b0fb6 pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - | echo ">> Running S3 backup for Gitea" s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${S3_REPOSITORY}/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; echo ">> Completed S3 backup for Gitea" envFrom: - secretRef: name: gitea-backup-s3 resources: requests: cpu: 100m memory: 128Mi s3-prune: image: repository: d3fk/s3cmd tag: latest@sha256:5664c8a61fe6d250120e1d56850cf09cb90ad2f3955254e120ee656ba67b0fb6 pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - | export ONE_WEEK_AGO=$(date -d @$(( $(date +%s) - 604800 )) +%Y-%m-%d\ %H:%M:%S); export TWO_WEEK_AGO=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%d\ %H:%M:%S); export TIME_RANGE="$TWO_WEEK_AGO" echo ">> Running S3 prune for Gitea backup repository" echo ">> Backups prior to '$TIME_RANGE' will be removed" echo ">> File list:" s3cmd ls -v $S3_REPOSITORY echo ">> Deleting ..." s3cmd ls -v $S3_REPOSITORY | awk -v time_range="$TIME_RANGE" '$1 < time_range {print $4}' | while read file; do s3cmd del -v "$file"; echo ">> Deleted $file"; done; echo ">> Completed S3 prune for Gitea backup repository" envFrom: - secretRef: name: gitea-backup-s3 resources: requests: cpu: 100m memory: 128Mi serviceAccount: gitea-backup: enabled: true persistence: config: existingClaim: gitea-nfs-storage-backup advancedMounts: backup: s3-backup: - path: /opt/backup readOnly: false s3cmd-config: enabled: true type: secret name: gitea-s3cmd-config advancedMounts: backup: s3-backup: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg s3-prune: - path: /root/.s3cfg readOnly: true mountPropagation: None subPath: .s3cfg meilisearch: environment: MEILI_NO_ANALYTICS: true MEILI_ENV: production MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true auth: existingMasterKeySecret: gitea-meilisearch-master-key-secret service: type: ClusterIP port: 7700 persistence: enabled: true storageClass: ceph-block size: 5Gi resources: requests: cpu: 10m memory: 128Mi serviceMonitor: enabled: true valkey: architecture: replication auth: enabled: false usePasswordFiles: false primary: resources: requests: cpu: 100m memory: 64Mi persistence: enabled: true size: 5Gi replica: resources: requests: cpu: 100m memory: 64Mi persistence: enabled: true size: 5Gi valkey-renovate: nameOverride: renovate-valkey architecture: standalone auth: enabled: false primary: resources: requests: cpu: 100m memory: 64Mi persistence: enabled: true size: 1Gi cloudflared: existingSecretName: gitea-cloudflared-secret postgres-17-cluster: mode: standalone cluster: storage: storageClass: local-path walStorage: storageClass: local-path monitoring: enabled: true prometheusRule: enabled: true recovery: method: objectStore objectStore: endpointURL: https://nyc3.digitaloceanspaces.com destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster endpointCredentials: gitea-postgresql-17-cluster-backup-secret recoveryIndex: 3 backup: enabled: true endpointURL: https://nyc3.digitaloceanspaces.com destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster endpointCredentials: gitea-postgresql-17-cluster-backup-secret backupIndex: 3