gitea: strategy: type: Recreate image: repository: gitea/gitea tag: 1.22.4 ingress: enabled: false className: traefik annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" cert-manager.io/cluster-issuer: letsencrypt-issuer hosts: - host: gitea.alexlebens.net paths: - path: / pathType: Prefix tls: - secretName: gitea-secret-tls hosts: - gitea.alexlebens.net serviceAccount: create: true automountServiceAccountToken: true gitea: admin: existingSecret: gitea-admin-secret metrics: enabled: true serviceMonitor: enabled: true oauth: - name: Authentik provider: openidConnect existingSecret: gitea-oidc-secret autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration iconUrl: https://goauthentik.io/img/icon.png scopes: "email profile" config: APP_NAME: Gitea server: PROTOCOL: http DOMAIN: gitea.alexlebens.dev ROOT_URL: https://gitea.alexlebens.dev LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000 START_SSH_SERVER: true SSH_DOMAIN: gitea.alexlebens.dev SSH_PORT: 2222 SSH_LISTEN_PORT: 2222 ENABLE_PPROF: true LANDING_PAGE: explore database: DB_TYPE: postgres SCHEMA: public oauth2_client: ENABLE_AUTO_REGISTRATION: true service: REGISTER_MANUAL_CONFIRM: true SHOW_REGISTRATION_BUTTON: false ALLOW_ONLY_EXTERNAL_REGISTRATION: true explore: REQUIRE_SIGNIN_VIEW: true webhook: ALLOWED_HOST_LIST: private mirror: DEFAULT_INTERVAL: 10m additionalConfigFromEnvs: - name: GITEA__DATABASE__HOST valueFrom: secretKeyRef: name: gitea-postgresql-16-cluster-app key: host - name: GITEA__DATABASE__NAME valueFrom: secretKeyRef: name: gitea-postgresql-16-cluster-app key: dbname - name: GITEA__DATABASE__USER valueFrom: secretKeyRef: name: gitea-postgresql-16-cluster-app key: user - name: GITEA__DATABASE__PASSWD valueFrom: secretKeyRef: name: gitea-postgresql-16-cluster-app key: password persistence: storageClass: ceph-block extraVolumes: - name: gitea-nfs-storage-backup persistentVolumeClaim: claimName: gitea-nfs-storage-backup extraVolumeMounts: - mountPath: /opt/backup name: gitea-nfs-storage-backup readOnly: false postgresql: enabled: false postgresql-ha: enabled: false redis-cluster: enabled: true cloudflared: existingSecretName: gitea-cloudflared-secret backup: global: fullnameOverride: gitea-backup controllers: backup: type: cronjob cronjob: suspend: false concurrencyPolicy: Forbid timeZone: US/Central schedule: 0 4 * * * startingDeadlineSeconds: 90 successfulJobsHistory: 3 failedJobsHistory: 3 backoffLimit: 3 parallelism: 1 containers: backup: image: repository: bitnami/kubectl tag: 1.31.3 pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - | kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip; kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip; resources: requests: cpu: 100m memory: 128Mi s3: image: repository: amazon/aws-cli tag: 2.22.12 pullPolicy: IfNotPresent command: - /bin/sh args: - -ec - | until [ -f /opt/backup/gitea-backup.zip ]; do sleep 5; done; aws s3 cp /opt/backup/gitea-backup.zip s3://cl01tl-gitea-backups/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip; envFrom: - secretRef: name: gitea-backup-s3 resources: requests: cpu: 100m memory: 128Mi serviceAccount: create: true persistence: config: existingClaim: gitea-nfs-storage-backup advancedMounts: backup: s3: - path: /opt/backup readOnly: false postgres-16-cluster: mode: standalone cluster: walStorage: storageClass: local-path storage: storageClass: local-path monitoring: enabled: true backup: enabled: true endpointURL: https://nyc3.digitaloceanspaces.com destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-16-cluster endpointCredentials: gitea-postgresql-16-cluster-backup-secret backupIndex: 1