379 lines
13 KiB
YAML
379 lines
13 KiB
YAML
gitea:
|
|
global:
|
|
imageRegistry: registry.hub.docker.com
|
|
replicaCount: 3
|
|
image:
|
|
repository: gitea/gitea
|
|
tag: 1.25.0
|
|
service:
|
|
http:
|
|
type: ClusterIP
|
|
port: 3000
|
|
clusterIP: 10.103.160.139
|
|
ssh:
|
|
type: ClusterIP
|
|
port: 22
|
|
clusterIP: 10.103.160.140
|
|
ingress:
|
|
enabled: false
|
|
persistence:
|
|
storageClass: ceph-filesystem
|
|
size: 40Gi
|
|
accessModes:
|
|
- ReadWriteMany
|
|
extraVolumes:
|
|
- name: gitea-nfs-storage-backup
|
|
persistentVolumeClaim:
|
|
claimName: gitea-nfs-storage-backup
|
|
- name: gitea-themes-storage
|
|
persistentVolumeClaim:
|
|
claimName: gitea-themes-storage
|
|
extraInitVolumeMounts:
|
|
- name: gitea-themes-storage
|
|
readOnly: false
|
|
mountPath: /data/gitea/public/assets/css
|
|
extraContainerVolumeMounts:
|
|
- mountPath: /opt/backup
|
|
name: gitea-nfs-storage-backup
|
|
readOnly: false
|
|
- name: gitea-themes-storage
|
|
readOnly: true
|
|
mountPath: /data/gitea/public/assets/css
|
|
initPreScript: |
|
|
wget https://github.com/catppuccin/gitea/releases/latest/download/catppuccin-gitea.tar.gz;
|
|
tar -xvzf catppuccin-gitea.tar.gz -C /data/gitea/public/assets/css;
|
|
rm catppuccin-gitea.tar.gz;
|
|
gitea:
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: false
|
|
oauth:
|
|
- name: Authentik
|
|
provider: openidConnect
|
|
existingSecret: gitea-oidc-secret
|
|
autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
|
|
iconUrl: https://goauthentik.io/img/icon.png
|
|
scopes: "email profile"
|
|
config:
|
|
APP_NAME: Gitea
|
|
server:
|
|
PROTOCOL: http
|
|
DOMAIN: gitea.alexlebens.dev
|
|
ROOT_URL: https://gitea.alexlebens.dev
|
|
LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
|
|
START_SSH_SERVER: true
|
|
SSH_DOMAIN: gitea.alexlebens.net
|
|
SSH_PORT: 22
|
|
SSH_LISTEN_PORT: 22
|
|
ENABLE_PPROF: true
|
|
LANDING_PAGE: explore
|
|
database:
|
|
DB_TYPE: postgres
|
|
SCHEMA: public
|
|
oauth2_client:
|
|
ENABLE_AUTO_REGISTRATION: true
|
|
cache:
|
|
ENABLED: true
|
|
ADAPTER: redis
|
|
HOST: redis://redis-replication-gitea-master.gitea:6379
|
|
queue:
|
|
TYPE: redis
|
|
CONN_STR: redis://redis-replication-gitea-master.gitea:6379
|
|
session:
|
|
PROVIDER: redis
|
|
PROVIDER_CONFIG: redis://redis-replication-gitea-master.gitea:6379
|
|
indexer:
|
|
ISSUE_INDEXER_ENABLED: true
|
|
ISSUE_INDEXER_TYPE: meilisearch
|
|
REPO_INDEXER_ENABLED: false
|
|
actions:
|
|
ENABLED: true
|
|
service:
|
|
REGISTER_MANUAL_CONFIRM: true
|
|
SHOW_REGISTRATION_BUTTON: false
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
|
|
explore:
|
|
REQUIRE_SIGNIN_VIEW: true
|
|
webhook:
|
|
ALLOWED_HOST_LIST: private
|
|
ui:
|
|
DEFAULT_THEME: gitea-auto
|
|
THEMES: gitea-light,gitea-dark,gitea-auto,catppuccin-rosewater-auto,catppuccin-flamingo-auto,catppuccin-pink-auto,catppuccin-mauve-auto,catppuccin-red-auto,catppuccin-maroon-auto,catppuccin-peach-auto,catppuccin-yellow-auto,catppuccin-green-auto,catppuccin-teal-auto,catppuccin-sky-auto,catppuccin-sapphire-auto,catppuccin-blue-auto,catppuccin-lavender-auto,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender
|
|
mirror:
|
|
DEFAULT_INTERVAL: 10m
|
|
repo-archive:
|
|
ENABLED: false
|
|
additionalConfigFromEnvs:
|
|
- name: GITEA__DATABASE__HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-postgresql-17-cluster-app
|
|
key: host
|
|
- name: GITEA__DATABASE__NAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-postgresql-17-cluster-app
|
|
key: dbname
|
|
- name: GITEA__DATABASE__USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-postgresql-17-cluster-app
|
|
key: user
|
|
- name: GITEA__DATABASE__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-postgresql-17-cluster-app
|
|
key: password
|
|
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-meilisearch-master-key-secret
|
|
key: ISSUE_INDEXER_CONN_STR
|
|
valkey-cluster:
|
|
enabled: false
|
|
valkey:
|
|
enabled: false
|
|
postgresql-ha:
|
|
enabled: false
|
|
postgresql:
|
|
enabled: false
|
|
gitea-actions:
|
|
enabled: true
|
|
global:
|
|
fullnameOverride: gitea-actions
|
|
statefulset:
|
|
replicas: 6
|
|
actRunner:
|
|
repository: gitea/act_runner
|
|
tag: 0.2.11
|
|
config: |
|
|
log:
|
|
level: debug
|
|
cache:
|
|
enabled: false
|
|
runner:
|
|
labels:
|
|
- "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
|
|
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-ghcr.io/actions-oss/act/minimal/root:ubuntu-24.04"
|
|
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
|
|
- "ubuntu-20.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-20.04"
|
|
dind:
|
|
repository: docker
|
|
tag: 25.0.2-dind
|
|
persistence:
|
|
storageClass: ceph-block
|
|
size: 5Gi
|
|
init:
|
|
image:
|
|
repository: busybox
|
|
tag: "1.37.0"
|
|
existingSecret: gitea-runner-secret
|
|
existingSecretKey: token
|
|
giteaRootURL: http://gitea-http.gitea:3000
|
|
backup:
|
|
global:
|
|
fullnameOverride: gitea-backup
|
|
controllers:
|
|
backup:
|
|
type: cronjob
|
|
cronjob:
|
|
suspend: false
|
|
concurrencyPolicy: Forbid
|
|
timeZone: US/Central
|
|
schedule: 0 4 */2 * *
|
|
startingDeadlineSeconds: 90
|
|
successfulJobsHistory: 3
|
|
failedJobsHistory: 3
|
|
backoffLimit: 3
|
|
parallelism: 1
|
|
serviceAccount:
|
|
name: gitea-backup
|
|
pod:
|
|
automountServiceAccountToken: true
|
|
initContainers:
|
|
backup:
|
|
image:
|
|
repository: bitnami/kubectl
|
|
tag: latest
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- sh
|
|
args:
|
|
- -ec
|
|
- |
|
|
kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
|
|
kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
containers:
|
|
s3-backup:
|
|
image:
|
|
repository: d3fk/s3cmd
|
|
tag: latest@sha256:ccf931d3f53ae65125744bd544f62e7fe796671b4607c8cce7105bf512dff27a
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
args:
|
|
- -ec
|
|
- |
|
|
echo ">> Running S3 backup for Gitea"
|
|
s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${BUCKET}/cl01tl/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
|
|
mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
|
|
echo ">> Completed S3 backup for Gitea"
|
|
env:
|
|
- name: BUCKET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-s3cmd-config
|
|
key: BUCKET
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
s3-prune:
|
|
image:
|
|
repository: d3fk/s3cmd
|
|
tag: latest@sha256:ccf931d3f53ae65125744bd544f62e7fe796671b4607c8cce7105bf512dff27a
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
args:
|
|
- -ec
|
|
- |
|
|
export DATE_RANGE=$(date -d @$(( $(date +%s) - 604800 )) +%Y%m%d);
|
|
export FILE_MATCH="$BUCKET/cl01tl/gitea-backup-$DATE_RANGE-09-00.zip"
|
|
echo ">> Running S3 prune for Gitea backup repository"
|
|
echo ">> Backups prior to '$DATE_RANGE' will be removed"
|
|
echo ">> Backups to be removed:"
|
|
s3cmd ls ${BUCKET}/cl01tl/ |
|
|
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
|
|
echo ">> Deleting ..."
|
|
s3cmd ls ${BUCKET}/cl01tl/ |
|
|
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
|
|
while read file; do
|
|
s3cmd del "$file";
|
|
done;
|
|
echo ">> Completed S3 prune for Gitea backup repository"
|
|
env:
|
|
- name: BUCKET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-s3cmd-config
|
|
key: BUCKET
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
serviceAccount:
|
|
gitea-backup:
|
|
enabled: true
|
|
persistence:
|
|
config:
|
|
existingClaim: gitea-nfs-storage-backup
|
|
advancedMounts:
|
|
backup:
|
|
s3-backup:
|
|
- path: /opt/backup
|
|
readOnly: false
|
|
s3cmd-config:
|
|
enabled: true
|
|
type: secret
|
|
name: gitea-s3cmd-config
|
|
advancedMounts:
|
|
backup:
|
|
s3-backup:
|
|
- path: /root/.s3cfg
|
|
readOnly: true
|
|
mountPropagation: None
|
|
subPath: .s3cfg
|
|
s3-prune:
|
|
- path: /root/.s3cfg
|
|
readOnly: true
|
|
mountPropagation: None
|
|
subPath: .s3cfg
|
|
meilisearch:
|
|
environment:
|
|
MEILI_NO_ANALYTICS: true
|
|
MEILI_ENV: production
|
|
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
|
|
auth:
|
|
existingMasterKeySecret: gitea-meilisearch-master-key-secret
|
|
service:
|
|
type: ClusterIP
|
|
port: 7700
|
|
persistence:
|
|
enabled: true
|
|
storageClass: ceph-block
|
|
size: 5Gi
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
memory: 128Mi
|
|
serviceMonitor:
|
|
enabled: true
|
|
cloudflared:
|
|
existingSecretName: gitea-cloudflared-secret
|
|
postgres-17-cluster:
|
|
mode: recovery
|
|
cluster:
|
|
storage:
|
|
storageClass: local-path
|
|
walStorage:
|
|
storageClass: local-path
|
|
monitoring:
|
|
enabled: true
|
|
prometheusRule:
|
|
enabled: true
|
|
resources:
|
|
requests:
|
|
memory: 1Gi
|
|
cpu: 200m
|
|
recovery:
|
|
method: objectStore
|
|
objectStore:
|
|
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
|
|
endpointURL: http://garage-main.garage:3900
|
|
index: 1
|
|
endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
|
|
backup:
|
|
objectStore:
|
|
- name: external
|
|
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
|
|
index: 1
|
|
retentionPolicy: "7d"
|
|
isWALArchiver: false
|
|
- name: garage-local
|
|
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
|
|
index: 1
|
|
endpointURL: http://garage-main.garage:3900
|
|
endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
|
|
endpointCredentialsIncludeRegion: true
|
|
retentionPolicy: "7d"
|
|
isWALArchiver: true
|
|
# - name: garage-remote
|
|
# destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
|
|
# index: 1
|
|
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
|
# endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
|
|
# retentionPolicy: "30d"
|
|
# data:
|
|
# compression: bzip2
|
|
# jobs: 2
|
|
scheduledBackups:
|
|
- name: daily-backup
|
|
suspend: false
|
|
schedule: "0 0 0 * * *"
|
|
backupName: external
|
|
- name: live-backup
|
|
suspend: false
|
|
immediate: true
|
|
schedule: "0 0 0 * * *"
|
|
backupName: garage-local
|
|
# - name: weekly-backup
|
|
# suspend: false
|
|
# schedule: "0 0 4 * * SAT"
|
|
# backupName: garage-remote
|