alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 3 Activity
Files
4ba36c3f3eb663f9a9cc09099b3541ead144b239
infrastructure/clusters/cl01tl/platform/gitea/values.yaml
Renovate Bot fd6530138b
All checks were successful
lint-and-test-charts / lint-test (pull_request) Successful in 17s
Details
Update d3fk/s3cmd:latest Docker digest to 2095d9e
2025-05-21 00:40:54 +00:00

426 lines
11 KiB
YAML
Raw Blame History

gitea:
global:
imageRegistry: registry.hub.docker.com
replicaCount: 3
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 0
image:
repository: gitea/gitea
tag: 1.23.8
service:
http:
type: ClusterIP
port: 3000
clusterIP: 10.103.160.139
ssh:
type: ClusterIP
port: 22
clusterIP: 10.103.160.140
ingress:
enabled: false
persistence:
storageClass: ceph-filesystem
size: 10Gi
accessModes:
- ReadWriteMany
extraVolumes:
- name: gitea-nfs-storage-backup
persistentVolumeClaim:
claimName: gitea-nfs-storage-backup
extraVolumeMounts:
- mountPath: /opt/backup
name: gitea-nfs-storage-backup
readOnly: false
actions:
enabled: true
statefulset:
resources:
requests:
cpu: 100m
memory: 256Mi
actRunner:
repository: gitea/act_runner
tag: 0.2.11
config: |
log:
level: debug
cache:
enabled: false
container:
privileged: true
provisioning:
enabled: false
existingSecret: gitea-runner-secret
existingSecretKey: token
gitea:
metrics:
enabled: true
serviceMonitor:
enabled: false
oauth:
- name: Authentik
provider: openidConnect
existingSecret: gitea-oidc-secret
autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
iconUrl: https://goauthentik.io/img/icon.png
scopes: "email profile"
config:
APP_NAME: Gitea
server:
PROTOCOL: http
DOMAIN: gitea.alexlebens.dev
ROOT_URL: https://gitea.alexlebens.dev
LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
START_SSH_SERVER: true
SSH_DOMAIN: gitea.alexlebens.net
SSH_PORT: 22
SSH_LISTEN_PORT: 22
ENABLE_PPROF: true
LANDING_PAGE: explore
database:
DB_TYPE: postgres
SCHEMA: public
oauth2_client:
ENABLE_AUTO_REGISTRATION: true
cache:
ENABLED: true
ADAPTER: redis
HOST: redis://gitea-valkey-primary.gitea:6379
queue:
TYPE: redis
CONN_STR: redis://gitea-valkey-primary.gitea:6379
session:
PROVIDER: redis
PROVIDER_CONFIG: redis://gitea-valkey-primary.gitea:6379
indexer:
ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: meilisearch
REPO_INDEXER_ENABLED: false
actions:
ENABLED: true
service:
REGISTER_MANUAL_CONFIRM: true
SHOW_REGISTRATION_BUTTON: false
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
explore:
REQUIRE_SIGNIN_VIEW: true
webhook:
ALLOWED_HOST_LIST: private
mirror:
DEFAULT_INTERVAL: 10m
additionalConfigFromEnvs:
- name: GITEA__DATABASE__HOST
valueFrom:
secretKeyRef:
name: gitea-postgresql-17-cluster-app
key: host
- name: GITEA__DATABASE__NAME
valueFrom:
secretKeyRef:
name: gitea-postgresql-17-cluster-app
key: dbname
- name: GITEA__DATABASE__USER
valueFrom:
secretKeyRef:
name: gitea-postgresql-17-cluster-app
key: user
- name: GITEA__DATABASE__PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgresql-17-cluster-app
key: password
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
valueFrom:
secretKeyRef:
name: gitea-meilisearch-master-key-secret
key: ISSUE_INDEXER_CONN_STR
memcached:
enabled: false
redis:
enabled: false
redis-cluster:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false
mysql:
enabled: false
mariadb:
enabled: false
renovate:
global:
fullnameOverride: gitea-renovate
controllers:
renovate:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "*/10 * * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 3
failedJobsHistory: 3
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: renovate/renovate
tag: 40
pullPolicy: IfNotPresent
env:
- name: RENOVATE_PLATFORM
value: gitea
- name: RENOVATE_AUTODISCOVER
value: 'true'
- name: RENOVATE_ONBOARDING
value: 'true'
- name: RENOVATE_BASE_DIR
value: /tmp/renovate
- name: RENOVATE_PERSIST_REPO_DATA
value: true
- name: RENOVATE_REPOSITORY_CACHE
value: true
- name: RENOVATE_REDIS_URL
value: redis://gitea-renovate-valkey-headless.gitea:6379
- name: LOG_LEVEL
value: debug
envFrom:
- secretRef:
name: gitea-renovate-secret
resources:
requests:
cpu: 100m
memory: 128Mi
persistence:
base:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
renovate:
main:
- path: /tmp/renovate
readOnly: false
ssh:
enabled: true
type: secret
name: gitea-renovate-ssh-secret
advancedMounts:
renovate:
main:
- path: /home/ubuntu/.ssh
readOnly: true
mountPropagation: None
cache:
type: emptyDir
advancedMounts:
renovate:
main:
- path: /tmp/renovate/cache
readOnly: false
backup:
global:
fullnameOverride: gitea-backup
controllers:
backup:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 0 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 3
failedJobsHistory: 3
backoffLimit: 3
parallelism: 1
serviceAccount:
name: gitea-backup
pod:
automountServiceAccountToken: true
initContainers:
backup:
image:
repository: bitnami/kubectl
tag: 1.33.1
pullPolicy: IfNotPresent
command:
- sh
args:
- -ec
- |
kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
resources:
requests:
cpu: 100m
memory: 128Mi
containers:
s3-backup:
image:
repository: d3fk/s3cmd
tag: latest@sha256:2095d9e013856e6bcb0aff5e32bc26eb41f0938c352981e5a8b2e685b3899fd3
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- |
echo ">> Running S3 backup for Gitea"
s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${S3_REPOSITORY}/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
echo ">> Completed S3 backup for Gitea"
envFrom:
- secretRef:
name: gitea-backup-s3
resources:
requests:
cpu: 100m
memory: 128Mi
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:2095d9e013856e6bcb0aff5e32bc26eb41f0938c352981e5a8b2e685b3899fd3
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- |
export ONE_WEEK_AGO=$(date -d @$(( $(date +%s) - 604800 )) +%Y-%m-%d\ %H:%M:%S);
export TWO_WEEK_AGO=$(date -d @$(( $(date +%s) - 1209600 )) +%Y-%m-%d\ %H:%M:%S);
export TIME_RANGE="$TWO_WEEK_AGO"
echo ">> Running S3 prune for Gitea backup repository"
echo ">> Backups prior to '$TIME_RANGE' will be removed"
echo ">> File list:"
s3cmd ls -v $S3_REPOSITORY
echo ">> Deleting ..."
s3cmd ls -v $S3_REPOSITORY |
awk -v time_range="$TIME_RANGE" '$1 < time_range {print $4}' |
while read file;
do s3cmd del -v "$file";
echo ">> Deleted $file";
done;
echo ">> Completed S3 prune for Gitea backup repository"
envFrom:
- secretRef:
name: gitea-backup-s3
resources:
requests:
cpu: 100m
memory: 128Mi
serviceAccount:
gitea-backup:
enabled: true
persistence:
config:
existingClaim: gitea-nfs-storage-backup
advancedMounts:
backup:
s3-backup:
- path: /opt/backup
readOnly: false
s3cmd-config:
enabled: true
type: secret
name: gitea-s3cmd-config
advancedMounts:
backup:
s3-backup:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
s3-prune:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
meilisearch:
environment:
MEILI_NO_ANALYTICS: true
MEILI_ENV: production
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
size: 5Gi
resources:
requests:
cpu: 10m
memory: 128Mi
serviceMonitor:
enabled: true
valkey:
architecture: replication
auth:
enabled: false
usePasswordFiles: false
primary:
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 5Gi
replica:
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 5Gi
valkey-renovate:
nameOverride: renovate-valkey
architecture: standalone
auth:
enabled: false
primary:
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
cloudflared:
existingSecretName: gitea-cloudflared-secret
postgres-17-cluster:
mode: standalone
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
recovery:
method: objectStore
objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
endpointCredentials: gitea-postgresql-17-cluster-backup-secret
recoveryIndex: 3
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
endpointCredentials: gitea-postgresql-17-cluster-backup-secret
backupIndex: 3
Reference in New Issue View Git Blame Copy Permalink