198 lines
5.5 KiB
YAML
198 lines
5.5 KiB
YAML
gitea:
|
|
strategy:
|
|
type: Recreate
|
|
image:
|
|
repository: gitea/gitea
|
|
tag: 1.22.3
|
|
ingress:
|
|
enabled: false
|
|
className: traefik
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-issuer
|
|
hosts:
|
|
- host: gitea.alexlebens.net
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: gitea-secret-tls
|
|
hosts:
|
|
- gitea.alexlebens.net
|
|
serviceAccount:
|
|
create: true
|
|
automountServiceAccountToken: true
|
|
gitea:
|
|
admin:
|
|
existingSecret: gitea-admin-secret
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
oauth:
|
|
- name: Authentik
|
|
provider: openidConnect
|
|
existingSecret: gitea-oidc-secret
|
|
autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
|
|
iconUrl: https://goauthentik.io/img/icon.png
|
|
scopes: "email profile"
|
|
config:
|
|
APP_NAME: Gitea
|
|
server:
|
|
PROTOCOL: http
|
|
DOMAIN: gitea.alexlebens.dev
|
|
ROOT_URL: https://gitea.alexlebens.dev
|
|
LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
|
|
START_SSH_SERVER: true
|
|
SSH_DOMAIN: gitea.alexlebens.dev
|
|
SSH_PORT: 2222
|
|
SSH_LISTEN_PORT: 2222
|
|
ENABLE_PPROF: true
|
|
LANDING_PAGE: explore
|
|
database:
|
|
DB_TYPE: postgres
|
|
SCHEMA: public
|
|
oauth2_client:
|
|
ENABLE_AUTO_REGISTRATION: true
|
|
service:
|
|
REGISTER_MANUAL_CONFIRM: true
|
|
SHOW_REGISTRATION_BUTTON: false
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
|
|
explore:
|
|
REQUIRE_SIGNIN_VIEW: true
|
|
webhook:
|
|
ALLOWED_HOST_LIST: private
|
|
mirror:
|
|
DEFAULT_INTERVAL: 10m
|
|
additionalConfigFromEnvs:
|
|
- name: GITEA__DATABASE__HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-postgresql-16-cluster-app
|
|
key: host
|
|
- name: GITEA__DATABASE__NAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-postgresql-16-cluster-app
|
|
key: dbname
|
|
- name: GITEA__DATABASE__USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-postgresql-16-cluster-app
|
|
key: user
|
|
- name: GITEA__DATABASE__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-postgresql-16-cluster-app
|
|
key: password
|
|
persistence:
|
|
storageClass: ceph-block
|
|
extraVolumes:
|
|
- name: gitea-nfs-storage-backup
|
|
persistentVolumeClaim:
|
|
claimName: gitea-nfs-storage-backup
|
|
extraVolumeMounts:
|
|
- mountPath: /opt/backup
|
|
name: gitea-nfs-storage-backup
|
|
readOnly: false
|
|
postgresql:
|
|
enabled: false
|
|
postgresql-ha:
|
|
enabled: false
|
|
redis-cluster:
|
|
enabled: true
|
|
cloudflared:
|
|
existingSecretName: gitea-cloudflared-secret
|
|
backup:
|
|
global:
|
|
fullnameOverride: gitea-backup
|
|
controllers:
|
|
backup:
|
|
type: cronjob
|
|
cronjob:
|
|
suspend: false
|
|
concurrencyPolicy: Forbid
|
|
timeZone: US/Central
|
|
schedule: 0 4 * * *
|
|
startingDeadlineSeconds: 90
|
|
successfulJobsHistory: 3
|
|
failedJobsHistory: 3
|
|
backoffLimit: 3
|
|
parallelism: 1
|
|
containers:
|
|
backup:
|
|
image:
|
|
repository: bitnami/kubectl
|
|
tag: 1.31.2
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
args:
|
|
- -ec
|
|
- |
|
|
kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
|
|
kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
s3:
|
|
image:
|
|
repository: amazon/aws-cli
|
|
tag: 2.19.4
|
|
pullPolicy: IfNotPresent
|
|
command:
|
|
- /bin/sh
|
|
args:
|
|
- -ec
|
|
- |
|
|
until [ -f /opt/backup/gitea-backup.zip ]; do sleep 5; done;
|
|
aws s3 cp /opt/backup/gitea-backup.zip s3://cl01tl-gitea-backups/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
|
|
mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
|
|
envFrom:
|
|
- secretRef:
|
|
name: gitea-backup-s3
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
serviceAccount:
|
|
create: true
|
|
persistence:
|
|
config:
|
|
existingClaim: gitea-nfs-storage-backup
|
|
advancedMounts:
|
|
backup:
|
|
s3:
|
|
- path: /opt/backup
|
|
readOnly: false
|
|
postgres-16-cluster:
|
|
mode: recovery
|
|
cluster:
|
|
walStorage:
|
|
storageClass: local-path
|
|
storage:
|
|
storageClass: local-path
|
|
monitoring:
|
|
enabled: true
|
|
prometheusRule:
|
|
enabled: false
|
|
recovery:
|
|
endpointURL: https://s3.us-east-2.amazonaws.com
|
|
destinationPath: s3://cl01tl-postgresql-backups/gitea
|
|
endpointCredentials: gitea-postgresql-16-cluster-backup-secret
|
|
recoveryIndex: 1
|
|
backup:
|
|
enabled: true
|
|
endpointURL: https://s3.us-east-2.amazonaws.com
|
|
destinationPath: s3://cl01tl-postgresql-backups/gitea
|
|
endpointCredentials: gitea-postgresql-16-cluster-backup-secret
|
|
backupIndex: 2
|
|
tags:
|
|
backupRetentionPolicy: "expire"
|
|
user: "cl01tl-gitea-postgresql"
|
|
historyTags:
|
|
backupRetentionPolicy: "keep"
|
|
user: "cl01tl-gitea-postgresql"
|