alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity
Files
dae3bd7a396c82788408cc6caa5fdf75cde9fb25
infrastructure/clusters/cl01tl/platform/gitea/values.yaml
Alex Lebens dae3bd7a39 migrate storage
2025-03-10 21:34:33 -05:00

332 lines
8.9 KiB
YAML
Raw Blame History

gitea:
global:
imageRegistry: registry.hub.docker.com
strategy:
type: "Recreate"
image:
repository: gitea/gitea
tag: 1.23.5
service:
http:
type: ClusterIP
port: 3000
clusterIP: 10.103.160.139
ssh:
type: ClusterIP
port: 2222
clusterIP: 10.103.160.140
ingress:
enabled: false
persistence:
storageClass: ceph-filesystem
size: 10Gi
accessModes:
- ReadWriteMany
extraVolumes:
- name: gitea-nfs-storage-backup
persistentVolumeClaim:
claimName: gitea-nfs-storage-backup
extraVolumeMounts:
- mountPath: /opt/backup
name: gitea-nfs-storage-backup
readOnly: false
gitea:
# admin:
# existingSecret: gitea-admin-secret
metrics:
enabled: true
serviceMonitor:
enabled: true
oauth:
- name: Authentik
provider: openidConnect
existingSecret: gitea-oidc-secret
autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
iconUrl: https://goauthentik.io/img/icon.png
scopes: "email profile"
config:
APP_NAME: Gitea
server:
PROTOCOL: http
DOMAIN: gitea.alexlebens.dev
ROOT_URL: https://gitea.alexlebens.dev
LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
START_SSH_SERVER: true
SSH_DOMAIN: gitea-ssh.gitea
SSH_PORT: 2222
SSH_LISTEN_PORT: 2222
ENABLE_PPROF: true
LANDING_PAGE: explore
database:
DB_TYPE: postgres
SCHEMA: public
oauth2_client:
ENABLE_AUTO_REGISTRATION: true
cache:
ENABLED: true
ADAPTER: redis
HOST: redis://gitea-valkey-primary.gitea:6379
queue:
TYPE: redis
CONN_STR: redis://gitea-valkey-primary.gitea:6379
session:
PROVIDER: redis
PROVIDER_CONFIG: redis://gitea-valkey-primary.gitea:6379
indexer:
ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: meilisearch
REPO_INDEXER_ENABLED: false
attachment:
STORAGE_TYPE: minio
lfs:
STORAGE_TYPE: minio
picture:
AVATAR_STORAGE_TYPE: minio
"storage.packages":
STORAGE_TYPE: minio
storage:
MINIO_ENDPOINT: minio.gitea:80
MINIO_LOCATION: us-east-1
MINIO_BUCKET: gitea
MINIO_USE_SSL: false
service:
REGISTER_MANUAL_CONFIRM: true
SHOW_REGISTRATION_BUTTON: false
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
explore:
REQUIRE_SIGNIN_VIEW: true
webhook:
ALLOWED_HOST_LIST: private
mirror:
DEFAULT_INTERVAL: 10m
additionalConfigFromEnvs:
- name: GITEA__DATABASE__HOST
valueFrom:
secretKeyRef:
name: gitea-postgresql-17-cluster-app
key: host
- name: GITEA__DATABASE__NAME
valueFrom:
secretKeyRef:
name: gitea-postgresql-17-cluster-app
key: dbname
- name: GITEA__DATABASE__USER
valueFrom:
secretKeyRef:
name: gitea-postgresql-17-cluster-app
key: user
- name: GITEA__DATABASE__PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgresql-17-cluster-app
key: password
- name: GITEA__DATABASE__MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: gitea-minio-user-secret
key: AWS_ACCESS_KEY_ID
- name: GITEA__DATABASE__MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: gitea-minio-user-secret
key: AWS_SECRET_ACCESS_KEY
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
valueFrom:
secretKeyRef:
name: gitea-meilisearch-master-key-secret
key: ISSUE_INDEXER_CONN_STR
memcached:
enabled: false
redis:
enabled: false
redis-cluster:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false
mysql:
enabled: false
mariadb:
enabled: false
backup:
global:
fullnameOverride: gitea-backup
controllers:
backup:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 0 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 3
failedJobsHistory: 3
backoffLimit: 3
parallelism: 1
initContainers:
backup:
image:
repository: bitnami/kubectl
tag: 1.32.2
pullPolicy: IfNotPresent
command:
- sh
args:
- -ec
- |
kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
resources:
requests:
cpu: 100m
memory: 128Mi
containers:
s3-backup:
image:
repository: d3fk/s3cmd
tag: latest@sha256:19792558807828017ca8d40a814b2e6850c2e46828e67ac32b6c28612ca4adfe
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- |
echo ">> Running S3 backup for Gitea"
s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${S3_REPOSITORY}/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
echo ">> Completed S3 backup for Gitea"
envFrom:
- secretRef:
name: gitea-backup-s3
resources:
requests:
cpu: 100m
memory: 128Mi
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:19792558807828017ca8d40a814b2e6850c2e46828e67ac32b6c28612ca4adfe
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- |
export WEEK_AGO=$(date -d @$(( $(date +%s) - 604800 )) +%Y-%m-%d\ %H:%M:%S);
echo ">> Running S3 prune for Gitea backup repository"
echo ">> Backups prior to '$WEEK_AGO' will be removed"
s3cmd ls -v $S3_REPOSITORY |
awk -v week_ago="$WEEK_AGO" '$1 < week_ago {print $4}' |
while read file;
do s3cmd del -v "$file";
done;
echo ">> Completed S3 prune for Gitea backup repository"
envFrom:
- secretRef:
name: gitea-backup-s3
resources:
requests:
cpu: 100m
memory: 128Mi
serviceAccount:
create: true
persistence:
config:
existingClaim: gitea-nfs-storage-backup
advancedMounts:
backup:
s3-backup:
- path: /opt/backup
readOnly: false
s3cmd-config:
enabled: true
type: secret
name: gitea-s3cmd-config
advancedMounts:
backup:
s3-backup:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
s3-prune:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
minio:
existingSecret:
name: gitea-minio-root-secret
tenant:
name: minio-gitea
configuration:
name: gitea-minio-config-secret
pools:
- servers: 3
name: pool
volumesPerServer: 2
size: 10Gi
storageClassName: ceph-block
mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
console:
enabled: false
meilisearch:
environment:
MEILI_NO_ANALYTICS: true
MEILI_ENV: production
auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
size: 5Gi
resources:
requests:
cpu: 10m
memory: 128Mi
serviceMonitor:
enabled: true
valkey:
architecture: replication
auth:
enabled: false
usePasswordFiles: false
primary:
persistence:
enabled: true
size: 5Gi
replica:
persistence:
enabled: true
size: 5Gi
cloudflared:
existingSecretName: gitea-cloudflared-secret
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
endpointCredentials: gitea-postgresql-17-cluster-backup-secret
backupIndex: 3
Reference in New Issue View Git Blame Copy Permalink