375 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			375 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| gitea:
 | |
|   global:
 | |
|     imageRegistry: registry.hub.docker.com
 | |
|   replicaCount: 3
 | |
|   image:
 | |
|     repository: gitea/gitea
 | |
|     tag: 1.24.3
 | |
|   service:
 | |
|     http:
 | |
|       type: ClusterIP
 | |
|       port: 3000
 | |
|       clusterIP: 10.103.160.139
 | |
|     ssh:
 | |
|       type: ClusterIP
 | |
|       port: 22
 | |
|       clusterIP: 10.103.160.140
 | |
|   ingress:
 | |
|     enabled: false
 | |
|   persistence:
 | |
|     storageClass: ceph-filesystem
 | |
|     size: 20Gi
 | |
|     accessModes:
 | |
|       - ReadWriteMany
 | |
|   extraVolumes:
 | |
|     - name: gitea-nfs-storage-backup
 | |
|       persistentVolumeClaim:
 | |
|         claimName: gitea-nfs-storage-backup
 | |
|     - name: gitea-themes-storage
 | |
|       persistentVolumeClaim:
 | |
|         claimName: gitea-themes-storage
 | |
|   extraInitVolumeMounts:
 | |
|     - name: gitea-themes-storage
 | |
|       readOnly: false
 | |
|       mountPath: /data/gitea/public/assets/css
 | |
|   extraContainerVolumeMounts:
 | |
|     - mountPath: /opt/backup
 | |
|       name: gitea-nfs-storage-backup
 | |
|       readOnly: false
 | |
|     - name: gitea-themes-storage
 | |
|       readOnly: true
 | |
|       mountPath: /data/gitea/public/assets/css
 | |
|   initPreScript: |
 | |
|     wget https://github.com/catppuccin/gitea/releases/latest/download/catppuccin-gitea.tar.gz;
 | |
|     tar -xvzf catppuccin-gitea.tar.gz -C /data/gitea/public/assets/css;
 | |
|     rm catppuccin-gitea.tar.gz;
 | |
|   gitea:
 | |
|     metrics:
 | |
|       enabled: true
 | |
|       serviceMonitor:
 | |
|         enabled: false
 | |
|     oauth:
 | |
|       - name: Authentik
 | |
|         provider: openidConnect
 | |
|         existingSecret: gitea-oidc-secret
 | |
|         autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
 | |
|         iconUrl: https://goauthentik.io/img/icon.png
 | |
|         scopes: "email profile"
 | |
|     config:
 | |
|       APP_NAME: Gitea
 | |
|       server:
 | |
|         PROTOCOL: http
 | |
|         DOMAIN: gitea.alexlebens.dev
 | |
|         ROOT_URL: https://gitea.alexlebens.dev
 | |
|         LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
 | |
|         START_SSH_SERVER: true
 | |
|         SSH_DOMAIN: gitea.alexlebens.net
 | |
|         SSH_PORT: 22
 | |
|         SSH_LISTEN_PORT: 22
 | |
|         ENABLE_PPROF: true
 | |
|         LANDING_PAGE: explore
 | |
|       database:
 | |
|         DB_TYPE: postgres
 | |
|         SCHEMA: public
 | |
|       oauth2_client:
 | |
|         ENABLE_AUTO_REGISTRATION: true
 | |
|       cache:
 | |
|         ENABLED: true
 | |
|         ADAPTER: redis
 | |
|         HOST: redis://gitea-valkey-primary.gitea:6379
 | |
|       queue:
 | |
|         TYPE: redis
 | |
|         CONN_STR: redis://gitea-valkey-primary.gitea:6379
 | |
|       session:
 | |
|         PROVIDER: redis
 | |
|         PROVIDER_CONFIG: redis://gitea-valkey-primary.gitea:6379
 | |
|       indexer:
 | |
|         ISSUE_INDEXER_ENABLED: true
 | |
|         ISSUE_INDEXER_TYPE: meilisearch
 | |
|         REPO_INDEXER_ENABLED: false
 | |
|       actions:
 | |
|         ENABLED: true
 | |
|       service:
 | |
|         REGISTER_MANUAL_CONFIRM: true
 | |
|         SHOW_REGISTRATION_BUTTON: false
 | |
|         ALLOW_ONLY_EXTERNAL_REGISTRATION: true
 | |
|       explore:
 | |
|         REQUIRE_SIGNIN_VIEW: true
 | |
|       webhook:
 | |
|         ALLOWED_HOST_LIST: private
 | |
|       ui:
 | |
|         DEFAULT_THEME: gitea-auto
 | |
|         THEMES: gitea-light,gitea-dark,gitea-auto,catppuccin-rosewater-auto,catppuccin-flamingo-auto,catppuccin-pink-auto,catppuccin-mauve-auto,catppuccin-red-auto,catppuccin-maroon-auto,catppuccin-peach-auto,catppuccin-yellow-auto,catppuccin-green-auto,catppuccin-teal-auto,catppuccin-sky-auto,catppuccin-sapphire-auto,catppuccin-blue-auto,catppuccin-lavender-auto,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender
 | |
|       mirror:
 | |
|         DEFAULT_INTERVAL: 10m
 | |
|     additionalConfigFromEnvs:
 | |
|       - name: GITEA__DATABASE__HOST
 | |
|         valueFrom:
 | |
|           secretKeyRef:
 | |
|             name: gitea-postgresql-17-cluster-app
 | |
|             key: host
 | |
|       - name: GITEA__DATABASE__NAME
 | |
|         valueFrom:
 | |
|           secretKeyRef:
 | |
|             name: gitea-postgresql-17-cluster-app
 | |
|             key: dbname
 | |
|       - name: GITEA__DATABASE__USER
 | |
|         valueFrom:
 | |
|           secretKeyRef:
 | |
|             name: gitea-postgresql-17-cluster-app
 | |
|             key: user
 | |
|       - name: GITEA__DATABASE__PASSWD
 | |
|         valueFrom:
 | |
|           secretKeyRef:
 | |
|             name: gitea-postgresql-17-cluster-app
 | |
|             key: password
 | |
|       - name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
 | |
|         valueFrom:
 | |
|           secretKeyRef:
 | |
|             name: gitea-meilisearch-master-key-secret
 | |
|             key: ISSUE_INDEXER_CONN_STR
 | |
|   valkey-cluster:
 | |
|     enabled: false
 | |
|   valkey:
 | |
|     enabled: false
 | |
|   postgresql-ha:
 | |
|     enabled: false
 | |
|   postgresql:
 | |
|     enabled: false
 | |
| gitea-actions:
 | |
|   enabled: true
 | |
|   global:
 | |
|     fullnameOverride: gitea-actions
 | |
|   statefulset:
 | |
|     replicas: 6
 | |
|     actRunner:
 | |
|       repository: gitea/act_runner
 | |
|       tag: 0.2.11
 | |
|       config: |
 | |
|         log:
 | |
|           level: debug
 | |
|         cache:
 | |
|           enabled: false
 | |
|         runner:
 | |
|           labels:
 | |
|             - "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-latest"
 | |
|             - "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
 | |
|             - "ubuntu-20.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-20.04"
 | |
|     dind:
 | |
|       repository: docker
 | |
|       tag: 25.0.2-dind
 | |
|     persistence:
 | |
|       storageClass: ceph-block
 | |
|       size: 5Gi
 | |
|   init:
 | |
|     image:
 | |
|       repository: busybox
 | |
|       tag: "1.37.0"
 | |
|   existingSecret: gitea-runner-secret
 | |
|   existingSecretKey: token
 | |
|   giteaRootURL: http://gitea-http.gitea:3000
 | |
| backup:
 | |
|   global:
 | |
|     fullnameOverride: gitea-backup
 | |
|   controllers:
 | |
|     backup:
 | |
|       type: cronjob
 | |
|       cronjob:
 | |
|         suspend: false
 | |
|         concurrencyPolicy: Forbid
 | |
|         timeZone: US/Central
 | |
|         schedule: 0 4 * * *
 | |
|         startingDeadlineSeconds: 90
 | |
|         successfulJobsHistory: 3
 | |
|         failedJobsHistory: 3
 | |
|         backoffLimit: 3
 | |
|         parallelism: 1
 | |
|       serviceAccount:
 | |
|         name: gitea-backup
 | |
|       pod:
 | |
|         automountServiceAccountToken: true
 | |
|       initContainers:
 | |
|         backup:
 | |
|           image:
 | |
|             repository: bitnami/kubectl
 | |
|             tag: 1.33.3
 | |
|             pullPolicy: IfNotPresent
 | |
|           command:
 | |
|             - sh
 | |
|           args:
 | |
|             - -ec
 | |
|             - |
 | |
|               kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
 | |
|               kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|       containers:
 | |
|         s3-backup:
 | |
|           image:
 | |
|             repository: d3fk/s3cmd
 | |
|             tag: latest@sha256:243e81a62890dcc76771240f38c7492365e72fee84b29692178337cfd80b2ce2
 | |
|             pullPolicy: IfNotPresent
 | |
|           command:
 | |
|             - /bin/sh
 | |
|           args:
 | |
|             - -ec
 | |
|             - |
 | |
|               echo ">> Running S3 backup for Gitea"
 | |
|               s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${BUCKET}/cl01tl/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
 | |
|               mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
 | |
|               echo ">> Completed S3 backup for Gitea"
 | |
|           env:
 | |
|             - name: BUCKET
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: gitea-s3cmd-config
 | |
|                   key: BUCKET
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|         s3-prune:
 | |
|           image:
 | |
|             repository: d3fk/s3cmd
 | |
|             tag: latest@sha256:243e81a62890dcc76771240f38c7492365e72fee84b29692178337cfd80b2ce2
 | |
|             pullPolicy: IfNotPresent
 | |
|           command:
 | |
|             - /bin/sh
 | |
|           args:
 | |
|             - -ec
 | |
|             - |
 | |
|               export DATE_RANGE=$(date -d @$(( $(date +%s) - 1209600 )) +%Y%m%d);
 | |
|               export FILE_MATCH="$BUCKET/cl01tl/gitea-backup-$DATE_RANGE-09-00.zip"
 | |
|               echo ">> Running S3 prune for Gitea backup repository"
 | |
|               echo ">> Backups prior to '$DATE_RANGE' will be removed"
 | |
|               echo ">> Backups to be removed:"
 | |
|               s3cmd ls ${BUCKET}/cl01tl/ |
 | |
|                 awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
 | |
|               echo ">> Deleting ..."
 | |
|               s3cmd ls ${BUCKET}/cl01tl/ |
 | |
|                 awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
 | |
|                 while read file; do
 | |
|                   s3cmd del "$file";
 | |
|                 done;
 | |
|               echo ">> Completed S3 prune for Gitea backup repository"
 | |
|           env:
 | |
|             - name: BUCKET
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: gitea-s3cmd-config
 | |
|                   key: BUCKET
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|   serviceAccount:
 | |
|     gitea-backup:
 | |
|       enabled: true
 | |
|   persistence:
 | |
|     config:
 | |
|       existingClaim: gitea-nfs-storage-backup
 | |
|       advancedMounts:
 | |
|         backup:
 | |
|           s3-backup:
 | |
|             - path: /opt/backup
 | |
|               readOnly: false
 | |
|     s3cmd-config:
 | |
|       enabled: true
 | |
|       type: secret
 | |
|       name: gitea-s3cmd-config
 | |
|       advancedMounts:
 | |
|         backup:
 | |
|           s3-backup:
 | |
|             - path: /root/.s3cfg
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: .s3cfg
 | |
|           s3-prune:
 | |
|             - path: /root/.s3cfg
 | |
|               readOnly: true
 | |
|               mountPropagation: None
 | |
|               subPath: .s3cfg
 | |
| meilisearch:
 | |
|   environment:
 | |
|     MEILI_NO_ANALYTICS: true
 | |
|     MEILI_ENV: production
 | |
|     MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
 | |
|   auth:
 | |
|     existingMasterKeySecret: gitea-meilisearch-master-key-secret
 | |
|   service:
 | |
|     type: ClusterIP
 | |
|     port: 7700
 | |
|   persistence:
 | |
|     enabled: true
 | |
|     storageClass: ceph-block
 | |
|     size: 5Gi
 | |
|   resources:
 | |
|     requests:
 | |
|       cpu: 10m
 | |
|       memory: 128Mi
 | |
|   serviceMonitor:
 | |
|     enabled: true
 | |
| valkey:
 | |
|   architecture: replication
 | |
|   auth:
 | |
|     enabled: false
 | |
|     usePasswordFiles: false
 | |
|   primary:
 | |
|     resources:
 | |
|       requests:
 | |
|         cpu: 100m
 | |
|         memory: 64Mi
 | |
|     persistence:
 | |
|       enabled: true
 | |
|       size: 5Gi
 | |
|   replica:
 | |
|     resources:
 | |
|       requests:
 | |
|         cpu: 100m
 | |
|         memory: 64Mi
 | |
|     persistence:
 | |
|       enabled: true
 | |
|       size: 5Gi
 | |
| valkey-renovate:
 | |
|   nameOverride: renovate-valkey
 | |
|   architecture: standalone
 | |
|   auth:
 | |
|     enabled: false
 | |
|   primary:
 | |
|     resources:
 | |
|       requests:
 | |
|         cpu: 100m
 | |
|         memory: 64Mi
 | |
|     persistence:
 | |
|       enabled: true
 | |
|       size: 1Gi
 | |
| cloudflared:
 | |
|   existingSecretName: gitea-cloudflared-secret
 | |
| postgres-17-cluster:
 | |
|   mode: standalone
 | |
|   cluster:
 | |
|     storage:
 | |
|       storageClass: local-path
 | |
|     walStorage:
 | |
|       storageClass: local-path
 | |
|     monitoring:
 | |
|       enabled: true
 | |
|       prometheusRule:
 | |
|         enabled: true
 | |
|   recovery:
 | |
|     method: objectStore
 | |
|     objectStore:
 | |
|       endpointURL: https://nyc3.digitaloceanspaces.com
 | |
|       destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
 | |
|       endpointCredentials: gitea-postgresql-17-cluster-backup-secret
 | |
|       recoveryIndex: 3
 | |
|   backup:
 | |
|     enabled: true
 | |
|     endpointURL: https://nyc3.digitaloceanspaces.com
 | |
|     destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
 | |
|     endpointCredentials: gitea-postgresql-17-cluster-backup-secret
 | |
|     backupIndex: 3
 | |
|     retentionPolicy: "7d"
 |