Add gitea

2025-12-22 16:44:24 +00:00 · 2024-09-24 19:39:11 +02:00
parent cc2838aa24
commit d4854fd5aa
9 changed files with 185 additions and 0 deletions
--- a/apps/base/gitea/kustomization.yaml
+++ b/apps/base/gitea/kustomization.yaml
@@ -0,0 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: gitea
 resources:
  - namespace.yaml
  - repository.yaml
  - release.yaml
--- a/apps/base/gitea/namespace.yaml
+++ b/apps/base/gitea/namespace.yaml
@@ -0,0 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: gitea
--- a/apps/base/gitea/release.yaml
+++ b/apps/base/gitea/release.yaml
@@ -0,0 +1,16 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: gitea
  namespace: gitea
 spec:
  interval: 1h
  chart:
    spec:
      chart: gitea
      version: 10.2.0
      sourceRef:
        kind: HelmRepository
        name: gitea
        namespace: gitea
      interval: 1h
--- a/apps/base/gitea/repository.yaml
+++ b/apps/base/gitea/repository.yaml
@@ -0,0 +1,8 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: gitea
  namespace: gitea
 spec:
  interval: 1h
  url: https://dl.gitea.io/charts/
--- a/apps/prod/gitea/ingress.yaml
+++ b/apps/prod/gitea/ingress.yaml
@@ -0,0 +1,14 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: gitea-web-ingress
  namespace: gitea
 spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`git.example.com`)
    kind: Rule
    services:
    - name: gitea-http
      port: 3000
--- a/apps/prod/gitea/kustomization.yaml
+++ b/apps/prod/gitea/kustomization.yaml
@@ -0,0 +1,18 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: gitea
 resources:
  - ../base/gitea
  - secret.enc.yaml
  - release.yaml
  - ingress.yaml
 configMapGenerator:
  - name: gitea-prod-values
    namespace: gitea
    files:
      - values.yaml
 patchesStrategicMerge:
  - release.yaml
--- a/apps/prod/gitea/release.yaml
+++ b/apps/prod/gitea/release.yaml
@@ -0,0 +1,19 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: gitea
  namespace: gitea
 spec:
  interval: 1h
  chart:
    spec:
      chart: gitea
      version: 10.2.0
      sourceRef:
        kind: HelmRepository
        name: gitea
        namespace: gitea
      interval: 1h
  valuesFrom:
    - kind: ConfigMap
      name: gitea-prod-values
--- a/apps/prod/gitea/secret.enc.yaml
+++ b/apps/prod/gitea/secret.enc.yaml
@@ -0,0 +1,28 @@
 apiVersion: v1
 kind: Secret
 metadata:
    name: gitea-admin-secret
    namespace: gitea
 stringData:
    username: ENC[AES256_GCM,data:1K7hWGJC,iv:SRYfP1NLS633JKNORnsFkBFXo5sP4ejWNj6r4NXbrrQ=,tag:kOfUyxznR8p8VsiYy//Ytg==,type:str]
    password: ENC[AES256_GCM,data:6GstZlME7jdHkwmyKCp+G72j6yk=,iv:sMunSzr6NZq5QVuibItDJq6n/KM5F9+Ulgc3XLdXuEg=,tag:+/2eBSEJMggo2X1Ft8RIlw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQXVTa2hVaTAvbzU3aUxS
            OHNUZm40RXlXa1dzRE5tMndKU015RVNYY1hjCjY5WDFYOFBrOXcyZm4vMkhWc0c4
            UkhSYkhyVEJ2V1c1UytOZUxOTUJQWjgKLS0tIER2OFNsQUdHdkxTdEpObFFJcUxP
            MVZUOGNJOC9QMU9WSWY2eTJjdEZsK2cKvdCXFw0LGc2Fqcnjla8SON0Oonsnrzfc
            4GS1TFZ6bv4djodgn2wl43HmrrEvdHal2+HBDKv4McJv4x/jKBFbnw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-09-24T17:35:23Z"
    mac: ENC[AES256_GCM,data:MCbFvTfxsp1jEQngBp1dVZBHBagfogq4kUgpvHUG7xmzvSipicxnPdJe1bLdR/Ei8VWvU6O+PYn2jGBKxof8aYvEKUbMngq2fT26lhi/910pDMyEnp+HV4wJIdnIOwR3p8DMzw386ejlOxk+Q57/JvDoDuu1p7vWv9g+/6fxu2g=,iv:t8WGOMajR88BbW1M7NOigYnSFhZs+yW00Plq4dq57b0=,tag:Pvg6MdWhGslRTFI7XAseHw==,type:str]
    pgp: []
    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
    version: 3.9.0
--- a/apps/prod/gitea/values.yaml
+++ b/apps/prod/gitea/values.yaml
@@ -0,0 +1,70 @@
 redis-cluster:
  enabled: false
 postgresql-ha:
  enabled: false
 postgresql:
  enabled: true
  image:
    registry: docker.io
    repository: bitnami/postgresql
    tag: 15.3.0-debian-11-r24
    digest: sha256:fff6086d557d962422c6d751b6723877642170bbcc25d6f23e5c2c2f079987d5
  primary:
    persistence:
      storageClass: retain-local-path
 persistence:
  enabled: true
  storageClass: retain-local-path
 image:
  rootless: true
 gitea:
  admin:
    existingSecret: gitea-admin-secret
    email: "admin@example.com"
  config:
    actions:
      ENABLED: true
    federation:
      ENABLED: true
    database:
      DB_TYPE: postgres
    session:
      PROVIDER: db
    cache:
      ADAPTER: memory
    queue:
      TYPE: channel
    server:
      BUILTIN_SSH_SERVER_USER: git
      ROOT_URL: https://git.example.com
      DOMAIN: git.example.com
      SSH_CREATE_AUTHORIZED_KEYS_FILE: false
      LANDING_PAGE: explore
    service:
      REGISTER_MANUAL_CONFIRM: true
    indexer:
      ISSUE_INDEXER_TYPE: bleve
      REPO_INDEXER_ENABLED: true
 service:
  http:
    type: ClusterIP
    port: 3000
    clusterIP:
  ssh:
    type: ClusterIP
    port: 22
 podSecurityContext:
  fsGroup: 1001
 containerSecurityContext:
  runAsGroup: 1001
  runAsNonRoot: true
  runAsUser: 1001
 test:
  enabled: false