Add gitea

2025-12-22 16:44:24 +00:00 · 2024-09-24 19:39:11 +02:00
parent cc2838aa24
commit d4854fd5aa
9 changed files with 185 additions and 0 deletions
--- a/apps/base/gitea/kustomization.yaml
+++ b/apps/base/gitea/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitea
+
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
--- a/apps/base/gitea/namespace.yaml
+++ b/apps/base/gitea/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
--- a/apps/base/gitea/release.yaml
+++ b/apps/base/gitea/release.yaml
@@ -0,0 +1,16 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: gitea
+      version: 10.2.0
+      sourceRef:
+        kind: HelmRepository
+        name: gitea
+        namespace: gitea
+      interval: 1h
--- a/apps/base/gitea/repository.yaml
+++ b/apps/base/gitea/repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1h
+  url: https://dl.gitea.io/charts/
--- a/apps/prod/gitea/ingress.yaml
+++ b/apps/prod/gitea/ingress.yaml
@@ -0,0 +1,14 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-web-ingress
+  namespace: gitea
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`git.example.com`)
+    kind: Rule
+    services:
+    - name: gitea-http
+      port: 3000
--- a/apps/prod/gitea/kustomization.yaml
+++ b/apps/prod/gitea/kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitea
+
+resources:
+  - ../base/gitea
+  - secret.enc.yaml
+  - release.yaml
+  - ingress.yaml
+
+configMapGenerator:
+  - name: gitea-prod-values
+    namespace: gitea
+    files:
+      - values.yaml
+
+patchesStrategicMerge:
+  - release.yaml
--- a/apps/prod/gitea/release.yaml
+++ b/apps/prod/gitea/release.yaml
@@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: gitea
+      version: 10.2.0
+      sourceRef:
+        kind: HelmRepository
+        name: gitea
+        namespace: gitea
+      interval: 1h
+  valuesFrom:
+    - kind: ConfigMap
+      name: gitea-prod-values
--- a/apps/prod/gitea/secret.enc.yaml
+++ b/apps/prod/gitea/secret.enc.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitea-admin-secret
+    namespace: gitea
+stringData:
+    username: ENC[AES256_GCM,data:1K7hWGJC,iv:SRYfP1NLS633JKNORnsFkBFXo5sP4ejWNj6r4NXbrrQ=,tag:kOfUyxznR8p8VsiYy//Ytg==,type:str]
+    password: ENC[AES256_GCM,data:6GstZlME7jdHkwmyKCp+G72j6yk=,iv:sMunSzr6NZq5QVuibItDJq6n/KM5F9+Ulgc3XLdXuEg=,tag:+/2eBSEJMggo2X1Ft8RIlw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQXVTa2hVaTAvbzU3aUxS
+            OHNUZm40RXlXa1dzRE5tMndKU015RVNYY1hjCjY5WDFYOFBrOXcyZm4vMkhWc0c4
+            UkhSYkhyVEJ2V1c1UytOZUxOTUJQWjgKLS0tIER2OFNsQUdHdkxTdEpObFFJcUxP
+            MVZUOGNJOC9QMU9WSWY2eTJjdEZsK2cKvdCXFw0LGc2Fqcnjla8SON0Oonsnrzfc
+            4GS1TFZ6bv4djodgn2wl43HmrrEvdHal2+HBDKv4McJv4x/jKBFbnw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-24T17:35:23Z"
+    mac: ENC[AES256_GCM,data:MCbFvTfxsp1jEQngBp1dVZBHBagfogq4kUgpvHUG7xmzvSipicxnPdJe1bLdR/Ei8VWvU6O+PYn2jGBKxof8aYvEKUbMngq2fT26lhi/910pDMyEnp+HV4wJIdnIOwR3p8DMzw386ejlOxk+Q57/JvDoDuu1p7vWv9g+/6fxu2g=,iv:t8WGOMajR88BbW1M7NOigYnSFhZs+yW00Plq4dq57b0=,tag:Pvg6MdWhGslRTFI7XAseHw==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.9.0
--- a/apps/prod/gitea/values.yaml
+++ b/apps/prod/gitea/values.yaml
@@ -0,0 +1,70 @@
+redis-cluster:
+  enabled: false
+postgresql-ha:
+  enabled: false
+postgresql:
+  enabled: true
+  image:
+    registry: docker.io
+    repository: bitnami/postgresql
+    tag: 15.3.0-debian-11-r24
+    digest: sha256:fff6086d557d962422c6d751b6723877642170bbcc25d6f23e5c2c2f079987d5
+  primary:
+    persistence:
+      storageClass: retain-local-path
+
+persistence:
+  enabled: true
+  storageClass: retain-local-path
+
+image:
+  rootless: true
+
+gitea:
+  admin:
+    existingSecret: gitea-admin-secret
+    email: "admin@example.com"
+  config:
+    actions:
+      ENABLED: true
+    federation:
+      ENABLED: true
+    database:
+      DB_TYPE: postgres
+    session:
+      PROVIDER: db
+    cache:
+      ADAPTER: memory
+    queue:
+      TYPE: channel
+    server:
+      BUILTIN_SSH_SERVER_USER: git
+      ROOT_URL: https://git.example.com
+      DOMAIN: git.example.com
+      SSH_CREATE_AUTHORIZED_KEYS_FILE: false
+      LANDING_PAGE: explore
+    service:
+      REGISTER_MANUAL_CONFIRM: true
+    indexer:
+      ISSUE_INDEXER_TYPE: bleve
+      REPO_INDEXER_ENABLED: true
+
+service:
+  http:
+    type: ClusterIP
+    port: 3000
+    clusterIP:
+  ssh:
+    type: ClusterIP
+    port: 22
+
+podSecurityContext:
+  fsGroup: 1001
+
+containerSecurityContext:
+  runAsGroup: 1001
+  runAsNonRoot: true
+  runAsUser: 1001
+
+test:
+  enabled: false