CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Adds gitea app.

Browse Source
This commit is contained in:
Paul Payne
2025-07-17 14:02:22 -07:00
parent 7250f08cc5
commit a92d427fc4
9 changed files with 396 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
apps/gitea/configmap.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-config
namespace: gitea
data:
app.ini: |
APP_NAME = {{ .apps.gitea.appName }}
RUN_MODE = {{ .apps.gitea.runMode }}
RUN_USER = git
[security]
INSTALL_LOCK = true
[database]
DB_TYPE = postgres
HOST = {{ .apps.gitea.dbHost }}:{{ .apps.gitea.dbPort }}
NAME = {{ .apps.gitea.dbName }}
USER = {{ .apps.gitea.dbUser }}
SSL_MODE = disable
[server]
DOMAIN = {{ .apps.gitea.domain }}
HTTP_PORT = {{ .apps.gitea.port }}
ROOT_URL = https://{{ .apps.gitea.domain }}/
DISABLE_SSH = false
SSH_DOMAIN = {{ .apps.gitea.domain }}
SSH_PORT = {{ .apps.gitea.sshPort }}
SSH_LISTEN_PORT = 2222
LFS_START_SERVER = true
[service]
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_NOTIFY_MAIL = false
ENABLE_BASIC_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.{{ .cloud.domain }}
[webhook]
ALLOWED_HOST_LIST = *
[mailer]
ENABLED = false
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[log]
MODE = console
LEVEL = info
ROOT_PATH = /data/gitea/log

51
apps/gitea/db-init-job.yaml Normal file
View File

@@ -0,0 +1,51 @@
apiVersion: batch/v1
kind: Job
metadata:
name: gitea-db-init
labels:
component: db-init
spec:
template:
metadata:
labels:
component: db-init
spec:
containers:
- name: db-init
image: {{ .apps.postgres.image }}
command: ["/bin/bash", "-c"]
args:
- |
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${DB_HOSTNAME} -U postgres <<EOF
DO \$\$
BEGIN
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '${DB_USERNAME}') THEN
CREATE USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
ELSE
ALTER USER ${DB_USERNAME} WITH ENCRYPTED PASSWORD '${DB_PASSWORD}';
END IF;
END
\$\$;
SELECT 'CREATE DATABASE ${DB_DATABASE_NAME}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_DATABASE_NAME}')\gexec
ALTER DATABASE ${DB_DATABASE_NAME} OWNER TO ${DB_USERNAME};
GRANT ALL PRIVILEGES ON DATABASE ${DB_DATABASE_NAME} TO ${DB_USERNAME};
EOF
env:
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secrets
key: password
- name: DB_HOSTNAME
value: "{{ .apps.gitea.dbHost }}"
- name: DB_DATABASE_NAME
value: "{{ .apps.gitea.dbName }}"
- name: DB_USERNAME
value: "{{ .apps.gitea.dbUser }}"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-secrets
key: dbPassword
restartPolicy: OnFailure

176
apps/gitea/deployment.yaml Normal file
View File

@@ -0,0 +1,176 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: gitea
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 100%
selector:
matchLabels:
component: web
template:
metadata:
labels:
component: web
spec:
securityContext:
fsGroup: 1000
initContainers:
- name: init-directories
image: "{{ .apps.gitea.image }}"
imagePullPolicy: IfNotPresent
command:
- "/usr/sbin/init_directory_structure.sh"
env:
- name: GITEA_APP_INI
value: /data/gitea/conf/app.ini
- name: GITEA_CUSTOM
value: /data/gitea
- name: GITEA_WORK_DIR
value: /data
- name: GITEA_TEMP
value: /tmp/gitea
volumeMounts:
- name: init
mountPath: /usr/sbin
- name: temp
mountPath: /tmp
- name: data
mountPath: /data
securityContext:
{}
resources:
limits: {}
requests:
cpu: 100m
memory: 128Mi
- name: configure-gitea
image: "{{ .apps.gitea.image }}"
command:
- "/usr/sbin/configure_gitea.sh"
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1000
env:
- name: GITEA_APP_INI
value: /data/gitea/conf/app.ini
- name: GITEA_CUSTOM
value: /data/gitea
- name: GITEA_WORK_DIR
value: /data
- name: GITEA_TEMP
value: /tmp/gitea
- name: HOME
value: /data/gitea/git
- name: GITEA_ADMIN_USERNAME
value: "{{ .apps.gitea.adminUser }}"
- name: GITEA_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-secrets
key: adminPassword
- name: GITEA_ADMIN_PASSWORD_MODE
value: keepUpdated
volumeMounts:
- name: init
mountPath: /usr/sbin
- name: temp
mountPath: /tmp
- name: data
mountPath: /data
- name: config
mountPath: /data/gitea/conf/app.ini
subPath: app.ini
resources:
limits: {}
requests:
cpu: 100m
memory: 128Mi
terminationGracePeriodSeconds: 60
containers:
- name: gitea
image: "{{ .apps.gitea.image }}"
imagePullPolicy: IfNotPresent
env:
- name: SSH_LISTEN_PORT
value: "2222"
- name: SSH_PORT
value: "{{ .apps.gitea.sshPort }}"
- name: GITEA_APP_INI
value: /data/gitea/conf/app.ini
- name: GITEA_CUSTOM
value: /data/gitea
- name: GITEA_WORK_DIR
value: /data
- name: GITEA_TEMP
value: /tmp/gitea
- name: TMPDIR
value: /tmp/gitea
- name: HOME
value: /data/gitea/git
- name: GITEA__security__SECRET_KEY
valueFrom:
secretKeyRef:
name: gitea-secrets
key: secretKey
- name: GITEA__security__INTERNAL_TOKEN
valueFrom:
secretKeyRef:
name: gitea-secrets
key: jwtSecret
- name: GITEA__database__PASSWD
valueFrom:
secretKeyRef:
name: gitea-secrets
key: dbPassword
ports:
- name: ssh
containerPort: 2222
- name: http
containerPort: {{ .apps.gitea.port }}
livenessProbe:
failureThreshold: 10
initialDelaySeconds: 200
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: http
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: http
timeoutSeconds: 1
resources:
{}
securityContext:
{}
volumeMounts:
- name: temp
mountPath: /tmp
- name: data
mountPath: /data
- name: config
mountPath: /data/gitea/conf/app.ini
subPath: app.ini
volumes:
- name: init
configMap:
name: gitea-config
defaultMode: 0o110
- name: config
configMap:
name: gitea-config
- name: temp
emptyDir: {}
- name: data
persistentVolumeClaim:
claimName: gitea-data

24
apps/gitea/ingress.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitea-public
namespace: gitea
annotations:
external-dns.alpha.kubernetes.io/target: "{{ .apps.gitea.domain }}"
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec:
rules:
- host: "{{ .apps.gitea.domain }}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitea-http
port:
number: 3000
tls:
- secretName: wildcard-wild-cloud-tls
hosts:
- "{{ .apps.gitea.domain }}"

17
apps/gitea/kustomization.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: gitea
labels:
- includeSelectors: true
pairs:
app: gitea
managedBy: kustomize
partOf: wild-cloud
resources:
- namespace.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
- pvc.yaml
- configmap.yaml
- db-init-job.yaml

26
apps/gitea/manifest.yaml Normal file
View File

@@ -0,0 +1,26 @@
name: gitea
description: Gitea is a painless self-hosted Git service written in Go
version: 1.0.0
icon: https://github.com/go-gitea/gitea/raw/main/assets/logo.png
requires:
- name: postgres
defaultConfig:
image: gitea/gitea:1.22.0
domain: gitea.{{ .cloud.domain }}
port: 3000
sshPort: 22
storage: 10Gi
dbName: gitea
dbUser: gitea
dbHost: postgres.postgres.svc.cluster.local
dbPort: 5432
timezone: UTC
adminUser: admin
adminEmail: admin@{{ .cloud.domain }}
appName: Gitea
runMode: prod
requiredSecrets:
- apps.gitea.adminPassword
- apps.gitea.dbPassword
- apps.gitea.secretKey
- apps.gitea.jwtSecret

4
apps/gitea/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: gitea

12
apps/gitea/pvc.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-data
namespace: gitea
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: "{{ .apps.gitea.storage }}"

28
apps/gitea/service.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Service
metadata:
name: gitea-http
namespace: gitea
spec:
type: ClusterIP
ports:
- name: http
port: 3000
targetPort: {{ .apps.gitea.port }}
selector:
component: web
---
apiVersion: v1
kind: Service
metadata:
name: gitea-ssh
namespace: gitea
spec:
type: LoadBalancer
ports:
- name: ssh
port: {{ .apps.gitea.sshPort }}
targetPort: 2222
protocol: TCP
selector:
component: web