apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitea-data namespace: jam-cloud-infra spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: linode-block-storage-retain --- apiVersion: v1 kind: ConfigMap metadata: name: gitea-config namespace: jam-cloud-infra data: app.ini: | APP_NAME = Gitea: Git with a cup of tea RUN_MODE = prod WORK_PATH = /data/gitea [repository] ROOT = /data/git/repositories ALLOWED_SCHEMES = http,https,ssh,git [repository.local] LOCAL_COPY_PATH = /data/gitea/tmp/local-repo [repository.upload] TEMP_PATH = /data/gitea/uploads [server] APP_DATA_PATH = /data/gitea DOMAIN = git.staging.jamkazam.com SSH_DOMAIN = localhost HTTP_PORT = 3000 ROOT_URL = https://git.staging.jamkazam.com/ DISABLE_SSH = false SSH_PORT = 22 SSH_LISTEN_PORT = 22 LFS_START_SERVER = false [database] PATH = /data/gitea/gitea.db DB_TYPE = sqlite3 HOST = localhost:3306 NAME = gitea USER = root PASSWD = LOG_SQL = false [indexer] ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve [session] PROVIDER_CONFIG = /data/gitea/sessions [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars [attachment] PATH = /data/gitea/attachments [log] MODE = console LEVEL = info ROOT_PATH = /data/gitea/log [security] INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NzMwMDMyODN9.c3kDP5f7-lo3yR-Z8mPiaAsSEsohWc-LxZksIqTcPWw [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false [lfs] PATH = /data/git/lfs [openid] ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNUP = true [oauth2] ENABLE = true JWT_SECRET = HDi5Td6dRBC240L6ryMI4eMnowcwQVpfKrmIPNrEeAI [actions] ENABLED = true [migrations] ALLOW_SSH_MIGRATIONS = true ALLOWED_DOMAINS = * ALLOW_LOCALNETWORKS = true --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea namespace: jam-cloud-infra labels: app: gitea spec: replicas: 1 selector: matchLabels: app: gitea template: metadata: labels: app: gitea spec: containers: - name: gitea image: gitea/gitea:1.21.7 ports: - containerPort: 3000 name: http - containerPort: 22 name: ssh env: - name: GITEA_CUSTOM value: /etc/gitea volumeMounts: - name: data mountPath: /data - name: config mountPath: /etc/gitea/conf/ lifecycle: postStart: exec: command: ["/bin/sh", "-c", "sleep 5; /sbin/su-exec git gitea admin user create --admin --username seth --password changeme123 --email seth@jamkazam.com --must-change-password=false || true"] volumes: - name: data persistentVolumeClaim: claimName: gitea-data - name: config configMap: name: gitea-config --- apiVersion: v1 kind: Service metadata: name: gitea namespace: jam-cloud-infra spec: selector: app: gitea ports: - port: 80 targetPort: 3000 name: http - port: 22 targetPort: 22 name: ssh --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitea namespace: jam-cloud-infra annotations: cert-manager.io/cluster-issuer: letsencrypt-nginx-production nginx.ingress.kubernetes.io/proxy-body-size: "512m" spec: ingressClassName: nginx tls: - secretName: gitea-tls hosts: - git.staging.jamkazam.com - idp.staging.jamkazam.com - console.staging.jamkazam.com rules: - host: git.staging.jamkazam.com http: &gitea_path paths: - path: / pathType: Prefix backend: service: name: gitea port: number: 80 - host: idp.staging.jamkazam.com http: *gitea_path - host: console.staging.jamkazam.com http: *gitea_path