diff --git a/gitea/README.md b/gitea/README.md new file mode 100644 index 0000000..a087116 --- /dev/null +++ b/gitea/README.md @@ -0,0 +1,5 @@ +# Gitea + +``` +kubectl apply -n gitea -f application.yaml +``` diff --git a/gitea/application.yaml b/gitea/application.yaml new file mode 100644 index 0000000..d8d30a5 --- /dev/null +++ b/gitea/application.yaml @@ -0,0 +1,207 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: gitea + namespace: gitea +spec: + dnsNames: + - git.k-space.ee + issuerRef: + kind: ClusterIssuer + name: default + secretName: git-tls +--- +apiVersion: codemowers.io/v1alpha1 +kind: OIDCGWClient +metadata: + name: gitea +spec: + displayName: Gitea + uri: https://git.k-space.ee + redirectUris: + - https://git.k-space.ee/user/oauth2/OpenID/callback + allowedGroups: + - k-space:floor + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + availableScopes: + - openid + - profile + pkce: false +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: gitea + labels: + app.kubernetes.io/name: gitea +spec: + serviceName: gitea + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gitea + template: + metadata: + labels: + app.kubernetes.io/name: gitea + spec: + containers: + - name: gitea + image: gitea/gitea:1.20.1 + command: + - /bin/bash + - -c + - '/etc/s6/gitea/setup && /etc/s6/gitea/run' + env: + - name: GITEA_____APP_NAME + value: Gitea + - name: GITEA_____RUN_USER + value: git + - name: GITEA_____RUN_MODE + value: prod + - name: GITEA__SERVER__SSH_SERVER_HOST_KEYS + value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519 + - name: GITEA__SERVER__START_SSH_SERVER + value: "true" + - name: GITEA__SERVER__CERT_FILE + value: "/cert/tls.crt" + - name: GITEA__SERVER__KEY_FILE + value: "/cert/tls.key" + - name: GITEA__SERVER__SSH_LISTEN_PORT + value: "2222" + - name: GITEA__U2F__APP_ID + value: https://git.k-space.ee + - name: GITEA__SERVER__PROTOCOL + value: https + - name: REDIRECT_OTHER_PORT + value: "true" + - name: PORT_TO_REDIRECT + value: "8080" + - name: GITEA__SERVER__DOMAIN + value: git.k-space.ee + - name: GITEA__SERVER__HTTP_ADDR + value: 0.0.0.0 + - name: GITEA__SERVER__ROOT_URL + value: https://git.k-space.ee + - name: GITEA__SSH.MINIMUM_KEY_SIZES__DSA + value: "-1" + - name: GITEA__DATABASE__DB_TYPE + value: mysql + - name: GITEA__DATABASE__HOST + value: mariadb.infra.k-space.ee:3306 + - name: GITEA__DATABASE__NAME + value: kspace_git + - name: GITEA__DATABASE__USER + value: kspace_git + - name: GITEA__DATABASE__SSL_MODE + value: disable + - name: GITEA__DATABASE__LOG_SQL + value: "false" + - name: GITEA__SECURITY__INSTALL_LOCK + value: "true" + - name: GITEA__SECURITY__SECRET_KEY + value: t2RrFCn4Q22MFPc + - name: GITEA__SECURITY__LOGIN_REMEMBER_DAYS + value: "30" + - name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM + value: "true" + - name: GITEA__SERVICE__DISABLE_REGISTRATION + value: "true" + - name: GITEA__SERVICE__ENABLE_NOTIFY_MAIL + value: "true" + - name: GITEA__MAILER__ENABLED + value: "true" + - name: GITEA__MAILER__HOST + value: mail.k-space.ee:465 + - name: GITEA__MAILER__FROM + value: Gitea + - name: GITEA__MAILER__USER + value: git + - name: GITEA__MAILER__USE_PLAIN_TEXT + value: "false" + - name: GITEA__SESSION__PROVIDER + value: file + - name: GITEA__SESSION__COOKIE_SECURE + value: "true" + - name: GITEA__LOG__ENABLE_XORM_LOG + value: "false" + - name: GITEA__CRON__ENABLED + value: "true" + - name: GITEA__I18N__LANGS + value: en-US + - name: GITEA__I18N__NAMES + value: English + - name: GITEA__DATABASE__PASSWD + valueFrom: + secretKeyRef: + name: gitea-secrets + key: GITEA__DATABASE__PASSWD + - name: GITEA__MAILER__PASSWD + valueFrom: + secretKeyRef: + name: gitea-secrets + key: GITEA__MAILER__PASSWD + - name: GITEA__OAUTH2__JWT_SECRET + valueFrom: + secretKeyRef: + name: gitea-secrets + key: GITEA__OAUTH2__JWT_SECRET + - name: GITEA__SECURITY__INTERNAL_TOKEN + valueFrom: + secretKeyRef: + name: gitea-secrets + key: GITEA__SECURITY__INTERNAL_TOKEN + ports: + - containerPort: 8080 + name: http + - containerPort: 3000 + name: https + - containerPort: 2222 + name: ssh + volumeMounts: + - mountPath: /cert + name: cert + - mountPath: /data + name: data + volumes: + - name: cert + secret: + secretName: git-tls + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: gitea + resources: + requests: + storage: 10Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: gitea + namespace: gitea + annotations: + external-dns.alpha.kubernetes.io/hostname: git.k-space.ee +spec: + type: LoadBalancer + externalTrafficPolicy: Local + selector: + app.kubernetes.io/name: gitea + ports: + - port: 22 + name: ssh + targetPort: 2222 + - port: 80 + name: http + targetPort: 8080 + - port: 443 + name: https + targetPort: 3000 diff --git a/storage-class.yaml b/storage-class.yaml index 969826b..b94eb80 100644 --- a/storage-class.yaml +++ b/storage-class.yaml @@ -66,3 +66,16 @@ parameters: dataLocality: best-effort numberOfReplicas: "1" fsType: "xfs" +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: gitea +provisioner: driver.longhorn.io +reclaimPolicy: Retain +volumeBindingMode: Immediate +allowVolumeExpansion: true +parameters: + dataLocality: best-effort + numberOfReplicas: "3" + fsType: "xfs"