Migrate Gitea

gitea/README.md

@@ -0,0 +1,5 @@
+# Gitea
+
+```
+kubectl apply -n gitea -f application.yaml
+```

gitea/application.yaml

@@ -0,0 +1,207 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  dnsNames:
+    - git.k-space.ee
+  issuerRef:
+    kind: ClusterIssuer
+    name: default
+  secretName: git-tls
+---
+apiVersion: codemowers.io/v1alpha1
+kind: OIDCGWClient
+metadata:
+  name: gitea
+spec:
+  displayName: Gitea
+  uri: https://git.k-space.ee
+  redirectUris:
+    - https://git.k-space.ee/user/oauth2/OpenID/callback
+  allowedGroups:
+    - k-space:floor
+  grantTypes:
+    - authorization_code
+    - refresh_token
+  responseTypes:
+    - code
+  availableScopes:
+    - openid
+    - profile
+  pkce: false
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: gitea
+  labels:
+    app.kubernetes.io/name: gitea
+spec:
+  serviceName: gitea
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: gitea
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: gitea
+    spec:
+      containers:
+        - name: gitea
+          image: gitea/gitea:1.20.1
+          command:
+            - /bin/bash
+            - -c
+            - '/etc/s6/gitea/setup && /etc/s6/gitea/run'
+          env:
+            - name: GITEA_____APP_NAME
+              value: Gitea
+            - name: GITEA_____RUN_USER
+              value: git
+            - name: GITEA_____RUN_MODE
+              value: prod
+            - name: GITEA__SERVER__SSH_SERVER_HOST_KEYS
+              value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519
+            - name: GITEA__SERVER__START_SSH_SERVER
+              value: "true"
+            - name: GITEA__SERVER__CERT_FILE
+              value: "/cert/tls.crt"
+            - name: GITEA__SERVER__KEY_FILE
+              value: "/cert/tls.key"
+            - name: GITEA__SERVER__SSH_LISTEN_PORT
+              value: "2222"
+            - name: GITEA__U2F__APP_ID
+              value: https://git.k-space.ee
+            - name: GITEA__SERVER__PROTOCOL
+              value: https
+            - name: REDIRECT_OTHER_PORT
+              value: "true"
+            - name: PORT_TO_REDIRECT
+              value: "8080"
+            - name: GITEA__SERVER__DOMAIN
+              value: git.k-space.ee
+            - name: GITEA__SERVER__HTTP_ADDR
+              value: 0.0.0.0
+            - name: GITEA__SERVER__ROOT_URL
+              value: https://git.k-space.ee
+            - name: GITEA__SSH.MINIMUM_KEY_SIZES__DSA
+              value: "-1"
+            - name: GITEA__DATABASE__DB_TYPE
+              value: mysql
+            - name: GITEA__DATABASE__HOST
+              value: mariadb.infra.k-space.ee:3306
+            - name: GITEA__DATABASE__NAME
+              value: kspace_git
+            - name: GITEA__DATABASE__USER
+              value: kspace_git
+            - name: GITEA__DATABASE__SSL_MODE
+              value: disable
+            - name: GITEA__DATABASE__LOG_SQL
+              value: "false"
+            - name: GITEA__SECURITY__INSTALL_LOCK
+              value: "true"
+            - name: GITEA__SECURITY__SECRET_KEY
+              value: t2RrFCn4Q22MFPc
+            - name: GITEA__SECURITY__LOGIN_REMEMBER_DAYS
+              value: "30"
+            - name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM
+              value: "true"
+            - name: GITEA__SERVICE__DISABLE_REGISTRATION
+              value: "true"
+            - name: GITEA__SERVICE__ENABLE_NOTIFY_MAIL
+              value: "true"
+            - name: GITEA__MAILER__ENABLED
+              value: "true"
+            - name: GITEA__MAILER__HOST
+              value: mail.k-space.ee:465
+            - name: GITEA__MAILER__FROM
+              value: Gitea <git@k-space.ee>
+            - name: GITEA__MAILER__USER
+              value: git
+            - name: GITEA__MAILER__USE_PLAIN_TEXT
+              value: "false"
+            - name: GITEA__SESSION__PROVIDER
+              value: file
+            - name: GITEA__SESSION__COOKIE_SECURE
+              value: "true"
+            - name: GITEA__LOG__ENABLE_XORM_LOG
+              value: "false"
+            - name: GITEA__CRON__ENABLED
+              value: "true"
+            - name: GITEA__I18N__LANGS
+              value: en-US
+            - name: GITEA__I18N__NAMES
+              value: English
+            - name: GITEA__DATABASE__PASSWD
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secrets
+                  key: GITEA__DATABASE__PASSWD
+            - name: GITEA__MAILER__PASSWD
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secrets
+                  key: GITEA__MAILER__PASSWD
+            - name: GITEA__OAUTH2__JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secrets
+                  key: GITEA__OAUTH2__JWT_SECRET
+            - name: GITEA__SECURITY__INTERNAL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secrets
+                  key: GITEA__SECURITY__INTERNAL_TOKEN
+          ports:
+            - containerPort: 8080
+              name: http
+            - containerPort: 3000
+              name: https
+            - containerPort: 2222
+              name: ssh
+          volumeMounts:
+            - mountPath: /cert
+              name: cert
+            - mountPath: /data
+              name: data
+      volumes:
+        - name: cert
+          secret:
+            secretName: git-tls
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: gitea
+        resources:
+          requests:
+            storage: 10Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+  namespace: gitea
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: git.k-space.ee
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  selector:
+    app.kubernetes.io/name: gitea
+  ports:
+  - port: 22
+    name: ssh
+    targetPort: 2222
+  - port: 80
+    name: http
+    targetPort: 8080
+  - port: 443
+    name: https
+    targetPort: 3000

storage-class.yaml

@@ -66,3 +66,16 @@ parameters:
   dataLocality: best-effort
   numberOfReplicas: "1"
   fsType: "xfs"
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: gitea
+provisioner: driver.longhorn.io
+reclaimPolicy: Retain
+volumeBindingMode: Immediate
+allowVolumeExpansion: true
+parameters:
+  dataLocality: best-effort
+  numberOfReplicas: "3"
+  fsType: "xfs"