--- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: gitea namespace: gitea spec: dnsNames: - git.k-space.ee issuerRef: kind: ClusterIssuer name: default secretName: git-tls --- apiVersion: codemowers.io/v1alpha1 kind: OIDCGWClient metadata: name: gitea spec: displayName: Gitea uri: https://git.k-space.ee/user/oauth2/OpenID redirectUris: - https://git.k-space.ee/user/oauth2/OpenID/callback allowedGroups: - k-space:floor grantTypes: - authorization_code - refresh_token responseTypes: - code availableScopes: - openid - profile pkce: false --- apiVersion: apps/v1 kind: StatefulSet metadata: name: gitea labels: app.kubernetes.io/name: gitea spec: serviceName: gitea replicas: 1 selector: matchLabels: app.kubernetes.io/name: gitea template: metadata: labels: app.kubernetes.io/name: gitea spec: enableServiceLinks: false containers: - name: gitea image: gitea/gitea:1.20.1 env: - name: GITEA__SERVER__SSH_SERVER_HOST_KEYS value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519 - name: GITEA__SERVER__START_SSH_SERVER value: "true" - name: GITEA__SERVER__CERT_FILE value: "/cert/tls.crt" - name: GITEA__SERVER__KEY_FILE value: "/cert/tls.key" - name: GITEA__SERVER__SSH_LISTEN_PORT value: "2222" - name: GITEA__SERVER__PROTOCOL value: https - name: GITEA__REDIRECT_OTHER_PORT value: "true" - name: GITEA__PORT_TO_REDIRECT value: "8080" - name: GITEA__SERVER__DOMAIN value: git.k-space.ee - name: GITEA__SERVER__HTTP_ADDR value: 0.0.0.0 - name: GITEA__SERVER__ROOT_URL value: https://git.k-space.ee - name: GITEA__SSH.MINIMUM_KEY_SIZES__DSA value: "-1" - name: GITEA__DATABASE__DB_TYPE value: mysql - name: GITEA__DATABASE__HOST value: mariadb.infra.k-space.ee:3306 - name: GITEA__DATABASE__NAME value: kspace_git - name: GITEA__DATABASE__USER value: kspace_git - name: GITEA__DATABASE__SSL_MODE value: disable - name: GITEA__DATABASE__LOG_SQL value: "false" - name: GITEA__SECURITY__INSTALL_LOCK value: "true" - name: GITEA__SECURITY__SECRET_KEY value: t2RrFCn4Q22MFPc - name: GITEA__SECURITY__LOGIN_REMEMBER_DAYS value: "30" - name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM value: "true" - name: GITEA__SERVICE__DISABLE_REGISTRATION value: "true" - name: GITEA__SERVICE__ENABLE_NOTIFY_MAIL value: "true" - name: GITEA__MAILER__ENABLED value: "true" - name: GITEA__MAILER__HOST value: mail.k-space.ee:465 - name: GITEA__MAILER__FROM value: Gitea - name: GITEA__MAILER__USER value: git - name: GITEA__MAILER__USE_PLAIN_TEXT value: "false" - name: GITEA__SESSION__PROVIDER value: file - name: GITEA__SESSION__COOKIE_SECURE value: "true" - name: GITEA__LOG__ENABLE_XORM_LOG value: "false" - name: GITEA__CRON__ENABLED value: "true" - name: GITEA__I18N__LANGS value: en-US - name: GITEA__I18N__NAMES value: English - name: GITEA__DATABASE__PASSWD valueFrom: secretKeyRef: name: gitea-secrets key: GITEA__DATABASE__PASSWD - name: GITEA__MAILER__PASSWD valueFrom: secretKeyRef: name: gitea-secrets key: GITEA__MAILER__PASSWD - name: GITEA__OAUTH2__JWT_SECRET valueFrom: secretKeyRef: name: gitea-secrets key: GITEA__OAUTH2__JWT_SECRET - name: GITEA__SECURITY__INTERNAL_TOKEN valueFrom: secretKeyRef: name: gitea-secrets key: GITEA__SECURITY__INTERNAL_TOKEN ports: - containerPort: 8080 name: http - containerPort: 3000 name: https - containerPort: 2222 name: ssh volumeMounts: - mountPath: /cert name: cert - mountPath: /data name: data volumes: - name: cert secret: secretName: git-tls volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce storageClassName: gitea resources: requests: storage: 10Gi --- apiVersion: v1 kind: Service metadata: name: gitea namespace: gitea annotations: external-dns.alpha.kubernetes.io/hostname: git.k-space.ee spec: type: LoadBalancer externalTrafficPolicy: Local selector: app.kubernetes.io/name: gitea ports: - port: 22 name: ssh targetPort: 2222 - port: 80 name: http targetPort: 8080 - port: 443 name: https targetPort: 3000 sessionAffinity: ClientIP publishNotReadyAddresses: true