From 99ab70ed8eddc98532a6264395154a7ea00dfcdf Mon Sep 17 00:00:00 2001 From: Alvin Wang Date: Wed, 22 Apr 2026 16:51:54 -0700 Subject: [PATCH] Added gitea --- README.md | 1 + charts/gitea/Chart.yaml | 5 + .../gitea/templates/gitea-ingressroute.yaml | 32 ++++++ charts/gitea/templates/gitea.yaml | 102 ++++++++++++++++++ charts/gitea/templates/postgres.yaml | 59 ++++++++++ charts/gitea/values.yaml | 19 ++++ scripts/bootstrap.sh | 3 +- secrets/secrets.enc.yaml | 49 ++++++--- 8 files changed, 257 insertions(+), 13 deletions(-) create mode 100644 charts/gitea/Chart.yaml create mode 100644 charts/gitea/templates/gitea-ingressroute.yaml create mode 100644 charts/gitea/templates/gitea.yaml create mode 100644 charts/gitea/templates/postgres.yaml create mode 100644 charts/gitea/values.yaml diff --git a/README.md b/README.md index 5087e20..2b434ae 100755 --- a/README.md +++ b/README.md @@ -184,6 +184,7 @@ helm upgrade --install dashboards charts/dashboards -n apps helm upgrade --install paperless charts/paperless -n apps helm upgrade --install mealie charts/mealie -n apps helm upgrade --install utils charts/utils -n apps +helm upgrade --install gitea charts/gitea -n apps kubectl create namespace media helm upgrade --install media charts/media -n media diff --git a/charts/gitea/Chart.yaml b/charts/gitea/Chart.yaml new file mode 100644 index 0000000..7535483 --- /dev/null +++ b/charts/gitea/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: gitea +description: Gitea self-hosted Git service +version: 0.1.0 +type: application diff --git a/charts/gitea/templates/gitea-ingressroute.yaml b/charts/gitea/templates/gitea-ingressroute.yaml new file mode 100644 index 0000000..9c160a0 --- /dev/null +++ b/charts/gitea/templates/gitea-ingressroute.yaml @@ -0,0 +1,32 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: gitea + annotations: + kubernetes.io/ingress.class: traefik-internal +spec: + entryPoints: + - web + routes: + - match: Host(`gitea.{{ .Values.internalDomain }}`) + kind: Rule + services: + - name: gitea + port: 3000 +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: gitea-tls + annotations: + kubernetes.io/ingress.class: traefik-internal +spec: + entryPoints: + - websecure + routes: + - match: Host(`gitea.{{ .Values.internalDomain }}`) + kind: Rule + services: + - name: gitea + port: 3000 + tls: {} diff --git a/charts/gitea/templates/gitea.yaml b/charts/gitea/templates/gitea.yaml new file mode 100644 index 0000000..d93da2f --- /dev/null +++ b/charts/gitea/templates/gitea.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea + labels: + app: gitea +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + nodeSelector: + homelab/node-role: worker + containers: + - name: gitea + image: {{ .Values.image }} + ports: + - name: http + containerPort: 3000 + - name: ssh + containerPort: 2222 + resources: + limits: + memory: {{ .Values.resources.limits.memory }} + env: + - name: USER_UID + value: {{ .Values.puid | quote }} + - name: USER_GID + value: {{ .Values.pgid | quote }} + - name: GITEA__server__DOMAIN + value: gitea.{{ .Values.domain }} + - name: GITEA__server__ROOT_URL + value: https://gitea.{{ .Values.domain }} + - name: GITEA__server__SSH_PORT + value: "2222" + - name: GITEA__server__SSH_LISTEN_PORT + value: "2222" + - name: GITEA__database__DB_TYPE + value: postgres + - name: GITEA__database__HOST + value: gitea-postgres:5432 + - name: GITEA__database__NAME + value: {{ .Values.postgres.database }} + - name: GITEA__database__USER + value: {{ .Values.postgres.user }} + - name: GITEA__database__PASSWD + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: GITEA_DB_PASS + - name: GITEA__service__DISABLE_REGISTRATION + value: "true" + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + hostPath: + path: /dogstore/service-data/gitea + type: DirectoryOrCreate +--- +apiVersion: v1 +kind: Service +metadata: + name: gitea +spec: + selector: + app: gitea + ports: + - name: http + port: 3000 + targetPort: 3000 + - name: ssh + port: 2222 + targetPort: 2222 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls.certresolver: {{ .Values.certResolver }} +spec: + rules: + - host: gitea.{{ .Values.domain }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gitea + port: + number: 3000 diff --git a/charts/gitea/templates/postgres.yaml b/charts/gitea/templates/postgres.yaml new file mode 100644 index 0000000..c455633 --- /dev/null +++ b/charts/gitea/templates/postgres.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea-postgres + labels: + app: gitea-postgres +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: gitea-postgres + template: + metadata: + labels: + app: gitea-postgres + spec: + initContainers: + - name: fix-permissions + image: busybox + command: ["sh", "-c", "chown -R 999:999 /data"] + volumeMounts: + - name: data + mountPath: /data + containers: + - name: postgres + image: {{ .Values.postgres.image }} + ports: + - containerPort: 5432 + env: + - name: POSTGRES_DB + value: {{ .Values.postgres.database }} + - name: POSTGRES_USER + value: {{ .Values.postgres.user }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: GITEA_DB_PASS + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data + volumes: + - name: data + hostPath: + path: /dogstore/service-data/gitea/pgdata + type: DirectoryOrCreate +--- +apiVersion: v1 +kind: Service +metadata: + name: gitea-postgres +spec: + selector: + app: gitea-postgres + ports: + - port: 5432 + targetPort: 5432 diff --git a/charts/gitea/values.yaml b/charts/gitea/values.yaml new file mode 100644 index 0000000..3188914 --- /dev/null +++ b/charts/gitea/values.yaml @@ -0,0 +1,19 @@ +domain: ratboo.me +internalDomain: dog +certResolver: myresolver +tz: America/Los_Angeles +puid: "1000" +pgid: "1000" + +image: gitea/gitea:1.23 + +secretName: gitea-secrets + +resources: + limits: + memory: 512Mi + +postgres: + image: docker.io/library/postgres:17 + database: gitea + user: gitea diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 363ce48..a40b762 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -108,7 +108,7 @@ cmd_deploy() { local charts_dir charts_dir="$(cd "$(dirname "$0")/.." && pwd)/charts" - local -a chart_order=(traefik-config media paperless mealie dashboards utils headlamp) + local -a chart_order=(traefik-config media paperless mealie dashboards utils headlamp gitea) local -A chart_ns=( [traefik-config]=kube-system [media]=media @@ -117,6 +117,7 @@ cmd_deploy() { [dashboards]=apps [utils]=apps [headlamp]=apps + [gitea]=apps ) for chart in "${chart_order[@]}"; do diff --git a/secrets/secrets.enc.yaml b/secrets/secrets.enc.yaml index afc2864..fdc93a2 100755 --- a/secrets/secrets.enc.yaml +++ b/secrets/secrets.enc.yaml @@ -25,8 +25,8 @@ sops: eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5 oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-20T16:15:57Z" - mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str] + lastmodified: "2026-04-22T23:40:49Z" + mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2 --- @@ -52,8 +52,8 @@ sops: eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5 oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-20T16:15:57Z" - mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str] + lastmodified: "2026-04-22T23:40:49Z" + mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2 --- @@ -77,8 +77,8 @@ sops: eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5 oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-20T16:15:57Z" - mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str] + lastmodified: "2026-04-22T23:40:49Z" + mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2 --- @@ -102,8 +102,8 @@ sops: eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5 oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-20T16:15:57Z" - mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str] + lastmodified: "2026-04-22T23:40:49Z" + mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2 --- @@ -127,8 +127,8 @@ sops: eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5 oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-20T16:15:57Z" - mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str] + lastmodified: "2026-04-22T23:40:49Z" + mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2 --- @@ -152,7 +152,32 @@ sops: eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5 oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-20T16:15:57Z" - mac: ENC[AES256_GCM,data:QjexLkuBkJxXbWBTPUowSXGb8y3Zd22CtibFoYr/efLBYFI34KZS7mqtUx0bTlwLPRFbBUPaqlAfc7xvlRjRqIUpkfBvef0q3DVvJ8IiRVdSVR82lFGFpgJ/oDjQC9PSuEVFX1WvfpuOofwSTfV3ywvkVSlWzSJW66NNsKpl1MI=,iv:rxyUuOwTlT/fYkCX1WuZ1UJYUvCzEfXnrXQrwdDhYtA=,tag:50srDy5k4T+4zUdyI14xtg==,type:str] + lastmodified: "2026-04-22T23:40:49Z" + mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.12.2 +--- +#ENC[AES256_GCM,data:nMA2+3xncC8MS36NjOh8hFQazy+v/nGIFIqSbnSFd/YtVOUsAPW46GMZrz6x0rrw4aCM5+E0j/nj9qhgNh3br2krltR5Owl0eNwn+xR36C5aPNgHdwtkVRtHPnv+j+d3nGKbgEvrvCpT83PDEdb2clt2ajrxffrrE3pGu2HDB4T2ogidDXFsl6i8bMxo/1zDYUoGS587aH93USGZ+s5BmHOlRVAg3W+Xg5FqepggiwJzSfvguIQtpH65JDmcuEjiwFvTbB3+WqHhWSJ5NQ==,iv:5Try5OdOks3JKpQ6A1wAS4wfwBcoBnqJAJGJ0pmdjZw=,tag:3/n5Uxf+zBLed0KhT4YvMg==,type:comment] +apiVersion: ENC[AES256_GCM,data:F6o=,iv:8McPTAtRKlG0wpF1DUXRrhkzNuoD97Vu4OFyI8Opy28=,tag:DgEjMs6yXKFEv6Uu8A8WDg==,type:str] +kind: ENC[AES256_GCM,data:eVSn4ODQ,iv:iDOb7kRnWbW1CYKILAZwbtlhbAqwi/I+YXFbHsmz2KI=,tag:dcWY/PdP2eMRv1HxmfyHoQ==,type:str] +metadata: + name: ENC[AES256_GCM,data:NXxSRxqzrL1BsWku/g==,iv:xCfwy3bNxd0wDyVEyWa6bgdcxZDIws+fdHPqUCNzMAs=,tag:xoFYlZ63vs8qdIC1XjObFw==,type:str] + namespace: ENC[AES256_GCM,data:O6kz8Q==,iv:ZMv7m+YLaIChgNTM4Riopt2VUNg5HwUwdLR6bRA1Nf0=,tag:undk4ODEabPJbQKoa1He7A==,type:str] +type: ENC[AES256_GCM,data:YMUJyMI2,iv:o++4jFOch8C8g5iKCzot/AcHnERRO/Yqn/uHuCAIFEI=,tag:ReJgAAajctyGo7xYr2Yc8w==,type:str] +stringData: + GITEA_DB_PASS: ENC[AES256_GCM,data:NcCI1tJCZEGLzE/Gj39zUPUVUWG65kWz7+/vk24TxgM=,iv:oXMBDmaPOoZiw9B9PKjCyRdON0jJaA0l6MBLrpEtdmU=,tag:1HzvvmvSOgkcWcl+Uy+dOQ==,type:str] +sops: + age: + - recipient: age12gv2cu66v80khwse5jgwcaukf3juvufkm2kw507gfnvecdpwt3hsjra7te + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWFcrTlYrOW1Tb0xGUmVS + Q3VPb3VPMS9hRWQ4aDQzRGtFTXp4SU90YWlrCng5NkN3TUFEUGIrWkRCK1NMeVND + Z2RwV0JKVnRTMWUvWlpDRzhBQWtsNVkKLS0tIHZ2NkZaVTJSaE1vTjVVMXhzTmYz + eGZTZ0VSUElFZVpqWlVISjNYdnA4UFUK/uOyj7CKU0XLHHdPNKByO2c56JWQfhk5 + oauimeYrkNE+06dhXgVcJiQH+HcB33tB9u3YS9LxFYs3R98zKAHG6g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-04-22T23:40:49Z" + mac: ENC[AES256_GCM,data:WJrfgMP6ioP/GU65sv6tWIjYe//TgAwUDowG1mOqm5UlJ1LT31vs7vmmm+1tYO+jpjCoQlVM0S2e1z+CgrqSMye4+x3VhRTiQKW8DQAN7x8ILoDB+RVcmq8wlqMsubdUtBHray43YtGdeDj4f+Rr4FC84uf9Qgl4ywkiq5CKnc0=,iv:hkQ+QRw1VBbNzJEWx/pdbq7eZ5TrYie0xofzXWIgZDw=,tag:xcnSUQtiF407DHTG5NCALA==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2