gitea: Add Gitea
This commit is contained in:
parent
d04aa12c4a
commit
aa426717e6
|
|
@ -0,0 +1,28 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-admin-secret
|
||||
namespace: gitea
|
||||
stringData:
|
||||
username: ENC[AES256_GCM,data:3i59iz9U,iv:m4dkqidSA6zIQcCcsutPHaAnEyU81zEyjkKanwX2hbA=,tag:Smx08HGp8xQvY3cPZtw3eg==,type:str]
|
||||
password: ENC[AES256_GCM,data:ByuQHlvQ+EDqX+MKb5HlEum7Hlw=,iv:IwD25SMziMFHo5DxoBrt6O1f+9UtP7MqRqoTskoESJE=,tag:AeHmmeWi5SUGbAeaf5LmUA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXNFQyNXViaEZkNk1SeWY5
|
||||
Yk5mTyttWmpVUjQ5WlV6Y0dXTTU3KzJ0d0ZFCjZMM1FGTTJlWmhCa3puNHNVZHRu
|
||||
S2RtYzR5eUtPa2RNZkI0TmZlR1E5eHcKLS0tIHlpZmMwZDMvL0hsbWhXdnpoS0t3
|
||||
eDRhMGZlZ0hZSkhwdHVYci9DV3FxQVkKAnD9tzGFWwvl6W3JhLF5vRjZ8RCN4EcH
|
||||
GHUGCqJnnJzHO/MWaUQm+J/D9NQLusU74UjK/VWQ0qusia57w5raDQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-28T21:32:07Z"
|
||||
mac: ENC[AES256_GCM,data:wEIvCSQWvOuEX09mVWgoULlbWD3DXS0+QkH5+SMNA3zm+srgni55H8LHpR2X1c5YWYMbqbwyy8oOL48+oqvTbfhsEeu8QMCd04ZwPxnVcGxrkG9XV7gx3HBNRCLZmDdtINs2i/wRJEyIypKXuTCSV26okHUQXdLvBuAH2zFuNVQ=,iv:m5OFflAhDz/mmFjw5AxM1/VQr5qIuFDn0M24tQh6RQA=,tag:PScMxHtfANIHiB0//mYpuA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||
version: 3.8.1
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: gitea-web-ingress
|
||||
namespace: gitea
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`git.namesny.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: gitea-http
|
||||
port: 3000
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: gitea
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- ingress.yaml
|
||||
- runner-pvc.yaml
|
||||
- runner-deployment.yaml
|
||||
|
||||
generators:
|
||||
- secret-generator.yaml
|
||||
|
||||
helmCharts:
|
||||
- name: gitea
|
||||
releaseName: gitea
|
||||
version: 9.6.0
|
||||
repo: https://dl.gitea.io/charts/
|
||||
namespace: gitea
|
||||
valuesMerge: merge
|
||||
valuesFile: values.yaml
|
||||
- name: renovate
|
||||
releaseName: renovate
|
||||
version: 37.68.3
|
||||
repo: https://docs.renovatebot.com/helm-charts
|
||||
namespace: gitea
|
||||
valuesFile: renovate-bot-values.yaml
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: gitea
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: renovate-bot-secret
|
||||
namespace: gitea
|
||||
stringData:
|
||||
RENOVATE_AUTODISCOVER: ENC[AES256_GCM,data:20/nNkA=,iv:o6OgPwx03/U7kHbO4WBh1HVLAdr8HBsWWGRlrIx3ZvE=,tag:7BpQuJpwI20Jqlf0zrVqBA==,type:str]
|
||||
RENOVATE_ENDPOINT: ENC[AES256_GCM,data:PfAFF87I1COu9aGUf8uxPbzaUeyYvFpHmlK5DuP6,iv:JUgHIzaTSjCGpGucftT9AzFB7Gclwau8y9o2cbEJ2XU=,tag:52QvbgdaJRVTB5ARW0gn2Q==,type:str]
|
||||
RENOVATE_GIT_AUTHOR: ENC[AES256_GCM,data:5tCkXdiheQkI293yf7Fh0Tb1kvWtDXHTIikP21IJQgFUyw==,iv:L1x3FDp6m/oJRq4Gcp3lusUF8Fufx+wWUVUQeYerDGk=,tag:h2XSao9P/wDHTpPRhEzVuQ==,type:str]
|
||||
RENOVATE_PLATFORM: ENC[AES256_GCM,data:5bRuvgQ=,iv:m2RtjwWANMCNjXaEmzZc8QZKff5oxy+cVazmM0Qs6bE=,tag:Zp+2HLlEJgSZB0U2xRS2uw==,type:str]
|
||||
RENOVATE_TOKEN: ENC[AES256_GCM,data:lPV9X8pZsSHzb7xFLuQ0Ixg5EaBgsuEmCFvXSkmxImUnImAKWINjBw==,iv:/hkxQNNqLcH/pbYs/Mn4P9FW1/DOIOKAUEjZNutoZok=,tag:Pd/NCxYZRJVaUiWT9FaMcA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0NWRIZnROK3dkY0xMa1ha
|
||||
cXBINWpXU000YXQ5QW0zMjllRnlzOEJoRlVZClhCUWhqK0M4bTVqNjBFR05LU1NP
|
||||
ejJaaHJSc003Q0V6UlpzWFdCTnd5RVEKLS0tIDllcVhFUE51Z1VsOGVJZ216TVdE
|
||||
eVhjc2VlOVROOC9oakF3K29nODdEM0EKZkIo+FdHZAyQ9ogoK9994B0q5lkWWXOw
|
||||
EgXamhJ800zjy9zFeO6bxPMsgPze1iNshhlV7HjT8uh+qs5laCqatg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-28T21:31:06Z"
|
||||
mac: ENC[AES256_GCM,data:O/Vw1S40Dz0g6Fo9K87iCIFh3TSNW4/f+mWNnbjPpjehj1+JbOovpchjizI1c+OZ++/rqlow8Ib/yesMDdPd16ErkyHgINMBtLuqfUYJ1WSwg52Rp5zfZP7eSXHTeqcGuuASIfzEcclZ/5QIPeiSOJG5iSAl/MDeNte6/YwEqQo=,iv:lieOLB5tOP4XagOr+cRWQZQC00EHz9UUcx7e2uwUjpU=,tag:JJ4YgTKMCZtujAJfi+TcxA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||
version: 3.8.1
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
renovate:
|
||||
config : |
|
||||
{
|
||||
"repositories": ["Cluster/k3s-configs"]
|
||||
}
|
||||
persistence:
|
||||
cache:
|
||||
enabled: true
|
||||
storageClass: retain-local-path
|
||||
existingSecret: renovate-bot-secret
|
||||
apiVersionOverrides:
|
||||
cronjob: 'batch/v1'
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: act-runner
|
||||
name: act-runner
|
||||
namespace: gitea
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: act-runner
|
||||
strategy: {}
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: act-runner
|
||||
spec:
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: runner-data
|
||||
persistentVolumeClaim:
|
||||
claimName: act-runner-vol
|
||||
securityContext:
|
||||
fsGroup: 1001
|
||||
containers:
|
||||
- name: runner
|
||||
image: gitea/act_runner:nightly-dind-rootless
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: unix:///var/run/user/1000/docker.sock
|
||||
- name: GITEA_INSTANCE_URL
|
||||
value: http://gitea-http.gitea.svc.cluster.local:3000
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: runner-secret
|
||||
key: token
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: act-runner-vol
|
||||
namespace: gitea
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: retain-local-path
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: runner-secret
|
||||
namespace: gitea
|
||||
stringData:
|
||||
token: ENC[AES256_GCM,data:L4knV26n07ITqEAiiCtI+bMDyDV5XbbxwCyimir1F9KIpveWuE8MwA==,iv:H+qTTGqo3MALmJ583kqQyXGCeVxBzoh8c9+CqLEUzZI=,tag:WzQcxgtmSuVyNet9J2qTHg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrODNya2FReElkL1dwa01p
|
||||
OXZvWURJY0YwOGkzb1l5bGhZVGVSRmRvOUR3Cm0zdWVHMk9LbG1wc0pqSnZvM0Ft
|
||||
dlVMYzljUHB5TmZFREVoWjJZSmhIMG8KLS0tIHl3SVc1Ky9aei9sS0UzRTQ0Qklp
|
||||
dVBWa3BPK1pBaUxKRnB1REVkM2NuaDAKFL93pbjyy2kDGgZTDlC+/7azF7rggUXY
|
||||
Vf3oSu6u+i/AEPJzmi7iX1FBM+Tag9A3Q5zIfo/8L9XI+uqpX4HcUg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-28T21:32:44Z"
|
||||
mac: ENC[AES256_GCM,data:PeEdV0W+anjtndAxAQSEa/4TFHaawKTbBqJbFoHPPsd60+q5XHXdxokTk1szENrdDC3f0cZ6xAdCIW5oyaGUICd1hrOVGyhMN84SbP/KP+P9lkFICD1AXNhVXHa0U6G9UdvP5gFVhDV2k1LdRNkjmHkpn6hpUijlZc7+LIfXiKI=,iv:yS5af3UBRlNMdqmvSfimDFRTw5LevPo3iA9b4SNKisM=,tag:xD4h8kABvH1xZqOMTn15fQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||
version: 3.8.1
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: gitea-secret-generator
|
||||
annotations:
|
||||
config.kubernetes.io/function: |
|
||||
exec:
|
||||
path: ksops
|
||||
files:
|
||||
- ./gitea-admin-secret.enc.yaml
|
||||
- ./renovate-bot-secret.enc.yaml
|
||||
- ./runner-secret.enc.yaml
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
redis-cluster:
|
||||
enabled: false
|
||||
postgresql-ha:
|
||||
enabled: false
|
||||
postgresql:
|
||||
enabled: true
|
||||
primary:
|
||||
persistence:
|
||||
storageClass: retain-local-path
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: retain-local-path
|
||||
|
||||
image:
|
||||
rootless: true
|
||||
|
||||
gitea:
|
||||
admin:
|
||||
existingSecret: gitea-admin-secret
|
||||
email: "matus@namesny.com"
|
||||
config:
|
||||
actions:
|
||||
ENABLED: true
|
||||
federation:
|
||||
ENABLED: true
|
||||
database:
|
||||
DB_TYPE: postgres
|
||||
session:
|
||||
PROVIDER: db
|
||||
cache:
|
||||
ADAPTER: memory
|
||||
queue:
|
||||
TYPE: level
|
||||
server:
|
||||
BUILTIN_SSH_SERVER_USER: git
|
||||
ROOT_URL: https://git.namesny.com
|
||||
DOMAIN: git.namesny.com
|
||||
SSH_CREATE_AUTHORIZED_KEYS_FILE: false
|
||||
LANDING_PAGE: explore
|
||||
service:
|
||||
REGISTER_MANUAL_CONFIRM: true
|
||||
indexer:
|
||||
ISSUE_INDEXER_TYPE: bleve
|
||||
REPO_INDEXER_ENABLED: true
|
||||
|
||||
service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
clusterIP:
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
port: 22
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 1001
|
||||
|
||||
containerSecurityContext:
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
|
||||
test:
|
||||
enabled: false
|
||||
Loading…
Reference in New Issue