k8s/gitea-k8s
k8s
/
gitea-k8s
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags 24 KiB
Go to file
Arnaud Delcasse 5295ef0e3a Initial commit 2021-11-23 08:44:40 +01:00
example-overlay Initial commit 2021-11-23 08:44:40 +01:00
README.md Initial commit 2021-11-23 08:44:40 +01:00
deployment.yaml Initial commit 2021-11-23 08:44:40 +01:00
kustomization.yaml Initial commit 2021-11-23 08:44:40 +01:00
service.yaml Initial commit 2021-11-23 08:44:40 +01:00

README.md

coopgo/gitea-k8s

Gitea configuration files for Kubernetes using Kustomize.

Made by COOPGO

Assumptions

  • This is a Kustomize base. Do not apply it on your cluster as is but use overlays instead. See Off The Shelf Application in Kustomize documentation.
  • We didn't want to rely on hacking an ingress controller to redirect port 22 (SSH), or have different domains for HTTPS and SSH. That's why this we directly depend on a loadbalancer service (your K8S cluster will need to support that) handling HTTP/HTTPS/SSH. HTTP and HTTPS requests are sent to a caddy reverse proxy in the same pod as Gitea
  • We only deploy 1 replica, that's why we use a Deployment instead of StatefulSet. This might maybe be improved. Feel free to contribute.
  • We wanted to store as much as possible (everything configurable like this in Gitea : repo archives, lfs, avatars, etc...) in object storage using the minio storage setting (in our case we use our cloud provider's one). Choices were made regarding this requirements even if you can have a different configuration in your overlay.
  • We use Bitnami Sealed Secrets for GitOps purpose and choices were made to make this simple with this base.

How to use it ?

You have an example configuration in the example-overlay folder.

You have to change the configuration values in gitea-config.yaml according to your needs. You might want to refer to Gitea documentation for that part.

In our case, we use Bitnami Sealed Secrets. The gitea-config.yaml should nor be pushed to a Git repository with credentials (secret keys, ...). Instead, we use Bitnami Sealed Secrets and store an encrypted sealed-gitea-config.yaml file. Take a look at https://github.com/bitnami-labs/sealed-secrets to know how to install it on your cluster, then run :

cat gitea-config.yaml | kubeseal     --controller-namespace kube-system     --controller-name sealed-secrets-controller     --format yaml     > sealed-gitea-config.yaml

And remove gitea-config.yaml or stire it in another location not shared publicly or with others.

To apply your changes (from within the overlay folder) :

kubectl apply -k .