Initial commit

example-overlay/deployment-patch.yaml

@@ -0,0 +1,7 @@
+
+- op: add 
+  path: /spec/template/spec/containers/1/command/-
+  value: "-from"
+- op: add 
+  path: /spec/template/spec/containers/1/command/-
+  value: "your.domain.com"

example-overlay/gitea-config.yaml

@@ -0,0 +1,110 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-config
+  labels:
+    app: gitea
+type: Opaque
+stringData:
+  app.ini: |-
+    APP_NAME = Gitea: Git with a cup of tea
+    RUN_USER = git
+    RUN_MODE = ; prod
+
+    [server]
+    PROTOCOL = http
+    DOMAIN = git.example.com
+    ROOT_URL = https://git.example.com
+    HTTP_ADDR = 0.0.0.0
+    HTTP_PORT = 3000
+    ;; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
+    ;; In most cases you do not need to change the default value.
+    ;; Alter it only if your SSH server node is not the same as HTTP node.
+    ;; Do not set this variable if PROTOCOL is set to 'unix'.
+    ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
+    ;DISABLE_SSH = false
+    START_SSH_SERVER = true
+    SSH_PORT = 2222
+    SSH_LISTEN_PORT = %(SSH_PORT)s
+    SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
+    APP_DATA_PATH = /data/gitea
+    LFS_JWT_SECRET = 
+
+    [database]
+    DB_TYPE = postgres
+    HOST = postgres.yourserver.com ; can use socket e.g. /var/run/postgresql/
+    NAME = gitea
+    USER = gitea
+    PASSWD = 
+    ;SCHEMA =
+    SSL_MODE=require ;either "disable" (default), "require", or "verify-full"
+    
+    [security]
+    INSTALL_LOCK = true
+    SECRET_KEY = 
+    INTERNAL_TOKEN=
+    
+    [oauth2]
+    ENABLE = true
+    JWT_SECRET = 
+
+    [U2F]
+    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+    ;;
+    ;; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
+    ;; Two Factor authentication with security keys
+    ;; https://developers.yubico.com/U2F/App_ID.html
+    APP_ID = ; e.g. http://localhost:3000/
+    ;; Comma separated list of trusted facets
+    TRUSTED_FACETS = ; e.g. http://localhost:3000/
+
+    [log]
+    MODE = console
+    ;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+    LEVEL = Info
+    ROUTER = console
+    [git]
+    ;; The path of git executable. If empty, Gitea searches through the PATH environment.
+    PATH =
+
+    [attachment]
+    ENABLED = true
+    ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
+    MAX_SIZE = 30
+    MAX_FILES = 5
+    STORAGE_TYPE = minio
+    MINIO_ENDPOINT = s3.fr-par.scw.cloud
+    MINIO_ACCESS_KEY_ID = 
+    MINIO_SECRET_ACCESS_KEY = 
+    MINIO_BUCKET = 
+    MINIO_LOCATION = 
+    MINIO_BASE_PATH = attachments/
+    MINIO_USE_SSL = true
+
+    [storage]
+    STORAGE_TYPE = minio
+    MINIO_ENDPOINT = s3.fr-par.scw.cloud
+    MINIO_ACCESS_KEY_ID = 
+    MINIO_SECRET_ACCESS_KEY = 
+    MINIO_BUCKET = 
+    MINIO_LOCATION = 
+    MINIO_USE_SSL = true
+
+    [storage.repo-archive]
+    STORAGE_TYPE = minio
+    MINIO_ENDPOINT = s3.fr-par.scw.cloud
+    MINIO_ACCESS_KEY_ID = 
+    MINIO_SECRET_ACCESS_KEY = 
+    MINIO_BUCKET = 
+    MINIO_LOCATION = 
+    MINIO_USE_SSL = true
+
+    [storage.minio]
+    STORAGE_TYPE = minio
+    MINIO_ENDPOINT = s3.fr-par.scw.cloud
+    MINIO_ACCESS_KEY_ID = 
+    MINIO_SECRET_ACCESS_KEY = 
+    MINIO_BUCKET = 
+    MINIO_LOCATION = 
+    MINIO_USE_SSL = true

example-overlay/kustomization.yaml

@@ -0,0 +1,34 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: gitea
+
+bases:
+- https://github.com/coopgo/gitea-k8s
+
+# Use Bitnami Sealed Secrets https://github.com/bitnami-labs/sealed-secrets instead of a real secret (or create it with Kustomize's generateSecret https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kustomize/)
+resources:
+- sealed-gitea-config.yaml
+
+# If you want to override other files for templates for example
+#
+# configMapGenerator: 
+#   - name: public-files-configmap
+#     files: 
+#       - public/img/logo.svg 
+#   - name: templates-files-configmap
+#     files: 
+#       - templates/home.tmpl 
+
+patchesJson6902:
+  - path: service-patch.yaml
+    target:
+      version: v1
+      kind: Service
+      name: gitea
+  - path: deployment-patch.yaml 
+    target: 
+      version: v1 
+      group: apps 
+      kind: Deployment
+      name: gitea

example-overlay/service-patch.yaml

@@ -0,0 +1,3 @@
+- op: add
+  path: /spec/loadBalancerIP
+  value: lb.reserved.ip.address