gitea
Less than 1 minute
gitea
prepare
- k8s is ready
- argocd is ready and logged in
- traefik ingress is ready
installation
- prepare
gitea.yamlapiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: gitea spec: project: default syncPolicy: syncOptions: - CreateNamespace=true source: repoURL: https://dl.gitea.io/charts/ chart: gitea targetRevision: 12.1.0 helm: releaseName: gitea valuesObject: global: security: allowInsecureImages: true image: registry: m.daocloud.io/docker.io repository: gitea/gitea pullPolicy: IfNotPresent service: http: type: ClusterIP ssh: type: NodePort port: 22 nodePort: 32022 ingress: enabled: true className: traefik annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" hosts: - host: gitea.dev.geekcity.tech paths: - path: / pathType: Prefix resources: requests: cpu: 100m memory: 256Mi limits: cpu: 1 memory: 2Gi persistence: size: 8Gi storageClass: "" gitea: admin: existingSecret: gitea-admin-credentials email: ben.wangz@foxmail.com config: repository: MAX_CREATION_LIMIT: 10 DISABLED_REPO_UNITS: repo.wiki,repo.ext_wiki,repo.projects DEFAULT_REPO_UNITS: repo.code,repo.releases,repo.issues,repo.pulls DISABLE_STARS: true DEFAULT_BRANCH: main ui: SHOW_USER_EMAIL: false SEARCH_REPO_DESCRIPTION: false server: PROTOCOL: http ROOT_URL: https://gitea.dev.geekcity.tech:32443/ LANDING_PAGE: login DOMAIN: gitea.dev.geekcity.tech SSH_DOMAIN: ssh.gitea.dev.geekcity.tech SSH_PORT: 32022 SSH_AUTHORIZED_PRINCIPALS_ALLOW: email admin: DISABLE_REGULAR_ORG_CREATION: true security: INSTALL_LOCK: true service: REGISTER_EMAIL_CONFIRM: true DISABLE_REGISTRATION: true ENABLE_NOTIFY_MAIL: false DEFAULT_ALLOW_CREATE_ORGANIZATION: false SHOW_MILESTONES_DASHBOARD_PAGE: false explore: DISABLE_USERS_PAGE: true mailer: ENABLED: false i18n: LANGS: en-US,zh-CN NAMES: English,简体ä¸æ–‡ oauth2: ENABLED: false other: SHOW_FOOTER_VERSION: false openid: ENABLE_OPENID_SIGNIN: false ENABLE_OPENID_SIGNUP: false oauth2_client: ENABLE_AUTO_REGISTRATION: false valkey-cluster: enabled: true image: registry: m.daocloud.io/docker.io repository: bitnami/valkey-cluster tag: 8.1.2-debian-12-r0 usePassword: false usePasswordFiles: false cluster: nodes: 3 replicas: 0 service: ports: valkey: 6379 persistence: enabled: true storageClass: "" size: 5Gi postgresql-ha: enabled: false postgresql: enabled: true image: registry: m.daocloud.io/docker.io repository: bitnami/postgresql tag: 17.5.0-debian-12-r11 global: postgresql: auth: database: gitea username: gitea password: gitea service: ports: postgresql: 5432 primary: persistence: enabled: true storageClass: "" size: 10Gi destination: server: https://kubernetes.default.svc namespace: application
- prepare admin credentials secret
kubectl get namespaces application > /dev/null 2>&1 || kubectl create namespace application kubectl -n application create secret generic gitea-admin-credentials \ --from-literal=username=admin \ --from-literal=password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)
- apply to k8s
kubectl -n argocd apply -f gitea.yaml
- sync by argocd
argocd app sync argocd/gitea
tests
- with browser
- gitea.dev.geekcity.tech should be resolved to traefik ingress
- for example, add
$K8S_MASTER_IP gitea.dev.geekcity.techto/etc/hosts
- for example, add
- https://gitea.dev.geekcity.tech:32443
- note: the browser will show a certificate warning since traefik uses a self-signed certificate
- username
kubectl -n application get secret gitea-admin-credentials -o jsonpath='{.data.username}' | base64 -d
- password
kubectl -n application get secret gitea-admin-credentials -o jsonpath='{.data.password}' | base64 -d
- gitea.dev.geekcity.tech should be resolved to traefik ingress
- with ssh(git client)
- ssh.gitea.dev.geekcity.tech should be resolved to k8s node
- for example, add
$K8S_MASTER_IP ssh.gitea.dev.geekcity.techto/etc/hosts
- for example, add
- ssh.gitea.dev.geekcity.tech should be resolved to k8s node