K3S-HOME/applications
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FEAT(gitea): add gitea Application to apps reposit

Browse Source 
- Move gitea Application definition to applications repo
- Add gitea resources (helm-values, vault secrets, runner deployment)
- Update kustomization.yaml to include gitea Application
- This enables ArgoCD to manage gitea with proper Helm chart integration
This commit is contained in:
Mayne0213
2025-12-18 19:08:20 +09:00
parent 950058278a
commit b6c581492b
9 changed files with 447 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
gitea/argocd/gitea.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitea
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
# Helm chart from Gitea repository
- repoURL: https://dl.gitea.com/charts/
chart: gitea
targetRevision: 12.4.0
helm:
valueFiles:
- $values/gitea/helm-values/gitea.yaml
# Values file from Git repository
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
ref: values
# Vault secrets from Git repository
- repoURL: https://gitea0213.kro.kr/bluemayne/infrastructure.git
targetRevision: main
path: gitea
destination:
server: https://kubernetes.default.svc
namespace: gitea
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10
# Ignore differences in checksum annotations and manual restart annotations
ignoreDifferences:
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.metadata.annotations
- .metadata.annotations

100
gitea/deployment.yaml Normal file
View File

@@ -0,0 +1,100 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-runner-config
namespace: gitea
data:
config.yaml: |
log:
level: info
runner:
name: k8s-runner
capacity: 10
timeout: 3h
insecure: false
fetch_timeout: 5s
fetch_interval: 2s
labels:
- "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
- "ubuntu-24.04:docker://catthehacker/ubuntu:act-latest"
- "ubuntu-24.04-arm:docker://catthehacker/ubuntu:act-latest"
container:
network: host
options: -e DOCKER_HOST=tcp://localhost:2375
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-runner
namespace: gitea
labels:
app: gitea-runner
spec:
replicas: 1
selector:
matchLabels:
app: gitea-runner
template:
metadata:
labels:
app: gitea-runner
spec:
restartPolicy: Always
volumes:
- name: docker-certs
emptyDir: {}
- name: runner-data
emptyDir: {}
- name: config
configMap:
name: gitea-runner-config
containers:
# Docker daemon (Docker-in-Docker)
- name: docker-daemon
image: docker:dind
env:
- name: DOCKER_TLS_CERTDIR
value: ""
securityContext:
privileged: true
volumeMounts:
- name: docker-certs
mountPath: /certs
# Gitea Actions runner
- name: runner
image: gitea/act_runner:latest
command:
- sh
- -c
- |
while ! nc -z localhost 2375 </dev/null; do
echo 'waiting for docker daemon...';
sleep 1;
done
act_runner register --no-interactive --instance "$GITEA_INSTANCE_URL" --token "$GITEA_RUNNER_REGISTRATION_TOKEN" --name k8s-runner --labels "ubuntu-latest:docker://catthehacker/ubuntu:act-latest,ubuntu-24.04:docker://catthehacker/ubuntu:act-latest,ubuntu-24.04-arm:docker://catthehacker/ubuntu:act-latest"
act_runner daemon
env:
- name: DOCKER_HOST
value: tcp://localhost:2375
- name: GITEA_INSTANCE_URL
value: "http://gitea-http.gitea.svc.cluster.local:3000"
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: gitea-runner-token
key: token
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: runner-data
mountPath: /data
- name: config
mountPath: /config.yaml
subPath: config.yaml
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 2Gi

172
gitea/helm-values/gitea.yaml Normal file
View File

@@ -0,0 +1,172 @@
# Gitea Helm Values
# Chart: https://gitea.com/gitea/helm-chart
# Self-hosted Git service
fullnameOverride: gitea
replicaCount: 1
image:
registry: docker.io
repository: gitea/gitea
tag: "1.25.2"
pullPolicy: IfNotPresent
rootless: false
# Gitea configuration
gitea:
admin:
# Admin credentials managed via environment variables
existingSecret: gitea-admin-secret
config:
server:
DOMAIN: gitea0213.kro.kr
ROOT_URL: https://gitea0213.kro.kr
SSH_DOMAIN: gitea0213.kro.kr
SSH_PORT: 2222
DISABLE_SSH: true
START_SSH_SERVER: false
SSH_LISTEN_PORT: 2222
database:
DB_TYPE: postgres
HOST: postgresql-primary.postgresql.svc.cluster.local:5432
NAME: gitea
USER: postgres
SCHEMA: public
SSL_MODE: disable
service:
DISABLE_REGISTRATION: false
REQUIRE_SIGNIN_VIEW: false
ENABLE_NOTIFY_MAIL: false
cache:
ENABLED: true
ADAPTER: memory
session:
PROVIDER: memory
git:
PATH: /usr/bin/git
actions:
ENABLED: true
DEFAULT_ACTIONS_URL: github
packages:
ENABLED: true
CHUNKED_UPLOAD_PATH: /data/packages/chunked-upload
container:
ENABLED: true
REGISTRY_HOST: gitea0213.kro.kr
# Health checks
livenessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
readinessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
# PostgreSQL dependency (using existing PostgreSQL instance)
postgresql:
enabled: false
# Use existing PostgreSQL
postgresql-ha:
enabled: false
# Valkey cluster (disabled, using memory for cache/session)
valkey-cluster:
enabled: false
# Redis (optional, for caching)
redis-cluster:
enabled: false
# Environment variables for database password
deployment:
env:
- name: GITEA__database__PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgres-password
key: password
# Persistence for Gitea data
persistence:
enabled: true
size: 10Gi
storageClass: local-path
accessModes:
- ReadWriteOnce
# Service configuration
service:
http:
type: ClusterIP
port: 3000
ssh:
type: LoadBalancer
port: 2222
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: gitea
# Ingress configuration
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts:
- host: gitea0213.kro.kr
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls
hosts:
- gitea0213.kro.kr
# Resource limits
resources:
requests:
cpu: 50m
memory: 256Mi
limits:
memory: 512Mi
# Security context
securityContext:
fsGroup: 1000
# Init containers for database setup
initPreScript: |
#!/bin/sh
echo "Waiting for PostgreSQL..."
until nc -z postgresql-primary.postgresql.svc.cluster.local 5432; do
echo "Waiting for PostgreSQL to be ready..."
sleep 2
done
echo "PostgreSQL is ready"

19
gitea/kustomization.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# ArgoCD Application (주석 처리: circular dependency 방지)
# - argocd/gitea.yaml
# Gitea Application은 수동으로 적용: kubectl apply -f gitea/argocd/gitea.yaml
# Gitea Runner
- deployment.yaml
# Vault secrets
- vault/gitea-admin-secret.yaml
- vault/gitea-postgres-password.yaml
- vault/gitea-runner-token.yaml
- vault/gitea-minio-credentials.yaml
- vault/minio-root-password.yaml
namespace: gitea

22
gitea/vault/gitea-admin-secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitea-admin-secret
namespace: gitea
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: gitea-admin-secret
creationPolicy: Owner
data:
- secretKey: username
remoteRef:
key: gitea/admin
property: USERNAME
- secretKey: password
remoteRef:
key: gitea/admin
property: PASSWORD

18
gitea/vault/gitea-minio-credentials.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitea-minio-credentials
namespace: gitea
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: gitea-minio-credentials
creationPolicy: Owner
data:
- secretKey: password
remoteRef:
key: gitea/minio
property: GITEA_MINIO_PASSWORD

18
gitea/vault/gitea-postgres-password.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitea-postgres-password
namespace: gitea
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: gitea-postgres-password
creationPolicy: Owner
data:
- secretKey: password
remoteRef:
key: gitea/postgres
property: PASSWORD

18
gitea/vault/gitea-runner-token.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitea-runner-token
namespace: gitea
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: gitea-runner-token
creationPolicy: Owner
data:
- secretKey: token
remoteRef:
key: gitea/runner
property: TOKEN

22
gitea/vault/minio-root-password.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: minio-root-password
namespace: gitea
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: minio-root-password
creationPolicy: Owner
data:
- secretKey: root-user
remoteRef:
key: gitea/minio
property: ROOT_USER
- secretKey: root-password
remoteRef:
key: gitea/minio
property: ROOT_PASSWORD