Initial commit

README.md

@@ -0,0 +1,8 @@
+# gitea kubernetes deployment
+
+Deploys gita with a postgresql database
+
+## ToDo
+
++ Replace literal passwords with https://github.com/mittwald/kubernetes-secret-generator
+

configuration.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-config
+  namespace: gitea
+  labels:
+    app: postgres
+data:
+  PGDATA: "/var/lib/postgresql/data"
+  POSTGRES_DB: "gitea"
+  POSTGRES_USER: "postgres"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitea-env
+  namespace: gitea
+  labels:
+    app: gitea
+data:
+  APP_NAME: "Gitea"
+  USER_UID: "1000"
+  USER_GID: "1000"
+  ROOT_URL: "https://git.thejimnicholson.com"
+  HTTP_PORT: "3000"
+  DB_TYPE: postgres
+  DB_HOST: postgres.gitea.svc.cluster.local:5432
+  DB_NAME: gitea
+  DB_USER: postgres

deployment.yaml

@@ -0,0 +1,97 @@
+---
+  apiVersion: apps/v1
+  kind: Deployment
+  metadata:
+    name: postgres
+    namespace: gitea
+    labels:
+      app: postgres
+  spec:
+    selector:
+      matchLabels:
+        app: postgres # has to match .spec.template.metadata.labels
+        tier: postgres
+    strategy:
+      type: RollingUpdate
+      rollingUpdate:
+        maxSurge: 1
+        maxUnavailable: 0
+    template:
+      metadata:
+        labels:
+          app: postgres
+          tier: postgres
+      spec:
+        containers:
+        - image: postgres:12
+          securityContext:
+            runAsUser: 1000
+          name: postgres
+#          command: ["chown", "-R", "1000:1000", "/var/lib/postgresql/data"]
+          envFrom:
+            - configMapRef:
+                name: postgres-config
+          env:
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secrets
+                  key: pg_password
+          ports:
+          - containerPort: 5432
+            name: postgres
+          volumeMounts:
+          - name: postgres-persistent-storage
+            mountPath: /var/lib/postgresql/data
+            subPath: pgdata
+        volumes:
+        - name: postgres-persistent-storage
+          persistentVolumeClaim:
+            claimName: postgres-pvc
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app: gitea
+spec:
+  selector:
+    matchLabels:
+      app: gitea
+  strategy:
+    #type: Recreate
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      containers:
+      - image: gitea/gitea:1.15.4
+        name: gitea
+        envFrom:
+          - configMapRef:
+              name: gitea-env
+        env:
+          - name: DB_PASSWD
+            valueFrom:
+              secretKeyRef:
+                name: gitea-secrets
+                key: pg_password
+        ports:
+        - containerPort: 3000
+          name: gitea
+        volumeMounts:
+        - name: gitea-persistent-storage
+          mountPath: /data
+      volumes:
+      - name: gitea-persistent-storage
+        persistentVolumeClaim:
+          claimName: gitea-pvc

ingress.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea-ingress
+  namespace: gitea
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    cert-manager.io/cluster-issuer: http-clusterissuer
+spec:
+  rules:
+  - host: git.thejimnicholson.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea
+            port: 
+              number: 3000
+  tls:
+  - hosts:
+    - git.thejimnicholson.com
+    secretName: git.thejimnicholson.com

kustomization.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitea
+secretGenerator:
+- literals:
+  - pg_password=some1pass5here9
+  name: gitea-secrets
+generatorOptions:
+  disableNameSuffixHash: true
+  labels:
+    type: generated
+resources:
+- namespace.yaml
+- storage.yaml
+- configuration.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml

namespace.yaml

@@ -0,0 +1,5 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: gitea

service.yaml

@@ -0,0 +1,28 @@
+---
+  apiVersion: v1
+  kind: Service
+  metadata:
+    name: postgres
+    namespace: gitea
+    labels:
+      app: postgres
+  spec:
+    ports:
+    - name: postgres
+      port: 5432
+      targetPort: 5432
+    selector:
+      app: postgres
+    clusterIP: None
+---
+  apiVersion: v1
+  kind: Service
+  metadata:
+    name: gitea
+    namespace: gitea
+  spec:
+    selector:
+      app: gitea
+    ports:
+    - protocol: TCP
+      port: 3000

storage.yaml

@@ -0,0 +1,68 @@
+---
+  apiVersion: v1
+  kind: PersistentVolume
+  metadata:
+    name: postgres-pv
+    namespace: gitea
+    labels:
+      app: gitea
+  spec:
+    capacity:
+      storage: 5Gi
+    accessModes:
+      - ReadWriteOnce
+    persistentVolumeReclaimPolicy: Retain
+    nfs:
+      server: 10.0.96.2
+      path: "/volume1/storage/git-database"
+    claimRef:
+      namespace: gitea
+      name: postgres-pvc
+---
+  apiVersion: v1
+  kind: PersistentVolume
+  metadata:
+    name: gitea-pv
+    namespace: gitea
+    labels:
+      app: gitea
+  spec:
+    capacity:
+      storage: 5Gi
+    accessModes:
+      - ReadWriteOnce
+    persistentVolumeReclaimPolicy: Retain
+    nfs:
+      server: 10.0.96.2
+      path: "/volume1/storage/git-repo"
+    claimRef:
+      namespace: gitea
+      name: gitea-pvc
+---
+  apiVersion: v1
+  kind: PersistentVolumeClaim
+  metadata:
+    name: postgres-pvc
+    namespace: gitea
+    labels:
+      app: gitea
+  spec:
+    accessModes:
+      - ReadWriteOnce
+    resources:
+      requests:
+        storage: 5Gi
+---
+  apiVersion: v1
+  kind: PersistentVolumeClaim
+  metadata:
+    name: gitea-pvc
+    namespace: gitea
+    labels:
+      app: gitea
+  spec:
+    accessModes:
+      - ReadWriteOnce
+    resources:
+      requests:
+        storage: 5Gi