Adding new gitea deployment

2026-02-07 08:48:10 +01:00 · 2026-02-07 08:48:10 +01:00 · ffa0140d0b
parent 12cc3729dd
commit ffa0140d0b
3 changed files with 150 additions and 31 deletions
--- a/k8s/development/gitea.secret.yml
+++ b/k8s/development/gitea.secret.yml
@ -1,42 +1,119 @@
-persistence:
-  annotations:
-    "helm.sh/resource-policy": keep
+# --- Resource Optimization: Disable HA Clusters ---
+postgresql-ha:
+  enabled: false
+valkey-cluster:
+  enabled: false
+
+# --- Lightweight Database (PostgreSQL) ---
+postgresql:
  enabled: true
-  storageClass: openebs-hostpath
-  accessMode: ReadWriteOnce
-    
+  global:
+    postgresql:
+      auth:
+        database: gitea
+        username: gitea
+        password: "eexai7ohHoameo3aefah" # <--- [1] DB Password
+  # Reduce DB resources for private use
+  primary:
+    resources:
+      requests:
+        cpu: 10m
+        memory: 128Mi
+      limits:
+        memory: 512Mi
+    persistence:
+      size: 5Gi
+      storageClass: openebs-hostpath
+
+# --- Lightweight Cache (Valkey Standalone) ---
+valkey:
+  enabled: true
+  architecture: standalone
+  global:
+    valkey:
+      password: "Aid0eiy1ohghoagahjo3" # <--- [2] Cache Password
+  master:
+    resources:
+      requests:
+        cpu: 10m
+        memory: 64Mi
+      limits:
+        memory: 128Mi
+    persistence:
+      enabled: false # Ephemeral cache is fine for home use (saves disk I/O)
+
+# --- Gitea Configuration ---
+image:
+  tag: "1.21.5"
+  rootless: true
+
+# Limit Gitea's own resources
 resources:
  gitea:
    requests:
-      memory: 200Mi
+      memory: 256Mi
      cpu: 100m
+    limits:
+      memory: 1Gi
+      cpu: 1000m

-mariadb:
+persistence:
  enabled: true
-  rootUser:
-    password: chu6ohzat4zae2iPhuoy
-  db:
-    user: gitea
-    name: gitea
-    password: OohoX6vahsh1mahshujo
+  storageClass: openebs-hostpath
+  size: 10Gi
+  accessModes:
+    - ReadWriteOnce

-ingress:
-  enabled: true
-  certManager: true
-  annotations:
-    kubernetes.io/ingress.class: "nginx"    
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-  hosts:
-  - name: git.moritzgraf.de
-  tls:
-  - hosts:
-    - "git.moritzgraf.de"
-    secretName: git-moritzgraf-de
+gitea:
+  admin:
+    username: "moritz"
+    password: "oongaeY9ohw4eith2Aiv" # <--- [3] Admin Password
+    email: "moritz@moritzgraf.de"
+
+  config:
+    security:
+      INSTALL_LOCK: true
+      SECRET_KEY: "eew5quoo3jeiPheeb7eereeTaik2Ieth" # <--- [4] Secret Key
+    server:
+      DOMAIN: git.moritzgraf.de
+      ROOT_URL: "https://git.moritzgraf.de/"
+      SSH_DOMAIN: git.moritzgraf.de
+      SSH_PORT: "2222"         # External display port
+      SSH_LISTEN_PORT: "2222"  # Internal container port
+      START_SSH_SERVER: true
+    
+    # Connect to our standalone Valkey instance
+    # The default host for the subchart is usually: <release-name>-valkey-master
+    cache:
+      ADAPTER: redis
+      HOST: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password
+    session:
+      PROVIDER: redis
+      PROVIDER_CONFIG: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password
+    queue:
+      TYPE: redis
+      CONN_STR: "redis://:Aid0eiy1ohghoagahjo3@gitea-valkey-master:6379/0" # <--- [2] Cache Password

 service:
  ssh:
-    serviceType: ClusterIP
-    port: 22
-    externalPort: 2222
-    externalHost: git.moritzgraf.de
+    type: NodePort
+    port: 2222
+    targetPort: 2222
+    nodePort: 30222 # Open this port on your firewall/router if needed
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/proxy-body-size: "512m"
+  hosts:
+    - host: git.moritzgraf.de
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: git-moritzgraf-de
+      hosts:
+        - git.moritzgraf.de
--- a/k8s/development/registry.secret.yaml
+++ b/k8s/development/registry.secret.yaml
--- a/k8s/development/registry_ingress.yaml
+++ b/k8s/development/registry_ingress.yaml
@ -0,0 +1,42 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: docker-registry
+  namespace: development
+  annotations:
+    # --- ADDED: Match the working configuration ---
+    kubernetes.io/tls-acme: "true"
+    # ----------------------------------------------
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: nginx
+    meta.helm.sh/release-name: docker-registry
+    meta.helm.sh/release-namespace: development
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  labels:
+    app: docker-registry
+    app.kubernetes.io/managed-by: Helm
+    chart: docker-registry-1.9.2
+    heritage: Helm
+    release: docker-registry
+spec:
+  # --- ADDED: Critical for modern K8s ---
+  ingressClassName: nginx 
+  # --------------------------------------
+  rules:
+  - host: registry.haumdaucher.de
+    http:
+      paths:
+      - backend:
+          service:
+            name: docker-registry
+            port:
+              number: 5000
+        path: /
+        # --- CHANGED: Recommended for consistency ---
+        pathType: Prefix
+        # --------------------------------------------
+  tls:
+  - hosts:
+    - registry.haumdaucher.de
+    secretName: registry-haumdaucher-de