--- apiVersion: v1 kind: Namespace metadata: name: gitea --- apiVersion: v1 kind: ServiceAccount metadata: name: gitea-sa namespace: gitea --- apiVersion: v1 kind: ConfigMap metadata: name: gitea-config namespace: gitea data: server.domain: "gitea.apps.mngoma.lab" server.rooturl: "https://gitea.apps.mngoma.lab" database.type: "postgres" database.host: "192.168.1.137:5432" database.name: "giteam" --- apiVersion: v1 kind: Secret metadata: name: gitea-secret namespace: gitea type: Opaque data: database.username: YXBwX3VzZXI= database.password: MTIzNDU= --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: gitea-role namespace: gitea rules: - apiGroups: [""] resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: gitea-rolebinding namespace: gitea subjects: - kind: ServiceAccount name: gitea-sa roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: gitea-role --- apiVersion: v1 kind: PersistentVolume metadata: name: gitea-pv labels: type: local spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce storageClassName: local-pvs local: path: /home/ansible/k3s/makhiwane/gitea nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - lead persistentVolumeReclaimPolicy: Retain --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitea-pvc namespace: gitea spec: accessModes: - ReadWriteOnce storageClassName: local-pvs resources: requests: storage: 10Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea namespace: gitea labels: app.kubernetes.io/name: gitea-server spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: gitea-server template: metadata: labels: app.kubernetes.io/name: gitea-server spec: serviceAccountName: gitea-sa containers: - name: gitea image: gitea/gitea:1.21.4 ports: - containerPort: 3000 - containerPort: 22 volumeMounts: - name: gitea-data mountPath: /data env: - name: USER_UID value: "1000" - name: USER_GID value: "1000" - name: GITEA_SERVER_ROOT_URL valueFrom: configMapKeyRef: name: gitea-config key: server.rooturl - name: GITEA_SERVER_DOMAIN valueFrom: configMapKeyRef: name: gitea-config key: server.domain - name: GITEA__database__TYPE valueFrom: configMapKeyRef: name: gitea-config key: database.type - name: GITEA__database__HOST valueFrom: configMapKeyRef: name: gitea-config key: database.host - name: GITEA__database__USER valueFrom: secretKeyRef: name: gitea-secret key: database.username - name: GITEA__database__PASSWD valueFrom: secretKeyRef: name: gitea-secret key: database.password - name: GITEA__database__NAME valueFrom: configMapKeyRef: name: gitea-config key: database.name volumes: - name: gitea-data persistentVolumeClaim: claimName: gitea-pvc --- apiVersion: v1 kind: Service metadata: name: gitea-server namespace: gitea spec: selector: app.kubernetes.io/name: gitea-server ports: - name: http protocol: TCP port: 3000 targetPort: 3000 - name: ssh protocol: TCP port: 22 targetPort: 22 type: ClusterIP --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: gitea-web namespace: gitea spec: entryPoints: - websecure routes: - match: Host(`gitea.apps.mngoma.lab`) kind: Rule services: - name: gitea-server port: 3000 scheme: http tls: {}