apiVersion: apps/v1 kind: Deployment metadata: name: gitea namespace: {{ .Release.Namespace | quote }} labels: {{- include "gitea.labels" . | nindent 4 }} app: gitea service: gitea annotations: owner: "platform" spec: replicas: {{ .Values.gitea.replicaCount }} revisionHistoryLimit: 10 strategy: type: Recreate selector: matchLabels: app: gitea template: metadata: labels: {{- include "gitea.labels" . | nindent 8 }} app: gitea service: gitea annotations: traffic.sidecar.istio.io/excludeOutboundPorts: "4317,4318,9411" spec: containers: - name: gitea image: "{{ .Values.gitea.image.repository }}:{{ .Values.gitea.image.tag }}" imagePullPolicy: {{ .Values.gitea.image.pullPolicy }} ports: - name: http containerPort: {{ .Values.gitea.service.targetPort }} protocol: TCP - name: ssh containerPort: 22 protocol: TCP env: - name: USER_UID value: {{ .Values.gitea.uid | quote }} - name: USER_GID value: {{ .Values.gitea.gid | quote }} - name: GITEA__database__DB_TYPE value: postgres - name: GITEA__database__HOST value: postgresql:5432 - name: GITEA__database__NAME value: {{ .Values.postgresql.auth.database | quote }} - name: GITEA__database__USER value: {{ .Values.postgresql.auth.username | quote }} - name: GITEA__database__PASSWD valueFrom: secretKeyRef: name: {{ .Values.databaseSecret.name | quote }} key: {{ .Values.databaseSecret.passwordKey | quote }} - name: GITEA__server__DOMAIN value: {{ .Values.gitea.domain | quote }} - name: GITEA__server__SSH_DOMAIN value: {{ .Values.gitea.sshDomain | quote }} - name: GITEA__server__ROOT_URL value: {{ .Values.gitea.rootUrl | quote }} - name: GITEA__server__HTTP_PORT value: {{ .Values.gitea.httpPort | quote }} - name: GITEA__server__SSH_PORT value: {{ .Values.gitea.sshPort | quote }} - name: GITEA__server__SSH_LISTEN_PORT value: {{ .Values.gitea.sshListenPort | quote }} - name: GITEA__security__INSTALL_LOCK value: "true" - name: GITEA__actions__ENABLED value: "true" - name: TZ value: {{ .Values.gitea.timezone | quote }} startupProbe: tcpSocket: port: http initialDelaySeconds: {{ .Values.gitea.probes.startup.initialDelaySeconds }} periodSeconds: {{ .Values.gitea.probes.startup.periodSeconds }} timeoutSeconds: {{ .Values.gitea.probes.startup.timeoutSeconds }} failureThreshold: {{ .Values.gitea.probes.startup.failureThreshold }} readinessProbe: tcpSocket: port: http initialDelaySeconds: {{ .Values.gitea.probes.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.gitea.probes.readiness.periodSeconds }} livenessProbe: tcpSocket: port: http initialDelaySeconds: {{ .Values.gitea.probes.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.gitea.probes.liveness.periodSeconds }} volumeMounts: - name: gitea-data mountPath: /data resources: {{- toYaml .Values.gitea.resources | nindent 12 }} {{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "sidecar") }} - name: gitea-files-archive image: "{{ .Values.backup.giteaFiles.archiveImage.repository }}:{{ .Values.backup.giteaFiles.archiveImage.tag }}" imagePullPolicy: {{ .Values.backup.giteaFiles.archiveImage.pullPolicy }} command: - /bin/sh - -ec - | run_archive() { timestamp="$(date +%F-%H%M%S)" archive_name="gitea-files-${timestamp}.tar.gz" tmp_path="/backup/${archive_name}.tmp" archive_path="/backup/${archive_name}" marker_path="/backup/${archive_name}.ready" tar -C /data -czf "${tmp_path}" . mv "${tmp_path}" "${archive_path}" printf "%s" "${archive_name}" > "${marker_path}" } last_run_file="/backup/.gitea-files-backup-last-run" if [ "${RUN_ON_START}" = "true" ]; then run_archive || true date +%F > "${last_run_file}" fi while true; do current_time="$(date +%H:%M)" current_day="$(date +%F)" last_run="$(cat "${last_run_file}" 2>/dev/null || true)" if [ "${current_time}" = "${BACKUP_TIME}" ] && [ "${last_run}" != "${current_day}" ]; then if run_archive; then echo "${current_day}" > "${last_run_file}" fi fi sleep 60 done env: - name: BACKUP_TIME value: {{ .Values.backup.giteaFiles.time | quote }} - name: RUN_ON_START value: {{ ternary "true" "false" .Values.backup.giteaFiles.runOnStart | quote }} - name: TZ value: {{ .Values.backup.timeZone | quote }} volumeMounts: - name: gitea-data mountPath: /data readOnly: true - name: gitea-files-backup mountPath: /backup resources: {{- toYaml .Values.backup.giteaFiles.resources | nindent 12 }} - name: gitea-files-upload image: "{{ .Values.backup.giteaFiles.uploadImage.repository }}:{{ .Values.backup.giteaFiles.uploadImage.tag }}" imagePullPolicy: {{ .Values.backup.giteaFiles.uploadImage.pullPolicy }} command: - /bin/sh - -ec - | credentials_ready() { case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; return 1;; esac case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; return 1;; esac test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; return 1; } } while true; do for marker_path in /backup/*.ready; do [ -e "${marker_path}" ] || continue archive_name="$(cat "${marker_path}")" archive_path="/backup/${archive_name}" [ -f "${archive_path}" ] || continue if credentials_ready; then aws --endpoint-url "${AWS_ENDPOINT_URL}" \ s3 cp "${archive_path}" "s3://${S3_BUCKET}/${S3_PREFIX}/gitea-files/${archive_name}" rm -f "${archive_path}" "${marker_path}" else sleep 300 fi done sleep 60 done env: - name: S3_BUCKET value: {{ .Values.backup.s3.bucket | quote }} - name: S3_PREFIX value: {{ .Values.backup.s3.prefix | quote }} - name: AWS_DEFAULT_REGION value: {{ .Values.backup.s3.region | quote }} - name: AWS_ENDPOINT_URL value: {{ .Values.backup.s3.endpointUrl | quote }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: {{ include "gitea.secretName" . | quote }} key: aws-access-key-id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: {{ include "gitea.secretName" . | quote }} key: aws-secret-access-key volumeMounts: - name: gitea-files-backup mountPath: /backup resources: {{- toYaml .Values.backup.giteaFiles.resources | nindent 12 }} {{- end }} volumes: - name: gitea-data persistentVolumeClaim: claimName: {{ include "gitea.giteaPvcName" . | quote }} {{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "sidecar") }} - name: gitea-files-backup emptyDir: {} {{- end }}