212 lines
8.6 KiB
YAML
212 lines
8.6 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: gitea
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
labels:
|
|
{{- include "gitea.labels" . | nindent 4 }}
|
|
app: gitea
|
|
service: gitea
|
|
annotations:
|
|
owner: "platform"
|
|
spec:
|
|
replicas: {{ .Values.gitea.replicaCount }}
|
|
revisionHistoryLimit: 10
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: gitea
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "gitea.labels" . | nindent 8 }}
|
|
app: gitea
|
|
service: gitea
|
|
annotations:
|
|
traffic.sidecar.istio.io/excludeOutboundPorts: "4317,4318,9411"
|
|
spec:
|
|
containers:
|
|
- name: gitea
|
|
image: "{{ .Values.gitea.image.repository }}:{{ .Values.gitea.image.tag }}"
|
|
imagePullPolicy: {{ .Values.gitea.image.pullPolicy }}
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.gitea.service.targetPort }}
|
|
protocol: TCP
|
|
- name: ssh
|
|
containerPort: 22
|
|
protocol: TCP
|
|
env:
|
|
- name: USER_UID
|
|
value: {{ .Values.gitea.uid | quote }}
|
|
- name: USER_GID
|
|
value: {{ .Values.gitea.gid | quote }}
|
|
- name: GITEA__database__DB_TYPE
|
|
value: postgres
|
|
- name: GITEA__database__HOST
|
|
value: postgresql:5432
|
|
- name: GITEA__database__NAME
|
|
value: {{ .Values.postgresql.auth.database | quote }}
|
|
- name: GITEA__database__USER
|
|
value: {{ .Values.postgresql.auth.username | quote }}
|
|
- name: GITEA__database__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.databaseSecret.name | quote }}
|
|
key: {{ .Values.databaseSecret.passwordKey | quote }}
|
|
- name: GITEA__server__DOMAIN
|
|
value: {{ .Values.gitea.domain | quote }}
|
|
- name: GITEA__server__SSH_DOMAIN
|
|
value: {{ .Values.gitea.sshDomain | quote }}
|
|
- name: GITEA__server__ROOT_URL
|
|
value: {{ .Values.gitea.rootUrl | quote }}
|
|
- name: GITEA__server__HTTP_PORT
|
|
value: {{ .Values.gitea.httpPort | quote }}
|
|
- name: GITEA__server__SSH_PORT
|
|
value: {{ .Values.gitea.sshPort | quote }}
|
|
- name: GITEA__server__SSH_LISTEN_PORT
|
|
value: {{ .Values.gitea.sshListenPort | quote }}
|
|
- name: GITEA__security__INSTALL_LOCK
|
|
value: "true"
|
|
- name: GITEA__actions__ENABLED
|
|
value: "true"
|
|
- name: TZ
|
|
value: {{ .Values.gitea.timezone | quote }}
|
|
startupProbe:
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.gitea.probes.startup.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.gitea.probes.startup.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.gitea.probes.startup.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.gitea.probes.startup.failureThreshold }}
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.gitea.probes.readiness.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.gitea.probes.readiness.periodSeconds }}
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.gitea.probes.liveness.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.gitea.probes.liveness.periodSeconds }}
|
|
volumeMounts:
|
|
- name: gitea-data
|
|
mountPath: /data
|
|
resources:
|
|
{{- toYaml .Values.gitea.resources | nindent 12 }}
|
|
{{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "sidecar") }}
|
|
- name: gitea-files-archive
|
|
image: "{{ .Values.backup.giteaFiles.archiveImage.repository }}:{{ .Values.backup.giteaFiles.archiveImage.tag }}"
|
|
imagePullPolicy: {{ .Values.backup.giteaFiles.archiveImage.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
run_archive() {
|
|
timestamp="$(date +%F-%H%M%S)"
|
|
archive_name="gitea-files-${timestamp}.tar.gz"
|
|
tmp_path="/backup/${archive_name}.tmp"
|
|
archive_path="/backup/${archive_name}"
|
|
marker_path="/backup/${archive_name}.ready"
|
|
tar -C /data -czf "${tmp_path}" .
|
|
mv "${tmp_path}" "${archive_path}"
|
|
printf "%s" "${archive_name}" > "${marker_path}"
|
|
}
|
|
|
|
last_run_file="/backup/.gitea-files-backup-last-run"
|
|
if [ "${RUN_ON_START}" = "true" ]; then
|
|
run_archive || true
|
|
date +%F > "${last_run_file}"
|
|
fi
|
|
|
|
while true; do
|
|
current_time="$(date +%H:%M)"
|
|
current_day="$(date +%F)"
|
|
last_run="$(cat "${last_run_file}" 2>/dev/null || true)"
|
|
if [ "${current_time}" = "${BACKUP_TIME}" ] && [ "${last_run}" != "${current_day}" ]; then
|
|
if run_archive; then
|
|
echo "${current_day}" > "${last_run_file}"
|
|
fi
|
|
fi
|
|
sleep 60
|
|
done
|
|
env:
|
|
- name: BACKUP_TIME
|
|
value: {{ .Values.backup.giteaFiles.time | quote }}
|
|
- name: RUN_ON_START
|
|
value: {{ ternary "true" "false" .Values.backup.giteaFiles.runOnStart | quote }}
|
|
- name: TZ
|
|
value: {{ .Values.backup.timeZone | quote }}
|
|
volumeMounts:
|
|
- name: gitea-data
|
|
mountPath: /data
|
|
readOnly: true
|
|
- name: gitea-files-backup
|
|
mountPath: /backup
|
|
resources:
|
|
{{- toYaml .Values.backup.giteaFiles.resources | nindent 12 }}
|
|
- name: gitea-files-upload
|
|
image: "{{ .Values.backup.giteaFiles.uploadImage.repository }}:{{ .Values.backup.giteaFiles.uploadImage.tag }}"
|
|
imagePullPolicy: {{ .Values.backup.giteaFiles.uploadImage.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -ec
|
|
- |
|
|
credentials_ready() {
|
|
case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; return 1;; esac
|
|
case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; return 1;; esac
|
|
test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; return 1; }
|
|
}
|
|
|
|
while true; do
|
|
for marker_path in /backup/*.ready; do
|
|
[ -e "${marker_path}" ] || continue
|
|
archive_name="$(cat "${marker_path}")"
|
|
archive_path="/backup/${archive_name}"
|
|
[ -f "${archive_path}" ] || continue
|
|
|
|
if credentials_ready; then
|
|
aws --endpoint-url "${AWS_ENDPOINT_URL}" \
|
|
s3 cp "${archive_path}" "s3://${S3_BUCKET}/${S3_PREFIX}/gitea-files/${archive_name}"
|
|
rm -f "${archive_path}" "${marker_path}"
|
|
else
|
|
sleep 300
|
|
fi
|
|
done
|
|
sleep 60
|
|
done
|
|
env:
|
|
- name: S3_BUCKET
|
|
value: {{ .Values.backup.s3.bucket | quote }}
|
|
- name: S3_PREFIX
|
|
value: {{ .Values.backup.s3.prefix | quote }}
|
|
- name: AWS_DEFAULT_REGION
|
|
value: {{ .Values.backup.s3.region | quote }}
|
|
- name: AWS_ENDPOINT_URL
|
|
value: {{ .Values.backup.s3.endpointUrl | quote }}
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gitea.secretName" . | quote }}
|
|
key: aws-access-key-id
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "gitea.secretName" . | quote }}
|
|
key: aws-secret-access-key
|
|
volumeMounts:
|
|
- name: gitea-files-backup
|
|
mountPath: /backup
|
|
resources:
|
|
{{- toYaml .Values.backup.giteaFiles.resources | nindent 12 }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: gitea-data
|
|
persistentVolumeClaim:
|
|
claimName: {{ include "gitea.giteaPvcName" . | quote }}
|
|
{{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "sidecar") }}
|
|
- name: gitea-files-backup
|
|
emptyDir: {}
|
|
{{- end }}
|