gitea/.helm/templates/gitea-deployment.yaml
bootstrap 90fd37101b
Some checks failed
trash-ci / smoke (push) Failing after 11s
Initial Gitea chart with smoke CI
2026-05-06 17:35:56 +03:00

212 lines
8.6 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
app: gitea
service: gitea
annotations:
owner: "platform"
spec:
replicas: {{ .Values.gitea.replicaCount }}
revisionHistoryLimit: 10
strategy:
type: Recreate
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
{{- include "gitea.labels" . | nindent 8 }}
app: gitea
service: gitea
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "4317,4318,9411"
spec:
containers:
- name: gitea
image: "{{ .Values.gitea.image.repository }}:{{ .Values.gitea.image.tag }}"
imagePullPolicy: {{ .Values.gitea.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.gitea.service.targetPort }}
protocol: TCP
- name: ssh
containerPort: 22
protocol: TCP
env:
- name: USER_UID
value: {{ .Values.gitea.uid | quote }}
- name: USER_GID
value: {{ .Values.gitea.gid | quote }}
- name: GITEA__database__DB_TYPE
value: postgres
- name: GITEA__database__HOST
value: postgresql:5432
- name: GITEA__database__NAME
value: {{ .Values.postgresql.auth.database | quote }}
- name: GITEA__database__USER
value: {{ .Values.postgresql.auth.username | quote }}
- name: GITEA__database__PASSWD
valueFrom:
secretKeyRef:
name: {{ .Values.databaseSecret.name | quote }}
key: {{ .Values.databaseSecret.passwordKey | quote }}
- name: GITEA__server__DOMAIN
value: {{ .Values.gitea.domain | quote }}
- name: GITEA__server__SSH_DOMAIN
value: {{ .Values.gitea.sshDomain | quote }}
- name: GITEA__server__ROOT_URL
value: {{ .Values.gitea.rootUrl | quote }}
- name: GITEA__server__HTTP_PORT
value: {{ .Values.gitea.httpPort | quote }}
- name: GITEA__server__SSH_PORT
value: {{ .Values.gitea.sshPort | quote }}
- name: GITEA__server__SSH_LISTEN_PORT
value: {{ .Values.gitea.sshListenPort | quote }}
- name: GITEA__security__INSTALL_LOCK
value: "true"
- name: GITEA__actions__ENABLED
value: "true"
- name: TZ
value: {{ .Values.gitea.timezone | quote }}
startupProbe:
tcpSocket:
port: http
initialDelaySeconds: {{ .Values.gitea.probes.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.gitea.probes.startup.periodSeconds }}
timeoutSeconds: {{ .Values.gitea.probes.startup.timeoutSeconds }}
failureThreshold: {{ .Values.gitea.probes.startup.failureThreshold }}
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: {{ .Values.gitea.probes.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.gitea.probes.readiness.periodSeconds }}
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: {{ .Values.gitea.probes.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.gitea.probes.liveness.periodSeconds }}
volumeMounts:
- name: gitea-data
mountPath: /data
resources:
{{- toYaml .Values.gitea.resources | nindent 12 }}
{{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "sidecar") }}
- name: gitea-files-archive
image: "{{ .Values.backup.giteaFiles.archiveImage.repository }}:{{ .Values.backup.giteaFiles.archiveImage.tag }}"
imagePullPolicy: {{ .Values.backup.giteaFiles.archiveImage.pullPolicy }}
command:
- /bin/sh
- -ec
- |
run_archive() {
timestamp="$(date +%F-%H%M%S)"
archive_name="gitea-files-${timestamp}.tar.gz"
tmp_path="/backup/${archive_name}.tmp"
archive_path="/backup/${archive_name}"
marker_path="/backup/${archive_name}.ready"
tar -C /data -czf "${tmp_path}" .
mv "${tmp_path}" "${archive_path}"
printf "%s" "${archive_name}" > "${marker_path}"
}
last_run_file="/backup/.gitea-files-backup-last-run"
if [ "${RUN_ON_START}" = "true" ]; then
run_archive || true
date +%F > "${last_run_file}"
fi
while true; do
current_time="$(date +%H:%M)"
current_day="$(date +%F)"
last_run="$(cat "${last_run_file}" 2>/dev/null || true)"
if [ "${current_time}" = "${BACKUP_TIME}" ] && [ "${last_run}" != "${current_day}" ]; then
if run_archive; then
echo "${current_day}" > "${last_run_file}"
fi
fi
sleep 60
done
env:
- name: BACKUP_TIME
value: {{ .Values.backup.giteaFiles.time | quote }}
- name: RUN_ON_START
value: {{ ternary "true" "false" .Values.backup.giteaFiles.runOnStart | quote }}
- name: TZ
value: {{ .Values.backup.timeZone | quote }}
volumeMounts:
- name: gitea-data
mountPath: /data
readOnly: true
- name: gitea-files-backup
mountPath: /backup
resources:
{{- toYaml .Values.backup.giteaFiles.resources | nindent 12 }}
- name: gitea-files-upload
image: "{{ .Values.backup.giteaFiles.uploadImage.repository }}:{{ .Values.backup.giteaFiles.uploadImage.tag }}"
imagePullPolicy: {{ .Values.backup.giteaFiles.uploadImage.pullPolicy }}
command:
- /bin/sh
- -ec
- |
credentials_ready() {
case "${AWS_ACCESS_KEY_ID:-}" in ""|GENERATED_*) echo "AWS_ACCESS_KEY_ID is not configured" >&2; return 1;; esac
case "${AWS_SECRET_ACCESS_KEY:-}" in ""|GENERATED_*) echo "AWS_SECRET_ACCESS_KEY is not configured" >&2; return 1;; esac
test -n "${S3_BUCKET:-}" || { echo "S3_BUCKET is not configured" >&2; return 1; }
}
while true; do
for marker_path in /backup/*.ready; do
[ -e "${marker_path}" ] || continue
archive_name="$(cat "${marker_path}")"
archive_path="/backup/${archive_name}"
[ -f "${archive_path}" ] || continue
if credentials_ready; then
aws --endpoint-url "${AWS_ENDPOINT_URL}" \
s3 cp "${archive_path}" "s3://${S3_BUCKET}/${S3_PREFIX}/gitea-files/${archive_name}"
rm -f "${archive_path}" "${marker_path}"
else
sleep 300
fi
done
sleep 60
done
env:
- name: S3_BUCKET
value: {{ .Values.backup.s3.bucket | quote }}
- name: S3_PREFIX
value: {{ .Values.backup.s3.prefix | quote }}
- name: AWS_DEFAULT_REGION
value: {{ .Values.backup.s3.region | quote }}
- name: AWS_ENDPOINT_URL
value: {{ .Values.backup.s3.endpointUrl | quote }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "gitea.secretName" . | quote }}
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "gitea.secretName" . | quote }}
key: aws-secret-access-key
volumeMounts:
- name: gitea-files-backup
mountPath: /backup
resources:
{{- toYaml .Values.backup.giteaFiles.resources | nindent 12 }}
{{- end }}
volumes:
- name: gitea-data
persistentVolumeClaim:
claimName: {{ include "gitea.giteaPvcName" . | quote }}
{{- if and .Values.backup.enabled .Values.backup.giteaFiles.enabled (eq (default "sidecar" .Values.backup.giteaFiles.mode) "sidecar") }}
- name: gitea-files-backup
emptyDir: {}
{{- end }}