klaster/apps/gitea.yaml

---
apiVersion: v1
kind: Namespace
metadata:
  name: gitea
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: gitea-charts
  namespace: gitea
spec:
  interval: 24h
  url: https://dl.gitea.com/charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: gitea
  namespace: gitea
spec:
  interval: 30m
  chart:
    spec:
      chart: gitea
      version: 10.6.0
      sourceRef:
        kind: HelmRepository
        name: gitea-charts
        namespace: gitea
      interval: 12h
  values:
    postgresql-ha:
      enabled: false

    postgresql:
      enabled: true
      primary:
        persistence:
          enabled: true
          storageClass: mayastor-single-hdd
        resources:
          requests:
            cpu: 0

    redis-cluster:
      enabled: false

    redis:
      enabled: true
      master:
        persistence:
          enabled: true
          storageClass: mayastor-single-hdd
        resources:
          requests:
            cpu: 0

    persistence:
      enabled: true
      storageClass: mayastor-single-hdd

    image:
      tag: 1.23.3

    gitea:
      config:
        database:
          DB_TYPE: postgres
        indexer:
          ISSUE_INDEXER_TYPE: bleve
          REPO_INDEXER_ENABLED: true
      admin:
        username: GiteaAdmin
        email: gi@tea.com
        passwordMode: initialOnlyRequireReset

    service:
      ssh:
        annotations:
          lbipam.cilium.io/sharing-key: gitea
          lbipam.cilium.io/sharing-cross-namespace: nginx-ingress-controller
          lbipam.cilium.io/ips: 10.44.0.0,2001:470:61a3:400::1
        type: LoadBalancer
        port: 22
        # Requirement for sharing ip with other service
        externalTrafficPolicy: Cluster
        ipFamilyPolicy: RequireDualStack

    ingress:
      enabled: true
      className: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt
        acme.cert-manager.io/http01-edit-in-place: "true"
      hosts:
        - host: gitea.lumpiasty.xyz
          paths:
            - path: /
              pathType: Prefix
      tls:
        - hosts:
            - gitea.lumpiasty.xyz
          secretName: gitea-ingress

    resources:
      requests:
        cpu: 0

    initContainers:
      resources:
        requests:
          cpu: 0
---
apiVersion: k8up.io/v1
kind: Schedule
metadata:
  name: gitea-backup
  namespace: gitea
spec:
  backend:
    # Manually adding secrets for now
    repoPasswordSecretRef:
      name: restic-repo
      key: password
    s3:
      endpoint: https://s3.eu-central-003.backblazeb2.com
      bucket: lumpiasty-backups
      accessKeyIDSecretRef:
        name: backblaze
        key: keyid
      secretAccessKeySecretRef:
        name: backblaze
        key: secret
  backup:
    schedule: "@daily-random"
    failedJobsHistoryLimit: 2
    successfulJobsHistoryLimit: 2
  check:
    schedule: "@daily-random"
  prune:
    schedule: "@daily-random"
    retention:
      keepLast: 14
      keepDaily: 14
      keepWeekly: 50
      keepYearly: 10