From 8e8d1a65e22953b13aac7f77d6815bf9a538b3cf Mon Sep 17 00:00:00 2001
From: Taqi Tahmid <mdtaqitahmid@gmail.com>
Date: Wed, 26 Feb 2025 21:24:31 +0200
Subject: [PATCH] Kubernetes_deployments: added gitea deployment

---
 Kubernetes_deployments/README.md            | 60 +++++++++++++++++++++
 Kubernetes_deployments/gitea/configMap.yaml |  8 +++
 Kubernetes_deployments/gitea/values.yaml    | 59 ++++++++++++++++++++
 3 files changed, 127 insertions(+)
 create mode 100644 Kubernetes_deployments/gitea/configMap.yaml
 create mode 100644 Kubernetes_deployments/gitea/values.yaml

diff --git a/Kubernetes_deployments/README.md b/Kubernetes_deployments/README.md
index 3787e5f..610aa8d 100644
--- a/Kubernetes_deployments/README.md
+++ b/Kubernetes_deployments/README.md
@@ -419,6 +419,66 @@ source .env
 envsubst < postgres/pgadmin.yaml | kubectl apply -n postgres -f -
 ```
 
+## Gitea Git Server
+
+Reference:
+https://gitea.com/gitea/helm-chart/
+https://docs.gitea.com/installation/database-prep
+
+Gitea is a self-hosted Git service that is deployed in the k3s cluster. The
+Gitea deployment uses existing posrgres database for data storage. The Gitea
+service is exposed via ingress and is accessible from the internet.
+
+Configure a new user, database, and schema for Gitea in the postgres database.
+
+```bash
+CREATE ROLE gitea WITH LOGIN PASSWORD 'gitea';
+
+CREATE DATABASE giteadb
+WITH OWNER gitea
+TEMPLATE template0
+ENCODING UTF8
+LC_COLLATE 'en_US.UTF-8'
+LC_CTYPE 'en_US.UTF-8';
+
+\c giteadb
+CREATE SCHEMA gitea;
+GRANT USAGE ON SCHEMA gitea TO gitea;
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA gitea TO gitea;
+ALTER SCHEMA gitea OWNER TO gitea;
+```
+
+Next, deploy the Gitea helm chart with the following values:
+
+```bash
+source .env
+kubectl create namespace gitea
+kubectl get secret wildcard-cert-secret --namespace=cert-manager -o yaml \
+  | sed 's/namespace: cert-manager/namespace: gitea/' | kubectl apply -f -
+
+# The configMap contains the app.ini file values for gitea
+kubectl apply -f gitea/configMap.yaml -n gitea
+
+helm install gitea gitea-charts/gitea -f gitea/values.yaml \
+  --namespace gitea \
+  --atomic \
+  --set ingress.hosts[0].host=$GITEA_HOST \
+  --set ingress.tls[0].hosts[0]=$DNSNAME  \
+  --set gitea.admin.username=$GITEA_USER \
+  --set gitea.admin.password=$GITEA_PASSWORD \
+  --set gitea.admin.email=$GITEA_EMAIL \
+  --set gitea.config.database.PASSWD=$POSTGRES_PASSWORD \
+  --set gitea.config.database.HOST=$POSTGRES_URL
+```
+
+To scale the gitea Runner replicas, edit the `gitea-act-runner` statefulset
+and set the replicas to the desired number.
+
+```bash
+kubectl edit statefulset gitea-act-runner -n gitea
+```
+
+
 ## Authentication Middleware Configuration for Traefik Ingress Controller
 
 The Traefik Ingress Controller provides robust authentication capabilities
diff --git a/Kubernetes_deployments/gitea/configMap.yaml b/Kubernetes_deployments/gitea/configMap.yaml
new file mode 100644
index 0000000..2092a59
--- /dev/null
+++ b/Kubernetes_deployments/gitea/configMap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitea-app-ini-plaintext
+  namespace: gitea
+data:
+  service: |
+    DISABLE_REGISTRATION = true
\ No newline at end of file
diff --git a/Kubernetes_deployments/gitea/values.yaml b/Kubernetes_deployments/gitea/values.yaml
new file mode 100644
index 0000000..f42b691
--- /dev/null
+++ b/Kubernetes_deployments/gitea/values.yaml
@@ -0,0 +1,59 @@
+gitea:
+  config:
+    database:
+      DB_TYPE: postgres
+      HOST: postgres
+      NAME: giteadb
+      USER: gitea
+      PASSWD: password
+  additionalConfigSources:
+    - configMap:
+        name: gitea-app-ini-plaintext
+  admin:
+    username: admin
+    password: password
+    email: email
+
+postgresql:
+  enabled: false
+
+postgresql-ha:
+  enabled: false
+
+redis-cluster:
+  enabled: false
+
+redis:
+  enabled: false
+
+persistence:
+  enabled: true
+  accessModes: [ "ReadWriteMany" ]
+  size: "10Gi"
+
+resources:
+  limits:
+    cpu: 1000m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 512Mi
+
+ingress:
+  enabled: true
+  hosts:
+    - host: git.example.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: wildcard-cert-secret
+      hosts:
+        - "*.example.com"
+
+actions:
+  enabled: true
+  runner:
+    replicas: 3
+  provisioning:
+    enabled: true
\ No newline at end of file