Skip to content

[in-progress] migrate: gitea-dev #1181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
uni-kakurenbo wants to merge 1 commit into
base: main
Choose a base branch
from
+269 −0
Draft

[in-progress] migrate: gitea-dev #1181

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions gitea-dev/certificate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-dev

spec:
issuerRef:
kind: ClusterIssuer
name: dns-cluster-issuer
secretName: gitea-dev-tls
duration: 2160h0m0s # 90d
renewBefore: 720h0m0s # 30d
dnsNames:
- git-dev.trapti.tech
99 changes: 99 additions & 0 deletions gitea-dev/config/app.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
APP_NAME = traP Gitea Develop
RUN_MODE = prod
WORK_PATH = /data/gitea

[repository]
ROOT = /data/git/repositories
DISABLED_REPO_UNITS = repo.wiki

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH = /data/gitea
DOMAIN = git-dev.trapti.tech
SSH_DOMAIN = git-dev.trapti.tech
HTTP_PORT = 3000
ROOT_URL = https://git-dev.trapti.tech/
DISABLE_SSH = false
SSH_PORT = 2200
SSH_LISTEN_PORT = 2200
Comment on lines +22 to +23
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

devは2222が正しいです

Suggested change
SSH_PORT = 2200
SSH_LISTEN_PORT = 2200
SSH_PORT = 2222
SSH_LISTEN_PORT = 2222

LFS_START_SERVER = true
START_SSH_SERVER = true

[database]
PATH = /data/gitea/gitea.db
DB_TYPE = mysql
HOST = private.kmbk.tokyotech.org:33060
NAME = service_gitea_dev
USER = service_gitea_dev
LOG_SQL = false

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions

[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars

[attachment]
PATH = /data/gitea/attachments
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ここはS3に投げてるみたいです

Suggested change
PATH = /data/gitea/attachments
STORAGE_TYPE = minio


[log]
MODE = console
LEVEL = Debug
ROOT_PATH = /data/gitea/log

[security]
INSTALL_LOCK = true
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
REVERSE_PROXY_AUTHENTICATION_EMAIL = X-Forwarded-User-Email
REVERSE_PROXY_AUTHENTICATION_USER = X-Forwarded-User

[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = true
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true
NO_REPLY_ADDRESS = trap.jp
ENABLE_REVERSE_PROXY_EMAIL = true
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ORG_MEMBER_VISIBLE = true
ENABLE_NOTIFY_MAIL = true
ENABLE_BASIC_AUTHENTICATION = false

[lfs]
STORAGE_TYPE = minio
MINIO_ENDPOINT = s3.ap-northeast-1.wasabisys.com
MINIO_BUCKET = trap-gitea-dev
MINIO_LOCATION = ap-northeast-1
MINIO_USE_SSL = true
MINIO_CHECKSUM_ALGORITHM = md5
Comment on lines +74 to +78
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

この辺の設定は[storage.minio]セクションにあるべきです。

Suggested change
MINIO_ENDPOINT = s3.ap-northeast-1.wasabisys.com
MINIO_BUCKET = trap-gitea-dev
MINIO_LOCATION = ap-northeast-1
MINIO_USE_SSL = true
MINIO_CHECKSUM_ALGORITHM = md5
[storage.minio]
MINIO_ENDPOINT = s3.ap-northeast-1.wasabisys.com
MINIO_BUCKET = trap-gitea-dev
MINIO_LOCATION = ap-northeast-1
MINIO_USE_SSL = true
MINIO_CHECKSUM_ALGORITHM = md5


[actions]
DEFAULT_ACTIONS_URL = github

[openid]
ENABLE_OPENID_SIGNIN = false

[default]
APP_NAME = traP Git Develop

[mailer]
ENABLED = true

[metrics]
ENABLED = true

[oauth2]
ENABLED = false

[admin]
USER_DISABLED_FEATURES = deletion,change_username,change_full_name
48 changes: 48 additions & 0 deletions gitea-dev/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: gitea-dev
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

この辺の名前から -dev を削除して欲しいです。(本番環境との設定との差異は内容だけにしたいため)

Suggested change
app: gitea-dev
app: gitea

name: gitea-dev
spec:
replicas: 1
selector:
matchLabels:
app: gitea-dev
strategy:
type: Recreate
template:
metadata:
labels:
app: gitea-dev
spec:
containers:
- env:
- name: USER_GID
value: "996"
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1002が正しいようです。該当箇所

Suggested change
value: "996"
value: "1002"

- name: USER_UID
value: "996"
image: gitea-latest
name: gitea-dev
ports:
- containerPort: 3000
protocol: TCP
- containerPort: 2200
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2222番が正しいです
また、IngressはL7ロードバランサーで、http/httpsしかルーティングできないので、こういう書き方をしてホストのポートに直接アタッチする必要があります。

Suggested change
- containerPort: 2200
- containerPort: 2222
hostPort: 2222

protocol: TCP
volumeMounts:
- name: gitea-dev-storage
mountPath: /data
- name: gitea-dev-config
mountPath: /app.ini
restartPolicy: Always
volumes:
- name: gitea-dev-storage
persistentVolumeClaim:
claimName: gitea-dev
- name: gitea-dev-config
configMap:
name: gitea-dev
items:
- key: app.ini
path: app.ini
mode: 0666
20 changes: 20 additions & 0 deletions gitea-dev/ingress-route.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-dev
spec:
entryPoints:
- websecure
tls:
secretName: gitea-dev-tls
routes:
- kind: Rule
match: Host(`git-dev.trapti.tech`)
services:
- name: gitea-dev
port: 3000
- kind: Rule
match: Host(`git-dev.trapti.tech`)
services:
- name: gitea-dev
port: 2200
Comment on lines +16 to +20
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ここは必要ないです

11 changes: 11 additions & 0 deletions gitea-dev/ksops.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: ksops
annotations:
config.kubernetes.io/function: |
exec:
path: ksops

files:
- ./secrets/gitea-dev.yaml
19 changes: 19 additions & 0 deletions gitea-dev/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
resources:
- certificate.yaml
- deployment.yaml
- ingress-route.yaml
- service.yaml
- volume-storage.yaml

images:
- name: gitea-latest
newName: ghcr.io/traptitech/gitea
newTag: latest

generators:
- ksops.yaml

configMapGenerator:
- name: gitea-dev
files:
- ./config/app.ini
29 changes: 29 additions & 0 deletions gitea-dev/secrets/gitea-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-dev-secret
annotations:
kustomize.config.k8s.io/needs-hash: "true"
stringData:
GITEA__server__LFS_JWT_SECRET: ENC[AES256_GCM,data:lpP9yggfBU7C953tI4HmPQK1Omcr9dXl2A2NlJQI8r0whJ3ZnXp4pf1QJw==,iv:BesPX2oosSwRZfMtTh1NGf7jjH4GtAqV71Xfg0Oybeg=,tag:SfawB+hlcXFJMr/FKOQ6NA==,type:str]
GITEA__database__PASSWD: ENC[AES256_GCM,data:mSj8U7fT8E/WFwvDL+zTaaAAYlEJmFTYgWfh6PoxJnw=,iv:9UvWElMtEenTWDX80TWSTfAQ+86zmcGn//FviUc9qUM=,tag:TV3Y3B/Pcr3+W26/SFF1nw==,type:str]
GITEA__security__SECRET_KEY: ENC[AES256_GCM,data:oTRNt/52ZU24qYovNxBBkOJFeMChUa5kWerOXorhoyIQFKBU9YNMTtXizTKuCnGyA7pmr0Ak79XUKxh6fakqVg==,iv:UidGRaAbbamad7m8WTwsnpGDykRya8XBDWHDqZ0lqq0=,tag:Yk5Hr5AV8Ak7c1fZoc8vdQ==,type:str]
GITEA__security__INTERNAL_TOKEN: ENC[AES256_GCM,data:8nVJclrXNVcj4bzsM0sTeXgWS0efcCcX/7s/6NQXKZ2mXVqpTIRQ8VO4AZGNxouOyHv1uApRJQjBMnsIXqCZvlSttTWGGZTmbdeww6Q1MLf9M5om1u1XngzC4uKkr/SlZxHizGodRPcK,iv:BRGnwEe2pPdtHZebpIWbg0H6W08UT6TP8LLZmBSH9UY=,tag:yAfQqOIvjZtFoFWXFFByKQ==,type:str]
GITEA__lfs__MINIO_ACCESS_KEY_ID: ENC[AES256_GCM,data:JhkdKHZsI3BPhVVNZo2WPL0Hqqg=,iv:izcJl5Y465qys/ujRTzHr7Xzoi+XzL3MNVscQ2y3AMY=,tag:hLdo4ZpeEwg9ECJj3cXPcw==,type:str]
GITEA__lfs__MINIO_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:AAyFxipxE3fk3QJ8hbLLw9RBHg4Yy0Z0vZsKF9jJaiUQOVTu//pREg==,iv:gU1/eUj8ugWjvPZvncNCtoPfsC+USwSfFOVvZrkPUdQ=,tag:6dXKZ5+EQ+mCXxnI/VwfGw==,type:str]
Comment on lines +12 to +13
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

これは[storage.minio]セクションにあるべきです。環境変数だとどうなるのか調べたところ、GITEA__storage_0X2E_minio__MINIO_ACCESS_KEY_IDと書くらしいです。わかりにくい...😢
Secretのファイルを編集したあとは再暗号化をお願いします🙏

参考

GITEA__oauth2__JWT_SECRET: ENC[AES256_GCM,data:wTtle6sapYVRfenjnuXlEU40yDu0luwya6a0xI/aZ2xNSn/ho3LeN+H8Hg==,iv:zoia7oqPPCIztz+dOqQnIG6j/Ng19vng9xegy9IiZZ0=,tag:K2OTdsuQlvCxL+oL6L5jBw==,type:str]
sops:
age:
- recipient: age156red4ptw5huzpwlfnrukg4htuucdweu9jg8usjz98ggmeyedces3xqplq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VElFWXRQM29VVDJtbHRn
UGFQcGxYRCtndnloODBmQ1dodHlSK244SDNJClJvK1k1bThnTS9CaG1yWUlLSi9m
enUxdHE5UERub25sdzBmMlF6VTM2d2cKLS0tIE96SDlpTlRnL043U2lMM3NZTVJz
Ky9xckxxNGtZd0Y3R2FCQ3NVdlFhQkEK81ftmIE1ly0qWcrcNGiXmB+vsqP/YfzL
cc2aIjkSgUaRQOoXusQMLsnXmYqsWKMWG9MP/exSgjvoWJerkUlTsQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-24T11:05:31Z"
mac: ENC[AES256_GCM,data:1NucylRUClTDhUTtZdzIvNAUXV7nmlLjtDCEusfDCeyTy48VE6KZz+spP8cCa3J9CIdIiu1n6LGuXqtZhVeFOvc4TQN2zQiYaqU+si+nEbmqLIUSM+m/w6ht/15QezYSlKmt1bNH2jp++0NXis3kfWnE4Y/Uo06O+xyD7HRwOlQ=,iv:+YTnp0vw8b525g41zziD5u2SA7tm0EPeEJRU8lXpc8g=,tag:RGvyG5oBkIAsW1r/R+Dbuw==,type:str]
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.10.2
16 changes: 16 additions & 0 deletions gitea-dev/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: gitea-dev
name: gitea-dev
spec:
ports:
- name: "3000"
port: 3000
targetPort: 3000
- name: "2200"
port: 2200
targetPort: 2200
Comment on lines +12 to +14
Copy link
Collaborator

@Kentaro1043 Kentaro1043 Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ここは必要ないです

Suggested change
- name: "2200"
port: 2200
targetPort: 2200

selector:
app: gitea-dev
13 changes: 13 additions & 0 deletions gitea-dev/volume-storage.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app: gitea-dev-storage
name: gitea-dev-storage
spec:
resources:
requests:
storage: 100Mi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
Loading