limbosolutions.com/git.limbosolutions.com
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

moved from docker to kubernetes (k3s)

Browse Source
This commit is contained in:
Márcio Fernandes
2025-03-02 01:31:25 +00:00
parent 8fa698bd76
commit 0b67357d6b
10 changed files with 274 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitignore vendored
View File

@@ -1,7 +1,4 @@
tmp
**.env
_volumes
_volumes
.vscode
*.env
*.env.d/*
localSettings/
**.private.**
**.local.**

49
README.md
View File

@@ -2,51 +2,14 @@
Welcome to public repository of my [Git Server](https://git.limbosolutions.com)
Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server and [duplicati](https://git.limbosolutions.com/kb/duplicati) for backups.
Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
- [Requirements](#requirements)
- [Setup](#setup)
- [Backup and Restore](#backup-and-restore)
- [Duplicati - git job Options](#duplicati---git-job-options)
- [Restore Database](#restore-database)
- [Git Action](#git-action)
- [runners](#runners)
- [lxc container - proxmox](#lxc-container---proxmox)
- [act tunner](#act-tunner)
## gitea helm chart
## Requirements
- Docker
- Docker Compose
- Portainer (optional)
## Setup
[Docker Compose File](docker-compose.yaml)
## Backup and Restore
Using [custom duplicati image](https://git.limbosolutions.com/kb/duplicati) to daily backups files and database with custom logs for grafana.
Docker Log.
--run-script-after=dockerlog
### Duplicati - git job Options
Create db dump.
run-script-before-required:duplicati-mysql-backup
### Restore Database
```bash
#select a file to import
ls /db-dumps
#select a file to import
DB_FILE= "file name to import"
mysql --host db -uroot -p ${MYSQL_DATABASE} < /db-dumps/$DB_FILE
#root password (root password is the enviromnent variable ${MYSQL_ROOT_PASSWORD})
``` yaml
helm repo add gitea-charts https://dl.gitea.com/charts/
helm repo update
helm upgrade --install gitea gitea-charts/gitea -f ./values.yaml -f ./values.private.yml --namespace=git-limbosolutions-com
```
## Git Action

101
backup/backup-cronjob.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: gitea-backup
namespace: git-limbosolutions-com
spec:
schedule: "0 1 * * *"
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
restartPolicy: Never
initContainers:
- name: postgres-export
image: postgres:latest
command: ["sh", "-c"]
args:
- |
echo "INFO: Starting export"
. /run/database-access-secret/database
export PGPASSWORD=$PASSWD
echo "INFO: Exporting database"
pg_dump -h gitea-postgresql.git-limbosolutions-com.svc.cluster.local -U $USER -d $NAME > /data/postgresql-export/db_backup.sql
if [ $? -ne 0 ]; then
echo "ERROR: Exporting database failed"
exit 1
fi
echo "INFO: Exporting database finished"
volumeMounts:
- name: db-postgresql-data
mountPath: /var/lib/postgresql/data
- name: backup-run-data
mountPath: /data/postgresql-export
subPath: postgresql-export
- name: database-access-secret
mountPath: /run/database-access-secret
readOnly: true
containers:
- name: gitea-pbs-client
image: git.limbosolutions.com/kb/pbsclient
env:
- name: MODE
value: shell
- name: PBS_REPOSITORY
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: PBS_REPOSITORY
- name: PBS_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: PBS_PASSWORD
- name: PBS_FINGERPRINT
valueFrom:
secretKeyRef:
name: gitea-backup-secret
key: PBS_FINGERPRINT
command: ["bash", "-c"]
args:
- |
proxmox-backup-client backup gitea-data.pxar:/data/gitea-data postgresql-data.pxar:/data/postgresql-data postgresql-export.pxar:/data/postgresql-export --include-dev /data/postgresql-data --include-dev /data/postgresql-export --include-dev /data/gitea-data --backup-id "gitea-full" -ns git.limbosolutions.com
echo "INFO: git.limbosolutions.com finished"
volumeMounts:
- name: gitea-shared-storage
mountPath: /data/gitea-data
- name: db-postgresql-data
mountPath: /data/postgresql-data
- name: backup-run-data
mountPath: /data/postgresql-export
subPath: postgresql-export
- name: backup-run-data
mountPath: /tmp
subPath: tmp
volumes:
- name: gitea-shared-storage
persistentVolumeClaim:
claimName: gitea-shared-storage
- name: db-postgresql-data
persistentVolumeClaim:
claimName: data-gitea-postgresql-0
- name: backup-run-data
emptyDir: {}
- name: database-access-secret
secret:
secretName: gitea-inline-config

8
backup/gitea-backup-secret-deploy.sh Executable file
View File

@@ -0,0 +1,8 @@
#/bin/bash
# set source env variables
. ./.env
export $(cut -d= -f1 ./.env)
envsubst < secret.yaml | kubectl apply -f -

14
backup/gitea-backup-secret.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Secret
metadata:
name: gitea-backup-secret
namespace: git-limbosolutions-com
data:
PBS_REPOSITORY: ${PBS_REPOSITORY}
PBS_PASSWORD: ${PBS_PASSWORD}
PBS_FINGERPRINT: ${PBS_FINGERPRINT}
DB_USER: ${DB_USER}
DB_PASSWORD: ${DB_PASSWORD}
DB_NAME: ${DB_NAME}
DB_HOST: ${DB_HOST}

61
docker-compose.yml
View File

@@ -1,61 +0,0 @@
version: "3"
services:
app:
image: gitea/gitea:1
container_name: git_limbosolutions_com-gitea
environment:
- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=db:3306
- GITEA__database__NAME=${DB_NAME}
- GITEA__database__USER=${DB_USER}
- GITEA__database__PASSWD=${DB_PASSWORD}
restart: unless-stopped
volumes:
- data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- gitea
- wan_reverse_proxy_public
db:
image: mysql:8
networks:
- gitea
restart: unless-stopped
environment:
- MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- MYSQL_USER=${DB_USER}
- MYSQL_PASSWORD=${DB_PASSWORD}
- MYSQL_DATABASE=${DB_NAME}
volumes:
- db:/var/lib/mysql
- /etc/timezone:/etc/timezone:ro
- db-dumps:/db-dumps:ro
duplicati:
image: git.limbosolutions.com/kb/duplicati:mysql-latest
container_name: git_limbosolutions_com-duplicati
networks:
- gitea
- wan_reverse_proxy_public
environment:
- MYSQL_HOST=db
- MYSQL_DATABASE=${DB_NAME}
- MYSQL_USER=${DB_USER}
- MYSQL_PASSWORD=${DB_PASSWORD}
- MYSQL_BACKUP_FOLDER=/bck/db-dumps
volumes:
- duplicati-data:/data
- duplicati-data:/bck/duplicati-data:ro
- data:/bck/data:ro
- db:/bck/db:ro
- db-dumps:/bck/db-dumps
restart: unless-stopped
volumes:
duplicati-data:
data:
db:
db-dumps:
networks:
gitea:
wan_reverse_proxy_public:
external: true

4
gitea/helm-up.sh Normal file
View File

@@ -0,0 +1,4 @@
helm upgrade --install gitea gitea-charts/gitea \
-f ./values.yaml \
-f ./values.private.yml \
--namespace=git-limbosolutions-com

17
gitea/ssh-ingress.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: git-limbosolutions-com-ssh-ingress
namespace: git-limbosolutions-com
spec:
entryPoints:
- ssh-git
routes:
- match: HostSNI(`*`)
services:
- name: gitea-ssh
port: 2222
weight: 10
terminationDelay: 90000
proxyProtocol:
version: 1

114
gitea/values.yaml Normal file
View File

@@ -0,0 +1,114 @@
image:
registry: ""
repository: gitea/gitea
imagePullPolicy: Always
tag: "1"
redis-cluster:
enabled: false
redis:
enabled: true
postgresql:
enabled: true
global:
postgresql:
auth:
postgresPassword: "???"
password: "???"
database: "???"
username: "???"
service:
ports:
postgresql: "???"
primary:
persistence:
size: 10Gi
metrics:
enabled: true
postgresql-ha:
enabled: false
persistence:
enabled: true
service:
ssh:
enabled: true
port: 2222
annotations:
metallb.universe.tf/allow-shared-ip: test
gitea:
admin:
username: "???"
password: "???"
email: "???"
config:
actions:
ENABLED: true
database:
DB_TYPE: postgres
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
picture:
AVATAR_UPLOAD_PATH: /data/avatars
server:
DOMAIN: git.limbosolutions.com
SSH_DOMAIN: git.limbosolutions.com
#HTTP_PORT: 3000
ROOT_URL: https://git.limbosolutions.com
DISABLE_SSH: false
SSH_PORT: 2222
SSH_LISTEN_PORT: 2222
LFS_START_SERVER: true
START_SSH_SERVER: true
LFS_PATH: /data/git/lfs
#LFS_JWT_SECRET: "???"
OFFLINE_MODE: false
#MFF 03/08/2024
REPO_INDEXER_ENABLED: true
REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576
REPO_INDEXER_INCLUDE:
REPO_INDEXER_EXCLUDE: resources/bin/**
####
SERVICE:
DISABLE_REGISTRATION: true
REQUIRE_SIGNIN_VIEW: false
REGISTER_EMAIL_CONFIRM: false
ENABLE_NOTIFY_MAIL: false
ALLOW_ONLY_EXTERNAL_REGISTRATION: false
ENABLE_CAPTCHA: true
DEFAULT_KEEP_EMAIL_PRIVATE : false
DEFAULT_ALLOW_CREATE_ORGANIZATION: true
DEFAULT_ENABLE_TIMETRACKING: true
NO_REPLY_ADDRESS: noreply.localhost
mailer:
ENABLED: false
openid:
ENABLE_OPENID_SIGNIN: true
ENABLE_OPENID_SIGNUP: true
ingress:
enabled: true
className: traefik
annotations:
kubernetes.io/ingress.class: traefik
hosts:
- host: git.limbosolutions.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: limbosolutions-com-secret-tls
hosts:
- "git.limbosolutions.com"

6
namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: git-limbosolutions-com
labels:
name: git-limbosolutions-com