# Forgejo namespace apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-namespace namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: v1 kind: Namespace metadata: name: forgejo --- # Forgejo ConfigMap apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-config namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: v1 kind: ConfigMap metadata: name: forgejo-config namespace: forgejo data: app.ini: | APP_NAME = Forgejo: Beyond coding. We forge. RUN_MODE = prod [server] DOMAIN = git.nge6.com SSH_DOMAIN = git.nge6.com HTTP_PORT = 3000 ROOT_URL = https://git.nge6.com/ DISABLE_SSH = true SSH_PORT = 2222 SSH_LISTEN_PORT = 2222 START_SSH_SERVER = false LFS_START_SERVER = true OFFLINE_MODE = false [database] DB_TYPE = sqlite3 PATH = /data/gitea/gitea.db [repository] ROOT = /data/git/repositories [security] INSTALL_LOCK = true SECRET_KEY = forgejo-secret-key-change-this-in-production-please INTERNAL_TOKEN = forgejo-internal-token-change-this-in-production-too [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false ENABLE_NOTIFY_MAIL = false [picture] DISABLE_GRAVATAR = false ENABLE_FEDERATED_AVATAR = true [openid] ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNUP = false [log] MODE = console LEVEL = Info ROOT_PATH = /data/gitea/log --- # Forgejo PVC for data persistence apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-data-pvc namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: forgejo-data namespace: forgejo spec: accessModes: - ReadWriteOnce storageClassName: civo-volume resources: requests: storage: 10Gi --- # Forgejo Deployment apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-deployment namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: apps/v1 kind: Deployment metadata: name: forgejo namespace: forgejo labels: app: forgejo spec: replicas: 1 selector: matchLabels: app: forgejo template: metadata: labels: app: forgejo spec: initContainers: - name: setup-config image: busybox:1.36 command: ['sh', '-c'] args: - | mkdir -p /data/gitea/conf /data/gitea/log /data/git/repositories /data/git/.ssh cp /tmp/app.ini /data/gitea/conf/app.ini touch /data/git/.ssh/authorized_keys chown -R 1000:1000 /data volumeMounts: - name: data mountPath: /data - name: config mountPath: /tmp containers: - name: forgejo image: codeberg.org/forgejo/forgejo:9.0.2 ports: - containerPort: 3000 name: http - containerPort: 2222 name: ssh env: - name: USER_UID value: "1000" - name: USER_GID value: "1000" resources: limits: cpu: 1000m memory: 2Gi requests: cpu: 100m memory: 512Mi volumeMounts: - name: data mountPath: /data readinessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 30 periodSeconds: 10 livenessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 60 periodSeconds: 30 volumes: - name: data persistentVolumeClaim: claimName: forgejo-data - name: config configMap: name: forgejo-config --- # Forgejo HTTP Service apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-http-service namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: v1 kind: Service metadata: name: forgejo-http namespace: forgejo labels: app: forgejo spec: selector: app: forgejo ports: - name: http port: 3000 targetPort: 3000 type: ClusterIP --- # Forgejo SSH Service apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-ssh-service namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: v1 kind: Service metadata: name: forgejo-ssh namespace: forgejo labels: app: forgejo spec: selector: app: forgejo ports: - name: ssh port: 2222 targetPort: 2222 type: LoadBalancer --- # SSL Certificate for Forgejo apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-certificate namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: forgejo-tls namespace: emissary spec: secretName: forgejo-tls issuerRef: name: letsencrypt-prod kind: ClusterIssuer dnsNames: - git.nge6.com --- # Ambassador Host for Forgejo apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-host namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: getambassador.io/v3alpha1 kind: Host metadata: name: forgejo-host namespace: emissary spec: hostname: git.nge6.com tlsSecret: name: forgejo-tls --- # Ambassador Mapping for Forgejo apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: forgejo-mapping namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: getambassador.io/v3alpha1 kind: Mapping metadata: name: forgejo-mapping namespace: emissary spec: hostname: git.nge6.com prefix: / service: https://pomerium-proxy.pomerium:443 timeout_ms: 30000 connect_timeout_ms: 10000