#!/bin/bash set -e export KUBECONFIG=/etc/rancher/k3s/k3s.yaml echo "=== Installing Gitea via manifests ===" cat <<'EOF' | kubectl apply -f - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitea-data namespace: gitea spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi --- apiVersion: v1 kind: ConfigMap metadata: name: gitea-config namespace: gitea data: app.ini: | APP_NAME = GooSeek Git RUN_MODE = prod [server] DOMAIN = git.gooseek.ru ROOT_URL = https://git.gooseek.ru/ HTTP_PORT = 3000 SSH_PORT = 22 SSH_DOMAIN = git.gooseek.ru [database] DB_TYPE = sqlite3 PATH = /data/gitea/gitea.db [security] INSTALL_LOCK = true SECRET_KEY = $(openssl rand -hex 32) [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = false --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea namespace: gitea spec: replicas: 1 selector: matchLabels: app: gitea template: metadata: labels: app: gitea spec: containers: - name: gitea image: gitea/gitea:1.22 ports: - containerPort: 3000 name: http - containerPort: 22 name: ssh volumeMounts: - name: data mountPath: /data - name: config mountPath: /data/gitea/conf env: - name: GITEA__database__DB_TYPE value: sqlite3 - name: GITEA__database__PATH value: /data/gitea/gitea.db - name: GITEA__server__DOMAIN value: git.gooseek.ru - name: GITEA__server__ROOT_URL value: https://git.gooseek.ru/ - name: GITEA__security__INSTALL_LOCK value: "false" resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" volumes: - name: data persistentVolumeClaim: claimName: gitea-data - name: config configMap: name: gitea-config --- apiVersion: v1 kind: Service metadata: name: gitea namespace: gitea spec: selector: app: gitea ports: - port: 3000 targetPort: 3000 name: http - port: 22 targetPort: 22 name: ssh --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitea-ingress namespace: gitea annotations: cert-manager.io/cluster-issuer: letsencrypt-prod spec: ingressClassName: nginx tls: - hosts: - git.gooseek.ru secretName: gitea-tls rules: - host: git.gooseek.ru http: paths: - path: / pathType: Prefix backend: service: name: gitea port: number: 3000 EOF echo "=== Installing Docker Registry ===" cat <<'EOF' | kubectl apply -f - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: registry-pvc namespace: gooseek spec: accessModes: - ReadWriteOnce resources: requests: storage: 20Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: registry namespace: gooseek spec: replicas: 1 selector: matchLabels: app: registry template: metadata: labels: app: registry spec: containers: - name: registry image: registry:2 ports: - containerPort: 5000 volumeMounts: - name: registry-data mountPath: /var/lib/registry env: - name: REGISTRY_STORAGE_DELETE_ENABLED value: "true" resources: requests: memory: "64Mi" cpu: "50m" limits: memory: "256Mi" cpu: "200m" volumes: - name: registry-data persistentVolumeClaim: claimName: registry-pvc --- apiVersion: v1 kind: Service metadata: name: registry namespace: gooseek spec: selector: app: registry ports: - port: 5000 targetPort: 5000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: registry-ingress namespace: gooseek annotations: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/proxy-body-size: "0" spec: ingressClassName: nginx tls: - hosts: - registry.gooseek.ru secretName: registry-tls rules: - host: registry.gooseek.ru http: paths: - path: / pathType: Prefix backend: service: name: registry port: number: 5000 EOF echo "=== Waiting for deployments ===" kubectl -n gitea rollout status deployment/gitea --timeout=180s || true kubectl -n gooseek rollout status deployment/registry --timeout=120s || true echo "=== Status ===" kubectl get pods -A kubectl get ingress -A kubectl get certificates -A echo "" echo "=== DONE ===" echo "Gitea: https://git.gooseek.ru (first user to register will be admin)" echo "Registry: https://registry.gooseek.ru"