# ================================ # FORGEJO - SELF-HOSTED GIT # https://forgejo.org/ # ================================ --- apiVersion: v1 kind: Secret metadata: name: forgejo-db-secret type: Opaque stringData: POSTGRES_USER: forgejo POSTGRES_PASSWORD: changeMePleaseOtherwiseSomeoneWillKnow POSTGRES_DB: forgejo --- apiVersion: apps/v1 kind: Deployment metadata: name: forgejo-postgres labels: app: forgejo-postgres spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: forgejo-postgres template: metadata: labels: app: forgejo-postgres spec: containers: - name: postgres image: postgres:16-alpine ports: - containerPort: 5432 env: - name: PGDATA value: /var/lib/postgresql/data/pgdata envFrom: - secretRef: name: forgejo-db-secret volumeMounts: - name: forgejo-db-data mountPath: /var/lib/postgresql/data volumes: - name: forgejo-db-data persistentVolumeClaim: claimName: forgejo-db-pvc --- apiVersion: v1 kind: Service metadata: name: forgejo-postgres spec: selector: app: forgejo-postgres ports: - port: 5432 targetPort: 5432 # ------------------------- # FORGEJO APP # ------------------------- --- apiVersion: apps/v1 kind: Deployment metadata: name: forgejo labels: app: forgejo spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: forgejo template: metadata: labels: app: forgejo spec: initContainers: - name: fix-permissions image: busybox command: ["sh", "-c", "chown -R 1000:1000 /data"] volumeMounts: - name: forgejo-data mountPath: /data containers: - name: forgejo image: codeberg.org/forgejo/forgejo:10 ports: - containerPort: 3000 name: http - containerPort: 22 name: ssh env: - name: FORGEJO__server__DOMAIN value: git.juntekim.com - name: FORGEJO__server__ROOT_URL value: https://git.juntekim.com - name: FORGEJO__server__HTTP_PORT value: "3000" - name: FORGEJO__server__SSH_PORT value: "2222" - name: FORGEJO__server__SSH_DOMAIN value: git.juntekim.com - name: FORGEJO__database__DB_TYPE value: postgres - name: FORGEJO__database__HOST value: forgejo-postgres:5432 - name: FORGEJO__database__NAME valueFrom: secretKeyRef: name: forgejo-db-secret key: POSTGRES_DB - name: FORGEJO__database__USER valueFrom: secretKeyRef: name: forgejo-db-secret key: POSTGRES_USER - name: FORGEJO__database__PASSWD valueFrom: secretKeyRef: name: forgejo-db-secret key: POSTGRES_PASSWORD - name: FORGEJO__security__INSTALL_LOCK value: "true" volumeMounts: - name: forgejo-data mountPath: /data - name: backup image: python:3-alpine env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: forgejo-backup-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: forgejo-backup-secret key: AWS_SECRET_ACCESS_KEY - name: AWS_DEFAULT_REGION value: eu-west-2 command: - /bin/sh - -c - | apk add --no-cache dcron aws-cli echo "0 2 * * 0 TIMESTAMP=\$(date +\%Y-\%m-\%d) && tar -czf - /data | aws s3 cp - s3://juntekim-git-backup/repos/forgejo-backup-\${TIMESTAMP}.tar.gz" | crontab - crond -f -l 2 volumeMounts: - name: forgejo-data mountPath: /data readOnly: true volumes: - name: forgejo-data persistentVolumeClaim: claimName: forgejo-pvc --- apiVersion: v1 kind: Service metadata: name: forgejo spec: selector: app: forgejo ports: - name: http port: 3000 targetPort: 3000 --- # SSH exposed via LoadBalancer on port 2222 (MetalLB) apiVersion: v1 kind: Service metadata: name: forgejo-ssh annotations: metallb.io/allow-shared-ip: traefik spec: type: LoadBalancer selector: app: forgejo ports: - name: ssh port: 2222 targetPort: 22 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: forgejo-ingressroute spec: entryPoints: - websecure routes: - match: Host(`git.juntekim.com`) kind: Rule services: - name: forgejo port: 3000 tls: certResolver: myresolver domains: - main: git.juntekim.com