moving everything to active or retired vs incubating and graduated

active/kubernetes_gitea/gitea-staging-values.yaml

@@ -0,0 +1,75 @@
+image:
+  tag: 1.21.4
+
+ingress:
+  enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.org/client-max-body-size: "0"
+  hosts:
+    - host: gitea-staging.reeseapps.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+  - hosts:
+    - gitea-staging.reeseapps.com
+    secretName: gitea-staging-tls-cert
+
+persistence:
+  enabled: true
+  create: true
+  storageClass: zfs-iscsi-enc0
+  claimName: data-gitea-staging-0
+  annotations:
+    "helm.sh/resource-policy": keep
+
+global:
+  storageClass: zfs-iscsi-enc1
+
+postgresql:
+  enabled: true
+  image:
+    tag: 15
+  primary:
+    persistence:
+      enabled: true
+      storageClass: zfs-iscsi-enc1
+      annotations:
+        "helm.sh/resource-policy": keep
+
+postgresql-ha:
+  enabled: false
+
+gitea:
+  admin:
+    existingSecret: gitea-admin-secret
+  config:
+    service:
+      DISABLE_REGISTRATION: true
+
+service:
+  ssh:
+    port: 22
+    type: ClusterIP
+
+redis-cluster:
+  enabled: true
+  image:
+    tag: 7.2
+
+deployment:
+  tolerations:
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationSeconds: 1
+    - key: "node.kubernetes.io/not-ready"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationSeconds: 1
+
+strategy:
+  type: Recreate

active/kubernetes_gitea/gitea-values.yaml

@@ -0,0 +1,86 @@
+image:
+  tag: 1.22
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.org/client-max-body-size: "0"
+    apiVersion: networking.k8s.io/v1
+    nginx.ingress.kubernetes.io/stream-snippet: |
+      server {
+        listen 22;
+        proxy_pass [::]:22;
+      }
+  hosts:
+    - host: gitea.reeseapps.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+  - hosts:
+    - gitea.reeseapps.com
+    secretName: gitea-tls-cert
+
+persistence:
+  enabled: true
+  create: true
+  claimName: data-gitea-0
+  annotations:
+    "helm.sh/resource-policy": keep
+
+postgresql:
+  enabled: true
+  image:
+    tag: 15
+  primary:
+    persistence:
+      enabled: true
+      annotations:
+        "helm.sh/resource-policy": keep
+
+postgresql-ha:
+  enabled: false
+
+gitea:
+  admin:
+    existingSecret: gitea-admin-secret
+  config:
+    service:
+      DISABLE_REGISTRATION: true
+    server:
+      SSH_PORT: 22
+      SSH_DOMAIN: git.reeseapps.com
+
+service:
+  ssh:
+    port: 22
+    type: LoadBalancer
+    externalTrafficPolicy: Local
+    ipFamilyPolicy: SingleStack
+    ipFamilies: ["IPv6"]
+    annotations:
+      metallb.universe.tf/address-pool: "external"
+      external-dns.alpha.kubernetes.io/hostname: git.reeseapps.com
+
+
+redis-cluster:
+  enabled: false
+  image:
+    tag: 7.2
+
+deployment:
+  tolerations:
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationSeconds: 1
+    - key: "node.kubernetes.io/not-ready"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationSeconds: 1
+
+strategy:
+  type: Recreate

active/kubernetes_gitea/gitea.md

@@ -0,0 +1,128 @@
+# Gitea
+
+- [Gitea](#gitea)
+  - [Staging](#staging)
+  - [Install](#install)
+  - [Backup and Restore](#backup-and-restore)
+  - [Gitea Runners](#gitea-runners)
+    - [Install](#install-1)
+    - [Cache Cleanup](#cache-cleanup)
+
+Gitea provides a helm chart [here](https://gitea.com/gitea/helm-chart/). We're not
+going to modify much, but we are going to solidify some of the default values in case
+they decide to change things. This is the first chart (besides ingress-nginx) where
+we need to pay attention to the MetalLB annotation. This has been set in the values.yaml
+file.
+
+## Staging
+
+There is a `gitea-staging.yaml` file with staging values. This should be installed in
+the `gitea-staging` namespace. Follow the instructions below, but replace the `gitea`
+namespace with `gitea-staging`. Staging is useful for testing major release upgrades,
+especially since Gitea tends to change how `values.yaml` is structured.
+
+## Install
+
+First we need to create the gitea admin secret
+
+```bash
+kubectl create namespace gitea
+kubectl create secret generic gitea-admin-secret \
+    -n gitea \
+    --from-literal=username='gitea-admin' \
+    --from-literal=password="$(pwgen -c -s 64 | head -n 1)" \
+    --from-literal=email=''
+```
+
+```bash
+helm repo add gitea-charts https://dl.gitea.io/charts/
+helm repo update
+helm upgrade --install \
+    gitea \
+    gitea-charts/gitea \
+    --values active/kubernetes_gitea/gitea-values.yaml \
+    --namespace gitea \
+    --create-namespace
+```
+
+## Backup and Restore
+
+If you need to backup your database you can run:
+
+```bash
+# Backup
+kubectl exec -it -n gitea gitea-postgresql-0 -- \
+    pg_dump \
+    --no-owner \
+    --dbname=postgresql://gitea:gitea@localhost:5432 > gitea_backup.db
+
+# Take gitea down to zero pods
+kubectl scale statefulset gitea --replicas 0
+
+# Drop the existing database
+kubectl exec -it -n gitea gitea-postgresql-0 -- psql -U gitea
+
+\c postgres;
+drop database gitea;
+CREATE DATABASE gitea WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
+exit
+
+# restore from backup
+kubectl exec -it -n gitea gitea-postgresql-0 -- \
+    psql \
+    postgresql://gitea:gitea@localhost:5432 gitea < gitea_backup.db
+
+# Restore gitea to 1 pod
+kubectl scale statefulset gitea --replicas 1
+```
+
+## Gitea Runners
+
+<https://docs.gitea.com/next/usage/actions/act-runner/#install-with-the-docker-image>
+
+### Install
+
+```bash
+touch config.yaml
+
+# Add `-e CONFIG_FILE=/config.yaml` to mount a config file
+
+docker run \
+    -v $PWD/config.yaml:/config.yaml \
+    -v $PWD/data:/data \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -e GITEA_INSTANCE_URL=https://gitea.reeseapps.com \
+    -e GITEA_RUNNER_REGISTRATION_TOKEN=m8ZJGE5yEys6oC0trni1o2CkKrmufTnI7dxXZfIi \
+    -e GITEA_RUNNER_NAME=kube_runner \
+    -e GITEA_RUNNER_LABELS="ubuntu-latest:docker://catthehacker/ubuntu:act-latest", \
+    --restart always \
+    --name kube_runner \
+    -d gitea/act_runner:latest
+```
+
+### Cache Cleanup
+
+Each org or project with a package registry will have its own cleanup rules. For example,
+services -> settings -> Packages -> Add Cleanup Rule will allow you to create a cleanup
+rule for packages stored under the "services" org. These cleanup rules should run automatically.
+
+On the other hand, the docker builder cache will balloon out of control over time. The gitea
+docker runner is handled outside of Gitea's context, so you'll need to clean it up yourself.
+
+```bash
+# Check used system resources
+docker system df
+```
+
+You should run something like this on a schedule:
+
+```bash
+# Prune the builder cache
+docker builder prune -a
+```
+
+To run it every day at midnight: `crontab -e`
+
+```bash
+0 0 * * * yes | docker builder prune -a
+```