It sets up a persistent data volume for the MySQL database, one for the Gitea data, that Gitea calls the custom folder (config, attachment, avatars, logs, etc). We mount that persistent data volume as /data/gitea. It also creates a Let's Encrypt certificate for gitea.kosmos.org, also saved to the custom folder.
This also includes two scripts:
./script/get_secrets downloads the secrets to the local filesystem so they can be edited
./script/replace_secrets deletes the remote secrets and creates them again from the local ones in kubernetes/config/*