4c463adcda
This includes all the resources currently running on https://gitea.kosmos.org It sets up a persistent data volume for the MySQL database, one for the Gitea data, that Gitea calls the custom folder (config, attachment, avatars, logs, etc). We mount that persistent data volume as /data/gitea. It also creates a Let's Encrypt certificate for gitea.kosmos.org, also saved to the custom folder. This also includes two scripts: * `./script/get_secrets` downloads the secrets to the local filesystem so they can be edited * `./script/replace_secrets` deletes the remote secrets and creates them again from the local ones in kubernetes/config/* Closes #6
41 lines
1.1 KiB
Markdown
41 lines
1.1 KiB
Markdown
# gitea.kosmos.org
|
|
|
|
This repository contains configuration files and other assets, that are used to
|
|
deploy and operate this Gitea instance.
|
|
|
|
Feel free to [open issues] for questions, suggestions, bugs, to-do items, and
|
|
whatever else you want to discuss or resolve.
|
|
|
|
[open issues]: https://gitea.kosmos.org/kosmos/gitea.kosmos.org/issues
|
|
|
|
## Kubernetes
|
|
|
|
### Apply changes to resources
|
|
|
|
```
|
|
kubectl apply -f gitea-db.yaml
|
|
kubectl apply -f gitea-server.yaml
|
|
```
|
|
|
|
### Write the secrets to the local filesystem
|
|
|
|
```
|
|
./script/get_secrets
|
|
```
|
|
|
|
It writes the secrets (currently the app.ini file, as well as auto-generated
|
|
TLS certificates that are only used when no Let's Encrypt cert is available)
|
|
to the `kubernetes/config/` folder. These files are not in Git because they
|
|
contain credentials.
|
|
|
|
Once you have edited them locally, you need to delete the secrets stored on
|
|
Kubernetes before uploading them again. This is done by this script:
|
|
|
|
```
|
|
./script/replace_secrets
|
|
```
|
|
|
|
### Reuse a released persistent volume:
|
|
|
|
https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616
|