gitea

2026-04-08 12:00:15 +02:00
parent dcfa104948
commit 2e725ffcdd
5 changed files with 278 additions and 2 deletions
--- a/docs/REFERENCE.md
+++ b/docs/REFERENCE.md
@@ -31,6 +31,7 @@
 | **Logging** | Loki + Fluent-Bit |
 | **Tracing** | Tempo (OTLP) |
 | **Container Scanning** | Trivy |
+| **Version Control** | Gitea |

 ### Network Architecture

@@ -85,6 +86,7 @@ sturdy-adventure/
 │   ├── tempo.yaml
 │   ├── fluent-bit.yaml
 │   ├── trivy.yaml
+│   ├── gitea.yaml
 │   ├── sealedsecrets.yaml
 │   ├── secrets.yaml
 │   └── values/
@@ -93,6 +95,7 @@ sturdy-adventure/
 │       ├── grafana-values.yaml
 │       ├── loki-values.yaml
 │       ├── tempo-values.yaml
+│       ├── gitea-values.yaml
 │       └── fluent-bit-values.yaml
 │
 ├── apps/                          # Business applications
@@ -121,6 +124,7 @@ sturdy-adventure/
 ├── secrets/                       # Application secrets (sealed)
 │   ├── argocd-mcp-credentials.yaml
 │   ├── dot-ai-secrets.yaml
+│   ├── gitea-credentials-sealed.yaml
 │   ├── mcp10x-credentials-sealed.yaml
 │   └── musicman-credentials.yaml
 │
@@ -770,6 +774,49 @@ persistence:

 **Output**: Loki

+### Gitea
+
+**Chart**: `gitea/gitea`
+**Version**: 12.5.0 (app v1.25.4)
+**Namespace**: `gitea`
+
+**Purpose**: Self-hosted Git repository hosting with pull requests, issues, CI/CD (Gitea Actions), container registry, and package registry.
+
+**Configuration**:
+```yaml
+# infra/gitea.yaml + infra/values/gitea-values.yaml
+ingress:
+  host: git.forteapps.net
+  tls: cert-manager (letsencrypt-prod)
+
+gitea:
+  admin:
+    existingSecret: gitea-credentials
+  config:
+    service:
+      DISABLE_REGISTRATION: true
+      ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+    actions:
+      ENABLED: true
+    packages:
+      ENABLED: true
+    metrics:
+      ENABLED: true
+
+postgresql:
+  enabled: true
+  persistence: 8Gi (upcloud-block-storage-maxiops)
+```
+
+**Authentication**: Keycloak OIDC via `forte` realm (client ID: `gitea`)
+
+**Endpoints**:
+- Web UI: `https://git.forteapps.net`
+- SSH: port 22 (ClusterIP)
+- Metrics: `/metrics` (Prometheus scrape)
+
+**Secrets**: `gitea-credentials` (SealedSecret) containing `admin-password`, `postgres-password`, `secret` (OIDC client secret)
+
 ---

 ## Kyverno Policies
@@ -1373,6 +1420,7 @@ team: platform
 | **Loki** | 2.9.0+ | Latest |
 | **Tempo** | 2.6.0+ | 1.24.4 |
 | **Fluent-Bit** | 2.1.0+ | Latest |
+| **Gitea** | 1.25.4 | 12.5.0 |
 | **PostgreSQL** | 16-alpine | N/A |
 | **Trivy** | Latest | Latest |

@@ -1384,6 +1432,6 @@ team: platform

 ---

-**Last Updated**: 2026-03-16
+**Last Updated**: 2026-04-08
 **Maintained By**: Platform Team
 **Version**: 1.0.0