Add Gitea self-hosted git/CI/registry to replace GitHub

Deploy Gitea via Helm with dedicated CloudNativePG database, in-cluster Actions runner (DinD), and built-in container registry. ArgoCD repoURLs updated to use in-cluster Gitea SSH. Preview ApplicationSet switched from GitHub PR generator to Gitea PR generator. App images now pull from gitea.coreworlds.io registry. Remaining setup after deploy: seal runner token, ArgoCD API token, and registry pull secret once Gitea is running. Add ArgoCD deploy key to Gitea repo settings.
2026-03-21 15:43:30 +00:00
parent 06ae2c7d46
commit f04ecbf5cd
36 changed files with 640 additions and 52 deletions
--- a/infra/kubernetes/platform/gitea-pg/cluster.yaml
+++ b/infra/kubernetes/platform/gitea-pg/cluster.yaml
@@ -0,0 +1,44 @@
+# Prerequisites: CloudNativePG operator must be installed first.
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: gitea-pg
+  namespace: platform
+spec:
+  instances: 1
+  primaryUpdateStrategy: unsupervised
+
+  storage:
+    storageClass: longhorn-nvme
+    size: 5Gi
+
+  postgresql:
+    parameters:
+      max_connections: "100"
+      shared_buffers: 128MB
+      effective_cache_size: 256MB
+      work_mem: 4MB
+
+  bootstrap:
+    initdb:
+      database: gitea
+      owner: gitea
+      secret:
+        name: gitea-pg-credentials
+
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://gitea-pg-backups/
+      endpointURL: http://minio.platform.svc:9000
+      s3Credentials:
+        accessKeyId:
+          name: pg-backup-s3-credentials
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: pg-backup-s3-credentials
+          key: SECRET_ACCESS_KEY
+    retentionPolicy: "30d"
+
+  monitoring:
+    enablePodMonitor: true