mirror of
https://code.forgejo.org/infrastructure/documentation
synced 2024-11-25 12:11:10 +00:00
49 lines
1.5 KiB
Markdown
49 lines
1.5 KiB
Markdown
|
## Forgejo
|
||
|
|
||
|
[forgejo](https://code.forgejo.org/forgejo-helm/forgejo-helm) configuration in [ingress](https://code.forgejo.org/forgejo-helm/forgejo-helm#ingress) for the reverse proxy (`traefik`) to route the domain and for the ACME issuer (`cert-manager`) to obtain a certificate. And in [service](https://code.forgejo.org/forgejo-helm/forgejo-helm#service) for the `ssh` port to be bound to the desired IPs of the load balancer (`metallb`).
|
||
|
|
||
|
```
|
||
|
ingress:
|
||
|
enabled: true
|
||
|
annotations:
|
||
|
# https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||
|
# https://github.com/cert-manager/cert-manager/issues/2239
|
||
|
cert-manager.io/cluster-issuer: letsencrypt-http
|
||
|
cert-manager.io/private-key-algorithm: ECDSA
|
||
|
cert-manager.io/private-key-size: 384
|
||
|
kubernetes.io/ingress.class: traefik
|
||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||
|
tls:
|
||
|
- hosts:
|
||
|
- t1.forgejo.org
|
||
|
secretName: tls-forgejo-t1-ingress-http
|
||
|
hosts:
|
||
|
- host: t1.forgejo.org
|
||
|
paths:
|
||
|
- path: /
|
||
|
pathType: Prefix
|
||
|
|
||
|
service:
|
||
|
http:
|
||
|
type: ClusterIP
|
||
|
ipFamilyPolicy: PreferDualStack
|
||
|
port: 3000
|
||
|
ssh:
|
||
|
type: LoadBalancer
|
||
|
annotations:
|
||
|
metallb.universe.tf/loadBalancerIPs: 188.40.16.47,2a01:4f8:fff2:48::2
|
||
|
metallb.universe.tf/allow-shared-ip: "key-to-share-failover"
|
||
|
ipFamilyPolicy: PreferDualStack
|
||
|
port: 2222
|
||
|
```
|
||
|
|
||
|
[Instruct the forgejo pod](https://code.forgejo.org/forgejo-helm/forgejo-helm#persistence) to use the `forgejo-data` pvc.
|
||
|
|
||
|
```yaml
|
||
|
persistence:
|
||
|
enabled: true
|
||
|
create: false
|
||
|
claimName: forgejo-data
|
||
|
```
|
||
|
|