1
0
Fork 0
mirror of https://code.forgejo.org/infrastructure/documentation synced 2024-11-25 12:11:10 +00:00
infrastructure-documentation/k8s-forgejo.md

1.5 KiB

Forgejo

forgejo configuration in ingress for the reverse proxy (traefik) to route the domain and for the ACME issuer (cert-manager) to obtain a certificate. And in service for the ssh port to be bound to the desired IPs of the load balancer (metallb).

ingress:
  enabled: true
  annotations:
	# https://cert-manager.io/docs/usage/ingress/#supported-annotations
	# https://github.com/cert-manager/cert-manager/issues/2239
	cert-manager.io/cluster-issuer: letsencrypt-http
	cert-manager.io/private-key-algorithm: ECDSA
	cert-manager.io/private-key-size: 384
	kubernetes.io/ingress.class: traefik
	traefik.ingress.kubernetes.io/router.entrypoints: websecure
  tls:
	- hosts:
		- t1.forgejo.org
	  secretName: tls-forgejo-t1-ingress-http
  hosts:
	- host: t1.forgejo.org
	  paths:
		- path: /
		  pathType: Prefix

service:
  http:
	type: ClusterIP
	ipFamilyPolicy: PreferDualStack
	port: 3000
  ssh:
	type: LoadBalancer
	annotations:
	  metallb.universe.tf/loadBalancerIPs: 188.40.16.47,2a01:4f8:fff2:48::2
	  metallb.universe.tf/allow-shared-ip: "key-to-share-failover"
	ipFamilyPolicy: PreferDualStack
	port: 2222

Instruct the forgejo pod to use the forgejo-data pvc.

persistence:
  enabled: true
  create: false
  claimName: forgejo-data