Related
Secure Federated Chat: Self Host Matrix on Kubernetes
How to self host a Matrix.org server
Are you tired of overpriced package registries? Rapidly deploy your own git and package registry - with Gitea - using their helm chart.
Prerequisites
This post assumes that you have a microk8s cluster set up with cert-manager, ingress, and dns configured, and a cluster issuer letsencrypt-prod ready.
To get started, feel free to follow my Blog Post on Microk8s Private Cluster Setup.
Setting it Up
Please note - This is meant for a quick temporary private package. There is no persistence intended.
For easy installation, you can use this simple script
./install_gitea_microk8s.sh \
K8_NAMESPACE="<installation-namespace>" \
RELEASE_NAME="<release-name>" \
ADMIN_USERNAME="<...>" \
ADMIN_PASSWORD="<...>" \
INGRESS_HOST="<host-url>"
In the above script, $INGRESS_HOST represents a subdomain you've configured a DNS entry for, pointing to your server, for instance: my-git.example.com.
Configuration
First, to ensure that this doesn't consume too many resources, we disable the high-availability database and use the default one instead.
microk8s helm install $RELEASE_NAME gitea-charts/gitea \
-n $K8_NAMESPACE \
--set postgresql-ha.enabled=false \
--set postgresql.enabled=true \
Next, we establish some credentials for our default admin user:
--set gitea.admin.username="$ADMIN_USERNAME" \
--set gitea.admin.password="$ADMIN_PASSWORD" \
We then enable and configure the ingress. Please note we are increasing the proxy-body-size to 1GB to allow us to push larger packages.
--set ingress.enabled=true \
--set "ingress.annotations.kubernetes\.io/ingress\.class=public" \
--set "ingress.annotations.cert-manager\.io/cluster-issuer=letsencrypt-prod" \
--set "ingress.annotations.nginx\.ingress\.kubernetes\.io/proxy-body-size=1g" \
--set ingress.hosts[0].host="$INGRESS_HOST" \
--set ingress.hosts[0].paths[0].path=/ \
--set ingress.hosts[0].paths[0].pathType=Prefix \
--set ingress.tls[0].secretName="git.$RELEASE_NAME-tls" \
--set ingress.tls[0].hosts[0]="$INGRESS_HOST" \
To make packages of the admin user private, sign in at
$INGRESS_HOST, navigate to Settings > Profile > Visibility, and set it to Private.
Uploading a Package
You can push a package to a path under your Gitea user as follows:
echo "<your-admin-password" | docker login $INGRESS_HOST -u <your-gitea-admin> --password-stdin
docker tag <image-id> $INGRESS_HOST/<your-gitea-admin>/<some-package-name>
Authenticating Deployments for Pulling Images
It's essential to authorize your deployments to pull your private container images. You can create a simple image pull secret in your Helm chart as outlined below.
kind: Secret
type: kubernetes.io/dockerconfigjson
apiVersion: v1
metadata:
name: dockerconfigjson-github-com
namespace: {{ .Values.rootNamespace }}
stringData:
.dockerconfigjson: >
{{
(
dict "auths"
(
dict "$INGRESS_HOST"
(
dict "auth" .Values.registryAuth.token
)
)
)
|
toJson
}}
{{- end }}
If you're using Github packages, for instance,
$INGRESS_HOSTwould beghcr.io
Create a token by Base64 encoding the user:password string:
echo "<gitea-admin>:<gitea-admin-password" | base64
This will allow you to pull from your private repositories.