# 1. 命名空间 apiVersion: v1 kind: Namespace metadata: name: gitea-system --- # 2. 数据持久化 (存放代码仓库和数据库) apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitea-data-pvc namespace: gitea-system spec: accessModes: - ReadWriteOnce storageClassName: longhorn # 沿用你的 Longhorn resources: requests: storage: 10Gi --- # 3. 部署 Gitea 应用 apiVersion: apps/v1 kind: Deployment metadata: name: gitea namespace: gitea-system spec: replicas: 1 selector: matchLabels: app: gitea template: metadata: labels: app: gitea spec: containers: - name: gitea image: gitea/gitea:latest ports: - containerPort: 3000 name: http - containerPort: 22 name: ssh volumeMounts: - name: gitea-data mountPath: /data env: # 初始设置,避免手动改配置文件 - name: GITEA__server__DOMAIN value: "git.u9.net3w.com" - name: GITEA__server__ROOT_URL value: "https://git.u9.net3w.com/" - name: GITEA__server__SSH_PORT value: "22" # 注意:通过 Ingress 访问时通常用 HTTPS,SSH 需要额外配置 NodePort,暂时先设为标准 volumes: - name: gitea-data persistentVolumeClaim: claimName: gitea-data-pvc --- # 4. Service (内部网络) apiVersion: v1 kind: Service metadata: name: gitea-service namespace: gitea-system spec: selector: app: gitea ports: - protocol: TCP port: 80 targetPort: 3000 name: http - protocol: TCP port: 2222 # 如果未来要用 SSH,可以映射这个端口 targetPort: 22 name: ssh --- # 5. Ingress (暴露 HTTPS 域名) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitea-ingress namespace: gitea-system annotations: cert-manager.io/cluster-issuer: letsencrypt-prod # 允许大文件上传 (Git push 可能很大) nginx.ingress.kubernetes.io/proxy-body-size: "0" spec: rules: - host: git.u9.net3w.com http: paths: - path: / pathType: Prefix backend: service: name: gitea-service port: number: 80 tls: - hosts: - git.u9.net3w.com secretName: gitea-tls-secret