Gitea and Flux in my Private K8S Home Lab
Gitea is a Github-like opensource project. It is perfect for me in my homelab (private cloud) when I don’t want to push my code to github. In this tutorial, I demo how to install Gitea in my k8s env and use Flux cli to bootstrap gitea project.
First, I use helm to install the gitea. The following is the values yaml file.
podSecurityContext:
fsGroup: 0
service:
http:
type: LoadBalancer
loadBalancerIP: 10.10.0.37
port: 443
annotations:
metallb.universe.tf/allow-shared-ip: "gitea"
ssh:
type: LoadBalancer
loadBalancerIP: 10.10.0.37
port: 22
ClusterIP:
annotations:
metallb.universe.tf/allow-shared-ip: "gitea"
persistence:
size: 100Gi
extraVolumes:
- name: tls
csi:
driver: csi.cert-manager.io
readOnly: true
volumeAttributes:
csi.cert-manager.io/issuer-name: ca-issuer
csi.cert-manager.io/issuer-kind: ClusterIssuer
csi.cert-manager.io/common-name: "${SERVICE_ACCOUNT_NAME}.${POD_NAMESPACE}"
csi.cert-manager.io/dns-names: "${POD_NAME}.${POD_NAMESPACE}.svc.cluster.local,gitea.home.lab"
csi.cert-manager.io/uri-sans: "spiffe://cluster.local/ns/${POD_NAMESPACE}/pod/${POD_NAME}/${POD_UID}"
csi.cert-manager.io/ip-sans: 10.10.0.37
extraContainerVolumeMounts:
- name: tls
readOnly: true
mountPath: /data/certs
gitea:
podAnnotations:
admin:
username: "ysung"
password: "changeme"
email: "ysung@mm2.home.lab"
config:
database:
DB_TYPE: postgres
session:
PROVIDER: db
cache:
ADAPTER: memory
queue:
TYPE: level
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
server:
ROOT_URL: https://gitea.home.lab/
PROTOCOL: https
HTTP_PORT: 8443
CERT_FILE: /data/certs/tls.crt
KEY_FILE: /data/certs/tls.key
SSH_DOMAIN: gitea.home.lab
SSH_LISTEN_PORT: 2222
webhook:
SKIP_TLS_VERIFY: true
actions:
ENABLED: true
postgresql-ha:
enabled: false
postgresql:
enabled: true
redis-cluster:
enabled: falseFrom above yaml file, you can see that I use metallb annotations to share the LoadBalancer service IP between https and ssh services. Also, I have cert-manager csi driver to handle tls certificate and use “extraContainerVolumeMounts” to mount the tls cert. In gitea section, I specify where to find the tls cert and key.
Use the following command to install the gitea chart.
helm install gitea -n gitea gitea/gitea --create-namespaceOnce the gitea deployed, both gitea-http and gitea-ssh share the same loadBalancer IP.
I can login to “https://gitea.home.lab” with the credential in the yaml file.
Next, I create a new Repository, datatesseract, under ysung user and test git pull from my laptop. The following code block shows the push.
mkdir datatesseract
cd datatesseract
touch README.md
git init
Initialized empty Git repository in /Users/ysung/git/datatesseract/.git/
git checkout -b main
Switched to a new branch 'main'
git add README.md
git commit -m 'first'
[main (root-commit) f4e6482] first
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 README.md
git remote add origin https://10.10.0.37/ysung/datatesseract.git
git push -u origin main
Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Writing objects: 100% (3/3), 212 bytes | 212.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
remote: . Processing 1 references
remote: Processed 1 references in total
To https://10.10.0.37/ysung/datatesseract.git
* [new branch] main -> main
branch 'main' set up to track 'origin/main'.Check the gitea web UI and the README.md is updated with the commit.
Once we have a working gitea service, we can bootstrap Flux to monitoring this repo. Refer to flux installation doc for more detail. I found flux bootstrap is a good way to connect the gitea repository to flux in kubernetes. Here I use brew install fluxcd/tap/flux on my mac laptop. Run the precheck to verify the environment.
brew install fluxcd/tap/flux
...
flux check --pre
► checking prerequisites
✔ Kubernetes 1.30.1 >=1.28.0-0
✔ prerequisites checks passedBefore we run the flux bootstrap, we need a personal access token from gitea. Go to gitea homepage -> settings like the following snapshot.
on the left panel, find “applications” and give a token name, flux, specify the permissions, then click Generate Token.
Copy/paste the token because we need it during flux bootstrap.
Back to commandline and let’s bootstrap our first flux project.
export GITEA_TOKE=xxxxxxxxxxxxxxxxxxx
flux bootstrap gitea --hostname=gitea.home.lab --owner=ysung --repository=datatesseract --private=false --path=clusters/homelab --insecure-skip-tls-verify
► connecting to gitea.home.lab
► cloning branch "main" from Git repository "https://gitea.home.lab/ysung/datatesseract.git"
✔ cloned repository
► generating component manifests
✔ generated component manifests
✔ committed component manifests to "main" ("4d614f7c5949724411408107a622656061e4c871")
► pushing component manifests to "https://gitea.home.lab/ysung/datatesseract.git"
► installing components in "flux-system" namespace
✔ installed components
✔ reconciled components
► determining if source secret "flux-system/flux-system" exists
► generating source secret
✔ public key: ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLN28DGO1EpniBUDZ+vFN8xjyZGwFUxDSIyyp2zJmcHOc9xMZxPeW85LMYaEVtPcONiqSussehLJ9oUO9hQMPaX3e0PVCOswmqYYqmF8xIzauu6fTUveU2cQWxgCYIGb2Q==
✔ configured deploy key "flux-system-main-flux-system-./clusters/homelab" for "https://gitea.home.lab/ysung/datatesseract"
► applying source secret "flux-system/flux-system"
✔ reconciled source secret
► generating sync manifests
✔ generated sync manifests
✔ committed sync manifests to "main" ("3e00e6acc9506098136a29c97cf2e46d46e856e8")
► pushing sync manifests to "https://gitea.home.lab/ysung/datatesseract.git"
► applying sync manifests
✔ reconciled sync configuration
◎ waiting for GitRepository "flux-system/flux-system" to be reconciled
✔ GitRepository reconciled successfully
◎ waiting for Kustomization "flux-system/flux-system" to be reconciled
✔ Kustomization reconciled successfully
► confirming components are healthy
✔ helm-controller: deployment ready
✔ kustomize-controller: deployment ready
✔ notification-controller: deployment ready
✔ source-controller: deployment ready
✔ all components are healthyAll components are healthy! Let’s check what has added in kubernetes and gitea repository. From the gitea homepage, you can see Flux manifests are added to the project.
In the k8s cluster, you can see some operator-controllers added in flux-system namespace.
TBC…