在完成 K3s 集群基础服务部署(PostgreSQL、Redis)后,本文作为系列第六篇,将基于前序环境部署 Gitea 轻量级代码托管服务,实现一键部署、开箱可用。
Gitea 作为轻量级、高性能的 Git 服务,可无缝对接 PostgreSQL 数据库与 Redis 缓存,适合在内网 K3s 环境中搭建私有代码仓库、DevOps 研发平台。
一、创建 Gitea 命名空间
为保持资源隔离规范,Gitea 独立运行在 gitea 命名空间。
1
2
3
4
5
6
7
|
apiVersion: v1
kind: Namespace
metadata:
name: gitea
labels:
app: gitea
|
执行命令:
1
| kubectl apply -f gitea-namespace.yaml
|
二、部署 Gitea 持久化存储(PVC)
采用 local-path 存储配置,保障 Gitea 数据持久化,适配内网 K3s 集群环境。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-pvc
namespace: gitea
labels:
app: gitea
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 50Gi
|
部署:
1
| kubectl apply -f gitea-pvc-local-path.yaml
|
三、部署 Gitea 配置文件(ConfigMap)
配置文件包含数据库连接、安全开关、运行参数等核心配置,适配前序部署的 PostgreSQL 服务,保障 Gitea 正常运行。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-config
namespace: gitea
labels:
app: gitea
data:
ENABLE_OPENID_SIGNIN: "false"
DISABLE_REGISTRATION: "true"
ENABLE_OPENID_SIGNUP: "false"
SSH_LISTEN_PORT: "2222"
SSH_PORT: "22"
GITEA_APP_INI: /data/gitea/conf/app.ini
GITEA_CUSTOM: /data/gitea
GITEA_WORK_DIR: /data
GITEA_TEMP: /tmp/gitea
TMPDIR: /tmp/gitea
HOME: /data/gitea/git
APP_NAME: "Gitea: Git with a cup of tea"
HTTP_PORT: "3000"
RUN_MODE: prod
DB_TYPE: postgres
DB_HOST: postgres.postgres.svc.cluster.local:5432
DB_NAME: gitea
DB_USER: gitea
DB_PASSWD: gitea
REQUIRE_SIGNIN_VIEW: "true"
ACTIONS_ENABLED: "false"
GITEA_webhook_ALLOWED_HOST_LIST: *.example.local
GITEA_webhook_SKIP_TLS_VERIFY: "true"
GITEA_packages_ENABLED: "false"
GITE_actions_ENABLED: "false"
|
部署:
1
| kubectl apply -f gitea-config.yaml
|
四、部署 Gitea 服务(Service)
部署双 Service,分别暴露 HTTP(3000 端口)与 SSH(22 端口),满足 Web 访问与 Git 操作需求。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
apiVersion: v1
kind: Service
metadata:
name: gitea-ssh
namespace: gitea
labels:
app: gitea
spec:
ports:
- name: ssh
port: 22
protocol: TCP
targetPort: 22
selector:
app: gitea
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: gitea-http
namespace: gitea
labels:
app: gitea
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: 3000
selector:
app: gitea
type: ClusterIP
|
部署:
1
| kubectl apply -f gitea-service.yaml
|
五、部署 Gitea 应用(Deployment)
采用 rootless 镜像部署,配置数据挂载与环境变量注入,保障 Gitea 稳定运行且符合容器安全规范。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: gitea
labels:
app: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea:1.22.0-rootless
envFrom:
- configMapRef:
name: gitea-config
imagePullPolicy: IfNotPresent
ports:
- containerPort: 22
name: ssh
protocol: TCP
- containerPort: 3000
name: http
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /tmp
name: temp
- mountPath: /data
name: gitea-persistent-storage
restartPolicy: Always
volumes:
- name: temp
emptyDir: {}
- name: gitea-persistent-storage
persistentVolumeClaim:
claimName: gitea-pvc
|
部署:
1
| kubectl apply -f gitea-deployment.yaml
|
六、配置 HTTPS 与路由(IngressRoute + Certificate)
配置自动签发证书与 Traefik 路由,启用 HTTPS 加密访问,保障服务访问安全,适配前序 Traefik 网关配置。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-cert
namespace: gitea
spec:
isCA: false
commonName: Example gitea
secretName: gitea-secret
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
duration: 2160h
renewBefore: 72h
subject:
organizations:
- Example .Inc
dnsNames:
- gitea.example.local
issuerRef:
name: selfsigned-cluster-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-websecure
namespace: gitea
annotations:
traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea.example.local`) && PathPrefix(`/`)
kind: Rule
services:
- name: gitea-http
passHostHeader: true
port: 3000
tls:
secretName: gitea-secret
|
部署:
1
| kubectl apply -f gitea-ingress.yaml
|
七、验证 Gitea 部署状态
1. 查看 Pod 状态
1
| kubectl get pods -n gitea
|
2. 查看 PVC 状态
1
| kubectl get pvc -n gitea
|
3. 查看 Service
1
| kubectl get svc -n gitea
|
4. 查看证书与路由
1
2
| kubectl get certificates -n gitea
kubectl get ingressroute -n gitea
|
八、访问方式
1. 内网访问(推荐)
配置本地 hosts(替换为你的 K3s 节点 IP):
1
| 192.168.x.x gitea.example.local
|
浏览器访问:
1
| https://gitea.example.local
|
2. 集群内访问
九、默认管理员信息
用户名:gitea_admin
密码:r8sA8CPHD9!bt6d
十、日常运维命令
1
2
3
4
5
6
7
8
9
10
11
|
kubectl logs -f deployment/gitea -n gitea
kubectl rollout restart deployment/gitea -n gitea
kubectl cp gitea/<gitea-pod-name>:/data ./gitea-data-backup
kubectl exec -it <gitea-pod-name> -n gitea -- /bin/sh
|
总结
本文完成 Gitea 在 K3s 中的完整部署:命名空间隔离 → 持久化存储 → 配置中心 → 服务暴露 → HTTPS 安全访问。
Gitea 已自动对接 PostgreSQL 数据库,可直接作为企业内网代码托管平台使用,具备稳定、轻量、易维护的特点。