apiVersion: v1
kind: Service
metadata: { name: gitea, namespace: scm }
spec:
  ports: [{ port: 80, targetPort: 3000 }]
  selector: { app: gitea }
---
apiVersion: apps/v1
kind: StatefulSet
metadata: { name: gitea, namespace: scm }
spec:
  serviceName: gitea
  replicas: 1
  selector: { matchLabels: { app: gitea } }
  template:
    metadata: { labels: { app: gitea } }
    spec:
      nodeSelector: { node: hetzner-2 }
      containers:
      - name: gitea
        image: gitea/gitea:1.21.11
        env:
          - { name: GITEA__server__ROOT_URL, value: "https://gitea.betelgeusebytes.io" }
          - { name: GITEA__database__DB_TYPE, value: "postgres" }
          - { name: GITEA__database__HOST, value: "postgres.db.svc.cluster.local:5432" }
          - { name: GITEA__database__NAME, value: "gitea" }
          - { name: GITEA__database__USER, value: "app" }
          - { name: GITEA__database__PASSWD, value: "pa$$word" }
        ports: [{ containerPort: 3000 }]
        volumeMounts:
          - { name: data, mountPath: /data }
  volumeClaimTemplates:
  - metadata: { name: data }
    spec:
      accessModes: ["ReadWriteOnce"]
      storageClassName: local-ssd-hetzner
      resources: { requests: { storage: 50Gi } }
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gitea
  namespace: scm
  annotations: { cert-manager.io/cluster-issuer: letsencrypt-prod }
spec:
  ingressClassName: nginx
  tls: [{ hosts: ["gitea.betelgeusebytes.io"], secretName: gitea-tls }]
  rules:
  - host: gitea.betelgeusebytes.io
    http:
      paths:
      - path: /
        pathType: Prefix
        backend: { service: { name: gitea, port: { number: 80 } } }