Skip to content

forgejo

Metadata

Field Value
Service forgejo
Purpose Self-hosted Git forge and collaboration platform
Criticality Tier 2
Owner Platform / SCM owner
Clusters local
Namespace forgejo
Exposure internet
Stateful yes
Backup class snapshot
RPO / RTO Daily backup target, 2 to 6 hours to restore
Last reviewed 2026-05-20

1. Service Overview

Forgejo provides source-control, issue tracking, and collaboration features for self-hosted repositories.

Summary

If Forgejo fails, operators lose access to Git hosting and collaboration workflows backed by this instance.

Dependencies

Dependency Type Why it matters
PostgreSQL database Stores Forgejo application state
Traefik ingress External HTTPS and Git access path
Authelia access control Optional protection for the public route

2. Architecture Diagram

[Browser / git client]
  -> [Traefik]
  -> [Forgejo]
  -> [PostgreSQL]
  -> [PVC-backed application data]

3. Deployment Specifications

Item Value
Source path forgejo/base and forgejo/overlays/local
Deployment model Kustomize plus Fleet bundle
Namespace forgejo
Workload kind Deployment plus PostgreSQL StatefulSet
Chart or image version See base manifests for current image tags
Config files base/kustomization.yaml, overlays/local/kustomization.yaml, fleet.yaml

Cluster mapping

Cluster Overlay path Notes
local forgejo/overlays/local Primary deployment target

4. Configuration Guide

Environment variables

Variable Source Purpose Secret?
Forgejo runtime settings overlay Secrets and base manifests Application bootstrap, DB, and mail settings mixed

ConfigMaps

Resource Path Purpose
Kustomize-managed app config forgejo/base and forgejo/overlays/local Application configuration and scheduling

Secrets management

  • Secret names: database credentials, admin credentials, and application secrets in the forgejo namespace
  • Source of truth: overlay secret inputs and generated manifests
  • Rotation trigger: admin credential changes, database rotation, or security response
  • Recovery note: restore DB and application secrets before redeploying the overlay

5. Access Protocols

Path URL or endpoint Audience Auth TLS terminates at
Internal Services inside the forgejo namespace Cluster workloads namespace RBAC Traefik / Forgejo
External Current Git hostname exposed through Traefik Developers and operators Forgejo auth and optional Authelia Traefik

6. Operations and Observability

  • Primary health indicators: Forgejo Deployment available, PostgreSQL healthy, and web/UI plus Git access responsive.
  • Dashboards or alerts: shared cluster monitoring and ingress health.
  • Log locations: forgejo app pod logs and PostgreSQL logs.
  • Known failure modes: DB connectivity loss, PVC issues, ingress misrouting, or stale secret material.

7. Backup and Recovery Notes

  • Backup method: PostgreSQL backup plus PVC snapshot.
  • Restore prerequisites: database dump or persistent volume restoration and all runtime secrets.
  • Related runbook: ../runbooks/forgejo.md

8. Release and Change Notes

  • Current deployed app version: see forgejo/base image tags.
  • Current chart version: N/A.
  • Last significant change: Forgejo deployment introduced with standardized overlays/local structure and Fleet targeting.
  • Rollback reference: previous overlay revision in Git.