forgejo
| Field |
Value |
| Service |
forgejo |
| Purpose |
Self-hosted Git forge and collaboration platform |
| Criticality |
Tier 2 |
| Owner |
Platform / SCM owner |
| Clusters |
local |
| Namespace |
forgejo |
| Exposure |
internet |
| Stateful |
yes |
| Backup class |
snapshot |
| RPO / RTO |
Daily backup target, 2 to 6 hours to restore |
| Last reviewed |
2026-05-20 |
1. Service Overview
Forgejo provides source-control, issue tracking, and collaboration features for self-hosted repositories.
Summary
If Forgejo fails, operators lose access to Git hosting and collaboration workflows backed by this instance.
Dependencies
| Dependency |
Type |
Why it matters |
| PostgreSQL |
database |
Stores Forgejo application state |
| Traefik |
ingress |
External HTTPS and Git access path |
| Authelia |
access control |
Optional protection for the public route |
2. Architecture Diagram
[Browser / git client]
-> [Traefik]
-> [Forgejo]
-> [PostgreSQL]
-> [PVC-backed application data]
3. Deployment Specifications
| Item |
Value |
| Source path |
forgejo/base and forgejo/overlays/local |
| Deployment model |
Kustomize plus Fleet bundle |
| Namespace |
forgejo |
| Workload kind |
Deployment plus PostgreSQL StatefulSet |
| Chart or image version |
See base manifests for current image tags |
| Config files |
base/kustomization.yaml, overlays/local/kustomization.yaml, fleet.yaml |
Cluster mapping
| Cluster |
Overlay path |
Notes |
| local |
forgejo/overlays/local |
Primary deployment target |
4. Configuration Guide
Environment variables
| Variable |
Source |
Purpose |
Secret? |
| Forgejo runtime settings |
overlay Secrets and base manifests |
Application bootstrap, DB, and mail settings |
mixed |
ConfigMaps
| Resource |
Path |
Purpose |
| Kustomize-managed app config |
forgejo/base and forgejo/overlays/local |
Application configuration and scheduling |
Secrets management
- Secret names: database credentials, admin credentials, and application secrets in the forgejo namespace
- Source of truth: overlay secret inputs and generated manifests
- Rotation trigger: admin credential changes, database rotation, or security response
- Recovery note: restore DB and application secrets before redeploying the overlay
5. Access Protocols
| Path |
URL or endpoint |
Audience |
Auth |
TLS terminates at |
| Internal |
Services inside the forgejo namespace |
Cluster workloads |
namespace RBAC |
Traefik / Forgejo |
| External |
Current Git hostname exposed through Traefik |
Developers and operators |
Forgejo auth and optional Authelia |
Traefik |
6. Operations and Observability
- Primary health indicators: Forgejo Deployment available, PostgreSQL healthy, and web/UI plus Git access responsive.
- Dashboards or alerts: shared cluster monitoring and ingress health.
- Log locations: forgejo app pod logs and PostgreSQL logs.
- Known failure modes: DB connectivity loss, PVC issues, ingress misrouting, or stale secret material.
7. Backup and Recovery Notes
- Backup method: PostgreSQL backup plus PVC snapshot.
- Restore prerequisites: database dump or persistent volume restoration and all runtime secrets.
- Related runbook: ../runbooks/forgejo.md
8. Release and Change Notes
- Current deployed app version: see forgejo/base image tags.
- Current chart version: N/A.
- Last significant change: Forgejo deployment introduced with standardized overlays/local structure and Fleet targeting.
- Rollback reference: previous overlay revision in Git.