gitea
| Field |
Value |
| Service |
gitea |
| Purpose |
Self-hosted Git service and collaboration platform |
| Criticality |
Tier 2 |
| Owner |
Platform / SCM owner |
| Clusters |
dev, local |
| Namespace |
gitea |
| Exposure |
internet |
| Stateful |
yes |
| Backup class |
snapshot |
| RPO / RTO |
Daily backup target, 2 to 6 hours to restore |
| Last reviewed |
2026-05-20 |
1. Service Overview
Gitea remains a repository-hosting workload in the estate with PostgreSQL-backed state and a public HTTPS access path.
Summary
If Gitea fails, developers lose access to this Git service and its associated collaboration features.
Dependencies
| Dependency |
Type |
Why it matters |
| PostgreSQL |
database |
Stores repository metadata and application state |
| Traefik |
ingress |
External HTTPS and Git routing |
| Authelia |
access control |
Optional protection for the public route |
2. Architecture Diagram
[Browser / git client]
-> [Traefik]
-> [Gitea]
-> [PostgreSQL]
-> [PVC-backed application data]
3. Deployment Specifications
| Item |
Value |
| Source path |
gitea/base and gitea/overlays/* |
| Deployment model |
Kustomize plus Fleet bundle |
| Namespace |
gitea |
| Workload kind |
Deployment plus PostgreSQL StatefulSet |
| Chart or image version |
See base manifests for current image tags |
| Config files |
base/kustomization.yaml, overlays/dev, overlays/local, fleet.yaml |
Cluster mapping
| Cluster |
Overlay path |
Notes |
| dev |
gitea/overlays/dev |
Development overlay |
| local |
gitea/overlays/local |
Main local-cluster target |
4. Configuration Guide
Environment variables
| Variable |
Source |
Purpose |
Secret? |
| Gitea runtime settings |
overlay Secrets and manifests |
App bootstrap, DB connectivity, and mail settings |
mixed |
ConfigMaps
| Resource |
Path |
Purpose |
| Kustomize-managed app config |
gitea/base and gitea/overlays/* |
Runtime configuration and patching |
Secrets management
- Secret names: application secrets and DB credentials in the gitea namespace
- Source of truth: overlay secret inputs and generated manifests
- Rotation trigger: admin changes, database rotation, or incident response
- Recovery note: restore secrets before redeploying the overlay
5. Access Protocols
| Path |
URL or endpoint |
Audience |
Auth |
TLS terminates at |
| Internal |
Services inside the gitea namespace |
Cluster workloads |
namespace RBAC |
Traefik / Gitea |
| External |
Current Git hostname exposed through Traefik |
Developers and operators |
Gitea auth and optional Authelia |
Traefik |
6. Operations and Observability
- Primary health indicators: Gitea Deployment healthy, DB healthy, and web plus Git access responsive.
- Dashboards or alerts: shared cluster monitoring and ingress health.
- Log locations: Gitea app pod logs and PostgreSQL logs.
- Known failure modes: DB issues, PVC attach failure, ingress middleware errors, or stale secrets.
7. Backup and Recovery Notes
- Backup method: PostgreSQL backup plus PVC snapshot.
- Restore prerequisites: database restore and application secrets.
- Related runbook: ../runbooks/gitea.md
8. Release and Change Notes
- Current deployed app version: see gitea/base image tags.
- Current chart version: N/A.
- Last significant change: repository standardized on explicit
dev and local overlays for the current Gitea deployment.
- Rollback reference: previous overlay revision in Git.