Skip to content

gitea

Metadata

Field Value
Service gitea
Purpose Self-hosted Git service and collaboration platform
Criticality Tier 2
Owner Platform / SCM owner
Clusters dev, local
Namespace gitea
Exposure internet
Stateful yes
Backup class snapshot
RPO / RTO Daily backup target, 2 to 6 hours to restore
Last reviewed 2026-05-20

1. Service Overview

Gitea remains a repository-hosting workload in the estate with PostgreSQL-backed state and a public HTTPS access path.

Summary

If Gitea fails, developers lose access to this Git service and its associated collaboration features.

Dependencies

Dependency Type Why it matters
PostgreSQL database Stores repository metadata and application state
Traefik ingress External HTTPS and Git routing
Authelia access control Optional protection for the public route

2. Architecture Diagram

[Browser / git client]
  -> [Traefik]
  -> [Gitea]
  -> [PostgreSQL]
  -> [PVC-backed application data]

3. Deployment Specifications

Item Value
Source path gitea/base and gitea/overlays/*
Deployment model Kustomize plus Fleet bundle
Namespace gitea
Workload kind Deployment plus PostgreSQL StatefulSet
Chart or image version See base manifests for current image tags
Config files base/kustomization.yaml, overlays/dev, overlays/local, fleet.yaml

Cluster mapping

Cluster Overlay path Notes
dev gitea/overlays/dev Development overlay
local gitea/overlays/local Main local-cluster target

4. Configuration Guide

Environment variables

Variable Source Purpose Secret?
Gitea runtime settings overlay Secrets and manifests App bootstrap, DB connectivity, and mail settings mixed

ConfigMaps

Resource Path Purpose
Kustomize-managed app config gitea/base and gitea/overlays/* Runtime configuration and patching

Secrets management

  • Secret names: application secrets and DB credentials in the gitea namespace
  • Source of truth: overlay secret inputs and generated manifests
  • Rotation trigger: admin changes, database rotation, or incident response
  • Recovery note: restore secrets before redeploying the overlay

5. Access Protocols

Path URL or endpoint Audience Auth TLS terminates at
Internal Services inside the gitea namespace Cluster workloads namespace RBAC Traefik / Gitea
External Current Git hostname exposed through Traefik Developers and operators Gitea auth and optional Authelia Traefik

6. Operations and Observability

  • Primary health indicators: Gitea Deployment healthy, DB healthy, and web plus Git access responsive.
  • Dashboards or alerts: shared cluster monitoring and ingress health.
  • Log locations: Gitea app pod logs and PostgreSQL logs.
  • Known failure modes: DB issues, PVC attach failure, ingress middleware errors, or stale secrets.

7. Backup and Recovery Notes

  • Backup method: PostgreSQL backup plus PVC snapshot.
  • Restore prerequisites: database restore and application secrets.
  • Related runbook: ../runbooks/gitea.md

8. Release and Change Notes

  • Current deployed app version: see gitea/base image tags.
  • Current chart version: N/A.
  • Last significant change: repository standardized on explicit dev and local overlays for the current Gitea deployment.
  • Rollback reference: previous overlay revision in Git.