Gitea容器化部署:Docker+K8s全攻略
Gitea容器化部署:Docker+K8s全攻略
【免费下载链接】gitea 喝着茶写代码!最易用的自托管一站式代码托管平台,包含Git托管,代码审查,团队协作,软件包和CI/CD。 
项目地址: https://gitcode.com/gitea/gitea
还在为自建Git服务器配置繁琐而头疼?还在为团队协作代码托管的安全性和可控性担忧?本文将为你提供Gitea容器化部署的完整解决方案,从单机Docker部署到Kubernetes集群部署,一站式解决代码托管难题。
为什么选择Gitea容器化部署?
Gitea作为轻量级的自托管Git服务,结合容器化技术具有以下优势:
Docker单机部署实战
基础Docker部署
Gitea提供了官方的Docker镜像,支持多种数据库后端。以下是基础部署示例:
# 使用官方Gitea镜像docker run -d \\ --name=gitea \\ -p 3000:3000 \\ -p 2222:22 \\ -v /your/data/path:/data \\ -v /etc/timezone:/etc/timezone:ro \\ -v /etc/localtime:/etc/localtime:ro \\ --restart=unless-stopped \\ gitea/gitea:latest环境变量配置
Gitea支持通过环境变量动态配置,格式为 GITEA__SECTION_NAME__KEY_NAME:
docker run -d \\ --name=gitea \\ -p 3000:3000 \\ -p 2222:22 \\ -e GITEA__database__DB_TYPE=mysql \\ -e GITEA__database__HOST=db:3306 \\ -e GITEA__database__NAME=gitea \\ -e GITEA__database__USER=gitea \\ -e GITEA__database__PASSWD=your_password \\ -e GITEA__server__DOMAIN=your_domain.com \\ -e GITEA__server__SSH_PORT=2222 \\ -v gitea_data:/data \\ gitea/gitea:latestDocker Compose完整示例
version: \"3\"networks: gitea: external: falseservices: server: image: gitea/gitea:latest container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=mysql - GITEA__database__HOST=db:3306 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=gitea restart: unless-stopped networks: - gitea volumes: - ./data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - \"3000:3000\" - \"2222:22\" depends_on: - db db: image: mysql:8.0 container_name: gitea_db restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=gitea - MYSQL_USER=gitea - MYSQL_PASSWORD=gitea - MYSQL_DATABASE=gitea networks: - gitea volumes: - ./mysql:/var/lib/mysql command: - --default-authentication-plugin=mysql_native_password - --character-set-server=utf8mb4 - --collation-server=utf8mb4_unicode_ciKubernetes集群部署方案
部署架构设计
Helm Chart部署
虽然Gitea官方没有提供Helm Chart,但我们可以使用自定义的部署配置:
# gitea-deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata: name: gitea namespace: giteaspec: replicas: 1 selector: matchLabels: app: gitea template: metadata: labels: app: gitea spec: containers: - name: gitea image: gitea/gitea:latest ports: - containerPort: 3000 - containerPort: 22 env: - name: GITEA__database__DB_TYPE value: \"mysql\" - name: GITEA__database__HOST value: \"gitea-mysql:3306\" - name: GITEA__database__NAME value: \"gitea\" - name: GITEA__database__USER value: \"gitea\" - name: GITEA__database__PASSWD valueFrom: secretKeyRef: name: gitea-db-secret key: password volumeMounts: - name: gitea-data mountPath: /data resources: requests: memory: \"512Mi\" cpu: \"250m\" limits: memory: \"1Gi\" cpu: \"500m\" volumes: - name: gitea-data persistentVolumeClaim: claimName: gitea-pvc---apiVersion: v1kind: Servicemetadata: name: gitea-service namespace: giteaspec: selector: app: gitea ports: - name: http port: 3000 targetPort: 3000 - name: ssh port: 22 targetPort: 22---apiVersion: networking.k8s.io/v1kind: Ingressmetadata: name: gitea-ingress namespace: gitea annotations: nginx.ingress.kubernetes.io/proxy-body-size: \"512m\"spec: rules: - host: gitea.your-domain.com http: paths: - path: / pathType: Prefix backend: service: name: gitea-service port: number: 3000持久化存储配置
# storage.yamlapiVersion: v1kind: PersistentVolumeClaimmetadata: name: gitea-pvc namespace: giteaspec: accessModes: - ReadWriteOnce resources: requests: storage: 20Gi storageClassName: standard---apiVersion: v1kind: PersistentVolumeClaimmetadata: name: mysql-pvc namespace: giteaspec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: standard高级配置与优化
数据库连接池优化
[database]DB_TYPE = mysqlHOST = mysql-service:3306NAME = giteaUSER = giteaPASSWD = your_secure_passwordSCHEMA = SSL_MODE = disableCHARSET = utf8mb4PATH = LOG_SQL = falseMAX_OPEN_CONNS = 100MAX_IDLE_CONNS = 10CONN_MAX_LIFETIME = 3m缓存配置
[cache]ADAPTER = redisHOST = redis-service:6379PASSWORD = DB = 0[session]PROVIDER = redisPROVIDER_CONFIG = redis://redis-service:6379/1COOKIE_SECURE = trueGC_INTERVAL_TIME = 86400邮件服务配置
[mailer]ENABLED = trueFROM = gitea@your-domain.comMAILER_TYPE = smtpHOST = smtp.your-domain.com:587USER = gitea@your-domain.comPASSWD = your_email_password监控与日志
Prometheus监控配置
# metrics配置apiVersion: v1kind: Servicemetadata: name: gitea-metrics namespace: gitea annotations: prometheus.io/scrape: \"true\" prometheus.io/port: \"3000\"spec: selector: app: gitea ports: - name: metrics port: 3000 targetPort: 3000日志收集配置
[log]MODE = fileLEVEL = InfoROOT_PATH = /data/gitea/logROTATE = trueMAX_SIZE_SHIFT = 28DAILY_ROTATE = trueMAX_DAYS = 7COMPRESS = trueCOMPRESSION_LEVEL = -1安全最佳实践
网络安全策略
apiVersion: networking.k8s.io/v1kind: NetworkPolicymetadata: name: gitea-network-policy namespace: giteaspec: podSelector: matchLabels: app: gitea policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: gitea ports: - protocol: TCP port: 3000 - protocol: TCP port: 22 egress: - to: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: gitea ports: - protocol: TCP port: 3306TLS证书配置
apiVersion: cert-manager.io/v1kind: Certificatemetadata: name: gitea-tls namespace: giteaspec: secretName: gitea-tls-secret issuerRef: name: letsencrypt-prod kind: ClusterIssuer dnsNames: - gitea.your-domain.com故障排除与维护
常见问题解决方案
备份与恢复策略
# 数据库备份kubectl exec gitea-mysql-pod -- mysqldump -u gitea -p gitea > backup.sql# 数据目录备份kubectl cp gitea-pod:/data/gitea ./gitea-backup# 配置文件备份kubectl get configmap gitea-config -o yaml > config-backup.yaml总结
通过本文的Docker和Kubernetes部署指南,你应该能够:
- 快速搭建 Gitea单机环境进行开发和测试
- 生产级部署 高可用的Gitea集群服务
- 灵活配置 根据业务需求调整各项参数
- 有效监控 实时掌握系统运行状态
- 安全保障 实施完善的安全策略
Gitea容器化部署不仅简化了运维复杂度,更为团队协作代码托管提供了可靠的基础设施。无论是初创团队还是大型企业,都能从中获得稳定、高效的代码托管体验。
立即行动,开始你的Gitea容器化之旅吧!
【免费下载链接】gitea 喝着茶写代码!最易用的自托管一站式代码托管平台,包含Git托管,代码审查,团队协作,软件包和CI/CD。 项目地址: https://gitcode.com/gitea/gitea
创作声明:本文部分内容由AI辅助生成(AIGC),仅供参考
