Gitea container and SSH

Cluster information:

Kubernetes version: v1.17.4+k3s1
Cloud being used: bare-metal
Installation method: k3s install script
Host OS: Arch Linux

The goal

I’m hosting a Gitea instance right now. http works fine, but I’m trying to get ssh to work.

git clone works as expected.

What I think I need to do

  • Generate ssh keys within container
  • Ingress Controller map outside port 22 to service (running via standard port 22)


I don’t know if the above is correct. Also, I access my nodes via ssh on port 22. Won’t there be a conflict?

I had this working at one point, but I’ve lost the configuration that it ran on. I didn’t get it to work on port 22; there are options on the container you can set via an environment variable that will change it. I used 2222. At the time I had it working, I was not using the k3s-supplied traefik ingress or the servicelb; I had nginx for ingress and was using metallb. I’m still trying to get back to the point where it works.

Actually, I got it working. I had a permissions issue with the contents of /data/ssh in the container, because of how I mounted the PVC. Anyway, here’s what I did:

  • Start the cluster master with the --disable servicelb option.
  • Installed metallb using helm install metallb stable/metallb --namespace kube-system --set configInline.address-pools[0].name=default --set configInline.address-pools[0].protocol=layer2 --set configInline.address-pools[0].addresses[0]=
  • In the deployment for gitea, set SSH_DOMAIN to my domain, and SSH_PORT to 2222.
  • Use this yaml for the ssh service:
    `apiVersion: v1
    kind: Service
    name: gitea-ssh
    namespace: gitea
    • name: gitea-ssh
      port: 2222
      targetPort: 2222
      protocol: TCP
      app: gitea
      type: LoadBalancer`

I generally followed this post from Ruan Bekker to set up gitea and drone; the only place I deviated from his manifests were related to the PVCs, because I’m using local-storage (I have /var/lib/rancher/k3s/storage nfs-mounted on all my nodes.)