diff --git a/apps/gitea/configmap.yaml b/apps/gitea/configmap.yaml
new file mode 100644
index 0000000..abfc7ff
--- /dev/null
+++ b/apps/gitea/configmap.yaml
@@ -0,0 +1,64 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitea-config
+data:
+  GITEA__DEFAULT__RUN_USER: git
+  GITEA__DEFAULT__RUN_MODE: prod
+  GITEA__DEFAULT__APP_NAME: prettysunflower's gitea
+  GITEA__DEFAULT__WORK_PATH: /var/lib/gitea
+  GITEA__repository__ROOT: /var/lib/gitea/git
+  GITEA__repository__SCRIPT_TYPE: sh
+  GITEA__repository__DISABLE_STARS: "true"
+  GITEA__server__STATIC_ROOT_PATH: /usr/share/webapps/gitea
+  GITEA__server__APP_DATA_PATH: /var/lib/gitea/data
+  GITEA__server__LFS_START_SERVER: "true"
+  GITEA__server__SSH_DOMAIN: git.default.svc.yakumo.prettysunflower.moe
+  GITEA__server__DOMAIN: git.prettysunflower.moe
+  GITEA__server__HTTP_PORT: "3000"
+  GITEA__server__ROOT_URL: https://git.prettysunflower.moe/
+  GITEA__server__DISABLE_SSH: "false"
+  GITEA__server__SSH_PORT: "22"
+  GITEA__server__OFFLINE_MODE: "false"
+  GITEA__server__PUBLIC_URL_DETECTION: auto
+  GITEA__database__DB_TYPE: postgres
+  GITEA__database__SSL_MODE: disable
+  GITEA__database__HOST: 100.75.132.10:5432
+  GITEA__database__NAME: gitea
+  GITEA__database__SCHEMA: public
+  GITEA__database__LOG_SQL: "false"
+  GITEA__session__PROVIDER: redis
+  GITEA__log__MODE: console
+  GITEA__log__LEVEL: info
+  GITEA__mailer__ENABLED: "true"
+  GITEA__mailer__FROM: gitea@prettysunflower.moe
+  GITEA__mailer__PROTOCOL: smtp+starttls
+  GITEA__mailer__SMTP_ADDR: mail.prettysunflower.moe
+  GITEA__mailer__SMTP_PORT: "587"
+  GITEA__storage__STORAGE_TYPE: minio
+  GITEA__storage__MINIO_ENDPOINT: t3.storage.dev:443
+  GITEA__storage__MINIO_ACCESS_KEY_ID: tid_uCZAvxLOlpVdEusuMYvVmsOvMgVccrwxGJwqauuhSucI_MwddN
+  GITEA__storage__MINIO_BUCKET: prettysunflower-gitea
+  GITEA__storage__MINIO_LOCATION: auto
+  GITEA__storage__MINIO_USE_SSL : "true"
+  GITEA__storage__SERVE_DIRECT: "true"
+  GITEA__service__REGISTER_EMAIL_CONFIRM: "false"
+  GITEA__service__ENABLE_NOTIFY_MAIL: "false"
+  GITEA__service__DISABLE_REGISTRATION: "true"
+  GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "false"
+  GITEA__service__ENABLE_CAPTCHA: "false"
+  GITEA__service__REQUIRE_SIGNIN_VIEW: "false"
+  GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "false"
+  GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "true"
+  GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "true"
+  GITEA__service__NO_REPLY_ADDRESS: noreply.localhost
+  GITEA__openid__ENABLE_OPENID_SIGNIN: "true"
+  GITEA__openid__ENABLE_OPENID_SIGNUP: "true"
+  GITEA__cron_0X2E_update_checker__ENABLED: "false"
+  GITEA__repository_0X2E_pull_0X2D_request__DEFAULT_MERGE_STYLE: merge
+  GITEA__repository_0X2E_signing__DEFAULT_TRUST_MODEL: committer
+  GITEA__security__INSTALL_LOCK: "true"
+  GITEA__security__PASSWORD_HASH_ALGO: argon2
+  GITEA__cache__ADAPTER: redis
+  GITEA__cache__HOST: redis://127.0.0.1:6379/0
+  GITEA__cache_0X2E_last_commit__COMMITS_COUNT: "1"
\ No newline at end of file
diff --git a/apps/gitea/deployment.yaml b/apps/gitea/deployment.yaml
new file mode 100644
index 0000000..2783d72
--- /dev/null
+++ b/apps/gitea/deployment.yaml
@@ -0,0 +1,102 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  labels:
+    app.kubernetes.io/name: gitea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: gitea
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: gitea
+    spec:
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            preference:
+              matchExpressions:
+              - key: location
+                operator: In
+                values:
+                - fsn
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: gitea-tigris-pvc
+        - name: config
+          persistentVolumeClaim:
+            claimName: gitea-config-pvc
+        - name: valkey
+          emptyDir:
+            sizeLimit: 128Mi
+            medium: Memory
+      dnsPolicy: "None"
+      dnsConfig:
+        nameservers:
+          - 100.96.226.96
+      containers:
+        - image: docker.gitea.com/gitea:1.24.2-rootless 
+          name: gitea
+          ports:
+            - containerPort: 3000
+              protocol: TCP
+              name: http
+            - containerPort: 22
+              protocol: TCP
+              name: ssh
+          volumeMounts:
+          - name: data
+            mountPath: /var/lib/gitea
+          - name: config
+            mountPath: /etc/gitea
+          envFrom:
+            - configMapRef:
+                name: gitea-config
+            - secretRef:
+                name: gitea-secrets
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+          livenessProbe:
+            httpGet:
+              path: /api/healthz
+              port: http
+            initialDelaySeconds: 200
+            timeoutSeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 10
+        - image: valkey/valkey:alpine
+          name: valkey
+          command: ["valkey-server"]
+          ports:
+            - containerPort: 6379
+              protocol: TCP
+          env:
+            - name: VALKEY_EXTRA_FLAGS
+              value: "--save 60 1"
+          volumeMounts:
+          - name: valkey
+            mountPath: "/data"
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
diff --git a/apps/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml
new file mode 100644
index 0000000..e2f172c
--- /dev/null
+++ b/apps/gitea/kustomization.yaml
@@ -0,0 +1,6 @@
+resources:
+- deployment.yaml
+- pvc.yaml
+- svc.yaml
+- secrets.yaml
+- configmap.yaml
\ No newline at end of file
diff --git a/apps/gitea/pvc.yaml b/apps/gitea/pvc.yaml
new file mode 100644
index 0000000..dc65039
--- /dev/null
+++ b/apps/gitea/pvc.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5G
+  storageClassName: seaweedfs-storage
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-config-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 64M
+  storageClassName: seaweedfs-storage
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-tigris-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 50G
+  storageClassName: tigris
\ No newline at end of file
diff --git a/apps/gitea/svc.yaml b/apps/gitea/svc.yaml
new file mode 100644
index 0000000..d239687
--- /dev/null
+++ b/apps/gitea/svc.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: git
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: gitea
+  ports:
+    - protocol: TCP
+      port: 22
+      targetPort: ssh
+      name: ssh
+    - protocol: TCP
+      port: 80
+      targetPort: http
+      name: http
\ No newline at end of file