Helm chart for gitea
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

299 lines
6.8 KiB

# Default values for gitea.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
clusterDomain: cluster.local
image:
repository: gitea/gitea
# Overrides the image tag whose default is the chart appVersion.
tag: ""
pullPolicy: Always
rootless: false # only possible when running 1.14 or later
imagePullSecrets: []
# Security context is only usable with rootless image due to image design
podSecurityContext:
fsGroup: 1000
containerSecurityContext: {}
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# # Add the SYS_CHROOT capability for root and rootless images if you intend to
# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
# # get an error message from the SSH server that it is not possible to read from
# # the repository.
# # https://gitea.com/gitea/helm-chart/issues/161
# add:
# - SYS_CHROOT
# privileged: false
# readOnlyRootFilesystem: true
# runAsGroup: 1000
# runAsNonRoot: true
# runAsUser: 1000
# DEPRECATED. The securityContext variable has been split two:
# - containerSecurityContext
# - podSecurityContext.
securityContext: {}
service:
http:
type: ClusterIP
port: 3000
clusterIP: None
#loadBalancerIP:
#nodePort:
#externalTrafficPolicy:
#externalIPs:
#ipFamilyPolicy:
#ipFamilies:
loadBalancerSourceRanges: []
annotations:
ssh:
type: ClusterIP
port: 22
clusterIP: None
#loadBalancerIP:
#nodePort:
#externalTrafficPolicy:
#externalIPs:
#ipFamilyPolicy:
#ipFamilies:
#hostPort:
loadBalancerSourceRanges: []
annotations:
ingress:
enabled: false
# className: nginx
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: git.example.com
paths:
- path: /
pathType: Prefix
tls: []
# - secretName: chart-example-tls
# hosts:
# - git.example.com
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
# If helm doesn't correctly detect your ingress API version you can set it here.
# apiVersion: networking.k8s.io/v1
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
nodeSelector: {}
tolerations: []
affinity: {}
statefulset:
env: []
# - name: VARIABLE
# value: my-value
terminationGracePeriodSeconds: 60
labels: {}
annotations: {}
persistence:
enabled: true
# existingClaim:
size: 10Gi
accessModes:
- ReadWriteOnce
labels: {}
annotations: {}
# storageClass:
# subPath:
# additional volumes to add to the Gitea statefulset.
extraVolumes:
# - name: postgres-ssl-vol
# secret:
# secretName: gitea-postgres-ssl
# additional volumes to mount, both to the init container and to the main
# container. As an example, can be used to mount a client cert when connecting
# to an external Postgres server.
extraVolumeMounts:
# - name: postgres-ssl-vol
# readOnly: true
# mountPath: "/pg-ssl"
# bash shell script copied verbatim to the start of the init-container.
initPreScript: ""
#
# initPreScript: |
# mkdir -p /data/git/.postgresql
# cp /pg-ssl/* /data/git/.postgresql/
# chown -R git:git /data/git/.postgresql/
# chmod 400 /data/git/.postgresql/postgresql.key
# Configure commit/action signing prerequisites
signing:
enabled: false
gpgHome: /data/git/.gnupg
gitea:
admin:
#existingSecret: gitea-admin-secret
username: gitea_admin
password: r8sA8CPHD9!bt6d
email: "gitea@local.domain"
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
ldap: []
# - name: "LDAP 1"
# existingSecret:
# securityProtocol:
# host:
# port:
# userSearchBase:
# userFilter:
# adminFilter:
# emailAttribute:
# bindDn:
# bindPassword:
# usernameAttribute:
# publicSSHKeyAttribute:
# Either specify inline `key` and `secret` or refer to them via `existingSecret`
oauth: []
# - name: 'OAuth 1'
# provider:
# key:
# secret:
# existingSecret:
# autoDiscoverUrl:
# useCustomUrls:
# customAuthUrl:
# customTokenUrl:
# customProfileUrl:
# customEmailUrl:
config: {}
# APP_NAME: "Gitea: Git with a cup of tea"
# RUN_MODE: dev
#
# server:
# SSH_PORT: 22
#
# security:
# PASSWORD_COMPLEXITY: spec
additionalConfigSources: []
# - secret:
# secretName: gitea-app-ini-oauth
# - configMap:
# name: gitea-app-ini-plaintext
additionalConfigFromEnvs: []
podAnnotations: {}
# Modify the liveness probe for your needs or completely disable it by commenting out.
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 200
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
# Modify the readiness probe for your needs or completely disable it by commenting out.
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
# # Uncomment the startup probe to enable and modify it for your needs.
# startupProbe:
# tcpSocket:
# port: http
# initialDelaySeconds: 60
# timeoutSeconds: 1
# periodSeconds: 10
# successThreshold: 1
# failureThreshold: 10
memcached:
enabled: true
service:
port: 11211
postgresql:
enabled: true
global:
postgresql:
postgresqlDatabase: gitea
postgresqlUsername: gitea
postgresqlPassword: gitea
servicePort: 5432
persistence:
size: 10Gi
mysql:
enabled: false
root:
password: gitea
db:
user: gitea
password: gitea
name: gitea
service:
port: 3306
persistence:
size: 10Gi
mariadb:
enabled: false
auth:
database: gitea
username: gitea
password: gitea
rootPassword: gitea
primary:
service:
port: 3306
persistence:
size: 10Gi
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
# Set it to false to skip this basic validation check.
checkDeprecation: true