installers/gitea/values-standalone.yaml

#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################

# Default values for gitea.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## @section Global
#
## @param global.imageRegistry global image registry override
## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
## @param global.storageClass global storage class override
## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
global:
  imageRegistry: ""
  ## E.g.
  ## imagePullSecrets:
  ##   - myRegistryKeySecretName
  ##
  imagePullSecrets: []
  storageClass: ""
  hostAliases: []
  # - ip: 192.168.137.2
  #   hostnames:
  #   - example.com

## @param replicaCount number of replicas for the statefulset
replicaCount: 1

## @param clusterDomain cluster domain
clusterDomain: cluster.local

## @section Image
## @param image.registry image registry, e.g. gcr.io,docker.io
## @param image.repository Image to start for this pod
## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
## @param image.pullPolicy Image pull policy
## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
image:
  registry: ""
  repository: gitea/gitea
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""
  pullPolicy: Always
  rootless: false # only possible when running 1.14 or later

## @param imagePullSecrets Secret to use for pulling the image
imagePullSecrets: []

## @section Security
# Security context is only usable with rootless image due to image design
## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
podSecurityContext:
  fsGroup: 1000

## @param containerSecurityContext Security context
containerSecurityContext: {}
#   allowPrivilegeEscalation: false
#   capabilities:
#     drop:
#       - ALL
#   # Add the SYS_CHROOT capability for root and rootless images if you intend to
#   # run pods on nodes that use the container runtime cri-o. Otherwise, you will
#   # get an error message from the SSH server that it is not possible to read from
#   # the repository.
#   # https://gitea.com/gitea/helm-chart/issues/161
#     add:
#       - SYS_CHROOT
#   privileged: false
#   readOnlyRootFilesystem: true
#   runAsGroup: 1000
#   runAsNonRoot: true
#   runAsUser: 1000

## @deprecated The securityContext variable has been split two:
## - containerSecurityContext
## - podSecurityContext.
## @param securityContext Run init and Gitea containers as a specific securityContext
securityContext: {}

## @section Service
service:
  ## @param service.http.type Kubernetes service type for web traffic
  ## @param service.http.port Port number for web traffic
  ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
  ## @param service.http.loadBalancerIP LoadBalancer IP setting
  ## @param service.http.nodePort NodePort for http service
  ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
  ## @param service.http.externalIPs External IPs for service
  ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
  ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
  ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
  ## @param service.http.annotations HTTP service annotations
  http:
    type: LoadBalancer
    # port: 3000
    port: 8080
    clusterIP: None
    loadBalancerIP:
    nodePort:
    externalTrafficPolicy:
    externalIPs:
    ipFamilyPolicy:
    ipFamilies:
    loadBalancerSourceRanges: []
    annotations: {}
  ## @param service.ssh.type Kubernetes service type for ssh traffic
  ## @param service.ssh.port Port number for ssh traffic
  ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
  ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
  ## @param service.ssh.nodePort NodePort for ssh service
  ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
  ## @param service.ssh.externalIPs External IPs for service
  ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
  ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
  ## @param service.ssh.hostPort HostPort for ssh service
  ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
  ## @param service.ssh.annotations SSH service annotations
  ssh:
    type: LoadBalancer
    port: 22
    clusterIP: None
    loadBalancerIP:
    nodePort:
    externalTrafficPolicy:
    externalIPs:
    ipFamilyPolicy:
    ipFamilies:
    hostPort:
    loadBalancerSourceRanges: []
    annotations: {}


## @section Ingress
## @param ingress.enabled Enable ingress
## @param ingress.className Ingress class name
## @param ingress.annotations Ingress annotations
## @param ingress.hosts[0].host Default Ingress host
## @param ingress.hosts[0].paths[0].path Default Ingress path
## @param ingress.hosts[0].paths[0].pathType Ingress path type
## @param ingress.tls Ingress tls settings
## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
ingress:
  enabled: false
  # className: nginx
  className:
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: git.example.com
      paths:
        - path: /
          pathType: Prefix
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - git.example.com
  # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
  # If helm doesn't correctly detect your ingress API version you can set it here.
  # apiVersion: networking.k8s.io/v1

## @section StatefulSet
#
## @param resources Kubernetes resources
resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
## @param schedulerName Use an alternate scheduler, e.g. "stork"
schedulerName: ""

## @param nodeSelector NodeSelector for the statefulset
nodeSelector: {}

## @param tolerations Tolerations for the statefulset
tolerations: []

## @param affinity Affinity for the statefulset
affinity: {}

## @param dnsConfig dnsConfig for the statefulset
dnsConfig: {}

## @param statefulset.env  Additional environment variables to pass to containers
## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
## @param statefulset.labels Labels for the statefulset
## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
statefulset:
  env: []
    # - name: VARIABLE
    #   value: my-value
  terminationGracePeriodSeconds: 60
  labels: {}
  annotations: {}

## @section Persistence
#
## @param persistence.enabled Enable persistent storage
## @param persistence.existingClaim Use an existing claim to store repository information
## @param persistence.size Size for persistence to store repo information
## @param persistence.accessModes AccessMode for persistence
## @param persistence.labels Labels for the persistence volume claim to be created
## @param persistence.annotations Annotations for the persistence volume claim to be created
## @param persistence.storageClass Name of the storage class to use
## @param persistence.subPath Subdirectory of the volume to mount at
persistence:
  enabled: true
  existingClaim:
  size: 10Gi
  accessModes:
    - ReadWriteOnce
  labels: {}
  annotations: {}
  storageClass:
  subPath:

## @param extraVolumes Additional volumes to mount to the Gitea statefulset
extraVolumes: []
# - name: postgres-ssl-vol
#   secret:
#     secretName: gitea-postgres-ssl

## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
extraContainerVolumeMounts: []

## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
extraInitVolumeMounts: []

## @deprecated The extraVolumeMounts variable has been split two:
## - extraContainerVolumeMounts
## - extraInitVolumeMounts
## As an example, can be used to mount a client cert when connecting to an external Postgres server.
## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
extraVolumeMounts: []
# - name: postgres-ssl-vol
#   readOnly: true
#   mountPath: "/pg-ssl"

## @section Init
## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
initPreScript: ""
#
# initPreScript: |
#   mkdir -p /data/git/.postgresql
#   cp /pg-ssl/* /data/git/.postgresql/
#   chown -R git:git /data/git/.postgresql/
#   chmod 400 /data/git/.postgresql/postgresql.key

# Configure commit/action signing prerequisites
## @section Signing
#
## @param signing.enabled Enable commit/action signing
## @param signing.gpgHome GPG home directory
## @param signing.privateKey Inline private gpg key for signed Gitea actions
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
signing:
  enabled: false
  gpgHome: /data/git/.gnupg
  privateKey: ""
  # privateKey: |-
  #   -----BEGIN PGP PRIVATE KEY BLOCK-----
  #   ...
  #   -----END PGP PRIVATE KEY BLOCK-----
  existingSecret: ""

## @section Gitea
#
gitea:
  ## @param gitea.admin.username Username for the Gitea admin user
  ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
  ## @param gitea.admin.password Password for the Gitea admin user
  ## @param gitea.admin.email Email for the Gitea admin user
  admin:
    #existingSecret: gitea-admin-secret
    existingSecret:
    username: gitea_admin
    password: r8sA8CPHD9!bt6d
    email: "gitea@local.domain"

  ## @param gitea.metrics.enabled Enable Gitea metrics
  ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
  metrics:
    enabled: false
    serviceMonitor:
      enabled: false
      #  additionalLabels:
      #    prometheus-release: prom1

  ## @param gitea.ldap LDAP configuration
  ldap: []
    # - name: "LDAP 1"
    #  existingSecret:
    #  securityProtocol:
    #  host:
    #  port:
    #  userSearchBase:
    #  userFilter:
    #  adminFilter:
    #  emailAttribute:
    #  bindDn:
    #  bindPassword:
    #  usernameAttribute:
    #  publicSSHKeyAttribute:

  # Either specify inline `key` and `secret` or refer to them via `existingSecret`
  ## @param gitea.oauth OAuth configuration
  oauth: []
    # - name: 'OAuth 1'
    #   provider:
    #   key:
    #   secret:
    #   existingSecret:
    #   autoDiscoverUrl:
    #   useCustomUrls:
    #   customAuthUrl:
    #   customTokenUrl:
    #   customProfileUrl:
    #   customEmailUrl:

  ## @param gitea.config  Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
  config:
  #  APP_NAME: "Gitea: Git with a cup of tea"

  #  RUN_MODE: dev
  #
    server:
      DOMAIN: git.myexample.com
      ROOT_URL: http://git.myexample.com
    #  SSH_PORT: 22
  #
  #  security:
  #    PASSWORD_COMPLEXITY: spec

  ## @param gitea.additionalConfigSources Additional configuration from secret or configmap
  additionalConfigSources: []
  #   - secret:
  #       secretName: gitea-app-ini-oauth
  #   - configMap:
  #       name: gitea-app-ini-plaintext

  ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
  additionalConfigFromEnvs: []

  ## @param gitea.podAnnotations Annotations for the Gitea pod
  podAnnotations: {}

  ## @section LivenessProbe
  #
  ## @param gitea.livenessProbe.enabled Enable liveness probe
  ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
  ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
  ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
  ## @param gitea.livenessProbe.periodSeconds Period for liveness probe
  ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
  ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
  # Modify the liveness probe for your needs or completely disable it by commenting out.
  livenessProbe:
    enabled: true
    tcpSocket:
      port: http
    initialDelaySeconds: 200
    timeoutSeconds: 1
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 10

  ## @section ReadinessProbe
  #
  ## @param gitea.readinessProbe.enabled Enable readiness probe
  ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
  ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
  ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
  ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
  ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
  ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
  # Modify the readiness probe for your needs or completely disable it by commenting out.
  readinessProbe:
    enabled: true
    tcpSocket:
      port: http
    initialDelaySeconds: 5
    timeoutSeconds: 1
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 3

  # # Uncomment the startup probe to enable and modify it for your needs.
  ## @section StartupProbe
  #
  ## @param gitea.startupProbe.enabled Enable startup probe
  ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
  ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
  ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
  ## @param gitea.startupProbe.periodSeconds Period for startup probe
  ## @param gitea.startupProbe.successThreshold Success threshold for startup probe
  ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
  startupProbe:
    enabled: false
    tcpSocket:
      port: http
    initialDelaySeconds: 60
    timeoutSeconds: 1
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 10

## @section Memcached
#
## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
## @param memcached.service.port Port for Memcached
memcached:
  enabled: true
  service:
    port: 11211

## @section PostgreSQL
#
## @param postgresql.enabled Enable PostgreSQL
## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase)
## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername)
## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword)
## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port)
## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume
postgresql:
  enabled: true
  global:
    postgresql:
      postgresqlDatabase: gitea
      postgresqlUsername: gitea
      postgresqlPassword: gitea
      servicePort: 5432
  persistence:
    size: 10Gi

## @section MySQL
#
## @param mysql.enabled Enable MySQL
## @param mysql.root.password Password for the root user. Ignored if existing secret is provided
## @param mysql.db.user Username of new user to create.
## @param mysql.db.password Password for the new user.Ignored if existing secret is provided
## @param mysql.db.name Name for new database to create.
## @param mysql.service.port Port to connect to MySQL service
## @param mysql.persistence.size PVC Storage Request for MySQL volume
mysql:
  enabled: false
  root:
    password: gitea
  db:
    user: gitea
    password: gitea
    name: gitea
  service:
    port: 3306
  persistence:
    size: 10Gi

## @section MariaDB
#
## @param mariadb.enabled Enable MariaDB
## @param mariadb.auth.database Name of the database to create.
## @param mariadb.auth.username Username of the new user to create.
## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided
## @param mariadb.auth.rootPassword Password for the root user.
## @param mariadb.primary.service.port Port to connect to MariaDB service
## @param mariadb.primary.persistence.size Persistence size for MariaDB
mariadb:
  enabled: false
  auth:
    database: gitea
    username: gitea
    password: gitea
    rootPassword: gitea
  primary:
    service:
      port: 3306
    persistence:
      size: 10Gi

# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
# Set it to false to skip this basic validation check.
## @section Advanced
## @param checkDeprecation Set it to false to skip this basic validation check.
checkDeprecation: true