From be683d24492d846d41dcc104f52dfdc525d5a964 Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Fri, 12 Jan 2024 15:31:29 -0500 Subject: [PATCH] gitea --- .../helmrepository-gitea.yaml | 8 + .../kustomizations/kustomization-gitea.yaml | 18 + bootstrap/namespaces/namespace-gitea.yaml | 4 + gitea/dns-endpoint.yaml | 12 + gitea/gitea-admin-secret.yaml | 15 + gitea/helmrelease-gitea.yaml | 579 ++++++++++++++++++ 6 files changed, 636 insertions(+) create mode 100644 bootstrap/helmrepositories/helmrepository-gitea.yaml create mode 100644 bootstrap/kustomizations/kustomization-gitea.yaml create mode 100644 bootstrap/namespaces/namespace-gitea.yaml create mode 100644 gitea/dns-endpoint.yaml create mode 100644 gitea/gitea-admin-secret.yaml create mode 100644 gitea/helmrelease-gitea.yaml diff --git a/bootstrap/helmrepositories/helmrepository-gitea.yaml b/bootstrap/helmrepositories/helmrepository-gitea.yaml new file mode 100644 index 0000000..3f7316a --- /dev/null +++ b/bootstrap/helmrepositories/helmrepository-gitea.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: gitea + namespace: flux-system +spec: + interval: 15m + url: https://dl.gitea.io/charts diff --git a/bootstrap/kustomizations/kustomization-gitea.yaml b/bootstrap/kustomizations/kustomization-gitea.yaml new file mode 100644 index 0000000..1f11af4 --- /dev/null +++ b/bootstrap/kustomizations/kustomization-gitea.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: gitea + namespace: flux-system +spec: + interval: 15m + path: ./gitea + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: gitea + namespace: gitea diff --git a/bootstrap/namespaces/namespace-gitea.yaml b/bootstrap/namespaces/namespace-gitea.yaml new file mode 100644 index 0000000..09a988f --- /dev/null +++ b/bootstrap/namespaces/namespace-gitea.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: gitea diff --git a/gitea/dns-endpoint.yaml b/gitea/dns-endpoint.yaml new file mode 100644 index 0000000..7b49d18 --- /dev/null +++ b/gitea/dns-endpoint.yaml @@ -0,0 +1,12 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: git.michaelthomson.dev + namespace: git +spec: + endpoints: + - dnsName: git.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - server.michaelthomson.dev diff --git a/gitea/gitea-admin-secret.yaml b/gitea/gitea-admin-secret.yaml new file mode 100644 index 0000000..a400a4c --- /dev/null +++ b/gitea/gitea-admin-secret.yaml @@ -0,0 +1,15 @@ +kind: SealedSecret +apiVersion: bitnami.com/v1alpha1 +metadata: + name: gitea-admin-secret + namespace: gitea + creationTimestamp: +spec: + template: + metadata: + name: gitea-admin-secret + namespace: gitea + creationTimestamp: + encryptedData: + password: AgAajDLwVR0AFIKlQLIQU12BIKOu4qYIBIdhTJCPYrA5fj4yZZQBnAukYevTJYf76B0dYR6VzTg3uRVqHm1ve3iM73izGKR3Vab6EuWsXpS+JtqBzPuTuZCL0E+8Q+5JPacn/mOEhk97C1oUv4ZJJgPOPE88ySti+tN0T2UqUp2c1Umys4ZEuRQfESAmgwe08HV30XvkB5EZW68mjzwEry/tYKNLFnon2njNvm3/jObaWDjHeKl0pjFRoyKcTqZHgk92y+jU78ubDQlcsQiP8PRlcHKLxjEexguLYJzZGnTUVMCOMn64FN2H4mW2bBi0Apx/FsrNZQeHf1/WcLTci4ccObnhFi6kjrdZFBc/YBcXviyLrDw+CzUz1ZFSIdGxOHhJm09yJ2YmssuhxeLQ/Y8g6UUSSf2cwcAC4e7gl7EIAayod7wFQySTur7MCuKduV/e50l0OOLYHuB7DwEEhG0LONQ54FF3yrqUhOwn6C3qYPSB10ibbVFuiTreROosIpDoaZ/2TLkjcmHRiRRD7XxXusEjjvd6MH0dCrMc4NM9Dflrf3uZNuuY+tvpAr6bOnOFAN+k7+ttuskuwHmFiuy1UGkFwAs1zMcCStAYdv6+qtwi6+xIAih0XOLV43cQ3R+bZiT8yQZb3wj7oBW6rR6xJ9MpI1fexbedtJWJywfOzdCuopFV9JZWVlXurmPFoSVzEZ7CRvVvRlgS2p2PFsIzpytDW2lvlc9DwBtrrGw= + username: AgBtjjUFVdKLXE6/+MxXhBjRkUwqg1wAvw5Sl8W8FYYBLV56PzvSl8OqWPcpNwiquvYHZTdv2/vLyVEkk3YuhxYK5SGaIb8Ap4q8OJcdK5xFKKjLCx8kzkJ5Rwa11VfqWOTqwjgrSRgfjRI3Sc9xyrAMkQUgXbI3qdj5WfP6o6YDy6fK0Qm4bTD6F/+qj3xRkonWGY54268xdlHhzNR72Cqu4Wfl6BbiLafEU4U1mrxsSzJlno5LYyCC/g8WkkIrX3JrIYUt3wuTUheA/mhqCuLPH66iW6+lSyKoH2ruUn6p8i5uRltQNI8rYLxa3zdH7Ju3AXlUSv1FHv4zanCsG1SBaWrNsiKCAvEODB2IKGNENpkBkD7Uw51TvqZFoSZyyMbQIZLeCwcaRGtAPPGz2rKG7LcWIBpjy+J7dekmT0M1ObwbjyacluLmt/zw1FBL3JHPBv5RRBVGOmNFztmBobErRcBaOam9jg3SBAdOJfDuAcWOE68CKAUcRJ6wR+dqoP5zOwYtmFva7YRb35gO5XmwbNuCKlsR7ZOl3323aJ3Ill1A329XcPgsB2YmlXXHN9xAtsodDRKnT+t2pxVk1DtRWh+M8Ixy+QlYzhQBdb878G/ZKb5PI67S1RcGU7DROld/9bQBYfIxa2+F3JC+IjUJFVRrHn87BbE16OCPKgOaq+P3n0R8jwwcDDEwSssjVrC3VvcelBsj3aOUvg== diff --git a/gitea/helmrelease-gitea.yaml b/gitea/helmrelease-gitea.yaml new file mode 100644 index 0000000..0ad2893 --- /dev/null +++ b/gitea/helmrelease-gitea.yaml @@ -0,0 +1,579 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: gitea + namespace: gitea +spec: + chart: + spec: + chart: gitea + version: 10.0.x + sourceRef: + kind: HelmRepository + name: gitea + namespace: flux-system + interval: 15m + timeout: 5m + releaseName: gitea + values: + # Default values for gitea. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. + ## @section Global + # + ## @param global.imageRegistry global image registry override + ## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` + ## @param global.storageClass global storage class override + ## @param global.hostAliases global hostAliases which will be added to the pod's hosts files + global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: longhorn + hostAliases: [] + # - ip: 192.168.137.2 + # hostnames: + # - example.com + + ## @param replicaCount number of replicas for the deployment + replicaCount: 1 + + ## @section strategy + ## @param strategy.type strategy type + ## @param strategy.rollingUpdate.maxSurge maxSurge + ## @param strategy.rollingUpdate.maxUnavailable maxUnavailable + strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: "100%" + maxUnavailable: 0 + + ## @param clusterDomain cluster domain + clusterDomain: michaelthomson.dev + + ## @section Image + ## @param image.registry image registry, e.g. gcr.io,docker.io + ## @param image.repository Image to start for this pod + ## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. + ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` + ## @param image.pullPolicy Image pull policy + ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher + ## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** + image: + registry: "" + repository: gitea/gitea + # Overrides the image tag whose default is the chart appVersion. + tag: "" + digest: "" + pullPolicy: IfNotPresent + rootless: true + fullOverride: "" + + ## @param imagePullSecrets Secret to use for pulling the image + imagePullSecrets: [] + + ## @section Security + # Security context is only usable with rootless image due to image design + ## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. + podSecurityContext: + fsGroup: 1000 + + ## @param containerSecurityContext Security context + containerSecurityContext: {} + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + # # Add the SYS_CHROOT capability for root and rootless images if you intend to + # # run pods on nodes that use the container runtime cri-o. Otherwise, you will + # # get an error message from the SSH server that it is not possible to read from + # # the repository. + # # https://gitea.com/gitea/helm-chart/issues/161 + # add: + # - SYS_CHROOT + # privileged: false + # readOnlyRootFilesystem: true + # runAsGroup: 1000 + # runAsNonRoot: true + # runAsUser: 1000 + + ## @deprecated The securityContext variable has been split two: + ## - containerSecurityContext + ## - podSecurityContext. + ## @param securityContext Run init and Gitea containers as a specific securityContext + securityContext: {} + + ## @param podDisruptionBudget Pod disruption budget + podDisruptionBudget: {} + # maxUnavailable: 1 + # minAvailable: 1 + + ## @section Service + service: + ## @param service.http.type Kubernetes service type for web traffic + ## @param service.http.port Port number for web traffic + ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None + ## @param service.http.loadBalancerIP LoadBalancer IP setting + ## @param service.http.nodePort NodePort for http service + ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.http.externalIPs External IPs for service + ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy + ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer + ## @param service.http.annotations HTTP service annotations + http: + type: ClusterIP + port: 3000 + clusterIP: None + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + loadBalancerSourceRanges: [] + annotations: {} + ## @param service.ssh.type Kubernetes service type for ssh traffic + ## @param service.ssh.port Port number for ssh traffic + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None + ## @param service.ssh.loadBalancerIP LoadBalancer IP setting + ## @param service.ssh.nodePort NodePort for ssh service + ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.ssh.externalIPs External IPs for service + ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy + ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.ssh.hostPort HostPort for ssh service + ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer + ## @param service.ssh.annotations SSH service annotations + ssh: + type: LoadBalancer + port: 22 + clusterIP: None + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + hostPort: + loadBalancerSourceRanges: [] + annotations: + metallb.universe.tf/loadBalancerIPs: 192.168.2.202 + metallb.universe.tf/allow-shared-ip: gitea-ssh + + ## @section Ingress + ## @param ingress.enabled Enable ingress + ## @param ingress.className Ingress class name + ## @param ingress.annotations Ingress annotations + ## @param ingress.hosts[0].host Default Ingress host + ## @param ingress.hosts[0].paths[0].path Default Ingress path + ## @param ingress.hosts[0].paths[0].pathType Ingress path type + ## @param ingress.tls Ingress tls settings + ## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. + ingress: + enabled: true + # className: nginx + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" + hosts: + - host: gitea.michaelthomson.dev + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - gitea.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev + # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar + # If helm doesn't correctly detect your ingress API version you can set it here. + # apiVersion: networking.k8s.io/v1 + + ## @section deployment + # + ## @param resources Kubernetes resources + resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + ## @param schedulerName Use an alternate scheduler, e.g. "stork" + schedulerName: "" + + ## @param nodeSelector NodeSelector for the deployment + nodeSelector: {} + + ## @param tolerations Tolerations for the deployment + tolerations: [] + + ## @param affinity Affinity for the deployment + affinity: {} + + ## @param topologySpreadConstraints TopologySpreadConstraints for the deployment + topologySpreadConstraints: [] + + ## @param dnsConfig dnsConfig for the deployment + dnsConfig: {} + + ## @param priorityClassName priorityClassName for the deployment + priorityClassName: "" + + ## @param deployment.env Additional environment variables to pass to containers + ## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod + ## @param deployment.labels Labels for the deployment + ## @param deployment.annotations Annotations for the Gitea deployment to be created + deployment: + env: + [] + # - name: VARIABLE + # value: my-value + terminationGracePeriodSeconds: 60 + labels: {} + annotations: {} + + ## @section ServiceAccount + + ## @param serviceAccount.create Enable the creation of a ServiceAccount + ## @param serviceAccount.name Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. + ## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount + ## @param serviceAccount.annotations Custom annotations for the ServiceAccount + ## @param serviceAccount.labels Custom labels for the ServiceAccount + serviceAccount: + create: false + name: "" + automountServiceAccountToken: false + imagePullSecrets: [] + # - name: private-registry-access + annotations: {} + labels: {} + + ## @section Persistence + # + ## @param persistence.enabled Enable persistent storage + ## @param persistence.create Whether to create the persistentVolumeClaim for shared storage + ## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created) + ## @param persistence.claimName Use an existing claim to store repository information + ## @param persistence.size Size for persistence to store repo information + ## @param persistence.accessModes AccessMode for persistence + ## @param persistence.labels Labels for the persistence volume claim to be created + ## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim + ## @param persistence.storageClass Name of the storage class to use + ## @param persistence.subPath Subdirectory of the volume to mount at + ## @param persistence.volumeName Name of persistent volume in PVC + persistence: + enabled: true + create: true + mount: true + claimName: gitea-shared-storage + size: 10Gi + accessModes: + - ReadWriteOnce + labels: {} + storageClass: longhorn + subPath: + volumeName: "" + annotations: + helm.sh/resource-policy: keep + + ## @param extraVolumes Additional volumes to mount to the Gitea deployment + extraVolumes: [] + # - name: postgres-ssl-vol + # secret: + # secretName: gitea-postgres-ssl + + ## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. + extraContainerVolumeMounts: [] + + ## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. + extraInitVolumeMounts: [] + + ## @deprecated The extraVolumeMounts variable has been split two: + ## - extraContainerVolumeMounts + ## - extraInitVolumeMounts + ## As an example, can be used to mount a client cert when connecting to an external Postgres server. + ## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container + extraVolumeMounts: [] + # - name: postgres-ssl-vol + # readOnly: true + # mountPath: "/pg-ssl" + + ## @section Init + ## @param initPreScript Bash shell script copied verbatim to the start of the init-container. + initPreScript: "" + # + # initPreScript: | + # mkdir -p /data/git/.postgresql + # cp /pg-ssl/* /data/git/.postgresql/ + # chown -R git:git /data/git/.postgresql/ + # chmod 400 /data/git/.postgresql/postgresql.key + + ## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers + ## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers + ## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers + initContainers: + resources: + limits: {} + requests: + cpu: 100m + memory: 128Mi + + # Configure commit/action signing prerequisites + ## @section Signing + # + ## @param signing.enabled Enable commit/action signing + ## @param signing.gpgHome GPG home directory + ## @param signing.privateKey Inline private gpg key for signed Gitea actions + ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` + signing: + enabled: false + gpgHome: /data/git/.gnupg + privateKey: "" + # privateKey: |- + # -----BEGIN PGP PRIVATE KEY BLOCK----- + # ... + # -----END PGP PRIVATE KEY BLOCK----- + existingSecret: "" + + ## @section Gitea + # + gitea: + ## @param gitea.admin.username Username for the Gitea admin user + ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials + ## @param gitea.admin.password Password for the Gitea admin user + ## @param gitea.admin.email Email for the Gitea admin user + admin: + existingSecret: gitea-admin-secret + email: "gitea@michaelthomson.dev" + + ## @param gitea.metrics.enabled Enable Gitea metrics + ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor + metrics: + enabled: false + serviceMonitor: + enabled: false + # additionalLabels: + # prometheus-release: prom1 + + ## @param gitea.ldap LDAP configuration + ldap: + [] + # - name: "LDAP 1" + # existingSecret: + # securityProtocol: + # host: + # port: + # userSearchBase: + # userFilter: + # adminFilter: + # emailAttribute: + # bindDn: + # bindPassword: + # usernameAttribute: + # publicSSHKeyAttribute: + + # Either specify inline `key` and `secret` or refer to them via `existingSecret` + ## @param gitea.oauth OAuth configuration + oauth: + [] + # - name: 'OAuth 1' + # provider: + # key: + # secret: + # existingSecret: + # autoDiscoverUrl: + # useCustomUrls: + # customAuthUrl: + # customTokenUrl: + # customProfileUrl: + # customEmailUrl: + + ## @param gitea.config.server.SSH_PORT SSH port for rootlful Gitea image + ## @param gitea.config.server.SSH_LISTEN_PORT SSH port for rootless Gitea image + config: + # APP_NAME: "Gitea: Git with a cup of tea" + # RUN_MODE: dev + server: + SSH_PORT: 22 # rootful image + SSH_LISTEN_PORT: 2222 # rootless image + # + # security: + # PASSWORD_COMPLEXITY: spec + + ## @param gitea.additionalConfigSources Additional configuration from secret or configmap + additionalConfigSources: [] + # - secret: + # secretName: gitea-app-ini-oauth + # - configMap: + # name: gitea-app-ini-plaintext + + ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables + additionalConfigFromEnvs: [] + + ## @param gitea.podAnnotations Annotations for the Gitea pod + podAnnotations: {} + + ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image. + ssh: + logLevel: "INFO" + + ## @section LivenessProbe + # + ## @param gitea.livenessProbe.enabled Enable liveness probe + ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness + ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated + ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe + ## @param gitea.livenessProbe.periodSeconds Period for liveness probe + ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe + ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe + # Modify the liveness probe for your needs or completely disable it by commenting out. + livenessProbe: + enabled: true + tcpSocket: + port: http + initialDelaySeconds: 200 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + + ## @section ReadinessProbe + # + ## @param gitea.readinessProbe.enabled Enable readiness probe + ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness + ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated + ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe + ## @param gitea.readinessProbe.periodSeconds Period for readiness probe + ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe + ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe + # Modify the readiness probe for your needs or completely disable it by commenting out. + readinessProbe: + enabled: true + tcpSocket: + port: http + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + + # # Uncomment the startup probe to enable and modify it for your needs. + ## @section StartupProbe + # + ## @param gitea.startupProbe.enabled Enable startup probe + ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup + ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated + ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe + ## @param gitea.startupProbe.periodSeconds Period for startup probe + ## @param gitea.startupProbe.successThreshold Success threshold for startup probe + ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe + startupProbe: + enabled: false + tcpSocket: + port: http + initialDelaySeconds: 60 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + + ## @section redis-cluster + ## @param redis-cluster.enabled Enable redis + ## @param redis-cluster.usePassword Whether to use password authentication + ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes + ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas + redis-cluster: + enabled: true + usePassword: false + cluster: + nodes: 3 # default: 6 + replicas: 0 # default: 1 + + ## @section postgresql-ha + # + ## @param postgresql-ha.enabled Enable postgresql-ha + ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) + ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) + ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) + ## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`) + ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password + ## @param postgresql-ha.postgresql.postgresPassword postgres Password + ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword + ## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`) + ## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume + postgresql-ha: + global: + postgresql: + database: gitea + password: gitea + username: gitea + enabled: true + postgresql: + repmgrPassword: xWrzijhkYXUcbaBomNqhL99oFaTqyH + postgresPassword: uvm8tLHENQoqKniuvuYuGV6azAkRuA + password: Tnrk69XHEN9CAGLmp6sNrBTY9WcaRF + pgpool: + adminPassword: RAyVm6JAoojRFjnsgMeFPDicdLkBmg + service: + ports: + postgresql: 5432 + primary: + persistence: + size: 10Gi + + ## @section PostgreSQL + # + ## @param postgresql.enabled Enable PostgreSQL + ## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`) + ## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) + ## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) + ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) + ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume + postgresql: + enabled: false + global: + postgresql: + auth: + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql: 5432 + primary: + persistence: + size: 10Gi + + # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. + # Set it to false to skip this basic validation check. + ## @section Advanced + ## @param checkDeprecation Set it to false to skip this basic validation check. + ## @param test.enabled Set it to false to disable test-connection Pod. + ## @param test.image.name Image name for the wget container used in the test-connection Pod. + ## @param test.image.tag Image tag for the wget container used in the test-connection Pod. + checkDeprecation: true + test: + enabled: true + image: + name: busybox + tag: latest + + ## @param extraDeploy Array of extra objects to deploy with the release + ## + extraDeploy: []