From 200c9eb70d20b112d8a04ea67d0887ab58187fac Mon Sep 17 00:00:00 2001 From: David Kirwan Date: Thu, 13 Feb 2025 10:43:08 +0000 Subject: [PATCH] forgejo: change to point at the fedora forked forgejo helm chart Add values template that is passed to helm at deploy Signed-off-by: David Kirwan --- .../forgejo/tasks/call-helm.yml | 8 +- .../forgejo/templates/values.yaml.j2 | 816 ++++++++++++++++++ 2 files changed, 820 insertions(+), 4 deletions(-) create mode 100644 roles/openshift-apps/forgejo/templates/values.yaml.j2 diff --git a/roles/openshift-apps/forgejo/tasks/call-helm.yml b/roles/openshift-apps/forgejo/tasks/call-helm.yml index ddffe80ce2..058005e5fa 100644 --- a/roles/openshift-apps/forgejo/tasks/call-helm.yml +++ b/roles/openshift-apps/forgejo/tasks/call-helm.yml @@ -2,11 +2,11 @@ # From git - name: Git clone stable repo on HEAD ansible.builtin.git: - repo: "http://github.com/helm/charts.git" - dest: /tmp/helm_repo + repo: "https://codeberg.org/fedora/forgejo-helm.git" + dest: /tmp/forgejo-helm_repo - name: Deploy Grafana chart from local path kubernetes.core.helm: name: test - chart_ref: /tmp/helm_repo/stable/grafana - release_namespace: test-helm + chart_ref: /tmp/forgejo-helm_repo/ + release_namespace: forgejo diff --git a/roles/openshift-apps/forgejo/templates/values.yaml.j2 b/roles/openshift-apps/forgejo/templates/values.yaml.j2 new file mode 100644 index 0000000000..9ba6725d18 --- /dev/null +++ b/roles/openshift-apps/forgejo/templates/values.yaml.j2 @@ -0,0 +1,816 @@ +# Default values for gitea. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +## @section Global +# +## @param global.imageRegistry global image registry override +## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` +## @param global.storageClass global storage class override +## @param global.hostAliases global hostAliases which will be added to the pod's hosts files +global: + imageRegistry: '' + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: '' + hostAliases: [] + # - ip: 192.168.137.2 + # hostnames: + # - example.com + +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: '' + +## @param replicaCount number of replicas for the deployment +replicaCount: 1 + +## @section strategy +## @param strategy.type strategy type +## @param strategy.rollingUpdate.maxSurge maxSurge +## @param strategy.rollingUpdate.maxUnavailable maxUnavailable +strategy: + type: 'RollingUpdate' + rollingUpdate: + maxSurge: '100%' + maxUnavailable: 0 + +## @param clusterDomain cluster domain +clusterDomain: cluster.local + +## @section Image +## @param image.registry image registry, e.g. gcr.io,docker.io +## @param image.repository Image to start for this pod +## @param image.tag Visit: [Image tag](https://code.forgejo.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml. +## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` +## @param image.pullPolicy Image pull policy +## @param image.rootless Wether or not to pull the rootless version of Forgejo +## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** +image: + registry: code.forgejo.org + repository: forgejo/forgejo + # Overrides the image tag whose default is the chart appVersion. + tag: '' + digest: '' + pullPolicy: IfNotPresent + rootless: true + fullOverride: '' + +## @param imagePullSecrets Secret to use for pulling the image +imagePullSecrets: [] + +## @section Security +# Security context is only usable with rootless image due to image design +## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. +podSecurityContext: + fsGroup: 1000 + +## @param containerSecurityContext Security context +containerSecurityContext: {} +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - ALL +# # Add the SYS_CHROOT capability for root and rootless images if you intend to +# # run pods on nodes that use the container runtime cri-o. Otherwise, you will +# # get an error message from the SSH server that it is not possible to read from +# # the repository. +# # https://gitea.com/gitea/helm-chart/issues/161 +# add: +# - SYS_CHROOT +# privileged: false +# readOnlyRootFilesystem: true +# runAsGroup: 1000 +# runAsNonRoot: true +# runAsUser: 1000 + +## @deprecated The securityContext variable has been split two: +## - containerSecurityContext +## - podSecurityContext. +## @param securityContext Run init and Forgejo containers as a specific securityContext +securityContext: {} + +## @param podDisruptionBudget Pod disruption budget +podDisruptionBudget: {} +# maxUnavailable: 1 +# minAvailable: 1 + +## @section Service +service: + ## @param service.http.type Kubernetes service type for web traffic + ## @param service.http.port Port number for web traffic + ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment + ## @param service.http.loadBalancerIP LoadBalancer IP setting + ## @param service.http.nodePort NodePort for http service + ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.http.externalIPs External IPs for service + ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy + ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer + ## @param service.http.annotations HTTP service annotations + ## @param service.http.labels HTTP service additional labels + ## @param service.http.loadBalancerClass Loadbalancer class + http: + type: ClusterIP + port: 3000 + clusterIP: + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + loadBalancerSourceRanges: [] + annotations: {} + labels: {} + loadBalancerClass: + ## @param service.ssh.type Kubernetes service type for ssh traffic + ## @param service.ssh.port Port number for ssh traffic + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment + ## @param service.ssh.loadBalancerIP LoadBalancer IP setting + ## @param service.ssh.nodePort NodePort for ssh service + ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.ssh.externalIPs External IPs for service + ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy + ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.ssh.hostPort HostPort for ssh service + ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer + ## @param service.ssh.annotations SSH service annotations + ## @param service.ssh.labels SSH service additional labels + ## @param service.ssh.loadBalancerClass Loadbalancer class + ssh: + type: ClusterIP + port: 22 + clusterIP: + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + hostPort: + loadBalancerSourceRanges: [] + annotations: {} + labels: {} + loadBalancerClass: + +## @section Ingress +## @param ingress.enabled Enable ingress +## @param ingress.className Ingress class name +## @param ingress.annotations Ingress annotations +## @param ingress.hosts[0].host Default Ingress host +## @param ingress.hosts[0].paths[0].path Default Ingress path +## @param ingress.hosts[0].paths[0].pathType Ingress path type +## @param ingress.tls Ingress tls settings +ingress: + enabled: false + # className: nginx + className: + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: git.example.com + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - git.example.com + +## @section Route +## @param route.enabled Enable route +## @param route.annotations Route annotations +## @param route.host Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined) +## @param route.wildcardPolicy Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed. +## @param route.tls.termination termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls)) +## @param route.tls.insecureEdgeTerminationPolicy the desired behavior for insecure connections to a route (e.g. with http) +## @param route.tls.existingSecret the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored) +## @param route.tls.certificate PEM encoded single certificate +## @param route.tls.privateKey PEM encoded private key +## @param route.tls.caCertificate PEM encoded CA certificate or chain that issued the certificate +## @param route.tls.destinationCACertificate PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise) +route: + enabled: false + annotations: {} + host: + wildcardPolicy: + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + existingSecret: + certificate: + # certificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + privateKey: + # privateKey: |- + # -----BEGIN PRIVATE KEY----- + # ... + # -----END PRIVATE KEY----- + caCertificate: + # caCertificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + destinationCACertificate: + # destinationCACertificate: |- + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + +## @section deployment +# +## @param resources Kubernetes resources +resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +## @param schedulerName Use an alternate scheduler, e.g. "stork" +schedulerName: '' + +## @param nodeSelector NodeSelector for the deployment +nodeSelector: {} + +## @param tolerations Tolerations for the deployment +tolerations: [] + +## @param affinity Affinity for the deployment +affinity: {} + +## @param topologySpreadConstraints TopologySpreadConstraints for the deployment +topologySpreadConstraints: [] + +## @param dnsConfig dnsConfig for the deployment +dnsConfig: {} + +## @param priorityClassName priorityClassName for the deployment +priorityClassName: '' + +## @param deployment.env Additional environment variables to pass to containers +## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod +## @param deployment.labels Labels for the deployment +## @param deployment.annotations Annotations for the Forgejo deployment to be created +deployment: + env: + [] + # - name: VARIABLE + # value: my-value + terminationGracePeriodSeconds: 60 + labels: {} + annotations: {} + +## @section ServiceAccount + +## @param serviceAccount.create Enable the creation of a ServiceAccount +## @param serviceAccount.name Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. +## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token +## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount +## @param serviceAccount.annotations Custom annotations for the ServiceAccount +## @param serviceAccount.labels Custom labels for the ServiceAccount +serviceAccount: + create: true + name: 'forgejo-http' + automountServiceAccountToken: false + imagePullSecrets: [] + # - name: private-registry-access + annotations: {} + labels: {} + +## @section Persistence +# +## @param persistence.enabled Enable persistent storage +## @param persistence.create Whether to create the persistentVolumeClaim for shared storage +## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created) +## @param persistence.claimName Use an existing claim to store repository information +## @param persistence.size Size for persistence to store repo information +## @param persistence.accessModes AccessMode for persistence +## @param persistence.labels Labels for the persistence volume claim to be created +## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim +## @param persistence.storageClass Name of the storage class to use +## @param persistence.subPath Subdirectory of the volume to mount at +## @param persistence.volumeName Name of persistent volume in PVC +persistence: + enabled: true + create: true + mount: true + claimName: gitea-shared-storage + size: 10Gi + accessModes: + - ReadWriteOnce + labels: {} + storageClass: + subPath: + volumeName: '' + annotations: + helm.sh/resource-policy: keep + +## @param extraVolumes Additional volumes to mount to the Forgejo deployment +extraVolumes: [] +# - name: postgres-ssl-vol +# secret: +# secretName: gitea-postgres-ssl + +## @param extraContainerVolumeMounts Mounts that are only mapped into the Forgejo runtime/main container, to e.g. override custom templates. +extraContainerVolumeMounts: [] + +## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. +extraInitVolumeMounts: [] + +## @deprecated The extraVolumeMounts variable has been split two: +## - extraContainerVolumeMounts +## - extraInitVolumeMounts +## As an example, can be used to mount a client cert when connecting to an external Postgres server. +## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Forgejo main container +extraVolumeMounts: [] +# - name: postgres-ssl-vol +# readOnly: true +# mountPath: "/pg-ssl" + +## @section Init +## @param initPreScript Bash shell script copied verbatim to the start of the init-container. +initPreScript: '' +# +# initPreScript: | +# mkdir -p /data/git/.postgresql +# cp /pg-ssl/* /data/git/.postgresql/ +# chown -R git:git /data/git/.postgresql/ +# chmod 400 /data/git/.postgresql/postgresql.key + +## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers +## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers +## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers +initContainers: + resources: + limits: {} + requests: + cpu: 100m + memory: 128Mi + +# Configure commit/action signing prerequisites +## @section Signing +# +## @param signing.enabled Enable commit/action signing +## @param signing.gpgHome GPG home directory +## @param signing.privateKey Inline private GPG key for signed internal Git activity +## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` +signing: + enabled: false + gpgHome: /data/git/.gnupg + privateKey: '' + # privateKey: |- + # -----BEGIN PGP PRIVATE KEY BLOCK----- + # ... + # -----END PGP PRIVATE KEY BLOCK----- + existingSecret: '' + +## @section Gitea +# +gitea: + ## @param gitea.admin.username Username for the Forgejo admin user + ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials + ## @param gitea.admin.password Password for the Forgejo admin user + ## @param gitea.admin.email Email for the Forgejo admin user + ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated + admin: + # existingSecret: gitea-admin-secret + existingSecret: + username: "{{ (env == 'production') | ternary(forgejo_admin_username, forgejo_stg_admin_username) }}" + password: "{{ (env == 'production') | ternary(forgejo_admin_password, forgejo_stg_admin_password) }}" + email: 'gitea@local.domain' + passwordMode: keepUpdated + + ## @param gitea.metrics.enabled Enable Forgejo metrics + ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor + ## @param gitea.metrics.serviceMonitor.namespace Namespace in which Prometheus is running + metrics: + enabled: false + serviceMonitor: + enabled: false + namespace: '' + # additionalLabels: + # prometheus-release: prom1 + + ## @param gitea.ldap LDAP configuration + ldap: + [] + # - name: "LDAP 1" + # existingSecret: + # securityProtocol: + # host: + # port: + # userSearchBase: + # userFilter: + # adminFilter: + # emailAttribute: + # bindDn: + # bindPassword: + # usernameAttribute: + # publicSSHKeyAttribute: + + # Either specify inline `key` and `secret` or refer to them via `existingSecret` + ## @param gitea.oauth OAuth configuration + oauth: + - name: "FAS" + provider: "openidConnect" + key: "{{ (env == 'production') | ternary(forgejo_oidc_key, forgejo_stg_oidc_key) }}" + secret: "{{ (env == 'production') | ternary(forgejo_oidc_secret, forgejo_stg_oidc_secret) }}" + autoDiscoverUrl: "{{ (env == 'production') | ternary(forgejo_oidc_autodiscoverurl, forgejo_stg_oidc_autodiscoverurl) }}" + requiredClaimName: "groups" + requiredClaimValue: "sysadmin-main" + + # - name: 'OAuth 1' + # provider: + # key: + # secret: + # existingSecret: + # autoDiscoverUrl: + # useCustomUrls: + # customAuthUrl: + # customTokenUrl: + # customProfileUrl: + # customEmailUrl: + + ## @param gitea.additionalConfigSources Additional configuration from secret or configmap + additionalConfigSources: [] + # - secret: + # secretName: gitea-app-ini-oauth + # - configMap: + # name: gitea-app-ini-plaintext + + ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables + additionalConfigFromEnvs: [] + + ## @param gitea.podAnnotations Annotations for the Forgejo pod + podAnnotations: {} + + ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Forgejo image. + ssh: + logLevel: 'INFO' + + ## @section `app.ini` overrides + ## @descriptionStart + ## Every value described in the [Cheat + ## Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be + ## set as a Helm value. Configuration sections map to (lowercased) YAML + ## blocks, while the keys themselves remain in all caps. + ## @descriptionEnd + config: + # values in the DEFAULT section + # (https://forgejo.org/docs/latest/admin/config-cheat-sheet/#overall-default) + # are un-namespaced + + ## @param gitea.config.APP_NAME Application name, used in the page title + APP_NAME: 'Forgejo: Beyond coding. We forge.' + + ## @param gitea.config.RUN_MODE Application run mode, affects performance and debugging: `dev` or `prod` + RUN_MODE: prod + + ## @param gitea.config.repository General repository settings + repository: {} + + ## @param gitea.config.cors Cross-origin resource sharing settings + cors: {} + + ## @param gitea.config.ui User interface settings + ui: {} + + ## @param gitea.config.markdown Markdown parser settings + markdown: {} + + ## @param gitea.config.server [object] General server settings + server: + SSH_PORT: 22 # rootful image + SSH_LISTEN_PORT: 2222 # rootless image + HTTP_PORT: 3000 + PROTOCOL: "http" + LFS_JWT_SECRET: "{{ (env == 'production') | ternary(forgejo_jwt_secret, forgejo_stg_jwt_secret) }}" + SSH_DOMAIN: "{{ (env == 'production') | ternary(forgejo_hostname, forgejo_stg_hostname) }}" + DOMAIN: "{{ (env == 'production') | ternary(forgejo_hostname, forgejo_stg_hostname) }}" + ROOT_URL: "https://{{ (env == 'production') | ternary(forgejo_hostname, forgejo_stg_hostname) }}/" + APP_DATA_PATH: "/data" + ENABLE_PPROF: false + START_SSH_SERVER: true + OFFLINE_MODE: false + + ## @param gitea.config.database Database configuration (only necessary with an [externally managed DB](https://code.forgejo.org/forgejo-helm/forgejo-helm#external-database)). + database: {} + + ## @param gitea.config.indexer Settings for what content is indexed and how + indexer: {} + + ## @param gitea.config.queue Job queue configuration + queue: {} + + ## @param gitea.config.admin Admin user settings + admin: {} + + ## @param gitea.config.security Site security settings + security: {} + + ## @param gitea.config.camo Settings for the [camo](https://github.com/cactus/go-camo) media proxy server (disabled by default) + camo: {} + + ## @param gitea.config.openid Configuration for authentication with OpenID (disabled by default) + openid: {} + + ## @param gitea.config.oauth2_client OAuth2 client settings + oauth2_client: + OPENID_SIGNUP: true + ENABLE_AUTO_REGISTRATION: true + USERNAME: "nickname" + OPENID_CONNECT_SCOPES: "openid profile email https://id.fedoraproject.org/scope/agreements https://id.fedoraproject.org/scope/groups" # These scopes are apparently the same on staging and prod. + + + ## @param gitea.config.service Configuration for miscellaneous Forgejo services + service: + DISABLE_REGISTRATION: true + + ## @param gitea.config.ssh.minimum_key_sizes SSH minimum key sizes + ssh.minimum_key_sizes: {} + + ## @param gitea.config.webhook Webhook settings + webhook: {} + + ## @param gitea.config.mailer Mailer configuration (disabled by default) + mailer: {} + + ## @param gitea.config.email.incoming Configuration for handling incoming mail (disabled by default) + email.incoming: {} + + ## @param gitea.config.cache Cache configuration + cache: {} + + ## @param gitea.config.session Session/cookie handling + session: {} + + ## @param gitea.config.picture User avatar settings + picture: + GRAVATAR_SOURCE: libravatar + + ## @param gitea.config.project Project board defaults + project: {} + + ## @param gitea.config.attachment Issue and PR attachment configuration + attachment: {} + + ## @param gitea.config.log Logging configuration + log: {} + + ## @param gitea.config.cron Cron job configuration + cron: {} + + ## @param gitea.config.git Global settings for Git + git: {} + + ## @param gitea.config.metrics Settings for the Prometheus endpoint (disabled by default) + metrics: {} + + ## @param gitea.config.api Settings for the Swagger API documentation endpoints + api: {} + + ## @param gitea.config.oauth2 Settings for the [OAuth2 provider](https://forgejo.org/docs/latest/admin/oauth2-provider/) + oauth2: {} + + ## @param gitea.config.i18n Internationalization settings + i18n: {} + + ## @param gitea.config.markup Configuration for advanced markup processors + markup: {} + + ## @param gitea.config.highlight.mapping File extension to language mapping overrides for syntax highlighting + highlight.mapping: {} + + ## @param gitea.config.time Locale settings + time: {} + + ## @param gitea.config.migrations Settings for Git repository migrations + migrations: {} + + ## @param gitea.config.federation Federation configuration + federation: {} + + ## @param gitea.config.packages Package registry settings + packages: {} + + ## @param gitea.config.mirror Configuration for repository mirroring + mirror: {} + + ## @param gitea.config.lfs Large File Storage configuration + lfs: {} + + ## @param gitea.config.repo-avatar Repository avatar storage configuration + repo-avatar: {} + + ## @param gitea.config.avatar User/org avatar storage configuration + avatar: {} + + ## @param gitea.config.storage General storage settings + storage: {} + + ## @param gitea.config.proxy Proxy configuration (disabled by default) + proxy: {} + + ## @param gitea.config.actions Configuration for [Forgejo Actions](https://forgejo.org/docs/latest/user/actions/) + actions: {} + + ## @param gitea.config.other Uncategorized configuration options + other: {} + + ## @section LivenessProbe + # + ## @param gitea.livenessProbe.enabled Enable liveness probe + ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness + ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated + ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe + ## @param gitea.livenessProbe.periodSeconds Period for liveness probe + ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe + ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe + # Modify the liveness probe for your needs or completely disable it by commenting out. + livenessProbe: + enabled: true + tcpSocket: + port: http + initialDelaySeconds: 200 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + + ## @section ReadinessProbe + # + ## @param gitea.readinessProbe.enabled Enable readiness probe + ## @param gitea.readinessProbe.httpGet.path Path to probe for readiness + ## @param gitea.readinessProbe.httpGet.port Port to probe for readiness + ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated + ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe + ## @param gitea.readinessProbe.periodSeconds Period for readiness probe + ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe + ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe + # Modify the readiness probe for your needs or completely disable it by commenting out. + readinessProbe: + enabled: true + httpGet: + path: /api/healthz + port: http + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + + # # Uncomment the startup probe to enable and modify it for your needs. + ## @section StartupProbe + # + ## @param gitea.startupProbe.enabled Enable startup probe + ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup + ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated + ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe + ## @param gitea.startupProbe.periodSeconds Period for startup probe + ## @param gitea.startupProbe.successThreshold Success threshold for startup probe + ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe + startupProbe: + enabled: false + tcpSocket: + port: http + initialDelaySeconds: 60 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + +## @section Redis® Cluster +## @descriptionStart +## Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. +## Full configuration options are available on their website. +## Redis cluster and [Redis](#redis) cannot be enabled at the same time. +## @descriptionEnd +# +## @param redis-cluster.enabled Enable redis cluster +## @param redis-cluster.usePassword Whether to use password authentication +## @param redis-cluster.cluster.nodes Number of redis cluster master nodes +## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas +redis-cluster: + enabled: true + usePassword: false + cluster: + nodes: 3 # default: 6 + replicas: 0 # default: 1 + +## @section Redis® +## @descriptionStart +## Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. +## Full configuration options are available on their website. +## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. +## @descriptionEnd +# +## @param redis.enabled Enable redis standalone or replicated +## @param redis.architecture Whether to use standalone or replication +## @param redis.global.redis.password Required password +## @param redis.master.count Number of Redis master instances to deploy +redis: + enabled: false + architecture: standalone + global: + redis: + password: changeme + master: + count: 1 + +## @section PostgreSQL HA +## @descriptionStart +## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. +## Full configuration options are available on their website. +## @descriptionEnd +# +## @param postgresql-ha.enabled Enable PostgreSQL HA chart +## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`) +## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password +## @param postgresql-ha.postgresql.postgresPassword postgres Password +## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword +## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) +## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume +postgresql-ha: + global: + postgresql: + database: gitea + password: gitea + username: gitea + enabled: true + postgresql: + repmgrPassword: changeme2 + postgresPassword: changeme1 + password: changeme4 + pgpool: + adminPassword: changeme3 + service: + ports: + postgresql: 5432 + primary: + persistence: + size: 10Gi + +## @section PostgreSQL +## @descriptionStart +## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. +## Full configuration options are available on their website. +## @descriptionEnd +# +## @param postgresql.enabled Enable PostgreSQL +## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) +## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume +postgresql: + enabled: false + global: + postgresql: + auth: + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql: 5432 + primary: + persistence: + size: 10Gi + +# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. +# Set it to false to skip this basic validation check. +## @section Advanced +## @param checkDeprecation Whether to run this basic validation check. +## @param test.enabled Whether to use test-connection Pod. +## @param test.image.name Image name for the wget container used in the test-connection Pod. +## @param test.image.tag Image tag for the wget container used in the test-connection Pod. +checkDeprecation: true +test: + enabled: true + image: + name: busybox + tag: latest + +## @param extraDeploy Array of extra objects to deploy with the release. +## +extraDeploy: []