lunny/helm-chart
1
0
Fork 0
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

Initial commit

Browse Source 
Signed-off-by: Charlie Drage <charlie@charliedrage.com>
This commit is contained in:
Charlie Drage 2019-12-12 13:38:31 -05:00
parent 9156c98a1a
commit 9061f0d470
18 changed files with 1522 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: mariadb
repository: https://charts.bitnami.com
version: 7.3.0
digest: sha256:eac0df60131cc9aa4784d84693592d56c9f12ddf8272881b66c2cdcf34e305d7
generated: "2019-12-09T16:07:28.17872647-05:00"

19
Chart.yaml Normal file
View File

@ -0,0 +1,19 @@
name: gitea
version: 1.2.1
apiVersion: v2
appVersion: 1.9.3
description: Git with a cup of tea
icon: https://docs.gitea.io/images/gitea.png
keywords:
- git
- issue tracker
- code review
- wiki
- gitea
- gogs
sources:
- https://github.com/go-gitea/gitea
- https://hub.docker.com/r/gitea/gitea/
maintainers:
- name: Charlie Drage
email: charlie@charliedrage.com

21
LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2018 John Felten
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

190
README.md
View File

@ -1,2 +1,188 @@
# gitea-chart
Gitea Helm Chart
# Gitea
[Gitea](https://gitea.com/) is a lightweight GitHub clone. This is for those who wish to self host their own git repos on kubernetes.
This chart is based upon the work done by [@jfelten](https://github.com/jfelten/gitea-helm-chart)
## TLDR
```sh
helm repo add cdrage https://charts.charliedrage.com
helm install gitea cdrage/gitea
```
## Introduction
This chart bootstraps both [Gitea](http://gitea.com) and MariaDB.
In this chart, the following are ran:
- Gitea
- Memcached
- Mariadb
## Prerequisites
- Kubernetes 1.12+
- Helm 3.0+
- PV provisioner for persistent data support
## Installing the Chart
By default, we use ingress to expose the service.
To install WITHOUT persistent storage / development:
```bash
helm repo add cdrage https://charts.charliedrage.com
helm install gitea cdrage/gitea
```
For production / installing with persistent data:
```sh
helm show values cdrage/gitea > values.yaml
vim values.yaml # Edit to enable persistent storage
helm install gitea cdrage/gitea -f values.yaml
```
### Database Configuration
By default, we will launch a Mariadb database:
```yaml
mariadb:
enabled: true
```
To use an external database, disable the in-pod database and fill in the "externalDB" values:
```yaml
mariadb:
enabled: false
#Connect to an external database
externalDB:
dbUser: "postgres"
dbPassword: "<MY_PASSWORD>"
dbHost: "db-service-name.namespace.svc.cluster.local" # or some external host
dbPort: "5432"
dbDatabase: "gitea"
```
## Persistent Data
By default, persistent data is not enabled and thus you'll have to enable it from within the `values.yaml`.
Unless otherwise set to true, data will be deleted when the Pod is restarted.
To prevent data loss, we will enable persistent data.
First, enable persistency:
```yaml
persistence:
enabled: true
```
If you wish for helm **NOT** to replace data when re-deploying (updating the chart), add the `resource-policy` annotation:
```yaml
persistence:
annotations:
"helm.sh/resource-policy": keep
```
To use a previously created PVC / volume, use the following:
```yaml
existingGiteaClaim: gitea-gitea
```
## Ingress And External Host/Ports
Gitea requires ports to be exposed for accessibility. The recommended way is using **ingress**, however, you can supply `LoadBalancer` to your values alternatively.
By default, we expose via an ingress:
To expose via an ingress:
```yaml
ingress:
enabled: true
```
To expose the web application this chart will generate an ingress using the ingress controller of choice if specified. If an ingress is enabled services.http.externalHost must be specified. To expose SSH services it relies on either a LoadBalancer or NodePort.
## Upgrading
When upgrading, make sure you have the following enabled:
- Persistency for both mariadb + Gitea
- Using `existingGiteaClaim`
- Due to using the [bitnami/mariadb](https://github.com/helm/charts/tree/master/stable/mariadb) chart, make sure to HARDCODE your passwords within `values.yaml`. Or else you'll be unable to update mariadb
## Configuration
Refer to [values.yaml](values.yaml) for the full run-down on defaults.
The following table lists the configurable parameters of this chart and their default values.
| Parameter | Description | Default |
|---------------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------------------------|
| `images.gitea` | `gitea` image | `gitea/gitea:1.9.3` |
| `images.memcached` | `memcached` image | `memcached:1.5.19-alpine` |
| `images.pullPolicy` | Image pull policy | `IfNotPresent` |
| `images.pullSecrets` | Specify an array of pull secrets | `[]` |
| `memcached.maxItemMemory` | Max item memory | `64` |
| `memcached.verbosity` | Verbosity | `v` |
| `memcached.extendedOptions` | Extended options for memcached | `modern` |
| `ingress.enabled` | Switch to create ingress for this chart deployment | `true` |
| `ingress.hostname ` | Hostname to be used for the ingress | `gitea.local` |
| `ingress.certManager` | Asks if we want to use cert-manager or not (let's encrypt, etc.) | `true` |
| `ingress.annotations` | Annotations used by the ingress | `[]` |
| `ingress.hosts ` | Additional hosts to be used by the ingress | `[]` |
| `ingress.tls ` | TLS secret keys to be used with Gitea | `[]` |
| `service.http.serviceType` | type of kubernetes services used for http i.e. ClusterIP, NodePort or LoadBalancer | `ClusterIP` |
| `service.http.port` | http port for web traffic | `3000` |
| `service.http.NodePort` | Manual NodePort for web traffic | `nil` |
| `service.http.externalPort` | Port exposed on the internet by a load balancer or firewall that redirects to the ingress or NodePort | `8280` |
| `service.http.externalHost` | IP or DNS name exposed on the internet by a load balancer or firewall that redirects to the ingress or Node for http traffic | `gitea.local` |
| `service.ssh.serviceType` | type of kubernetes services used for ssh i.e. ClusterIP, NodePort or LoadBalancer | `ClusterIP` |
| `service.ssh.port` | http port for web traffic | `22` |
| `service.ssh.NodePort` | Manual NodePort for ssh traffic | `nil` |
| `service.ssh.externalPort` | Port exposed on the internet by a load balancer or firewall that redirects to the ingress or NodePort | `nil` |
| `service.ssh.externalHost` | IP or DNS name exposed on the internet by a load balancer or firewall that redirects to the ingress or Node for http traffic | `gitea.local` |
| `resources.gitea.requests.memory` | gitea container memory request | `500Mi` |
| `resources.gitea.requests.cpu` | gitea container request cpu | `1000m` |
| `resources.gitea.limits.memory` | gitea container memory limits | `2Gi` |
| `resources.gitea.limits.cpu` | gitea container CPU/Memory resource requests/limits | `1` |
| `resources.memcached.requests.memory` | memcached container memory request | `64Mi` |
| `resources.memcached.requests.cpu` | memcached container request cpu | `50m` |
| `persistence.enabled` | Create PVCs to store gitea data | `false` |
| `persistence.existingGiteaClaim` | Already existing PVC that should be used for gitea data. | `nil` |
| `persistence.giteaSize` | Size of gitea pvc to create | `10Gi` |
| `persistence.annotations` | Annotations to set on created PVCs | `nil` |
| `persistence.storageClass` | NStorageClass to use for dynamic provision if not 'default' | `nil` |
| `mariadb.enabled` | Enable or diable mariadb | `true` |
| `mariadb.replication.enabled` | Enable or diable replication | `false` |
| `mariadb.db.name` | Default name | `gitea` |
| `mariadb.db.user` | Default user | `gitea` |
| `mariadb.persistence.enabled` | Enable or diable persistence | `true` |
| `mariadb.persistence.accessMode` | What access mode to use | `ReadWriteOnce` |
| `mariadb.persistence.size` | What size of database to use | `8Gi` |
| `externalDB.dbUser` | external db user | ` unset` |
| `externalDB.dbPassword` | external db password | ` unset` |
| `externalDB.dbHost` | external db host | ` unset` |
| `externalDB.dbPort` | external db port | ` unset` |
| `externalDB.dbDatabase` | external db database name | ` unset` |
| `config.disableInstaller` | Disable the installer | `false` |
| `config.offlineMode` | Sets Gitea's Offline Mode. Values are `true` or `false`. | `false` |
| `config.requireSignin` | Require Gitea user to be signed in to see any pages. Values are `true` or `false`. | `false` |
| `config.disableRegistration` | Disable Gitea's user registration. Values are `true` or `false`. | `false` |
| `config.openidSignin` | Allow login with OpenID. Values are `true` or `false`. | `true` |
| `nodeSelector` | Node to be selected | `{}` |
| `affinity` | Affinity settings for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `deploymentAnnotations` | Deployment annotations to be used | `{}` |
| `podAnnotations` | Pod deployment annotations to be used | `{}` |

BIN
charts/mariadb-7.3.0.tgz Normal file
View File

Binary file not shown.

7
requirements.yaml Normal file
View File

@ -0,0 +1,7 @@
dependencies:
- name: mariadb
version: 7.3.0
repository: https://charts.bitnami.com
condition: mariadb.enabled
tags:
- mariadb

45
templates/NOTES.txt Normal file
View File

@ -0,0 +1,45 @@
1. Connect to your Gitea web URL by running:
{{- if .Values.ingress.enabled }}
Ingress is enabled for this chart deployment. Please access the web UI at {{ .Values.ingress.hostname }}
{{- else if contains "NodePort" .Values.service.http.serviceType }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP/
{{- else if contains "LoadBalancer" .Values.service.http.serviceType }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc -w {{ template "fullname" . }}http'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }}http -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.service.http.serviceType }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080/
kubectl port-forward $POD_NAME 8080:80
{{- end }}
2. Connect to your Gitea ssh port:
{{- if contains "NodePort" .Values.service.ssh.serviceType }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP/
{{- else if contains "LoadBalancer" .Values.service.ssh.serviceType }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc -w {{ template "fullname" . }}ssh'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }}ssh -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.service.ssh.serviceType }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080/
kubectl port-forward $POD_NAME 8022:22
{{- end }}

31
templates/_helpers.tpl Normal file
View File

@ -0,0 +1,31 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 24 -}}
{{- end -}}
{{- define "mariadb.fullname" -}}
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "gitea.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}

45
templates/deployment.yaml Normal file
View File

@ -0,0 +1,45 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "fullname" . }}
template:
metadata:
labels:
app: {{ template "fullname" . }}
spec:
containers:
{{ include "gitea" . | indent 6 }}
{{ include "memcached" . | indent 6 }}
initContainers:
{{ include "init" . | indent 6 }}
volumes:
- name: gitea-data
{{- if .Values.persistence.enabled }}
{{- if .Values.persistence.directGiteaVolumeMount }}
{{ tpl .Values.persistence.directGiteaVolumeMount . | indent 8 }}
{{- else }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingGiteaClaim | default (include "fullname" .) }}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
- name: gitea-config
configMap:
name: {{ template "fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}

46
templates/gitea/_container.tpl Normal file
View File

@ -0,0 +1,46 @@
{{/*
Create helm partial for gitea server
*/}}
{{- define "gitea" }}
- name: gitea
image: {{ .Values.images.gitea }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
env:
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.mariadb.enabled }}
name: {{ template "mariadb.fullname" . }}
key: mariadb-password
{{- else }}
name: {{ printf "%s-%s" .Release.Name "externaldb" }}
key: db-password
{{- end }}
ports:
- name: ssh
containerPort: {{ .Values.service.ssh.port }}
- name: http
containerPort: {{ .Values.service.http.port }}
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 200
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources:
{{ toYaml .Values.resources.gitea | indent 10 }}
volumeMounts:
- name: gitea-data
mountPath: /data
- name: gitea-config
mountPath: /etc/gitea
{{- end }}

725
templates/gitea/gitea-config.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

20
templates/gitea/gitea-http-svc.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}-http
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
type: {{ .Values.service.http.serviceType }}
ports:
- name: http
port: {{ .Values.service.http.port }}
{{- if .Values.service.http.nodePort }}
nodePort: {{ .Values.service.http.nodePort }}
{{- end }}
targetPort: {{ .Values.service.http.port }}
selector:
app: {{ template "fullname" . }}

29
templates/gitea/gitea-pvc.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingGiteaClaim) (not .Values.persistence.directGiteaVolumeMount) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "fullname" . }}
chart: gitea
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.giteaSize | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

20
templates/gitea/gitea-ssh-svc.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}-ssh
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
type: {{ .Values.service.ssh.serviceType }}
ports:
- name: ssh
port: {{ .Values.service.ssh.port }}
targetPort: ssh
{{- if .Values.service.ssh.nodePort }}
nodePort: {{ .Values.service.ssh.nodePort }}
{{- end }}
selector:
app: {{ template "fullname" . }}

42
templates/ingress.yaml Normal file
View File

@ -0,0 +1,42 @@
{{- if .Values.ingress.enabled }}
apiVersion: {{ template "gitea.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "fullname" . }}
labels:
app: "{{ template "fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
- path: /
backend:
serviceName: {{ template "fullname" . }}-http
servicePort: {{ .Values.service.http.port }}
{{- end }}
{{- range .Values.ingress.hosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: "{{ template "fullname" $ }}"-http
servicePort: {{ .Values.service.http.port }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end }}
{{- end }}

26
templates/init/_container.tpl Normal file
View File

@ -0,0 +1,26 @@
{{/*
Create helm partial for gitea server
*/}}
{{- define "init" }}
- name: init
image: {{ .Values.images.gitea }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
env:
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "mariadb.fullname" . }}
key: mariadb-password
- name: SCRIPT
value: &script |-
mkdir -p /datatmp/gitea/conf
if [ ! -f /datatmp/gitea/conf/app.ini ]; then
sed "s/MARIADB_PASSWORD/${MARIADB_PASSWORD}/g" < /etc/gitea/app.ini > /datatmp/gitea/conf/app.ini
fi
command: ["/bin/sh",'-c', *script]
volumeMounts:
- name: gitea-data
mountPath: /datatmp
- name: gitea-config
mountPath: /etc/gitea
{{- end }}

35
templates/memcached/_container.tpl Normal file
View File

@ -0,0 +1,35 @@
{{/*
Create helm partial for memcached
*/}}
{{- define "memcached" }}
- name: memcached
image: {{ .Values.images.memcached }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
command:
- memcached
- -m {{ .Values.memcached.maxItemMemory }}
{{- if .Values.memcached.extendedOptions }}
- -o
- {{ .Values.memcached.extendedOptions }}
{{- end }}
{{- if .Values.memcached.verbosity }}
- -{{ .Values.memcached.verbosity }}
{{- end }}
ports:
- name: memcache
containerPort: 11211
livenessProbe:
tcpSocket:
port: memcache
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
tcpSocket:
port: memcache
initialDelaySeconds: 5
timeoutSeconds: 1
securityContext:
runAsUser: 1000
resources:
{{ toYaml .Values.resources.memcached | indent 10 }}
{{- end }}

217
values.yaml Normal file
View File

@ -0,0 +1,217 @@
## Gitea image
## ref: https://hub.docker.com/r/gitea/gitea/tags/
##
tags:
mariadb: true
images:
registry: docker.io
gitea: "gitea/gitea:1.10.1"
memcached: "memcached:1.5.19-alpine"
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Cache settings for memcache
memcached:
maxItemMemory: 64
verbosity: v
extendedOptions: modern
## Configure the ingress resource that allows you to access the
## Gitea installation. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## Set to true to enable ingress record generation
enabled: true
## Set this to true in order to add the corresponding annotations for cert-manager
certManager: false
## When the ingress is enabled, a host pointing to this will be created
hostname: gitea.local
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
annotations: {}
# certmanager.k8s.io/cluster-issuer: letsencrypt-prod
# kubernetes.io/ingress.class: nginx
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
# hosts:
# - name: gitea.local
# path: /
## The tls configuration for the ingress
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## Uncomment below to enable tls / https for let's encrypt / cert-manager
# tls:
# - hosts:
# - gitea.local
# secretName: gitea.tls
secrets:
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
# - name: gitea.local-tls
# key:
# certificate:
#
## This chart defaults to using an ingress for http, but change to LoadBalancer if using you cluster supports it
service:
## This can stay as ClusterIP as (by default) we use ingress
http:
serviceType: ClusterIP
port: 3000
## Make the external port available
# externalPort: 8280
# externalHost: gitea.local
## SSH is commonly on port 22.. however.. you most likely already have port 22 being used by your node.
## so we use port 8022.
ssh:
serviceType: LoadBalancer
port: 22
#nodePort: 30222
## If serving on a different external port used for determining the ssh url in the gui
externalPort: 8022
externalHost: gitea.local
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
gitea:
requests:
memory: 500Mi
cpu: 1000m
limits:
memory: 2Gi
cpu: 1
memcached:
requests:
memory: 64Mi
cpu: 50m
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
## ref:
##
persistence:
enabled: false
# existingGiteaClaim: gitea-gitea
giteaSize: 10Gi
# storageClass: glusterfs
accessMode: ReadWriteMany
## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted.
annotations:
"helm.sh/resource-policy": keep
## if you want to mount a volume directly without using a storageClass or pvcs
# directGiteaVolumeMount:
# glusterfs:
# endpoints: "192.168.1.1 192.168.1.2 192.168.1.3"
# path: giteaData
# directPostgresVolumeMount:
# glusterfs:
# endpoints: "192.168.1.1 192.168.1.2 192.168.1.3"
# path: giteaPostgresData
##
## MariaDB chart configuration
##
## https://github.com/helm/charts/blob/master/stable/mariadb/values.yaml
##
mariadb:
## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
enabled: true
## Disable MariaDB replication
replication:
enabled: false
## Create a database and a database user
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
db:
name: gitea
user: gitea
## If the password is not specified, mariadb will generates a random password
##
# password: ThisIsMySuperSecretPassword
## MariaDB admin password
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run
##
rootUser:
# password: ThisIsMySuperSecretPassword
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
master:
persistence:
enabled: false
## mariadb data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
## Connect to an external database instead
# externalDB:
# dbUser: "postgres"
# dbPassword: "<MY_PASSWORD>"
# dbHost: "service-name.namespace.svc.cluster.local" # or some external host
# dbPort: "5432"
# dbDatabase: "gitea"
## Actual Gitea configuration (modified the default .ini file for Gitea)
## This will skip the initial installation screen. You must have a secretKey already defined
## and disableInstaller set to True
config:
## secretKey: ThisIsMySuperSecretKeyThatsUsedInterally
disableInstaller: false
offlineMode: false
requireSignin: false
disableRegistration: false
openidSignin: true
## Common helm annotations
## Node labels and tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
nodeSelector: {}
tolerations: []
affinity: {}
## Annotations for the deployment and nodes.
deploymentAnnotations: {}
podAnnotations: {}