52ed32ae74
To enable access to e.g. the SSH port by IPv6, the selection of ipFamilyPolicy and ipFamilies service attributes is necessary. Enable the possibility to configure these by helm values. Co-authored-by: Sven Fischer <sven@leiderfischer.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/313 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: luhahn <luhahn@noreply.gitea.io> Co-authored-by: svenihoney <svenihoney@noreply.gitea.io> Co-committed-by: svenihoney <svenihoney@noreply.gitea.io>
300 lines
6.8 KiB
YAML
300 lines
6.8 KiB
YAML
# Default values for gitea.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
replicaCount: 1
|
|
|
|
clusterDomain: cluster.local
|
|
|
|
image:
|
|
repository: gitea/gitea
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: ""
|
|
pullPolicy: Always
|
|
rootless: false # only possible when running 1.14 or later
|
|
|
|
imagePullSecrets: []
|
|
|
|
# Security context is only usable with rootless image due to image design
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
|
|
containerSecurityContext: {}
|
|
# allowPrivilegeEscalation: false
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# # Add the SYS_CHROOT capability for root and rootless images if you intend to
|
|
# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
|
|
# # get an error message from the SSH server that it is not possible to read from
|
|
# # the repository.
|
|
# # https://gitea.com/gitea/helm-chart/issues/161
|
|
# add:
|
|
# - SYS_CHROOT
|
|
# privileged: false
|
|
# readOnlyRootFilesystem: true
|
|
# runAsGroup: 1000
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
# DEPRECATED. The securityContext variable has been split two:
|
|
# - containerSecurityContext
|
|
# - podSecurityContext.
|
|
securityContext: {}
|
|
|
|
service:
|
|
http:
|
|
type: ClusterIP
|
|
port: 3000
|
|
clusterIP: None
|
|
#loadBalancerIP:
|
|
#nodePort:
|
|
#externalTrafficPolicy:
|
|
#externalIPs:
|
|
#ipFamilyPolicy:
|
|
#ipFamilies:
|
|
loadBalancerSourceRanges: []
|
|
annotations:
|
|
ssh:
|
|
type: ClusterIP
|
|
port: 22
|
|
clusterIP: None
|
|
#loadBalancerIP:
|
|
#nodePort:
|
|
#externalTrafficPolicy:
|
|
#externalIPs:
|
|
#ipFamilyPolicy:
|
|
#ipFamilies:
|
|
#hostPort:
|
|
loadBalancerSourceRanges: []
|
|
annotations:
|
|
|
|
ingress:
|
|
enabled: false
|
|
# className: nginx
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: git.example.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - git.example.com
|
|
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
|
|
# If helm doesn't correctly detect your ingress API version you can set it here.
|
|
# apiVersion: networking.k8s.io/v1
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Use an alternate scheduler, e.g. "stork".
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
# schedulerName:
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
statefulset:
|
|
env: []
|
|
# - name: VARIABLE
|
|
# value: my-value
|
|
terminationGracePeriodSeconds: 60
|
|
labels: {}
|
|
annotations: {}
|
|
|
|
persistence:
|
|
enabled: true
|
|
# existingClaim:
|
|
size: 10Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
labels: {}
|
|
annotations: {}
|
|
# storageClass:
|
|
# subPath:
|
|
|
|
# additional volumes to add to the Gitea statefulset.
|
|
extraVolumes:
|
|
# - name: postgres-ssl-vol
|
|
# secret:
|
|
# secretName: gitea-postgres-ssl
|
|
|
|
|
|
# additional volumes to mount, both to the init container and to the main
|
|
# container. As an example, can be used to mount a client cert when connecting
|
|
# to an external Postgres server.
|
|
extraVolumeMounts:
|
|
# - name: postgres-ssl-vol
|
|
# readOnly: true
|
|
# mountPath: "/pg-ssl"
|
|
|
|
# bash shell script copied verbatim to the start of the init-container.
|
|
initPreScript: ""
|
|
#
|
|
# initPreScript: |
|
|
# mkdir -p /data/git/.postgresql
|
|
# cp /pg-ssl/* /data/git/.postgresql/
|
|
# chown -R git:git /data/git/.postgresql/
|
|
# chmod 400 /data/git/.postgresql/postgresql.key
|
|
|
|
# Configure commit/action signing prerequisites
|
|
signing:
|
|
enabled: false
|
|
gpgHome: /data/git/.gnupg
|
|
|
|
gitea:
|
|
admin:
|
|
#existingSecret: gitea-admin-secret
|
|
username: gitea_admin
|
|
password: r8sA8CPHD9!bt6d
|
|
email: "gitea@local.domain"
|
|
|
|
metrics:
|
|
enabled: false
|
|
serviceMonitor:
|
|
enabled: false
|
|
# additionalLabels:
|
|
# prometheus-release: prom1
|
|
|
|
ldap: []
|
|
# - name: "LDAP 1"
|
|
# existingSecret:
|
|
# securityProtocol:
|
|
# host:
|
|
# port:
|
|
# userSearchBase:
|
|
# userFilter:
|
|
# adminFilter:
|
|
# emailAttribute:
|
|
# bindDn:
|
|
# bindPassword:
|
|
# usernameAttribute:
|
|
# publicSSHKeyAttribute:
|
|
|
|
# Either specify inline `key` and `secret` or refer to them via `existingSecret`
|
|
oauth: []
|
|
# - name: 'OAuth 1'
|
|
# provider:
|
|
# key:
|
|
# secret:
|
|
# existingSecret:
|
|
# autoDiscoverUrl:
|
|
# useCustomUrls:
|
|
# customAuthUrl:
|
|
# customTokenUrl:
|
|
# customProfileUrl:
|
|
# customEmailUrl:
|
|
|
|
config: {}
|
|
# APP_NAME: "Gitea: Git with a cup of tea"
|
|
# RUN_MODE: dev
|
|
#
|
|
# server:
|
|
# SSH_PORT: 22
|
|
#
|
|
# security:
|
|
# PASSWORD_COMPLEXITY: spec
|
|
|
|
additionalConfigSources: []
|
|
# - secret:
|
|
# secretName: gitea-app-ini-oauth
|
|
# - configMap:
|
|
# name: gitea-app-ini-plaintext
|
|
|
|
additionalConfigFromEnvs: []
|
|
|
|
podAnnotations: {}
|
|
|
|
# Modify the liveness probe for your needs or completely disable it by commenting out.
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: 200
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 10
|
|
|
|
# Modify the readiness probe for your needs or completely disable it by commenting out.
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
|
|
# # Uncomment the startup probe to enable and modify it for your needs.
|
|
# startupProbe:
|
|
# tcpSocket:
|
|
# port: http
|
|
# initialDelaySeconds: 60
|
|
# timeoutSeconds: 1
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 10
|
|
|
|
memcached:
|
|
enabled: true
|
|
service:
|
|
port: 11211
|
|
|
|
postgresql:
|
|
enabled: true
|
|
global:
|
|
postgresql:
|
|
postgresqlDatabase: gitea
|
|
postgresqlUsername: gitea
|
|
postgresqlPassword: gitea
|
|
servicePort: 5432
|
|
persistence:
|
|
size: 10Gi
|
|
|
|
mysql:
|
|
enabled: false
|
|
root:
|
|
password: gitea
|
|
db:
|
|
user: gitea
|
|
password: gitea
|
|
name: gitea
|
|
service:
|
|
port: 3306
|
|
persistence:
|
|
size: 10Gi
|
|
|
|
mariadb:
|
|
enabled: false
|
|
auth:
|
|
database: gitea
|
|
username: gitea
|
|
password: gitea
|
|
rootPassword: gitea
|
|
primary:
|
|
service:
|
|
port: 3306
|
|
persistence:
|
|
size: 10Gi
|
|
|
|
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
|
|
# Set it to false to skip this basic validation check.
|
|
checkDeprecation: true
|