138 lines
4.8 KiB
YAML
138 lines
4.8 KiB
YAML
|
gitea_enabled: true
|
||
|
|
gitea_publish_web: false
|
||
|
|
gitea_publish_ssh: false
|
||
|
|
gitea_use_external_db: true
|
||
|
|
gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx"
|
||
|
|
gitea_default_values:
|
||
|
|
config:
|
||
|
|
disableInstaller: true
|
||
|
|
admin_user: "{{ gitea_admin_user | default('gitea') }}"
|
||
|
|
admin_pass: "{{ gitea_admin_pass | default(gitea_admin_password) }}"
|
||
|
|
mailer:
|
||
|
|
domain: "{{ mail_domain | default(domain) }}"
|
||
|
|
enabled: true
|
||
|
|
host: "mail.{{ mail_domain | default(domain) }}:465"
|
||
|
|
skip_verify: false
|
||
|
|
is_tls_enabled: true
|
||
|
|
from: "gitea@{{ mail_domain | default(domain) }}"
|
||
|
|
user: "{{ gitea_ldap_user | default('gitea') }}"
|
||
|
|
passwd: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
|
||
|
|
ingress:
|
||
|
|
## Set to true to enable ingress record generation
|
||
|
|
enabled: true
|
||
|
|
## When the ingress is enabled, a host pointing to this will be created
|
||
|
|
hostname: "gitea.{{ domain }}"
|
||
|
|
annotations:
|
||
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||
|
|
cert-manager.io/acme-dns01-provider: "rfc2136"
|
||
|
|
cert-manager.io/acme-challenge-type: "dns01"
|
||
|
|
kubernetes.io/ingress.class: "{{ gitea_ingress_class }}"
|
||
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
||
|
|
kubernetes.io/tls-acme: "true"
|
||
|
|
#
|
||
|
|
## The list of additional hostnames to be covered with this ingress record.
|
||
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
||
|
|
# hosts:
|
||
|
|
# - name: git.example.com
|
||
|
|
# path: /
|
||
|
|
tls:
|
||
|
|
- hosts:
|
||
|
|
- "gitea.{{ domain }}"
|
||
|
|
secretName: "gitea.{{ domain }}-tls"
|
||
|
|
service:
|
||
|
|
type: ClusterIP
|
||
|
|
## This can stay as ClusterIP as (by default) we use ingress
|
||
|
|
http:
|
||
|
|
port: 3000
|
||
|
|
## Make the external port available
|
||
|
|
# externalPort: 8082
|
||
|
|
# externalHost: gitea.local
|
||
|
|
## SSH is commonly on port 22
|
||
|
|
ssh:
|
||
|
|
port: 22
|
||
|
|
## If serving on a different external port used for determining the ssh url in the gui
|
||
|
|
# externalPort: 22
|
||
|
|
# externalHost: gitea.local
|
||
|
|
# externalIPs: []
|
||
|
|
persistence:
|
||
|
|
enabled: true
|
||
|
|
# existingGiteaClaim: gitea-gitea
|
||
|
|
accessMode: "{{ gitea_storage_mode | default('ReadWriteMany') }}"
|
||
|
|
size: "{{ gitea_size | default('20Gi') }}"
|
||
|
|
storageClass: "{{ gitea_storage | default('nfs-ssd') }}"
|
||
|
|
## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted.
|
||
|
|
annotations:
|
||
|
|
"helm.sh/resource-policy": keep
|
||
|
|
lfs:
|
||
|
|
enabled: "{{ gitea_lfs | default(true) }}"
|
||
|
|
accessMode: "{{ gitea_lfs_storage_mode | default('ReadWriteMany') }}"
|
||
|
|
size: "{{ gitea_lfs_size | default('50Gi') }}"
|
||
|
|
storageClass: "{{ gitea_lfs_storage | default('nfs-hdd') }}"
|
||
|
|
annotations:
|
||
|
|
"helm.sh/resource-policy": keep
|
||
|
|
mariadb:
|
||
|
|
enabled: false
|
||
|
|
externalDB:
|
||
|
|
enabled: true
|
||
|
|
dbType: "postgres"
|
||
|
|
dbHost: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
|
||
|
|
dbPort: "5432"
|
||
|
|
dbDatabase: "gitea"
|
||
|
|
dbUser: "{{ gitea_db_username | default(omit)}}"
|
||
|
|
dbPassword: "{{ gitea_db_password | default(omit) }}"
|
||
|
|
|
||
|
|
gitea_publush_ingress_nginx_values:
|
||
|
|
controller:
|
||
|
|
config:
|
||
|
|
use-proxy-protocol: true
|
||
|
|
use-forward-headers: true
|
||
|
|
compute-full-forward-for: true
|
||
|
|
service:
|
||
|
|
externalTrafficPolicy: Local
|
||
|
|
|
||
|
|
gitea_ingress_nginx_default_values:
|
||
|
|
controller:
|
||
|
|
containerPort:
|
||
|
|
ssh: 22
|
||
|
|
http: 80
|
||
|
|
https: 443
|
||
|
|
publishService:
|
||
|
|
enabled: true
|
||
|
|
scope:
|
||
|
|
enabled: true
|
||
|
|
extraArgs:
|
||
|
|
tcp-services-configmap: "{{ gitea_namespace | default(namespace) }}/{{ gitea_ingress_nginx_name | default(namespace + '-gitea-ingress-nginx') }}-tcp"
|
||
|
|
service:
|
||
|
|
enabled: true
|
||
|
|
type: LoadBalancer
|
||
|
|
loadBalancerIP: "{{ gitea_loadbalancer_ip | default(omit) }}"
|
||
|
|
ports:
|
||
|
|
ssh: 22
|
||
|
|
http: 80
|
||
|
|
https: 443
|
||
|
|
targetPorts:
|
||
|
|
ssh: ssh
|
||
|
|
http: http
|
||
|
|
https: https
|
||
|
|
ingressClass: "{{ gitea_ingress_class }}"
|
||
|
|
tcp:
|
||
|
|
22: "{{ gitea_namespace | default(namespace) }}/gitea-gitea-svc:22"
|
||
|
|
|
||
|
|
gitea_dns_default_values:
|
||
|
|
fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}"
|
||
|
|
annotationFilter: "kubernetes.io/ingress.class={{ gitea_ingress_class }}"
|
||
|
|
domainFilters: ["{{ domain }}"]
|
||
|
|
provider: rfc2136
|
||
|
|
rfc2136:
|
||
|
|
host: "{{ dns_ip }}"
|
||
|
|
port: 53
|
||
|
|
zone: "{{ domain }}"
|
||
|
|
tsigSecret: "{{ k8s_tsig }}"
|
||
|
|
tsigSecretAlg: "{{ gitea_dns_tsigSecretAlg | default('hmac-sha512') }}"
|
||
|
|
tsigKeyname: "{{ gitea_dns_tsigKeyname | default('k8s') }}"
|
||
|
|
tsigAxfr: true
|
||
|
|
## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
|
||
|
|
minTTL: "30s"
|