gitea_enabled: true gitea_publish_web: false gitea_publish_ssh: false gitea_chart_ref: "gitea-charts/gitea" gitea_use_external_db: true gitea_short_name: "gitea" gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx" gitea_default_values: strategy: type: "Recreate" service: http: clusterIP: ssh: clusterIP: ingress: enabled: true className: "{{ gitea_ingress_class }}" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" kubernetes.io/tls-acme: "true" hosts: - host: "{{ gitea_short_name }}.{{ domain }}" paths: - path: / pathType: Prefix tls: - secretName: "{{ gitea_short_name }}.{{ domain }}-tls" hosts: - "{{ gitea_short_name }}.{{ domain }}" redis-cluster: enabled: false postgresql-ha: enabled: false persistence: enabled: true accessModes: - "{{ gitea_storage_mode | default('ReadWriteMany') }}" size: "{{ gitea_size | default('20Gi') }}" storageClass: "{{ gitea_storage | default('nfs-ssd') }}" ## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted. annotations: "helm.sh/resource-policy": keep gitea: admin: username: "{{ gitea_admin_user | default('gitea') }}" password: "{{ gitea_admin_pass | default(gitea_admin_password) }}" email: "gitea@{{ mail_domain | default(domain) }}" ldap: - name: OpenLDAP securityProtocol: ldaps host: "{{ openldap_short_name | default('openldap')}}.{{ domain }}" port: "636" userSearchBase: "ou=users,{{ openldap_domain }}" userFilter: "(&(objectClass=posixAccount)(uid=%s))" emailAttribute: mail bindDn: "uid=ldapbind,ou=services,{{ openldap_domain }}" bindPassword: "{{ ldapbind_pass | default(ldapbind_password) }}" config: # APP_NAME: "Gitea: Git with a cup of tea" RUN_MODE: prod session: PROVIDER: "memory" queue: TYPE: "level" cache: ADAPTER: "memory" server: LFS_START_SERVER: true ROOT_URL: "https://{{ gitea_short_name}}.{{ domain }}" repository: DEFAULT_BRANCH: "master" migrations: ALLOW_LOCALNETWORKS: true service: DISABLE_REGISTRATION: true webhook: ALLOWED_HOST_LIST: "*" mailer: ENABLED: "true" SMTP_ADDR: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}" FROM: "gitea@{{ mail_domain | default(domain) }}" USER: "{{ gitea_ldap_user | default('gitea') }}" PASSWD: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}" PROTOCOL: "smtps" actions: ENABLED: "true" packages: ENABLED: "true" gitea_external_db_values: gitea: config: database: DB_TYPE: "{{ gitea_db_type | default('postgres') }}" HOST: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432" NAME: "{{ gitea_db_name | default('gitea') }}" USER: "{{ gitea_db_username | default(omit) }}" PASSWD: "{{ gitea_db_password | default(omit) }}" postgresql: enabled: false gitea_publish_ingress_nginx_values: controller: kind: DaemonSet config: use-proxy-protocol: true use-forward-headers: true compute-full-forward-for: true service: externalTrafficPolicy: Local gitea_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx" gitea_ingress_nginx_default_values: controller: containerPort: ssh: 22 http: 80 https: 443 publishService: enabled: true scope: enabled: true extraArgs: tcp-services-configmap: "{{ gitea_namespace | default(namespace) }}/{{ gitea_ingress_nginx_name | default(namespace + '-gitea-ingress-nginx') }}-tcp" service: enabled: true type: LoadBalancer loadBalancerIP: "{{ gitea_loadbalancer_ip | default(omit) }}" ports: ssh: 22 http: 80 https: 443 targetPorts: ssh: ssh http: http https: https electionID: "{{ gitea_ingress_class }}-leader" ingressClassResource: name: "{{ gitea_ingress_class }}" controllerValue: "k8s.io/{{ gitea_ingress_class }}" tcp: 22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22" gitea_dns_chart_ref: "ghp/external-dns" gitea_dns_default_values: fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}" ingressClass: "{{ gitea_ingress_class }}" domainFilters: ["{{ domain }}"] provider: rfc2136 rfc2136: host: "{{ dns_ip }}" port: 53 zone: "{{ domain }}" tsigSecret: "{{ k8s_tsig }}" tsigSecretAlg: "{{ gitea_dns_tsigSecretAlg | default('hmac-sha512') }}" tsigKeyname: "{{ gitea_dns_tsigKeyname | default('k8s') }}" tsigAxfr: true ## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration minTTL: "30s"