ansible/roles/gitea/defaults/main.yaml

138 lines
4.8 KiB
YAML

gitea_enabled: true
gitea_publish_web: false
gitea_publish_ssh: false
gitea_use_external_db: true
gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx"
gitea_default_values:
config:
disableInstaller: true
admin_user: "{{ gitea_admin_user | default('gitea') }}"
admin_pass: "{{ gitea_admin_pass | default(gitea_admin_password) }}"
mailer:
domain: "{{ mail_domain | default(domain) }}"
enabled: true
host: "mail.{{ mail_domain | default(domain) }}:465"
skip_verify: false
is_tls_enabled: true
from: "gitea@{{ mail_domain | default(domain) }}"
user: "{{ gitea_ldap_user | default('gitea') }}"
passwd: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
ingress:
## Set to true to enable ingress record generation
enabled: true
## When the ingress is enabled, a host pointing to this will be created
hostname: "gitea.{{ domain }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
cert-manager.io/acme-dns01-provider: "rfc2136"
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/ingress.class: "{{ gitea_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/tls-acme: "true"
#
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
# hosts:
# - name: git.example.com
# path: /
tls:
- hosts:
- "gitea.{{ domain }}"
secretName: "gitea.{{ domain }}-tls"
service:
type: ClusterIP
## This can stay as ClusterIP as (by default) we use ingress
http:
port: 3000
## Make the external port available
# externalPort: 8082
# externalHost: gitea.local
## SSH is commonly on port 22
ssh:
port: 22
## If serving on a different external port used for determining the ssh url in the gui
# externalPort: 22
# externalHost: gitea.local
# externalIPs: []
persistence:
enabled: true
# existingGiteaClaim: gitea-gitea
accessMode: "{{ gitea_storage_mode | default('ReadWriteMany') }}"
size: "{{ gitea_size | default('20Gi') }}"
storageClass: "{{ gitea_storage | default('nfs-ssd') }}"
## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted.
annotations:
"helm.sh/resource-policy": keep
lfs:
enabled: "{{ gitea_lfs | default(true) }}"
accessMode: "{{ gitea_lfs_storage_mode | default('ReadWriteMany') }}"
size: "{{ gitea_lfs_size | default('50Gi') }}"
storageClass: "{{ gitea_lfs_storage | default('nfs-hdd') }}"
annotations:
"helm.sh/resource-policy": keep
mariadb:
enabled: false
externalDB:
enabled: true
dbType: "postgres"
dbHost: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
dbPort: "5432"
dbDatabase: "gitea"
dbUser: "{{ gitea_db_username | default(omit)}}"
dbPassword: "{{ gitea_db_password | default(omit) }}"
gitea_publish_ingress_nginx_values:
controller:
config:
use-proxy-protocol: true
use-forward-headers: true
compute-full-forward-for: true
service:
externalTrafficPolicy: Local
gitea_ingress_nginx_default_values:
controller:
containerPort:
ssh: 22
http: 80
https: 443
publishService:
enabled: true
scope:
enabled: true
extraArgs:
tcp-services-configmap: "{{ gitea_namespace | default(namespace) }}/{{ gitea_ingress_nginx_name | default(namespace + '-gitea-ingress-nginx') }}-tcp"
service:
enabled: true
type: LoadBalancer
loadBalancerIP: "{{ gitea_loadbalancer_ip | default(omit) }}"
ports:
ssh: 22
http: 80
https: 443
targetPorts:
ssh: ssh
http: http
https: https
ingressClass: "{{ gitea_ingress_class }}"
tcp:
22: "{{ gitea_namespace | default(namespace) }}/gitea-gitea-svc:22"
gitea_dns_default_values:
fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}"
annotationFilter: "kubernetes.io/ingress.class={{ gitea_ingress_class }}"
domainFilters: ["{{ domain }}"]
provider: rfc2136
rfc2136:
host: "{{ dns_ip }}"
port: 53
zone: "{{ domain }}"
tsigSecret: "{{ k8s_tsig }}"
tsigSecretAlg: "{{ gitea_dns_tsigSecretAlg | default('hmac-sha512') }}"
tsigKeyname: "{{ gitea_dns_tsigKeyname | default('k8s') }}"
tsigAxfr: true
## Possible units [ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
minTTL: "30s"