diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f644df7 --- /dev/null +++ b/Makefile @@ -0,0 +1,15 @@ +readme: helm-doc + readme-generator -v values.yaml -r README.md + markdownlint *.md -f + +.PHONY: helm-doc +helm-doc: +ifeq (, $(shell which readme-generator)) + @{ \ + set -e ;\ + echo 'installing readme-generator-for-helm' ;\ + npm install -g readme-generator-for-helm ;\ + } +else + echo 'readme-generator-for-helm is already installed' +endif \ No newline at end of file diff --git a/README.md b/README.md index fc1d207..7060ed9 100644 --- a/README.md +++ b/README.md @@ -712,210 +712,220 @@ gitea: podAnnotations: {} ``` -## Configuration +## Parameters -### Others +### Global -| Parameter | Description | Default | -| ------------------------------------------- | -------------------------------------------------------------------- | ------- | -| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | -| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | -| `statefulset.env` | Additional environment variables to pass to containers | `[]` | -| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `{}` | -| `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `{}` | -| `initPreScript` | Bash script copied verbatim to start of init container | | -| `podSecurityContext.fsGroup` | Set the shared file system group for all containers | 1000 | -| `containerSecurityContext` | Run init and Gitea containers as a specific securityContext | `{}` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork" | | +| Name | Description | Value | +| ------------------------- | ------------------------------------------------------------------------- | --------------- | +| `global.imageRegistry` | global image registry override | `""` | +| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | +| `global.storageClass` | global storage class override | `""` | +| `replicaCount` | number of replicas for the statefulset | `1` | +| `clusterDomain` | cluster domain | `cluster.local` | ### Image -| Parameter | Description | Default | -| ------------------ | ----------------------------------------------------------------------------------------- | ---------------------------------- | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | see [Chart.AppVersion](Chart.yaml) | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| Name | Description | Value | +| ------------------ | ------------------------------------------------------------------------------------------ | ------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `""` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | -### Persistence +### Security -| Parameter | Description | Default | -| --------------------------- | ---------------------------------------------------------- | ------- | -| `persistence.enabled` | Enable persistence for Gitea | `true` | -| `persistence.existingClaim` | Use an existing claim to store repository information | | -| `persistence.size` | Size for persistence to store repo information | `10Gi` | -| `persistence.accessModes` | AccessMode for persistence | | -| `persistence.storageClass` | Storage class for repository persistence | | -| `persistence.subPath` | Subdirectory of the volume to mount at | | -| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | -| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | - -### Ingress - -| Parameter | Description | Default | -| ------------------------------------ | ---------------------------------------------------------------------------- | -------------------------------------------------- | -| `ingress.enabled` | enable ingress | `false` | -| `ingress.annotations` | add ingress annotations | | -| `ingress.hosts[0].host` | add hosts for ingress | `git.example.com` | -| `ingress.hosts[0].paths[0].path` | add path for each ingress host | `/` | -| `ingress.hosts[0].paths[0].pathType` | add ingress path type | `Prefix` | -| `ingress.tls` | add ingress tls settings | `[]` | -| `ingress.className` | add ingress class name. Only used in k8s 1.19+ | | -| `ingress.apiVersion` | specify APIVersion of ingress object. Mostly would only be used for argocd. | version indicated by helm's `Capabilities` object. | +| Name | Description | Value | +| ---------------------------- | --------------------------------------------------------------- | ------ | +| `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` | +| `containerSecurityContext` | Security context | `{}` | +| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` | ### Service -#### Web +| Name | Description | Value | +| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | +| `service.http.port` | Port number for web traffic | `3000` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | +| `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | +| `service.http.nodePort` | NodePort for http service | `nil` | +| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | +| `service.http.externalIPs` | External IPs for service | `nil` | +| `service.http.ipFamilyPolicy` | HTTP service dual-stack policy | `nil` | +| `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | +| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | +| `service.http.annotations` | HTTP service annotations | `{}` | +| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | +| `service.ssh.port` | Port number for ssh traffic | `22` | +| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for statefulset is None | `None` | +| `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | +| `service.ssh.nodePort` | NodePort for ssh service | `nil` | +| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | +| `service.ssh.externalIPs` | External IPs for service | `nil` | +| `service.ssh.ipFamilyPolicy` | SSH service dual-stack policy | `nil` | +| `service.ssh.ipFamilies` | SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | +| `service.ssh.hostPort` | HostPort for ssh service | `nil` | +| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | +| `service.ssh.annotations` | SSH service annotations | `{}` | -| Parameter | Description | Default | -| --------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------- | -| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | -| `service.http.port` | Port for web traffic | `3000` | -| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | -| `service.http.loadBalancerIP` | LoadBalancer Ip setting | | -| `service.http.nodePort` | NodePort for http service | | -| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -| `service.http.externalIPs` | http service external IP addresses | | -| `service.http.ipFamilyPolicy` | http service dual-stack policy | | -| `service.http.ipFamilies` | http service dual-stack familiy selection | | -| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | -| `service.http.annotations` | http service annotations | | +### Ingress -For dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.className` | Ingress class name | `nil` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | +| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | +| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | +| `ingress.tls` | Ingress tls settings | `[]` | +| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | -#### SSH +### StatefulSet -| Parameter | Description | Default | -| -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ----------- | -| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | -| `service.ssh.port` | Port for ssh traffic | `22` | -| `service.ssh.loadBalancerIP` | LoadBalancer Ip setting | | -| `service.ssh.nodePort` | NodePort for ssh service | | -| `service.ssh.hostPort` | HostPort for ssh service | | -| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -| `service.ssh.externalIPs` | ssh service external IP addresses | | -| `service.ssh.ipFamilyPolicy` | ssh service dual-stack policy | | -| `service.ssh.ipFamilies` | ssh service dual-stack familiy selection | | -| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | -| `service.ssh.annotations` | ssh service annotations | | +| Name | Description | Value | +| ------------------------------------------- | ------------------------------------------------------ | ----- | +| `resources` | Kubernetes resources | `{}` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` | +| `nodeSelector` | NodeSelector for the statefulset | `{}` | +| `tolerations` | Tolerations for the statefulset | `[]` | +| `affinity` | Affinity for the statefulset | `{}` | +| `statefulset.env` | Additional environment variables to pass to containers | `[]` | +| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | +| `statefulset.labels` | Labels for the statefulset | `{}` | +| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | -For dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). +### Persistence -### Gitea Configuration +| Name | Description | Value | +| --------------------------- | ---------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `nil` | +| `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `nil` | -| Parameter | Description | Default | -| -------------- | ---------------------------------------------------------------------------------------------------- | ------- | -| `gitea.config` | Everything in `app.ini` can be configured with this dict. See [Examples](#examples) for more details | `{}` | +### Init -### Gitea Probes +| Name | Description | Value | +| --------------- | --------------------------------------------------------------------- | ----- | +| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` | -Configure Liveness, Readiness and Startup -[Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). +### Signing -#### Liveness probe +| Name | Description | Value | +| ----------------- | ---------------------------- | ------------------ | +| `signing.enabled` | Enable commit/action signing | `false` | +| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -- Default status: Enabled -- Default action: tcp socket connect +### Gitea -| Parameter | Description | Default | -| ------------------------------------------ | -------------------------------------------------------------------- | ------- | -| `gitea.livenessProbe.initialDelaySeconds` | Delay before probe start | `200` | -| `gitea.livenessProbe.timeoutSeconds` | probe timeout | `1` | -| `gitea.livenessProbe.periodSeconds` | period between probes | `10` | -| `gitea.livenessProbe.successThreshold` | Minimum consecutive success probes | `1` | -| `gitea.livenessProbe.failureThreshold` | Minimum consecutive error probes | `10` | +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config` | Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) | `{}` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | -#### Readiness probe +### LivenessProbe -- Default status: Enabled -- Default action: tcp socket connect +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------ | ------ | +| `gitea.livenessProbe.enabled` | Enable liveness probe | `true` | +| `gitea.livenessProbe.tcpSocket.port` | Port to probe for liveness | `http` | +| `gitea.livenessProbe.initialDelaySeconds` | Initial delay before liveness probe is initiated | `200` | +| `gitea.livenessProbe.timeoutSeconds` | Timeout for liveness probe | `1` | +| `gitea.livenessProbe.periodSeconds` | Period for liveness probe | `10` | +| `gitea.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | +| `gitea.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `10` | -| Parameter | Description | Default | -| ------------------------------------------ | -------------------------------------------------------------------- | ------- | -| `gitea.readinessProbe.initialDelaySeconds` | Delay before probe start | `5` | -| `gitea.readinessProbe.timeoutSeconds` | probe timeout | `1` | -| `gitea.readinessProbe.periodSeconds` | period between probes | `10` | -| `gitea.readinessProbe.successThreshold` | Minimum consecutive success probes | `1` | -| `gitea.readinessProbe.failureThreshold` | Minimum consecutive error probes | `3` | +### ReadinessProbe -#### Startup probe +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------- | ------ | +| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | +| `gitea.readinessProbe.tcpSocket.port` | Port to probe for readiness | `http` | +| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | +| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | +| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | +| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | -- Default status: Disabled -- Default action: tcp socket connect +### StartupProbe -| Parameter | Description | Default | -| ------------------------------------------ | -------------------------------------------------------------------- | ------- | -| `gitea.startupProbe.initialDelaySeconds` | Delay before probe start | `60` | -| `gitea.startupProbe.timeoutSeconds` | probe timeout | `1` | -| `gitea.startupProbe.periodSeconds` | period between probes | `10` | -| `gitea.startupProbe.successThreshold` | Minimum consecutive success probes | `1` | -| `gitea.startupProbe.failureThreshold` | Minimum consecutive error probes | `10` | +| Name | Description | Value | +| ---------------------------------------- | ----------------------------------------------- | ------- | +| `gitea.startupProbe.enabled` | Enable startup probe | `false` | +| `gitea.startupProbe.tcpSocket.port` | Port to probe for startup | `http` | +| `gitea.startupProbe.initialDelaySeconds` | Initial delay before startup probe is initiated | `60` | +| `gitea.startupProbe.timeoutSeconds` | Timeout for startup probe | `1` | +| `gitea.startupProbe.periodSeconds` | Period for startup probe | `10` | +| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` | +| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` | -### Memcached BuiltIn +### Memcached -Memcached is loaded as a dependency from -[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if -enabled in the values. Complete Configuration can be taken from their website. +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | +| `memcached.service.port` | Port for Memcached | `11211` | -The following parameters are the defaults set by this chart +### PostgreSQL -| Parameter | Description | Default | -| ------------------------ | --------------------------- | ------- | -| `memcached.service.port` | Memcached Port | 11211 | -| `memcached.enabled` | Enable Memcached dependency | `true` | - -### MySQL BuiltIn - -MySQL is loaded as a dependency from stable. Configuration can be found on this -[website](https://github.com/helm/charts/tree/master/stable/mysql). - -The following parameters are the defaults set by this chart - -| Parameter | Description | Default | -| ------------------------ | ------------------------------------------------------------------ | ------- | -| `mysql.root.password` | Password for the root user. Ignored if existing secret is provided | `gitea` | -| `mysql.db.user` | Username of new user to create. | `gitea` | -| `mysql.db.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | -| `mysql.db.name` | Name for new database to create. | `gitea` | -| `mysql.service.port` | Port to connect to MySQL service | `3306` | -| `mysql.persistence.size` | Persistence size for MySQL | `10Gi` | -| `mysql.enabled` | Enable MySQL dependency | `false` | - -### PostgreSQL BuiltIn - -PostgreSQL is loaded as a dependency from Bitnami. The chart configuration can -be found in this -[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) -repository. - -The following parameters are the defaults set by this chart - -| Parameter | Description | Default | +| Name | Description | Value | | ------------------------------------------------- | -------------------------------------------------------- | ------- | +| `postgresql.enabled` | Enable PostgreSQL | `true` | | `postgresql.global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides postgresqlDatabase) | `gitea` | | `postgresql.global.postgresql.postgresqlUsername` | PostgreSQL username (overrides postgresqlUsername) | `gitea` | | `postgresql.global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides postgresqlPassword) | `gitea` | | `postgresql.global.postgresql.servicePort` | PostgreSQL port (overrides service.port) | `5432` | | `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | -| `postgresql.enabled` | Enable PostgreSQL dependency | `true` | -### MariaDB BuiltIn +### MySQL -MariaDB is loaded as a dependency from bitnami. Configuration can be found in -this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) -repository. +| Name | Description | Value | +| ------------------------ | ------------------------------------------------------------------ | ------- | +| `mysql.enabled` | Enable MySQL | `false` | +| `mysql.root.password` | Password for the root user. Ignored if existing secret is provided | `gitea` | +| `mysql.db.user` | Username of new user to create. | `gitea` | +| `mysql.db.password` | Password for the new user.Ignored if existing secret is provided | `gitea` | +| `mysql.db.name` | Name for new database to create. | `gitea` | +| `mysql.service.port` | Port to connect to MySQL service | `3306` | +| `mysql.persistence.size` | PVC Storage Request for MySQL volume | `10Gi` | -The following parameters are the defaults set by this chart +### MariaDB -| Parameter | Description | Default | +| Name | Description | Value | | ---------------------------------- | ----------------------------------------------------------------- | ------- | -| `mariadb.auth.username` | Username of new user to create. | `gitea` | +| `mariadb.enabled` | Enable MariaDB | `false` | +| `mariadb.auth.database` | Name of the database to create. | `gitea` | +| `mariadb.auth.username` | Username of the new user to create. | `gitea` | | `mariadb.auth.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | -| `mariadb.auth.database` | Name for new database to create. | `gitea` | | `mariadb.auth.rootPassword` | Password for the root user. | `gitea` | | `mariadb.primary.service.port` | Port to connect to MariaDB service | `3306` | | `mariadb.primary.persistence.size` | Persistence size for MariaDB | `10Gi` | -| `mariadb.enabled` | Enable MariaDB dependency | `false` | + +### Advanced + +| Name | Description | Value | +| ------------------ | ---------------------------------------------------- | ------ | +| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | ## Local development & testing diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 9618d84..742abd8 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -244,17 +244,17 @@ spec: - name: profiler containerPort: 6060 {{- end }} - {{- if .Values.gitea.livenessProbe }} + {{- if .Values.gitea.livenessProbe.enabled }} livenessProbe: - {{- toYaml .Values.gitea.livenessProbe | nindent 12 }} + {{- toYaml (omit .Values.gitea.livenessProbe "enabled") | nindent 12 }} {{- end }} - {{- if .Values.gitea.readinessProbe }} + {{- if .Values.gitea.readinessProbe.enabled }} readinessProbe: - {{- toYaml .Values.gitea.readinessProbe | nindent 12 }} + {{- toYaml (omit .Values.gitea.readinessProbe "enabled") | nindent 12 }} {{- end }} - {{- if .Values.gitea.startupProbe }} + {{- if .Values.gitea.startupProbe.enabled }} startupProbe: - {{- toYaml .Values.gitea.startupProbe | nindent 12 }} + {{- toYaml (omit .Values.gitea.startupProbe "enabled") | nindent 12 }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/values.yaml b/values.yaml index 5c86cd4..b01e424 100644 --- a/values.yaml +++ b/values.yaml @@ -1,6 +1,11 @@ # Default values for gitea. # This is a YAML-formatted file. # Declare variables to be passed into your templates. +## @section Global +# +## @param global.imageRegistry global image registry override +## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` +## @param global.storageClass global storage class override global: imageRegistry: "" ## E.g. @@ -10,23 +15,36 @@ global: imagePullSecrets: [] storageClass: "" +## @param replicaCount number of replicas for the statefulset replicaCount: 1 +## @param clusterDomain cluster domain clusterDomain: cluster.local +## @section Image +## @param image.registry image registry, e.g. gcr.io,docker.io +## @param image.repository Image to start for this pod +## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) +## @param image.pullPolicy Image pull policy +## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher image: + registry: "" repository: gitea/gitea # Overrides the image tag whose default is the chart appVersion. tag: "" pullPolicy: Always rootless: false # only possible when running 1.14 or later +## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] +## @section Security # Security context is only usable with rootless image due to image design +## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. podSecurityContext: fsGroup: 1000 +## @param containerSecurityContext Security context containerSecurityContext: {} # allowPrivilegeEscalation: false # capabilities: @@ -45,41 +63,77 @@ containerSecurityContext: {} # runAsNonRoot: true # runAsUser: 1000 -# DEPRECATED. The securityContext variable has been split two: -# - containerSecurityContext -# - podSecurityContext. +## @depracated The securityContext variable has been split two: +## - containerSecurityContext +## - podSecurityContext. +## @param securityContext Run init and Gitea containers as a specific securityContext securityContext: {} +## @section Service service: + ## @param service.http.type Kubernetes service type for web traffic + ## @param service.http.port Port number for web traffic + ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None + ## @param service.http.loadBalancerIP LoadBalancer IP setting + ## @param service.http.nodePort NodePort for http service + ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.http.externalIPs External IPs for service + ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy + ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer + ## @param service.http.annotations HTTP service annotations http: type: ClusterIP port: 3000 clusterIP: None - #loadBalancerIP: - #nodePort: - #externalTrafficPolicy: - #externalIPs: - #ipFamilyPolicy: - #ipFamilies: + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: loadBalancerSourceRanges: [] - annotations: + annotations: {} + ## @param service.ssh.type Kubernetes service type for ssh traffic + ## @param service.ssh.port Port number for ssh traffic + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None + ## @param service.ssh.loadBalancerIP LoadBalancer IP setting + ## @param service.ssh.nodePort NodePort for ssh service + ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.ssh.externalIPs External IPs for service + ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy + ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.ssh.hostPort HostPort for ssh service + ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer + ## @param service.ssh.annotations SSH service annotations ssh: type: ClusterIP port: 22 clusterIP: None - #loadBalancerIP: - #nodePort: - #externalTrafficPolicy: - #externalIPs: - #ipFamilyPolicy: - #ipFamilies: - #hostPort: + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + hostPort: loadBalancerSourceRanges: [] - annotations: + annotations: {} + +## @section Ingress +## @param ingress.enabled Enable ingress +## @param ingress.className Ingress class name +## @param ingress.annotations Ingress annotations +## @param ingress.hosts[0].host Default Ingress host +## @param ingress.hosts[0].paths[0].path Default Ingress path +## @param ingress.hosts[0].paths[0].pathType Ingress path type +## @param ingress.tls Ingress tls settings +## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. ingress: enabled: false # className: nginx + className: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" @@ -96,6 +150,9 @@ ingress: # If helm doesn't correctly detect your ingress API version you can set it here. # apiVersion: networking.k8s.io/v1 +## @section StatefulSet +# +## @param resources Kubernetes resources resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -111,14 +168,22 @@ resources: {} ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## -# schedulerName: +## @param schedulerName Use an alternate scheduler, e.g. "stork" +schedulerName: "" +## @param nodeSelector NodeSelector for the statefulset nodeSelector: {} +## @param tolerations Tolerations for the statefulset tolerations: [] +## @param affinity Affinity for the statefulset affinity: {} +## @param statefulset.env Additional environment variables to pass to containers +## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod +## @param statefulset.labels Labels for the statefulset +## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created statefulset: env: [] # - name: VARIABLE @@ -127,18 +192,28 @@ statefulset: labels: {} annotations: {} +## @section Persistence +# +## @param persistence.enabled Enable persistent storage +## @param persistence.existingClaim Use an existing claim to store repository information +## @param persistence.size Size for persistence to store repo information +## @param persistence.accessModes AccessMode for persistence +## @param persistence.labels Labels for the persistence volume claim to be created +## @param persistence.annotations Annotations for the persistence volume claim to be created +## @param persistence.storageClass Name of the storage class to use +## @param persistence.subPath Subdirectory of the volume to mount at persistence: enabled: true - # existingClaim: + existingClaim: size: 10Gi accessModes: - ReadWriteOnce labels: {} annotations: {} - # storageClass: - # subPath: + storageClass: + subPath: -# additional volumes to add to the Gitea statefulset. +## @param extraVolumes Additional volumes to mount to the Gitea statefulset extraVolumes: # - name: postgres-ssl-vol # secret: @@ -148,12 +223,14 @@ extraVolumes: # additional volumes to mount, both to the init container and to the main # container. As an example, can be used to mount a client cert when connecting # to an external Postgres server. +## @param extraVolumeMounts Additional volume mounts for the Gitea containers extraVolumeMounts: # - name: postgres-ssl-vol # readOnly: true # mountPath: "/pg-ssl" -# bash shell script copied verbatim to the start of the init-container. +## @section Init +## @param initPreScript Bash shell script copied verbatim to the start of the init-container. initPreScript: "" # # initPreScript: | @@ -163,17 +240,30 @@ initPreScript: "" # chmod 400 /data/git/.postgresql/postgresql.key # Configure commit/action signing prerequisites +## @section Signing +# +## @param signing.enabled Enable commit/action signing +## @param signing.gpgHome GPG home directory signing: enabled: false gpgHome: /data/git/.gnupg +## @section Gitea +# gitea: + ## @param gitea.admin.username Username for the Gitea admin user + ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials + ## @param gitea.admin.password Password for the Gitea admin user + ## @param gitea.admin.email Email for the Gitea admin user admin: #existingSecret: gitea-admin-secret + existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: "gitea@local.domain" + ## @param gitea.metrics.enabled Enable Gitea metrics + ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor metrics: enabled: false serviceMonitor: @@ -181,6 +271,7 @@ gitea: # additionalLabels: # prometheus-release: prom1 + ## @param gitea.ldap LDAP configuration ldap: [] # - name: "LDAP 1" # existingSecret: @@ -197,6 +288,7 @@ gitea: # publicSSHKeyAttribute: # Either specify inline `key` and `secret` or refer to them via `existingSecret` + ## @param gitea.oauth OAuth configuration oauth: [] # - name: 'OAuth 1' # provider: @@ -210,6 +302,7 @@ gitea: # customProfileUrl: # customEmailUrl: + ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) config: {} # APP_NAME: "Gitea: Git with a cup of tea" # RUN_MODE: dev @@ -220,18 +313,31 @@ gitea: # security: # PASSWORD_COMPLEXITY: spec + ## @param gitea.additionalConfigSources Additional configuration from secret or configmap additionalConfigSources: [] # - secret: # secretName: gitea-app-ini-oauth # - configMap: # name: gitea-app-ini-plaintext + ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables additionalConfigFromEnvs: [] + ## @param gitea.podAnnotations Annotations for the Gitea pod podAnnotations: {} + ## @section LivenessProbe + # + ## @param gitea.livenessProbe.enabled Enable liveness probe + ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness + ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated + ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe + ## @param gitea.livenessProbe.periodSeconds Period for liveness probe + ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe + ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe # Modify the liveness probe for your needs or completely disable it by commenting out. livenessProbe: + enabled: true tcpSocket: port: http initialDelaySeconds: 200 @@ -240,8 +346,18 @@ gitea: successThreshold: 1 failureThreshold: 10 + ## @section ReadinessProbe + # + ## @param gitea.readinessProbe.enabled Enable readiness probe + ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness + ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated + ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe + ## @param gitea.readinessProbe.periodSeconds Period for readiness probe + ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe + ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: + enabled: true tcpSocket: port: http initialDelaySeconds: 5 @@ -251,20 +367,42 @@ gitea: failureThreshold: 3 # # Uncomment the startup probe to enable and modify it for your needs. - # startupProbe: - # tcpSocket: - # port: http - # initialDelaySeconds: 60 - # timeoutSeconds: 1 - # periodSeconds: 10 - # successThreshold: 1 - # failureThreshold: 10 + ## @section StartupProbe + # + ## @param gitea.startupProbe.enabled Enable startup probe + ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup + ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated + ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe + ## @param gitea.startupProbe.periodSeconds Period for startup probe + ## @param gitea.startupProbe.successThreshold Success threshold for startup probe + ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe + startupProbe: + enabled: false + tcpSocket: + port: http + initialDelaySeconds: 60 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 +## @section Memcached +# +## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. +## @param memcached.service.port Port for memcached memcached: enabled: true service: port: 11211 +## @section PostgreSQL +# +## @param postgresql.enabled Enable PostgreSQL +## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase) +## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername) +## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword) +## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port) +## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume postgresql: enabled: true global: @@ -276,6 +414,15 @@ postgresql: persistence: size: 10Gi +## @section MySQL +# +## @param mysql.enabled Enable MySQL +## @param mysql.root.password Password for the root user. Ignored if existing secret is provided +## @param mysql.db.user Username of new user to create. +## @param mysql.db.password Password for the new user.Ignored if existing secret is provided +## @param mysql.db.name Name for new database to create. +## @param mysql.service.port Port to connect to MySQL service +## @param mysql.persistence.size PVC Storage Request for MySQL volume mysql: enabled: false root: @@ -289,6 +436,15 @@ mysql: persistence: size: 10Gi +## @section MariaDB +# +## @param mariadb.enabled Enable MariaDB +## @param mariadb.auth.database Name of the database to create. +## @param mariadb.auth.username Username of the new user to create. +## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided +## @param mariadb.auth.rootPassword Password for the root user. +## @param mariadb.primary.service.port Port to connect to MariaDB service +## @param mariadb.primary.persistence.size Persistence size for MariaDB mariadb: enabled: false auth: @@ -304,4 +460,6 @@ mariadb: # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # Set it to false to skip this basic validation check. +## @section Advanced +## @param checkDeprecation Set it to false to skip this basic validation check. checkDeprecation: true