mirror of
https://gitea.com/gitea/helm-chart.git
synced 2024-06-02 02:11:23 +05:30
55b22d2225
Signed-off-by: Cyril Jouve <jv.cyril@gmail.com> <!-- Before you open the request please review the following guidelines and tips to help it be more easily integrated: - Describe the scope of your change - i.e. what the change does. - Describe any known limitations with your change. - Please run any tests or examples that can exercise your modified code. Thank you for contributing! We will try to review, test and integrate the change as soon as we can. --> ### Description of the change <!-- Describe the scope of your change - i.e. what the change does. --> add a new value `extraDeploy` to add arbitrary resources inspired by bitnami charts ([example](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml#L58) ### Benefits <!-- What benefits will be realized by the code change? --> with the change, I can deploy additional resources and keep them consistent with the chart (reuse macro, same labels, etc)., same workflow (helm upgrade), etc ### Possible drawbacks <!-- Describe any known limitations with your change --> ### Additional information <!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. --> ### Checklist <!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] --> - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Co-authored-by: pat-s <pat-s@noreply.gitea.io> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/441 Reviewed-by: pat-s <pat-s@noreply.gitea.io> Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-authored-by: Cyril Jouve <jv.cyril@gmail.com> Co-committed-by: Cyril Jouve <jv.cyril@gmail.com>
490 lines
18 KiB
YAML
490 lines
18 KiB
YAML
# Default values for gitea.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
## @section Global
|
|
#
|
|
## @param global.imageRegistry global image registry override
|
|
## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
|
|
## @param global.storageClass global storage class override
|
|
## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
|
|
global:
|
|
imageRegistry: ""
|
|
## E.g.
|
|
## imagePullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
imagePullSecrets: []
|
|
storageClass: ""
|
|
hostAliases: []
|
|
# - ip: 192.168.137.2
|
|
# hostnames:
|
|
# - example.com
|
|
|
|
## @param replicaCount number of replicas for the statefulset
|
|
replicaCount: 1
|
|
|
|
## @param clusterDomain cluster domain
|
|
clusterDomain: cluster.local
|
|
|
|
## @section Image
|
|
## @param image.registry image registry, e.g. gcr.io,docker.io
|
|
## @param image.repository Image to start for this pod
|
|
## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
|
|
## @param image.pullPolicy Image pull policy
|
|
## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
|
|
image:
|
|
registry: ""
|
|
repository: gitea/gitea
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: ""
|
|
pullPolicy: Always
|
|
rootless: false # only possible when running 1.14 or later
|
|
|
|
## @param imagePullSecrets Secret to use for pulling the image
|
|
imagePullSecrets: []
|
|
|
|
## @section Security
|
|
# Security context is only usable with rootless image due to image design
|
|
## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
|
|
## @param containerSecurityContext Security context
|
|
containerSecurityContext: {}
|
|
# allowPrivilegeEscalation: false
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# # Add the SYS_CHROOT capability for root and rootless images if you intend to
|
|
# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
|
|
# # get an error message from the SSH server that it is not possible to read from
|
|
# # the repository.
|
|
# # https://gitea.com/gitea/helm-chart/issues/161
|
|
# add:
|
|
# - SYS_CHROOT
|
|
# privileged: false
|
|
# readOnlyRootFilesystem: true
|
|
# runAsGroup: 1000
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
## @deprecated The securityContext variable has been split two:
|
|
## - containerSecurityContext
|
|
## - podSecurityContext.
|
|
## @param securityContext Run init and Gitea containers as a specific securityContext
|
|
securityContext: {}
|
|
|
|
## @section Service
|
|
service:
|
|
## @param service.http.type Kubernetes service type for web traffic
|
|
## @param service.http.port Port number for web traffic
|
|
## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
|
|
## @param service.http.loadBalancerIP LoadBalancer IP setting
|
|
## @param service.http.nodePort NodePort for http service
|
|
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
|
|
## @param service.http.externalIPs External IPs for service
|
|
## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
|
|
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
|
|
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
|
|
## @param service.http.annotations HTTP service annotations
|
|
http:
|
|
type: ClusterIP
|
|
port: 3000
|
|
clusterIP: None
|
|
loadBalancerIP:
|
|
nodePort:
|
|
externalTrafficPolicy:
|
|
externalIPs:
|
|
ipFamilyPolicy:
|
|
ipFamilies:
|
|
loadBalancerSourceRanges: []
|
|
annotations: {}
|
|
## @param service.ssh.type Kubernetes service type for ssh traffic
|
|
## @param service.ssh.port Port number for ssh traffic
|
|
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
|
|
## @param service.ssh.loadBalancerIP LoadBalancer IP setting
|
|
## @param service.ssh.nodePort NodePort for ssh service
|
|
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
|
|
## @param service.ssh.externalIPs External IPs for service
|
|
## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
|
|
## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
|
|
## @param service.ssh.hostPort HostPort for ssh service
|
|
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
|
|
## @param service.ssh.annotations SSH service annotations
|
|
ssh:
|
|
type: ClusterIP
|
|
port: 22
|
|
clusterIP: None
|
|
loadBalancerIP:
|
|
nodePort:
|
|
externalTrafficPolicy:
|
|
externalIPs:
|
|
ipFamilyPolicy:
|
|
ipFamilies:
|
|
hostPort:
|
|
loadBalancerSourceRanges: []
|
|
annotations: {}
|
|
|
|
## @section Ingress
|
|
## @param ingress.enabled Enable ingress
|
|
## @param ingress.className Ingress class name
|
|
## @param ingress.annotations Ingress annotations
|
|
## @param ingress.hosts[0].host Default Ingress host
|
|
## @param ingress.hosts[0].paths[0].path Default Ingress path
|
|
## @param ingress.hosts[0].paths[0].pathType Ingress path type
|
|
## @param ingress.tls Ingress tls settings
|
|
## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
|
|
ingress:
|
|
enabled: false
|
|
# className: nginx
|
|
className:
|
|
annotations:
|
|
{}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: git.example.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - git.example.com
|
|
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
|
|
# If helm doesn't correctly detect your ingress API version you can set it here.
|
|
# apiVersion: networking.k8s.io/v1
|
|
|
|
## @section StatefulSet
|
|
#
|
|
## @param resources Kubernetes resources
|
|
resources:
|
|
{}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Use an alternate scheduler, e.g. "stork".
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
## @param schedulerName Use an alternate scheduler, e.g. "stork"
|
|
schedulerName: ""
|
|
|
|
## @param nodeSelector NodeSelector for the statefulset
|
|
nodeSelector: {}
|
|
|
|
## @param tolerations Tolerations for the statefulset
|
|
tolerations: []
|
|
|
|
## @param affinity Affinity for the statefulset
|
|
affinity: {}
|
|
|
|
## @param dnsConfig dnsConfig for the statefulset
|
|
dnsConfig: {}
|
|
|
|
## @param priorityClassName priorityClassName for the statefulset
|
|
priorityClassName: ""
|
|
|
|
## @param statefulset.env Additional environment variables to pass to containers
|
|
## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
|
|
## @param statefulset.labels Labels for the statefulset
|
|
## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
|
|
statefulset:
|
|
env:
|
|
[]
|
|
# - name: VARIABLE
|
|
# value: my-value
|
|
terminationGracePeriodSeconds: 60
|
|
labels: {}
|
|
annotations: {}
|
|
|
|
## @section Persistence
|
|
#
|
|
## @param persistence.enabled Enable persistent storage
|
|
## @param persistence.existingClaim Use an existing claim to store repository information
|
|
## @param persistence.size Size for persistence to store repo information
|
|
## @param persistence.accessModes AccessMode for persistence
|
|
## @param persistence.labels Labels for the persistence volume claim to be created
|
|
## @param persistence.annotations Annotations for the persistence volume claim to be created
|
|
## @param persistence.storageClass Name of the storage class to use
|
|
## @param persistence.subPath Subdirectory of the volume to mount at
|
|
persistence:
|
|
enabled: true
|
|
existingClaim:
|
|
size: 10Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
labels: {}
|
|
annotations: {}
|
|
storageClass:
|
|
subPath:
|
|
|
|
## @param extraVolumes Additional volumes to mount to the Gitea statefulset
|
|
extraVolumes: []
|
|
# - name: postgres-ssl-vol
|
|
# secret:
|
|
# secretName: gitea-postgres-ssl
|
|
|
|
## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
|
|
extraContainerVolumeMounts: []
|
|
|
|
## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
|
|
extraInitVolumeMounts: []
|
|
|
|
## @deprecated The extraVolumeMounts variable has been split two:
|
|
## - extraContainerVolumeMounts
|
|
## - extraInitVolumeMounts
|
|
## As an example, can be used to mount a client cert when connecting to an external Postgres server.
|
|
## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
|
|
extraVolumeMounts: []
|
|
# - name: postgres-ssl-vol
|
|
# readOnly: true
|
|
# mountPath: "/pg-ssl"
|
|
|
|
## @section Init
|
|
## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
|
|
initPreScript: ""
|
|
#
|
|
# initPreScript: |
|
|
# mkdir -p /data/git/.postgresql
|
|
# cp /pg-ssl/* /data/git/.postgresql/
|
|
# chown -R git:git /data/git/.postgresql/
|
|
# chmod 400 /data/git/.postgresql/postgresql.key
|
|
|
|
## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers
|
|
## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers
|
|
## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers
|
|
initContainers:
|
|
resources:
|
|
limits: {}
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
# Configure commit/action signing prerequisites
|
|
## @section Signing
|
|
#
|
|
## @param signing.enabled Enable commit/action signing
|
|
## @param signing.gpgHome GPG home directory
|
|
## @param signing.privateKey Inline private gpg key for signed Gitea actions
|
|
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
|
|
signing:
|
|
enabled: false
|
|
gpgHome: /data/git/.gnupg
|
|
privateKey: ""
|
|
# privateKey: |-
|
|
# -----BEGIN PGP PRIVATE KEY BLOCK-----
|
|
# ...
|
|
# -----END PGP PRIVATE KEY BLOCK-----
|
|
existingSecret: ""
|
|
|
|
## @section Gitea
|
|
#
|
|
gitea:
|
|
## @param gitea.admin.username Username for the Gitea admin user
|
|
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
|
|
## @param gitea.admin.password Password for the Gitea admin user
|
|
## @param gitea.admin.email Email for the Gitea admin user
|
|
admin:
|
|
# existingSecret: gitea-admin-secret
|
|
existingSecret:
|
|
username: gitea_admin
|
|
password: r8sA8CPHD9!bt6d
|
|
email: "gitea@local.domain"
|
|
|
|
## @param gitea.metrics.enabled Enable Gitea metrics
|
|
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
|
|
metrics:
|
|
enabled: false
|
|
serviceMonitor:
|
|
enabled: false
|
|
# additionalLabels:
|
|
# prometheus-release: prom1
|
|
|
|
## @param gitea.ldap LDAP configuration
|
|
ldap:
|
|
[]
|
|
# - name: "LDAP 1"
|
|
# existingSecret:
|
|
# securityProtocol:
|
|
# host:
|
|
# port:
|
|
# userSearchBase:
|
|
# userFilter:
|
|
# adminFilter:
|
|
# emailAttribute:
|
|
# bindDn:
|
|
# bindPassword:
|
|
# usernameAttribute:
|
|
# publicSSHKeyAttribute:
|
|
|
|
# Either specify inline `key` and `secret` or refer to them via `existingSecret`
|
|
## @param gitea.oauth OAuth configuration
|
|
oauth:
|
|
[]
|
|
# - name: 'OAuth 1'
|
|
# provider:
|
|
# key:
|
|
# secret:
|
|
# existingSecret:
|
|
# autoDiscoverUrl:
|
|
# useCustomUrls:
|
|
# customAuthUrl:
|
|
# customTokenUrl:
|
|
# customProfileUrl:
|
|
# customEmailUrl:
|
|
|
|
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
|
|
config: {}
|
|
# APP_NAME: "Gitea: Git with a cup of tea"
|
|
# RUN_MODE: dev
|
|
#
|
|
# server:
|
|
# SSH_PORT: 22
|
|
#
|
|
# security:
|
|
# PASSWORD_COMPLEXITY: spec
|
|
|
|
## @param gitea.additionalConfigSources Additional configuration from secret or configmap
|
|
additionalConfigSources: []
|
|
# - secret:
|
|
# secretName: gitea-app-ini-oauth
|
|
# - configMap:
|
|
# name: gitea-app-ini-plaintext
|
|
|
|
## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
|
|
additionalConfigFromEnvs: []
|
|
|
|
## @param gitea.podAnnotations Annotations for the Gitea pod
|
|
podAnnotations: {}
|
|
|
|
## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image.
|
|
ssh:
|
|
logLevel: "INFO"
|
|
|
|
## @section LivenessProbe
|
|
#
|
|
## @param gitea.livenessProbe.enabled Enable liveness probe
|
|
## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
|
|
## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
|
|
## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
|
|
## @param gitea.livenessProbe.periodSeconds Period for liveness probe
|
|
## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
|
|
## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
|
|
# Modify the liveness probe for your needs or completely disable it by commenting out.
|
|
livenessProbe:
|
|
enabled: true
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: 200
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 10
|
|
|
|
## @section ReadinessProbe
|
|
#
|
|
## @param gitea.readinessProbe.enabled Enable readiness probe
|
|
## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
|
|
## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
|
|
## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
|
|
## @param gitea.readinessProbe.periodSeconds Period for readiness probe
|
|
## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
|
|
## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
|
|
# Modify the readiness probe for your needs or completely disable it by commenting out.
|
|
readinessProbe:
|
|
enabled: true
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
|
|
# # Uncomment the startup probe to enable and modify it for your needs.
|
|
## @section StartupProbe
|
|
#
|
|
## @param gitea.startupProbe.enabled Enable startup probe
|
|
## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
|
|
## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
|
|
## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
|
|
## @param gitea.startupProbe.periodSeconds Period for startup probe
|
|
## @param gitea.startupProbe.successThreshold Success threshold for startup probe
|
|
## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
|
|
startupProbe:
|
|
enabled: false
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 10
|
|
|
|
## @section Memcached
|
|
#
|
|
## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
|
|
## ref: https://hub.docker.com/r/bitnami/memcached/tags/
|
|
## @param memcached.service.ports.memcached Port for Memcached
|
|
memcached:
|
|
enabled: true
|
|
# image:
|
|
# registry: docker.io
|
|
# repository: bitnami/memcached
|
|
# tag: ""
|
|
# digest: ""
|
|
# pullPolicy: IfNotPresent
|
|
# pullSecrets: []
|
|
service:
|
|
ports:
|
|
memcached: 11211
|
|
|
|
## @section PostgreSQL
|
|
#
|
|
## @param postgresql.enabled Enable PostgreSQL
|
|
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
|
|
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
|
|
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
|
|
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
|
|
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
|
|
postgresql:
|
|
enabled: true
|
|
global:
|
|
postgresql:
|
|
auth:
|
|
password: gitea
|
|
database: gitea
|
|
username: gitea
|
|
service:
|
|
ports:
|
|
postgresql: 5432
|
|
primary:
|
|
persistence:
|
|
size: 10Gi
|
|
|
|
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
|
|
# Set it to false to skip this basic validation check.
|
|
## @section Advanced
|
|
## @param checkDeprecation Set it to false to skip this basic validation check.
|
|
## @param test.enabled Set it to false to disable test-connection Pod.
|
|
## @param test.image.name Image name for the wget container used in the test-connection Pod.
|
|
## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
|
|
checkDeprecation: true
|
|
test:
|
|
enabled: true
|
|
image:
|
|
name: busybox
|
|
tag: latest
|
|
|
|
## @param extraDeploy Array of extra objects to deploy with the release
|
|
##
|
|
extraDeploy: []
|