# Default values for gitea. # This is a YAML-formatted file. # Declare variables to be passed into your templates. ## @section Global # ## @param global.imageRegistry global image registry override ## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` ## @param global.storageClass global storage class override ## @param global.hostAliases global hostAliases which will be added to the pod's hosts files global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "longhorn" hostAliases: [] # - ip: 192.168.137.2 # hostnames: # - example.com ## @param replicaCount number of replicas for the deployment replicaCount: 1 ## @section strategy ## @param strategy.type strategy type ## @param strategy.rollingUpdate.maxSurge maxSurge ## @param strategy.rollingUpdate.maxUnavailable maxUnavailable strategy: type: "RollingUpdate" rollingUpdate: maxSurge: "100%" maxUnavailable: 0 ## @param clusterDomain cluster domain clusterDomain: cluster.local ## @section Image ## @param image.registry image registry, e.g. gcr.io,docker.io ## @param image.repository Image to start for this pod ## @param image.tag Visit: [Image tag](https://code.forgejo.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml. ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.pullPolicy Image pull policy ## @param image.rootless Wether or not to pull the rootless version of Forgejo ## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** image: registry: code.forgejo.org repository: forgejo/forgejo # Overrides the image tag whose default is the chart appVersion. tag: "" digest: "" pullPolicy: IfNotPresent rootless: true fullOverride: "" ## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] ## @section Security # Security context is only usable with rootless image due to image design ## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. podSecurityContext: fsGroup: 1000 ## @param containerSecurityContext Security context containerSecurityContext: {} # allowPrivilegeEscalation: false # capabilities: # drop: # - ALL # # Add the SYS_CHROOT capability for root and rootless images if you intend to # # run pods on nodes that use the container runtime cri-o. Otherwise, you will # # get an error message from the SSH server that it is not possible to read from # # the repository. # # https://gitea.com/gitea/helm-chart/issues/161 # add: # - SYS_CHROOT # privileged: false # readOnlyRootFilesystem: true # runAsGroup: 1000 # runAsNonRoot: true # runAsUser: 1000 ## @deprecated The securityContext variable has been split two: ## - containerSecurityContext ## - podSecurityContext. ## @param securityContext Run init and Forgejo containers as a specific securityContext securityContext: {} ## @param podDisruptionBudget Pod disruption budget podDisruptionBudget: {} # maxUnavailable: 1 # minAvailable: 1 ## @section Service service: ## @param service.http.type Kubernetes service type for web traffic ## @param service.http.port Port number for web traffic ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None ## @param service.http.loadBalancerIP LoadBalancer IP setting ## @param service.http.nodePort NodePort for http service ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation ## @param service.http.externalIPs External IPs for service ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations ## @param service.http.labels HTTP service additional labels ## @param service.http.loadBalancerClass Loadbalancer class http: type: ClusterIP port: 3000 clusterIP: None loadBalancerIP: nodePort: externalTrafficPolicy: externalIPs: ipFamilyPolicy: ipFamilies: loadBalancerSourceRanges: [] annotations: {} labels: {} loadBalancerClass: ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None ## @param service.ssh.loadBalancerIP LoadBalancer IP setting ## @param service.ssh.nodePort NodePort for ssh service ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation ## @param service.ssh.externalIPs External IPs for service ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). ## @param service.ssh.hostPort HostPort for ssh service ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations ## @param service.ssh.labels SSH service additional labels ## @param service.ssh.loadBalancerClass Loadbalancer class ssh: type: ClusterIP port: 22 clusterIP: None loadBalancerIP: nodePort: externalTrafficPolicy: externalIPs: ipFamilyPolicy: ipFamilies: hostPort: loadBalancerSourceRanges: [] annotations: {} labels: {} loadBalancerClass: ## @section Ingress ## @param ingress.enabled Enable ingress ## @param ingress.className Ingress class name ## @param ingress.annotations Ingress annotations ## @param ingress.hosts[0].host Default Ingress host ## @param ingress.hosts[0].paths[0].path Default Ingress path ## @param ingress.hosts[0].paths[0].pathType Ingress path type ## @param ingress.tls Ingress tls settings ## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. ingress: enabled: true # className: nginx className: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: git.example.com paths: - path: / pathType: Prefix tls: [] # - secretName: chart-example-tls # hosts: # - git.example.com # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar # If helm doesn't correctly detect your ingress API version you can set it here. # apiVersion: networking.k8s.io/v1 ## @section deployment # ## @param resources Kubernetes resources resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## ## @param schedulerName Use an alternate scheduler, e.g. "stork" schedulerName: "" ## @param nodeSelector NodeSelector for the deployment nodeSelector: {} ## @param tolerations Tolerations for the deployment tolerations: [] ## @param affinity Affinity for the deployment affinity: {} ## @param topologySpreadConstraints TopologySpreadConstraints for the deployment topologySpreadConstraints: [] ## @param dnsConfig dnsConfig for the deployment dnsConfig: {} ## @param priorityClassName priorityClassName for the deployment priorityClassName: "" ## @param deployment.env Additional environment variables to pass to containers ## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod ## @param deployment.labels Labels for the deployment ## @param deployment.annotations Annotations for the Forgejo deployment to be created deployment: env: [] # - name: VARIABLE # value: my-value terminationGracePeriodSeconds: 60 labels: {} annotations: {} ## @section ServiceAccount ## @param serviceAccount.create Enable the creation of a ServiceAccount ## @param serviceAccount.name Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. ## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount ## @param serviceAccount.annotations Custom annotations for the ServiceAccount ## @param serviceAccount.labels Custom labels for the ServiceAccount serviceAccount: create: false name: "" automountServiceAccountToken: false imagePullSecrets: [] # - name: private-registry-access annotations: {} labels: {} ## @section Persistence # ## @param persistence.enabled Enable persistent storage ## @param persistence.create Whether to create the persistentVolumeClaim for shared storage ## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created) ## @param persistence.claimName Use an existing claim to store repository information ## @param persistence.size Size for persistence to store repo information ## @param persistence.accessModes AccessMode for persistence ## @param persistence.labels Labels for the persistence volume claim to be created ## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim ## @param persistence.storageClass Name of the storage class to use ## @param persistence.subPath Subdirectory of the volume to mount at ## @param persistence.volumeName Name of persistent volume in PVC persistence: enabled: true create: true mount: true claimName: gitea-shared-storage size: 10Gi accessModes: - ReadWriteOnce labels: {} storageClass: subPath: volumeName: "" annotations: helm.sh/resource-policy: keep ## @param extraVolumes Additional volumes to mount to the Forgejo deployment extraVolumes: [] # - name: postgres-ssl-vol # secret: # secretName: gitea-postgres-ssl ## @param extraContainerVolumeMounts Mounts that are only mapped into the Forgejo runtime/main container, to e.g. override custom templates. extraContainerVolumeMounts: [] ## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. extraInitVolumeMounts: [] ## @deprecated The extraVolumeMounts variable has been split two: ## - extraContainerVolumeMounts ## - extraInitVolumeMounts ## As an example, can be used to mount a client cert when connecting to an external Postgres server. ## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Forgejo main container extraVolumeMounts: [] # - name: postgres-ssl-vol # readOnly: true # mountPath: "/pg-ssl" ## @section Init ## @param initPreScript Bash shell script copied verbatim to the start of the init-container. initPreScript: "" # # initPreScript: | # mkdir -p /data/git/.postgresql # cp /pg-ssl/* /data/git/.postgresql/ # chown -R git:git /data/git/.postgresql/ # chmod 400 /data/git/.postgresql/postgresql.key ## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers ## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers ## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers initContainers: resources: limits: {} requests: cpu: 100m memory: 128Mi # Configure commit/action signing prerequisites ## @section Signing # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory ## @param signing.privateKey Inline private gpg key for signed internal Git activity ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false gpgHome: /data/git/.gnupg privateKey: "" # privateKey: |- # -----BEGIN PGP PRIVATE KEY BLOCK----- # ... # -----END PGP PRIVATE KEY BLOCK----- existingSecret: "" ## @section Gitea # gitea: ## @param gitea.admin.username Username for the Forgejo admin user ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.password Password for the Forgejo admin user ## @param gitea.admin.email Email for the Forgejo admin user ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: # existingSecret: gitea-admin-secret username: gitea_admin password: r8sA8CPHD9!bt6d email: "gitea@local.domain" passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Forgejo metrics ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor metrics: enabled: false serviceMonitor: enabled: false # additionalLabels: # prometheus-release: prom1 ## @param gitea.ldap LDAP configuration ldap: [] # - name: "LDAP 1" # existingSecret: # securityProtocol: # host: # port: # userSearchBase: # userFilter: # adminFilter: # emailAttribute: # bindDn: # bindPassword: # usernameAttribute: # publicSSHKeyAttribute: # Either specify inline `key` and `secret` or refer to them via `existingSecret` ## @param gitea.oauth OAuth configuration oauth: [] # - name: 'OAuth 1' # provider: # key: # secret: # existingSecret: # autoDiscoverUrl: # useCustomUrls: # customAuthUrl: # customTokenUrl: # customProfileUrl: # customEmailUrl: ## @param gitea.additionalConfigSources Additional configuration from secret or configmap additionalConfigSources: [] # - secret: # secretName: gitea-app-ini-oauth # - configMap: # name: gitea-app-ini-plaintext ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables additionalConfigFromEnvs: [] ## @param gitea.podAnnotations Annotations for the Forgejo pod podAnnotations: {} ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Forgejo image. ssh: logLevel: "INFO" ## @section `app.ini` overrides ## @descriptionStart ## ## Every value described in the [Cheat ## Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/) can be ## set as a Helm value. Configuration sections map to (lowercased) YAML ## blocks, while the keys themselves remain in all caps. ## ## @descriptionEnd config: # values in the DEFAULT section # (https://forgejo.org/docs/latest/admin/config-cheat-sheet/#overall-default) # are un-namespaced ## @param gitea.config.APP_NAME Application name, used in the page title APP_NAME: "Forgejo: Beyond coding. We forge." ## @param gitea.config.RUN_MODE Application run mode, affects performance and debugging: `dev` or `prod` RUN_MODE: prod ## @param gitea.config.repository General repository settings repository: {} ## @param gitea.config.cors Cross-origin resource sharing settings cors: {} ## @param gitea.config.ui User interface settings ui: {} ## @param gitea.config.markdown Markdown parser settings markdown: {} ## @param gitea.config.server [object] General server settings server: SSH_PORT: 22 # rootful image SSH_LISTEN_PORT: 2222 # rootless image ## @param gitea.config.database Database configuration (only necessary with an [externally managed DB](https://code.forgejo.org/forgejo-helm/forgejo-helm#external-database)). database: {} ## @param gitea.config.indexer Settings for what content is indexed and how indexer: {} ## @param gitea.config.queue Job queue configuration queue: {} ## @param gitea.config.admin Admin user settings admin: {} ## @param gitea.config.security Site security settings security: {} ## @param gitea.config.camo Settings for the [camo](https://github.com/cactus/go-camo) media proxy server (disabled by default) camo: {} ## @param gitea.config.openid Configuration for authentication with OpenID (disabled by default) openid: {} ## @param gitea.config.oauth2_client OAuth2 client settings oauth2_client: {} ## @param gitea.config.service Configuration for miscellaneous Forgejo services service: {} ## @param gitea.config.ssh.minimum_key_sizes SSH minimum key sizes ssh.minimum_key_sizes: {} ## @param gitea.config.webhook Webhook settings webhook: {} ## @param gitea.config.mailer Mailer configuration (disabled by default) mailer: {} ## @param gitea.config.email.incoming Configuration for handling incoming mail (disabled by default) email.incoming: {} ## @param gitea.config.cache Cache configuration cache: {} ## @param gitea.config.session Session/cookie handling session: {} ## @param gitea.config.picture User avatar settings picture: {} ## @param gitea.config.project Project board defaults project: {} ## @param gitea.config.attachment Issue and PR attachment configuration attachment: {} ## @param gitea.config.log Logging configuration log: {} ## @param gitea.config.cron Cron job configuration cron: {} ## @param gitea.config.git Global settings for Git git: {} ## @param gitea.config.metrics Settings for the Prometheus endpoint (disabled by default) metrics: {} ## @param gitea.config.api Settings for the Swagger API documentation endpoints api: {} ## @param gitea.config.oauth2 Settings for the [OAuth2 provider](https://forgejo.org/docs/latest/admin/oauth2-provider/) oauth2: {} ## @param gitea.config.i18n Internationalization settings i18n: {} ## @param gitea.config.markup Configuration for advanced markup processors markup: {} ## @param gitea.config.highlight.mapping File extension to language mapping overrides for syntax highlighting highlight.mapping: {} ## @param gitea.config.time Locale settings time: {} ## @param gitea.config.migrations Settings for Git repository migrations migrations: {} ## @param gitea.config.federation Federation configuration federation: {} ## @param gitea.config.packages Package registry settings packages: {} ## @param gitea.config.mirror Configuration for repository mirroring mirror: {} ## @param gitea.config.lfs Large File Storage configuration lfs: {} ## @param gitea.config.repo-avatar Repository avatar storage configuration repo-avatar: {} ## @param gitea.config.avatar User/org avatar storage configuration avatar: {} ## @param gitea.config.storage General storage settings storage: {} ## @param gitea.config.proxy Proxy configuration (disabled by default) proxy: {} ## @param gitea.config.actions Configuration for [Forgejo Actions](https://forgejo.org/docs/latest/user/actions/) actions: {} ## @param gitea.config.other Uncategorized configuration options other: {} ## @section LivenessProbe # ## @param gitea.livenessProbe.enabled Enable liveness probe ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe ## @param gitea.livenessProbe.periodSeconds Period for liveness probe ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe # Modify the liveness probe for your needs or completely disable it by commenting out. livenessProbe: enabled: true tcpSocket: port: http initialDelaySeconds: 200 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 ## @section ReadinessProbe # ## @param gitea.readinessProbe.enabled Enable readiness probe ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe ## @param gitea.readinessProbe.periodSeconds Period for readiness probe ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: enabled: true tcpSocket: port: http initialDelaySeconds: 5 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 # # Uncomment the startup probe to enable and modify it for your needs. ## @section StartupProbe # ## @param gitea.startupProbe.enabled Enable startup probe ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe ## @param gitea.startupProbe.periodSeconds Period for startup probe ## @param gitea.startupProbe.successThreshold Success threshold for startup probe ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe startupProbe: enabled: false tcpSocket: port: http initialDelaySeconds: 60 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 ## @section Redis® Cluster ## @descriptionStart ## Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. ## Complete Configuration can be taken from their website. ## Redis cluster and [Redis](#redis) cannot be enabled at the same time. ## @descriptionEnd # ## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas redis-cluster: enabled: true usePassword: false cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 ## @section Redis® ## @descriptionStart ## Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. ## Complete Configuration can be taken from their website. ## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. ## @descriptionEnd # ## @param redis.enabled Enable redis standalone or replicated ## @param redis.architecture Whether to use standalone or replication ## @param redis.global.redis.password Required password ## @param redis.master.count Number of Redis master instances to deploy redis: enabled: false architecture: standalone global: redis: password: changeme master: count: 1 ## @section PostgreSQL HA ## @descriptionStart ## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. ## Complete Configuration can be taken from their website. ## @descriptionEnd # ## @param postgresql-ha.enabled Enable PostgreSQL HA chart ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) ## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`) ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) ## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume postgresql-ha: global: postgresql: database: gitea password: gitea username: gitea enabled: false postgresql: repmgrPassword: changeme2 postgresPassword: changeme1 password: changeme4 pgpool: adminPassword: changeme3 service: ports: postgresql: 5432 primary: persistence: size: 10Gi ## @section PostgreSQL ## @descriptionStart ## PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. ## Complete Configuration can be taken from their website. ## @descriptionEnd # ## @param postgresql.enabled Enable PostgreSQL ## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume postgresql: enabled: true global: postgresql: auth: password: gitea database: gitea username: gitea service: ports: postgresql: 5432 primary: persistence: size: 10Gi # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # Set it to false to skip this basic validation check. ## @section Advanced ## @param checkDeprecation Set it to false to skip this basic validation check. ## @param test.enabled Set it to false to disable test-connection Pod. ## @param test.image.name Image name for the wget container used in the test-connection Pod. ## @param test.image.tag Image tag for the wget container used in the test-connection Pod. checkDeprecation: true test: enabled: true image: name: busybox tag: latest ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: []