To use an external database, disable the in-pod database and fill in the "externalDB" values:
```yaml
mariadb:
enabled: false
#Connect to an external database
externalDB:
dbUser: "postgres"
dbPassword: "<MY_PASSWORD>"
dbHost: "db-service-name.namespace.svc.cluster.local" # or some external host
dbPort: "5432"
dbDatabase: "gitea"
```
## Persistent Data
By default, persistent data is not enabled and thus you'll have to enable it from within the `values.yaml`.
Unless otherwise set to true, data will be deleted when the Pod is restarted.
To prevent data loss, we will enable persistent data.
First, enable persistency:
```yaml
persistence:
enabled: true
```
If you wish for helm **NOT** to replace data when re-deploying (updating the chart), add the `resource-policy` annotation:
```yaml
persistence:
annotations:
"helm.sh/resource-policy": keep
```
To use a previously created PVC / volume, use the following:
```yaml
existingGiteaClaim: gitea-gitea
```
## Ingress And External Host/Ports
Gitea requires ports to be exposed for accessibility. The recommended way is using **ingress**, however, you can supply `LoadBalancer` to your values alternatively.
By default, we expose via an ingress:
To expose via an ingress:
```yaml
ingress:
enabled: true
```
To expose the web application this chart will generate an ingress using the ingress controller of choice if specified. If an ingress is enabled services.http.externalHost must be specified. To expose SSH services it relies on either a LoadBalancer or NodePort.
## Upgrading
When upgrading, make sure you have the following enabled:
- Due to using the [bitnami/mariadb](https://github.com/helm/charts/tree/master/stable/mariadb) chart, make sure to HARDCODE your passwords within `values.yaml`,
or (better) set them in a separate secret named in mariadb.existingSecret. Or else you'll be unable to update mariadb
## Secrets
Secret values (database passwords, Gitea internal secrets / tokens) are passed to the containers using Kubernetes secrets.
These secrets can be automatically created using parameters from values.yaml or created externally and specified by name.
### MariaDB
If using the default MariaDB database, create the secret per the bitnami mariadb chart and specify its name in `mariadb.existingSecret`.
The secret will be created automatically if unspecified or if the password is supplied via `values.yaml`.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: RELEASE-NAME-mariadb
type: Opaque
data:
mariadb-root-password: "<base64-encodedpassword>"
mariadb-password: "<base64-encodedpassword>"
```
### ExternalDB
If using a different database, specify the secret name in `externalDB.secretName`.
If this secret is shared with the database itself and has the password in a key other than `db-password`, you can specify the key name via `externalDB.passwordKey`.
The secret will be created automatically if the password is supplied via `values.yaml`.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: RELEASE-NAME-externaldb
type: Opaque
data:
db-password: "<base64-encodedpassword>"
```
### Gitea Secrets
Gitea requires a number of internal secret tokens, which can be supplied via an externally-created secret or via `values.yaml`.
If they are not supplied, they will be auto-generated by the init container, and will change on upgrades.
Gitea requires particular encoding for some of these so they should be generated using `gitea generate secret`.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: RELEASE-NAME
type: Opaque
data:
secret-key: "base64-encoded secret"
jwt-secret: "base64-encoded secret"
lfs-jwt-secret: "base64-encoded secret"
internal-token: "base64-encoded secret"
```
## Immutable Configuration
If `config.immutableConfig` is `true`, the Gitea `app.ini` is regenerated each time the init container runs and is set as read-only.
If it is `false`, then `app.ini` is generated only on first install and is editable by Gitea.
| `images.pullSecrets` | Specify an array of pull secrets | `[]` |
| `memcached.maxItemMemory` | Max item memory | `64` |
| `memcached.verbosity` | Verbosity | `v` |
| `memcached.extendedOptions` | Extended options for memcached | `modern` |
| `ingress.enabled` | Switch to create ingress for this chart deployment | `true` |
| `ingress.hostname ` | Hostname to be used for the ingress | `gitea.local` |
| `ingress.certManager` | Asks if we want to use cert-manager or not (let's encrypt, etc.) | `true` |
| `ingress.annotations` | Annotations used by the ingress | `[]` |
| `ingress.hosts ` | Additional hosts to be used by the ingress | `[]` |
| `ingress.tls ` | TLS secret keys to be used with Gitea | `[]` |
| `service.http.serviceType` | type of kubernetes services used for http i.e. ClusterIP, NodePort or LoadBalancer | `ClusterIP` |
| `service.http.port` | http port for web traffic | `3000` |
| `service.http.NodePort` | Manual NodePort for web traffic | `nil` |
| `service.http.externalPort` | Port exposed on the internet by a load balancer or firewall that redirects to the ingress or NodePort | `8280` |
| `service.http.externalHost` | IP or DNS name exposed on the internet by a load balancer or firewall that redirects to the ingress or Node for http traffic | `gitea.local` |
| `service.ssh.serviceType` | type of kubernetes services used for ssh i.e. ClusterIP, NodePort or LoadBalancer | `ClusterIP` |
| `service.ssh.port` | http port for web traffic | `22` |
| `service.ssh.externalPort` | Port exposed on the internet by a load balancer or firewall that redirects to the ingress or NodePort | `nil` |
| `service.ssh.externalHost` | IP or DNS name exposed on the internet by a load balancer or firewall that redirects to the ingress or Node for http traffic | `gitea.local` |