mirror of
https://gitea.com/gitea/helm-chart.git
synced 2024-07-04 23:34:12 +02:00
c27140c4cb
With release 5.0.0 there are so many deprecations and breaking changes that it is probably a good way to assist the users with values migration before breaking their environments. This adds another template file that doesn't render anything but ensures the removal of dropped or deprecated settings from customized values files. For when it is necessary, this check can be disabled via new setting `checkDeprecation`. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/269 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
291 lines
6.6 KiB
YAML
291 lines
6.6 KiB
YAML
# Default values for gitea.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
replicaCount: 1
|
|
|
|
clusterDomain: cluster.local
|
|
|
|
image:
|
|
repository: gitea/gitea
|
|
tag: 1.15.4
|
|
pullPolicy: Always
|
|
rootless: false # only possible when running 1.14 or later
|
|
|
|
imagePullSecrets: []
|
|
|
|
# Security context is only usable with rootless image due to image design
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
|
|
containerSecurityContext: {}
|
|
# allowPrivilegeEscalation: false
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# # Add the SYS_CHROOT capability for root and rootless images if you intend to
|
|
# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
|
|
# # get an error message from the SSH server that it is not possible to read from
|
|
# # the repository.
|
|
# # https://gitea.com/gitea/helm-chart/issues/161
|
|
# add:
|
|
# - SYS_CHROOT
|
|
# privileged: false
|
|
# readOnlyRootFilesystem: true
|
|
# runAsGroup: 1000
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
# DEPRECATED. The securityContext variable has been split two:
|
|
# - containerSecurityContext
|
|
# - podSecurityContext.
|
|
securityContext: {}
|
|
|
|
service:
|
|
http:
|
|
type: ClusterIP
|
|
port: 3000
|
|
clusterIP: None
|
|
#loadBalancerIP:
|
|
#nodePort:
|
|
#externalTrafficPolicy:
|
|
#externalIPs:
|
|
loadBalancerSourceRanges: []
|
|
annotations:
|
|
ssh:
|
|
type: ClusterIP
|
|
port: 22
|
|
clusterIP: None
|
|
#loadBalancerIP:
|
|
#nodePort:
|
|
#externalTrafficPolicy:
|
|
#externalIPs:
|
|
loadBalancerSourceRanges: []
|
|
annotations:
|
|
|
|
ingress:
|
|
enabled: false
|
|
# className: nginx
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: git.example.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - git.example.com
|
|
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
|
|
# If helm doesn't correctly detect your ingress API version you can set it here.
|
|
# apiVersion: networking.k8s.io/v1
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Use an alternate scheduler, e.g. "stork".
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
# schedulerName:
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
statefulset:
|
|
env: []
|
|
# - name: VARIABLE
|
|
# value: my-value
|
|
terminationGracePeriodSeconds: 60
|
|
labels: {}
|
|
|
|
persistence:
|
|
enabled: true
|
|
# existingClaim:
|
|
size: 10Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
labels: {}
|
|
annotations: {}
|
|
# storageClass:
|
|
# subPath:
|
|
|
|
# additional volumes to add to the Gitea statefulset.
|
|
extraVolumes:
|
|
# - name: postgres-ssl-vol
|
|
# secret:
|
|
# secretName: gitea-postgres-ssl
|
|
|
|
|
|
# additional volumes to mount, both to the init container and to the main
|
|
# container. As an example, can be used to mount a client cert when connecting
|
|
# to an external Postgres server.
|
|
extraVolumeMounts:
|
|
# - name: postgres-ssl-vol
|
|
# readOnly: true
|
|
# mountPath: "/pg-ssl"
|
|
|
|
# bash shell script copied verbatim to the start of the init-container.
|
|
initPreScript: ""
|
|
#
|
|
# initPreScript: |
|
|
# mkdir -p /data/git/.postgresql
|
|
# cp /pg-ssl/* /data/git/.postgresql/
|
|
# chown -R git:git /data/git/.postgresql/
|
|
# chmod 400 /data/git/.postgresql/postgresql.key
|
|
|
|
# Configure commit/action signing prerequisites
|
|
signing:
|
|
enabled: false
|
|
gpgHome: /data/git/.gnupg
|
|
|
|
gitea:
|
|
admin:
|
|
#existingSecret: gitea-admin-secret
|
|
username: gitea_admin
|
|
password: r8sA8CPHD9!bt6d
|
|
email: "gitea@local.domain"
|
|
|
|
metrics:
|
|
enabled: false
|
|
serviceMonitor:
|
|
enabled: false
|
|
# additionalLabels:
|
|
# prometheus-release: prom1
|
|
|
|
ldap: []
|
|
# - name: "LDAP 1"
|
|
# existingSecret:
|
|
# securityProtocol:
|
|
# host:
|
|
# port:
|
|
# userSearchBase:
|
|
# userFilter:
|
|
# adminFilter:
|
|
# emailAttribute:
|
|
# bindDn:
|
|
# bindPassword:
|
|
# usernameAttribute:
|
|
# publicSSHKeyAttribute:
|
|
|
|
# Either specify inline `key` and `secret` or refer to them via `existingSecret`
|
|
oauth: []
|
|
# - name: 'OAuth 1'
|
|
# provider:
|
|
# key:
|
|
# secret:
|
|
# existingSecret:
|
|
# autoDiscoverUrl:
|
|
# useCustomUrls:
|
|
# customAuthUrl:
|
|
# customTokenUrl:
|
|
# customProfileUrl:
|
|
# customEmailUrl:
|
|
|
|
config: {}
|
|
# APP_NAME: "Gitea: Git with a cup of tea"
|
|
# RUN_MODE: dev
|
|
#
|
|
# server:
|
|
# SSH_PORT: 22
|
|
#
|
|
# security:
|
|
# PASSWORD_COMPLEXITY: spec
|
|
|
|
additionalConfigSources: []
|
|
# - secret:
|
|
# secretName: gitea-app-ini-oauth
|
|
# - configMap:
|
|
# name: gitea-app-ini-plaintext
|
|
|
|
podAnnotations: {}
|
|
|
|
# Modify the liveness probe for your needs or completely disable it by commenting out.
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: 200
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 10
|
|
|
|
# Modify the readiness probe for your needs or completely disable it by commenting out.
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
timeoutSeconds: 1
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
|
|
# # Uncomment the startup probe to enable and modify it for your needs.
|
|
# startupProbe:
|
|
# tcpSocket:
|
|
# port: http
|
|
# initialDelaySeconds: 60
|
|
# timeoutSeconds: 1
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 10
|
|
|
|
memcached:
|
|
enabled: true
|
|
service:
|
|
port: 11211
|
|
|
|
postgresql:
|
|
enabled: true
|
|
global:
|
|
postgresql:
|
|
postgresqlDatabase: gitea
|
|
postgresqlUsername: gitea
|
|
postgresqlPassword: gitea
|
|
servicePort: 5432
|
|
persistence:
|
|
size: 10Gi
|
|
|
|
mysql:
|
|
enabled: false
|
|
root:
|
|
password: gitea
|
|
db:
|
|
user: gitea
|
|
password: gitea
|
|
name: gitea
|
|
service:
|
|
port: 3306
|
|
persistence:
|
|
size: 10Gi
|
|
|
|
mariadb:
|
|
enabled: false
|
|
auth:
|
|
database: gitea
|
|
username: gitea
|
|
password: gitea
|
|
rootPassword: gitea
|
|
primary:
|
|
service:
|
|
port: 3306
|
|
persistence:
|
|
size: 10Gi
|
|
|
|
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
|
|
# Set it to false to skip this basic validation check.
|
|
checkDeprecation: true
|