177 lines
5.6 KiB
YAML
177 lines
5.6 KiB
YAML
strategy:
|
|
type: Recreate
|
|
|
|
|
|
## @section Service
|
|
service:
|
|
## @param service.http.type Kubernetes service type for web traffic
|
|
## @param service.http.port Port number for web traffic
|
|
## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
|
|
## @param service.http.loadBalancerIP LoadBalancer IP setting
|
|
## @param service.http.nodePort NodePort for http service
|
|
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
|
|
## @param service.http.externalIPs External IPs for service
|
|
## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
|
|
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
|
|
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
|
|
## @param service.http.annotations HTTP service annotations
|
|
http:
|
|
type: ClusterIP
|
|
port: 3000
|
|
clusterIP: None
|
|
nodePort:
|
|
externalTrafficPolicy:
|
|
externalIPs:
|
|
ipFamilyPolicy:
|
|
ipFamilies:
|
|
loadBalancerSourceRanges: []
|
|
annotations: {}
|
|
## @param service.ssh.type Kubernetes service type for ssh traffic
|
|
## @param service.ssh.port Port number for ssh traffic
|
|
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
|
|
## @param service.ssh.loadBalancerIP LoadBalancer IP setting
|
|
## @param service.ssh.nodePort NodePort for ssh service
|
|
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
|
|
## @param service.ssh.externalIPs External IPs for service
|
|
## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
|
|
## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
|
|
## @param service.ssh.hostPort HostPort for ssh service
|
|
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
|
|
## @param service.ssh.annotations SSH service annotations
|
|
ssh:
|
|
type: LoadBalancer
|
|
port: 2222
|
|
loadBalancerIP: 192.168.3.3
|
|
nodePort:
|
|
externalTrafficPolicy:
|
|
externalIPs:
|
|
ipFamilyPolicy:
|
|
ipFamilies:
|
|
hostPort:
|
|
loadBalancerSourceRanges: []
|
|
annotations: {}
|
|
|
|
## @section Ingress
|
|
ingress:
|
|
enabled: false
|
|
|
|
## @param resources Kubernetes resources
|
|
resources:
|
|
limits:
|
|
cpu: 1
|
|
memory: 5Gi
|
|
# high memory should be allowed to handle package uploads
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
|
|
## @section Persistence
|
|
persistence:
|
|
enabled: true
|
|
create: false
|
|
mount: true
|
|
claimName: gitea-data
|
|
|
|
|
|
|
|
# Configure commit/action signing prerequisites
|
|
## @section Signing
|
|
#
|
|
## @param signing.enabled Enable commit/action signing
|
|
## @param signing.gpgHome GPG home directory
|
|
## @param signing.privateKey Inline private gpg key for signed Gitea actions
|
|
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
|
|
signing:
|
|
enabled: false
|
|
|
|
|
|
## @section Gitea
|
|
#
|
|
gitea:
|
|
## @param gitea.admin.username Username for the Gitea admin user
|
|
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
|
|
## @param gitea.admin.password Password for the Gitea admin user
|
|
## @param gitea.admin.email Email for the Gitea admin user
|
|
admin:
|
|
username: gitea_admin
|
|
# this user needs to stay admin, and active. But we change its password to be unusable
|
|
password: changedalready
|
|
email: "gitea@delete.me"
|
|
|
|
metrics:
|
|
# service monitor is configured manually
|
|
enabled: true
|
|
|
|
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
|
|
config:
|
|
APP_NAME: "Remy's personal git hosting"
|
|
server:
|
|
DOMAIN: git.kluster.moll.re
|
|
ROOT_URL: https://git.kluster.moll.re
|
|
SSH_PORT: 2222
|
|
actions:
|
|
ENABLED: true
|
|
session:
|
|
PROVIDER: db
|
|
cache:
|
|
ADAPTER: memory
|
|
queue:
|
|
TYPE: level
|
|
indexer:
|
|
ISSUE_INDEXER_TYPE: bleve
|
|
REPO_INDEXER_ENABLED: false
|
|
service:
|
|
DISABLE_REGISTRATION: true
|
|
oauth2_client:
|
|
ENABLE_AUTO_REGISTRATION: true
|
|
|
|
oauth:
|
|
- name: authelia
|
|
provider: openidConnect
|
|
autoDiscoverUrl: https://auth.kluster.moll.re/.well-known/openid-configuration
|
|
scopes: openid email profile groups
|
|
existingSecret: gitea-oauth
|
|
required-claim-name: groups
|
|
required-claim-value: gitea
|
|
group-claim-name: groups
|
|
admin-group: apps_admin
|
|
|
|
|
|
|
|
# since we want to reuse the postgres secret, we cannot directly use it in
|
|
# additionalConfigSources:
|
|
# - secret:
|
|
# secretName: postgres-password
|
|
# but instead set the ENV variables
|
|
additionalConfigFromEnvs:
|
|
- name: GITEA__DATABASE__DB_TYPE
|
|
value: postgres
|
|
- name: GITEA__DATABASE__HOST
|
|
value: gitea-postgres-rw:5432
|
|
- name: GITEA__DATABASE__NAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-password
|
|
key: database
|
|
- name: GITEA__DATABASE__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-password
|
|
key: password
|
|
- name: GITEA__DATABASE__USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-password
|
|
key: username
|
|
|
|
|
|
postgresql:
|
|
enabled: false
|
|
postgresql-ha:
|
|
enabled: false
|
|
valkey:
|
|
enabled: false
|
|
valkey-cluster:
|
|
enabled: false
|