-
Notifications
You must be signed in to change notification settings - Fork 0
/
helmrelease.yaml
141 lines (132 loc) · 3.56 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: gitea
namespace: gitea
spec:
chart:
spec:
chart: gitea
version: 10.4.1
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: gitea
name: gitea
interval: 1h
driftDetection:
mode: enabled
values:
strategy:
type: Recreate
deployment:
env:
- name: TZ
value: America/Chicago
- name: USER_UID
value: "1001"
- name: USER_GID
value: "1003"
labels:
policy.gabe565.com/egress-namespace: "true"
policy.gabe565.com/egress-world: "true"
policy.gabe565.com/ingress-ingress: "true"
policy.gabe565.com/ingress-prometheus: "true"
policy.gabe565.com/ingress-world: "true"
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/from-to-www-redirect: "false"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hosts:
- host: ${app_url}
paths:
- path: /
pathType: Prefix
tls:
- secretName: ${certificate_name}
hosts:
- ${app_url}
postgresql:
enabled: false
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
persistence:
storageClass: longhorn-ssd
gitea:
admin:
password: ${gitea_admin_password}
metrics:
enabled: true
serviceMonitor:
enabled: true
config:
server:
DOMAIN: ${app_url}
ROOT_URL: https://${app_url}
LFS_JWT_SECRET: ${lfs_jwt_secret}
DISABLE_SSH: "true"
database:
DB_TYPE: postgres
HOST: postgresql-rw:5432
NAME: gitea
USER: gitea
cache:
ENABLED: "true"
ADAPTER: redis
mailer:
ENABLED: "true"
PROTOCOL: smtp
SMTP_ADDR: ${smtp_address}
USER: ${smtp_username}
PASSWD: ${smtp_password}
FROM: ${smtp_username}
oauth2_client:
OPENID_CONNECT_SCOPES: email profile
ENABLE_AUTO_REGISTRATION: "true"
JWT_SECRET: ${oauth2_jwt_secret}
ui:
SHOW_USER_EMAIL: "false"
security:
MIN_PASSWORD_LENGTH: "8"
PASSWORD_COMPLEXITY: lower,upper,digit,spec
PASSWORD_CHECK_PWN: "true"
SECRET_KEY: ${secret_key}
INTERNAL_TOKEN: ${internal_token}
session:
PROVIDER: redis
COOKIE_SECURE: "true"
cron:
ENABLED: "true"
service:
DISABLE_REGISTRATION: "true"
indexer:
REPO_INDEXER_ENABLED: "true"
other:
SHOW_FOOTER_VERSION: "false"
SHOW_FOOTER_TEMPLATE_LOAD_TIME: "false"
queue:
TYPE: redis
additionalConfigFromEnvs:
- name: GITEA__DATABASE__PASSWD
valueFrom:
secretKeyRef:
name: postgresql-app
key: password
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis
key: redis-password
- name: REDIS_CONN_STR
value: redis://:$(REDIS_PASSWORD)@redis-master:6379/0?pool_size=100&idle_timeout=180s
- name: GITEA__CACHE__HOST
value: $(REDIS_CONN_STR)
- name: GITEA__QUEUE__CONN_STR
value: $(REDIS_CONN_STR)
- name: GITEA__SESSION__PROVIDER_CONFIG
value: $(REDIS_CONN_STR)
containerSecurityContext:
readOnlyRootFilesystem: true