From 9aa6b67b3f091f66c23374aa7dee2baf01221e01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Sun, 7 Jun 2026 14:01:03 +0200
Subject: [PATCH] Increase gitea resources and add ha-proxy logging

---
 values/gitea/values/values.yaml                           | 4 +++-
 values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/values/gitea/values/values.yaml b/values/gitea/values/values.yaml
index 00f81216..f0c60f37 100644
--- a/values/gitea/values/values.yaml
+++ b/values/gitea/values/values.yaml
@@ -7,7 +7,7 @@ image:
 
 resources:
   requests:
-    cpu: 200m
+    cpu: 500m
     memory: 512Mi
 
 strategy:
@@ -82,6 +82,8 @@ gitea:
     database:
       DB_TYPE: postgres
       MAX_OPEN_CONNS: 90
+      MAX_IDLE_CONNS: 20
+      CONN_MAX_LIFETIME: 3h
     openid:
       ENABLE_OPENID_SIGNIN: false
       ENABLE_OPENID_SIGNUP: false
diff --git a/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl b/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
index 5dd04f37..106fc732 100644
--- a/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
+++ b/values/ingress-haproxy/values/ingress-haproxy.yaml.gotmpl
@@ -19,6 +19,10 @@ controller:
     ssl-redirect: "true"
     forwarded-for: "true"
 
+    # NOTE: Emit HAProxy access logs (real client IP + request line)
+    # to the controller's stdout so `kubectl logs` can see them.
+    syslog-server: "address:stdout, format: raw, facility: daemon"
+
     # Disable QUIC ar Hetzner LB doesn't support UDP
     quic-enabled: "false"