# yaml-language-server: $schema=https://gitea.com/gitea/helm-gitea/src/branch/main/values.yaml replicaCount: 1 image: registry: "docker.gitea.com" repository: gitea tag: "1.26.2" resources: requests: cpu: 500m memory: 512Mi strategy: type: Recreate rollingUpdate: maxSurge: "100%" maxUnavailable: 0 gitea: metrics: enabled: true serviceMonitor: enabled: true config: APP_NAME: "Gitea: With a cup of tea." admin: existingSecret: gitea-admin-secret email: admin@oceanbox.io metrics: ENABLED: true ENABLED_ISSUE_BY_LABEL: true ENABLED_ISSUE_BY_REPOSITORY: true cache: ENABLED: true ADAPTER: redis HOST: redis://dragonfly-gitea.gitea.svc:6379/0 ITEM_TTL: "72h" # increased from default 16h session: COOKIE_SECURE: true PROVIDER: redis PROVIDER_CONFIG: redis://dragonfly-gitea.gitea.svc:6379/1 SESSION_LIFE_TIME: "432000" # 5 days queue: TYPE: redis CONN_STR: redis://dragonfly-gitea.gitea.svc:6379/2 storage: STORAGE_TYPE: minio MINIO_ENDPOINT: hel1.your-objectstorage.com MINIO_USE_SSL: true MINIO_LOCATION: hel1 MINIO_BUCKET: obx-gitea security: INSTALL_LOCK: true service: DISABLE_REGISTRATION: false SHOW_REGISTRATION_BUTTON: true ENABLE_NOTIFY_MAIL: true AUTO_WATCH_NEW_REPOS: false server: APP_DATA_PATH: "/data/gitea" DOMAIN: git.oceanbox.io ROOT_URL: https://git.oceanbox.io SSH_DOMAIN: git.obx SSH_PORT: 22 SSH_LISTEN_PORT: 22 SSH_SERVER_USE_PROXY_PROTOCOL: true PROXY_PROTOCOL: true LANDING_PAGE: "explore" ui: ONLY_SHOW_RELEVANT_REPOS: true oauth2_client: REGISTER_EMAIL_CONFIRM: false ENABLE_AUTO_REGISTRATION: true ACCOUNT_LINKING: "login" USERNAME: "nickname" mailer: ENABLED: true FROM: "gitea@oceanbox.io" PROTOCOL: "smtp" SMTP_ADDR: "postfix-mail.postfix.svc.cluster.local" SMTP_PORT: 587 database: DB_TYPE: postgres MAX_OPEN_CONNS: 90 MAX_IDLE_CONNS: 20 CONN_MAX_LIFETIME: 3h openid: ENABLE_OPENID_SIGNIN: false ENABLE_OPENID_SIGNUP: false oauth: - name: "Oceanbox" provider: "openidConnect" existingSecret: gitea-oauth-oceanbox autoDiscoverUrl: "https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/.well-known/openid-configuration" scopes: "openid profile email groups" additionalConfigFromEnvs: - name: GITEA__STORAGE__MINIO_ACCESS_KEY_ID valueFrom: secretKeyRef: name: gitea-s3 key: access_key - name: GITEA__STORAGE__MINIO_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: gitea-s3 key: secret_key - name: GITEA__DATABASE__PASSWD valueFrom: secretKeyRef: name: gitea-db-app key: password - name: GITEA__DATABASE__NAME valueFrom: secretKeyRef: name: gitea-db-app key: dbname - name: GITEA__DATABASE__USER valueFrom: secretKeyRef: name: gitea-db-app key: user - name: GITEA__DATABASE__HOST valueFrom: secretKeyRef: name: gitea-db-app key: host - name: GITEA__DATABASE__DB_TYPE value: postgres - name: GITEA__repository__DEFAULT_PRIVATE value: "true" - name: GITEA__repository__DEFAULT_PUSH_CREATE_PRIVATE value: "true" - name: GITEA__repository__ENABLE_PUSH_CREATE_USER value: "true" - name: GITEA__repository__ENABLE_PUSH_CREATE_ORG value: "true" ingress: enabled: true className: haproxy annotations: cert-manager.io/cluster-issuer: letsencrypt-production haproxy.org/backend-protocol: h1 haproxy.org/timeout-server: 600s haproxy.org/allow-list: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12,185.125.160.4/32,37.27.203.38/32 hosts: - host: git.oceanbox.io paths: - backend: service: name: gitea-http port: number: 3000 path: / pathType: ImplementationSpecific tls: - secretName: gitea-tls hosts: - git.oceanbox.io service: ssh: enabled: true type: NodePort nodePort: 30022 port: 22 externalTrafficPolicy: Local defaultPodOptions: securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true fsGroup: 1000 fsGroupChangePolicy: "Always" postgresql-ha: enabled: false valkey-cluster: enabled: false persistence: enabled: true size: 1Gi