manifests/values/gitea/values/values.yaml

# yaml-language-server: $schema=https://gitea.com/gitea/helm-gitea/src/branch/main/values.yaml
replicaCount: 1
image:
  registry: "docker.gitea.com"
  repository: gitea
  tag: "1.25.4"

resources:
  requests:
    cpu: 200m
    memory: 512Mi

strategy:
  type: Recreate
  rollingUpdate:
    maxSurge: "100%"
    maxUnavailable: 0

gitea:
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
  config:
    APP_NAME: "Gitea: With a cup of tea."
    admin:
      existingSecret: gitea-admin-secret
      email: admin@oceanbox.io
    cache:
      ENABLED: true
      ADAPTER: redis
      HOST: redis://dragonfly-gitea.gitea.svc:6379/0
      ITEM_TTL: "72h" # increased from default 16h
    session:
      COOKIE_SECURE: true
      PROVIDER: redis
      PROVIDER_CONFIG: redis://dragonfly-gitea.gitea.svc:6379/1
    queue:
      TYPE: redis
      CONN_STR: redis://dragonfly-gitea.gitea.svc:6379/2
    storage:
      STORAGE_TYPE: minio
      MINIO_ENDPOINT: hel1.your-objectstorage.com
      MINIO_USE_SSL: true
      MINIO_LOCATION: hel1
      MINIO_BUCKET: obx-gitea
    security:
      INSTALL_LOCK: true
    service:
      DISABLE_REGISTRATION: false
    server:
      APP_DATA_PATH: "/data/gitea"
      DOMAIN: git.svc.hel1.obx
      ROOT_URL: https://git.svc.hel1.obx
      SSH_DOMAIN: git.obx
      SSH_PORT: 22
      SSH_LISTEN_PORT: 22
      SSH_SERVER_USE_PROXY_PROTOCOL: true
      PROXY_PROTOCOL: true
      LANDING_PAGE: "explore"
    oauth2_client:
      REGISTER_EMAIL_CONFIRM: false;
      ENABLE_AUTO_REGISTRATION: true
      UPDATE_AVATAR: true
      ACCOUNT_LINKING: auto
    # NOTE: THIS IS IMPOSSIBLE
    # mailer:
      # ENABLED: true
      # FROM: "noreply@oceanbox.io"
      # PROTOCOL: "smtp+startls"
      # SMTP_ADDR: "smtp.office365.com"
      # SMTP_PORT: 587
      # USER: "noreply@oceanbox.io"
      # PASSWD:
    database:
      DB_TYPE: postgres
      MAX_OPEN_CONNS: 90
    openid:
      ENABLE_OPENID_SIGNIN: false
      ENABLE_OPENID_SIGNUP: false
  oauth:
    - name: "Oceanbox"
      provider: "openidConnect"
      existingSecret: gitea-oauth-oceanbox
      autoDiscoverUrl: "https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/.well-known/openid-configuration"
      scopes: "openid profile email groups"
      groupClaimName: "groups"
      adminGroup: "/oceanbox/devel"
      restrictedGroup: ""
  additionalConfigFromEnvs:
    - name: GITEA__STORAGE__MINIO_ACCESS_KEY_ID
      valueFrom:
        secretKeyRef:
          name: gitea-s3
          key: access_key
    - name: GITEA__STORAGE__MINIO_SECRET_ACCESS_KEY
      valueFrom:
        secretKeyRef:
          name: gitea-s3
          key: secret_key
    - name: GITEA__DATABASE__PASSWD
      valueFrom:
        secretKeyRef:
          name: gitea-db-app
          key: password
    - name: GITEA__DATABASE__NAME
      valueFrom:
        secretKeyRef:
          name: gitea-db-app
          key: dbname
    - name: GITEA__DATABASE__USER
      valueFrom:
        secretKeyRef:
          name: gitea-db-app
          key: user
    - name: GITEA__DATABASE__HOST
      valueFrom:
        secretKeyRef:
          name: gitea-db-app
          key: host
    - name: GITEA__DATABASE__DB_TYPE
      value: postgres
    - name: GITEA__repository__DEFAULT_PRIVATE
      value: "true"
    - name: GITEA__repository__DEFAULT_PUSH_CREATE_PRIVATE
      value: "true"
    - name: GITEA__repository__ENABLE_PUSH_CREATE_USER
      value: "true"
    - name: GITEA__repository__ENABLE_PUSH_CREATE_ORG
      value: "true"

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: ca-issuer
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12
  hosts:
    - host: git.svc.hel1.obx
      paths:
        - backend:
            service:
              name: gitea-http
              port:
                number: 3000
          path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: gitea-tls
      hosts:
        - git.svc.hel1.obx

service:
  ssh:
    enabled: true
    type: NodePort
    nodePort: 30022
    port: 22
    annotations:
      load-balancer.hetzner.cloud/location: hel1
      load-balancer.hetzner.cloud/name: load-balancer-2
      load-balancer.hetzner.cloud/disable-public-network: "true"
      load-balancer.hetzner.cloud/use-private-ip: "true"
      load-balancer.hetzner.cloud/uses-proxyprotocol: "true"

defaultPodOptions:
  securityContext:
    runAsUser: 1000
    runAsGroup: 1000
    runAsNonRoot: true
    fsGroup: 1000
    fsGroupChangePolicy: "Always"

postgresql-ha:
  enabled: false
valkey-cluster:
  enabled: false

persistence:
  enabled: true
  size: 1Gi