davad/argo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore(forgejo): update chart

Browse source 
Chart version 12.5.3
App version 11.0.2
This commit is contained in:
David Landry 2025-07-07 13:21:20 -04:00
parent 9ead7d4516
commit 564ec57cc7
1 changed files with 199 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

212
bootstrap/forgejo/values.yaml
View file

@ -1,6 +1,24 @@
# Default values for gitea.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## @section Global
#
## @param global.imageRegistry global image registry override
## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
## @param global.storageClass global storage class override
## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
hostAliases: []
# - ip: 192.168.137.2
# hostnames:
# - example.com
## @param namespaceOverride String to fully override common.names.namespace
##
@ -28,14 +46,17 @@ clusterDomain: cluster.local
## @param image.tag Visit: [Image tag](https://code.forgejo.org/forgejo/-/packages/container/forgejo/versions). Defaults to `appVersion` within Chart.yaml.
## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param image.pullPolicy Image pull policy
## @param image.rootless Wether or not to pull the rootless version of Forgejo
## @param image.rootless Whether or not to pull the rootless version of Forgejo
## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
image:
registry: code.forgejo.org
repository: forgejo/forgejo
pullPolicy: IfNotPresent
pullPolicy: Always
rootless: true
## @param imagePullSecrets Secret to use for pulling the image
imagePullSecrets: []
## @section Security
# Security context is only usable with rootless image due to image design
## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
@ -61,6 +82,12 @@ containerSecurityContext: {}
# runAsNonRoot: true
# runAsUser: 1000
## @deprecated The securityContext variable has been split two:
## - containerSecurityContext
## - podSecurityContext.
## @param securityContext Run init and Forgejo containers as a specific securityContext
securityContext: {}
## @param podDisruptionBudget Pod disruption budget
podDisruptionBudget:
minAvailable: 1
@ -75,11 +102,12 @@ service:
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
## @param service.http.externalIPs External IPs for service
## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.http.ipFamilies HTTP service dual-stack family selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
## @param service.http.annotations HTTP service annotations
## @param service.http.labels HTTP service additional labels
## @param service.http.loadBalancerClass Loadbalancer class
## @param service.http.extraPorts Additional ports
http:
type: ClusterIP
port: 3000
@ -94,6 +122,7 @@ service:
annotations: {}
labels: {}
loadBalancerClass:
extraPorts: []
## @param service.ssh.type Kubernetes service type for ssh traffic
## @param service.ssh.port Port number for ssh traffic
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment
@ -102,7 +131,7 @@ service:
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
## @param service.ssh.externalIPs External IPs for service
## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.ssh.ipFamilies SSH service dual-stack family selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.ssh.hostPort HostPort for ssh service
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
## @param service.ssh.annotations SSH service annotations
@ -131,11 +160,12 @@ service:
## @param ingress.hosts[0].host Default Ingress host
## @param ingress.hosts[0].paths[0].path Default Ingress path
## @param ingress.hosts[0].paths[0].pathType Ingress path type
## @param ingress.hosts[0].paths[0].port Target port for Ingress
## @param ingress.tls Ingress tls settings
ingress:
# className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
cert-manager.io/cluster-issuer: letsencrypt-issuer-dns01
enabled: true
hosts:
- host: git.nc.landry.land
@ -146,12 +176,89 @@ ingress:
paths:
- path: /
pathType: Prefix
port: http
tls:
- hosts:
- git.nc.landry.land
- git.mgmt-k8s.nc.landry.land
secretName: forgejo-tls
# Enables Gateway API HTTPRoute as a replacement for traditional Ingress resources
## @section Gateway-API HTTPRoute
## @param httpRoute.enabled Enables Gateway API HTTPRoute as a replacement for traditional Ingress resources
## @param httpRoute.annotations Annotations to add to the HTTPRoute resource
## @param httpRoute.parentRefs List of parentRefs for the HTTPRoute, typically referencing the Gateway(name, namespace)
## @param httpRoute.hostnames Hostnames this HTTPRoute applies to
## @param httpRoute.matches.path.type Type of path match (e.g., PathPrefix or Exact or RegularExpression)
## @param httpRoute.matches.path.value Path value for matching incoming requests
## @param httpRoute.matches.timeouts Object containing timeouts.
## @param httpRoute.filters Filters to apply on HTTP requests, such as header rewrites or request redirects
httpRoute:
enabled: false
annotations: {}
parentRefs:
[]
# - name: contour #name of the gateway resource
# namespace: projectcontour #name space where gateway resource running
hostnames: []
# - my-filter.example.com
matches:
path:
type: PathPrefix
value: "/"
timeouts:
{}
# request: 10s #Maximum time the Gateway waits to complete the full client request and response cycle.
# backendRequest: 10s # Maximum time the Gateway waits for a response from the backend service.
filters: []
# - type: RequestHeaderModifier
# requestHeaderModifier:
# set:
# - name: X-Forwarded-Proto
# value: https
## @section Route
## @param route.enabled Enable route
## @param route.annotations Route annotations
## @param route.host Host to use for the route (will be assigned automatically by OKD / OpenShift is not defined)
## @param route.wildcardPolicy Wildcard policy if any for the route, currently only 'Subdomain' or 'None' is allowed.
## @param route.tls.termination termination type (see [OKD documentation](https://docs.okd.io/latest/rest_api/network_apis/route-route-openshift-io-v1.html#spec-tls))
## @param route.tls.insecureEdgeTerminationPolicy the desired behavior for insecure connections to a route (e.g. with http)
## @param route.tls.existingSecret the name of a predefined secret of type kubernetes.io/tls with both key (tls.crt and tls.key) set accordingly (if defined attributes 'certificate', 'caCertificate' and 'privateKey' are ignored)
## @param route.tls.certificate PEM encoded single certificate
## @param route.tls.privateKey PEM encoded private key
## @param route.tls.caCertificate PEM encoded CA certificate or chain that issued the certificate
## @param route.tls.destinationCACertificate PEM encoded CA certificate used to verify the authenticity of final end point when 'termination' is set to 'passthrough' (ignored otherwise)
route:
enabled: false
annotations: {}
host:
wildcardPolicy:
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
existingSecret:
certificate:
# certificate: |-
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
privateKey:
# privateKey: |-
# -----BEGIN PRIVATE KEY-----
# ...
# -----END PRIVATE KEY-----
caCertificate:
# caCertificate: |-
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
destinationCACertificate:
# destinationCACertificate: |-
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
## @section deployment
#
## @param resources Kubernetes resources
@ -163,6 +270,43 @@ resources:
cpu: 100m
memory: 128Mi
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
## @param schedulerName Use an alternate scheduler, e.g. "stork"
schedulerName: ""
## @param nodeSelector NodeSelector for the deployment
nodeSelector: {}
## @param tolerations Tolerations for the deployment
tolerations: []
## @param affinity Affinity for the deployment
affinity: {}
## @param topologySpreadConstraints TopologySpreadConstraints for the deployment
topologySpreadConstraints: []
## @param dnsConfig dnsConfig for the deployment
dnsConfig: {}
## @param priorityClassName priorityClassName for the deployment
priorityClassName: ""
## @param deployment.env Additional environment variables to pass to containers
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
## @param deployment.labels Labels for the deployment
## @param deployment.annotations Annotations for the Forgejo deployment to be created
deployment:
env:
[]
# - name: VARIABLE
# value: my-value
terminationGracePeriodSeconds: 60
labels: {}
annotations: {}
## @section ServiceAccount
## @param serviceAccount.create Enable the creation of a ServiceAccount
@ -206,6 +350,12 @@ persistence:
annotations:
helm.sh/resource-policy: keep
## @param extraContainers Additional sidecar containers to run in the pod
extraContainers: []
# - name: sidecar-bob
# image: busybox
# command: [/bin/sh, -c, 'echo "Hello world"; sleep 86400']
## @param extraVolumes Additional volumes to mount to the Forgejo deployment
extraVolumes: []
# - name: postgres-ssl-vol
@ -215,7 +365,28 @@ extraVolumes: []
## @param extraContainerVolumeMounts Mounts that are only mapped into the Forgejo runtime/main container, to e.g. override custom templates.
extraContainerVolumeMounts: []
## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
extraInitVolumeMounts: []
## @deprecated The extraVolumeMounts variable has been split two:
## - extraContainerVolumeMounts
## - extraInitVolumeMounts
## As an example, can be used to mount a client cert when connecting to an external Postgres server.
## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Forgejo main container
extraVolumeMounts: []
# - name: postgres-ssl-vol
# readOnly: true
# mountPath: "/pg-ssl"
## @section Init
## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
initPreScript: ""
#
# initPreScript: |
# mkdir -p /data/git/.postgresql
# cp /pg-ssl/* /data/git/.postgresql/
# chown -R git:git /data/git/.postgresql/
# chmod 400 /data/git/.postgresql/postgresql.key
## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers
## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers
@ -254,7 +425,7 @@ gitea:
## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated
admin:
username: davad
password: r8sdA8CPHD9!bt6d
password: r8sA8CPHD9!bt6d
email: "me@davad.me"
passwordMode: initialOnlyRequireReset
@ -304,13 +475,17 @@ gitea:
## @param gitea.additionalConfigSources Additional configuration from secret or configmap
additionalConfigSources: []
# - configMap:
# name: gitea-app-ini-plaintext
# - secret:
# secretName: gitea-app-ini-oauth
# - configMap:
# name: gitea-app-ini-plaintext
## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
additionalConfigFromEnvs: []
## @param gitea.podAnnotations Annotations for the Forgejo pod
podAnnotations: {}
## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Forgejo image.
ssh:
logLevel: "INFO"
@ -526,7 +701,7 @@ gitea:
enabled: false
tcpSocket:
port: http
initialDelaySeconds: 200
initialDelaySeconds: 60
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
@ -564,6 +739,9 @@ redis-cluster:
redis:
enabled: true
architecture: standalone
global:
redis:
password: changeme
master:
count: 1
@ -582,7 +760,7 @@ redis:
## @param postgresql-ha.postgresql.postgresPassword postgres Password
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume
## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
postgresql-ha:
enabled: false
global:
@ -599,9 +777,8 @@ postgresql-ha:
service:
ports:
postgresql: 5432
primary:
persistence:
size: 10Gi
persistence:
size: 10Gi
## @section PostgreSQL
## @descriptionStart
@ -617,6 +794,15 @@ postgresql-ha:
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
postgresql:
enabled: true
global:
postgresql:
auth:
password: gitea
database: gitea
username: gitea
service:
ports:
postgresql: 5432
primary:
persistence:
size: 10Gi