# Gitea Helm values configuration for Bakery-IA CI/CD # This configuration sets up Gitea with registry support and appropriate storage # # Prerequisites: # 1. Run setup-admin-secret.sh to create the gitea-admin-secret # 2. Apply the post-install job: kubectl apply -f gitea-init-job.yaml # # Installation: # helm repo add gitea https://dl.gitea.io/charts # helm install gitea gitea/gitea -n gitea -f infrastructure/cicd/gitea/values.yaml # # NOTE: The namespace is determined by the -n flag during helm install, not in this file. # Use regular Gitea image instead of rootless to ensure registry functionality # Rootless images don't support container registry due to security restrictions image: rootless: false service: http: type: ClusterIP port: 3000 ssh: type: ClusterIP port: 2222 # NOTE: Gitea's container registry is served on port 3000 (same as HTTP) under /v2/ # The registry.PORT in gitea config is NOT used for external access # Registry authentication and API is handled by the main HTTP service ingress: enabled: true className: nginx annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "2G" nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" hosts: - host: gitea.bakery-ia.local paths: - path: / pathType: Prefix tls: - secretName: bakery-dev-tls-cert hosts: - gitea.bakery-ia.local - registry.bakery-ia.local persistence: enabled: true size: 10Gi # Use standard storage class (works with Kind's default provisioner) # For microk8s: storageClass: "microk8s-hostpath" # For Kind: leave empty or use "standard" storageClass: "" # ============================================================================= # ADMIN USER CONFIGURATION # ============================================================================= # The admin user is automatically created on first install. # Credentials are read from the 'gitea-admin-secret' Kubernetes secret. # # Create the secret BEFORE installing Gitea: # ./setup-admin-secret.sh # # The secret must contain: # - username: admin username (default: bakery-admin) # - password: admin password # ============================================================================= gitea: admin: username: bakery-admin email: admin@bakery-ia.local # Use existing secret for admin credentials (created by setup-admin-secret.sh) existingSecret: gitea-admin-secret # keepUpdated ensures password changes in secret are applied passwordMode: keepUpdated config: server: DOMAIN: gitea.bakery-ia.local SSH_DOMAIN: gitea.bakery-ia.local SSH_PORT: 2222 # Use HTTPS for external access; TLS termination happens at ingress ROOT_URL: https://gitea.bakery-ia.local HTTP_PORT: 3000 # Disable built-in HTTPS since ingress handles TLS PROTOCOL: http repository: ENABLE_PUSH_CREATE_USER: true ENABLE_PUSH_CREATE_ORG: true DEFAULT_BRANCH: main packages: ENABLED: true webhook: ALLOWED_HOST_LIST: "*" # Allow internal cluster URLs for Tekton EventListener SKIP_TLS_VERIFY: true service: DISABLE_REGISTRATION: false REQUIRE_SIGNIN_VIEW: false # Use embedded SQLite for simpler local development # For production, enable postgresql postgresql: enabled: false # Use embedded in-memory cache for local dev redis-cluster: enabled: false # Resource configuration for local development resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 256Mi # Init containers timeout initContainers: resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 64Mi