156 lines
4.4 KiB
YAML
156 lines
4.4 KiB
YAML
# Gitea Helm values configuration for Bakery-IA CI/CD
|
|
# This configuration sets up Gitea with registry support and appropriate storage
|
|
#
|
|
# Installation:
|
|
# helm repo add gitea https://dl.gitea.io/charts
|
|
# kubectl create namespace gitea
|
|
# helm install gitea gitea/gitea -n gitea -f infrastructure/cicd/gitea/values.yaml
|
|
#
|
|
# NOTE: The namespace is determined by the -n flag during helm install, not in this file.
|
|
|
|
# Use regular Gitea image instead of rootless to ensure registry functionality
|
|
# Rootless images don't support container registry due to security restrictions
|
|
image:
|
|
rootless: false
|
|
|
|
service:
|
|
http:
|
|
type: ClusterIP
|
|
port: 3000
|
|
ssh:
|
|
type: ClusterIP
|
|
port: 2222
|
|
# NOTE: Gitea's container registry is served on port 3000 (same as HTTP) under /v2/
|
|
# The registry.PORT in gitea config is NOT used for external access
|
|
# Registry authentication and API is handled by the main HTTP service
|
|
|
|
ingress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "500m"
|
|
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
|
hosts:
|
|
- host: gitea.bakery-ia.local
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: bakery-dev-tls-cert
|
|
hosts:
|
|
- gitea.bakery-ia.local
|
|
- registry.bakery-ia.local
|
|
# Additional ingress for container registry (same backend, different hostname)
|
|
apiIngress:
|
|
enabled: true
|
|
className: nginx
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "500m"
|
|
hosts:
|
|
- host: registry.bakery-ia.local
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- secretName: bakery-dev-tls-cert
|
|
hosts:
|
|
- registry.bakery-ia.local
|
|
|
|
persistence:
|
|
enabled: true
|
|
size: 10Gi
|
|
# Use standard storage class (works with Kind's default provisioner)
|
|
# For microk8s: storageClass: "microk8s-hostpath"
|
|
# For Kind: leave empty or use "standard"
|
|
storageClass: ""
|
|
|
|
gitea:
|
|
admin:
|
|
username: bakery-admin
|
|
# IMPORTANT: Override this with --set gitea.admin.password=<secure-password>
|
|
# or use existingSecret
|
|
password: ""
|
|
email: admin@bakery-ia.local
|
|
existingSecret: gitea-admin-secret
|
|
config:
|
|
server:
|
|
DOMAIN: gitea.bakery-ia.local
|
|
SSH_DOMAIN: gitea.bakery-ia.local
|
|
# Use HTTPS for external access; TLS termination happens at ingress
|
|
ROOT_URL: https://gitea.bakery-ia.local
|
|
HTTP_PORT: 3000
|
|
# Enable package registry
|
|
PACKAGES_ENABLED: true
|
|
# Disable built-in HTTPS since ingress handles TLS
|
|
PROTOCOL: http
|
|
repository:
|
|
ENABLE_PUSH_CREATE_USER: true
|
|
ENABLE_PUSH_CREATE_ORG: true
|
|
packages:
|
|
ENABLED: true
|
|
registry:
|
|
ENABLE: true
|
|
ROOT: /var/lib/gitea-registry
|
|
STORAGE_TYPE: local
|
|
# NOTE: PORT config here is internal - registry is accessed via HTTP port on /v2/ path
|
|
# Additional registry configuration for proper external access
|
|
docker:
|
|
ENABLE: true
|
|
REGISTRY_SSL_REDIRECT: false # SSL termination happens at ingress
|
|
webhook:
|
|
ALLOWED_HOST_LIST: "*"
|
|
# Allow internal cluster URLs for Tekton EventListener
|
|
SKIP_TLS_VERIFY: true
|
|
service:
|
|
DISABLE_REGISTRATION: false
|
|
REQUIRE_SIGNIN_VIEW: false
|
|
|
|
# Initial repositories to create automatically after Gitea installation
|
|
# These will be created with the admin user as owner
|
|
initialRepositories:
|
|
- name: bakery-ia
|
|
description: "Main repository for Bakery IA project - Automatically created by Helm"
|
|
private: false
|
|
auto_init: true
|
|
default_branch: main
|
|
owner: "{{ .Values.gitea.admin.username }}"
|
|
# Enable issues, wiki, and other features
|
|
enable_issues: true
|
|
enable_wiki: true
|
|
enable_pull_requests: true
|
|
enable_projects: true
|
|
|
|
# Use embedded SQLite for simpler local development
|
|
# For production, enable postgresql
|
|
postgresql:
|
|
enabled: false
|
|
|
|
# Use embedded in-memory cache for local dev
|
|
redis-cluster:
|
|
enabled: false
|
|
|
|
# Resource configuration for local development
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
# Init containers timeout
|
|
initContainers:
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
|
|
|