106 lines
3.0 KiB
YAML
106 lines
3.0 KiB
YAML
# Gitea Helm values configuration for Bakery-IA CI/CD
|
|
# This configuration sets up Gitea with registry support and appropriate storage
|
|
#
|
|
# Installation:
|
|
# helm repo add gitea https://dl.gitea.io/charts
|
|
# kubectl create namespace gitea
|
|
# helm install gitea gitea/gitea -n gitea -f infrastructure/cicd/gitea/values.yaml
|
|
#
|
|
# NOTE: The namespace is determined by the -n flag during helm install, not in this file.
|
|
|
|
# Use regular Gitea image instead of rootless to ensure registry functionality
|
|
# Rootless images don't support container registry due to security restrictions
|
|
image:
|
|
rootless: false
|
|
|
|
service:
|
|
http:
|
|
type: ClusterIP
|
|
port: 3000
|
|
ssh:
|
|
type: ClusterIP
|
|
port: 2222
|
|
# NOTE: Gitea's container registry is served on port 3000 (same as HTTP) under /v2/
|
|
# The registry.PORT in gitea config is NOT used for external access
|
|
# Registry authentication and API is handled by the main HTTP service
|
|
|
|
ingress:
|
|
enabled: false # Disable Gitea's built-in ingress - use common ingress instead
|
|
|
|
persistence:
|
|
enabled: true
|
|
size: 10Gi
|
|
# Use standard storage class (works with Kind's default provisioner)
|
|
# For microk8s: storageClass: "microk8s-hostpath"
|
|
# For Kind: leave empty or use "standard"
|
|
storageClass: ""
|
|
|
|
gitea:
|
|
admin:
|
|
username: bakery-admin
|
|
# IMPORTANT: Override this with --set gitea.admin.password=<secure-password>
|
|
# or use existingSecret
|
|
password: ""
|
|
email: admin@bakery-ia.local
|
|
existingSecret: gitea-admin-secret
|
|
config:
|
|
server:
|
|
DOMAIN: gitea.bakery-ia.local
|
|
SSH_DOMAIN: gitea.bakery-ia.local
|
|
# Use HTTPS for external access; TLS termination happens at ingress
|
|
ROOT_URL: https://gitea.bakery-ia.local
|
|
HTTP_PORT: 3000
|
|
# Enable package registry
|
|
PACKAGES_ENABLED: true
|
|
# Disable built-in HTTPS since ingress handles TLS
|
|
PROTOCOL: http
|
|
repository:
|
|
ENABLE_PUSH_CREATE_USER: true
|
|
ENABLE_PUSH_CREATE_ORG: true
|
|
packages:
|
|
ENABLED: true
|
|
registry:
|
|
ENABLE: true
|
|
ROOT: /var/lib/gitea-registry
|
|
STORAGE_TYPE: local
|
|
# NOTE: PORT config here is internal - registry is accessed via HTTP port on /v2/ path
|
|
# Additional registry configuration for proper external access
|
|
docker:
|
|
ENABLE: true
|
|
REGISTRY_SSL_REDIRECT: false # SSL termination happens at ingress
|
|
webhook:
|
|
ALLOWED_HOST_LIST: "*"
|
|
# Allow internal cluster URLs for Tekton EventListener
|
|
SKIP_TLS_VERIFY: true
|
|
service:
|
|
DISABLE_REGISTRATION: false
|
|
REQUIRE_SIGNIN_VIEW: false
|
|
|
|
# Use embedded SQLite for simpler local development
|
|
# For production, enable postgresql
|
|
postgresql:
|
|
enabled: false
|
|
|
|
# Use embedded in-memory cache for local dev
|
|
redis-cluster:
|
|
enabled: false
|
|
|
|
# Resource configuration for local development
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
|
|
# Init containers timeout
|
|
initContainers:
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|