# Gitea Helm Chart Values # Host: git.forteapps.net # Chart: gitea v12.5.0 (app v1.25.4) # Repo: https://dl.gitea.com/charts # -- Admin account (password from sealed secret) gitea: admin: existingSecret: gitea-credentials email: admin@forteapps.net # -- Gitea app.ini configuration config: APP_NAME: "Forte Git" server: DOMAIN: git.forteapps.net ROOT_URL: https://git.forteapps.net SSH_DOMAIN: git.forteapps.net SSH_PORT: 2222 LFS_START_SERVER: true ENABLE_GITEA_PAGES: true ENABLE_BASIC_AUTH_CHALLENGE: true service: DISABLE_REGISTRATION: false DEFAULT_ALLOW_CREATE_ORGANIZATION: false REQUIRE_SIGNIN_VIEW: false ALLOW_ONLY_EXTERNAL_REGISTRATION: true ENABLE_BASIC_AUTHENTICATION: true ENABLE_PASSWORD_SIGNIN_FORM: false AUTO_WATCH_ON_CHANGES: false AUTO_WATCH_NEW_REPOS: false ENABLE_NOTIFY_MAIL: false ENABLE_TIMETRACKING: false openid: ENABLE_OPENID_SIGNIN: false ENABLE_OPENID_SIGNUP: false oauth2: ENABLED: true ENABLE_AUTO_REGISTRATION: true USERNAME: email session: PROVIDER: db cache: ADAPTER: memory database: DB_TYPE: postgres metrics: ENABLED: true repository: DEFAULT_BRANCH: main DEFAULT_PRIVATE: last actions: ENABLED: true packages: ENABLED: true indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true mailer: ENABLED: true PROTOCOL: smtp+starttls SMTP_ADDR: smtp.office365.com SMTP_PORT: 587 FROM: "noreply@fortedigital.com" admin: DEFAULT_EMAIL_NOTIFICATIONS: onmention # -- SMTP credentials injected from secret (USER and PASSWD) additionalConfigFromEnvs: - name: GITEA__mailer__USER valueFrom: secretKeyRef: name: gitea-smtp-secret key: username - name: GITEA__mailer__PASSWD valueFrom: secretKeyRef: name: gitea-smtp-secret key: password # -- OIDC authentication via Forte oauth: - name: "Forte" provider: "openidConnect" existingSecret: gitea-oidc-credentials key: gitea autoDiscoverUrl: "https://id.forteapps.net/realms/forte/.well-known/openid-configuration" scopes: "openid email profile organization" groupClaimName: "groups" adminGroup: "" restrictedGroup: "" # -- Prometheus metrics (scraped via annotations, no ServiceMonitor CRD needed) metrics: enabled: true serviceMonitor: enabled: false # -- Ingress via Traefik with Let's Encrypt TLS ingress: enabled: true className: traefik annotations: cert-manager.io/cluster-issuer: letsencrypt-prod hosts: - host: git.forteapps.net paths: - path: / pathType: Prefix tls: - secretName: gitea-tls hosts: - git.forteapps.net # -- Git repository storage persistence: enabled: true size: 10Gi accessModes: - ReadWriteOnce # -- Recreate strategy to avoid Multi-Attach errors with RWO volumes strategy: type: Recreate # -- Pod resources resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi # -- Embedded PostgreSQL (Bitnami subchart) # Password auto-generated by the subchart; Gitea chart auto-wires the connection. postgresql: enabled: true auth: username: gitea database: gitea primary: persistence: enabled: true size: 8Gi resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi # -- Disable PostgreSQL HA (using single-instance postgresql above) postgresql-ha: enabled: false # -- Disable Redis cluster (use in-memory cache instead) redis-cluster: enabled: false # -- Disable test pod test: enabled: false # -- SSH service (ClusterIP, exposed externally via Traefik TCP IngressRoute on port 2222) service: ssh: type: ClusterIP port: 22