K3S-HOME/applications
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8028d13f33c96eb42295bac4e5b9f83aa14fa073
applications/gitea/helm-values/gitea.yaml
Mayne0213 8028d13f33 FIX(gitea): gitea password policy to prevent force 
Set passwordMode to initialOnlyDoNotUpdate to prevent Gitea from forcing
password changes on every pod restart. This resolves the issue where users
were continuously prompted to update their password, causing ArgoCD
authentication failures.
2025-12-19 18:56:56 +09:00

179 lines
3.5 KiB
YAML
Raw Blame History

# Gitea Helm Values
# Chart: https://gitea.com/gitea/helm-chart
# Self-hosted Git service
fullnameOverride: gitea
replicaCount: 1
image:
registry: docker.io
repository: gitea/gitea
tag: "1.25.2"
pullPolicy: IfNotPresent
rootless: false
# Gitea configuration
gitea:
admin:
# Admin credentials managed via environment variables
existingSecret: gitea-admin-secret
# Do not update password on every restart
passwordMode: initialOnlyNoReset
config:
server:
DOMAIN: gitea0213.kro.kr
ROOT_URL: https://gitea0213.kro.kr
SSH_DOMAIN: gitea0213.kro.kr
SSH_PORT: 2222
DISABLE_SSH: true
START_SSH_SERVER: false
SSH_LISTEN_PORT: 2222
database:
DB_TYPE: postgres
HOST: postgresql-primary.postgresql.svc.cluster.local:5432
NAME: gitea
USER: postgres
SCHEMA: public
SSL_MODE: disable
service:
DISABLE_REGISTRATION: false
REQUIRE_SIGNIN_VIEW: false
ENABLE_NOTIFY_MAIL: false
cache:
ENABLED: true
ADAPTER: memory
session:
PROVIDER: memory
git:
PATH: /usr/bin/git
actions:
ENABLED: true
DEFAULT_ACTIONS_URL: github
packages:
ENABLED: true
CHUNKED_UPLOAD_PATH: /data/packages/chunked-upload
container:
ENABLED: true
REGISTRY_HOST: gitea0213.kro.kr
# Health checks
livenessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
readinessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
# PostgreSQL dependency (using existing PostgreSQL instance)
postgresql:
enabled: false
# Use existing PostgreSQL
postgresql-ha:
enabled: false
# Valkey cluster (disabled, using memory for cache/session)
valkey-cluster:
enabled: false
# Redis (optional, for caching)
redis-cluster:
enabled: false
# Deployment strategy: Recreate to avoid leveldb lock conflicts
strategy:
type: Recreate
# Environment variables for database password
deployment:
env:
- name: GITEA__database__PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgres-password
key: password
# Persistence for Gitea data
persistence:
enabled: true
size: 10Gi
storageClass: local-path
accessModes:
- ReadWriteOnce
# Service configuration
service:
http:
type: ClusterIP
port: 3000
ssh:
type: LoadBalancer
port: 2222
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: gitea
# Ingress configuration
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts:
- host: gitea0213.kro.kr
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls
hosts:
- gitea0213.kro.kr
# Resource limits
resources:
requests:
cpu: 50m
memory: 256Mi
limits:
memory: 512Mi
# Security context
securityContext:
fsGroup: 1000
# Init containers for database setup
initPreScript: |
#!/bin/sh
echo "Waiting for PostgreSQL..."
until nc -z postgresql-primary.postgresql.svc.cluster.local 5432; do
echo "Waiting for PostgreSQL to be ready..."
sleep 2
done
echo "PostgreSQL is ready"
Reference in New Issue View Git Blame Copy Permalink