# Values for Forgejo Helm chart # Simplified for standard PostgreSQL deployment image: # Use fullOverride to explicitly set the complete image name with rootless tag fullOverride: "code.forgejo.org/forgejo/forgejo:{{ forgejo_image_tag }}-rootless" # Keep rootless setting to true to maintain security settings rootless: true pullPolicy: IfNotPresent gitea: admin: username: "{{ forgejo_admin_username }}" password: "{{ forgejo_admin_password }}" email: "{{ forgejo_admin_email }}" mustChangePassword: false config: server: ROOT_URL: "{{ forgejo_root_url }}" DOMAIN: "{{ forgejo_domain }}" SSH_DOMAIN: "{{ forgejo_ssh_domain }}" PROTOCOL: http HTTP_PORT: 3000 SSH_PORT: 22 SSH_LISTEN_PORT: 2222 database: DB_TYPE: postgres HOST: "forgejo-postgresql:5432" NAME: "{{ forgejo_db_name }}" USER: "{{ forgejo_db_username }}" PASSWD: "{{ forgejo_db_password }}" service: DISABLE_REGISTRATION: false security: PASSWORD_COMPLEXITY: lower,upper,digit,spec repository: DEFAULT_BRANCH: main resources: requests: cpu: 200m memory: 256Mi limits: cpu: 1 memory: 1Gi # Explicitly disable PostgreSQL HA postgresql-ha: enabled: false # Standard PostgreSQL configuration postgresql: enabled: true auth: enablePostgresUser: true postgresPassword: "{{ forgejo_db_password }}" username: "{{ forgejo_db_username }}" password: "{{ forgejo_db_password }}" database: "{{ forgejo_db_name }}" service: ports: postgresql: 5432 primary: persistence: enabled: true size: "{{ forgejo_postgresql_pv_size }}" storageClass: "{{ forgejo_storage_class_name }}" existingClaim: data-forgejo-postgresql nodeSelector: kubernetes.io/hostname: "{{ forgejo_node_hostname }}" podSecurityContext: enabled: true fsGroup: 1000880000 containerSecurityContext: enabled: true runAsUser: 1000880000 resources: requests: cpu: 200m memory: 256Mi limits: cpu: 1 memory: 1Gi # Configure PostgreSQL to not load repmgr extension configuration: |- shared_preload_libraries = 'pgaudit' max_connections = 100 # Make PostgreSQL listen on all interfaces listen_addresses = '*' # Remove any repmgr configuration # Explicitly disable PostgreSQL HA postgresql-ha: enabled: false # Simple Redis config redis: enabled: true architecture: standalone auth: enabled: false master: persistence: enabled: true storageClass: "{{ forgejo_storage_class_name }}" size: "{{ forgejo_redis_pv_size }}" existingClaim: redis-data-forgejo-redis-master # Disable Redis cluster redis-cluster: enabled: false # Persistence configuration persistence: enabled: true size: "{{ forgejo_data_pv_size }}" storageClass: "{{ forgejo_storage_class_name }}" existingClaim: "gitea-shared-storage" # Service account settings serviceAccount: create: true name: "{{ forgejo_app_sa }}" annotations: openshift.io/scc: anyuid # Security contexts securityContext: fsGroup: 1000880000 podSecurityContext: fsGroup: 1000880000 containerSecurityContext: runAsUser: 1000880000 allowPrivilegeEscalation: false capabilities: drop: - ALL # Ingress/Route settings ingress: enabled: true annotations: route.openshift.io/termination: edge route.openshift.io/insecureEdgeTerminationPolicy: Redirect hosts: - host: "{{ forgejo_domain }}" paths: - path: / pathType: Prefix # Init Container setup initContainers: securityContext: runAsUser: 1000880000 allowPrivilegeEscalation: false capabilities: drop: - ALL # Init script initPreScript: | mkdir -p /data/gitea/conf mkdir -p /data/gitea/data chmod 755 /data/gitea/conf chmod 755 /data/gitea/data chown 1000880000:1000880000 /data/gitea/conf chown 1000880000:1000880000 /data/gitea/data