forgejo: admin: username: "{{ forgejo_admin_username }}" password: "{{ forgejo_admin_password }}" email: "{{ forgejo_admin_email }}" passwordMode: keepUpdated config: server: ROOT_URL: "{{ forgejo_root_url }}" DOMAIN: "{{ forgejo_domain }}" SSH_DOMAIN: "{{ forgejo_ssh_domain }}" PROTOCOL: http HTTP_PORT: 3000 SSH_PORT: 22 SSH_LISTEN_PORT: 2222 database: DB_TYPE: postgres HOST: "forgejo-postgresql-ha-pgpool.{{ forgejo_namespace }}.svc.cluster.local:5432" NAME: forgejo USER: forgejo PASSWD: "{{ forgejo_db_password }}" image: repository: codeberg.org/forgejo/forgejo tag: "2.0.0" pullPolicy: IfNotPresent rootless: true resources: requests: cpu: 200m memory: 256Mi limits: cpu: 1 memory: 1Gi # Disable built-in PostgreSQL in favor of PostgreSQL HA postgresql: enabled: false # Configure PostgreSQL HA postgresql-ha: enabled: true persistence: enabled: true storageClass: "{{ forgejo_storage_class_name }}" size: "{{ forgejo_postgresql_ha_pv_size }}" postgresql: replicaCount: 3 # Set to match the number of PVs username: forgejo password: "{{ forgejo_db_password }}" database: forgejo podSecurityContext: enabled: true fsGroup: 1000880000 runAsUser: 1000880000 containerSecurityContext: enabled: true runAsUser: 1000880000 persistence: enabled: true mountPath: /bitnami/postgresql size: "{{ forgejo_postgresql_ha_pv_size }}" storageClass: "{{ forgejo_storage_class_name }}" resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi statefulset: replicas: 3 # Match with replicaCount pgpool: securityContext: enabled: true runAsUser: 1000880000 podSecurityContext: enabled: true fsGroup: 1000880000 replicaCount: 1 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi livenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 volumePermissions: enabled: true securityContext: runAsUser: 1000880000 # Configure Redis redis-cluster: enabled: false redis: enabled: true replica: replicaCount: 0 # Disable redis replicas for simplicity architecture: standalone auth: enabled: false master: persistence: enabled: true storageClass: "{{ forgejo_storage_class_name }}" size: "{{ forgejo_redis_pv_size }}" existingClaim: redis-data-forgejo-redis-master securityContext: enabled: true runAsUser: 1000880000 podSecurityContext: enabled: true fsGroup: 1000880000 volumePermissions: enabled: true securityContext: runAsUser: 1000880000 # Expose via OpenShift Route ingress: enabled: true annotations: route.openshift.io/termination: edge route.openshift.io/insecureEdgeTerminationPolicy: Redirect kubernetes.io/tls-acme: "true" hosts: - host: "{{ forgejo_domain }}" paths: - path: / pathType: Prefix # Top-level settings as required by the Forgejo Helm chart persistence: enabled: true size: "{{ forgejo_data_pv_size }}" storageClass: "{{ forgejo_storage_class_name }}" existingClaim: "forgejo-shared-storage" serviceAccount: create: true name: "{{ forgejo_app_sa }}" annotations: openshift.io/scc: anyuid # Security contexts at the top level as required by the Helm chart podSecurityContext: fsGroup: 1000880000 containerSecurityContext: runAsUser: 1000880000 allowPrivilegeEscalation: false capabilities: drop: - ALL initContainers: securityContext: runAsUser: 1000880000 allowPrivilegeEscalation: false capabilities: drop: - ALL # For customizing init scripts initPreScript: | mkdir -p /data/forgejo/conf mkdir -p /data/forgejo/data chmod 755 /data/forgejo/conf chmod 755 /data/forgejo/data chown 1000880000:1000880000 /data/forgejo/conf chown 1000880000:1000880000 /data/forgejo/data