forgejo: admin: username: "{{ forgejo_admin_username }}" password: "{{ forgejo_admin_password }}" email: "{{ forgejo_admin_email }}" passwordMode: keepUpdated config: server: ROOT_URL: "{{ forgejo_root_url }}" DOMAIN: "{{ forgejo_domain }}" SSH_DOMAIN: "{{ forgejo_ssh_domain }}" PROTOCOL: http HTTP_PORT: 3000 SSH_PORT: 22 SSH_LISTEN_PORT: 2222 database: DB_TYPE: postgres HOST: "{% if forgejo_use_postgres_ha %}forgejo-postgresql-ha-pgpool{% else %}forgejo-postgresql{% endif %}.{{ forgejo_namespace }}.svc.cluster.local:5432" NAME: forgejo USER: forgejo PASSWD: "{{ forgejo_db_password }}" image: repository: codeberg.org/forgejo/forgejo tag: "2.0.0" pullPolicy: IfNotPresent rootless: true resources: requests: cpu: 200m memory: 256Mi limits: cpu: 1 memory: 1Gi # Top-level PostgreSQL configuration (standard) postgresql: enabled: {% if not forgejo_use_postgres_ha %}true{% else %}false{% endif %} global: postgresql: auth: password: "{{ forgejo_db_password }}" database: forgejo username: forgejo service: ports: postgresql: 5432 primary: persistence: enabled: true size: "{{ forgejo_postgresql_pv_size }}" storageClass: "{{ forgejo_storage_class_name }}" existingClaim: data-forgejo-postgresql podSecurityContext: enabled: true fsGroup: 1000880000 containerSecurityContext: enabled: true runAsUser: 1000880000 resources: requests: cpu: 200m memory: 256Mi limits: cpu: 1 memory: 1Gi # Configure PostgreSQL HA postgresql-ha: enabled: {% if forgejo_use_postgres_ha %}true{% else %}false{% endif %} global: postgresql: database: forgejo password: "{{ forgejo_db_password }}" username: forgejo postgresql: repmgrPassword: password1 postgresPassword: password2 password: "{{ forgejo_db_password }}" pgpool: adminPassword: password3 service: ports: postgresql: 5432 primary: persistence: size: "{{ forgejo_postgresql_ha_pv_size }}" # Configure Redis redis-cluster: enabled: false redis: enabled: true replica: replicaCount: 0 # Disable redis replicas for simplicity architecture: standalone auth: enabled: false master: persistence: enabled: true storageClass: "{{ forgejo_storage_class_name }}" size: "{{ forgejo_redis_pv_size }}" existingClaim: redis-data-forgejo-redis-master securityContext: enabled: true runAsUser: 1000880000 podSecurityContext: enabled: true fsGroup: 1000880000 volumePermissions: enabled: true securityContext: runAsUser: 1000880000 # Expose via OpenShift Route ingress: enabled: true annotations: route.openshift.io/termination: edge route.openshift.io/insecureEdgeTerminationPolicy: Redirect kubernetes.io/tls-acme: "true" hosts: - host: "{{ forgejo_domain }}" paths: - path: / pathType: Prefix # Top-level settings as required by the Forgejo Helm chart persistence: enabled: true size: "{{ forgejo_data_pv_size }}" storageClass: "{{ forgejo_storage_class_name }}" existingClaim: "gitea-shared-storage" serviceAccount: create: true name: "{{ forgejo_app_sa }}" annotations: openshift.io/scc: anyuid # Security contexts at the top level as required by the Helm chart podSecurityContext: fsGroup: 1000880000 containerSecurityContext: runAsUser: 1000880000 allowPrivilegeEscalation: false capabilities: drop: - ALL initContainers: securityContext: runAsUser: 1000880000 allowPrivilegeEscalation: false capabilities: drop: - ALL # For customizing init scripts initPreScript: | mkdir -p /data/forgejo/conf mkdir -p /data/forgejo/data chmod 755 /data/forgejo/conf chmod 755 /data/forgejo/data chown 1000880000:1000880000 /data/forgejo/conf chown 1000880000:1000880000 /data/forgejo/data