gitea
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for gitea.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
## @section Global
5
#
6
## @param global.imageRegistry global image registry override
7
## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
8
## @param global.storageClass global storage class override
9
## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
10
global:
11
imageRegistry: ""
12
## E.g.
13
## imagePullSecrets:
14
## - myRegistryKeySecretName
15
##
16
imagePullSecrets: []
17
storageClass: ""
18
hostAliases: []
19
# - ip: 192.168.137.2
20
# hostnames:
21
# - example.com
22
## @param namespace An explicit namespace to deploy gitea into. Defaults to the release namespace if not specified
23
namespace: ""
24
## @param replicaCount number of replicas for the deployment
25
replicaCount: 1
26
## @section strategy
27
## @param strategy.type strategy type
28
## @param strategy.rollingUpdate.maxSurge maxSurge
29
## @param strategy.rollingUpdate.maxUnavailable maxUnavailable
30
strategy:
31
type: "RollingUpdate"
32
rollingUpdate:
33
maxSurge: "100%"
34
maxUnavailable: 0
35
## @param clusterDomain cluster domain
36
clusterDomain: cluster.local
37
## @section Image
38
## @param image.registry image registry, e.g. gcr.io,docker.io
39
## @param image.repository Image to start for this pod
40
## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
41
## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
42
## @param image.pullPolicy Image pull policy
43
## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
44
## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
45
image:
46
registry: cgr.dev
47
repository: chainguard-private/gitea
48
# Overrides the image tag whose default is the chart appVersion.
49
tag: latest
50
digest: sha256:f0f1a61e939a02bb030911bdf7e78a013dfedbd34586bf628fcd1f1260c6e425
51
pullPolicy: IfNotPresent
52
rootless: true
53
fullOverride: ""
54
## @param imagePullSecrets Secret to use for pulling the image
55
imagePullSecrets: []
56
## @section Security
57
# Security context is only usable with rootless image due to image design
58
## @param openshift.enabled Enable OpenShift compatibility defaults for chart-managed pods. Defaults to auto-detect based on the SecurityContextConstraints API.
59
## @param openshift.hostUsers Override the PodSpec hostUsers field for chart-managed pods. When unset, the field is omitted so the platform default is used.
60
openshift:
61
enabled: null
62
hostUsers: null
63
## @param podSecurityContext Pod security context. On non-OpenShift clusters the chart defaults `fsGroup` to `1000` when this map is empty.
64
podSecurityContext: {}
65
## @param containerSecurityContext Security context
66
containerSecurityContext: {}
67
# allowPrivilegeEscalation: false
68
# capabilities:
69
# drop:
70
# - ALL
71
# # Add the SYS_CHROOT capability for root and rootless images if you intend to
72
# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
73
# # get an error message from the SSH server that it is not possible to read from
74
# # the repository.
75
# # https://gitea.com/gitea/helm-gitea/issues/161
76
# add:
77
# - SYS_CHROOT
78
# privileged: false
79
# readOnlyRootFilesystem: true
80
# runAsGroup: 1000
81
# runAsNonRoot: true
82
# runAsUser: 1000
83
84
## @deprecated The securityContext variable has been split two:
85
## - containerSecurityContext
86
## - podSecurityContext.
87
## @param securityContext Run init and Gitea containers as a specific securityContext
88
securityContext: {}
89
## @param podDisruptionBudget Pod disruption budget
90
podDisruptionBudget: {}
91
# maxUnavailable: 1
92
# minAvailable: 1
93
94
## @section Service
95
service:
96
## @param service.http.type Kubernetes service type for web traffic
97
## @param service.http.port Port number for web traffic
98
## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None
99
## @param service.http.loadBalancerIP LoadBalancer IP setting
100
## @param service.http.nodePort NodePort for http service
101
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
102
## @param service.http.externalIPs External IPs for service
103
## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
104
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
105
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
106
## @param service.http.annotations HTTP service annotations
107
## @param service.http.labels HTTP service additional labels
108
## @param service.http.loadBalancerClass Loadbalancer class
109
http:
110
type: ClusterIP
111
port: 3000
112
clusterIP: None
113
loadBalancerIP:
114
nodePort:
115
externalTrafficPolicy:
116
externalIPs:
117
ipFamilyPolicy:
118
ipFamilies:
119
loadBalancerSourceRanges: []
120
annotations: {}
121
labels: {}
122
loadBalancerClass:
123
## @param service.ssh.type Kubernetes service type for ssh traffic
124
## @param service.ssh.port Port number for ssh traffic
125
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
126
## @param service.ssh.loadBalancerIP LoadBalancer IP setting
127
## @param service.ssh.nodePort NodePort for ssh service
128
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
129
## @param service.ssh.externalIPs External IPs for service
130
## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
131
## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
132
## @param service.ssh.hostPort HostPort for ssh service
133
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
134
## @param service.ssh.annotations SSH service annotations
135
## @param service.ssh.labels SSH service additional labels
136
## @param service.ssh.loadBalancerClass Loadbalancer class
137
ssh:
138
type: ClusterIP
139
port: 22
140
clusterIP: None
141
loadBalancerIP:
142
nodePort:
143
externalTrafficPolicy:
144
externalIPs:
145
ipFamilyPolicy:
146
ipFamilies:
147
hostPort:
148
loadBalancerSourceRanges: []
149
annotations: {}
150
labels: {}
151
loadBalancerClass:
152
## @section Ingress
153
## @param ingress.enabled Enable ingress
154
## @param ingress.className DEPRECATED: Ingress class name.
155
## @param ingress.pathType Ingress Path Type
156
## @param ingress.annotations Ingress annotations
157
## @param ingress.hosts[0].host Default Ingress host
158
## @param ingress.hosts[0].paths[0].path Default Ingress path
159
## @param ingress.tls Ingress tls settings
160
ingress:
161
enabled: false
162
className: ""
163
pathType: Prefix
164
annotations: {}
165
hosts:
166
- host: git.example.com
167
paths:
168
- path: /
169
tls: []
170
# - secretName: chart-example-tls
171
# hosts:
172
# - git.example.com
173
## @section Route
174
## @param route.enabled Enable OpenShift Route
175
## @param route.annotations Route annotations
176
## @param route.host Route host. When unset, OpenShift may generate one and Gitea URL defaults fall back to ingress/service values.
177
## @param route.path Route path
178
## @param route.wildcardPolicy Route wildcard policy
179
## @param route.tls.termination Route TLS termination type
180
## @param route.tls.insecureEdgeTerminationPolicy Route insecure edge termination policy
181
## @param route.tls.key Route TLS key
182
## @param route.tls.certificate Route TLS certificate
183
## @param route.tls.caCertificate Route TLS CA certificate
184
## @param route.tls.destinationCACertificate Route destination CA certificate
185
route:
186
enabled: false
187
annotations: {}
188
host: ""
189
path: ""
190
wildcardPolicy: None
191
tls:
192
termination:
193
insecureEdgeTerminationPolicy:
194
key:
195
certificate:
196
caCertificate:
197
destinationCACertificate:
198
## @section deployment
199
#
200
## @param resources Kubernetes resources
201
resources: {}
202
# We usually recommend not to specify default resources and to leave this as a conscious
203
# choice for the user. This also increases chances charts run on environments with little
204
# resources, such as Minikube. If you do want to specify resources, uncomment the following
205
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
206
# limits:
207
# cpu: 100m
208
# memory: 128Mi
209
# requests:
210
# cpu: 100m
211
# memory: 128Mi
212
213
## Use an alternate scheduler, e.g. "stork".
214
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
215
##
216
## @param schedulerName Use an alternate scheduler, e.g. "stork"
217
schedulerName: ""
218
## @param nodeSelector NodeSelector for the deployment
219
nodeSelector: {}
220
## @param tolerations Tolerations for the deployment
221
tolerations: []
222
## @param affinity Affinity for the deployment
223
affinity: {}
224
## @param topologySpreadConstraints TopologySpreadConstraints for the deployment
225
topologySpreadConstraints: []
226
## @param dnsConfig dnsConfig for the deployment
227
dnsConfig: {}
228
## @param priorityClassName priorityClassName for the deployment
229
priorityClassName: ""
230
## @param deployment.env Additional environment variables to pass to containers
231
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
232
## @param deployment.labels Labels for the deployment
233
## @param deployment.annotations Annotations for the Gitea deployment to be created
234
deployment:
235
env: []
236
# - name: VARIABLE
237
# value: my-value
238
terminationGracePeriodSeconds: 60
239
labels: {}
240
annotations: {}
241
## @section ServiceAccount
242
243
## @param serviceAccount.create Enable the creation of a ServiceAccount
244
## @param serviceAccount.name Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used.
245
## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
246
## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount
247
## @param serviceAccount.annotations Custom annotations for the ServiceAccount
248
## @param serviceAccount.labels Custom labels for the ServiceAccount
249
serviceAccount:
250
create: false
251
name: ""
252
automountServiceAccountToken: false
253
imagePullSecrets: []
254
# - name: private-registry-access
255
annotations: {}
256
labels: {}
257
## @section Persistence
258
#
259
## @param persistence.enabled Enable persistent storage
260
## @param persistence.create Whether to create the persistentVolumeClaim for shared storage
261
## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created)
262
## @param persistence.claimName Use an existing claim to store repository information
263
## @param persistence.size Size for persistence to store repo information
264
## @param persistence.accessModes AccessMode for persistence
265
## @param persistence.labels Labels for the persistence volume claim to be created
266
## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim
267
## @param persistence.storageClass Name of the storage class to use
268
## @param persistence.subPath Subdirectory of the volume to mount at
269
## @param persistence.volumeName Name of persistent volume in PVC
270
persistence:
271
enabled: true
272
create: true
273
mount: true
274
claimName: gitea-shared-storage
275
size: 10Gi
276
accessModes:
277
- ReadWriteOnce
278
labels: {}
279
storageClass:
280
subPath:
281
volumeName: ""
282
annotations:
283
helm.sh/resource-policy: keep
284
## @param extraContainers Additional sidecar containers to run in the pod
285
extraContainers: []
286
# - name: sidecar-bob
287
# image: busybox
288
# command: [/bin/sh, -c, 'echo "Hello world"']
289
290
## @param preExtraInitContainers Additional init containers to run in the pod before gitea runs it owns init containers.
291
preExtraInitContainers: []
292
# - name: pre-init-container
293
# image: docker.io/library/busybox
294
# command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]
295
296
## @param postExtraInitContainers Additional init containers to run in the pod after gitea runs it owns init containers.
297
postExtraInitContainers: []
298
# - name: post-init-container
299
# image: docker.io/library/busybox
300
# command: [ /bin/sh, -c, 'echo "Hello world! I am a post init container."' ]
301
302
## @param extraVolumes Additional volumes to mount to the Gitea deployment
303
extraVolumes: []
304
# - name: postgres-ssl-vol
305
# secret:
306
# secretName: gitea-postgres-ssl
307
308
## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
309
extraContainerVolumeMounts: []
310
## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
311
extraInitVolumeMounts: []
312
## @deprecated The extraVolumeMounts variable has been split two:
313
## - extraContainerVolumeMounts
314
## - extraInitVolumeMounts
315
## As an example, can be used to mount a client cert when connecting to an external Postgres server.
316
## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
317
extraVolumeMounts: []
318
# - name: postgres-ssl-vol
319
# readOnly: true
320
# mountPath: "/pg-ssl"
321
322
## @section Init
323
## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
324
initPreScript: ""
325
## @param initContainersScriptsVolumeMountPath Path to mount the scripts consumed from the Secrets
326
initContainersScriptsVolumeMountPath: "/usr/sbinx"
327
#
328
# initPreScript: |
329
# mkdir -p /data/git/.postgresql
330
# cp /pg-ssl/* /data/git/.postgresql/
331
# chown -R git:git /data/git/.postgresql/
332
# chmod 400 /data/git/.postgresql/postgresql.key
333
334
## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers
335
## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers
336
## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers
337
initContainers:
338
resources:
339
limits: {}
340
requests:
341
cpu: 100m
342
memory: 128Mi
343
# Configure commit/action signing prerequisites
344
## @section Signing
345
#
346
## @param signing.enabled Enable commit/action signing
347
## @param signing.gpgHome GPG home directory
348
## @param signing.privateKey Inline private gpg key for signed internal Git activity
349
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
350
signing:
351
enabled: false
352
gpgHome: /data/git/.gnupg
353
privateKey: ""
354
# privateKey: |-
355
# -----BEGIN PGP PRIVATE KEY BLOCK-----
356
# ...
357
# -----END PGP PRIVATE KEY BLOCK-----
358
existingSecret: ""
359
## @section Gitea
360
#
361
gitea:
362
## @param gitea.admin.username Username for the Gitea admin user
363
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
364
## @param gitea.admin.password Password for the Gitea admin user
365
## @param gitea.admin.email Email for the Gitea admin user
366
## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated
367
admin:
368
# existingSecret: gitea-admin-secret
369
existingSecret:
370
username: gitea_admin
371
password: r8sA8CPHD9!bt6d
372
email: "gitea@local.domain"
373
passwordMode: keepUpdated
374
## @param gitea.metrics.enabled Enable Gitea metrics
375
## @param gitea.metrics.token used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public.
376
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally.
377
## @param gitea.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
378
## @param gitea.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
379
## @param gitea.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. Default is http.
380
## @param gitea.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
381
## @param gitea.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
382
metrics:
383
enabled: false
384
token:
385
serviceMonitor:
386
enabled: false
387
# additionalLabels:
388
# prometheus-release: prom1
389
interval: ""
390
relabelings: []
391
scheme: ""
392
scrapeTimeout: ""
393
tlsConfig: {}
394
## @param gitea.ldap LDAP configuration
395
ldap: []
396
# - name: "LDAP 1"
397
# existingSecret:
398
# securityProtocol:
399
# host:
400
# port:
401
# userSearchBase:
402
# userFilter:
403
# adminFilter:
404
# emailAttribute:
405
# bindDn:
406
# bindPassword:
407
# usernameAttribute:
408
# publicSSHKeyAttribute:
409
410
# Either specify inline `key` and `secret` or refer to them via `existingSecret`
411
## @param gitea.oauth OAuth configuration
412
oauth: []
413
# - name: 'OAuth 1'
414
# provider:
415
# key:
416
# secret:
417
# existingSecret:
418
# autoDiscoverUrl:
419
# useCustomUrls:
420
# customAuthUrl:
421
# customTokenUrl:
422
# customProfileUrl:
423
# customEmailUrl:
424
425
## @param gitea.config.server.SSH_PORT SSH port for rootlful Gitea image
426
## @param gitea.config.server.SSH_LISTEN_PORT SSH port for rootless Gitea image
427
config:
428
# APP_NAME: "Gitea: Git with a cup of tea"
429
# RUN_MODE: dev
430
server:
431
SSH_PORT: 22 # rootful image
432
SSH_LISTEN_PORT: 2222 # rootless image
433
#
434
# security:
435
# PASSWORD_COMPLEXITY: spec
436
437
## @param gitea.additionalConfigSources Additional configuration from secret or configmap
438
additionalConfigSources: []
439
# - secret:
440
# secretName: gitea-app-ini-oauth
441
# - configMap:
442
# name: gitea-app-ini-plaintext
443
444
## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
445
additionalConfigFromEnvs: []
446
## @param gitea.extraEnvSourceFile Source environment variables from a file during init container startup. This is especially useful for reading environment variable files generated by the Vault agent-injector.
447
## See the sample annotations below for reference.
448
## podAnnotations:
449
## vault.hashicorp.com/agent-inject: "true"
450
## vault.hashicorp.com/agent-init-first: "true"
451
## vault.hashicorp.com/agent-inject-secret-gitea: <path/to/secret>
452
## vault.hashicorp.com/agent-inject-template-gitea: |
453
## {{- with secret "path/to/secret" -}}
454
## export GITEA__database__HOST="{{ .Data.data.db_host }}"
455
## export GITEA__database__NAME="{{ .Data.data.db_name }}"
456
## export GITEA__database__USER="{{ .Data.data.db_user }}"
457
## export GITEA__database__PASSWD="{{ .Data.data.db_password }}"
458
## export GITEA__queue__CONN_STR="{{ .Data.data.kv_conn_string }}"
459
## export GITEA__session__PROVIDER_CONFIG="{{ .Data.data.kv_conn_string }}"
460
## export GITEA__cache__HOST="{{ .Data.data.kv_conn_string }}"
461
## export GITEA_ADMIN_USERNAME="{{ .Data.data.gitea_admin_user }}"
462
## export GITEA_ADMIN_PASSWORD="{{ .Data.data.gitea_admin_password }}"
463
## {{- end }}
464
465
# extraEnvSourceFile: /vault/secrets/gitea
466
extraEnvSourceFile:
467
## @param gitea.podAnnotations Annotations for the Gitea pod
468
podAnnotations: {}
469
## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image.
470
ssh:
471
logLevel: "INFO"
472
## @section LivenessProbe
473
#
474
## @param gitea.livenessProbe.enabled Enable liveness probe
475
## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
476
## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
477
## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
478
## @param gitea.livenessProbe.periodSeconds Period for liveness probe
479
## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
480
## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
481
# Modify the liveness probe for your needs or completely disable it by commenting out.
482
livenessProbe:
483
enabled: true
484
tcpSocket:
485
port: http
486
initialDelaySeconds: 200
487
timeoutSeconds: 1
488
periodSeconds: 10
489
successThreshold: 1
490
failureThreshold: 10
491
## @section ReadinessProbe
492
#
493
## @param gitea.readinessProbe.enabled Enable readiness probe
494
## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
495
## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
496
## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
497
## @param gitea.readinessProbe.periodSeconds Period for readiness probe
498
## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
499
## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
500
# Modify the readiness probe for your needs or completely disable it by commenting out.
501
readinessProbe:
502
enabled: true
503
tcpSocket:
504
port: http
505
initialDelaySeconds: 5
506
timeoutSeconds: 1
507
periodSeconds: 10
508
successThreshold: 1
509
failureThreshold: 3
510
# # Uncomment the startup probe to enable and modify it for your needs.
511
## @section StartupProbe
512
#
513
## @param gitea.startupProbe.enabled Enable startup probe
514
## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
515
## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
516
## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
517
## @param gitea.startupProbe.periodSeconds Period for startup probe
518
## @param gitea.startupProbe.successThreshold Success threshold for startup probe
519
## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
520
startupProbe:
521
enabled: false
522
tcpSocket:
523
port: http
524
initialDelaySeconds: 60
525
timeoutSeconds: 1
526
periodSeconds: 10
527
successThreshold: 1
528
failureThreshold: 10
529
## @section valkey-cluster
530
## @descriptionStart
531
## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
532
## @descriptionEnd
533
valkey-cluster:
534
## @param valkey-cluster.enabled Enable valkey cluster
535
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
536
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
537
## @param valkey-cluster.usePassword Whether to use password authentication.
538
## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables.
539
enabled: true
540
usePassword: false
541
usePasswordFiles: false
542
## @param valkey-cluster.image.repository Image repository, eg. `bitnamilegacy/valkey-cluster`.
543
image:
544
repository: bitnamilegacy/valkey-cluster
545
## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
546
## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
547
cluster:
548
nodes: 3 # default: 6
549
replicas: 0 # default: 1
550
## @param valkey-cluster.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`.
551
metrics:
552
image:
553
repository: bitnamilegacy/redis-exporter
554
## @param valkey-cluster.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
555
## @param valkey-cluster.persistence.storageClass Persistent Volume storage class.
556
## @param valkey-cluster.persistence.size Persistent Volume size.
557
persistence:
558
enabled: true
559
storageClass: ""
560
size: 8Gi
561
## @param valkey-cluster.service.ports.valkey Port of Valkey service
562
service:
563
ports:
564
valkey: 6379
565
## @param valkey-cluster.sysctlImage.repository Image repository, eg. `bitnamilegacy/os-shell`.
566
sysctlImage:
567
repository: bitnamilegacy/os-shell
568
## @param valkey-cluster.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
569
volumePermissions:
570
image:
571
repository: bitnamilegacy/os-shell
572
## @section valkey
573
574
## @descriptionStart
575
## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
576
## @descriptionEnd
577
valkey:
578
## @param valkey.enabled Enable valkey standalone or replicated
579
## @param valkey.architecture Whether to use standalone or replication
580
enabled: false
581
architecture: standalone
582
## @param valkey.kubectl.image.repository Image repository, eg. `bitnamilegacy/kubectl`.
583
kubectl:
584
image:
585
repository: bitnamilegacy/kubectl
586
## @param valkey.image.repository Image repository, eg. `bitnamilegacy/valkey`.
587
image:
588
repository: bitnamilegacy/valkey
589
# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
590
# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
591
## @param valkey.global.valkey.password Required password
592
global:
593
valkey:
594
password: changeme
595
## @param valkey.master.count Number of Valkey master instances to deploy
596
## @param valkey.master.service.ports.valkey Port of Valkey service
597
master:
598
count: 1
599
service:
600
ports:
601
valkey: 6379
602
## @param valkey.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`.
603
metrics:
604
image:
605
repository: bitnamilegacy/redis-exporter
606
primary:
607
## @param valkey.primary.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
608
## @param valkey.primary.persistence.storageClass Persistent Volume storage class.
609
## @param valkey.primary.persistence.size Persistent Volume size.
610
persistence:
611
enabled: true
612
storageClass: ""
613
size: 8Gi
614
replica:
615
## @param valkey.replica.persistence.enabled Enable persistence on Valkey replicas nodes using Persistent Volume Claims.
616
## @param valkey.replica.persistence.storageClass Persistent Volume storage class.
617
## @param valkey.replica.persistence.size Persistent Volume size.
618
persistence:
619
enabled: true
620
storageClass: ""
621
size: 8Gi
622
## @param valkey.sentinel.image.repository Image repository, eg. `bitnamilegacy/sentinel`.
623
sentinel:
624
image:
625
repository: bitnamilegacy/valkey-sentinel
626
## @param valkey.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
627
volumePermissions:
628
image:
629
repository: bitnamilegacy/os-shell
630
## @section PostgreSQL HA
631
postgresql-ha:
632
## @param postgresql-ha.enabled Enable PostgreSQL HA
633
enabled: true
634
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
635
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
636
## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
637
global:
638
postgresql:
639
database: gitea
640
password: gitea
641
username: gitea
642
## @param postgresql-ha.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`.
643
metrics:
644
image:
645
repository: bitnamilegacy/postgres-exporter
646
## @param postgresql-ha.postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql-repmgr`.
647
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
648
## @param postgresql-ha.postgresql.postgresPassword postgres Password
649
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
650
postgresql:
651
image:
652
repository: bitnamilegacy/postgresql-repmgr
653
repmgrPassword: changeme2
654
postgresPassword: changeme1
655
password: changeme4
656
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
657
## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`.
658
## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword
659
pgpool:
660
adminPassword: changeme3
661
image:
662
repository: bitnamilegacy/pgpool
663
srCheckPassword: changeme4
664
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
665
service:
666
ports:
667
postgresql: 5432
668
## @param postgresql-ha.persistence.enabled Enable persistence.
669
## @param postgresql-ha.persistence.storageClass Persistent Volume Storage Class.
670
## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
671
persistence:
672
enabled: true
673
storageClass: ""
674
size: 10Gi
675
## @param postgresql-ha.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
676
volumePermissions:
677
image:
678
repository: bitnamilegacy/os-shell
679
## @section PostgreSQL
680
postgresql:
681
## @param postgresql.enabled Enable PostgreSQL
682
enabled: false
683
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
684
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
685
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
686
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
687
global:
688
postgresql:
689
auth:
690
password: gitea
691
database: gitea
692
username: gitea
693
service:
694
ports:
695
postgresql: 5432
696
## @param postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql`.
697
image:
698
repository: bitnamilegacy/postgresql
699
primary:
700
## @param postgresql.primary.persistence.enabled Enable persistence.
701
## @param postgresql.primary.persistence.storageClass Persistent Volume storage class.
702
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume.
703
persistence:
704
enabled: true
705
storageClass: ""
706
size: 10Gi
707
readReplicas:
708
## @param postgresql.readReplicas.persistence.enabled Enable PostgreSQL read only data persistence using PVC.
709
## @param postgresql.readReplicas.persistence.storageClass Persistent Volume storage class.
710
## @param postgresql.readReplicas.persistence.size PVC Storage Request for PostgreSQL volume.
711
persistence:
712
enabled: true
713
storageClass: ""
714
size: ""
715
## @param postgresql.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`.
716
metrics:
717
image:
718
repository: bitnamilegacy/postgres-exporter
719
## @param postgresql.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
720
volumePermissions:
721
image:
722
repository: bitnamilegacy/os-shell
723
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
724
# Set it to false to skip this basic validation check.
725
## @section Advanced
726
## @param checkDeprecation Set it to false to skip this basic validation check.
727
## @param test.enabled Set it to false to disable test-connection Pod.
728
## @param test.image.name Image name for the wget container used in the test-connection Pod.
729
## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
730
checkDeprecation: true
731
test:
732
enabled: true
733
image:
734
name: busybox
735
tag: latest
736
## @param extraDeploy Array of extra objects to deploy with the release
737
##
738
extraDeploy: []
739
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.