Daniel Sy
900c1f6c80
Automated upload (95deeef) overwrote 5 manually-pinned values:
- forgejo-server: restore workflow-webhook-20260305 (DB has v15a/v15b
migrations; rolling back to 14.0.2-edp1-rootless WILL break the DB)
- garm: restore v0.1.7-forgejo-22 (v0.1.7-forgejo-23 has exec format
error — wrong arch build, crashes on OTC CCE amd64 nodes)
- sizer-receiver/secret.yaml: re-add sizer-oidc-client secret (deleted
by upload; causes OIDC auth failure on every sizer-receiver login)
- dex/manifests/dex-sizer-client.yaml: re-add (deleted by upload;
dex cannot resolve sizer OIDC client without this secret)
- dex.yaml: restore manifests source block (removed by upload;
without it ArgoCD never deploys the dex/manifests/ directory)
backup-alerts.yaml (new VMRule from automated upload) is kept as-is.
182 lines
4.4 KiB
YAML
182 lines
4.4 KiB
YAML
|
|
# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.
|
|
strategy:
|
|
type: Recreate
|
|
|
|
redis-cluster:
|
|
enabled: false
|
|
|
|
redis:
|
|
enabled: false
|
|
|
|
postgresql:
|
|
enabled: false
|
|
|
|
postgresql-ha:
|
|
enabled: false
|
|
|
|
persistence:
|
|
enabled: true
|
|
size: 200Gi
|
|
storageClass: csi-disk
|
|
annotations:
|
|
everest.io/crypt-key-id: 01ee1b47-8bcd-4adf-8ffb-c09d6f48ae71
|
|
everest.io/disk-volume-type: GPSSD
|
|
|
|
test:
|
|
enabled: false
|
|
|
|
deployment:
|
|
env:
|
|
- name: SSL_CERT_DIR
|
|
value: /etc/ssl/forgejo
|
|
|
|
extraVolumeMounts:
|
|
- mountPath: /etc/ssl/forgejo
|
|
name: custom-database-certs-volume
|
|
readOnly: true
|
|
|
|
extraVolumes:
|
|
- name: custom-database-certs-volume
|
|
secret:
|
|
secretName: custom-database-certs
|
|
|
|
gitea:
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
additionalConfigFromEnvs:
|
|
- name: FORGEJO__storage__MINIO_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: forgejo-cloud-credentials
|
|
key: access-key
|
|
- name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: forgejo-cloud-credentials
|
|
key: secret-key
|
|
- name: FORGEJO__queue__CONN_STR
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-forgejo-cloud-credentials
|
|
key: connection-string
|
|
- name: FORGEJO__session__PROVIDER_CONFIG
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-forgejo-cloud-credentials
|
|
key: connection-string
|
|
- name: FORGEJO__cache__HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-forgejo-cloud-credentials
|
|
key: connection-string
|
|
- name: FORGEJO__database__HOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-forgejo-cloud-credentials
|
|
key: host_port
|
|
- name: FORGEJO__database__NAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-forgejo-cloud-credentials
|
|
key: database
|
|
- name: FORGEJO__database__USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-forgejo-cloud-credentials
|
|
key: username
|
|
- name: FORGEJO__database__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: postgres-forgejo-cloud-credentials
|
|
key: password
|
|
# Either 'elasticsearch' or 'bleve' (go in memory search engine)
|
|
- name: FORGEJO__indexer__ISSUE_INDEXER_TYPE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: elasticsearch-cloud-credentials
|
|
key: type
|
|
- name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: elasticsearch-cloud-credentials
|
|
key: connection-string
|
|
- name: FORGEJO__indexer__ISSUE_INDEXER_ENABLED
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: elasticsearch-cloud-credentials
|
|
key: enabled
|
|
- name: FORGEJO__mailer__PASSWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: email-user-credentials
|
|
key: connection-string
|
|
|
|
admin:
|
|
existingSecret: gitea-credential
|
|
|
|
config:
|
|
APP_NAME: 'EDP'
|
|
APP_SLOGAN: 'Build your thing in minutes'
|
|
storage:
|
|
MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
|
|
STORAGE_TYPE: minio
|
|
MINIO_LOCATION: eu-de
|
|
MINIO_BUCKET: "edp-forgejo-non-prod-dev"
|
|
MINIO_USE_SSL: true
|
|
|
|
queue:
|
|
TYPE: redis
|
|
|
|
session:
|
|
PROVIDER: redis
|
|
|
|
cache:
|
|
ENABLED: true
|
|
ADAPTER: redis
|
|
|
|
security:
|
|
GLOBAL_TWO_FACTOR_REQUIREMENT: admin
|
|
|
|
service:
|
|
DISABLE_REGISTRATION: true
|
|
ENABLE_NOTIFY_MAIL: true
|
|
|
|
other:
|
|
SHOW_FOOTER_VERSION: false
|
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
|
|
|
|
database:
|
|
DB_TYPE: postgres
|
|
SSL_MODE: verify-ca
|
|
|
|
server:
|
|
DOMAIN: 'dev.t09.de'
|
|
ROOT_URL: 'https://dev.t09.de:443'
|
|
|
|
mailer:
|
|
ENABLED: true
|
|
USER: ipcei-cis-devfw@mms-support.de
|
|
PROTOCOL: smtps
|
|
FROM: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'
|
|
SMTP_ADDR: mail.mms-support.de
|
|
SMTP_PORT: 465
|
|
|
|
service:
|
|
ssh:
|
|
type: LoadBalancer
|
|
nodePort: 32222
|
|
externalTrafficPolicy: Cluster
|
|
annotations:
|
|
kubernetes.io/elb.id: 1f36be61-452d-44c8-8c98-6d6c9e1b9af0
|
|
|
|
image:
|
|
pullPolicy: "IfNotPresent"
|
|
# DB has v15a/v15b migrations from workflow-webhook build.
|
|
# Using that image until a proper v15+ EDP release is cut.
|
|
# DO NOT revert — automated upload will break the DB schema.
|
|
fullOverride: edp.buildth.ing/devfw-cicd/edp-forgejo:workflow-webhook-20260305
|
|
|
|
forgejo: {}
|