stacks/template/stacks/forgejo/forgejo-server/values.yaml


# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.
strategy:
  type: Recreate

redis-cluster:
  enabled: false

redis:
  enabled: false

postgresql:
  enabled: false

postgresql-ha:
  enabled: false

persistence:
  enabled: true
  size: 200Gi
  storageClass: csi-disk
  annotations:
    everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
    everest.io/disk-volume-type: GPSSD

test:
  enabled: false

deployment:
  env:
    - name: SSL_CERT_DIR
      value: /etc/ssl/forgejo

extraVolumeMounts:
  - mountPath: /etc/ssl/forgejo
    name: custom-database-certs-volume
    readOnly: true

extraVolumes:
  - name: custom-database-certs-volume
    secret:
      secretName: custom-database-certs

gitea:
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
  additionalConfigFromEnvs:
    - name: FORGEJO__storage__MINIO_ACCESS_KEY_ID
      valueFrom:
        secretKeyRef:
          name: forgejo-cloud-credentials
          key: access-key
    - name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY
      valueFrom:
        secretKeyRef:
          name: forgejo-cloud-credentials
          key: secret-key
    - name: FORGEJO__queue__CONN_STR
      valueFrom:
        secretKeyRef:
          name: redis-forgejo-cloud-credentials
          key: connection-string
    - name: FORGEJO__session__PROVIDER_CONFIG
      valueFrom:
        secretKeyRef:
          name: redis-forgejo-cloud-credentials
          key: connection-string
    - name: FORGEJO__cache__HOST
      valueFrom:
        secretKeyRef:
          name: redis-forgejo-cloud-credentials
          key: connection-string
    - name: FORGEJO__database__HOST
      valueFrom:
        secretKeyRef:
          name: postgres-forgejo-cloud-credentials
          key: host_port
    - name: FORGEJO__database__NAME
      valueFrom:
        secretKeyRef:
          name: postgres-forgejo-cloud-credentials
          key: database
    - name: FORGEJO__database__USER
      valueFrom:
        secretKeyRef:
          name: postgres-forgejo-cloud-credentials
          key: username
    - name: FORGEJO__database__PASSWD
      valueFrom:
        secretKeyRef:
          name: postgres-forgejo-cloud-credentials
          key: password
    # Either 'elasticsearch' or 'bleve' (go in memory search engine)
    - name: FORGEJO__indexer__ISSUE_INDEXER_TYPE
      valueFrom:
        secretKeyRef:
          name: elasticsearch-cloud-credentials
          key: type
    - name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR
      valueFrom:
        secretKeyRef:
          name: elasticsearch-cloud-credentials
          key: connection-string
    - name: FORGEJO__indexer__ISSUE_INDEXER_ENABLED
      valueFrom:
        secretKeyRef:
          name: elasticsearch-cloud-credentials
          key: enabled
    - name: FORGEJO__mailer__PASSWD
      valueFrom:
        secretKeyRef:
          name: email-user-credentials
          key: connection-string

  admin:
    existingSecret: gitea-credential

  config:
    APP_NAME: 'EDP'
    APP_SLOGAN: 'Build your thing in minutes'
    storage:
      MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
      STORAGE_TYPE: minio
      MINIO_LOCATION: eu-de
      MINIO_BUCKET: "{{{ getenv "FORGEJO_BUCKET_NAME" }}}"
      MINIO_USE_SSL: true

    queue:
      TYPE: redis

    session:
      PROVIDER: redis

    cache:
      ENABLED: true
      ADAPTER: redis

    security:
      GLOBAL_TWO_FACTOR_REQUIREMENT: admin

    service:
      DISABLE_REGISTRATION: true
      ENABLE_NOTIFY_MAIL: true

    other:
      SHOW_FOOTER_VERSION: false
      SHOW_FOOTER_TEMPLATE_LOAD_TIME: false

    database:
      DB_TYPE: postgres
      SSL_MODE: verify-ca

    server:
      DOMAIN: '{{{ .Env.DOMAIN_GITEA }}}'
      ROOT_URL: 'https://{{{ .Env.DOMAIN_GITEA }}}:443'

    mailer:
      ENABLED: true
      USER: ipcei-cis-devfw@mms-support.de
      PROTOCOL: smtps
      FROM: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'
      SMTP_ADDR: mail.mms-support.de
      SMTP_PORT: 465

service:
  ssh:
    type: LoadBalancer
    nodePort: 32222
    externalTrafficPolicy: Cluster
    annotations:
      kubernetes.io/elb.id: {{{ .Env.LOADBALANCER_ID }}}

image:
  pullPolicy: "IfNotPresent"
  # Overrides the image tag whose default is the chart appVersion.
  #tag: "8.0.3"
  # Adds -rootless suffix to image name
  # rootless: true
  fullOverride: {{{ getenv "CLIENT_REPO_DOMAIN" }}}/devfw-cicd/edp-forgejo:{{{ .Env.FORGEJO_IMAGE_TAG }}}

forgejo: {}
fix(pipeline): define gomplate template for storage 2025-07-25 13:16:20 +02:00
added FORGEJO_IMAGE_TAG env var 2025-11-28 11:27:50 +01:00			`# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.`
fix(forgejo): switched from rollingUpdate to recreate 2025-06-19 14:25:30 +02:00			`strategy:`
			`type: Recreate`

first commit 2024-11-20 15:18:39 +01:00			`redis-cluster:`
feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00			`enabled: false`

			`redis:`
			`enabled: false`

first commit 2024-11-20 15:18:39 +01:00			`postgresql:`
			`enabled: false`
feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00
first commit 2024-11-20 15:18:39 +01:00			`postgresql-ha:`
			`enabled: false`

			`persistence:`
			`enabled: true`
feat(pvc): ✨ Increase persistence size and add annotations Updates the persistence size from 5Gi to 200Gi to accommodate larger data storage needs. Adds annotations for KMS key ID to enhance security and management of persistent volumes. 2025-06-16 14:01:57 +02:00			`size: 200Gi`
chore(OTC): changed obsolete disk type 2025-08-07 11:30:27 +00:00			`storageClass: csi-disk`
feat(pvc): ✨ Increase persistence size and add annotations Updates the persistence size from 5Gi to 200Gi to accommodate larger data storage needs. Adds annotations for KMS key ID to enhance security and management of persistent volumes. 2025-06-16 14:01:57 +02:00			`annotations:`
			`everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}`
chore(OTC): changed obsolete disk type 2025-08-07 11:30:27 +00:00			`everest.io/disk-volume-type: GPSSD`
first commit 2024-11-20 15:18:39 +01:00
			`test:`
			`enabled: false`

feat: 🎉 Add SSL certificate configuration for deployment Adds configuration for SSL certificate in the deployment settings by introducing environment variables and volume mounts for the Elasticsearch certificate. This enhancement improves security by ensuring that the application can properly utilize SSL certificates for secure communication. 2025-06-03 16:54:06 +02:00			`deployment:`
			`env:`
feat(database): use certificate folder for elasticsearch 2025-06-17 14:05:41 +02:00			`- name: SSL_CERT_DIR`
feat(database): enable ssl mode in database 2025-06-17 14:43:04 +02:00			`value: /etc/ssl/forgejo`
feat: 🎉 Add SSL certificate configuration for deployment Adds configuration for SSL certificate in the deployment settings by introducing environment variables and volume mounts for the Elasticsearch certificate. This enhancement improves security by ensuring that the application can properly utilize SSL certificates for secure communication. 2025-06-03 16:54:06 +02:00
			`extraVolumeMounts:`
feat(database): use certificate folder for elasticsearch 2025-06-17 14:05:41 +02:00			`- mountPath: /etc/ssl/forgejo`
feat(database): rename postgres certificate in k8s secrets 2025-06-17 14:30:51 +02:00			`name: custom-database-certs-volume`
feat(postgres): added volumeMount for postgres cert 2025-06-16 17:27:51 +02:00			`readOnly: true`
feat: 🎉 Add SSL certificate configuration for deployment Adds configuration for SSL certificate in the deployment settings by introducing environment variables and volume mounts for the Elasticsearch certificate. This enhancement improves security by ensuring that the application can properly utilize SSL certificates for secure communication. 2025-06-03 16:54:06 +02:00
			`extraVolumes:`
feat(database): rename postgres certificate in k8s secrets 2025-06-17 14:30:51 +02:00			`- name: custom-database-certs-volume`
feat(postgres): added volumeMount for postgres cert 2025-06-16 17:27:51 +02:00			`secret:`
feat(database): rename postgres certificate in k8s secrets 2025-06-17 14:30:51 +02:00			`secretName: custom-database-certs`
feat: 🎉 Add SSL certificate configuration for deployment Adds configuration for SSL certificate in the deployment settings by introducing environment variables and volume mounts for the Elasticsearch certificate. This enhancement improves security by ensuring that the application can properly utilize SSL certificates for secure communication. 2025-06-03 16:54:06 +02:00
first commit 2024-11-20 15:18:39 +01:00			`gitea:`
feat(observability): Enabled metrics endpoint and scrape config for gitea Refs: DevFW/infra-deploy#92 2025-07-15 13:53:42 +00:00			`metrics:`
			`enabled: true`
			`serviceMonitor:`
			`enabled: true`
fix: test environment to ini 2025-05-26 16:21:30 +02:00			`additionalConfigFromEnvs:`
feat(pipeline): Created managed storage for forgejo 2025-05-27 16:33:20 +02:00			`- name: FORGEJO__storage__MINIO_ACCESS_KEY_ID`
			`valueFrom:`
			`secretKeyRef:`
			`name: forgejo-cloud-credentials`
			`key: access-key`
			`- name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY`
			`valueFrom:`
			`secretKeyRef:`
			`name: forgejo-cloud-credentials`
			`key: secret-key`
feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00			`- name: FORGEJO__queue__CONN_STR`
			`valueFrom:`
			`secretKeyRef:`
			`name: redis-forgejo-cloud-credentials`
			`key: connection-string`
			`- name: FORGEJO__session__PROVIDER_CONFIG`
			`valueFrom:`
			`secretKeyRef:`
			`name: redis-forgejo-cloud-credentials`
			`key: connection-string`
			`- name: FORGEJO__cache__HOST`
			`valueFrom:`
			`secretKeyRef:`
			`name: redis-forgejo-cloud-credentials`
			`key: connection-string`
feat(forgejo): Added postgres to forgejo ini 2025-05-30 16:49:03 +02:00			`- name: FORGEJO__database__HOST`
			`valueFrom:`
			`secretKeyRef:`
			`name: postgres-forgejo-cloud-credentials`
feat(forgejo): rename forgejo database host secret key 2025-06-02 13:13:42 +02:00			`key: host_port`
feat(forgejo): Added postgres to forgejo ini 2025-05-30 16:49:03 +02:00			`- name: FORGEJO__database__NAME`
			`valueFrom:`
			`secretKeyRef:`
			`name: postgres-forgejo-cloud-credentials`
feat(forgejo): database reference refactoring 2025-06-02 15:05:14 +02:00			`key: database`
feat(forgejo): Added postgres to forgejo ini 2025-05-30 16:49:03 +02:00			`- name: FORGEJO__database__USER`
			`valueFrom:`
			`secretKeyRef:`
			`name: postgres-forgejo-cloud-credentials`
feat(forgejo): database reference refactoring 2025-06-02 15:05:14 +02:00			`key: username`
feat(forgejo): Added postgres password 2025-05-30 18:02:59 +02:00			`- name: FORGEJO__database__PASSWD`
			`valueFrom:`
			`secretKeyRef:`
			`name: postgres-forgejo-cloud-credentials`
			`key: password`
fix(forgejo): use bleve if elasticsearch is disabled 2025-07-18 14:33:46 +02:00			`# Either 'elasticsearch' or 'bleve' (go in memory search engine)`
			`- name: FORGEJO__indexer__ISSUE_INDEXER_TYPE`
			`valueFrom:`
			`secretKeyRef:`
			`name: elasticsearch-cloud-credentials`
			`key: type`
feat: ✨ Add Elasticsearch indexer configuration Introduces the configuration for the issue indexer using Elasticsearch, enabling the ISSUE_INDEXER feature. Sets the ISSUE_INDEXER_ENABLED flag to true and specifies the connection string sourced from a secret. Prepares for future enhancements by including placeholders for repository indexing options. 2025-06-02 17:39:15 +02:00			`- name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR`
			`valueFrom:`
			`secretKeyRef:`
			`name: elasticsearch-cloud-credentials`
			`key: connection-string`
fix(elasticsearch): add toogle to omit elasticsearch 2025-07-17 14:55:22 +02:00			`- name: FORGEJO__indexer__ISSUE_INDEXER_ENABLED`
			`valueFrom:`
			`secretKeyRef:`
			`name: elasticsearch-cloud-credentials`
			`key: enabled`
feat(mail): ✨ Update mailer configuration and add credentials Enhances the mailer setup by updating SMTP details to use secure connection and new credentials. Adds a reference to secret key for email password, improving security for email communication. 2025-06-16 13:09:23 +02:00			`- name: FORGEJO__mailer__PASSWD`
			`valueFrom:`
			`secretKeyRef:`
			`name: email-user-credentials`
fix(mail): 🔧 Update connection string reference in values.yaml Corrects the key reference in the configuration for Gitea's email user credentials from 'password' to 'connection-string' to ensure proper connection handling. 2025-06-16 13:23:40 +02:00			`key: connection-string`
feat(pipeline): Created managed storage for forgejo 2025-05-27 16:33:20 +02:00
first commit 2024-11-20 15:18:39 +01:00			`admin:`
			`existingSecret: gitea-credential`
feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00
first commit 2024-11-20 15:18:39 +01:00			`config:`
feat(forgejo): new name and slogan 2025-07-02 14:04:40 +00:00			`APP_NAME: 'EDP'`
			`APP_SLOGAN: 'Build your thing in minutes'`
feat(pipeline): Created managed storage for forgejo 2025-05-27 16:33:20 +02:00			`storage:`
			`MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443`
			`STORAGE_TYPE: minio`
			`MINIO_LOCATION: eu-de`
Update garm-helm version to v0.0.7 2026-03-04 17:04:53 +01:00			`MINIO_BUCKET: "{{{ getenv "FORGEJO_BUCKET_NAME" }}}"`
feat(pipeline): Created managed storage for forgejo 2025-05-27 16:33:20 +02:00			`MINIO_USE_SSL: true`

feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00			`queue:`
			`TYPE: redis`

			`session:`
			`PROVIDER: redis`

			`cache:`
			`ENABLED: true`
			`ADAPTER: redis`

Enforce MFA for all admin users 2026-03-17 14:06:06 +01:00			`security:`
			`GLOBAL_TWO_FACTOR_REQUIREMENT: admin`

Disabled user self registration in Forgejo 2025-04-12 16:17:20 +00:00			`service:`
			`DISABLE_REGISTRATION: true`
fix(forgejo): Enable email notifications for common things like PR's 2025-07-31 09:31:00 +00:00			`ENABLE_NOTIFY_MAIL: true`
feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00
Update template/stacks/core/forgejo/values.yaml 2025-04-12 16:27:05 +00:00			`other:`
			`SHOW_FOOTER_VERSION: false`
			`SHOW_FOOTER_TEMPLATE_LOAD_TIME: false`
feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00
first commit 2024-11-20 15:18:39 +01:00			`database:`
feat(forgejo): Added postgres to forgejo ini 2025-05-30 16:49:03 +02:00			`DB_TYPE: postgres`
feat(database): use verify-ca instead of verify-full 2025-06-17 14:58:10 +02:00			`SSL_MODE: verify-ca`
feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00
first commit 2024-11-20 15:18:39 +01:00			`server:`
created an own variable for domain gitea 2025-02-24 23:10:05 +01:00			`DOMAIN: '{{{ .Env.DOMAIN_GITEA }}}'`
			`ROOT_URL: 'https://{{{ .Env.DOMAIN_GITEA }}}:443'`
feat(redis): removed duplicate entries in forgejo values.yaml 2025-05-30 09:25:14 +00:00
feat(mailhog): IPCEICIS-3048 - mailhog deployed, ingress is https://<URL>/mailhog, forgje is configured 2025-03-20 23:47:53 +01:00			`mailer:`
			`ENABLED: true`
feat(mail): ✨ Update mailer configuration and add credentials Enhances the mailer setup by updating SMTP details to use secure connection and new credentials. Adds a reference to secret key for email password, improving security for email communication. 2025-06-16 13:09:23 +02:00			`USER: ipcei-cis-devfw@mms-support.de`
			`PROTOCOL: smtps`
			`FROM: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'`
			`SMTP_ADDR: mail.mms-support.de`
			`SMTP_PORT: 465`
first commit 2024-11-20 15:18:39 +01:00
			`service:`
			`ssh:`
feat(forgejo): reconfigure loadbalancer to allow ssh 2025-07-04 09:56:49 +02:00			`type: LoadBalancer`
first commit 2024-11-20 15:18:39 +01:00			`nodePort: 32222`
feat(forgejo): reconfigure loadbalancer to allow ssh 2025-07-04 09:56:49 +02:00			`externalTrafficPolicy: Cluster`
			`annotations:`
added FORGEJO_IMAGE_TAG env var 2025-11-28 11:27:50 +01:00			`kubernetes.io/elb.id: {{{ .Env.LOADBALANCER_ID }}}`
first commit 2024-11-20 15:18:39 +01:00
			`image:`
			`pullPolicy: "IfNotPresent"`
			`# Overrides the image tag whose default is the chart appVersion.`
			`#tag: "8.0.3"`
			`# Adds -rootless suffix to image name`
chore(image): switched to forgejo-edp 2025-07-02 09:51:57 +00:00			`# rootless: true`
added FORGEJO_IMAGE_TAG env var 2025-11-28 11:27:50 +01:00			`fullOverride: {{{ getenv "CLIENT_REPO_DOMAIN" }}}/devfw-cicd/edp-forgejo:{{{ .Env.FORGEJO_IMAGE_TAG }}}`
Enables forgejo runner in forgejo helm values 2024-11-22 12:01:16 +01:00
Rename optimiser to sizer 2026-03-10 09:39:08 +01:00			`forgejo: {}`