apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: gitea namespace: default spec: interval: 5m chart: spec: chart: app-template version: 1.3.x sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system values: image: repository: gitea/gitea tag: latest-rootless podLabels: needsDatabase: "yes" needsAuthentik: "yes" env: USER_UID: 10000 USER_GID: 10000 envFrom: - secretRef: name: gitea-secret # Sidecar used for mirroring GitHub repos to gitea sidecars: mirror-to-gitea: image: jaedle/mirror-to-gitea:latest imagePullPolicy: Always envFrom: - secretRef: name: gitea-sidecar-secret service: main: ports: http: port: 3000 ssh: enabled: true type: NodePort ports: ssh: enabled: true port: 22 protocol: TCP nodePort: 30022 probes: liveness: enabled: false ingress: main: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "git.${SECRET_NEW_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - *host secretName: wildcard-main-tls persistence: storage: enabled: true type: hostPath hostPath: /mnt/MainPool/Kubernetes/gitea mountPath: /var/lib/gitea config: enabled: true type: secret name: gitea-appini-secret mountPath: /etc/gitea podSecurityContext: runAsNonRoot: true runAsUser: 10000 runAsGroup: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch resources: requests: cpu: 1m memory: 340Mi limits: memory: 1Gi