fix(Chart): add annotation 'artifacthub.io/links'

chore(deps): update dependency helm-unittest/helm-unittest to v1.0.3 (#964 )
Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
2025-10-12 12:13:40 +02:00 · 2025-10-12 00:05:15 +00:00 · 2025-10-07 00:04:56 +00:00 · 2025-10-05 18:11:37 +00:00 · 2025-10-05 00:04:43 +00:00 · 2025-10-02 15:57:22 +00:00
78 changed files with 450 additions and 1687 deletions
--- a/.gitea/scripts/update-changelog.sh
+++ b/.gitea/scripts/update-changelog.sh
@@ -1,86 +0,0 @@
-#!/bin/bash
-
-DEFAULT_GITEA_SERVER_URL="${GITHUB_SERVER_URL:-"https://gitea.com"}"
-DEFAULT_GITEA_REPOSITORY="${GITHUB_REPOSITORY:-"gitea/helm-gitea"}"
-DEFAULT_GITEA_TOKEN="${ISSUE_RW_TOKEN:-""}"
-
-if [ -z "${1}" ]; then
-  read -p "Enter hostname of the Gitea instance [${DEFAULT_GITEA_SERVER_URL}]: " CURRENT_GITEA_SERVER_URL
-  if [ -z "${CURRENT_GITEA_SERVER_URL}" ]; then
-    CURRENT_GITEA_SERVER_URL="${DEFAULT_GITEA_SERVER_URL}"
-  fi
-else
-  CURRENT_GITEA_SERVER_URL=$1
-fi
-
-if [ -z "${2}" ]; then
-  read -p "Enter name of the git repository [${DEFAULT_GITEA_REPOSITORY}]: " CURRENT_GITEA_REPOSITORY
-  if [ -z "${CURRENT_GITEA_REPOSITORY}" ]; then
-    CURRENT_GITEA_REPOSITORY="${DEFAULT_GITEA_REPOSITORY}"
-  fi
-else
-  CURRENT_GITEA_REPOSITORY=$2
-fi
-
-if [ -z "${3}" ]; then
-  read -p "Enter token to access the Gitea instance [${DEFAULT_GITEA_TOKEN}]: " CURRENT_GITEA_TOKEN
-  if [ -z "${CURRENT_GITEA_TOKEN}" ]; then
-    CURRENT_GITEA_TOKEN="${DEFAULT_GITEA_TOKEN}"
-  fi
-else
-  CURRENT_GITEA_TOKEN=$3
-fi
-
-if ! git sv rn -o /tmp/changelog.md; then
-  echo "ERROR: Failed to generate /tmp/changelog.md" 1>&2
-  exit 1
-fi
-
-CURL_ARGS=(
-  "--data-urlencode" "q=Changelog for upcoming version"
-  # "--data-urlencode=\"q=Changelog for upcoming version\""
-  "--data-urlencode" "state=open"
-  "--fail"
-  "--header" "Accept: application/json"
-  "--header" "Authorization: token ${CURRENT_GITEA_TOKEN}"
-  "--request" "GET"
-  "--silent"
-)
-
-if ! ISSUE_NUMBER="$(curl "${CURL_ARGS[@]}" "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues" | jq '.[].number')"; then
-  echo "ERROR: Failed query issue number" 1>&2
-  exit 1
-fi
-export ISSUE_NUMBER
-
-if ! echo "" | jq --raw-input --slurp --arg title "Changelog for upcoming version" --arg body "$(cat /tmp/changelog.md)" '{title: $title, body: $body}' 1> /tmp/payload.json; then
-  echo "ERROR: Failed to create JSON payload file" 1>&2
-  exit 1
-fi
-
-CURL_ARGS=(
-  "--data" "@/tmp/payload.json"
-  "--fail"
-  "--header" "Authorization: token ${CURRENT_GITEA_TOKEN}"
-  "--header" "Content-Type: application/json"
-  "--location"
-  "--silent"
-  "--output" "/dev/null"
-)
-
-if [ -z "${ISSUE_NUMBER}" ]; then
-  if ! curl "${CURL_ARGS[@]}" --request POST "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues"; then
-    echo "ERROR: Failed to create new issue!" 1>&2
-    exit 1
-  else
-    echo "INFO: Successfully created new issue!"
-  fi
-else
-  if ! curl "${CURL_ARGS[@]}" --request PATCH "${CURRENT_GITEA_SERVER_URL}/api/v1/repos/${CURRENT_GITEA_REPOSITORY}/issues/${ISSUE_NUMBER}"; then
-    echo "ERROR: Failed to update issue with ID ${ISSUE_NUMBER}!" 1>&2
-    exit 1
-  else
-    echo "INFO: Successfully updated existing issue with ID ${ISSUE_NUMBER}!"
-    echo "INFO: ${CURRENT_GITEA_SERVER_URL}/${CURRENT_GITEA_REPOSITORY}/issues/${ISSUE_NUMBER}"
-  fi
-fi
--- a/.gitea/workflows/changelog.yml
+++ b/.gitea/workflows/changelog.yml
@@ -0,0 +1,32 @@
+name: changelog
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  changelog:
+    runs-on: ubuntu-latest
+    container: docker.io/thegeeklab/git-sv:2.0.5
+    steps:
+      - name: install tools
+        run: |
+          apk add -q --update --no-cache nodejs curl jq sed
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - name: Generate upcoming changelog
+        run: |
+          git sv rn -o changelog.md
+          export RELEASE_NOTES=$(cat changelog.md)
+          export ISSUE_NUMBER=$(curl -s "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues?state=open&q=Changelog%20for%20upcoming%20version" | jq '.[].number')
+
+          echo $RELEASE_NOTES
+          JSON_DATA=$(echo "" | jq -Rs --arg title 'Changelog for upcoming version' --arg body "$(cat changelog.md)" '{title: $title, body: $body}')
+
+          if [ -z "$ISSUE_NUMBER" ]; then
+            curl -s -X POST "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
+          else
+            curl -s -X PATCH "https://gitea.com/api/v1/repos/gitea/helm-gitea/issues/$ISSUE_NUMBER" -H "Authorization: token ${{ secrets.ISSUE_RW_TOKEN }}" -H "Content-Type: application/json" -d "$JSON_DATA"
+          fi
--- a/.gitea/workflows/commitlint.yml
+++ b/.gitea/workflows/commitlint.yml
@@ -1,17 +1,19 @@
-name: Rum commitlint
+name: commitlint

 on:
  pull_request:
-    branches: [ '**' ]
-    types: [ "opened", "edited" ]
+    branches:
+      - "*"
+    types:
+      - opened
+      - edited

 jobs:
  check-and-test:
-    container: docker.io/commitlint/commitlint:19.9.1
-    name: Execute commitlint
    runs-on: ubuntu-latest
+    container: commitlint/commitlint:20.1.0
    steps:
-      - uses: actions/checkout@v5.0.0
-      - name: Check PR title
+      - uses: actions/checkout@v5
+      - name: check PR title
        run: |
          echo "${{ gitea.event.pull_request.title }}" | commitlint --config .commitlintrc.json
--- a/.gitea/workflows/helm.yml
+++ b/.gitea/workflows/helm.yml
@@ -1,75 +0,0 @@
-name: Run Helm tests
-
-on:
-  pull_request:
-    branches: [ '**' ]
-  push:
-    branches: [ '**' ]
-    tags-ignore: [ '**' ]
-  workflow_call: {}
-
-env:
-  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v1.0.1"
-
-jobs:
-  helm-lint:
-    container: docker.io/alpine/helm:3.18.6
-    name: Execute helm lint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install additional tools
-        run: |
-          apk update
-          apk add --update bash make nodejs
-      - uses: actions/checkout@v5.0.0
-      - name: Install helm chart dependencies
-        run: helm dependency build
-      - name: Execute helm lint
-        run: helm lint
-
-  helm-template:
-    container: docker.io/alpine/helm:3.18.6
-    name: Execute helm template
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install additional tools
-        run: |
-          apk update
-          apk add --update bash make nodejs
-      - uses: actions/checkout@v5.0.0
-      - name: Install helm chart dependencies
-        run: helm dependency build
-      - name: Execute helm template
-        run: helm template --debug gitea-helm .
-
-  helm-unittest:
-    container: docker.io/alpine/helm:3.18.6
-    name: Execute helm unittest
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install additional tools
-        run: |
-          apk update
-          apk add --update bash make nodejs npm yamllint ncurses
-      - uses: actions/checkout@v5.0.0
-      - name: Install helm chart dependencies
-        run: helm dependency build
-      - name: Install helm plugin 'unittest'
-        run: |
-          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
-          git submodule update --init --recursive
-      - name: Execute helm unittest
-        env:
-          TERM: xterm
-        run: make unittests
-
-
-
-
-      # - name: verify readme
-      #   run: |
-      #     make readme
-      #     git diff --exit-code --name-only README.md
-      # - name: yaml lint
-      #   uses: https://github.com/ibiqlik/action-yamllint@v3
--- a/.gitea/workflows/markdown-linters.yml
+++ b/.gitea/workflows/markdown-linters.yml
@@ -1,52 +0,0 @@
-name: Markdown linter
-
-on:
-  pull_request:
-    types: [ "opened", "reopened", "synchronize" ]
-  push:
-    branches: [ '**' ]
-    tags-ignore: [ '**' ]
-  workflow_dispatch: {}
-
-jobs:
-  readme-link:
-    container:
-      image: docker.io/library/node:24.9.0-alpine
-    name: Execute npm run readme:link
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v5.0.0
-    - name: Execute npm run readme:link
-      run: |
-        npm install
-        npm run readme:link
-
-  readme-lint:
-    container:
-      image: docker.io/library/node:24.9.0-alpine
-    name: Execute npm run readme:lint
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v5.0.0
-    - name: Execute npm run readme:lint
-      run: |
-        npm install
-        npm run readme:lint
-
-  readme-parameters:
-    container:
-      image: docker.io/library/node:24.9.0-alpine
-    name: Execute npm run readme:parameters
-    runs-on: ubuntu-latest
-    steps:
-    - name: Install tooling
-      run: |
-        apk update
-        apk add git
-    - uses: actions/checkout@v5.0.0
-    - name: Execute npm run readme:parameters
-      run: |
-        npm install
-        npm run readme:parameters
-    - name: Compare diff
-      run: git diff --exit-code --name-only README.md
--- a/.gitea/workflows/release-version.yml
+++ b/.gitea/workflows/release-version.yml
@@ -2,13 +2,14 @@ name: generate-chart

 on:
  push:
-    tags: [ '**' ]
+    tags:
+      - "*"

 jobs:
  generate-chart-publish:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5.0.0
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0

@@ -20,7 +21,7 @@ jobs:
      - name: Install helm
        env:
          # renovate: datasource=docker depName=alpine/helm
-          HELM_VERSION: "3.18.6"
+          HELM_VERSION: "3.19.0"
        run: |
          curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
          mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/
@@ -64,11 +65,11 @@ jobs:
          OLD_TAG="$(git tag --sort=-version:refname | head --lines 2 | tail --lines 1)"
          .gitea/scripts/add-annotations.sh "${OLD_TAG}" "${NEW_TAG}"

-      - name: Print Chart.yaml on stdout
+      - name: Print Chart.yaml
        run: cat Chart.yaml

      # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
-      - name: Package Helm chart
+      - name: package chart
        run: |
          echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
          # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
@@ -84,7 +85,7 @@ jobs:
          helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
          helm registry logout registry-1.docker.io

-      - name: Configure AWS credentials
+      - name: aws credential configure
        uses: https://github.com/aws-actions/configure-aws-credentials@v5
        with:
          aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
@@ -96,14 +97,14 @@ jobs:
          aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/

  release-gitea:
-    container: docker.io/thegeeklab/git-sv:2.0.5
    needs: generate-chart-publish
    runs-on: ubuntu-latest
+    container: docker.io/thegeeklab/git-sv:2.0.5
    steps:
-      - name: Install packages via apt
+      - name: install tools
        run: |
          apk add -q --update --no-cache nodejs
-      - uses: actions/checkout@v5.0.0
+      - uses: actions/checkout@v5
        with:
          fetch-tags: true
          fetch-depth: 0
--- a/.gitea/workflows/test-pr.yml
+++ b/.gitea/workflows/test-pr.yml
@@ -0,0 +1,45 @@
+name: check-and-test
+
+on:
+  pull_request:
+    branches:
+      - "*"
+  push:
+    branches:
+      - main
+
+env:
+  # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
+  HELM_UNITTEST_VERSION: "v1.0.3"
+
+jobs:
+  check-and-test:
+    runs-on: ubuntu-latest
+    container: alpine/helm:3.19.0
+    steps:
+      - name: install tools
+        run: |
+          apk update
+          apk add --update bash make nodejs npm yamllint ncurses
+      - uses: actions/checkout@v5
+      - name: install chart dependencies
+        run: helm dependency build
+      - name: lint
+        run: helm lint
+      - name: template
+        run: helm template --debug gitea-helm .
+      - name: prepare unit test environment
+        run: |
+          helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
+          git submodule update --init --recursive
+      - name: unit tests
+        env:
+          TERM: xterm
+        run: |
+          make unittests
+      - name: verify readme
+        run: |
+          make readme
+          git diff --exit-code --name-only README.md
+      - name: yaml lint
+        uses: https://github.com/ibiqlik/action-yamllint@v3
--- a/.gitea/workflows/update-changelog.yml
+++ b/.gitea/workflows/update-changelog.yml
@@ -1,29 +0,0 @@
-name: Update changelog
-
-on:
-  push:
-    branches: [ "main" ]
-  workflow_dispatch: {}
-
-jobs:
-  changelog:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install packages via apt-get
-        run: |
-          apt-get update &&
-          apt-get install --yes curl jq
-      - uses: actions/checkout@v5.0.0
-        with:
-          fetch-depth: 0
-      - name: Install git-sv
-        env:
-          GIT_SV_VERSION: v2.0.4 # renovate: datasource=github-releases depName=thegeeklab/git-sv
-        run: |
-          curl --fail --location --output /usr/local/bin/git-sv --silent --show-error https://github.com/thegeeklab/git-sv/releases/download/${GIT_SV_VERSION}/git-sv-linux-$(dpkg --print-architecture)
-          chmod +x /usr/local/bin/git-sv
-          git-sv --version
-      - name: Update changelog issue
-        env:
-          ISSUE_RW_TOKEN: ${{ secrets.ISSUE_RW_TOKEN }}
-        run: .gitea/scripts/update-changelog.sh
--- a/.markdownlink.json
+++ b/.markdownlink.json
@@ -1,8 +0,0 @@
-{
-  "projectBaseUrl":"${workspaceFolder}",
-  "ignorePatterns": [
-    {
-      "pattern": "^http://localhost"
-    }
-  ]
-}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,6 +1,6 @@
 {
    "yaml.schemas": {
-        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.1/schema/helm-testsuite.json": [
+        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
            "/unittests/**/*.yaml"
        ]
    },
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -44,7 +44,8 @@ be used:
   `helm install --dependency-update gitea . -f values.yaml`.
 1. Gitea is now deployed in `minikube`.
   To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace
-default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
+default port-forward svc/gitea-http 3000:3000`.
+   Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).

 ### Unit tests

--- a/Chart.yaml
+++ b/Chart.yaml
@@ -7,6 +7,11 @@ version: 0.0.0
 appVersion: 1.24.6
 icon: https://gitea.com/assets/img/logo.svg

+annotations:
+  artifacthub.io/links: |
+    - name: support
+      url: https://gitea.com/gitea/helm-gitea/issues
+
 keywords:
  - git
  - issue tracker
@@ -14,23 +19,22 @@ keywords:
  - wiki
  - gitea
  - gogs
+
 sources:
  - https://gitea.com/gitea/helm-gitea
  - https://github.com/go-gitea/gitea
  - https://docker.gitea.com/gitea
+
 maintainers:
  # https://gitea.com/rossigee
  - name: Ross Golder
    email: ross@golder.org
-
  # https://gitea.com/volker.raschek
  - name: Markus Pesch
    email: markus.pesch+apps@cryptic.systems
-
  # https://gitea.com/DaanSelen
  - name: Daan Selen
    email: dselen@nerthus.nl
-
  # https://gitea.com/ChristopherHX
  - name: Christopher Homberger
    email: christopher.homberger@web.de
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@
    - [Rootless Defaults](#rootless-defaults)
    - [Session, Cache and Queue](#session-cache-and-queue)
  - [Single-Pod Configurations](#single-pod-configurations)
-  - [Additional app.ini settings](#additional-appini-settings)
+  - [Additional _app.ini_ settings](#additional-appini-settings)
    - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
  - [External Database](#external-database)
  - [Ports and external url](#ports-and-external-url)
@@ -72,7 +72,7 @@ Additionally, this chart allows to provide LDAP and admin user configuration wit
 ## Update and versioning policy

 The Gitea helm chart versioning does not follow Gitea's versioning.
-The latest chart version can be looked up in [https://dl.gitea.com/charts/](https://dl.gitea.com/charts/) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases).
+The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-gitea/releases).

 The chart aims to follow Gitea's releases closely.
 There might be times when the chart is behind the latest Gitea release.
@@ -266,7 +266,7 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us

 - `$HOME` becomes `/data/gitea/git`

-  [see deployment.yaml](./templates/deployment.yaml) template inside (init-)container "env" declarations
+  [see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations

 - `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`)

@@ -278,7 +278,7 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us

 - `SSH_LOG_LEVEL` environment variable is not injected into the container

-  [see deployment.yaml](./templates/deployment.yaml) template inside container "env" declarations
+  [see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations

 #### Session, Cache and Queue

@@ -360,7 +360,7 @@ If HA is not needed/desired, the following configurations can be used to deploy

   </details>

-### Additional app.ini settings
+### Additional _app.ini_ settings

 > **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
 > section cannot be defined that way.**
@@ -1158,68 +1158,73 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
 | `gitea.startupProbe.successThreshold`    | Success threshold for startup probe             | `1`     |
 | `gitea.startupProbe.failureThreshold`    | Failure threshold for startup probe             | `10`    |

-### Network Policy
-
-| Name                        | Description                                                               | Value   |
-| --------------------------- | ------------------------------------------------------------------------- | ------- |
-| `networkPolicy.enabled`     | Enable network policies in general.                                       | `false` |
-| `networkPolicy.annotations` | Additional network policy annotations.                                    | `{}`    |
-| `networkPolicy.labels`      | Additional network policy labels.                                         | `{}`    |
-| `networkPolicy.policyTypes` | List of policy types. Supported is ingress, egress or ingress and egress. | `[]`    |
-| `networkPolicy.egress`      | Concrete egress network policy implementation.                            | `[]`    |
-| `networkPolicy.ingress`     | Concrete ingress network policy implementation.                           | `[]`    |
-
 ### valkey-cluster

 Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.

-| Name                                  | Description                                                          | Value   |
-| ------------------------------------- | -------------------------------------------------------------------- | ------- |
-| `valkey-cluster.enabled`              | Enable valkey cluster                                                | `true`  |
-| `valkey-cluster.usePassword`          | Whether to use password authentication                               | `false` |
-| `valkey-cluster.usePasswordFiles`     | Whether to mount passwords as files instead of environment variables | `false` |
-| `valkey-cluster.cluster.nodes`        | Number of valkey cluster master nodes                                | `3`     |
-| `valkey-cluster.cluster.replicas`     | Number of valkey cluster master node replicas                        | `0`     |
-| `valkey-cluster.service.ports.valkey` | Port of Valkey service                                               | `6379`  |
+| Name                                                | Description                                                           | Value                          |
+| --------------------------------------------------- | --------------------------------------------------------------------- | ------------------------------ |
+| `valkey-cluster.enabled`                            | Enable valkey cluster                                                 | `true`                         |
+| `valkey-cluster.usePassword`                        | Whether to use password authentication.                               | `false`                        |
+| `valkey-cluster.usePasswordFiles`                   | Whether to mount passwords as files instead of environment variables. | `false`                        |
+| `valkey-cluster.image.repository`                   | Image repository, eg. `bitnamilegacy/valkey-cluster`.                 | `bitnamilegacy/valkey-cluster` |
+| `valkey-cluster.cluster.nodes`                      | Number of valkey cluster master nodes                                 | `3`                            |
+| `valkey-cluster.cluster.replicas`                   | Number of valkey cluster master node replicas                         | `0`                            |
+| `valkey-cluster.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/redis-exporter`.                 | `bitnamilegacy/redis-exporter` |
+| `valkey-cluster.service.ports.valkey`               | Port of Valkey service                                                | `6379`                         |
+| `valkey-cluster.sysctlImage.repository`             | Image repository, eg. `bitnamilegacy/os-shell`.                       | `bitnamilegacy/os-shell`       |
+| `valkey-cluster.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.                       | `bitnamilegacy/os-shell`       |

 ### valkey

 Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.

-| Name                                 | Description                                 | Value        |
-| ------------------------------------ | ------------------------------------------- | ------------ |
-| `valkey.enabled`                     | Enable valkey standalone or replicated      | `false`      |
-| `valkey.architecture`                | Whether to use standalone or replication    | `standalone` |
-| `valkey.global.valkey.password`      | Required password                           | `changeme`   |
-| `valkey.master.count`                | Number of Valkey master instances to deploy | `1`          |
-| `valkey.master.service.ports.valkey` | Port of Valkey service                      | `6379`       |
+| Name                                        | Description                                           | Value                           |
+| ------------------------------------------- | ----------------------------------------------------- | ------------------------------- |
+| `valkey.enabled`                            | Enable valkey standalone or replicated                | `false`                         |
+| `valkey.architecture`                       | Whether to use standalone or replication              | `standalone`                    |
+| `valkey.kubectl.image.repository`           | Image repository, eg. `bitnamilegacy/kubectl`.        | `bitnamilegacy/kubectl`         |
+| `valkey.image.repository`                   | Image repository, eg. `bitnamilegacy/valkey`.         | `bitnamilegacy/valkey`          |
+| `valkey.global.valkey.password`             | Required password                                     | `changeme`                      |
+| `valkey.master.count`                       | Number of Valkey master instances to deploy           | `1`                             |
+| `valkey.master.service.ports.valkey`        | Port of Valkey service                                | `6379`                          |
+| `valkey.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/redis-exporter`. | `bitnamilegacy/redis-exporter`  |
+| `valkey.sentinel.image.repository`          | Image repository, eg. `bitnamilegacy/sentinel`.       | `bitnamilegacy/valkey-sentinel` |
+| `valkey.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.       | `bitnamilegacy/os-shell`        |

 ### PostgreSQL HA

-| Name                                        | Description                                                      | Value       |
-| ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
-| `postgresql-ha.enabled`                     | Enable PostgreSQL HA                                             | `true`      |
-| `postgresql-ha.postgresql.password`         | Password for the `gitea` user (overrides `auth.password`)        | `changeme4` |
-| `postgresql-ha.global.postgresql.database`  | Name for a custom database to create (overrides `auth.database`) | `gitea`     |
-| `postgresql-ha.global.postgresql.username`  | Name for a custom user to create (overrides `auth.username`)     | `gitea`     |
-| `postgresql-ha.global.postgresql.password`  | Name for a custom password to create (overrides `auth.password`) | `gitea`     |
-| `postgresql-ha.postgresql.repmgrPassword`   | Repmgr Password                                                  | `changeme2` |
-| `postgresql-ha.postgresql.postgresPassword` | postgres Password                                                | `changeme1` |
-| `postgresql-ha.pgpool.adminPassword`        | pgpool adminPassword                                             | `changeme3` |
-| `postgresql-ha.pgpool.srCheckPassword`      | pgpool srCheckPassword                                           | `changeme4` |
-| `postgresql-ha.service.ports.postgresql`    | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`      |
-| `postgresql-ha.persistence.size`            | PVC Storage Request for PostgreSQL HA volume                     | `10Gi`      |
+| Name                                               | Description                                                      | Value                             |
+| -------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- |
+| `postgresql-ha.enabled`                            | Enable PostgreSQL HA                                             | `true`                            |
+| `postgresql-ha.global.postgresql.database`         | Name for a custom database to create (overrides `auth.database`) | `gitea`                           |
+| `postgresql-ha.global.postgresql.username`         | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           |
+| `postgresql-ha.global.postgresql.password`         | Name for a custom password to create (overrides `auth.password`) | `gitea`                           |
+| `postgresql-ha.metrics.image.repository`           | Image repository, eg. `bitnamilegacy/postgres-exporter`.         | `bitnamilegacy/postgres-exporter` |
+| `postgresql-ha.postgresql.image.repository`        | Image repository, eg. `bitnamilegacy/postgresql-repmgr`.         | `bitnamilegacy/postgresql-repmgr` |
+| `postgresql-ha.postgresql.repmgrPassword`          | Repmgr Password                                                  | `changeme2`                       |
+| `postgresql-ha.postgresql.postgresPassword`        | postgres Password                                                | `changeme1`                       |
+| `postgresql-ha.postgresql.password`                | Password for the `gitea` user (overrides `auth.password`)        | `changeme4`                       |
+| `postgresql-ha.pgpool.adminPassword`               | pgpool adminPassword                                             | `changeme3`                       |
+| `postgresql-ha.pgpool.image.repository`            | Image repository, eg. `bitnamilegacy/pgpool`.                    | `bitnamilegacy/pgpool`            |
+| `postgresql-ha.pgpool.srCheckPassword`             | pgpool srCheckPassword                                           | `changeme4`                       |
+| `postgresql-ha.service.ports.postgresql`           | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            |
+| `postgresql-ha.persistence.size`                   | PVC Storage Request for PostgreSQL HA volume                     | `10Gi`                            |
+| `postgresql-ha.volumePermissions.image.repository` | Image repository, eg. `bitnamilegacy/os-shell`.                  | `bitnamilegacy/os-shell`          |

 ### PostgreSQL

-| Name                                                    | Description                                                      | Value   |
-| ------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
-| `postgresql.enabled`                                    | Enable PostgreSQL                                                | `false` |
-| `postgresql.global.postgresql.auth.password`            | Password for the `gitea` user (overrides `auth.password`)        | `gitea` |
-| `postgresql.global.postgresql.auth.database`            | Name for a custom database to create (overrides `auth.database`) | `gitea` |
-| `postgresql.global.postgresql.auth.username`            | Name for a custom user to create (overrides `auth.username`)     | `gitea` |
-| `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`  |
-| `postgresql.primary.persistence.size`                   | PVC Storage Request for PostgreSQL volume                        | `10Gi`  |
+| Name                                                    | Description                                                      | Value                             |
+| ------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------- |
+| `postgresql.enabled`                                    | Enable PostgreSQL                                                | `false`                           |
+| `postgresql.global.postgresql.auth.password`            | Password for the `gitea` user (overrides `auth.password`)        | `gitea`                           |
+| `postgresql.global.postgresql.auth.database`            | Name for a custom database to create (overrides `auth.database`) | `gitea`                           |
+| `postgresql.global.postgresql.auth.username`            | Name for a custom user to create (overrides `auth.username`)     | `gitea`                           |
+| `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`                            |
+| `postgresql.image.repository`                           | Image repository, eg. `bitnamilegacy/postgresql`.                | `bitnamilegacy/postgresql`        |
+| `postgresql.primary.persistence.size`                   | PVC Storage Request for PostgreSQL volume                        | `10Gi`                            |
+| `postgresql.metrics.image.repository`                   | Image repository, eg. `bitnamilegacy/postgres-exporter`.         | `bitnamilegacy/postgres-exporter` |
+| `postgresql.volumePermissions.image.repository`         | Image repository, eg. `bitnamilegacy/os-shell`.                  | `bitnamilegacy/os-shell`          |

 ### Advanced

--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -9,13 +9,11 @@
    "npm": ">=8.0.0"
  },
  "scripts": {
-    "readme:link": "markdown-link-check --config .markdownlink.json *.md",
    "readme:lint": "markdownlint *.md -f",
    "readme:parameters": "readme-generator -v values.yaml -r README.md"
  },
  "devDependencies": {
    "@bitnami/readme-generator-for-helm": "^2.5.0",
-    "markdown-link-check": "^3.13.6",
    "markdownlint-cli": "^0.45.0"
  }
 }
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -87,12 +87,6 @@ storageClassName: {{ $storageClass | quote }}
 {{- end }}
 {{- end -}}

-{{/*
-Common annotations
-*/}}
-{{- define "gitea.annotations" -}}
-{{- end }}
-
 {{/*
 Common labels
 */}}
--- a/templates/_networkPolicy.tpl
+++ b/templates/_networkPolicy.tpl
@@ -1,19 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{/* annotations */}}
-
-{{- define "gitea.networkPolicy.annotations" -}}
-{{ include "gitea.annotations" . }}
-{{- if .Values.networkPolicy.annotations }}
-{{ toYaml .Values.networkPolicy.annotations }}
-{{- end }}
-{{- end }}
-
-{{/* labels */}}
-
-{{- define "gitea.networkPolicy.labels" -}}
-{{ include "gitea.labels" . }}
-{{- if .Values.networkPolicy.labels }}
-{{ toYaml .Values.networkPolicy.labels }}
-{{- end }}
-{{- end }}
--- a/templates/_pod.tpl
+++ b/templates/_pod.tpl
@@ -1,17 +0,0 @@
---
-
-{{/* labels */}}
-
-{{- define "gitea.pod.labels" -}}
-{{- include "gitea.labels" . }}
-{{- if .Values.deployment.labels }}
-{{ toYaml .Values.deployment.labels }}
-{{- end }}
-{{- end }}
-
-{{- define "gitea.pod.selectorLabels" -}}
-{{- include "gitea.selectorLabels" . }}
-{{- if .Values.deployment.labels }}
-{{ toYaml .Values.deployment.labels }}
-{{- end }}
-{{- end }}
--- a/templates/gitea/check-actions-not-present.yaml
+++ b/templates/gitea/check-actions-not-present.yaml
--- a/templates/gitea/config.yaml
+++ b/templates/gitea/config.yaml
--- a/templates/gitea/deployment.yaml
+++ b/templates/gitea/deployment.yaml
@@ -23,11 +23,14 @@ spec:
    {{- end }}
  selector:
    matchLabels:
-      {{- include "gitea.pod.selectorLabels" . | nindent 6 }}
+      {{- include "gitea.selectorLabels" . | nindent 6 }}
+      {{- if .Values.deployment.labels }}
+      {{- toYaml .Values.deployment.labels | nindent 6 }}
+      {{- end }}
  template:
    metadata:
      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
+        checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
        {{- range $idx, $value := .Values.gitea.ldap }}
        checksum/ldap_{{ $idx }}: {{ include "gitea.ldap_settings" (list $idx $value) | sha256sum }}
        {{- end }}
@@ -38,7 +41,10 @@ spec:
        {{- toYaml . | nindent 8 }}
        {{- end }}
      labels:
-        {{- include "gitea.pod.labels" . | nindent 8 }}
+        {{- include "gitea.labels" . | nindent 8 }}
+        {{- if .Values.deployment.labels }}
+        {{- toYaml .Values.deployment.labels | nindent 8 }}
+        {{- end }}
    spec:
      {{- if .Values.schedulerName }}
      schedulerName: "{{ .Values.schedulerName }}"
--- a/templates/gitea/deprecation.yaml
+++ b/templates/gitea/deprecation.yaml
--- a/templates/gitea/extra-list.yaml
+++ b/templates/gitea/extra-list.yaml
--- a/templates/gitea/gpg-secret.yaml
+++ b/templates/gitea/gpg-secret.yaml
--- a/templates/gitea/http-svc.yaml
+++ b/templates/gitea/http-svc.yaml
--- a/templates/gitea/ingress.yaml
+++ b/templates/gitea/ingress.yaml
--- a/templates/gitea/init.yaml
+++ b/templates/gitea/init.yaml
--- a/templates/gitea/metrics-secret.yaml
+++ b/templates/gitea/metrics-secret.yaml
--- a/templates/gitea/poddisruptionbudget.yaml
+++ b/templates/gitea/poddisruptionbudget.yaml
--- a/templates/gitea/pvc.yaml
+++ b/templates/gitea/pvc.yaml
--- a/templates/gitea/serviceaccount.yaml
+++ b/templates/gitea/serviceaccount.yaml
--- a/templates/gitea/servicemonitor.yaml
+++ b/templates/gitea/servicemonitor.yaml
--- a/templates/gitea/ssh-svc.yaml
+++ b/templates/gitea/ssh-svc.yaml
--- a/templates/networkPolicy.yaml
+++ b/templates/networkPolicy.yaml
@@ -1,32 +0,0 @@
-{{- if .Values.networkPolicy.enabled }}
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  {{- with (include "gitea.networkPolicy.annotations" . | fromYaml) }}
-  annotations:
-    {{- tpl (toYaml .) $ | nindent 4 }}
-  {{- end }}
-  {{- with (include "gitea.networkPolicy.labels" . | fromYaml) }}
-  labels:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  name: {{ include "gitea.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-spec:
-  podSelector:
-    matchLabels:
-      {{- include "gitea.pod.selectorLabels" $ | nindent 6 }}
-  {{- with .Values.networkPolicy.policyTypes }}
-  policyTypes:
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-  {{- with .Values.networkPolicy.egress }}
-  egress:
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-  {{- with .Values.networkPolicy.ingress }}
-  ingress:
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-{{- end }}
--- a/unittests/helm/config/actions-config.yaml
+++ b/unittests/helm/config/actions-config.yaml
@@ -3,17 +3,17 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/config.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: "actions are enabled by default (based on vanilla Gitea behavior)"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    asserts:
      - documentIndex: 0
        notExists:
          path: stringData.actions

  - it: "actions can be disabled via inline config"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      gitea.config.actions.ENABLED: false
    asserts:
--- a/unittests/helm/config/cache-config.yaml
+++ b/unittests/helm/config/cache-config.yaml
@@ -4,7 +4,7 @@ release:
  namespace: testing
 tests:
  - it: "cache is configured correctly for valkey-cluster"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: true
@@ -19,7 +19,7 @@ tests:
            HOST=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&

  - it: "cache is configured correctly for valkey"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
@@ -34,7 +34,7 @@ tests:
            HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&

  - it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
@@ -49,7 +49,7 @@ tests:
            HOST=

  - it: "cache can be customized when valkey (or valkey-cluster) is disabled"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
--- a/unittests/helm/config/metrics-section_metrics-token.yaml
+++ b/unittests/helm/config/metrics-section_metrics-token.yaml
@@ -4,7 +4,7 @@ release:
  namespace: testing
 tests:
  - it: metrics token is set
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      gitea:
        metrics:
@@ -18,7 +18,7 @@ tests:
            ENABLED=true
            TOKEN=somepassword
  - it: metrics token is empty
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      gitea:
        metrics:
@@ -31,7 +31,7 @@ tests:
          value: |-
            ENABLED=true
  - it: metrics token is nil
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      gitea:
        metrics:
@@ -44,7 +44,7 @@ tests:
          value: |-
            ENABLED=true
  - it: does not configures a token if metrics are disabled
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      gitea:
        metrics:
--- a/unittests/helm/config/queue-config.yaml
+++ b/unittests/helm/config/queue-config.yaml
@@ -4,7 +4,7 @@ release:
  namespace: testing
 tests:
  - it: "queue is configured correctly for valkey-cluster"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: true
@@ -19,7 +19,7 @@ tests:
            TYPE=redis

  - it: "queue is configured correctly for valkey"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
@@ -34,7 +34,7 @@ tests:
            TYPE=redis

  - it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
@@ -49,7 +49,7 @@ tests:
            TYPE=level

  - it: "queue can be customized when valkey (and valkey-cluster) are disabled"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
--- a/unittests/helm/config/server-section_domain.yaml
+++ b/unittests/helm/config/server-section_domain.yaml
@@ -4,7 +4,7 @@ release:
  namespace: testing
 tests:
  - it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    asserts:
      - documentIndex: 0
        matchRegex:
@@ -22,7 +22,7 @@ tests:
  ################################################

  - it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      ingress:
        hosts: []
@@ -43,7 +43,7 @@ tests:
  ################################################

  - it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      gitea.config.server.DOMAIN: provided.example.com
      ingress:
--- a/unittests/helm/config/session-config.yaml
+++ b/unittests/helm/config/session-config.yaml
@@ -4,7 +4,7 @@ release:
  namespace: testing
 tests:
  - it: "session is configured correctly for valkey-cluster"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: true
@@ -19,7 +19,7 @@ tests:
            PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&

  - it: "session is configured correctly for valkey"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
@@ -34,7 +34,7 @@ tests:
            PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&

  - it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
@@ -49,7 +49,7 @@ tests:
            PROVIDER_CONFIG=

  - it: "session can be customized when valkey (and valkey-cluster) is disabled"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    set:
      valkey-cluster:
        enabled: false
--- a/unittests/helm/dependency-checks/customization-integrity-postgresql-ha.yaml
+++ b/unittests/helm/dependency-checks/customization-integrity-postgresql-ha.yaml
@@ -106,14 +106,14 @@ tests:
          name: gitea-unittests-postgresql-ha-pgpool
          namespace: testing
  - it: "[gitea] connects to pgpool service"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    asserts:
      - documentIndex: 0
        matchRegex:
          path: stringData.database
          pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:1234
  - it: "[gitea] connects to configured database"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    asserts:
      - documentIndex: 0
        matchRegex:
--- a/unittests/helm/dependency-checks/customization-integrity-postgresql.yaml
+++ b/unittests/helm/dependency-checks/customization-integrity-postgresql.yaml
@@ -65,14 +65,14 @@ tests:
          name: gitea-unittests-postgresql
          namespace: testing
  - it: "[gitea] connects to postgresql service"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    asserts:
      - documentIndex: 0
        matchRegex:
          path: stringData.database
          pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:1234
  - it: "[gitea] connects to configured database"
-    template: templates/config.yaml
+    template: templates/gitea/config.yaml
    asserts:
      - documentIndex: 0
        matchRegex:
--- a/unittests/helm/dependency-checks/customization-integrity-valkey-cluster.yaml
+++ b/unittests/helm/dependency-checks/customization-integrity-valkey-cluster.yaml
@@ -82,7 +82,7 @@ tests:
            port: 6379
            targetPort: tcp-redis
  - it: "[gitea] waits for valkey-cluster to be up and running"
-    template: templates/init.yaml
+    template: templates/gitea/init.yaml
    asserts:
      - documentIndex: 0
        matchRegex:
--- a/unittests/helm/dependency-checks/customization-integrity-valkey.yaml
+++ b/unittests/helm/dependency-checks/customization-integrity-valkey.yaml
@@ -44,7 +44,7 @@ tests:
            port: 6379
            targetPort: redis
  - it: "[gitea] waits for valkey to be up and running"
-    template: templates/init.yaml
+    template: templates/gitea/init.yaml
    asserts:
      - documentIndex: 0
        matchRegex:
--- a/unittests/helm/dependency-checks/major-image-bump.yaml
+++ b/unittests/helm/dependency-checks/major-image-bump.yaml
@@ -15,7 +15,7 @@ tests:
        matchRegex:
          path: spec.template.spec.containers[0].image
          # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
-          pattern: bitnami/postgresql-repmgr:17.+$
+          pattern: bitnamilegacy/postgresql-repmgr:17.+$
  - it: "[postgresql] ensures we detect major image version upgrades"
    template: charts/postgresql/templates/primary/statefulset.yaml
    set:
@@ -28,7 +28,7 @@ tests:
        matchRegex:
          path: spec.template.spec.containers[0].image
          # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
-          pattern: bitnami/postgresql:17.+$
+          pattern: bitnamilegacy/postgresql:17.+$
  - it: "[valkey-cluster] ensures we detect major image version upgrades"
    template: charts/valkey-cluster/templates/valkey-statefulset.yaml
    set:
@@ -41,7 +41,7 @@ tests:
        matchRegex:
          path: spec.template.spec.containers[0].image
          # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
-          pattern: bitnami/valkey-cluster:8.+$
+          pattern: bitnamilegacy/valkey-cluster:8.+$
  - it: "[valkey] ensures we detect major image version upgrades"
    template: charts/valkey/templates/primary/application.yaml
    set:
@@ -54,4 +54,4 @@ tests:
        matchRegex:
          path: spec.template.spec.containers[0].image
          # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
-          pattern: bitnami/valkey:8.+$
+          pattern: bitnamilegacy/valkey:8.+$
--- a/unittests/helm/deployment/HA.yaml
+++ b/unittests/helm/deployment/HA.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: fails with multiple replicas and "GIT_GC_REPOS" enabled
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      replicaCount: 2
      persistence:
@@ -22,14 +22,14 @@ tests:
      - failedTemplate:
          errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'."
  - it: fails with multiple replicas and RWX file system not set
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      replicaCount: 2
    asserts:
      - failedTemplate:
          errorMessage: "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany."
  - it: fails with multiple replicas and bleve issue indexer
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      replicaCount: 2
      persistence:
@@ -43,7 +43,7 @@ tests:
      - failedTemplate:
          errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)."
  - it: fails with multiple replicas and bleve repo indexer
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      replicaCount: 2
      persistence:
--- a/unittests/helm/deployment/basic.yaml
+++ b/unittests/helm/deployment/basic.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: renders a deployment
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - hasDocuments:
          count: 1
@@ -16,7 +16,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests
  - it: deployment labels are set
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      deployment.labels:
        hello: world
@@ -30,7 +30,7 @@ tests:
          content:
            hello: world
  - it: "injects TMP_EXISTING_ENVS_FILE as environment variable to 'init-app-ini' init container"
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - contains:
          path: spec.template.spec.initContainers[1].env
@@ -38,7 +38,7 @@ tests:
            name: TMP_EXISTING_ENVS_FILE
            value: /tmp/existing-envs
  - it: "injects ENV_TO_INI_MOUNT_POINT as environment variable to 'init-app-ini' init container"
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - contains:
          path: spec.template.spec.initContainers[1].env
@@ -46,7 +46,7 @@ tests:
            name: ENV_TO_INI_MOUNT_POINT
            value: /env-to-ini-mounts
  - it: CPU resources are defined as well as GOMAXPROCS
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      resources:
        limits:
@@ -74,7 +74,7 @@ tests:
              cpu: 100ms
              memory: 100Mi
  - it: Init containers have correct volumeMount path
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      initContainersScriptsVolumeMountPath: "/custom/init/path"
    asserts:
@@ -85,7 +85,7 @@ tests:
          path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="config")].mountPath
          value: "/custom/init/path"
  - it: Init containers have correct volumeMount path if there is no override
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - equal:
          path: spec.template.spec.initContainers[*].volumeMounts[?(@.name=="init")].mountPath
--- a/unittests/helm/deployment/deployment-additional-config.yaml
+++ b/unittests/helm/deployment/deployment-additional-config.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: Renders a deployment
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - hasDocuments:
          count: 1
@@ -16,7 +16,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests
  - it: Deployment with empty additionalConfigFromEnvs
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea.additionalConfigFromEnvs: []
    asserts:
@@ -44,7 +44,7 @@ tests:
              - name: ENV_TO_INI_MOUNT_POINT
                value: /env-to-ini-mounts
  - it: Deployment with standard additionalConfigFromEnvs
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea.additionalConfigFromEnvs: [{name: GITEA_database_HOST, value: my-db:123}, {name: GITEA_database_USER, value: my-user}]
    asserts:
@@ -76,7 +76,7 @@ tests:
              - name: GITEA_database_USER
                value: my-user
  - it: Deployment with templated additionalConfigFromEnvs
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea.misc.host: my-db-host:321
      gitea.misc.user: my-db-user
@@ -110,7 +110,7 @@ tests:
              - name: GITEA_database_USER
                value: my-db-user
  - it: Deployment with additionalConfigFromEnvs templated secret name
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea.misc.existingSecret: my-db-secret
      gitea.additionalConfigFromEnvs[0]:
--- a/unittests/helm/deployment/extraInitContainers.yaml
+++ b/unittests/helm/deployment/extraInitContainers.yaml
@@ -3,18 +3,18 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: Render the deployment (default)
    asserts:
      - hasDocuments:
          count: 1
-        template: templates/deployment.yaml
+        template: templates/gitea/deployment.yaml
      - lengthEqual:
          path: spec.template.spec.initContainers
          count: 3
-        template: templates/deployment.yaml
+        template: templates/gitea/deployment.yaml

  - it: Render the deployment (signing)
    set:
@@ -22,11 +22,11 @@ tests:
    asserts:
      - hasDocuments:
          count: 1
-        template: templates/deployment.yaml
+        template: templates/gitea/deployment.yaml
      - lengthEqual:
          path: spec.template.spec.initContainers
          count: 4
-        template: templates/deployment.yaml
+        template: templates/gitea/deployment.yaml

  - it: Render the deployment (extraInitContainers)
    set:
@@ -40,20 +40,20 @@ tests:
    asserts:
      - hasDocuments:
          count: 1
-        template: templates/deployment.yaml
+        template: templates/gitea/deployment.yaml
      - lengthEqual:
          path: spec.template.spec.initContainers
          count: 6
-        template: templates/deployment.yaml
+        template: templates/gitea/deployment.yaml
      - contains:
          path: spec.template.spec.initContainers
          content:
            name: foo
            image: docker.io/library/busybox:latest
-        template: templates/deployment.yaml
+        template: templates/gitea/deployment.yaml
      - contains:
          path: spec.template.spec.initContainers
          content:
            name: bar
            image: docker.io/library/busybox:latest
-        template: templates/deployment.yaml
+        template: templates/gitea/deployment.yaml
--- a/unittests/helm/deployment/image-configuration.yaml
+++ b/unittests/helm/deployment/image-configuration.yaml
@@ -6,17 +6,17 @@ chart:
  # Override appVersion to be consistent with used digest :)
  appVersion: 1.19.3
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: default values
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - equal:
          path: spec.template.spec.containers[0].image
          value: "docker.gitea.com/gitea:1.19.3-rootless"
  - it: tag override
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.tag: "1.19.4"
    asserts:
@@ -24,7 +24,7 @@ tests:
          path: spec.template.spec.containers[0].image
          value: "docker.gitea.com/gitea:1.19.4-rootless"
  - it: root-based image
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.rootless: false
    asserts:
@@ -32,7 +32,7 @@ tests:
          path: spec.template.spec.containers[0].image
          value: "docker.gitea.com/gitea:1.19.3"
  - it: scoped registry
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.registry: "example.com"
    asserts:
@@ -40,7 +40,7 @@ tests:
          path: spec.template.spec.containers[0].image
          value: "example.com/gitea:1.19.3-rootless"
  - it: global registry
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      global.imageRegistry: "global.example.com"
    asserts:
@@ -48,7 +48,7 @@ tests:
          path: spec.template.spec.containers[0].image
          value: "global.example.com/gitea:1.19.3-rootless"
  - it: digest for rootless image
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image:
        rootless: true
@@ -58,7 +58,7 @@ tests:
          path: spec.template.spec.containers[0].image
          value: "docker.gitea.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
  - it: image fullOverride (does not append rootless)
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image:
        fullOverride: docker.gitea.com/gitea:1.19.3
@@ -73,7 +73,7 @@ tests:
          path: spec.template.spec.containers[0].image
          value: "docker.gitea.com/gitea:1.19.3"
  - it: digest for root-based image
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image:
        rootless: false
@@ -83,7 +83,7 @@ tests:
          path: spec.template.spec.containers[0].image
          value: "docker.gitea.com/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
  - it: digest and global registry
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      global.imageRegistry: "global.example.com"
      image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
@@ -92,7 +92,7 @@ tests:
          path: spec.template.spec.containers[0].image
          value: "global.example.com/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
  - it: correctly renders floating tag references
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-gitea/issues/631
    asserts:
--- a/unittests/helm/deployment/ingress-configuration.yaml
+++ b/unittests/helm/deployment/ingress-configuration.yaml
@@ -1,6 +1,6 @@
 suite: Test ingress tpl use
 templates:
-  - templates/ingress.yaml
+  - templates/gitea/ingress.yaml
 tests:
  - it: Ingress Class using TPL
    set:
--- a/unittests/helm/deployment/inline-config.yaml
+++ b/unittests/helm/deployment/inline-config.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/config.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: inline config stringData.server using TPL
    set:
--- a/unittests/helm/deployment/probes.yaml
+++ b/unittests/helm/deployment/probes.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: renders default liveness probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - notExists:
          path: spec.template.spec.containers[0].livenessProbe.enabled
@@ -22,7 +22,7 @@ tests:
              port: http
            timeoutSeconds: 1
  - it: renders default readiness probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - notExists:
          path: spec.template.spec.containers[0].readinessProbe.enabled
@@ -37,12 +37,12 @@ tests:
              port: http
            timeoutSeconds: 1
  - it: does not render a default startup probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - notExists:
          path: spec.template.spec.containers[0].startupProbe
  - it: allows enabling a startup probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea.startupProbe.enabled: true
    asserts:
@@ -60,7 +60,7 @@ tests:
            timeoutSeconds: 1

  - it: allows overwriting the default port of the liveness probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea:
        livenessProbe:
@@ -74,7 +74,7 @@ tests:
              port: my-port

  - it: allows overwriting the default port of the readiness probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea:
        readinessProbe:
@@ -88,7 +88,7 @@ tests:
              port: my-port

  - it: allows overwriting the default port of the startup probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea:
        startupProbe:
@@ -103,7 +103,7 @@ tests:
              port: my-port

  - it: allows using a non-default method as liveness probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea:
        livenessProbe:
@@ -131,7 +131,7 @@ tests:
            timeoutSeconds: 13372

  - it: allows using a non-default method as readiness probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea:
        readinessProbe:
@@ -159,7 +159,7 @@ tests:
            timeoutSeconds: 13372

  - it: allows using a non-default method as startup probe
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      gitea:
        startupProbe:
--- a/unittests/helm/deployment/sidecar-container.yaml
+++ b/unittests/helm/deployment/sidecar-container.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: supports adding a sidecar container
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      extraContainers:
        - name: sidecar-bob
--- a/unittests/helm/deployment/signing-disabled.yaml
+++ b/unittests/helm/deployment/signing-disabled.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: skips gpg init container
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - notContains:
          path: spec.template.spec.initContainers
@@ -15,7 +15,7 @@ tests:
          content:
            name: configure-gpg
  - it: skips gpg env in `init-directories` init container
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      signing.enabled: false
    asserts:
@@ -25,14 +25,14 @@ tests:
            name: GNUPGHOME
            value: /data/git/.gnupg
  - it: skips gpg env in runtime container
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - notContains:
          path: spec.template.spec.containers[0].env
          content:
            name: GNUPGHOME
  - it: skips gpg volume spec
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - notContains:
          path: spec.template.spec.volumes
--- a/unittests/helm/deployment/signing-enabled.yaml
+++ b/unittests/helm/deployment/signing-enabled.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: adds gpg init container
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      signing:
        enabled: true
@@ -41,7 +41,7 @@ tests:
              mountPath: /raw
              readOnly: true
  - it: adds gpg env in `init-directories` init container
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      signing.enabled: true
      signing.existingSecret: "custom-gpg-secret"
@@ -52,7 +52,7 @@ tests:
            name: GNUPGHOME
            value: /data/git/.gnupg
  - it: adds gpg env in runtime container
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      signing.enabled: true
      signing.existingSecret: "custom-gpg-secret"
@@ -63,7 +63,7 @@ tests:
            name: GNUPGHOME
            value: /data/git/.gnupg
  - it: adds gpg volume spec
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      signing:
        enabled: true
@@ -80,7 +80,7 @@ tests:
                  path: private.asc
              defaultMode: 0100
  - it: supports gpg volume spec with external reference
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      signing:
        enabled: true
--- a/unittests/helm/deployment/ssh-configuration.yaml
+++ b/unittests/helm/deployment/ssh-configuration.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: supports defining SSH log level for root based image
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.rootless: false
    asserts:
@@ -17,7 +17,7 @@ tests:
            name: SSH_LOG_LEVEL
            value: "INFO"
  - it: supports overriding SSH log level
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.rootless: false
      gitea.ssh.logLevel: "DEBUG"
@@ -28,7 +28,7 @@ tests:
            name: SSH_LOG_LEVEL
            value: "DEBUG"
  - it: supports overriding SSH log level (even when image.fullOverride set)
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.fullOverride: docker.gitea.com/gitea:1.19.3
      image.rootless: false
@@ -40,7 +40,7 @@ tests:
            name: SSH_LOG_LEVEL
            value: "DEBUG"
  - it: skips SSH_LOG_LEVEL for rootless image
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.rootless: true
      gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
@@ -51,7 +51,7 @@ tests:
          content:
            name: SSH_LOG_LEVEL
  - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set)
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      image.fullOverride: docker.gitea.com/gitea:1.19.3
      image.rootless: true
--- a/unittests/helm/deployment/storage-class-configuration.yaml
+++ b/unittests/helm/deployment/storage-class-configuration.yaml
@@ -7,11 +7,11 @@ release:
  namespace: testing

 templates:
-  - templates/pvc.yaml
+  - templates/gitea/pvc.yaml

 tests:
  - it: should set storageClassName when persistence.storageClass is defined
-    template: templates/pvc.yaml
+    template: templates/gitea/pvc.yaml
    set:
      persistence.storageClass: "my-storage-class"
    asserts:
@@ -20,7 +20,7 @@ tests:
          value: "my-storage-class"

  - it: should set global.storageClass when persistence.storageClass is not defined
-    template: templates/pvc.yaml
+    template: templates/gitea/pvc.yaml
    set:
      global.storageClass: "default-storage-class"
    asserts:
@@ -29,7 +29,7 @@ tests:
          value: "default-storage-class"

  - it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined
-    template: templates/pvc.yaml
+    template: templates/gitea/pvc.yaml
    set:
      global.storageClass: "default-storage-class"
      persistence.storageClass: "my-storage-class"
--- a/unittests/helm/deployment/svc-configuration.yaml
+++ b/unittests/helm/deployment/svc-configuration.yaml
@@ -3,11 +3,11 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/ssh-svc.yaml
-  - templates/http-svc.yaml
+  - templates/gitea/ssh-svc.yaml
+  - templates/gitea/http-svc.yaml
 tests:
  - it: supports adding custom labels to ssh-svc
-    template: templates/ssh-svc.yaml
+    template: templates/gitea/ssh-svc.yaml
    set:
      service:
        ssh:
@@ -19,7 +19,7 @@ tests:
          value: "testvalue"

  - it: keeps existing labels (ssh)
-    template: templates/ssh-svc.yaml
+    template: templates/gitea/ssh-svc.yaml
    set:
      service:
        ssh:
@@ -29,7 +29,7 @@ tests:
          path: metadata.labels["app"]

  - it: supports adding custom labels to http-svc
-    template: templates/http-svc.yaml
+    template: templates/gitea/http-svc.yaml
    set:
      service:
        http:
@@ -41,7 +41,7 @@ tests:
          value: "testvalue"

  - it: keeps existing labels (http)
-    template: templates/http-svc.yaml
+    template: templates/gitea/http-svc.yaml
    set:
      service:
        http:
@@ -51,7 +51,7 @@ tests:
          path: metadata.labels["app"]

  - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
-    template: templates/ssh-svc.yaml
+    template: templates/gitea/ssh-svc.yaml
    set:
      service:
        ssh:
@@ -73,7 +73,7 @@ tests:
          value: ["1.2.3.4/32", "5.6.7.8/32"]

  - it: does not render when loadbalancer properties are set but type is not loadBalancerClass
-    template: templates/http-svc.yaml
+    template: templates/gitea/http-svc.yaml
    set:
      service:
        http:
@@ -92,7 +92,7 @@ tests:
          path: spec.loadBalancerSourceRanges

  - it: does not render loadBalancerClass by default even when type is LoadBalancer
-    template: templates/http-svc.yaml
+    template: templates/gitea/http-svc.yaml
    set:
      service:
        http:
@@ -107,8 +107,8 @@ tests:

  - it: both ssh and http services exist
    templates:
-      - templates/ssh-svc.yaml
-      - templates/http-svc.yaml
+      - templates/gitea/ssh-svc.yaml
+      - templates/gitea/http-svc.yaml
    asserts:
      - matchRegex:
          path: metadata.name
--- a/unittests/helm/gpg-secret/signing-disabled.yaml
+++ b/unittests/helm/gpg-secret/signing-disabled.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/gpg-secret.yaml
+  - templates/gitea/gpg-secret.yaml
 tests:
  - it: renders nothing
    set:
--- a/unittests/helm/gpg-secret/signing-enabled.yaml
+++ b/unittests/helm/gpg-secret/signing-enabled.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/gpg-secret.yaml
+  - templates/gitea/gpg-secret.yaml
 tests:
  - it: fails rendering when nothing is configured
    set:
--- a/unittests/helm/ingress/basic.yaml
+++ b/unittests/helm/ingress/basic.yaml
@@ -1,6 +1,6 @@
 suite: Test ingress.yaml
 templates:
-  - templates/ingress.yaml
+  - templates/gitea/ingress.yaml
 tests:
  - it: should enable ingress when ingress.enabled is true
    set:
--- a/unittests/helm/ingress/implicit-defaults.yaml
+++ b/unittests/helm/ingress/implicit-defaults.yaml
@@ -1,6 +1,6 @@
 suite: Test ingress with implicit path defaults
 templates:
-  - templates/ingress.yaml
+  - templates/gitea/ingress.yaml
 tests:
  - it: should use default path and pathType when no paths are specified
    set:
--- a/unittests/helm/ingress/ingress.tpl.yaml
+++ b/unittests/helm/ingress/ingress.tpl.yaml
@@ -1,6 +1,6 @@
 suite: Test ingress tpl use
 templates:
-  - templates/ingress.yaml
+  - templates/gitea/ingress.yaml
 tests:
  - it: Ingress Class using TPL
    set:
--- a/unittests/helm/ingress/structured-paths.yaml
+++ b/unittests/helm/ingress/structured-paths.yaml
@@ -1,6 +1,6 @@
 suite: Test ingress with structured paths
 templates:
-  - templates/ingress.yaml
+  - templates/gitea/ingress.yaml
 tests:
  - it: should work with structured path definitions
    set:
--- a/unittests/helm/init/basic.yaml
+++ b/unittests/helm/init/basic.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/init.yaml
+  - templates/gitea/init.yaml
 tests:
  - it: renders a secret
    asserts:
--- a/unittests/helm/init/init_directory_structure.sh-rootless.yaml
+++ b/unittests/helm/init/init_directory_structure.sh-rootless.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/init.yaml
+  - templates/gitea/init.yaml
 tests:
  - it: runs gpg in batch mode
    set:
@@ -63,7 +63,7 @@ tests:
              chown -v 1000:1000 "${GNUPGHOME}"
            fi
  - it: it does not chown /data even when image.fullOverride is set
-    template: templates/init.yaml
+    template: templates/gitea/init.yaml
    set:
      image.fullOverride: docker.gitea.com/gitea:1.20.5
    asserts:
--- a/unittests/helm/init/init_directory_structure.sh.yaml
+++ b/unittests/helm/init/init_directory_structure.sh.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/init.yaml
+  - templates/gitea/init.yaml
 tests:
  - it: runs gpg in batch mode
    set:
--- a/unittests/helm/metric-secret/metrics-secret-servicemonitor-disabled.yaml
+++ b/unittests/helm/metric-secret/metrics-secret-servicemonitor-disabled.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/metrics-secret.yaml
+  - templates/gitea/metrics-secret.yaml
 tests:
  - it: renders nothing if monitoring disabled and gitea.metrics.token empty
    set:
--- a/unittests/helm/metric-secret/metrics-secret-servicemonitor-enabled.yaml
+++ b/unittests/helm/metric-secret/metrics-secret-servicemonitor-enabled.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/metrics-secret.yaml
+  - templates/gitea/metrics-secret.yaml
 tests:
  - it: renders nothing if monitoring enabled and gitea.metrics.token empty
    set:
--- a/unittests/helm/networkPolicy/networkPolicy.yaml
+++ b/unittests/helm/networkPolicy/networkPolicy.yaml
@@ -1,100 +0,0 @@
-chart:
-  appVersion: 0.1.0
-  version: 0.1.0
-suite: NetworkPolicy template
-release:
-  name: gitea-unittest
-  namespace: testing
-templates:
-  - templates/networkPolicy.yaml
-tests:
-  - it: Skip rendering networkPolicy
-    set:
-      networkPolicy.enabled: false
-    asserts:
-      - hasDocuments:
-          count: 0
-
-  - it: Render default networkPolicy
-    set:
-      networkPolicy.enabled: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - containsDocument:
-          apiVersion: networking.k8s.io/v1
-          kind: NetworkPolicy
-          name: gitea-unittest
-          namespace: testing
-      - notExists:
-          path: metadata.annotations
-      - equal:
-          path: metadata.labels
-          value:
-            app: gitea
-            app.kubernetes.io/instance: gitea-unittest
-            app.kubernetes.io/managed-by: Helm
-            app.kubernetes.io/name: gitea
-            app.kubernetes.io/version: 0.1.0
-            helm.sh/chart: gitea-0.1.0
-            version: 0.1.0
-      - equal:
-          path: spec.podSelector.matchLabels
-          value:
-            app.kubernetes.io/instance: gitea-unittest
-            app.kubernetes.io/name: gitea
-      - notExists:
-          path: spec.policyTypes
-      - notExists:
-          path: spec.egress
-      - notExists:
-          path: spec.ingress
-
-  - it: Template networkPolicy with policyTypes, egress and ingress configuration
-    set:
-      networkPolicy.enabled: true
-      networkPolicy.policyTypes:
-        - Egress
-        - Ingress
-      networkPolicy.ingress:
-        - from:
-            - namespaceSelector:
-                matchLabels:
-                  kubernetes.io/metadata.name: monitoring
-              podSelector:
-                matchLabels:
-                  app.kubernetes.io/name: prometheus
-      networkPolicy.egress:
-        - to:
-            - namespaceSelector:
-                matchLabels:
-                  kubernetes.io/metadata.name: ingress-nginx
-              podSelector:
-                matchLabels:
-                  app.kubernetes.io/name: ingress-nginx
-    asserts:
-      - equal:
-          path: spec.policyTypes
-          value:
-            - Egress
-            - Ingress
-      - equal:
-          path: spec.egress
-          value:
-            - to:
-                - namespaceSelector:
-                    matchLabels:
-                      kubernetes.io/metadata.name: ingress-nginx
-                  podSelector:
-                    matchLabels:
-                      app.kubernetes.io/name: ingress-nginx
-      - equal:
-          path: spec.ingress
-          value:
-            - from:
-                - namespaceSelector:
-                    matchLabels:
-                      kubernetes.io/metadata.name: monitoring
-                  podSelector:
-                    matchLabels:
-                      app.kubernetes.io/name: prometheus
--- a/unittests/helm/pvc/pvc-configuration.yaml
+++ b/unittests/helm/pvc/pvc-configuration.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/pvc.yaml
+  - templates/gitea/pvc.yaml
 tests:
  - it: Storage Class using TPL
    set:
--- a/unittests/helm/serviceaccount/basic.yaml
+++ b/unittests/helm/serviceaccount/basic.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/serviceaccount.yaml
+  - templates/gitea/serviceaccount.yaml
 tests:
  - it: skips rendering by default
    asserts:
--- a/unittests/helm/serviceaccount/reference.yaml
+++ b/unittests/helm/serviceaccount/reference.yaml
@@ -3,17 +3,17 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/serviceaccount.yaml
-  - templates/deployment.yaml
-  - templates/config.yaml
+  - templates/gitea/serviceaccount.yaml
+  - templates/gitea/deployment.yaml
+  - templates/gitea/config.yaml
 tests:
  - it: does not modify the deployment by default
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    asserts:
      - notExists:
          path: spec.serviceAccountName
  - it: adds the reference to the deployment with serviceAccount.create=true
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      serviceAccount.create: true
    asserts:
@@ -21,7 +21,7 @@ tests:
          path: spec.template.spec.serviceAccountName
          value: gitea-unittests
  - it: allows referencing an externally created ServiceAccount to the deployment
-    template: templates/deployment.yaml
+    template: templates/gitea/deployment.yaml
    set:
      serviceAccount:
        create: false # explicitly set to define rendering behavior
--- a/unittests/helm/servicemonitor/basic.yaml
+++ b/unittests/helm/servicemonitor/basic.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/servicemonitor.yaml
+  - templates/gitea/servicemonitor.yaml
 tests:
  - it: skips rendering by default
    asserts:
--- a/unittests/helm/servicemonitor/servicemonitor-disabled.yaml
+++ b/unittests/helm/servicemonitor/servicemonitor-disabled.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/servicemonitor.yaml
+  - templates/gitea/servicemonitor.yaml
 tests:
  - it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token empty
    set:
--- a/unittests/helm/servicemonitor/servicemonitor-enabled.yaml
+++ b/unittests/helm/servicemonitor/servicemonitor-enabled.yaml
@@ -3,7 +3,7 @@ release:
  name: gitea-unittests
  namespace: testing
 templates:
-  - templates/servicemonitor.yaml
+  - templates/gitea/servicemonitor.yaml
 tests:
  - it: renders unsecure ServiceMonitor if gitea.metrics.token nil
    set:
--- a/values.yaml
+++ b/values.yaml
@@ -20,7 +20,7 @@ global:
  #   hostnames:
  #   - example.com

-## @param namespace An explicit namespace to deploy Gitea into. Defaults to the release namespace if not specified
+## @param namespace An explicit namespace to deploy gitea into. Defaults to the release namespace if not specified
 namespace: ""

 ## @param replicaCount number of replicas for the deployment
@@ -281,13 +281,13 @@ extraContainers: []
 #    image: busybox
 #    command: [/bin/sh, -c, 'echo "Hello world"']

-## @param preExtraInitContainers Additional init containers to run in the pod before Gitea runs it owns init containers.
+## @param preExtraInitContainers Additional init containers to run in the pod before gitea runs it owns init containers.
 preExtraInitContainers: []
 # - name: pre-init-container
 #   image: docker.io/library/busybox
 #   command: [ /bin/sh, -c, 'echo "Hello world! I am a pre init container."' ]

-## @param postExtraInitContainers Additional init containers to run in the pod after Gitea runs it owns init containers.
+## @param postExtraInitContainers Additional init containers to run in the pod after gitea runs it owns init containers.
 postExtraInitContainers: []
 # - name: post-init-container
 #   image: docker.io/library/busybox
@@ -513,189 +513,162 @@ gitea:
    successThreshold: 1
    failureThreshold: 10

-
-## @section Network Policy
-networkPolicy:
-  ## @param networkPolicy.enabled Enable network policies in general.
-  ## @param networkPolicy.annotations Additional network policy annotations.
-  ## @param networkPolicy.labels Additional network policy labels.
-  ## @param networkPolicy.policyTypes List of policy types. Supported is ingress, egress or ingress and egress.
-  ## @param networkPolicy.egress Concrete egress network policy implementation.
-  ## @skip networkPolicy.egress Skip individual egress configuration.
-  ## @param networkPolicy.ingress Concrete ingress network policy implementation.
-  ## @skip networkPolicy.ingress Skip individual ingress configuration.
-  enabled: false
-  annotations: {}
-  labels: {}
-  policyTypes: []
-  # - Egress
-  # - Ingress
-  egress: []
-  # Allow outgoing DNS traffic to the internal running DNS-Server. For example core-dns.
-  #
-  # - to:
-  #   - namespaceSelector:
-  #       matchLabels:
-  #         kubernetes.io/metadata.name: kube-system
-  #     podSelector:
-  #       matchLabels:
-  #        k8s-app: kube-dns
-  #   ports:
-  #   - port: 53
-  #     protocol: TCP
-  #   - port: 53
-  #     protocol: UDP
-
-  # Allow outgoing traffic via HTTPS. For example for oAuth2, Gravatar and other third party APIs.
-  #
-  # - to:
-  #   ports:
-  #   - port: 443
-  #     protocol: TCP
-
-  # Allow outgoing traffic to PostgreSQL.
-  #
-  # - to:
-  #   - podSelector:
-  #       matchLabels:
-  #         app.kubernetes.io/name: postgresql-ha
-  #   ports: []
-  #   # Avoid explicit list of ports, because Gitea tries to ping the PostgreSQL database during the initialization
-  #   # process. The ICMP protocol is currently not supported as list of protocols by kubernetes. For this reason would
-  #   # lead listing of the ports to an issue. Therefore, please handle the database ports with care.
-  #   #
-  #   # - port: 5432
-  #   #   protocol: TCP
-
-  # Allow outgoing traffic to Valkey.
-  #
-  # - to:
-  #   - podSelector:
-  #       matchLabels:
-  #         app.kubernetes.io/name: valkey-cluster
-  #   ports:
-  #   - port: 6379
-  #     protocol: TCP
-  #   - port: 16379
-  #     protocol: TCP
-
-  ingress: []
-  # Allow incoming HTTP traffic from prometheus.
-  #
-  # - from:
-  #   - namespaceSelector:
-  #       matchLabels:
-  #         kubernetes.io/metadata.name: monitoring
-  #     podSelector:
-  #       matchLabels:
-  #         app.kubernetes.io/name: prometheus
-  #   ports:
-  #   - port: http
-  #     protocol: TCP
-
-  # Allow incoming HTTP traffic from ingress-nginx.
-  #
-  # - from:
-  #   - namespaceSelector:
-  #       matchLabels:
-  #         kubernetes.io/metadata.name: ingress-nginx
-  #     podSelector:
-  #       matchLabels:
-  #         app.kubernetes.io/name: ingress-nginx
-  #   ports:
-  #   - port: http
-  #     protocol: TCP
-
-
 ## @section valkey-cluster
-## @param valkey-cluster.enabled Enable valkey cluster
-# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
-# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
-## @param valkey-cluster.usePassword Whether to use password authentication
-## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables
-## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
-## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
-## @param valkey-cluster.service.ports.valkey Port of Valkey service
 ## @descriptionStart
 ## Valkey cluster and [Valkey](#valkey) cannot be enabled at the same time.
 ## @descriptionEnd
 valkey-cluster:
+  ## @param valkey-cluster.enabled Enable valkey cluster
+  # ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
+  # Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
+  ## @param valkey-cluster.usePassword Whether to use password authentication.
+  ## @param valkey-cluster.usePasswordFiles Whether to mount passwords as files instead of environment variables.
  enabled: true
  usePassword: false
  usePasswordFiles: false
+
+  ## @param valkey-cluster.image.repository Image repository, eg. `bitnamilegacy/valkey-cluster`.
+  image:
+    repository: bitnamilegacy/valkey-cluster
+
+  ## @param valkey-cluster.cluster.nodes Number of valkey cluster master nodes
+  ## @param valkey-cluster.cluster.replicas Number of valkey cluster master node replicas
  cluster:
    nodes: 3 # default: 6
    replicas: 0 # default: 1
+
+  ## @param valkey-cluster.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`.
+  metrics:
+    image:
+      repository: bitnamilegacy/redis-exporter
+
+  ## @param valkey-cluster.service.ports.valkey Port of Valkey service
  service:
    ports:
      valkey: 6379

+  ## @param valkey-cluster.sysctlImage.repository Image repository, eg. `bitnamilegacy/os-shell`.
+  sysctlImage:
+    repository: bitnamilegacy/os-shell
+
+  ## @param valkey-cluster.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
+  volumePermissions:
+    image:
+      repository: bitnamilegacy/os-shell
+
+
 ## @section valkey
-## @param valkey.enabled Enable valkey standalone or replicated
-## @param valkey.architecture Whether to use standalone or replication
-# ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
-# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
-## @param valkey.global.valkey.password Required password
-## @param valkey.master.count Number of Valkey master instances to deploy
-## @param valkey.master.service.ports.valkey Port of Valkey service
+
 ## @descriptionStart
 ## Valkey and [Valkey cluster](#valkey-cluster) cannot be enabled at the same time.
 ## @descriptionEnd
 valkey:
+  ## @param valkey.enabled Enable valkey standalone or replicated
+  ## @param valkey.architecture Whether to use standalone or replication
  enabled: false
  architecture: standalone
+
+  ## @param valkey.kubectl.image.repository Image repository, eg. `bitnamilegacy/kubectl`.
+  kubectl:
+    image:
+      repository: bitnamilegacy/kubectl
+
+  ## @param valkey.image.repository Image repository, eg. `bitnamilegacy/valkey`.
+  image:
+    repository: bitnamilegacy/valkey
+
+  # ⚠️ The valkey charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
+  # Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
+  ## @param valkey.global.valkey.password Required password
  global:
    valkey:
      password: changeme
+
+  ## @param valkey.master.count Number of Valkey master instances to deploy
+  ## @param valkey.master.service.ports.valkey Port of Valkey service
  master:
    count: 1
    service:
      ports:
        valkey: 6379

+  ## @param valkey.metrics.image.repository Image repository, eg. `bitnamilegacy/redis-exporter`.
+  metrics:
+    image:
+      repository: bitnamilegacy/redis-exporter
+
+  ## @param valkey.sentinel.image.repository Image repository, eg. `bitnamilegacy/sentinel`.
+  sentinel:
+    image:
+      repository: bitnamilegacy/valkey-sentinel
+
+  ## @param valkey.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
+  volumePermissions:
+    image:
+      repository: bitnamilegacy/os-shell
+
 ## @section PostgreSQL HA
-#
-## @param postgresql-ha.enabled Enable PostgreSQL HA
-## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
-## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
-## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
-## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
-## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
-## @param postgresql-ha.postgresql.postgresPassword postgres Password
-## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
-## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword
-## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
-## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
 postgresql-ha:
+  ## @param postgresql-ha.enabled Enable PostgreSQL HA
+  enabled: true
+
+  ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
+  ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
+  ## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
  global:
    postgresql:
      database: gitea
      password: gitea
      username: gitea
-  enabled: true
+
+  ## @param postgresql-ha.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`.
+  metrics:
+    image:
+      repository: bitnamilegacy/postgres-exporter
+
+  ## @param postgresql-ha.postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql-repmgr`.
+  ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
+  ## @param postgresql-ha.postgresql.postgresPassword postgres Password
+  ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
  postgresql:
+    image:
+      repository: bitnamilegacy/postgresql-repmgr
    repmgrPassword: changeme2
    postgresPassword: changeme1
    password: changeme4
+
+  ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
+  ## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`.
+  ## @param postgresql-ha.pgpool.srCheckPassword pgpool srCheckPassword
  pgpool:
    adminPassword: changeme3
+    image:
+      repository: bitnamilegacy/pgpool
    srCheckPassword: changeme4
+
+  ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
  service:
    ports:
      postgresql: 5432
+
+  ## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
  persistence:
    size: 10Gi

+  ## @param postgresql-ha.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
+  volumePermissions:
+    image:
+      repository: bitnamilegacy/os-shell
+
 ## @section PostgreSQL
-#
-## @param postgresql.enabled Enable PostgreSQL
-## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
-## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
-## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
-## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
-## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
 postgresql:
+  ## @param postgresql.enabled Enable PostgreSQL
  enabled: false
+
+  ## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
+  ## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
+  ## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
+  ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
  global:
    postgresql:
      auth:
@@ -705,10 +678,26 @@ postgresql:
      service:
        ports:
          postgresql: 5432
+
+  ## @param postgresql.image.repository Image repository, eg. `bitnamilegacy/postgresql`.
+  image:
+    repository: bitnamilegacy/postgresql
+
+  ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
  primary:
    persistence:
      size: 10Gi

+  ## @param postgresql.metrics.image.repository Image repository, eg. `bitnamilegacy/postgres-exporter`.
+  metrics:
+    image:
+      repository: bitnamilegacy/postgres-exporter
+
+  ## @param postgresql.volumePermissions.image.repository Image repository, eg. `bitnamilegacy/os-shell`.
+  volumePermissions:
+    image:
+      repository: bitnamilegacy/os-shell
+
 # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
 # Set it to false to skip this basic validation check.
 ## @section Advanced
Author	SHA1	Message	Date
Markus Pesch	1d49cf3f58	fix(Chart): add annotation 'artifacthub.io/links' All checks were successful changelog / changelog (push) Successful in 14s Details check-and-test / check-and-test (push) Successful in 35s Details	2025-10-12 12:13:40 +02:00
Renovate Bot	0a463f7252	chore(deps): update dependency helm-unittest/helm-unittest to v1.0.3 (#964 ) Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>	2025-10-12 00:05:15 +00:00
Renovate Bot	14ac6abf78	chore(deps): update lockfiles (#961 ) Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>	2025-10-07 00:04:56 +00:00
Markus Pesch	89017545d3	fix(deps): use bitnamilegacy images (#962 ) All checks were successful changelog / changelog (push) Successful in 8s Details check-and-test / check-and-test (push) Successful in 1m32s Details The following PR overwrites the `registry`, `repository` and `tag` attributes of the dependencies to download the images from the `bitnamilegacy` repository. This allows us to redeploy the v12 release stream, even though we are no longer receiving updates for the bitnami images. Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/962 Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.com> Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems> Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>	2025-10-05 18:11:37 +00:00
Renovate Bot	40d8e5b6e3	chore(deps): update dependency helm-unittest/helm-unittest to v1.0.2 (#960 ) All checks were successful changelog / changelog (push) Successful in 8s Details check-and-test / check-and-test (push) Successful in 1m31s Details Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>	2025-10-05 00:04:43 +00:00
Renovate Bot	1cdb7b7342	chore(deps): update commitlint/commitlint docker tag to v20 (#957 ) Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>	2025-10-02 15:57:22 +00:00
Renovate Bot	5c88f5fe9b	chore(deps): update lockfiles (#956 ) All checks were successful changelog / changelog (push) Successful in 8s Details check-and-test / check-and-test (push) Successful in 1m37s Details Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>	2025-09-25 01:01:10 +00:00
Renovate Bot	d7437cef0b	chore(deps): update alpine/helm docker tag to v3.19.0 (#954 ) Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>	2025-09-21 00:03:33 +00:00