mirror of
https://gitea.com/gitea/helm-chart.git
synced 2024-06-02 02:11:23 +05:30
Merge remote-tracking branch 'upstream/main' into image-digest
Fix and extend unit tests, fix templating issue with rootless flag, resolve label related review comments.
This commit is contained in:
commit
fed863e2a0
|
@ -39,3 +39,4 @@
|
|||
|
||||
- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
|
||||
- [ ] Breaking changes are documented in the `README.md`
|
||||
- [ ] Templating unittests are added
|
||||
|
|
|
@ -39,7 +39,7 @@ jobs:
|
|||
mkdir gitea
|
||||
mv gitea*.tgz gitea/
|
||||
curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
|
||||
helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
|
||||
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
|
||||
|
||||
- name: aws credential configure
|
||||
uses: https://github.com/aws-actions/configure-aws-credentials@v2
|
||||
|
|
|
@ -26,7 +26,7 @@ jobs:
|
|||
helm template --debug gitea-helm .
|
||||
- name: unit tests
|
||||
run: |
|
||||
helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest
|
||||
helm plugin install --version 0.3.3 https://github.com/helm-unittest/helm-unittest
|
||||
make unittests
|
||||
- name: verify readme
|
||||
run: |
|
||||
|
|
|
@ -47,7 +47,7 @@ MD013:
|
|||
# Number of characters
|
||||
line_length: 200
|
||||
# Number of characters for headings
|
||||
heading_line_length: 80
|
||||
heading_line_length: 100
|
||||
# Number of characters for code blocks
|
||||
code_block_line_length: 80
|
||||
# Include code blocks
|
||||
|
@ -106,7 +106,7 @@ MD030:
|
|||
# MD033/no-inline-html - Inline HTML
|
||||
MD033:
|
||||
# Allowed elements
|
||||
allowed_elements: []
|
||||
allowed_elements: [details, summary]
|
||||
|
||||
# MD035/hr-style - Horizontal rule style
|
||||
MD035:
|
||||
|
|
|
@ -18,12 +18,12 @@ When using Visual Studio Code as IDE, following plugins might be useful:
|
|||
|
||||
## Documentation Requirements
|
||||
|
||||
The `README.md` must include all configuration options. The parameters section
|
||||
is generated by extracting the parameter annotations from the `values.yaml` file,
|
||||
by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).
|
||||
The `README.md` must include all configuration options.
|
||||
The parameters section is generated by extracting the parameter annotations from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).
|
||||
|
||||
If changes were made on configuration options, run `make readme` to update the
|
||||
README file.
|
||||
If changes were made on configuration options, run `make readme` to update the README file.
|
||||
|
||||
The ToC is created via the VSCode [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) extension which can/must also be used used to update it.
|
||||
|
||||
## Pull Request Requirements
|
||||
|
||||
|
@ -41,16 +41,15 @@ For local development and testing of pull requests, the following workflow can
|
|||
be used:
|
||||
|
||||
1. Install `minikube` and `helm`.
|
||||
2. Start a `minikube` cluster via `minikube start`.
|
||||
3. From the `gitea/helm-chart` directory execute the following command. This
|
||||
will install the dependencies listed in `Chart.yml` and deploy the current
|
||||
state of the helm chart found locally. If you want to test a branch, make
|
||||
sure to switch to the respective branch first.
|
||||
`helm install --dependency-update gitea . -f values.yaml`.
|
||||
4. Gitea is now deployed in `minikube`. To access it, it's port needs to be
|
||||
forwarded first from `minikube` to localhost first via `kubectl --namespace
|
||||
default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at
|
||||
[http://localhost:3000](http://localhost:3000).
|
||||
1. Start a `minikube` cluster via `minikube start`.
|
||||
1. From the `gitea/helm-chart` directory execute the following command.
|
||||
This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally.
|
||||
If you want to test a branch, make sure to switch to the respective branch first.
|
||||
`helm install --dependency-update gitea . -f values.yaml`.
|
||||
1. Gitea is now deployed in `minikube`.
|
||||
To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace
|
||||
default port-forward svc/gitea-http 3000:3000`.
|
||||
Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
|
||||
|
||||
### Unit tests
|
||||
|
||||
|
@ -61,3 +60,11 @@ $ helm plugin install https://github.com/helm-unittest/helm-unittest
|
|||
# run the unittests
|
||||
make unittests
|
||||
```
|
||||
|
||||
See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions.
|
||||
|
||||
## Release process
|
||||
|
||||
1. Create a tag following the tagging schema
|
||||
1. Push the tag
|
||||
1. Let CI do it's work
|
||||
|
|
15
Chart.lock
15
Chart.lock
|
@ -1,9 +1,12 @@
|
|||
dependencies:
|
||||
- name: memcached
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 6.3.14
|
||||
- name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.4.1
|
||||
digest: sha256:02d4846bf416038a42658dbca8f8001d0e3ce967b00e990048f8d420065c33fd
|
||||
generated: "2023-04-28T09:32:05.295167+02:00"
|
||||
version: 12.10.1
|
||||
- name: postgresql-ha
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 11.9.2
|
||||
- name: redis-cluster
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 8.8.2
|
||||
digest: sha256:a9506ea21ff576b301fd9d16a240a55d86ca2d5bbe20ec0fd78272c855786f7f
|
||||
generated: "2023-09-07T00:03:27.653856865Z"
|
||||
|
|
24
Chart.yaml
24
Chart.yaml
|
@ -3,8 +3,8 @@ name: gitea
|
|||
description: Gitea Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 0.0.0
|
||||
appVersion: 1.19.3
|
||||
icon: https://docs.gitea.io/images/gitea.png
|
||||
appVersion: 1.20.4
|
||||
icon: https://gitea.com/assets/img/logo.svg
|
||||
|
||||
keywords:
|
||||
- git
|
||||
|
@ -33,14 +33,18 @@ maintainers:
|
|||
|
||||
# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details
|
||||
dependencies:
|
||||
# OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01)
|
||||
# Chart release date: 2023-04
|
||||
- name: memcached
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 6.3.14
|
||||
condition: memcached.enabled
|
||||
# Chart release date: 2023-04
|
||||
#https://github.com/bitnami/charts/blob/main/bitnami/postgresql
|
||||
- name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.4.1
|
||||
version: 12.10.1
|
||||
condition: postgresql.enabled
|
||||
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
|
||||
- name: postgresql-ha
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 11.9.2
|
||||
condition: postgresql-ha.enabled
|
||||
# https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
|
||||
- name: redis-cluster
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 8.8.2
|
||||
condition: redis-cluster.enabled
|
||||
|
|
5
Makefile
5
Makefile
|
@ -10,3 +10,8 @@ readme: prepare-environment
|
|||
.PHONY: unittests
|
||||
unittests:
|
||||
helm unittest --strict -f 'unittests/**/*.yaml' ./
|
||||
|
||||
.PHONY: helm
|
||||
update-helm-dependencies:
|
||||
helm dependency update
|
||||
|
579
README.md
579
README.md
|
@ -1,13 +1,63 @@
|
|||
# Gitea Helm Chart
|
||||
# Gitea Helm Chart <!-- omit from toc -->
|
||||
|
||||
[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go.
|
||||
- [Introduction](#introduction)
|
||||
- [Update and versioning policy](#update-and-versioning-policy)
|
||||
- [Dependencies](#dependencies)
|
||||
- [Installing](#installing)
|
||||
- [High Availability](#high-availability)
|
||||
- [Configuration](#configuration)
|
||||
- [Default Configuration](#default-configuration)
|
||||
- [Database defaults](#database-defaults)
|
||||
- [Server defaults](#server-defaults)
|
||||
- [Metrics defaults](#metrics-defaults)
|
||||
- [Minimal Configuration](#minimal-configuration)
|
||||
- [Additional _app.ini_ settings](#additional-appini-settings)
|
||||
- [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
|
||||
- [External Database](#external-database)
|
||||
- [Ports and external url](#ports-and-external-url)
|
||||
- [ClusterIP](#clusterip)
|
||||
- [SSH and Ingress](#ssh-and-ingress)
|
||||
- [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster)
|
||||
- [Cache](#cache)
|
||||
- [Persistence](#persistence)
|
||||
- [Admin User](#admin-user)
|
||||
- [LDAP Settings](#ldap-settings)
|
||||
- [OAuth2 Settings](#oauth2-settings)
|
||||
- [Configure commit signing](#configure-commit-signing)
|
||||
- [Metrics and profiling](#metrics-and-profiling)
|
||||
- [Pod annotations](#pod-annotations)
|
||||
- [Themes](#themes)
|
||||
- [Parameters](#parameters)
|
||||
- [Global](#global)
|
||||
- [strategy](#strategy)
|
||||
- [Image](#image)
|
||||
- [Security](#security)
|
||||
- [Service](#service)
|
||||
- [Ingress](#ingress)
|
||||
- [deployment](#deployment)
|
||||
- [ServiceAccount](#serviceaccount)
|
||||
- [Persistence](#persistence-1)
|
||||
- [Init](#init)
|
||||
- [Signing](#signing)
|
||||
- [Gitea](#gitea)
|
||||
- [LivenessProbe](#livenessprobe)
|
||||
- [ReadinessProbe](#readinessprobe)
|
||||
- [StartupProbe](#startupprobe)
|
||||
- [redis-cluster](#redis-cluster)
|
||||
- [PostgreSQL-ha](#postgresql-ha)
|
||||
- [PostgreSQL](#postgresql)
|
||||
- [Advanced](#advanced)
|
||||
- [Contributing](#contributing)
|
||||
- [Upgrading](#upgrading)
|
||||
|
||||
[Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go.
|
||||
It is published under the MIT license.
|
||||
|
||||
## Introduction
|
||||
|
||||
This helm chart has taken some inspiration from [jfelten's helm chart](https://github.com/jfelten/gitea-helm-chart).
|
||||
But takes a completely different approach in providing a database and cache with dependencies.
|
||||
Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories.
|
||||
Yet it takes a completely different approach in providing a database and cache with dependencies.
|
||||
Additionally, this chart allows to provide LDAP and admin user configuration with values.
|
||||
|
||||
## Update and versioning policy
|
||||
|
||||
|
@ -32,31 +82,33 @@ This chart provides those dependencies, which can be enabled, or disabled via co
|
|||
|
||||
Dependencies:
|
||||
|
||||
- PostgreSQL ([configuration](#postgresql))
|
||||
- Memcached ([configuration](#memcached))
|
||||
- PostgreSQL HA ([configuration](#postgresql))
|
||||
- Redis Cluster ([configuration](#cache))
|
||||
|
||||
## Installing
|
||||
|
||||
```sh
|
||||
helm repo add gitea-charts https://dl.gitea.io/charts/
|
||||
helm repo add gitea-charts https://dl.gitea.com/charts/
|
||||
helm repo update
|
||||
helm install gitea gitea-charts/gitea
|
||||
```
|
||||
|
||||
When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes.
|
||||
|
||||
## Prerequisites
|
||||
## High Availability
|
||||
|
||||
- Kubernetes 1.12+
|
||||
- Helm 3.0+
|
||||
- PV provisioner for persistent data support
|
||||
⚠️ **EXPERIMENTAL** ⚠️
|
||||
|
||||
## Examples
|
||||
Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup.
|
||||
The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready.
|
||||
|
||||
### Gitea Configuration
|
||||
Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies.
|
||||
See the [HA Setup](docs/ha-setup.md) document for more details.
|
||||
|
||||
## Configuration
|
||||
|
||||
Gitea offers lots of configuration options.
|
||||
This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/).
|
||||
This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet).
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
|
@ -75,12 +127,12 @@ All defaults can be overwritten in `gitea.config`.
|
|||
|
||||
INSTALL_LOCK is always set to true, since we want to configure Gitea with this helm chart and everything is taken care of.
|
||||
|
||||
_All default settings are made directly in the generated app.ini, not in the Values._
|
||||
_All default settings are made directly in the generated `app.ini`, not in the Values._
|
||||
|
||||
#### Database defaults
|
||||
|
||||
If a builtIn database is enabled the database configuration is set automatically.
|
||||
For example, PostgreSQL builtIn will appear in the app.ini as:
|
||||
For example, PostgreSQL builtIn will appear in the `app.ini` as:
|
||||
|
||||
```ini
|
||||
[database]
|
||||
|
@ -91,18 +143,6 @@ PASSWD = gitea
|
|||
USER = gitea
|
||||
```
|
||||
|
||||
#### Memcached defaults
|
||||
|
||||
Memcached is handled the exact same way as database builtIn.
|
||||
Once Memcached builtIn is enabled, this chart will generate the following part in the `app.ini`:
|
||||
|
||||
```ini
|
||||
[cache]
|
||||
ADAPTER = memcache
|
||||
ENABLED = true
|
||||
HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211
|
||||
```
|
||||
|
||||
#### Server defaults
|
||||
|
||||
The server defaults are a bit more complex.
|
||||
|
@ -131,9 +171,39 @@ The Prometheus `/metrics` endpoint is disabled by default.
|
|||
ENABLED = false
|
||||
```
|
||||
|
||||
### Minimal Configuration
|
||||
|
||||
For a minimal installation, i.e. without HA dependencies and using the built-in SQLITE DB instead of Postgres, the following configuration can be used:
|
||||
|
||||
```yaml
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
postgresql:
|
||||
enabled: false
|
||||
postgresql-ha:
|
||||
enabled: false
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
gitea:
|
||||
config:
|
||||
database:
|
||||
DB_TYPE: sqlite3
|
||||
session:
|
||||
PROVIDER: memory
|
||||
cache:
|
||||
ADAPTER: memory
|
||||
queue:
|
||||
TYPE: level
|
||||
```
|
||||
|
||||
This will result in a single-pod Gitea instance without any dependencies and persistence.
|
||||
Do not use this configuration for production use.
|
||||
|
||||
### Additional _app.ini_ settings
|
||||
|
||||
> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)
|
||||
> **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
|
||||
> section cannot be defined that way.**
|
||||
|
||||
Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file.
|
||||
|
@ -151,8 +221,7 @@ gitea:
|
|||
name: gitea-app-ini-plaintext
|
||||
```
|
||||
|
||||
This would mount the two additional volumes (`oauth` and `some-additionals`)
|
||||
from different sources to the init containerwhere the _app.ini_ gets updated.
|
||||
This would mount the two additional volumes (`oauth` and `some-additionals`) from different sources to the init container where the _app.ini_ gets updated.
|
||||
All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
|
||||
|
||||
The key of such additional source represents the section inside the _app.ini_.
|
||||
|
@ -196,16 +265,17 @@ We also support to directly interact with the generated _app.ini_.
|
|||
To inject self defined variables into the _app.ini_ a certain format needs to be honored.
|
||||
This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page.
|
||||
|
||||
Note that the Prefix on this helm chart is `ENV_TO_INI`.
|
||||
Prior to Gitea 1.20 and Chart 9.0.0 the helm chart had a custom prefix `ENV_TO_INI`.
|
||||
After the support for a custom prefix was removed in Gite core, the prefix was changed to `GITEA`.
|
||||
|
||||
For example a database setting needs to have the following format:
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
additionalConfigFromEnvs:
|
||||
- name: ENV_TO_INI__DATABASE__HOST
|
||||
- name: GITEA__DATABASE__HOST
|
||||
value: my.own.host
|
||||
- name: ENV_TO_INI__DATABASE__PASSWD
|
||||
- name: GITEA__DATABASE__PASSWD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
|
@ -214,13 +284,13 @@ gitea:
|
|||
|
||||
Priority (highest to lowest) for defining app.ini variables:
|
||||
|
||||
1. Environment variables prefixed with `ENV_TO_INI`
|
||||
1. Environment variables prefixed with `GITEA`
|
||||
1. Additional config sources
|
||||
1. Values defined in `gitea.config`
|
||||
|
||||
### External Database
|
||||
|
||||
Any external Database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL.
|
||||
Any external database listed in [https://docs.gitea.com/installation/database-prep](https://docs.gitea.com/installation/database-prep) can be used instead of the built-in PostgreSQL.
|
||||
In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm.
|
||||
|
||||
If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL.
|
||||
|
@ -306,34 +376,23 @@ More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161).
|
|||
|
||||
### Cache
|
||||
|
||||
This helm chart can use a built in cache.
|
||||
The default is Memcached from bitnami.
|
||||
The cache handling is done via `redis-cluster` (via the `bitnami` chart) by default.
|
||||
This deployment is HA-ready but can also be used for single-pod deployments.
|
||||
By default, 6 replicas are deployed for a working `redis-cluster` deployment.
|
||||
Many cloud providers offer a managed redis service, which can be used instead of the built-in `redis-cluster`.
|
||||
|
||||
```yaml
|
||||
memcached:
|
||||
redis-cluster:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
If the built in cache should not be used simply configure the cache in `gitea.config`.
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
config:
|
||||
cache:
|
||||
ENABLED: true
|
||||
ADAPTER: memory
|
||||
INTERVAL: 60
|
||||
HOST: 127.0.0.1:9090
|
||||
```
|
||||
|
||||
### Persistence
|
||||
|
||||
Gitea will be deployed as a statefulset.
|
||||
Gitea will be deployed as a deployment.
|
||||
By simply enabling the persistence and setting the storage class according to your cluster everything else will be taken care of.
|
||||
The following example will create a PVC as a part of the statefulset.
|
||||
This PVC will not be deleted even if you uninstall the chart.
|
||||
The following example will create a PVC as a part of the deployment.
|
||||
|
||||
Please note, that an empty storageClass in the persistence will result in kubernetes using your default storage class.
|
||||
Please note, that an empty `storageClass` in the persistence will result in kubernetes using your default storage class.
|
||||
|
||||
If you want to use your own storage class define it as follows:
|
||||
|
||||
|
@ -343,14 +402,12 @@ persistence:
|
|||
storageClass: myOwnStorageClass
|
||||
```
|
||||
|
||||
When using PostgreSQL as dependency, this will also be deployed as a statefulset by default.
|
||||
|
||||
If you want to manage your own PVC you can simply pass the PVC name to the chart.
|
||||
|
||||
```yaml
|
||||
persistence:
|
||||
enabled: true
|
||||
existingClaim: MyAwesomeGiteaClaim
|
||||
claimName: MyAwesomeGiteaClaim
|
||||
```
|
||||
|
||||
In case that persistence has been disabled it will simply use an empty dir volume.
|
||||
|
@ -362,13 +419,13 @@ You can interact with the postgres settings as displayed in the following exampl
|
|||
postgresql:
|
||||
persistence:
|
||||
enabled: true
|
||||
existingClaim: MyAwesomeGiteaPostgresClaim
|
||||
claimName: MyAwesomeGiteaPostgresClaim
|
||||
```
|
||||
|
||||
### Admin User
|
||||
|
||||
This chart enables you to create a default admin user.
|
||||
It is also possible to update the password for this user by upgrading or redeloying the chart.
|
||||
It is also possible to update the password for this user by upgrading or redeploying the chart.
|
||||
It is not possible to delete an admin user after it has been created.
|
||||
This has to be done in the ui.
|
||||
You cannot use `admin` as username.
|
||||
|
@ -403,7 +460,7 @@ gitea:
|
|||
### LDAP Settings
|
||||
|
||||
Like the admin user the LDAP settings can be updated.
|
||||
All LDAP values from <https://docs.gitea.io/en-us/command-line/#admin> are available.
|
||||
All LDAP values from <https://docs.gitea.com/administration/command-line#admin> are available.
|
||||
|
||||
Multiple LDAP sources can be configured with additional LDAP list items.
|
||||
|
||||
|
@ -458,7 +515,7 @@ Affected options:
|
|||
|
||||
Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
|
||||
Deleting OAuth2 settings has to be done in the ui.
|
||||
All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are
|
||||
All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are
|
||||
available.
|
||||
|
||||
Multiple OAuth2 sources can be configured with additional OAuth list items.
|
||||
|
@ -536,9 +593,9 @@ signing:
|
|||
```
|
||||
|
||||
To use the gpg key, Gitea needs to be configured accordingly.
|
||||
A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration).
|
||||
A detailed description can be found in the [official Gitea documentation](https://docs.gitea.com/administration/signing#general-configuration).
|
||||
|
||||
### Metrics and profiling
|
||||
## Metrics and profiling
|
||||
|
||||
A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling endpoints on port 6060 can be enabled under `gitea`.
|
||||
Beware that the metrics endpoint is exposed via the ingress, manage access using ingress annotations for example.
|
||||
|
@ -557,7 +614,7 @@ gitea:
|
|||
ENABLE_PPROF: true
|
||||
```
|
||||
|
||||
### Pod Annotations
|
||||
## Pod annotations
|
||||
|
||||
Annotations can be added to the Gitea pod.
|
||||
|
||||
|
@ -566,18 +623,94 @@ gitea:
|
|||
podAnnotations: {}
|
||||
```
|
||||
|
||||
## Themes
|
||||
|
||||
Custom themes can be added via k8s secrets and referencing them in `values.yaml`.
|
||||
|
||||
The [http provider](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) is useful here.
|
||||
|
||||
```yaml
|
||||
extraVolumes:
|
||||
- name: gitea-themes
|
||||
secret:
|
||||
secretName: gitea-themes
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: gitea-themes
|
||||
readOnly: true
|
||||
mountPath: "/data/gitea/public/css"
|
||||
```
|
||||
|
||||
The secret can be created via `terraform`:
|
||||
|
||||
```hcl
|
||||
resource "kubernetes_secret" "gitea-themes" {
|
||||
metadata {
|
||||
name = "gitea-themes"
|
||||
namespace = "gitea"
|
||||
}
|
||||
|
||||
data = {
|
||||
"my-theme.css" = data.http.gitea-theme-light.body
|
||||
"my-theme-dark.css" = data.http.gitea-theme-dark.body
|
||||
"my-theme-auto.css" = data.http.gitea-theme-auto.body
|
||||
}
|
||||
|
||||
type = "Opaque"
|
||||
}
|
||||
|
||||
|
||||
data "http" "gitea-theme-light" {
|
||||
url = "<raw theme url>"
|
||||
|
||||
request_headers = {
|
||||
Accept = "application/json"
|
||||
}
|
||||
}
|
||||
|
||||
data "http" "gitea-theme-dark" {
|
||||
url = "<raw theme url>"
|
||||
|
||||
request_headers = {
|
||||
Accept = "application/json"
|
||||
}
|
||||
}
|
||||
|
||||
data "http" "gitea-theme-auto" {
|
||||
url = "<raw theme url>"
|
||||
|
||||
request_headers = {
|
||||
Accept = "application/json"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
or natively via `kubectl`:
|
||||
|
||||
```bash
|
||||
kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --namespace gitea
|
||||
```
|
||||
|
||||
## Parameters
|
||||
|
||||
### Global
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------- | ------------------------------------------------------------------------- | --------------- |
|
||||
| `global.imageRegistry` | global image registry override | `""` |
|
||||
| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` |
|
||||
| `global.storageClass` | global storage class override | `""` |
|
||||
| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` |
|
||||
| `replicaCount` | number of replicas for the statefulset | `1` |
|
||||
| `clusterDomain` | cluster domain | `cluster.local` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------- | ------------------------------------------------------------------------- | ----- |
|
||||
| `global.imageRegistry` | global image registry override | `""` |
|
||||
| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` |
|
||||
| `global.storageClass` | global storage class override | `""` |
|
||||
| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` |
|
||||
| `replicaCount` | number of replicas for the deployment | `1` |
|
||||
|
||||
### strategy
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------- | -------------- | --------------- |
|
||||
| `strategy.type` | strategy type | `RollingUpdate` |
|
||||
| `strategy.rollingUpdate.maxSurge` | maxSurge | `100%` |
|
||||
| `strategy.rollingUpdate.maxUnavailable` | maxUnavailable | `0` |
|
||||
| `clusterDomain` | cluster domain | `cluster.local` |
|
||||
|
||||
### Image
|
||||
|
||||
|
@ -588,7 +721,7 @@ gitea:
|
|||
| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` |
|
||||
| `image.digest` | Image digest. Overrides the image tag if set. | `""` |
|
||||
| `image.pullPolicy` | Image pull policy | `Always` |
|
||||
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
|
||||
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` |
|
||||
| `imagePullSecrets` | Secret to use for pulling the image | `[]` |
|
||||
|
||||
### Security
|
||||
|
@ -598,6 +731,7 @@ gitea:
|
|||
| `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` |
|
||||
| `containerSecurityContext` | Security context | `{}` |
|
||||
| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` |
|
||||
| `podDisruptionBudget` | Pod disruption budget | `{}` |
|
||||
|
||||
### Service
|
||||
|
||||
|
@ -605,7 +739,7 @@ gitea:
|
|||
| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
|
||||
| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` |
|
||||
| `service.http.port` | Port number for web traffic | `3000` |
|
||||
| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` |
|
||||
| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment is None | `None` |
|
||||
| `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` |
|
||||
| `service.http.nodePort` | NodePort for http service | `nil` |
|
||||
| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` |
|
||||
|
@ -616,7 +750,7 @@ gitea:
|
|||
| `service.http.annotations` | HTTP service annotations | `{}` |
|
||||
| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` |
|
||||
| `service.ssh.port` | Port number for ssh traffic | `22` |
|
||||
| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for statefulset is None | `None` |
|
||||
| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` |
|
||||
| `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` |
|
||||
| `service.ssh.nodePort` | NodePort for ssh service | `nil` |
|
||||
| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` |
|
||||
|
@ -640,38 +774,53 @@ gitea:
|
|||
| `ingress.tls` | Ingress tls settings | `[]` |
|
||||
| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | |
|
||||
|
||||
### StatefulSet
|
||||
### deployment
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------- | ------------------------------------------------------ | ----- |
|
||||
| `resources` | Kubernetes resources | `{}` |
|
||||
| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` |
|
||||
| `nodeSelector` | NodeSelector for the statefulset | `{}` |
|
||||
| `tolerations` | Tolerations for the statefulset | `[]` |
|
||||
| `affinity` | Affinity for the statefulset | `{}` |
|
||||
| `dnsConfig` | dnsConfig for the statefulset | `{}` |
|
||||
| `priorityClassName` | priorityClassName for the statefulset | `""` |
|
||||
| `statefulset.env` | Additional environment variables to pass to containers | `[]` |
|
||||
| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` |
|
||||
| `statefulset.labels` | Labels for the statefulset | `{}` |
|
||||
| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------ | ------------------------------------------------------ | ----- |
|
||||
| `resources` | Kubernetes resources | `{}` |
|
||||
| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` |
|
||||
| `nodeSelector` | NodeSelector for the deployment | `{}` |
|
||||
| `tolerations` | Tolerations for the deployment | `[]` |
|
||||
| `affinity` | Affinity for the deployment | `{}` |
|
||||
| `topologySpreadConstraints` | TopologySpreadConstraints for the deployment | `[]` |
|
||||
| `dnsConfig` | dnsConfig for the deployment | `{}` |
|
||||
| `priorityClassName` | priorityClassName for the deployment | `""` |
|
||||
| `deployment.env` | Additional environment variables to pass to containers | `[]` |
|
||||
| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` |
|
||||
| `deployment.labels` | Labels for the deployment | `{}` |
|
||||
| `deployment.annotations` | Annotations for the Gitea deployment to be created | `{}` |
|
||||
|
||||
### ServiceAccount
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `serviceAccount.create` | Enable the creation of a ServiceAccount | `false` |
|
||||
| `serviceAccount.name` | Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. | `""` |
|
||||
| `serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` |
|
||||
| `serviceAccount.imagePullSecrets` | Image pull secrets, available to the ServiceAccount | `[]` |
|
||||
| `serviceAccount.annotations` | Custom annotations for the ServiceAccount | `{}` |
|
||||
| `serviceAccount.labels` | Custom labels for the ServiceAccount | `{}` |
|
||||
|
||||
### Persistence
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- |
|
||||
| `persistence.enabled` | Enable persistent storage | `true` |
|
||||
| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` |
|
||||
| `persistence.size` | Size for persistence to store repo information | `10Gi` |
|
||||
| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` |
|
||||
| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` |
|
||||
| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` |
|
||||
| `persistence.storageClass` | Name of the storage class to use | `nil` |
|
||||
| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` |
|
||||
| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `[]` |
|
||||
| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` |
|
||||
| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` |
|
||||
| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- |
|
||||
| `persistence.enabled` | Enable persistent storage | `true` |
|
||||
| `persistence.create` | Whether to create the persistentVolumeClaim for shared storage | `true` |
|
||||
| `persistence.mount` | Whether the persistentVolumeClaim should be mounted (even if not created) | `true` |
|
||||
| `persistence.claimName` | Use an existing claim to store repository information | `gitea-shared-storage` |
|
||||
| `persistence.size` | Size for persistence to store repo information | `10Gi` |
|
||||
| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` |
|
||||
| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` |
|
||||
| `persistence.annotations.helm.sh/resource-policy` | Resource policy for the persistence volume claim | `keep` |
|
||||
| `persistence.storageClass` | Name of the storage class to use | `nil` |
|
||||
| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` |
|
||||
| `persistence.volumeName` | Name of persistent volume in PVC | `""` |
|
||||
| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` |
|
||||
| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` |
|
||||
| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` |
|
||||
| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` |
|
||||
|
||||
### Init
|
||||
|
||||
|
@ -693,21 +842,22 @@ gitea:
|
|||
|
||||
### Gitea
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------------------- |
|
||||
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
|
||||
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
|
||||
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
|
||||
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
|
||||
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
|
||||
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` |
|
||||
| `gitea.ldap` | LDAP configuration | `[]` |
|
||||
| `gitea.oauth` | OAuth configuration | `[]` |
|
||||
| `gitea.config` | Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) | `{}` |
|
||||
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
|
||||
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
|
||||
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
|
||||
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------- | ------------------------------------------------------------------------- | -------------------- |
|
||||
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
|
||||
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
|
||||
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
|
||||
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
|
||||
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
|
||||
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` |
|
||||
| `gitea.ldap` | LDAP configuration | `[]` |
|
||||
| `gitea.oauth` | OAuth configuration | `[]` |
|
||||
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
|
||||
| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` |
|
||||
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
|
||||
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
|
||||
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
|
||||
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
|
||||
|
||||
### LivenessProbe
|
||||
|
||||
|
@ -745,18 +895,33 @@ gitea:
|
|||
| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` |
|
||||
| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` |
|
||||
|
||||
### Memcached
|
||||
### redis-cluster
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` |
|
||||
| `memcached.service.ports.memcached` | Port for Memcached | `11211` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------- | -------------------------------------- | ------- |
|
||||
| `redis-cluster.enabled` | Enable redis | `true` |
|
||||
| `redis-cluster.usePassword` | Whether to use password authentication | `false` |
|
||||
|
||||
### PostgreSQL-ha
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
|
||||
| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` |
|
||||
| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` |
|
||||
| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
|
||||
| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
|
||||
| `postgresql-ha.global.postgresql.password` | Name for a custom password to create (overrides `auth.password`) | `gitea` |
|
||||
| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` |
|
||||
| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` |
|
||||
| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` |
|
||||
| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
|
||||
| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` |
|
||||
|
||||
### PostgreSQL
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
|
||||
| `postgresql.enabled` | Enable PostgreSQL | `true` |
|
||||
| `postgresql.enabled` | Enable PostgreSQL | `false` |
|
||||
| `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` |
|
||||
| `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
|
||||
| `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
|
||||
|
@ -782,16 +947,114 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details.
|
|||
## Upgrading
|
||||
|
||||
This section lists major and breaking changes of each Helm Chart version.
|
||||
Please read them carefully to upgrade successfully.
|
||||
Please read them carefully to upgrade successfully, especially the change of the **default database backend**!
|
||||
If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data!
|
||||
|
||||
### To 8.0.0
|
||||
<details>
|
||||
|
||||
#### Removal of MariaDB and MySQL DB chart dependencies
|
||||
<summary>To 9.0.0</summary>
|
||||
|
||||
This chart release comes with many breaking changes while aiming for a HA-ready setup.
|
||||
Please go through all of them carefully to perform a successful upgrade.
|
||||
Here's a brief summary again, followed by more detailed migration instructions:
|
||||
|
||||
- Switch from `Statefulset` to `Deployment`
|
||||
- Switch from `Memcached` to `redis-cluster` as the default session and queue provider
|
||||
- Switch from `postgres` to `postgres-ha` as the default database provider
|
||||
- A chart-internal PVC bootstrapping logic
|
||||
- New `persistence.mount`: whether to mount an existent PVC (even if not creating it)
|
||||
- New `persistence.create`: whether to create a new PVC
|
||||
- Renamed `persistence.existingClaim` to `persistence.claimName`
|
||||
|
||||
While not required, we recommend to start with a RWX PV for new installations.
|
||||
A RWX volume is required for installation aiming for HA.
|
||||
|
||||
If you want to stay with a pre-existing RWO PV, you need to set
|
||||
|
||||
- `persistence.mount=true`
|
||||
- `persistence.create=false`
|
||||
- `persistence.claimName` to the name of your existing PVC.
|
||||
|
||||
If you do not, Gitea will create a new PVC which will in turn create a new PV.
|
||||
If this happened to you by accident, you can still recover your data by setting using the settings from above in a subsequent run.
|
||||
|
||||
If you want to stay with a `memcache` instead of `redis-cluster`, you need to deploy `memcache` manually (e.g. from [bitnami](https://github.com/bitnami/charts/tree/main/bitnami/memcached)) and set
|
||||
|
||||
- `cache.HOST = "<memcache connection string>"`
|
||||
- `cache.ADAPTER = "memcache"`
|
||||
- `session.PROVIDER = "memcache"`
|
||||
- `session.PROVIDER_CONFIG = "<memcache connection string>"`
|
||||
- `queue.TYPE = "memcache"`
|
||||
- `queue.CONN_STR = "<memcache connection string>"`
|
||||
|
||||
The `memcache` connection string has the scheme `memcache://<memcache service name>:<memcache service port>`, e.g. `gitea-memcached.gitea.svc.cluster.local:11211`.
|
||||
The first item here (`<memcache service name>`) will be different compared to the example if you deploy `memcache` yourself.
|
||||
|
||||
The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time.
|
||||
The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default.
|
||||
|
||||
If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly:
|
||||
|
||||
```yaml
|
||||
session:
|
||||
PROVIDER: redis-cluster
|
||||
PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
|
||||
cache:
|
||||
ENABLED: true
|
||||
ADAPTER: redis-cluster
|
||||
HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
|
||||
queue:
|
||||
TYPE: redis
|
||||
CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
```
|
||||
|
||||
<!-- markdownlint-disable-next-line -->
|
||||
**Switch to rootless image by default**
|
||||
If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition:
|
||||
Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s).
|
||||
|
||||
<!-- markdownlint-disable-next-line -->
|
||||
**Transitioning from a RWO to RWX Persistent Volume**
|
||||
|
||||
If you want to switch to a RWX volume and go for HA, you need to
|
||||
|
||||
1. Backup the data stored under `/data`
|
||||
2. Let the chart create a new RWX PV (or do it statically yourself)
|
||||
3. Restore the backup to the same location in the new PV
|
||||
|
||||
<!-- markdownlint-disable-next-line -->
|
||||
**Transitioning from Postgres to Postgres HA**
|
||||
|
||||
If you are running with a non-HA PG DB from a previous chart release, you need to set
|
||||
|
||||
- `postgresql-ha.enabled=false`
|
||||
- `postgresql.enabled=true`
|
||||
|
||||
This is needed to stay with your existing single-instance DB (as the HA-variant is the new default).
|
||||
|
||||
<!-- markdownlint-disable-next-line -->
|
||||
**Change of env-to-ini prefix**
|
||||
|
||||
Before this release, the env-to-ini prefix was `ENV_TO_INI__`.
|
||||
This allowed a clear distinction between user-provided and chart-provided env-to-ini variables.
|
||||
Due to the removal custom prefix feature in the upstream implementation of env-to-ini, the prefix has been changed to the default `GITEA__`.
|
||||
|
||||
If you previously had defined env vars that had the `ENV_TO_INI__` prefix, you need to change them to `GITEA__` in order for them to be picked up by the chart.
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
|
||||
<summary>To 8.0.0</summary>
|
||||
|
||||
### Removal of MariaDB and MySQL DB chart dependencies <!-- omit from toc -->
|
||||
|
||||
In this version support for DB chart dependencies of MySQL and MariaDB have been removed to simplify the maintenance of the helm chart.
|
||||
External MySQL and MariaDB databases are still supported and will be in the future.
|
||||
|
||||
#### Postgres Update from v11 to v15
|
||||
### Postgres Update from v11 to v15 <!-- omit from toc -->
|
||||
|
||||
This Chart version updates the Postgres chart dependency and subsequently Postgres from v11 to v15.
|
||||
Please read the [Postgres Release Notes](https://www.postgresql.org/docs/release/) for version-specific changes.
|
||||
|
@ -799,16 +1062,28 @@ With respect to `values.yaml`, parameters `username`, `database` and `password`
|
|||
`persistence` has also been regrouped under the `primary` key.
|
||||
Please adjust your `values.yaml` accordingly.
|
||||
|
||||
### To 7.0.0
|
||||
**Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself.
|
||||
See [this comment](https://gitea.com/gitea/helm-chart/issues/452#issuecomment-740885) for an extensive walkthrough.
|
||||
We again highly encourage users to use an external (managed) database for production instances.
|
||||
|
||||
#### Private GPG key configuration for Gitea signing actions
|
||||
</details>
|
||||
|
||||
<details>
|
||||
|
||||
<summary>To 7.0.0</summary>
|
||||
|
||||
### Private GPG key configuration for Gitea signing actions <!-- omit from toc -->
|
||||
|
||||
Having `signing.enabled=true` now requires to use either `signing.privateKey` or `signing.existingSecret` so that the Chart can automatically prepare the GPG key for Gitea internal signing actions.
|
||||
See [Configure commit signing](#configure-commit-signing) for details.
|
||||
|
||||
### To 6.0.0
|
||||
</details>
|
||||
|
||||
#### Different volume mounts for init-containers and runtime container
|
||||
<details>
|
||||
|
||||
<summary>To 6.0.0</summary>
|
||||
|
||||
### Different volume mounts for init-containers and runtime container <!-- omit from toc -->
|
||||
|
||||
**The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and `extraContainerVolumeMounts`.
|
||||
You can now have different mounts for the initialization phase and Gitea runtime.
|
||||
|
@ -817,7 +1092,7 @@ If you want to switch to the new settings and want to mount specific volumes int
|
|||
|
||||
**Combining values from the deprecated setting with values from the new settings is not possible.**
|
||||
|
||||
#### New `enabled` flag for `startupProbe`
|
||||
### New `enabled` flag for `startupProbe` <!-- omit from toc -->
|
||||
|
||||
Prior to this version the `startupProbe` was just a commented sample within the `values.yaml`.
|
||||
With the migration to an auto-generated [Parameters](#parameters) section, a new parameter `gitea.startupProbe.enabled` has been introduced set to
|
||||
|
@ -826,11 +1101,15 @@ With the migration to an auto-generated [Parameters](#parameters) section, a new
|
|||
If you are using the `startupProbe` you need to add that new parameter and set it to `true`.
|
||||
Otherwise, your defined probe won't be considered after the upgrade.
|
||||
|
||||
### To 5.0.0
|
||||
</details>
|
||||
|
||||
<details>
|
||||
|
||||
<summary>To 5.0.0</summary>
|
||||
|
||||
> 💥 The Helm Chart now requires Gitea versions of at least 1.11.0.
|
||||
|
||||
#### Enable Dependencies
|
||||
### Enable Dependencies <!-- omit from toc -->
|
||||
|
||||
The values to enable the dependencies, such as PostgreSQL, Memcached, MySQL and MariaDB have been moved from `gitea.database.builtIn.` to the dependency values.
|
||||
|
||||
|
@ -850,12 +1129,12 @@ mariadb:
|
|||
enabled: false
|
||||
```
|
||||
|
||||
#### App.ini generation
|
||||
### App.ini generation <!-- omit from toc -->
|
||||
|
||||
The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions.
|
||||
This change ensures, that the app.ini is now persistent.
|
||||
|
||||
##### Secret Key generation
|
||||
### Secret Key generation <!-- omit from toc -->
|
||||
|
||||
Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated automatically in certain situations:
|
||||
|
||||
|
@ -868,7 +1147,7 @@ Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated aut
|
|||
> However, this it is not advisable to do so for existing installations.
|
||||
> Certain settings like _LDAP_ would not be readable anymore.
|
||||
|
||||
#### Probes
|
||||
### Probes <!-- omit from toc -->
|
||||
|
||||
`gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` have been removed.
|
||||
|
||||
|
@ -885,16 +1164,20 @@ gitea:
|
|||
podAnnotations: {}
|
||||
```
|
||||
|
||||
#### Multiple OAuth and LDAP authentication sources
|
||||
### Multiple OAuth and LDAP authentication sources <!-- omit from toc -->
|
||||
|
||||
With `5.0.0` of this Chart it is now possible to configure Gitea with multiple OAuth and LDAP sources.
|
||||
As a result, you need to update an existing OAuth/LDAP configuration in your customized `values.yaml` by replacing the object with settings to a list
|
||||
of settings objects.
|
||||
See [OAuth2 Settings](#oauth2-settings) and [LDAP Settings](#ldap-settings) section for details.
|
||||
|
||||
### To 4.0.0
|
||||
</details>
|
||||
|
||||
#### Ingress changes
|
||||
<details>
|
||||
|
||||
<summary>To 4.0.0</summary>
|
||||
|
||||
### Ingress changes <!-- omit from toc -->
|
||||
|
||||
To provide a more flexible Ingress configuration we now support not only host settings but also provide configuration for the path and pathType.
|
||||
So this change changes the hosts from a simple string list, to a list containing a more complex object for more configuration.
|
||||
|
@ -926,12 +1209,12 @@ paths:
|
|||
pathType: Prefix
|
||||
```
|
||||
|
||||
#### Dropped kebab-case support
|
||||
### Dropped kebab-case support <!-- omit from toc -->
|
||||
|
||||
In 3.x.x it was possible to provide an ldap configuration via kebab-case, this support has now been dropped and only camel case is supported.
|
||||
See [LDAP section](#ldap-settings) for more information.
|
||||
|
||||
#### Dependency update
|
||||
### Dependency update <!-- omit from toc -->
|
||||
|
||||
The chart comes with multiple databases and Memcached as dependency, the latest release updated the dependencies.
|
||||
|
||||
|
@ -941,7 +1224,7 @@ The chart comes with multiple databases and Memcached as dependency, the latest
|
|||
|
||||
If you're using the builtin databases you will most likely redeploy the chart in order to update the database correctly.
|
||||
|
||||
#### Execution of initPreScript
|
||||
### Execution of initPreScript <!-- omit from toc -->
|
||||
|
||||
Generally spoken, this might not be a breaking change, but it is worth to be mentioned.
|
||||
|
||||
|
@ -951,11 +1234,11 @@ This also includes the execution of _initPreScript_.
|
|||
If you have such script, please be aware of this.
|
||||
Dynamically prepare the Gitea setup during execution by e.g. adding environment variables to the execution context won't work anymore.
|
||||
|
||||
### Misc
|
||||
|
||||
#### Gitea Version 1.14.X repository ROOT
|
||||
### Gitea Version 1.14.X repository ROOT <!-- omit from toc -->
|
||||
|
||||
Previously the ROOT folder for the Gitea repositories was located at `/data/git/gitea-repositories`.
|
||||
In version `1.14` has the path been changed to `/data/gitea-repositories`.
|
||||
|
||||
This chart will set the `gitea.config.repository.ROOT` value default to `/data/git/gitea-repositories`.
|
||||
|
||||
</details>
|
||||
|
|
175
docs/ha-setup.md
Normal file
175
docs/ha-setup.md
Normal file
|
@ -0,0 +1,175 @@
|
|||
# High Availability
|
||||
|
||||
⚠️ **EXPERIMENTAL** ⚠️
|
||||
|
||||
All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment.
|
||||
The following document explains how to achieve this for all individual components.
|
||||
|
||||
The resulting Gitea deployment will consist of ~ 10 pods (depending on the chosen components and their replicas).
|
||||
One should evaluate upfront whether a HA-deployment is required as switching between HA/non-HA comes with some effort.
|
||||
For production instances, HA is always recommended to increase uptime and have a frictionless update process.
|
||||
|
||||
A general comment about chart dependencies and external services:
|
||||
Instead of relying on chart dependencies, it is often better to rely on an external, (managed) instances (in-memory database, asset storage provider, database, etc.).
|
||||
Many cloud providers offer such services, at least for databases or in-memory databases.
|
||||
They might cost a bit more than using a self-hosted k8s variant but are usually easier to maintain and scale, if needed.
|
||||
Also they can be centrally managed and are not linked to the Gitea helm chart or namespace.
|
||||
Please consider using external services before you start with your Gitea HA setup, it will make your life (and the life of the Gitea maintainers) easier.
|
||||
|
||||
This helm chart tries to help as much as possible to simplify and assert the provisioning of a HA-ready Gitea instance by implementing smart conditionals if `replicaCount` is set to a value > 1.
|
||||
Nevertheless, we cannot guarantee for every possible combination of Gitea settings to work together perfectly in a HA setup.
|
||||
As a general advice, we recommend to have a test environment aside on which to test possible changes/upgrades before applying these to a production installation.
|
||||
|
||||
## Requirements for HA
|
||||
|
||||
Storage-wise, the HA-Gitea setup requires a RWX file-system which can be shared among the deployment-based replica pods.
|
||||
In addition, the following components are required for full HA-readiness:
|
||||
|
||||
- A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch`
|
||||
- A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system)
|
||||
- A HA-ready cache (`redis-cluster`)
|
||||
- A HA-ready DB
|
||||
|
||||
`postgres.enabled`, which default to `true`, must be set to `false` for a HA setup.
|
||||
The default `postgres` chart dependency is not HA-ready (there's a dedicated `postgres-ha` chart).
|
||||
|
||||
The following sections discuss each of the components in more detail.
|
||||
Note that for each component discussed, the shown configurations only provides a (working) starting point, not necessarily the most optimal setup.
|
||||
We try to optimize this document over time as we have gained more experience with HA setups from users.
|
||||
|
||||
## Indexers (Issues and code/repo)
|
||||
|
||||
The default code indexer `bleve` is not able to allow multiple connections and hence cannot be used in a HA setup.
|
||||
Alternatives are `elasticsearch` and `meilisearch` (as of >= 1.19.2).
|
||||
Unless you have an existing `elasticsearch` cluster, we recommend using `meilisearch` as it is faster and requires way less resources.
|
||||
|
||||
Unfortunately, `meilisearch` does only support the `ISSUE_INDEXER` and not the `REPO_INDEXER` yet ([tracking issue](https://github.com/go-gitea/gitea/pull/24149)).
|
||||
This means that the `REPO_INDEXER` must still be disabled for a HA setup right now.
|
||||
An alternative to the two options above for the `ISSUE_INDEXER` is `"db"`, however we recommend to just go with `meilisearch` in this case and to not bother the DB with indexing.
|
||||
|
||||
To configure `meilisearch` within Gitea, do the following:
|
||||
|
||||
```yml
|
||||
gitea:
|
||||
config:
|
||||
indexer:
|
||||
ISSUE_INDEXER_CONN_STR: <http://meilisearch.<namespace>.svc.cluster.local:7700>
|
||||
ISSUE_INDEXER_ENABLED: true
|
||||
ISSUE_INDEXER_TYPE: meilisearch
|
||||
REPO_INDEXER_ENABLED: false
|
||||
# REPO_INDEXER_TYPE: meilisearch # not yet working
|
||||
```
|
||||
|
||||
Unfortunately `meilisearch` cannot be deployed in HA as of now.
|
||||
Nevertheless it allows for multiple Gitea requests at the same time and is therefore required in a HA setup.
|
||||
|
||||
Exemplary configuration for the [meilisearch-kubernetes](https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch) chart:
|
||||
|
||||
```yaml
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
```
|
||||
|
||||
## Cache, session and queue
|
||||
|
||||
A `redis` instance is required for the in-memory cache.
|
||||
Two options exist:
|
||||
|
||||
- `redis`
|
||||
- `redis-cluster`
|
||||
|
||||
The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups.
|
||||
You're also welcome to go with `redis` if you prefer or already have a running instance.
|
||||
|
||||
It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2.
|
||||
You can also configure an external (managed) `redis` instance to be used.
|
||||
To do so, you need to set the following configuration values yourself:
|
||||
|
||||
- `gitea.config.queue.TYPE`: redis`
|
||||
- `gitea.config.queue.CONN_STR`: `<your redis connection string>`
|
||||
|
||||
- `gitea.config.session.PROVIDER`: `redis`
|
||||
- `gitea.config.session.PROVIDER_CONFIG`: `<your redis connection string>`
|
||||
|
||||
- `gitea.config.cache.ENABLED`: `true`
|
||||
- `gitea.config.cache.ADAPTER`: `redis`
|
||||
- `gitea.config.cache.HOST`: `<your redis connection string>`
|
||||
|
||||
## Object and asset storage
|
||||
|
||||
Object/asset storage refers to the storage of attachments, avatars, LFS files, etc.
|
||||
While most of these can be stored on the RWX file-system, it is recommended to use an external S3-compatible object storage for such, mainly for performance reasons.
|
||||
|
||||
By default the chart provisions a single RWO volume to store everything (repos, avatars, packages, etc.).
|
||||
This volume cannot be mounted by multiple pods.
|
||||
Hence, a RWX volume is required and (optionally) an external HA-ready object storage.
|
||||
|
||||
> **Note:** Double-check that the file permissions are set correctly on the RWX volume! That is everything should be owned by the `git` user which usually has `uid=1000` and `gid=1000`.
|
||||
|
||||
To use `minio` you need to deploy and configure an external `minio` instance yourself and explicitly define the `STORAGE_TYPE` values as shown below.
|
||||
|
||||
Note that `MINIO_BUCKET` here is just a name and does not refer to a S3 bucket.
|
||||
It's the root access point for all objects belonging to the respective application, i.e., to Gitea in this case.
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
config:
|
||||
attachment:
|
||||
STORAGE_TYPE: minio
|
||||
lfs:
|
||||
STORAGE_TYPE: minio
|
||||
picture:
|
||||
AVATAR_STORAGE_TYPE: minio
|
||||
"storage.packages":
|
||||
STORAGE_TYPE: minio
|
||||
|
||||
storage:
|
||||
MINIO_ENDPOINT: <minio-headless.<namespace>.svc.cluster.local:9000>
|
||||
MINIO_LOCATION: <location>
|
||||
MINIO_ACCESS_KEY_ID: <access key>
|
||||
MINIO_SECRET_ACCESS_KEY: <secret key>
|
||||
MINIO_BUCKET: <bucket name>
|
||||
MINIO_USE_SSL: false
|
||||
```
|
||||
|
||||
Exemplary configuration for the [bitnami minio](https://github.com/bitnami/charts/blob/main/bitnami/minio) chart:
|
||||
|
||||
```yaml
|
||||
auth:
|
||||
rootUser: minio
|
||||
mode: distributed
|
||||
replicaCount: 4
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 20Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
```
|
||||
|
||||
## Database
|
||||
|
||||
If you do not have an HA-ready DB, using a managed database service in the cloud might be the easiest and most robust solution.
|
||||
Remember: disable the built-in `postgres` dependency and configure the database connection manually via `gitea.config.database`:
|
||||
|
||||
```yml
|
||||
gitea:
|
||||
database:
|
||||
builtIn:
|
||||
postgresql:
|
||||
enabled: false
|
||||
config:
|
||||
database:
|
||||
DB_TYPE: postgres
|
||||
HOST: <host>
|
||||
NAME: <name>
|
||||
USER: <user>
|
||||
```
|
||||
|
||||
## Known issues
|
||||
|
||||
- Currently Cron jobs are run on all replicas as no leader election is implemented.
|
||||
See [https://github.com/go-gitea/gitea/issues/13791](https://github.com/go-gitea/gitea/issues/13791) for a discussion and possible solution.
|
||||
|
||||
- Running with multiple replicas slows down Gitea a bit, i.e. page loading time increases.
|
98
package-lock.json
generated
98
package-lock.json
generated
|
@ -8,7 +8,7 @@
|
|||
"license": "MIT",
|
||||
"devDependencies": {
|
||||
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||
"markdownlint-cli": "^0.34.0"
|
||||
"markdownlint-cli": "^0.36.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=16.0.0",
|
||||
|
@ -16,9 +16,9 @@
|
|||
}
|
||||
},
|
||||
"node_modules/@bitnami/readme-generator-for-helm": {
|
||||
"version": "2.5.0",
|
||||
"resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.0.tgz",
|
||||
"integrity": "sha512-bYggL/kWwyxjctSrIBMOcrTQSj8LA3yYcEzfGTJIFoHKl5M7ifZtox//8G5K3FTw6qdOnPZcA10fl2y4N6uB/g==",
|
||||
"version": "2.5.1",
|
||||
"resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.1.tgz",
|
||||
"integrity": "sha512-LRSq43HwfgmTJZ4rwpXHf6d7DGnY+j2BtgVlc2hPqfRtqj36NRYl83Zv9WjRGvwF8Zr6Iwa1AgvewiAxdWlMzg==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"commander": "^7.1.0",
|
||||
|
@ -286,12 +286,12 @@
|
|||
"dev": true
|
||||
},
|
||||
"node_modules/ini": {
|
||||
"version": "3.0.1",
|
||||
"resolved": "https://registry.npmjs.org/ini/-/ini-3.0.1.tgz",
|
||||
"integrity": "sha512-it4HyVAUTKBc6m8e1iXWvXSTdndF7HbdN713+kvLrymxTaU4AUBWrJ4vEooP+V7fexnVD3LKcBshjGGPefSMUQ==",
|
||||
"version": "4.1.1",
|
||||
"resolved": "https://registry.npmjs.org/ini/-/ini-4.1.1.tgz",
|
||||
"integrity": "sha512-QQnnxNyfvmHFIsj7gkPcYymR8Jdw/o7mp5ZFihxn6h8Ci6fh3Dx4E1gPjpQEpIuPo9XVNY/ZUwh4BPMjGyL01g==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": "^12.13.0 || ^14.15.0 || >=16.0.0"
|
||||
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/is-fullwidth-code-point": {
|
||||
|
@ -399,39 +399,39 @@
|
|||
}
|
||||
},
|
||||
"node_modules/markdownlint": {
|
||||
"version": "0.28.2",
|
||||
"resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.28.2.tgz",
|
||||
"integrity": "sha512-yYaQXoKKPV1zgrFsyAuZPEQoe+JrY9GDag9ObKpk09twx4OCU5lut+0/kZPrQ3W7w82SmgKhd7D8m34aG1unVw==",
|
||||
"version": "0.30.0",
|
||||
"resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.30.0.tgz",
|
||||
"integrity": "sha512-nInuFvI/rEzanAOArW5490Ez4EYpB5ODqVM0mcDYCPx9DKJWCQqCgejjiCvbSeE7sjbDscVtZmwr665qpF5xGA==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"markdown-it": "13.0.1",
|
||||
"markdownlint-micromark": "0.1.2"
|
||||
"markdownlint-micromark": "0.1.7"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=14.18.0"
|
||||
"node": ">=16"
|
||||
}
|
||||
},
|
||||
"node_modules/markdownlint-cli": {
|
||||
"version": "0.34.0",
|
||||
"resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.34.0.tgz",
|
||||
"integrity": "sha512-4G9I++VBTZkaye6Yfc/7dU6HQHcyldZEVB+bYyQJLcpJOHKk/q5ZpGqK80oKMIdlxzsA3aWOJLZ4DkoaoUWXbQ==",
|
||||
"version": "0.36.0",
|
||||
"resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.36.0.tgz",
|
||||
"integrity": "sha512-h4WdqOam3+QOVOcJSOQuG8KvvN8dlS0OiJhbPwYWBk7VMZR40UtSSMIOpSP5B4EHPHg3W3ILSQUvqg1HNpTCxA==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"commander": "~10.0.1",
|
||||
"commander": "~11.0.0",
|
||||
"get-stdin": "~9.0.0",
|
||||
"glob": "~10.2.2",
|
||||
"glob": "~10.3.4",
|
||||
"ignore": "~5.2.4",
|
||||
"js-yaml": "^4.1.0",
|
||||
"jsonc-parser": "~3.2.0",
|
||||
"markdownlint": "~0.28.2",
|
||||
"minimatch": "~9.0.0",
|
||||
"run-con": "~1.2.11"
|
||||
"markdownlint": "~0.30.0",
|
||||
"minimatch": "~9.0.3",
|
||||
"run-con": "~1.3.2"
|
||||
},
|
||||
"bin": {
|
||||
"markdownlint": "markdownlint.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=14"
|
||||
"node": ">=16"
|
||||
}
|
||||
},
|
||||
"node_modules/markdownlint-cli/node_modules/brace-expansion": {
|
||||
|
@ -444,25 +444,25 @@
|
|||
}
|
||||
},
|
||||
"node_modules/markdownlint-cli/node_modules/commander": {
|
||||
"version": "10.0.1",
|
||||
"resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
|
||||
"integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==",
|
||||
"version": "11.0.0",
|
||||
"resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz",
|
||||
"integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": ">=14"
|
||||
"node": ">=16"
|
||||
}
|
||||
},
|
||||
"node_modules/markdownlint-cli/node_modules/glob": {
|
||||
"version": "10.2.2",
|
||||
"resolved": "https://registry.npmjs.org/glob/-/glob-10.2.2.tgz",
|
||||
"integrity": "sha512-Xsa0BcxIC6th9UwNjZkhrMtNo/MnyRL8jGCP+uEwhA5oFOCY1f2s1/oNKY47xQ0Bg5nkjsfAEIej1VeH62bDDQ==",
|
||||
"version": "10.3.4",
|
||||
"resolved": "https://registry.npmjs.org/glob/-/glob-10.3.4.tgz",
|
||||
"integrity": "sha512-6LFElP3A+i/Q8XQKEvZjkEWEOTgAIALR9AO2rwT8bgPhDd1anmqDJDZ6lLddI4ehxxxR1S5RIqKe1uapMQfYaQ==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"foreground-child": "^3.1.0",
|
||||
"jackspeak": "^2.0.3",
|
||||
"minimatch": "^9.0.0",
|
||||
"minipass": "^5.0.0",
|
||||
"path-scurry": "^1.7.0"
|
||||
"minimatch": "^9.0.1",
|
||||
"minipass": "^5.0.0 || ^6.0.2 || ^7.0.0",
|
||||
"path-scurry": "^1.10.1"
|
||||
},
|
||||
"bin": {
|
||||
"glob": "dist/cjs/src/bin.js"
|
||||
|
@ -475,9 +475,9 @@
|
|||
}
|
||||
},
|
||||
"node_modules/markdownlint-cli/node_modules/minimatch": {
|
||||
"version": "9.0.0",
|
||||
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.0.tgz",
|
||||
"integrity": "sha512-0jJj8AvgKqWN05mrwuqi8QYKx1WmYSUoKSxu5Qhs9prezTz10sxAHGNZe9J9cqIJzta8DWsleh2KaVaLl6Ru2w==",
|
||||
"version": "9.0.3",
|
||||
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz",
|
||||
"integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"brace-expansion": "^2.0.1"
|
||||
|
@ -490,12 +490,12 @@
|
|||
}
|
||||
},
|
||||
"node_modules/markdownlint-micromark": {
|
||||
"version": "0.1.2",
|
||||
"resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.2.tgz",
|
||||
"integrity": "sha512-jRxlQg8KpOfM2IbCL9RXM8ZiYWz2rv6DlZAnGv8ASJQpUh6byTBnEsbuMZ6T2/uIgntyf7SKg/mEaEBo1164fQ==",
|
||||
"version": "0.1.7",
|
||||
"resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.7.tgz",
|
||||
"integrity": "sha512-BbRPTC72fl5vlSKv37v/xIENSRDYL/7X/XoFzZ740FGEbs9vZerLrIkFRY0rv7slQKxDczToYuMmqQFN61fi4Q==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": ">=14.18.0"
|
||||
"node": ">=16"
|
||||
}
|
||||
},
|
||||
"node_modules/mdurl": {
|
||||
|
@ -562,13 +562,13 @@
|
|||
}
|
||||
},
|
||||
"node_modules/path-scurry": {
|
||||
"version": "1.7.0",
|
||||
"resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.7.0.tgz",
|
||||
"integrity": "sha512-UkZUeDjczjYRE495+9thsgcVgsaCPkaw80slmfVFgllxY+IO8ubTsOpFVjDPROBqJdHfVPUFRHPBV/WciOVfWg==",
|
||||
"version": "1.10.1",
|
||||
"resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz",
|
||||
"integrity": "sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"lru-cache": "^9.0.0",
|
||||
"minipass": "^5.0.0"
|
||||
"lru-cache": "^9.1.1 || ^10.0.0",
|
||||
"minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=16 || 14 >=14.17"
|
||||
|
@ -587,14 +587,14 @@
|
|||
}
|
||||
},
|
||||
"node_modules/run-con": {
|
||||
"version": "1.2.11",
|
||||
"resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.11.tgz",
|
||||
"integrity": "sha512-NEMGsUT+cglWkzEr4IFK21P4Jca45HqiAbIIZIBdX5+UZTB24Mb/21iNGgz9xZa8tL6vbW7CXmq7MFN42+VjNQ==",
|
||||
"version": "1.3.2",
|
||||
"resolved": "https://registry.npmjs.org/run-con/-/run-con-1.3.2.tgz",
|
||||
"integrity": "sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"deep-extend": "^0.6.0",
|
||||
"ini": "~3.0.0",
|
||||
"minimist": "^1.2.6",
|
||||
"ini": "~4.1.0",
|
||||
"minimist": "^1.2.8",
|
||||
"strip-json-comments": "~3.1.1"
|
||||
},
|
||||
"bin": {
|
||||
|
|
|
@ -14,6 +14,6 @@
|
|||
},
|
||||
"devDependencies": {
|
||||
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||
"markdownlint-cli": "^0.34.0"
|
||||
"markdownlint-cli": "^0.36.0"
|
||||
}
|
||||
}
|
||||
|
|
4
renovate.json5
Normal file
4
renovate.json5
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": ["gitea>gitea/renovate-config","docker:pinDigests"],
|
||||
}
|
|
@ -2,6 +2,27 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
|
||||
{{- /* multiple replicas assertions */ -}}
|
||||
{{- if gt .Values.replicaCount 1.0 -}}
|
||||
{{- fail "When using multiple replicas, a RWX file system is required" -}}
|
||||
{{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}}
|
||||
{{- fail "When using multiple replicas, a RWX file system is required" -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
|
||||
{{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}}
|
||||
{{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
|
||||
{{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "gitea.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
@ -39,15 +60,15 @@ Create image name and tag used by the deployment.
|
|||
{{- $repository := .Values.image.repository -}}
|
||||
{{- $separator := ":" -}}
|
||||
{{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
|
||||
{{- if .Values.image.digest }}
|
||||
{{- $separator = "@" -}}
|
||||
{{- $tag = .Values.image.digest | toString -}}
|
||||
{{- end -}}
|
||||
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
||||
{{- $digest := "" -}}
|
||||
{{- if .Values.image.digest }}
|
||||
{{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}}
|
||||
{{- end -}}
|
||||
{{- if $registry }}
|
||||
{{- printf "%s/%s%s%s%s" $registry $repository $separator $tag $rootless -}}
|
||||
{{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s%s%s%s" $repository $separator $tag $rootless -}}
|
||||
{{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
@ -83,13 +104,8 @@ Common labels
|
|||
helm.sh/chart: {{ include "gitea.chart" . }}
|
||||
app: {{ include "gitea.name" . }}
|
||||
{{ include "gitea.selectorLabels" . }}
|
||||
{{- if .Values.image.digest }}
|
||||
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | trunc 63 | quote }}
|
||||
version: {{ .Values.image.tag | default .Chart.AppVersion | trunc 63 | quote }}
|
||||
{{- else }}
|
||||
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||
version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
|
@ -101,12 +117,34 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
|
|||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "postgresql.dns" -}}
|
||||
{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
|
||||
{{- define "postgresql-ha.dns" -}}
|
||||
{{- if (index .Values "postgresql-ha").enabled -}}
|
||||
{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "memcached.dns" -}}
|
||||
{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.ports.memcached | trunc 63 | trimSuffix "-" -}}
|
||||
{{- define "postgresql.dns" -}}
|
||||
{{- if (index .Values "postgresql").enabled -}}
|
||||
{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "redis.dns" -}}
|
||||
{{- if (index .Values "redis-cluster").enabled -}}
|
||||
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "redis.port" -}}
|
||||
{{- if (index .Values "redis-cluster").enabled -}}
|
||||
{{ (index .Values "redis-cluster").service.ports.redis }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "redis.servicename" -}}
|
||||
{{- if (index .Values "redis-cluster").enabled -}}
|
||||
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.default_domain" -}}
|
||||
|
@ -192,6 +230,7 @@ https
|
|||
{{- else -}}
|
||||
{{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
@ -221,6 +260,18 @@ https
|
|||
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
|
||||
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "session") -}}
|
||||
{{- $_ := set .Values.gitea.config "session" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "queue") -}}
|
||||
{{- $_ := set .Values.gitea.config "queue" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "queue.issue_indexer") -}}
|
||||
{{- $_ := set .Values.gitea.config "queue.issue_indexer" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "indexer") -}}
|
||||
{{- $_ := set .Values.gitea.config "indexer" dict -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults" -}}
|
||||
|
@ -236,13 +287,27 @@ https
|
|||
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
||||
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.memcached.enabled -}}
|
||||
{{- if (index .Values "redis-cluster").enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
|
||||
{{- if not (.Values.gitea.config.cache.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- /* redis queue */ -}}
|
||||
{{- if (index .Values "redis-cluster").enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
|
||||
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- if not (get .Values.gitea.config.session "PROVIDER") -}}
|
||||
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
|
||||
{{- end -}}
|
||||
{{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
|
||||
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
|
||||
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults.server" -}}
|
||||
|
@ -289,7 +354,16 @@ https
|
|||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults.database" -}}
|
||||
{{- if .Values.postgresql.enabled -}}
|
||||
{{- if (index .Values "postgresql-ha" "enabled") -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql-ha.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "database") -}}
|
||||
{{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "username") -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "password") -}}
|
||||
{{- end -}}
|
||||
{{- if (index .Values "postgresql" "enabled") -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
|
||||
|
@ -321,3 +395,7 @@ https
|
|||
{{- define "gitea.gpg-key-secret-name" -}}
|
||||
{{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.serviceAccountName" -}}
|
||||
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
|
||||
{{- end -}}
|
||||
|
|
|
@ -16,6 +16,37 @@ metadata:
|
|||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
assertions: |
|
||||
|
||||
{{- /*assert that only one PG dep is enabled */ -}}
|
||||
{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}}
|
||||
{{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}}
|
||||
{{- end }}
|
||||
|
||||
{{- /* multiple replicas assertions */ -}}
|
||||
{{- if gt .Values.replicaCount 1.0 -}}
|
||||
{{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}}
|
||||
{{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
|
||||
{{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
|
||||
{{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
|
||||
{{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}}
|
||||
{{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
|
||||
{{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}}
|
||||
{{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
config_environment.sh: |-
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
@ -53,14 +84,14 @@ stringData:
|
|||
env2ini::log " + '${setting}'"
|
||||
|
||||
if [[ -z "${section}" ]]; then
|
||||
export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||
export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||
return
|
||||
fi
|
||||
|
||||
local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches
|
||||
masked_section="${masked_section//-/_0X2D_}"
|
||||
|
||||
export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||
export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||
}
|
||||
|
||||
function env2ini::reload_preset_envs() {
|
||||
|
@ -134,15 +165,16 @@ stringData:
|
|||
# - initially used to set up Gitea
|
||||
# Anyway, they won't harm existing app.ini files
|
||||
|
||||
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
|
||||
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
|
||||
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
|
||||
export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
|
||||
export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
|
||||
export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
|
||||
export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
|
||||
export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
|
||||
|
||||
env2ini::log "...Initial secrets generated\n"
|
||||
}
|
||||
|
||||
env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs
|
||||
|
||||
# save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
|
||||
env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs
|
||||
|
||||
# MUST BE CALLED BEFORE OTHER CONFIGURATION
|
||||
env2ini::generate_initial_secrets
|
||||
|
@ -163,10 +195,10 @@ stringData:
|
|||
env2ini::log ' - oauth2.JWT_SECRET'
|
||||
env2ini::log ' - server.LFS_JWT_SECRET'
|
||||
|
||||
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
|
||||
unset ENV_TO_INI__SECURITY__SECRET_KEY
|
||||
unset ENV_TO_INI__OAUTH2__JWT_SECRET
|
||||
unset ENV_TO_INI__SERVER__LFS_JWT_SECRET
|
||||
unset GITEA__SECURITY__INTERNAL_TOKEN
|
||||
unset GITEA__SECURITY__SECRET_KEY
|
||||
unset GITEA__OAUTH2__JWT_SECRET
|
||||
unset GITEA__SERVER__LFS_JWT_SECRET
|
||||
fi
|
||||
|
||||
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
|
||||
environment-to-ini -o $GITEA_APP_INI
|
||||
|
|
|
@ -1,22 +1,28 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}
|
||||
annotations:
|
||||
{{- if .Values.statefulset.annotations }}
|
||||
{{- toYaml .Values.statefulset.annotations | nindent 4 }}
|
||||
{{- if .Values.deployment.annotations }}
|
||||
{{- toYaml .Values.deployment.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
strategy:
|
||||
type: {{ .Values.strategy.type }}
|
||||
{{- if eq .Values.strategy.type "RollingUpdate" }}
|
||||
rollingUpdate:
|
||||
maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }}
|
||||
maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "gitea.selectorLabels" . | nindent 6 }}
|
||||
{{- if .Values.statefulset.labels }}
|
||||
{{- toYaml .Values.statefulset.labels | nindent 6 }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{- toYaml .Values.deployment.labels | nindent 6 }}
|
||||
{{- end }}
|
||||
serviceName: {{ include "gitea.fullname" . }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
|
@ -32,13 +38,16 @@ spec:
|
|||
{{- end }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 8 }}
|
||||
{{- if .Values.statefulset.labels }}
|
||||
{{- toYaml .Values.statefulset.labels | nindent 8 }}
|
||||
{{- if .Values.deployment.labels }}
|
||||
{{- toYaml .Values.deployment.labels | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.schedulerName }}
|
||||
schedulerName: "{{ .Values.schedulerName }}"
|
||||
{{- end }}
|
||||
{{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }}
|
||||
serviceAccountName: {{ include "gitea.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
||||
{{- end }}
|
||||
|
@ -59,8 +68,8 @@ spec:
|
|||
value: /data
|
||||
- name: GITEA_TEMP
|
||||
value: /tmp/gitea
|
||||
{{- if .Values.statefulset.env }}
|
||||
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
||||
{{- if .Values.deployment.env }}
|
||||
{{- toYaml .Values.deployment.env | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.signing.enabled }}
|
||||
- name: GNUPGHOME
|
||||
|
@ -94,8 +103,8 @@ spec:
|
|||
value: /data
|
||||
- name: GITEA_TEMP
|
||||
value: /tmp/gitea
|
||||
{{- if .Values.statefulset.env }}
|
||||
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
||||
{{- if .Values.deployment.env }}
|
||||
{{- toYaml .Values.deployment.env | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.additionalConfigFromEnvs }}
|
||||
{{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }}
|
||||
|
@ -231,8 +240,8 @@ spec:
|
|||
- name: GITEA_ADMIN_PASSWORD
|
||||
value: {{ .Values.gitea.admin.password | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.statefulset.env }}
|
||||
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
||||
{{- if .Values.deployment.env }}
|
||||
{{- toYaml .Values.deployment.env | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: init
|
||||
|
@ -247,7 +256,7 @@ spec:
|
|||
{{- include "gitea.init-additional-mounts" . | nindent 12 }}
|
||||
resources:
|
||||
{{- toYaml .Values.initContainers.resources | nindent 12 }}
|
||||
terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
|
@ -280,8 +289,8 @@ spec:
|
|||
- name: GNUPGHOME
|
||||
value: {{ .Values.signing.gpgHome }}
|
||||
{{- end }}
|
||||
{{- if .Values.statefulset.env }}
|
||||
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
||||
{{- if .Values.deployment.env }}
|
||||
{{- toYaml .Values.deployment.env | nindent 12 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: ssh
|
||||
|
@ -337,6 +346,10 @@ spec:
|
|||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
|
@ -375,38 +388,13 @@ spec:
|
|||
path: private.asc
|
||||
defaultMode: 0100
|
||||
{{- end }}
|
||||
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
|
||||
{{- if .Values.persistence.enabled }}
|
||||
{{- if .Values.persistence.mount }}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
{{- with .Values.persistence.existingClaim }}
|
||||
claimName: {{ tpl . $ }}
|
||||
{{- end }}
|
||||
claimName: {{ .Values.persistence.claimName }}
|
||||
{{- end }}
|
||||
{{- else if not .Values.persistence.enabled }}
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
{{- with .Values.persistence.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.persistence.labels }}
|
||||
labels:
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- include "gitea.persistence.storageClass" . | indent 8 }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- end }}
|
|
@ -15,10 +15,10 @@ metadata:
|
|||
name: {{ $fullName }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.ingress.annotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.className }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
|
|
|
@ -61,6 +61,27 @@ stringData:
|
|||
echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds"
|
||||
exit 1
|
||||
}
|
||||
|
||||
{{- if include "redis.servicename" . }}
|
||||
function test_redis_connection() {
|
||||
local RETRY=0
|
||||
local MAX=30
|
||||
|
||||
echo 'Wait for redis to become avialable...'
|
||||
until [ "${RETRY}" -ge "${MAX}" ]; do
|
||||
nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break
|
||||
RETRY=$[${RETRY}+1]
|
||||
echo "...not ready yet (${RETRY}/${MAX})"
|
||||
done
|
||||
|
||||
if [ "${RETRY}" -ge "${MAX}" ]; then
|
||||
echo "Redis not reachable after '${MAX}' attempts!"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
test_redis_connection
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
|
||||
|
|
17
templates/gitea/poddisruptionbudget.yaml
Normal file
17
templates/gitea/poddisruptionbudget.yaml
Normal file
|
@ -0,0 +1,17 @@
|
|||
{{- if .Values.podDisruptionBudget -}}
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1" }}
|
||||
apiVersion: policy/v1
|
||||
{{- else }}
|
||||
apiVersion: policy/v1beta1
|
||||
{{- end }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "gitea.selectorLabels" . | nindent 6 }}
|
||||
{{- toYaml .Values.podDisruptionBudget | nindent 2 }}
|
||||
{{- end -}}
|
26
templates/gitea/pvc.yaml
Normal file
26
templates/gitea/pvc.yaml
Normal file
|
@ -0,0 +1,26 @@
|
|||
{{- if and .Values.persistence.enabled .Values.persistence.create }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ .Values.persistence.claimName }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
annotations:
|
||||
{{ .Values.persistence.annotations | toYaml | indent 4}}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- if gt .Values.replicaCount 1.0 }}
|
||||
- ReadWriteMany
|
||||
{{- else }}
|
||||
{{- .Values.persistence.accessModes | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
volumeMode: Filesystem
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.persistence.storageClass }}
|
||||
{{- end }}
|
||||
{{- with .Values.persistence.volumeName }}
|
||||
volumeName: {{ . }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size }}
|
||||
{{- end }}
|
21
templates/gitea/serviceaccount.yaml
Normal file
21
templates/gitea/serviceaccount.yaml
Normal file
|
@ -0,0 +1,21 @@
|
|||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "gitea.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.labels }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
{{- with .Values.serviceAccount.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -39,7 +39,9 @@ spec:
|
|||
ports:
|
||||
- name: ssh
|
||||
port: {{ .Values.service.ssh.port }}
|
||||
{{- if .Values.gitea.config.server.SSH_LISTEN_PORT }}
|
||||
targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
|
||||
{{- end }}
|
||||
protocol: TCP
|
||||
{{- if .Values.service.ssh.nodePort }}
|
||||
nodePort: {{ .Values.service.ssh.nodePort }}
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
suite: Statefulset template (basic)
|
||||
suite: deployment template (basic)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/statefulset.yaml
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: renders a statefulset
|
||||
template: templates/gitea/statefulset.yaml
|
||||
- it: renders a deployment
|
||||
template: templates/gitea/deployment.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
name: gitea-unittests
|
78
unittests/deployment/image-configuration.yaml
Normal file
78
unittests/deployment/image-configuration.yaml
Normal file
|
@ -0,0 +1,78 @@
|
|||
suite: deployment template (image configuration)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
chart:
|
||||
# Override appVersion to be consistent with used digest :)
|
||||
appVersion: 1.19.3
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: default values
|
||||
template: templates/gitea/deployment.yaml
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "gitea/gitea:1.19.3-rootless"
|
||||
- it: tag override
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
image.tag: "1.19.4"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "gitea/gitea:1.19.4-rootless"
|
||||
- it: root-based image
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
image.rootless: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "gitea/gitea:1.19.3"
|
||||
- it: scoped registry
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
image.registry: "example.com"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "example.com/gitea/gitea:1.19.3-rootless"
|
||||
- it: global registry
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
global.imageRegistry: "global.example.com"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "global.example.com/gitea/gitea:1.19.3-rootless"
|
||||
- it: digest for rootless image
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
image:
|
||||
rootless: true
|
||||
digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||
- it: digest for root-based image
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
image:
|
||||
rootless: false
|
||||
digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "gitea/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||
- it: digest and global registry
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
global.imageRegistry: "global.example.com"
|
||||
image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "global.example.com/gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
|
@ -1,13 +1,13 @@
|
|||
suite: Statefulset template (signing disabled)
|
||||
suite: deployment template (signing disabled)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/statefulset.yaml
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: skips gpg init container
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.initContainers
|
||||
|
@ -15,7 +15,7 @@ tests:
|
|||
content:
|
||||
name: configure-gpg
|
||||
- it: skips gpg env in `init-directories` init container
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
signing.enabled: false
|
||||
asserts:
|
||||
|
@ -25,14 +25,14 @@ tests:
|
|||
name: GNUPGHOME
|
||||
value: /data/git/.gnupg
|
||||
- it: skips gpg env in runtime container
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.containers[0].env
|
||||
content:
|
||||
name: GNUPGHOME
|
||||
- it: skips gpg volume spec
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
asserts:
|
||||
- notContains:
|
||||
path: spec.template.spec.volumes
|
|
@ -1,13 +1,13 @@
|
|||
suite: Statefulset template (signing enabled)
|
||||
suite: deployment template (signing enabled)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/statefulset.yaml
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: adds gpg init container
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
signing:
|
||||
enabled: true
|
||||
|
@ -39,7 +39,7 @@ tests:
|
|||
mountPath: /raw
|
||||
readOnly: true
|
||||
- it: adds gpg env in `init-directories` init container
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
signing.enabled: true
|
||||
signing.existingSecret: "custom-gpg-secret"
|
||||
|
@ -50,7 +50,7 @@ tests:
|
|||
name: GNUPGHOME
|
||||
value: /data/git/.gnupg
|
||||
- it: adds gpg env in runtime container
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
signing.enabled: true
|
||||
signing.existingSecret: "custom-gpg-secret"
|
||||
|
@ -61,7 +61,7 @@ tests:
|
|||
name: GNUPGHOME
|
||||
value: /data/git/.gnupg
|
||||
- it: adds gpg volume spec
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
signing:
|
||||
enabled: true
|
||||
|
@ -78,7 +78,7 @@ tests:
|
|||
path: private.asc
|
||||
defaultMode: 0100
|
||||
- it: supports gpg volume spec with external reference
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
signing:
|
||||
enabled: true
|
|
@ -1,13 +1,13 @@
|
|||
suite: Statefulset template (SSH configuration)
|
||||
suite: deployment template (SSH configuration)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/statefulset.yaml
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: supports defining SSH log level for root based image
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
image.rootless: false
|
||||
asserts:
|
||||
|
@ -17,7 +17,7 @@ tests:
|
|||
name: SSH_LOG_LEVEL
|
||||
value: "INFO"
|
||||
- it: supports overriding SSH log level
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
image.rootless: false
|
||||
gitea.ssh.logLevel: "DEBUG"
|
||||
|
@ -28,7 +28,7 @@ tests:
|
|||
name: SSH_LOG_LEVEL
|
||||
value: "DEBUG"
|
||||
- it: skips SSH_LOG_LEVEL for rootless image
|
||||
template: templates/gitea/statefulset.yaml
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
image.rootless: true
|
||||
gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
|
68
unittests/init/init_directory_structure.sh-rootless.yaml
Normal file
68
unittests/init/init_directory_structure.sh-rootless.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
suite: Init template
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/init.yaml
|
||||
tests:
|
||||
- it: runs gpg in batch mode
|
||||
set:
|
||||
signing.enabled: true
|
||||
signing.privateKey: |-
|
||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
{placeholder}
|
||||
-----END PGP PRIVATE KEY BLOCK-----
|
||||
asserts:
|
||||
- equal:
|
||||
path: stringData["configure_gpg_environment.sh"]
|
||||
value: |-
|
||||
#!/usr/bin/env bash
|
||||
set -eu
|
||||
|
||||
gpg --batch --import /raw/private.asc
|
||||
- it: skips gpg script block for disabled signing
|
||||
asserts:
|
||||
- equal:
|
||||
path: stringData["init_directory_structure.sh"]
|
||||
value: |-
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
set -x
|
||||
mkdir -p /data/git/.ssh
|
||||
chmod -R 700 /data/git/.ssh
|
||||
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
|
||||
|
||||
# prepare temp directory structure
|
||||
mkdir -p "${GITEA_TEMP}"
|
||||
chmod ug+rwx "${GITEA_TEMP}"
|
||||
- it: adds gpg script block for enabled signing
|
||||
set:
|
||||
signing.enabled: true
|
||||
signing.privateKey: |-
|
||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
{placeholder}
|
||||
-----END PGP PRIVATE KEY BLOCK-----
|
||||
asserts:
|
||||
- equal:
|
||||
path: stringData["init_directory_structure.sh"]
|
||||
value: |-
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
set -x
|
||||
mkdir -p /data/git/.ssh
|
||||
chmod -R 700 /data/git/.ssh
|
||||
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
|
||||
|
||||
# prepare temp directory structure
|
||||
mkdir -p "${GITEA_TEMP}"
|
||||
chmod ug+rwx "${GITEA_TEMP}"
|
||||
|
||||
if [ ! -d "${GNUPGHOME}" ]; then
|
||||
mkdir -p "${GNUPGHOME}"
|
||||
chmod 700 "${GNUPGHOME}"
|
||||
chown 1000:1000 "${GNUPGHOME}"
|
||||
fi
|
|
@ -7,6 +7,7 @@ templates:
|
|||
tests:
|
||||
- it: runs gpg in batch mode
|
||||
set:
|
||||
image.rootless: false
|
||||
signing.enabled: true
|
||||
signing.privateKey: |-
|
||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
|
@ -21,6 +22,8 @@ tests:
|
|||
|
||||
gpg --batch --import /raw/private.asc
|
||||
- it: skips gpg script block for disabled signing
|
||||
set:
|
||||
image.rootless: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: stringData["init_directory_structure.sh"]
|
||||
|
@ -41,6 +44,7 @@ tests:
|
|||
chmod ug+rwx "${GITEA_TEMP}"
|
||||
- it: adds gpg script block for enabled signing
|
||||
set:
|
||||
image.rootless: false
|
||||
signing.enabled: true
|
||||
signing.privateKey: |-
|
||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
|
|
82
unittests/serviceaccount/basic.yaml
Normal file
82
unittests/serviceaccount/basic.yaml
Normal file
|
@ -0,0 +1,82 @@
|
|||
suite: ServiceAccount template (basic)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/serviceaccount.yaml
|
||||
tests:
|
||||
- it: skips rendering by default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
- it: renders default ServiceAccount object with serviceAccount.create=true
|
||||
set:
|
||||
serviceAccount.create: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- containsDocument:
|
||||
kind: ServiceAccount
|
||||
apiVersion: v1
|
||||
name: gitea-unittests
|
||||
- equal:
|
||||
path: automountServiceAccountToken
|
||||
value: false
|
||||
- notExists:
|
||||
path: imagePullSecrets
|
||||
- notExists:
|
||||
path: metadata.annotations
|
||||
- it: allows for adding custom labels
|
||||
set:
|
||||
serviceAccount:
|
||||
create: true
|
||||
labels:
|
||||
custom: label
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.labels.custom
|
||||
value: label
|
||||
- it: allows for adding custom annotations
|
||||
set:
|
||||
serviceAccount:
|
||||
create: true
|
||||
annotations:
|
||||
myCustom: annotation
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.annotations.myCustom
|
||||
value: annotation
|
||||
- it: allows to override the generated name
|
||||
set:
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: provided-serviceaccount-name
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: provided-serviceaccount-name
|
||||
- it: allows to mount the token
|
||||
set:
|
||||
serviceAccount:
|
||||
create: true
|
||||
automountServiceAccountToken: true
|
||||
asserts:
|
||||
- equal:
|
||||
path: automountServiceAccountToken
|
||||
value: true
|
||||
- it: allows to reference image pull secrets
|
||||
set:
|
||||
serviceAccount:
|
||||
create: true
|
||||
imagePullSecrets:
|
||||
- name: testing-image-pull-secret
|
||||
- name: another-pull-secret
|
||||
asserts:
|
||||
- contains:
|
||||
path: imagePullSecrets
|
||||
content:
|
||||
name: testing-image-pull-secret
|
||||
- contains:
|
||||
path: imagePullSecrets
|
||||
content:
|
||||
name: another-pull-secret
|
32
unittests/serviceaccount/reference.yaml
Normal file
32
unittests/serviceaccount/reference.yaml
Normal file
|
@ -0,0 +1,32 @@
|
|||
suite: ServiceAccount template (reference)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/serviceaccount.yaml
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: does not modify the deployment by default
|
||||
template: templates/gitea/deployment.yaml
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.serviceAccountName
|
||||
- it: adds the reference to the deployment with serviceAccount.create=true
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
serviceAccount.create: true
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: gitea-unittests
|
||||
- it: allows referencing an externally created ServiceAccount to the deployment
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
serviceAccount:
|
||||
create: false # explicitly set to define rendering behavior
|
||||
name: "externally-existing-serviceaccount"
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: externally-existing-serviceaccount
|
|
@ -1,15 +0,0 @@
|
|||
suite: Statefulset template (image configuration)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/statefulset.yaml
|
||||
tests:
|
||||
- it: proper image.digest parsing
|
||||
template: templates/gitea/statefulset.yaml
|
||||
set:
|
||||
image.digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].image
|
||||
value: "gitea/gitea@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
|
148
values.yaml
148
values.yaml
|
@ -20,9 +20,19 @@ global:
|
|||
# hostnames:
|
||||
# - example.com
|
||||
|
||||
## @param replicaCount number of replicas for the statefulset
|
||||
## @param replicaCount number of replicas for the deployment
|
||||
replicaCount: 1
|
||||
|
||||
## @section strategy
|
||||
## @param strategy.type strategy type
|
||||
## @param strategy.rollingUpdate.maxSurge maxSurge
|
||||
## @param strategy.rollingUpdate.maxUnavailable maxUnavailable
|
||||
strategy:
|
||||
type: "RollingUpdate"
|
||||
rollingUpdate:
|
||||
maxSurge: "100%"
|
||||
maxUnavailable: 0
|
||||
|
||||
## @param clusterDomain cluster domain
|
||||
clusterDomain: cluster.local
|
||||
|
||||
|
@ -41,7 +51,7 @@ image:
|
|||
# Overrides the image tag if set (Example: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a)
|
||||
digest: ""
|
||||
pullPolicy: Always
|
||||
rootless: false # only possible when running 1.14 or later
|
||||
rootless: true
|
||||
|
||||
## @param imagePullSecrets Secret to use for pulling the image
|
||||
imagePullSecrets: []
|
||||
|
@ -77,11 +87,16 @@ containerSecurityContext: {}
|
|||
## @param securityContext Run init and Gitea containers as a specific securityContext
|
||||
securityContext: {}
|
||||
|
||||
## @param podDisruptionBudget Pod disruption budget
|
||||
podDisruptionBudget: {}
|
||||
# maxUnavailable: 1
|
||||
# minAvailable: 1
|
||||
|
||||
## @section Service
|
||||
service:
|
||||
## @param service.http.type Kubernetes service type for web traffic
|
||||
## @param service.http.port Port number for web traffic
|
||||
## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
|
||||
## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None
|
||||
## @param service.http.loadBalancerIP LoadBalancer IP setting
|
||||
## @param service.http.nodePort NodePort for http service
|
||||
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
|
||||
|
@ -104,7 +119,7 @@ service:
|
|||
annotations: {}
|
||||
## @param service.ssh.type Kubernetes service type for ssh traffic
|
||||
## @param service.ssh.port Port number for ssh traffic
|
||||
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
|
||||
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
|
||||
## @param service.ssh.loadBalancerIP LoadBalancer IP setting
|
||||
## @param service.ssh.nodePort NodePort for ssh service
|
||||
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
|
||||
|
@ -158,7 +173,7 @@ ingress:
|
|||
# If helm doesn't correctly detect your ingress API version you can set it here.
|
||||
# apiVersion: networking.k8s.io/v1
|
||||
|
||||
## @section StatefulSet
|
||||
## @section deployment
|
||||
#
|
||||
## @param resources Kubernetes resources
|
||||
resources:
|
||||
|
@ -180,26 +195,29 @@ resources:
|
|||
## @param schedulerName Use an alternate scheduler, e.g. "stork"
|
||||
schedulerName: ""
|
||||
|
||||
## @param nodeSelector NodeSelector for the statefulset
|
||||
## @param nodeSelector NodeSelector for the deployment
|
||||
nodeSelector: {}
|
||||
|
||||
## @param tolerations Tolerations for the statefulset
|
||||
## @param tolerations Tolerations for the deployment
|
||||
tolerations: []
|
||||
|
||||
## @param affinity Affinity for the statefulset
|
||||
## @param affinity Affinity for the deployment
|
||||
affinity: {}
|
||||
|
||||
## @param dnsConfig dnsConfig for the statefulset
|
||||
## @param topologySpreadConstraints TopologySpreadConstraints for the deployment
|
||||
topologySpreadConstraints: []
|
||||
|
||||
## @param dnsConfig dnsConfig for the deployment
|
||||
dnsConfig: {}
|
||||
|
||||
## @param priorityClassName priorityClassName for the statefulset
|
||||
## @param priorityClassName priorityClassName for the deployment
|
||||
priorityClassName: ""
|
||||
|
||||
## @param statefulset.env Additional environment variables to pass to containers
|
||||
## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
|
||||
## @param statefulset.labels Labels for the statefulset
|
||||
## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
|
||||
statefulset:
|
||||
## @param deployment.env Additional environment variables to pass to containers
|
||||
## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
|
||||
## @param deployment.labels Labels for the deployment
|
||||
## @param deployment.annotations Annotations for the Gitea deployment to be created
|
||||
deployment:
|
||||
env:
|
||||
[]
|
||||
# - name: VARIABLE
|
||||
|
@ -208,28 +226,52 @@ statefulset:
|
|||
labels: {}
|
||||
annotations: {}
|
||||
|
||||
## @section ServiceAccount
|
||||
|
||||
## @param serviceAccount.create Enable the creation of a ServiceAccount
|
||||
## @param serviceAccount.name Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used.
|
||||
## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
||||
## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount
|
||||
## @param serviceAccount.annotations Custom annotations for the ServiceAccount
|
||||
## @param serviceAccount.labels Custom labels for the ServiceAccount
|
||||
serviceAccount:
|
||||
create: false
|
||||
name: ""
|
||||
automountServiceAccountToken: false
|
||||
imagePullSecrets: []
|
||||
# - name: private-registry-access
|
||||
annotations: {}
|
||||
labels: {}
|
||||
|
||||
## @section Persistence
|
||||
#
|
||||
## @param persistence.enabled Enable persistent storage
|
||||
## @param persistence.existingClaim Use an existing claim to store repository information
|
||||
## @param persistence.create Whether to create the persistentVolumeClaim for shared storage
|
||||
## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created)
|
||||
## @param persistence.claimName Use an existing claim to store repository information
|
||||
## @param persistence.size Size for persistence to store repo information
|
||||
## @param persistence.accessModes AccessMode for persistence
|
||||
## @param persistence.labels Labels for the persistence volume claim to be created
|
||||
## @param persistence.annotations Annotations for the persistence volume claim to be created
|
||||
## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim
|
||||
## @param persistence.storageClass Name of the storage class to use
|
||||
## @param persistence.subPath Subdirectory of the volume to mount at
|
||||
## @param persistence.volumeName Name of persistent volume in PVC
|
||||
persistence:
|
||||
enabled: true
|
||||
existingClaim:
|
||||
create: true
|
||||
mount: true
|
||||
claimName: gitea-shared-storage
|
||||
size: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
labels: {}
|
||||
annotations: {}
|
||||
storageClass:
|
||||
subPath:
|
||||
volumeName: ""
|
||||
annotations:
|
||||
helm.sh/resource-policy: keep
|
||||
|
||||
## @param extraVolumes Additional volumes to mount to the Gitea statefulset
|
||||
## @param extraVolumes Additional volumes to mount to the Gitea deployment
|
||||
extraVolumes: []
|
||||
# - name: postgres-ssl-vol
|
||||
# secret:
|
||||
|
@ -344,13 +386,14 @@ gitea:
|
|||
# customProfileUrl:
|
||||
# customEmailUrl:
|
||||
|
||||
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
|
||||
config: {}
|
||||
# APP_NAME: "Gitea: Git with a cup of tea"
|
||||
# RUN_MODE: dev
|
||||
#
|
||||
# server:
|
||||
# SSH_PORT: 22
|
||||
## @param gitea.config.server.SSH_PORT SSH port for rootlful Gitea image
|
||||
## @param gitea.config.server.SSH_LISTEN_PORT SSH port for rootless Gitea image
|
||||
config:
|
||||
# APP_NAME: "Gitea: Git with a cup of tea"
|
||||
# RUN_MODE: dev
|
||||
server:
|
||||
SSH_PORT: 22 # rootful image
|
||||
SSH_LISTEN_PORT: 2222 # rootless image
|
||||
#
|
||||
# security:
|
||||
# PASSWORD_COMPLEXITY: spec
|
||||
|
@ -432,23 +475,44 @@ gitea:
|
|||
successThreshold: 1
|
||||
failureThreshold: 10
|
||||
|
||||
## @section Memcached
|
||||
#
|
||||
## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
|
||||
## ref: https://hub.docker.com/r/bitnami/memcached/tags/
|
||||
## @param memcached.service.ports.memcached Port for Memcached
|
||||
memcached:
|
||||
## @section redis-cluster
|
||||
## @param redis-cluster.enabled Enable redis
|
||||
## @param redis-cluster.usePassword Whether to use password authentication
|
||||
redis-cluster:
|
||||
enabled: true
|
||||
# image:
|
||||
# registry: docker.io
|
||||
# repository: bitnami/memcached
|
||||
# tag: ""
|
||||
# digest: ""
|
||||
# pullPolicy: IfNotPresent
|
||||
# pullSecrets: []
|
||||
usePassword: false
|
||||
|
||||
## @section postgresql-ha
|
||||
#
|
||||
## @param postgresql-ha.enabled Enable postgresql-ha
|
||||
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
|
||||
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
|
||||
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
|
||||
## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
|
||||
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
|
||||
## @param postgresql-ha.postgresql.postgresPassword postgres Password
|
||||
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
|
||||
## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`)
|
||||
## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume
|
||||
postgresql-ha:
|
||||
global:
|
||||
postgresql:
|
||||
database: gitea
|
||||
password: gitea
|
||||
username: gitea
|
||||
enabled: true
|
||||
postgresql:
|
||||
repmgrPassword: changeme2
|
||||
postgresPassword: changeme1
|
||||
password: changeme4
|
||||
pgpool:
|
||||
adminPassword: changeme3
|
||||
service:
|
||||
ports:
|
||||
memcached: 11211
|
||||
postgresql: 5432
|
||||
primary:
|
||||
persistence:
|
||||
size: 10Gi
|
||||
|
||||
## @section PostgreSQL
|
||||
#
|
||||
|
@ -459,7 +523,7 @@ memcached:
|
|||
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
|
||||
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
|
||||
postgresql:
|
||||
enabled: true
|
||||
enabled: false
|
||||
global:
|
||||
postgresql:
|
||||
auth:
|
||||
|
|
Loading…
Reference in a new issue