apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "gitea.fullname" . }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: {{- include "gitea.selectorLabels" . | nindent 6 }} serviceName: {{ include "gitea.fullname" . }} template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} labels: {{- include "gitea.selectorLabels" . | nindent 8 }} spec: securityContext: fsGroup: 1000 initContainers: - name: init image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" env: - name: SCRIPT value: &script |- mkdir -p /data/gitea/conf cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini chmod a+rwx /data/gitea/conf/app.ini nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \ su git -c ' \ set -x; \ gitea migrate; \ {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} gitea admin create-user --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \ || \ gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \ {{- end }} {{- if .Values.gitea.ldap.enabled }} gitea admin auth add-ldap \ --name {{ .Values.gitea.ldap.name | quote }} \ --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \ --host {{ .Values.gitea.ldap.host | quote }} \ --port {{ .Values.gitea.ldap.port | int}} \ --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \ --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \ --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \ --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \ --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \ --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \ --synchronize-users \ --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \ || \ ( \ export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \ gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \ --name {{ .Values.gitea.ldap.name | quote }} \ --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \ --host {{ .Values.gitea.ldap.host | quote }} \ --port {{ .Values.gitea.ldap.port | int}} \ --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \ --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \ --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \ --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \ --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \ --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \ --synchronize-users \ --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \ ) \ {{- end }} ' command: ["/bin/sh",'-c', *script] volumeMounts: - name: config mountPath: /etc/gitea/conf - name: data mountPath: /data terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: # SSH Port values have to be set here as well for openssh configuration - name: SSH_LISTEN_PORT value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }} - name: SSH_PORT value: {{ .Values.gitea.config.server.SSH_PORT | quote }} ports: - name: ssh containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} - name: http containerPort: {{ .Values.gitea.config.server.HTTP_PORT }} livenessProbe: tcpSocket: port: http initialDelaySeconds: 200 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 readinessProbe: tcpSocket: port: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: data mountPath: /data {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: config configMap: name: {{ include "gitea.fullname" . }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim }} {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - metadata: name: data spec: accessModes: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} storageClassName: {{ .Values.persistence.storageClass | default "standard" | quote }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- end }}