helm-chart/templates/gitea/statefulset.yaml

156 lines
5.4 KiB
YAML
Raw Normal View History

Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "gitea.fullname" . }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "gitea.selectorLabels" . | nindent 6 }}
serviceName: {{ include "gitea.fullname" . }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }}
{{- with .Values.gitea.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
labels:
{{- include "gitea.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
securityContext:
fsGroup: 1000
initContainers:
- name: init
image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}"
command: ["/usr/sbin/init_gitea.sh"]
enhancements to support postgres client-cert authentication (#47) This PR adds a few new chart features which adds to the flexibility of the chart. - allow extra volumes to be mounted (such as secrets): 2f862c5a48 - pass environment variables also to the init-container: 7044049478 - allow a preparation script to be "injected" into the init-container: 6125a69345 As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret: ``` apiVersion: v1 kind: Secret type: Opaque metadata: name: gitea-postgres-ssl data: postgresql.crt: <base64...> postgresql.key: <base64...> root.crt: <base64...> ``` and then mounting this as a volume in Gitea using: ``` extraVolumes: - name: postgres-ssl-vol secret: secretName: gitea-postgres-ssl extraVolumeMounts: - name: postgres-ssl-vol readOnly: true mountPath: "/pg-ssl" ``` To get the right permissions on the credentials, we'd use the `initPreScript`: ``` initPreScript: | # copy postgres client and CA cert from mount and # give proper permissions mkdir -p /data/git/.postgresql cp /pg-ssl/* /data/git/.postgresql/ chown -R git:git /data/git/.postgresql/ chmod 400 /data/git/.postgresql/postgresql.key ``` and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container): ``` statefulset: env: - name: "PGSSLCERT" value: "/data/git/.postgresql/postgresql.crt" - name: "PGSSLKEY" value: "/data/git/.postgresql/postgresql.key" - name: "PGSSLROOTCERT" value: "/data/git/.postgresql/root.crt" ``` Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io> Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io>
2021-01-20 05:28:39 -06:00
env:
{{- range .Values.statefulset.env }}
- name: {{ .name | quote | nospace }}
value: {{ .value | quote }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
volumeMounts:
- name: init
mountPath: /usr/sbin
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
- name: config
mountPath: /etc/gitea/conf
- name: data
mountPath: /data
enhancements to support postgres client-cert authentication (#47) This PR adds a few new chart features which adds to the flexibility of the chart. - allow extra volumes to be mounted (such as secrets): 2f862c5a48 - pass environment variables also to the init-container: 7044049478 - allow a preparation script to be "injected" into the init-container: 6125a69345 As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret: ``` apiVersion: v1 kind: Secret type: Opaque metadata: name: gitea-postgres-ssl data: postgresql.crt: <base64...> postgresql.key: <base64...> root.crt: <base64...> ``` and then mounting this as a volume in Gitea using: ``` extraVolumes: - name: postgres-ssl-vol secret: secretName: gitea-postgres-ssl extraVolumeMounts: - name: postgres-ssl-vol readOnly: true mountPath: "/pg-ssl" ``` To get the right permissions on the credentials, we'd use the `initPreScript`: ``` initPreScript: | # copy postgres client and CA cert from mount and # give proper permissions mkdir -p /data/git/.postgresql cp /pg-ssl/* /data/git/.postgresql/ chown -R git:git /data/git/.postgresql/ chmod 400 /data/git/.postgresql/postgresql.key ``` and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container): ``` statefulset: env: - name: "PGSSLCERT" value: "/data/git/.postgresql/postgresql.crt" - name: "PGSSLKEY" value: "/data/git/.postgresql/postgresql.key" - name: "PGSSLROOTCERT" value: "/data/git/.postgresql/root.crt" ``` Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io> Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io>
2021-01-20 05:28:39 -06:00
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}"
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
# SSH Port values have to be set here as well for openssh configuration
- name: SSH_LISTEN_PORT
value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
- name: SSH_PORT
value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
{{- range .Values.statefulset.env }}
- name: {{ .name | quote | nospace }}
value: {{ .value | quote }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
ports:
- name: ssh
containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
- name: http
containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
{{- if .Values.gitea.config.server.ENABLE_PPROF }}
- name: profiler
containerPort: 6060
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 200
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources:
{{- toYaml .Values.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
volumeMounts:
- name: data
mountPath: /data
enhancements to support postgres client-cert authentication (#47) This PR adds a few new chart features which adds to the flexibility of the chart. - allow extra volumes to be mounted (such as secrets): 2f862c5a48 - pass environment variables also to the init-container: 7044049478 - allow a preparation script to be "injected" into the init-container: 6125a69345 As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret: ``` apiVersion: v1 kind: Secret type: Opaque metadata: name: gitea-postgres-ssl data: postgresql.crt: <base64...> postgresql.key: <base64...> root.crt: <base64...> ``` and then mounting this as a volume in Gitea using: ``` extraVolumes: - name: postgres-ssl-vol secret: secretName: gitea-postgres-ssl extraVolumeMounts: - name: postgres-ssl-vol readOnly: true mountPath: "/pg-ssl" ``` To get the right permissions on the credentials, we'd use the `initPreScript`: ``` initPreScript: | # copy postgres client and CA cert from mount and # give proper permissions mkdir -p /data/git/.postgresql cp /pg-ssl/* /data/git/.postgresql/ chown -R git:git /data/git/.postgresql/ chmod 400 /data/git/.postgresql/postgresql.key ``` and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container): ``` statefulset: env: - name: "PGSSLCERT" value: "/data/git/.postgresql/postgresql.crt" - name: "PGSSLKEY" value: "/data/git/.postgresql/postgresql.key" - name: "PGSSLROOTCERT" value: "/data/git/.postgresql/root.crt" ``` Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io> Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io>
2021-01-20 05:28:39 -06:00
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: init
secret:
secretName: {{ include "gitea.fullname" . }}-init
defaultMode: 0777
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
- name: config
secret:
secretName: {{ include "gitea.fullname" . }}
enhancements to support postgres client-cert authentication (#47) This PR adds a few new chart features which adds to the flexibility of the chart. - allow extra volumes to be mounted (such as secrets): 2f862c5a48 - pass environment variables also to the init-container: 7044049478 - allow a preparation script to be "injected" into the init-container: 6125a69345 As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret: ``` apiVersion: v1 kind: Secret type: Opaque metadata: name: gitea-postgres-ssl data: postgresql.crt: <base64...> postgresql.key: <base64...> root.crt: <base64...> ``` and then mounting this as a volume in Gitea using: ``` extraVolumes: - name: postgres-ssl-vol secret: secretName: gitea-postgres-ssl extraVolumeMounts: - name: postgres-ssl-vol readOnly: true mountPath: "/pg-ssl" ``` To get the right permissions on the credentials, we'd use the `initPreScript`: ``` initPreScript: | # copy postgres client and CA cert from mount and # give proper permissions mkdir -p /data/git/.postgresql cp /pg-ssl/* /data/git/.postgresql/ chown -R git:git /data/git/.postgresql/ chmod 400 /data/git/.postgresql/postgresql.key ``` and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container): ``` statefulset: env: - name: "PGSSLCERT" value: "/data/git/.postgresql/postgresql.crt" - name: "PGSSLKEY" value: "/data/git/.postgresql/postgresql.key" - name: "PGSSLROOTCERT" value: "/data/git/.postgresql/root.crt" ``` Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io> Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io>
2021-01-20 05:28:39 -06:00
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim }}
{{- else if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
volumeClaimTemplates:
- metadata:
name: data
{{- with .Values.persistence.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- with .Values.persistence.labels }}
labels:
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass | quote }}
{{- end }}
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 12:56:55 -05:00
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}