matthew/helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rework app.ini generation (#239)

Browse Source 
App ini is now generated by environment-to-ini

This should prevent some of the problems we had earlier with persisting the app.ini

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
This commit is contained in:
luhahn 2021-11-20 05:15:45 +08:00
parent 82763f109b
commit 0461fa92a9
4 changed files with 118 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
README.md
View File

@ -37,6 +37,35 @@ helm install gitea gitea-charts/gitea
- Helm 3.0+
- PV provisioner for persistent data support
## Chart upgrade to 5.0.0
:warning: The most recent `5.0.0` update brings some major and breaking changes.
Please note the following changes in the Chart to upgrade successfully. :warning:
### App.ini generation
The app.ini generation has changed and now utilizes the environment-to-ini
script provided by newer Gitea versions.
:boom: The Helm Chart now requires Gitea versions of at least 1.11.0.
This change ensures, that the app.ini is now persistent.
#### Secret Key generation
Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated
automatically in certain situations:
- New install: By default the secrets are created automatically. If you provide
secrets via `gitea.config` they will be used instead of automatic generation.
- Existing installs: The secrets won't be deployed, neither via
configuration nor via auto generation. We explicitly prevent to set new secrets.
:rotating_light: It would be possible to set new secret keys manually by entering
the running container and rewriting the app.ini by hand. However, this it is
not advisable to do so for existing installations. Certain settings like
_LDAP_ would not be readable anymore.
## Chart upgrade from 3.x.x to 4.0.0
:warning: The most recent `4.0.0` update brings some breaking changes. Please note
@ -523,48 +552,48 @@ gitea:
### Others
| Parameter | Description | Default |
| ------------------------------------------| -------------------------------------------------------- | ------- |
| statefulset.terminationGracePeriodSeconds | How long to wait until forcefully kill the pod | `60` |
| statefulset.env | Additional environment variables to pass to containers | `[]` |
| extraVolumes | Additional volumes to mount to the Gitea statefulset | `{}` |
| extraVolumeMounts | Additional volume mounts for the Gitea containers | `{}` |
| initPreScript | Bash script copied verbatim to start of init container | |
| securityContext | Run as a specific securityContext | `{}` |
| schedulerName | Use an alternate scheduler, e.g. "stork" | |
| Parameter | Description | Default |
| ------------------------------------------- | -------------------------------------------------------------------- | ------- |
| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` |
| `statefulset.env` | Additional environment variables to pass to containers | `[]` |
| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `{}` |
| `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `{}` |
| `initPreScript` | Bash script copied verbatim to start of init container | |
| `securityContext` | Run as a specific securityContext | `{}` |
| `schedulerName` | Use an alternate scheduler, e.g. "stork" | |
### Image
| Parameter | Description | Default |
| -----------------| ----------------------------------------------------------------------------------------- | ------------- |
| image.repository | Image to start for this pod | `gitea/gitea` |
| image.tag | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` |
| image.pullPolicy | Image pull policy | `Always` |
| image.rootless | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
| Parameter | Description | Default |
| ------------------ | ----------------------------------------------------------------------------------------- | ------------- |
| `image.repository` | Image to start for this pod | `gitea/gitea` |
| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` |
| `image.pullPolicy` | Image pull policy | `Always` |
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
### Persistence
| Parameter | Description | Default |
| ------------------------- | ---------------------------------------------------------- | ------- |
| persistence.enabled | Enable persistence for Gitea | `true` |
| persistence.existingClaim | Use an existing claim to store repository information | |
| persistence.size | Size for persistence to store repo information | `10Gi` |
| persistence.accessModes | AccessMode for persistence | |
| persistence.storageClass | Storage class for repository persistence | |
| persistence.labels | Labels for the persistence volume claim to be created | `{}` |
| persistence.annotations | Annotations for the persistence volume claim to be created | `{}` |
| Parameter | Description | Default |
| --------------------------- | ---------------------------------------------------------- | ------- |
| `persistence.enabled` | Enable persistence for Gitea | `true` |
| `persistence.existingClaim` | Use an existing claim to store repository information | |
| `persistence.size` | Size for persistence to store repo information | `10Gi` |
| `persistence.accessModes` | AccessMode for persistence | |
| `persistence.storageClass` | Storage class for repository persistence | |
| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` |
| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` |
### Ingress
| Parameter | Description | Default |
| ---------------------------------- | ---------------------------------------------- | ----------------- |
| ingress.enabled | enable ingress | `false` |
| ingress.annotations | add ingress annotations | |
| ingress.hosts[0].host | add hosts for ingress | `git.example.com` |
| ingress.hosts[0].paths[0].path | add path for each ingress host | `/` |
| ingress.hosts[0].paths[0].pathType | add ingress path type | `Prefix` |
| ingress.tls | add ingress tls settings | `[]` |
| ingress.className | add ingress class name. Only used in k8s 1.19+ | |
| Parameter | Description | Default |
| ------------------------------------ | ---------------------------------------------- | ----------------- |
| `ingress.enabled` | enable ingress | `false` |
| `ingress.annotations` | add ingress annotations | |
| `ingress.hosts[0].host` | add hosts for ingress | `git.example.com` |
| `ingress.hosts[0].paths[0].path` | add path for each ingress host | `/` |
| `ingress.hosts[0].paths[0].pathType` | add ingress path type | `Prefix` |
| `ingress.tls` | add ingress tls settings | `[]` |
| `ingress.className` | add ingress class name. Only used in k8s 1.19+ | |
### Service

36
templates/gitea/config.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- include "gitea.labels" . | nindent 4 }}
type: Opaque
stringData:
app.ini: |-
config_environment.sh: |-
#!/usr/bin/env bash
set -euo pipefail
{{- if not (hasKey .Values.gitea.config "cache") -}}
{{- $_ := set .Values.gitea.config "cache" dict -}}
{{- end -}}
@ -31,6 +34,10 @@ stringData:
{{- $_ := set .Values.gitea.config "repository" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
{{- end -}}
{{- /* repository default settings */ -}}
{{- if not .Values.gitea.config.repository.ROOT -}}
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
@ -132,17 +139,34 @@ stringData:
{{- end -}}
{{- end -}}
{{- /* autogenerate app.ini */ -}}
{{- if not (hasKey .Values.gitea.config.security "INTERNAL_TOKEN") }}
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
{{- end }}
{{- if not (hasKey .Values.gitea.config.security "SECRET_KEY") }}
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
{{- end }}
{{- if not (hasKey .Values.gitea.config.oauth2 "JWT_SECRET") }}
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
{{- end }}
{{- /* autogenerate app.ini environment values */ -}}
{{- range $key, $value := .Values.gitea.config }}
{{- if kindIs "map" $value }}
{{- if gt (len $value) 0 }}
[{{ $key }}]
{{- range $n_key, $n_value := $value }}
{{ $n_key | upper }} = {{ $n_value }}
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $n_key | upper }}={{ $n_value }}
{{- end }}
{{- end }}
{{- else }}
{{ $key | upper }} = {{ $value }}
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $key | upper }}={{ $value }}
{{- end }}
{{- end }}
# safety to prevent rewrite of secret keys if an app.ini already exists
if [ -f ${GITEA_APP_INI} ]; then
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
unset ENV_TO_INI__SECURITY__SECRET_KEY
unset ENV_TO_INI__OAUTH2__JWT_SECRET
fi
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI

3
templates/gitea/init.yaml
View File

@ -33,9 +33,6 @@ stringData:
chown 1000:1000 "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"
# Copy config file to writable volume
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
chmod a+rwx /data/gitea/conf/app.ini
configure_gitea.sh: |-
#!/usr/bin/env bash

28
templates/gitea/statefulset.yaml
View File

@ -60,8 +60,31 @@ spec:
mountPath: /usr/sbin
- name: temp
mountPath: /tmp
- name: data
mountPath: /data
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
- name: init-app-ini
image: "{{ include "gitea.image" . }}"
command: ["/usr/sbin/config_environment.sh"]
env:
- name: GITEA_APP_INI
value: /data/gitea/conf/app.ini
- name: GITEA_CUSTOM
value: /data/gitea
- name: GITEA_WORK_DIR
value: /data
- name: GITEA_TEMP
value: /tmp/gitea
{{- if .Values.statefulset.env }}
{{- toYaml .Values.statefulset.env | nindent 12 }}
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/gitea/conf
mountPath: /usr/sbin
- name: temp
mountPath: /tmp
- name: data
mountPath: /data
{{- if .Values.extraVolumeMounts }}
@ -236,10 +259,11 @@ spec:
- name: init
secret:
secretName: {{ include "gitea.fullname" . }}-init
defaultMode: 0777
defaultMode: 110
- name: config
secret:
secretName: {{ include "gitea.fullname" . }}
defaultMode: 110
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}