diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index ef0e707..c57421f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.14.4" + HELM_VERSION: "3.15.2" jobs: generate-chart-publish: @@ -49,7 +49,6 @@ jobs: helm plugin install https://github.com/pat-s/helm-gpg helm dependency build helm package --version "${GITHUB_REF#refs/tags/v}" ./ - helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea mv gitea*.tgz gitea/ curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 7e1a196..df2ee51 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.14.4 + container: alpine/helm:3.15.2 steps: - name: install tools run: | diff --git a/Chart.lock b/Chart.lock index 8387557..fd62e33 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,15 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.4.0 + version: 15.5.16 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.2 + version: 14.2.11 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.0 -digest: sha256:9cf8e9cc91ed8e7222943de488ff2a75f49ef16115ae9c252b969a0df0d5c696 -generated: "2024-05-25T00:43:29.277245931Z" + version: 10.2.6 +- name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.6.1 +digest: sha256:2f5e7ab97242b6254437fe1ebaff720ef93d159ae600b5ff84e6251a02ec4b25 +generated: "2024-07-13T00:17:56.909401868Z" diff --git a/Chart.yaml b/Chart.yaml index 16fd7e9..6e987e1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.11 +appVersion: 1.22.0 icon: https://gitea.com/assets/img/logo.svg keywords: @@ -35,15 +35,20 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.4.0 + version: 15.5.16 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.2 + version: 14.2.11 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.0 + version: 10.2.6 condition: redis-cluster.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml + - name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.6.1 + condition: redis.enabled diff --git a/Makefile b/Makefile index 4e4b5bd..cc92433 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/README.md b/README.md index 10f2faa..ec29243 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [redis-cluster](#redis-cluster) + - [redis](#redis) - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) @@ -98,7 +99,8 @@ These dependencies are enabled by default: Alternatively, the following non-HA replacements are available: -- PostgreSQL ([Bitnami PostgreSQL](postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml))) +- PostgreSQL ([Bitnami PostgreSQL]()) +- Redis ([Bitnami Redis]()) ### Dependency Versioning @@ -117,6 +119,7 @@ Please double-check the image repository and available tags in the sub-chart: - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) +- [Redis](https://hub.docker.com/r/bitnami/redis/tags) and look up the image tag which fits your needs on Dockerhub. @@ -244,7 +247,7 @@ External tools such as `redis-cluster` or `memcached` handle these workloads muc If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. -1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql`): +1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `redis`):
@@ -253,6 +256,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: true postgresql: enabled: true postgresql-ha: @@ -265,12 +270,6 @@ If HA is not needed/desired, the following configurations can be used to deploy config: database: DB_TYPE: postgres - session: - PROVIDER: db - cache: - ADAPTER: memory - queue: - TYPE: level indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true @@ -290,6 +289,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: false postgresql: enabled: false postgresql-ha: @@ -568,6 +569,20 @@ gitea: existingSecret: gitea-admin-secret ``` +Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set. + +- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated. +- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password. +- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login. + +These modes can be set like the following: + +```yaml +gitea: + admin: + passwordMode: initialOnlyRequireReset +``` + ### LDAP Settings Like the admin user the LDAP settings can be updated. @@ -986,22 +1001,23 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Gitea -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | -| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | +| Name | Description | Value | +| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | +| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | ### LivenessProbe @@ -1041,13 +1057,26 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### redis-cluster +Redis cluster and [Redis](#redis) cannot be enabled at the same time. + | Name | Description | Value | | -------------------------------- | -------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.enabled` | Enable redis cluster | `true` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | +### redis + +Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. + +| Name | Description | Value | +| ----------------------------- | ------------------------------------------ | ------------ | +| `redis.enabled` | Enable redis standalone or replicated | `false` | +| `redis.architecture` | Whether to use standalone or replication | `standalone` | +| `redis.global.redis.password` | Required password | `changeme` | +| `redis.master.count` | Number of Redis master instances to deploy | `1` | + ### PostgreSQL HA | Name | Description | Value | diff --git a/package-lock.json b/package-lock.json index 7743c82..c00c95e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.40.0" + "markdownlint-cli": "^0.41.0" }, "engines": { "node": ">=16.0.0", @@ -310,10 +310,11 @@ "dev": true }, "node_modules/jackspeak": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", - "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz", + "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==", "dev": true, + "license": "BlueOak-1.0.0", "dependencies": { "@isaacs/cliui": "^8.0.2" }, @@ -425,14 +426,15 @@ } }, "node_modules/markdownlint-cli": { - "version": "0.40.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.40.0.tgz", - "integrity": "sha512-JXhI3dRQcaqwiFYpPz6VJ7aKYheD53GmTz9y4D/d0F1MbZDGOp9pqKlbOfUX/pHP/iAoeiE4wYRmk8/kjLakxA==", + "version": "0.41.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.41.0.tgz", + "integrity": "sha512-kp29tKrMKdn+xonfefjp3a/MsNzAd9c5ke0ydMEI9PR98bOjzglYN4nfMSaIs69msUf1DNkgevAIAPtK2SeX0Q==", "dev": true, + "license": "MIT", "dependencies": { - "commander": "~12.0.0", + "commander": "~12.1.0", "get-stdin": "~9.0.0", - "glob": "~10.3.12", + "glob": "~10.4.1", "ignore": "~5.3.1", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.1", @@ -440,7 +442,7 @@ "markdownlint": "~0.34.0", "minimatch": "~9.0.4", "run-con": "~1.3.2", - "toml": "~3.0.0" + "smol-toml": "~1.2.0" }, "bin": { "markdownlint": "markdownlint.js" @@ -454,36 +456,39 @@ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, + "license": "MIT", "dependencies": { "balanced-match": "^1.0.0" } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-12.0.0.tgz", - "integrity": "sha512-MwVNWlYjDTtOjX5PiD7o5pK0UrFU/OYgcJfjjK4RaHZETNtjJqrZa9Y9ds88+A+f+d5lv+561eZ+yCKoS3gbAA==", + "version": "12.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz", + "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==", "dev": true, + "license": "MIT", "engines": { "node": ">=18" } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.3.14", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.14.tgz", - "integrity": "sha512-4fkAqu93xe9Mk7le9v0y3VrPDqLKHarNi2s4Pv7f2yOvfhWfhc7hRPHC/JyqMqb8B/Dt/eGS4n7ykwf3fOsl8g==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz", + "integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==", "dev": true, + "license": "ISC", "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^2.3.6", - "minimatch": "^9.0.1", - "minipass": "^7.0.4", - "path-scurry": "^1.11.0" + "jackspeak": "^3.1.2", + "minimatch": "^9.0.4", + "minipass": "^7.1.2", + "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -494,6 +499,7 @@ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", "dev": true, + "license": "ISC", "dependencies": { "brace-expansion": "^2.0.1" }, @@ -544,10 +550,11 @@ } }, "node_modules/minipass": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.1.tgz", - "integrity": "sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA==", + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", + "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", "dev": true, + "license": "ISC", "engines": { "node": ">=16 || 14 >=14.17" } @@ -580,16 +587,17 @@ } }, "node_modules/path-scurry": { - "version": "1.11.0", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.0.tgz", - "integrity": "sha512-LNHTaVkzaYaLGlO+0u3rQTz7QrHTFOuKyba9JMTQutkmtNew8dw8wOD7mTU/5fCPZzCWpfW0XnQKzY61P0aTaw==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", "dev": true, + "license": "BlueOak-1.0.0", "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -661,6 +669,17 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/smol-toml": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.2.0.tgz", + "integrity": "sha512-KObxdQANC/xje3OoatMbSwQf2XAvJ0RbK+4nmQRszFNZptbNRnMWqbLF/zb4sMi9xJ6HNyhWXeuZ9zC/I/XY7w==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">= 18", + "pnpm": ">= 9" + } + }, "node_modules/string-width": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", @@ -769,12 +788,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/toml": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/toml/-/toml-3.0.0.tgz", - "integrity": "sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w==", - "dev": true - }, "node_modules/uc.micro": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz", diff --git a/package.json b/package.json index 20522b5..3cc3449 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.40.0" + "markdownlint-cli": "^0.41.0" } } diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 30ee3b9..c7d13d9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -74,7 +74,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} +{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} @@ -113,20 +113,28 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "redis.dns" -}} -{{- if (index .Values "redis-cluster").enabled -}} +{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} +{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} +{{- else if (index .Values "redis-cluster").enabled -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} {{- end -}} {{- end -}} {{- define "redis.port" -}} {{- if (index .Values "redis-cluster").enabled -}} {{ (index .Values "redis-cluster").service.ports.redis }} +{{- else if (index .Values "redis").enabled -}} +{{ (index .Values "redis").master.service.ports.redis }} {{- end -}} {{- end -}} {{- define "redis.servicename" -}} {{- if (index .Values "redis-cluster").enabled -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- end -}} @@ -271,7 +279,7 @@ https {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} {{- /* redis queue */ -}} - {{- if (index .Values "redis-cluster").enabled -}} + {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} @@ -392,3 +400,11 @@ https {{- define "gitea.serviceAccountName" -}} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{- end -}} + +{{- define "gitea.admin.passwordMode" -}} +{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} +{{ .Values.gitea.admin.passwordMode }} +{{- else -}} +{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} +{{- end -}} +{{- end -}} diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index ca1bdd9..f321f22 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -243,6 +243,8 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} + - name: GITEA_ADMIN_PASSWORD_MODE + value: {{ include "gitea.admin.passwordMode" $ }} {{- if .Values.deployment.env }} {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 9991eec..cd743fe 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -21,7 +21,7 @@ metadata: {{- end }} spec: {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} + ingressClassName: {{ tpl .Values.ingress.className . }} {{- end }} {{- if .Values.ingress.tls }} tls: diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index a67166b..0352836 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -109,13 +109,33 @@ stringData: local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then + local -a create_args + create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }}) + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then + create_args+=(--must-change-password=true) + else + create_args+=(--must-change-password=false) + fi echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." - gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false + gitea admin user create "${create_args[@]}" echo '...created.' else - echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." - gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" - echo '...password sync done.' + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + # See https://gitea.com/gitea/helm-chart/issues/673 + # --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior + # which acted as if it were provided with =false. If the argument is present in this version of gitea, then we + # should add it to prevent requiring frequent admin password resets. + local -a change_args + change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}") + if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then + change_args+=(--must-change-password=false) + fi + gitea admin user change-password "${change_args[@]}" + echo '...password sync done.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping." + fi fi } diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml index cd55d90..8ebde62 100644 --- a/unittests/config/cache-config.yaml +++ b/unittests/config/cache-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: ADAPTER=redis HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" + - it: "cache is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=redis + HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: ADAPTER=memory HOST= - - it: "cache can be customized when redis-cluster is disabled" + - it: "cache can be customized when redis (or redis-cluster) is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.cache.ADAPTER: custom-adapter gitea.config.cache.HOST: custom-host asserts: diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml index f83543a..b4946c7 100644 --- a/unittests/config/queue-config.yaml +++ b/unittests/config/queue-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& TYPE=redis - - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" + - it: "queue is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + TYPE=redis + + - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: CONN_STR= TYPE=level - - it: "queue can be customized when redis-cluster is disabled" + - it: "queue can be customized when redis (and redis-cluster) are disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.queue.TYPE: custom-type gitea.config.queue.CONN_STR: custom-connection-string asserts: diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml index 2b6e771..5078cf2 100644 --- a/unittests/config/session-config.yaml +++ b/unittests/config/session-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: PROVIDER=redis PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "session is configured correctly for 'memory' when redis-cluster is disabled" + - it: "session is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=redis + PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: PROVIDER=memory PROVIDER_CONFIG= - - it: "session can be customized when redis-cluster is disabled" + - it: "session can be customized when redis (and redis-cluster) is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.session.PROVIDER: custom-provider gitea.config.session.PROVIDER_CONFIG: custom-provider-config asserts: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index cd25274..2646ade 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -34,9 +34,24 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST pattern: bitnami/redis-cluster:7.+$ + - it: "[redis] ensures we detect major image version upgrades" + template: charts/redis/templates/master/application.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/redis:7.+$ diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml index 6a36eb0..a6998ee 100644 --- a/unittests/deployment/ingress-configuration.yaml +++ b/unittests/deployment/ingress-configuration.yaml @@ -15,9 +15,33 @@ tests: hosts: - "{{ .Values.global.giteaHostName }}" asserts: + - isKind: + of: Ingress - equal: path: spec.tls[0].hosts[0] value: "gitea.example.com" - equal: path: spec.rules[0].host value: "gitea.example.com" + - it: Ingress Class using TPL + set: + global.ingress.className: "ingress-class" + ingress.className: "{{ .Values.global.ingress.className }}" + ingress.enabled: true + ingress.hosts[0].host: "some-host" + ingress.tls: + - secretName: gitea-tls + hosts: + - "some-host" + asserts: + - isKind: + of: Ingress + - equal: + path: spec.tls[0].hosts[0] + value: "some-host" + - equal: + path: spec.rules[0].host + value: "some-host" + - equal: + path: spec.ingressClassName + value: "ingress-class" diff --git a/unittests/pvc/pvc-configuration.yaml b/unittests/pvc/pvc-configuration.yaml new file mode 100644 index 0000000..3431000 --- /dev/null +++ b/unittests/pvc/pvc-configuration.yaml @@ -0,0 +1,19 @@ +suite: PVC template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/pvc.yaml +tests: + - it: Storage Class using TPL + set: + global.persistence.storageClass: "storage-class" + persistence.enabled: true + persistence.create: true + persistence.storageClass: "{{ .Values.global.persistence.storageClass }}" + asserts: + - isKind: + of: PersistentVolumeClaim + - equal: + path: spec.storageClassName + value: "storage-class" diff --git a/unittests/values-conflicting-checks.yaml b/unittests/values-conflicting-checks.yaml new file mode 100644 index 0000000..a257690 --- /dev/null +++ b/unittests/values-conflicting-checks.yaml @@ -0,0 +1,14 @@ +suite: Values conflicting checks +release: + name: gitea-unittests + namespace: testing +tests: + - it: fails when trying to configure redis and redis-cluster the same time + set: + redis-cluster: + enabled: true + redis: + enabled: true + asserts: + - failedTemplate: + errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one. diff --git a/values.yaml b/values.yaml index be01e0a..af66f24 100644 --- a/values.yaml +++ b/values.yaml @@ -346,12 +346,14 @@ gitea: ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.password Password for the Gitea admin user ## @param gitea.admin.email Email for the Gitea admin user + ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: "gitea@local.domain" + passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Gitea metrics ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor @@ -485,10 +487,13 @@ gitea: failureThreshold: 10 ## @section redis-cluster -## @param redis-cluster.enabled Enable redis +## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas +## @descriptionStart +## Redis cluster and [Redis](#redis) cannot be enabled at the same time. +## @descriptionEnd redis-cluster: enabled: true usePassword: false @@ -496,6 +501,23 @@ redis-cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 +## @section redis +## @param redis.enabled Enable redis standalone or replicated +## @param redis.architecture Whether to use standalone or replication +## @param redis.global.redis.password Required password +## @param redis.master.count Number of Redis master instances to deploy +## @descriptionStart +## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. +## @descriptionEnd +redis: + enabled: false + architecture: standalone + global: + redis: + password: changeme + master: + count: 1 + ## @section PostgreSQL HA # ## @param postgresql-ha.enabled Enable PostgreSQL HA