diff --git a/README.md b/README.md index fa91de0..ad4799e 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ - [Database defaults](#database-defaults) - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) + - [Rootless defaults](#rootless-defaults) - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) @@ -172,6 +173,26 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` +#### Rootless Defaults + +If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image: + +- `$HOME` becomes `/data/gitea/git` + + [see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations + +- `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`) + + [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition + +- `SSH_LISTEN_PORT: 2222` (Unless explicity overwritten by `gitea.config.server.SSH_LISTEN_PORT`) + + [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition + +- `SSH_LOG_LEVEL` environment variable is not injected into the container + + [see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations + ### Single-Pod Configurations If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. @@ -216,9 +237,9 @@ If HA is not needed/desired, the following configurations can be used to deploy **Do not use this configuration for production use**.
- + values.yml - + ```yaml redis-cluster: enabled: false @@ -226,10 +247,10 @@ If HA is not needed/desired, the following configurations can be used to deploy enabled: false postgresql-ha: enabled: false - + persistence: enabled: false - + gitea: config: database: @@ -785,15 +806,16 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Image -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | -| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | -| `imagePullSecrets` | Secret to use for pulling the image | `[]` | +| Name | Description | Value | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | +| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 003d39f..c2980ee 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -56,6 +56,7 @@ Create chart name and version as used by the chart label. Create image name and tag used by the deployment. */}} {{- define "gitea.image" -}} +{{- $fullOverride := .Values.image.fullOverride | default "" -}} {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $repository := .Values.image.repository -}} {{- $separator := ":" -}} @@ -65,7 +66,9 @@ Create image name and tag used by the deployment. {{- if .Values.image.digest }} {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} {{- end -}} -{{- if $registry }} +{{- if $fullOverride }} + {{- printf "%s" $fullOverride -}} +{{- else if $registry }} {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} {{- else -}} {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml index cdfd73a..35f8981 100644 --- a/unittests/deployment/image-configuration.yaml +++ b/unittests/deployment/image-configuration.yaml @@ -57,6 +57,21 @@ tests: - equal: path: spec.template.spec.containers[0].image value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: image fullOverride (does not append rootless) + template: templates/gitea/deployment.yaml + set: + image: + fullOverride: gitea/gitea:1.19.3 + # setting rootless, registry, repository, tag, and digest to prove that override works + rootless: true + registry: example.com + repository: example/image + tag: "1.0.0" + digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3" - it: digest for root-based image template: templates/gitea/deployment.yaml set: diff --git a/unittests/deployment/ssh-configuration.yaml b/unittests/deployment/ssh-configuration.yaml index efd0525..543fd5f 100644 --- a/unittests/deployment/ssh-configuration.yaml +++ b/unittests/deployment/ssh-configuration.yaml @@ -27,6 +27,18 @@ tests: content: name: SSH_LOG_LEVEL value: "DEBUG" + - it: supports overriding SSH log level (even when image.fullOverride set) + template: templates/gitea/deployment.yaml + set: + image.fullOverride: gitea/gitea:1.19.3 + image.rootless: false + gitea.ssh.logLevel: "DEBUG" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SSH_LOG_LEVEL + value: "DEBUG" - it: skips SSH_LOG_LEVEL for rootless image template: templates/gitea/deployment.yaml set: @@ -38,3 +50,15 @@ tests: any: true content: name: SSH_LOG_LEVEL + - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set) + template: templates/gitea/deployment.yaml + set: + image.fullOverride: gitea/gitea:1.19.3 + image.rootless: true + gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here + asserts: + - notContains: + path: spec.template.spec.containers[0].env + any: true + content: + name: SSH_LOG_LEVEL diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml index 854bcce..29dac81 100644 --- a/unittests/init/init_directory_structure.sh-rootless.yaml +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -66,3 +66,23 @@ tests: chmod 700 "${GNUPGHOME}" chown 1000:1000 "${GNUPGHOME}" fi + - it: it does not chown /data even when image.fullOverride is set + template: templates/gitea/init.yaml + set: + image.fullOverride: gitea/gitea:1.20.5 + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" diff --git a/values.yaml b/values.yaml index 34c859d..15ecd06 100644 --- a/values.yaml +++ b/values.yaml @@ -43,6 +43,7 @@ clusterDomain: cluster.local ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.pullPolicy Image pull policy ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher +## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** image: registry: "" repository: gitea/gitea @@ -51,6 +52,7 @@ image: digest: "" pullPolicy: Always rootless: true + fullOverride: "" ## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: []