As discussed in Discord.
Supersedes #412 and #407.
**⚠️ BREAKING**
Users depending on the built-in MySQL or MariaDB chart have to switch to an self-managed database, or Postgres
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/417
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: John Olheiser <john+gitea@jolheiser.com>
Reviewed-by: yardenshoham <yardenshoham@noreply.gitea.io>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
See discussion in #387
Upgrade notes to Chart v11.x and Postgres 14.x: https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/
The current version in Gitea is using `11.11.0-debian-10-r62` from 2021-04.
Bumping the chart to the latest (v12.x) would use the image `15.2.0-debian-11-r14` which would be a jump from postgres 11 to postgres 15. There are no specific notes for the v12.x chart release, hence we might be able to just go to 12.x directly.
There have been some param renamings which I've reflected in the README.
**⚠️ BREAKING**
Users have to migrate their Postgres DB by e.g. restoring a previously created database dump into a clean installation.
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/391
Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
### Description of the change
Fix a wrong reference to `signing.existingKey`, `signing.existingSecret` was what was meant and what is used in the chart.
### Benefits
Less confusion when trying to use the Helm chart.
### Possible drawbacks
Evangelists of `existingKey` storming the barricades even though `existingKey` is long dead.
### Applicable issues
None, nobody noticed enough to care, apparently.
Co-authored-by: Tobias Wolter <towo@towo.eu>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/415
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: towo <towo@noreply.gitea.io>
Co-committed-by: towo <towo@noreply.gitea.io>
### Description of the change
Make the test-connection Pod optional and override the wget container's image.
### Benefits
Allows users to enable/disabled the test-connection Pod and override the wget container's image.
### Checklist
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Breaking changes are documented in the `README.md`
Co-authored-by: Umer Anwar <umer.anwar@nuance.com>
Co-authored-by: ooms97 <anwarumer97@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/360
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: ooms97 <ooms97@noreply.gitea.io>
Co-committed-by: ooms97 <ooms97@noreply.gitea.io>
Some small formatting changes which are auto-applied by the markdown code styler in vscode (which I am using a lot).
These are also present in #407.
Merging this before/in general would help be a bit when tinkering with the README.
Mainly indentation related, plus some single quotes -> double quotes changes.
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/408
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.io>
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Co-committed-by: pat-s <pat-s@noreply.gitea.io>
### Description of the change
It is required to add custom mapping between hostnames and IP addresses for the gitea pods to be able to access external services like oauth providers or webhook servers.
It is common to take global variables for the entires and set them using hostAliases in the pod template.
### Benefits
Give us more flexibility when using gitea in various network environments.
### Applicable issues
- fixes#400
### Checklist
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
Co-authored-by: Taekyun Kim <tkq.kim@samsung.com>
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/401
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: podain77 <podain77@noreply.gitea.io>
Co-committed-by: podain77 <podain77@noreply.gitea.io>
This reverts d5ce1a47ea and therefore adds the GPG feature back into main.
As it is a breaking change, this PR now also contains the required upgrade notes.
Closes#107 again.
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/374
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: John Olheiser <john+gitea@jolheiser.com>
Feature #343 happens to be a breaking change when enabling `.Values.signing` but not specifying
any of the new private key properties. Tag `v6.0.2` is therefore not following semantic versioning.
This temporarily reverts commit b8f0310c43 and a fix-up commit 57a1cd27d9
to retag 6.0.2 as 6.0.3.
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/373
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
### Description of the change
This PR adds support for gpg key setup. It allows to pass the gpg private key content inline inside `values.yaml` or refer to an existing secret containing the key content data.
### Benefits
Administrators don't need to manually setup the gpg environment from inside a running container. It also eliminates the breaking change of Gitea 1.17 regarding `[git].HOME` as the `GNUPGHOME` environment variable is used consistently to relocate the `.gnupg` directory to its former location.
### Applicable issues
- fixes#107
### Additional information
This PR add the first unit tests to this Helm Chart, ensuring templating integrity for signing related configuration.
### Checklist
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/343
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Description of the change
Mostly, this change just moves the changelog to the bottom of the README which helps new users to see the actual documentation. As the structure for the changes itself is slightly different, there are some changes in wording so that it still makes sense. But mostly structural changes.
The change within the dependency section is due to a broken link since auto-generating the parameters section. Now there are links to every dependency related parameters.
Benefits
It helps us to maintain a clear structure for the README of this project.
Possible drawbacks
Our users are currently trained to look at the top of the document to see the changes. They now have to scroll down or use the quick link from installation section.
Applicable issues
fixes#247
Additional information
Every version section starts with a disclaimer right now. This is duplicated and might hide important text due to its existence. A centralized intruduction at top of the upgrading section tells the reader what to expect from that whole section.
I've also noticed that on ArtifactHub the emotes are not rendered correctly. So I replaced them with the actual ones and reduced their usage. That way it better highlights those parts the reader must not miss.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/331
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Description of the change
Add support for a new value: dnsConfig, to be passed to the statefulset pod template configuration.
Default is {}, and does not change anything from current default pod configuration.
Benefits
Ability to fix some issues encountered with Alpine-based docker images, which may break DNS resolving on some clusters.
In particular, this allows to lower the ndots value, which fixes DNS resolving of FQDNs.
dnsConfig:
options:
- name: ndots
value: "1"
Also, with this setting, one can set other parameters to finely tune DNS configuration for Gitea pods, if needed:
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
Possible drawbacks
None.
Additional information
Some relevant links about the issue this setting allows to fix:
https://stackoverflow.com/questions/65181012/does-alpine-have-known-dns-issue-within-kuberneteshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9017
Checklist
Parameters are documented in the values.yaml and added to the README.md using readme-generator-for-helm
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/329
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: dek <dek@noreply.gitea.io>
Co-committed-by: dek <dek@noreply.gitea.io>
To enable access to e.g. the SSH port by IPv6, the selection of ipFamilyPolicy and ipFamilies service attributes is necessary. Enable the possibility to configure these by helm values.
Co-authored-by: Sven Fischer <sven@leiderfischer.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/313
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: svenihoney <svenihoney@noreply.gitea.io>
Co-committed-by: svenihoney <svenihoney@noreply.gitea.io>
Fixes#314
Right now, the gitea StatefulSet does not allow any annotations to be configured via the helmchart - see https://gitea.com/gitea/helm-chart/src/tag/v5.0.4/templates/gitea/statefulset.yaml#L4-L6
My use case:
I am trying to use Reloader (https://github.com/stakater/Reloader) so that I can configure my values.yaml such that i can set some annotations on the StatefulSet and thus Reloader can rollout a restart of gitea StatefulSet whenever a watched secret or configmap is updated.
Co-authored-by: Tarun Gupta Akirala <tarugupta.92@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/315
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: takirala <takirala@noreply.gitea.io>
Co-committed-by: takirala <takirala@noreply.gitea.io>
This PR improves the handling and injection into _app.ini_ of user defined environment variables via env-to-ini script.
Fixes#297
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/298
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
- Drop super legacy `image.version` value (see #92 description)
- Always use `appVersion` from Chart.yaml as image tag if non specified
---
Don't know whether this is a breaking change regarding image.version
drop.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/250
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
This fixes my feature request (#275) to support hostPort to expose the ssh port.
Co-authored-by: alex <alex@zengers.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/276
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: a-zen <a-zen@noreply.gitea.io>
Co-committed-by: a-zen <a-zen@noreply.gitea.io>
As discussed in #286, an example for using Kubernetes secrets as additional configuration source was missing. This adds it.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/294
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
I saw a few PRs including this. Maybe it's good to have this as fast as possible to prevent others providing this fix, too.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/295
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
We did not mention the multiple LDAP Sources as a breaking change.
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/271
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
⚠️ Breaking
Moved the values to enable the dependencies into the dependencies itself, this way we don't need a seperate field in the values and it is more obvious how to enable for example postgresql.
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/268
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources.
These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose
on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps.
- Fixes#243
- Fixes#174
- Fixes#260
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
This change request includes two different things to improve OAuth source handling:
- Allow multiple OAuth source configuration (Fixes: #191)
- Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242)
⚠️ BREAKING ⚠️
---
Users need to migrate their `gitea.oauth` configuration.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
fixes#251
The rendering is a bit more programatic but the result is the same if you don't have an override. This makes the code a little easier at the end of the template, and slightly less easier to read at the beginning, which I think is a valid tradeoff.
Co-authored-by: Martyn Ranyard <m@rtyn.berlin>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/252
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: iMartyn <imartyn@noreply.gitea.io>
Co-committed-by: iMartyn <imartyn@noreply.gitea.io>
Hello !
I'm using the new Helm chart (5.x) and I really like the new configuration mechanism. 👍
I would like to contribute the following enhancement.
## The problem I want to solve
I'm trying to deploy Gitea in a Kubernetes shared platform and I need to make sure each instance is running as a different user so that in case of container escape, the risk of data leak is minimized.
Additionally, on my platform (OpenShift), arbitrary users (such as uid 1000 for Gitea) are not allowed.
The current helm chart does not allow me to achieve this because:
- the container security context is configurable only for the main container. The security context of init containers cannot be specified.
- a fixed uid is hard coded
- a fixed fs group is hard coded
Also, the securityContext of a pod and the securityContext of a container do not accept the same options.
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#securitycontext-v1-core
## How I'm solving the problem
I split the `securityContext` (values.yaml) in two: `containerSecurityContext` and `podSecurityContext`. The containerSecurityContext applies to all containers (init and main) in order to be consistent with file permissions.
The behavior for existing deployments is unchanged:
- fsGroup 1000 is the default value for the podSecurityContext variable
- the "configure-gitea" init container uses the uid 1000 unless otherwise stated in the containerSecurityContext
- the main container is using the existing securityContext variable when defined in order not to break existing deployments and uses the new containerSecurityContext variable if not.
This approach is well tested: it is used consistently on bitnami's Helm charts.
## How I tested
I tested both root and rootless variants on a Kubernetes 1.22, as well as rootless variant on OpenShift 4.7.
**rootless variant on Kubernetes**:
```yaml
podSecurityContext:
fsGroup: 10001
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
add:
- SYS_CHROOT
privileged: false
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
extraVolumes:
- name: var-lib-gitea
emptyDir: {}
extraVolumeMounts:
- name: var-lib-gitea
readOnly: false
mountPath: "/var/lib/gitea"
```
**rootless variant on OpenShift**:
```yaml
podSecurityContext:
fsGroup: null
containerSecurityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 1000790000
extraVolumes:
- name: var-lib-gitea
emptyDir: {}
extraVolumeMounts:
- name: var-lib-gitea
readOnly: false
mountPath: "/var/lib/gitea"
```
Let me know if something is unclear.
Co-authored-by: Nicolas MASSE <nicolas.masse@itix.fr>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/259
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
Co-committed-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
As a replacement, the default probes are now fully configurable and used
as-is during Chart deployment.
Fixes: #189⚠️ BREAKING ⚠️
---
Users have to remove the `custom` prefix from their probes, if customized.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/248
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
App ini is now generated by environment-to-ini
This should prevent some of the problems we had earlier with persisting the app.ini
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
Hi,
this patch contains a markdownlinter. I think this has the advantage that all users stick to the same format and the `README.md` follows a consistent structure.
The markdownlinter can be configured via the `.markdownlint.yaml` file. All possible options are [here](https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml) documented.
I have created the initialie configuration. However, can be adapted to suggestions for change. Has of course the consequence that if necessary the `README.md` would have to be adapted. I have formatted this in advance according to the defined rules.
For users which use visual-code as IDE is additionally a plugin [available](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint).
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/200
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Co-authored-by: Markus Pesch <volker.raschek@noreply.gitea.io>
Co-committed-by: Markus Pesch <volker.raschek@noreply.gitea.io>
Add multiple add sources.
Instead of a single entry for ldap configuration we now would have a dictionary for ldap config.
This would be a breaking change for those working with the ldap config.
fixes: #190
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
FYI: My editor automatically changes two trailing whitespaces into a linebreak. I know it's not completely the same but maybe it can be accepted (would make things easier in the long run).
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/228
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Co-committed-by: pat-s <pat-s@noreply.gitea.io>
Hi,
I just add some minor changes to support specifying ingressClassName to support the newer specification in `networking.k8s.io/v1`. The annotation `kubernetes.io/ingress.class: nginx` only works with older API `networking.k8s.io/v1beta1`.
This is part of our move to support kubernetes 1.22.
Co-authored-by: Leong Wai Kit <waikit.leong@bertelsmann.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/217
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wkit23 <wkit23@noreply.gitea.io>
Co-committed-by: wkit23 <wkit23@noreply.gitea.io>
Currently there are two different styles for defining both ldap and oauth configuration in _values.yaml_ file: `camelCase` and `kebab-case`.
Supporting both styles created multiple regressions in the past.
⚠️ BREAKING ⚠️
---------------
These changes completely remove any support for `kebab-case` notation in _values.yaml_ in favor of `camelCase`. Configuration keys must use `camelCase`.
Only exception are Kubernetes resource keys for annotations or labels.
Fixes: #188
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/196
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
This patch add the SYS_CHROOT capability if the securityContext is
undefined. Otherwise the SSH Server does not work correctly as described
in the issue #161.
Fixes: #161
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/176
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: Markus Pesch <volker.raschek@noreply.gitea.io>
Co-committed-by: Markus Pesch <volker.raschek@noreply.gitea.io>
