Commit Graph

19 Commits

Author SHA1 Message Date
luhahn
3273b245e7 Add multiple LDAP sources (#222)
Add multiple add sources.

Instead of a single entry for ldap configuration we now would have a dictionary for ldap config.

This would be a breaking change for those working with the ldap config.

fixes: #190

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-10-08 20:16:24 +08:00
justusbunsi
7de326d931 Drop kebab-case configuration notation (#196)
Currently there are two different styles for defining both ldap and oauth configuration in _values.yaml_ file: `camelCase` and `kebab-case`.
Supporting both styles created multiple regressions in the past.

⚠️ BREAKING ⚠️
---------------
These changes completely remove any support for `kebab-case` notation in _values.yaml_ in favor of `camelCase`. Configuration keys must use `camelCase`.
Only exception are Kubernetes resource keys for annotations or labels.

Fixes: #188

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/196
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-07-06 13:28:13 +08:00
justusbunsi
9059229acb Rewrite init script (#178)
These changes rewrite the init script to be error aware, informative and have a bit more security awareness.

During rewrite several hidden bugs could be identified and fixed, such as:

- LDAP configuration options interpreted by the shell before passed to command
- Finding multiple ldap ids instead of one during lookup when their names are almost identical
e.g. `_my-ldap-auth` and `my-ldap-auth`
- Properly filter auth sources by their types to prevent unintended type converting attempts that fail

In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution.

Helps for: #149

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-30 04:09:16 +08:00
justusbunsi
d6eb50ca35 Fix admin + ldap configuration (#183)
This fixes several flaws introduced by commits for #169 (see c49dc047a4).

 - Respect kebab-case ldap bind inline definition
 - Prevent camelCase ldap bind inline definition from being overridden by empty string
 - Create admin account when `existingSecret` is used

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/183
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-21 21:28:18 +08:00
luhahn
c49dc047a4 Allow existing secrets for passwords (#170)
Allow admin user and password to be configured via existing secrets

Allow LDAP bindDn and bindPassword to be configured via existing secrets

Update Readme

Fixes: #169

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/170
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-06-10 19:13:33 +08:00
luhahn
b88bbd6d4d gitea-1.14.x-updates (#148)
This PR includes the changes from:

- https://gitea.com/gitea/helm-chart/pulls/129
- https://gitea.com/gitea/helm-chart/pulls/140

In addition it adds the possibility to include secrets via environment variables as mentioned in #60

Co-authored-by: Hans Kristian Flaatten <hans.flaatten@evry.com>
Co-authored-by: flavio.prado <flavio.prado@noreply.gitea.io>
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/148
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-04-29 17:12:48 +08:00
Nakrez
1eb0eee3bc Make the chart work with a sqlite3 database (#124)
There are currently 2 issues that prevent using this chart to deploy gitea with a SQLite3 database.

1) The value from *gitea.config.database.HOST* is used to set *db.servicename* when  all the databases under *gitea.database.buildIn* are not enabled. This causes a type error during the template processing:
`Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:24:20: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:64:31: executing "db.servicename" at <.Values.gitea.config.database.HOST>: wrong type for value; expected string; got interface {}`

2) In *init_gitea.sh*, we use the value *db.servicename* and *db.port* to ping the database. If this database responds to ping, we proceed with the init. The problem here is that *db.port* is not set when all the databases under *gitea.database.buildIn* are disabled. In turn, this raises an error from busybox's *nc*, because no parameter is passed for *PORT*. This causes the init container to go in *CrashLoopBackOff* forever.

The simple fix that is proposed in this PR is to check wether or not *.Values.gitea.config.database.DB_TYPE* is set to determine the value *db.servicename*. If *DB_TYPE* is *'sqlite3'*, leave *db.servicename* empty and use that to bypass the database ping.

Co-authored-by: Baptiste Covolato <b.covolato@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/124
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: Nakrez <nakrez@noreply.gitea.io>
Co-committed-by: Nakrez <nakrez@noreply.gitea.io>
2021-03-04 16:43:52 +08:00
Dunky13
d1c58a2e77 OAuth2 configuration options (#123)
I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request.

Hope it can help others.

Co-authored-by: Marc Went <marc.went+git@redkubes.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Dunky13 <dunky13@noreply.gitea.io>
Co-committed-by: Dunky13 <dunky13@noreply.gitea.io>
2021-03-01 20:24:11 +08:00
Starefossen
9213f0d1f5 Add app and version labels (#121)
This pull request adds the `app` and `version` labels that are used by Istio.

> Pods with app and version labels: We recommend adding an explicit app label and version label to the specification of the pods deployed using a Kubernetes Deployment. The app and version labels add contextual information to the metrics and telemetry that Istio collects.
>
> * The app label: Each deployment should have a distinct app label with a meaningful value. The app label is used to add contextual information in distributed tracing.
>
> * The version label: This label indicates the version of the application corresponding to the particular deployment.

From https://istio.io/latest/docs/ops/deployment/requirements/#pod-requirements

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/121
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Starefossen <starefossen@noreply.gitea.io>
Co-committed-by: Starefossen <starefossen@noreply.gitea.io>
2021-03-01 20:20:55 +08:00
luhahn
0c8f226f1f Add ldap checksum (#101)
Fixed an error in ldap port setting.

Added ldap checksum to deployment so chart will actually update on ldap changes.

Fixes: #99

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/101
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-01-14 15:13:49 +08:00
luhahn
2826258cfc Several Improvements to Helm Chart (#87)
Improve ldap settings with helper function

Allow clusterIP for http service to be set, default to None

Use imagePullSecrets in statefulset now

Update default values

Update README

Bump Chart version

Co-authored-by: luhahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
2020-12-16 20:37:47 +08:00
Steffen Vogel
ed0ce3d192 Make cluster domain configurable (#51)
Merge branch 'master' into cluster-domain

Make cluster domain configurable

Currently the deployment fails due to a hard-coded cluster domain "cluster.local".

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Steffen Vogel <post@steffenvogel.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/51
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-Authored-By: Steffen Vogel <stv0g@noreply.gitea.io>
Co-Committed-By: Steffen Vogel <stv0g@noreply.gitea.io>
2020-10-30 01:08:58 +08:00
schra
a4e5943ca5 Upgrade mariadb Helm chart to 8.0.0 (#48)
Upgrade mariadb Helm chart to 8.0.0

The names of the values changed in the new Helm chart, see [1]. Thus the
Helm chart ships breaking changes and therefore bump the major version
of this Chart.yaml (not sure if you use semver?)

Furthermore, there is a bug [2] where not setting the root password
results in the mariadb entering a CrashLoopBackOff when re-installing
it. Thus set it (as done in the mysql values already).

[1] 1206942b69
[2] https://github.com/bitnami/charts/issues/3884

Co-authored-by: Andre Schröder <andre.schroedr@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/48
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-Authored-By: schra <schra@noreply.gitea.io>
Co-Committed-By: schra <schra@noreply.gitea.io>
2020-10-22 13:13:37 +08:00
luhahn
0877cc81ca Update dependencies and add MariaDB builtIn (#33)
Update dependencies

- Update Postgres version from 8.6.4 to 9.7.3
- Update Mysql version from 6.14.8 to 6.14.10
- Add MariaDB as built in dependency

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/33
Reviewed-by: Jonas Franz <jonasfranz@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-09-28 23:26:06 +00:00
luhahn
e85e1718de Fix memcached conditional and external database check in init container (#18)
Bump chart version

Update README.md with example for DB

Fix external host check for Databases

Fix condition for memcached in Chart.yaml

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/18
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
2020-09-03 21:27:11 +00:00
luhahn
5e0cfed9be Integrate NOVUM-RGI chart into the official helm chart. (#7)
Fix ssh port settings

Remove blank line from LICENSE file

add check for admin user

set PROTOCOL default to http

Add Konrad Lother as Maintainer

Update readme with generic values

make app.ini generic

- app.ini is now configurable via dictionary in values.yaml
- database and server configuration is autogenerated if not defined
- http and ssh services now use gitea config settings for targetPort
- add default security value INSTALL_LOCK = true
- clean up builtin cache settings

bump gitea version

Add values and Remove vscode TOC comments

- values enablePushCreateOrg and enablePushCreateUser have been added to repository settings

fix naming order of license and maintainers

Multiple improvements for the chart:

- add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error
- add guard for loadbalancer settings in ssh service
- use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6)
- init container now also provisions mysql and external database correctly

Fix PVC mounting issues for longhorn storageClass

Add examples to readme

Fix port setting for ssh

Fix and operator for newer helm versions

update values to support most configuration gitea offers

Replace Readme

update license file

Update helpers with dependencies, update NOTES.txt

update Chart.yaml with dependencies

Requirements.yaml removed, since this is deprecated and moved to Chart.yaml

Remove now unused dependencies and deployments

- init is no longer used since databases are initialized
  on original charts and managed with dependency
- ingress.yaml moved to templates/gitea
- deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml
- memcached also handled with helm dependency and initialized in original chart

Add initial test for gitea helm chart

Rework templates for helm chart.

- app.ini configurable via config
- admin user and ldap settings configurable via config
- using statefulset to handle pvc
- update helpers for new dependencies

remove helm build artifacts since they are not needed in this repository

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 17:56:55 +00:00
Charlie Drage
f75ba73ffd Revert "Use Secrets for passwords and tokens" 2020-05-15 13:48:03 -04:00
Thomas Matysik
5f3dd8a292 Use Secrets for passwords and tokens
Signed-off-by: Thomas Matysik <thomas@matysik.co.nz>
2020-05-15 13:48:03 -04:00
Charlie Drage
9061f0d470 Initial commit
Signed-off-by: Charlie Drage <charlie@charliedrage.com>
2019-12-12 13:38:31 -05:00