Commit Graph

236 Commits

Author SHA1 Message Date
techknowlogick
6c59fe361d v1.17.3 2022-10-17 04:19:45 +08:00
justusbunsi
d1f5dca573 Lock readme-generator-for-helm dependency (#369)
With every push on main/master branch of that repository, the referenced
tarball is replaced, causing npm integrity checks to fail. Locking the used
reference to a specific commit hash is more reliable.

There is an open issue regarding publishing on NPM. As long as this is
not resolved, we would need to use this workaround to get updates.

(https://github.com/bitnami-labs/readme-generator-for-helm/issues/36)

Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/369
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-10-14 00:16:41 +08:00
justusbunsi
b8f0310c43 Add gpg configuration settings (#343)
### Description of the change

This PR adds support for gpg key setup. It allows to pass the gpg private key content inline inside `values.yaml` or refer to an existing secret containing the key content data.

### Benefits

Administrators don't need to manually setup the gpg environment from inside a running container. It also eliminates the breaking change of Gitea 1.17 regarding `[git].HOME` as the `GNUPGHOME` environment variable is used consistently to relocate the `.gnupg` directory to its former location.

### Applicable issues

  - fixes #107

### Additional information

This PR add the first unit tests to this Helm Chart, ensuring templating integrity for signing related configuration.

### Checklist

- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)

Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/343
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-09-28 16:18:59 +08:00
cboin1996
0d1f748898 check existence of /data/gitea/conf/ instead of /data/gitea/ (#310)
### Description of the change

Checking the existence of the config directory should be done with the directory path itself. Not its parent directory.

This simple fix addresses that by using the config directory for its existence check.

### Benefits

Prior to #337 there was no other way to install this helm chart using the `extraVolumeMounts` setting with these values:

```yaml
replicaCount: %d

extraVolumes:
  - name: config-volume
    configMap:
      name: %s

extraVolumeMounts:
  - name: config-volume
    mountPath: /data/gitea/templates/custom
```

Without this fix, the Gitea pod would never initialize, and would crashloop with the same error in #296.

### Additional information

Mounting a configMap to `/data/gitea/templates/custom` causes the `/data/gitea` folder to exist even though the `/data/gitea/conf` had not been initialized yet. The initialization script saw that the `/data/gitea` dir existed and exited early without initializing `/data/gitea/conf`.

Co-authored-by: cboin1996 <christianboin@hotmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/310
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Co-authored-by: cboin1996 <cboin1996@noreply.gitea.io>
Co-committed-by: cboin1996 <cboin1996@noreply.gitea.io>
2022-09-26 04:08:56 +08:00
pat-s
6e5ae5c912 Increase line length linter to 200 (#355)
As discussed in #348

fix #348

Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/355
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Co-committed-by: pat-s <pat-s@noreply.gitea.io>
2022-09-25 23:21:52 +08:00
techknowlogick
bb26a872e9 1.17.2 2022-09-07 09:21:38 +08:00
techknowlogick
51bb72090e bogus commit 2022-08-23 03:22:30 +08:00
justusbunsi
58d21e07f9 Bump Gitea version to 1.17.1 (#353)
### Description of the change

Bumps Gitea version to 1.17.1. 🙂

### Applicable issues

  - fixes #340

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/353
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-08-23 02:51:21 +08:00
justusbunsi
299d6db142 Split "extraVolumeMounts" into init and container mounts (#337)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/337
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-08-08 03:32:19 +08:00
justusbunsi
a4ab5f981f Skip processing non-provided additional configs (#336)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/336
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-08-04 21:46:04 +08:00
justusbunsi
7801c9c5c9 Pre-generate LFS_JWT_SECRET during init phase (#335)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/335
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-08-04 20:47:24 +08:00
huww98
58fc28f6d0 fix: correctly handle tls ingress (#94)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/94
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: huww98 <huww98@outlook.com>
Co-committed-by: huww98 <huww98@outlook.com>
2022-07-28 16:29:33 +08:00
justusbunsi
32735ed4df Restructure changelog/upgrading approach (#331)
Description of the change

Mostly, this change just moves the changelog to the bottom of the README which helps new users to see the actual documentation. As the structure for the changes itself is slightly different, there are some changes in wording so that it still makes sense. But mostly structural changes.

The change within the dependency section is due to a broken link since auto-generating the parameters section. Now there are links to every dependency related parameters.
Benefits

It helps us to maintain a clear structure for the README of this project.
Possible drawbacks

Our users are currently trained to look at the top of the document to see the changes. They now have to scroll down or use the quick link from installation section.
Applicable issues

    fixes #247

Additional information

Every version section starts with a disclaimer right now. This is duplicated and might hide important text due to its existence. A centralized intruduction at top of the upgrading section tells the reader what to expect from that whole section.

I've also noticed that on ArtifactHub the emotes are not rendered correctly. So I replaced them with the actual ones and reduced their usage. That way it better highlights those parts the reader must not miss.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/331
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-07-16 01:27:48 +08:00
justusbunsi
aa97cdab5b Restore default behavior description for image tag (#330)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/330
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-07-10 04:43:04 +08:00
dek
bc16cc8134 add dnsConfig value support (#329)
Description of the change

Add support for a new value: dnsConfig, to be passed to the statefulset pod template configuration.

Default is {}, and does not change anything from current default pod configuration.
Benefits

Ability to fix some issues encountered with Alpine-based docker images, which may break DNS resolving on some clusters.

In particular, this allows to lower the ndots value, which fixes DNS resolving of FQDNs.

dnsConfig:
  options:
    - name: ndots
      value: "1"

Also, with this setting, one can set other parameters to finely tune DNS configuration for Gitea pods, if needed:

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
Possible drawbacks

None.
Additional information

Some relevant links about the issue this setting allows to fix:

https://stackoverflow.com/questions/65181012/does-alpine-have-known-dns-issue-within-kubernetes

https://gitlab.alpinelinux.org/alpine/aports/-/issues/9017
Checklist

    Parameters are documented in the values.yaml and added to the README.md using readme-generator-for-helm

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/329
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: dek <dek@noreply.gitea.io>
Co-committed-by: dek <dek@noreply.gitea.io>
2022-06-27 14:35:55 +08:00
justusbunsi
33586d26cf Describe breaking changes for 6.0.0 (#327)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/327
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-06-23 23:41:10 +08:00
justusbunsi
0172a59889 Properly lock chart dependencies (#326)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/326
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-06-15 15:37:25 +08:00
justusbunsi
2cc3195eaa Improve contribution part of this repository (#328)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/328
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-06-13 03:35:24 +08:00
cnfatal
b3b91e2044 generate readme Parameters from values.yaml (#323)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/323
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: cnfatal <cnfatal@noreply.gitea.io>
Co-committed-by: cnfatal <cnfatal@noreply.gitea.io>
2022-06-09 19:21:25 +08:00
cnfatal
9cb822f41c add global values support (#322)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/322
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: cnfatal <cnfatal@noreply.gitea.io>
Co-committed-by: cnfatal <cnfatal@noreply.gitea.io>
2022-06-09 18:55:08 +08:00
takirala
e59fbc4008 feat: switch to github raw url for bitnami charts (#324)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/324
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: takirala <takirala@noreply.gitea.io>
Co-committed-by: takirala <takirala@noreply.gitea.io>
2022-06-03 13:50:12 +08:00
techknowlogick
a466206d9e 1.16.8 2022-05-17 09:01:34 +08:00
techknowlogick
80032dfc5c 1.16.7 2022-05-02 13:36:55 +08:00
svenihoney
52ed32ae74 Allow configuration of ipFamilyPolicy and ipFamilies (#313)
To enable access to e.g. the SSH port by IPv6, the selection of ipFamilyPolicy and ipFamilies service attributes is necessary. Enable the possibility to configure these by helm values.

Co-authored-by: Sven Fischer <sven@leiderfischer.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/313
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: svenihoney <svenihoney@noreply.gitea.io>
Co-committed-by: svenihoney <svenihoney@noreply.gitea.io>
2022-04-25 19:56:25 +08:00
justusbunsi
b06b3edf1d Consider imagePullPolicy for init containers (#317)
The default behaviour for container image pulls depend on different values
such as image tag usage and its value.
See https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting

It leads to an unintended behaviour for this Helm Chart. Kubernetes
will always pull the image for init containers when using the `latest`
Gitea image tag, even if `Values.image.pullPolicy` defines a different
value for the runtime container.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/317
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-04-22 06:13:19 +08:00
takirala
a7bc46015e feat: configurable annotations for gitea StatefulSet (#315)
Fixes #314

Right now, the gitea StatefulSet does not allow any annotations to be configured via the helmchart - see https://gitea.com/gitea/helm-chart/src/tag/v5.0.4/templates/gitea/statefulset.yaml#L4-L6

My use case:

I am trying to use Reloader (https://github.com/stakater/Reloader) so that I can configure my values.yaml such that i can set some annotations on the StatefulSet and thus Reloader can rollout a restart of gitea StatefulSet whenever a watched secret or configmap is updated.

Co-authored-by: Tarun Gupta Akirala <tarugupta.92@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/315
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: takirala <takirala@noreply.gitea.io>
Co-committed-by: takirala <takirala@noreply.gitea.io>
2022-04-21 23:55:53 +08:00
techknowlogick
46b190adda 1.16.6 2022-04-21 09:03:01 +08:00
techknowlogick
d94226765d close #302
Signed-off-by: techknowlogick <techknowlogick@gitea.io>
2022-03-26 02:28:39 +08:00
techknowlogick
844c8daa0b 1.16.5
Signed-off-by: techknowlogick <techknowlogick@gitea.io>
2022-03-24 10:59:17 +08:00
techknowlogick
982ae60d8e 1.16.4
Signed-off-by: techknowlogick <techknowlogick@gitea.io>
2022-03-15 06:16:48 +08:00
luhahn
62b82459de Consider environment variables during app.ini creation (#298)
This PR improves the handling and injection into _app.ini_ of user defined environment variables via env-to-ini script.

Fixes #297

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/298
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
2022-03-09 14:47:55 +08:00
techknowlogick
9530967163 1.16.3 (#300)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/300
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
2022-03-04 16:32:18 +08:00
luhahn
d35de55248 Remove db connection check (#299)
This will remove the db connection check, which has caused some trouble in the past.

It will now simply run _gitea migrate_ and output a message, if the database is not available.

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/299
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2022-03-02 08:25:49 +08:00
justusbunsi
78b5858009 Simplify version handling (#250)
- Drop super legacy `image.version` value (see #92 description)
- Always use `appVersion` from Chart.yaml as image tag if non specified

---

Don't know whether this is a breaking change regarding image.version
drop.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/250
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-03-01 22:55:44 +08:00
techknowlogick
1a3ce54dfc update to 1.16.2 (#293)
replaces #290

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/293
2022-02-26 06:01:16 +08:00
a-zen
6896c7caae added hostPort support for ssh (#276)
This fixes my feature request (#275) to support hostPort to expose the ssh port.

Co-authored-by: alex <alex@zengers.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/276
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: a-zen <a-zen@noreply.gitea.io>
Co-committed-by: a-zen <a-zen@noreply.gitea.io>
2022-02-25 17:18:57 +08:00
justusbunsi
7bdf742e81 Add example for Kubernetes secret as additional source (#294)
As discussed in #286, an example for using Kubernetes secrets as additional configuration source was missing. This adds it.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/294
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-02-14 16:00:47 +08:00
justusbunsi
f2948646ba Fix markdown lint in CI (#295)
I saw a few PRs including this. Maybe it's good to have this as fast as possible to prevent others providing this fix, too.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/295
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-02-10 23:44:41 +08:00
techknowlogick
c010c3857e update to gitea 1.15.10 (#278)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/278
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2022-01-20 16:22:36 +08:00
luhahn
7fc444c08e Update README with multiple LDAP Sources (#271)
We did not mention the multiple LDAP Sources as a breaking change.

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/271
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
2021-12-23 21:43:21 +08:00
nmasse-itix
d550b5a2c4 Improve support for gitea instances not running as root or uid 1000 (#266)
## Context

PR #259 introduced support for running Gitea as a uid different than 1000 (git) or 0 (root).

## Problem

In init_directory_structure.sh, there is a "chown 1000:1000" on /tmp/gitea.
This chown only works when running as root or when the target directory is already owned by uid 1000.

As a result, the init container "init-directories" fails on startup when running Gitea with a uid different from 0 or 1000.

Initially, I worked around it by implementing an "initPreScript". But it would make user's life easier if we can make it work out-of-the-box.

## Resolution

I'm taking model on the chown a few lines above that depends on the value of image.rootless. Since the chown only works on default (root) image and is useless on rootless image, there is no need to run it on rootless image.

Co-authored-by: Nicolas MASSE <nicolas.masse@itix.fr>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/266
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
Co-committed-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
2021-12-23 18:50:56 +08:00
justusbunsi
5bb91510df Bump Gitea version to 1.15.8 (#270)
As title.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/270
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Gusted <gusted@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-23 03:56:36 +08:00
justusbunsi
c27140c4cb Add deprecation fail-safe for Chart templating (#269)
With release 5.0.0 there are so many deprecations and breaking changes
that it is probably a good way to assist the users with values migration
before breaking their environments.

This adds another template file that doesn't render anything but ensures
the removal of dropped or deprecated settings from customized values
files.

For when it is necessary, this check can be disabled via new setting
`checkDeprecation`.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/269
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-23 00:25:32 +08:00
luhahn
d97ea18626 Remove builtIn dependency values (#268)
⚠️ Breaking

Moved the values to enable the dependencies into the dependencies itself, this way we don't need a seperate field in the values and it is more obvious how to enable for example postgresql.

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/268
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
2021-12-22 23:41:35 +08:00
justusbunsi
7b0a1c7ae6 Generic way for configuring Gitea app.ini (#240)
With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources.
These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose
on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps.

- Fixes #243
- Fixes #174
- Fixes #260

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-22 18:44:04 +08:00
justusbunsi
66683e14df Remove "enabled" key check from OAuth (#267)
As this key must not exist anymore, we don't have to check it.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/267
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-21 18:59:18 +08:00
justusbunsi
6d9362ed39 Rework OAuth sources (#244)
This change request includes two different things to improve OAuth source handling:

- Allow multiple OAuth source configuration (Fixes: #191)
- Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242)

⚠️ BREAKING ⚠️
---

Users need to migrate their `gitea.oauth` configuration.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-20 22:43:55 +08:00
aleksey.sergey
cd09ccfcdb add support for persistence.subPath option (#263)
Hello,

PR adds a `persistence.subPath` option to provide user more flexibility on mounting the `data` PV.
https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath

The setting is similar to e.g. `primary.persistence.subPath` in MariaDB helm chart:
https://github.com/bitnami/charts/tree/master/bitnami/mariadb

Co-authored-by: Aleksey Sergey <sergey.aleksey90@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/263
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: aleksey.sergey <aleksey.sergey@noreply.gitea.io>
Co-committed-by: aleksey.sergey <aleksey.sergey@noreply.gitea.io>
2021-12-20 19:58:44 +08:00
iMartyn
d97b1567e2 Enable overriding of ingress api version for systems where detection doesn't work (#252)
fixes #251

The rendering is a bit more programatic but the result is the same if you don't have an override.  This makes the code a little easier at the end of the template, and slightly less easier to read at the beginning, which I think is a valid tradeoff.

Co-authored-by: Martyn Ranyard <m@rtyn.berlin>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/252
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: iMartyn <imartyn@noreply.gitea.io>
Co-committed-by: iMartyn <imartyn@noreply.gitea.io>
2021-12-20 19:54:37 +08:00
nmasse-itix
bef0cea1b1 split the securityContext in two: pod and container securityContext (#259)
Hello !

I'm using the new Helm chart (5.x) and I really like the new configuration mechanism. 👍

I would like to contribute the following enhancement.

## The problem I want to solve

I'm trying to deploy Gitea in a Kubernetes shared platform and I need to make sure each instance is running as a different user so that in case of container escape, the risk of data leak is minimized.

Additionally, on my platform (OpenShift), arbitrary users (such as uid 1000 for Gitea) are not allowed.

The current helm chart does not allow me to achieve this because:
- the container security context is configurable only for the main container. The security context of init containers cannot be specified.
- a fixed uid is hard coded
- a fixed fs group is hard coded

Also, the securityContext of a pod and the securityContext of a container do not accept the same options.

- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#securitycontext-v1-core

## How I'm solving the problem

I split the `securityContext` (values.yaml) in two: `containerSecurityContext` and `podSecurityContext`. The containerSecurityContext applies to all containers (init and main) in order to be consistent with file permissions.

The behavior for existing deployments is unchanged:

- fsGroup 1000 is the default value for the podSecurityContext variable
- the "configure-gitea" init container uses the uid 1000 unless otherwise stated in the containerSecurityContext
- the main container is using the existing securityContext variable when defined in order not to break existing deployments and uses the new containerSecurityContext variable if not.

This approach is well tested: it is used consistently on bitnami's Helm charts.

## How I tested

I tested both root and rootless variants on a Kubernetes 1.22, as well as rootless variant on OpenShift 4.7.

**rootless variant on Kubernetes**:

```yaml
podSecurityContext:
  fsGroup: 10001

containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
    add:
      - SYS_CHROOT
  privileged: false
  runAsGroup: 10001
  runAsNonRoot: true
  runAsUser: 10001

extraVolumes:
- name: var-lib-gitea
  emptyDir: {}

extraVolumeMounts:
- name: var-lib-gitea
  readOnly: false
  mountPath: "/var/lib/gitea"
```

**rootless variant on OpenShift**:

```yaml
podSecurityContext:
  fsGroup: null

containerSecurityContext:
  allowPrivilegeEscalation: false
  privileged: false
  runAsNonRoot: true
  runAsUser: 1000790000

extraVolumes:
- name: var-lib-gitea
  emptyDir: {}

extraVolumeMounts:
- name: var-lib-gitea
  readOnly: false
  mountPath: "/var/lib/gitea"
```

Let me know if something is unclear.

Co-authored-by: Nicolas MASSE <nicolas.masse@itix.fr>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/259
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
Co-committed-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
2021-12-18 19:10:48 +08:00