Commit Graph

123 Commits

Author SHA1 Message Date
techknowlogick
1a3ce54dfc update to 1.16.2 (#293)
replaces #290

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/293
2022-02-26 06:01:16 +08:00
a-zen
6896c7caae added hostPort support for ssh (#276)
This fixes my feature request (#275) to support hostPort to expose the ssh port.

Co-authored-by: alex <alex@zengers.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/276
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: a-zen <a-zen@noreply.gitea.io>
Co-committed-by: a-zen <a-zen@noreply.gitea.io>
2022-02-25 17:18:57 +08:00
justusbunsi
7bdf742e81 Add example for Kubernetes secret as additional source (#294)
As discussed in #286, an example for using Kubernetes secrets as additional configuration source was missing. This adds it.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/294
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-02-14 16:00:47 +08:00
justusbunsi
f2948646ba Fix markdown lint in CI (#295)
I saw a few PRs including this. Maybe it's good to have this as fast as possible to prevent others providing this fix, too.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/295
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2022-02-10 23:44:41 +08:00
techknowlogick
c010c3857e update to gitea 1.15.10 (#278)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/278
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2022-01-20 16:22:36 +08:00
luhahn
7fc444c08e Update README with multiple LDAP Sources (#271)
We did not mention the multiple LDAP Sources as a breaking change.

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/271
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
2021-12-23 21:43:21 +08:00
justusbunsi
5bb91510df Bump Gitea version to 1.15.8 (#270)
As title.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/270
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Gusted <gusted@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-23 03:56:36 +08:00
luhahn
d97ea18626 Remove builtIn dependency values (#268)
⚠️ Breaking

Moved the values to enable the dependencies into the dependencies itself, this way we don't need a seperate field in the values and it is more obvious how to enable for example postgresql.

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/268
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
2021-12-22 23:41:35 +08:00
justusbunsi
7b0a1c7ae6 Generic way for configuring Gitea app.ini (#240)
With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources.
These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose
on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps.

- Fixes #243
- Fixes #174
- Fixes #260

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-22 18:44:04 +08:00
justusbunsi
6d9362ed39 Rework OAuth sources (#244)
This change request includes two different things to improve OAuth source handling:

- Allow multiple OAuth source configuration (Fixes: #191)
- Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242)

⚠️ BREAKING ⚠️
---

Users need to migrate their `gitea.oauth` configuration.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-20 22:43:55 +08:00
aleksey.sergey
cd09ccfcdb add support for persistence.subPath option (#263)
Hello,

PR adds a `persistence.subPath` option to provide user more flexibility on mounting the `data` PV.
https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath

The setting is similar to e.g. `primary.persistence.subPath` in MariaDB helm chart:
https://github.com/bitnami/charts/tree/master/bitnami/mariadb

Co-authored-by: Aleksey Sergey <sergey.aleksey90@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/263
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: aleksey.sergey <aleksey.sergey@noreply.gitea.io>
Co-committed-by: aleksey.sergey <aleksey.sergey@noreply.gitea.io>
2021-12-20 19:58:44 +08:00
iMartyn
d97b1567e2 Enable overriding of ingress api version for systems where detection doesn't work (#252)
fixes #251

The rendering is a bit more programatic but the result is the same if you don't have an override.  This makes the code a little easier at the end of the template, and slightly less easier to read at the beginning, which I think is a valid tradeoff.

Co-authored-by: Martyn Ranyard <m@rtyn.berlin>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/252
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: iMartyn <imartyn@noreply.gitea.io>
Co-committed-by: iMartyn <imartyn@noreply.gitea.io>
2021-12-20 19:54:37 +08:00
nmasse-itix
bef0cea1b1 split the securityContext in two: pod and container securityContext (#259)
Hello !

I'm using the new Helm chart (5.x) and I really like the new configuration mechanism. 👍

I would like to contribute the following enhancement.

## The problem I want to solve

I'm trying to deploy Gitea in a Kubernetes shared platform and I need to make sure each instance is running as a different user so that in case of container escape, the risk of data leak is minimized.

Additionally, on my platform (OpenShift), arbitrary users (such as uid 1000 for Gitea) are not allowed.

The current helm chart does not allow me to achieve this because:
- the container security context is configurable only for the main container. The security context of init containers cannot be specified.
- a fixed uid is hard coded
- a fixed fs group is hard coded

Also, the securityContext of a pod and the securityContext of a container do not accept the same options.

- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#securitycontext-v1-core

## How I'm solving the problem

I split the `securityContext` (values.yaml) in two: `containerSecurityContext` and `podSecurityContext`. The containerSecurityContext applies to all containers (init and main) in order to be consistent with file permissions.

The behavior for existing deployments is unchanged:

- fsGroup 1000 is the default value for the podSecurityContext variable
- the "configure-gitea" init container uses the uid 1000 unless otherwise stated in the containerSecurityContext
- the main container is using the existing securityContext variable when defined in order not to break existing deployments and uses the new containerSecurityContext variable if not.

This approach is well tested: it is used consistently on bitnami's Helm charts.

## How I tested

I tested both root and rootless variants on a Kubernetes 1.22, as well as rootless variant on OpenShift 4.7.

**rootless variant on Kubernetes**:

```yaml
podSecurityContext:
  fsGroup: 10001

containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
    add:
      - SYS_CHROOT
  privileged: false
  runAsGroup: 10001
  runAsNonRoot: true
  runAsUser: 10001

extraVolumes:
- name: var-lib-gitea
  emptyDir: {}

extraVolumeMounts:
- name: var-lib-gitea
  readOnly: false
  mountPath: "/var/lib/gitea"
```

**rootless variant on OpenShift**:

```yaml
podSecurityContext:
  fsGroup: null

containerSecurityContext:
  allowPrivilegeEscalation: false
  privileged: false
  runAsNonRoot: true
  runAsUser: 1000790000

extraVolumes:
- name: var-lib-gitea
  emptyDir: {}

extraVolumeMounts:
- name: var-lib-gitea
  readOnly: false
  mountPath: "/var/lib/gitea"
```

Let me know if something is unclear.

Co-authored-by: Nicolas MASSE <nicolas.masse@itix.fr>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/259
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
Co-committed-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
2021-12-18 19:10:48 +08:00
justusbunsi
bfa68f6f58 Drop custom probes (#248)
As a replacement, the default probes are now fully configurable and used
as-is during Chart deployment.

Fixes: #189

⚠️ BREAKING ⚠️
---

Users have to remove the `custom` prefix from their probes, if customized.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/248
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-13 16:50:08 +08:00
luhahn
0461fa92a9 Rework app.ini generation (#239)
App ini is now generated by environment-to-ini

This should prevent some of the problems we had earlier with persisting the app.ini

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-11-20 05:15:45 +08:00
Markus Pesch
82763f109b feat/markdownlint (#200)
Hi,
this patch contains a markdownlinter. I think this has the advantage that all users stick to the same format and the `README.md` follows a consistent structure.

The markdownlinter can be configured via the `.markdownlint.yaml` file. All possible options are [here](https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml) documented.

I have created the initialie configuration. However, can be adapted to suggestions for change. Has of course the consequence that if necessary the `README.md` would have to be adapted. I have formatted this in advance according to the defined rules.

For users which use visual-code as IDE is additionally a plugin [available](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint).

Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/200
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Co-authored-by: Markus Pesch <volker.raschek@noreply.gitea.io>
Co-committed-by: Markus Pesch <volker.raschek@noreply.gitea.io>
2021-11-05 12:06:48 +08:00
techknowlogick
3fd34a9455 1.15.4 (#230)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/230
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2021-10-17 00:08:17 +08:00
luhahn
3273b245e7 Add multiple LDAP sources (#222)
Add multiple add sources.

Instead of a single entry for ldap configuration we now would have a dictionary for ldap config.

This would be a breaking change for those working with the ldap config.

fixes: #190

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-10-08 20:16:24 +08:00
pat-s
b344673d11 Add dev instructions to README (#228)
FYI: My editor automatically changes two trailing whitespaces into a linebreak. I know it's not completely the same but maybe it can be accepted (would make things easier in the long run).
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/228
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Co-committed-by: pat-s <pat-s@noreply.gitea.io>
2021-09-28 03:52:37 +08:00
techknowlogick
5a7d168c2e 1.15.3 (#225)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/225
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2021-09-26 08:44:59 +08:00
techknowlogick
9a220c2ddd 1.15.0 (#218)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/218
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2021-09-12 06:40:47 +08:00
wkit23
ce3e9babec Add support for ingressClassName (#217)
Hi,

I just add some minor changes to support specifying ingressClassName to support the newer specification in `networking.k8s.io/v1`. The annotation `kubernetes.io/ingress.class: nginx` only works with older API `networking.k8s.io/v1beta1`.

This is part of our move to support kubernetes 1.22.

Co-authored-by: Leong Wai Kit <waikit.leong@bertelsmann.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/217
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wkit23 <wkit23@noreply.gitea.io>
Co-committed-by: wkit23 <wkit23@noreply.gitea.io>
2021-09-02 10:53:48 +08:00
techknowlogick
ba0e8b18b5 1.14.6 (#212)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/212
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2021-08-13 04:14:49 +08:00
luhahn
6342a4dabd Document breaking changes (#202)
Documented some breaking changes. Please have a look and tell me, if I missed something :)

Fixes: #194
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/202
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-07-13 01:33:38 +08:00
justusbunsi
7de326d931 Drop kebab-case configuration notation (#196)
Currently there are two different styles for defining both ldap and oauth configuration in _values.yaml_ file: `camelCase` and `kebab-case`.
Supporting both styles created multiple regressions in the past.

⚠️ BREAKING ⚠️
---------------
These changes completely remove any support for `kebab-case` notation in _values.yaml_ in favor of `camelCase`. Configuration keys must use `camelCase`.
Only exception are Kubernetes resource keys for annotations or labels.

Fixes: #188

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/196
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-07-06 13:28:13 +08:00
Markus Pesch
767a073a0a SSH not working due missing security capability in CRI-O environment (#176)
This patch add the SYS_CHROOT capability if the securityContext is
undefined. Otherwise the SSH Server does not work correctly as described
in the issue #161.

Fixes: #161

Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/176
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: Markus Pesch <volker.raschek@noreply.gitea.io>
Co-committed-by: Markus Pesch <volker.raschek@noreply.gitea.io>
2021-07-01 23:02:56 +08:00
justusbunsi
b7dbb22025 Upgrade Gitea to 1.14.3 (#197)
Fixes: #195

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/197
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-30 23:25:56 +08:00
justusbunsi
9059229acb Rewrite init script (#178)
These changes rewrite the init script to be error aware, informative and have a bit more security awareness.

During rewrite several hidden bugs could be identified and fixed, such as:

- LDAP configuration options interpreted by the shell before passed to command
- Finding multiple ldap ids instead of one during lookup when their names are almost identical
e.g. `_my-ldap-auth` and `my-ldap-auth`
- Properly filter auth sources by their types to prevent unintended type converting attempts that fail

In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution.

Helps for: #149

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-30 04:09:16 +08:00
justusbunsi
7a3515c2f2 Customizable .gnupg folder location (#186)
The `HOME` path is not persistent when using the rootless image, so the
`.gnupg` folder isn't either. Since the chart always used `/data/...` as
mount point for storage of all kinds, it is a minimal impact to just
relocate the dynamic `$HOME/.gnupg` folder location to the persistent
`/data/git/.gnupg`. This is where the signing keys are stored when
running root based environments. Doing so will

 - allow migrations between both image variants
 - persist signing keys for rootless environments

Fixes: #155

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/186
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-30 03:23:32 +08:00
mattkaar
0e191bfc7a Support custom Ingress path (#151)
Adds support for a custom Ingress path. This allows us to run Gitea as a path in an existing domain.

Co-authored-by: Matt Kaar <mkaar@cert.org>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/151
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: mattkaar <mattkaar@noreply.gitea.io>
Co-committed-by: mattkaar <mattkaar@noreply.gitea.io>
2021-06-25 02:28:45 +08:00
justusbunsi
f0ed41de9e Fix minor README flaws (#184)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/184
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-20 03:35:21 +08:00
luhahn
c49dc047a4 Allow existing secrets for passwords (#170)
Allow admin user and password to be configured via existing secrets

Allow LDAP bindDn and bindPassword to be configured via existing secrets

Update Readme

Fixes: #169

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/170
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-06-10 19:13:33 +08:00
techknowlogick
031b58c90e update docs for 1.14.2
Signed-off-by: techknowlogick <techknowlogick@gitea.io>
2021-06-08 01:55:05 +08:00
luhahn
178bc0ab79 Improve http service and update Readme (#167)
This PR adds some options for the http service:

- loadBalancerIP
- nodePort
- externalTrafficPolicy
- externalIPs

Also updated the README and values.yml with the values.

Added storageClass explanation in README and empty value in values.yml

Fixes: #162

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/167
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-06-08 01:53:01 +08:00
mrdima
5b5ea7173a Add value option to define schedulerName (#150)
For those who have a need to configure the schedulerName like us, make this an option just as it is for example in the postgres chart

Co-authored-by: Dimitri Ars <dimitri.ars@kpn.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/150
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: mrdima <mrdima@noreply.gitea.io>
Co-committed-by: mrdima <mrdima@noreply.gitea.io>
2021-06-07 16:41:16 +08:00
luhahn
b88bbd6d4d gitea-1.14.x-updates (#148)
This PR includes the changes from:

- https://gitea.com/gitea/helm-chart/pulls/129
- https://gitea.com/gitea/helm-chart/pulls/140

In addition it adds the possibility to include secrets via environment variables as mentioned in #60

Co-authored-by: Hans Kristian Flaatten <hans.flaatten@evry.com>
Co-authored-by: flavio.prado <flavio.prado@noreply.gitea.io>
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/148
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-04-29 17:12:48 +08:00
techknowlogick
c742b5dbc3 1.13.7 (#139)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/139
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2021-04-12 15:58:17 +08:00
luhahn
ec8a26ecfc Update Gitea version to 1.13.5 (#134)
Co-authored-by: luhahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/134
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-03-22 21:01:33 +08:00
kaipmdh
8d8dd0d84e Update README.md for typo fixes and grammar (#131)
Minor changes to grammar, minor typo fixes.

Signed-off-by: kaipmdh <kaipmdh@noreply.gitea.io>

Co-authored-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/131
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: kaipmdh <kaipmdh@noreply.gitea.io>
Co-committed-by: kaipmdh <kaipmdh@noreply.gitea.io>
2021-03-17 08:09:44 +08:00
Michael Kriese
551f4e312e Allow override kubernetes probes (#117)
- Allow overriding liveness and readiness probe
- Add optional startup probe

closes #118

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/117
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
2021-03-01 22:46:05 +08:00
Dunky13
d1c58a2e77 OAuth2 configuration options (#123)
I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request.

Hope it can help others.

Co-authored-by: Marc Went <marc.went+git@redkubes.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Dunky13 <dunky13@noreply.gitea.io>
Co-committed-by: Dunky13 <dunky13@noreply.gitea.io>
2021-03-01 20:24:11 +08:00
martencassel
33903d8f6c Add support to run gitea with an optional securityContext (#115)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/115
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: martencassel <martencassel@noreply.gitea.io>
Co-committed-by: martencassel <martencassel@noreply.gitea.io>
2021-03-01 20:16:49 +08:00
JosefWN
790d0405c2 Fix typo enabling pprof (#114)
Nothing critical, but had a typo in the naming of the config entry to enable `pprof`.

Co-authored-by: josef <josef.nilsen@outlook.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/114
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: JosefWN <josefwn@noreply.gitea.io>
Co-committed-by: JosefWN <josefwn@noreply.gitea.io>
2021-02-17 17:44:40 +08:00
techknowlogick
b5ab7201d1 1.13.2 (#108)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/108
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2021-02-05 01:46:55 +08:00
sanigo
4ad5cf1d19 Add sshPublicKeyAttribute attribute setting for ldap auth,and Allow setting labels and annotations for gitea pvc. (#76)
1. sshPublicKeyAttribute is useful to sync ssh public keys from ldap.
2. It would be easier to set pvc annotations/labels for those who are using storage services from cloud providers.

Co-authored-by: 钱卫春 <qianwch@chinasofti.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/76
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: sanigo <sanigo@noreply.gitea.io>
Co-committed-by: sanigo <sanigo@noreply.gitea.io>
2021-01-22 16:24:37 +08:00
JosefWN
7f828e87f6 Add support for metrics and pprof (#100)
Adds support for toggling support for `pprof` and metrics:

```yaml
gitea:
  pprofEnabled: true

  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
```

Co-authored-by: josef <josef.nilsen@outlook.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/100
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: JosefWN <josefwn@noreply.gitea.io>
Co-committed-by: JosefWN <josefwn@noreply.gitea.io>
2021-01-21 23:45:26 +08:00
petergardfjall
57479bdf37 enhancements to support postgres client-cert authentication (#47)
This PR adds a few new chart features which adds to the flexibility of the chart.

- allow extra volumes to be mounted (such as secrets): 2f862c5a48
- pass environment variables also to the init-container: 7044049478
- allow a preparation script to be "injected" into the init-container: 6125a69345

As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret:

```
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: gitea-postgres-ssl
data:
  postgresql.crt: <base64...>
  postgresql.key: <base64...>
  root.crt: <base64...>
```

and then mounting this as a volume in Gitea using:

```
extraVolumes:
- name: postgres-ssl-vol
  secret:
    secretName: gitea-postgres-ssl

extraVolumeMounts:
- name: postgres-ssl-vol
  readOnly: true
  mountPath: "/pg-ssl"
```

To get the right permissions on the credentials, we'd use the `initPreScript`:

```
initPreScript: |
  # copy postgres client and CA cert from mount and
  # give proper permissions
  mkdir -p /data/git/.postgresql
  cp /pg-ssl/* /data/git/.postgresql/
  chown -R git:git /data/git/.postgresql/
  chmod 400 /data/git/.postgresql/postgresql.key
```

and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container):

```
statefulset:
  env:
  - name:  "PGSSLCERT"
    value: "/data/git/.postgresql/postgresql.crt"
  - name:  "PGSSLKEY"
    value: "/data/git/.postgresql/postgresql.key"
  - name:  "PGSSLROOTCERT"
    value: "/data/git/.postgresql/root.crt"
```

Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io>
Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io>
2021-01-20 19:28:39 +08:00
fabioluciano
daba777e24 Update 'README.md' (#102)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/102
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: fabioluciano <fabioluciano@noreply.gitea.io>
Co-committed-by: fabioluciano <fabioluciano@noreply.gitea.io>
2021-01-13 23:49:58 +08:00
techknowlogick
54cc78b43a 1.13.1 (#97)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/97
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
2021-01-02 13:07:11 +08:00
lafriks
2c066d7c9e Use image tag instead of image version in values (#91)
Use image tag instead of image version in values

Change to tenary function instead of if

Update description and add link to tag list

Fixup readme

Co-authored-by: Lauris BH <lauris@nix.lv>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/91
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-Authored-By: lafriks <lafriks@noreply.gitea.io>
Co-Committed-By: lafriks <lafriks@noreply.gitea.io>
2020-12-21 06:53:45 +08:00
luhahn
2826258cfc Several Improvements to Helm Chart (#87)
Improve ldap settings with helper function

Allow clusterIP for http service to be set, default to None

Use imagePullSecrets in statefulset now

Update default values

Update README

Bump Chart version

Co-authored-by: luhahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
2020-12-16 20:37:47 +08:00
luhahn
5311243a6e Fix admin user creation for gitea 1.13.0, chart version 2.1.0 (#80)
Fix admin user creation for gitea 1.13.0

Add load balancer hint for ssh in README

Merge branch 'master' into fix-admin-user-creation

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/80
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
2020-12-10 17:16:13 +08:00
techknowlogick
4fdf4ef41b Gitea 1.13.0 (#75)
Gitea 1.13.0

Update 'README.md'

Update 'values.yaml'

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/75
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-Authored-By: techknowlogick <techknowlogick@gitea.io>
Co-Committed-By: techknowlogick <techknowlogick@gitea.io>
2020-12-07 07:54:10 +08:00
techknowlogick
79690ee488 Gitea 1.12.6 (#58)
Merge branch 'master' into gitea1.12.6

Gitea 1.12.6

Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: Matti R <matti@mdranta.net>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/58
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-Authored-By: techknowlogick <techknowlogick@gitea.io>
Co-Committed-By: techknowlogick <techknowlogick@gitea.io>
2020-11-17 15:41:27 +08:00
luhahn
f62b82e956 Let storageClass be set automatically (#45)
Merge branch 'master' into master

Bump chart version and add gitea/helm-chart as link for artifacthub

Remove default value for storageClass

Remove storageClass 'Standard' and let it be set automatically

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/45
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
2020-10-30 01:10:10 +08:00
schra
a4e5943ca5 Upgrade mariadb Helm chart to 8.0.0 (#48)
Upgrade mariadb Helm chart to 8.0.0

The names of the values changed in the new Helm chart, see [1]. Thus the
Helm chart ships breaking changes and therefore bump the major version
of this Chart.yaml (not sure if you use semver?)

Furthermore, there is a bug [2] where not setting the root password
results in the mariadb entering a CrashLoopBackOff when re-installing
it. Thus set it (as done in the mysql values already).

[1] 1206942b69
[2] https://github.com/bitnami/charts/issues/3884

Co-authored-by: Andre Schröder <andre.schroedr@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/48
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-Authored-By: schra <schra@noreply.gitea.io>
Co-Committed-By: schra <schra@noreply.gitea.io>
2020-10-22 13:13:37 +08:00
luhahn
4c17cc839e Store gitea app data in PVC (#37)
Bump Chart version

Extend REAMDE

- add default handling explanation
- add MariaDB values

Add APP_DATA_PATH default to config

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/37
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-06 09:03:20 +00:00
Flavio Castelli
cd982e5fcd Fix indentation error inside of yaml example (#30)
Merge branch 'master' into fix-indentation

Merge branch 'master' into fix-indentation

Fix indentation error inside of yaml example

The `SCHEMA` key belongs to the `database` map. This commit fixes the
indindentation to properly reflect that.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Flavio Castelli <fcastelli@suse.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/30
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Andrew Thornton <art27@cantab.net>
2020-09-25 20:00:46 +00:00
mmuenster
ffd6e5f92c Ability to add pod annotation to statefulset (#24)
ability to add pod annotation

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/24
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-09-24 16:32:11 +00:00
Jasper-Ben
8060d080db allow for additional container environment variables (#16)
Co-authored-by: Jasper Orschulko <Jasper.Orschulko@irisgmbh.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/16
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-10 10:15:34 +00:00
techknowlogick
9d25bc75d5 update readme to reference latest docker image 2020-09-07 23:32:46 +00:00
luhahn
e85e1718de Fix memcached conditional and external database check in init container (#18)
Bump chart version

Update README.md with example for DB

Fix external host check for Databases

Fix condition for memcached in Chart.yaml

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/18
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
2020-09-03 21:27:11 +00:00
onedr0p
5261fa8599 Let service.ssh.externalIPs and service.ssh.externalTrafficPolicy be configurable (#15)
remove Cluster from readme

externalTrafficPolicy and externalIPs example in values

document service.ssh.externalTrafficPolicy and service.ssh.externalIPs

bump chart version

externalIPs and externalTrafficPolicy

let service.ssh.externalIPs and service.ssh.externalTrafficPolicy be configurable

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/15
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-02 12:09:24 +00:00
techknowlogick
df6cb3b5de Update README to use dl.gitea.io/charts (#14)
Update README to use dl.gitea.io/charts

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/14
2020-08-29 03:54:09 +00:00
luhahn
5e0cfed9be Integrate NOVUM-RGI chart into the official helm chart. (#7)
Fix ssh port settings

Remove blank line from LICENSE file

add check for admin user

set PROTOCOL default to http

Add Konrad Lother as Maintainer

Update readme with generic values

make app.ini generic

- app.ini is now configurable via dictionary in values.yaml
- database and server configuration is autogenerated if not defined
- http and ssh services now use gitea config settings for targetPort
- add default security value INSTALL_LOCK = true
- clean up builtin cache settings

bump gitea version

Add values and Remove vscode TOC comments

- values enablePushCreateOrg and enablePushCreateUser have been added to repository settings

fix naming order of license and maintainers

Multiple improvements for the chart:

- add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error
- add guard for loadbalancer settings in ssh service
- use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6)
- init container now also provisions mysql and external database correctly

Fix PVC mounting issues for longhorn storageClass

Add examples to readme

Fix port setting for ssh

Fix and operator for newer helm versions

update values to support most configuration gitea offers

Replace Readme

update license file

Update helpers with dependencies, update NOTES.txt

update Chart.yaml with dependencies

Requirements.yaml removed, since this is deprecated and moved to Chart.yaml

Remove now unused dependencies and deployments

- init is no longer used since databases are initialized
  on original charts and managed with dependency
- ingress.yaml moved to templates/gitea
- deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml
- memcached also handled with helm dependency and initialized in original chart

Add initial test for gitea helm chart

Rework templates for helm chart.

- app.ini configurable via config
- admin user and ldap settings configurable via config
- using statefulset to handle pvc
- update helpers for new dependencies

remove helm build artifacts since they are not needed in this repository

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 17:56:55 +00:00
Ask Bjørn Hansen
de5bebb4c1 Support setting podannotations
Fixes #23
2020-06-05 01:22:44 -07:00
Charlie Drage
f75ba73ffd Revert "Use Secrets for passwords and tokens" 2020-05-15 13:48:03 -04:00
Thomas Matysik
5f3dd8a292 Use Secrets for passwords and tokens
Signed-off-by: Thomas Matysik <thomas@matysik.co.nz>
2020-05-15 13:48:03 -04:00
techknowlogick
cb32886d8b minor readme update 2020-05-15 13:48:03 -04:00
Charlie Drage
f53c3f7536 Update link
Signed-off-by: Charlie Drage <charlie@charliedrage.com>
2019-12-12 15:53:08 -05:00
Charlie Drage
3d3f2cf93a Update readme to new location
Signed-off-by: Charlie Drage <charlie@charliedrage.com>
2019-12-12 13:41:09 -05:00
Charlie Drage
9061f0d470 Initial commit
Signed-off-by: Charlie Drage <charlie@charliedrage.com>
2019-12-12 13:38:31 -05:00
Charlie Drage
9156c98a1a
Initial commit 2019-12-12 13:06:26 -05:00