matthew/helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: matthew:main
Branches Tags
matthew:main
matthew:fix-674
matthew:app-ini-recreation
matthew:fix-env-to-ini
matthew:clean-app-ini
matthew:gitea-ha
matthew:v10.4.0
matthew:v10.3.0
matthew:v10.2.0
matthew:v10.1.4
matthew:v10.1.3
matthew:v10.1.2
matthew:v10.1.1
matthew:v10.1.0
matthew:v10.0.2
matthew:v10.0.1
matthew:v10.0.0
matthew:v9.6.1
matthew:v9.6.0
matthew:v9.5.1
matthew:v9.5.0
matthew:v9.4.0
matthew:v9.3.0
matthew:v9.2.1
matthew:v9.2.0
matthew:v9.1.0
matthew:v9.0.4
matthew:v9.0.3
matthew:v9.0.2
matthew:v9.0.1
matthew:v9.0.0
matthew:v8.3.0
matthew:v8.2.0
matthew:v8.1.0
matthew:v8.0.3
matthew:v8.0.2
matthew:v8.0.1
matthew:v8.0.0
matthew:v7.0.4
matthew:v7.0.3
matthew:v7.0.2
matthew:v7.0.1
matthew:v7.0.0
matthew:v6.0.5
matthew:v6.0.4
matthew:v6.0.3
matthew:v6.0.2
matthew:v6.0.1
matthew:v6.0.0
matthew:v5.0.9
matthew:v5.0.8
matthew:v5.0.7
matthew:v5.0.6
matthew:v5.0.5
matthew:v5.0.4
matthew:v5.0.3
matthew:v5.0.2
matthew:v5.0.1
matthew:v5.0.0
matthew:v4.1.1
matthew:v4.1.0
matthew:v4.0.3
matthew:v4.0.2
matthew:v4.0.1
matthew:v4.0.0
matthew:v3.1.4
matthew:v3.1.3
matthew:v3.1.2
matthew:v3.1.1
matthew:v3.1.0
matthew:v3.0.0
matthew:v2.2.5
matthew:v2.2.4
matthew:v2.2.3
matthew:v2.2.2
matthew:v2.2.1
matthew:v2.2.0
matthew:v2.1.11
matthew:v2.1.10
matthew:v2.1.9
matthew:v2.1.8
matthew:v2.1.7
matthew:v2.1.6
matthew:v2.1.5
matthew:v2.1.4
matthew:v2.1.3
matthew:v2.1.2
matthew:v2.1.1
matthew:v2.1.0
matthew:v2.0.7
matthew:v2.0.6
matthew:v2.0.5
matthew:v2.0.4
matthew:v2.0.3
matthew:v2.0.2
matthew:v2.0.0
matthew:v1.5.5
matthew:v1.5.4
matthew:v1.5.3
matthew:v1.5.2
matthew:v1.5.1
matthew:v1.5.0
matthew:v1.4.9
matthew:v1.4.8
matthew:v1.4.7
matthew:v1.4.6
matthew:v1.4.5
matthew:v1.4.4
matthew:v1.4.3
matthew:v1.4.2
..
compare: matthew:fix-env-to-ini
Branches Tags
matthew:main
matthew:fix-674
matthew:app-ini-recreation
matthew:fix-env-to-ini
matthew:clean-app-ini
matthew:gitea-ha
matthew:v10.4.0
matthew:v10.3.0
matthew:v10.2.0
matthew:v10.1.4
matthew:v10.1.3
matthew:v10.1.2
matthew:v10.1.1
matthew:v10.1.0
matthew:v10.0.2
matthew:v10.0.1
matthew:v10.0.0
matthew:v9.6.1
matthew:v9.6.0
matthew:v9.5.1
matthew:v9.5.0
matthew:v9.4.0
matthew:v9.3.0
matthew:v9.2.1
matthew:v9.2.0
matthew:v9.1.0
matthew:v9.0.4
matthew:v9.0.3
matthew:v9.0.2
matthew:v9.0.1
matthew:v9.0.0
matthew:v8.3.0
matthew:v8.2.0
matthew:v8.1.0
matthew:v8.0.3
matthew:v8.0.2
matthew:v8.0.1
matthew:v8.0.0
matthew:v7.0.4
matthew:v7.0.3
matthew:v7.0.2
matthew:v7.0.1
matthew:v7.0.0
matthew:v6.0.5
matthew:v6.0.4
matthew:v6.0.3
matthew:v6.0.2
matthew:v6.0.1
matthew:v6.0.0
matthew:v5.0.9
matthew:v5.0.8
matthew:v5.0.7
matthew:v5.0.6
matthew:v5.0.5
matthew:v5.0.4
matthew:v5.0.3
matthew:v5.0.2
matthew:v5.0.1
matthew:v5.0.0
matthew:v4.1.1
matthew:v4.1.0
matthew:v4.0.3
matthew:v4.0.2
matthew:v4.0.1
matthew:v4.0.0
matthew:v3.1.4
matthew:v3.1.3
matthew:v3.1.2
matthew:v3.1.1
matthew:v3.1.0
matthew:v3.0.0
matthew:v2.2.5
matthew:v2.2.4
matthew:v2.2.3
matthew:v2.2.2
matthew:v2.2.1
matthew:v2.2.0
matthew:v2.1.11
matthew:v2.1.10
matthew:v2.1.9
matthew:v2.1.8
matthew:v2.1.7
matthew:v2.1.6
matthew:v2.1.5
matthew:v2.1.4
matthew:v2.1.3
matthew:v2.1.2
matthew:v2.1.1
matthew:v2.1.0
matthew:v2.0.7
matthew:v2.0.6
matthew:v2.0.5
matthew:v2.0.4
matthew:v2.0.3
matthew:v2.0.2
matthew:v2.0.0
matthew:v1.5.5
matthew:v1.5.4
matthew:v1.5.3
matthew:v1.5.2
matthew:v1.5.1
matthew:v1.5.0
matthew:v1.4.9
matthew:v1.4.8
matthew:v1.4.7
matthew:v1.4.6
matthew:v1.4.5
matthew:v1.4.4
matthew:v1.4.3
matthew:v1.4.2

1 Commits
main ... fix-env-to

Author SHA1 Message Date
pat-s
e18ecb5c62
debug 2023-07-19 23:26:49 +02:00
44 changed files with 296 additions and 1815 deletions
Show Stats Expand all files Collapse all files

39
.gitea/workflows/release-version.yml
View File

@ -5,37 +5,24 @@ on:
tags:
- "*"
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.15.3"
jobs:
generate-chart-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: install tools
run: |
apt update -y
apt install -y curl ca-certificates curl gnupg
# helm
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
helm version
# docker
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt install -y curl
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
apt update -y
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
apt install -y python helm python3-pip apt-transport-https
pip install awscli
- name: Import GPG key
id: import_gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
uses: https://github.com/crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
@ -44,22 +31,18 @@ jobs:
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
- name: package chart
run: |
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
helm plugin install https://github.com/pat-s/helm-gpg
helm dependency build
helm dependency update
helm package --version "${GITHUB_REF#refs/tags/v}" ./
helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz"
mkdir gitea
mv gitea*.tgz gitea/
curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
# push to dockerhub
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
helm registry logout registry-1.docker.io
curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
- name: aws credential configure
uses: https://github.com/aws-actions/configure-aws-credentials@v4
uses: https://github.com/aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

33
.gitea/workflows/test-pr.yml
View File

@ -1,37 +1,32 @@
name: check-and-test
on:
pull_request:
branches:
- "*"
push:
branches:
- main
- "renovate/**"
env:
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
HELM_UNITTEST_VERSION: "v0.5.2"
- pull_request
jobs:
check-and-test:
runs-on: ubuntu-latest
container: alpine/helm:3.15.3
steps:
- uses: actions/checkout@v3
- name: install tools
run: |
apk update
apk add --update make nodejs npm yamllint
- uses: actions/checkout@v4
- name: install chart dependencies
run: helm dependency build
apt update -y
apt install -y curl make
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
apt update -y
apt install -y helm python3-pip
pip install yamllint
- name: dependency update
run: helm dependency update
- name: lint
run: helm lint
- name: template
run: helm template --debug gitea-helm .
run: |
helm template --debug gitea-helm .
- name: unit tests
run: |
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
helm plugin install --version 0.3.3 https://github.com/helm-unittest/helm-unittest
make unittests
- name: verify readme
run: |

2
.markdownlint.yaml
View File

@ -73,7 +73,7 @@ MD022:
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
siblings_only: true
allow_different_nesting: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:

8
.vscode/extensions.json vendored
View File

@ -1,8 +0,0 @@
{
"recommendations": [
"yzhang.markdown-all-in-one",
"DavidAnson.vscode-markdownlint",
"Tim-Koehler.helm-intellisense",
"esbenp.prettier-vscode"
]
}

8
.vscode/settings.json vendored
View File

@ -1,8 +0,0 @@
{
"yaml.schemas": {
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
"/unittests/**/*.yaml"
]
},
"yaml.schemaStore.enable": true
}

1
CODEOWNERS
View File

@ -1 +0,0 @@
* @justusbunsi @pat-s

9
CONTRIBUTING.md
View File

@ -9,7 +9,12 @@ refactorings for easier maintainability or documentation improvements.
- [`helm`](https://helm.sh/docs/intro/install/)
- `make` is optional; you may call the commands directly
When using Visual Studio Code as IDE, a [ready-to-use profile](.vscode/) is available.
When using Visual Studio Code as IDE, following plugins might be useful:
- [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one)
- [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint)
- [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense)
- [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode)
## Documentation Requirements
@ -56,7 +61,7 @@ $ helm plugin install https://github.com/helm-unittest/helm-unittest
make unittests
```
See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions.
See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions.
## Release process

13
Chart.lock
View File

@ -1,15 +1,12 @@
dependencies:
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 15.5.20
version: 12.6.6
- name: postgresql-ha
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.2.16
version: 11.7.9
- name: redis-cluster
repository: oci://registry-1.docker.io/bitnamicharts
version: 10.3.0
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 19.6.4
digest: sha256:a28c809273f313c482e3f803a0a002c3bb3a0d2090bf6b732d68ecc4710b4732
generated: "2024-08-03T00:21:16.080925346Z"
version: 8.6.9
digest: sha256:52296a48610712a8eb69a32b1b5818b014bfb8dac79d883e11ebdaf97d41e85d
generated: "2023-07-17T21:24:06.888357+02:00"

23
Chart.yaml
View File

@ -3,9 +3,8 @@ name: gitea
description: Gitea Helm chart for Kubernetes
type: application
version: 0.0.0
# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
appVersion: 1.22.1
icon: https://gitea.com/assets/img/logo.svg
appVersion: 1.20.0
icon: https://docs.gitea.io/images/gitea.png
keywords:
- git
@ -32,24 +31,20 @@ maintainers:
- name: Patrick Schratz
email: patrick.schratz@gmail.com
# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details
dependencies:
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql
# Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 15.5.20
version: 12.6.6
condition: postgresql.enabled
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
# Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml)
- name: postgresql-ha
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.2.16
version: 11.7.9
condition: postgresql-ha.enabled
# https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
# Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml)
- name: redis-cluster
repository: oci://registry-1.docker.io/bitnamicharts
version: 10.3.0
version: 8.6.9
condition: redis-cluster.enabled
# https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 19.6.4
condition: redis.enabled

2
Makefile
View File

@ -9,7 +9,7 @@ readme: prepare-environment
.PHONY: unittests
unittests:
helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./
helm unittest --strict -f 'unittests/**/*.yaml' ./
.PHONY: helm
update-helm-dependencies:

391
README.md
View File

@ -3,21 +3,11 @@
- [Introduction](#introduction)
- [Update and versioning policy](#update-and-versioning-policy)
- [Dependencies](#dependencies)
- [HA Dependencies](#ha-dependencies)
- [Non-HA Dependencies](#non-ha-dependencies)
- [Dependency Versioning](#dependency-versioning)
- [Installing](#installing)
- [High Availability](#high-availability)
- [Configuration](#configuration)
- [Default Configuration](#default-configuration)
- [Database defaults](#database-defaults)
- [Server defaults](#server-defaults)
- [Metrics defaults](#metrics-defaults)
- [Rootless Defaults](#rootless-defaults)
- [Session, Cache and Queue](#session-cache-and-queue)
- [Single-Pod Configurations](#single-pod-configurations)
- [Additional _app.ini_ settings](#additional-appini-settings)
- [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
- [External Database](#external-database)
- [Ports and external url](#ports-and-external-url)
- [ClusterIP](#clusterip)
@ -32,7 +22,6 @@
- [Metrics and profiling](#metrics-and-profiling)
- [Pod annotations](#pod-annotations)
- [Themes](#themes)
- [Renovate](#renovate)
- [Parameters](#parameters)
- [Global](#global)
- [strategy](#strategy)
@ -50,14 +39,13 @@
- [ReadinessProbe](#readinessprobe)
- [StartupProbe](#startupprobe)
- [redis-cluster](#redis-cluster)
- [redis](#redis)
- [PostgreSQL HA](#postgresql-ha)
- [PostgreSQL-ha](#postgresql-ha)
- [PostgreSQL](#postgresql)
- [Advanced](#advanced)
- [Contributing](#contributing)
- [Upgrading](#upgrading)
[Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go.
[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go.
It is published under the MIT license.
## Introduction
@ -84,65 +72,30 @@ Yet most often no issues will be encountered and the chart maintainers aim to co
## Dependencies
Gitea is most performant when run with an external database and cache.
This chart provides those dependencies via sub-charts.
Users can also configure their own external providers via the configuration.
Gitea can be run with an external database and cache.
This chart provides those dependencies, which can be enabled, or disabled via configuration.
### HA Dependencies
Dependencies:
These dependencies are enabled by default:
- PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml))
- Redis-Cluster ([Bitnami Redis-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml))
### Non-HA Dependencies
Alternatively, the following non-HA replacements are available:
- PostgreSQL ([Bitnami PostgreSQL](<Postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)>))
- Redis ([Bitnami Redis](<Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)>))
### Dependency Versioning
Updates of sub-charts will be incorporated into the Gitea chart as they are released.
The reasoning behind this is that new users of the chart will start with the most recent sub-chart dependency versions.
**Note** If you want to stay on an older appVersion of a sub-chart dependency (e.g. PostgreSQL), you need to override the image tag in your `values.yaml` file.
In fact, we recommend to do so right from the start to be independent of major sub-chart dependency changes as they are released.
There is no need to update to every new PostgreSQL major version - you can happily skip some and do larger updates when you are ready for them.
We recommend to use a rolling tag like `:<majorVersion>-debian-<debian major version>` to incorporate minor and patch updates for the respective major version as they are released.
Alternatively you can also use a versioning helper tool like [renovate](https://github.com/renovatebot/renovate).
Please double-check the image repository and available tags in the sub-chart:
- [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags)
- [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags)
- [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags)
- [Redis](https://hub.docker.com/r/bitnami/redis/tags)
and look up the image tag which fits your needs on Dockerhub.
- PostgreSQL HA ([configuration](#postgresql))
- Redis Cluster ([configuration](#cache))
## Installing
```sh
helm repo add gitea-charts https://dl.gitea.com/charts/
helm repo add gitea-charts https://dl.gitea.io/charts/
helm repo update
helm install gitea gitea-charts/gitea
```
Alternatively, the chart can also be installed from Dockerhub (since v9.6.0)
```sh
helm install gitea oci://registry-1.docker.io/giteacharts/gitea
```
When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes.
## High Availability
Since version 9.0.0 this chart supports running Gitea and it's dependencies in HA mode.
Care must be taken for production use as not all implementation details of Gitea core are officially HA-ready yet.
⚠️ **EXPERIMENTAL** ⚠️
Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup.
The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready.
Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies.
See the [HA Setup](docs/ha-setup.md) document for more details.
@ -150,7 +103,7 @@ See the [HA Setup](docs/ha-setup.md) document for more details.
## Configuration
Gitea offers lots of configuration options.
This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet).
This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/).
```yaml
gitea:
@ -213,109 +166,9 @@ The Prometheus `/metrics` endpoint is disabled by default.
ENABLED = false
```
#### Rootless Defaults
If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
- `$HOME` becomes `/data/gitea/git`
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations
- `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`)
[see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition
- `SSH_LISTEN_PORT: 2222` (Unless explicity overwritten by `gitea.config.server.SSH_LISTEN_PORT`)
[see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition
- `SSH_LOG_LEVEL` environment variable is not injected into the container
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations
#### Session, Cache and Queue
The session, cache and queue settings are set to use the built-in Redis Cluster sub-chart dependency.
If Redis Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`.
While these will work and even not cause immediate issues after startup, **they are not recommended for production use**.
Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory.
It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload.
External tools such as `redis-cluster` or `memcached` handle these workloads much better.
### Single-Pod Configurations
If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance.
1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `redis`):
<details>
<summary>values.yml</summary>
```yaml
redis-cluster:
enabled: false
redis:
enabled: true
postgresql:
enabled: true
postgresql-ha:
enabled: false
persistence:
enabled: true
gitea:
config:
database:
DB_TYPE: postgres
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
```
</details>
2. For a minimal DEV installation (using the built-in sqlite DB instead of Postgres):
This will result in a single-pod Gitea instance _without any dependencies and persistence_.
**Do not use this configuration for production use**.
<details>
<summary>values.yml</summary>
```yaml
redis-cluster:
enabled: false
redis:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: false
gitea:
config:
database:
DB_TYPE: sqlite3
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level
```
</details>
### Additional _app.ini_ settings
> **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)
> section cannot be defined that way.**
Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file.
@ -402,7 +255,7 @@ Priority (highest to lowest) for defining app.ini variables:
### External Database
Any external database listed in [https://docs.gitea.com/installation/database-prep](https://docs.gitea.com/installation/database-prep) can be used instead of the built-in PostgreSQL.
Any external database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL.
In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm.
If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL.
@ -569,24 +422,10 @@ gitea:
existingSecret: gitea-admin-secret
```
Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set.
- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated.
- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password.
- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login.
These modes can be set like the following:
```yaml
gitea:
admin:
passwordMode: initialOnlyRequireReset
```
### LDAP Settings
Like the admin user the LDAP settings can be updated.
All LDAP values from <https://docs.gitea.com/administration/command-line#admin> are available.
All LDAP values from <https://docs.gitea.io/en-us/command-line/#admin> are available.
Multiple LDAP sources can be configured with additional LDAP list items.
@ -641,7 +480,7 @@ Affected options:
Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
Deleting OAuth2 settings has to be done in the ui.
All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are
All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are
available.
Multiple OAuth2 sources can be configured with additional OAuth list items.
@ -719,7 +558,7 @@ signing:
```
To use the gpg key, Gitea needs to be configured accordingly.
A detailed description can be found in the [official Gitea documentation](https://docs.gitea.com/administration/signing#general-configuration).
A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration).
## Metrics and profiling
@ -753,8 +592,6 @@ gitea:
Custom themes can be added via k8s secrets and referencing them in `values.yaml`.
The [http provider](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) is useful here.
```yaml
extraVolumes:
- name: gitea-themes
@ -764,7 +601,7 @@ extraVolumes:
extraVolumeMounts:
- name: gitea-themes
readOnly: true
mountPath: "/data/gitea/public/assets/css"
mountPath: "/data/gitea/public/css"
```
The secret can be created via `terraform`:
@ -777,37 +614,13 @@ resource "kubernetes_secret" "gitea-themes" {
}
data = {
"my-theme.css" = data.http.gitea-theme-light.body
"my-theme-dark.css" = data.http.gitea-theme-dark.body
"my-theme-auto.css" = data.http.gitea-theme-auto.body
"theme-custom.css" = "${file("FULL-PATH-TO-CSS")}"
"theme-custom-dark.css" = "${file("FULL-PATH-TO-CSS")}"
}
type = "Opaque"
}
data "http" "gitea-theme-light" {
url = "<raw theme url>"
request_headers = {
Accept = "application/json"
}
}
data "http" "gitea-theme-dark" {
url = "<raw theme url>"
request_headers = {
Accept = "application/json"
}
}
data "http" "gitea-theme-auto" {
url = "<raw theme url>"
request_headers = {
Accept = "application/json"
}
depends_on = [kubernetes_namespace.gitea]
}
```
@ -817,34 +630,6 @@ or natively via `kubectl`:
kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --namespace gitea
```
## Renovate
To be able to use a digest value which is automatically updated by `Renovate` a [customManager](https://docs.renovatebot.com/modules/manager/regex/) is required.
Here's an examplary `values.yml` definition which makes use of a digest:
```yaml
image:
repository: gitea/gitea
tag: 1.20.2
digest: sha256:6e3b85a36653894d6741d0aefb41dfaac39044e028a42e0a520cc05ebd7bfc3f
```
By default Renovate adds digest after the `tag`.
To comply with the Gitea helm chart definition of the digest parameter, a "customManagers" definition is required:
```json
"customManagers": [
{
"customType": "regex",
"description": "Apply an explicit gitea digest field match",
"fileMatch": ["values\\.ya?ml"],
"matchStrings": ["(?<depName>gitea\\/gitea)\\n(?<indentation>\\s+)tag: (?<currentValue>[^@].*?)\\n\\s+digest: (?<currentDigest>sha256:[a-f0-9]+)"],
"datasourceTemplate": "docker",
"autoReplaceStringTemplate": "{{depName}}\n{{indentation}}tag: {{newValue}}\n{{indentation}}digest: {{#if newDigest}}{{{newDigest}}}{{else}}{{{currentDigest}}}{{/if}}"
}
]
```
## Parameters
### Global
@ -868,16 +653,14 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
### Image
| Name | Description | Value |
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `image.repository` | Image to start for this pod | `gitea/gitea` |
| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` |
| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` |
| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` |
| `imagePullSecrets` | Secret to use for pulling the image | `[]` |
| Name | Description | Value |
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `image.repository` | Image to start for this pod | `gitea/gitea` |
| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` |
| `image.pullPolicy` | Image pull policy | `Always` |
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` |
| `imagePullSecrets` | Secret to use for pulling the image | `[]` |
### Security
@ -903,8 +686,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
| `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` |
| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` |
| `service.http.annotations` | HTTP service annotations | `{}` |
| `service.http.labels` | HTTP service additional labels | `{}` |
| `service.http.loadBalancerClass` | Loadbalancer class | `nil` |
| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` |
| `service.ssh.port` | Port number for ssh traffic | `22` |
| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` |
@ -917,8 +698,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
| `service.ssh.hostPort` | HostPort for ssh service | `nil` |
| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` |
| `service.ssh.annotations` | SSH service annotations | `{}` |
| `service.ssh.labels` | SSH service additional labels | `{}` |
| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` |
### Ingress
@ -996,28 +775,27 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
| ------------------------ | ----------------------------------------------------------------- | ------------------ |
| `signing.enabled` | Enable commit/action signing | `false` |
| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` |
| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` |
| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` |
| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` |
### Gitea
| Name | Description | Value |
| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- |
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` |
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` |
| `gitea.ldap` | LDAP configuration | `[]` |
| `gitea.oauth` | OAuth configuration | `[]` |
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` |
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
| Name | Description | Value |
| -------------------------------------- | ------------------------------------------------------------------------- | -------------------- |
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` |
| `gitea.ldap` | LDAP configuration | `[]` |
| `gitea.oauth` | OAuth configuration | `[]` |
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` |
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
### LivenessProbe
@ -1057,40 +835,24 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
### redis-cluster
Redis cluster and [Redis](#redis) cannot be enabled at the same time.
| Name | Description | Value |
| --------------------------- | -------------------------------------- | ------- |
| `redis-cluster.enabled` | Enable redis | `true` |
| `redis-cluster.usePassword` | Whether to use password authentication | `false` |
| Name | Description | Value |
| -------------------------------- | -------------------------------------------- | ------- |
| `redis-cluster.enabled` | Enable redis cluster | `true` |
| `redis-cluster.usePassword` | Whether to use password authentication | `false` |
| `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` |
| `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` |
### redis
Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
| Name | Description | Value |
| ----------------------------- | ------------------------------------------ | ------------ |
| `redis.enabled` | Enable redis standalone or replicated | `false` |
| `redis.architecture` | Whether to use standalone or replication | `standalone` |
| `redis.global.redis.password` | Required password | `changeme` |
| `redis.master.count` | Number of Redis master instances to deploy | `1` |
### PostgreSQL HA
### PostgreSQL-ha
| Name | Description | Value |
| ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
| `postgresql-ha.enabled` | Enable PostgreSQL HA | `true` |
| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` |
| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` |
| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` |
| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` |
| `postgresql-ha.global.postgresql.password` | Name for a custom password to create (overrides `auth.password`) | `gitea` |
| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` |
| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` |
| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` |
| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` |
| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` |
| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` |
### PostgreSQL
@ -1127,31 +889,6 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
<details>
<summary>To 10.0.0</summary>
<!-- prettier-ignore-start -->
<!-- markdownlint-disable-next-line -->
**Breaking changes**
<!-- prettier-ignore-end -->
- Update PostgreSQL sub-chart dependencies to appVersion 16.x
- Update to sub-charts versioning approach: Users are encouraged to pin the version tag of the sub-chart dependencies to a major appVersion.
This avoids issues during chart upgrades and allows to incorporate new sub-chart versions as they are released.
Please see the new [README section describing the versioning approach for sub-chart versions](#dependency-versioning).
</details>
<details>
<summary>To 9.6.0</summary>
Chart 9.6.0 ships with Gitea 1.21.0.
While there are no breaking changes in the chart, please check the changes of the [1.21 release blog post](https://blog.gitea.com/release-of-1.21.0/).
</details>
<details>
<summary>To 9.0.0</summary>
This chart release comes with many breaking changes while aiming for a HA-ready setup.
@ -1196,34 +933,22 @@ The previous `memcache` default was not HA-ready, hence we decided to switch to
If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly:
```yaml
gitea:
config:
session:
PROVIDER: redis-cluster
PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
cache:
ENABLED: true
ADAPTER: redis-cluster
HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
queue:
TYPE: redis
CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
```
<!-- prettier-ignore-start -->
<!-- markdownlint-disable-next-line -->
**Switch to rootless image by default**
<!-- prettier-ignore-end -->
If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition:
Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s).
<!-- prettier-ignore-start -->
<!-- markdownlint-disable-next-line -->
**Transitioning from a RWO to RWX Persistent Volume**
<!-- prettier-ignore-end -->
If you want to switch to a RWX volume and go for HA, you need to
@ -1231,10 +956,8 @@ If you want to switch to a RWX volume and go for HA, you need to
2. Let the chart create a new RWX PV (or do it statically yourself)
3. Restore the backup to the same location in the new PV
<!-- prettier-ignore-start -->
<!-- markdownlint-disable-next-line -->
**Transitioning from Postgres to Postgres HA**
<!-- prettier-ignore-end -->
If you are running with a non-HA PG DB from a previous chart release, you need to set
@ -1243,10 +966,8 @@ If you are running with a non-HA PG DB from a previous chart release, you need t
This is needed to stay with your existing single-instance DB (as the HA-variant is the new default).
<!-- prettier-ignore-start -->
<!-- markdownlint-disable-next-line -->
**Change of env-to-ini prefix**
<!-- prettier-ignore-end -->
Before this release, the env-to-ini prefix was `ENV_TO_INI__`.
This allowed a clear distinction between user-provided and chart-provided env-to-ini variables.

7
docs/ha-setup.md
View File

@ -1,5 +1,7 @@
# High Availability
⚠️ **EXPERIMENTAL** ⚠️
All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment.
The following document explains how to achieve this for all individual components.
@ -95,11 +97,6 @@ To do so, you need to set the following configuration values yourself:
- `gitea.config.cache.ADAPTER`: `redis`
- `gitea.config.cache.HOST`: `<your redis connection string>`
By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica.
To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default.
Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned.
For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`.
## Object and asset storage
Object/asset storage refers to the storage of attachments, avatars, LFS files, etc.

232
package-lock.json generated
View File

@ -8,7 +8,7 @@
"license": "MIT",
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdownlint-cli": "^0.41.0"
"markdownlint-cli": "^0.34.0"
},
"engines": {
"node": ">=16.0.0",
@ -16,9 +16,9 @@
}
},
"node_modules/@bitnami/readme-generator-for-helm": {
"version": "2.6.1",
"resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.6.1.tgz",
"integrity": "sha512-rN0m0sfbOuaNdCmQWBfSj9o4kgzz+Dw67Dl1ssDVqghv/UpLkrDmNuTxhD1CWu+sesGL66UYJ2VplGz9KxlAdg==",
"version": "2.5.0",
"resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.0.tgz",
"integrity": "sha512-bYggL/kWwyxjctSrIBMOcrTQSj8LA3yYcEzfGTJIFoHKl5M7ifZtox//8G5K3FTw6qdOnPZcA10fl2y4N6uB/g==",
"dev": true,
"dependencies": {
"commander": "^7.1.0",
@ -195,9 +195,9 @@
"dev": true
},
"node_modules/entities": {
"version": "4.5.0",
"resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
"integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz",
"integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==",
"dev": true,
"engines": {
"node": ">=0.12"
@ -261,9 +261,9 @@
}
},
"node_modules/ignore": {
"version": "5.3.1",
"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz",
"integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==",
"version": "5.2.4",
"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz",
"integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==",
"dev": true,
"engines": {
"node": ">= 4"
@ -286,12 +286,12 @@
"dev": true
},
"node_modules/ini": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/ini/-/ini-4.1.1.tgz",
"integrity": "sha512-QQnnxNyfvmHFIsj7gkPcYymR8Jdw/o7mp5ZFihxn6h8Ci6fh3Dx4E1gPjpQEpIuPo9XVNY/ZUwh4BPMjGyL01g==",
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/ini/-/ini-3.0.1.tgz",
"integrity": "sha512-it4HyVAUTKBc6m8e1iXWvXSTdndF7HbdN713+kvLrymxTaU4AUBWrJ4vEooP+V7fexnVD3LKcBshjGGPefSMUQ==",
"dev": true,
"engines": {
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
"node": "^12.13.0 || ^14.15.0 || >=16.0.0"
}
},
"node_modules/is-fullwidth-code-point": {
@ -310,11 +310,10 @@
"dev": true
},
"node_modules/jackspeak": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz",
"integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==",
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.2.0.tgz",
"integrity": "sha512-r5XBrqIJfwRIjRt/Xr5fv9Wh09qyhHfKnYddDlpM+ibRR20qrYActpCAgU6U+d53EOEjzkvxPMVHSlgR7leXrQ==",
"dev": true,
"license": "BlueOak-1.0.0",
"dependencies": {
"@isaacs/cliui": "^8.0.2"
},
@ -341,27 +340,18 @@
}
},
"node_modules/jsonc-parser": {
"version": "3.2.1",
"resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz",
"integrity": "sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==",
"version": "3.2.0",
"resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.0.tgz",
"integrity": "sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==",
"dev": true
},
"node_modules/jsonpointer": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz",
"integrity": "sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==",
"dev": true,
"engines": {
"node": ">=0.10.0"
}
},
"node_modules/linkify-it": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
"integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz",
"integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==",
"dev": true,
"dependencies": {
"uc.micro": "^2.0.0"
"uc.micro": "^1.0.1"
}
},
"node_modules/lodash": {
@ -371,29 +361,28 @@
"dev": true
},
"node_modules/lru-cache": {
"version": "10.2.2",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz",
"integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==",
"version": "9.1.1",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-9.1.1.tgz",
"integrity": "sha512-65/Jky17UwSb0BuB9V+MyDpsOtXKmYwzhyl+cOa9XUiI4uV2Ouy/2voFP3+al0BjZbJgMBD8FojMpAf+Z+qn4A==",
"dev": true,
"engines": {
"node": "14 || >=16.14"
}
},
"node_modules/markdown-it": {
"version": "14.1.0",
"resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz",
"integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==",
"version": "13.0.1",
"resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz",
"integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1",
"entities": "^4.4.0",
"linkify-it": "^5.0.0",
"mdurl": "^2.0.0",
"punycode.js": "^2.3.1",
"uc.micro": "^2.1.0"
"entities": "~3.0.1",
"linkify-it": "^4.0.1",
"mdurl": "^1.0.1",
"uc.micro": "^1.0.5"
},
"bin": {
"markdown-it": "bin/markdown-it.mjs"
"markdown-it": "bin/markdown-it.js"
}
},
"node_modules/markdown-table": {
@ -410,45 +399,39 @@
}
},
"node_modules/markdownlint": {
"version": "0.34.0",
"resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.34.0.tgz",
"integrity": "sha512-qwGyuyKwjkEMOJ10XN6OTKNOVYvOIi35RNvDLNxTof5s8UmyGHlCdpngRHoRGNvQVGuxO3BJ7uNSgdeX166WXw==",
"version": "0.28.2",
"resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.28.2.tgz",
"integrity": "sha512-yYaQXoKKPV1zgrFsyAuZPEQoe+JrY9GDag9ObKpk09twx4OCU5lut+0/kZPrQ3W7w82SmgKhd7D8m34aG1unVw==",
"dev": true,
"dependencies": {
"markdown-it": "14.1.0",
"markdownlint-micromark": "0.1.9"
"markdown-it": "13.0.1",
"markdownlint-micromark": "0.1.2"
},
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/DavidAnson"
"node": ">=14.18.0"
}
},
"node_modules/markdownlint-cli": {
"version": "0.41.0",
"resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.41.0.tgz",
"integrity": "sha512-kp29tKrMKdn+xonfefjp3a/MsNzAd9c5ke0ydMEI9PR98bOjzglYN4nfMSaIs69msUf1DNkgevAIAPtK2SeX0Q==",
"version": "0.34.0",
"resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.34.0.tgz",
"integrity": "sha512-4G9I++VBTZkaye6Yfc/7dU6HQHcyldZEVB+bYyQJLcpJOHKk/q5ZpGqK80oKMIdlxzsA3aWOJLZ4DkoaoUWXbQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"commander": "~12.1.0",
"commander": "~10.0.1",
"get-stdin": "~9.0.0",
"glob": "~10.4.1",
"ignore": "~5.3.1",
"glob": "~10.2.2",
"ignore": "~5.2.4",
"js-yaml": "^4.1.0",
"jsonc-parser": "~3.2.1",
"jsonpointer": "5.0.1",
"markdownlint": "~0.34.0",
"minimatch": "~9.0.4",
"run-con": "~1.3.2",
"smol-toml": "~1.2.0"
"jsonc-parser": "~3.2.0",
"markdownlint": "~0.28.2",
"minimatch": "~9.0.0",
"run-con": "~1.2.11"
},
"bin": {
"markdownlint": "markdownlint.js"
},
"engines": {
"node": ">=18"
"node": ">=14"
}
},
"node_modules/markdownlint-cli/node_modules/brace-expansion": {
@ -456,50 +439,46 @@
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
"dev": true,
"license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0"
}
},
"node_modules/markdownlint-cli/node_modules/commander": {
"version": "12.1.0",
"resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz",
"integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==",
"version": "10.0.1",
"resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
"integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=18"
"node": ">=14"
}
},
"node_modules/markdownlint-cli/node_modules/glob": {
"version": "10.4.1",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz",
"integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==",
"version": "10.2.2",
"resolved": "https://registry.npmjs.org/glob/-/glob-10.2.2.tgz",
"integrity": "sha512-Xsa0BcxIC6th9UwNjZkhrMtNo/MnyRL8jGCP+uEwhA5oFOCY1f2s1/oNKY47xQ0Bg5nkjsfAEIej1VeH62bDDQ==",
"dev": true,
"license": "ISC",
"dependencies": {
"foreground-child": "^3.1.0",
"jackspeak": "^3.1.2",
"minimatch": "^9.0.4",
"minipass": "^7.1.2",
"path-scurry": "^1.11.1"
"jackspeak": "^2.0.3",
"minimatch": "^9.0.0",
"minipass": "^5.0.0",
"path-scurry": "^1.7.0"
},
"bin": {
"glob": "dist/esm/bin.mjs"
"glob": "dist/cjs/src/bin.js"
},
"engines": {
"node": ">=16 || 14 >=14.18"
"node": ">=16 || 14 >=14.17"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/markdownlint-cli/node_modules/minimatch": {
"version": "9.0.4",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
"integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.0.tgz",
"integrity": "sha512-0jJj8AvgKqWN05mrwuqi8QYKx1WmYSUoKSxu5Qhs9prezTz10sxAHGNZe9J9cqIJzta8DWsleh2KaVaLl6Ru2w==",
"dev": true,
"license": "ISC",
"dependencies": {
"brace-expansion": "^2.0.1"
},
@ -511,21 +490,18 @@
}
},
"node_modules/markdownlint-micromark": {
"version": "0.1.9",
"resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.9.tgz",
"integrity": "sha512-5hVs/DzAFa8XqYosbEAEg6ok6MF2smDj89ztn9pKkCtdKHVdPQuGMH7frFfYL9mLkvfFe4pTyAMffLbjf3/EyA==",
"version": "0.1.2",
"resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.2.tgz",
"integrity": "sha512-jRxlQg8KpOfM2IbCL9RXM8ZiYWz2rv6DlZAnGv8ASJQpUh6byTBnEsbuMZ6T2/uIgntyf7SKg/mEaEBo1164fQ==",
"dev": true,
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/DavidAnson"
"node": ">=14.18.0"
}
},
"node_modules/mdurl": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz",
"integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==",
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz",
"integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==",
"dev": true
},
"node_modules/minimatch": {
@ -550,13 +526,12 @@
}
},
"node_modules/minipass": {
"version": "7.1.2",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
"integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz",
"integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==",
"dev": true,
"license": "ISC",
"engines": {
"node": ">=16 || 14 >=14.17"
"node": ">=8"
}
},
"node_modules/once": {
@ -587,31 +562,21 @@
}
},
"node_modules/path-scurry": {
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
"integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
"version": "1.7.0",
"resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.7.0.tgz",
"integrity": "sha512-UkZUeDjczjYRE495+9thsgcVgsaCPkaw80slmfVFgllxY+IO8ubTsOpFVjDPROBqJdHfVPUFRHPBV/WciOVfWg==",
"dev": true,
"license": "BlueOak-1.0.0",
"dependencies": {
"lru-cache": "^10.2.0",
"minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
"lru-cache": "^9.0.0",
"minipass": "^5.0.0"
},
"engines": {
"node": ">=16 || 14 >=14.18"
"node": ">=16 || 14 >=14.17"
},
"funding": {
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/punycode.js": {
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz",
"integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==",
"dev": true,
"engines": {
"node": ">=6"
}
},
"node_modules/repeat-string": {
"version": "1.6.1",
"resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz",
@ -622,14 +587,14 @@
}
},
"node_modules/run-con": {
"version": "1.3.2",
"resolved": "https://registry.npmjs.org/run-con/-/run-con-1.3.2.tgz",
"integrity": "sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==",
"version": "1.2.11",
"resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.11.tgz",
"integrity": "sha512-NEMGsUT+cglWkzEr4IFK21P4Jca45HqiAbIIZIBdX5+UZTB24Mb/21iNGgz9xZa8tL6vbW7CXmq7MFN42+VjNQ==",
"dev": true,
"dependencies": {
"deep-extend": "^0.6.0",
"ini": "~4.1.0",
"minimist": "^1.2.8",
"ini": "~3.0.0",
"minimist": "^1.2.6",
"strip-json-comments": "~3.1.1"
},
"bin": {
@ -669,17 +634,6 @@
"url": "https://github.com/sponsors/isaacs"
}
},
"node_modules/smol-toml": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.2.0.tgz",
"integrity": "sha512-KObxdQANC/xje3OoatMbSwQf2XAvJ0RbK+4nmQRszFNZptbNRnMWqbLF/zb4sMi9xJ6HNyhWXeuZ9zC/I/XY7w==",
"dev": true,
"license": "BSD-3-Clause",
"engines": {
"node": ">= 18",
"pnpm": ">= 9"
}
},
"node_modules/string-width": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
@ -789,9 +743,9 @@
}
},
"node_modules/uc.micro": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz",
"integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==",
"version": "1.0.6",
"resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz",
"integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==",
"dev": true
},
"node_modules/which": {

2
package.json
View File

@ -14,6 +14,6 @@
},
"devDependencies": {
"@bitnami/readme-generator-for-helm": "^2.5.0",
"markdownlint-cli": "^0.41.0"
"markdownlint-cli": "^0.34.0"
}
}

75
renovate.json5
View File

@ -1,75 +0,0 @@
{
$schema: 'https://docs.renovatebot.com/renovate-schema.json',
extends: [
'gitea>gitea/renovate-config',
':automergeMinor',
'schedule:automergeDaily',
'schedule:weekends',
],
labels: [
'kind/dependency',
],
automergeStrategy: 'squash',
customManagers: [
{
description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
customType: 'regex',
fileMatch: [
'.gitea/workflows/.+\\.ya?ml$',
],
matchStrings: [
'# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
],
},
{
description: 'Detect helm-unittest yaml schema file',
customType: 'regex',
fileMatch: ['.vscode/settings\\.json$'],
matchStrings: [
'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
],
datasourceTemplate: 'github-releases',
},
{
'description': 'Automatically detect new Gitea releases',
'customType': 'regex',
'fileMatch': ['(^|/)Chart\\.yaml$'],
'matchStrings': [
'# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n',
],
},
],
packageRules: [
{
groupName: 'subcharts (minor & patch)',
matchManagers: [
'helmv3',
],
matchUpdateTypes: [
'minor',
'patch',
'digest',
],
},
{
groupName: 'workflow dependencies (minor & patch)',
matchManagers: [
'github-actions',
'npm',
'custom.regex',
],
matchUpdateTypes: [
'minor',
'patch',
'digest',
],
},
{
description: 'Override changelog url for Helm image, to have release notes in our PRs',
matchDepNames: [
'alpine/helm',
],
changelogUrl: 'https://github.com/helm/helm',
},
],
}

16
templates/NOTES.txt
View File

@ -18,19 +18,3 @@
echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
{{- end }}
{{- $warnings := list -}}
{{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}}
{{- $warnings = append $warnings "Gitea uses 'memory' for caching which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#cache-cache for available options." -}}
{{- end }}
{{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}}
{{- $warnings = append $warnings "Gitea uses 'leveldb' for queue actions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#queue-queue-and-queue for available options." -}}
{{- end }}
{{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}}
{{- $warnings = append $warnings "Gitea uses 'memory' for sessions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#session-session for available options." -}}
{{- end }}
{{- if gt (len $warnings) 0 }}
2. Review these warnings:
{{- range $warnings }}
- {{ . }}
{{- end }}
{{- end }}

117
templates/_helpers.tpl
View File

@ -3,6 +3,26 @@
Expand the name of the chart.
*/}}
{{- /* multiple replicas assertions */ -}}
{{- if gt .Values.replicaCount 1.0 -}}
{{- fail "When using multiple replicas, a RWX file system is required" -}}
{{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}}
{{- fail "When using multiple replicas, a RWX file system is required" -}}
{{- end }}
{{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
{{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}}
{{- end }}
{{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}}
{{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}}
{{- end }}
{{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
{{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}}
{{- end }}
{{- end }}
{{- define "gitea.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
@ -36,22 +56,14 @@ Create chart name and version as used by the chart label.
Create image name and tag used by the deployment.
*/}}
{{- define "gitea.image" -}}
{{- $fullOverride := .Values.image.fullOverride | default "" -}}
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
{{- $repository := .Values.image.repository -}}
{{- $separator := ":" -}}
{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}}
{{- $name := .Values.image.repository -}}
{{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
{{- $digest := "" -}}
{{- if .Values.image.digest }}
{{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}}
{{- end -}}
{{- if $fullOverride }}
{{- printf "%s" $fullOverride -}}
{{- else if $registry }}
{{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}}
{{- if $registry -}}
{{- printf "%s/%s:%s%s" $registry $name $tag $rootless -}}
{{- else -}}
{{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}}
{{- printf "%s:%s%s" $name $tag $rootless -}}
{{- end -}}
{{- end -}}
@ -74,7 +86,7 @@ imagePullSecrets:
Storage Class
*/}}
{{- define "gitea.persistence.storageClass" -}}
{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
{{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }}
{{- if $storageClass }}
storageClassName: {{ $storageClass | quote }}
{{- end }}
@ -100,46 +112,30 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "postgresql-ha.dns" -}}
{{- if (index .Values "postgresql-ha").enabled -}}
{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
{{- end -}}
{{- end -}}
{{- define "postgresql.dns" -}}
{{- if (index .Values "postgresql").enabled -}}
{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
{{- end -}}
{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
{{- end -}}
{{- define "redis.dns" -}}
{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}}
{{- else if (index .Values "redis-cluster").enabled -}}
{{- if (index .Values "redis-cluster").enabled -}}
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
{{- else if (index .Values "redis").enabled -}}
{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}}
{{- end -}}
{{- end -}}
{{- define "redis.port" -}}
{{- if (index .Values "redis-cluster").enabled -}}
{{ (index .Values "redis-cluster").service.ports.redis }}
{{- else if (index .Values "redis").enabled -}}
{{ (index .Values "redis").master.service.ports.redis }}
{{- end -}}
{{- end -}}
{{- define "redis.servicename" -}}
{{- if (index .Values "redis-cluster").enabled -}}
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
{{- else if (index .Values "redis").enabled -}}
{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
{{- end -}}
{{- end -}}
{{- define "gitea.default_domain" -}}
{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}}
{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "gitea.ldap_settings" -}}
@ -278,33 +274,23 @@ https
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
{{- end -}}
{{- if (index .Values "redis-cluster").enabled -}}
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
{{- if not (.Values.gitea.config.cache.HOST) -}}
{{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
{{- end -}}
{{- end -}}
{{- /* redis queue */ -}}
{{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
{{- if (index .Values "redis-cluster").enabled -}}
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
{{- end -}}
{{- if not (get .Values.gitea.config.session "PROVIDER") -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
{{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
{{- else -}}
{{- if not (get .Values.gitea.config.session "PROVIDER") -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" "" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.queue "TYPE") -}}
{{- $_ := set .Values.gitea.config.queue "TYPE" "level" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.queue "CONN_STR") -}}
{{- $_ := set .Values.gitea.config.queue "CONN_STR" "" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.cache "ADAPTER") -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memory" -}}
{{- end -}}
{{- if not (get .Values.gitea.config.cache "HOST") -}}
{{- $_ := set .Values.gitea.config.cache "HOST" "" -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
@ -320,7 +306,7 @@ https
{{- end -}}
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
{{- if gt (len .Values.ingress.hosts) 0 -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
{{- end -}}
@ -358,21 +344,12 @@ https
{{- if (index .Values "postgresql-ha" "enabled") -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql-ha.dns" .) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
{{- end -}}
{{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "database") -}}
{{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "username") -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "password") -}}
{{- end -}}
{{- if (index .Values "postgresql" "enabled") -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
{{- end -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.auth.database -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.auth.username -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.auth.password -}}
{{- end -}}
{{- end -}}
{{- define "gitea.init-additional-mounts" -}}
@ -400,11 +377,3 @@ https
{{- define "gitea.serviceAccountName" -}}
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
{{- end -}}
{{- define "gitea.admin.passwordMode" -}}
{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
{{ .Values.gitea.admin.passwordMode }}
{{- else -}}
{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }}
{{- end -}}
{{- end -}}

60
templates/gitea/config.yaml
View File

@ -17,41 +17,31 @@ metadata:
type: Opaque
stringData:
assertions: |
{{- /*assert that only one PG dep is enabled */ -}}
{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}}
{{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}}
{{- /* multiple replicas assertions */ -}}
{{- if gt .Values.replicaCount 1.0 -}}
{{- if .Values.gitea.config.cron.GIT_GC_REPOS -}}
{{- if .Values.gitea.config.cron.GIT_GC_REPOS.enabled -}}
{{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}}
{{- end }}
{{- /* multiple replicas assertions */ -}}
{{- if gt .Values.replicaCount 1.0 -}}
{{- if .Values.gitea.config.cron -}}
{{- if .Values.gitea.config.cron.GIT_GC_REPOS -}}
{{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}}
{{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." }}
{{- end }}
{{- end }}
{{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
{{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
{{- end }}
{{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
{{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
{{- end }}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
{{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
{{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}}
{{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
{{- end }}
{{- end }}
{{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
{{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
{{- end }}
{{- if .Values.gitea.config.indexer -}}
{{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
{{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
{{- end }}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
{{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
{{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}}
{{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
config_environment.sh: |-
#!/usr/bin/env bash
set -euo pipefail
@ -140,7 +130,7 @@ stringData:
if [[ $section == '_generals_' ]]; then
env2ini::log " [ini root]"
section=''
section='DEFAULT'
else
env2ini::log " ${section}"
fi
@ -179,7 +169,7 @@ stringData:
}
# save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs
env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs
# MUST BE CALLED BEFORE OTHER CONFIGURATION
env2ini::generate_initial_secrets
@ -207,3 +197,7 @@ stringData:
fi
environment-to-ini -o $GITEA_APP_INI
env
cat /data/gitea/conf/app.ini

7
templates/gitea/deployment.yaml
View File

@ -8,9 +8,6 @@ metadata:
{{- end }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
{{- if .Values.deployment.labels }}
{{- toYaml .Values.deployment.labels | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
@ -243,8 +240,6 @@ spec:
- name: GITEA_ADMIN_PASSWORD
value: {{ .Values.gitea.admin.password | quote }}
{{- end }}
- name: GITEA_ADMIN_PASSWORD_MODE
value: {{ include "gitea.admin.passwordMode" $ }}
{{- if .Values.deployment.env }}
{{- toYaml .Values.deployment.env | nindent 12 }}
{{- end }}
@ -402,4 +397,4 @@ spec:
{{- else if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- end }}

10
templates/gitea/http-svc.yaml
View File

@ -4,18 +4,11 @@ metadata:
name: {{ include "gitea.fullname" . }}-http
labels:
{{- include "gitea.labels" . | nindent 4 }}
{{- if .Values.service.http.labels }}
{{- toYaml .Values.service.http.labels | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.service.http.annotations | nindent 4 }}
spec:
type: {{ .Values.service.http.type }}
{{- if eq .Values.service.http.type "LoadBalancer" }}
{{- if .Values.service.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.http.loadBalancerClass }}
{{- end }}
{{- if and .Values.service.http.loadBalancerIP }}
{{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
{{- end }}
{{- if .Values.service.http.loadBalancerSourceRanges }}
@ -24,7 +17,6 @@ spec:
- {{ . }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.service.http.externalIPs }}
externalIPs:
{{- toYaml .Values.service.http.externalIPs | nindent 4 }}

12
templates/gitea/ingress.yaml
View File

@ -15,27 +15,27 @@ metadata:
name: {{ $fullName }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ tpl .Values.ingress.className . }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}

97
templates/gitea/init.yaml
View File

@ -86,56 +86,15 @@ stringData:
{{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
function configure_admin_user() {
local full_admin_list=$(gitea admin user list --admin)
local actual_user_table=''
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)"
if [[ "${full_admin_list}" =~ $regex ]]; then
actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
else
# This code block should never be reached, as long as the output table header remains the same.
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users."
echo " Please review the output of 'gitea admin user list --admin' shown below."
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
echo "DEBUG: Output of 'gitea admin user list --admin'"
echo "--"
echo "${full_admin_list}"
echo "--"
exit 1
fi
local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}")
local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}")
if [[ -z "${ACCOUNT_ID}" ]]; then
local -a create_args
create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }})
if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then
create_args+=(--must-change-password=true)
else
create_args+=(--must-change-password=false)
fi
echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
gitea admin user create "${create_args[@]}"
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false
echo '...created.'
else
if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
# See https://gitea.com/gitea/helm-chart/issues/673
# --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior
# which acted as if it were provided with =false. If the argument is present in this version of gitea, then we
# should add it to prevent requiring frequent admin password resets.
local -a change_args
change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}")
if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then
change_args+=(--must-change-password=false)
fi
gitea admin user change-password "${change_args[@]}"
echo '...password sync done.'
else
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping."
fi
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
echo '...password sync done.'
fi
}
@ -146,28 +105,7 @@ stringData:
{{- if .Values.gitea.ldap }}
{{- range $idx, $value := .Values.gitea.ldap }}
local LDAP_NAME={{ (printf "%s" $value.name) | squote }}
local full_auth_list=$(gitea admin auth list --vertical-bars)
local actual_auth_table=''
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
if [[ "${full_auth_list}" =~ $regex ]]; then
actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
else
# This code block should never be reached, as long as the output table header remains the same.
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources."
echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below."
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
echo "--"
echo "${full_auth_list}"
echo "--"
exit 1
fi
local GITEA_AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${GITEA_AUTH_ID}" ]]; then
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
@ -190,28 +128,7 @@ stringData:
{{- if .Values.gitea.oauth }}
{{- range $idx, $value := .Values.gitea.oauth }}
local OAUTH_NAME={{ (printf "%s" $value.name) | squote }}
local full_auth_list=$(gitea admin auth list --vertical-bars)
local actual_auth_table=''
# We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line
local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)"
if [[ "${full_auth_list}" =~ $regex ]]; then
actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline
else
# This code block should never be reached, as long as the output table header remains the same.
# If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script.
echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources."
echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below."
echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues."
echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'"
echo "--"
echo "${full_auth_list}"
echo "--"
exit 1
fi
local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${AUTH_ID}" ]]; then
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."

6
templates/gitea/pvc.yaml
View File

@ -6,8 +6,6 @@ metadata:
namespace: {{ $.Release.Namespace }}
annotations:
{{ .Values.persistence.annotations | toYaml | indent 4}}
labels:
{{ .Values.persistence.labels | toYaml | indent 4}}
spec:
accessModes:
{{- if gt .Values.replicaCount 1.0 }}
@ -16,7 +14,9 @@ spec:
{{- .Values.persistence.accessModes | toYaml | nindent 4 }}
{{- end }}
volumeMode: Filesystem
{{- include "gitea.persistence.storageClass" . | nindent 2 }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
{{- with .Values.persistence.volumeName }}
volumeName: {{ . }}
{{- end }}

6
templates/gitea/ssh-svc.yaml
View File

@ -4,17 +4,11 @@ metadata:
name: {{ include "gitea.fullname" . }}-ssh
labels:
{{- include "gitea.labels" . | nindent 4 }}
{{- if .Values.service.ssh.labels }}
{{- toYaml .Values.service.ssh.labels | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.service.ssh.annotations | nindent 4 }}
spec:
type: {{ .Values.service.ssh.type }}
{{- if eq .Values.service.ssh.type "LoadBalancer" }}
{{- if .Values.service.ssh.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }}
{{- end }}
{{- if .Values.service.ssh.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
{{- end -}}

66
unittests/config/cache-config.yaml
View File

@ -1,66 +0,0 @@
suite: config template | cache config
release:
name: gitea-unittests
namespace: testing
tests:
- it: "cache is configured correctly for redis-cluster"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: true
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=redis
HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "cache is configured correctly for redis"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=redis
HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=memory
HOST=
- it: "cache can be customized when redis (or redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
gitea.config.cache.ADAPTER: custom-adapter
gitea.config.cache.HOST: custom-host
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=custom-adapter
HOST=custom-host

30
unittests/config/database-section_postgresql-ha.yaml
View File

@ -1,30 +0,0 @@
suite: config template | database section (postgresql-ha)
release:
name: gitea-unittests
namespace: testing
tests:
- it: connects to pgpool service
template: templates/gitea/config.yaml
set:
postgresql:
enabled: false
postgresql-ha:
enabled: true
asserts:
- documentIndex: 0
matchRegex:
path: stringData.database
pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:5432
- it: renders the referenced service
template: charts/postgresql-ha/templates/pgpool/service.yaml
set:
postgresql:
enabled: false
postgresql-ha:
enabled: true
asserts:
- containsDocument:
kind: Service
apiVersion: v1
name: gitea-unittests-postgresql-ha-pgpool
namespace: testing

30
unittests/config/database-section_postgresql.yaml
View File

@ -1,30 +0,0 @@
suite: config template | database section (postgresql)
release:
name: gitea-unittests
namespace: testing
tests:
- it: "connects to postgresql service"
template: templates/gitea/config.yaml
set:
postgresql:
enabled: true
postgresql-ha:
enabled: false
asserts:
- documentIndex: 0
matchRegex:
path: stringData.database
pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:5432
- it: "renders the referenced service"
template: charts/postgresql/templates/primary/svc.yaml
set:
postgresql:
enabled: true
postgresql-ha:
enabled: false
asserts:
- containsDocument:
kind: Service
apiVersion: v1
name: gitea-unittests-postgresql
namespace: testing

66
unittests/config/queue-config.yaml
View File

@ -1,66 +0,0 @@
suite: config template | queue config
release:
name: gitea-unittests
namespace: testing
tests:
- it: "queue is configured correctly for redis-cluster"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: true
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
TYPE=redis
- it: "queue is configured correctly for redis"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
TYPE=redis
- it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=
TYPE=level
- it: "queue can be customized when redis (and redis-cluster) are disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
gitea.config.queue.TYPE: custom-type
gitea.config.queue.CONN_STR: custom-connection-string
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=custom-connection-string
TYPE=custom-type

67
unittests/config/server-section_domain.yaml
View File

@ -1,67 +0,0 @@
suite: config template | server section (domain related)
release:
name: gitea-unittests
namespace: testing
tests:
- it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL"
template: templates/gitea/config.yaml
asserts:
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nDOMAIN=git.example.com
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nSSH_DOMAIN=git.example.com
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nROOT_URL=http://git.example.com
################################################
- it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL"
template: templates/gitea/config.yaml
set:
ingress:
hosts: []
asserts:
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nDOMAIN=gitea-unittests-http.testing.svc.cluster.local
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nSSH_DOMAIN=gitea-unittests-http.testing.svc.cluster.local
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nROOT_URL=http://gitea-unittests-http.testing.svc.cluster.local
################################################
- it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL"
template: templates/gitea/config.yaml
set:
gitea.config.server.DOMAIN: provided.example.com
ingress:
hosts:
- host: non-used.example.com
paths:
- path: /
pathType: Prefix
asserts:
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nDOMAIN=provided.example.com
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nSSH_DOMAIN=provided.example.com
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: \nROOT_URL=http://provided.example.com

66
unittests/config/session-config.yaml
View File

@ -1,66 +0,0 @@
suite: config template | session config
release:
name: gitea-unittests
namespace: testing
tests:
- it: "session is configured correctly for redis-cluster"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: true
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=redis
PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "session is configured correctly for redis"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=redis
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=memory
PROVIDER_CONFIG=
- it: "session can be customized when redis (and redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
gitea.config.session.PROVIDER: custom-provider
gitea.config.session.PROVIDER_CONFIG: custom-provider-config
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=custom-provider
PROVIDER_CONFIG=custom-provider-config

57
unittests/dependency-major-image-check.yaml
View File

@ -1,57 +0,0 @@
suite: Dependency update consistency
release:
name: gitea-unittests
namespace: testing
tests:
- it: "[postgresql-ha] ensures we detect major image version upgrades"
template: charts/postgresql-ha/templates/postgresql/statefulset.yaml
set:
postgresql:
enabled: false
postgresql-ha:
enabled: true
asserts:
- documentIndex: 0
matchRegex:
path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnami/postgresql-repmgr:16.+$
- it: "[postgresql] ensures we detect major image version upgrades"
template: charts/postgresql/templates/primary/statefulset.yaml
set:
postgresql:
enabled: true
postgresql-ha:
enabled: false
asserts:
- documentIndex: 0
matchRegex:
path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnami/postgresql:16.+$
- it: "[redis-cluster] ensures we detect major image version upgrades"
template: charts/redis-cluster/templates/redis-statefulset.yaml
set:
redis-cluster:
enabled: true
redis:
enabled: false
asserts:
- documentIndex: 0
matchRegex:
path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnami/redis-cluster:7.+$
- it: "[redis] ensures we detect major image version upgrades"
template: charts/redis/templates/master/application.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
matchRegex:
path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnami/redis:7.+$

59
unittests/deployment/HA.yaml
View File

@ -1,59 +0,0 @@
suite: deployment template (HA)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/deployment.yaml
- templates/gitea/config.yaml
tests:
- it: fails with multiple replicas and "GIT_GC_REPOS" enabled
template: templates/gitea/deployment.yaml
set:
replicaCount: 2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
cron:
GIT_GC_REPOS:
ENABLED: true
asserts:
- failedTemplate:
errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'."
- it: fails with multiple replicas and RWX file system not set
template: templates/gitea/deployment.yaml
set:
replicaCount: 2
asserts:
- failedTemplate:
errorMessage: "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany."
- it: fails with multiple replicas and bleve issue indexer
template: templates/gitea/deployment.yaml
set:
replicaCount: 2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
indexer:
ISSUE_INDEXER_TYPE: bleve
asserts:
- failedTemplate:
errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)."
- it: fails with multiple replicas and bleve repo indexer
template: templates/gitea/deployment.yaml
set:
replicaCount: 2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
indexer:
REPO_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
asserts:
- failedTemplate:
errorMessage: "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled."

14
unittests/deployment/basic.yaml
View File

@ -15,17 +15,3 @@ tests:
kind: Deployment
apiVersion: apps/v1
name: gitea-unittests
- it: deployment labels are set
template: templates/gitea/deployment.yaml
set:
deployment.labels:
hello: world
asserts:
- isSubset:
path: metadata.labels
content:
hello: world
- isSubset:
path: spec.template.metadata.labels
content:
hello: world

110
unittests/deployment/image-configuration.yaml
View File

@ -1,110 +0,0 @@
suite: deployment template (image configuration)
release:
name: gitea-unittests
namespace: testing
chart:
# Override appVersion to be consistent with used digest :)
appVersion: 1.19.3
templates:
- templates/gitea/deployment.yaml
- templates/gitea/config.yaml
tests:
- it: default values
template: templates/gitea/deployment.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.19.3-rootless"
- it: tag override
template: templates/gitea/deployment.yaml
set:
image.tag: "1.19.4"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.19.4-rootless"
- it: root-based image
template: templates/gitea/deployment.yaml
set:
image.rootless: false
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.19.3"
- it: scoped registry
template: templates/gitea/deployment.yaml
set:
image.registry: "example.com"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "example.com/gitea/gitea:1.19.3-rootless"
- it: global registry
template: templates/gitea/deployment.yaml
set:
global.imageRegistry: "global.example.com"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "global.example.com/gitea/gitea:1.19.3-rootless"
- it: digest for rootless image
template: templates/gitea/deployment.yaml
set:
image:
rootless: true
digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
- it: image fullOverride (does not append rootless)
template: templates/gitea/deployment.yaml
set:
image:
fullOverride: gitea/gitea:1.19.3
# setting rootless, registry, repository, tag, and digest to prove that override works
rootless: true
registry: example.com
repository: example/image
tag: "1.0.0"
digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.19.3"
- it: digest for root-based image
template: templates/gitea/deployment.yaml
set:
image:
rootless: false
digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
- it: digest and global registry
template: templates/gitea/deployment.yaml
set:
global.imageRegistry: "global.example.com"
image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "global.example.com/gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
- it: correctly renders floating tag references
template: templates/gitea/deployment.yaml
set:
image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-chart/issues/631
asserts:
- equal:
path: spec.template.spec.initContainers[0].image
value: "gitea/gitea:1.21-rootless"
- equal:
path: spec.template.spec.initContainers[1].image
value: "gitea/gitea:1.21-rootless"
- equal:
path: spec.template.spec.initContainers[2].image
value: "gitea/gitea:1.21-rootless"
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.21-rootless"

47
unittests/deployment/ingress-configuration.yaml
View File

@ -1,47 +0,0 @@
suite: ingress template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/ingress.yaml
tests:
- it: hostname using TPL
set:
global.giteaHostName: "gitea.example.com"
ingress.enabled: true
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
ingress.tls:
- secretName: gitea-tls
hosts:
- "{{ .Values.global.giteaHostName }}"
asserts:
- isKind:
of: Ingress
- equal:
path: spec.tls[0].hosts[0]
value: "gitea.example.com"
- equal:
path: spec.rules[0].host
value: "gitea.example.com"
- it: Ingress Class using TPL
set:
global.ingress.className: "ingress-class"
ingress.className: "{{ .Values.global.ingress.className }}"
ingress.enabled: true
ingress.hosts[0].host: "some-host"
ingress.tls:
- secretName: gitea-tls
hosts:
- "some-host"
asserts:
- isKind:
of: Ingress
- equal:
path: spec.tls[0].hosts[0]
value: "some-host"
- equal:
path: spec.rules[0].host
value: "some-host"
- equal:
path: spec.ingressClassName
value: "ingress-class"

33
unittests/deployment/inline-config.yaml
View File

@ -1,33 +0,0 @@
suite: config template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/config.yaml
tests:
- it: inline config stringData.server using TPL
set:
global.giteaHostName: "gitea.example.com"
ingress.enabled: true
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
ingress.tls:
- secretName: gitea-tls
hosts:
- "{{ .Values.global.giteaHostName }}"
asserts:
- documentIndex: 0
matchRegex:
path: metadata.name
pattern: .*-inline-config$
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: DOMAIN=gitea\.example\.com
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: ROOT_URL=https://gitea\.example\.com
- documentIndex: 0
matchRegex:
path: stringData.server
pattern: SSH_DOMAIN=gitea\.example\.com

24
unittests/deployment/ssh-configuration.yaml
View File

@ -27,18 +27,6 @@ tests:
content:
name: SSH_LOG_LEVEL
value: "DEBUG"
- it: supports overriding SSH log level (even when image.fullOverride set)
template: templates/gitea/deployment.yaml
set:
image.fullOverride: gitea/gitea:1.19.3
image.rootless: false
gitea.ssh.logLevel: "DEBUG"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: SSH_LOG_LEVEL
value: "DEBUG"
- it: skips SSH_LOG_LEVEL for rootless image
template: templates/gitea/deployment.yaml
set:
@ -50,15 +38,3 @@ tests:
any: true
content:
name: SSH_LOG_LEVEL
- it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set)
template: templates/gitea/deployment.yaml
set:
image.fullOverride: gitea/gitea:1.19.3
image.rootless: true
gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
asserts:
- notContains:
path: spec.template.spec.containers[0].env
any: true
content:
name: SSH_LOG_LEVEL

39
unittests/deployment/storage-class-configuration.yaml
View File

@ -1,39 +0,0 @@
# File: tests/gitea-storageclass-tests.yaml
suite: storage class configuration tests
release:
name: gitea-storageclass-tests
namespace: testing
templates:
- templates/gitea/pvc.yaml
tests:
- it: should set storageClassName when persistence.storageClass is defined
template: templates/gitea/pvc.yaml
set:
persistence.storageClass: "my-storage-class"
asserts:
- equal:
path: "spec.storageClassName"
value: "my-storage-class"
- it: should set global.storageClass when persistence.storageClass is not defined
template: templates/gitea/pvc.yaml
set:
global.storageClass: "default-storage-class"
asserts:
- equal:
path: spec.storageClassName
value: "default-storage-class"
- it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined
template: templates/gitea/pvc.yaml
set:
global.storageClass: "default-storage-class"
persistence.storageClass: "my-storage-class"
asserts:
- equal:
path: spec.storageClassName
value: "my-storage-class"

118
unittests/deployment/svc-configuration.yaml
View File

@ -1,118 +0,0 @@
suite: ssh-svc / http-svc template (Services configuration)
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/ssh-svc.yaml
- templates/gitea/http-svc.yaml
tests:
- it: supports adding custom labels to ssh-svc
template: templates/gitea/ssh-svc.yaml
set:
service:
ssh:
labels:
gitea/testkey: testvalue
asserts:
- equal:
path: metadata.labels["gitea/testkey"]
value: "testvalue"
- it: keeps existing labels (ssh)
template: templates/gitea/ssh-svc.yaml
set:
service:
ssh:
labels: {}
asserts:
- exists:
path: metadata.labels["app"]
- it: supports adding custom labels to http-svc
template: templates/gitea/http-svc.yaml
set:
service:
http:
labels:
gitea/testkey: testvalue
asserts:
- equal:
path: metadata.labels["gitea/testkey"]
value: "testvalue"
- it: keeps existing labels (http)
template: templates/gitea/http-svc.yaml
set:
service:
http:
labels: {}
asserts:
- exists:
path: metadata.labels["app"]
- it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
template: templates/gitea/ssh-svc.yaml
set:
service:
ssh:
loadBalancerClass: "example.com/class"
type: LoadBalancer
loadBalancerIP: "1.2.3.4"
loadBalancerSourceRanges:
- "1.2.3.4/32"
- "5.6.7.8/32"
asserts:
- equal:
path: spec.loadBalancerClass
value: "example.com/class"
- equal:
path: spec.loadBalancerIP
value: "1.2.3.4"
- equal:
path: spec.loadBalancerSourceRanges
value: ["1.2.3.4/32", "5.6.7.8/32"]
- it: does not render when loadbalancer properties are set but type is not loadBalancerClass
template: templates/gitea/http-svc.yaml
set:
service:
http:
type: ClusterIP
loadBalancerClass: "example.com/class"
loadBalancerIP: "1.2.3.4"
loadBalancerSourceRanges:
- "1.2.3.4/32"
- "5.6.7.8/32"
asserts:
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- it: does not render loadBalancerClass by default even when type is LoadBalancer
template: templates/gitea/http-svc.yaml
set:
service:
http:
type: LoadBalancer
loadBalancerIP: "1.2.3.4"
asserts:
- notExists:
path: spec.loadBalancerClass
- equal:
path: spec.loadBalancerIP
value: "1.2.3.4"
- it: both ssh and http services exist
templates:
- templates/gitea/ssh-svc.yaml
- templates/gitea/http-svc.yaml
asserts:
- matchRegex:
path: metadata.name
pattern: "^gitea-unittests-(?:ssh|http)$"
- matchRegex:
path: spec.ports[0].name
pattern: "^(?:ssh|http)$"

2
unittests/gpg-secret/signing-enabled.yaml
View File

@ -33,7 +33,7 @@ tests:
kind: Secret
apiVersion: v1
name: gitea-unittests-gpg-key
- isNotNullOrEmpty:
- isNotEmpty:
path: metadata.labels
- equal:
path: data.privateKey

20
unittests/init/init_directory_structure.sh-rootless.yaml
View File

@ -66,23 +66,3 @@ tests:
chmod 700 "${GNUPGHOME}"
chown 1000:1000 "${GNUPGHOME}"
fi
- it: it does not chown /data even when image.fullOverride is set
template: templates/gitea/init.yaml
set:
image.fullOverride: gitea/gitea:1.20.5
asserts:
- equal:
path: stringData["init_directory_structure.sh"]
value: |-
#!/usr/bin/env bash
set -euo pipefail
set -x
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"

19
unittests/pvc/pvc-configuration.yaml
View File

@ -1,19 +0,0 @@
suite: PVC template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/pvc.yaml
tests:
- it: Storage Class using TPL
set:
global.persistence.storageClass: "storage-class"
persistence.enabled: true
persistence.create: true
persistence.storageClass: "{{ .Values.global.persistence.storageClass }}"
asserts:
- isKind:
of: PersistentVolumeClaim
- equal:
path: spec.storageClassName
value: "storage-class"

14
unittests/values-conflicting-checks.yaml
View File

@ -1,14 +0,0 @@
suite: Values conflicting checks
release:
name: gitea-unittests
namespace: testing
tests:
- it: fails when trying to configure redis and redis-cluster the same time
set:
redis-cluster:
enabled: true
redis:
enabled: true
asserts:
- failedTemplate:
errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one.

54
values.yaml
View File

@ -40,19 +40,15 @@ clusterDomain: cluster.local
## @param image.registry image registry, e.g. gcr.io,docker.io
## @param image.repository Image to start for this pod
## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param image.pullPolicy Image pull policy
## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
image:
registry: ""
repository: gitea/gitea
# Overrides the image tag whose default is the chart appVersion.
tag: ""
digest: ""
pullPolicy: IfNotPresent
pullPolicy: Always
rootless: true
fullOverride: ""
## @param imagePullSecrets Secret to use for pulling the image
imagePullSecrets: []
@ -106,8 +102,6 @@ service:
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
## @param service.http.annotations HTTP service annotations
## @param service.http.labels HTTP service additional labels
## @param service.http.loadBalancerClass Loadbalancer class
http:
type: ClusterIP
port: 3000
@ -120,8 +114,6 @@ service:
ipFamilies:
loadBalancerSourceRanges: []
annotations: {}
labels: {}
loadBalancerClass:
## @param service.ssh.type Kubernetes service type for ssh traffic
## @param service.ssh.port Port number for ssh traffic
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
@ -134,8 +126,6 @@ service:
## @param service.ssh.hostPort HostPort for ssh service
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
## @param service.ssh.annotations SSH service annotations
## @param service.ssh.labels SSH service additional labels
## @param service.ssh.loadBalancerClass Loadbalancer class
ssh:
type: ClusterIP
port: 22
@ -149,8 +139,6 @@ service:
hostPort:
loadBalancerSourceRanges: []
annotations: {}
labels: {}
loadBalancerClass:
## @section Ingress
## @param ingress.enabled Enable ingress
@ -327,7 +315,7 @@ initContainers:
#
## @param signing.enabled Enable commit/action signing
## @param signing.gpgHome GPG home directory
## @param signing.privateKey Inline private gpg key for signed internal Git activity
## @param signing.privateKey Inline private gpg key for signed Gitea actions
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
signing:
enabled: false
@ -346,14 +334,12 @@ gitea:
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
## @param gitea.admin.password Password for the Gitea admin user
## @param gitea.admin.email Email for the Gitea admin user
## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated
admin:
# existingSecret: gitea-admin-secret
existingSecret:
username: gitea_admin
password: r8sA8CPHD9!bt6d
email: "gitea@local.domain"
passwordMode: keepUpdated
## @param gitea.metrics.enabled Enable Gitea metrics
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
@ -487,49 +473,23 @@ gitea:
failureThreshold: 10
## @section redis-cluster
## @param redis-cluster.enabled Enable redis cluster
## @param redis-cluster.enabled Enable redis
## @param redis-cluster.usePassword Whether to use password authentication
## @param redis-cluster.cluster.nodes Number of redis cluster master nodes
## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas
## @descriptionStart
## Redis cluster and [Redis](#redis) cannot be enabled at the same time.
## @descriptionEnd
redis-cluster:
enabled: true
usePassword: false
cluster:
nodes: 3 # default: 6
replicas: 0 # default: 1
## @section redis
## @param redis.enabled Enable redis standalone or replicated
## @param redis.architecture Whether to use standalone or replication
## @param redis.global.redis.password Required password
## @param redis.master.count Number of Redis master instances to deploy
## @descriptionStart
## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
## @descriptionEnd
redis:
enabled: false
architecture: standalone
global:
redis:
password: changeme
master:
count: 1
## @section PostgreSQL HA
## @section postgresql-ha
#
## @param postgresql-ha.enabled Enable PostgreSQL HA
## @param postgresql-ha.enabled Enable postgresql-ha
## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
## @param postgresql-ha.postgresql.postgresPassword postgres Password
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume
## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`)
## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume
postgresql-ha:
global:
postgresql: