From 2744fb057ca0032c32c67f9c6853034187da272d Mon Sep 17 00:00:00 2001 From: James Blair Date: Sun, 28 Aug 2022 10:31:00 +1200 Subject: [PATCH] Further refactored and simplified helm chart for personal use, added resource limits. --- gitea/Chart.yaml | 25 +- gitea/Makefile | 8 - gitea/README.md | 966 ------------------ gitea/templates/_helpers.tpl | 34 - gitea/templates/{gitea => }/config.yaml | 0 gitea/templates/gitea/deprecation.yaml | 34 - gitea/templates/{gitea => }/http-svc.yaml | 0 gitea/templates/{gitea => }/ingress.yaml | 0 gitea/templates/{gitea => }/init.yaml | 0 .../templates/{gitea => }/servicemonitor.yaml | 0 gitea/templates/{gitea => }/ssh-svc.yaml | 0 gitea/templates/{gitea => }/statefulset.yaml | 2 +- .../templates/tests/test-http-connection.yaml | 15 - gitea/values.yaml | 328 +----- 14 files changed, 14 insertions(+), 1398 deletions(-) delete mode 100644 gitea/Makefile delete mode 100644 gitea/README.md rename gitea/templates/{gitea => }/config.yaml (100%) delete mode 100644 gitea/templates/gitea/deprecation.yaml rename gitea/templates/{gitea => }/http-svc.yaml (100%) rename gitea/templates/{gitea => }/ingress.yaml (100%) rename gitea/templates/{gitea => }/init.yaml (100%) rename gitea/templates/{gitea => }/servicemonitor.yaml (100%) rename gitea/templates/{gitea => }/ssh-svc.yaml (100%) rename gitea/templates/{gitea => }/statefulset.yaml (99%) delete mode 100644 gitea/templates/tests/test-http-connection.yaml diff --git a/gitea/Chart.yaml b/gitea/Chart.yaml index ae09df3..2fad0e8 100644 --- a/gitea/Chart.yaml +++ b/gitea/Chart.yaml @@ -1,29 +1,6 @@ apiVersion: v2 appVersion: 1.17.1 description: Gitea Helm chart for Kubernetes -icon: https://docs.gitea.io/images/gitea.png -keywords: -- git -- issue tracker -- code review -- wiki -- gitea -- gogs -maintainers: -- email: charlie@charliedrage.com - name: Charlie Drage -- email: maintainers@gitea.io - name: Gitea Authors -- email: konrad.lother@novum-rgi.de - name: Konrad Lother -- email: lucas.hahn@novum-rgi.de - name: Lucas Hahn -- email: sk.bunsenbrenner@gmail.com - name: Steven Kriegler name: gitea -sources: -- https://gitea.com/gitea/helm-chart -- https://github.com/go-gitea/gitea -- https://hub.docker.com/r/gitea/gitea/ type: application -version: 6.0.0 +version: 1.0 diff --git a/gitea/Makefile b/gitea/Makefile deleted file mode 100644 index 720a657..0000000 --- a/gitea/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -.PHONY: prepare-environment -prepare-environment: - npm install - -.PHONY: readme -readme: prepare-environment - npm run readme:parameters - npm run readme:lint diff --git a/gitea/README.md b/gitea/README.md deleted file mode 100644 index 2fc73f7..0000000 --- a/gitea/README.md +++ /dev/null @@ -1,966 +0,0 @@ -# Gitea Helm Chart - -[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting -solution written in Go. It is published under the MIT license. - -## Introduction - -This helm chart has taken some inspiration from [jfelten's helm -chart](https://github.com/jfelten/gitea-helm-chart). But takes a completely -different approach in providing a database and cache with dependencies. -Additionally, this chart provides LDAP and admin user configuration with values, -as well as being deployed as a statefulset to retain stored repositories. - -## Dependencies - -Gitea can be run with an external database and cache. This chart provides those -dependencies, which can be enabled, or disabled via -configuration. - -Dependencies: - -- PostgreSQL ([configuration](#postgresql)) -- Memcached ([configuration](#memcached)) -- MySQL ([configuration](#mysql)) -- MariaDB ([configuration](#mariadb)) - -## Installing - -```sh -helm repo add gitea-charts https://dl.gitea.io/charts/ -helm repo update -helm install gitea gitea-charts/gitea -``` - -When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom -of this document for major and breaking changes. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.0+ -- PV provisioner for persistent data support - -## Configure Commit Signing - -When using the rootless image the gpg key folder was is not persistent by -default. If you consider using signed commits for internal Gitea activities -(e.g. initial commit), you'd need to provide a signing key. Prior to -[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be -re-imported once the container got replaced by another. - -The mentioned PR introduced a new configuration object `signing` allowing you to -configure prerequisites for commit signing. By default this section is disabled -to maintain backwards compatibility. - -```yaml -signing: - enabled: false - gpgHome: /data/git/.gnupg -``` - -## Examples - -### Gitea Configuration - -Gitea offers lots of configuration options. This is fully described in the -[Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). - -```yaml -gitea: - config: - APP_NAME: "Gitea: With a cup of tea." - repository: - ROOT: "~/gitea-repositories" - repository.pull-request: - WORK_IN_PROGRESS_PREFIXES: "WIP:,[WIP]:" -``` - -### Default Configuration - -This chart will set a few defaults in the Gitea configuration based on the -service and ingress settings. All defaults can be overwritten in `gitea.config`. - -INSTALL_LOCK is always set to true, since we want to configure Gitea with this -helm chart and everything is taken care of. - -_All default settings are made directly in the generated app.ini, not in the Values._ - -#### Database defaults - -If a builtIn database is enabled the database configuration is set -automatically. For example, PostgreSQL builtIn will appear in the app.ini as: - -```ini -[database] -DB_TYPE = postgres -HOST = RELEASE-NAME-postgresql.default.svc.cluster.local:5432 -NAME = gitea -PASSWD = gitea -USER = gitea -``` - -#### Memcached defaults - -Memcached is handled the exact same way as database builtIn. Once Memcached -builtIn is enabled, this chart will generate the following part in the `app.ini`: - -```ini -[cache] -ADAPTER = memcache -ENABLED = true -HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211 -``` - -#### Server defaults - -The server defaults are a bit more complex. If ingress is `enabled`, the -`ROOT_URL`, `DOMAIN` and `SSH_DOMAIN` will be set accordingly. `HTTP_PORT` -always defaults to `3000` as well as `SSH_PORT` to `22`. - -```ini -[server] -APP_DATA_PATH = /data -DOMAIN = git.example.com -HTTP_PORT = 3000 -PROTOCOL = http -ROOT_URL = http://git.example.com -SSH_DOMAIN = git.example.com -SSH_LISTEN_PORT = 22 -SSH_PORT = 22 -ENABLE_PPROF = false -``` - -#### Metrics defaults - -The Prometheus `/metrics` endpoint is disabled by default. - -```ini -[metrics] -ENABLED = false -``` - -### Additional _app.ini_ settings - -> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) -section cannot be defined that way.** - -Some settings inside _app.ini_ (like passwords or whole authentication configurations) -must be considered sensitive and therefore should not be passed via plain text -inside the _values.yaml_ file. In times of _GitOps_ the values.yaml could be stored -in a Git repository where sensitive data should never be accessible. - -The Helm Chart supports this approach and let the user define custom sources like -Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation -or update. - -```yaml -gitea: - additionalConfigSources: - - secret: - secretName: gitea-app-ini-oauth - - configMap: - name: gitea-app-ini-plaintext -``` - -This would mount the two additional volumes (`oauth` and `some-additionals`) -from different sources to the init containerwhere the _app.ini_ gets updated. -All files mounted that way will be read and converted to environment variables -and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini). - -The key of such additional source represents the section inside the _app.ini_. -The value for each key can be multiline ini-like definitions. - -In example, the referenced `gitea-app-ini-plaintext` could look like this. - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-app-ini-plaintext -data: - session: | - PROVIDER=memory - SAME_SITE=strict - cron.archive_cleanup: | - ENABLED=true -``` - -Or when using a Kubernetes secret, having the same data structure: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: gitea-security-related-configuration -type: Opaque -stringData: - security: | - PASSWORD_COMPLEXITY=off - session: | - SAME_SITE=strict -``` - -#### User defined environment variables in app.ini - -Users are able to define their own environment variables, -which are loaded into the containers. We also support to -directly interact with the generated _app.ini_. - -To inject self defined variables into the _app.ini_ a -certain format needs to be honored. This is -described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) -page. - -Note that the Prefix on this helm chart is `ENV_TO_INI`. - -For example a database setting needs to have the following -format: - -```yaml -gitea: - additionalConfigFromEnvs: - - name: ENV_TO_INI__DATABASE__HOST - value: my.own.host - - name: ENV_TO_INI__DATABASE__PASSWD - valueFrom: - secretKeyRef: - name: postgres-secret - key: password -``` - -Priority (highest to lowest) for defining app.ini variables: - -1. Environment variables prefixed with `ENV_TO_INI` -2. Additional config sources -3. Values defined in `gitea.config` - -### External Database - -An external Database can be used instead of builtIn PostgreSQL or MySQL. - -```yaml -gitea: - config: - database: - DB_TYPE: mysql - HOST: 127.0.0.1:3306 - NAME: gitea - USER: root - PASSWD: gitea - SCHEMA: gitea - -postgresql: - enabled: false -``` - -### Ports and external url - -By default port `3000` is used for web traffic and `22` for ssh. Those can be changed: - -```yaml -service: - http: - port: 3000 - ssh: - port: 22 -``` - -This helm chart automatically configures the clone urls to use the correct -ports. You can change these ports by hand using the `gitea.config` dict. However -you should know what you're doing. - -### ClusterIP - -By default the clusterIP will be set to None, which is the default for headless -services. However if you want to omit the clusterIP field in the service, use -the following values: - -```yaml -service: - http: - type: ClusterIP - port: 3000 - clusterIP: - ssh: - type: ClusterIP - port: 22 - clusterIP: -``` - -### SSH and Ingress - -If you're using ingress and want to use SSH, keep in mind, that ingress is not -able to forward SSH Ports. You will need a LoadBalancer like `metallb` and a -setting in your ssh service annotations. - -```yaml -service: - ssh: - annotations: - metallb.universe.tf/allow-shared-ip: test -``` - -### SSH on crio based kubernetes cluster - -If you use crio as container runtime it is not possible to read from a remote -repository. You should get an error message like this: - -```bash -$ git clone git@k8s-demo.internal:admin/test.git -Cloning into 'test'... -Connection reset by 192.168.179.217 port 22 -fatal: Could not read from remote repository. - -Please make sure you have the correct access rights -and the repository exists. -``` - -To solve this problem add the capability `SYS_CHROOT` to the `securityContext`. -More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). - -### Cache - -This helm chart can use a built in cache. The default is Memcached from bitnami. - -```yaml -memcached: - enabled: true -``` - -If the built in cache should not be used simply configure the cache in -`gitea.config`. - -```yaml -gitea: - config: - cache: - ENABLED: true - ADAPTER: memory - INTERVAL: 60 - HOST: 127.0.0.1:9090 -``` - -### Persistence - -Gitea will be deployed as a statefulset. By simply enabling the persistence and -setting the storage class according to your cluster everything else will be -taken care of. The following example will create a PVC as a part of the -statefulset. This PVC will not be deleted even if you uninstall the chart. - -Please note, that an empty storageClass in the persistence will result in -kubernetes using your default storage class. - -If you want to use your own storageClass define it as followed: - -```yaml -persistence: - enabled: true - storageClass: myOwnStorageClass -``` - -When using PostgreSQL as dependency, this will also be deployed as a statefulset -by default. - -If you want to manage your own PVC you can simply pass the PVC name to the chart. - -```yaml - persistence: - enabled: true - existingClaim: MyAwesomeGiteaClaim -``` - -In case that peristence has been disabled it will simply use an empty dir volume. - -PostgreSQL handles the persistence in the exact same way. -You can interact with the postgres settings as displayed in the following example: - -```yaml - postgresql: - persistence: - enabled: true - existingClaim: MyAwesomeGiteaPostgresClaim -``` - -MySQL also handles persistence the same, even though it is not deployed as a statefulset. -You can interact with the postgres settings as displayed in the following example: - -```yaml - mysql: - persistence: - enabled: true - existingClaim: MyAwesomeGiteaMysqlClaim -``` - -### Admin User - -This chart enables you to create a default admin user. It is also possible to -update the password for this user by upgrading or redeloying the chart. It is -not possible to delete an admin user after it has been created. This has to be -done in the ui. You cannot use `admin` as username. - -```yaml - gitea: - admin: - username: "MyAwesomeGiteaAdmin" - password: "AReallyAwesomeGiteaPassword" - email: "gi@tea.com" -``` - -You can also use an existing Secret to configure the admin user: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: gitea-admin-secret -type: Opaque -stringData: - username: MyAwesomeGiteaAdmin - password: AReallyAwesomeGiteaPassword -``` - -```yaml -gitea: - admin: - existingSecret: gitea-admin-secret -``` - -### LDAP Settings - -Like the admin user the LDAP settings can be updated. -All LDAP values from are available. - -Multiple LDAP sources can be configured with additional LDAP list items. - -```yaml - gitea: - ldap: - - name: MyAwesomeGiteaLdap - securityProtocol: unencrypted - host: "127.0.0.1" - port: "389" - userSearchBase: ou=Users,dc=example,dc=com - userFilter: sAMAccountName=%s - adminFilter: CN=Admin,CN=Group,DC=example,DC=com - emailAttribute: mail - bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com - bindPassword: JustAnotherBindPw - usernameAttribute: CN - publicSSHKeyAttribute: publicSSHKey -``` - -You can also use an existing secret to set the bindDn and bindPassword: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: gitea-ldap-secret -type: Opaque -stringData: - bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com - bindPassword: JustAnotherBindPw -``` - -```yaml -gitea: - ldap: - - existingSecret: gitea-ldap-secret - ... -``` - -⚠️ Some options are just flags and therefore don't have any values. If they -are defined in `gitea.ldap` configuration, they will be passed to the Gitea CLI -without any value. Affected options: - -- notActive -- skipTlsVerify -- allowDeactivateAll -- synchronizeUsers -- attributesInBind - -### OAuth2 Settings - -Like the admin user, OAuth2 settings can be updated and disabled but not -deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values, -which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are -available. - -Multiple OAuth2 sources can be configured with additional OAuth list items. - -```yaml -gitea: - oauth: - - name: 'MyAwesomeGiteaOAuth' - provider: 'openidConnect' - key: 'hello' - secret: 'world' - autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' - #useCustomUrls: - #customAuthUrl: - #customTokenUrl: - #customProfileUrl: - #customEmailUrl: -``` - -You can also use an existing secret to set the `key` and `secret`: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: gitea-oauth-secret -type: Opaque -stringData: - key: hello - secret: world -``` - -```yaml -gitea: - oauth: - - name: 'MyAwesomeGiteaOAuth' - existingSecret: gitea-oauth-secret - ... -``` - -### Metrics and profiling - -A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling -endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics -endpoint is exposed via the ingress, manage access using ingress annotations for -example. - -To deploy the `ServiceMonitor`, you first need to ensure that you have deployed -`prometheus-operator` and its -[CRDs](https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions). - -```yaml -gitea: - metrics: - enabled: true - serviceMonitor: - enabled: true - - config: - server: - ENABLE_PPROF: true -``` - -### Pod Annotations - -Annotations can be added to the Gitea pod. - -```yaml -gitea: - podAnnotations: {} -``` - -## Parameters - -### Global - -| Name | Description | Value | -| ------------------------- | ------------------------------------------------------------------------- | --------------- | -| `global.imageRegistry` | global image registry override | `""` | -| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | -| `global.storageClass` | global storage class override | `""` | -| `replicaCount` | number of replicas for the statefulset | `1` | -| `clusterDomain` | cluster domain | `cluster.local` | - -### Image - -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | -| `imagePullSecrets` | Secret to use for pulling the image | `[]` | - -### Security - -| Name | Description | Value | -| ---------------------------- | --------------------------------------------------------------- | ------ | -| `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` | -| `containerSecurityContext` | Security context | `{}` | -| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` | - -### Service - -| Name | Description | Value | -| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | -| `service.http.port` | Port number for web traffic | `3000` | -| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | -| `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | -| `service.http.nodePort` | NodePort for http service | `nil` | -| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | -| `service.http.externalIPs` | External IPs for service | `nil` | -| `service.http.ipFamilyPolicy` | HTTP service dual-stack policy | `nil` | -| `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | -| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | -| `service.http.annotations` | HTTP service annotations | `{}` | -| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | -| `service.ssh.port` | Port number for ssh traffic | `22` | -| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for statefulset is None | `None` | -| `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | -| `service.ssh.nodePort` | NodePort for ssh service | `nil` | -| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | -| `service.ssh.externalIPs` | External IPs for service | `nil` | -| `service.ssh.ipFamilyPolicy` | SSH service dual-stack policy | `nil` | -| `service.ssh.ipFamilies` | SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | -| `service.ssh.hostPort` | HostPort for ssh service | `nil` | -| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | -| `service.ssh.annotations` | SSH service annotations | `{}` | - -### Ingress - -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | -| `ingress.enabled` | Enable ingress | `false` | -| `ingress.className` | Ingress class name | `nil` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | -| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | -| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | -| `ingress.tls` | Ingress tls settings | `[]` | -| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | - -### StatefulSet - -| Name | Description | Value | -| ------------------------------------------- | ------------------------------------------------------ | ----- | -| `resources` | Kubernetes resources | `{}` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` | -| `nodeSelector` | NodeSelector for the statefulset | `{}` | -| `tolerations` | Tolerations for the statefulset | `[]` | -| `affinity` | Affinity for the statefulset | `{}` | -| `dnsConfig` | dnsConfig for the statefulset | `{}` | -| `statefulset.env` | Additional environment variables to pass to containers | `[]` | -| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | -| `statefulset.labels` | Labels for the statefulset | `{}` | -| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | - -### Persistence - -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- | -| `persistence.enabled` | Enable persistent storage | `true` | -| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` | -| `persistence.size` | Size for persistence to store repo information | `10Gi` | -| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | -| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | -| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | -| `persistence.storageClass` | Name of the storage class to use | `nil` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | -| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `[]` | -| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | -| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | -| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | - -### Init - -| Name | Description | Value | -| --------------- | --------------------------------------------------------------------- | ----- | -| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` | - -### Signing - -| Name | Description | Value | -| ----------------- | ---------------------------- | ------------------ | -| `signing.enabled` | Enable commit/action signing | `false` | -| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | - -### Gitea - -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.config` | Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) | `{}` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | - -### LivenessProbe - -| Name | Description | Value | -| ----------------------------------------- | ------------------------------------------------ | ------ | -| `gitea.livenessProbe.enabled` | Enable liveness probe | `true` | -| `gitea.livenessProbe.tcpSocket.port` | Port to probe for liveness | `http` | -| `gitea.livenessProbe.initialDelaySeconds` | Initial delay before liveness probe is initiated | `200` | -| `gitea.livenessProbe.timeoutSeconds` | Timeout for liveness probe | `1` | -| `gitea.livenessProbe.periodSeconds` | Period for liveness probe | `10` | -| `gitea.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | -| `gitea.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `10` | - -### ReadinessProbe - -| Name | Description | Value | -| ------------------------------------------ | ------------------------------------------------- | ------ | -| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | -| `gitea.readinessProbe.tcpSocket.port` | Port to probe for readiness | `http` | -| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | -| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | -| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | -| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | -| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | - -### StartupProbe - -| Name | Description | Value | -| ---------------------------------------- | ----------------------------------------------- | ------- | -| `gitea.startupProbe.enabled` | Enable startup probe | `false` | -| `gitea.startupProbe.tcpSocket.port` | Port to probe for startup | `http` | -| `gitea.startupProbe.initialDelaySeconds` | Initial delay before startup probe is initiated | `60` | -| `gitea.startupProbe.timeoutSeconds` | Timeout for startup probe | `1` | -| `gitea.startupProbe.periodSeconds` | Period for startup probe | `10` | -| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` | -| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` | - -### Memcached - -| Name | Description | Value | -| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | -| `memcached.service.port` | Port for Memcached | `11211` | - -### PostgreSQL - -| Name | Description | Value | -| ------------------------------------------------- | -------------------------------------------------------- | ------- | -| `postgresql.enabled` | Enable PostgreSQL | `true` | -| `postgresql.global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides postgresqlDatabase) | `gitea` | -| `postgresql.global.postgresql.postgresqlUsername` | PostgreSQL username (overrides postgresqlUsername) | `gitea` | -| `postgresql.global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides postgresqlPassword) | `gitea` | -| `postgresql.global.postgresql.servicePort` | PostgreSQL port (overrides service.port) | `5432` | -| `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | - -### MySQL - -| Name | Description | Value | -| ------------------------ | ------------------------------------------------------------------ | ------- | -| `mysql.enabled` | Enable MySQL | `false` | -| `mysql.root.password` | Password for the root user. Ignored if existing secret is provided | `gitea` | -| `mysql.db.user` | Username of new user to create. | `gitea` | -| `mysql.db.password` | Password for the new user.Ignored if existing secret is provided | `gitea` | -| `mysql.db.name` | Name for new database to create. | `gitea` | -| `mysql.service.port` | Port to connect to MySQL service | `3306` | -| `mysql.persistence.size` | PVC Storage Request for MySQL volume | `10Gi` | - -### MariaDB - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------- | ------- | -| `mariadb.enabled` | Enable MariaDB | `false` | -| `mariadb.auth.database` | Name of the database to create. | `gitea` | -| `mariadb.auth.username` | Username of the new user to create. | `gitea` | -| `mariadb.auth.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | -| `mariadb.auth.rootPassword` | Password for the root user. | `gitea` | -| `mariadb.primary.service.port` | Port to connect to MariaDB service | `3306` | -| `mariadb.primary.persistence.size` | Persistence size for MariaDB | `10Gi` | - -### Advanced - -| Name | Description | Value | -| ------------------ | ---------------------------------------------------- | ------ | -| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | - -## Contributing - -Expected workflow is: Fork -> Patch -> Push -> Pull Request - -See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. - -## Upgrading - -This section lists major and breaking changes of each Helm Chart version. -Please read them carefully to upgrade successfully. - -### To 6.0.0 - -#### Different volume mounts for init-containers and runtime container - -**The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and -`extraContainerVolumeMounts`. You can now have different mounts for the initialization -phase and Gitea runtime. The deprecated `extraVolumeMounts` will still be available -for the time being and is mounted into every container. If you want to switch to -the new settings and want to mount specific volumes into all containers, you have -to configure their mount points within both new settings. - -**Combining values from the deprecated setting with values from the new settings -is not possible.** - -#### New `enabled` flag for `startupProbe` - -Prior to this version the `startupProbe` was just a commented sample within the -`values.yaml`. With the migration to an auto-generated [Parameters](#parameters) -section, a new parameter `gitea.startupProbe.enabled` has been introduced set to -`false` by default. - -If you are using the `startupProbe` you need to add that new -parameter and set it to `true`. Otherwise, your defined probe won't be considered -after the upgrade. - -### To 5.0.0 - -> 💥 The Helm Chart now requires Gitea versions of at least 1.11.0. - -#### Enable Dependencies - -The values to enable the dependencies, -such as PostgreSQL, Memcached, MySQL and MariaDB -have been moved from `gitea.database.builtIn.` to the dependency values. - -You can now enable the dependencies as followed: - -```yaml -memcached: - enabled: true - -postgresql: - enabled: true - -mysql: - enabled: false - -mariadb: - enabled: false -``` - -#### App.ini generation - -The app.ini generation has changed and now utilizes the environment-to-ini -script provided by newer Gitea versions. This change ensures, that the app.ini -is now persistent. - -##### Secret Key generation - -Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated -automatically in certain situations: - -- New install: By default the secrets are created automatically. If you provide - secrets via `gitea.config` they will be used instead of automatic generation. -- Existing installs: The secrets won't be deployed, neither via - configuration nor via auto generation. We explicitly prevent to set new secrets. - -> 💡 It would be possible to set new secret keys manually by entering -the running container and rewriting the app.ini by hand. However, this it is -not advisable to do so for existing installations. Certain settings like -_LDAP_ would not be readable anymore. - -#### Probes - -`gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` -have been removed. - -They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe` -and `gitea.startupProbe` which are now fully configurable and used _as-is_ for -a Chart deployment. -If you have customized their values instead of using the `custom` prefixed settings, -please ensure that you remove the `enabled` property from each of them. - -In case you want to disable one of these probes, let's say the `livenessProbe`, add -the following to your values. The `podAnnotation` is just there to have a bit more -context. - -```diff -gitea: -+ livenessProbe: - podAnnotations: {} -``` - -#### Multiple OAuth and LDAP authentication sources - -With `5.0.0` of this Chart it is now possible to configure Gitea with multiple -OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration -in your customized `values.yaml` by replacing the object with settings to a list -of settings objects. See [OAuth2 Settings](#oauth2-settings) and -[LDAP Settings](#ldap-settings) section for details. - -### To 4.0.0 - -#### Ingress changes - -To provide a more flexible Ingress configuration we now support not only host -settings but also provide configuration for the path and pathType. So this -change changes the hosts from a simple string list, to a list containing a more -complex object for more configuration. - -```diff -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" -- hosts: -- - git.example.com -+ hosts: -+ - host: git.example.com -+ paths: -+ - path: / -+ pathType: Prefix - tls: [] - # - secretName: chart-example-tls - # hosts: - # - git.example.com -``` - -If you want everything as it was before, you can simply add the following code -to all your host entries. - -```yaml -paths: - - path: / - pathType: Prefix -``` - -#### Dropped kebab-case support - -In 3.x.x it was possible to provide an ldap configuration via kebab-case, this -support has now been dropped and only camel case is supported. See [LDAP -section](#ldap-settings) for more information. - -#### Dependency update - -The chart comes with multiple databases and Memcached as dependency, the latest -release updated the dependencies. - -- Memcached: `4.2.20` -> `5.9.0` -- PostgreSQL: `9.7.2` -> `10.3.17` -- MariaDB: `8.0.0` -> `9.3.6` - -If you're using the builtin databases you will most likely redeploy the chart in -order to update the database correctly. - -#### Execution of initPreScript - -Generally spoken, this might not be a breaking change, but it is worth to be -mentioned. - -Prior to `4.0.0` only one init container was used to both setup directories and -configure Gitea. As of now the actual Gitea configuration is separated from the -other pre-execution. This also includes the execution of _initPreScript_. If you -have such script, please be aware of this. Dynamically prepare the Gitea setup -during execution by e.g. adding environment variables to the execution context -won't work anymore. - -### Misc - -#### Gitea Version 1.14.X repository ROOT - -Previously the ROOT folder for the Gitea repositories was located at -`/data/git/gitea-repositories`. In version `1.14` has the path been changed to -`/data/gitea-repositories`. - -This chart will set the `gitea.config.repository.ROOT` value default to -`/data/git/gitea-repositories`. diff --git a/gitea/templates/_helpers.tpl b/gitea/templates/_helpers.tpl index cc73693..2e258fa 100644 --- a/gitea/templates/_helpers.tpl +++ b/gitea/templates/_helpers.tpl @@ -1,4 +1,3 @@ -{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} @@ -91,14 +90,6 @@ app.kubernetes.io/name: {{ include "gitea.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} -{{- define "postgresql.dns" -}} -{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}} -{{- end -}} - -{{- define "memcached.dns" -}} -{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{- define "gitea.default_domain" -}} {{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -215,7 +206,6 @@ https {{- define "gitea.inline_configuration.defaults" -}} {{- include "gitea.inline_configuration.defaults.server" . -}} - {{- include "gitea.inline_configuration.defaults.database" . -}} {{- if not .Values.gitea.config.repository.ROOT -}} {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} @@ -226,13 +216,6 @@ https {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} - {{- if .Values.memcached.enabled -}} - {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} - {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}} - {{- if not (.Values.gitea.config.cache.HOST) -}} - {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}} - {{- end -}} - {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults.server" -}} @@ -278,31 +261,14 @@ https {{- end -}} {{- end -}} -{{- define "gitea.inline_configuration.defaults.database" -}} - {{- if .Values.postgresql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} - {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} - {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}} -{{- end -}} - {{- define "gitea.init-additional-mounts" -}} - {{- /* Honor the deprecated extraVolumeMounts variable when defined */ -}} {{- if gt (len .Values.extraInitVolumeMounts) 0 -}} {{- toYaml .Values.extraInitVolumeMounts -}} - {{- else if gt (len .Values.extraVolumeMounts) 0 -}} - {{- toYaml .Values.extraVolumeMounts -}} {{- end -}} {{- end -}} {{- define "gitea.container-additional-mounts" -}} - {{- /* Honor the deprecated extraVolumeMounts variable when defined */ -}} {{- if gt (len .Values.extraContainerVolumeMounts) 0 -}} {{- toYaml .Values.extraContainerVolumeMounts -}} - {{- else if gt (len .Values.extraVolumeMounts) 0 -}} - {{- toYaml .Values.extraVolumeMounts -}} {{- end -}} {{- end -}} diff --git a/gitea/templates/gitea/config.yaml b/gitea/templates/config.yaml similarity index 100% rename from gitea/templates/gitea/config.yaml rename to gitea/templates/config.yaml diff --git a/gitea/templates/gitea/deprecation.yaml b/gitea/templates/gitea/deprecation.yaml deleted file mode 100644 index 057c5bd..0000000 --- a/gitea/templates/gitea/deprecation.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.checkDeprecation -}} - {{/* CUSTOM PROBES */}} - {{- if .Values.gitea.customLivenessProbe -}} - {{- fail "`gitea.customLivenessProbe` does no longer exist. Please refer to the changelog and configure `gitea.livenessProbe` instead." -}} - {{- end -}} - {{- if .Values.gitea.customReadinessProbe -}} - {{- fail "`gitea.customReadinessProbe` does no longer exist. Please refer to the changelog and configure `gitea.readinessProbe` instead." -}} - {{- end -}} - {{- if .Values.gitea.customStartupProbe -}} - {{- fail "`gitea.customStartupProbe` does no longer exist. Please refer to the changelog and configure `gitea.startupProbe` instead." -}} - {{- end -}} - - {{/* LDAP SOURCES */}} - {{- if kindIs "map" .Values.gitea.ldap -}} - {{- fail "You can configure multiple LDAP sources. Please refer to the changelog and switch `gitea.ldap` from object to array notation." -}} - {{- end -}} - - {{/* OAUTH SOURCES */}} - {{- if kindIs "map" .Values.gitea.oauth -}} - {{- fail "You can configure multiple OAuth sources. Please refer to the changelog and switch `gitea.oauth` from object to array notation." -}} - {{- end -}} - - {{/* BUILTIN */}} - {{- if .Values.gitea.cache -}} - {{- if .Values.gitea.cache.builtIn -}} - {{- fail "`gitea.cache.builtIn` does no longer exist. Please use `memcached` at root level instead." -}} - {{- end -}} - {{- end -}} - {{- if .Values.gitea.database -}} - {{- if .Values.gitea.database.builtIn -}} - {{- fail "`gitea.database.builtIn` does no longer exist. Builtin databases can be configured inside the dependencies itself. Please refer to the changelog." -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/gitea/templates/gitea/http-svc.yaml b/gitea/templates/http-svc.yaml similarity index 100% rename from gitea/templates/gitea/http-svc.yaml rename to gitea/templates/http-svc.yaml diff --git a/gitea/templates/gitea/ingress.yaml b/gitea/templates/ingress.yaml similarity index 100% rename from gitea/templates/gitea/ingress.yaml rename to gitea/templates/ingress.yaml diff --git a/gitea/templates/gitea/init.yaml b/gitea/templates/init.yaml similarity index 100% rename from gitea/templates/gitea/init.yaml rename to gitea/templates/init.yaml diff --git a/gitea/templates/gitea/servicemonitor.yaml b/gitea/templates/servicemonitor.yaml similarity index 100% rename from gitea/templates/gitea/servicemonitor.yaml rename to gitea/templates/servicemonitor.yaml diff --git a/gitea/templates/gitea/ssh-svc.yaml b/gitea/templates/ssh-svc.yaml similarity index 100% rename from gitea/templates/gitea/ssh-svc.yaml rename to gitea/templates/ssh-svc.yaml diff --git a/gitea/templates/gitea/statefulset.yaml b/gitea/templates/statefulset.yaml similarity index 99% rename from gitea/templates/gitea/statefulset.yaml rename to gitea/templates/statefulset.yaml index ed9a887..a8395b8 100644 --- a/gitea/templates/gitea/statefulset.yaml +++ b/gitea/templates/statefulset.yaml @@ -20,7 +20,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} {{- range $idx, $value := .Values.gitea.ldap }} checksum/ldap_{{ $idx }}: {{ include "gitea.ldap_settings" (list $idx $value) | sha256sum }} {{- end }} diff --git a/gitea/templates/tests/test-http-connection.yaml b/gitea/templates/tests/test-http-connection.yaml deleted file mode 100644 index 7fab1b7..0000000 --- a/gitea/templates/tests/test-http-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "gitea.fullname" . }}-test-connection" - labels: -{{ include "gitea.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}'] - restartPolicy: Never diff --git a/gitea/values.yaml b/gitea/values.yaml index 6c3cfea..2bd7c23 100644 --- a/gitea/values.yaml +++ b/gitea/values.yaml @@ -1,87 +1,27 @@ -# Default values for gitea. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -## @section Global -# -## @param global.imageRegistry global image registry override -## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` -## @param global.storageClass global storage class override global: imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## imagePullSecrets: [] storageClass: "" -## @param replicaCount number of replicas for the statefulset replicaCount: 1 -## @param clusterDomain cluster domain clusterDomain: cluster.local -## @section Image -## @param image.registry image registry, e.g. gcr.io,docker.io -## @param image.repository Image to start for this pod -## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. -## @param image.pullPolicy Image pull policy -## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher image: registry: "" repository: gitea/gitea - # Overrides the image tag whose default is the chart appVersion. tag: "" pullPolicy: Always - rootless: true # only possible when running 1.14 or later + rootless: true -## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] -## @section Security -# Security context is only usable with rootless image due to image design -## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. podSecurityContext: fsGroup: 1000 -## @param containerSecurityContext Security context containerSecurityContext: {} -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# # Add the SYS_CHROOT capability for root and rootless images if you intend to -# # run pods on nodes that use the container runtime cri-o. Otherwise, you will -# # get an error message from the SSH server that it is not possible to read from -# # the repository. -# # https://gitea.com/gitea/helm-chart/issues/161 -# add: -# - SYS_CHROOT -# privileged: false -# readOnlyRootFilesystem: true -# runAsGroup: 1000 -# runAsNonRoot: true -# runAsUser: 1000 -## @depracated The securityContext variable has been split two: -## - containerSecurityContext -## - podSecurityContext. -## @param securityContext Run init and Gitea containers as a specific securityContext -securityContext: {} - -## @section Service service: - ## @param service.http.type Kubernetes service type for web traffic - ## @param service.http.port Port number for web traffic - ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None - ## @param service.http.loadBalancerIP LoadBalancer IP setting - ## @param service.http.nodePort NodePort for http service - ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation - ## @param service.http.externalIPs External IPs for service - ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy - ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). - ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer - ## @param service.http.annotations HTTP service annotations http: type: ClusterIP port: 3000 @@ -94,18 +34,7 @@ service: ipFamilies: loadBalancerSourceRanges: [] annotations: {} - ## @param service.ssh.type Kubernetes service type for ssh traffic - ## @param service.ssh.port Port number for ssh traffic - ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None - ## @param service.ssh.loadBalancerIP LoadBalancer IP setting - ## @param service.ssh.nodePort NodePort for ssh service - ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation - ## @param service.ssh.externalIPs External IPs for service - ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy - ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). - ## @param service.ssh.hostPort HostPort for ssh service - ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer - ## @param service.ssh.annotations SSH service annotations + ssh: type: ClusterIP port: 22 @@ -120,17 +49,6 @@ service: loadBalancerSourceRanges: [] annotations: {} - -## @section Ingress -## @param ingress.enabled Enable ingress -## @param ingress.className Ingress class name -## @param ingress.annotations Ingress annotations -## @param ingress.hosts[0].host Default Ingress host -## @param ingress.hosts[0].paths[0].path Default Ingress path -## @param ingress.hosts[0].paths[0].pathType Ingress path type -## @param ingress.tls Ingress tls settings -## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. - ingress: enabled: true annotations: @@ -154,61 +72,30 @@ ingress: hosts: - gitea.jamma.dev -## @section StatefulSet -# -## @param resources Kubernetes resources -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi +resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -## @param schedulerName Use an alternate scheduler, e.g. "stork" schedulerName: "" -## @param nodeSelector NodeSelector for the statefulset nodeSelector: {} -## @param tolerations Tolerations for the statefulset tolerations: [] -## @param affinity Affinity for the statefulset affinity: {} -## @param dnsConfig dnsConfig for the statefulset dnsConfig: {} -## @param statefulset.env Additional environment variables to pass to containers -## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod -## @param statefulset.labels Labels for the statefulset -## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created statefulset: env: [] - # - name: VARIABLE - # value: my-value terminationGracePeriodSeconds: 60 labels: {} annotations: {} -## @section Persistence -# -## @param persistence.enabled Enable persistent storage -## @param persistence.existingClaim Use an existing claim to store repository information -## @param persistence.size Size for persistence to store repo information -## @param persistence.accessModes AccessMode for persistence -## @param persistence.labels Labels for the persistence volume claim to be created -## @param persistence.annotations Annotations for the persistence volume claim to be created -## @param persistence.storageClass Name of the storage class to use -## @param persistence.subPath Subdirectory of the volume to mount at persistence: enabled: true existingClaim: @@ -220,139 +107,46 @@ persistence: storageClass: subPath: -## @param extraVolumes Additional volumes to mount to the Gitea statefulset extraVolumes: [] -# - name: postgres-ssl-vol -# secret: -# secretName: gitea-postgres-ssl -## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. extraContainerVolumeMounts: [] -## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. extraInitVolumeMounts: [] -## @depracated The extraVolumeMounts variable has been split two: -## - extraContainerVolumeMounts -## - extraInitVolumeMounts -## As an example, can be used to mount a client cert when connecting to an external Postgres server. -## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container -extraVolumeMounts: [] -# - name: postgres-ssl-vol -# readOnly: true -# mountPath: "/pg-ssl" - -## @section Init -## @param initPreScript Bash shell script copied verbatim to the start of the init-container. initPreScript: "" -# -# initPreScript: | -# mkdir -p /data/git/.postgresql -# cp /pg-ssl/* /data/git/.postgresql/ -# chown -R git:git /data/git/.postgresql/ -# chmod 400 /data/git/.postgresql/postgresql.key -# Configure commit/action signing prerequisites -## @section Signing -# -## @param signing.enabled Enable commit/action signing -## @param signing.gpgHome GPG home directory signing: enabled: false gpgHome: /data/git/.gnupg -## @section Gitea -# gitea: - ## @param gitea.admin.username Username for the Gitea admin user - ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials - ## @param gitea.admin.password Password for the Gitea admin user - ## @param gitea.admin.email Email for the Gitea admin user admin: - #existingSecret: gitea-admin-secret existingSecret: - username: gitea_admin - password: - email: "gitea@local.domain" + username: jmhbnz + password: placeholder + email: "placeholder@jamma.dev" - ## @param gitea.metrics.enabled Enable Gitea metrics - ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor metrics: enabled: false serviceMonitor: enabled: false - # additionalLabels: - # prometheus-release: prom1 - ## @param gitea.ldap LDAP configuration ldap: [] - # - name: "LDAP 1" - # existingSecret: - # securityProtocol: - # host: - # port: - # userSearchBase: - # userFilter: - # adminFilter: - # emailAttribute: - # bindDn: - # bindPassword: - # usernameAttribute: - # publicSSHKeyAttribute: - # Either specify inline `key` and `secret` or refer to them via `existingSecret` - ## @param gitea.oauth OAuth configuration oauth: [] - # - name: 'OAuth 1' - # provider: - # key: - # secret: - # existingSecret: - # autoDiscoverUrl: - # useCustomUrls: - # customAuthUrl: - # customTokenUrl: - # customProfileUrl: - # customEmailUrl: - ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) config: cache: ENABLED: false database: DB_TYPE: sqlite3 - # APP_NAME: "Gitea: Git with a cup of tea" - # RUN_MODE: dev - # - # server: - # SSH_PORT: 22 - # - # security: - # PASSWORD_COMPLEXITY: spec - ## @param gitea.additionalConfigSources Additional configuration from secret or configmap additionalConfigSources: [] - # - secret: - # secretName: gitea-app-ini-oauth - # - configMap: - # name: gitea-app-ini-plaintext - ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables additionalConfigFromEnvs: [] - ## @param gitea.podAnnotations Annotations for the Gitea pod podAnnotations: {} - ## @section LivenessProbe - # - ## @param gitea.livenessProbe.enabled Enable liveness probe - ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness - ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated - ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe - ## @param gitea.livenessProbe.periodSeconds Period for liveness probe - ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe - ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe - # Modify the liveness probe for your needs or completely disable it by commenting out. livenessProbe: enabled: true tcpSocket: @@ -363,16 +157,6 @@ gitea: successThreshold: 1 failureThreshold: 10 - ## @section ReadinessProbe - # - ## @param gitea.readinessProbe.enabled Enable readiness probe - ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness - ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated - ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe - ## @param gitea.readinessProbe.periodSeconds Period for readiness probe - ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe - ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe - # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: enabled: true tcpSocket: @@ -383,16 +167,6 @@ gitea: successThreshold: 1 failureThreshold: 3 - # # Uncomment the startup probe to enable and modify it for your needs. - ## @section StartupProbe - # - ## @param gitea.startupProbe.enabled Enable startup probe - ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup - ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated - ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe - ## @param gitea.startupProbe.periodSeconds Period for startup probe - ## @param gitea.startupProbe.successThreshold Success threshold for startup probe - ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe startupProbe: enabled: false tcpSocket: @@ -402,81 +176,3 @@ gitea: periodSeconds: 10 successThreshold: 1 failureThreshold: 10 - -## @section Memcached -# -## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. -## @param memcached.service.port Port for Memcached -memcached: - enabled: false - service: - port: 11211 - -## @section PostgreSQL -# -## @param postgresql.enabled Enable PostgreSQL -## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase) -## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername) -## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword) -## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port) -## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume -postgresql: - enabled: false - global: - postgresql: - postgresqlDatabase: gitea - postgresqlUsername: gitea - postgresqlPassword: gitea - servicePort: 5432 - persistence: - size: 10Gi - -## @section MySQL -# -## @param mysql.enabled Enable MySQL -## @param mysql.root.password Password for the root user. Ignored if existing secret is provided -## @param mysql.db.user Username of new user to create. -## @param mysql.db.password Password for the new user.Ignored if existing secret is provided -## @param mysql.db.name Name for new database to create. -## @param mysql.service.port Port to connect to MySQL service -## @param mysql.persistence.size PVC Storage Request for MySQL volume -mysql: - enabled: false - root: - password: gitea - db: - user: gitea - password: gitea - name: gitea - service: - port: 3306 - persistence: - size: 10Gi - -## @section MariaDB -# -## @param mariadb.enabled Enable MariaDB -## @param mariadb.auth.database Name of the database to create. -## @param mariadb.auth.username Username of the new user to create. -## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided -## @param mariadb.auth.rootPassword Password for the root user. -## @param mariadb.primary.service.port Port to connect to MariaDB service -## @param mariadb.primary.persistence.size Persistence size for MariaDB -mariadb: - enabled: false - auth: - database: gitea - username: gitea - password: gitea - rootPassword: gitea - primary: - service: - port: 3306 - persistence: - size: 10Gi - -# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. -# Set it to false to skip this basic validation check. -## @section Advanced -## @param checkDeprecation Set it to false to skip this basic validation check. -checkDeprecation: true