jmhbnz/charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Start updating gitea for 1.20.0.

Browse Source
This commit is contained in:
James Blair
2023-07-17 11:44:04 +12:00
parent 15bd06870c
commit 985d21c009
4 changed files with 109 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
gitea/templates/config.yaml
View File

@ -53,14 +53,14 @@ stringData:
env2ini::log " + '${setting}'" env2ini::log " + '${setting}'"
if [[ -z "${section}" ]]; then if [[ -z "${section}" ]]; then
export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase
return return
fi fi
local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches
masked_section="${masked_section//-/_0X2D_}" masked_section="${masked_section//-/_0X2D_}"
export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
} }
function env2ini::reload_preset_envs() { function env2ini::reload_preset_envs() {
@ -134,15 +134,15 @@ stringData:
# - initially used to set up Gitea # - initially used to set up Gitea
# Anyway, they won't harm existing app.ini files # Anyway, they won't harm existing app.ini files
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
env2ini::log "...Initial secrets generated\n" env2ini::log "...Initial secrets generated\n"
} }
env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs
# MUST BE CALLED BEFORE OTHER CONFIGURATION # MUST BE CALLED BEFORE OTHER CONFIGURATION
env2ini::generate_initial_secrets env2ini::generate_initial_secrets
@ -163,10 +163,10 @@ stringData:
env2ini::log ' - oauth2.JWT_SECRET' env2ini::log ' - oauth2.JWT_SECRET'
env2ini::log ' - server.LFS_JWT_SECRET' env2ini::log ' - server.LFS_JWT_SECRET'
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN unset GITEA__SECURITY__INTERNAL_TOKEN
unset ENV_TO_INI__SECURITY__SECRET_KEY unset GITEA__SECURITY__SECRET_KEY
unset ENV_TO_INI__OAUTH2__JWT_SECRET unset GITEA__OAUTH2__JWT_SECRET
unset ENV_TO_INI__SERVER__LFS_JWT_SECRET unset GITEA__SERVER__LFS_JWT_SECRET
fi fi
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI environment-to-ini -o $GITEA_APP_INI

17
gitea/templates/init.yaml
View File

@ -6,6 +6,11 @@ metadata:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
type: Opaque type: Opaque
stringData: stringData:
configure_gpg_environment.sh: |-
#!/usr/bin/env bash
set -eu
gpg --batch --import /raw/private.asc
init_directory_structure.sh: |- init_directory_structure.sh: |-
#!/usr/bin/env bash #!/usr/bin/env bash
@ -26,7 +31,7 @@ stringData:
{{- end }} {{- end }}
mkdir -p /data/git/.ssh mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea ] && mkdir -p /data/gitea/conf [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
# prepare temp directory structure # prepare temp directory structure
mkdir -p "${GITEA_TEMP}" mkdir -p "${GITEA_TEMP}"
@ -35,6 +40,14 @@ stringData:
{{- end }} {{- end }}
chmod ug+rwx "${GITEA_TEMP}" chmod ug+rwx "${GITEA_TEMP}"
{{ if .Values.signing.enabled -}}
if [ ! -d "${GNUPGHOME}" ]; then
mkdir -p "${GNUPGHOME}"
chmod 700 "${GNUPGHOME}"
chown 1000:1000 "${GNUPGHOME}"
fi
{{- end }}
configure_gitea.sh: |- configure_gitea.sh: |-
#!/usr/bin/env bash #!/usr/bin/env bash
@ -113,4 +126,4 @@ stringData:
configure_oauth configure_oauth
echo '==== END GITEA CONFIGURATION ====' echo '==== END GITEA CONFIGURATION ===='

75
gitea/templates/statefulset.yaml
View File

@ -39,6 +39,12 @@ spec:
{{- if .Values.schedulerName }} {{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}" schedulerName: "{{ .Values.schedulerName }}"
{{- end }} {{- end }}
{{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }}
serviceAccountName: {{ include "gitea.serviceAccountName" . }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- include "gitea.images.pullSecrets" . | nindent 6 }} {{- include "gitea.images.pullSecrets" . | nindent 6 }}
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
@ -59,6 +65,10 @@ spec:
{{- if .Values.statefulset.env }} {{- if .Values.statefulset.env }}
{{- toYaml .Values.statefulset.env | nindent 12 }} {{- toYaml .Values.statefulset.env | nindent 12 }}
{{- end }} {{- end }}
{{- if .Values.signing.enabled }}
- name: GNUPGHOME
value: {{ .Values.signing.gpgHome }}
{{- end }}
volumeMounts: volumeMounts:
- name: init - name: init
mountPath: /usr/sbin mountPath: /usr/sbin
@ -72,6 +82,8 @@ spec:
{{- include "gitea.init-additional-mounts" . | nindent 12 }} {{- include "gitea.init-additional-mounts" . | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 12 }} {{- toYaml .Values.containerSecurityContext | nindent 12 }}
resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }}
- name: init-app-ini - name: init-app-ini
image: "{{ include "gitea.image" . }}" image: "{{ include "gitea.image" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
@ -110,6 +122,40 @@ spec:
{{- include "gitea.init-additional-mounts" . | nindent 12 }} {{- include "gitea.init-additional-mounts" . | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 12 }} {{- toYaml .Values.containerSecurityContext | nindent 12 }}
resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }}
{{- if .Values.signing.enabled }}
- name: configure-gpg
image: "{{ include "gitea.image" . }}"
command: ["/usr/sbin/configure_gpg_environment.sh"]
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
{{- $csc := deepCopy .Values.containerSecurityContext -}}
{{- if not (hasKey $csc "runAsUser") -}}
{{- $_ := set $csc "runAsUser" 1000 -}}
{{- end -}}
{{- toYaml $csc | nindent 12 }}
env:
- name: GNUPGHOME
value: {{ .Values.signing.gpgHome }}
volumeMounts:
- name: init
mountPath: /usr/sbin
- name: data
mountPath: /data
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
- name: gpg-private-key
mountPath: /raw
readOnly: true
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }}
{{- end }}
- name: configure-gitea - name: configure-gitea
image: "{{ include "gitea.image" . }}" image: "{{ include "gitea.image" . }}"
command: ["/usr/sbin/configure_gitea.sh"] command: ["/usr/sbin/configure_gitea.sh"]
@ -130,6 +176,10 @@ spec:
value: /data value: /data
- name: GITEA_TEMP - name: GITEA_TEMP
value: /tmp/gitea value: /tmp/gitea
{{- if .Values.image.rootless }}
- name: HOME
value: /data/gitea/git
{{- end }}
{{- if .Values.gitea.ldap }} {{- if .Values.gitea.ldap }}
{{- range $idx, $value := .Values.gitea.ldap }} {{- range $idx, $value := .Values.gitea.ldap }}
{{- if $value.existingSecret }} {{- if $value.existingSecret }}
@ -198,6 +248,8 @@ spec:
subPath: {{ .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }}
{{- end }} {{- end }}
{{- include "gitea.init-additional-mounts" . | nindent 12 }} {{- include "gitea.init-additional-mounts" . | nindent 12 }}
resources:
{{- toYaml .Values.initContainers.resources | nindent 12 }}
terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
@ -209,6 +261,10 @@ spec:
value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }} value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
- name: SSH_PORT - name: SSH_PORT
value: {{ .Values.gitea.config.server.SSH_PORT | quote }} value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
{{- if not .Values.image.rootless }}
- name: SSH_LOG_LEVEL
value: {{ .Values.gitea.ssh.logLevel | quote }}
{{- end }}
- name: GITEA_APP_INI - name: GITEA_APP_INI
value: /data/gitea/conf/app.ini value: /data/gitea/conf/app.ini
- name: GITEA_CUSTOM - name: GITEA_CUSTOM
@ -219,6 +275,10 @@ spec:
value: /tmp/gitea value: /tmp/gitea
- name: TMPDIR - name: TMPDIR
value: /tmp/gitea value: /tmp/gitea
{{- if .Values.image.rootless }}
- name: HOME
value: /data/gitea/git
{{- end }}
{{- if .Values.signing.enabled }} {{- if .Values.signing.enabled }}
- name: GNUPGHOME - name: GNUPGHOME
value: {{ .Values.signing.gpgHome }} value: {{ .Values.signing.gpgHome }}
@ -268,6 +328,10 @@ spec:
subPath: {{ .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }}
{{- end }} {{- end }}
{{- include "gitea.container-additional-mounts" . | nindent 12 }} {{- include "gitea.container-additional-mounts" . | nindent 12 }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@ -305,6 +369,15 @@ spec:
{{- end }} {{- end }}
- name: temp - name: temp
emptyDir: {} emptyDir: {}
{{- if .Values.signing.enabled }}
- name: gpg-private-key
secret:
secretName: {{ include "gitea.gpg-key-secret-name" . }}
items:
- key: privateKey
path: private.asc
defaultMode: 0100
{{- end }}
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data - name: data
persistentVolumeClaim: persistentVolumeClaim:
@ -339,4 +412,4 @@ spec:
resources: resources:
requests: requests:
storage: {{ .Values.persistence.size | quote }} storage: {{ .Values.persistence.size | quote }}
{{- end }} {{- end }}

8
gitea/values.yaml
View File

@ -72,6 +72,14 @@ ingress:
hosts: hosts:
- gitea.jamma.dev - gitea.jamma.dev
serviceAccount:
create: false
name: ""
automountServiceAccountToken: false
imagePullSecrets: []
annotations: {}
labels: {}
resources: resources:
limits: limits:
cpu: 1 cpu: 1