bartvdbraak/helm-chart
1
0
Fork 0
forked from lunny/helm-chart
Code Pull Requests 1 Activity
216 Commits 2 Branches 107 Tags
87c59b2fca7f97a361564dcf988c0e725693da50
Commit Graph

216 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mattkaar
0e191bfc7a Support custom Ingress path (#151) 
Adds support for a custom Ingress path. This allows us to run Gitea as a path in an existing domain.

Co-authored-by: Matt Kaar <mkaar@cert.org>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/151
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: mattkaar <mattkaar@noreply.gitea.io>
Co-committed-by: mattkaar <mattkaar@noreply.gitea.io>
 2021-06-25 02:28:45 +08:00
justusbunsi
d6eb50ca35 Fix admin + ldap configuration (#183) 
This fixes several flaws introduced by commits for #169 (see c49dc047a4).

 - Respect kebab-case ldap bind inline definition
 - Prevent camelCase ldap bind inline definition from being overridden by empty string
 - Create admin account when `existingSecret` is used

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/183
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-06-21 21:28:18 +08:00
justusbunsi
f0ed41de9e Fix minor README flaws (#184) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/184
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-06-20 03:35:21 +08:00
luhahn
f344b4559d Upgrade Gitea dependencies (#141) 
- postgresql 9.7.2 to 10.3.17
- mariadb 8.0.0 to 9.3.6
- memcached 4.2.20 to 5.9.0

Tested on my clusters.

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/141
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-06-16 05:09:02 +08:00
luhahn
e3b03cd61a Fix LDAP Ppassword env variable (#182) 
Fixes: #179

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/182
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-06-16 05:07:59 +08:00
luhahn
c49dc047a4 Allow existing secrets for passwords (#170) 
Allow admin user and password to be configured via existing secrets

Allow LDAP bindDn and bindPassword to be configured via existing secrets

Update Readme

Fixes: #169

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/170
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
v3.1.4 		2021-06-10 19:13:33 +08:00
justusbunsi
6e841e6e26 Fix regression for creating repositories in root-based containers (#172) 
Due to #160 it was no longer possible to create repositories in root-based containers. This was caused by the missing `/tmp/gitea` directory in that image. It was dynamically created by Gitea internal functionality with less privileges than necessary.

Explicitly creating the directory and set proper permissions fix this.

Fixes: #171

Co-authored-by: JustusBunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/172
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
v3.1.3 		2021-06-09 22:35:50 +08:00
luhahn
f0070ef64b Add check on chown in init container (#165) 
The chown in the init container will fail in the rootles image.
Checking if the image is rootless or not will prevent this error noise.

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/165
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-06-09 19:42:49 +08:00
techknowlogick
6b8b64f607 use new s3 bucket for artifacts v3.1.2 2021-06-08 02:05:07 +08:00
techknowlogick
6fa80222a6 update to latest v of alpine v3.1.1 2021-06-08 02:02:59 +08:00
techknowlogick
031b58c90e update docs for 1.14.2 
Signed-off-by: techknowlogick <techknowlogick@gitea.io>
v3.1.0 		2021-06-08 01:55:05 +08:00
luhahn
178bc0ab79 Improve http service and update Readme (#167) 
This PR adds some options for the http service:

- loadBalancerIP
- nodePort
- externalTrafficPolicy
- externalIPs

Also updated the README and values.yml with the values.

Added storageClass explanation in README and empty value in values.yml

Fixes: #162

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/167
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-06-08 01:53:01 +08:00
modzilla
441f0748e9 Fixing prometheus monitoring (#157) 
At least the latest versions of prometheus watch for a label called "release" and not "prometheus" so with that change prometheus started collecting logs.

If that old label is still needed, we / I could change it to add entries from "additionalLabels", so that we are quite flexible and don't have breaking changes.

Co-authored-by: Justin Lamp <jlamp@vater-gruppe.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/157
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: modzilla <modzilla@noreply.gitea.io>
Co-committed-by: modzilla <modzilla@noreply.gitea.io>
 2021-06-07 22:28:28 +08:00
justusbunsi
5ab596937a Fix rootless image usage with enhanced security-context (#160) 
I've noticed that the commented `securityContext` is not really useable with the rootless image due to different directory structure compared to the default image.

Important for the `readOnlyRootFilesystem` is to declare the `TMPDIR` environment variable, so that the tmp directory (which is readonly in this case) won't be used. Instead, another writeable directory can be used.

Another thing is the explicit hint that all these security options cannot be used with the default (root-based) image, because of its design.

~~Although this PR would fix the referenced issue, I am not totally happy with the current implementation. It would be more straight forward to use the same mount points for both image variants. Unfortunately, this is not possible right now due to hard coded paths in the default (root) image startup scripts.~~

~~Anyone have suggestions on how this could be more simple?~~

-------

**Sum-up:**
As mentioned in Discord, this PR tried to make too many changes. The necessary changes made in 1f331a7e6577fc798196a84a957330aca0d663cd will fix an error that occurs due to restricted access to the `/tmp` directory in a rootless image with all the `securityContext` options enabled.

I also updated the default image to 1.14.2.

Fixes: #158

Co-authored-by: JustusBunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/160
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-06-07 21:27:25 +08:00
mrdima
5b5ea7173a Add value option to define schedulerName (#150) 
For those who have a need to configure the schedulerName like us, make this an option just as it is for example in the postgres chart

Co-authored-by: Dimitri Ars <dimitri.ars@kpn.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/150
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: mrdima <mrdima@noreply.gitea.io>
Co-committed-by: mrdima <mrdima@noreply.gitea.io>
 2021-06-07 16:41:16 +08:00
luhahn
b88bbd6d4d gitea-1.14.x-updates (#148) 
This PR includes the changes from:

- https://gitea.com/gitea/helm-chart/pulls/129
- https://gitea.com/gitea/helm-chart/pulls/140

In addition it adds the possibility to include secrets via environment variables as mentioned in #60

Co-authored-by: Hans Kristian Flaatten <hans.flaatten@evry.com>
Co-authored-by: flavio.prado <flavio.prado@noreply.gitea.io>
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/148
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
v3.0.0 		2021-04-29 17:12:48 +08:00
luhahn
2b01e6ece6 Fix permissions on external mounts (#144) 
Co-authored-by: luhahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/144
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
v2.2.5 		2021-04-19 20:30:02 +08:00
techknowlogick
c742b5dbc3 1.13.7 (#139) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/139
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
v2.2.4 		2021-04-12 15:58:17 +08:00
luhahn
ec8a26ecfc Update Gitea version to 1.13.5 (#134) 
Co-authored-by: luhahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/134
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
v2.2.3 		2021-03-22 21:01:33 +08:00
kaipmdh
8d8dd0d84e Update README.md for typo fixes and grammar (#131) 
Minor changes to grammar, minor typo fixes.

Signed-off-by: kaipmdh <kaipmdh@noreply.gitea.io>

Co-authored-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/131
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: kaipmdh <kaipmdh@noreply.gitea.io>
Co-committed-by: kaipmdh <kaipmdh@noreply.gitea.io>
 2021-03-17 08:09:44 +08:00
Nakrez
0f1e991889 Add possibiliy to define statefulset labels (#130) 
This change adds a new value *statefulset.labels* to allow the user to add custom labels to the StatefulSet.

An example of where this could be useful is if gitea's pvc is stored on OpenEBS. With this new option, the user can add the extra *openebs.io/sts-target-affinity* label to specify that the volume target pod should run on the same node as gitea's StatefulSet.

Co-authored-by: Baptiste Covolato <b.covolato@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/130
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Nakrez <nakrez@noreply.gitea.io>
Co-committed-by: Nakrez <nakrez@noreply.gitea.io>
 2021-03-17 08:07:42 +08:00
Nakrez
1eb0eee3bc Make the chart work with a sqlite3 database (#124) 
There are currently 2 issues that prevent using this chart to deploy gitea with a SQLite3 database.

1) The value from *gitea.config.database.HOST* is used to set *db.servicename* when  all the databases under *gitea.database.buildIn* are not enabled. This causes a type error during the template processing:
`Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:24:20: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:64:31: executing "db.servicename" at <.Values.gitea.config.database.HOST>: wrong type for value; expected string; got interface {}`

2) In *init_gitea.sh*, we use the value *db.servicename* and *db.port* to ping the database. If this database responds to ping, we proceed with the init. The problem here is that *db.port* is not set when all the databases under *gitea.database.buildIn* are disabled. In turn, this raises an error from busybox's *nc*, because no parameter is passed for *PORT*. This causes the init container to go in *CrashLoopBackOff* forever.

The simple fix that is proposed in this PR is to check wether or not *.Values.gitea.config.database.DB_TYPE* is set to determine the value *db.servicename*. If *DB_TYPE* is *'sqlite3'*, leave *db.servicename* empty and use that to bypass the database ping.

Co-authored-by: Baptiste Covolato <b.covolato@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/124
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: Nakrez <nakrez@noreply.gitea.io>
Co-committed-by: Nakrez <nakrez@noreply.gitea.io>
v2.2.2 		2021-03-04 16:43:52 +08:00
luhahn
9106d68cdc Fix ServiceMonitor selector labels (#125) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/125
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
v2.2.1 		2021-03-02 17:10:38 +08:00
Michael Kriese
551f4e312e Allow override kubernetes probes (#117) 
- Allow overriding liveness and readiness probe
- Add optional startup probe

closes #118

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/117
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
v2.2.0 		2021-03-01 22:46:05 +08:00
Dunky13
d1c58a2e77 OAuth2 configuration options (#123) 
I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request.

Hope it can help others.

Co-authored-by: Marc Went <marc.went+git@redkubes.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Dunky13 <dunky13@noreply.gitea.io>
Co-committed-by: Dunky13 <dunky13@noreply.gitea.io>
 2021-03-01 20:24:11 +08:00
Starefossen
9213f0d1f5 Add app and version labels (#121) 
This pull request adds the `app` and `version` labels that are used by Istio.

> Pods with app and version labels: We recommend adding an explicit app label and version label to the specification of the pods deployed using a Kubernetes Deployment. The app and version labels add contextual information to the metrics and telemetry that Istio collects.
>
> * The app label: Each deployment should have a distinct app label with a meaningful value. The app label is used to add contextual information in distributed tracing.
>
> * The version label: This label indicates the version of the application corresponding to the particular deployment.

From https://istio.io/latest/docs/ops/deployment/requirements/#pod-requirements

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/121
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Starefossen <starefossen@noreply.gitea.io>
Co-committed-by: Starefossen <starefossen@noreply.gitea.io>
 2021-03-01 20:20:55 +08:00
Starefossen
7ed82c7a63 Add ServiceMonitor Prometheus selector label (#116) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/116
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Starefossen <starefossen@noreply.gitea.io>
Co-committed-by: Starefossen <starefossen@noreply.gitea.io>
 2021-03-01 20:18:09 +08:00
martencassel
33903d8f6c Add support to run gitea with an optional securityContext (#115) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/115
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: martencassel <martencassel@noreply.gitea.io>
Co-committed-by: martencassel <martencassel@noreply.gitea.io>
 2021-03-01 20:16:49 +08:00
viceice
4682597b04 fix: quote admin password (#111) 
closes #110

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/111
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: viceice <viceice@noreply.gitea.io>
Co-committed-by: viceice <viceice@noreply.gitea.io>
 2021-02-17 17:45:18 +08:00
JosefWN
790d0405c2 Fix typo enabling pprof (#114) 
Nothing critical, but had a typo in the naming of the config entry to enable `pprof`.

Co-authored-by: josef <josef.nilsen@outlook.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/114
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: JosefWN <josefwn@noreply.gitea.io>
Co-committed-by: JosefWN <josefwn@noreply.gitea.io>
 2021-02-17 17:44:40 +08:00
JPRbrs
28e94f96e3 Add loadbalancersourceranges to ssh service (#105) 
SSH service might want to limit the a range of source IPs. LoadBalancerSourceRanges
enables to limit them just passing a list of CIDR addresses to whitelist

Co-authored-by: javier <perezrubio.javier@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/105
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: JPRbrs <jprbrs@noreply.gitea.io>
Co-committed-by: JPRbrs <jprbrs@noreply.gitea.io>
v2.1.11 		2021-02-05 04:42:42 +08:00
techknowlogick
b5ab7201d1 1.13.2 (#108) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/108
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
v2.1.10 		2021-02-05 01:46:55 +08:00
sanigo
4ad5cf1d19 Add sshPublicKeyAttribute attribute setting for ldap auth,and Allow setting labels and annotations for gitea pvc. (#76) 
1. sshPublicKeyAttribute is useful to sync ssh public keys from ldap.
2. It would be easier to set pvc annotations/labels for those who are using storage services from cloud providers.

Co-authored-by: 钱卫春 <qianwch@chinasofti.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/76
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: sanigo <sanigo@noreply.gitea.io>
Co-committed-by: sanigo <sanigo@noreply.gitea.io>
v2.1.9 		2021-01-22 16:24:37 +08:00
JosefWN
7f828e87f6 Add support for metrics and pprof (#100) 
Adds support for toggling support for `pprof` and metrics:

```yaml
gitea:
  pprofEnabled: true

  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
```

Co-authored-by: josef <josef.nilsen@outlook.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/100
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: JosefWN <josefwn@noreply.gitea.io>
Co-committed-by: JosefWN <josefwn@noreply.gitea.io>
v2.1.8 		2021-01-21 23:45:26 +08:00
petergardfjall
57479bdf37 enhancements to support postgres client-cert authentication (#47) 
This PR adds a few new chart features which adds to the flexibility of the chart.

- allow extra volumes to be mounted (such as secrets): 2f862c5a48
- pass environment variables also to the init-container: 7044049478
- allow a preparation script to be "injected" into the init-container: 6125a69345

As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret:

```
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: gitea-postgres-ssl
data:
  postgresql.crt: <base64...>
  postgresql.key: <base64...>
  root.crt: <base64...>
```

and then mounting this as a volume in Gitea using:

```
extraVolumes:
- name: postgres-ssl-vol
  secret:
    secretName: gitea-postgres-ssl

extraVolumeMounts:
- name: postgres-ssl-vol
  readOnly: true
  mountPath: "/pg-ssl"
```

To get the right permissions on the credentials, we'd use the `initPreScript`:

```
initPreScript: |
  # copy postgres client and CA cert from mount and
  # give proper permissions
  mkdir -p /data/git/.postgresql
  cp /pg-ssl/* /data/git/.postgresql/
  chown -R git:git /data/git/.postgresql/
  chmod 400 /data/git/.postgresql/postgresql.key
```

and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container):

```
statefulset:
  env:
  - name:  "PGSSLCERT"
    value: "/data/git/.postgresql/postgresql.crt"
  - name:  "PGSSLKEY"
    value: "/data/git/.postgresql/postgresql.key"
  - name:  "PGSSLROOTCERT"
    value: "/data/git/.postgresql/root.crt"
```

Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io>
Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io>
v2.1.7 		2021-01-20 19:28:39 +08:00
luhahn
0c8f226f1f Add ldap checksum (#101) 
Fixed an error in ldap port setting.

Added ldap checksum to deployment so chart will actually update on ldap changes.

Fixes: #99

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/101
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
v2.1.6 		2021-01-14 15:13:49 +08:00
fabioluciano
daba777e24 Update 'README.md' (#102) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/102
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: fabioluciano <fabioluciano@noreply.gitea.io>
Co-committed-by: fabioluciano <fabioluciano@noreply.gitea.io>
 2021-01-13 23:49:58 +08:00
techknowlogick
54cc78b43a 1.13.1 (#97) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/97
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
v2.1.5 		2021-01-02 13:07:11 +08:00
luhahn
94ee162ad5 Fix kebab-case bug in values (#89) 
Kebab case will fail because of the current ldap default values in values.yml as stated in #88

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/89
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
v2.1.4 		2020-12-28 03:26:51 +08:00
lafriks
9b2e76c9cf Move chart version to drone build using tag (#93) 
Move chart version to drone build using tag

Merge branch 'master' into feat/chart_version

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/93
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-Authored-By: lafriks <lafriks@noreply.gitea.io>
Co-Committed-By: lafriks <lafriks@noreply.gitea.io>
 2020-12-21 10:05:42 +08:00
lafriks
2c066d7c9e Use image tag instead of image version in values (#91) 
Use image tag instead of image version in values

Change to tenary function instead of if

Update description and add link to tag list

Fixup readme

Co-authored-by: Lauris BH <lauris@nix.lv>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/91
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-Authored-By: lafriks <lafriks@noreply.gitea.io>
Co-Committed-By: lafriks <lafriks@noreply.gitea.io>
 2020-12-21 06:53:45 +08:00
luhahn
2826258cfc Several Improvements to Helm Chart (#87) 
Improve ldap settings with helper function

Allow clusterIP for http service to be set, default to None

Use imagePullSecrets in statefulset now

Update default values

Update README

Bump Chart version

Co-authored-by: luhahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
v2.1.3 		2020-12-16 20:37:47 +08:00
luhahn
943eda6d5f Fix Ingress for Kubernetes 1.16 (#83) 
Fix ingress path type for 1.16

Bump chart version

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/83
Reviewed-by: 6543 <6543@obermui.de>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
v2.1.2 		2020-12-15 21:34:46 +08:00
luhahn
5311243a6e Fix admin user creation for gitea 1.13.0, chart version 2.1.0 (#80) 
Fix admin user creation for gitea 1.13.0

Add load balancer hint for ssh in README

Merge branch 'master' into fix-admin-user-creation

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/80
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
v2.1.1 		2020-12-10 17:16:13 +08:00
skuethe
1b21ce2810 Fix capabilities query for Ingress on 1.18 and older (#78) 
Co-authored-by: Sebastian Kuethe <sebastian.kuethe@she.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/78
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-Authored-By: skuethe <skuethe@noreply.gitea.io>
Co-Committed-By: skuethe <skuethe@noreply.gitea.io>
 2020-12-08 20:57:52 +08:00
techknowlogick
4fdf4ef41b Gitea 1.13.0 (#75) 
Gitea 1.13.0

Update 'README.md'

Update 'values.yaml'

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/75
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-Authored-By: techknowlogick <techknowlogick@gitea.io>
Co-Committed-By: techknowlogick <techknowlogick@gitea.io>
v2.1.0 		2020-12-07 07:54:10 +08:00
luhahn
63bc10e393 Fix Ingress (#70) 
Bump chart version to 2.0.7

Fix Ingress

- Ingress uses now .Capabilities.APIVersions.Has to compare the api version available
- Added pathType since it is required in v1 and optional in v1beta1

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/70
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
v2.0.7 		2020-11-26 17:01:16 +08:00
techknowlogick
fea1abddd9 2.0.6 v2.0.6 2020-11-26 10:10:41 +08:00
joelgallant
33ee018b52 Fixes access of Capabilities variable (#67) 
Fixes access of Capabilities variable

Co-authored-by: Joel Gallant <joel@joelgallant.me>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/67
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-Authored-By: joelgallant <joelgallant@noreply.gitea.io>
Co-Committed-By: joelgallant <joelgallant@noreply.gitea.io>
 2020-11-26 01:20:12 +08:00
techknowlogick
13e210c75f 2.0.5 v2.0.5 2020-11-25 23:29:59 +08:00