forked from lunny/helm-chart
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 luhahn
|
c49dc047a4 | ||
|
justusbunsi
|
6e841e6e26 | ||
|
luhahn
|
f0070ef64b | ||
|
techknowlogick
|
6b8b64f607 | ||
|
techknowlogick
|
6fa80222a6 |
+5
-4
@@ -9,7 +9,7 @@ platform:
|
||||
steps:
|
||||
- name: lint
|
||||
pull: always
|
||||
image: alpine:3.12
|
||||
image: alpine:3.13
|
||||
commands:
|
||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
||||
- helm lint
|
||||
@@ -42,21 +42,22 @@ trigger:
|
||||
steps:
|
||||
- name: generate-chart
|
||||
pull: always
|
||||
image: alpine:3.12
|
||||
image: alpine:3.13
|
||||
commands:
|
||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
||||
- apk add --no-cache curl
|
||||
- helm dependency update
|
||||
- helm package --version "${DRONE_TAG##v}" ./
|
||||
- mkdir gitea
|
||||
- mv gitea*.tgz gitea/
|
||||
- wget -O gitea/index.yaml https://dl.gitea.io/charts/index.yaml
|
||||
- curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml
|
||||
- helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
|
||||
|
||||
- name: upload-chart
|
||||
pull: always
|
||||
image: plugins/s3:latest
|
||||
settings:
|
||||
bucket: releases
|
||||
bucket: gitea-artifacts
|
||||
endpoint: https://storage.gitea.io
|
||||
path_style: true
|
||||
access_key:
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@ name: gitea
|
||||
description: Gitea Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 0.0.0
|
||||
appVersion: 1.14.1
|
||||
appVersion: 1.14.2
|
||||
icon: https://docs.gitea.io/images/gitea.png
|
||||
|
||||
keywords:
|
||||
|
||||
@@ -262,6 +262,25 @@ You cannot use `admin` as username.
|
||||
email: "gi@tea.com"
|
||||
```
|
||||
|
||||
You can also use an existing Secret to configure the admin user:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-admin-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
username: MyAwesomeGiteaAdmin
|
||||
password: AReallyAwesomeGiteaPassword
|
||||
```
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
admin:
|
||||
existingSecret: gitea-admin-secret
|
||||
```
|
||||
|
||||
### LDAP Settings
|
||||
|
||||
Like the admin user the LDAP settings can be updated, but also disabled or deleted.
|
||||
@@ -306,6 +325,26 @@ kebab-case:
|
||||
bind-password: JustAnotherBindPw
|
||||
username-attribute: CN
|
||||
```
|
||||
|
||||
You can also use an existing secret to set the bindDn and bindPassword:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-ldap-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com
|
||||
bindPassword: JustAnotherBindPw
|
||||
```
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
ldap:
|
||||
existingSecret: gitea-ldap-secret
|
||||
```
|
||||
|
||||
### OAuth2 Settings
|
||||
|
||||
Like the admin user the OAuth2 settings can be updated but also disabled or deleted.
|
||||
|
||||
+14
-2
@@ -108,9 +108,21 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.ldap_settings" -}}
|
||||
{{- if or (not (hasKey .Values.gitea.ldap "bindDn")) (not (hasKey .Values.gitea.ldap "bind-dn")) -}}
|
||||
{{- $_ := set .Values.gitea.ldap "bindDn" "" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if or (not (hasKey .Values.gitea.ldap "bindPassword")) (not (hasKey .Values.gitea.ldap "bind-password")) -}}
|
||||
{{- $_ := set .Values.gitea.ldap "bindPassword" "" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $key, $val := .Values.gitea.ldap -}}
|
||||
{{- if ne $key "enabled" -}}
|
||||
{{- if eq $key "port" -}}
|
||||
{{- if and (ne $key "enabled") (ne $key "existingSecret") -}}
|
||||
{{- if eq ($key | kebabcase) "bind-dn" -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_BIND_DN}" | quote ) -}}
|
||||
{{- else if eq ($key | kebabcase) "bind-password" -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}}
|
||||
{{- else if eq $key "port" -}}
|
||||
{{- printf "--%s %d " ($key | kebabcase) ($val | int) -}}
|
||||
{{- else -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
|
||||
|
||||
@@ -16,11 +16,18 @@ stringData:
|
||||
# END: initPreScript
|
||||
{{- end }}
|
||||
|
||||
{{- if not .Values.image.rootless }}
|
||||
chown 1000:1000 /data
|
||||
{{- end }}
|
||||
mkdir -p /data/git/.ssh
|
||||
chmod -R 700 /data/git/.ssh
|
||||
mkdir -p /data/gitea/conf
|
||||
|
||||
# prepare temp directory structure
|
||||
mkdir -p "${GITEA_TEMP}"
|
||||
chown 1000:1000 "${GITEA_TEMP}"
|
||||
chmod ug+rwx "${GITEA_TEMP}"
|
||||
|
||||
# Copy config file to writable volume
|
||||
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
|
||||
chmod a+rwx /data/gitea/conf/app.ini
|
||||
@@ -34,13 +41,13 @@ stringData:
|
||||
set -x; \
|
||||
gitea migrate; \
|
||||
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
|
||||
gitea admin create-user --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
gitea admin create-user --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
|| \
|
||||
gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} \
|
||||
gitea admin change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" \
|
||||
|| \
|
||||
gitea admin user create --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
gitea admin user create --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
|| \
|
||||
gitea admin user change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \
|
||||
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"; \
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.ldap.enabled }}
|
||||
gitea admin auth add-ldap \
|
||||
|
||||
@@ -48,12 +48,50 @@ spec:
|
||||
value: /data/gitea
|
||||
- name: GITEA_WORK_DIR
|
||||
value: /data
|
||||
- name: GITEA_TEMP
|
||||
value: /tmp/gitea
|
||||
{{- if .Values.gitea.ldap.existingSecret }}
|
||||
- name: GITEA_LDAP_BIND_DN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: bindDn
|
||||
name: {{ .Values.gitea.ldap.existingSecret }}
|
||||
- name: GITEA_LDAP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: bindPassword
|
||||
name: {{ .Values.gitea.ldap.existingSecret }}
|
||||
{{- else }}
|
||||
- name: GITEA_LDAP_BIND_DN
|
||||
value: {{ .Values.gitea.ldap.bindDn | quote }}
|
||||
- name: GITEA_ADMIN_PASSWORD
|
||||
value: {{ .Values.gitea.ldap.bindPassword | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.admin.existingSecret }}
|
||||
- name: GITEA_ADMIN_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: username
|
||||
name: {{ .Values.gitea.admin.existingSecret }}
|
||||
- name: GITEA_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: {{ .Values.gitea.admin.existingSecret }}
|
||||
{{- else }}
|
||||
- name: GITEA_ADMIN_USERNAME
|
||||
value: {{ .Values.gitea.admin.username | quote }}
|
||||
- name: GITEA_ADMIN_PASSWORD
|
||||
value: {{ .Values.gitea.admin.password | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.statefulset.env }}
|
||||
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: init
|
||||
mountPath: /usr/sbin
|
||||
- name: temp
|
||||
mountPath: /tmp
|
||||
- name: config
|
||||
mountPath: /etc/gitea/conf
|
||||
- name: data
|
||||
|
||||
@@ -127,6 +127,7 @@ initPreScript: ""
|
||||
|
||||
gitea:
|
||||
admin:
|
||||
#existingSecret: gitea-admin-secret
|
||||
username: gitea_admin
|
||||
password: r8sA8CPHD9!bt6d
|
||||
email: "gitea@local.domain"
|
||||
@@ -140,6 +141,7 @@ gitea:
|
||||
|
||||
ldap:
|
||||
enabled: false
|
||||
#existingSecret: gitea-ldap-secret
|
||||
#name:
|
||||
#securityProtocol:
|
||||
#host:
|
||||
|
||||
Reference in New Issue
Block a user