Update default params of chart dependencies (#473)

### Description of the change

Update default params of chart dependencies. Tested with multiple upgrades and fresh installations.
Using no password auth for redis simplifies things for basic installations. Production installations should properly configure auth as they need it.

### Benefits

To avoid/solve upgrading issues as in #407 and #472

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/473
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>

CONTRIBUTING.md

@@ -67,4 +67,4 @@ See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v
 
 1. Create a tag following the tagging schema
 1. Push the tag
-1. Let CI do it's work
+1. Let CI do it's work

README.md

@@ -742,22 +742,23 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na
 
 ### Persistence
 
-| Name                         | Description                                                                                           | Value                  |
-| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- |
-| `persistence.enabled`        | Enable persistent storage                                                                             | `true`                 |
-| `persistence.create`         | Whether to create the persistentVolumeClaim for shared storage                                        | `true`                 |
-| `persistence.mount`          | Whether the persistentVolumeClaim should be mounted (even if not created)                             | `true`                 |
-| `persistence.claimName`      | Use an existing claim to store repository information                                                 | `gitea-shared-storage` |
-| `persistence.size`           | Size for persistence to store repo information                                                        | `10Gi`                 |
-| `persistence.accessModes`    | AccessMode for persistence                                                                            | `["ReadWriteOnce"]`    |
-| `persistence.labels`         | Labels for the persistence volume claim to be created                                                 | `{}`                   |
-| `persistence.annotations`    | Annotations for the persistence volume claim to be created                                            | `{}`                   |
-| `persistence.storageClass`   | Name of the storage class to use                                                                      | `nil`                  |
-| `persistence.subPath`        | Subdirectory of the volume to mount at                                                                | `nil`                  |
-| `extraVolumes`               | Additional volumes to mount to the Gitea deployment                                                   | `[]`                   |
-| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]`                   |
-| `extraInitVolumeMounts`      | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.    | `[]`                   |
-| `extraVolumeMounts`          | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container              | `[]`                   |
+| Name                                              | Description                                                                                           | Value                  |
+| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- |
+| `persistence.enabled`                             | Enable persistent storage                                                                             | `true`                 |
+| `persistence.create`                              | Whether to create the persistentVolumeClaim for shared storage                                        | `true`                 |
+| `persistence.mount`                               | Whether the persistentVolumeClaim should be mounted (even if not created)                             | `true`                 |
+| `persistence.claimName`                           | Use an existing claim to store repository information                                                 | `gitea-shared-storage` |
+| `persistence.size`                                | Size for persistence to store repo information                                                        | `10Gi`                 |
+| `persistence.accessModes`                         | AccessMode for persistence                                                                            | `["ReadWriteOnce"]`    |
+| `persistence.labels`                              | Labels for the persistence volume claim to be created                                                 | `{}`                   |
+| `persistence.annotations.helm.sh/resource-policy` | Resource policy for the persistence volume claim                                                      | `keep`                 |
+| `persistence.storageClass`                        | Name of the storage class to use                                                                      | `nil`                  |
+| `persistence.subPath`                             | Subdirectory of the volume to mount at                                                                | `nil`                  |
+| `persistence.volumeName`                          | Name of persistent volume in PVC                                                                      | `""`                   |
+| `extraVolumes`                                    | Additional volumes to mount to the Gitea deployment                                                   | `[]`                   |
+| `extraContainerVolumeMounts`                      | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]`                   |
+| `extraInitVolumeMounts`                           | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.    | `[]`                   |
+| `extraVolumeMounts`                               | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container              | `[]`                   |
 
 ### Init
 
@@ -834,21 +835,24 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na
 
 ### redis-cluster
 
-| Name                                  | Description                                          | Value   |
-| ------------------------------------- | ---------------------------------------------------- | ------- |
-| `redis-cluster.enabled`               | Enable redis                                         | `true`  |
-| `redis-cluster.global.redis.password` | Password for the "Gitea" user (overrides `password`) | `gitea` |
+| Name                        | Description                            | Value   |
+| --------------------------- | -------------------------------------- | ------- |
+| `redis-cluster.enabled`     | Enable redis                           | `true`  |
+| `redis-cluster.usePassword` | Whether to use password authentication | `false` |
 
 ### PostgreSQL-ha
 
-| Name                                                             | Description                                                          | Value   |
-| ---------------------------------------------------------------- | -------------------------------------------------------------------- | ------- |
-| `postgresql-ha.enabled`                                          | Enable PostgreSQL-ha                                                 | `true`  |
-| `postgresql-ha.global.postgresql-ha.auth.password`               | Password for the `gitea` user (overrides `auth.password`)            | `gitea` |
-| `postgresql-ha.global.postgresql-ha.auth.database`               | Name for a custom database to create (overrides `auth.database`)     | `gitea` |
-| `postgresql-ha.global.postgresql-ha.auth.username`               | Name for a custom user to create (overrides `auth.username`)         | `gitea` |
-| `postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha` | PostgreSQL-ha service port (overrides `service.ports.postgresql-ha`) | `5432`  |
-| `postgresql-ha.primary.persistence.size`                         | PVC Storage Request for PostgreSQL-ha volume                         | `10Gi`  |
+| Name                                        | Description                                                      | Value       |
+| ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
+| `postgresql-ha.enabled`                     | Enable PostgreSQL-ha                                             | `true`      |
+| `postgresql-ha.postgresql.password`         | Password for the `gitea` user (overrides `auth.password`)        | `changeme4` |
+| `postgresql-ha.global.postgresql.database`  | Name for a custom database to create (overrides `auth.database`) | `gitea`     |
+| `postgresql-ha.global.postgresql.username`  | Name for a custom user to create (overrides `auth.username`)     | `gitea`     |
+| `postgresql-ha.postgresql.repmgrPassword`   | Repmgr Password                                                  | `changeme2` |
+| `postgresql-ha.postgresql.postgresPassword` | postgres Password                                                | `changeme1` |
+| `postgresql-ha.pgpool.adminPassword`        | pgpool adminPassword                                             | `changeme3` |
+| `postgresql-ha.service.ports.postgresql`    | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`      |
+| `postgresql-ha.primary.persistence.size`    | PVC Storage Request for PostgreSQL-ha volume                     | `10Gi`      |
 
 ### PostgreSQL
 
@@ -926,8 +930,24 @@ The first item here (`<memcache service name>`) will be different compared to th
 The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time.
 The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default.
 
-<!-- markdownlint-disable-next-line -->
+If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly:
 
+```yaml
+    session:
+      PROVIDER: redis-cluster
+      PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+      
+    cache:
+      ENABLED: true
+      ADAPTER: redis-cluster
+      HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+      
+    queue:
+      TYPE: redis
+      CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+```
+
+<!-- markdownlint-disable-next-line -->
 **Transitioning from a RWO to RWX Persistent Volume**
 
 If you want to switch to a RWX volume and go for HA, you need to
@@ -937,7 +957,6 @@ If you want to switch to a RWX volume and go for HA, you need to
 3. Restore the backup to the same location in the new PV
 
 <!-- markdownlint-disable-next-line -->
-
 **Transitioning from Postgres to Postgres HA**
 
 If you are running with a non-HA PG DB from a previous chart release, you need to set
@@ -948,7 +967,6 @@ If you are running with a non-HA PG DB from a previous chart release, you need t
 This is needed to stay with your existing single-instance DB (as the HA-variant is the new default).
 
 <!-- markdownlint-disable-next-line -->
-
 **Change of env-to-ini prefix**
 
 Before this release, the env-to-ini prefix was `ENV_TO_INI__`.

templates/_helpers.tpl

@@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
 {{- define "postgresql.dns" -}}
-{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
+{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
 {{- end -}}
 
 {{- define "redis.dns" -}}
@@ -274,7 +274,7 @@ https
   {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
     {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
   {{- end -}}
- {{- if (index .Values "redis-cluster").enabled -}}
+  {{- if (index .Values "redis-cluster").enabled -}}
     {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
     {{- if not (.Values.gitea.config.cache.HOST) -}}
@@ -286,18 +286,15 @@ https
     {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
     {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
   {{- end -}}
-  {{- /* multiple replicas */ -}}
-  {{- if gt .Values.replicaCount 1.0 -}}
-    {{- if not (get .Values.gitea.config.session "PROVIDER") -}}
+  {{- if not (get .Values.gitea.config.session "PROVIDER") -}}
     {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
-    {{- end -}}
-    {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
+  {{- end -}}
+  {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
     {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
-    {{- end -}}
+  {{- end -}}
   {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
      {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
   {{- end -}}
-  {{- end -}}
 {{- end -}}
 
 {{- define "gitea.inline_configuration.defaults.server" -}}
@@ -344,14 +341,14 @@ https
 {{- end -}}
 
 {{- define "gitea.inline_configuration.defaults.database" -}}
-  {{- if .Values.postgresql.enabled -}}
+  {{- if (index .Values "postgresql-ha" "enabled") -}}
     {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
     {{- if not (.Values.gitea.config.database.HOST) -}}
       {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
     {{- end -}}
-    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.auth.database -}}
-    {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.auth.username -}}
-    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.auth.password -}}
+    {{- $_ := set .Values.gitea.config.database "NAME"      (index .Values "postgresql-ha" "global" "postgresql" "database") -}}
+    {{- $_ := set .Values.gitea.config.database "USER"      (index .Values "postgresql-ha" "global" "postgresql" "username") -}}
+    {{- $_ := set .Values.gitea.config.database "PASSWD"    (index .Values "postgresql-ha" "global" "postgresql" "password") -}}
   {{- end -}}
 {{- end -}}
 

templates/gitea/deployment.yaml

@@ -23,7 +23,6 @@ spec:
       {{- if .Values.deployment.labels }}
       {{- toYaml .Values.deployment.labels | nindent 6 }}
       {{- end }}
-  serviceName: {{ include "gitea.fullname" . }}
   template:
     metadata:
       annotations:

templates/gitea/pvc.yaml

@@ -17,7 +17,9 @@ spec:
   {{- if .Values.persistence.storageClass }}
   storageClassName: {{ .Values.persistence.storageClass }}
   {{- end }}
-  volumeName: ""
+  {{- with .Values.persistence.volumeName }}
+  volumeName: {{ . }}
+  {{- end }}
   resources:
     requests:
       storage: {{ .Values.persistence.size }}

values.yaml

@@ -249,9 +249,10 @@ serviceAccount:
 ## @param persistence.size Size for persistence to store repo information
 ## @param persistence.accessModes AccessMode for persistence
 ## @param persistence.labels Labels for the persistence volume claim to be created
-## @param persistence.annotations Annotations for the persistence volume claim to be created
+## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim
 ## @param persistence.storageClass Name of the storage class to use
 ## @param persistence.subPath Subdirectory of the volume to mount at
+## @param persistence.volumeName Name of persistent volume in PVC
 persistence:
   enabled: true
   create: true
@@ -261,9 +262,11 @@ persistence:
   accessModes:
     - ReadWriteOnce
   labels: {}
-  annotations: {}
   storageClass:
   subPath:
+  volumeName: ""
+  annotations:
+    helm.sh/resource-policy: keep
 
 ## @param extraVolumes Additional volumes to mount to the Gitea deployment
 extraVolumes: []
@@ -471,32 +474,37 @@ gitea:
 
 ## @section redis-cluster
 ## @param redis-cluster.enabled Enable redis
-## @param redis-cluster.global.redis.password Password for the "gitea" user (overrides `password`)
+## @param redis-cluster.usePassword Whether to use password authentication
 redis-cluster:
   enabled: true
-  global:
-    redis:
-      password: gitea
+  usePassword: false
 
 ## @section postgresql-ha
 #
 ## @param postgresql-ha.enabled Enable postgresql-ha
-## @param postgresql-ha.global.postgresql-ha.auth.password Password for the `gitea` user (overrides `auth.password`)
-## @param postgresql-ha.global.postgresql-ha.auth.database Name for a custom database to create (overrides `auth.database`)
-## @param postgresql-ha.global.postgresql-ha.auth.username Name for a custom user to create (overrides `auth.username`)
-## @param postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha postgresql-ha service port (overrides `service.ports.postgresql-ha`)
+## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
+## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
+## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
+## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
+## @param postgresql-ha.postgresql.postgresPassword postgres Password
+## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
+## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`)
 ## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume
 postgresql-ha:
-  enabled: true
   global:
-    postgresql-ha:
-      auth:
-        password: gitea
-        database: gitea
-        username: gitea
-      service:
-        ports:
-          postgresql-ha: 5432
+    postgresql:
+      database: gitea
+      username: gitea
+  enabled: true
+  postgresql:
+    repmgrPassword: changeme2
+    postgresPassword: changeme1
+    password: changeme4
+  pgpool:
+    adminPassword: changeme3
+  service:
+    ports:
+      postgresql: 5432
   primary:
     persistence:
       size: 10Gi