Update README with multiple LDAP Sources (#271 )

We did not mention the multiple LDAP Sources as a breaking change. Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/271 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net>
Improve support for gitea instances not running as root or uid 1000 (#266 )
2021-12-23 21:43:21 +08:00 · 2021-12-23 18:50:56 +08:00 · 2021-12-23 03:56:36 +08:00
6 changed files with 12 additions and 276 deletions
--- a/Chart.yaml
+++ b/Chart.yaml
@ -3,7 +3,7 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 1.15.4
+appVersion: 1.15.8
 icon: https://docs.gitea.io/images/gitea.png

 keywords:
@ -34,14 +34,6 @@ dependencies:
  repository: https://charts.bitnami.com/bitnami
  version: 5.9.0
  condition: memcached.enabled
- name: redis-cluster
-  repository: https://charts.bitnami.com/bitnami
-  version: 6.2.3
-  condition: redis-cluster.enabled
- name: redis
-  repository: https://charts.bitnami.com/bitnami
-  version: 14.6.6
-  condition: redis.enabled
 - name: mysql
  repository: https://charts.bitnami.com/bitnami
  version: 6.14.10
@ -50,10 +42,6 @@ dependencies:
  repository: https://charts.bitnami.com/bitnami
  version: 10.3.17
  condition: postgresql.enabled
- name: postgresql-ha
-  repository: https://charts.bitnami.com/bitnami
-  version: 7.7.3
-  condition: postgresql-ha.enabled
 - name: mariadb
  repository: https://charts.bitnami.com/bitnami
  version: 9.3.6
--- a/README.md
+++ b/README.md
@ -109,12 +109,13 @@ gitea:
  podAnnotations: {}
 ```

-### Multiple OAuth authentication sources
+### Multiple OAuth and LDAP authentication sources

 With `5.0.0` of this Chart it is now possible to configure Gitea with multiple
-OAuth sources. As a result, you need to update an existing OAuth configuration
+OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration
 in your customized `values.yaml` by replacing the object with settings to a list
-of settings objects. See [OAuth2 Settings](#oauth-settings) section for details.
+of settings objects. See [OAuth2 Settings](#oauth-settings) and
+[LDAP Settings](#ldap-settings) section for details.

 ## Chart upgrade from 3.x.x to 4.0.0

@ -213,73 +214,6 @@ signing:
  gpgHome: /data/git/.gnupg
 ```

-## Gitea - HA
-
-With Version 4.1.x the helm chart supports Gitea running in HA(High Availability)
-mode. To run Gitea in HA you'll need to set a few values in order to run successfully.
-
-### Redis
-
-HA requires a Queue to run, we're going to use redis as default for this.
-
-```yaml
-redis:
-  enabled: true
-```
-
-You can also run Redis in HA mode:
-
-```yaml
-redis-cluster:
-  enabled: true
-```
-
-Both variants can be found at [Bitnami](https://github.com/bitnami/charts).
-
-Once redis is enabled, the chart will automatically configure Gitea to run with
-redis queue, indexer and session. Running with Redis already provides a sticky
-session, which saves you the trouble from configuring your ingress running with
-a sticky session.
-The following values are autogenerated.
-However you can overwrite any setting in the config section of the chart.
-
-```bash
-[session]
-PROVIDER        = redis
-PROVIDER_CONFIG = redis://:gitea@gitea-redis-master.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s
-
-[queue]
-CONN_STR = redis://:gitea@gitea-redis-master.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s
-TYPE     = redis
-
-[queue.issue_indexer]
-TYPE = redis
-```
-
-### Persistence
-
-When running in HA you cannot use the default persistence for the chart.
-You'll need to setup an extra PVC running with access mode "RWX" - "ReadWriteMany".
-Otherwise the chart will create a PVC for every replica.
-
-```yaml
-persistence:
-  enabled: true
-  existingClaim: rwx-pvc-gitea
-```
-
-### PostgreSQL
-
-You can also run PostgreSQL in HA mode also provided by
-[Bitnami](https://github.com/bitnami/charts).
-:warning: Please disable the default PostgreSQL version,
-when you enabled the HA PostgreSQL.
-
-```yaml
-postgresql-ha:
-  enabled: true
-```
-
 ## Examples

 ### Gitea Configuration
@ -749,7 +683,7 @@ gitea:
 | Parameter          | Description                                                                               | Default       |
 | ------------------ | ----------------------------------------------------------------------------------------- | ------------- |
 | `image.repository` | Image to start for this pod                                                               | `gitea/gitea` |
-| `image.tag`        | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated)       | `1.14.6`      |
+| `image.tag`        | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated)       | `1.15.8`      |
 | `image.pullPolicy` | Image pull policy                                                                         | `Always`      |
 | `image.rootless`   | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false`       |

@ -858,40 +792,6 @@ Configure Liveness, Readiness and Startup
 | `gitea.startupProbe.successThreshold`      | Minimum consecutive success probes                                   | `1`     |
 | `gitea.startupProbe.failureThreshold`      | Minimum consecutive error probes                                     | `10`    |

-### Redis BuiltIn
-
-Redis is loaded as a dependency from
-[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis)
-if enabled in the values. Complete Configuration can be taken from their website.
-
-The following parameters are the defaults set by this chart
-
-| Parameter                  | Description                                      | Default                      |
-|----------------------------|--------------------------------------------------|------------------------------|
-|redis.enabled               | Enable or disable redis                          | `false`                      |
-|redis.global.redis.password | Redis default password                           | `gitea`                      |
-|redis.auth.password         | Redis default password needed for chart upgrades | `gitea`                      |
-| redis.master.service.port  | Redis default port                               | `6379`                       |
-| redis.replica.replicaCount | Redis replicaCount                               | `2`                          |
-
-### Redis-Cluster BuiltIn
-
-Redis-Cluster is loaded as a dependency from
-[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster)
-if enabled in the values. Complete Configuration can be taken from their website.
-
-The following parameters are the defaults set by this chart
-
-| Parameter                          | Description                                      | Default   |
-|------------------------------------|--------------------------------------------------|-----------|
-|redis-cluster.enabled               | Enable or disable redis-cluster                  | `false`   |
-|redis-cluster.global.redis.password | Redis default password                           | `gitea`   |
-|redis-cluster.password              | Redis default password                           | `gitea`   |
-|redis.auth.password                 | Redis default password needed for chart upgrades | `gitea`   |
-| redis-cluster.service.port         | Redis default port                               | `6379`    |
-| redis-cluster.cluster.nodes        | Redis nodes                                      | `6`       |
-| redis-cluster.cluster.replicas     | Redis replicas                                   | `1`       |
-
 ### Memcached BuiltIn

 Memcached is loaded as a dependency from
@ -940,29 +840,6 @@ The following parameters are the defaults set by this chart
 | `postgresql.persistence.size`                     | PVC Storage Request for PostgreSQL volume                | `10Gi`  |
 | `postgresql.enabled`                              | Enable PostgreSQL dependency                             | `true`  |

-### PostgreSQL-HA BuiltIn
-
-PostgreSQL-HA is loaded as a dependency from Bitnami. The chart configuration
-can be found in this
-[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) repository.
-
-The following parameters are the defaults set by this chart
-
-| Parameter                                       | Description                               | Default   |
-|-------------------------------------------------|-------------------------------------------|-----------|
-|`postgresql-ha.enabled`                          | Enable or disable PostgreSQL-HA           | `false`   |
-|`postgresql-ha.postgresql.password`              | PostgreSQL password                       | `gitea`   |
-|`postgresql-ha.postgresql.repmgrPassword`        | PostgreSQL repmgr password                | `gitea`   |
-|`postgresql-ha.pgpool.adminPassword`             | PostgreSQL pgpool password                | `gitea`   |
-|`postgresql-ha.global.postgresql.username`       | PostgreSQL username                       | `gitea`   |
-|`postgresql-ha.global.postgresql.password`       | PostgreSQL admin password                 | `gitea`   |
-|`postgresql-ha.global.postgresql.database`       | PostgreSQL default database               | `gitea`   |
-|`postgresql-ha.global.postgresql.repmgrPassword` | PostgreSQL repmgr password                | `gitea`   |
-|`postgresql-ha.global.postgresql.repmgrUsername` | PostgreSQL repmgr username                | `gitea`   |
-|`postgresql-ha.global.postgresql.repmgrDatabase` | PostgreSQL repmgr default database        | `gitea`   |
-|`postgresql-ha.service.port`                     | PostgreSQL port                           | `5432`    |
-|`postgresql-ha.persistence.size`                 | PVC Storage Request for PostgreSQL volume | `10Gi`    |
-
 ### MariaDB BuiltIn

 MariaDB is loaded as a dependency from bitnami. Configuration can be found in
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -66,8 +66,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- define "db.servicename" -}}
 {{- if .Values.postgresql.enabled -}}
 {{- printf "%s-postgresql" .Release.Name -}}
-{{- else if (index .Values "postgresql-ha").enabled -}}
-{{- printf "%s-postgresql-ha-pgpool" .Release.Name -}}
 {{- else if .Values.mysql.enabled -}}
 {{- printf "%s-mysql" .Release.Name -}}
 {{- else if .Values.mariadb.enabled -}}
@ -81,8 +79,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- define "db.port" -}}
 {{- if .Values.postgresql.enabled -}}
 {{ .Values.postgresql.global.postgresql.servicePort }}
-{{- else if (index .Values "postgresql-ha").enabled -}}
-{{ (index .Values "postgresql-ha").service.port }}
 {{- else if .Values.mysql.enabled -}}
 {{ .Values.mysql.service.port }}
 {{- else if .Values.mariadb.enabled -}}
@ -92,11 +88,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}

 {{- define "postgresql.dns" -}}
-{{- if .Values.postgresql.enabled -}}
 {{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}}
-{{- else if (index .Values "postgresql-ha").enabled -}}
-{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha").service.port -}}
-{{- end -}}
 {{- end -}}

 {{- define "mysql.dns" -}}
@ -111,30 +103,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

-{{- define "redis.dns" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.port -}}
-{{- else if .Values.redis.enabled -}}
-{{- printf "redis://:%s@%s-redis-master.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s" .Values.redis.global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain .Values.redis.master.service.port -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "redis.port" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{ (index .Values "redis-cluster").service.port }}
-{{- else if .Values.redis.enabled -}}
-{{ .Values.redis.master.service.port }}
-{{- end -}}
-{{- end -}}
-
-{{- define "redis.servicename" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
-{{- else if .Values.redis.enabled -}}
-{{- printf "%s-redis-master.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
-{{- end -}}
-{{- end -}}
-
 {{- define "gitea.default_domain" -}}
 {{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
@ -239,18 +207,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
  {{- if not (hasKey .Values.gitea.config "oauth2") -}}
    {{- $_ := set .Values.gitea.config "oauth2" dict -}}
  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "session") -}}
-    {{- $_ := set .Values.gitea.config "session" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "queue") -}}
-    {{- $_ := set .Values.gitea.config "queue" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "queue.issue_indexer") -}}
-    {{- $_ := set .Values.gitea.config "queue.issue_indexer" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "indexer") -}}
-    {{- $_ := set .Values.gitea.config "indexer" dict -}}
-  {{- end -}}
 {{- end -}}

 {{- define "gitea.inline_configuration.defaults" -}}
@ -266,24 +222,13 @@ app.kubernetes.io/instance: {{ .Release.Name }}
  {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
    {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
  {{- end -}}
-  {{- if or .Values.memcached.enabled (index .Values "redis-cluster").enabled .Values.redis.enabled -}}
+  {{- if .Values.memcached.enabled -}}
    {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
-    {{- $_ := set .Values.gitea.config.cache "ADAPTER" (ternary "memcache" "redis" .Values.memcached.enabled) -}}
+    {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
    {{- if not (.Values.gitea.config.cache.HOST) -}}
-      {{- $_ := set .Values.gitea.config.cache "HOST" (ternary (include "memcached.dns" .) (include "redis.dns" .) .Values.memcached.enabled) -}}
+      {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
    {{- end -}}
  {{- end -}}
-  {{- /* redis queue */ -}}
-  {{- if or (index .Values "redis-cluster").enabled  .Values.redis.enabled -}}
-    {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
-    {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
-    {{- $_ := set (index .Values.gitea.config "queue.issue_indexer") "TYPE" "redis" -}}
-  {{- end -}}
-  {{- /* multiple replicas */ -}}
-  {{- if gt .Values.replicaCount 1.0 -}}
-    {{- $_ := set .Values.gitea.config.session  "PROVIDER" "redis" -}}
-    {{- $_ := set .Values.gitea.config.session  "PROVIDER_CONFIG" (include "redis.dns" .) -}}
-  {{- end -}}
 {{- end -}}

 {{- define "gitea.inline_configuration.defaults.server" -}}
@ -346,14 +291,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.postgresqlDatabase -}}
    {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.postgresqlUsername -}}
    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.postgresqlPassword -}}
-  {{- else if (index .Values "postgresql-ha").enabled -}}
-    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
-    {{- if not (.Values.gitea.config.database.HOST) -}}
-      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
-    {{- end -}}
-    {{- $_ := set .Values.gitea.config.database "NAME"      (index .Values "postgresql-ha").global.postgresql.database -}}
-    {{- $_ := set .Values.gitea.config.database "USER"      (index .Values "postgresql-ha").global.postgresql.username -}}
-    {{- $_ := set .Values.gitea.config.database "PASSWD"    (index .Values "postgresql-ha").global.postgresql.password -}}
  {{- else if .Values.mysql.enabled -}}
    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "mysql" -}}
    {{- if not (.Values.gitea.config.database.HOST) -}}
--- a/templates/gitea/config.yaml
+++ b/templates/gitea/config.yaml
@ -125,4 +125,3 @@ stringData:
    fi

    environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
-    
--- a/templates/gitea/init.yaml
+++ b/templates/gitea/init.yaml
@ -30,7 +30,9 @@ stringData:

    # prepare temp directory structure
    mkdir -p "${GITEA_TEMP}"
+    {{- if not .Values.image.rootless }}
    chown 1000:1000 "${GITEA_TEMP}"
+    {{- end }}
    chmod ug+rwx "${GITEA_TEMP}"

  configure_gitea.sh: |-
@ -60,27 +62,6 @@ stringData:
    test_db_connection
    {{- end }}

-    {{- if include "redis.servicename" . }}
-    function test_redis_connection() {
-      local RETRY=0
-      local MAX=30
-      
-      echo 'Wait for redis to become avialable...'
-      until [ "${RETRY}" -ge "${MAX}" ]; do
-        nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break
-        RETRY=$[${RETRY}+1]
-        echo "...not ready yet (${RETRY}/${MAX})"
-      done
-
-      if [ "${RETRY}" -ge "${MAX}" ]; then
-        echo "Redis not reachable after '${MAX}' attempts!"
-        exit 1
-      fi
-    }
-
-    test_redis_connection
-    {{- end }}
-
    echo '==== BEGIN GITEA CONFIGURATION ===='

    gitea migrate
--- a/values.yaml
+++ b/values.yaml
@ -8,7 +8,7 @@ clusterDomain: cluster.local

 image:
  repository: gitea/gitea
-  tag: 1.15.4
+  tag: 1.15.8
  pullPolicy: Always
  rootless: false # only possible when running 1.14 or later

@ -123,7 +123,6 @@ persistence:
  # storageClass:
  # subPath:

-
 # additional volumes to add to the Gitea statefulset.
 extraVolumes:
 # - name: postgres-ssl-vol
@ -249,31 +248,6 @@ memcached:
  service:
    port: 11211

-redis:
-  enabled: false
-  global:
-    redis:
-      password: gitea
-  auth:
-    password: gitea
-  master:
-    service:
-      port: 6379
-  replica:
-    replicaCount: 2
-
-redis-cluster:
-  enabled: false
-  password: gitea
-  global:
-    redis:
-      password: gitea
-  cluster:
-    nodes: 6
-    replicas: 1
-  service:
-    port: 6379
-
 postgresql:
  enabled: true
  global:
@ -285,26 +259,6 @@ postgresql:
  persistence:
    size: 10Gi

-postgresql-ha:
-  enabled: false
-  postgresql:
-    password: gitea
-    repmgrPassword: gitea
-  pgpool:
-    adminPassword: gitea
-  global:
-    postgresql:
-      database: gitea
-      username: gitea
-      password: gitea
-      repmgrPassword: postgresql
-      repmgrUsername: postgresql
-      repmgrDatabase: repr
-  service:
-    port: 5432
-  persistence:
-    size: 10Gi
-
 mysql:
  enabled: false
  root: