Use postgres v9.7.2 helm chart (#36)

Merge branch 'master' into postgres-version

Use postgres v9.7.2 helm chart

Co-authored-by: Matti R <matti@mdranta.net>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/36
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>

.drone.yml

@@ -4,19 +4,19 @@ name: lint
 
 platform:
   os: linux
-  arch: amd64
+  arch: arm64
 
 steps:
 - name: lint
   pull: always
-  image: pelotech/drone-helm3
+  image: alpine:3.12
-  settings:
+  commands:
-    helm_command: lint
+    - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-    chart: ./
+    - helm lint
 
 - name: discord
   pull: always
-  image: appleboy/drone-discord:1.0.0
+  image: appleboy/drone-discord:1.2.4
   environment:
     DISCORD_WEBHOOK_ID:
       from_secret: discord_webhook_id
@@ -44,8 +44,7 @@ steps:
     pull: default
     image: alpine:3.12
     commands:
-      - wget -q https://get.helm.sh/helm-v3.3.1-linux-arm64.tar.gz -O - | tar -xzO linux-arm64/helm > /usr/local/bin/helm
+      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-      - chmod +x /usr/local/bin/helm
       - helm dependency update
       - helm package ./
       - mkdir gitea

Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
-version: 1.4.3
+version: 1.5.3
-appVersion: 1.12.3
+appVersion: 1.12.4
 icon: https://docs.gitea.io/images/gitea.png
 
 keywords:
@@ -33,9 +33,13 @@ dependencies:
   condition: gitea.cache.builtIn.enabled
 - name: mysql
   repository: https://charts.bitnami.com/bitnami
-  version: 6.14.8
+  version: 6.14.10
   condition: gitea.database.builtIn.mysql.enabled
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami
-  version: 8.6.4
+  version: 9.7.2
   condition: gitea.database.builtIn.postgresql.enabled
+- name: mariadb
+  repository: https://charts.bitnami.com/bitnami
+  version: 7.10.2
+  condition: gitea.database.builtIn.mariadb.enabled

README.md

@@ -175,6 +175,15 @@ Like the admin user the ldap settings can be updated but also disabled or delete
       usernameAttribute: CN
 ```
 
+### Pod Annotations
+
+Annotations can be added to the Gitea pod.
+
+```yaml
+  gitea:
+    podAnnotations: {}
+```
+
 ## Configuration
 
 ### Others
@@ -182,6 +191,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |statefulset.terminationGracePeriodSeconds| Image to start for this pod | gitea/gitea |
+|statefulset.env           | Additional environment variables to pass to containers | [] |
 
 
 ### Image
@@ -189,7 +199,7 @@ Like the admin user the ldap settings can be updated but also disabled or delete
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |image.repository| Image to start for this pod | gitea/gitea |
-|image.version| Image Version | 1.12.2 |
+|image.version| Image Version | 1.12.4 |
 |image.pullPolicy| Image pull policy | Always |
 
 ### Persistence

templates/NOTES.txt

@@ -13,7 +13,6 @@
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gitea.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.http.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gitea.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
+  kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
 {{- end }}

templates/_helpers.tpl

@@ -51,15 +51,13 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
-{{- define "postgresql.dns" -}}
-{{- printf "%s-postgresql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.postgresql.global.postgresql.servicePort -}}
-{{- end -}}
-
 {{- define "db.servicename" -}}
 {{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
 {{- printf "%s-postgresql" .Release.Name -}}
 {{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
 {{- printf "%s-mysql" .Release.Name -}}
+{{- else if .Values.gitea.database.builtIn.mariadb.enabled -}}
+{{- printf "%s-mariadb" .Release.Name -}}
 {{- else -}}
 {{- $parts := split ":" .Values.gitea.config.database.HOST -}}
 {{- printf "%s %s" $parts._0 $parts._1 -}}
@@ -71,14 +69,24 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{ .Values.postgresql.global.postgresql.servicePort }}
 {{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
 {{ .Values.mysql.service.port }}
+{{- else if .Values.gitea.database.builtIn.mariadb.enabled -}}
+{{ .Values.mariadb.service.port }}
 {{- else -}}
 {{- end -}}
 {{- end -}}
 
+{{- define "postgresql.dns" -}}
+{{- printf "%s-postgresql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.postgresql.global.postgresql.servicePort -}}
+{{- end -}}
+
 {{- define "mysql.dns" -}}
 {{- printf "%s-mysql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{- define "mariadb.dns" -}}
+{{- printf "%s-mariadb.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{- define "memcached.dns" -}}
 {{- printf "%s-memcached.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

templates/gitea/config.yaml

@@ -1,10 +1,11 @@
 apiVersion: v1
-kind: ConfigMap
+kind: Secret
 metadata:
   name: {{ include "gitea.fullname" . }}
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
-data:
+type: Opaque
+stringData:
   app.ini: |-
     {{- if not (hasKey .Values.gitea.config "cache") -}}
     {{- $_ := set .Values.gitea.config "cache" dict -}}
@@ -65,24 +66,38 @@ data:
     {{- /* database default settings */ -}}
     {{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
     {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}} 
+    {{- if not (.Values.gitea.config.database.HOST) -}}
     {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
+    {{- end -}}
     {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.postgresqlDatabase -}}
     {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.postgresqlUsername -}}
     {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.postgresqlPassword -}}
     {{ else if .Values.gitea.database.builtIn.mysql.enabled -}}
     {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "mysql" -}} 
+    {{- if not (.Values.gitea.config.database.HOST) -}}
     {{- $_ := set .Values.gitea.config.database "HOST"      (include "mysql.dns" .) -}}
+    {{- end -}}
     {{- $_ := set .Values.gitea.config.database "NAME"      .Values.mysql.db.name -}}
     {{- $_ := set .Values.gitea.config.database "USER"      .Values.mysql.db.user -}}
     {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.mysql.db.password -}}
+    {{ else if .Values.gitea.database.builtIn.mariadb.enabled -}}
+    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "mysql" -}}
+    {{- if not (.Values.gitea.config.database.HOST) -}}
+    {{- $_ := set .Values.gitea.config.database "HOST"      (include "mariadb.dns" .) -}}
+    {{- end -}}
+    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.mariadb.db.name -}}
+    {{- $_ := set .Values.gitea.config.database "USER"      .Values.mariadb.db.user -}}
+    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.mariadb.db.password -}}
     {{- end -}}
 
     {{- /* cache default settings */ -}}
     {{- if .Values.gitea.cache.builtIn.enabled -}}
     {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
     {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
+    {{- if not (.Values.gitea.config.cache.HOST) -}}
     {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
     {{- end -}}
+    {{- end -}}
     
     {{- /* autogenerate app.ini */ -}}
     {{- range $key, $value := .Values.gitea.config  }}

templates/gitea/init.yaml

@@ -0,0 +1,57 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "gitea.fullname" . }}-init
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  init_gitea.sh: |-
+    #!/bin/bash
+    mkdir -p /data/git/.ssh
+    chmod -R 700 /data/git/.ssh
+    mkdir -p /data/gitea/conf
+    cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
+    chmod a+rwx /data/gitea/conf/app.ini
+    nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
+    su git -c ' \
+    set -x; \
+    gitea migrate; \
+    {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
+    gitea admin create-user --username  {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \
+    || \
+    gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
+    {{- end }}
+    {{- if .Values.gitea.ldap.enabled }}
+    gitea admin auth add-ldap \
+    --name {{ .Values.gitea.ldap.name | quote }} \
+    --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
+    --host {{ .Values.gitea.ldap.host | quote }} \
+    --port {{ .Values.gitea.ldap.port | int}} \
+    --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
+    --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
+    --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
+    --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
+    --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
+    --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
+    --synchronize-users \
+    --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
+    || \
+    ( \
+      export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " "  "{print \$1}"); \
+      gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
+      --name {{ .Values.gitea.ldap.name | quote }} \
+      --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
+      --host {{ .Values.gitea.ldap.host | quote }} \
+      --port {{ .Values.gitea.ldap.port | int}} \
+      --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
+      --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
+      --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
+      --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
+      --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
+      --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
+      --synchronize-users \
+      --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
+    ) \
+    {{- end }}
+    '

templates/gitea/ssh-svc.yaml

@@ -11,7 +11,7 @@ spec:
   {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
   loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
   {{- end }}
-  {{- if ne .Values.service.ssh.type "LoadBalancer" }}
+  {{- if eq .Values.service.ssh.type "ClusterIP" }}
   clusterIP: None
   {{- end }}
   {{- if .Values.service.ssh.externalIPs }}

templates/gitea/statefulset.yaml

@@ -14,6 +14,9 @@ spec:
     metadata:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
+        {{- with .Values.gitea.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
       labels:
         {{- include "gitea.selectorLabels" . | nindent 8 }}
     spec:
@@ -22,56 +25,10 @@ spec:
       initContainers:
         - name: init
           image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
-          env:
+          command: ["/usr/sbin/init_gitea.sh"]
-            - name: SCRIPT
-              value: &script |-
-                mkdir -p /data/gitea/conf
-                cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
-                chmod a+rwx /data/gitea/conf/app.ini
-                nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
-                su git -c ' \
-                set -x; \
-                gitea migrate; \
-                {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
-                gitea admin create-user --username  {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \
-                || \
-                gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
-                {{- end }}
-                {{- if .Values.gitea.ldap.enabled }}
-                gitea admin auth add-ldap \
-                --name {{ .Values.gitea.ldap.name | quote }} \
-                --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
-                --host {{ .Values.gitea.ldap.host | quote }} \
-                --port {{ .Values.gitea.ldap.port | int}} \
-                --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
-                --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
-                --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
-                --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
-                --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
-                --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
-                --synchronize-users \
-                --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
-                || \
-                ( \
-                  export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " "  "{print \$1}"); \
-                  gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
-                  --name {{ .Values.gitea.ldap.name | quote }} \
-                  --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
-                  --host {{ .Values.gitea.ldap.host | quote }} \
-                  --port {{ .Values.gitea.ldap.port | int}} \
-                  --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
-                  --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
-                  --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
-                  --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
-                  --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
-                  --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
-                  --synchronize-users \
-                  --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
-                ) \
-                {{- end }}
-                '
-          command: ["/bin/sh",'-c', *script]
           volumeMounts:
+            - name: init
+              mountPath: /usr/sbin
             - name: config
               mountPath: /etc/gitea/conf
             - name: data
@@ -87,6 +44,10 @@ spec:
               value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
             - name: SSH_PORT
               value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
+            {{- range .Values.statefulset.env }}
+            - name: {{ .name | quote | nospace }}
+              value: {{ .value | quote }}
+            {{- end }}
           ports:
             - name: ssh
               containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
@@ -125,9 +86,13 @@ spec:
         {{- toYaml . | nindent 8 }}
     {{- end }}
       volumes:
+        - name: init
+          secret:
+            secretName: {{ include "gitea.fullname" . }}-init
+            defaultMode: 0777
         - name: config
-          configMap:
+          secret:
-            name: {{ include "gitea.fullname" . }}
+            secretName: {{ include "gitea.fullname" . }}
   {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
         - name: data
           persistentVolumeClaim:

values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: gitea/gitea
-  version: 1.12.3
+  version: 1.12.4
   pullPolicy: Always
 
 imagePullSecrets: []
@@ -55,6 +55,9 @@ tolerations: []
 affinity: {}
 
 statefulset:
+  env: []
+    # - name: VARIABLE
+    #   value: my-value
   terminationGracePeriodSeconds: 60
 
 persistence:
@@ -95,12 +98,16 @@ gitea:
   #  security:
   #    PASSWORD_COMPLEXITY: spec
 
+  podAnnotations: {}
+
   database:
     builtIn:
       postgresql:
         enabled: true
       mysql:
         enabled: false
+      mariadb:
+        enabled: false
 
   cache:
     builtIn:
@@ -131,3 +138,14 @@ mysql:
     port: 3306
   persistence:
     size: 10Gi
+
+mariadb:
+  db:
+    name: gitea
+    user: gitea
+    password: gitea
+  service:
+    port: 3306
+  master:
+    persistence:
+      size: 10Gi