1.13.7 (#139)

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/139
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>

.drone.yml

@@ -4,19 +4,19 @@ name: lint
 
 platform:
   os: linux
-  arch: amd64
+  arch: arm64
 
 steps:
 - name: lint
   pull: always
-  image: pelotech/drone-helm3
-  settings:
-    helm_command: lint
-    chart: ./
+  image: alpine:3.12
+  commands:
+    - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
+    - helm lint
 
 - name: discord
   pull: always
-  image: appleboy/drone-discord:1.0.0
+  image: appleboy/drone-discord:1.2.4
   environment:
     DISCORD_WEBHOOK_ID:
       from_secret: discord_webhook_id
@@ -41,20 +41,19 @@ trigger:
 
 steps:
   - name: generate-chart
-    pull: default
+    pull: always
     image: alpine:3.12
     commands:
-      - wget -q https://get.helm.sh/helm-v3.3.1-linux-arm64.tar.gz -O - | tar -xzO linux-arm64/helm > /usr/local/bin/helm
-      - chmod +x /usr/local/bin/helm
+      - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
       - helm dependency update
-      - helm package ./
+      - helm package --version "${DRONE_TAG##v}" ./
       - mkdir gitea
       - mv gitea*.tgz gitea/
       - wget -O gitea/index.yaml https://dl.gitea.io/charts/index.yaml
       - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
 
   - name: upload-chart
-    pull: default
+    pull: always
     image: plugins/s3:latest
     settings:
       bucket: releases

.gitignore

@@ -1,2 +1,3 @@
 charts
 Chart.lock
+.DS_Store

Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
-version: 1.5.2
-appVersion: 1.12.4
+version: 0.0.0
+appVersion: 1.13.7
 icon: https://docs.gitea.io/images/gitea.png
 
 keywords:
@@ -14,6 +14,7 @@ keywords:
   - gitea
   - gogs
 sources:
+  - https://gitea.com/gitea/helm-chart
   - https://github.com/go-gitea/gitea
   - https://hub.docker.com/r/gitea/gitea/
 maintainers:
@@ -37,9 +38,9 @@ dependencies:
   condition: gitea.database.builtIn.mysql.enabled
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami
-  version: 9.7.3
+  version: 9.7.2
   condition: gitea.database.builtIn.postgresql.enabled
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
-  version: 7.10.2
-  condition: gitea.database.builtIn.mariadb.enabled
+  version: 8.0.0
+  condition: gitea.database.builtIn.mariadb.enabled

templates/_helpers.tpl

@@ -36,9 +36,11 @@ Common labels
 */}}
 {{- define "gitea.labels" -}}
 helm.sh/chart: {{ include "gitea.chart" . }}
+app: {{ include "gitea.name" . }}
 {{ include "gitea.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
@@ -58,7 +60,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- printf "%s-mysql" .Release.Name -}}
 {{- else if .Values.gitea.database.builtIn.mariadb.enabled -}}
 {{- printf "%s-mariadb" .Release.Name -}}
-{{- else -}}
+{{- else if ne .Values.gitea.config.database.DB_TYPE "sqlite3" -}}
 {{- $parts := split ":" .Values.gitea.config.database.HOST -}}
 {{- printf "%s %s" $parts._0 $parts._1 -}}
 {{- end -}}
@@ -70,28 +72,47 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
 {{ .Values.mysql.service.port }}
 {{- else if .Values.gitea.database.builtIn.mariadb.enabled -}}
-{{ .Values.mariadb.service.port }}
+{{ .Values.mariadb.primary.service.port }}
 {{- else -}}
 {{- end -}}
 {{- end -}}
 
 {{- define "postgresql.dns" -}}
-{{- printf "%s-postgresql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.postgresql.global.postgresql.servicePort -}}
+{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}}
 {{- end -}}
 
 {{- define "mysql.dns" -}}
-{{- printf "%s-mysql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-mysql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{- define "mariadb.dns" -}}
-{{- printf "%s-mariadb.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-mariadb.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mariadb.primary.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{- define "memcached.dns" -}}
-{{- printf "%s-memcached.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{- define "gitea.default_domain" -}}
-{{- printf "%s-gitea.%s.svc.cluster.local" (include "gitea.fullname" .) .Release.Namespace  | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{- define "gitea.ldap_settings" -}}
+{{- range $key, $val := .Values.gitea.ldap -}}
+{{- if ne $key "enabled" -}}
+{{- if eq $key "port" -}}
+{{- printf "--%s %d " ($key | kebabcase) ($val | int) -}}
+{{- else -}}
+{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "gitea.oauth_settings" -}}
+{{- range $key, $val := .Values.gitea.oauth -}}
+{{- if ne $key "enabled" -}}
+{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}

templates/gitea/config.yaml

@@ -15,6 +15,10 @@ stringData:
     {{- $_ := set .Values.gitea.config "server" dict -}}
     {{- end -}}
 
+    {{- if not (hasKey .Values.gitea.config "metrics") -}}
+    {{- $_ := set .Values.gitea.config "metrics" dict -}}
+    {{- end -}}
+
     {{- if not (hasKey .Values.gitea.config "database") -}}
     {{- $_ := set .Values.gitea.config "database" dict -}}
     {{- end -}}
@@ -62,6 +66,17 @@ stringData:
     {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
     {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
     {{- end -}}
+    {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
+    {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}}
+    {{- end -}}
+    {{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}}
+    {{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}}
+    {{- end -}}
+
+    {{- /* metrics default settings */ -}}
+    {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
+    {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
+    {{- end -}}
 
     {{- /* database default settings */ -}}
     {{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
@@ -85,9 +100,9 @@ stringData:
     {{- if not (.Values.gitea.config.database.HOST) -}}
     {{- $_ := set .Values.gitea.config.database "HOST"      (include "mariadb.dns" .) -}}
     {{- end -}}
-    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.mariadb.db.name -}}
-    {{- $_ := set .Values.gitea.config.database "USER"      .Values.mariadb.db.user -}}
-    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.mariadb.db.password -}}
+    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.mariadb.auth.database -}}
+    {{- $_ := set .Values.gitea.config.database "USER"      .Values.mariadb.auth.username -}}
+    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.mariadb.auth.password -}}
     {{- end -}}
 
     {{- /* cache default settings */ -}}

templates/gitea/http-svc.yaml

@@ -4,9 +4,16 @@ metadata:
   name: {{ include "gitea.fullname" . }}-http
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.service.http.annotations | nindent 4 }}
 spec:
   type: {{ .Values.service.http.type }}
-  clusterIP: None
+  {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.service.http.loadBalancerIP  }}
+  {{- end }}
+  {{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }}
+  clusterIP: {{ .Values.service.http.clusterIP }}
+  {{- end }}
   ports:
   - name: http
     port: {{ .Values.service.http.port }}

templates/gitea/ingress.yaml

@@ -1,7 +1,9 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "gitea.fullname" . -}}
 {{- $httpPort := .Values.service.http.port -}}
-{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
+apiVersion: networking.k8s.io/v1
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
@@ -32,8 +34,18 @@ spec:
       http:
         paths:
           - path: /
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+            pathType: Prefix
+            {{- end }}
             backend:
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+              service:
+                name: {{ $fullName }}-http
+                port:
+                  number: {{ $httpPort }}
+            {{- else }}
               serviceName: {{ $fullName }}-http
               servicePort: {{ $httpPort }}
+            {{- end }}
   {{- end }}
 {{- end }}

templates/gitea/init.yaml

@@ -8,50 +8,48 @@ type: Opaque
 stringData:
   init_gitea.sh: |-
     #!/bin/bash
+    {{- if .Values.initPreScript }}
+    # BEGIN: initPreScript
+    {{- with .Values.initPreScript -}}
+    {{ . | nindent 4}}
+    {{- end -}}
+    # END: initPreScript
+    {{- end }}
+
     mkdir -p /data/git/.ssh
     chmod -R 700 /data/git/.ssh
     mkdir -p /data/gitea/conf
     cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
     chmod a+rwx /data/gitea/conf/app.ini
+    {{- if include "db.servicename" . }}
     nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
+    {{- end }}
     su git -c ' \
     set -x; \
     gitea migrate; \
     {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
-    gitea admin create-user --username  {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \
+    gitea admin create-user --username  {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
     || \
-    gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
+    gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \
     {{- end }}
     {{- if .Values.gitea.ldap.enabled }}
     gitea admin auth add-ldap \
-    --name {{ .Values.gitea.ldap.name | quote }} \
-    --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
-    --host {{ .Values.gitea.ldap.host | quote }} \
-    --port {{ .Values.gitea.ldap.port | int}} \
-    --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
-    --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
-    --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
-    --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
-    --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
-    --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
-    --synchronize-users \
-    --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
+    {{- include "gitea.ldap_settings" . | nindent 6 }} \
     || \
     ( \
       export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " "  "{print \$1}"); \
       gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
-      --name {{ .Values.gitea.ldap.name | quote }} \
-      --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
-      --host {{ .Values.gitea.ldap.host | quote }} \
-      --port {{ .Values.gitea.ldap.port | int}} \
-      --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
-      --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
-      --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
-      --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
-      --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
-      --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
-      --synchronize-users \
-      --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
+      {{- include "gitea.ldap_settings" . | nindent 6 }} \
     ) \
     {{- end }}
-    '
+    {{- if .Values.gitea.oauth.enabled }}
+    gitea admin auth add-oauth \
+    {{- include "gitea.oauth_settings" . | nindent 6 }} \
+    || \
+    ( \
+      export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.oauth.name | quote }} | awk -F " "  "{print \$1}"); \
+      gitea admin auth update-oauth --id ${GITEA_AUTH_ID} \
+      {{- include "gitea.oauth_settings" . | nindent 6 }} \
+    ) \
+    {{- end }}
+    '

templates/gitea/servicemonitor.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.gitea.metrics.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "gitea.fullname" . }}
+  labels:
+    {{- include "gitea.labels" . | nindent 4 }}
+    {{- if .Values.gitea.metrics.serviceMonitor.prometheusSelector }}
+    prometheus: {{ .Values.gitea.metrics.serviceMonitor.prometheusSelector }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "gitea.selectorLabels" . | nindent 6 }}
+  endpoints:
+  - port: http
+{{- end -}}

templates/gitea/ssh-svc.yaml

@@ -5,18 +5,26 @@ metadata:
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
   annotations:
-{{ toYaml .Values.service.ssh.annotations | indent 4 }}
+    {{- toYaml .Values.service.ssh.annotations | nindent 4 }}
 spec:
   type: {{ .Values.service.ssh.type }}
-  {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
+  {{- if eq .Values.service.ssh.type "LoadBalancer" }}
+  {{- if .Values.service.ssh.loadBalancerIP }}
   loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
+  {{- end -}}
+  {{- if .Values.service.ssh.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- range .Values.service.ssh.loadBalancerSourceRanges }}
+    - {{ . }}
   {{- end }}
-  {{- if eq .Values.service.ssh.type "ClusterIP" }}
-  clusterIP: None
+  {{- end }}
+  {{- end }}
+  {{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }}
+  clusterIP: {{ .Values.service.ssh.clusterIP }}
   {{- end }}
   {{- if .Values.service.ssh.externalIPs }}
   externalIPs:
-  {{ toYaml .Values.service.ssh.externalIPs | indent 4 }}
+    {{- toYaml .Values.service.ssh.externalIPs | nindent 4 }}
   {{- end }}
   {{- if .Values.service.ssh.externalTrafficPolicy }}
   externalTrafficPolicy: {{ .Values.service.ssh.externalTrafficPolicy }}

templates/gitea/statefulset.yaml

@@ -9,23 +9,40 @@ spec:
   selector:
     matchLabels:
       {{- include "gitea.selectorLabels" . | nindent 6 }}
+      {{- if .Values.statefulset.labels }}
+      {{- toYaml .Values.statefulset.labels | nindent 6 }}
+      {{- end }}
   serviceName: {{ include "gitea.fullname" . }}
   template:
     metadata:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
+        checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }}
+        checksum/oauth: {{ include "gitea.oauth_settings" . | sha256sum }}
         {{- with .Values.gitea.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
       labels:
-        {{- include "gitea.selectorLabels" . | nindent 8 }}
+        {{- include "gitea.labels" . | nindent 8 }}
+        {{- if .Values.statefulset.labels }}
+        {{- toYaml .Values.statefulset.labels | nindent 8 }}
+        {{- end }}
     spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       securityContext:
         fsGroup: 1000
       initContainers:
         - name: init
-          image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
+          image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}"
           command: ["/usr/sbin/init_gitea.sh"]
+          env:
+          {{- range .Values.statefulset.env }}
+          - name: {{ .name | quote | nospace }}
+            value: {{ .value | quote }}
+          {{- end }}
           volumeMounts:
             - name: init
               mountPath: /usr/sbin
@@ -33,10 +50,13 @@ spec:
               mountPath: /etc/gitea/conf
             - name: data
               mountPath: /data
+            {{- if .Values.extraVolumeMounts }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+            {{- end }}
       terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
+          image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
             # SSH Port values have to be set here as well for openssh configuration
@@ -53,26 +73,59 @@ spec:
               containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
             - name: http
               containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
+            {{- if .Values.gitea.config.server.ENABLE_PPROF }}
+            - name: profiler
+              containerPort: 6060
+            {{- end }}
+          {{- if .Values.gitea.livenessProbe.enabled }}
           livenessProbe:
             tcpSocket:
               port: http
-            initialDelaySeconds: 200
-            timeoutSeconds: 1
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 10
+            initialDelaySeconds: {{ .Values.gitea.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.gitea.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.gitea.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.gitea.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.gitea.livenessProbe.failureThreshold }}
+          {{- else if .Values.gitea.customLivenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.gitea.customLivenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.gitea.readinessProbe.enabled }}
           readinessProbe:
             tcpSocket:
               port: http
-            initialDelaySeconds: 5
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
+            initialDelaySeconds: {{ .Values.gitea.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.gitea.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.gitea.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.gitea.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.gitea.readinessProbe.failureThreshold }}
+          {{- else if .Values.gitea.customReadinessProbe }}
+          readinessProbe:
+            {{- toYaml .Values.gitea.customReadinessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.gitea.startupProbe.enabled }}
+          startupProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: {{ .Values.gitea.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.gitea.startupProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.gitea.startupProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.gitea.startupProbe.successThreshold }}
+            failureThreshold: {{ .Values.gitea.startupProbe.failureThreshold }}
+          {{- else if .Values.gitea.customStartupProbe }}
+          startupProbe:
+            {{- toYaml .Values.gitea.customStartupProbe | nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           volumeMounts:
             - name: data
               mountPath: /data
+            {{- if .Values.extraVolumeMounts }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+            {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -93,6 +146,9 @@ spec:
         - name: config
           secret:
             secretName: {{ include "gitea.fullname" . }}
+        {{- if .Values.extraVolumes }}
+        {{- toYaml .Values.extraVolumes | nindent 8 }}
+        {{- end }}
   {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
         - name: data
           persistentVolumeClaim:
@@ -104,12 +160,26 @@ spec:
   volumeClaimTemplates:
     - metadata:
         name: data
+      {{- with .Values.persistence.annotations }}
+        annotations:
+        {{- range $key, $value := . }}
+          {{ $key }}: {{ $value }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.persistence.labels }}
+        labels:
+        {{- range $key, $value := . }}
+          {{ $key }}: {{ $value }}
+        {{- end }}
+      {{- end }}
       spec:
         accessModes:
           {{- range .Values.persistence.accessModes }}
             - {{ . | quote }}
           {{- end }}
-        storageClassName: {{ .Values.persistence.storageClass | default "standard" | quote }}
+        {{- if .Values.persistence.storageClass }}
+        storageClassName: {{ .Values.persistence.storageClass | quote }}
+        {{- end }}
         resources:
           requests:
             storage: {{ .Values.persistence.size | quote }}

templates/tests/test-http-connection.yaml

@@ -11,5 +11,5 @@ spec:
     - name: wget
       image: busybox
       command: ['wget']
-      args:  ['{{ include "gitea.fullname" . }}:{{ .Values.service.port }}']
+      args:  ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}']
   restartPolicy: Never

values.yaml

@@ -4,24 +4,34 @@
 
 replicaCount: 1
 
+clusterDomain: cluster.local
+
 image:
   repository: gitea/gitea
-  version: 1.12.4
+  tag: 1.13.7
   pullPolicy: Always
 
 imagePullSecrets: []
 
+securityContext: {}
+
 service:
   http:
     type: ClusterIP
     port: 3000
+    clusterIP: None
+    #loadBalancerIP:
+    #nodePort:
+    annotations:
   ssh:
     type: ClusterIP
     port: 22
+    clusterIP: None
     #loadBalancerIP:
     #nodePort:
     #externalTrafficPolicy:
     #externalIPs:
+    loadBalancerSourceRanges: []
     annotations:
 
 ingress:
@@ -59,14 +69,41 @@ statefulset:
     # - name: VARIABLE
     #   value: my-value
   terminationGracePeriodSeconds: 60
+  labels: {}
 
 persistence:
   enabled: true
-  # existingClaim: 
+  # existingClaim:
   size: 10Gi
   accessModes:
     - ReadWriteOnce
-  storageClass: standard
+  labels: {}
+  annotations: {}
+
+# additional volumes to add to the Gitea statefulset.
+extraVolumes:
+# - name: postgres-ssl-vol
+#   secret:
+#     secretName: gitea-postgres-ssl
+
+
+# additional volumes to mount, both to the init container and to the main
+# container. As an example, can be used to mount a client cert when connecting
+# to an external Postgres server.
+extraVolumeMounts:
+# - name: postgres-ssl-vol
+#   readOnly: true
+#   mountPath: "/pg-ssl"
+
+# bash shell script copied verbatim to the start of the init-container.
+initPreScript: ""
+#
+# initPreScript: |
+#   mkdir -p /data/git/.postgresql
+#   cp /pg-ssl/* /data/git/.postgresql/
+#   chown -R git:git /data/git/.postgresql/
+#   chmod 400 /data/git/.postgresql/postgresql.key
+
 
 gitea:
   admin:
@@ -74,24 +111,44 @@ gitea:
     password: r8sA8CPHD9!bt6d
     email: "gitea@local.domain"
 
+  metrics:
+    enabled: false
+    serviceMonitor:
+      enabled: false
+      # prometheusSelector: default
+
   ldap:
     enabled: false
-    name: ""
-    securityProtocol: ""
-    host: ""
-    port: ""
-    userSearchBase: ""
-    userFilter: ""
-    adminFilter: ""
-    emailAttribute: ""
-    bindDn: ""
-    bindPassword: ""
-    usernameAttribute: ""
+    #name: 
+    #securityProtocol: 
+    #host: 
+    #port: 
+    #userSearchBase: 
+    #userFilter: 
+    #adminFilter: 
+    #emailAttribute: 
+    #bindDn: 
+    #bindPassword: 
+    #usernameAttribute: 
+    #sshPublicKeyAttribute:
+
+  oauth:
+    enabled: false
+    #name:
+    #provider:
+    #key: 
+    #secret: 
+    #autoDiscoverUrl:
+    #useCustomUrls:
+    #customAuthUrl:
+    #customTokenUrl:
+    #customProfileUrl:
+    #customEmailUrl:
 
   config: {}
   #  APP_NAME: "Gitea: Git with a cup of tea"
-  #  RUN_MODE: dev   
-  #   
+  #  RUN_MODE: dev
+  #
   #  server:
   #    SSH_PORT: 22
   #
@@ -113,6 +170,52 @@ gitea:
     builtIn:
       enabled: true
 
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 200
+    timeoutSeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 10
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 5
+    timeoutSeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 3
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 10
+
+  # customLivenessProbe:
+  #   httpGet:
+  #     path: /user/login
+  #     port: http
+  #   initialDelaySeconds: 60
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   failureThreshold: 10
+  # customReadinessProbe:
+  #   httpGet:
+  #     path: /user/login
+  #     port: http
+  #   initialDelaySeconds: 5
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   failureThreshold: 3
+  # customStartupProbe:
+  #   httpGet:
+  #     path: /user/login
+  #     port: http
+  #   initialDelaySeconds: 60
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   failureThreshold: 10
+
 memcached:
   service:
     port: 11211
@@ -140,12 +243,13 @@ mysql:
     size: 10Gi
 
 mariadb:
-  db:
-    name: gitea
-    user: gitea
+  auth:
+    database: gitea
+    username: gitea
     password: gitea
-  service:
-    port: 3306
-  master:
+    rootPassword: gitea
+  primary:
+    service:
+      port: 3306
     persistence:
-      size: 10Gi
+      size: 10Gi