Compare commits
8 Commits
Author | SHA1 | Date | |
---|---|---|---|
4869cbc54f | |||
8439bf2797 | |||
ef3a92f397 | |||
9f47515bf6 | |||
d297c555f3 | |||
71a44b710d | |||
346a1d316b | |||
b456d07c45 |
@ -10,14 +10,14 @@ platform:
|
|||||||
steps:
|
steps:
|
||||||
- name: helm lint
|
- name: helm lint
|
||||||
pull: always
|
pull: always
|
||||||
image: alpine:3.15
|
image: alpine:3.13
|
||||||
commands:
|
commands:
|
||||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
||||||
- helm lint
|
- helm lint
|
||||||
|
|
||||||
- name: helm template
|
- name: helm template
|
||||||
pull: always
|
pull: always
|
||||||
image: alpine:3.15
|
image: alpine:3.13
|
||||||
commands:
|
commands:
|
||||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
||||||
- helm dependency update
|
- helm dependency update
|
||||||
@ -58,7 +58,7 @@ trigger:
|
|||||||
steps:
|
steps:
|
||||||
- name: generate-chart
|
- name: generate-chart
|
||||||
pull: always
|
pull: always
|
||||||
image: alpine:3.15
|
image: alpine:3.13
|
||||||
commands:
|
commands:
|
||||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
||||||
- apk add --no-cache curl
|
- apk add --no-cache curl
|
||||||
@ -74,7 +74,8 @@ steps:
|
|||||||
image: plugins/s3:latest
|
image: plugins/s3:latest
|
||||||
settings:
|
settings:
|
||||||
bucket: gitea-artifacts
|
bucket: gitea-artifacts
|
||||||
endpoint: https://ams3.digitaloceanspaces.com
|
endpoint: https://storage.gitea.io
|
||||||
|
path_style: true
|
||||||
access_key:
|
access_key:
|
||||||
from_secret: aws_access_key_id
|
from_secret: aws_access_key_id
|
||||||
secret_key:
|
secret_key:
|
||||||
|
14
Chart.yaml
14
Chart.yaml
@ -3,7 +3,7 @@ name: gitea
|
|||||||
description: Gitea Helm chart for Kubernetes
|
description: Gitea Helm chart for Kubernetes
|
||||||
type: application
|
type: application
|
||||||
version: 0.0.0
|
version: 0.0.0
|
||||||
appVersion: 1.16.5
|
appVersion: 1.15.4
|
||||||
icon: https://docs.gitea.io/images/gitea.png
|
icon: https://docs.gitea.io/images/gitea.png
|
||||||
|
|
||||||
keywords:
|
keywords:
|
||||||
@ -34,6 +34,14 @@ dependencies:
|
|||||||
repository: https://charts.bitnami.com/bitnami
|
repository: https://charts.bitnami.com/bitnami
|
||||||
version: 5.9.0
|
version: 5.9.0
|
||||||
condition: memcached.enabled
|
condition: memcached.enabled
|
||||||
|
- name: redis-cluster
|
||||||
|
repository: https://charts.bitnami.com/bitnami
|
||||||
|
version: 6.2.3
|
||||||
|
condition: redis-cluster.enabled
|
||||||
|
- name: redis
|
||||||
|
repository: https://charts.bitnami.com/bitnami
|
||||||
|
version: 14.6.6
|
||||||
|
condition: redis.enabled
|
||||||
- name: mysql
|
- name: mysql
|
||||||
repository: https://charts.bitnami.com/bitnami
|
repository: https://charts.bitnami.com/bitnami
|
||||||
version: 6.14.10
|
version: 6.14.10
|
||||||
@ -42,6 +50,10 @@ dependencies:
|
|||||||
repository: https://charts.bitnami.com/bitnami
|
repository: https://charts.bitnami.com/bitnami
|
||||||
version: 10.3.17
|
version: 10.3.17
|
||||||
condition: postgresql.enabled
|
condition: postgresql.enabled
|
||||||
|
- name: postgresql-ha
|
||||||
|
repository: https://charts.bitnami.com/bitnami
|
||||||
|
version: 7.7.3
|
||||||
|
condition: postgresql-ha.enabled
|
||||||
- name: mariadb
|
- name: mariadb
|
||||||
repository: https://charts.bitnami.com/bitnami
|
repository: https://charts.bitnami.com/bitnami
|
||||||
version: 9.3.6
|
version: 9.3.6
|
||||||
|
195
README.md
195
README.md
@ -109,13 +109,12 @@ gitea:
|
|||||||
podAnnotations: {}
|
podAnnotations: {}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Multiple OAuth and LDAP authentication sources
|
### Multiple OAuth authentication sources
|
||||||
|
|
||||||
With `5.0.0` of this Chart it is now possible to configure Gitea with multiple
|
With `5.0.0` of this Chart it is now possible to configure Gitea with multiple
|
||||||
OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration
|
OAuth sources. As a result, you need to update an existing OAuth configuration
|
||||||
in your customized `values.yaml` by replacing the object with settings to a list
|
in your customized `values.yaml` by replacing the object with settings to a list
|
||||||
of settings objects. See [OAuth2 Settings](#oauth-settings) and
|
of settings objects. See [OAuth2 Settings](#oauth-settings) section for details.
|
||||||
[LDAP Settings](#ldap-settings) section for details.
|
|
||||||
|
|
||||||
## Chart upgrade from 3.x.x to 4.0.0
|
## Chart upgrade from 3.x.x to 4.0.0
|
||||||
|
|
||||||
@ -214,6 +213,73 @@ signing:
|
|||||||
gpgHome: /data/git/.gnupg
|
gpgHome: /data/git/.gnupg
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Gitea - HA
|
||||||
|
|
||||||
|
With Version 4.1.x the helm chart supports Gitea running in HA(High Availability)
|
||||||
|
mode. To run Gitea in HA you'll need to set a few values in order to run successfully.
|
||||||
|
|
||||||
|
### Redis
|
||||||
|
|
||||||
|
HA requires a Queue to run, we're going to use redis as default for this.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
redis:
|
||||||
|
enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
|
You can also run Redis in HA mode:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
redis-cluster:
|
||||||
|
enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
|
Both variants can be found at [Bitnami](https://github.com/bitnami/charts).
|
||||||
|
|
||||||
|
Once redis is enabled, the chart will automatically configure Gitea to run with
|
||||||
|
redis queue, indexer and session. Running with Redis already provides a sticky
|
||||||
|
session, which saves you the trouble from configuring your ingress running with
|
||||||
|
a sticky session.
|
||||||
|
The following values are autogenerated.
|
||||||
|
However you can overwrite any setting in the config section of the chart.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
[session]
|
||||||
|
PROVIDER = redis
|
||||||
|
PROVIDER_CONFIG = redis://:gitea@gitea-redis-master.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s
|
||||||
|
|
||||||
|
[queue]
|
||||||
|
CONN_STR = redis://:gitea@gitea-redis-master.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s
|
||||||
|
TYPE = redis
|
||||||
|
|
||||||
|
[queue.issue_indexer]
|
||||||
|
TYPE = redis
|
||||||
|
```
|
||||||
|
|
||||||
|
### Persistence
|
||||||
|
|
||||||
|
When running in HA you cannot use the default persistence for the chart.
|
||||||
|
You'll need to setup an extra PVC running with access mode "RWX" - "ReadWriteMany".
|
||||||
|
Otherwise the chart will create a PVC for every replica.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
persistence:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: rwx-pvc-gitea
|
||||||
|
```
|
||||||
|
|
||||||
|
### PostgreSQL
|
||||||
|
|
||||||
|
You can also run PostgreSQL in HA mode also provided by
|
||||||
|
[Bitnami](https://github.com/bitnami/charts).
|
||||||
|
:warning: Please disable the default PostgreSQL version,
|
||||||
|
when you enabled the HA PostgreSQL.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
postgresql-ha:
|
||||||
|
enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
### Gitea Configuration
|
### Gitea Configuration
|
||||||
@ -239,7 +305,7 @@ service and ingress settings. All defaults can be overwritten in `gitea.config`.
|
|||||||
INSTALL_LOCK is always set to true, since we want to configure Gitea with this
|
INSTALL_LOCK is always set to true, since we want to configure Gitea with this
|
||||||
helm chart and everything is taken care of.
|
helm chart and everything is taken care of.
|
||||||
|
|
||||||
_All default settings are made directly in the generated app.ini, not in the Values._
|
*All default settings are made directly in the generated app.ini, not in the Values.*
|
||||||
|
|
||||||
#### Database defaults
|
#### Database defaults
|
||||||
|
|
||||||
@ -341,55 +407,6 @@ data:
|
|||||||
ENABLED=true
|
ENABLED=true
|
||||||
```
|
```
|
||||||
|
|
||||||
Or when using a Kubernetes secret, having the same data structure:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: gitea-security-related-configuration
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
security: |
|
|
||||||
PASSWORD_COMPLEXITY=off
|
|
||||||
session: |
|
|
||||||
SAME_SITE=strict
|
|
||||||
```
|
|
||||||
|
|
||||||
#### User defined environment variables in app.ini
|
|
||||||
|
|
||||||
Users are able to define their own environment variables,
|
|
||||||
which are loaded into the containers. We also support to
|
|
||||||
directly interact with the generated _app.ini_.
|
|
||||||
|
|
||||||
To inject self defined variables into the _app.ini_ a
|
|
||||||
certain format needs to be honored. This is
|
|
||||||
described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini)
|
|
||||||
page.
|
|
||||||
|
|
||||||
Note that the Prefix on this helm chart is `ENV_TO_INI`.
|
|
||||||
|
|
||||||
For example a database setting needs to have the following
|
|
||||||
format:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
gitea:
|
|
||||||
additionalConfigFromEnvs:
|
|
||||||
- name: ENV_TO_INI__DATABASE__HOST
|
|
||||||
value: my.own.host
|
|
||||||
- name: ENV_TO_INI__DATABASE__PASSWD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: postgres-secret
|
|
||||||
key: password
|
|
||||||
```
|
|
||||||
|
|
||||||
Priority (highest to lowest) for defining app.ini variables:
|
|
||||||
|
|
||||||
1. Environment variables prefixed with `ENV_TO_INI`
|
|
||||||
2. Additional config sources
|
|
||||||
3. Values defined in `gitea.config`
|
|
||||||
|
|
||||||
### External Database
|
### External Database
|
||||||
|
|
||||||
An external Database can be used instead of builtIn PostgreSQL or MySQL.
|
An external Database can be used instead of builtIn PostgreSQL or MySQL.
|
||||||
@ -729,12 +746,12 @@ gitea:
|
|||||||
|
|
||||||
### Image
|
### Image
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| ------------------ | ----------------------------------------------------------------------------------------- | ---------------------------------- |
|
| ------------------ | ----------------------------------------------------------------------------------------- | ------------- |
|
||||||
| `image.repository` | Image to start for this pod | `gitea/gitea` |
|
| `image.repository` | Image to start for this pod | `gitea/gitea` |
|
||||||
| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | see [Chart.AppVersion](Chart.yaml) |
|
| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` |
|
||||||
| `image.pullPolicy` | Image pull policy | `Always` |
|
| `image.pullPolicy` | Image pull policy | `Always` |
|
||||||
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
|
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
|
||||||
|
|
||||||
### Persistence
|
### Persistence
|
||||||
|
|
||||||
@ -786,7 +803,6 @@ gitea:
|
|||||||
| `service.ssh.port` | Port for ssh traffic | `22` |
|
| `service.ssh.port` | Port for ssh traffic | `22` |
|
||||||
| `service.ssh.loadBalancerIP` | LoadBalancer Ip setting | |
|
| `service.ssh.loadBalancerIP` | LoadBalancer Ip setting | |
|
||||||
| `service.ssh.nodePort` | NodePort for ssh service | |
|
| `service.ssh.nodePort` | NodePort for ssh service | |
|
||||||
| `service.ssh.hostPort` | HostPort for ssh service | |
|
|
||||||
| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | |
|
| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | |
|
||||||
| `service.ssh.externalIPs` | ssh service external IP addresses | |
|
| `service.ssh.externalIPs` | ssh service external IP addresses | |
|
||||||
| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` |
|
| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` |
|
||||||
@ -842,6 +858,40 @@ Configure Liveness, Readiness and Startup
|
|||||||
| `gitea.startupProbe.successThreshold` | Minimum consecutive success probes | `1` |
|
| `gitea.startupProbe.successThreshold` | Minimum consecutive success probes | `1` |
|
||||||
| `gitea.startupProbe.failureThreshold` | Minimum consecutive error probes | `10` |
|
| `gitea.startupProbe.failureThreshold` | Minimum consecutive error probes | `10` |
|
||||||
|
|
||||||
|
### Redis BuiltIn
|
||||||
|
|
||||||
|
Redis is loaded as a dependency from
|
||||||
|
[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis)
|
||||||
|
if enabled in the values. Complete Configuration can be taken from their website.
|
||||||
|
|
||||||
|
The following parameters are the defaults set by this chart
|
||||||
|
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
|----------------------------|--------------------------------------------------|------------------------------|
|
||||||
|
|redis.enabled | Enable or disable redis | `false` |
|
||||||
|
|redis.global.redis.password | Redis default password | `gitea` |
|
||||||
|
|redis.auth.password | Redis default password needed for chart upgrades | `gitea` |
|
||||||
|
| redis.master.service.port | Redis default port | `6379` |
|
||||||
|
| redis.replica.replicaCount | Redis replicaCount | `2` |
|
||||||
|
|
||||||
|
### Redis-Cluster BuiltIn
|
||||||
|
|
||||||
|
Redis-Cluster is loaded as a dependency from
|
||||||
|
[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster)
|
||||||
|
if enabled in the values. Complete Configuration can be taken from their website.
|
||||||
|
|
||||||
|
The following parameters are the defaults set by this chart
|
||||||
|
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
|------------------------------------|--------------------------------------------------|-----------|
|
||||||
|
|redis-cluster.enabled | Enable or disable redis-cluster | `false` |
|
||||||
|
|redis-cluster.global.redis.password | Redis default password | `gitea` |
|
||||||
|
|redis-cluster.password | Redis default password | `gitea` |
|
||||||
|
|redis.auth.password | Redis default password needed for chart upgrades | `gitea` |
|
||||||
|
| redis-cluster.service.port | Redis default port | `6379` |
|
||||||
|
| redis-cluster.cluster.nodes | Redis nodes | `6` |
|
||||||
|
| redis-cluster.cluster.replicas | Redis replicas | `1` |
|
||||||
|
|
||||||
### Memcached BuiltIn
|
### Memcached BuiltIn
|
||||||
|
|
||||||
Memcached is loaded as a dependency from
|
Memcached is loaded as a dependency from
|
||||||
@ -890,6 +940,29 @@ The following parameters are the defaults set by this chart
|
|||||||
| `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` |
|
| `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` |
|
||||||
| `postgresql.enabled` | Enable PostgreSQL dependency | `true` |
|
| `postgresql.enabled` | Enable PostgreSQL dependency | `true` |
|
||||||
|
|
||||||
|
### PostgreSQL-HA BuiltIn
|
||||||
|
|
||||||
|
PostgreSQL-HA is loaded as a dependency from Bitnami. The chart configuration
|
||||||
|
can be found in this
|
||||||
|
[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) repository.
|
||||||
|
|
||||||
|
The following parameters are the defaults set by this chart
|
||||||
|
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
|-------------------------------------------------|-------------------------------------------|-----------|
|
||||||
|
|`postgresql-ha.enabled` | Enable or disable PostgreSQL-HA | `false` |
|
||||||
|
|`postgresql-ha.postgresql.password` | PostgreSQL password | `gitea` |
|
||||||
|
|`postgresql-ha.postgresql.repmgrPassword` | PostgreSQL repmgr password | `gitea` |
|
||||||
|
|`postgresql-ha.pgpool.adminPassword` | PostgreSQL pgpool password | `gitea` |
|
||||||
|
|`postgresql-ha.global.postgresql.username` | PostgreSQL username | `gitea` |
|
||||||
|
|`postgresql-ha.global.postgresql.password` | PostgreSQL admin password | `gitea` |
|
||||||
|
|`postgresql-ha.global.postgresql.database` | PostgreSQL default database | `gitea` |
|
||||||
|
|`postgresql-ha.global.postgresql.repmgrPassword` | PostgreSQL repmgr password | `gitea` |
|
||||||
|
|`postgresql-ha.global.postgresql.repmgrUsername` | PostgreSQL repmgr username | `gitea` |
|
||||||
|
|`postgresql-ha.global.postgresql.repmgrDatabase` | PostgreSQL repmgr default database | `gitea` |
|
||||||
|
|`postgresql-ha.service.port` | PostgreSQL port | `5432` |
|
||||||
|
|`postgresql-ha.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` |
|
||||||
|
|
||||||
### MariaDB BuiltIn
|
### MariaDB BuiltIn
|
||||||
|
|
||||||
MariaDB is loaded as a dependency from bitnami. Configuration can be found in
|
MariaDB is loaded as a dependency from bitnami. Configuration can be found in
|
||||||
|
@ -36,7 +36,7 @@ Create image name and tag used by the deployment.
|
|||||||
*/}}
|
*/}}
|
||||||
{{- define "gitea.image" -}}
|
{{- define "gitea.image" -}}
|
||||||
{{- $name := .Values.image.repository -}}
|
{{- $name := .Values.image.repository -}}
|
||||||
{{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
|
{{- $tag := ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") -}}
|
||||||
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
||||||
{{- printf "%s:%s%s" $name $tag $rootless -}}
|
{{- printf "%s:%s%s" $name $tag $rootless -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@ -48,8 +48,10 @@ Common labels
|
|||||||
helm.sh/chart: {{ include "gitea.chart" . }}
|
helm.sh/chart: {{ include "gitea.chart" . }}
|
||||||
app: {{ include "gitea.name" . }}
|
app: {{ include "gitea.name" . }}
|
||||||
{{ include "gitea.selectorLabels" . }}
|
{{ include "gitea.selectorLabels" . }}
|
||||||
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
{{- if .Chart.AppVersion }}
|
||||||
version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
@ -61,8 +63,40 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
|
|||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "db.servicename" -}}
|
||||||
|
{{- if .Values.postgresql.enabled -}}
|
||||||
|
{{- printf "%s-postgresql" .Release.Name -}}
|
||||||
|
{{- else if (index .Values "postgresql-ha").enabled -}}
|
||||||
|
{{- printf "%s-postgresql-ha-pgpool" .Release.Name -}}
|
||||||
|
{{- else if .Values.mysql.enabled -}}
|
||||||
|
{{- printf "%s-mysql" .Release.Name -}}
|
||||||
|
{{- else if .Values.mariadb.enabled -}}
|
||||||
|
{{- printf "%s-mariadb" .Release.Name -}}
|
||||||
|
{{- else if ne .Values.gitea.config.database.DB_TYPE "sqlite3" -}}
|
||||||
|
{{- $parts := split ":" .Values.gitea.config.database.HOST -}}
|
||||||
|
{{- printf "%s %s" $parts._0 $parts._1 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "db.port" -}}
|
||||||
|
{{- if .Values.postgresql.enabled -}}
|
||||||
|
{{ .Values.postgresql.global.postgresql.servicePort }}
|
||||||
|
{{- else if (index .Values "postgresql-ha").enabled -}}
|
||||||
|
{{ (index .Values "postgresql-ha").service.port }}
|
||||||
|
{{- else if .Values.mysql.enabled -}}
|
||||||
|
{{ .Values.mysql.service.port }}
|
||||||
|
{{- else if .Values.mariadb.enabled -}}
|
||||||
|
{{ .Values.mariadb.primary.service.port }}
|
||||||
|
{{- else -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "postgresql.dns" -}}
|
{{- define "postgresql.dns" -}}
|
||||||
|
{{- if .Values.postgresql.enabled -}}
|
||||||
{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}}
|
{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}}
|
||||||
|
{{- else if (index .Values "postgresql-ha").enabled -}}
|
||||||
|
{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha").service.port -}}
|
||||||
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "mysql.dns" -}}
|
{{- define "mysql.dns" -}}
|
||||||
@ -77,6 +111,30 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||||||
{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
|
{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "redis.dns" -}}
|
||||||
|
{{- if (index .Values "redis-cluster").enabled -}}
|
||||||
|
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.port -}}
|
||||||
|
{{- else if .Values.redis.enabled -}}
|
||||||
|
{{- printf "redis://:%s@%s-redis-master.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s" .Values.redis.global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain .Values.redis.master.service.port -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "redis.port" -}}
|
||||||
|
{{- if (index .Values "redis-cluster").enabled -}}
|
||||||
|
{{ (index .Values "redis-cluster").service.port }}
|
||||||
|
{{- else if .Values.redis.enabled -}}
|
||||||
|
{{ .Values.redis.master.service.port }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "redis.servicename" -}}
|
||||||
|
{{- if (index .Values "redis-cluster").enabled -}}
|
||||||
|
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||||
|
{{- else if .Values.redis.enabled -}}
|
||||||
|
{{- printf "%s-redis-master.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "gitea.default_domain" -}}
|
{{- define "gitea.default_domain" -}}
|
||||||
{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
|
{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@ -181,6 +239,18 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||||||
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
|
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
|
||||||
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
|
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{- if not (hasKey .Values.gitea.config "session") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config "session" dict -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if not (hasKey .Values.gitea.config "queue") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config "queue" dict -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if not (hasKey .Values.gitea.config "queue.issue_indexer") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config "queue.issue_indexer" dict -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if not (hasKey .Values.gitea.config "indexer") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config "indexer" dict -}}
|
||||||
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "gitea.inline_configuration.defaults" -}}
|
{{- define "gitea.inline_configuration.defaults" -}}
|
||||||
@ -196,13 +266,24 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||||||
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
||||||
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if .Values.memcached.enabled -}}
|
{{- if or .Values.memcached.enabled (index .Values "redis-cluster").enabled .Values.redis.enabled -}}
|
||||||
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
|
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
|
||||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
|
{{- $_ := set .Values.gitea.config.cache "ADAPTER" (ternary "memcache" "redis" .Values.memcached.enabled) -}}
|
||||||
{{- if not (.Values.gitea.config.cache.HOST) -}}
|
{{- if not (.Values.gitea.config.cache.HOST) -}}
|
||||||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
|
{{- $_ := set .Values.gitea.config.cache "HOST" (ternary (include "memcached.dns" .) (include "redis.dns" .) .Values.memcached.enabled) -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{- /* redis queue */ -}}
|
||||||
|
{{- if or (index .Values "redis-cluster").enabled .Values.redis.enabled -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
|
||||||
|
{{- $_ := set (index .Values.gitea.config "queue.issue_indexer") "TYPE" "redis" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- /* multiple replicas */ -}}
|
||||||
|
{{- if gt .Values.replicaCount 1.0 -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
|
||||||
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "gitea.inline_configuration.defaults.server" -}}
|
{{- define "gitea.inline_configuration.defaults.server" -}}
|
||||||
@ -265,6 +346,14 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||||||
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}}
|
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}}
|
||||||
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
|
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
|
||||||
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
|
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
|
||||||
|
{{- else if (index .Values "postgresql-ha").enabled -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||||
|
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha").global.postgresql.database -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha").global.postgresql.username -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha").global.postgresql.password -}}
|
||||||
{{- else if .Values.mysql.enabled -}}
|
{{- else if .Values.mysql.enabled -}}
|
||||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
|
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
|
||||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||||
|
@ -63,41 +63,6 @@ stringData:
|
|||||||
export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
|
export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||||
}
|
}
|
||||||
|
|
||||||
function env2ini::reload_preset_envs() {
|
|
||||||
env2ini::log "Reloading preset envs..."
|
|
||||||
|
|
||||||
while read -r line; do
|
|
||||||
if [[ -z "${line}" ]]; then
|
|
||||||
# skip empty line
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
|
|
||||||
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
|
|
||||||
|
|
||||||
if [[ -z "${setting}" ]]; then
|
|
||||||
env2ini::log ' ! invalid setting'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
local value=''
|
|
||||||
local regex="^${setting}(\s*)=(\s*)(.*)"
|
|
||||||
if [[ $line =~ $regex ]]; then
|
|
||||||
value="${BASH_REMATCH[3]}"
|
|
||||||
else
|
|
||||||
env2ini::log ' ! invalid setting'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
env2ini::log " + '${setting}'"
|
|
||||||
|
|
||||||
export "${setting^^}=${value}" # '^^' makes the variable content uppercase
|
|
||||||
done < "/tmp/existing-envs"
|
|
||||||
|
|
||||||
rm /tmp/existing-envs
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
function env2ini::process_config_file() {
|
function env2ini::process_config_file() {
|
||||||
local config_file="${1}"
|
local config_file="${1}"
|
||||||
local section="$(basename "${config_file}")"
|
local section="$(basename "${config_file}")"
|
||||||
@ -139,17 +104,12 @@ stringData:
|
|||||||
env2ini::log "...Initial secrets generated\n"
|
env2ini::log "...Initial secrets generated\n"
|
||||||
}
|
}
|
||||||
|
|
||||||
env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs
|
|
||||||
|
|
||||||
# MUST BE CALLED BEFORE OTHER CONFIGURATION
|
# MUST BE CALLED BEFORE OTHER CONFIGURATION
|
||||||
env2ini::generate_initial_secrets
|
env2ini::generate_initial_secrets
|
||||||
|
|
||||||
env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
|
env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
|
||||||
env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
|
env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
|
||||||
|
|
||||||
# load existing envs to override auto generated envs
|
|
||||||
env2ini::reload_preset_envs
|
|
||||||
|
|
||||||
env2ini::log "=== All configuration sources loaded ===\n"
|
env2ini::log "=== All configuration sources loaded ===\n"
|
||||||
|
|
||||||
# safety to prevent rewrite of secret keys if an app.ini already exists
|
# safety to prevent rewrite of secret keys if an app.ini already exists
|
||||||
@ -165,3 +125,4 @@ stringData:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
|
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
|
||||||
|
|
@ -30,9 +30,7 @@ stringData:
|
|||||||
|
|
||||||
# prepare temp directory structure
|
# prepare temp directory structure
|
||||||
mkdir -p "${GITEA_TEMP}"
|
mkdir -p "${GITEA_TEMP}"
|
||||||
{{- if not .Values.image.rootless }}
|
|
||||||
chown 1000:1000 "${GITEA_TEMP}"
|
chown 1000:1000 "${GITEA_TEMP}"
|
||||||
{{- end }}
|
|
||||||
chmod ug+rwx "${GITEA_TEMP}"
|
chmod ug+rwx "${GITEA_TEMP}"
|
||||||
|
|
||||||
configure_gitea.sh: |-
|
configure_gitea.sh: |-
|
||||||
@ -40,15 +38,52 @@ stringData:
|
|||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
|
{{- if include "db.servicename" . }}
|
||||||
|
# Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de
|
||||||
|
function test_db_connection() {
|
||||||
|
local RETRY=0
|
||||||
|
local MAX=30
|
||||||
|
|
||||||
|
echo 'Wait for database to become avialable...'
|
||||||
|
until [ "${RETRY}" -ge "${MAX}" ]; do
|
||||||
|
nc -vz -w2 {{ include "db.servicename" . }} {{ include "db.port" . }} && break
|
||||||
|
RETRY=$[${RETRY}+1]
|
||||||
|
echo "...not ready yet (${RETRY}/${MAX})"
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ "${RETRY}" -ge "${MAX}" ]; then
|
||||||
|
echo "Database not reachable after '${MAX}' attempts!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
test_db_connection
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if include "redis.servicename" . }}
|
||||||
|
function test_redis_connection() {
|
||||||
|
local RETRY=0
|
||||||
|
local MAX=30
|
||||||
|
|
||||||
|
echo 'Wait for redis to become avialable...'
|
||||||
|
until [ "${RETRY}" -ge "${MAX}" ]; do
|
||||||
|
nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break
|
||||||
|
RETRY=$[${RETRY}+1]
|
||||||
|
echo "...not ready yet (${RETRY}/${MAX})"
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ "${RETRY}" -ge "${MAX}" ]; then
|
||||||
|
echo "Redis not reachable after '${MAX}' attempts!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
test_redis_connection
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
echo '==== BEGIN GITEA CONFIGURATION ===='
|
echo '==== BEGIN GITEA CONFIGURATION ===='
|
||||||
|
|
||||||
{ # try
|
gitea migrate
|
||||||
gitea migrate
|
|
||||||
} || { # catch
|
|
||||||
echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
{{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
|
{{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
|
||||||
function configure_admin_user() {
|
function configure_admin_user() {
|
||||||
|
@ -87,9 +87,6 @@ spec:
|
|||||||
{{- if .Values.statefulset.env }}
|
{{- if .Values.statefulset.env }}
|
||||||
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.additionalConfigFromEnvs }}
|
|
||||||
{{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }}
|
|
||||||
{{- end }}
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /usr/sbin
|
mountPath: /usr/sbin
|
||||||
@ -231,9 +228,6 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- name: ssh
|
- name: ssh
|
||||||
containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
|
containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
|
||||||
{{- if .Values.service.ssh.hostPort }}
|
|
||||||
hostPort: {{ .Values.service.ssh.hostPort }}
|
|
||||||
{{- end }}
|
|
||||||
- name: http
|
- name: http
|
||||||
containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
|
containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
|
||||||
{{- if .Values.gitea.config.server.ENABLE_PPROF }}
|
{{- if .Values.gitea.config.server.ENABLE_PPROF }}
|
||||||
|
52
values.yaml
52
values.yaml
@ -8,8 +8,7 @@ clusterDomain: cluster.local
|
|||||||
|
|
||||||
image:
|
image:
|
||||||
repository: gitea/gitea
|
repository: gitea/gitea
|
||||||
# Overrides the image tag whose default is the chart appVersion.
|
tag: 1.15.4
|
||||||
tag: ""
|
|
||||||
pullPolicy: Always
|
pullPolicy: Always
|
||||||
rootless: false # only possible when running 1.14 or later
|
rootless: false # only possible when running 1.14 or later
|
||||||
|
|
||||||
@ -61,7 +60,6 @@ service:
|
|||||||
#nodePort:
|
#nodePort:
|
||||||
#externalTrafficPolicy:
|
#externalTrafficPolicy:
|
||||||
#externalIPs:
|
#externalIPs:
|
||||||
#hostPort:
|
|
||||||
loadBalancerSourceRanges: []
|
loadBalancerSourceRanges: []
|
||||||
annotations:
|
annotations:
|
||||||
|
|
||||||
@ -125,6 +123,7 @@ persistence:
|
|||||||
# storageClass:
|
# storageClass:
|
||||||
# subPath:
|
# subPath:
|
||||||
|
|
||||||
|
|
||||||
# additional volumes to add to the Gitea statefulset.
|
# additional volumes to add to the Gitea statefulset.
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
# - name: postgres-ssl-vol
|
# - name: postgres-ssl-vol
|
||||||
@ -213,8 +212,6 @@ gitea:
|
|||||||
# - configMap:
|
# - configMap:
|
||||||
# name: gitea-app-ini-plaintext
|
# name: gitea-app-ini-plaintext
|
||||||
|
|
||||||
additionalConfigFromEnvs: []
|
|
||||||
|
|
||||||
podAnnotations: {}
|
podAnnotations: {}
|
||||||
|
|
||||||
# Modify the liveness probe for your needs or completely disable it by commenting out.
|
# Modify the liveness probe for your needs or completely disable it by commenting out.
|
||||||
@ -252,6 +249,31 @@ memcached:
|
|||||||
service:
|
service:
|
||||||
port: 11211
|
port: 11211
|
||||||
|
|
||||||
|
redis:
|
||||||
|
enabled: false
|
||||||
|
global:
|
||||||
|
redis:
|
||||||
|
password: gitea
|
||||||
|
auth:
|
||||||
|
password: gitea
|
||||||
|
master:
|
||||||
|
service:
|
||||||
|
port: 6379
|
||||||
|
replica:
|
||||||
|
replicaCount: 2
|
||||||
|
|
||||||
|
redis-cluster:
|
||||||
|
enabled: false
|
||||||
|
password: gitea
|
||||||
|
global:
|
||||||
|
redis:
|
||||||
|
password: gitea
|
||||||
|
cluster:
|
||||||
|
nodes: 6
|
||||||
|
replicas: 1
|
||||||
|
service:
|
||||||
|
port: 6379
|
||||||
|
|
||||||
postgresql:
|
postgresql:
|
||||||
enabled: true
|
enabled: true
|
||||||
global:
|
global:
|
||||||
@ -263,6 +285,26 @@ postgresql:
|
|||||||
persistence:
|
persistence:
|
||||||
size: 10Gi
|
size: 10Gi
|
||||||
|
|
||||||
|
postgresql-ha:
|
||||||
|
enabled: false
|
||||||
|
postgresql:
|
||||||
|
password: gitea
|
||||||
|
repmgrPassword: gitea
|
||||||
|
pgpool:
|
||||||
|
adminPassword: gitea
|
||||||
|
global:
|
||||||
|
postgresql:
|
||||||
|
database: gitea
|
||||||
|
username: gitea
|
||||||
|
password: gitea
|
||||||
|
repmgrPassword: postgresql
|
||||||
|
repmgrUsername: postgresql
|
||||||
|
repmgrDatabase: repr
|
||||||
|
service:
|
||||||
|
port: 5432
|
||||||
|
persistence:
|
||||||
|
size: 10Gi
|
||||||
|
|
||||||
mysql:
|
mysql:
|
||||||
enabled: false
|
enabled: false
|
||||||
root:
|
root:
|
||||||
|
Reference in New Issue
Block a user