1.20.3

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/482
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-committed-by: Lunny Xiao <xiaolunwen@gmail.com>

.gitea/workflows/release-version.yml

@@ -39,7 +39,7 @@ jobs:
           mkdir gitea
           mv gitea*.tgz gitea/
           curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
-          helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
+          helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
 
       - name: aws credential configure
         uses: https://github.com/aws-actions/configure-aws-credentials@v2

Chart.yaml

@@ -3,8 +3,8 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 1.20.0
-icon: https://docs.gitea.io/images/gitea.png
+appVersion: 1.20.3
+icon: https://gitea.com/assets/img/logo.svg
 
 keywords:
   - git

README.md

@@ -7,7 +7,12 @@
 - [High Availability](#high-availability)
 - [Configuration](#configuration)
   - [Default Configuration](#default-configuration)
+    - [Database defaults](#database-defaults)
+    - [Server defaults](#server-defaults)
+    - [Metrics defaults](#metrics-defaults)
+  - [Minimal Configuration](#minimal-configuration)
   - [Additional _app.ini_ settings](#additional-appini-settings)
+    - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
   - [External Database](#external-database)
   - [Ports and external url](#ports-and-external-url)
   - [ClusterIP](#clusterip)
@@ -45,7 +50,7 @@
 - [Contributing](#contributing)
 - [Upgrading](#upgrading)
 
-[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go.
+[Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go.
 It is published under the MIT license.
 
 ## Introduction
@@ -83,7 +88,7 @@ Dependencies:
 ## Installing
 
 ```sh
-helm repo add gitea-charts https://dl.gitea.io/charts/
+helm repo add gitea-charts https://dl.gitea.com/charts/
 helm repo update
 helm install gitea gitea-charts/gitea
 ```
@@ -103,7 +108,7 @@ See the [HA Setup](docs/ha-setup.md) document for more details.
 ## Configuration
 
 Gitea offers lots of configuration options.
-This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/).
+This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet).
 
 ```yaml
 gitea:
@@ -166,9 +171,39 @@ The Prometheus `/metrics` endpoint is disabled by default.
 ENABLED = false
 ```
 
+### Minimal Configuration
+
+For a minimal installation, i.e. without HA dependencies and using the built-in SQLITE DB instead of Postgres, the following configuration can be used:
+
+```yaml
+redis-cluster:
+  enabled: false
+postgresql:
+  enabled: false
+postgresql-ha:
+  enabled: false
+
+persistence:
+  enabled: false
+
+gitea:
+  config:
+    database:
+      DB_TYPE: sqlite3
+    session:
+      PROVIDER: memory
+    cache:
+      ADAPTER: memory
+    queue:
+      TYPE: level
+```
+
+This will result in a single-pod Gitea instance without any dependencies and persistence.
+Do not use this configuration for production use.
+
 ### Additional _app.ini_ settings
 
-> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)
+> **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
 > section cannot be defined that way.**
 
 Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file.
@@ -255,7 +290,7 @@ Priority (highest to lowest) for defining app.ini variables:
 
 ### External Database
 
-Any external database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL.
+Any external database listed in [https://docs.gitea.com/installation/database-prep](https://docs.gitea.com/installation/database-prep) can be used instead of the built-in PostgreSQL.
 In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm.
 
 If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL.
@@ -425,7 +460,7 @@ gitea:
 ### LDAP Settings
 
 Like the admin user the LDAP settings can be updated.
-All LDAP values from <https://docs.gitea.io/en-us/command-line/#admin> are available.
+All LDAP values from <https://docs.gitea.com/administration/command-line#admin> are available.
 
 Multiple LDAP sources can be configured with additional LDAP list items.
 
@@ -480,7 +515,7 @@ Affected options:
 
 Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
 Deleting OAuth2 settings has to be done in the ui.
-All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are
+All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are
 available.
 
 Multiple OAuth2 sources can be configured with additional OAuth list items.
@@ -558,7 +593,7 @@ signing:
 ```
 
 To use the gpg key, Gitea needs to be configured accordingly.
-A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration).
+A detailed description can be found in the [official Gitea documentation](https://docs.gitea.com/administration/signing#general-configuration).
 
 ## Metrics and profiling
 
@@ -592,6 +627,8 @@ gitea:
 
 Custom themes can be added via k8s secrets and referencing them in `values.yaml`.
 
+The [http provider](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) is useful here.
+
 ```yaml
 extraVolumes:
   - name: gitea-themes
@@ -614,13 +651,37 @@ resource "kubernetes_secret" "gitea-themes" {
   }
 
   data = {
-    "theme-custom.css"      = "${file("FULL-PATH-TO-CSS")}"
-    "theme-custom-dark.css" = "${file("FULL-PATH-TO-CSS")}"
+    "my-theme.css"      = data.http.gitea-theme-light.body
+    "my-theme-dark.css" = data.http.gitea-theme-dark.body
+    "my-theme-auto.css" = data.http.gitea-theme-auto.body
   }
 
   type = "Opaque"
+}
 
-  depends_on = [kubernetes_namespace.gitea]
+
+data "http" "gitea-theme-light" {
+  url = "<raw theme url>"
+
+  request_headers = {
+    Accept = "application/json"
+  }
+}
+
+data "http" "gitea-theme-dark" {
+  url = "<raw theme url>"
+
+  request_headers = {
+    Accept = "application/json"
+  }
+}
+
+data "http" "gitea-theme-auto" {
+  url = "<raw theme url>"
+
+  request_headers = {
+    Accept = "application/json"
+  }
 }
 ```
 
@@ -742,22 +803,23 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na
 
 ### Persistence
 
-| Name                         | Description                                                                                           | Value                  |
-| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- |
-| `persistence.enabled`        | Enable persistent storage                                                                             | `true`                 |
-| `persistence.create`         | Whether to create the persistentVolumeClaim for shared storage                                        | `true`                 |
-| `persistence.mount`          | Whether the persistentVolumeClaim should be mounted (even if not created)                             | `true`                 |
-| `persistence.claimName`      | Use an existing claim to store repository information                                                 | `gitea-shared-storage` |
-| `persistence.size`           | Size for persistence to store repo information                                                        | `10Gi`                 |
-| `persistence.accessModes`    | AccessMode for persistence                                                                            | `["ReadWriteOnce"]`    |
-| `persistence.labels`         | Labels for the persistence volume claim to be created                                                 | `{}`                   |
-| `persistence.annotations`    | Annotations for the persistence volume claim to be created                                            | `{}`                   |
-| `persistence.storageClass`   | Name of the storage class to use                                                                      | `nil`                  |
-| `persistence.subPath`        | Subdirectory of the volume to mount at                                                                | `nil`                  |
-| `extraVolumes`               | Additional volumes to mount to the Gitea deployment                                                   | `[]`                   |
-| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]`                   |
-| `extraInitVolumeMounts`      | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.    | `[]`                   |
-| `extraVolumeMounts`          | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container              | `[]`                   |
+| Name                                              | Description                                                                                           | Value                  |
+| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- |
+| `persistence.enabled`                             | Enable persistent storage                                                                             | `true`                 |
+| `persistence.create`                              | Whether to create the persistentVolumeClaim for shared storage                                        | `true`                 |
+| `persistence.mount`                               | Whether the persistentVolumeClaim should be mounted (even if not created)                             | `true`                 |
+| `persistence.claimName`                           | Use an existing claim to store repository information                                                 | `gitea-shared-storage` |
+| `persistence.size`                                | Size for persistence to store repo information                                                        | `10Gi`                 |
+| `persistence.accessModes`                         | AccessMode for persistence                                                                            | `["ReadWriteOnce"]`    |
+| `persistence.labels`                              | Labels for the persistence volume claim to be created                                                 | `{}`                   |
+| `persistence.annotations.helm.sh/resource-policy` | Resource policy for the persistence volume claim                                                      | `keep`                 |
+| `persistence.storageClass`                        | Name of the storage class to use                                                                      | `nil`                  |
+| `persistence.subPath`                             | Subdirectory of the volume to mount at                                                                | `nil`                  |
+| `persistence.volumeName`                          | Name of persistent volume in PVC                                                                      | `""`                   |
+| `extraVolumes`                                    | Additional volumes to mount to the Gitea deployment                                                   | `[]`                   |
+| `extraContainerVolumeMounts`                      | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]`                   |
+| `extraInitVolumeMounts`                           | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.    | `[]`                   |
+| `extraVolumeMounts`                               | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container              | `[]`                   |
 
 ### Init
 
@@ -834,23 +896,25 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na
 
 ### redis-cluster
 
-| Name                                  | Description                                          | Value   |
-| ------------------------------------- | ---------------------------------------------------- | ------- |
-| `redis-cluster.enabled`               | Enable redis                                         | `true`  |
-| `redis-cluster.global.redis.password` | Password for the "Gitea" user (overrides `password`) | `gitea` |
+| Name                        | Description                            | Value   |
+| --------------------------- | -------------------------------------- | ------- |
+| `redis-cluster.enabled`     | Enable redis                           | `true`  |
+| `redis-cluster.usePassword` | Whether to use password authentication | `false` |
 
 ### PostgreSQL-ha
 
-| Name                                               | Description                                                      | Value      |
-| -------------------------------------------------- | ---------------------------------------------------------------- | ---------- |
-| `postgresql-ha.enabled`                            | Enable PostgreSQL-ha                                             | `true`     |
-| `postgresql-ha.global.postgresql.password`         | Password for the `gitea` user (overrides `auth.password`)        | `gitea`    |
-| `postgresql-ha.global.postgresql.database`         | Name for a custom database to create (overrides `auth.database`) | `gitea`    |
-| `postgresql-ha.global.postgresql.username`         | Name for a custom user to create (overrides `auth.username`)     | `gitea`    |
-| `postgresql-ha.global.postgresql.postgresPassword` | Postgres Password                                                | `changeme` |
-| `postgresql-ha.global.postgresql.repmgrPassword`   | Repmgr Password                                                  | `changeme` |
-| `postgresql-ha.service.ports.postgresql`           | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`     |
-| `postgresql-ha.primary.persistence.size`           | PVC Storage Request for PostgreSQL-ha volume                     | `10Gi`     |
+| Name                                        | Description                                                      | Value       |
+| ------------------------------------------- | ---------------------------------------------------------------- | ----------- |
+| `postgresql-ha.enabled`                     | Enable PostgreSQL-ha                                             | `true`      |
+| `postgresql-ha.postgresql.password`         | Password for the `gitea` user (overrides `auth.password`)        | `changeme4` |
+| `postgresql-ha.global.postgresql.database`  | Name for a custom database to create (overrides `auth.database`) | `gitea`     |
+| `postgresql-ha.global.postgresql.username`  | Name for a custom user to create (overrides `auth.username`)     | `gitea`     |
+| `postgresql-ha.global.postgresql.password`  | Name for a custom password to create (overrides `auth.password`) | `gitea`     |
+| `postgresql-ha.postgresql.repmgrPassword`   | Repmgr Password                                                  | `changeme2` |
+| `postgresql-ha.postgresql.postgresPassword` | postgres Password                                                | `changeme1` |
+| `postgresql-ha.pgpool.adminPassword`        | pgpool adminPassword                                             | `changeme3` |
+| `postgresql-ha.service.ports.postgresql`    | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`      |
+| `postgresql-ha.primary.persistence.size`    | PVC Storage Request for PostgreSQL-ha volume                     | `10Gi`      |
 
 ### PostgreSQL
 
@@ -932,12 +996,12 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea
 
 ```yaml
     session:
-      PROVIDER: redis
+      PROVIDER: redis-cluster
       PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
       
     cache:
       ENABLED: true
-      ADAPTER: redis
+      ADAPTER: redis-cluster
       HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
       
     queue:
@@ -945,6 +1009,11 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea
       CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 ```
 
+<!-- markdownlint-disable-next-line -->
+**Switch to rootless image by default**
+If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition:
+Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s).
+
 <!-- markdownlint-disable-next-line -->
 **Transitioning from a RWO to RWX Persistent Volume**
 

templates/_helpers.tpl

@@ -112,9 +112,17 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
-{{- define "postgresql.dns" -}}
+{{- define "postgresql-ha.dns" -}}
+{{- if (index .Values "postgresql-ha").enabled -}}
 {{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
 {{- end -}}
+{{- end -}}
+
+{{- define "postgresql.dns" -}}
+{{- if (index .Values "postgresql").enabled -}}
+{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
+{{- end -}}
+{{- end -}}
 
 {{- define "redis.dns" -}}
 {{- if (index .Values "redis-cluster").enabled -}}
@@ -344,12 +352,21 @@ https
   {{- if (index .Values "postgresql-ha" "enabled") -}}
     {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
     {{- if not (.Values.gitea.config.database.HOST) -}}
-      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
+      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql-ha.dns" .) -}}
     {{- end -}}
     {{- $_ := set .Values.gitea.config.database "NAME"      (index .Values "postgresql-ha" "global" "postgresql" "database") -}}
     {{- $_ := set .Values.gitea.config.database "USER"      (index .Values "postgresql-ha" "global" "postgresql" "username") -}}
     {{- $_ := set .Values.gitea.config.database "PASSWD"    (index .Values "postgresql-ha" "global" "postgresql" "password") -}}
   {{- end -}}
+  {{- if (index .Values "postgresql" "enabled") -}}
+    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
+    {{- if not (.Values.gitea.config.database.HOST) -}}
+      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
+    {{- end -}}
+    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.auth.database -}}
+    {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.auth.username -}}
+    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.auth.password -}}
+  {{- end -}}
 {{- end -}}
 
 {{- define "gitea.init-additional-mounts" -}}

templates/gitea/config.yaml

@@ -17,6 +17,12 @@ metadata:
 type: Opaque
 stringData:
   assertions: |
+
+{{- /*assert that only one PG dep is enabled */ -}}
+{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}}
+  {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}}
+{{- end }}
+
 {{- /* multiple replicas assertions */ -}}
 {{- if gt .Values.replicaCount 1.0 -}}
   {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}}
@@ -24,10 +30,11 @@ stringData:
       {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}}
     {{- end }}
   {{- end }}
+
   {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
     {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
   {{- end }}
-  
+
   {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}}
     {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
   {{- end }}

templates/gitea/pvc.yaml

@@ -17,7 +17,9 @@ spec:
   {{- if .Values.persistence.storageClass }}
   storageClassName: {{ .Values.persistence.storageClass }}
   {{- end }}
-  volumeName: ""
+  {{- with .Values.persistence.volumeName }}
+  volumeName: {{ . }}
+  {{- end }}
   resources:
     requests:
       storage: {{ .Values.persistence.size }}

values.yaml

@@ -249,9 +249,10 @@ serviceAccount:
 ## @param persistence.size Size for persistence to store repo information
 ## @param persistence.accessModes AccessMode for persistence
 ## @param persistence.labels Labels for the persistence volume claim to be created
-## @param persistence.annotations Annotations for the persistence volume claim to be created
+## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim
 ## @param persistence.storageClass Name of the storage class to use
 ## @param persistence.subPath Subdirectory of the volume to mount at
+## @param persistence.volumeName Name of persistent volume in PVC
 persistence:
   enabled: true
   create: true
@@ -261,9 +262,11 @@ persistence:
   accessModes:
     - ReadWriteOnce
   labels: {}
-  annotations: {}
   storageClass:
   subPath:
+  volumeName: ""
+  annotations:
+    helm.sh/resource-policy: keep
 
 ## @param extraVolumes Additional volumes to mount to the Gitea deployment
 extraVolumes: []
@@ -471,34 +474,36 @@ gitea:
 
 ## @section redis-cluster
 ## @param redis-cluster.enabled Enable redis
-## @param redis-cluster.global.redis.password Password for the "gitea" user (overrides `password`)
+## @param redis-cluster.usePassword Whether to use password authentication
 redis-cluster:
   enabled: true
-  global:
-    redis:
-      password: gitea
+  usePassword: false
 
 ## @section postgresql-ha
 #
 ## @param postgresql-ha.enabled Enable postgresql-ha
-## @param postgresql-ha.global.postgresql.password Password for the `gitea` user (overrides `auth.password`)
+## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`)
 ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`)
 ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`)
-## @param postgresql-ha.global.postgresql.postgresPassword Postgres Password
-## @param postgresql-ha.global.postgresql.repmgrPassword Repmgr Password
+## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`)
+## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password
+## @param postgresql-ha.postgresql.postgresPassword postgres Password
+## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
 ## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`)
 ## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume
 postgresql-ha:
-  enabled: true
   global:
     postgresql:
-      password: gitea
       database: gitea
+      password: gitea
       username: gitea
-      # FIXME: https://github.com/bitnami/charts/issues/17052
-      postgresPassword: changeme 
-      # FIXME: https://github.com/bitnami/charts/issues/17052
-      repmgrPassword: changeme 
+  enabled: true
+  postgresql:
+    repmgrPassword: changeme2
+    postgresPassword: changeme1
+    password: changeme4
+  pgpool:
+    adminPassword: changeme3
   service:
     ports:
       postgresql: 5432