Several Improvements to Helm Chart (#87)

Improve ldap settings with helper function Allow clusterIP for http service to be set, default to None Use imagePullSecrets in statefulset now Update default values Update README Bump Chart version Co-authored-by: luhahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87 Reviewed-by: lafriks <lafriks@noreply.gitea.io> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-Authored-By: luhahn <luhahn@noreply.gitea.io> Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
2020-12-16 20:37:47 +08:00 · 2020-12-16 20:37:47 +08:00 · 2826258cfc
commit 2826258cfc
parent 943eda6d5f
8 changed files with 65 additions and 29 deletions
--- a/Chart.yaml
+++ b/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
-version: 2.1.2
+version: 2.1.3
 appVersion: 1.13.0
 icon: https://docs.gitea.io/images/gitea.png

--- a/README.md
+++ b/README.md
@ -132,6 +132,22 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change

 This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing.

+### ClusterIP
+
+By default the clusterIP will be set to None, which is the default for headless services. However if you want to omit the clusterIP field in the service, use the following values:
+
+```yaml
+service:
+  http:
+    type: ClusterIP
+    port: 3000
+    clusterIP:
+  ssh:
+    type: ClusterIP
+    port: 22
+    clusterIP:
+```
+
 ### SSH and Ingress

 If you're using ingress and wan't to use SSH, keep in mind, that ingress is not able to forward SSH Ports.
@ -220,6 +236,10 @@ It is not possible to delete an admin user after it has been created. This has t
 ### LDAP Settings

 Like the admin user the ldap settings can be updated but also disabled or deleted.
+All ldap values from https://docs.gitea.io/en-us/command-line/#admin are available.
+You can either use them in camel case or kebab case.
+
+camelCase:

 ```yaml
  gitea:
@ -238,6 +258,25 @@ Like the admin user the ldap settings can be updated but also disabled or delete
      usernameAttribute: CN
 ```

+kebab-case:
+
+```yaml
+  gitea:
+    ldap:
+      enabled: true
+      name: 'MyAwesomeGiteaLdap'
+      security-protocol: unencrypted
+      host: "127.0.0.1"
+      port: "389"
+      user-search-base: ou=Users,dc=example,dc=com
+      user-filter: sAMAccountName=%s
+      admin-filter: CN=Admin,CN=Group,DC=example,DC=com
+      email-attribute: mail
+      bind-dn: CN=ldap read,OU=Spezial,DC=example,DC=com
+      bind-password: JustAnotherBindPw
+      username-attribute: CN
+```
+
 ### Pod Annotations

 Annotations can be added to the Gitea pod.
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -95,3 +95,14 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

+{{- define "gitea.ldap_settings" -}}
+{{- range $key, $val := .Values.gitea.ldap -}}
+{{- if ne $key "enabled" -}}
+{{- if eq $key "port" -}}
+{{- printf "--%s %s " ($key | kebabcase) $val -}}
+{{- else -}}
+{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
--- a/templates/gitea/http-svc.yaml
+++ b/templates/gitea/http-svc.yaml
@ -11,8 +11,8 @@ spec:
  {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
  loadBalancerIP: {{ .Values.service.http.loadBalancerIP  }}
  {{- end }}
-  {{ if eq .Values.service.http.type "ClusterIP" }}
-  clusterIP: None
+  {{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }}
+  clusterIP: {{ .Values.service.http.clusterIP }}
  {{- end }}
  ports:
  - name: http
--- a/templates/gitea/init.yaml
+++ b/templates/gitea/init.yaml
@ -24,34 +24,12 @@ stringData:
    {{- end }}
    {{- if .Values.gitea.ldap.enabled }}
    gitea admin auth add-ldap \
-    --name {{ .Values.gitea.ldap.name | quote }} \
-    --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
-    --host {{ .Values.gitea.ldap.host | quote }} \
-    --port {{ .Values.gitea.ldap.port | int}} \
-    --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
-    --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
-    --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
-    --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
-    --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
-    --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
-    --synchronize-users \
-    --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
+    {{- include "gitea.ldap_settings" . | nindent 6 }} \
    || \
    ( \
      export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " "  "{print \$1}"); \
      gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
-      --name {{ .Values.gitea.ldap.name | quote }} \
-      --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
-      --host {{ .Values.gitea.ldap.host | quote }} \
-      --port {{ .Values.gitea.ldap.port | int}} \
-      --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
-      --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
-      --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
-      --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
-      --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
-      --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
-      --synchronize-users \
-      --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
+      {{- include "gitea.ldap_settings" . | nindent 6 }} \
    ) \
    {{- end }}
    '
--- a/templates/gitea/ssh-svc.yaml
+++ b/templates/gitea/ssh-svc.yaml
@ -11,8 +11,8 @@ spec:
  {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
  loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
  {{- end }}
-  {{- if eq .Values.service.ssh.type "ClusterIP" }}
-  clusterIP: None
+  {{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }}
+  clusterIP: {{ .Values.service.ssh.clusterIP }}
  {{- end }}
  {{- if .Values.service.ssh.externalIPs }}
  externalIPs:
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@ -20,6 +20,10 @@ spec:
      labels:
        {{- include "gitea.selectorLabels" . | nindent 8 }}
    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      securityContext:
        fsGroup: 1000
      initContainers:
--- a/values.yaml
+++ b/values.yaml
@ -17,10 +17,14 @@ service:
  http:
    type: ClusterIP
    port: 3000
+    clusterIP: None
+    #loadBalancerIP:
+    #nodePort:
    annotations:
  ssh:
    type: ClusterIP
    port: 22
+    clusterIP: None
    #loadBalancerIP:
    #nodePort:
    #externalTrafficPolicy: