lunny/helm-chart
1
0
Fork 0
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

Integrate NOVUM-RGI chart into the official helm chart. (#7)

Browse Source 
Fix ssh port settings

Remove blank line from LICENSE file

add check for admin user

set PROTOCOL default to http

Add Konrad Lother as Maintainer

Update readme with generic values

make app.ini generic

- app.ini is now configurable via dictionary in values.yaml
- database and server configuration is autogenerated if not defined
- http and ssh services now use gitea config settings for targetPort
- add default security value INSTALL_LOCK = true
- clean up builtin cache settings

bump gitea version

Add values and Remove vscode TOC comments

- values enablePushCreateOrg and enablePushCreateUser have been added to repository settings

fix naming order of license and maintainers

Multiple improvements for the chart:

- add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error
- add guard for loadbalancer settings in ssh service
- use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6)
- init container now also provisions mysql and external database correctly

Fix PVC mounting issues for longhorn storageClass

Add examples to readme

Fix port setting for ssh

Fix and operator for newer helm versions

update values to support most configuration gitea offers

Replace Readme

update license file

Update helpers with dependencies, update NOTES.txt

update Chart.yaml with dependencies

Requirements.yaml removed, since this is deprecated and moved to Chart.yaml

Remove now unused dependencies and deployments

- init is no longer used since databases are initialized
  on original charts and managed with dependency
- ingress.yaml moved to templates/gitea
- deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml
- memcached also handled with helm dependency and initialized in original chart

Add initial test for gitea helm chart

Rework templates for helm chart.

- app.ini configurable via config
- admin user and ldap settings configurable via config
- using statefulset to handle pvc
- update helpers for new dependencies

remove helm build artifacts since they are not needed in this repository

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
luhahn 2020-08-23 17:56:55 +00:00 committed by techknowlogick
parent b2725ae7cf
commit 5e0cfed9be
26 changed files with 805 additions and 1433 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
charts
Chart.lock

24
.helmignore Normal file
View File

@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
#charts/
#Chart.lock

6
Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: mariadb
repository: https://charts.bitnami.com
version: 7.3.0
digest: sha256:eac0df60131cc9aa4784d84693592d56c9f12ddf8272881b66c2cdcf34e305d7
generated: "2019-12-09T16:07:28.17872647-05:00"

28
Chart.yaml
View File

@ -1,9 +1,11 @@
name: gitea
version: 1.3.3
apiVersion: v2
appVersion: 1.12.2
description: Git with a cup of tea
name: gitea
description: Gitea Helm chart for Kubernetes
type: application
version: 1.4.1
appVersion: 1.12.3
icon: https://docs.gitea.io/images/gitea.png
keywords:
- git
- issue tracker
@ -19,3 +21,21 @@ maintainers:
email: charlie@charliedrage.com
- name: Gitea Authors
email: maintainers@gitea.io
- name: Konrad Lother
email: konrad.lother@novum-rgi.de
- name: Lucas Hahn
email: lucas.hahn@novum-rgi.de
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 4.2.20
condition: gitea.cache.enabled
- name: mysql
repository: https://charts.bitnami.com/bitnami
version: 6.14.8
condition: gitea.database.builtIn.mysql.enabled
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 8.6.4
condition: gitea.database.builtIn.postgresql.enabled

1
LICENSE
View File

@ -1,6 +1,7 @@
MIT License
Copyright (c) 2020 The Gitea Authors
Copyright (c) 2020 NOVUM-RGI
Copyright (c) 2019 - 2020 Charlie Drage
Copyright (c) 2018 John Felten

344
README.md
View File

File diff suppressed because it is too large Load Diff

BIN
charts/mariadb-7.3.0.tgz
View File

Binary file not shown.

7
requirements.yaml
View File

@ -1,7 +0,0 @@
dependencies:
- name: mariadb
version: 7.3.0
repository: https://charts.bitnami.com
condition: mariadb.enabled
tags:
- mariadb

56
templates/NOTES.txt
View File

@ -1,45 +1,19 @@
1. Connect to your Gitea web URL by running:
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
Ingress is enabled for this chart deployment. Please access the web UI at {{ .Values.ingress.hostname }}
{{- else if contains "NodePort" .Values.service.http.serviceType }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP/
{{- else if contains "LoadBalancer" .Values.service.http.serviceType }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc -w {{ template "fullname" . }}http'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }}http -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.service.http.serviceType }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080/
kubectl port-forward $POD_NAME 8080:80
{{- range $host := .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
{{- end }}
2. Connect to your Gitea ssh port:
{{- if contains "NodePort" .Values.service.ssh.serviceType }}
{{- else if contains "NodePort" .Values.service.http.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gitea.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP/
{{- else if contains "LoadBalancer" .Values.service.ssh.serviceType }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc -w {{ template "fullname" . }}-ssh'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }}-ssh -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.service.ssh.serviceType }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080/
kubectl port-forward $POD_NAME 8022:22
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.http.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gitea.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gitea.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.http.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gitea.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
{{- end }}

90
templates/_helpers.tpl
View File

@ -2,30 +2,88 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- define "gitea.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "fullname" -}}
{{- define "gitea.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 24 -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "mariadb.fullname" -}}
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gitea.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "gitea.labels" -}}
helm.sh/chart: {{ include "gitea.chart" . }}
{{ include "gitea.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "gitea.selectorLabels" -}}
app.kubernetes.io/name: {{ include "gitea.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "postgresql.dns" -}}
{{- printf "%s-postgresql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.postgresql.global.postgresql.servicePort -}}
{{- end -}}
{{- define "db.servicename" -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{- printf "%s-postgresql" .Release.Name -}}
{{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{- printf "%s-mysql" .Release.Name -}}
{{- else -}}
{{ .Values.gitea.database.external.host }}
{{- end -}}
{{- end -}}
{{- define "db.port" -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{ .Values.postgresql.global.postgresql.servicePort }}
{{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{ .Values.mysql.service.port }}
{{- else -}}
{{ .Values.gitea.database.external.port }}
{{- end -}}
{{- end -}}
{{- define "mysql.dns" -}}
{{- printf "%s-mysql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "memcached.dns" -}}
{{- printf "%s-memcached.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "gitea.default_domain" -}}
{{- printf "%s-gitea.%s.svc.cluster.local" (include "gitea.fullname" .) .Release.Namespace | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "gitea.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}

52
templates/deployment.yaml
View File

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "fullname" . }}
{{- with .Values.deploymentStrategy }}
strategy:
{{ toYaml . | trim | indent 4 }}
{{- end }}
template:
metadata:
labels:
app: {{ template "fullname" . }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
containers:
{{ include "gitea" . | indent 6 }}
{{ include "memcached" . | indent 6 }}
initContainers:
{{ include "init" . | indent 6 }}
volumes:
- name: gitea-data
{{- if .Values.persistence.enabled }}
{{- if .Values.persistence.directGiteaVolumeMount }}
{{ tpl .Values.persistence.directGiteaVolumeMount . | indent 8 }}
{{- else }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingGiteaClaim | default (include "fullname" .) }}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
- name: gitea-config
configMap:
name: {{ template "fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}

46
templates/gitea/_container.tpl
View File

@ -1,46 +0,0 @@
{{/*
Create helm partial for gitea server
*/}}
{{- define "gitea" }}
- name: gitea
image: {{ .Values.images.gitea }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
env:
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.mariadb.enabled }}
name: {{ template "mariadb.fullname" . }}
key: mariadb-password
{{- else }}
name: {{ printf "%s-%s" .Release.Name "externaldb" }}
key: db-password
{{- end }}
ports:
- name: ssh
containerPort: 22
- name: http
containerPort: 3000
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 200
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources:
{{ toYaml .Values.resources.gitea | indent 10 }}
volumeMounts:
- name: gitea-data
mountPath: /data
- name: gitea-config
mountPath: /etc/gitea
{{- end }}

100
templates/gitea/config.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "gitea.fullname" . }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
data:
app.ini: |-
{{- if not (hasKey .Values.gitea.config "cache") -}}
{{- $_ := set .Values.gitea.config "cache" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "server") -}}
{{- $_ := set .Values.gitea.config "server" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "database") -}}
{{- $_ := set .Values.gitea.config "database" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "security") -}}
{{- $_ := set .Values.gitea.config "security" dict -}}
{{- end -}}
{{- /* security default settings */ -}}
{{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
{{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
{{- end -}}
{{- /* server default settings */ -}}
{{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
{{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
{{- end -}}
{{- if not .Values.gitea.config.server.PROTOCOL -}}
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
{{- end -}}
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
{{- if gt (len .Values.ingress.hosts) 0 -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0) -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.server.ROOT_URL -}}
{{- if .Values.ingress.enabled -}}
{{- if gt (len .Values.ingress.tls) 0 -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0)) -}}
{{- end -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_PORT -}}
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
{{- end -}}
{{- /* database default settings */ -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
{{ else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}}
{{- end -}}
{{- /* cache default settings */ -}}
{{- if .Values.gitea.cache.builtIn.enabled -}}
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
{{- end -}}
{{- /* autogenerate app.ini */ -}}
{{- range $key, $value := .Values.gitea.config }}
{{- if kindIs "map" $value }}
{{- if gt (len $value) 0 }}
[{{ $key }}]
{{- range $n_key, $n_value := $value }}
{{ $n_key | upper }} = {{ $n_value }}
{{- end }}
{{- end }}
{{- else }}
{{ $key | upper }} = {{ $value }}
{{- end }}
{{- end }}

725
templates/gitea/gitea-config.yaml
View File

File diff suppressed because it is too large Load Diff

20
templates/gitea/gitea-http-svc.yaml
View File

@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}-http
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
type: {{ .Values.service.http.serviceType }}
ports:
- name: http
port: {{ .Values.service.http.port }}
{{- if .Values.service.http.nodePort }}
nodePort: {{ .Values.service.http.nodePort }}
{{- end }}
targetPort: {{ .Values.service.http.port }}
selector:
app: {{ template "fullname" . }}

29
templates/gitea/gitea-pvc.yaml
View File

@ -1,29 +0,0 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingGiteaClaim) (not .Values.persistence.directGiteaVolumeMount) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "fullname" . }}
chart: gitea
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.giteaSize | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

24
templates/gitea/gitea-ssh-svc.yaml
View File

@ -1,24 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}-ssh
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
type: {{ .Values.service.ssh.serviceType }}
{{- with .Values.service.ssh.externalIPs }}
externalIPs:
{{ toYaml . | indent 2 | trim }}
{{- end }}
ports:
- name: ssh
port: {{ .Values.service.ssh.port }}
targetPort: ssh
{{- if .Values.service.ssh.nodePort }}
nodePort: {{ .Values.service.ssh.nodePort }}
{{- end }}
selector:
app: {{ template "fullname" . }}

18
templates/gitea/http-svc.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "gitea.fullname" . }}-http
labels:
{{- include "gitea.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.http.type }}
clusterIP: None
ports:
- name: http
port: {{ .Values.service.http.port }}
{{- if .Values.service.http.nodePort }}
nodePort: {{ .Values.service.http.nodePort }}
{{- end }}
targetPort: {{ .Values.gitea.config.server.HTTP_PORT }}
selector:
{{- include "gitea.selectorLabels" . | nindent 4 }}

39
templates/gitea/ingress.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "gitea.fullname" . -}}
{{- $httpPort := .Values.service.http.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ $fullName }}-http
servicePort: {{ $httpPort }}
{{- end }}
{{- end }}

26
templates/gitea/ssh-svc.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "gitea.fullname" . }}-ssh
labels:
{{- include "gitea.labels" . | nindent 4 }}
annotations:
{{ toYaml .Values.service.ssh.annotations | indent 4 }}
spec:
type: {{ .Values.service.ssh.type }}
{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
{{- end }}
{{- if ne .Values.service.ssh.type "LoadBalancer" }}
clusterIP: None
{{- end }}
ports:
- name: ssh
port: {{ .Values.service.ssh.port }}
targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
protocol: TCP
{{- if .Values.service.ssh.nodePort }}
nodePort: {{ .Values.service.ssh.nodePort }}
{{- end }}
selector:
{{- include "gitea.selectorLabels" . | nindent 4 }}

151
templates/gitea/statefulset.yaml Normal file
View File

@ -0,0 +1,151 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "gitea.fullname" . }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "gitea.selectorLabels" . | nindent 6 }}
serviceName: {{ include "gitea.fullname" . }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
labels:
{{- include "gitea.selectorLabels" . | nindent 8 }}
spec:
securityContext:
fsGroup: 1000
initContainers:
- name: init
image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
env:
- name: SCRIPT
value: &script |-
mkdir -p /data/gitea/conf
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
chmod a+rwx /data/gitea/conf/app.ini
nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
su git -c ' \
set -x; \
gitea migrate; \
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
gitea admin create-user --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \
|| \
gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
{{- end }}
{{- if .Values.gitea.ldap.enabled }}
gitea admin auth add-ldap \
--name {{ .Values.gitea.ldap.name | quote }} \
--security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
--host {{ .Values.gitea.ldap.host | quote }} \
--port {{ .Values.gitea.ldap.port | int}} \
--user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
--user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
--admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
--email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
--bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
--bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
--synchronize-users \
--username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
|| \
( \
export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \
gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
--name {{ .Values.gitea.ldap.name | quote }} \
--security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
--host {{ .Values.gitea.ldap.host | quote }} \
--port {{ .Values.gitea.ldap.port | int}} \
--user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
--user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
--admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
--email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
--bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
--bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
--synchronize-users \
--username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
) \
{{- end }}
'
command: ["/bin/sh",'-c', *script]
volumeMounts:
- name: config
mountPath: /etc/gitea/conf
- name: data
mountPath: /data
terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
# SSH Port values have to be set here as well for openssh configuration
- name: SSH_LISTEN_PORT
value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
- name: SSH_PORT
value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
ports:
- name: ssh
containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
- name: http
containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 200
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: data
mountPath: /data
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ include "gitea.fullname" . }}
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim }}
{{- else if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
storageClassName: {{ .Values.persistence.storageClass | default "standard" | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}

42
templates/ingress.yaml
View File

@ -1,42 +0,0 @@
{{- if .Values.ingress.enabled }}
apiVersion: {{ template "gitea.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "fullname" . }}
labels:
app: "{{ template "fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
- path: /
backend:
serviceName: {{ template "fullname" . }}-http
servicePort: {{ .Values.service.http.port }}
{{- end }}
{{- range .Values.ingress.hosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: "{{ template "fullname" $ }}-http"
servicePort: {{ $.Values.service.http.port }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end }}
{{- end }}

31
templates/init/_container.tpl
View File

@ -1,31 +0,0 @@
{{/*
Create helm partial for gitea server
*/}}
{{- define "init" }}
- name: init
image: {{ .Values.images.gitea }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
env:
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.mariadb.enabled }}
name: {{ template "mariadb.fullname" . }}
key: mariadb-password
{{- else }}
name: {{ printf "%s-%s" .Release.Name "externaldb" }}
key: db-password
{{- end }}
- name: SCRIPT
value: &script |-
mkdir -p /datatmp/gitea/conf
if [ ! -f /datatmp/gitea/conf/app.ini ]; then
sed "s/MARIADB_PASSWORD/${MARIADB_PASSWORD}/g" < /etc/gitea/app.ini > /datatmp/gitea/conf/app.ini
fi
command: ["/bin/sh",'-c', *script]
volumeMounts:
- name: gitea-data
mountPath: /datatmp
- name: gitea-config
mountPath: /etc/gitea
{{- end }}

35
templates/memcached/_container.tpl
View File

@ -1,35 +0,0 @@
{{/*
Create helm partial for memcached
*/}}
{{- define "memcached" }}
- name: memcached
image: {{ .Values.images.memcached }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
command:
- memcached
- -m {{ .Values.memcached.maxItemMemory }}
{{- if .Values.memcached.extendedOptions }}
- -o
- {{ .Values.memcached.extendedOptions }}
{{- end }}
{{- if .Values.memcached.verbosity }}
- -{{ .Values.memcached.verbosity }}
{{- end }}
ports:
- name: memcache
containerPort: 11211
livenessProbe:
tcpSocket:
port: memcache
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
tcpSocket:
port: memcache
initialDelaySeconds: 5
timeoutSeconds: 1
securityContext:
runAsUser: 1000
resources:
{{ toYaml .Values.resources.memcached | indent 10 }}
{{- end }}

15
templates/tests/test-connection.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "gitea.fullname" . }}-test-connection"
labels:
{{ include "gitea.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "gitea.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

327
values.yaml
View File

File diff suppressed because it is too large Load Diff