Integrate NOVUM-RGI chart into the official helm chart. (#7)

Fix ssh port settings

Remove blank line from LICENSE file

add check for admin user

set PROTOCOL default to http

Add Konrad Lother as Maintainer

Update readme with generic values

make app.ini generic

- app.ini is now configurable via dictionary in values.yaml
- database and server configuration is autogenerated if not defined
- http and ssh services now use gitea config settings for targetPort
- add default security value INSTALL_LOCK = true
- clean up builtin cache settings

bump gitea version

Add values and Remove vscode TOC comments

- values enablePushCreateOrg and enablePushCreateUser have been added to repository settings

fix naming order of license and maintainers

Multiple improvements for the chart:

- add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error
- add guard for loadbalancer settings in ssh service
- use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6)
- init container now also provisions mysql and external database correctly

Fix PVC mounting issues for longhorn storageClass

Add examples to readme

Fix port setting for ssh

Fix and operator for newer helm versions

update values to support most configuration gitea offers

Replace Readme

update license file

Update helpers with dependencies, update NOTES.txt

update Chart.yaml with dependencies

Requirements.yaml removed, since this is deprecated and moved to Chart.yaml

Remove now unused dependencies and deployments

- init is no longer used since databases are initialized
  on original charts and managed with dependency
- ingress.yaml moved to templates/gitea
- deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml
- memcached also handled with helm dependency and initialized in original chart

Add initial test for gitea helm chart

Rework templates for helm chart.

- app.ini configurable via config
- admin user and ldap settings configurable via config
- using statefulset to handle pvc
- update helpers for new dependencies

remove helm build artifacts since they are not needed in this repository

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
luhahn 2020-08-23 17:56:55 +00:00 committed by techknowlogick
parent b2725ae7cf
commit 5e0cfed9be
26 changed files with 805 additions and 1433 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
charts
Chart.lock

24
.helmignore Normal file
View File

@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
#charts/
#Chart.lock

View File

@ -1,6 +0,0 @@
dependencies:
- name: mariadb
repository: https://charts.bitnami.com
version: 7.3.0
digest: sha256:eac0df60131cc9aa4784d84693592d56c9f12ddf8272881b66c2cdcf34e305d7
generated: "2019-12-09T16:07:28.17872647-05:00"

View File

@ -1,9 +1,11 @@
name: gitea
version: 1.3.3
apiVersion: v2 apiVersion: v2
appVersion: 1.12.2 name: gitea
description: Git with a cup of tea description: Gitea Helm chart for Kubernetes
type: application
version: 1.4.1
appVersion: 1.12.3
icon: https://docs.gitea.io/images/gitea.png icon: https://docs.gitea.io/images/gitea.png
keywords: keywords:
- git - git
- issue tracker - issue tracker
@ -19,3 +21,21 @@ maintainers:
email: charlie@charliedrage.com email: charlie@charliedrage.com
- name: Gitea Authors - name: Gitea Authors
email: maintainers@gitea.io email: maintainers@gitea.io
- name: Konrad Lother
email: konrad.lother@novum-rgi.de
- name: Lucas Hahn
email: lucas.hahn@novum-rgi.de
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 4.2.20
condition: gitea.cache.enabled
- name: mysql
repository: https://charts.bitnami.com/bitnami
version: 6.14.8
condition: gitea.database.builtIn.mysql.enabled
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 8.6.4
condition: gitea.database.builtIn.postgresql.enabled

View File

@ -1,6 +1,7 @@
MIT License MIT License
Copyright (c) 2020 The Gitea Authors Copyright (c) 2020 The Gitea Authors
Copyright (c) 2020 NOVUM-RGI
Copyright (c) 2019 - 2020 Charlie Drage Copyright (c) 2019 - 2020 Charlie Drage
Copyright (c) 2018 John Felten Copyright (c) 2018 John Felten

344
README.md

File diff suppressed because it is too large Load Diff

Binary file not shown.

View File

@ -1,7 +0,0 @@
dependencies:
- name: mariadb
version: 7.3.0
repository: https://charts.bitnami.com
condition: mariadb.enabled
tags:
- mariadb

View File

@ -1,45 +1,19 @@
1. Connect to your Gitea web URL by running: 1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }} {{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
Ingress is enabled for this chart deployment. Please access the web UI at {{ .Values.ingress.hostname }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
{{- else if contains "NodePort" .Values.service.http.serviceType }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP/
{{- else if contains "LoadBalancer" .Values.service.http.serviceType }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc -w {{ template "fullname" . }}http'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }}http -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.service.http.serviceType }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080/
kubectl port-forward $POD_NAME 8080:80
{{- end }} {{- end }}
{{- else if contains "NodePort" .Values.service.http.type }}
2. Connect to your Gitea ssh port: export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gitea.fullname" . }})
{{- if contains "NodePort" .Values.service.ssh.serviceType }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP/ echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.http.type }}
{{- else if contains "LoadBalancer" .Values.service.ssh.serviceType }} NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gitea.fullname" . }}'
NOTE: It may take a few minutes for the LoadBalancer IP to be available. export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gitea.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
Watch the status with: 'kubectl get svc -w {{ template "fullname" . }}-ssh' echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.http.type }}
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }}-ssh -o jsonpath='{.status.loadBalancer.ingress[0].ip}') export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gitea.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo http://$SERVICE_IP/ echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
{{- else if contains "ClusterIP" .Values.service.ssh.serviceType }} kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080/
kubectl port-forward $POD_NAME 8022:22
{{- end }} {{- end }}

View File

@ -2,30 +2,88 @@
{{/* {{/*
Expand the name of the chart. Expand the name of the chart.
*/}} */}}
{{- define "name" -}} {{- define "gitea.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/* {{/*
Create a default fully qualified app name. Create a default fully qualified app name.
We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}} */}}
{{- define "fullname" -}} {{- define "gitea.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}} {{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 24 -}} {{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}} {{- end -}}
{{- define "mariadb.fullname" -}}
{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return the appropriate apiVersion for ingress. Create chart name and version as used by the chart label.
*/}} */}}
{{- define "gitea.ingress.apiVersion" -}} {{- define "gitea.chart" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- print "extensions/v1beta1" -}} {{- end -}}
{{/*
Common labels
*/}}
{{- define "gitea.labels" -}}
helm.sh/chart: {{ include "gitea.chart" . }}
{{ include "gitea.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "gitea.selectorLabels" -}}
app.kubernetes.io/name: {{ include "gitea.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "postgresql.dns" -}}
{{- printf "%s-postgresql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.postgresql.global.postgresql.servicePort -}}
{{- end -}}
{{- define "db.servicename" -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{- printf "%s-postgresql" .Release.Name -}}
{{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{- printf "%s-mysql" .Release.Name -}}
{{- else -}} {{- else -}}
{{- print "networking.k8s.io/v1beta1" -}} {{ .Values.gitea.database.external.host }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "db.port" -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{ .Values.postgresql.global.postgresql.servicePort }}
{{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{ .Values.mysql.service.port }}
{{- else -}}
{{ .Values.gitea.database.external.port }}
{{- end -}}
{{- end -}}
{{- define "mysql.dns" -}}
{{- printf "%s-mysql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "memcached.dns" -}}
{{- printf "%s-memcached.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "gitea.default_domain" -}}
{{- printf "%s-gitea.%s.svc.cluster.local" (include "gitea.fullname" .) .Release.Namespace | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View File

@ -1,52 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "fullname" . }}
{{- with .Values.deploymentStrategy }}
strategy:
{{ toYaml . | trim | indent 4 }}
{{- end }}
template:
metadata:
labels:
app: {{ template "fullname" . }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
containers:
{{ include "gitea" . | indent 6 }}
{{ include "memcached" . | indent 6 }}
initContainers:
{{ include "init" . | indent 6 }}
volumes:
- name: gitea-data
{{- if .Values.persistence.enabled }}
{{- if .Values.persistence.directGiteaVolumeMount }}
{{ tpl .Values.persistence.directGiteaVolumeMount . | indent 8 }}
{{- else }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingGiteaClaim | default (include "fullname" .) }}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
- name: gitea-config
configMap:
name: {{ template "fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}

View File

@ -1,46 +0,0 @@
{{/*
Create helm partial for gitea server
*/}}
{{- define "gitea" }}
- name: gitea
image: {{ .Values.images.gitea }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
env:
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.mariadb.enabled }}
name: {{ template "mariadb.fullname" . }}
key: mariadb-password
{{- else }}
name: {{ printf "%s-%s" .Release.Name "externaldb" }}
key: db-password
{{- end }}
ports:
- name: ssh
containerPort: 22
- name: http
containerPort: 3000
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 200
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources:
{{ toYaml .Values.resources.gitea | indent 10 }}
volumeMounts:
- name: gitea-data
mountPath: /data
- name: gitea-config
mountPath: /etc/gitea
{{- end }}

100
templates/gitea/config.yaml Normal file
View File

@ -0,0 +1,100 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "gitea.fullname" . }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
data:
app.ini: |-
{{- if not (hasKey .Values.gitea.config "cache") -}}
{{- $_ := set .Values.gitea.config "cache" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "server") -}}
{{- $_ := set .Values.gitea.config "server" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "database") -}}
{{- $_ := set .Values.gitea.config "database" dict -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config "security") -}}
{{- $_ := set .Values.gitea.config "security" dict -}}
{{- end -}}
{{- /* security default settings */ -}}
{{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
{{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
{{- end -}}
{{- /* server default settings */ -}}
{{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
{{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
{{- end -}}
{{- if not .Values.gitea.config.server.PROTOCOL -}}
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
{{- end -}}
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
{{- if gt (len .Values.ingress.hosts) 0 -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0) -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.server.ROOT_URL -}}
{{- if .Values.ingress.enabled -}}
{{- if gt (len .Values.ingress.tls) 0 -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0)) -}}
{{- end -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}}
{{- end -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
{{- end -}}
{{- if not .Values.gitea.config.server.SSH_PORT -}}
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
{{- end -}}
{{- /* database default settings */ -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
{{ else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}}
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}}
{{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}}
{{- end -}}
{{- /* cache default settings */ -}}
{{- if .Values.gitea.cache.builtIn.enabled -}}
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
{{- end -}}
{{- /* autogenerate app.ini */ -}}
{{- range $key, $value := .Values.gitea.config }}
{{- if kindIs "map" $value }}
{{- if gt (len $value) 0 }}
[{{ $key }}]
{{- range $n_key, $n_value := $value }}
{{ $n_key | upper }} = {{ $n_value }}
{{- end }}
{{- end }}
{{- else }}
{{ $key | upper }} = {{ $value }}
{{- end }}
{{- end }}

File diff suppressed because it is too large Load Diff

View File

@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}-http
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
type: {{ .Values.service.http.serviceType }}
ports:
- name: http
port: {{ .Values.service.http.port }}
{{- if .Values.service.http.nodePort }}
nodePort: {{ .Values.service.http.nodePort }}
{{- end }}
targetPort: {{ .Values.service.http.port }}
selector:
app: {{ template "fullname" . }}

View File

@ -1,29 +0,0 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingGiteaClaim) (not .Values.persistence.directGiteaVolumeMount) -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "fullname" . }}
labels:
app: {{ template "fullname" . }}
chart: gitea
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.giteaSize | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,24 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "fullname" . }}-ssh
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
type: {{ .Values.service.ssh.serviceType }}
{{- with .Values.service.ssh.externalIPs }}
externalIPs:
{{ toYaml . | indent 2 | trim }}
{{- end }}
ports:
- name: ssh
port: {{ .Values.service.ssh.port }}
targetPort: ssh
{{- if .Values.service.ssh.nodePort }}
nodePort: {{ .Values.service.ssh.nodePort }}
{{- end }}
selector:
app: {{ template "fullname" . }}

View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "gitea.fullname" . }}-http
labels:
{{- include "gitea.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.http.type }}
clusterIP: None
ports:
- name: http
port: {{ .Values.service.http.port }}
{{- if .Values.service.http.nodePort }}
nodePort: {{ .Values.service.http.nodePort }}
{{- end }}
targetPort: {{ .Values.gitea.config.server.HTTP_PORT }}
selector:
{{- include "gitea.selectorLabels" . | nindent 4 }}

View File

@ -0,0 +1,39 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "gitea.fullname" . -}}
{{- $httpPort := .Values.service.http.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ $fullName }}-http
servicePort: {{ $httpPort }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,26 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "gitea.fullname" . }}-ssh
labels:
{{- include "gitea.labels" . | nindent 4 }}
annotations:
{{ toYaml .Values.service.ssh.annotations | indent 4 }}
spec:
type: {{ .Values.service.ssh.type }}
{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
{{- end }}
{{- if ne .Values.service.ssh.type "LoadBalancer" }}
clusterIP: None
{{- end }}
ports:
- name: ssh
port: {{ .Values.service.ssh.port }}
targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
protocol: TCP
{{- if .Values.service.ssh.nodePort }}
nodePort: {{ .Values.service.ssh.nodePort }}
{{- end }}
selector:
{{- include "gitea.selectorLabels" . | nindent 4 }}

View File

@ -0,0 +1,151 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "gitea.fullname" . }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "gitea.selectorLabels" . | nindent 6 }}
serviceName: {{ include "gitea.fullname" . }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
labels:
{{- include "gitea.selectorLabels" . | nindent 8 }}
spec:
securityContext:
fsGroup: 1000
initContainers:
- name: init
image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
env:
- name: SCRIPT
value: &script |-
mkdir -p /data/gitea/conf
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
chmod a+rwx /data/gitea/conf/app.ini
nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
su git -c ' \
set -x; \
gitea migrate; \
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
gitea admin create-user --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \
|| \
gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
{{- end }}
{{- if .Values.gitea.ldap.enabled }}
gitea admin auth add-ldap \
--name {{ .Values.gitea.ldap.name | quote }} \
--security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
--host {{ .Values.gitea.ldap.host | quote }} \
--port {{ .Values.gitea.ldap.port | int}} \
--user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
--user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
--admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
--email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
--bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
--bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
--synchronize-users \
--username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
|| \
( \
export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \
gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
--name {{ .Values.gitea.ldap.name | quote }} \
--security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
--host {{ .Values.gitea.ldap.host | quote }} \
--port {{ .Values.gitea.ldap.port | int}} \
--user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
--user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
--admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
--email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
--bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
--bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
--synchronize-users \
--username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
) \
{{- end }}
'
command: ["/bin/sh",'-c', *script]
volumeMounts:
- name: config
mountPath: /etc/gitea/conf
- name: data
mountPath: /data
terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.version }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
# SSH Port values have to be set here as well for openssh configuration
- name: SSH_LISTEN_PORT
value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
- name: SSH_PORT
value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
ports:
- name: ssh
containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
- name: http
containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 200
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: data
mountPath: /data
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ include "gitea.fullname" . }}
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim }}
{{- else if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
storageClassName: {{ .Values.persistence.storageClass | default "standard" | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}

View File

@ -1,42 +0,0 @@
{{- if .Values.ingress.enabled }}
apiVersion: {{ template "gitea.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "fullname" . }}
labels:
app: "{{ template "fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
- path: /
backend:
serviceName: {{ template "fullname" . }}-http
servicePort: {{ .Values.service.http.port }}
{{- end }}
{{- range .Values.ingress.hosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: "{{ template "fullname" $ }}-http"
servicePort: {{ $.Values.service.http.port }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end }}
{{- end }}

View File

@ -1,31 +0,0 @@
{{/*
Create helm partial for gitea server
*/}}
{{- define "init" }}
- name: init
image: {{ .Values.images.gitea }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
env:
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.mariadb.enabled }}
name: {{ template "mariadb.fullname" . }}
key: mariadb-password
{{- else }}
name: {{ printf "%s-%s" .Release.Name "externaldb" }}
key: db-password
{{- end }}
- name: SCRIPT
value: &script |-
mkdir -p /datatmp/gitea/conf
if [ ! -f /datatmp/gitea/conf/app.ini ]; then
sed "s/MARIADB_PASSWORD/${MARIADB_PASSWORD}/g" < /etc/gitea/app.ini > /datatmp/gitea/conf/app.ini
fi
command: ["/bin/sh",'-c', *script]
volumeMounts:
- name: gitea-data
mountPath: /datatmp
- name: gitea-config
mountPath: /etc/gitea
{{- end }}

View File

@ -1,35 +0,0 @@
{{/*
Create helm partial for memcached
*/}}
{{- define "memcached" }}
- name: memcached
image: {{ .Values.images.memcached }}
imagePullPolicy: {{ .Values.images.pullPolicy }}
command:
- memcached
- -m {{ .Values.memcached.maxItemMemory }}
{{- if .Values.memcached.extendedOptions }}
- -o
- {{ .Values.memcached.extendedOptions }}
{{- end }}
{{- if .Values.memcached.verbosity }}
- -{{ .Values.memcached.verbosity }}
{{- end }}
ports:
- name: memcache
containerPort: 11211
livenessProbe:
tcpSocket:
port: memcache
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
tcpSocket:
port: memcache
initialDelaySeconds: 5
timeoutSeconds: 1
securityContext:
runAsUser: 1000
resources:
{{ toYaml .Values.resources.memcached | indent 10 }}
{{- end }}

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "gitea.fullname" . }}-test-connection"
labels:
{{ include "gitea.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "gitea.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

File diff suppressed because it is too large Load Diff