### Description of the change
Introduce `service.{http,ssh}.loadBalancerClass`
### Benefits
Feature was not supported before. This is required if your cluster has multiple loadBalancer options and you want to select one
### Possible drawbacks
More yaml.
### Checklist
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Templating unittests are added
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/640
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Karitham <kar@karitham.dev>
Co-committed-by: Karitham <kar@karitham.dev>
### Description of the change
The change allows users of this chart to specify custom labels for the HTTP & SSH Services that get deployed. They are optional and if given are added to the standard list of labels.
### Benefits
Certain use cases require labelling services to be able to select them in other places. Specifiying them directly in the helm chart avoids having to label by hand everytime.
Concrete Use Case Example: Cilium Layer 2 Announcements require selecting services to announce via labels (see [docs](https://docs.cilium.io/en/stable/network/l2-announcements/#service-selector)). I would like to add a label to the SSH service, but not the HTTP Service (which is handled via an ingress).
### Possible drawbacks
I don't see any, using this feature is optional :)
### Checklist
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Breaking changes are documented in the `README.md`
- [X] Templating unittests are added
Co-authored-by: Remo Geissbühler <git@remogeissbuehler.ch>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/597
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: remogeissbuehler <remogeissbuehler@noreply.gitea.com>
Co-committed-by: remogeissbuehler <remogeissbuehler@noreply.gitea.com>
# Changes
A big shoutout to @luhahn for all his work in #205 which served as the base for this PR.
## Documentation
- [x] After thinking for some time about it, I still prefer the distinct option (as started in #350), i.e. having a standalone "HA" doc under `docs/ha-setup.md` to not have a very long README (which is already quite long).
Most of the information below should go into it with more details and explanations behind all of the individual components.
## Chart deps
~~- Adds `meilisearch` as a chart dependency for a HA-ready issue indexer. Only works with >= Gitea 1.20~~
~~- Adds `redis` as a chart dependency for a HA-ready session and queue store.~~
- Adds `redis-cluster` as a chart dependency for a HA-ready session and queue store (alternative to `redis`). Only works with >= Gitea 1.19.2.
- Removes `memcached` instead of `redis-cluster`
- Add `postgresql-ha` as default DB dep in favor of `postgres`
## Adds smart HA chart logic
The goal is to set smart config values that result in a HA-ready Gitea deployment if `replicaCount` > 1.
- If `replicaCount` > 1,
- `gitea.config.session.PROVIDER` is automatically set to `redis-cluster`
- `gitea.config.indexer.REPO_INDEXER_ENABLED` is automatically set to `false` unless the value is `elasticsearch` or `meilisearch`
- `redis-cluster` is used for `[queue]` and `[cache]` and `[session]`mode or not
Configuration of external instances of `meilisearch` and `minio` are documented in a new markdown doc.
## Deployment vs Statefulset
Given all the discussions about this lately (#428), I think we could use both.
In the end, we do not have the requirement for a sequential pod scale up/scale down as it would happen in statefulsets.
On the other side, we do not have actual stateless pods as we are attaching a RWX to the deployment.
Yet I think because we do not have a leader-election requirement, spawning the pods as a deployment makes "Rolling Updates" easier and also signals users that there is no "leader election" logic and each pod can just be "destroyed" at anytime without causing interruption.
Hence I think we should be able to switch from a statefulset to a deployment, even in the single-replica case.
This change also brought up a templating/linting issue: the definition of `.Values.gitea.config.server.SSH_LISTEN_PORT` in `ssh-svc.yaml` just "luckily" worked so far due to naming-related lint processing. Due to the change from "statefulset" to "deployment", the processing queue changed and caused a failure complaining about `config.server.SSH_LISTEN_PORT` not being defined yet.
The only way I could see to fix this was to "properly" define the value in `values.yaml` instead of conditionally definining it in `helpers.tpl`. Maybe there's a better way?
## Chart PVC Creation
I've adapted the automated PVC creation from another chart to be able to provide the `storageClassName` as I couldn't get dynamic provisioning for EFS going with the current implementation.
In addition the naming and approach within the Gitea chart for PV creation is a bit unusual and aligning it might be beneficial.
A semi-unrelated change which will result in a breaking change for existing users but this PR includes a lot of breaking changes already, so including another one might not make it much worse...
- New `persistence.mount`: whether to mount an existing PVC (via `persistence.existingClaim`
- New `persistence.create`: whether to create a new PVC
## Testing
As this PR does a lot of things, we need proper testing.
The helm chart can be installed from the Git branch via `helm-git` as follows:
```
helm repo add gitea-charts git+https://gitea.com/gitea/helm-chart@/?ref=deployment
helm install gitea --version 0.0.0
```
It is **highly recommended** to test the chart in a dedicated namespace.
I've tested this myself with both `redis` and `redis-cluster` and it seemed to work fine.
I just did some basic operations though and we should do more niche testing before merging.
Examplary `values.yml` for testing (only needs a valid RWX storage class):
<details>
<summary>values.yaml</summary>
```yml
image:
tag: "dev"
PullPolicy: "Always"
rootless: true
replicaCount: 2
persistence:
enabled: true
accessModes:
- ReadWriteMany
storageClass: FIXME
redis-cluster:
enabled: false
global:
redis:
password: gitea
gitea:
config:
indexer:
ISSUE_INDEXER_ENABLED: true
REPO_INDEXER_ENABLED: false
```
</details>
## Preferred setup
The preferred HA setup with respect to performance and stability might currently be as follows:
- Repos: RWX (e.g. EFS or Azurefiles NFS)
- Issue indexer: Meilisearch (HA)
- Session and cache: Redis Cluster (HA)
- Attachments/Avatars: Minio (HA)
This will result in a ~ 10-pod HA setup overall.
All pods have very low resource requests.
fix#98
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/437
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
To enable access to e.g. the SSH port by IPv6, the selection of ipFamilyPolicy and ipFamilies service attributes is necessary. Enable the possibility to configure these by helm values.
Co-authored-by: Sven Fischer <sven@leiderfischer.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/313
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: svenihoney <svenihoney@noreply.gitea.io>
Co-committed-by: svenihoney <svenihoney@noreply.gitea.io>
SSH service might want to limit the a range of source IPs. LoadBalancerSourceRanges
enables to limit them just passing a list of CIDR addresses to whitelist
Co-authored-by: javier <perezrubio.javier@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/105
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: JPRbrs <jprbrs@noreply.gitea.io>
Co-committed-by: JPRbrs <jprbrs@noreply.gitea.io>
Improve ldap settings with helper function
Allow clusterIP for http service to be set, default to None
Use imagePullSecrets in statefulset now
Update default values
Update README
Bump Chart version
Co-authored-by: luhahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-Authored-By: luhahn <luhahn@noreply.gitea.io>
Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
Fix NodePort settings for ssh service
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/32
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
remove Cluster from readme
externalTrafficPolicy and externalIPs example in values
document service.ssh.externalTrafficPolicy and service.ssh.externalIPs
bump chart version
externalIPs and externalTrafficPolicy
let service.ssh.externalIPs and service.ssh.externalTrafficPolicy be configurable
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/15
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Fix ssh port settings
Remove blank line from LICENSE file
add check for admin user
set PROTOCOL default to http
Add Konrad Lother as Maintainer
Update readme with generic values
make app.ini generic
- app.ini is now configurable via dictionary in values.yaml
- database and server configuration is autogenerated if not defined
- http and ssh services now use gitea config settings for targetPort
- add default security value INSTALL_LOCK = true
- clean up builtin cache settings
bump gitea version
Add values and Remove vscode TOC comments
- values enablePushCreateOrg and enablePushCreateUser have been added to repository settings
fix naming order of license and maintainers
Multiple improvements for the chart:
- add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error
- add guard for loadbalancer settings in ssh service
- use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6)
- init container now also provisions mysql and external database correctly
Fix PVC mounting issues for longhorn storageClass
Add examples to readme
Fix port setting for ssh
Fix and operator for newer helm versions
update values to support most configuration gitea offers
Replace Readme
update license file
Update helpers with dependencies, update NOTES.txt
update Chart.yaml with dependencies
Requirements.yaml removed, since this is deprecated and moved to Chart.yaml
Remove now unused dependencies and deployments
- init is no longer used since databases are initialized
on original charts and managed with dependency
- ingress.yaml moved to templates/gitea
- deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml
- memcached also handled with helm dependency and initialized in original chart
Add initial test for gitea helm chart
Rework templates for helm chart.
- app.ini configurable via config
- admin user and ldap settings configurable via config
- using statefulset to handle pvc
- update helpers for new dependencies
remove helm build artifacts since they are not needed in this repository
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>