1.16.4

Signed-off-by: techknowlogick <techknowlogick@gitea.io>

.drone.yml

@@ -10,14 +10,14 @@ platform:
 steps:
 - name: helm lint
   pull: always
-  image: alpine:3.13
+  image: alpine:3.15
   commands:
   - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
   - helm lint
 
 - name: helm template
   pull: always
-  image: alpine:3.13
+  image: alpine:3.15
   commands:
   - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
   - helm dependency update
@@ -58,7 +58,7 @@ trigger:
 steps:
 - name: generate-chart
   pull: always
-  image: alpine:3.13
+  image: alpine:3.15
   commands:
     - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
     - apk add --no-cache curl
@@ -74,8 +74,7 @@ steps:
   image: plugins/s3:latest
   settings:
     bucket: gitea-artifacts
-    endpoint: https://storage.gitea.io
-    path_style: true
+    endpoint: https://ams3.digitaloceanspaces.com
     access_key:
       from_secret: aws_access_key_id
     secret_key:

Chart.yaml

@@ -3,7 +3,7 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 1.15.4
+appVersion: 1.16.4
 icon: https://docs.gitea.io/images/gitea.png
 
 keywords:
@@ -34,14 +34,6 @@ dependencies:
   repository: https://charts.bitnami.com/bitnami
   version: 5.9.0
   condition: memcached.enabled
-- name: redis-cluster
-  repository: https://charts.bitnami.com/bitnami
-  version: 6.2.3
-  condition: redis-cluster.enabled
-- name: redis
-  repository: https://charts.bitnami.com/bitnami
-  version: 14.6.6
-  condition: redis.enabled
 - name: mysql
   repository: https://charts.bitnami.com/bitnami
   version: 6.14.10
@@ -50,10 +42,6 @@ dependencies:
   repository: https://charts.bitnami.com/bitnami
   version: 10.3.17
   condition: postgresql.enabled
-- name: postgresql-ha
-  repository: https://charts.bitnami.com/bitnami
-  version: 7.7.3
-  condition: postgresql-ha.enabled
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
   version: 9.3.6

README.md

@@ -109,12 +109,13 @@ gitea:
   podAnnotations: {}
 ```
 
-### Multiple OAuth authentication sources
+### Multiple OAuth and LDAP authentication sources
 
 With `5.0.0` of this Chart it is now possible to configure Gitea with multiple
-OAuth sources. As a result, you need to update an existing OAuth configuration
+OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration
 in your customized `values.yaml` by replacing the object with settings to a list
-of settings objects. See [OAuth2 Settings](#oauth-settings) section for details.
+of settings objects. See [OAuth2 Settings](#oauth-settings) and
+[LDAP Settings](#ldap-settings) section for details.
 
 ## Chart upgrade from 3.x.x to 4.0.0
 
@@ -213,73 +214,6 @@ signing:
   gpgHome: /data/git/.gnupg
 ```
 
-## Gitea - HA
-
-With Version 4.1.x the helm chart supports Gitea running in HA(High Availability)
-mode. To run Gitea in HA you'll need to set a few values in order to run successfully.
-
-### Redis
-
-HA requires a Queue to run, we're going to use redis as default for this.
-
-```yaml
-redis:
-  enabled: true
-```
-
-You can also run Redis in HA mode:
-
-```yaml
-redis-cluster:
-  enabled: true
-```
-
-Both variants can be found at [Bitnami](https://github.com/bitnami/charts).
-
-Once redis is enabled, the chart will automatically configure Gitea to run with
-redis queue, indexer and session. Running with Redis already provides a sticky
-session, which saves you the trouble from configuring your ingress running with
-a sticky session.
-The following values are autogenerated.
-However you can overwrite any setting in the config section of the chart.
-
-```bash
-[session]
-PROVIDER        = redis
-PROVIDER_CONFIG = redis://:gitea@gitea-redis-master.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s
-
-[queue]
-CONN_STR = redis://:gitea@gitea-redis-master.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s
-TYPE     = redis
-
-[queue.issue_indexer]
-TYPE = redis
-```
-
-### Persistence
-
-When running in HA you cannot use the default persistence for the chart.
-You'll need to setup an extra PVC running with access mode "RWX" - "ReadWriteMany".
-Otherwise the chart will create a PVC for every replica.
-
-```yaml
-persistence:
-  enabled: true
-  existingClaim: rwx-pvc-gitea
-```
-
-### PostgreSQL
-
-You can also run PostgreSQL in HA mode also provided by
-[Bitnami](https://github.com/bitnami/charts).
-:warning: Please disable the default PostgreSQL version,
-when you enabled the HA PostgreSQL.
-
-```yaml
-postgresql-ha:
-  enabled: true
-```
-
 ## Examples
 
 ### Gitea Configuration
@@ -305,7 +239,7 @@ service and ingress settings. All defaults can be overwritten in `gitea.config`.
 INSTALL_LOCK is always set to true, since we want to configure Gitea with this
 helm chart and everything is taken care of.
 
-*All default settings are made directly in the generated app.ini, not in the Values.*
+_All default settings are made directly in the generated app.ini, not in the Values._
 
 #### Database defaults
 
@@ -407,6 +341,55 @@ data:
     ENABLED=true
 ```
 
+Or when using a Kubernetes secret, having the same data structure:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-security-related-configuration
+type: Opaque
+stringData:
+  security: |
+    PASSWORD_COMPLEXITY=off
+  session: |
+    SAME_SITE=strict
+```
+
+#### User defined environment variables in app.ini
+
+Users are able to define their own environment variables,
+which are loaded into the containers. We also support to
+directly interact with the generated _app.ini_.
+
+To inject self defined variables into the _app.ini_ a
+certain format needs to be honored. This is
+described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini)
+page.
+
+Note that the Prefix on this helm chart is `ENV_TO_INI`.
+
+For example a database setting needs to have the following
+format:
+
+```yaml
+gitea:
+  additionalConfigFromEnvs:
+    - name: ENV_TO_INI__DATABASE__HOST
+      value: my.own.host
+    - name: ENV_TO_INI__DATABASE__PASSWD
+      valueFrom:
+        secretKeyRef:
+          name: postgres-secret
+          key: password
+```
+
+Priority (highest to lowest) for defining app.ini variables:
+
+1. Environment variables prefixed with `ENV_TO_INI`
+2. Additional config sources
+3. Values defined in `gitea.config`
+
 ### External Database
 
 An external Database can be used instead of builtIn PostgreSQL or MySQL.
@@ -746,12 +729,12 @@ gitea:
 
 ### Image
 
-| Parameter          | Description                                                                               | Default       |
-| ------------------ | ----------------------------------------------------------------------------------------- | ------------- |
-| `image.repository` | Image to start for this pod                                                               | `gitea/gitea` |
-| `image.tag`        | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated)       | `1.14.6`      |
-| `image.pullPolicy` | Image pull policy                                                                         | `Always`      |
-| `image.rootless`   | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false`       |
+| Parameter          | Description                                                                               | Default                            |
+| ------------------ | ----------------------------------------------------------------------------------------- | ---------------------------------- |
+| `image.repository` | Image to start for this pod                                                               | `gitea/gitea`                      |
+| `image.tag`        | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated)       | see [Chart.AppVersion](Chart.yaml) |
+| `image.pullPolicy` | Image pull policy                                                                         | `Always`                           |
+| `image.rootless`   | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false`                            |
 
 ### Persistence
 
@@ -803,6 +786,7 @@ gitea:
 | `service.ssh.port`                     | Port for ssh traffic                                                                                        | `22`        |
 | `service.ssh.loadBalancerIP`           | LoadBalancer Ip setting                                                                                     |             |
 | `service.ssh.nodePort`                 | NodePort for ssh service                                                                                    |             |
+| `service.ssh.hostPort`                 | HostPort for ssh service                                                                                    |             |
 | `service.ssh.externalTrafficPolicy`    | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation |             |
 | `service.ssh.externalIPs`              | ssh service external IP addresses                                                                           |             |
 | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer                                                                    | `[]`        |
@@ -858,40 +842,6 @@ Configure Liveness, Readiness and Startup
 | `gitea.startupProbe.successThreshold`      | Minimum consecutive success probes                                   | `1`     |
 | `gitea.startupProbe.failureThreshold`      | Minimum consecutive error probes                                     | `10`    |
 
-### Redis BuiltIn
-
-Redis is loaded as a dependency from
-[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis)
-if enabled in the values. Complete Configuration can be taken from their website.
-
-The following parameters are the defaults set by this chart
-
-| Parameter                  | Description                                      | Default                      |
-|----------------------------|--------------------------------------------------|------------------------------|
-|redis.enabled               | Enable or disable redis                          | `false`                      |
-|redis.global.redis.password | Redis default password                           | `gitea`                      |
-|redis.auth.password         | Redis default password needed for chart upgrades | `gitea`                      |
-| redis.master.service.port  | Redis default port                               | `6379`                       |
-| redis.replica.replicaCount | Redis replicaCount                               | `2`                          |
-
-### Redis-Cluster BuiltIn
-
-Redis-Cluster is loaded as a dependency from
-[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster)
-if enabled in the values. Complete Configuration can be taken from their website.
-
-The following parameters are the defaults set by this chart
-
-| Parameter                          | Description                                      | Default   |
-|------------------------------------|--------------------------------------------------|-----------|
-|redis-cluster.enabled               | Enable or disable redis-cluster                  | `false`   |
-|redis-cluster.global.redis.password | Redis default password                           | `gitea`   |
-|redis-cluster.password              | Redis default password                           | `gitea`   |
-|redis.auth.password                 | Redis default password needed for chart upgrades | `gitea`   |
-| redis-cluster.service.port         | Redis default port                               | `6379`    |
-| redis-cluster.cluster.nodes        | Redis nodes                                      | `6`       |
-| redis-cluster.cluster.replicas     | Redis replicas                                   | `1`       |
-
 ### Memcached BuiltIn
 
 Memcached is loaded as a dependency from
@@ -940,29 +890,6 @@ The following parameters are the defaults set by this chart
 | `postgresql.persistence.size`                     | PVC Storage Request for PostgreSQL volume                | `10Gi`  |
 | `postgresql.enabled`                              | Enable PostgreSQL dependency                             | `true`  |
 
-### PostgreSQL-HA BuiltIn
-
-PostgreSQL-HA is loaded as a dependency from Bitnami. The chart configuration
-can be found in this
-[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) repository.
-
-The following parameters are the defaults set by this chart
-
-| Parameter                                       | Description                               | Default   |
-|-------------------------------------------------|-------------------------------------------|-----------|
-|`postgresql-ha.enabled`                          | Enable or disable PostgreSQL-HA           | `false`   |
-|`postgresql-ha.postgresql.password`              | PostgreSQL password                       | `gitea`   |
-|`postgresql-ha.postgresql.repmgrPassword`        | PostgreSQL repmgr password                | `gitea`   |
-|`postgresql-ha.pgpool.adminPassword`             | PostgreSQL pgpool password                | `gitea`   |
-|`postgresql-ha.global.postgresql.username`       | PostgreSQL username                       | `gitea`   |
-|`postgresql-ha.global.postgresql.password`       | PostgreSQL admin password                 | `gitea`   |
-|`postgresql-ha.global.postgresql.database`       | PostgreSQL default database               | `gitea`   |
-|`postgresql-ha.global.postgresql.repmgrPassword` | PostgreSQL repmgr password                | `gitea`   |
-|`postgresql-ha.global.postgresql.repmgrUsername` | PostgreSQL repmgr username                | `gitea`   |
-|`postgresql-ha.global.postgresql.repmgrDatabase` | PostgreSQL repmgr default database        | `gitea`   |
-|`postgresql-ha.service.port`                     | PostgreSQL port                           | `5432`    |
-|`postgresql-ha.persistence.size`                 | PVC Storage Request for PostgreSQL volume | `10Gi`    |
-
 ### MariaDB BuiltIn
 
 MariaDB is loaded as a dependency from bitnami. Configuration can be found in

templates/_helpers.tpl

@@ -36,7 +36,7 @@ Create image name and tag used by the deployment.
 */}}
 {{- define "gitea.image" -}}
 {{- $name := .Values.image.repository -}}
-{{- $tag := ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") -}}
+{{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
 {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
 {{- printf "%s:%s%s" $name $tag $rootless -}}
 {{- end -}}
@@ -48,10 +48,8 @@ Common labels
 helm.sh/chart: {{ include "gitea.chart" . }}
 app: {{ include "gitea.name" . }}
 {{ include "gitea.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-version: {{ .Chart.AppVersion | quote }}
-{{- end }}
+app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
+version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 
@@ -63,40 +61,8 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
-{{- define "db.servicename" -}}
-{{- if .Values.postgresql.enabled -}}
-{{- printf "%s-postgresql" .Release.Name -}}
-{{- else if (index .Values "postgresql-ha").enabled -}}
-{{- printf "%s-postgresql-ha-pgpool" .Release.Name -}}
-{{- else if .Values.mysql.enabled -}}
-{{- printf "%s-mysql" .Release.Name -}}
-{{- else if .Values.mariadb.enabled -}}
-{{- printf "%s-mariadb" .Release.Name -}}
-{{- else if ne .Values.gitea.config.database.DB_TYPE "sqlite3" -}}
-{{- $parts := split ":" .Values.gitea.config.database.HOST -}}
-{{- printf "%s %s" $parts._0 $parts._1 -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "db.port" -}}
-{{- if .Values.postgresql.enabled -}}
-{{ .Values.postgresql.global.postgresql.servicePort }}
-{{- else if (index .Values "postgresql-ha").enabled -}}
-{{ (index .Values "postgresql-ha").service.port }}
-{{- else if .Values.mysql.enabled -}}
-{{ .Values.mysql.service.port }}
-{{- else if .Values.mariadb.enabled -}}
-{{ .Values.mariadb.primary.service.port }}
-{{- else -}}
-{{- end -}}
-{{- end -}}
-
 {{- define "postgresql.dns" -}}
-{{- if .Values.postgresql.enabled -}}
 {{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}}
-{{- else if (index .Values "postgresql-ha").enabled -}}
-{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha").service.port -}}
-{{- end -}}
 {{- end -}}
 
 {{- define "mysql.dns" -}}
@@ -111,30 +77,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{- define "redis.dns" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.port -}}
-{{- else if .Values.redis.enabled -}}
-{{- printf "redis://:%s@%s-redis-master.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s" .Values.redis.global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain .Values.redis.master.service.port -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "redis.port" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{ (index .Values "redis-cluster").service.port }}
-{{- else if .Values.redis.enabled -}}
-{{ .Values.redis.master.service.port }}
-{{- end -}}
-{{- end -}}
-
-{{- define "redis.servicename" -}}
-{{- if (index .Values "redis-cluster").enabled -}}
-{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
-{{- else if .Values.redis.enabled -}}
-{{- printf "%s-redis-master.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
-{{- end -}}
-{{- end -}}
-
 {{- define "gitea.default_domain" -}}
 {{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
@@ -239,18 +181,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
   {{- if not (hasKey .Values.gitea.config "oauth2") -}}
     {{- $_ := set .Values.gitea.config "oauth2" dict -}}
   {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "session") -}}
-    {{- $_ := set .Values.gitea.config "session" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "queue") -}}
-    {{- $_ := set .Values.gitea.config "queue" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "queue.issue_indexer") -}}
-    {{- $_ := set .Values.gitea.config "queue.issue_indexer" dict -}}
-  {{- end -}}
-  {{- if not (hasKey .Values.gitea.config "indexer") -}}
-    {{- $_ := set .Values.gitea.config "indexer" dict -}}
-  {{- end -}}
 {{- end -}}
 
 {{- define "gitea.inline_configuration.defaults" -}}
@@ -266,24 +196,13 @@ app.kubernetes.io/instance: {{ .Release.Name }}
   {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
     {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
   {{- end -}}
-  {{- if or .Values.memcached.enabled (index .Values "redis-cluster").enabled .Values.redis.enabled -}}
+  {{- if .Values.memcached.enabled -}}
     {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
-    {{- $_ := set .Values.gitea.config.cache "ADAPTER" (ternary "memcache" "redis" .Values.memcached.enabled) -}}
+    {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
     {{- if not (.Values.gitea.config.cache.HOST) -}}
-      {{- $_ := set .Values.gitea.config.cache "HOST" (ternary (include "memcached.dns" .) (include "redis.dns" .) .Values.memcached.enabled) -}}
+      {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
     {{- end -}}
   {{- end -}}
-  {{- /* redis queue */ -}}
-  {{- if or (index .Values "redis-cluster").enabled  .Values.redis.enabled -}}
-    {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
-    {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
-    {{- $_ := set (index .Values.gitea.config "queue.issue_indexer") "TYPE" "redis" -}}
-  {{- end -}}
-  {{- /* multiple replicas */ -}}
-  {{- if gt .Values.replicaCount 1.0 -}}
-    {{- $_ := set .Values.gitea.config.session  "PROVIDER" "redis" -}}
-    {{- $_ := set .Values.gitea.config.session  "PROVIDER_CONFIG" (include "redis.dns" .) -}}
-  {{- end -}}
 {{- end -}}
 
 {{- define "gitea.inline_configuration.defaults.server" -}}
@@ -346,14 +265,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
     {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.postgresqlDatabase -}}
     {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.postgresqlUsername -}}
     {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.postgresqlPassword -}}
-  {{- else if (index .Values "postgresql-ha").enabled -}}
-    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
-    {{- if not (.Values.gitea.config.database.HOST) -}}
-      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
-    {{- end -}}
-    {{- $_ := set .Values.gitea.config.database "NAME"      (index .Values "postgresql-ha").global.postgresql.database -}}
-    {{- $_ := set .Values.gitea.config.database "USER"      (index .Values "postgresql-ha").global.postgresql.username -}}
-    {{- $_ := set .Values.gitea.config.database "PASSWD"    (index .Values "postgresql-ha").global.postgresql.password -}}
   {{- else if .Values.mysql.enabled -}}
     {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "mysql" -}}
     {{- if not (.Values.gitea.config.database.HOST) -}}

templates/gitea/config.yaml

@@ -63,6 +63,41 @@ stringData:
       export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
     }
 
+    function env2ini::reload_preset_envs() {
+      env2ini::log "Reloading preset envs..."
+
+      while read -r line; do
+        if [[ -z "${line}" ]]; then
+          # skip empty line
+          return
+        fi
+
+        # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
+        local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
+
+        if [[ -z "${setting}" ]]; then
+          env2ini::log '  ! invalid setting'
+          exit 1
+        fi
+
+        local value=''
+        local regex="^${setting}(\s*)=(\s*)(.*)"
+        if [[ $line =~ $regex ]]; then
+          value="${BASH_REMATCH[3]}"
+        else
+          env2ini::log '  ! invalid setting'
+          exit 1
+        fi
+
+        env2ini::log "  + '${setting}'"
+
+        export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase
+      done < "/tmp/existing-envs"
+
+      rm /tmp/existing-envs
+    }
+
+
     function env2ini::process_config_file() {
       local config_file="${1}"
       local section="$(basename "${config_file}")"
@@ -104,12 +139,17 @@ stringData:
       env2ini::log "...Initial secrets generated\n"
     }
 
+    env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs
+    
     # MUST BE CALLED BEFORE OTHER CONFIGURATION
     env2ini::generate_initial_secrets
 
     env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
     env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
 
+    # load existing envs to override auto generated envs
+    env2ini::reload_preset_envs
+
     env2ini::log "=== All configuration sources loaded ===\n"
 
     # safety to prevent rewrite of secret keys if an app.ini already exists
@@ -125,4 +165,3 @@ stringData:
     fi
 
     environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
-    

templates/gitea/init.yaml

@@ -30,7 +30,9 @@ stringData:
 
     # prepare temp directory structure
     mkdir -p "${GITEA_TEMP}"
+    {{- if not .Values.image.rootless }}
     chown 1000:1000 "${GITEA_TEMP}"
+    {{- end }}
     chmod ug+rwx "${GITEA_TEMP}"
 
   configure_gitea.sh: |-
@@ -38,52 +40,15 @@ stringData:
 
     set -euo pipefail
 
-    {{- if include "db.servicename" . }}
-    # Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de
-    function test_db_connection() {
-      local RETRY=0
-      local MAX=30
-
-      echo 'Wait for database to become avialable...'
-      until [ "${RETRY}" -ge "${MAX}" ]; do
-        nc -vz -w2 {{ include "db.servicename" . }} {{ include "db.port" . }} && break
-        RETRY=$[${RETRY}+1]
-        echo "...not ready yet (${RETRY}/${MAX})"
-      done
-
-      if [ "${RETRY}" -ge "${MAX}" ]; then
-        echo "Database not reachable after '${MAX}' attempts!"
-        exit 1
-      fi
-    }
-
-    test_db_connection
-    {{- end }}
-
-    {{- if include "redis.servicename" . }}
-    function test_redis_connection() {
-      local RETRY=0
-      local MAX=30
-      
-      echo 'Wait for redis to become avialable...'
-      until [ "${RETRY}" -ge "${MAX}" ]; do
-        nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break
-        RETRY=$[${RETRY}+1]
-        echo "...not ready yet (${RETRY}/${MAX})"
-      done
-
-      if [ "${RETRY}" -ge "${MAX}" ]; then
-        echo "Redis not reachable after '${MAX}' attempts!"
-        exit 1
-      fi
-    }
-
-    test_redis_connection
-    {{- end }}
-
     echo '==== BEGIN GITEA CONFIGURATION ===='
 
-    gitea migrate
+    { # try
+      gitea migrate
+    } || { # catch
+      echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds"
+      exit 1
+    }
+    
 
     {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
     function configure_admin_user() {

templates/gitea/statefulset.yaml

@@ -87,6 +87,9 @@ spec:
             {{- if .Values.statefulset.env }}
             {{- toYaml .Values.statefulset.env | nindent 12 }}
             {{- end }}
+            {{- if .Values.gitea.additionalConfigFromEnvs }}
+            {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }}
+            {{- end }}
           volumeMounts:
             - name: config
               mountPath: /usr/sbin
@@ -228,6 +231,9 @@ spec:
           ports:
             - name: ssh
               containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
+            {{- if .Values.service.ssh.hostPort }}
+              hostPort: {{ .Values.service.ssh.hostPort }}
+            {{- end }}
             - name: http
               containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
             {{- if .Values.gitea.config.server.ENABLE_PPROF }}

values.yaml

@@ -8,7 +8,8 @@ clusterDomain: cluster.local
 
 image:
   repository: gitea/gitea
-  tag: 1.15.4
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
   pullPolicy: Always
   rootless: false # only possible when running 1.14 or later
 
@@ -60,6 +61,7 @@ service:
     #nodePort:
     #externalTrafficPolicy:
     #externalIPs:
+    #hostPort:
     loadBalancerSourceRanges: []
     annotations:
 
@@ -123,7 +125,6 @@ persistence:
   # storageClass:
   # subPath:
 
-
 # additional volumes to add to the Gitea statefulset.
 extraVolumes:
 # - name: postgres-ssl-vol
@@ -212,6 +213,8 @@ gitea:
   #   - configMap:
   #       name: gitea-app-ini-plaintext
 
+  additionalConfigFromEnvs: []
+
   podAnnotations: {}
 
   # Modify the liveness probe for your needs or completely disable it by commenting out.
@@ -249,31 +252,6 @@ memcached:
   service:
     port: 11211
 
-redis:
-  enabled: false
-  global:
-    redis:
-      password: gitea
-  auth:
-    password: gitea
-  master:
-    service:
-      port: 6379
-  replica:
-    replicaCount: 2
-
-redis-cluster:
-  enabled: false
-  password: gitea
-  global:
-    redis:
-      password: gitea
-  cluster:
-    nodes: 6
-    replicas: 1
-  service:
-    port: 6379
-
 postgresql:
   enabled: true
   global:
@@ -285,26 +263,6 @@ postgresql:
   persistence:
     size: 10Gi
 
-postgresql-ha:
-  enabled: false
-  postgresql:
-    password: gitea
-    repmgrPassword: gitea
-  pgpool:
-    adminPassword: gitea
-  global:
-    postgresql:
-      database: gitea
-      username: gitea
-      password: gitea
-      repmgrPassword: postgresql
-      repmgrUsername: postgresql
-      repmgrDatabase: repr
-  service:
-    port: 5432
-  persistence:
-    size: 10Gi
-
 mysql:
   enabled: false
   root: