Compare commits
74 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
aec87c2490 | ||
|
e3db83e22b | ||
|
7cae9d3404 | ||
52153021e3 | |||
5f7d353901 | |||
|
389a8460e4 | ||
|
3bacaaad84 | ||
|
2be2e2a639 | ||
7b892431d6 | |||
|
f7c66c0336 | ||
5c7e78b467 | |||
478af4e381 | |||
7c4d6c3797 | |||
|
aa9808bc27 | ||
|
a08e39f8ff | ||
|
c039673e5a | ||
|
e636984db1 | ||
|
77aa11a3bb | ||
|
3fdb39df68 | ||
|
9dc3f7c086 | ||
|
036b469ff9 | ||
|
339ee94260 | ||
|
1c71764d3c | ||
e19723a3fb | |||
|
2a762f0865 | ||
|
c32c6f929f | ||
|
e29cd1c289 | ||
|
a535919025 | ||
|
5c6cd932fe | ||
3265a5ed53 | |||
|
1dbf171ad3 | ||
|
6226e4eaea | ||
|
6ffc0a3790 | ||
|
1ac39a6f5d | ||
|
c4168dd029 | ||
|
4dd17f045b | ||
|
030322170e | ||
|
d407eda496 | ||
|
b7b60dd51f | ||
|
22848d0ce7 | ||
|
157e87593d | ||
|
f897e6350b | ||
|
21bc9a548b | ||
|
b13063ad7a | ||
|
4d62136a3d | ||
|
548f932422 | ||
|
dc30c66d25 | ||
|
0b2f3d6eb9 | ||
|
dd304c1c1a | ||
|
4f4c71fb39 | ||
|
509ee975c4 | ||
|
15385d02ee | ||
|
617c773b7e | ||
|
42937062d9 | ||
|
a91624b52d | ||
|
b768ded932 | ||
|
fd8246e51d | ||
|
20b14b01c1 | ||
|
74bae066c4 | ||
|
2f809390be | ||
|
153a664138 | ||
|
0135b10295 | ||
|
2a9273d32f | ||
|
3b2b700441 | ||
7fa896a0ce | |||
|
d2bfa0250d | ||
|
2d77b626ac | ||
|
6644c1701b | ||
|
a3fafc90a8 | ||
|
ceb6de12a8 | ||
|
ab5ec8ddb9 | ||
|
d65737681a | ||
|
8ee589a56f | ||
|
a82540e7eb |
@ -40,3 +40,4 @@
|
|||||||
- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
|
- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
|
||||||
- [ ] Breaking changes are documented in the `README.md`
|
- [ ] Breaking changes are documented in the `README.md`
|
||||||
- [ ] Templating unittests are added
|
- [ ] Templating unittests are added
|
||||||
|
- [ ] All added template resources MUST render a namespace in metadata
|
||||||
|
@ -7,7 +7,7 @@ on:
|
|||||||
|
|
||||||
env:
|
env:
|
||||||
# renovate: datasource=docker depName=alpine/helm
|
# renovate: datasource=docker depName=alpine/helm
|
||||||
HELM_VERSION: "3.14.0"
|
HELM_VERSION: "3.16.3"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
generate-chart-publish:
|
generate-chart-publish:
|
||||||
@ -19,20 +19,23 @@ jobs:
|
|||||||
apt update -y
|
apt update -y
|
||||||
apt install -y curl ca-certificates curl gnupg
|
apt install -y curl ca-certificates curl gnupg
|
||||||
# helm
|
# helm
|
||||||
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
|
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
|
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||||
|
mv linux-amd64/helm /usr/local/bin/
|
||||||
|
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||||
|
helm version
|
||||||
# docker
|
# docker
|
||||||
install -m 0755 -d /etc/apt/keyrings
|
install -m 0755 -d /etc/apt/keyrings
|
||||||
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||||
chmod a+r /etc/apt/keyrings/docker.gpg
|
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||||
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||||
apt update -y
|
apt update -y
|
||||||
apt install -y python helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli
|
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
|
||||||
pip install awscli
|
pip install awscli
|
||||||
|
|
||||||
- name: Import GPG key
|
- name: Import GPG key
|
||||||
id: import_gpg
|
id: import_gpg
|
||||||
uses: https://github.com/crazy-max/ghaction-import-gpg@v5
|
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
|
||||||
with:
|
with:
|
||||||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
||||||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||||
@ -46,7 +49,6 @@ jobs:
|
|||||||
helm plugin install https://github.com/pat-s/helm-gpg
|
helm plugin install https://github.com/pat-s/helm-gpg
|
||||||
helm dependency build
|
helm dependency build
|
||||||
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
||||||
helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz"
|
|
||||||
mkdir gitea
|
mkdir gitea
|
||||||
mv gitea*.tgz gitea/
|
mv gitea*.tgz gitea/
|
||||||
curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
|
curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
|
||||||
@ -57,7 +59,7 @@ jobs:
|
|||||||
helm registry logout registry-1.docker.io
|
helm registry logout registry-1.docker.io
|
||||||
|
|
||||||
- name: aws credential configure
|
- name: aws credential configure
|
||||||
uses: https://github.com/aws-actions/configure-aws-credentials@v2
|
uses: https://github.com/aws-actions/configure-aws-credentials@v4
|
||||||
with:
|
with:
|
||||||
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||||
|
@ -11,12 +11,12 @@ on:
|
|||||||
|
|
||||||
env:
|
env:
|
||||||
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
|
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
|
||||||
HELM_UNITTEST_VERSION: "v0.4.1"
|
HELM_UNITTEST_VERSION: "v0.7.0"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check-and-test:
|
check-and-test:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: alpine/helm:3.14.0
|
container: alpine/helm:3.16.3
|
||||||
steps:
|
steps:
|
||||||
- name: install tools
|
- name: install tools
|
||||||
run: |
|
run: |
|
||||||
|
@ -31,3 +31,8 @@ Makefile
|
|||||||
.drone.yml
|
.drone.yml
|
||||||
CONTRIBUTING.md
|
CONTRIBUTING.md
|
||||||
unittests/
|
unittests/
|
||||||
|
.editorconfig
|
||||||
|
.prettierignore
|
||||||
|
.yamllint
|
||||||
|
CODEOWNERS
|
||||||
|
renovate.json5
|
||||||
|
2
.vscode/settings.json
vendored
2
.vscode/settings.json
vendored
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"yaml.schemas": {
|
"yaml.schemas": {
|
||||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.1/schema/helm-testsuite.json": [
|
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.0/schema/helm-testsuite.json": [
|
||||||
"/unittests/**/*.yaml"
|
"/unittests/**/*.yaml"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
1
CODEOWNERS
Normal file
1
CODEOWNERS
Normal file
@ -0,0 +1 @@
|
|||||||
|
* @justusbunsi @pat-s
|
13
Chart.lock
13
Chart.lock
@ -1,12 +1,15 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 13.4.6
|
version: 15.5.38
|
||||||
- name: postgresql-ha
|
- name: postgresql-ha
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 12.8.2
|
version: 14.3.10
|
||||||
- name: redis-cluster
|
- name: redis-cluster
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 9.5.20
|
version: 10.3.0
|
||||||
digest: sha256:10ca7303e61effbe02163c0df6ed1a87f25d71edd44d1aadae971f56679ae985
|
- name: redis
|
||||||
generated: "2024-02-17T00:21:51.363456958Z"
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
|
version: 19.6.4
|
||||||
|
digest: sha256:462d513ac8ef7abfe26030fd2ea93eb79df167a861ebe09d6c58c7dcd5601e85
|
||||||
|
generated: "2024-11-30T00:41:29.178889496Z"
|
||||||
|
14
Chart.yaml
14
Chart.yaml
@ -3,7 +3,8 @@ name: gitea
|
|||||||
description: Gitea Helm chart for Kubernetes
|
description: Gitea Helm chart for Kubernetes
|
||||||
type: application
|
type: application
|
||||||
version: 0.0.0
|
version: 0.0.0
|
||||||
appVersion: 1.21.6
|
# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
|
||||||
|
appVersion: 1.22.4
|
||||||
icon: https://gitea.com/assets/img/logo.svg
|
icon: https://gitea.com/assets/img/logo.svg
|
||||||
|
|
||||||
keywords:
|
keywords:
|
||||||
@ -35,15 +36,20 @@ dependencies:
|
|||||||
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql
|
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 13.4.6
|
version: 15.5.38
|
||||||
condition: postgresql.enabled
|
condition: postgresql.enabled
|
||||||
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
|
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
|
||||||
- name: postgresql-ha
|
- name: postgresql-ha
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 12.8.2
|
version: 14.3.10
|
||||||
condition: postgresql-ha.enabled
|
condition: postgresql-ha.enabled
|
||||||
# https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
|
# https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
|
||||||
- name: redis-cluster
|
- name: redis-cluster
|
||||||
repository: oci://registry-1.docker.io/bitnamicharts
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
version: 9.5.20
|
version: 10.3.0
|
||||||
condition: redis-cluster.enabled
|
condition: redis-cluster.enabled
|
||||||
|
# https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
|
||||||
|
- name: redis
|
||||||
|
repository: oci://registry-1.docker.io/bitnamicharts
|
||||||
|
version: 19.6.4
|
||||||
|
condition: redis.enabled
|
||||||
|
2
Makefile
2
Makefile
@ -9,7 +9,7 @@ readme: prepare-environment
|
|||||||
|
|
||||||
.PHONY: unittests
|
.PHONY: unittests
|
||||||
unittests:
|
unittests:
|
||||||
helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./
|
helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./
|
||||||
|
|
||||||
.PHONY: helm
|
.PHONY: helm
|
||||||
update-helm-dependencies:
|
update-helm-dependencies:
|
||||||
|
213
package-lock.json
generated
213
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -14,6 +14,6 @@
|
|||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||||
"markdownlint-cli": "^0.39.0"
|
"markdownlint-cli": "^0.43.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
34
readme-actions-dev.md
Normal file
34
readme-actions-dev.md
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# Gitea Actions
|
||||||
|
|
||||||
|
In order to use the Gitea Actions act-runner you must either:
|
||||||
|
|
||||||
|
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
|
||||||
|
- create a secret containing the act runner token and reference it as a `existingSecret`
|
||||||
|
|
||||||
|
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
|
||||||
|
`gitea actions generate-runner-token`
|
||||||
|
|
||||||
|
This command will out a token that is needed by the act-runner to register with the Gitea backend.
|
||||||
|
|
||||||
|
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
|
||||||
|
|
||||||
|
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
|
||||||
|
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
|
||||||
|
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
|
||||||
|
|
||||||
|
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
|
||||||
|
|
||||||
|
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
|
||||||
|
2) `dind`: DockerInDocker image that is used to run the actions
|
||||||
|
|
||||||
|
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
|
||||||
|
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
|
||||||
|
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
actions:
|
||||||
|
provisioning:
|
||||||
|
enabled: false
|
||||||
|
existingSecret: "secret-name"
|
||||||
|
existingSecretKey: "secret-key"
|
||||||
|
```
|
@ -30,6 +30,14 @@
|
|||||||
],
|
],
|
||||||
datasourceTemplate: 'github-releases',
|
datasourceTemplate: 'github-releases',
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
'description': 'Automatically detect new Gitea releases',
|
||||||
|
'customType': 'regex',
|
||||||
|
'fileMatch': ['(^|/)Chart\\.yaml$'],
|
||||||
|
'matchStrings': [
|
||||||
|
'# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n',
|
||||||
|
],
|
||||||
|
},
|
||||||
],
|
],
|
||||||
packageRules: [
|
packageRules: [
|
||||||
{
|
{
|
||||||
@ -55,6 +63,32 @@
|
|||||||
'patch',
|
'patch',
|
||||||
'digest',
|
'digest',
|
||||||
],
|
],
|
||||||
|
matchFileNames: [
|
||||||
|
'!Chart.yaml',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: 'Update README.md on changes in values.yaml',
|
||||||
|
matchManagers: [
|
||||||
|
'helm-values',
|
||||||
|
],
|
||||||
|
postUpgradeTasks: {
|
||||||
|
commands: [
|
||||||
|
'install-tool node',
|
||||||
|
'make readme',
|
||||||
|
],
|
||||||
|
fileFilters: [
|
||||||
|
'README.md',
|
||||||
|
],
|
||||||
|
executionMode: 'update',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
description: 'Override changelog url for Helm image, to have release notes in our PRs',
|
||||||
|
matchDepNames: [
|
||||||
|
'alpine/helm',
|
||||||
|
],
|
||||||
|
changelogUrl: 'https://github.com/helm/helm',
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
43
scripts/token.sh
Normal file
43
scripts/token.sh
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
timeout_delay=15
|
||||||
|
|
||||||
|
check_token() {
|
||||||
|
set +e
|
||||||
|
|
||||||
|
echo "Checking for existing token..."
|
||||||
|
token="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['token']}" 2> /dev/null)"
|
||||||
|
[ $? -ne 0 ] && return 1
|
||||||
|
[ -z "$token" ] && return 2
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
create_token() {
|
||||||
|
echo "Waiting for new token to be generated..."
|
||||||
|
begin=$(date +%s)
|
||||||
|
end=$((begin + timeout_delay))
|
||||||
|
while true; do
|
||||||
|
[ -f /data/actions/token ] && return 0
|
||||||
|
[ "$(date +%s)" -gt $end ] && return 1
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
store_token() {
|
||||||
|
echo "Storing the token in Kubernetes secret..."
|
||||||
|
kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"token\":\"$(base64 /data/actions/token | tr -d '\n')\"}}"
|
||||||
|
}
|
||||||
|
|
||||||
|
if check_token; then
|
||||||
|
echo "Key already in place, exiting."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! create_token; then
|
||||||
|
echo "Checking for an existing act runner token in secret $SECRET_NAME timed out after $timeout_delay"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
store_token
|
@ -25,6 +25,13 @@ If release name contains chart name it will be used as a full name.
|
|||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default worker name.
|
||||||
|
*/}}
|
||||||
|
{{- define "gitea.workername" -}}
|
||||||
|
{{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Create chart name and version as used by the chart label.
|
Create chart name and version as used by the chart label.
|
||||||
*/}}
|
*/}}
|
||||||
@ -40,7 +47,7 @@ Create image name and tag used by the deployment.
|
|||||||
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
|
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
|
||||||
{{- $repository := .Values.image.repository -}}
|
{{- $repository := .Values.image.repository -}}
|
||||||
{{- $separator := ":" -}}
|
{{- $separator := ":" -}}
|
||||||
{{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
|
{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}}
|
||||||
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
||||||
{{- $digest := "" -}}
|
{{- $digest := "" -}}
|
||||||
{{- if .Values.image.digest }}
|
{{- if .Values.image.digest }}
|
||||||
@ -74,7 +81,7 @@ imagePullSecrets:
|
|||||||
Storage Class
|
Storage Class
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "gitea.persistence.storageClass" -}}
|
{{- define "gitea.persistence.storageClass" -}}
|
||||||
{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }}
|
{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
|
||||||
{{- if $storageClass }}
|
{{- if $storageClass }}
|
||||||
storageClassName: {{ $storageClass | quote }}
|
storageClassName: {{ $storageClass | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -92,6 +99,15 @@ version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
|||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.labels.actRunner" -}}
|
||||||
|
helm.sh/chart: {{ include "gitea.chart" . }}
|
||||||
|
app: {{ include "gitea.name" . }}-act-runner
|
||||||
|
{{ include "gitea.selectorLabels.actRunner" . }}
|
||||||
|
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||||
|
version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Selector labels
|
Selector labels
|
||||||
*/}}
|
*/}}
|
||||||
@ -100,6 +116,11 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
|
|||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.selectorLabels.actRunner" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "gitea.name" . }}-act-runner
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "postgresql-ha.dns" -}}
|
{{- define "postgresql-ha.dns" -}}
|
||||||
{{- if (index .Values "postgresql-ha").enabled -}}
|
{{- if (index .Values "postgresql-ha").enabled -}}
|
||||||
{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
|
{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
|
||||||
@ -113,20 +134,28 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "redis.dns" -}}
|
{{- define "redis.dns" -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
|
||||||
|
{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}}
|
||||||
|
{{- else if (index .Values "redis-cluster").enabled -}}
|
||||||
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
|
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
|
||||||
|
{{- else if (index .Values "redis").enabled -}}
|
||||||
|
{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "redis.port" -}}
|
{{- define "redis.port" -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
{{- if (index .Values "redis-cluster").enabled -}}
|
||||||
{{ (index .Values "redis-cluster").service.ports.redis }}
|
{{ (index .Values "redis-cluster").service.ports.redis }}
|
||||||
|
{{- else if (index .Values "redis").enabled -}}
|
||||||
|
{{ (index .Values "redis").master.service.ports.redis }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "redis.servicename" -}}
|
{{- define "redis.servicename" -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
{{- if (index .Values "redis-cluster").enabled -}}
|
||||||
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||||
|
{{- else if (index .Values "redis").enabled -}}
|
||||||
|
{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
@ -191,6 +220,15 @@ https
|
|||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.act_runner.local_root_url" -}}
|
||||||
|
{{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}}
|
||||||
|
{{- printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{/* fallback for allowing to overwrite this value via inline config */}}
|
||||||
|
{{- .Values.gitea.config.server.LOCAL_ROOT_URL -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "gitea.inline_configuration" -}}
|
{{- define "gitea.inline_configuration" -}}
|
||||||
{{- include "gitea.inline_configuration.init" . -}}
|
{{- include "gitea.inline_configuration.init" . -}}
|
||||||
{{- include "gitea.inline_configuration.defaults" . -}}
|
{{- include "gitea.inline_configuration.defaults" . -}}
|
||||||
@ -255,6 +293,9 @@ https
|
|||||||
{{- if not (hasKey .Values.gitea.config "indexer") -}}
|
{{- if not (hasKey .Values.gitea.config "indexer") -}}
|
||||||
{{- $_ := set .Values.gitea.config "indexer" dict -}}
|
{{- $_ := set .Values.gitea.config "indexer" dict -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{- if not (hasKey .Values.gitea.config "actions") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config "actions" dict -}}
|
||||||
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "gitea.inline_configuration.defaults" -}}
|
{{- define "gitea.inline_configuration.defaults" -}}
|
||||||
@ -270,8 +311,11 @@ https
|
|||||||
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
||||||
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}}
|
||||||
|
{{- end -}}
|
||||||
{{- /* redis queue */ -}}
|
{{- /* redis queue */ -}}
|
||||||
{{- if (index .Values "redis-cluster").enabled -}}
|
{{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
|
||||||
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
|
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
|
||||||
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
|
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
|
||||||
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
|
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
|
||||||
@ -301,6 +345,9 @@ https
|
|||||||
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
|
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
|
||||||
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
|
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{- if not .Values.gitea.config.actions.ENABLED -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.actions "ENABLED" (ternary "true" "false" .Values.actions.enabled) -}}
|
||||||
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "gitea.inline_configuration.defaults.server" -}}
|
{{- define "gitea.inline_configuration.defaults.server" -}}
|
||||||
@ -320,6 +367,9 @@ https
|
|||||||
{{- if not .Values.gitea.config.server.ROOT_URL -}}
|
{{- if not .Values.gitea.config.server.ROOT_URL -}}
|
||||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
|
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{- if .Values.actions.enabled -}}
|
||||||
|
{{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (include "gitea.act_runner.local_root_url" .) -}}
|
||||||
|
{{- end -}}
|
||||||
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
|
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
|
||||||
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
|
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@ -392,3 +442,33 @@ https
|
|||||||
{{- define "gitea.serviceAccountName" -}}
|
{{- define "gitea.serviceAccountName" -}}
|
||||||
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
|
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.admin.passwordMode" -}}
|
||||||
|
{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
|
||||||
|
{{ .Values.gitea.admin.passwordMode }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* Create a functioning probe object for rendering. Given argument must be either a livenessProbe, readinessProbe, or startupProbe */}}
|
||||||
|
{{- define "gitea.deployment.probe" -}}
|
||||||
|
{{- $probe := unset . "enabled" -}}
|
||||||
|
{{- $probeKeys := keys $probe -}}
|
||||||
|
{{- $containsCustomMethod := false -}}
|
||||||
|
{{- $chartDefaultMethod := "tcpSocket" -}}
|
||||||
|
{{- $nonChartDefaultMethods := list "exec" "httpGet" "grpc" -}}
|
||||||
|
{{- range $probeKeys -}}
|
||||||
|
{{- if has . $nonChartDefaultMethods -}}
|
||||||
|
{{- $containsCustomMethod = true -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if $containsCustomMethod -}}
|
||||||
|
{{- $probe = unset . $chartDefaultMethod -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- toYaml $probe -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.metrics-secret-name" -}}
|
||||||
|
{{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }}
|
||||||
|
{{- end -}}
|
15
templates/gitea/act_runner/01-consistency-checks.yaml
Normal file
15
templates/gitea/act_runner/01-consistency-checks.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{{- if .Values.actions.enabled -}}
|
||||||
|
{{- if .Values.actions.provisioning.enabled -}}
|
||||||
|
{{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}}
|
||||||
|
{{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if and .Values.persistence.enabled .Values.persistence.mount -}}
|
||||||
|
{{- if .Values.actions.existingSecret -}}
|
||||||
|
{{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}}
|
||||||
|
{{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
15
templates/gitea/act_runner/config-act-runner.yaml
Normal file
15
templates/gitea/act_runner/config-act-runner.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{{- if .Values.actions.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ include "gitea.fullname" . }}-act-runner-config
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
data:
|
||||||
|
config.yaml: |
|
||||||
|
{{- with .Values.actions.statefulset.actRunner.config -}}
|
||||||
|
{{ . | nindent 4}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end }}
|
14
templates/gitea/act_runner/config-scripts.yaml
Normal file
14
templates/gitea/act_runner/config-scripts.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{{- if .Values.actions.enabled }}
|
||||||
|
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ include "gitea.fullname" . }}-scripts
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
data:
|
||||||
|
{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
115
templates/gitea/act_runner/job.yaml
Normal file
115
templates/gitea/act_runner/job.yaml
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
{{- if .Values.actions.enabled }}
|
||||||
|
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||||
|
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||||
|
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: {{ $name }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.actions.provisioning.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/component: token-job
|
||||||
|
annotations:
|
||||||
|
{{- with .Values.actions.provisioning.annotations }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
ttlSecondsAfterFinished: {{ .Values.actions.provisioning.ttlSecondsAfterFinished }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 8 }}
|
||||||
|
{{- with .Values.actions.provisioning.labels }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/component: token-job
|
||||||
|
spec:
|
||||||
|
initContainers:
|
||||||
|
- name: init-gitea
|
||||||
|
image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}"
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
containers:
|
||||||
|
- name: actions-token-create
|
||||||
|
image: "{{ include "gitea.image" . }}"
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
env:
|
||||||
|
- name: GITEA_APP_INI
|
||||||
|
value: /data/gitea/conf/app.ini
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
echo "Generating act_runner token via 'gitea actions generate-runner-token'..."
|
||||||
|
mkdir -p /data/actions/
|
||||||
|
gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.actions.provisioning.resources | nindent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: /data
|
||||||
|
{{- if .Values.persistence.subPath }}
|
||||||
|
subPath: {{ .Values.persistence.subPath }}
|
||||||
|
{{- end }}
|
||||||
|
- name: actions-token-upload
|
||||||
|
image: "{{ .Values.actions.provisioning.publish.repository }}:{{ .Values.actions.provisioning.publish.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.actions.provisioning.publish.pullPolicy }}
|
||||||
|
env:
|
||||||
|
- name: SECRET_NAME
|
||||||
|
value: {{ $secretName }}
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
printf "Checking rights to update kubernetes act_runner secret..."
|
||||||
|
kubectl auth can-i update secret/${SECRET_NAME}
|
||||||
|
/scripts/token.sh
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.actions.provisioning.resources | nindent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /scripts
|
||||||
|
name: scripts
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /data
|
||||||
|
name: data
|
||||||
|
readOnly: true
|
||||||
|
{{- if .Values.persistence.subPath }}
|
||||||
|
subPath: {{ .Values.persistence.subPath }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.actions.provisioning.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.actions.provisioning.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.actions.provisioning.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
restartPolicy: Never
|
||||||
|
serviceAccount: {{ $name }}
|
||||||
|
volumes:
|
||||||
|
- name: scripts
|
||||||
|
configMap:
|
||||||
|
name: {{ include "gitea.fullname" . }}-scripts
|
||||||
|
defaultMode: 0755
|
||||||
|
- name: data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ .Values.persistence.claimName }}
|
||||||
|
parallelism: 1
|
||||||
|
completions: 1
|
||||||
|
backoffLimit: 1
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
26
templates/gitea/act_runner/role-job.yaml
Normal file
26
templates/gitea/act_runner/role-job.yaml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
{{- if .Values.actions.enabled }}
|
||||||
|
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||||
|
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||||
|
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ $name }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
app.kubernetes.io/component: token-job
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
resourceNames:
|
||||||
|
- {{ $secretName }}
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
23
templates/gitea/act_runner/rolebinding-job.yaml
Normal file
23
templates/gitea/act_runner/rolebinding-job.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{{- if .Values.actions.enabled }}
|
||||||
|
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||||
|
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||||
|
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ $name }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
app.kubernetes.io/component: token-job
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: {{ $name }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ $name }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
20
templates/gitea/act_runner/secret-token.yaml
Normal file
20
templates/gitea/act_runner/secret-token.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{{- if .Values.actions.enabled }}
|
||||||
|
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||||
|
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||||
|
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
app.kubernetes.io/component: token-job
|
||||||
|
{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
|
||||||
|
{{ if $secret -}}
|
||||||
|
data:
|
||||||
|
token: {{ (b64dec (index $secret.data "token")) | b64enc }}
|
||||||
|
{{ end -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
14
templates/gitea/act_runner/serviceaccount-job.yaml
Normal file
14
templates/gitea/act_runner/serviceaccount-job.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{{- if .Values.actions.enabled }}
|
||||||
|
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||||
|
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ $name }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
app.kubernetes.io/component: token-job
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
118
templates/gitea/act_runner/statefulset.yaml
Normal file
118
templates/gitea/act_runner/statefulset.yaml
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
{{- if .Values.actions.enabled }}
|
||||||
|
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels.actRunner" . | nindent 4 }}
|
||||||
|
{{- with .Values.actions.statefulset.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
annotations:
|
||||||
|
{{- with .Values.actions.statefulset.annotations }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ include "gitea.fullname" . }}-act-runner
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "gitea.selectorLabels.actRunner" . | nindent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "gitea.labels.actRunner" . | nindent 8 }}
|
||||||
|
{{- with .Values.actions.statefulset.labels }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
initContainers:
|
||||||
|
- name: init-gitea
|
||||||
|
image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}"
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
containers:
|
||||||
|
- name: act-runner
|
||||||
|
image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }}
|
||||||
|
workingDir: /data
|
||||||
|
env:
|
||||||
|
- name: DOCKER_HOST
|
||||||
|
value: tcp://127.0.0.1:2376
|
||||||
|
- name: DOCKER_TLS_VERIFY
|
||||||
|
value: "1"
|
||||||
|
- name: DOCKER_CERT_PATH
|
||||||
|
value: /certs/server
|
||||||
|
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: "{{ .Values.actions.existingSecret | default $secretName }}"
|
||||||
|
key: "{{ .Values.actions.existingSecretKey | default "token" }}"
|
||||||
|
- name: GITEA_INSTANCE_URL
|
||||||
|
value: {{ include "gitea.act_runner.local_root_url" . }}
|
||||||
|
- name: CONFIG_FILE
|
||||||
|
value: /actrunner/config.yaml
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.actions.statefulset.resources | nindent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /actrunner/config.yaml
|
||||||
|
name: act-runner-config
|
||||||
|
subPath: config.yaml
|
||||||
|
- mountPath: /certs/server
|
||||||
|
name: docker-certs
|
||||||
|
- mountPath: /data
|
||||||
|
name: data-act-runner
|
||||||
|
- name: dind
|
||||||
|
image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }}
|
||||||
|
env:
|
||||||
|
- name: DOCKER_HOST
|
||||||
|
value: tcp://127.0.0.1:2376
|
||||||
|
- name: DOCKER_TLS_VERIFY
|
||||||
|
value: "1"
|
||||||
|
- name: DOCKER_CERT_PATH
|
||||||
|
value: /certs/server
|
||||||
|
{{- if .Values.actions.statefulset.dind.extraEnvs }}
|
||||||
|
{{- toYaml .Values.actions.statefulset.dind.extraEnvs | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.actions.statefulset.resources | nindent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /certs/server
|
||||||
|
name: docker-certs
|
||||||
|
{{- with .Values.actions.statefulset.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.actions.statefulset.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.actions.statefulset.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
- name: act-runner-config
|
||||||
|
configMap:
|
||||||
|
name: {{ include "gitea.fullname" . }}-act-runner-config
|
||||||
|
- name: docker-certs
|
||||||
|
emptyDir: {}
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: data-act-runner
|
||||||
|
spec:
|
||||||
|
accessModes: [ "ReadWriteOnce" ]
|
||||||
|
{{- include "gitea.persistence.storageClass" . | nindent 8 }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 1Mi
|
||||||
|
{{- end }}
|
@ -2,6 +2,7 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}-inline-config
|
name: {{ include "gitea.fullname" . }}-inline-config
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
@ -12,6 +13,7 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}
|
name: {{ include "gitea.fullname" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
|
@ -2,12 +2,16 @@ apiVersion: apps/v1
|
|||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}
|
name: {{ include "gitea.fullname" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- if .Values.deployment.annotations }}
|
{{- if .Values.deployment.annotations }}
|
||||||
{{- toYaml .Values.deployment.annotations | nindent 4 }}
|
{{- toYaml .Values.deployment.annotations | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.deployment.labels }}
|
||||||
|
{{- toYaml .Values.deployment.labels | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
replicas: {{ .Values.replicaCount }}
|
replicas: {{ .Values.replicaCount }}
|
||||||
strategy:
|
strategy:
|
||||||
@ -240,6 +244,8 @@ spec:
|
|||||||
- name: GITEA_ADMIN_PASSWORD
|
- name: GITEA_ADMIN_PASSWORD
|
||||||
value: {{ .Values.gitea.admin.password | quote }}
|
value: {{ .Values.gitea.admin.password | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
- name: GITEA_ADMIN_PASSWORD_MODE
|
||||||
|
value: {{ include "gitea.admin.passwordMode" $ }}
|
||||||
{{- if .Values.deployment.env }}
|
{{- if .Values.deployment.env }}
|
||||||
{{- toYaml .Values.deployment.env | nindent 12 }}
|
{{- toYaml .Values.deployment.env | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -306,15 +312,15 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.livenessProbe.enabled }}
|
{{- if .Values.gitea.livenessProbe.enabled }}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
{{- toYaml (omit .Values.gitea.livenessProbe "enabled") | nindent 12 }}
|
{{- include "gitea.deployment.probe" .Values.gitea.livenessProbe | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.readinessProbe.enabled }}
|
{{- if .Values.gitea.readinessProbe.enabled }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
{{- toYaml (omit .Values.gitea.readinessProbe "enabled") | nindent 12 }}
|
{{- include "gitea.deployment.probe" .Values.gitea.readinessProbe | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.startupProbe.enabled }}
|
{{- if .Values.gitea.startupProbe.enabled }}
|
||||||
startupProbe:
|
startupProbe:
|
||||||
{{- toYaml (omit .Values.gitea.startupProbe "enabled") | nindent 12 }}
|
{{- include "gitea.deployment.probe" .Values.gitea.startupProbe | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.resources | nindent 12 }}
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
@ -334,6 +340,9 @@ spec:
|
|||||||
subPath: {{ .Values.persistence.subPath }}
|
subPath: {{ .Values.persistence.subPath }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- include "gitea.container-additional-mounts" . | nindent 12 }}
|
{{- include "gitea.container-additional-mounts" . | nindent 12 }}
|
||||||
|
{{- if .Values.extraContainers }}
|
||||||
|
{{- toYaml .Values.extraContainers | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.global.hostAliases }}
|
{{- with .Values.global.hostAliases }}
|
||||||
hostAliases:
|
hostAliases:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
|
@ -7,6 +7,7 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.gpg-key-secret-name" . }}
|
name: {{ include "gitea.gpg-key-secret-name" . }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
|
@ -2,6 +2,7 @@ apiVersion: v1
|
|||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "gitea.fullname" . }}-http
|
name: {{ include "gitea.fullname" . }}-http
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
{{- if .Values.service.http.labels }}
|
{{- if .Values.service.http.labels }}
|
||||||
@ -11,7 +12,11 @@ metadata:
|
|||||||
{{- toYaml .Values.service.http.annotations | nindent 4 }}
|
{{- toYaml .Values.service.http.annotations | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
type: {{ .Values.service.http.type }}
|
type: {{ .Values.service.http.type }}
|
||||||
{{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
|
{{- if eq .Values.service.http.type "LoadBalancer" }}
|
||||||
|
{{- if .Values.service.http.loadBalancerClass }}
|
||||||
|
loadBalancerClass: {{ .Values.service.http.loadBalancerClass }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.service.http.loadBalancerIP }}
|
||||||
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
|
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.service.http.loadBalancerSourceRanges }}
|
{{- if .Values.service.http.loadBalancerSourceRanges }}
|
||||||
@ -20,6 +25,7 @@ spec:
|
|||||||
- {{ . }}
|
- {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.service.http.externalIPs }}
|
{{- if .Values.service.http.externalIPs }}
|
||||||
externalIPs:
|
externalIPs:
|
||||||
{{- toYaml .Values.service.http.externalIPs | nindent 4 }}
|
{{- toYaml .Values.service.http.externalIPs | nindent 4 }}
|
||||||
|
@ -13,6 +13,7 @@ apiVersion: {{ $apiVersion }}
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $fullName }}
|
name: {{ $fullName }}
|
||||||
|
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
@ -21,7 +22,7 @@ metadata:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.ingress.className }}
|
{{- if .Values.ingress.className }}
|
||||||
ingressClassName: {{ .Values.ingress.className }}
|
ingressClassName: {{ tpl .Values.ingress.className . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.ingress.tls }}
|
{{- if .Values.ingress.tls }}
|
||||||
tls:
|
tls:
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user