Compare commits
18 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2826258cfc | ||
|
|
943eda6d5f | ||
|
|
5311243a6e | ||
|
|
1b21ce2810 | ||
|
|
4fdf4ef41b | ||
|
|
63bc10e393 | ||
|
|
fea1abddd9 | ||
|
|
33ee018b52 | ||
|
|
13e210c75f | ||
|
|
a26b4e10d1 | ||
|
|
76aee7b25b | ||
|
|
bf1f5601be | ||
|
|
729a412803 | ||
|
|
79690ee488 | ||
|
|
5398b99514 | ||
|
|
f62b82e956 | ||
|
|
ed0ce3d192 | ||
|
|
8f70a4b9a0 |
@ -2,8 +2,8 @@ apiVersion: v2
|
||||
name: gitea
|
||||
description: Gitea Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 2.0.0
|
||||
appVersion: 1.12.5
|
||||
version: 2.1.3
|
||||
appVersion: 1.13.0
|
||||
icon: https://docs.gitea.io/images/gitea.png
|
||||
|
||||
keywords:
|
||||
@ -14,6 +14,7 @@ keywords:
|
||||
- gitea
|
||||
- gogs
|
||||
sources:
|
||||
- https://gitea.com/gitea/helm-chart
|
||||
- https://github.com/go-gitea/gitea
|
||||
- https://hub.docker.com/r/gitea/gitea/
|
||||
maintainers:
|
||||
|
||||
55
README.md
55
README.md
@ -132,6 +132,34 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change
|
||||
|
||||
This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing.
|
||||
|
||||
### ClusterIP
|
||||
|
||||
By default the clusterIP will be set to None, which is the default for headless services. However if you want to omit the clusterIP field in the service, use the following values:
|
||||
|
||||
```yaml
|
||||
service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
clusterIP:
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
port: 22
|
||||
clusterIP:
|
||||
```
|
||||
|
||||
### SSH and Ingress
|
||||
|
||||
If you're using ingress and wan't to use SSH, keep in mind, that ingress is not able to forward SSH Ports.
|
||||
You will need a LoadBalancer like metallb and a setting in your ssh service annotations.
|
||||
|
||||
```yaml
|
||||
service:
|
||||
ssh:
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: test
|
||||
```
|
||||
|
||||
### Cache
|
||||
|
||||
This helm chart can use a built in cache. The default is memcached from bitnami.
|
||||
@ -208,6 +236,10 @@ It is not possible to delete an admin user after it has been created. This has t
|
||||
### LDAP Settings
|
||||
|
||||
Like the admin user the ldap settings can be updated but also disabled or deleted.
|
||||
All ldap values from https://docs.gitea.io/en-us/command-line/#admin are available.
|
||||
You can either use them in camel case or kebab case.
|
||||
|
||||
camelCase:
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
@ -226,6 +258,25 @@ Like the admin user the ldap settings can be updated but also disabled or delete
|
||||
usernameAttribute: CN
|
||||
```
|
||||
|
||||
kebab-case:
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
ldap:
|
||||
enabled: true
|
||||
name: 'MyAwesomeGiteaLdap'
|
||||
security-protocol: unencrypted
|
||||
host: "127.0.0.1"
|
||||
port: "389"
|
||||
user-search-base: ou=Users,dc=example,dc=com
|
||||
user-filter: sAMAccountName=%s
|
||||
admin-filter: CN=Admin,CN=Group,DC=example,DC=com
|
||||
email-attribute: mail
|
||||
bind-dn: CN=ldap read,OU=Spezial,DC=example,DC=com
|
||||
bind-password: JustAnotherBindPw
|
||||
username-attribute: CN
|
||||
```
|
||||
|
||||
### Pod Annotations
|
||||
|
||||
Annotations can be added to the Gitea pod.
|
||||
@ -249,7 +300,7 @@ Annotations can be added to the Gitea pod.
|
||||
| Parameter | Description | Default |
|
||||
|---------------------|-----------------------------------|------------------------------|
|
||||
|image.repository| Image to start for this pod | gitea/gitea |
|
||||
|image.version| Image Version | 1.12.4 |
|
||||
|image.version| Image Version | 1.13.0 |
|
||||
|image.pullPolicy| Image pull policy | Always |
|
||||
|
||||
### Persistence
|
||||
@ -260,7 +311,7 @@ Annotations can be added to the Gitea pod.
|
||||
|persistence.existingClaim| Use an existing claim to store repository information | |
|
||||
|persistence.size| Size for persistence to store repo information | 10Gi |
|
||||
|persistence.accessModes|AccessMode for persistence||
|
||||
|persistence.storageClass|Storage class for repository persistence|standard|
|
||||
|persistence.storageClass|Storage class for repository persistence||
|
||||
|
||||
### Ingress
|
||||
|
||||
|
||||
@ -76,22 +76,33 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "postgresql.dns" -}}
|
||||
{{- printf "%s-postgresql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.postgresql.global.postgresql.servicePort -}}
|
||||
{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "mysql.dns" -}}
|
||||
{{- printf "%s-mysql.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
|
||||
{{- printf "%s-mysql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "mariadb.dns" -}}
|
||||
{{- printf "%s-mariadb.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.mariadb.primary.service.port | trunc 63 | trimSuffix "-" -}}
|
||||
{{- printf "%s-mariadb.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mariadb.primary.service.port | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "memcached.dns" -}}
|
||||
{{- printf "%s-memcached.%s.svc.cluster.local:%g" .Release.Name .Release.Namespace .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
|
||||
{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.default_domain" -}}
|
||||
{{- printf "%s-gitea.%s.svc.cluster.local" (include "gitea.fullname" .) .Release.Namespace | trunc 63 | trimSuffix "-" -}}
|
||||
{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.ldap_settings" -}}
|
||||
{{- range $key, $val := .Values.gitea.ldap -}}
|
||||
{{- if ne $key "enabled" -}}
|
||||
{{- if eq $key "port" -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) $val -}}
|
||||
{{- else -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -4,13 +4,15 @@ metadata:
|
||||
name: {{ include "gitea.fullname" . }}-http
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- toYaml .Values.service.http.annotations | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.http.type }}
|
||||
{{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
|
||||
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{ if eq .Values.service.http.type "ClusterIP" }}
|
||||
clusterIP: None
|
||||
{{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.service.http.clusterIP }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
|
||||
@ -1,7 +1,9 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "gitea.fullname" . -}}
|
||||
{{- $httpPort := .Values.service.http.port -}}
|
||||
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
@ -32,8 +34,18 @@ spec:
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
|
||||
pathType: Prefix
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
|
||||
service:
|
||||
name: {{ $fullName }}-http
|
||||
port:
|
||||
number: {{ $httpPort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullName }}-http
|
||||
servicePort: {{ $httpPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -18,40 +18,18 @@ stringData:
|
||||
set -x; \
|
||||
gitea migrate; \
|
||||
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
|
||||
gitea admin create-user --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \
|
||||
gitea admin create-user --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
|| \
|
||||
gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.ldap.enabled }}
|
||||
gitea admin auth add-ldap \
|
||||
--name {{ .Values.gitea.ldap.name | quote }} \
|
||||
--security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
|
||||
--host {{ .Values.gitea.ldap.host | quote }} \
|
||||
--port {{ .Values.gitea.ldap.port | int}} \
|
||||
--user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
|
||||
--user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
|
||||
--admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
|
||||
--email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
|
||||
--bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
|
||||
--bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
|
||||
--synchronize-users \
|
||||
--username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
|
||||
{{- include "gitea.ldap_settings" . | nindent 6 }} \
|
||||
|| \
|
||||
( \
|
||||
export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \
|
||||
gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
|
||||
--name {{ .Values.gitea.ldap.name | quote }} \
|
||||
--security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
|
||||
--host {{ .Values.gitea.ldap.host | quote }} \
|
||||
--port {{ .Values.gitea.ldap.port | int}} \
|
||||
--user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
|
||||
--user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
|
||||
--admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
|
||||
--email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
|
||||
--bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
|
||||
--bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
|
||||
--synchronize-users \
|
||||
--username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
|
||||
{{- include "gitea.ldap_settings" . | nindent 6 }} \
|
||||
) \
|
||||
{{- end }}
|
||||
'
|
||||
@ -5,18 +5,18 @@ metadata:
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{ toYaml .Values.service.ssh.annotations | indent 4 }}
|
||||
{{- toYaml .Values.service.ssh.annotations | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.ssh.type }}
|
||||
{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
|
||||
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.service.ssh.type "ClusterIP" }}
|
||||
clusterIP: None
|
||||
{{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.service.ssh.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.ssh.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.service.ssh.externalIPs | indent 4 }}
|
||||
{{- toYaml .Values.service.ssh.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.ssh.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.service.ssh.externalTrafficPolicy }}
|
||||
|
||||
@ -20,6 +20,10 @@ spec:
|
||||
labels:
|
||||
{{- include "gitea.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
initContainers:
|
||||
@ -109,7 +113,9 @@ spec:
|
||||
{{- range .Values.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
storageClassName: {{ .Values.persistence.storageClass | default "standard" | quote }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.persistence.storageClass | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
|
||||
@ -11,5 +11,5 @@ spec:
|
||||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "gitea.fullname" . }}:{{ .Values.service.port }}']
|
||||
args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}']
|
||||
restartPolicy: Never
|
||||
12
values.yaml
12
values.yaml
@ -4,9 +4,11 @@
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
clusterDomain: cluster.local
|
||||
|
||||
image:
|
||||
repository: gitea/gitea
|
||||
version: 1.12.5
|
||||
version: 1.13.0
|
||||
pullPolicy: Always
|
||||
|
||||
imagePullSecrets: []
|
||||
@ -15,9 +17,14 @@ service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
clusterIP: None
|
||||
#loadBalancerIP:
|
||||
#nodePort:
|
||||
annotations:
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
port: 22
|
||||
clusterIP: None
|
||||
#loadBalancerIP:
|
||||
#nodePort:
|
||||
#externalTrafficPolicy:
|
||||
@ -66,7 +73,6 @@ persistence:
|
||||
size: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClass: standard
|
||||
|
||||
gitea:
|
||||
admin:
|
||||
@ -149,4 +155,4 @@ mariadb:
|
||||
service:
|
||||
port: 3306
|
||||
persistence:
|
||||
size: 10Gi
|
||||
size: 10Gi
|
||||
|
||||
Reference in New Issue
Block a user