Make the chart work with a sqlite3 database (#124)

There are currently 2 issues that prevent using this chart to deploy gitea with a SQLite3 database.

1) The value from *gitea.config.database.HOST* is used to set *db.servicename* when  all the databases under *gitea.database.buildIn* are not enabled. This causes a type error during the template processing:
`Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:24:20: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:64:31: executing "db.servicename" at <.Values.gitea.config.database.HOST>: wrong type for value; expected string; got interface {}`

2) In *init_gitea.sh*, we use the value *db.servicename* and *db.port* to ping the database. If this database responds to ping, we proceed with the init. The problem here is that *db.port* is not set when all the databases under *gitea.database.buildIn* are disabled. In turn, this raises an error from busybox's *nc*, because no parameter is passed for *PORT*. This causes the init container to go in *CrashLoopBackOff* forever.

The simple fix that is proposed in this PR is to check wether or not *.Values.gitea.config.database.DB_TYPE* is set to determine the value *db.servicename*. If *DB_TYPE* is *'sqlite3'*, leave *db.servicename* empty and use that to bypass the database ping.

Co-authored-by: Baptiste Covolato <b.covolato@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/124
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: Nakrez <nakrez@noreply.gitea.io>
Co-committed-by: Nakrez <nakrez@noreply.gitea.io>

.gitignore

@@ -1,2 +1,3 @@
 charts
 Chart.lock
+.DS_Store

Chart.yaml

@@ -3,7 +3,7 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 1.13.1
+appVersion: 1.13.2
 icon: https://docs.gitea.io/images/gitea.png
 
 keywords:

README.md

@@ -288,6 +288,47 @@ kebab-case:
       bind-password: JustAnotherBindPw
       username-attribute: CN
 ```
+### OAuth2 Settings
+
+Like the admin user the OAuth2 settings can be updated but also disabled or deleted.
+All OAuth2 values from <https://docs.gitea.io/en-us/command-line/#admin> are available.
+You can either use them in camel case or kebab case.
+
+camelCase:
+
+```yaml
+  gitea:
+    oauth:
+      enabled: true
+      name: 'MyAwesomeGiteaOAuth'
+      provider: 'openidConnect'
+      key: 'hello'
+      secret: 'world'
+      autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration'
+      #useCustomUrls:
+      #customAuthUrl:
+      #customTokenUrl:
+      #customProfileUrl:
+      #customEmailUrl:
+```
+
+kebab-case:
+
+```yaml
+  gitea:
+    oauth:
+      enabled: true
+      name: 'MyAwesomeGiteaOAuth'
+      provider: 'openidConnect'
+      key: 'hello'
+      secret: 'world'
+      auto-discover-url: 'https://gitea.example.com/.well-known/openid-configuration'
+      #use-custom-urls:
+      #custom-auth-url:
+      #custom-token-url:
+      #custom-profile-url:
+      #custom-email-url:
+```
 
 ### Metrics and profiling
 
@@ -304,7 +345,7 @@ gitea:
 
   config:
     server:
-      PPROF_ENABLED: true
+      ENABLE_PPROF: true
 ```
 
 ### Pod Annotations
@@ -327,13 +368,14 @@ Annotations can be added to the Gitea pod.
 | extraVolumes                              | Additional volumes to mount to the Gitea statefulset   | {}          |
 | extraVolumeMounts                         | Additional volumes mounts for the Gitea containers     | {}          |
 | initPreScript                             | Bash script copied verbatim to start of init container |             |
+| securityContext                           | Run as a specific securityContext                      | {}          |
 
 ### Image
 
 | Parameter           | Description                       | Default                      |
 |---------------------|-----------------------------------|------------------------------|
 |image.repository| Image to start for this pod | gitea/gitea |
-|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.1 |
+|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.2 |
 |image.pullPolicy| Image pull policy | Always |
 
 ### Persistence
@@ -375,6 +417,34 @@ Annotations can be added to the Gitea pod.
 |---------------------|-----------------------------------|------------------------------|
 |gitea.config | Everything in app.ini can be configured with this dict. See Examples for more details | {} |
 
+### Gitea Probes
+
+Configure Liveness, Readiness and Startup [Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+
+| Parameter           | Description                       | Default                      |
+|---------------------|-----------------------------------|------------------------------|
+|gitea.livenessProbe.enabled | Enable liveness probe | true |
+|gitea.livenessProbe.initialDelaySeconds | Delay before probe start| 200 |
+|gitea.livenessProbe.timeoutSeconds | probe timeout | 1 |
+|gitea.livenessProbe.periodSeconds | period between probes | 10 |
+|gitea.livenessProbe.successThreshold | Minimum consecutive success probes | 1 |
+|gitea.livenessProbe.failureThreshold | Minimum consecutive error probes | 10 |
+|gitea.readinessProbe.enabled | Enable readiness probe | true |
+|gitea.readinessProbe.initialDelaySeconds | Delay before probe start| 200 |
+|gitea.readinessProbe.timeoutSeconds | probe timeout | 1 |
+|gitea.readinessProbe.periodSeconds | period between probes | 10 |
+|gitea.readinessProbe.successThreshold | Minimum consecutive success probes | 1 |
+|gitea.readinessProbe.failureThreshold | Minimum consecutive error probes | 10 |
+|gitea.startupProbe.enabled | Enable startup probe | false |
+|gitea.startupProbe.initialDelaySeconds | Delay before probe start| 200 |
+|gitea.startupProbe.timeoutSeconds | probe timeout | 1 |
+|gitea.startupProbe.periodSeconds | period between probes | 10 |
+|gitea.startupProbe.successThreshold | Minimum consecutive success probes | 1 |
+|gitea.startupProbe.failureThreshold | Minimum consecutive error probes | 10 |
+|gitea.customLivenessProbe | Custom liveness probe (needs `gitea.livenessProbe.enabled: false`) |  |
+|gitea.customReadinessProbe | Custom readiness probe (needs `gitea.readinessProbe.enabled: false`) |  |
+|gitea.customStartupProbe | Custom startup probe (needs `gitea.startupProbe.enabled: false`) |  |
+
 ### Memcached BuiltIn
 
 Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.

templates/_helpers.tpl

@@ -36,9 +36,11 @@ Common labels
 */}}
 {{- define "gitea.labels" -}}
 helm.sh/chart: {{ include "gitea.chart" . }}
+app: {{ include "gitea.name" . }}
 {{ include "gitea.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
@@ -58,7 +60,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- printf "%s-mysql" .Release.Name -}}
 {{- else if .Values.gitea.database.builtIn.mariadb.enabled -}}
 {{- printf "%s-mariadb" .Release.Name -}}
-{{- else -}}
+{{- else if ne .Values.gitea.config.database.DB_TYPE "sqlite3" -}}
 {{- $parts := split ":" .Values.gitea.config.database.HOST -}}
 {{- printf "%s %s" $parts._0 $parts._1 -}}
 {{- end -}}
@@ -105,4 +107,12 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- end -}}
 {{- end -}}
+{{- end -}}
+
+{{- define "gitea.oauth_settings" -}}
+{{- range $key, $val := .Values.gitea.oauth -}}
+{{- if ne $key "enabled" -}}
+{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
+{{- end -}}
+{{- end -}}
 {{- end -}}

templates/gitea/config.yaml

@@ -69,8 +69,8 @@ stringData:
     {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
     {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}}
     {{- end -}}
-    {{- if not (hasKey .Values.gitea.config.server "PPROF_ENABLED") -}}
-    {{- $_ := set .Values.gitea.config.server "PPROF_ENABLED" false -}}
+    {{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}}
+    {{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}}
     {{- end -}}
 
     {{- /* metrics default settings */ -}}

templates/gitea/init.yaml

@@ -21,14 +21,16 @@ stringData:
     mkdir -p /data/gitea/conf
     cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
     chmod a+rwx /data/gitea/conf/app.ini
+    {{- if include "db.servicename" . }}
     nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
+    {{- end }}
     su git -c ' \
     set -x; \
     gitea migrate; \
     {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
-    gitea admin create-user --username  {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
+    gitea admin create-user --username  {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
     || \
-    gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \
+    gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \
     {{- end }}
     {{- if .Values.gitea.ldap.enabled }}
     gitea admin auth add-ldap \
@@ -40,4 +42,14 @@ stringData:
       {{- include "gitea.ldap_settings" . | nindent 6 }} \
     ) \
     {{- end }}
+    {{- if .Values.gitea.oauth.enabled }}
+    gitea admin auth add-oauth \
+    {{- include "gitea.oauth_settings" . | nindent 6 }} \
+    || \
+    ( \
+      export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.oauth.name | quote }} | awk -F " "  "{print \$1}"); \
+      gitea admin auth update-oauth --id ${GITEA_AUTH_ID} \
+      {{- include "gitea.oauth_settings" . | nindent 6 }} \
+    ) \
+    {{- end }}
     '

templates/gitea/servicemonitor.yaml

@@ -5,6 +5,9 @@ metadata:
   name: {{ include "gitea.fullname" . }}
   labels:
     {{- include "gitea.labels" . | nindent 4 }}
+    {{- if .Values.gitea.metrics.serviceMonitor.prometheusSelector }}
+    prometheus: {{ .Values.gitea.metrics.serviceMonitor.prometheusSelector }}
+    {{- end }}
 spec:
   selector:
     matchLabels:

templates/gitea/ssh-svc.yaml

@@ -8,8 +8,16 @@ metadata:
     {{- toYaml .Values.service.ssh.annotations | nindent 4 }}
 spec:
   type: {{ .Values.service.ssh.type }}
-  {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
+  {{- if eq .Values.service.ssh.type "LoadBalancer" }}
+  {{- if .Values.service.ssh.loadBalancerIP }}
   loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
+  {{- end -}}
+  {{- if .Values.service.ssh.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- range .Values.service.ssh.loadBalancerSourceRanges }}
+    - {{ . }}
+  {{- end }}
+  {{- end }}
   {{- end }}
   {{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }}
   clusterIP: {{ .Values.service.ssh.clusterIP }}

templates/gitea/statefulset.yaml

@@ -15,11 +15,12 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }}
         checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }}
+        checksum/oauth: {{ include "gitea.oauth_settings" . | sha256sum }}
         {{- with .Values.gitea.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
       labels:
-        {{- include "gitea.selectorLabels" . | nindent 8 }}
+        {{- include "gitea.labels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -66,27 +67,53 @@ spec:
               containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }}
             - name: http
               containerPort: {{ .Values.gitea.config.server.HTTP_PORT }}
-            {{- if .Values.gitea.config.server.PPROF_ENABLED }}
+            {{- if .Values.gitea.config.server.ENABLE_PPROF }}
             - name: profiler
               containerPort: 6060
             {{- end }}
+          {{- if .Values.gitea.livenessProbe.enabled }}
           livenessProbe:
             tcpSocket:
               port: http
-            initialDelaySeconds: 200
-            timeoutSeconds: 1
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 10
+            initialDelaySeconds: {{ .Values.gitea.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.gitea.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.gitea.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.gitea.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.gitea.livenessProbe.failureThreshold }}
+          {{- else if .Values.gitea.customLivenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.gitea.customLivenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.gitea.readinessProbe.enabled }}
           readinessProbe:
             tcpSocket:
               port: http
-            initialDelaySeconds: 5
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
+            initialDelaySeconds: {{ .Values.gitea.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.gitea.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.gitea.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.gitea.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.gitea.readinessProbe.failureThreshold }}
+          {{- else if .Values.gitea.customReadinessProbe }}
+          readinessProbe:
+            {{- toYaml .Values.gitea.customReadinessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.gitea.startupProbe.enabled }}
+          startupProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: {{ .Values.gitea.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.gitea.startupProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.gitea.startupProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.gitea.startupProbe.successThreshold }}
+            failureThreshold: {{ .Values.gitea.startupProbe.failureThreshold }}
+          {{- else if .Values.gitea.customStartupProbe }}
+          startupProbe:
+            {{- toYaml .Values.gitea.customStartupProbe | nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           volumeMounts:
             - name: data
               mountPath: /data

values.yaml

@@ -8,11 +8,13 @@ clusterDomain: cluster.local
 
 image:
   repository: gitea/gitea
-  tag: 1.13.1
+  tag: 1.13.2
   pullPolicy: Always
 
 imagePullSecrets: []
 
+securityContext: {}
+
 service:
   http:
     type: ClusterIP
@@ -29,6 +31,7 @@ service:
     #nodePort:
     #externalTrafficPolicy:
     #externalIPs:
+    loadBalancerSourceRanges: []
     annotations:
 
 ingress:
@@ -111,6 +114,7 @@ gitea:
     enabled: false
     serviceMonitor:
       enabled: false
+      # prometheusSelector: default
 
   ldap:
     enabled: false
@@ -127,6 +131,19 @@ gitea:
     #usernameAttribute: 
     #sshPublicKeyAttribute:
 
+  oauth:
+    enabled: false
+    #name:
+    #provider:
+    #key: 
+    #secret: 
+    #autoDiscoverUrl:
+    #useCustomUrls:
+    #customAuthUrl:
+    #customTokenUrl:
+    #customProfileUrl:
+    #customEmailUrl:
+
   config: {}
   #  APP_NAME: "Gitea: Git with a cup of tea"
   #  RUN_MODE: dev
@@ -152,6 +169,52 @@ gitea:
     builtIn:
       enabled: true
 
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 200
+    timeoutSeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 10
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 5
+    timeoutSeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 3
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 10
+
+  # customLivenessProbe:
+  #   httpGet:
+  #     path: /user/login
+  #     port: http
+  #   initialDelaySeconds: 60
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   failureThreshold: 10
+  # customReadinessProbe:
+  #   httpGet:
+  #     path: /user/login
+  #     port: http
+  #   initialDelaySeconds: 5
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   failureThreshold: 3
+  # customStartupProbe:
+  #   httpGet:
+  #     path: /user/login
+  #     port: http
+  #   initialDelaySeconds: 60
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   failureThreshold: 10
+
 memcached:
   service:
     port: 11211