Compare commits
219 Commits
Author | SHA1 | Date | |
---|---|---|---|
![]() |
aec87c2490 | ||
![]() |
e3db83e22b | ||
![]() |
7cae9d3404 | ||
52153021e3 | |||
5f7d353901 | |||
![]() |
389a8460e4 | ||
![]() |
3bacaaad84 | ||
![]() |
2be2e2a639 | ||
7b892431d6 | |||
![]() |
f7c66c0336 | ||
5c7e78b467 | |||
478af4e381 | |||
7c4d6c3797 | |||
![]() |
aa9808bc27 | ||
![]() |
a08e39f8ff | ||
![]() |
c039673e5a | ||
![]() |
e636984db1 | ||
![]() |
77aa11a3bb | ||
![]() |
3fdb39df68 | ||
![]() |
9dc3f7c086 | ||
![]() |
036b469ff9 | ||
![]() |
339ee94260 | ||
![]() |
1c71764d3c | ||
e19723a3fb | |||
![]() |
2a762f0865 | ||
![]() |
c32c6f929f | ||
![]() |
e29cd1c289 | ||
![]() |
a535919025 | ||
![]() |
5c6cd932fe | ||
3265a5ed53 | |||
![]() |
1dbf171ad3 | ||
![]() |
6226e4eaea | ||
![]() |
6ffc0a3790 | ||
![]() |
1ac39a6f5d | ||
![]() |
c4168dd029 | ||
![]() |
4dd17f045b | ||
![]() |
030322170e | ||
![]() |
d407eda496 | ||
![]() |
b7b60dd51f | ||
![]() |
22848d0ce7 | ||
![]() |
157e87593d | ||
![]() |
f897e6350b | ||
![]() |
21bc9a548b | ||
![]() |
b13063ad7a | ||
![]() |
4d62136a3d | ||
![]() |
548f932422 | ||
![]() |
dc30c66d25 | ||
![]() |
0b2f3d6eb9 | ||
![]() |
dd304c1c1a | ||
![]() |
4f4c71fb39 | ||
![]() |
509ee975c4 | ||
![]() |
15385d02ee | ||
![]() |
617c773b7e | ||
![]() |
42937062d9 | ||
![]() |
a91624b52d | ||
![]() |
b768ded932 | ||
![]() |
fd8246e51d | ||
![]() |
20b14b01c1 | ||
![]() |
74bae066c4 | ||
![]() |
2f809390be | ||
![]() |
153a664138 | ||
![]() |
0135b10295 | ||
![]() |
2a9273d32f | ||
![]() |
3b2b700441 | ||
7fa896a0ce | |||
![]() |
d2bfa0250d | ||
![]() |
2d77b626ac | ||
![]() |
6644c1701b | ||
![]() |
a3fafc90a8 | ||
![]() |
ceb6de12a8 | ||
![]() |
ab5ec8ddb9 | ||
![]() |
d65737681a | ||
![]() |
8ee589a56f | ||
![]() |
a82540e7eb | ||
![]() |
0794fe5b8b | ||
![]() |
3ac530f66d | ||
![]() |
00fbf45f03 | ||
![]() |
4d339bb05b | ||
![]() |
829bca241d | ||
![]() |
6be4f8bb97 | ||
![]() |
aeea86b26a | ||
![]() |
4ed7818ec2 | ||
![]() |
b84a431854 | ||
![]() |
a1af5eab4e | ||
![]() |
f5ad4eb33d | ||
![]() |
5dfaca13f2 | ||
![]() |
70e5da077a | ||
![]() |
d7cba5443f | ||
![]() |
e9d401a9ee | ||
![]() |
7b7789e65d | ||
![]() |
8a191f0eca | ||
![]() |
469eacaf1c | ||
f0d0c00ed6 | |||
![]() |
323bcd7526 | ||
59b246302b | |||
![]() |
223069d042 | ||
![]() |
060945a486 | ||
![]() |
ff932a0bf9 | ||
![]() |
88a1650ce4 | ||
![]() |
d875809299 | ||
![]() |
a1d9059e53 | ||
![]() |
7e403d5ef6 | ||
![]() |
0081cabe0b | ||
![]() |
b265d87f55 | ||
![]() |
8bcd2dc63b | ||
![]() |
34c1212939 | ||
![]() |
5c4bcaa1e3 | ||
![]() |
f7d661ee3a | ||
6c0699e86e | |||
![]() |
d52ead0be7 | ||
![]() |
ead62a0dbc | ||
![]() |
7eea1acf05 | ||
![]() |
dcf1891edd | ||
7499fecc1a | |||
![]() |
3cf91bf6e7 | ||
![]() |
23847eba1c | ||
![]() |
bc872acdd3 | ||
![]() |
7de8e83433 | ||
![]() |
41e389c7cd | ||
![]() |
82dc077673 | ||
![]() |
ebc4600920 | ||
![]() |
f3abf73ebc | ||
![]() |
3707755373 | ||
![]() |
074def2acc | ||
![]() |
a249229ccf | ||
b68b9d91cf | |||
![]() |
0cc8c6d558 | ||
64c6d80dcf | |||
eb17917b53 | |||
7d96eb2940 | |||
ca903c9cf3 | |||
![]() |
40751af5c7 | ||
![]() |
226564b74d | ||
![]() |
9802e9ae41 | ||
![]() |
7d2a375685 | ||
![]() |
ef4e0dc77d | ||
![]() |
cbaad0ed8f | ||
![]() |
d2598c6161 | ||
![]() |
183b54fc27 | ||
![]() |
cd4271a1ad | ||
![]() |
dc8a2bd667 | ||
![]() |
c1c186b901 | ||
![]() |
1551065946 | ||
![]() |
1f72352f14 | ||
![]() |
7a9df83d18 | ||
![]() |
c2b0b677c1 | ||
![]() |
ffbec41c88 | ||
![]() |
74cec11931 | ||
![]() |
5e76871731 | ||
![]() |
453ab0e211 | ||
![]() |
c6887fde0a | ||
![]() |
08c50abba9 | ||
![]() |
779563141d | ||
![]() |
0e5bccd732 | ||
95d5fb209b | |||
![]() |
88d0f132d1 | ||
![]() |
eb13916386 | ||
![]() |
38776e2b51 | ||
![]() |
74fef7e4c6 | ||
![]() |
054ee87a8c | ||
![]() |
07fe17caf4 | ||
0d9d6bcbb2 | |||
28bd87b5a9 | |||
![]() |
30000677d7 | ||
![]() |
1550f9b4e0 | ||
![]() |
3276f1e76d | ||
![]() |
22872112cd | ||
![]() |
3dd6632c5f | ||
![]() |
ff83bab0e2 | ||
![]() |
7604d5606f | ||
![]() |
1331ae5e96 | ||
![]() |
35fcb41ce2 | ||
![]() |
9e00bff9bd | ||
5e148748ce | |||
![]() |
1ea6cb4633 | ||
![]() |
478fd6044e | ||
![]() |
860c2ce542 | ||
![]() |
269ca48586 | ||
![]() |
9dda709997 | ||
![]() |
aa8f543c08 | ||
![]() |
a5884ec67f | ||
![]() |
81612bd788 | ||
![]() |
565cbaf292 | ||
![]() |
19841604f7 | ||
![]() |
29c9bbb4bf | ||
![]() |
75893ad9c6 | ||
![]() |
a247071b07 | ||
![]() |
5f8de23c15 | ||
![]() |
c6fbb6d72e | ||
![]() |
f108be0cd6 | ||
![]() |
dc6bab1958 | ||
![]() |
de1d5af8c8 | ||
![]() |
46fb4d8026 | ||
![]() |
3a9e60ce40 | ||
![]() |
de5a6edbc8 | ||
![]() |
2ded843924 | ||
![]() |
ede76d4b68 | ||
![]() |
00433b97c4 | ||
![]() |
a20c014e49 | ||
![]() |
950e46ce44 | ||
![]() |
8e27bb9bae | ||
![]() |
f66a192d45 | ||
![]() |
6814f7f6d9 | ||
![]() |
cab7f3d0b5 | ||
![]() |
ca76cc571c | ||
![]() |
868c029e4d | ||
![]() |
81252dcb18 | ||
![]() |
5ed140088e | ||
![]() |
aa33330abe | ||
![]() |
b11c9c7568 | ||
5e5496f15d | |||
![]() |
0ca013647d | ||
![]() |
9c7e85a2bb | ||
![]() |
eefa169b8d | ||
![]() |
e28c1520c0 | ||
![]() |
55b22d2225 | ||
![]() |
5876a9e7fc | ||
![]() |
c274911aab | ||
![]() |
0861260c5d |
.drone.yml
.gitea
.helmignore.markdownlint.yaml.vscode
CODEOWNERSCONTRIBUTING.mdChart.lockChart.yamlMakefileREADME.mddocs
package-lock.jsonpackage.jsonreadme-actions-dev.mdrenovate.json5scripts
templates
47
.drone.yml
47
.drone.yml
@ -1,47 +0,0 @@
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: lint
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: arm64
|
||||
|
||||
steps:
|
||||
- name: helm lint
|
||||
pull: always
|
||||
image: alpine:3.17
|
||||
commands:
|
||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
||||
- helm lint
|
||||
|
||||
- name: helm template
|
||||
pull: always
|
||||
image: alpine:3.17
|
||||
commands:
|
||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
|
||||
- helm dependency update
|
||||
- helm template --debug gitea-helm .
|
||||
|
||||
- name: helm unittests
|
||||
pull: always
|
||||
image: alpine:3.17
|
||||
commands:
|
||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash
|
||||
- helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest
|
||||
- helm dependency update
|
||||
- make unittests
|
||||
|
||||
- name: verify readme
|
||||
pull: always
|
||||
image: alpine:3.17
|
||||
commands:
|
||||
- apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git
|
||||
- make readme
|
||||
- git diff --exit-code --name-only README.md
|
||||
|
||||
- name: yaml lint
|
||||
pull: always
|
||||
image: cytopia/yamllint:alpine-1
|
||||
commands:
|
||||
- yamllint -f colored .
|
@ -39,3 +39,5 @@
|
||||
|
||||
- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
|
||||
- [ ] Breaking changes are documented in the `README.md`
|
||||
- [ ] Templating unittests are added
|
||||
- [ ] All added template resources MUST render a namespace in metadata
|
||||
|
@ -5,38 +5,66 @@ on:
|
||||
tags:
|
||||
- "*"
|
||||
|
||||
env:
|
||||
# renovate: datasource=docker depName=alpine/helm
|
||||
HELM_VERSION: "3.16.3"
|
||||
|
||||
jobs:
|
||||
generate-chart-publish:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: install tools
|
||||
run: |
|
||||
apt update -y
|
||||
apt install -y curl
|
||||
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
|
||||
apt install -y curl ca-certificates curl gnupg
|
||||
# helm
|
||||
curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
mv linux-amd64/helm /usr/local/bin/
|
||||
rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz
|
||||
helm version
|
||||
# docker
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
chmod a+r /etc/apt/keyrings/docker.gpg
|
||||
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
apt update -y
|
||||
apt install -y python helm python3-pip apt-transport-https
|
||||
apt install -y python3 python3-pip apt-transport-https docker-ce-cli
|
||||
pip install awscli
|
||||
|
||||
- name: Import GPG key
|
||||
id: import_gpg
|
||||
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
|
||||
with:
|
||||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
||||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||
fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0
|
||||
|
||||
# Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843
|
||||
- name: package chart
|
||||
run: |
|
||||
helm dependency update
|
||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin
|
||||
# FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved
|
||||
helm plugin install https://github.com/pat-s/helm-gpg
|
||||
helm dependency build
|
||||
helm package --version "${GITHUB_REF#refs/tags/v}" ./
|
||||
mkdir gitea
|
||||
mv gitea*.tgz gitea/
|
||||
curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
|
||||
helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
|
||||
curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
|
||||
helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
|
||||
# push to dockerhub
|
||||
echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin
|
||||
helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts
|
||||
helm registry logout registry-1.docker.io
|
||||
|
||||
- name: aws credential configure
|
||||
uses: https://github.com/aws-actions/configure-aws-credentials@v2
|
||||
uses: https://github.com/aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: ${{ secrets.AWS_REGION }}
|
||||
- name: install aws cli
|
||||
run: |
|
||||
apt update -y &&
|
||||
pip install awscli
|
||||
|
||||
- name: Copy files to S3 and clear cache
|
||||
run: |
|
||||
aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/
|
||||
|
41
.gitea/workflows/test-pr.yml
Normal file
41
.gitea/workflows/test-pr.yml
Normal file
@ -0,0 +1,41 @@
|
||||
name: check-and-test
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- "*"
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- "renovate/**"
|
||||
|
||||
env:
|
||||
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
|
||||
HELM_UNITTEST_VERSION: "v0.7.0"
|
||||
|
||||
jobs:
|
||||
check-and-test:
|
||||
runs-on: ubuntu-latest
|
||||
container: alpine/helm:3.16.3
|
||||
steps:
|
||||
- name: install tools
|
||||
run: |
|
||||
apk update
|
||||
apk add --update make nodejs npm yamllint
|
||||
- uses: actions/checkout@v4
|
||||
- name: install chart dependencies
|
||||
run: helm dependency build
|
||||
- name: lint
|
||||
run: helm lint
|
||||
- name: template
|
||||
run: helm template --debug gitea-helm .
|
||||
- name: unit tests
|
||||
run: |
|
||||
helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest
|
||||
make unittests
|
||||
- name: verify readme
|
||||
run: |
|
||||
make readme
|
||||
git diff --exit-code --name-only README.md
|
||||
- name: yaml lint
|
||||
uses: https://github.com/ibiqlik/action-yamllint@v3
|
@ -31,3 +31,8 @@ Makefile
|
||||
.drone.yml
|
||||
CONTRIBUTING.md
|
||||
unittests/
|
||||
.editorconfig
|
||||
.prettierignore
|
||||
.yamllint
|
||||
CODEOWNERS
|
||||
renovate.json5
|
||||
|
@ -47,7 +47,7 @@ MD013:
|
||||
# Number of characters
|
||||
line_length: 200
|
||||
# Number of characters for headings
|
||||
heading_line_length: 80
|
||||
heading_line_length: 100
|
||||
# Number of characters for code blocks
|
||||
code_block_line_length: 80
|
||||
# Include code blocks
|
||||
@ -73,7 +73,7 @@ MD022:
|
||||
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
|
||||
MD024:
|
||||
# Only check sibling headings
|
||||
allow_different_nesting: true
|
||||
siblings_only: true
|
||||
|
||||
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
|
||||
MD025:
|
||||
@ -106,7 +106,7 @@ MD030:
|
||||
# MD033/no-inline-html - Inline HTML
|
||||
MD033:
|
||||
# Allowed elements
|
||||
allowed_elements: []
|
||||
allowed_elements: [details, summary]
|
||||
|
||||
# MD035/hr-style - Horizontal rule style
|
||||
MD035:
|
||||
|
8
.vscode/extensions.json
vendored
Normal file
8
.vscode/extensions.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"recommendations": [
|
||||
"yzhang.markdown-all-in-one",
|
||||
"DavidAnson.vscode-markdownlint",
|
||||
"Tim-Koehler.helm-intellisense",
|
||||
"esbenp.prettier-vscode"
|
||||
]
|
||||
}
|
8
.vscode/settings.json
vendored
Normal file
8
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.0/schema/helm-testsuite.json": [
|
||||
"/unittests/**/*.yaml"
|
||||
]
|
||||
},
|
||||
"yaml.schemaStore.enable": true
|
||||
}
|
1
CODEOWNERS
Normal file
1
CODEOWNERS
Normal file
@ -0,0 +1 @@
|
||||
* @justusbunsi @pat-s
|
@ -9,21 +9,16 @@ refactorings for easier maintainability or documentation improvements.
|
||||
- [`helm`](https://helm.sh/docs/intro/install/)
|
||||
- `make` is optional; you may call the commands directly
|
||||
|
||||
When using Visual Studio Code as IDE, following plugins might be useful:
|
||||
|
||||
- [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one)
|
||||
- [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint)
|
||||
- [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense)
|
||||
- [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode)
|
||||
When using Visual Studio Code as IDE, a [ready-to-use profile](.vscode/) is available.
|
||||
|
||||
## Documentation Requirements
|
||||
|
||||
The `README.md` must include all configuration options. The parameters section
|
||||
is generated by extracting the parameter annotations from the `values.yaml` file,
|
||||
by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).
|
||||
The `README.md` must include all configuration options.
|
||||
The parameters section is generated by extracting the parameter annotations from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).
|
||||
|
||||
If changes were made on configuration options, run `make readme` to update the
|
||||
README file.
|
||||
If changes were made on configuration options, run `make readme` to update the README file.
|
||||
|
||||
The ToC is created via the VSCode [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) extension which can/must also be used used to update it.
|
||||
|
||||
## Pull Request Requirements
|
||||
|
||||
@ -41,16 +36,15 @@ For local development and testing of pull requests, the following workflow can
|
||||
be used:
|
||||
|
||||
1. Install `minikube` and `helm`.
|
||||
2. Start a `minikube` cluster via `minikube start`.
|
||||
3. From the `gitea/helm-chart` directory execute the following command. This
|
||||
will install the dependencies listed in `Chart.yml` and deploy the current
|
||||
state of the helm chart found locally. If you want to test a branch, make
|
||||
sure to switch to the respective branch first.
|
||||
`helm install --dependency-update gitea . -f values.yaml`.
|
||||
4. Gitea is now deployed in `minikube`. To access it, it's port needs to be
|
||||
forwarded first from `minikube` to localhost first via `kubectl --namespace
|
||||
default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at
|
||||
[http://localhost:3000](http://localhost:3000).
|
||||
1. Start a `minikube` cluster via `minikube start`.
|
||||
1. From the `gitea/helm-chart` directory execute the following command.
|
||||
This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally.
|
||||
If you want to test a branch, make sure to switch to the respective branch first.
|
||||
`helm install --dependency-update gitea . -f values.yaml`.
|
||||
1. Gitea is now deployed in `minikube`.
|
||||
To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace
|
||||
default port-forward svc/gitea-http 3000:3000`.
|
||||
Now Gitea is accessible at [http://localhost:3000](http://localhost:3000).
|
||||
|
||||
### Unit tests
|
||||
|
||||
@ -61,3 +55,11 @@ $ helm plugin install https://github.com/helm-unittest/helm-unittest
|
||||
# run the unittests
|
||||
make unittests
|
||||
```
|
||||
|
||||
See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions.
|
||||
|
||||
## Release process
|
||||
|
||||
1. Create a tag following the tagging schema
|
||||
1. Push the tag
|
||||
1. Let CI do it's work
|
||||
|
18
Chart.lock
18
Chart.lock
@ -1,9 +1,15 @@
|
||||
dependencies:
|
||||
- name: memcached
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 6.3.13
|
||||
- name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.2.6
|
||||
digest: sha256:7a37054b0ae841314b1e309fec6f1edc0f22f77161ee915ebfb1ce011457884c
|
||||
generated: "2023-03-28T21:20:51.230043+02:00"
|
||||
version: 15.5.38
|
||||
- name: postgresql-ha
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 14.3.10
|
||||
- name: redis-cluster
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 10.3.0
|
||||
- name: redis
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 19.6.4
|
||||
digest: sha256:462d513ac8ef7abfe26030fd2ea93eb79df167a861ebe09d6c58c7dcd5601e85
|
||||
generated: "2024-11-30T00:41:29.178889496Z"
|
||||
|
30
Chart.yaml
30
Chart.yaml
@ -3,8 +3,9 @@ name: gitea
|
||||
description: Gitea Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 0.0.0
|
||||
appVersion: 1.19.1
|
||||
icon: https://docs.gitea.io/images/gitea.png
|
||||
# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
|
||||
appVersion: 1.22.4
|
||||
icon: https://gitea.com/assets/img/logo.svg
|
||||
|
||||
keywords:
|
||||
- git
|
||||
@ -31,15 +32,24 @@ maintainers:
|
||||
- name: Patrick Schratz
|
||||
email: patrick.schratz@gmail.com
|
||||
|
||||
# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details
|
||||
dependencies:
|
||||
# OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01)
|
||||
# Chart release date: 2023-03
|
||||
- name: memcached
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 6.3.13
|
||||
condition: memcached.enabled
|
||||
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql
|
||||
- name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.2.6
|
||||
version: 15.5.38
|
||||
condition: postgresql.enabled
|
||||
# https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
|
||||
- name: postgresql-ha
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 14.3.10
|
||||
condition: postgresql-ha.enabled
|
||||
# https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
|
||||
- name: redis-cluster
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 10.3.0
|
||||
condition: redis-cluster.enabled
|
||||
# https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
|
||||
- name: redis
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 19.6.4
|
||||
condition: redis.enabled
|
||||
|
7
Makefile
7
Makefile
@ -9,4 +9,9 @@ readme: prepare-environment
|
||||
|
||||
.PHONY: unittests
|
||||
unittests:
|
||||
helm unittest --strict -f 'unittests/**/*.yaml' ./
|
||||
helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./
|
||||
|
||||
.PHONY: helm
|
||||
update-helm-dependencies:
|
||||
helm dependency update
|
||||
|
178
docs/ha-setup.md
Normal file
178
docs/ha-setup.md
Normal file
@ -0,0 +1,178 @@
|
||||
# High Availability
|
||||
|
||||
All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment.
|
||||
The following document explains how to achieve this for all individual components.
|
||||
|
||||
The resulting Gitea deployment will consist of ~ 10 pods (depending on the chosen components and their replicas).
|
||||
One should evaluate upfront whether a HA-deployment is required as switching between HA/non-HA comes with some effort.
|
||||
For production instances, HA is always recommended to increase uptime and have a frictionless update process.
|
||||
|
||||
A general comment about chart dependencies and external services:
|
||||
Instead of relying on chart dependencies, it is often better to rely on an external, (managed) instances (in-memory database, asset storage provider, database, etc.).
|
||||
Many cloud providers offer such services, at least for databases or in-memory databases.
|
||||
They might cost a bit more than using a self-hosted k8s variant but are usually easier to maintain and scale, if needed.
|
||||
Also they can be centrally managed and are not linked to the Gitea helm chart or namespace.
|
||||
Please consider using external services before you start with your Gitea HA setup, it will make your life (and the life of the Gitea maintainers) easier.
|
||||
|
||||
This helm chart tries to help as much as possible to simplify and assert the provisioning of a HA-ready Gitea instance by implementing smart conditionals if `replicaCount` is set to a value > 1.
|
||||
Nevertheless, we cannot guarantee for every possible combination of Gitea settings to work together perfectly in a HA setup.
|
||||
As a general advice, we recommend to have a test environment aside on which to test possible changes/upgrades before applying these to a production installation.
|
||||
|
||||
## Requirements for HA
|
||||
|
||||
Storage-wise, the HA-Gitea setup requires a RWX file-system which can be shared among the deployment-based replica pods.
|
||||
In addition, the following components are required for full HA-readiness:
|
||||
|
||||
- A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch`
|
||||
- A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system)
|
||||
- A HA-ready cache (`redis-cluster`)
|
||||
- A HA-ready DB
|
||||
|
||||
`postgres.enabled`, which default to `true`, must be set to `false` for a HA setup.
|
||||
The default `postgres` chart dependency is not HA-ready (there's a dedicated `postgres-ha` chart).
|
||||
|
||||
The following sections discuss each of the components in more detail.
|
||||
Note that for each component discussed, the shown configurations only provides a (working) starting point, not necessarily the most optimal setup.
|
||||
We try to optimize this document over time as we have gained more experience with HA setups from users.
|
||||
|
||||
## Indexers (Issues and code/repo)
|
||||
|
||||
The default code indexer `bleve` is not able to allow multiple connections and hence cannot be used in a HA setup.
|
||||
Alternatives are `elasticsearch` and `meilisearch` (as of >= 1.19.2).
|
||||
Unless you have an existing `elasticsearch` cluster, we recommend using `meilisearch` as it is faster and requires way less resources.
|
||||
|
||||
Unfortunately, `meilisearch` does only support the `ISSUE_INDEXER` and not the `REPO_INDEXER` yet ([tracking issue](https://github.com/go-gitea/gitea/pull/24149)).
|
||||
This means that the `REPO_INDEXER` must still be disabled for a HA setup right now.
|
||||
An alternative to the two options above for the `ISSUE_INDEXER` is `"db"`, however we recommend to just go with `meilisearch` in this case and to not bother the DB with indexing.
|
||||
|
||||
To configure `meilisearch` within Gitea, do the following:
|
||||
|
||||
```yml
|
||||
gitea:
|
||||
config:
|
||||
indexer:
|
||||
ISSUE_INDEXER_CONN_STR: <http://meilisearch.<namespace>.svc.cluster.local:7700>
|
||||
ISSUE_INDEXER_ENABLED: true
|
||||
ISSUE_INDEXER_TYPE: meilisearch
|
||||
REPO_INDEXER_ENABLED: false
|
||||
# REPO_INDEXER_TYPE: meilisearch # not yet working
|
||||
```
|
||||
|
||||
Unfortunately `meilisearch` cannot be deployed in HA as of now.
|
||||
Nevertheless it allows for multiple Gitea requests at the same time and is therefore required in a HA setup.
|
||||
|
||||
Exemplary configuration for the [meilisearch-kubernetes](https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch) chart:
|
||||
|
||||
```yaml
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
```
|
||||
|
||||
## Cache, session and queue
|
||||
|
||||
A `redis` instance is required for the in-memory cache.
|
||||
Two options exist:
|
||||
|
||||
- `redis`
|
||||
- `redis-cluster`
|
||||
|
||||
The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups.
|
||||
You're also welcome to go with `redis` if you prefer or already have a running instance.
|
||||
|
||||
It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2.
|
||||
You can also configure an external (managed) `redis` instance to be used.
|
||||
To do so, you need to set the following configuration values yourself:
|
||||
|
||||
- `gitea.config.queue.TYPE`: redis`
|
||||
- `gitea.config.queue.CONN_STR`: `<your redis connection string>`
|
||||
|
||||
- `gitea.config.session.PROVIDER`: `redis`
|
||||
- `gitea.config.session.PROVIDER_CONFIG`: `<your redis connection string>`
|
||||
|
||||
- `gitea.config.cache.ENABLED`: `true`
|
||||
- `gitea.config.cache.ADAPTER`: `redis`
|
||||
- `gitea.config.cache.HOST`: `<your redis connection string>`
|
||||
|
||||
By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica.
|
||||
To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default.
|
||||
Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned.
|
||||
For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`.
|
||||
|
||||
## Object and asset storage
|
||||
|
||||
Object/asset storage refers to the storage of attachments, avatars, LFS files, etc.
|
||||
While most of these can be stored on the RWX file-system, it is recommended to use an external S3-compatible object storage for such, mainly for performance reasons.
|
||||
|
||||
By default the chart provisions a single RWO volume to store everything (repos, avatars, packages, etc.).
|
||||
This volume cannot be mounted by multiple pods.
|
||||
Hence, a RWX volume is required and (optionally) an external HA-ready object storage.
|
||||
|
||||
> **Note:** Double-check that the file permissions are set correctly on the RWX volume! That is everything should be owned by the `git` user which usually has `uid=1000` and `gid=1000`.
|
||||
|
||||
To use `minio` you need to deploy and configure an external `minio` instance yourself and explicitly define the `STORAGE_TYPE` values as shown below.
|
||||
|
||||
Note that `MINIO_BUCKET` here is just a name and does not refer to a S3 bucket.
|
||||
It's the root access point for all objects belonging to the respective application, i.e., to Gitea in this case.
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
config:
|
||||
attachment:
|
||||
STORAGE_TYPE: minio
|
||||
lfs:
|
||||
STORAGE_TYPE: minio
|
||||
picture:
|
||||
AVATAR_STORAGE_TYPE: minio
|
||||
"storage.packages":
|
||||
STORAGE_TYPE: minio
|
||||
|
||||
storage:
|
||||
MINIO_ENDPOINT: <minio-headless.<namespace>.svc.cluster.local:9000>
|
||||
MINIO_LOCATION: <location>
|
||||
MINIO_ACCESS_KEY_ID: <access key>
|
||||
MINIO_SECRET_ACCESS_KEY: <secret key>
|
||||
MINIO_BUCKET: <bucket name>
|
||||
MINIO_USE_SSL: false
|
||||
```
|
||||
|
||||
Exemplary configuration for the [bitnami minio](https://github.com/bitnami/charts/blob/main/bitnami/minio) chart:
|
||||
|
||||
```yaml
|
||||
auth:
|
||||
rootUser: minio
|
||||
mode: distributed
|
||||
replicaCount: 4
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 20Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
```
|
||||
|
||||
## Database
|
||||
|
||||
If you do not have an HA-ready DB, using a managed database service in the cloud might be the easiest and most robust solution.
|
||||
Remember: disable the built-in `postgres` dependency and configure the database connection manually via `gitea.config.database`:
|
||||
|
||||
```yml
|
||||
gitea:
|
||||
database:
|
||||
builtIn:
|
||||
postgresql:
|
||||
enabled: false
|
||||
config:
|
||||
database:
|
||||
DB_TYPE: postgres
|
||||
HOST: <host>
|
||||
NAME: <name>
|
||||
USER: <user>
|
||||
```
|
||||
|
||||
## Known issues
|
||||
|
||||
- Currently Cron jobs are run on all replicas as no leader election is implemented.
|
||||
See [https://github.com/go-gitea/gitea/issues/13791](https://github.com/go-gitea/gitea/issues/13791) for a discussion and possible solution.
|
||||
|
||||
- Running with multiple replicas slows down Gitea a bit, i.e. page loading time increases.
|
1003
package-lock.json
generated
1003
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -13,7 +13,7 @@
|
||||
"readme:parameters": "readme-generator -v values.yaml -r README.md"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@bitnami/readme-generator-for-helm": "^2.4.2",
|
||||
"markdownlint-cli": "^0.31.1"
|
||||
"@bitnami/readme-generator-for-helm": "^2.5.0",
|
||||
"markdownlint-cli": "^0.43.0"
|
||||
}
|
||||
}
|
||||
|
34
readme-actions-dev.md
Normal file
34
readme-actions-dev.md
Normal file
@ -0,0 +1,34 @@
|
||||
# Gitea Actions
|
||||
|
||||
In order to use the Gitea Actions act-runner you must either:
|
||||
|
||||
- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job)
|
||||
- create a secret containing the act runner token and reference it as a `existingSecret`
|
||||
|
||||
In order to use Gitea Actions, you must log on the server that's running Gitea and run the command:
|
||||
`gitea actions generate-runner-token`
|
||||
|
||||
This command will out a token that is needed by the act-runner to register with the Gitea backend.
|
||||
|
||||
Because this is a manual operation, we automated this using a Kubernetes Job using the following containers:
|
||||
|
||||
1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token`
|
||||
2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and
|
||||
the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret
|
||||
|
||||
After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers:
|
||||
|
||||
1) `act-runner`: authenticates with Gitea using the token that was stored in the secret
|
||||
2) `dind`: DockerInDocker image that is used to run the actions
|
||||
|
||||
If you are not using persistent volumes, you cannot use the Job to automatically generate the token.
|
||||
In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke
|
||||
the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via:
|
||||
|
||||
```yaml
|
||||
actions:
|
||||
provisioning:
|
||||
enabled: false
|
||||
existingSecret: "secret-name"
|
||||
existingSecretKey: "secret-key"
|
||||
```
|
94
renovate.json5
Normal file
94
renovate.json5
Normal file
@ -0,0 +1,94 @@
|
||||
{
|
||||
$schema: 'https://docs.renovatebot.com/renovate-schema.json',
|
||||
extends: [
|
||||
'gitea>gitea/renovate-config',
|
||||
':automergeMinor',
|
||||
'schedule:automergeDaily',
|
||||
'schedule:weekends',
|
||||
],
|
||||
labels: [
|
||||
'kind/dependency',
|
||||
],
|
||||
automergeStrategy: 'squash',
|
||||
customManagers: [
|
||||
{
|
||||
description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions',
|
||||
customType: 'regex',
|
||||
fileMatch: [
|
||||
'.gitea/workflows/.+\\.ya?ml$',
|
||||
],
|
||||
matchStrings: [
|
||||
'# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?<currentValue>.+?)["\']?\\s',
|
||||
],
|
||||
},
|
||||
{
|
||||
description: 'Detect helm-unittest yaml schema file',
|
||||
customType: 'regex',
|
||||
fileMatch: ['.vscode/settings\\.json$'],
|
||||
matchStrings: [
|
||||
'https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\s]+?)\\/(?<currentValue>v[0-9.]+?)\\/schema\\/helm-testsuite\\.json',
|
||||
],
|
||||
datasourceTemplate: 'github-releases',
|
||||
},
|
||||
{
|
||||
'description': 'Automatically detect new Gitea releases',
|
||||
'customType': 'regex',
|
||||
'fileMatch': ['(^|/)Chart\\.yaml$'],
|
||||
'matchStrings': [
|
||||
'# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n',
|
||||
],
|
||||
},
|
||||
],
|
||||
packageRules: [
|
||||
{
|
||||
groupName: 'subcharts (minor & patch)',
|
||||
matchManagers: [
|
||||
'helmv3',
|
||||
],
|
||||
matchUpdateTypes: [
|
||||
'minor',
|
||||
'patch',
|
||||
'digest',
|
||||
],
|
||||
},
|
||||
{
|
||||
groupName: 'workflow dependencies (minor & patch)',
|
||||
matchManagers: [
|
||||
'github-actions',
|
||||
'npm',
|
||||
'custom.regex',
|
||||
],
|
||||
matchUpdateTypes: [
|
||||
'minor',
|
||||
'patch',
|
||||
'digest',
|
||||
],
|
||||
matchFileNames: [
|
||||
'!Chart.yaml',
|
||||
],
|
||||
},
|
||||
{
|
||||
description: 'Update README.md on changes in values.yaml',
|
||||
matchManagers: [
|
||||
'helm-values',
|
||||
],
|
||||
postUpgradeTasks: {
|
||||
commands: [
|
||||
'install-tool node',
|
||||
'make readme',
|
||||
],
|
||||
fileFilters: [
|
||||
'README.md',
|
||||
],
|
||||
executionMode: 'update',
|
||||
},
|
||||
},
|
||||
{
|
||||
description: 'Override changelog url for Helm image, to have release notes in our PRs',
|
||||
matchDepNames: [
|
||||
'alpine/helm',
|
||||
],
|
||||
changelogUrl: 'https://github.com/helm/helm',
|
||||
},
|
||||
],
|
||||
}
|
43
scripts/token.sh
Normal file
43
scripts/token.sh
Normal file
@ -0,0 +1,43 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
timeout_delay=15
|
||||
|
||||
check_token() {
|
||||
set +e
|
||||
|
||||
echo "Checking for existing token..."
|
||||
token="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['token']}" 2> /dev/null)"
|
||||
[ $? -ne 0 ] && return 1
|
||||
[ -z "$token" ] && return 2
|
||||
return 0
|
||||
}
|
||||
|
||||
create_token() {
|
||||
echo "Waiting for new token to be generated..."
|
||||
begin=$(date +%s)
|
||||
end=$((begin + timeout_delay))
|
||||
while true; do
|
||||
[ -f /data/actions/token ] && return 0
|
||||
[ "$(date +%s)" -gt $end ] && return 1
|
||||
sleep 5
|
||||
done
|
||||
}
|
||||
|
||||
store_token() {
|
||||
echo "Storing the token in Kubernetes secret..."
|
||||
kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"token\":\"$(base64 /data/actions/token | tr -d '\n')\"}}"
|
||||
}
|
||||
|
||||
if check_token; then
|
||||
echo "Key already in place, exiting."
|
||||
exit
|
||||
fi
|
||||
|
||||
if ! create_token; then
|
||||
echo "Checking for an existing act runner token in secret $SECRET_NAME timed out after $timeout_delay"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
store_token
|
@ -18,3 +18,19 @@
|
||||
echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application"
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }}
|
||||
{{- end }}
|
||||
{{- $warnings := list -}}
|
||||
{{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}}
|
||||
{{- $warnings = append $warnings "Gitea uses 'memory' for caching which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#cache-cache for available options." -}}
|
||||
{{- end }}
|
||||
{{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}}
|
||||
{{- $warnings = append $warnings "Gitea uses 'leveldb' for queue actions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#queue-queue-and-queue for available options." -}}
|
||||
{{- end }}
|
||||
{{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}}
|
||||
{{- $warnings = append $warnings "Gitea uses 'memory' for sessions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#session-session for available options." -}}
|
||||
{{- end }}
|
||||
{{- if gt (len $warnings) 0 }}
|
||||
2. Review these warnings:
|
||||
{{- range $warnings }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -2,6 +2,7 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
|
||||
{{- define "gitea.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
@ -24,6 +25,13 @@ If release name contains chart name it will be used as a full name.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default worker name.
|
||||
*/}}
|
||||
{{- define "gitea.workername" -}}
|
||||
{{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
@ -35,14 +43,22 @@ Create chart name and version as used by the chart label.
|
||||
Create image name and tag used by the deployment.
|
||||
*/}}
|
||||
{{- define "gitea.image" -}}
|
||||
{{- $fullOverride := .Values.image.fullOverride | default "" -}}
|
||||
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
|
||||
{{- $name := .Values.image.repository -}}
|
||||
{{- $tag := .Values.image.tag | default .Chart.AppVersion -}}
|
||||
{{- $repository := .Values.image.repository -}}
|
||||
{{- $separator := ":" -}}
|
||||
{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}}
|
||||
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
||||
{{- if $registry -}}
|
||||
{{- printf "%s/%s:%s%s" $registry $name $tag $rootless -}}
|
||||
{{- $digest := "" -}}
|
||||
{{- if .Values.image.digest }}
|
||||
{{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}}
|
||||
{{- end -}}
|
||||
{{- if $fullOverride }}
|
||||
{{- printf "%s" $fullOverride -}}
|
||||
{{- else if $registry }}
|
||||
{{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s:%s%s" $name $tag $rootless -}}
|
||||
{{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@ -65,7 +81,7 @@ imagePullSecrets:
|
||||
Storage Class
|
||||
*/}}
|
||||
{{- define "gitea.persistence.storageClass" -}}
|
||||
{{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }}
|
||||
{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
|
||||
{{- if $storageClass }}
|
||||
storageClassName: {{ $storageClass | quote }}
|
||||
{{- end }}
|
||||
@ -83,6 +99,15 @@ version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.labels.actRunner" -}}
|
||||
helm.sh/chart: {{ include "gitea.chart" . }}
|
||||
app: {{ include "gitea.name" . }}-act-runner
|
||||
{{ include "gitea.selectorLabels.actRunner" . }}
|
||||
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||
version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
@ -91,16 +116,51 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "postgresql.dns" -}}
|
||||
{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
|
||||
{{- define "gitea.selectorLabels.actRunner" -}}
|
||||
app.kubernetes.io/name: {{ include "gitea.name" . }}-act-runner
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "memcached.dns" -}}
|
||||
{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.ports.memcached | trunc 63 | trimSuffix "-" -}}
|
||||
{{- define "postgresql-ha.dns" -}}
|
||||
{{- if (index .Values "postgresql-ha").enabled -}}
|
||||
{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "postgresql.dns" -}}
|
||||
{{- if (index .Values "postgresql").enabled -}}
|
||||
{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "redis.dns" -}}
|
||||
{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
|
||||
{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}}
|
||||
{{- else if (index .Values "redis-cluster").enabled -}}
|
||||
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
|
||||
{{- else if (index .Values "redis").enabled -}}
|
||||
{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "redis.port" -}}
|
||||
{{- if (index .Values "redis-cluster").enabled -}}
|
||||
{{ (index .Values "redis-cluster").service.ports.redis }}
|
||||
{{- else if (index .Values "redis").enabled -}}
|
||||
{{ (index .Values "redis").master.service.ports.redis }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "redis.servicename" -}}
|
||||
{{- if (index .Values "redis-cluster").enabled -}}
|
||||
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- else if (index .Values "redis").enabled -}}
|
||||
{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.default_domain" -}}
|
||||
{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
|
||||
{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.ldap_settings" -}}
|
||||
@ -160,6 +220,15 @@ https
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.act_runner.local_root_url" -}}
|
||||
{{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}}
|
||||
{{- printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port -}}
|
||||
{{- else -}}
|
||||
{{/* fallback for allowing to overwrite this value via inline config */}}
|
||||
{{- .Values.gitea.config.server.LOCAL_ROOT_URL -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration" -}}
|
||||
{{- include "gitea.inline_configuration.init" . -}}
|
||||
{{- include "gitea.inline_configuration.defaults" . -}}
|
||||
@ -182,6 +251,7 @@ https
|
||||
{{- else -}}
|
||||
{{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -211,6 +281,21 @@ https
|
||||
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
|
||||
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "session") -}}
|
||||
{{- $_ := set .Values.gitea.config "session" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "queue") -}}
|
||||
{{- $_ := set .Values.gitea.config "queue" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "queue.issue_indexer") -}}
|
||||
{{- $_ := set .Values.gitea.config "queue.issue_indexer" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "indexer") -}}
|
||||
{{- $_ := set .Values.gitea.config "indexer" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "actions") -}}
|
||||
{{- $_ := set .Values.gitea.config "actions" dict -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults" -}}
|
||||
@ -226,12 +311,42 @@ https
|
||||
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
||||
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.memcached.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
|
||||
{{- if not (.Values.gitea.config.cache.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
|
||||
{{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}}
|
||||
{{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}}
|
||||
{{- end -}}
|
||||
{{- /* redis queue */ -}}
|
||||
{{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
|
||||
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
|
||||
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
|
||||
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
|
||||
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}}
|
||||
{{- else -}}
|
||||
{{- if not (get .Values.gitea.config.session "PROVIDER") -}}
|
||||
{{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}}
|
||||
{{- end -}}
|
||||
{{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}}
|
||||
{{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" "" -}}
|
||||
{{- end -}}
|
||||
{{- if not (get .Values.gitea.config.queue "TYPE") -}}
|
||||
{{- $_ := set .Values.gitea.config.queue "TYPE" "level" -}}
|
||||
{{- end -}}
|
||||
{{- if not (get .Values.gitea.config.queue "CONN_STR") -}}
|
||||
{{- $_ := set .Values.gitea.config.queue "CONN_STR" "" -}}
|
||||
{{- end -}}
|
||||
{{- if not (get .Values.gitea.config.cache "ADAPTER") -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memory" -}}
|
||||
{{- end -}}
|
||||
{{- if not (get .Values.gitea.config.cache "HOST") -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "HOST" "" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}}
|
||||
{{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.actions.ENABLED -}}
|
||||
{{- $_ := set .Values.gitea.config.actions "ENABLED" (ternary "true" "false" .Values.actions.enabled) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@ -244,7 +359,7 @@ https
|
||||
{{- end -}}
|
||||
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- if gt (len .Values.ingress.hosts) 0 -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
|
||||
{{- end -}}
|
||||
@ -252,6 +367,9 @@ https
|
||||
{{- if not .Values.gitea.config.server.ROOT_URL -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.actions.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (include "gitea.act_runner.local_root_url" .) -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
|
||||
{{- end -}}
|
||||
@ -279,7 +397,16 @@ https
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults.database" -}}
|
||||
{{- if .Values.postgresql.enabled -}}
|
||||
{{- if (index .Values "postgresql-ha" "enabled") -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql-ha.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "database") -}}
|
||||
{{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "username") -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "password") -}}
|
||||
{{- end -}}
|
||||
{{- if (index .Values "postgresql" "enabled") -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
|
||||
@ -311,3 +438,37 @@ https
|
||||
{{- define "gitea.gpg-key-secret-name" -}}
|
||||
{{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.serviceAccountName" -}}
|
||||
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.admin.passwordMode" -}}
|
||||
{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
|
||||
{{ .Values.gitea.admin.passwordMode }}
|
||||
{{- else -}}
|
||||
{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create a functioning probe object for rendering. Given argument must be either a livenessProbe, readinessProbe, or startupProbe */}}
|
||||
{{- define "gitea.deployment.probe" -}}
|
||||
{{- $probe := unset . "enabled" -}}
|
||||
{{- $probeKeys := keys $probe -}}
|
||||
{{- $containsCustomMethod := false -}}
|
||||
{{- $chartDefaultMethod := "tcpSocket" -}}
|
||||
{{- $nonChartDefaultMethods := list "exec" "httpGet" "grpc" -}}
|
||||
{{- range $probeKeys -}}
|
||||
{{- if has . $nonChartDefaultMethods -}}
|
||||
{{- $containsCustomMethod = true -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if $containsCustomMethod -}}
|
||||
{{- $probe = unset . $chartDefaultMethod -}}
|
||||
{{- end -}}
|
||||
{{- toYaml $probe -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.metrics-secret-name" -}}
|
||||
{{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }}
|
||||
{{- end -}}
|
15
templates/gitea/act_runner/01-consistency-checks.yaml
Normal file
15
templates/gitea/act_runner/01-consistency-checks.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
{{- if .Values.actions.enabled -}}
|
||||
{{- if .Values.actions.provisioning.enabled -}}
|
||||
{{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}}
|
||||
{{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}}
|
||||
{{- end -}}
|
||||
{{- if and .Values.persistence.enabled .Values.persistence.mount -}}
|
||||
{{- if .Values.actions.existingSecret -}}
|
||||
{{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}}
|
||||
{{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
15
templates/gitea/act_runner/config-act-runner.yaml
Normal file
15
templates/gitea/act_runner/config-act-runner.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}-act-runner-config
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
data:
|
||||
config.yaml: |
|
||||
{{- with .Values.actions.statefulset.actRunner.config -}}
|
||||
{{ . | nindent 4}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
14
templates/gitea/act_runner/config-scripts.yaml
Normal file
14
templates/gitea/act_runner/config-scripts.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}-scripts
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
data:
|
||||
{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
115
templates/gitea/act_runner/job.yaml
Normal file
115
templates/gitea/act_runner/job.yaml
Normal file
@ -0,0 +1,115 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
{{- with .Values.actions.provisioning.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/component: token-job
|
||||
annotations:
|
||||
{{- with .Values.actions.provisioning.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
ttlSecondsAfterFinished: {{ .Values.actions.provisioning.ttlSecondsAfterFinished }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 8 }}
|
||||
{{- with .Values.actions.provisioning.labels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/component: token-job
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-gitea
|
||||
image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}"
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do
|
||||
sleep 5
|
||||
done
|
||||
containers:
|
||||
- name: actions-token-create
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
env:
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
echo "Generating act_runner token via 'gitea actions generate-runner-token'..."
|
||||
mkdir -p /data/actions/
|
||||
gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token
|
||||
resources:
|
||||
{{- toYaml .Values.actions.provisioning.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
- name: actions-token-upload
|
||||
image: "{{ .Values.actions.provisioning.publish.repository }}:{{ .Values.actions.provisioning.publish.tag }}"
|
||||
imagePullPolicy: {{ .Values.actions.provisioning.publish.pullPolicy }}
|
||||
env:
|
||||
- name: SECRET_NAME
|
||||
value: {{ $secretName }}
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
printf "Checking rights to update kubernetes act_runner secret..."
|
||||
kubectl auth can-i update secret/${SECRET_NAME}
|
||||
/scripts/token.sh
|
||||
resources:
|
||||
{{- toYaml .Values.actions.provisioning.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /scripts
|
||||
name: scripts
|
||||
readOnly: true
|
||||
- mountPath: /data
|
||||
name: data
|
||||
readOnly: true
|
||||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- with .Values.actions.provisioning.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.actions.provisioning.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.actions.provisioning.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
restartPolicy: Never
|
||||
serviceAccount: {{ $name }}
|
||||
volumes:
|
||||
- name: scripts
|
||||
configMap:
|
||||
name: {{ include "gitea.fullname" . }}-scripts
|
||||
defaultMode: 0755
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.claimName }}
|
||||
parallelism: 1
|
||||
completions: 1
|
||||
backoffLimit: 1
|
||||
{{- end }}
|
||||
{{- end }}
|
26
templates/gitea/act_runner/role-job.yaml
Normal file
26
templates/gitea/act_runner/role-job.yaml
Normal file
@ -0,0 +1,26 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: token-job
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
resourceNames:
|
||||
- {{ $secretName }}
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- patch
|
||||
{{- end }}
|
||||
{{- end }}
|
23
templates/gitea/act_runner/rolebinding-job.yaml
Normal file
23
templates/gitea/act_runner/rolebinding-job.yaml
Normal file
@ -0,0 +1,23 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: token-job
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
20
templates/gitea/act_runner/secret-token.yaml
Normal file
20
templates/gitea/act_runner/secret-token.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: token-job
|
||||
{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
|
||||
{{ if $secret -}}
|
||||
data:
|
||||
token: {{ (b64dec (index $secret.data "token")) | b64enc }}
|
||||
{{ end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
14
templates/gitea/act_runner/serviceaccount-job.yaml
Normal file
14
templates/gitea/act_runner/serviceaccount-job.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
{{- if .Values.actions.enabled }}
|
||||
{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }}
|
||||
{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: token-job
|
||||
{{- end }}
|
||||
{{- end }}
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user