Overhaul ingress configuration #679

Open
pat-s wants to merge 10 commits from fix-674 into main
7 changed files with 202 additions and 75 deletions

View File

@ -99,7 +99,7 @@ These dependencies are enabled by default:
Alternatively, the following non-HA replacements are available:
- PostgreSQL ([Bitnami PostgreSQL](<Postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)>))
- PostgreSQL ([Bitnami PostgreSQL](<postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)>))
- Redis ([Bitnami Redis](<Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)>))
### Dependency Versioning
@ -922,16 +922,16 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
### Ingress
| Name | Description | Value |
| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- |
| `ingress.enabled` | Enable ingress | `false` |
| `ingress.className` | Ingress class name | `nil` |
| `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` |
| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` |
| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` |
| `ingress.tls` | Ingress tls settings | `[]` |
| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | |
| Name | Description | Value |
| -------------------------- | --------------------------------------------------- | ----------------- |
| `ingress.enabled` | Enable ingress | `false` |
| `ingress.className` | DEPRECATED: Use `ingress.ingressClassName` instead. | `""` |
| `ingress.ingressClassName` | Ingress class name | `""` |
| `ingress.pathType` | Ingress Path Type | `Prefix` |
| `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` |
| `ingress.hosts[0].paths` | Default Ingress path | `[]` |
| `ingress.tls` | Ingress tls settings | `[]` |
### deployment

View File

@ -401,6 +401,32 @@ https
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
{{- end -}}
{{- define "ingress.annotations" -}}
{{- if .Values.ingress.annotations }}
annotations:
{{- $tp := typeOf .Values.ingress.annotations }}
{{- if eq $tp "string" }}
{{- tpl .Values.ingress.annotations . | nindent 4 }}
{{- else }}
{{- toYaml .Values.ingress.annotations | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "ingress.ingressClassName" -}}
{{- if ne .Values.ingress.className "" -}}
# WARNING: 'ingress.className' is deprecated and will be removed in a future release. Use 'ingress.ingressClassName' instead."
{{ end -}}
{{- if and (ne .Values.ingress.className "" ) (ne .Values.ingress.ingressClassName "") -}}
{{- fail "ingress.ingressClassName and ingress.className cannot be defined at the same time. Please only choose one." -}}
{{- end -}}
{{- if ne .Values.ingress.className "" -}}
ingressClassName: {{ tpl .Values.ingress.className . }}
{{- else if ne .Values.ingress.ingressClassName "" -}}
ingressClassName: {{ tpl .Values.ingress.ingressClassName . }}
{{- end -}}
{{- end -}}
{{- define "gitea.admin.passwordMode" -}}
{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
{{ .Values.gitea.admin.passwordMode }}

View File

@ -1,28 +1,16 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "gitea.fullname" . -}}
{{- $httpPort := .Values.service.http.port -}}
{{- $apiVersion := "extensions/v1beta1" -}}
{{- if .Values.ingress.apiVersion -}}
{{- $apiVersion = .Values.ingress.apiVersion -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
{{- $apiVersion = "networking.k8s.io/v1" }}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}}
{{- $apiVersion = "networking.k8s.io/v1beta1" }}
{{- end }}
apiVersion: {{ $apiVersion }}
{{- $pathType := .Values.ingress.pathType -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- template "ingress.annotations" . }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ tpl .Values.ingress.className . }}
{{- end }}
{{- include "ingress.ingressClassName" . | nindent 2 }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
@ -38,21 +26,14 @@ spec:
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }}
pathType: {{ .pathType }}
{{- end }}
{{- range (.paths | default (list "/")) }}
- path: {{ . }}
pathType: {{ $pathType }}
backend:
{{- if eq $apiVersion "networking.k8s.io/v1" }}
service:
name: {{ $fullName }}-http
port:
number: {{ $httpPort }}
{{- else }}
serviceName: {{ $fullName }}-http
servicePort: {{ $httpPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,93 @@
suite: Test ingress.yaml
templates:
- templates/gitea/ingress.yaml
tests:
- it: should enable ingress when ingress.enabled is true
set:
ingress.enabled: true
ingress.apiVersion: networking.k8s.io/v1
ingress.annotations:
kubernetes.io/ingress.class: nginx
ingress.className: nginx
ingress.tls:
- hosts:
- example.com
secretName: tls-secret
ingress.hosts:
- host: example.com
paths: ["/"]
asserts:
- hasDocuments:
count: 1
- isKind:
of: Ingress
- equal:
path: metadata.name
value: RELEASE-NAME-gitea
- matchRegex:
path: apiVersion
pattern: networking.k8s.io/v1
- equal:
path: spec.ingressClassName
value: nginx
- equal:
path: spec.rules[0].host
value: "example.com"
- equal:
path: spec.tls[0].hosts[0]
value: "example.com"
- equal:
path: spec.tls[0].secretName
value: tls-secret
- equal:
path: metadata.annotations["kubernetes.io/ingress.class"]
value: nginx
- it: should not create ingress when ingress.enabled is false
set:
ingress.enabled: false
asserts:
- hasDocuments:
count: 0
- it: Ingress Class using TPL
set:
global.ingress.className: "ingress-class"
ingress.ingressClassName: "{{ .Values.global.ingress.className }}"
ingress.enabled: true
ingress.hosts[0].host: "some-host"
ingress.tls:
- secretName: gitea-tls
hosts:
- "some-host"
asserts:
- isKind:
of: Ingress
- equal:
path: spec.tls[0].hosts[0]
value: "some-host"
- equal:
path: spec.rules[0].host
value: "some-host"
- equal:
path: spec.ingressClassName
value: "ingress-class"
- it: hostname using TPL
set:
global.giteaHostName: "gitea.example.com"
ingress.enabled: true
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
ingress.tls:
- secretName: gitea-tls
hosts:
- "{{ .Values.global.giteaHostName }}"
asserts:
- isKind:
of: Ingress
- equal:
path: spec.tls[0].hosts[0]
value: "gitea.example.com"
- equal:
path: spec.rules[0].host
value: "gitea.example.com"

View File

@ -0,0 +1,34 @@
suite: Test ingress.yaml
templates:
- templates/gitea/ingress.yaml
tests:
- it: should fail when both ingress.className and ingress.ingressClassName are defined
template: templates/gitea/ingress.yaml
set:
ingress:
enabled: true
className: ingress-class
ingressClassName: ingress-class
asserts:
- failedTemplate:
errorMessage: "ingress.ingressClassName and ingress.className cannot be defined at the same time. Please only choose one."
- it: should succeed when only ingress.className is defined
template: templates/gitea/ingress.yaml
set:
ingress.enabled: true
ingress.className: "ingress-class"
asserts:
- equal:
path: spec.ingressClassName
value: ingress-class
- it: should succeed when only ingress.ingressClassName is defined
template: templates/gitea/ingress.yaml
set:
ingress.enabled: true
ingress.ingressClassName: "ingress-class"
asserts:
- equal:
path: spec.ingressClassName
value: ingress-class

View File

@ -1,28 +1,7 @@
suite: ingress template
release:
name: gitea-unittests
namespace: testing
suite: Test ingress tpl use
templates:
- templates/gitea/ingress.yaml
tests:
- it: hostname using TPL
set:
global.giteaHostName: "gitea.example.com"
ingress.enabled: true
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
ingress.tls:
- secretName: gitea-tls
hosts:
- "{{ .Values.global.giteaHostName }}"
asserts:
- isKind:
of: Ingress
- equal:
path: spec.tls[0].hosts[0]
value: "gitea.example.com"
- equal:
path: spec.rules[0].host
value: "gitea.example.com"
- it: Ingress Class using TPL
set:
global.ingress.className: "ingress-class"
@ -45,3 +24,22 @@ tests:
- equal:
path: spec.ingressClassName
value: "ingress-class"
- it: hostname using TPL
set:
global.giteaHostName: "gitea.example.com"
ingress.enabled: true
ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}"
ingress.tls:
- secretName: gitea-tls
hosts:
- "{{ .Values.global.giteaHostName }}"
asserts:
- isKind:
of: Ingress
- equal:
path: spec.tls[0].hosts[0]
value: "gitea.example.com"
- equal:
path: spec.rules[0].host
value: "gitea.example.com"

View File

@ -154,33 +154,28 @@ service:
## @section Ingress
## @param ingress.enabled Enable ingress
## @param ingress.className Ingress class name
## @param ingress.className DEPRECATED: Use `ingress.ingressClassName` instead.
## @param ingress.ingressClassName Ingress class name
## @param ingress.pathType Ingress Path Type
## @param ingress.annotations Ingress annotations
## @param ingress.hosts[0].host Default Ingress host
## @param ingress.hosts[0].paths[0].path Default Ingress path
## @param ingress.hosts[0].paths[0].pathType Ingress path type
## @param ingress.hosts[0].paths Default Ingress path
## @param ingress.tls Ingress tls settings
## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
ingress:
enabled: false
# className: nginx
className:
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# DEPRECATED: Use `ingress.ingressClassName` instead.
className: ""
ingressClassName: ""
pathType: Prefix
annotations: {}
# kubernetes.io/tls-acme: "true"
hosts:
- host: git.example.com
paths:
- path: /
pathType: Prefix
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - git.example.com
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
# If helm doesn't correctly detect your ingress API version you can set it here.
# apiVersion: networking.k8s.io/v1
## @section deployment
#