From 032b0327eb425d5aeb7386c48c85c3fbcc785e64 Mon Sep 17 00:00:00 2001 From: Lucas Hahn Date: Fri, 9 Oct 2020 09:24:08 +0200 Subject: [PATCH 001/390] Remove storageClass 'Standard' and let it be set automatically --- templates/gitea/statefulset.yaml | 4 +++- values.yaml | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 3ad67b8..7347816 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -109,7 +109,9 @@ spec: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} - storageClassName: {{ .Values.persistence.storageClass | default "standard" | quote }} + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} diff --git a/values.yaml b/values.yaml index 237f449..45ae117 100644 --- a/values.yaml +++ b/values.yaml @@ -66,7 +66,6 @@ persistence: size: 10Gi accessModes: - ReadWriteOnce - storageClass: standard gitea: admin: -- 2.40.1 From 8d69a583f0ff963d37de7dd1ca6af3d4ec70acb1 Mon Sep 17 00:00:00 2001 From: Lucas Hahn Date: Fri, 9 Oct 2020 09:24:28 +0200 Subject: [PATCH 002/390] Remove default value for storageClass --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4d33673..e36dbf9 100644 --- a/README.md +++ b/README.md @@ -260,7 +260,7 @@ Annotations can be added to the Gitea pod. |persistence.existingClaim| Use an existing claim to store repository information | | |persistence.size| Size for persistence to store repo information | 10Gi | |persistence.accessModes|AccessMode for persistence|| -|persistence.storageClass|Storage class for repository persistence|standard| +|persistence.storageClass|Storage class for repository persistence|| ### Ingress -- 2.40.1 From 8017253011ff54c35b7c88cee8800b2161394664 Mon Sep 17 00:00:00 2001 From: Lucas Hahn Date: Fri, 9 Oct 2020 09:24:55 +0200 Subject: [PATCH 003/390] Bump chart version and add gitea/helm-chart as link for artifacthub --- Chart.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index ba79975..62bff44 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.0.1 +version: 2.0.2 appVersion: 1.12.5 icon: https://docs.gitea.io/images/gitea.png @@ -14,6 +14,7 @@ keywords: - gitea - gogs sources: + - https://gitea.com/gitea/helm-chart - https://github.com/go-gitea/gitea - https://hub.docker.com/r/gitea/gitea/ maintainers: -- 2.40.1 From f62b82e9564104bf8c792e9c73b50ddfbc7d90e0 Mon Sep 17 00:00:00 2001 From: luhahn Date: Fri, 30 Oct 2020 01:10:10 +0800 Subject: [PATCH 004/390] Let storageClass be set automatically (#45) Merge branch 'master' into master Bump chart version and add gitea/helm-chart as link for artifacthub Remove default value for storageClass Remove storageClass 'Standard' and let it be set automatically Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/45 Reviewed-by: techknowlogick Reviewed-by: Andrew Thornton Co-Authored-By: luhahn Co-Committed-By: luhahn --- Chart.yaml | 3 ++- README.md | 2 +- templates/gitea/statefulset.yaml | 4 +++- values.yaml | 1 - 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index ba79975..62bff44 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.0.1 +version: 2.0.2 appVersion: 1.12.5 icon: https://docs.gitea.io/images/gitea.png @@ -14,6 +14,7 @@ keywords: - gitea - gogs sources: + - https://gitea.com/gitea/helm-chart - https://github.com/go-gitea/gitea - https://hub.docker.com/r/gitea/gitea/ maintainers: diff --git a/README.md b/README.md index 4d33673..e36dbf9 100644 --- a/README.md +++ b/README.md @@ -260,7 +260,7 @@ Annotations can be added to the Gitea pod. |persistence.existingClaim| Use an existing claim to store repository information | | |persistence.size| Size for persistence to store repo information | 10Gi | |persistence.accessModes|AccessMode for persistence|| -|persistence.storageClass|Storage class for repository persistence|standard| +|persistence.storageClass|Storage class for repository persistence|| ### Ingress diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 3ad67b8..7347816 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -109,7 +109,9 @@ spec: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} - storageClassName: {{ .Values.persistence.storageClass | default "standard" | quote }} + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} diff --git a/values.yaml b/values.yaml index c09f0dd..6c96aea 100644 --- a/values.yaml +++ b/values.yaml @@ -68,7 +68,6 @@ persistence: size: 10Gi accessModes: - ReadWriteOnce - storageClass: standard gitea: admin: -- 2.40.1 From 5398b99514b196d6af33584623cffc7990cbb0b5 Mon Sep 17 00:00:00 2001 From: JPRbrs Date: Tue, 17 Nov 2020 15:35:07 +0800 Subject: [PATCH 005/390] fix-test-pod (#56) fix-test-pod service name and port was wrong and was preventing the helm chart deployment Co-authored-by: javier Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/56 Reviewed-by: techknowlogick Reviewed-by: luhahn Co-Authored-By: JPRbrs Co-Committed-By: JPRbrs --- .../tests/{test-connection.yaml => test-http-connection.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename templates/tests/{test-connection.yaml => test-http-connection.yaml} (77%) diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-http-connection.yaml similarity index 77% rename from templates/tests/test-connection.yaml rename to templates/tests/test-http-connection.yaml index 2a5fd54..7fab1b7 100644 --- a/templates/tests/test-connection.yaml +++ b/templates/tests/test-http-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "gitea.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}'] restartPolicy: Never -- 2.40.1 From 79690ee48885e19d950f73a2ba7db7001b16ea05 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 17 Nov 2020 15:41:27 +0800 Subject: [PATCH 006/390] Gitea 1.12.6 (#58) Merge branch 'master' into gitea1.12.6 Gitea 1.12.6 Co-authored-by: luhahn Co-authored-by: Matti R Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/58 Reviewed-by: Lunny Xiao Reviewed-by: luhahn Co-Authored-By: techknowlogick Co-Committed-By: techknowlogick --- Chart.yaml | 4 ++-- README.md | 2 +- values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 62bff44..1e75141 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.0.2 -appVersion: 1.12.5 +version: 2.0.3 +appVersion: 1.12.6 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index e36dbf9..9c79f94 100644 --- a/README.md +++ b/README.md @@ -249,7 +249,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.version| Image Version | 1.12.4 | +|image.version| Image Version | 1.12.6 | |image.pullPolicy| Image pull policy | Always | ### Persistence diff --git a/values.yaml b/values.yaml index 6c96aea..22a41cf 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - version: 1.12.5 + version: 1.12.6 pullPolicy: Always imagePullSecrets: [] -- 2.40.1 From 729a412803584ded9807dd58f9bae56af4ed3e8c Mon Sep 17 00:00:00 2001 From: JPRbrs Date: Fri, 20 Nov 2020 16:08:26 +0800 Subject: [PATCH 007/390] Allow templated annotations for http-service (#62) Get http annotations from the right place Allow templated annotations for http-service When deploying this to cloud Kubernetes, annotations are useful to add features to the http-service Co-authored-by: javier Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/62 Reviewed-by: luhahn Reviewed-by: Lunny Xiao Co-Authored-By: JPRbrs Co-Committed-By: JPRbrs --- templates/gitea/http-svc.yaml | 2 ++ values.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index ae9c065..54fd7a8 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -4,6 +4,8 @@ metadata: name: {{ include "gitea.fullname" . }}-http labels: {{- include "gitea.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.service.http.annotations | nindent 4 }} spec: type: {{ .Values.service.http.type }} {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} diff --git a/values.yaml b/values.yaml index 22a41cf..2c47618 100644 --- a/values.yaml +++ b/values.yaml @@ -17,6 +17,7 @@ service: http: type: ClusterIP port: 3000 + annotations: ssh: type: ClusterIP port: 22 -- 2.40.1 From bf1f5601be01a848e4a9c095e3f8b961f9466628 Mon Sep 17 00:00:00 2001 From: joelgallant Date: Wed, 25 Nov 2020 06:55:49 +0800 Subject: [PATCH 008/390] Use apiVersion v1 for Ingress in 1.19+ (#63) Use apiVersion v1 for Ingress in 1.19+ Currently, a warning is shown in newer versions of kubernetes: ``` W1120 10:04:16.194312 8003 warnings.go:67] networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress ``` Co-authored-by: Joel Gallant Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/63 Reviewed-by: techknowlogick Reviewed-by: Andrew Thornton Co-Authored-By: joelgallant Co-Committed-By: joelgallant --- templates/gitea/ingress.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index aa5e508..b2ef2f2 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -1,7 +1,9 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "gitea.fullname" . -}} {{- $httpPort := .Values.service.http.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 -- 2.40.1 From 76aee7b25bc10f3a2314125c44aabd166a01032c Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 25 Nov 2020 06:56:12 +0800 Subject: [PATCH 009/390] 2.0.4 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 1e75141..bdfe35e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.0.3 +version: 2.0.4 appVersion: 1.12.6 icon: https://docs.gitea.io/images/gitea.png -- 2.40.1 From a26b4e10d1b2a5633982d3a10c285298738cfb1e Mon Sep 17 00:00:00 2001 From: joelgallant Date: Wed, 25 Nov 2020 23:28:53 +0800 Subject: [PATCH 010/390] Fixes networking.k8s.io/v1 Ingress fields (#65) Fixes ingress by using new {service: {name, port}} structure Co-authored-by: Joel Gallant Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/65 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-Authored-By: joelgallant Co-Committed-By: joelgallant --- templates/gitea/ingress.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index b2ef2f2..d248fbe 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -35,7 +35,14 @@ spec: paths: - path: / backend: + {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} + service: + name: {{ $fullName }}-http + port: + number: {{ $httpPort }} + {{- else -}} serviceName: {{ $fullName }}-http servicePort: {{ $httpPort }} + {{- end }} {{- end }} {{- end }} -- 2.40.1 From 13e210c75f881992d1e4dcfa115833c807b09bc6 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 25 Nov 2020 23:29:59 +0800 Subject: [PATCH 011/390] 2.0.5 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index bdfe35e..254c6bc 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.0.4 +version: 2.0.5 appVersion: 1.12.6 icon: https://docs.gitea.io/images/gitea.png -- 2.40.1 From 33ee018b5242fcc47d9cd893e8b2462a116a8a82 Mon Sep 17 00:00:00 2001 From: joelgallant Date: Thu, 26 Nov 2020 01:20:12 +0800 Subject: [PATCH 012/390] Fixes access of Capabilities variable (#67) Fixes access of Capabilities variable Co-authored-by: Joel Gallant Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/67 Reviewed-by: techknowlogick Reviewed-by: luhahn Co-Authored-By: joelgallant Co-Committed-By: joelgallant --- templates/gitea/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index d248fbe..297c3ea 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -35,7 +35,7 @@ spec: paths: - path: / backend: - {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} service: name: {{ $fullName }}-http port: -- 2.40.1 From fea1abddd9bd4c159bb34be150294a31140b89e6 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 26 Nov 2020 10:10:41 +0800 Subject: [PATCH 013/390] 2.0.6 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 254c6bc..9c2c807 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.0.5 +version: 2.0.6 appVersion: 1.12.6 icon: https://docs.gitea.io/images/gitea.png -- 2.40.1 From 63bc10e39346ab33d7382d9667ed13d60549f531 Mon Sep 17 00:00:00 2001 From: luhahn Date: Thu, 26 Nov 2020 17:01:16 +0800 Subject: [PATCH 014/390] Fix Ingress (#70) Bump chart version to 2.0.7 Fix Ingress - Ingress uses now .Capabilities.APIVersions.Has to compare the api version available - Added pathType since it is required in v1 and optional in v1beta1 Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/70 Reviewed-by: Andrew Thornton Reviewed-by: Lunny Xiao Co-Authored-By: luhahn Co-Committed-By: luhahn --- Chart.yaml | 2 +- templates/gitea/ingress.yaml | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 9c2c807..0eef6a1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.0.6 +version: 2.0.7 appVersion: 1.12.6 icon: https://docs.gitea.io/images/gitea.png diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 297c3ea..d56455a 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -1,9 +1,9 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "gitea.fullname" . -}} {{- $httpPort := .Values.service.http.port -}} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 @@ -34,13 +34,14 @@ spec: http: paths: - path: / + pathType: Prefix backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} service: name: {{ $fullName }}-http port: number: {{ $httpPort }} - {{- else -}} + {{- else }} serviceName: {{ $fullName }}-http servicePort: {{ $httpPort }} {{- end }} -- 2.40.1 From 4fdf4ef41b03423116221311ad266f048ab882bb Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 7 Dec 2020 07:54:10 +0800 Subject: [PATCH 015/390] Gitea 1.13.0 (#75) Gitea 1.13.0 Update 'README.md' Update 'values.yaml' Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/75 Reviewed-by: lafriks Co-Authored-By: techknowlogick Co-Committed-By: techknowlogick --- Chart.yaml | 4 ++-- README.md | 2 +- values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 0eef6a1..d25cf7b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.0.7 -appVersion: 1.12.6 +version: 2.1.0 +appVersion: 1.13.0 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index 9c79f94..9fe0815 100644 --- a/README.md +++ b/README.md @@ -249,7 +249,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.version| Image Version | 1.12.6 | +|image.version| Image Version | 1.13.0 | |image.pullPolicy| Image pull policy | Always | ### Persistence diff --git a/values.yaml b/values.yaml index 2c47618..133f4f8 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - version: 1.12.6 + version: 1.13.0 pullPolicy: Always imagePullSecrets: [] -- 2.40.1 From 1b21ce28105b676f5e5a5116984820bf93b6ba8c Mon Sep 17 00:00:00 2001 From: skuethe Date: Tue, 8 Dec 2020 20:57:52 +0800 Subject: [PATCH 016/390] Fix capabilities query for Ingress on 1.18 and older (#78) Co-authored-by: Sebastian Kuethe Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/78 Reviewed-by: luhahn Reviewed-by: lafriks Co-Authored-By: skuethe Co-Committed-By: skuethe --- templates/gitea/ingress.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index d56455a..e6e2dc6 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -1,9 +1,9 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "gitea.fullname" . -}} {{- $httpPort := .Values.service.http.port -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} apiVersion: networking.k8s.io/v1 -{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 @@ -36,7 +36,7 @@ spec: - path: / pathType: Prefix backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} service: name: {{ $fullName }}-http port: -- 2.40.1 From 5311243a6eeb1123a43e006517524a78d7042fc0 Mon Sep 17 00:00:00 2001 From: luhahn Date: Thu, 10 Dec 2020 17:16:13 +0800 Subject: [PATCH 017/390] Fix admin user creation for gitea 1.13.0, chart version 2.1.0 (#80) Fix admin user creation for gitea 1.13.0 Add load balancer hint for ssh in README Merge branch 'master' into fix-admin-user-creation Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/80 Reviewed-by: Andrew Thornton Reviewed-by: Lunny Xiao Co-Authored-By: luhahn Co-Committed-By: luhahn --- Chart.yaml | 2 +- README.md | 12 ++++++++++++ templates/gitea/init.yaml | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index d25cf7b..9c29900 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.1.0 +version: 2.1.1 appVersion: 1.13.0 icon: https://docs.gitea.io/images/gitea.png diff --git a/README.md b/README.md index 9fe0815..6947d48 100644 --- a/README.md +++ b/README.md @@ -132,6 +132,18 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing. +### SSH and Ingress + +If you're using ingress and wan't to use SSH, keep in mind, that ingress is not able to forward SSH Ports. +You will need a LoadBalancer like metallb and a setting in your ssh service annotations. + +```yaml +service: + ssh: + annotations: + metallb.universe.tf/allow-shared-ip: test +``` + ### Cache This helm chart can use a built in cache. The default is memcached from bitnami. diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 7d8e12f..a3ec9f4 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -18,7 +18,7 @@ stringData: set -x; \ gitea migrate; \ {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} - gitea admin create-user --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin \ + gitea admin create-user --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ || \ gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \ {{- end }} -- 2.40.1 From 943eda6d5f62525463c5059a47c9b5b7f8550cef Mon Sep 17 00:00:00 2001 From: luhahn Date: Tue, 15 Dec 2020 21:34:46 +0800 Subject: [PATCH 018/390] Fix Ingress for Kubernetes 1.16 (#83) Fix ingress path type for 1.16 Bump chart version Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/83 Reviewed-by: 6543 <6543@obermui.de> Reviewed-by: Lunny Xiao Co-Authored-By: luhahn Co-Committed-By: luhahn --- Chart.yaml | 2 +- templates/gitea/ingress.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 9c29900..fdf8393 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.1.1 +version: 2.1.2 appVersion: 1.13.0 icon: https://docs.gitea.io/images/gitea.png diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index e6e2dc6..f1a03c1 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -34,7 +34,9 @@ spec: http: paths: - path: / + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} pathType: Prefix + {{- end }} backend: {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} service: -- 2.40.1 From 2826258cfc5a5b60a2f01914f144400b40af3d32 Mon Sep 17 00:00:00 2001 From: luhahn Date: Wed, 16 Dec 2020 20:37:47 +0800 Subject: [PATCH 019/390] Several Improvements to Helm Chart (#87) Improve ldap settings with helper function Allow clusterIP for http service to be set, default to None Use imagePullSecrets in statefulset now Update default values Update README Bump Chart version Co-authored-by: luhahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87 Reviewed-by: lafriks Reviewed-by: Lunny Xiao Co-Authored-By: luhahn Co-Committed-By: luhahn --- Chart.yaml | 2 +- README.md | 39 ++++++++++++++++++++++++++++++++ templates/_helpers.tpl | 11 +++++++++ templates/gitea/http-svc.yaml | 4 ++-- templates/gitea/init.yaml | 26 ++------------------- templates/gitea/ssh-svc.yaml | 4 ++-- templates/gitea/statefulset.yaml | 4 ++++ values.yaml | 4 ++++ 8 files changed, 65 insertions(+), 29 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index fdf8393..19ff242 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.1.2 +version: 2.1.3 appVersion: 1.13.0 icon: https://docs.gitea.io/images/gitea.png diff --git a/README.md b/README.md index 6947d48..10fd140 100644 --- a/README.md +++ b/README.md @@ -132,6 +132,22 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing. +### ClusterIP + +By default the clusterIP will be set to None, which is the default for headless services. However if you want to omit the clusterIP field in the service, use the following values: + +```yaml +service: + http: + type: ClusterIP + port: 3000 + clusterIP: + ssh: + type: ClusterIP + port: 22 + clusterIP: +``` + ### SSH and Ingress If you're using ingress and wan't to use SSH, keep in mind, that ingress is not able to forward SSH Ports. @@ -220,6 +236,10 @@ It is not possible to delete an admin user after it has been created. This has t ### LDAP Settings Like the admin user the ldap settings can be updated but also disabled or deleted. +All ldap values from https://docs.gitea.io/en-us/command-line/#admin are available. +You can either use them in camel case or kebab case. + +camelCase: ```yaml gitea: @@ -238,6 +258,25 @@ Like the admin user the ldap settings can be updated but also disabled or delete usernameAttribute: CN ``` +kebab-case: + +```yaml + gitea: + ldap: + enabled: true + name: 'MyAwesomeGiteaLdap' + security-protocol: unencrypted + host: "127.0.0.1" + port: "389" + user-search-base: ou=Users,dc=example,dc=com + user-filter: sAMAccountName=%s + admin-filter: CN=Admin,CN=Group,DC=example,DC=com + email-attribute: mail + bind-dn: CN=ldap read,OU=Spezial,DC=example,DC=com + bind-password: JustAnotherBindPw + username-attribute: CN +``` + ### Pod Annotations Annotations can be added to the Gitea pod. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 1da21a6..bcbbe24 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -95,3 +95,14 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- define "gitea.ldap_settings" -}} +{{- range $key, $val := .Values.gitea.ldap -}} +{{- if ne $key "enabled" -}} +{{- if eq $key "port" -}} +{{- printf "--%s %s " ($key | kebabcase) $val -}} +{{- else -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 54fd7a8..20c0de6 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -11,8 +11,8 @@ spec: {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} {{- end }} - {{ if eq .Values.service.http.type "ClusterIP" }} - clusterIP: None + {{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }} + clusterIP: {{ .Values.service.http.clusterIP }} {{- end }} ports: - name: http diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index a3ec9f4..fd60719 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -24,34 +24,12 @@ stringData: {{- end }} {{- if .Values.gitea.ldap.enabled }} gitea admin auth add-ldap \ - --name {{ .Values.gitea.ldap.name | quote }} \ - --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \ - --host {{ .Values.gitea.ldap.host | quote }} \ - --port {{ .Values.gitea.ldap.port | int}} \ - --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \ - --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \ - --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \ - --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \ - --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \ - --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \ - --synchronize-users \ - --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \ + {{- include "gitea.ldap_settings" . | nindent 6 }} \ || \ ( \ export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \ gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \ - --name {{ .Values.gitea.ldap.name | quote }} \ - --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \ - --host {{ .Values.gitea.ldap.host | quote }} \ - --port {{ .Values.gitea.ldap.port | int}} \ - --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \ - --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \ - --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \ - --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \ - --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \ - --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \ - --synchronize-users \ - --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \ + {{- include "gitea.ldap_settings" . | nindent 6 }} \ ) \ {{- end }} ' \ No newline at end of file diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index e588b93..5ce60cb 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -11,8 +11,8 @@ spec: {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} {{- end }} - {{- if eq .Values.service.ssh.type "ClusterIP" }} - clusterIP: None + {{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }} + clusterIP: {{ .Values.service.ssh.clusterIP }} {{- end }} {{- if .Values.service.ssh.externalIPs }} externalIPs: diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 7347816..b90bc9e 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -20,6 +20,10 @@ spec: labels: {{- include "gitea.selectorLabels" . | nindent 8 }} spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} securityContext: fsGroup: 1000 initContainers: diff --git a/values.yaml b/values.yaml index 133f4f8..1fd79cd 100644 --- a/values.yaml +++ b/values.yaml @@ -17,10 +17,14 @@ service: http: type: ClusterIP port: 3000 + clusterIP: None + #loadBalancerIP: + #nodePort: annotations: ssh: type: ClusterIP port: 22 + clusterIP: None #loadBalancerIP: #nodePort: #externalTrafficPolicy: -- 2.40.1 From 2c066d7c9e706470f4b15ddabf2e3810478f4b57 Mon Sep 17 00:00:00 2001 From: lafriks Date: Mon, 21 Dec 2020 06:53:45 +0800 Subject: [PATCH 020/390] Use image tag instead of image version in values (#91) Use image tag instead of image version in values Change to tenary function instead of if Update description and add link to tag list Fixup readme Co-authored-by: Lauris BH Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/91 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-Authored-By: lafriks Co-Committed-By: lafriks --- README.md | 24 ++++++++++++------------ templates/gitea/statefulset.yaml | 4 ++-- values.yaml | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 10fd140..4901ed5 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,9 @@ ## Introduction -This helm chart has taken some inspiration from https://github.com/jfelten/gitea-helm-chart +This helm chart has taken some inspiration from But takes a completly different approach in providing database and cache with dependencies. -Also this chart provides ldap and admin user configuration with values as well as it is deployed as statefulset to retain stored repositories. +Also this chart provides LDAP and admin user configuration with values as well as it is deployed as statefulset to retain stored repositories. ## Dependencies @@ -21,7 +21,7 @@ Dependencies: ## Installing -``` +```sh helm repo add gitea-charts https://dl.gitea.io/charts/ helm install gitea gitea-charts/gitea ``` @@ -60,7 +60,7 @@ INSTALL_LOCK is always set to true, since we want to configure gitea with this h If a builtIn database is enabled the database configuration is set automatically. For example postgresql builtIn which will appear in the app.ini as: -``` +```ini [database] DB_TYPE = postgres HOST = RELEASE-NAME-postgresql.default.svc.cluster.local:5432 @@ -73,7 +73,7 @@ USER = gitea Memcached is handled the exakt same way as database builtIn. Once memcached builtIn is enabled, this chart will generate the following part in the app.ini: -``` +```ini [cache] ADAPTER = memcache ENABLED = true @@ -85,7 +85,7 @@ HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211 The server defaults are a bit more complex. If ingress is enabled, the ROOT_URL, DOMAIN and SSH_DOMAIN will be set accordingly. HTTP_PORT always defaults to 3000 as well as SSH_PORT to 22. -``` +```ini [server] APP_DATA_PATH = /data DOMAIN = git.example.com @@ -188,9 +188,9 @@ If the built in cache should not be used simply configure the cache in gitea.con Gitea will be deployed as a statefulset. By simply enabling the persistence and setting the storage class according to your cluster everything else will be taken care of. The following example will create a PVC as a part of the statefulset. This PVC will not be deleted even if you uninstall the chart. -When using Postgresql as dependency, this will also be deployed as a statefulset by default. +When using Postgresql as dependency, this will also be deployed as a statefulset by default. -If you want to manage your own PVC you can simply pass the PVC name to the chart. +If you want to manage your own PVC you can simply pass the PVC name to the chart. ```yaml persistence: @@ -200,7 +200,7 @@ If you want to manage your own PVC you can simply pass the PVC name to the chart In case that peristence has been disabled it will simply use an empty dir volume. -Postgresql handles the persistence in the exact same way. +Postgresql handles the persistence in the exact same way. You can interact with the postgres settings as displayed in the following example: ```yaml @@ -235,8 +235,8 @@ It is not possible to delete an admin user after it has been created. This has t ### LDAP Settings -Like the admin user the ldap settings can be updated but also disabled or deleted. -All ldap values from https://docs.gitea.io/en-us/command-line/#admin are available. +Like the admin user the LDAP settings can be updated but also disabled or deleted. +All LDAP values from are available. You can either use them in camel case or kebab case. camelCase: @@ -300,7 +300,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.version| Image Version | 1.13.0 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.0 | |image.pullPolicy| Image pull policy | Always | ### Persistence diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index b90bc9e..b1d7a42 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -28,7 +28,7 @@ spec: fsGroup: 1000 initContainers: - name: init - image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" + image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" command: ["/usr/sbin/init_gitea.sh"] volumeMounts: - name: init @@ -40,7 +40,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.version }}" + image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: # SSH Port values have to be set here as well for openssh configuration diff --git a/values.yaml b/values.yaml index 1fd79cd..dbc004a 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - version: 1.13.0 + tag: 1.13.0 pullPolicy: Always imagePullSecrets: [] -- 2.40.1 From 9b2e76c9cff05f5536f5b0e1bb3e54400e9d6088 Mon Sep 17 00:00:00 2001 From: lafriks Date: Mon, 21 Dec 2020 10:05:42 +0800 Subject: [PATCH 021/390] Move chart version to drone build using tag (#93) Move chart version to drone build using tag Merge branch 'master' into feat/chart_version Co-authored-by: Lauris BH Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/93 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-Authored-By: lafriks Co-Committed-By: lafriks --- .drone.yml | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 1d711b1..6840a4e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -41,19 +41,19 @@ trigger: steps: - name: generate-chart - pull: default + pull: always image: alpine:3.12 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm dependency update - - helm package ./ + - helm package --version "${DRONE_TAG##v}" ./ - mkdir gitea - mv gitea*.tgz gitea/ - wget -O gitea/index.yaml https://dl.gitea.io/charts/index.yaml - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml - name: upload-chart - pull: default + pull: always image: plugins/s3:latest settings: bucket: releases diff --git a/Chart.yaml b/Chart.yaml index 19ff242..bd73b73 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.1.3 +version: 0.0.0 appVersion: 1.13.0 icon: https://docs.gitea.io/images/gitea.png -- 2.40.1 From 94ee162ad57b7fe43ec3934b19431784cb796ff7 Mon Sep 17 00:00:00 2001 From: luhahn Date: Mon, 28 Dec 2020 03:26:51 +0800 Subject: [PATCH 022/390] Fix kebab-case bug in values (#89) Kebab case will fail because of the current ldap default values in values.yml as stated in #88 Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/89 Reviewed-by: lafriks Reviewed-by: techknowlogick Co-authored-by: luhahn Co-committed-by: luhahn --- values.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/values.yaml b/values.yaml index dbc004a..56f15ba 100644 --- a/values.yaml +++ b/values.yaml @@ -82,17 +82,17 @@ gitea: ldap: enabled: false - name: "" - securityProtocol: "" - host: "" - port: "" - userSearchBase: "" - userFilter: "" - adminFilter: "" - emailAttribute: "" - bindDn: "" - bindPassword: "" - usernameAttribute: "" + #name: + #securityProtocol: + #host: + #port: + #userSearchBase: + #userFilter: + #adminFilter: + #emailAttribute: + #bindDn: + #bindPassword: + #usernameAttribute: config: {} # APP_NAME: "Gitea: Git with a cup of tea" -- 2.40.1 From 54cc78b43a530d08e8a614b8652bcf705c93d3f5 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sat, 2 Jan 2021 13:07:11 +0800 Subject: [PATCH 023/390] 1.13.1 (#97) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/97 Reviewed-by: Lunny Xiao Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index bd73b73..bb5d7dc 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.13.0 +appVersion: 1.13.1 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index 4901ed5..9343c8c 100644 --- a/README.md +++ b/README.md @@ -300,7 +300,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.0 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.1 | |image.pullPolicy| Image pull policy | Always | ### Persistence diff --git a/values.yaml b/values.yaml index 56f15ba..98c7a63 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.13.0 + tag: 1.13.1 pullPolicy: Always imagePullSecrets: [] -- 2.40.1 From daba777e24001073607a59956abbb8a54979dee7 Mon Sep 17 00:00:00 2001 From: fabioluciano Date: Wed, 13 Jan 2021 23:49:58 +0800 Subject: [PATCH 024/390] Update 'README.md' (#102) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/102 Reviewed-by: luhahn Reviewed-by: Lunny Xiao Co-authored-by: fabioluciano Co-committed-by: fabioluciano --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9343c8c..07ad24c 100644 --- a/README.md +++ b/README.md @@ -224,6 +224,7 @@ You can interact with the postgres settings as displayed in the following exampl This chart enables you to create a default admin user. It is also possible to update the password for this user by upgrading or redeloying the chart. It is not possible to delete an admin user after it has been created. This has to be done in the ui. +You cannot use `admin` as username. ```yaml gitea: -- 2.40.1 From 0c8f226f1f8f9d39f5f6dd45fa7a27db67a4413c Mon Sep 17 00:00:00 2001 From: luhahn Date: Thu, 14 Jan 2021 15:13:49 +0800 Subject: [PATCH 025/390] Add ldap checksum (#101) Fixed an error in ldap port setting. Added ldap checksum to deployment so chart will actually update on ldap changes. Fixes: #99 Co-authored-by: Lucas Hahn Co-authored-by: Lunny Xiao Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/101 Reviewed-by: lafriks Reviewed-by: Lunny Xiao Co-authored-by: luhahn Co-committed-by: luhahn --- templates/_helpers.tpl | 2 +- templates/gitea/statefulset.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index bcbbe24..0cf3021 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -99,7 +99,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- range $key, $val := .Values.gitea.ldap -}} {{- if ne $key "enabled" -}} {{- if eq $key "port" -}} -{{- printf "--%s %s " ($key | kebabcase) $val -}} +{{- printf "--%s %d " ($key | kebabcase) ($val | int) -}} {{- else -}} {{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} {{- end -}} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index b1d7a42..bf41b3b 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -14,6 +14,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} + checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }} {{- with .Values.gitea.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} -- 2.40.1 From 57479bdf37807b4645da7a62d2f0a955adcfb7d6 Mon Sep 17 00:00:00 2001 From: petergardfjall Date: Wed, 20 Jan 2021 19:28:39 +0800 Subject: [PATCH 026/390] enhancements to support postgres client-cert authentication (#47) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR adds a few new chart features which adds to the flexibility of the chart. - allow extra volumes to be mounted (such as secrets): 2f862c5a48 - pass environment variables also to the init-container: 7044049478 - allow a preparation script to be "injected" into the init-container: 6125a69345 As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret: ``` apiVersion: v1 kind: Secret type: Opaque metadata: name: gitea-postgres-ssl data: postgresql.crt: postgresql.key: root.crt: ``` and then mounting this as a volume in Gitea using: ``` extraVolumes: - name: postgres-ssl-vol secret: secretName: gitea-postgres-ssl extraVolumeMounts: - name: postgres-ssl-vol readOnly: true mountPath: "/pg-ssl" ``` To get the right permissions on the credentials, we'd use the `initPreScript`: ``` initPreScript: | # copy postgres client and CA cert from mount and # give proper permissions mkdir -p /data/git/.postgresql cp /pg-ssl/* /data/git/.postgresql/ chown -R git:git /data/git/.postgresql/ chmod 400 /data/git/.postgresql/postgresql.key ``` and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container): ``` statefulset: env: - name: "PGSSLCERT" value: "/data/git/.postgresql/postgresql.crt" - name: "PGSSLKEY" value: "/data/git/.postgresql/postgresql.key" - name: "PGSSLROOTCERT" value: "/data/git/.postgresql/root.crt" ``` Co-authored-by: Peter Gardfjäll Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47 Reviewed-by: luhahn Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: petergardfjall Co-committed-by: petergardfjall --- README.md | 11 +++++++---- templates/gitea/init.yaml | 10 +++++++++- templates/gitea/statefulset.yaml | 14 ++++++++++++++ values.yaml | 31 ++++++++++++++++++++++++++++--- 4 files changed, 58 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 07ad24c..ab7191a 100644 --- a/README.md +++ b/README.md @@ -291,10 +291,13 @@ Annotations can be added to the Gitea pod. ### Others -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|statefulset.terminationGracePeriodSeconds| Image to start for this pod | gitea/gitea | -|statefulset.env | Additional environment variables to pass to containers | [] | +| Parameter | Description | Default | +|-------------------------------------------|--------------------------------------------------------|-------------| +| statefulset.terminationGracePeriodSeconds | Image to start for this pod | gitea/gitea | +| statefulset.env | Additional environment variables to pass to containers | [] | +| extraVolumes | Additional volumes to mount to the Gitea statefulset | {} | +| extraVolumeMounts | Additional volumes mounts for the Gitea containers | {} | +| initPreScript | Bash script copied verbatim to start of init container | | ### Image diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index fd60719..79c2a00 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -8,6 +8,14 @@ type: Opaque stringData: init_gitea.sh: |- #!/bin/bash + {{- if .Values.initPreScript }} + # BEGIN: initPreScript + {{- with .Values.initPreScript -}} + {{ . | nindent 4}} + {{- end -}} + # END: initPreScript + {{- end }} + mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh mkdir -p /data/gitea/conf @@ -32,4 +40,4 @@ stringData: {{- include "gitea.ldap_settings" . | nindent 6 }} \ ) \ {{- end }} - ' \ No newline at end of file + ' diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index bf41b3b..dff1400 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -31,6 +31,11 @@ spec: - name: init image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" command: ["/usr/sbin/init_gitea.sh"] + env: + {{- range .Values.statefulset.env }} + - name: {{ .name | quote | nospace }} + value: {{ .value | quote }} + {{- end }} volumeMounts: - name: init mountPath: /usr/sbin @@ -38,6 +43,9 @@ spec: mountPath: /etc/gitea/conf - name: data mountPath: /data + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} @@ -78,6 +86,9 @@ spec: volumeMounts: - name: data mountPath: /data + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -98,6 +109,9 @@ spec: - name: config secret: secretName: {{ include "gitea.fullname" . }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: diff --git a/values.yaml b/values.yaml index 98c7a63..760c23e 100644 --- a/values.yaml +++ b/values.yaml @@ -69,11 +69,36 @@ statefulset: persistence: enabled: true - # existingClaim: + # existingClaim: size: 10Gi accessModes: - ReadWriteOnce +# additional volumes to add to the Gitea statefulset. +extraVolumes: +# - name: postgres-ssl-vol +# secret: +# secretName: gitea-postgres-ssl + + +# additional volumes to mount, both to the init container and to the main +# container. As an example, can be used to mount a client cert when connecting +# to an external Postgres server. +extraVolumeMounts: +# - name: postgres-ssl-vol +# readOnly: true +# mountPath: "/pg-ssl" + +# bash shell script copied verbatim to the start of the init-container. +initPreScript: "" +# +# initPreScript: | +# mkdir -p /data/git/.postgresql +# cp /pg-ssl/* /data/git/.postgresql/ +# chown -R git:git /data/git/.postgresql/ +# chmod 400 /data/git/.postgresql/postgresql.key + + gitea: admin: username: gitea_admin @@ -96,8 +121,8 @@ gitea: config: {} # APP_NAME: "Gitea: Git with a cup of tea" - # RUN_MODE: dev - # + # RUN_MODE: dev + # # server: # SSH_PORT: 22 # -- 2.40.1 From 7f828e87f6c8f31b6aa5324d5e5fff648e9227ca Mon Sep 17 00:00:00 2001 From: JosefWN Date: Thu, 21 Jan 2021 23:45:26 +0800 Subject: [PATCH 027/390] Add support for metrics and pprof (#100) Adds support for toggling support for `pprof` and metrics: ```yaml gitea: pprofEnabled: true metrics: enabled: true serviceMonitor: enabled: true ``` Co-authored-by: josef Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/100 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: JosefWN Co-committed-by: JosefWN --- README.md | 28 ++++++++++++++++++++++++++++ templates/gitea/config.yaml | 12 ++++++++++++ templates/gitea/servicemonitor.yaml | 14 ++++++++++++++ templates/gitea/statefulset.yaml | 4 ++++ values.yaml | 5 +++++ 5 files changed, 63 insertions(+) create mode 100644 templates/gitea/servicemonitor.yaml diff --git a/README.md b/README.md index ab7191a..271dc4f 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,16 @@ ROOT_URL = http://git.example.com SSH_DOMAIN = git.example.com SSH_LISTEN_PORT = 22 SSH_PORT = 22 +ENABLE_PPROF = false +``` + +#### Metrics defaults + +The Prometheus `/metrics` endpoint is disabled by default. + +```ini +[metrics] +ENABLED = false ``` ### External Database @@ -278,6 +288,24 @@ kebab-case: username-attribute: CN ``` +### Metrics and profiling + +A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics endpoint is exposed via the ingress, manage access using ingress annotations for example. + +To deploy the `ServiceMonitor`, you first need to ensure that you have deployed `prometheus-operator` and its CRDs: https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions. + +```yaml +gitea: + metrics: + enabled: true + serviceMonitor: + enabled: true + + config: + server: + PPROF_ENABLED: true +``` + ### Pod Annotations Annotations can be added to the Gitea pod. diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 33c47f9..49d5553 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -15,6 +15,10 @@ stringData: {{- $_ := set .Values.gitea.config "server" dict -}} {{- end -}} + {{- if not (hasKey .Values.gitea.config "metrics") -}} + {{- $_ := set .Values.gitea.config "metrics" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "database") -}} {{- $_ := set .Values.gitea.config "database" dict -}} {{- end -}} @@ -65,6 +69,14 @@ stringData: {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}} {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "PPROF_ENABLED") -}} + {{- $_ := set .Values.gitea.config.server "PPROF_ENABLED" false -}} + {{- end -}} + + {{- /* metrics default settings */ -}} + {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} + {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} + {{- end -}} {{- /* database default settings */ -}} {{- if .Values.gitea.database.builtIn.postgresql.enabled -}} diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml new file mode 100644 index 0000000..292297a --- /dev/null +++ b/templates/gitea/servicemonitor.yaml @@ -0,0 +1,14 @@ +{{- if .Values.gitea.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "gitea.fullname" . }} + labels: + {{- include "gitea.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "gitea.selectorLabels" . | nindent 6 }} + endpoints: + - port: http +{{- end -}} \ No newline at end of file diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index dff1400..c068279 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -66,6 +66,10 @@ spec: containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} - name: http containerPort: {{ .Values.gitea.config.server.HTTP_PORT }} + {{- if .Values.gitea.config.server.PPROF_ENABLED }} + - name: profiler + containerPort: 6060 + {{- end }} livenessProbe: tcpSocket: port: http diff --git a/values.yaml b/values.yaml index 760c23e..72dc078 100644 --- a/values.yaml +++ b/values.yaml @@ -105,6 +105,11 @@ gitea: password: r8sA8CPHD9!bt6d email: "gitea@local.domain" + metrics: + enabled: false + serviceMonitor: + enabled: false + ldap: enabled: false #name: -- 2.40.1 From 4ad5cf1d19778375c654339a3f4b306136c933ed Mon Sep 17 00:00:00 2001 From: sanigo Date: Fri, 22 Jan 2021 16:24:37 +0800 Subject: [PATCH 028/390] =?UTF-8?q?Add=20sshPublicKeyAttribute=20attribute?= =?UTF-8?q?=20setting=20for=20ldap=20auth=EF=BC=8Cand=20Allow=20setting=20?= =?UTF-8?q?labels=20and=20annotations=20for=20gitea=20pvc.=20(#76)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. sshPublicKeyAttribute is useful to sync ssh public keys from ldap. 2. It would be easier to set pvc annotations/labels for those who are using storage services from cloud providers. Co-authored-by: 钱卫春 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/76 Reviewed-by: techknowlogick Reviewed-by: luhahn Co-authored-by: sanigo Co-committed-by: sanigo --- README.md | 3 +++ templates/gitea/statefulset.yaml | 12 ++++++++++++ values.yaml | 3 +++ 3 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 271dc4f..c9ca59a 100644 --- a/README.md +++ b/README.md @@ -267,6 +267,7 @@ camelCase: bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com bindPassword: JustAnotherBindPw usernameAttribute: CN + sshPublicKeyAttribute: sshPublicKey ``` kebab-case: @@ -344,6 +345,8 @@ Annotations can be added to the Gitea pod. |persistence.size| Size for persistence to store repo information | 10Gi | |persistence.accessModes|AccessMode for persistence|| |persistence.storageClass|Storage class for repository persistence|| +|persistence.labels|Labels for the persistence volume claim to be created|{}| +|persistence.annotations|Annotations for the persistence volume claim to be created|{}| ### Ingress diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index c068279..245b716 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -127,6 +127,18 @@ spec: volumeClaimTemplates: - metadata: name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + {{- with .Values.persistence.labels }} + labels: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} spec: accessModes: {{- range .Values.persistence.accessModes }} diff --git a/values.yaml b/values.yaml index 72dc078..390196c 100644 --- a/values.yaml +++ b/values.yaml @@ -73,6 +73,8 @@ persistence: size: 10Gi accessModes: - ReadWriteOnce + labels: {} + annotations: {} # additional volumes to add to the Gitea statefulset. extraVolumes: @@ -123,6 +125,7 @@ gitea: #bindDn: #bindPassword: #usernameAttribute: + #sshPublicKeyAttribute: config: {} # APP_NAME: "Gitea: Git with a cup of tea" -- 2.40.1 From b5ab7201d191d8c549b95a3b0f012eefcda1ca2b Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 5 Feb 2021 01:46:55 +0800 Subject: [PATCH 029/390] 1.13.2 (#108) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/108 Reviewed-by: Lunny Xiao Reviewed-by: luhahn Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index bb5d7dc..d51cc43 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.13.1 +appVersion: 1.13.2 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index c9ca59a..c37cd65 100644 --- a/README.md +++ b/README.md @@ -333,7 +333,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.1 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.2 | |image.pullPolicy| Image pull policy | Always | ### Persistence diff --git a/values.yaml b/values.yaml index 390196c..ad25b93 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.13.1 + tag: 1.13.2 pullPolicy: Always imagePullSecrets: [] -- 2.40.1 From 28e94f96e357674f9f0a947c5c0d7adb67c101d0 Mon Sep 17 00:00:00 2001 From: JPRbrs Date: Fri, 5 Feb 2021 04:42:42 +0800 Subject: [PATCH 030/390] Add loadbalancersourceranges to ssh service (#105) SSH service might want to limit the a range of source IPs. LoadBalancerSourceRanges enables to limit them just passing a list of CIDR addresses to whitelist Co-authored-by: javier Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/105 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: JPRbrs Co-committed-by: JPRbrs --- templates/gitea/ssh-svc.yaml | 10 +++++++++- values.yaml | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 5ce60cb..e81cada 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -8,8 +8,16 @@ metadata: {{- toYaml .Values.service.ssh.annotations | nindent 4 }} spec: type: {{ .Values.service.ssh.type }} - {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }} + {{- if eq .Values.service.ssh.type "LoadBalancer" }} + {{- if .Values.service.ssh.loadBalancerIP }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} + {{- end -}} + {{- if .Values.service.ssh.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range .Values.service.ssh.loadBalancerSourceRanges }} + - {{ . }} + {{- end }} + {{- end }} {{- end }} {{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }} clusterIP: {{ .Values.service.ssh.clusterIP }} diff --git a/values.yaml b/values.yaml index ad25b93..574cafb 100644 --- a/values.yaml +++ b/values.yaml @@ -29,6 +29,7 @@ service: #nodePort: #externalTrafficPolicy: #externalIPs: + loadBalancerSourceRanges: [] annotations: ingress: -- 2.40.1 From 790d0405c284bee60571ad7fd15199f39f2753fb Mon Sep 17 00:00:00 2001 From: JosefWN Date: Wed, 17 Feb 2021 17:44:40 +0800 Subject: [PATCH 031/390] Fix typo enabling pprof (#114) Nothing critical, but had a typo in the naming of the config entry to enable `pprof`. Co-authored-by: josef Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/114 Reviewed-by: luhahn Reviewed-by: Lunny Xiao Co-authored-by: JosefWN Co-committed-by: JosefWN --- .gitignore | 1 + README.md | 2 +- templates/gitea/config.yaml | 4 ++-- templates/gitea/statefulset.yaml | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 8d89461..18c1386 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ charts Chart.lock +.DS_Store diff --git a/README.md b/README.md index c37cd65..8ead328 100644 --- a/README.md +++ b/README.md @@ -304,7 +304,7 @@ gitea: config: server: - PPROF_ENABLED: true + ENABLE_PPROF: true ``` ### Pod Annotations diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 49d5553..83c3154 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -69,8 +69,8 @@ stringData: {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}} {{- end -}} - {{- if not (hasKey .Values.gitea.config.server "PPROF_ENABLED") -}} - {{- $_ := set .Values.gitea.config.server "PPROF_ENABLED" false -}} + {{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}} + {{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}} {{- end -}} {{- /* metrics default settings */ -}} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 245b716..410eed8 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -66,7 +66,7 @@ spec: containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} - name: http containerPort: {{ .Values.gitea.config.server.HTTP_PORT }} - {{- if .Values.gitea.config.server.PPROF_ENABLED }} + {{- if .Values.gitea.config.server.ENABLE_PPROF }} - name: profiler containerPort: 6060 {{- end }} -- 2.40.1 From 4682597b049799045b1655a0a2381753a5449696 Mon Sep 17 00:00:00 2001 From: viceice Date: Wed, 17 Feb 2021 17:45:18 +0800 Subject: [PATCH 032/390] fix: quote admin password (#111) closes #110 Co-authored-by: Lunny Xiao Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/111 Reviewed-by: luhahn Reviewed-by: Lunny Xiao Co-authored-by: viceice Co-committed-by: viceice --- templates/gitea/init.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 79c2a00..c76dfaf 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -26,9 +26,9 @@ stringData: set -x; \ gitea migrate; \ {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} - gitea admin create-user --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}' --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ + gitea admin create-user --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ || \ - gitea admin change-password --username {{ .Values.gitea.admin.username }} --password '{{ .Values.gitea.admin.password }}'; \ + gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \ {{- end }} {{- if .Values.gitea.ldap.enabled }} gitea admin auth add-ldap \ -- 2.40.1 From 33903d8f6c085660c6b6d9fed2a0ee8c551abe85 Mon Sep 17 00:00:00 2001 From: martencassel Date: Mon, 1 Mar 2021 20:16:49 +0800 Subject: [PATCH 033/390] Add support to run gitea with an optional securityContext (#115) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/115 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: martencassel Co-committed-by: martencassel --- README.md | 1 + templates/gitea/statefulset.yaml | 2 ++ values.yaml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/README.md b/README.md index 8ead328..68aec54 100644 --- a/README.md +++ b/README.md @@ -327,6 +327,7 @@ Annotations can be added to the Gitea pod. | extraVolumes | Additional volumes to mount to the Gitea statefulset | {} | | extraVolumeMounts | Additional volumes mounts for the Gitea containers | {} | | initPreScript | Bash script copied verbatim to start of init container | | +| securityContext | Run as a specific securityContext | {} | ### Image diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 410eed8..13ee503 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -87,6 +87,8 @@ spec: failureThreshold: 3 resources: {{- toYaml .Values.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} volumeMounts: - name: data mountPath: /data diff --git a/values.yaml b/values.yaml index 574cafb..b739146 100644 --- a/values.yaml +++ b/values.yaml @@ -13,6 +13,8 @@ image: imagePullSecrets: [] +securityContext: {} + service: http: type: ClusterIP -- 2.40.1 From 7ed82c7a63ce02f732eb1a648ab81f3eeb0fa95c Mon Sep 17 00:00:00 2001 From: Starefossen Date: Mon, 1 Mar 2021 20:18:09 +0800 Subject: [PATCH 034/390] Add ServiceMonitor Prometheus selector label (#116) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/116 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: Starefossen Co-committed-by: Starefossen --- templates/gitea/servicemonitor.yaml | 3 +++ values.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index 292297a..1b50943 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -5,6 +5,9 @@ metadata: name: {{ include "gitea.fullname" . }} labels: {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.prometheusSelector }} + prometheus: {{ .Values.metrics.serviceMonitor.prometheusSelector }} + {{- end }} spec: selector: matchLabels: diff --git a/values.yaml b/values.yaml index b739146..6739a27 100644 --- a/values.yaml +++ b/values.yaml @@ -114,6 +114,7 @@ gitea: enabled: false serviceMonitor: enabled: false + # prometheusSelector: default ldap: enabled: false -- 2.40.1 From 9213f0d1f52baca21578e18428bc95f2f7f83720 Mon Sep 17 00:00:00 2001 From: Starefossen Date: Mon, 1 Mar 2021 20:20:55 +0800 Subject: [PATCH 035/390] Add `app` and `version` labels (#121) This pull request adds the `app` and `version` labels that are used by Istio. > Pods with app and version labels: We recommend adding an explicit app label and version label to the specification of the pods deployed using a Kubernetes Deployment. The app and version labels add contextual information to the metrics and telemetry that Istio collects. > > * The app label: Each deployment should have a distinct app label with a meaningful value. The app label is used to add contextual information in distributed tracing. > > * The version label: This label indicates the version of the application corresponding to the particular deployment. From https://istio.io/latest/docs/ops/deployment/requirements/#pod-requirements Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/121 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: Starefossen Co-committed-by: Starefossen --- templates/_helpers.tpl | 2 ++ templates/gitea/statefulset.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 0cf3021..04fd352 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -36,9 +36,11 @@ Common labels */}} {{- define "gitea.labels" -}} helm.sh/chart: {{ include "gitea.chart" . }} +app: {{ include "gitea.name" . }} {{ include "gitea.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 13ee503..1415da6 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -19,7 +19,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "gitea.selectorLabels" . | nindent 8 }} + {{- include "gitea.labels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: -- 2.40.1 From d1c58a2e7724c6c0ba47eff4215c7ce8193ae7cf Mon Sep 17 00:00:00 2001 From: Dunky13 Date: Mon, 1 Mar 2021 20:24:11 +0800 Subject: [PATCH 036/390] OAuth2 configuration options (#123) I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request. Hope it can help others. Co-authored-by: Marc Went Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: Dunky13 Co-committed-by: Dunky13 --- README.md | 41 ++++++++++++++++++++++++++++++++ templates/_helpers.tpl | 8 +++++++ templates/gitea/init.yaml | 10 ++++++++ templates/gitea/statefulset.yaml | 1 + values.yaml | 13 ++++++++++ 5 files changed, 73 insertions(+) diff --git a/README.md b/README.md index 68aec54..c70e8ad 100644 --- a/README.md +++ b/README.md @@ -288,6 +288,47 @@ kebab-case: bind-password: JustAnotherBindPw username-attribute: CN ``` +### OAuth2 Settings + +Like the admin user the OAuth2 settings can be updated but also disabled or deleted. +All OAuth2 values from are available. +You can either use them in camel case or kebab case. + +camelCase: + +```yaml + gitea: + oauth: + enabled: true + name: 'MyAwesomeGiteaOAuth' + provider: 'openidConnect' + key: 'hello' + secret: 'world' + autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' + #useCustomUrls: + #customAuthUrl: + #customTokenUrl: + #customProfileUrl: + #customEmailUrl: +``` + +kebab-case: + +```yaml + gitea: + oauth: + enabled: true + name: 'MyAwesomeGiteaOAuth' + provider: 'openidConnect' + key: 'hello' + secret: 'world' + auto-discover-url: 'https://gitea.example.com/.well-known/openid-configuration' + #use-custom-urls: + #custom-auth-url: + #custom-token-url: + #custom-profile-url: + #custom-email-url: +``` ### Metrics and profiling diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 04fd352..1dae96d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -107,4 +107,12 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- end -}} {{- end -}} +{{- end -}} + +{{- define "gitea.oauth_settings" -}} +{{- range $key, $val := .Values.gitea.oauth -}} +{{- if ne $key "enabled" -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} +{{- end -}} +{{- end -}} {{- end -}} \ No newline at end of file diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index c76dfaf..4266de8 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -40,4 +40,14 @@ stringData: {{- include "gitea.ldap_settings" . | nindent 6 }} \ ) \ {{- end }} + {{- if .Values.gitea.oauth.enabled }} + gitea admin auth add-oauth \ + {{- include "gitea.oauth_settings" . | nindent 6 }} \ + || \ + ( \ + export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.oauth.name | quote }} | awk -F " " "{print \$1}"); \ + gitea admin auth update-oauth --id ${GITEA_AUTH_ID} \ + {{- include "gitea.oauth_settings" . | nindent 6 }} \ + ) \ + {{- end }} ' diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 1415da6..bfaba36 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -15,6 +15,7 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }} + checksum/oauth: {{ include "gitea.oauth_settings" . | sha256sum }} {{- with .Values.gitea.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/values.yaml b/values.yaml index 6739a27..64b3fe4 100644 --- a/values.yaml +++ b/values.yaml @@ -131,6 +131,19 @@ gitea: #usernameAttribute: #sshPublicKeyAttribute: + oauth: + enabled: false + #name: + #provider: + #key: + #secret: + #autoDiscoverUrl: + #useCustomUrls: + #customAuthUrl: + #customTokenUrl: + #customProfileUrl: + #customEmailUrl: + config: {} # APP_NAME: "Gitea: Git with a cup of tea" # RUN_MODE: dev -- 2.40.1 From 551f4e312e957a9228aab78b9843f500b3aaaec1 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Mon, 1 Mar 2021 22:46:05 +0800 Subject: [PATCH 037/390] Allow override kubernetes probes (#117) - Allow overriding liveness and readiness probe - Add optional startup probe closes #118 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/117 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: Michael Kriese Co-committed-by: Michael Kriese --- README.md | 28 +++++++++++++++++++ templates/gitea/statefulset.yaml | 42 ++++++++++++++++++++++------- values.yaml | 46 ++++++++++++++++++++++++++++++++ 3 files changed, 107 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c70e8ad..d9b8705 100644 --- a/README.md +++ b/README.md @@ -417,6 +417,34 @@ Annotations can be added to the Gitea pod. |---------------------|-----------------------------------|------------------------------| |gitea.config | Everything in app.ini can be configured with this dict. See Examples for more details | {} | +### Gitea Probes + +Configure Liveness, Readiness and Startup [Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) + +| Parameter | Description | Default | +|---------------------|-----------------------------------|------------------------------| +|gitea.livenessProbe.enabled | Enable liveness probe | true | +|gitea.livenessProbe.initialDelaySeconds | Delay before probe start| 200 | +|gitea.livenessProbe.timeoutSeconds | probe timeout | 1 | +|gitea.livenessProbe.periodSeconds | period between probes | 10 | +|gitea.livenessProbe.successThreshold | Minimum consecutive success probes | 1 | +|gitea.livenessProbe.failureThreshold | Minimum consecutive error probes | 10 | +|gitea.readinessProbe.enabled | Enable readiness probe | true | +|gitea.readinessProbe.initialDelaySeconds | Delay before probe start| 200 | +|gitea.readinessProbe.timeoutSeconds | probe timeout | 1 | +|gitea.readinessProbe.periodSeconds | period between probes | 10 | +|gitea.readinessProbe.successThreshold | Minimum consecutive success probes | 1 | +|gitea.readinessProbe.failureThreshold | Minimum consecutive error probes | 10 | +|gitea.startupProbe.enabled | Enable startup probe | false | +|gitea.startupProbe.initialDelaySeconds | Delay before probe start| 200 | +|gitea.startupProbe.timeoutSeconds | probe timeout | 1 | +|gitea.startupProbe.periodSeconds | period between probes | 10 | +|gitea.startupProbe.successThreshold | Minimum consecutive success probes | 1 | +|gitea.startupProbe.failureThreshold | Minimum consecutive error probes | 10 | +|gitea.customLivenessProbe | Custom liveness probe (needs `gitea.livenessProbe.enabled: false`) | | +|gitea.customReadinessProbe | Custom readiness probe (needs `gitea.readinessProbe.enabled: false`) | | +|gitea.customStartupProbe | Custom startup probe (needs `gitea.startupProbe.enabled: false`) | | + ### Memcached BuiltIn Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index bfaba36..c199ea8 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -71,21 +71,45 @@ spec: - name: profiler containerPort: 6060 {{- end }} + {{- if .Values.gitea.livenessProbe.enabled }} livenessProbe: tcpSocket: port: http - initialDelaySeconds: 200 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 10 + initialDelaySeconds: {{ .Values.gitea.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.gitea.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.gitea.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.gitea.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.gitea.livenessProbe.failureThreshold }} + {{- else if .Values.gitea.customLivenessProbe }} + livenessProbe: + {{- toYaml .Values.gitea.customLivenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.gitea.readinessProbe.enabled }} readinessProbe: tcpSocket: port: http - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + initialDelaySeconds: {{ .Values.gitea.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.gitea.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.gitea.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.gitea.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.gitea.readinessProbe.failureThreshold }} + {{- else if .Values.gitea.customReadinessProbe }} + readinessProbe: + {{- toYaml .Values.gitea.customReadinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.gitea.startupProbe.enabled }} + startupProbe: + tcpSocket: + port: http + initialDelaySeconds: {{ .Values.gitea.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.gitea.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.gitea.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.gitea.startupProbe.successThreshold }} + failureThreshold: {{ .Values.gitea.startupProbe.failureThreshold }} + {{- else if .Values.gitea.customStartupProbe }} + startupProbe: + {{- toYaml .Values.gitea.customStartupProbe | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} securityContext: diff --git a/values.yaml b/values.yaml index 64b3fe4..1475521 100644 --- a/values.yaml +++ b/values.yaml @@ -169,6 +169,52 @@ gitea: builtIn: enabled: true + livenessProbe: + enabled: true + initialDelaySeconds: 200 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + readinessProbe: + enabled: true + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + startupProbe: + enabled: false + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + + # customLivenessProbe: + # httpGet: + # path: /user/login + # port: http + # initialDelaySeconds: 60 + # periodSeconds: 10 + # successThreshold: 1 + # failureThreshold: 10 + # customReadinessProbe: + # httpGet: + # path: /user/login + # port: http + # initialDelaySeconds: 5 + # periodSeconds: 10 + # successThreshold: 1 + # failureThreshold: 3 + # customStartupProbe: + # httpGet: + # path: /user/login + # port: http + # initialDelaySeconds: 60 + # periodSeconds: 10 + # successThreshold: 1 + # failureThreshold: 10 + memcached: service: port: 11211 -- 2.40.1 From 9106d68cdc14824ddaa8a29956583a1f1d7211df Mon Sep 17 00:00:00 2001 From: luhahn Date: Tue, 2 Mar 2021 17:10:38 +0800 Subject: [PATCH 038/390] Fix ServiceMonitor selector labels (#125) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/125 Reviewed-by: Andrew Thornton Reviewed-by: lafriks Co-authored-by: luhahn Co-committed-by: luhahn --- templates/gitea/servicemonitor.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index 1b50943..8f22ea5 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -5,8 +5,8 @@ metadata: name: {{ include "gitea.fullname" . }} labels: {{- include "gitea.labels" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.prometheusSelector }} - prometheus: {{ .Values.metrics.serviceMonitor.prometheusSelector }} + {{- if .Values.gitea.metrics.serviceMonitor.prometheusSelector }} + prometheus: {{ .Values.gitea.metrics.serviceMonitor.prometheusSelector }} {{- end }} spec: selector: -- 2.40.1 From 1eb0eee3bc2bc3b6731d920e3ec601df30b35eed Mon Sep 17 00:00:00 2001 From: Nakrez Date: Thu, 4 Mar 2021 16:43:52 +0800 Subject: [PATCH 039/390] Make the chart work with a sqlite3 database (#124) There are currently 2 issues that prevent using this chart to deploy gitea with a SQLite3 database. 1) The value from *gitea.config.database.HOST* is used to set *db.servicename* when all the databases under *gitea.database.buildIn* are not enabled. This causes a type error during the template processing: `Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:24:20: executing "gitea/templates/gitea/init.yaml" at : error calling include: template: gitea/templates/_helpers.tpl:64:31: executing "db.servicename" at <.Values.gitea.config.database.HOST>: wrong type for value; expected string; got interface {}` 2) In *init_gitea.sh*, we use the value *db.servicename* and *db.port* to ping the database. If this database responds to ping, we proceed with the init. The problem here is that *db.port* is not set when all the databases under *gitea.database.buildIn* are disabled. In turn, this raises an error from busybox's *nc*, because no parameter is passed for *PORT*. This causes the init container to go in *CrashLoopBackOff* forever. The simple fix that is proposed in this PR is to check wether or not *.Values.gitea.config.database.DB_TYPE* is set to determine the value *db.servicename*. If *DB_TYPE* is *'sqlite3'*, leave *db.servicename* empty and use that to bypass the database ping. Co-authored-by: Baptiste Covolato Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/124 Reviewed-by: Andrew Thornton Reviewed-by: lafriks Reviewed-by: luhahn Co-authored-by: Nakrez Co-committed-by: Nakrez --- templates/_helpers.tpl | 2 +- templates/gitea/init.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 1dae96d..b685865 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -60,7 +60,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "%s-mysql" .Release.Name -}} {{- else if .Values.gitea.database.builtIn.mariadb.enabled -}} {{- printf "%s-mariadb" .Release.Name -}} -{{- else -}} +{{- else if ne .Values.gitea.config.database.DB_TYPE "sqlite3" -}} {{- $parts := split ":" .Values.gitea.config.database.HOST -}} {{- printf "%s %s" $parts._0 $parts._1 -}} {{- end -}} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 4266de8..926c1f2 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -21,7 +21,9 @@ stringData: mkdir -p /data/gitea/conf cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini chmod a+rwx /data/gitea/conf/app.ini + {{- if include "db.servicename" . }} nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \ + {{- end }} su git -c ' \ set -x; \ gitea migrate; \ -- 2.40.1 From 0f1e991889c891dcd199b025e924ce8b00c0f577 Mon Sep 17 00:00:00 2001 From: Nakrez Date: Wed, 17 Mar 2021 08:07:42 +0800 Subject: [PATCH 040/390] Add possibiliy to define statefulset labels (#130) This change adds a new value *statefulset.labels* to allow the user to add custom labels to the StatefulSet. An example of where this could be useful is if gitea's pvc is stored on OpenEBS. With this new option, the user can add the extra *openebs.io/sts-target-affinity* label to specify that the volume target pod should run on the same node as gitea's StatefulSet. Co-authored-by: Baptiste Covolato Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/130 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: Nakrez Co-committed-by: Nakrez --- templates/gitea/statefulset.yaml | 6 ++++++ values.yaml | 1 + 2 files changed, 7 insertions(+) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index c199ea8..4e19c9b 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -9,6 +9,9 @@ spec: selector: matchLabels: {{- include "gitea.selectorLabels" . | nindent 6 }} + {{- if .Values.statefulset.labels }} + {{- toYaml .Values.statefulset.labels | nindent 6 }} + {{- end }} serviceName: {{ include "gitea.fullname" . }} template: metadata: @@ -21,6 +24,9 @@ spec: {{- end }} labels: {{- include "gitea.labels" . | nindent 8 }} + {{- if .Values.statefulset.labels }} + {{- toYaml .Values.statefulset.labels | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/values.yaml b/values.yaml index 1475521..0dd4d0c 100644 --- a/values.yaml +++ b/values.yaml @@ -69,6 +69,7 @@ statefulset: # - name: VARIABLE # value: my-value terminationGracePeriodSeconds: 60 + labels: {} persistence: enabled: true -- 2.40.1 From 8d8dd0d84efc88234efd0e8322bd8958a5acf998 Mon Sep 17 00:00:00 2001 From: kaipmdh Date: Wed, 17 Mar 2021 08:09:44 +0800 Subject: [PATCH 041/390] Update README.md for typo fixes and grammar (#131) Minor changes to grammar, minor typo fixes. Signed-off-by: kaipmdh Co-authored-by: lafriks Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/131 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: kaipmdh Co-committed-by: kaipmdh --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index d9b8705..348174e 100644 --- a/README.md +++ b/README.md @@ -5,12 +5,12 @@ ## Introduction This helm chart has taken some inspiration from -But takes a completly different approach in providing database and cache with dependencies. -Also this chart provides LDAP and admin user configuration with values as well as it is deployed as statefulset to retain stored repositories. +But takes a completely different approach in providing a database and cache with dependencies. +Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories. ## Dependencies -Gitea can be run with external database and cache. This chart provides those dependencies, which can be +Gitea can be run with an external database and cache. This chart provides those dependencies, which can be enabled, or disabled via [configuration](#configuration). Dependencies: @@ -36,7 +36,7 @@ Dependencies: ### Gitea Configuration -Gitea offers lots of configuration. This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). +Gitea offers lots of configuration options. This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). ```yaml gitea: @@ -58,7 +58,7 @@ INSTALL_LOCK is always set to true, since we want to configure gitea with this h #### Database defaults -If a builtIn database is enabled the database configuration is set automatically. For example postgresql builtIn which will appear in the app.ini as: +If a builtIn database is enabled the database configuration is set automatically. For example, postgresql builtIn will appear in the app.ini as: ```ini [database] @@ -71,7 +71,7 @@ USER = gitea #### Memcached defaults -Memcached is handled the exakt same way as database builtIn. Once memcached builtIn is enabled, this chart will generate the following part in the app.ini: +Memcached is handled the exact same way as database builtIn. Once memcached builtIn is enabled, this chart will generate the following part in the app.ini: ```ini [cache] @@ -140,7 +140,7 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change port: 22 ``` -This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing. +This helm chart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing. ### ClusterIP @@ -196,8 +196,8 @@ If the built in cache should not be used simply configure the cache in gitea.con ### Persistence Gitea will be deployed as a statefulset. By simply enabling the persistence and setting the storage class according to your cluster -everything else will be taken care of. The following example will create a PVC as a part of the statefulset. This PVC will not be deleted -even if you uninstall the chart. +everything else will be taken care of. The following example will create a PVC as a part of the statefulset. This PVC will not be deleted even if you uninstall the chart. + When using Postgresql as dependency, this will also be deployed as a statefulset by default. If you want to manage your own PVC you can simply pass the PVC name to the chart. @@ -246,7 +246,7 @@ You cannot use `admin` as username. ### LDAP Settings -Like the admin user the LDAP settings can be updated but also disabled or deleted. +Like the admin user the LDAP settings can be updated, but also disabled or deleted. All LDAP values from are available. You can either use them in camel case or kebab case. @@ -472,7 +472,7 @@ The following parameters are the defaults set by this chart ### Postgresql BuiltIn -Postgresql is loaded as a dependency from bitnami. Configuration can be found from this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) +Postgresql is loaded as a dependency from Bitnami. The chart configuration can be found from this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) repository. The following parameters are the defaults set by this chart -- 2.40.1 From ec8a26ecfcc9775ef2c66ed3e1f5ec29ddb38f7b Mon Sep 17 00:00:00 2001 From: luhahn Date: Mon, 22 Mar 2021 21:01:33 +0800 Subject: [PATCH 042/390] Update Gitea version to 1.13.5 (#134) Co-authored-by: luhahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/134 Reviewed-by: Andrew Thornton Reviewed-by: Lunny Xiao Co-authored-by: luhahn Co-committed-by: luhahn --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index d51cc43..40e9d85 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.13.2 +appVersion: 1.13.5 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index 348174e..bdcc474 100644 --- a/README.md +++ b/README.md @@ -375,7 +375,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.2 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.5 | |image.pullPolicy| Image pull policy | Always | ### Persistence diff --git a/values.yaml b/values.yaml index 0dd4d0c..2a49230 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.13.2 + tag: 1.13.5 pullPolicy: Always imagePullSecrets: [] -- 2.40.1 From c742b5dbc300e152193215a20e948ec1d2194627 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 12 Apr 2021 15:58:17 +0800 Subject: [PATCH 043/390] 1.13.7 (#139) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/139 Reviewed-by: Lunny Xiao Reviewed-by: luhahn Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 40e9d85..1dc9a13 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.13.5 +appVersion: 1.13.7 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index bdcc474..d2332f9 100644 --- a/README.md +++ b/README.md @@ -375,7 +375,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.5 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.7 | |image.pullPolicy| Image pull policy | Always | ### Persistence diff --git a/values.yaml b/values.yaml index 2a49230..5c4c860 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.13.5 + tag: 1.13.7 pullPolicy: Always imagePullSecrets: [] -- 2.40.1 From 2b01e6ece6cfa925c3f3023d7e2e5511f618f441 Mon Sep 17 00:00:00 2001 From: luhahn Date: Mon, 19 Apr 2021 20:30:02 +0800 Subject: [PATCH 044/390] Fix permissions on external mounts (#144) Co-authored-by: luhahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/144 Reviewed-by: Lunny Xiao Reviewed-by: Andrew Thornton Co-authored-by: luhahn Co-committed-by: luhahn --- templates/gitea/init.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 926c1f2..4fe4d1f 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -16,6 +16,7 @@ stringData: # END: initPreScript {{- end }} + chown 1000:1000 /data mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh mkdir -p /data/gitea/conf -- 2.40.1 From b88bbd6d4d6729aa0f6c6f5f3b7d830b5bf8fb53 Mon Sep 17 00:00:00 2001 From: luhahn Date: Thu, 29 Apr 2021 17:12:48 +0800 Subject: [PATCH 045/390] gitea-1.14.x-updates (#148) This PR includes the changes from: - https://gitea.com/gitea/helm-chart/pulls/129 - https://gitea.com/gitea/helm-chart/pulls/140 In addition it adds the possibility to include secrets via environment variables as mentioned in #60 Co-authored-by: Hans Kristian Flaatten Co-authored-by: flavio.prado Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/148 Reviewed-by: techknowlogick Reviewed-by: Andrew Thornton Co-authored-by: luhahn Co-committed-by: luhahn --- Chart.yaml | 2 +- README.md | 10 ++++++++- templates/_helpers.tpl | 12 +++++++++- templates/gitea/config.yaml | 30 ++++++++++++++++++++----- templates/gitea/init.yaml | 13 ++++++++++- templates/gitea/statefulset.yaml | 34 ++++++++++++++++++++-------- values.yaml | 38 ++++++++++++++++++++------------ 7 files changed, 106 insertions(+), 33 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 1dc9a13..be8ff92 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.13.7 +appVersion: 1.14.1 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index d2332f9..c453aec 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,13 @@ Dependencies: * Helm 3.0+ * PV provisioner for persistent data support +## Gitea Version 1.14.X repository ROOT + +Previously the ROOT folder for the gitea repositories was located at /data/git/gitea-repositories +1.14 changed this to /data/gitea-repositories. + +This chart will set the gitea.config.repository.ROOT value default to /data/git/gitea-repositories + ## Examples ### Gitea Configuration @@ -375,8 +382,9 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.7 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.1 | |image.pullPolicy| Image pull policy | Always | +|image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | ### Persistence diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index b685865..4f2841c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -31,6 +31,16 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create image name and tag used by the deployment. +*/}} +{{- define "gitea.image" -}} +{{- $name := .Values.image.repository -}} +{{- $tag := ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") -}} +{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} +{{- printf "%s:%s%s" $name $tag $rootless -}} +{{- end -}} + {{/* Common labels */}} @@ -115,4 +125,4 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} {{- end -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 83c3154..6f1e74f 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -27,12 +27,21 @@ stringData: {{- $_ := set .Values.gitea.config "security" dict -}} {{- end -}} - {{- /* security default settings */ -}} + {{- if not .Values.gitea.config.repository -}} + {{- $_ := set .Values.gitea.config "repository" dict -}} + {{- end -}} + + {{- /* repository default settings */ -}} + {{- if not .Values.gitea.config.repository.ROOT -}} + {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} + {{- end -}} + + {{- /* security default settings */ -}} {{- if not .Values.gitea.config.security.INSTALL_LOCK -}} {{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}} {{- end -}} - {{- /* server default settings */ -}} + {{- /* server default settings */ -}} {{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}} {{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}} {{- end -}} @@ -64,7 +73,16 @@ stringData: {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} {{- end -}} {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} + {{- if not .Values.image.rootless -}} {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} + {{- else -}} + {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}} + {{- end -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} + {{- if .Values.image.rootless -}} + {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} + {{- end -}} {{- end -}} {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}} @@ -80,7 +98,7 @@ stringData: {{- /* database default settings */ -}} {{- if .Values.gitea.database.builtIn.postgresql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} @@ -88,7 +106,7 @@ stringData: {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}} {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}} {{ else if .Values.gitea.database.builtIn.mysql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}} {{- end -}} @@ -113,7 +131,7 @@ stringData: {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}} {{- end -}} {{- end -}} - + {{- /* autogenerate app.ini */ -}} {{- range $key, $value := .Values.gitea.config }} {{- if kindIs "map" $value }} @@ -127,4 +145,4 @@ stringData: {{- else }} {{ $key | upper }} = {{ $value }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 4fe4d1f..2b4b59d 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -20,18 +20,27 @@ stringData: mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh mkdir -p /data/gitea/conf + + # Copy config file to writable volume cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini chmod a+rwx /data/gitea/conf/app.ini {{- if include "db.servicename" . }} + # Wait for database to become avialble nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \ {{- end }} + {{- if not .Values.image.rootless }} su git -c ' \ + {{- end }} set -x; \ gitea migrate; \ {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} gitea admin create-user --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ || \ - gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \ + gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} \ + || \ + gitea admin user create --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ + || \ + gitea admin user change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \ {{- end }} {{- if .Values.gitea.ldap.enabled }} gitea admin auth add-ldap \ @@ -53,4 +62,6 @@ stringData: {{- include "gitea.oauth_settings" . | nindent 6 }} \ ) \ {{- end }} + {{- if not .Values.image.rootless }} ' + {{- end }} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 4e19c9b..9b331fb 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -36,13 +36,18 @@ spec: fsGroup: 1000 initContainers: - name: init - image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" + image: "{{ include "gitea.image" . }}" command: ["/usr/sbin/init_gitea.sh"] env: - {{- range .Values.statefulset.env }} - - name: {{ .name | quote | nospace }} - value: {{ .value | quote }} - {{- end }} + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- end }} volumeMounts: - name: init mountPath: /usr/sbin @@ -56,7 +61,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" + image: "{{ include "gitea.image" . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: # SSH Port values have to be set here as well for openssh configuration @@ -64,9 +69,16 @@ spec: value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }} - name: SSH_PORT value: {{ .Values.gitea.config.server.SSH_PORT | quote }} - {{- range .Values.statefulset.env }} - - name: {{ .name | quote | nospace }} - value: {{ .value | quote }} + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + - name: GITEA_TEMP + value: /tmp/gitea + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} ports: - name: ssh @@ -121,6 +133,8 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} volumeMounts: + - name: temp + mountPath: /tmp/gitea - name: data mountPath: /data {{- if .Values.extraVolumeMounts }} @@ -149,6 +163,8 @@ spec: {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} + - name: temp + emptyDir: {} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: diff --git a/values.yaml b/values.yaml index 5c4c860..bec2288 100644 --- a/values.yaml +++ b/values.yaml @@ -8,12 +8,22 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.13.7 + tag: 1.14.1 pullPolicy: Always + rootless: false # only possible when running 1.14 or later imagePullSecrets: [] securityContext: {} +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - ALL +# privileged: false +# readOnlyRootFilesystem: true +# runAsGroup: 1000 +# runAsNonRoot: true +# runAsUser: 1000 service: http: @@ -119,25 +129,25 @@ gitea: ldap: enabled: false - #name: - #securityProtocol: - #host: - #port: - #userSearchBase: - #userFilter: - #adminFilter: - #emailAttribute: - #bindDn: - #bindPassword: - #usernameAttribute: + #name: + #securityProtocol: + #host: + #port: + #userSearchBase: + #userFilter: + #adminFilter: + #emailAttribute: + #bindDn: + #bindPassword: + #usernameAttribute: #sshPublicKeyAttribute: oauth: enabled: false #name: #provider: - #key: - #secret: + #key: + #secret: #autoDiscoverUrl: #useCustomUrls: #customAuthUrl: -- 2.40.1 From 5b5ea7173ada2280fe493ce820918ad5b66f91c8 Mon Sep 17 00:00:00 2001 From: mrdima Date: Mon, 7 Jun 2021 16:41:16 +0800 Subject: [PATCH 046/390] Add value option to define schedulerName (#150) For those who have a need to configure the schedulerName like us, make this an option just as it is for example in the postgres chart Co-authored-by: Dimitri Ars Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/150 Reviewed-by: luhahn Reviewed-by: Lunny Xiao Co-authored-by: mrdima Co-committed-by: mrdima --- README.md | 1 + templates/gitea/statefulset.yaml | 3 +++ values.yaml | 5 +++++ 3 files changed, 9 insertions(+) diff --git a/README.md b/README.md index c453aec..541e343 100644 --- a/README.md +++ b/README.md @@ -376,6 +376,7 @@ Annotations can be added to the Gitea pod. | extraVolumeMounts | Additional volumes mounts for the Gitea containers | {} | | initPreScript | Bash script copied verbatim to start of init container | | | securityContext | Run as a specific securityContext | {} | +| schedulerName | Use an alternate scheduler, e.g. "stork" | | ### Image diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 9b331fb..e73cc3e 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -28,6 +28,9 @@ spec: {{- toYaml .Values.statefulset.labels | nindent 8 }} {{- end }} spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/values.yaml b/values.yaml index bec2288..a04e765 100644 --- a/values.yaml +++ b/values.yaml @@ -68,6 +68,11 @@ resources: {} # cpu: 100m # memory: 128Mi +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + nodeSelector: {} tolerations: [] -- 2.40.1 From 5ab596937a355b9496887d42b5e51899b51fd8eb Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 7 Jun 2021 21:27:25 +0800 Subject: [PATCH 047/390] Fix rootless image usage with enhanced security-context (#160) I've noticed that the commented `securityContext` is not really useable with the rootless image due to different directory structure compared to the default image. Important for the `readOnlyRootFilesystem` is to declare the `TMPDIR` environment variable, so that the tmp directory (which is readonly in this case) won't be used. Instead, another writeable directory can be used. Another thing is the explicit hint that all these security options cannot be used with the default (root-based) image, because of its design. ~~Although this PR would fix the referenced issue, I am not totally happy with the current implementation. It would be more straight forward to use the same mount points for both image variants. Unfortunately, this is not possible right now due to hard coded paths in the default (root) image startup scripts.~~ ~~Anyone have suggestions on how this could be more simple?~~ ------- **Sum-up:** As mentioned in Discord, this PR tried to make too many changes. The necessary changes made in 1f331a7e6577fc798196a84a957330aca0d663cd will fix an error that occurs due to restricted access to the `/tmp` directory in a rootless image with all the `securityContext` options enabled. I also updated the default image to 1.14.2. Fixes: #158 Co-authored-by: JustusBunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/160 Reviewed-by: luhahn Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/gitea/statefulset.yaml | 4 +++- values.yaml | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index e73cc3e..78a0b18 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -80,6 +80,8 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea + - name: TMPDIR + value: /tmp/gitea {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} @@ -137,7 +139,7 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} volumeMounts: - name: temp - mountPath: /tmp/gitea + mountPath: /tmp - name: data mountPath: /data {{- if .Values.extraVolumeMounts }} diff --git a/values.yaml b/values.yaml index a04e765..dc73b04 100644 --- a/values.yaml +++ b/values.yaml @@ -8,12 +8,13 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.14.1 + tag: 1.14.2 pullPolicy: Always rootless: false # only possible when running 1.14 or later imagePullSecrets: [] +# only usable with rootless image due to image design securityContext: {} # allowPrivilegeEscalation: false # capabilities: -- 2.40.1 From 441f0748e967bee46820fc62f143f44ff0b9e1dc Mon Sep 17 00:00:00 2001 From: modzilla Date: Mon, 7 Jun 2021 22:28:28 +0800 Subject: [PATCH 048/390] Fixing prometheus monitoring (#157) At least the latest versions of prometheus watch for a label called "release" and not "prometheus" so with that change prometheus started collecting logs. If that old label is still needed, we / I could change it to add entries from "additionalLabels", so that we are quite flexible and don't have breaking changes. Co-authored-by: Justin Lamp Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/157 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: modzilla Co-committed-by: modzilla --- templates/gitea/servicemonitor.yaml | 4 ++-- values.yaml | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index 8f22ea5..02750d0 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -5,8 +5,8 @@ metadata: name: {{ include "gitea.fullname" . }} labels: {{- include "gitea.labels" . | nindent 4 }} - {{- if .Values.gitea.metrics.serviceMonitor.prometheusSelector }} - prometheus: {{ .Values.gitea.metrics.serviceMonitor.prometheusSelector }} + {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.gitea.metrics.serviceMonitor.additionalLabels | nindent 4 }} {{- end }} spec: selector: diff --git a/values.yaml b/values.yaml index dc73b04..e1a2526 100644 --- a/values.yaml +++ b/values.yaml @@ -131,7 +131,8 @@ gitea: enabled: false serviceMonitor: enabled: false - # prometheusSelector: default + # additionalLabels: + # prometheus-release: prom1 ldap: enabled: false -- 2.40.1 From 178bc0ab79d477b0d956027f1ecb67af1ac49f46 Mon Sep 17 00:00:00 2001 From: luhahn Date: Tue, 8 Jun 2021 01:53:01 +0800 Subject: [PATCH 049/390] Improve http service and update Readme (#167) This PR adds some options for the http service: - loadBalancerIP - nodePort - externalTrafficPolicy - externalIPs Also updated the README and values.yml with the values. Added storageClass explanation in README and empty value in values.yml Fixes: #162 Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/167 Reviewed-by: techknowlogick Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: luhahn Co-committed-by: luhahn --- README.md | 26 ++++++++++++++++++++++++-- templates/gitea/http-svc.yaml | 13 +++++++++++++ values.yaml | 4 ++++ 3 files changed, 41 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 541e343..fb1deeb 100644 --- a/README.md +++ b/README.md @@ -205,6 +205,17 @@ If the built in cache should not be used simply configure the cache in gitea.con Gitea will be deployed as a statefulset. By simply enabling the persistence and setting the storage class according to your cluster everything else will be taken care of. The following example will create a PVC as a part of the statefulset. This PVC will not be deleted even if you uninstall the chart. +Please note, that an empty storageClass in the persistence will result in kubernetes using your default storage class. + +If you want to use your own storageClass define it as followed: + +```yaml +persistence: + enabled: true + storageClass: myOwnStorageClass + +``` + When using Postgresql as dependency, this will also be deployed as a statefulset by default. If you want to manage your own PVC you can simply pass the PVC name to the chart. @@ -414,11 +425,22 @@ Annotations can be added to the Gitea pod. |---------------------|-----------------------------------|------------------------------| |service.http.type| Kubernetes service type for web traffic | ClusterIP | |service.http.port| Port for web traffic | 3000 | +|service.http.clusterIP| ClusterIP setting for http autosetup for statefulset is None | None | +|service.http.loadBalancerIP| LoadBalancer Ip setting | | +|service.http.nodePort| NodePort for http service | | +|service.http.externalTrafficPolicy| If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | +|service.http.externalIPs| http service external IP addresses | 3000 | +|service.http.loadBalancerSourceRanges| Source range filter for http loadbalancer | [] | +|service.http.annotations| http service annotations | | + |service.ssh.type| Kubernetes service type for ssh traffic | ClusterIP | |service.ssh.port| Port for ssh traffic | 22 | +|service.ssh.loadBalancerIP| LoadBalancer Ip setting | | +|service.ssh.nodePort| NodePort for ssh service | | |service.ssh.externalTrafficPolicy| If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -|service.ssh.externalIPs| SSH service external IP addresses |[]| -|service.ssh.annotations| Additional ssh annotations for the ssh service || +|service.ssh.externalIPs| ssh service external IP addresses | 3000 | +|service.ssh.loadBalancerSourceRanges| Source range filter for ssh loadbalancer | [] | +|service.ssh.annotations| ssh service annotations | | ### Gitea Configuration diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 20c0de6..ed3aa8a 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -11,6 +11,19 @@ spec: {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} {{- end }} + {{- if .Values.service.http.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range .Values.service.http.loadBalancerSourceRanges }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .Values.service.http.externalIPs }} + externalIPs: + {{- toYaml .Values.service.http.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.http.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.http.externalTrafficPolicy }} + {{- end }} {{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }} clusterIP: {{ .Values.service.http.clusterIP }} {{- end }} diff --git a/values.yaml b/values.yaml index e1a2526..6ea4b7e 100644 --- a/values.yaml +++ b/values.yaml @@ -33,6 +33,9 @@ service: clusterIP: None #loadBalancerIP: #nodePort: + #externalTrafficPolicy: + #externalIPs: + loadBalancerSourceRanges: [] annotations: ssh: type: ClusterIP @@ -95,6 +98,7 @@ persistence: - ReadWriteOnce labels: {} annotations: {} + # storageClass: # additional volumes to add to the Gitea statefulset. extraVolumes: -- 2.40.1 From 031b58c90ea3b18eb8964fab5b1f214e78fca79b Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 8 Jun 2021 01:55:05 +0800 Subject: [PATCH 050/390] update docs for 1.14.2 Signed-off-by: techknowlogick --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fb1deeb..195b9e9 100644 --- a/README.md +++ b/README.md @@ -394,7 +394,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.1 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.2 | |image.pullPolicy| Image pull policy | Always | |image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | -- 2.40.1 From 6fa80222a6d6a9a1e7bd52c2ea3a82a95fc7ff3b Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 8 Jun 2021 02:02:59 +0800 Subject: [PATCH 051/390] update to latest v of alpine --- .drone.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6840a4e..939bc69 100644 --- a/.drone.yml +++ b/.drone.yml @@ -9,7 +9,7 @@ platform: steps: - name: lint pull: always - image: alpine:3.12 + image: alpine:3.13 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm lint @@ -42,14 +42,15 @@ trigger: steps: - name: generate-chart pull: always - image: alpine:3.12 + image: alpine:3.13 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - apk add --no-cache curl - helm dependency update - helm package --version "${DRONE_TAG##v}" ./ - mkdir gitea - mv gitea*.tgz gitea/ - - wget -O gitea/index.yaml https://dl.gitea.io/charts/index.yaml + - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml - name: upload-chart -- 2.40.1 From 6b8b64f607701f1158be3af2dd313f9bd61b78fc Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 8 Jun 2021 02:05:07 +0800 Subject: [PATCH 052/390] use new s3 bucket for artifacts --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 939bc69..c09487d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -57,7 +57,7 @@ steps: pull: always image: plugins/s3:latest settings: - bucket: releases + bucket: gitea-artifacts endpoint: https://storage.gitea.io path_style: true access_key: -- 2.40.1 From f0070ef64bcb8fa91ac16acdd11f923235a552fa Mon Sep 17 00:00:00 2001 From: luhahn Date: Wed, 9 Jun 2021 19:42:49 +0800 Subject: [PATCH 053/390] Add check on chown in init container (#165) The chown in the init container will fail in the rootles image. Checking if the image is rootless or not will prevent this error noise. Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/165 Reviewed-by: Andrew Thornton Reviewed-by: Lunny Xiao Co-authored-by: luhahn Co-committed-by: luhahn --- templates/gitea/init.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 2b4b59d..c97c166 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -16,7 +16,9 @@ stringData: # END: initPreScript {{- end }} + {{- if not .Values.image.rootless }} chown 1000:1000 /data + {{- end }} mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh mkdir -p /data/gitea/conf -- 2.40.1 From 6e841e6e26ebceea74d4886bf824c4af52ff1be7 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 9 Jun 2021 22:35:50 +0800 Subject: [PATCH 054/390] Fix regression for creating repositories in root-based containers (#172) Due to #160 it was no longer possible to create repositories in root-based containers. This was caused by the missing `/tmp/gitea` directory in that image. It was dynamically created by Gitea internal functionality with less privileges than necessary. Explicitly creating the directory and set proper permissions fix this. Fixes: #171 Co-authored-by: JustusBunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/172 Reviewed-by: luhahn Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.yaml | 2 +- templates/gitea/init.yaml | 5 +++++ templates/gitea/statefulset.yaml | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index be8ff92..355b59d 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.14.1 +appVersion: 1.14.2 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index c97c166..33184d7 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -23,6 +23,11 @@ stringData: chmod -R 700 /data/git/.ssh mkdir -p /data/gitea/conf + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chown 1000:1000 "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + # Copy config file to writable volume cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini chmod a+rwx /data/gitea/conf/app.ini diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 78a0b18..e20e940 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -48,12 +48,16 @@ spec: value: /data/gitea - name: GITEA_WORK_DIR value: /data + - name: GITEA_TEMP + value: /tmp/gitea {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} volumeMounts: - name: init mountPath: /usr/sbin + - name: temp + mountPath: /tmp - name: config mountPath: /etc/gitea/conf - name: data -- 2.40.1 From c49dc047a498973920e6743fa6c330fd2f81dd47 Mon Sep 17 00:00:00 2001 From: luhahn Date: Thu, 10 Jun 2021 19:13:33 +0800 Subject: [PATCH 055/390] Allow existing secrets for passwords (#170) Allow admin user and password to be configured via existing secrets Allow LDAP bindDn and bindPassword to be configured via existing secrets Update Readme Fixes: #169 Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/170 Reviewed-by: techknowlogick Reviewed-by: Lunny Xiao Co-authored-by: luhahn Co-committed-by: luhahn --- README.md | 39 ++++++++++++++++++++++++++++++++ templates/_helpers.tpl | 16 +++++++++++-- templates/gitea/init.yaml | 8 +++---- templates/gitea/statefulset.yaml | 34 ++++++++++++++++++++++++++++ values.yaml | 2 ++ 5 files changed, 93 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 195b9e9..2fe06f6 100644 --- a/README.md +++ b/README.md @@ -262,6 +262,25 @@ You cannot use `admin` as username. email: "gi@tea.com" ``` +You can also use an existing Secret to configure the admin user: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-admin-secret +type: Opaque +stringData: + username: MyAwesomeGiteaAdmin + password: AReallyAwesomeGiteaPassword +``` + +```yaml +gitea: + admin: + existingSecret: gitea-admin-secret +``` + ### LDAP Settings Like the admin user the LDAP settings can be updated, but also disabled or deleted. @@ -306,6 +325,26 @@ kebab-case: bind-password: JustAnotherBindPw username-attribute: CN ``` + +You can also use an existing secret to set the bindDn and bindPassword: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-ldap-secret +type: Opaque +stringData: + bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com + bindPassword: JustAnotherBindPw +``` + +```yaml +gitea: + ldap: + existingSecret: gitea-ldap-secret +``` + ### OAuth2 Settings Like the admin user the OAuth2 settings can be updated but also disabled or deleted. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4f2841c..9a4f940 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -108,9 +108,21 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.ldap_settings" -}} +{{- if or (not (hasKey .Values.gitea.ldap "bindDn")) (not (hasKey .Values.gitea.ldap "bind-dn")) -}} +{{- $_ := set .Values.gitea.ldap "bindDn" "" -}} +{{- end -}} + +{{- if or (not (hasKey .Values.gitea.ldap "bindPassword")) (not (hasKey .Values.gitea.ldap "bind-password")) -}} +{{- $_ := set .Values.gitea.ldap "bindPassword" "" -}} +{{- end -}} + {{- range $key, $val := .Values.gitea.ldap -}} -{{- if ne $key "enabled" -}} -{{- if eq $key "port" -}} +{{- if and (ne $key "enabled") (ne $key "existingSecret") -}} +{{- if eq ($key | kebabcase) "bind-dn" -}} +{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_BIND_DN}" | quote ) -}} +{{- else if eq ($key | kebabcase) "bind-password" -}} +{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}} +{{- else if eq $key "port" -}} {{- printf "--%s %d " ($key | kebabcase) ($val | int) -}} {{- else -}} {{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 33184d7..d23f8df 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -41,13 +41,13 @@ stringData: set -x; \ gitea migrate; \ {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} - gitea admin create-user --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ + gitea admin create-user --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ || \ - gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} \ + gitea admin change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" \ || \ - gitea admin user create --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ + gitea admin user create --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ || \ - gitea admin user change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \ + gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"; \ {{- end }} {{- if .Values.gitea.ldap.enabled }} gitea admin auth add-ldap \ diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index e20e940..42c1945 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -50,6 +50,40 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea + {{- if .Values.gitea.ldap.existingSecret }} + - name: GITEA_LDAP_BIND_DN + valueFrom: + secretKeyRef: + key: bindDn + name: {{ .Values.gitea.ldap.existingSecret }} + - name: GITEA_LDAP_PASSWORD + valueFrom: + secretKeyRef: + key: bindPassword + name: {{ .Values.gitea.ldap.existingSecret }} + {{- else }} + - name: GITEA_LDAP_BIND_DN + value: {{ .Values.gitea.ldap.bindDn | quote }} + - name: GITEA_ADMIN_PASSWORD + value: {{ .Values.gitea.ldap.bindPassword | quote }} + {{- end }} + {{- if .Values.gitea.admin.existingSecret }} + - name: GITEA_ADMIN_USERNAME + valueFrom: + secretKeyRef: + key: username + name: {{ .Values.gitea.admin.existingSecret }} + - name: GITEA_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: {{ .Values.gitea.admin.existingSecret }} + {{- else }} + - name: GITEA_ADMIN_USERNAME + value: {{ .Values.gitea.admin.username | quote }} + - name: GITEA_ADMIN_PASSWORD + value: {{ .Values.gitea.admin.password | quote }} + {{- end }} {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} diff --git a/values.yaml b/values.yaml index 6ea4b7e..40c1ecd 100644 --- a/values.yaml +++ b/values.yaml @@ -127,6 +127,7 @@ initPreScript: "" gitea: admin: + #existingSecret: gitea-admin-secret username: gitea_admin password: r8sA8CPHD9!bt6d email: "gitea@local.domain" @@ -140,6 +141,7 @@ gitea: ldap: enabled: false + #existingSecret: gitea-ldap-secret #name: #securityProtocol: #host: -- 2.40.1 From e3b03cd61a11863bae4c52e9b166b21b75f2d45b Mon Sep 17 00:00:00 2001 From: luhahn Date: Wed, 16 Jun 2021 05:07:59 +0800 Subject: [PATCH 056/390] Fix LDAP Ppassword env variable (#182) Fixes: #179 Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/182 Reviewed-by: Andrew Thornton Reviewed-by: techknowlogick Co-authored-by: luhahn Co-committed-by: luhahn --- templates/gitea/statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 42c1945..d4a16c8 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -64,7 +64,7 @@ spec: {{- else }} - name: GITEA_LDAP_BIND_DN value: {{ .Values.gitea.ldap.bindDn | quote }} - - name: GITEA_ADMIN_PASSWORD + - name: GITEA_LDAP_PASSWORD value: {{ .Values.gitea.ldap.bindPassword | quote }} {{- end }} {{- if .Values.gitea.admin.existingSecret }} -- 2.40.1 From f344b4559d0477874ae3ae141b071f9007cc27cb Mon Sep 17 00:00:00 2001 From: luhahn Date: Wed, 16 Jun 2021 05:09:02 +0800 Subject: [PATCH 057/390] Upgrade Gitea dependencies (#141) - postgresql 9.7.2 to 10.3.17 - mariadb 8.0.0 to 9.3.6 - memcached 4.2.20 to 5.9.0 Tested on my clusters. Co-authored-by: Lucas Hahn Co-authored-by: Lunny Xiao Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/141 Reviewed-by: Andrew Thornton Reviewed-by: techknowlogick Co-authored-by: luhahn Co-committed-by: luhahn --- Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 355b59d..177e9bc 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -30,7 +30,7 @@ maintainers: dependencies: - name: memcached repository: https://charts.bitnami.com/bitnami - version: 4.2.20 + version: 5.9.0 condition: gitea.cache.builtIn.enabled - name: mysql repository: https://charts.bitnami.com/bitnami @@ -38,9 +38,9 @@ dependencies: condition: gitea.database.builtIn.mysql.enabled - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 9.7.2 + version: 10.3.17 condition: gitea.database.builtIn.postgresql.enabled - name: mariadb repository: https://charts.bitnami.com/bitnami - version: 8.0.0 + version: 9.3.6 condition: gitea.database.builtIn.mariadb.enabled -- 2.40.1 From f0ed41de9ea8e4cf1ba28a607bbc6735258818b7 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 20 Jun 2021 03:35:21 +0800 Subject: [PATCH 058/390] Fix minor README flaws (#184) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/184 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 42 ++++++++++++++++++++++++------------------ values.yaml | 1 + 2 files changed, 25 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 2fe06f6..7283168 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ Dependencies: ```sh helm repo add gitea-charts https://dl.gitea.io/charts/ + helm repo update helm install gitea gitea-charts/gitea ``` @@ -147,7 +148,7 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change port: 22 ``` -This helm chart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing. +This helm chart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the `gitea.config` dict. However you should know what you're doing. ### ClusterIP @@ -213,7 +214,6 @@ If you want to use your own storageClass define it as followed: persistence: enabled: true storageClass: myOwnStorageClass - ``` When using Postgresql as dependency, this will also be deployed as a statefulset by default. @@ -347,7 +347,7 @@ gitea: ### OAuth2 Settings -Like the admin user the OAuth2 settings can be updated but also disabled or deleted. +Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values from are available. You can either use them in camel case or kebab case. @@ -420,10 +420,10 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |-------------------------------------------|--------------------------------------------------------|-------------| -| statefulset.terminationGracePeriodSeconds | Image to start for this pod | gitea/gitea | +| statefulset.terminationGracePeriodSeconds | How long to wait until forcefully kill the pod | 60 | | statefulset.env | Additional environment variables to pass to containers | [] | | extraVolumes | Additional volumes to mount to the Gitea statefulset | {} | -| extraVolumeMounts | Additional volumes mounts for the Gitea containers | {} | +| extraVolumeMounts | Additional volume mounts for the Gitea containers | {} | | initPreScript | Bash script copied verbatim to start of init container | | | securityContext | Run as a specific securityContext | {} | | schedulerName | Use an alternate scheduler, e.g. "stork" | | @@ -460,6 +460,8 @@ Annotations can be added to the Gitea pod. ### Service +#### Web + | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |service.http.type| Kubernetes service type for web traffic | ClusterIP | @@ -468,16 +470,20 @@ Annotations can be added to the Gitea pod. |service.http.loadBalancerIP| LoadBalancer Ip setting | | |service.http.nodePort| NodePort for http service | | |service.http.externalTrafficPolicy| If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -|service.http.externalIPs| http service external IP addresses | 3000 | +|service.http.externalIPs| http service external IP addresses | | |service.http.loadBalancerSourceRanges| Source range filter for http loadbalancer | [] | |service.http.annotations| http service annotations | | +#### SSH + +| Parameter | Description | Default | +|---------------------|-----------------------------------|------------------------------| |service.ssh.type| Kubernetes service type for ssh traffic | ClusterIP | |service.ssh.port| Port for ssh traffic | 22 | |service.ssh.loadBalancerIP| LoadBalancer Ip setting | | |service.ssh.nodePort| NodePort for ssh service | | |service.ssh.externalTrafficPolicy| If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -|service.ssh.externalIPs| ssh service external IP addresses | 3000 | +|service.ssh.externalIPs| ssh service external IP addresses | | |service.ssh.loadBalancerSourceRanges| Source range filter for ssh loadbalancer | [] | |service.ssh.annotations| ssh service annotations | | @@ -485,7 +491,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| -|gitea.config | Everything in app.ini can be configured with this dict. See Examples for more details | {} | +|gitea.config | Everything in `app.ini` can be configured with this dict. See [Examples](#examples) for more details | {} | ### Gitea Probes @@ -500,13 +506,13 @@ Configure Liveness, Readiness and Startup [Probes](https://kubernetes.io/docs/ta |gitea.livenessProbe.successThreshold | Minimum consecutive success probes | 1 | |gitea.livenessProbe.failureThreshold | Minimum consecutive error probes | 10 | |gitea.readinessProbe.enabled | Enable readiness probe | true | -|gitea.readinessProbe.initialDelaySeconds | Delay before probe start| 200 | +|gitea.readinessProbe.initialDelaySeconds | Delay before probe start| 5 | |gitea.readinessProbe.timeoutSeconds | probe timeout | 1 | |gitea.readinessProbe.periodSeconds | period between probes | 10 | |gitea.readinessProbe.successThreshold | Minimum consecutive success probes | 1 | -|gitea.readinessProbe.failureThreshold | Minimum consecutive error probes | 10 | +|gitea.readinessProbe.failureThreshold | Minimum consecutive error probes | 3 | |gitea.startupProbe.enabled | Enable startup probe | false | -|gitea.startupProbe.initialDelaySeconds | Delay before probe start| 200 | +|gitea.startupProbe.initialDelaySeconds | Delay before probe start| 60 | |gitea.startupProbe.timeoutSeconds | probe timeout | 1 | |gitea.startupProbe.periodSeconds | period between probes | 10 | |gitea.startupProbe.successThreshold | Minimum consecutive success probes | 1 | @@ -527,22 +533,22 @@ The following parameters are the defaults set by this chart ### Mysql BuiltIn -Mysql is loaded as a dependency from stable. Configuration can be found from this [website](https://github.com/helm/charts/tree/master/stable/mysql) +Mysql is loaded as a dependency from stable. Configuration can be found on this [website](https://github.com/helm/charts/tree/master/stable/mysql). The following parameters are the defaults set by this chart | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| -|mysql.mysqlRootPassword|Password for the root user. Ignored if existing secret is provided|gitea| -|mysql.mysqlUser|Username of new user to create.|gitea| -|mysql.mysqlPassword|Password for the new user. Ignored if existing secret is provided|gitea| -|mysql.mysqlDatabase|Name for new database to create.|gitea| +|mysql.root.password|Password for the root user. Ignored if existing secret is provided|gitea| +|mysql.db.user|Username of new user to create.|gitea| +|mysql.db.password|Password for the new user. Ignored if existing secret is provided|gitea| +|mysql.db.name|Name for new database to create.|gitea| |mysql.service.port|Port to connect to mysql service|3306| |mysql.persistence.size|Persistence size for mysql |10Gi| ### Postgresql BuiltIn -Postgresql is loaded as a dependency from Bitnami. The chart configuration can be found from this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) repository. +Postgresql is loaded as a dependency from Bitnami. The chart configuration can be found in this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) repository. The following parameters are the defaults set by this chart @@ -556,7 +562,7 @@ The following parameters are the defaults set by this chart ### MariaDB BuiltIn -MariaDB is loaded as a dependency from bitnami. Configuration can be found from this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) +MariaDB is loaded as a dependency from bitnami. Configuration can be found in this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) repository. The following parameters are the defaults set by this chart diff --git a/values.yaml b/values.yaml index 40c1ecd..ddb72e2 100644 --- a/values.yaml +++ b/values.yaml @@ -210,6 +210,7 @@ gitea: startupProbe: enabled: false initialDelaySeconds: 60 + timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 -- 2.40.1 From d6eb50ca35e7469fdcd59b77dabec62842b9b2de Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 21 Jun 2021 21:28:18 +0800 Subject: [PATCH 059/390] Fix admin + ldap configuration (#183) This fixes several flaws introduced by commits for #169 (see c49dc047a498973920e6743fa6c330fd2f81dd47). - Respect kebab-case ldap bind inline definition - Prevent camelCase ldap bind inline definition from being overridden by empty string - Create admin account when `existingSecret` is used Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/183 Reviewed-by: Andrew Thornton Reviewed-by: luhahn Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/_helpers.tpl | 4 ++-- templates/gitea/init.yaml | 2 +- templates/gitea/statefulset.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 9a4f940..8cafd79 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -108,11 +108,11 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.ldap_settings" -}} -{{- if or (not (hasKey .Values.gitea.ldap "bindDn")) (not (hasKey .Values.gitea.ldap "bind-dn")) -}} +{{- if and (not (hasKey .Values.gitea.ldap "bindDn")) (not (hasKey .Values.gitea.ldap "bind-dn")) -}} {{- $_ := set .Values.gitea.ldap "bindDn" "" -}} {{- end -}} -{{- if or (not (hasKey .Values.gitea.ldap "bindPassword")) (not (hasKey .Values.gitea.ldap "bind-password")) -}} +{{- if and (not (hasKey .Values.gitea.ldap "bindPassword")) (not (hasKey .Values.gitea.ldap "bind-password")) -}} {{- $_ := set .Values.gitea.ldap "bindPassword" "" -}} {{- end -}} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index d23f8df..b44d130 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -40,7 +40,7 @@ stringData: {{- end }} set -x; \ gitea migrate; \ - {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} + {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} gitea admin create-user --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ || \ gitea admin change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" \ diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index d4a16c8..b232478 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -63,9 +63,9 @@ spec: name: {{ .Values.gitea.ldap.existingSecret }} {{- else }} - name: GITEA_LDAP_BIND_DN - value: {{ .Values.gitea.ldap.bindDn | quote }} + value: {{ default (index .Values.gitea.ldap "bind-dn") .Values.gitea.ldap.bindDn | quote }} - name: GITEA_LDAP_PASSWORD - value: {{ .Values.gitea.ldap.bindPassword | quote }} + value: {{ default (index .Values.gitea.ldap "bind-password") .Values.gitea.ldap.bindPassword | quote }} {{- end }} {{- if .Values.gitea.admin.existingSecret }} - name: GITEA_ADMIN_USERNAME -- 2.40.1 From 0e191bfc7a2ae339b54abfd2aa9fa21843f69cb4 Mon Sep 17 00:00:00 2001 From: mattkaar Date: Fri, 25 Jun 2021 02:28:45 +0800 Subject: [PATCH 060/390] Support custom Ingress path (#151) Adds support for a custom Ingress path. This allows us to run Gitea as a path in an existing domain. Co-authored-by: Matt Kaar Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/151 Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: mattkaar Co-committed-by: mattkaar --- README.md | 4 +++- templates/NOTES.txt | 4 +++- templates/gitea/ingress.yaml | 14 ++++++++------ values.yaml | 5 ++++- 4 files changed, 18 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7283168..5c567cb 100644 --- a/README.md +++ b/README.md @@ -455,7 +455,9 @@ Annotations can be added to the Gitea pod. |---------------------|-----------------------------------|------------------------------| |ingress.enabled| enable ingress | false| |ingress.annotations| add ingress annotations | | -|ingress.hosts| add hosts for ingress as string list | git.example.com | +|ingress.hosts[0].host | add hosts for ingress | git.example.com | +|ingress.hosts[0].paths[0].path | add path for each ingress host | / | +|ingress.hosts[0].paths[0].pathType | add ingress path type | Prefix | |ingress.tls|add ingress tls settings|[]| ### Service diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 8ed67dd..25b35e7 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -1,7 +1,9 @@ 1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/ + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.http.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gitea.fullname" . }}) diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index f1a03c1..e7cb645 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -29,13 +29,14 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ . | quote }} + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} http: paths: - - path: / - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} - pathType: Prefix + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") }} + pathType: {{ .pathType }} {{- end }} backend: {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} @@ -47,5 +48,6 @@ spec: serviceName: {{ $fullName }}-http servicePort: {{ $httpPort }} {{- end }} - {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/values.yaml b/values.yaml index ddb72e2..ef0d804 100644 --- a/values.yaml +++ b/values.yaml @@ -54,7 +54,10 @@ ingress: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - - git.example.com + - host: git.example.com + paths: + - path: / + pathType: Prefix tls: [] # - secretName: chart-example-tls # hosts: -- 2.40.1 From 2901671d23ca6b00f7520e4d484e0168a1d9325c Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 30 Jun 2021 03:22:46 +0800 Subject: [PATCH 061/390] Update maintainers (#192) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/192 Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index 177e9bc..3519103 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -26,6 +26,8 @@ maintainers: email: konrad.lother@novum-rgi.de - name: Lucas Hahn email: lucas.hahn@novum-rgi.de + - name: Steven Kriegler + email: sk.bunsenbrenner@gmail.com dependencies: - name: memcached -- 2.40.1 From 7a3515c2f2f7618aa119272fbbaaf8882995e681 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 30 Jun 2021 03:23:32 +0800 Subject: [PATCH 062/390] Customizable .gnupg folder location (#186) The `HOME` path is not persistent when using the rootless image, so the `.gnupg` folder isn't either. Since the chart always used `/data/...` as mount point for storage of all kinds, it is a minimal impact to just relocate the dynamic `$HOME/.gnupg` folder location to the persistent `/data/git/.gnupg`. This is where the signing keys are stored when running root based environments. Doing so will - allow migrations between both image variants - persist signing keys for rootless environments Fixes: #155 Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/186 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 11 +++++++++++ templates/gitea/statefulset.yaml | 4 ++++ values.yaml | 4 ++++ 3 files changed, 19 insertions(+) diff --git a/README.md b/README.md index 5c567cb..b709d45 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,17 @@ Previously the ROOT folder for the gitea repositories was located at /data/git/g This chart will set the gitea.config.repository.ROOT value default to /data/git/gitea-repositories +## Configure Commit Signing + +When using the rootless image the gpg key folder was is not persistent by default. If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. Prior to [PR 186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. +The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. By default this section is disabled to maintain backwards compatibility. + +```yaml + signing: + enabled: false + gpgHome: /data/git/.gnupg +``` + ## Examples ### Gitea Configuration diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index b232478..2a53dd9 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -120,6 +120,10 @@ spec: value: /tmp/gitea - name: TMPDIR value: /tmp/gitea + {{- if .Values.signing.enabled }} + - name: GNUPGHOME + value: {{ .Values.signing.gpgHome }} + {{- end }} {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} diff --git a/values.yaml b/values.yaml index ef0d804..d49d861 100644 --- a/values.yaml +++ b/values.yaml @@ -127,6 +127,10 @@ initPreScript: "" # chown -R git:git /data/git/.postgresql/ # chmod 400 /data/git/.postgresql/postgresql.key +# Configure commit/action signing prerequisites +signing: + enabled: false + gpgHome: /data/git/.gnupg gitea: admin: -- 2.40.1 From 6a6eb35106a96718d38d9682c5679e2bcd86d7b0 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 30 Jun 2021 03:24:44 +0800 Subject: [PATCH 063/390] Fix regression for unspecified DOMAIN and ROOT_URL (#185) In case a user did not specify DOMAIN in .Values.gitea.config.server, the chart generated incorrect value for that app.ini setting so that Gitea crashed on startup. Same for ROOT_URL. Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/185 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/gitea/config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 6f1e74f..416d495 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -50,7 +50,7 @@ stringData: {{- end -}} {{- if not (.Values.gitea.config.server.DOMAIN) -}} {{- if gt (len .Values.ingress.hosts) 0 -}} - {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0) -}} + {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}} {{- else -}} {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}} {{- end -}} @@ -60,7 +60,7 @@ stringData: {{- if gt (len .Values.ingress.tls) 0 -}} {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}} {{- else -}} - {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0)) -}} + {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0).host) -}} {{- end -}} {{- else -}} {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}} -- 2.40.1 From 9059229acb71a72ac44428836b136aa027f9035d Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 30 Jun 2021 04:09:16 +0800 Subject: [PATCH 064/390] Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 8 ++ templates/_helpers.tpl | 7 +- templates/gitea/init.yaml | 121 ++++++++++++++++++++++--------- templates/gitea/statefulset.yaml | 35 ++++++++- 4 files changed, 130 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index b709d45..2f33f07 100644 --- a/README.md +++ b/README.md @@ -356,6 +356,14 @@ gitea: existingSecret: gitea-ldap-secret ``` +:warning: Some options are just flags and therefore don't any values. If they are defined in `gitea.ldap` configuration, they will be passed to the gitea cli without any value. Affected options: + +- notActive | not-active +- skipTlsVerify | skip-tls-verify +- allowDeactivateAll | allow-deactivate-all +- synchronizeUsers | synchronize-users +- attributesInBind | attributes-in-bind + ### OAuth2 Settings Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the ui. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8cafd79..bd4339d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -116,6 +116,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- $_ := set .Values.gitea.ldap "bindPassword" "" -}} {{- end -}} +{{- $flags := list "not-active" "skip-tls-verify" "allow-deactivate-all" "synchronize-users" "attributes-in-bind" -}} {{- range $key, $val := .Values.gitea.ldap -}} {{- if and (ne $key "enabled") (ne $key "existingSecret") -}} {{- if eq ($key | kebabcase) "bind-dn" -}} @@ -124,8 +125,10 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}} {{- else if eq $key "port" -}} {{- printf "--%s %d " ($key | kebabcase) ($val | int) -}} +{{- else if (has ($key | kebabcase) $flags) -}} +{{- printf "--%s " ($key | kebabcase) -}} {{- else -}} -{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | squote) -}} {{- end -}} {{- end -}} {{- end -}} @@ -134,7 +137,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "gitea.oauth_settings" -}} {{- range $key, $val := .Values.gitea.oauth -}} {{- if ne $key "enabled" -}} -{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | squote) -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index b44d130..c77c2d2 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -6,8 +6,11 @@ metadata: {{- include "gitea.labels" . | nindent 4 }} type: Opaque stringData: - init_gitea.sh: |- - #!/bin/bash + init_directory_structure.sh: |- + #!/usr/bin/env bash + + set -euo pipefail + {{- if .Values.initPreScript }} # BEGIN: initPreScript {{- with .Values.initPreScript -}} @@ -16,6 +19,8 @@ stringData: # END: initPreScript {{- end }} + set -x + {{- if not .Values.image.rootless }} chown 1000:1000 /data {{- end }} @@ -31,44 +36,90 @@ stringData: # Copy config file to writable volume cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini chmod a+rwx /data/gitea/conf/app.ini + configure_gitea.sh: |- + #!/usr/bin/env bash + + set -euo pipefail + {{- if include "db.servicename" . }} - # Wait for database to become avialble - nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \ + # Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de + function test_db_connection() { + local RETRY=0 + local MAX=30 + + echo 'Wait for database to become avialable...' + until [ "${RETRY}" -ge "${MAX}" ]; do + nc -vz -w2 {{ include "db.servicename" . }} {{ include "db.port" . }} && break + RETRY=$[${RETRY}+1] + echo "...not ready yet (${RETRY}/${MAX})" + done + + if [ "${RETRY}" -ge "${MAX}" ]; then + echo "Database not reachable after '${MAX}' attempts!" + exit 1 + fi + } + + test_db_connection {{- end }} - {{- if not .Values.image.rootless }} - su git -c ' \ - {{- end }} - set -x; \ - gitea migrate; \ + + echo '==== BEGIN GITEA CONFIGURATION ====' + + gitea migrate + {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} - gitea admin create-user --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ - || \ - gitea admin change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" \ - || \ - gitea admin user create --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ - || \ - gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"; \ + function configure_admin_user() { + local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") + if [[ -z "${ACCOUNT_ID}" ]]; then + echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." + gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false + echo '...created.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" + echo '...password sync done.' + fi + } + + configure_admin_user {{- end }} + {{- if .Values.gitea.ldap.enabled }} - gitea admin auth add-ldap \ - {{- include "gitea.ldap_settings" . | nindent 6 }} \ - || \ - ( \ - export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \ - gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \ - {{- include "gitea.ldap_settings" . | nindent 6 }} \ - ) \ + function configure_ldap() { + local LDAP_NAME={{ (printf "%s" .Values.gitea.ldap.name) | squote }} + local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") + + if [[ -z "${GITEA_AUTH_ID}" ]]; then + echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." + gitea admin auth add-ldap {{- include "gitea.ldap_settings" . | indent 1 }} + echo '...installed.' + else + echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..." + gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" . | indent 1 }} + echo '...sync settings done.' + fi + } + + configure_ldap {{- end }} + {{- if .Values.gitea.oauth.enabled }} - gitea admin auth add-oauth \ - {{- include "gitea.oauth_settings" . | nindent 6 }} \ - || \ - ( \ - export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.oauth.name | quote }} | awk -F " " "{print \$1}"); \ - gitea admin auth update-oauth --id ${GITEA_AUTH_ID} \ - {{- include "gitea.oauth_settings" . | nindent 6 }} \ - ) \ - {{- end }} - {{- if not .Values.image.rootless }} - ' + function configure_oauth() { + local OAUTH_NAME={{ (printf "%s" .Values.gitea.oauth.name) | squote }} + local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") + + if [[ -z "${AUTH_ID}" ]]; then + echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." + gitea admin auth add-oauth {{- include "gitea.oauth_settings" . | indent 1 }} + echo '...installed.' + else + echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..." + gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" . | indent 1 }} + echo '...sync settings done.' + fi + } + + configure_oauth {{- end }} + + echo '==== END GITEA CONFIGURATION ====' diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 2a53dd9..bf43597 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -38,9 +38,38 @@ spec: securityContext: fsGroup: 1000 initContainers: - - name: init + - name: init-directories image: "{{ include "gitea.image" . }}" - command: ["/usr/sbin/init_gitea.sh"] + command: ["/usr/sbin/init_directory_structure.sh"] + env: + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + - name: GITEA_TEMP + value: /tmp/gitea + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- end }} + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: temp + mountPath: /tmp + - name: config + mountPath: /etc/gitea/conf + - name: data + mountPath: /data + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + - name: configure-gitea + image: "{{ include "gitea.image" . }}" + command: ["/usr/sbin/configure_gitea.sh"] + securityContext: + runAsUser: 1000 env: - name: GITEA_APP_INI value: /data/gitea/conf/app.ini @@ -92,8 +121,6 @@ spec: mountPath: /usr/sbin - name: temp mountPath: /tmp - - name: config - mountPath: /etc/gitea/conf - name: data mountPath: /data {{- if .Values.extraVolumeMounts }} -- 2.40.1 From b7dbb22025b8c5fc096d8eeff6a5c8f4e804a94c Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 30 Jun 2021 23:25:56 +0800 Subject: [PATCH 065/390] Upgrade Gitea to 1.14.3 (#197) Fixes: #195 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/197 Reviewed-by: Lunny Xiao Reviewed-by: luhahn Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 3519103..f081415 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.14.2 +appVersion: 1.14.3 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index 2f33f07..8b995f1 100644 --- a/README.md +++ b/README.md @@ -452,7 +452,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.2 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.3 | |image.pullPolicy| Image pull policy | Always | |image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | diff --git a/values.yaml b/values.yaml index d49d861..3e96f79 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.14.2 + tag: 1.14.3 pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From 767a073a0a9713080b12a8a3fd193f3fc1bb96b6 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Thu, 1 Jul 2021 23:02:56 +0800 Subject: [PATCH 066/390] SSH not working due missing security capability in CRI-O environment (#176) This patch add the SYS_CHROOT capability if the securityContext is undefined. Otherwise the SSH Server does not work correctly as described in the issue #161. Fixes: #161 Co-authored-by: Markus Pesch Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/176 Reviewed-by: techknowlogick Reviewed-by: justusbunsi Reviewed-by: luhahn Co-authored-by: Markus Pesch Co-committed-by: Markus Pesch --- README.md | 20 +++++++++++++++++++- values.yaml | 25 ++++++++++++++++--------- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 8b995f1..3682381 100644 --- a/README.md +++ b/README.md @@ -153,7 +153,7 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change ```yaml service: - http: + http: port: 3000 ssh: port: 22 @@ -189,6 +189,24 @@ service: metallb.universe.tf/allow-shared-ip: test ``` +### SSH on crio based kubernetes cluster + +If you use crio as container runtime it is not possible to read from a remote +repository. You should get an error message like this: + +```bash +$ git clone git@k8s-demo.internal:admin/test.git +Cloning into 'test'... +Connection reset by 192.168.179.217 port 22 +fatal: Could not read from remote repository. + +Please make sure you have the correct access rights +and the repository exists. +``` + +To solve this problem add the capability `SYS_CHROOT` to the `securityContext`. +More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). + ### Cache This helm chart can use a built in cache. The default is memcached from bitnami. diff --git a/values.yaml b/values.yaml index 3e96f79..5851337 100644 --- a/values.yaml +++ b/values.yaml @@ -16,15 +16,22 @@ imagePullSecrets: [] # only usable with rootless image due to image design securityContext: {} -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# privileged: false -# readOnlyRootFilesystem: true -# runAsGroup: 1000 -# runAsNonRoot: true -# runAsUser: 1000 +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - ALL +# # Add the SYS_CHROOT capability for root and rootless images if you intend to +# # run pods on nodes that use the container runtime cri-o. Otherwise, you will +# # get an error message from the SSH server that it is not possible to read from +# # the repository. +# # https://gitea.com/gitea/helm-chart/issues/161 +# add: +# - SYS_CHROOT +# privileged: false +# readOnlyRootFilesystem: true +# runAsGroup: 1000 +# runAsNonRoot: true +# runAsUser: 1000 service: http: -- 2.40.1 From 7de326d931a9f64e280c48ad6ba7d26d437bd632 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 6 Jul 2021 13:28:13 +0800 Subject: [PATCH 067/390] Drop kebab-case configuration notation (#196) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently there are two different styles for defining both ldap and oauth configuration in _values.yaml_ file: `camelCase` and `kebab-case`. Supporting both styles created multiple regressions in the past. ⚠️ BREAKING ⚠️ --------------- These changes completely remove any support for `kebab-case` notation in _values.yaml_ in favor of `camelCase`. Configuration keys must use `camelCase`. Only exception are Kubernetes resource keys for annotations or labels. Fixes: #188 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/196 Reviewed-by: luhahn Reviewed-by: Lunny Xiao Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 53 +++----------------------------- templates/_helpers.tpl | 14 ++++----- templates/gitea/statefulset.yaml | 6 ++-- 3 files changed, 16 insertions(+), 57 deletions(-) diff --git a/README.md b/README.md index 3682381..50024d2 100644 --- a/README.md +++ b/README.md @@ -314,9 +314,6 @@ gitea: Like the admin user the LDAP settings can be updated, but also disabled or deleted. All LDAP values from are available. -You can either use them in camel case or kebab case. - -camelCase: ```yaml gitea: @@ -336,25 +333,6 @@ camelCase: sshPublicKeyAttribute: sshPublicKey ``` -kebab-case: - -```yaml - gitea: - ldap: - enabled: true - name: 'MyAwesomeGiteaLdap' - security-protocol: unencrypted - host: "127.0.0.1" - port: "389" - user-search-base: ou=Users,dc=example,dc=com - user-filter: sAMAccountName=%s - admin-filter: CN=Admin,CN=Group,DC=example,DC=com - email-attribute: mail - bind-dn: CN=ldap read,OU=Spezial,DC=example,DC=com - bind-password: JustAnotherBindPw - username-attribute: CN -``` - You can also use an existing secret to set the bindDn and bindPassword: ```yaml @@ -376,19 +354,16 @@ gitea: :warning: Some options are just flags and therefore don't any values. If they are defined in `gitea.ldap` configuration, they will be passed to the gitea cli without any value. Affected options: -- notActive | not-active -- skipTlsVerify | skip-tls-verify -- allowDeactivateAll | allow-deactivate-all -- synchronizeUsers | synchronize-users -- attributesInBind | attributes-in-bind +- notActive +- skipTlsVerify +- allowDeactivateAll +- synchronizeUsers +- attributesInBind ### OAuth2 Settings Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values from are available. -You can either use them in camel case or kebab case. - -camelCase: ```yaml gitea: @@ -406,24 +381,6 @@ camelCase: #customEmailUrl: ``` -kebab-case: - -```yaml - gitea: - oauth: - enabled: true - name: 'MyAwesomeGiteaOAuth' - provider: 'openidConnect' - key: 'hello' - secret: 'world' - auto-discover-url: 'https://gitea.example.com/.well-known/openid-configuration' - #use-custom-urls: - #custom-auth-url: - #custom-token-url: - #custom-profile-url: - #custom-email-url: -``` - ### Metrics and profiling A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics endpoint is exposed via the ingress, manage access using ingress annotations for example. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index bd4339d..510f538 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -108,24 +108,24 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.ldap_settings" -}} -{{- if and (not (hasKey .Values.gitea.ldap "bindDn")) (not (hasKey .Values.gitea.ldap "bind-dn")) -}} +{{- if not (hasKey .Values.gitea.ldap "bindDn") -}} {{- $_ := set .Values.gitea.ldap "bindDn" "" -}} {{- end -}} -{{- if and (not (hasKey .Values.gitea.ldap "bindPassword")) (not (hasKey .Values.gitea.ldap "bind-password")) -}} +{{- if not (hasKey .Values.gitea.ldap "bindPassword") -}} {{- $_ := set .Values.gitea.ldap "bindPassword" "" -}} {{- end -}} -{{- $flags := list "not-active" "skip-tls-verify" "allow-deactivate-all" "synchronize-users" "attributes-in-bind" -}} +{{- $flags := list "notActive" "skipTlsVerify" "allowDeactivateAll" "synchronizeUsers" "attributesInBind" -}} {{- range $key, $val := .Values.gitea.ldap -}} {{- if and (ne $key "enabled") (ne $key "existingSecret") -}} -{{- if eq ($key | kebabcase) "bind-dn" -}} +{{- if eq $key "bindDn" -}} {{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_BIND_DN}" | quote ) -}} -{{- else if eq ($key | kebabcase) "bind-password" -}} +{{- else if eq $key "bindPassword" -}} {{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}} {{- else if eq $key "port" -}} -{{- printf "--%s %d " ($key | kebabcase) ($val | int) -}} -{{- else if (has ($key | kebabcase) $flags) -}} +{{- printf "--%s %d " $key ($val | int) -}} +{{- else if has $key $flags -}} {{- printf "--%s " ($key | kebabcase) -}} {{- else -}} {{- printf "--%s %s " ($key | kebabcase) ($val | squote) -}} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index bf43597..bb13eea 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -79,6 +79,7 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea + {{- if .Values.gitea.ldap.enabled }} {{- if .Values.gitea.ldap.existingSecret }} - name: GITEA_LDAP_BIND_DN valueFrom: @@ -92,9 +93,10 @@ spec: name: {{ .Values.gitea.ldap.existingSecret }} {{- else }} - name: GITEA_LDAP_BIND_DN - value: {{ default (index .Values.gitea.ldap "bind-dn") .Values.gitea.ldap.bindDn | quote }} + value: {{ .Values.gitea.ldap.bindDn | quote }} - name: GITEA_LDAP_PASSWORD - value: {{ default (index .Values.gitea.ldap "bind-password") .Values.gitea.ldap.bindPassword | quote }} + value: {{ .Values.gitea.ldap.bindPassword | quote }} + {{- end }} {{- end }} {{- if .Values.gitea.admin.existingSecret }} - name: GITEA_ADMIN_USERNAME -- 2.40.1 From 6342a4dabd7a2efd7f1ae9c233fab442cccadfcd Mon Sep 17 00:00:00 2001 From: luhahn Date: Tue, 13 Jul 2021 01:33:38 +0800 Subject: [PATCH 068/390] Document breaking changes (#202) Documented some breaking changes. Please have a look and tell me, if I missed something :) Fixes: #194 Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/202 Reviewed-by: justusbunsi Reviewed-by: Lunny Xiao Co-authored-by: luhahn Co-committed-by: luhahn --- README.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/README.md b/README.md index 50024d2..0655de0 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,62 @@ Dependencies: * Helm 3.0+ * PV provisioner for persistent data support +## Chart upgrade from 3.x.x to 4.0.0 + +:warning: The most recent 4.0.0 update brings some breaking changes. Please note the following changes in the Chart to upgrade successfully. :warning: + +### Ingress changes + +To provide a more flexible Ingress configuration we now support not only host settings but also provide configuration for the path and pathType. So this change changes the hosts from a simple string list, to a list containing a more complex object for more configuration. + + +```diff +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" +- hosts: +- - git.example.com ++ hosts: ++ - host: git.example.com ++ paths: ++ - path: / ++ pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - git.example.com +``` + +If you want everything as it was before, you can simply add the following code to all your host entries. + +```yaml +paths: + - path: / + pathType: Prefix +``` + +### Dropped kebab-case support + +In 3.x.x it was possible to provide an ldap configuration via kebab-case, this support has now been dropped and only camel case is supported. +See [LDAP section](#ldap-settings) for more information. + +### Dependency update + +The chart comes with multiple databases and memcached as dependency, the latest release updated the dependencies. + +- memcached: 4.2.20 -> 5.9.0 +- postgresql: 9.7.2 -> 10.3.17 +- mariadb: 8.0.0 -> 9.3.6 + +If you're using the builtin databases you will most likely redeploy the chart in order to update the database correctly. + +### Execution of initPreScript + +Generally spoken, this might not be a breaking change, but it is worth to be mentioned. +Prior to 4.0.0 only one init container was used to both setup directories and configure Gitea. As of now the actual Gitea configuration is separated from the other pre-execution. This also includes the execution of _initPreScript_. If you have such script, please be aware of this. Dynamically prepare the Gitea setup during execution by e.g. adding environment variables to the execution context won't work anymore. + ## Gitea Version 1.14.X repository ROOT Previously the ROOT folder for the gitea repositories was located at /data/git/gitea-repositories -- 2.40.1 From 9e7387f0f8dfeb4a196635f7b934e68bbda11b16 Mon Sep 17 00:00:00 2001 From: skriesch Date: Sat, 17 Jul 2021 10:47:41 +0800 Subject: [PATCH 069/390] Fix for #203 possible existingClaim at persistence with namespace variable in the name (#204) Fix for #203 Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/204 Reviewed-by: luhahn Reviewed-by: Lunny Xiao Co-authored-by: skriesch Co-committed-by: skriesch --- templates/gitea/statefulset.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index bb13eea..b00fd93 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -244,7 +244,9 @@ spec: {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim }} + {{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} + {{- end }} {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} -- 2.40.1 From ba0e8b18b5e7963a1a48773cb13bf08a191ef106 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 13 Aug 2021 04:14:49 +0800 Subject: [PATCH 070/390] 1.14.6 (#212) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/212 Reviewed-by: justusbunsi Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index f081415..4174fc7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.14.3 +appVersion: 1.14.6 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index 0655de0..61dd7d8 100644 --- a/README.md +++ b/README.md @@ -483,7 +483,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.3 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.6 | |image.pullPolicy| Image pull policy | Always | |image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | diff --git a/values.yaml b/values.yaml index 5851337..554699a 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.14.3 + tag: 1.14.6 pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From 4ef9a3ec3587d0ac61783dae3aa1a846b5797463 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Sun, 15 Aug 2021 20:43:51 +0800 Subject: [PATCH 071/390] fix: Only create conf directoy if not exists (#211) Only create conf directory if not yet exists fixes #210 Co-authored-by: Lunny Xiao Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/211 Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: Michael Kriese Co-committed-by: Michael Kriese --- templates/gitea/init.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index c77c2d2..231d841 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -26,7 +26,7 @@ stringData: {{- end }} mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh - mkdir -p /data/gitea/conf + [ ! -d /data/gitea ] && mkdir -p /data/gitea/conf # prepare temp directory structure mkdir -p "${GITEA_TEMP}" -- 2.40.1 From ce3e9babec1d571087b94a703234871fc91e9775 Mon Sep 17 00:00:00 2001 From: wkit23 Date: Thu, 2 Sep 2021 10:53:48 +0800 Subject: [PATCH 072/390] Add support for ingressClassName (#217) Hi, I just add some minor changes to support specifying ingressClassName to support the newer specification in `networking.k8s.io/v1`. The annotation `kubernetes.io/ingress.class: nginx` only works with older API `networking.k8s.io/v1beta1`. This is part of our move to support kubernetes 1.22. Co-authored-by: Leong Wai Kit Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/217 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: wkit23 Co-committed-by: wkit23 --- README.md | 3 ++- templates/gitea/ingress.yaml | 3 +++ values.yaml | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 61dd7d8..7ffe82b 100644 --- a/README.md +++ b/README.md @@ -508,7 +508,8 @@ Annotations can be added to the Gitea pod. |ingress.hosts[0].host | add hosts for ingress | git.example.com | |ingress.hosts[0].paths[0].path | add path for each ingress host | / | |ingress.hosts[0].paths[0].pathType | add ingress path type | Prefix | -|ingress.tls|add ingress tls settings|[]| +|ingress.tls| add ingress tls settings|[]| +|ingress.className| add ingress class name. Only used in k8s 1.19+ | | ### Service diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index e7cb645..2af0804 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -18,6 +18,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} +{{- end }} {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} diff --git a/values.yaml b/values.yaml index 554699a..99e58e2 100644 --- a/values.yaml +++ b/values.yaml @@ -57,6 +57,7 @@ service: ingress: enabled: false + # className: nginx annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" -- 2.40.1 From 9a220c2ddde1909b9dc768767802f150fbf39733 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sun, 12 Sep 2021 06:40:47 +0800 Subject: [PATCH 073/390] 1.15.0 (#218) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/218 Reviewed-by: Lunny Xiao Reviewed-by: luhahn Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 4174fc7..7871d63 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.14.6 +appVersion: 1.15.0 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index 7ffe82b..059ae8f 100644 --- a/README.md +++ b/README.md @@ -483,7 +483,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.6 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.15.0 | |image.pullPolicy| Image pull policy | Always | |image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | diff --git a/values.yaml b/values.yaml index 99e58e2..d396d9e 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.14.6 + tag: 1.15.0 pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From 5a7d168c2ea2bda4ac89952e7eae95dd866c6c42 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sun, 26 Sep 2021 08:44:59 +0800 Subject: [PATCH 074/390] 1.15.3 (#225) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/225 Reviewed-by: pat-s Reviewed-by: Lunny Xiao Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 7871d63..5f5fe26 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.15.0 +appVersion: 1.15.3 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index 059ae8f..3cf78f7 100644 --- a/README.md +++ b/README.md @@ -483,7 +483,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.15.0 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.15.3 | |image.pullPolicy| Image pull policy | Always | |image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | diff --git a/values.yaml b/values.yaml index d396d9e..83a71f8 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.15.0 + tag: 1.15.3 pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From b344673d119894b104b48b5288a09e12217dd4fc Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 28 Sep 2021 03:52:37 +0800 Subject: [PATCH 075/390] Add dev instructions to README (#228) FYI: My editor automatically changes two trailing whitespaces into a linebreak. I know it's not completely the same but maybe it can be accepted (would make things easier in the long run). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/228 Reviewed-by: justusbunsi Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3cf78f7..d878d0e 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,8 @@ If you're using the builtin databases you will most likely redeploy the chart in ### Execution of initPreScript -Generally spoken, this might not be a breaking change, but it is worth to be mentioned. +Generally spoken, this might not be a breaking change, but it is worth to be mentioned. + Prior to 4.0.0 only one init container was used to both setup directories and configure Gitea. As of now the actual Gitea configuration is separated from the other pre-execution. This also includes the execution of _initPreScript_. If you have such script, please be aware of this. Dynamically prepare the Gitea setup during execution by e.g. adding environment variables to the execution context won't work anymore. ## Gitea Version 1.14.X repository ROOT @@ -98,7 +99,8 @@ This chart will set the gitea.config.repository.ROOT value default to /data/git/ ## Configure Commit Signing -When using the rootless image the gpg key folder was is not persistent by default. If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. Prior to [PR 186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. +When using the rootless image the gpg key folder was is not persistent by default. If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. Prior to [PR 186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. + The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. By default this section is disabled to maintain backwards compatibility. ```yaml @@ -627,3 +629,16 @@ The following parameters are the defaults set by this chart |mariadb.auth.rootPassword|Password for the root user.|gitea| |mariadb.primary.service.port|Port to connect to mariadb service|3306| |mariadb.primary.persistence.size|Persistence size for mariadb |10Gi| + +## Local development & testing + +For local development and testing of pull requests, the following workflow can be used: + +1. Install `minikube` and `helm`. +2. Start a `minikube` cluster via `minikube start`. +3. From the `gitea/helm-chart` directory execute `helm install --dependency-update gitea . -f values.yaml`. + This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally. + If you want to test a branch, make sure to switch to the respective branch first. +4. Gitea is now deployed in `minikube`. + To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace default port-forward svc/gitea-http 3000:3000`. + Now Gitea is accessible at http://localhost:3000. -- 2.40.1 From 3273b245e753597926b52d01873000edf76355fb Mon Sep 17 00:00:00 2001 From: luhahn Date: Fri, 8 Oct 2021 20:16:24 +0800 Subject: [PATCH 076/390] Add multiple LDAP sources (#222) Add multiple add sources. Instead of a single entry for ldap configuration we now would have a dictionary for ldap config. This would be a breaking change for those working with the ldap config. fixes: #190 Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222 Reviewed-by: Andrew Thornton Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: luhahn Co-committed-by: luhahn --- README.md | 32 +++++++++++++++++--------------- templates/_helpers.tpl | 17 ++++++++++------- templates/gitea/init.yaml | 14 +++++++++----- templates/gitea/statefulset.yaml | 26 +++++++++++++++----------- values.yaml | 29 ++++++++++++++--------------- 5 files changed, 65 insertions(+), 53 deletions(-) diff --git a/README.md b/README.md index d878d0e..55c5713 100644 --- a/README.md +++ b/README.md @@ -370,25 +370,26 @@ gitea: ### LDAP Settings -Like the admin user the LDAP settings can be updated, but also disabled or deleted. +Like the admin user the LDAP settings can be updated. All LDAP values from are available. +Multiple LDAP sources can be configured with additional LDAP list items. + ```yaml gitea: ldap: - enabled: true - name: 'MyAwesomeGiteaLdap' - securityProtocol: unencrypted - host: "127.0.0.1" - port: "389" - userSearchBase: ou=Users,dc=example,dc=com - userFilter: sAMAccountName=%s - adminFilter: CN=Admin,CN=Group,DC=example,DC=com - emailAttribute: mail - bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com - bindPassword: JustAnotherBindPw - usernameAttribute: CN - sshPublicKeyAttribute: sshPublicKey + - name: MyAwesomeGiteaLdap + securityProtocol: unencrypted + host: "127.0.0.1" + port: "389" + userSearchBase: ou=Users,dc=example,dc=com + userFilter: sAMAccountName=%s + adminFilter: CN=Admin,CN=Group,DC=example,DC=com + emailAttribute: mail + bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com + bindPassword: JustAnotherBindPw + usernameAttribute: CN + publicSSHKeyAttribute: publicSSHKey ``` You can also use an existing secret to set the bindDn and bindPassword: @@ -407,7 +408,8 @@ stringData: ```yaml gitea: ldap: - existingSecret: gitea-ldap-secret + - existingSecret: gitea-ldap-secret + ... ``` :warning: Some options are just flags and therefore don't any values. If they are defined in `gitea.ldap` configuration, they will be passed to the gitea cli without any value. Affected options: diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 510f538..26c6aa0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -108,21 +108,24 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.ldap_settings" -}} -{{- if not (hasKey .Values.gitea.ldap "bindDn") -}} -{{- $_ := set .Values.gitea.ldap "bindDn" "" -}} +{{- $idx := index . 0 }} +{{- $values := index . 1 }} + +{{- if not (hasKey $values "bindDn") -}} +{{- $_ := set $values "bindDn" "" -}} {{- end -}} -{{- if not (hasKey .Values.gitea.ldap "bindPassword") -}} -{{- $_ := set .Values.gitea.ldap "bindPassword" "" -}} +{{- if not (hasKey $values "bindPassword") -}} +{{- $_ := set $values "bindPassword" "" -}} {{- end -}} {{- $flags := list "notActive" "skipTlsVerify" "allowDeactivateAll" "synchronizeUsers" "attributesInBind" -}} -{{- range $key, $val := .Values.gitea.ldap -}} +{{- range $key, $val := $values -}} {{- if and (ne $key "enabled") (ne $key "existingSecret") -}} {{- if eq $key "bindDn" -}} -{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_BIND_DN}" | quote ) -}} +{{- printf "--%s \"${GITEA_LDAP_BIND_DN_%d}\" " ($key | kebabcase) ($idx) -}} {{- else if eq $key "bindPassword" -}} -{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}} +{{- printf "--%s \"${GITEA_LDAP_PASSWORD_%d}\" " ($key | kebabcase) ($idx) -}} {{- else if eq $key "port" -}} {{- printf "--%s %d " $key ($val | int) -}} {{- else if has $key $flags -}} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 231d841..c40ef7b 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -84,24 +84,28 @@ stringData: configure_admin_user {{- end }} - {{- if .Values.gitea.ldap.enabled }} function configure_ldap() { - local LDAP_NAME={{ (printf "%s" .Values.gitea.ldap.name) | squote }} + {{- if .Values.gitea.ldap }} + {{- range $idx, $value := .Values.gitea.ldap }} + local LDAP_NAME={{ (printf "%s" $value.name) | squote }} local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") if [[ -z "${GITEA_AUTH_ID}" ]]; then echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." - gitea admin auth add-ldap {{- include "gitea.ldap_settings" . | indent 1 }} + gitea admin auth add-ldap {{- include "gitea.ldap_settings" (list $idx $value) | indent 1 }} echo '...installed.' else echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..." - gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" . | indent 1 }} + gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" (list $idx $value) | indent 1 }} echo '...sync settings done.' fi + {{- end }} + {{- else }} + echo 'no ldap configuration... skipping.' + {{- end }} } configure_ldap - {{- end }} {{- if .Values.gitea.oauth.enabled }} function configure_oauth() { diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index b00fd93..1ddd529 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -17,7 +17,9 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} - checksum/ldap: {{ include "gitea.ldap_settings" . | sha256sum }} + {{- range $idx, $value := .Values.gitea.ldap }} + checksum/ldap_{{ $idx }}: {{ include "gitea.ldap_settings" (list $idx $value) | sha256sum }} + {{- end }} checksum/oauth: {{ include "gitea.oauth_settings" . | sha256sum }} {{- with .Values.gitea.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -79,23 +81,25 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea - {{- if .Values.gitea.ldap.enabled }} - {{- if .Values.gitea.ldap.existingSecret }} - - name: GITEA_LDAP_BIND_DN + {{- if .Values.gitea.ldap }} + {{- range $idx, $value := .Values.gitea.ldap }} + {{- if $value.existingSecret }} + - name: GITEA_LDAP_BIND_DN_{{ $idx }} valueFrom: secretKeyRef: key: bindDn - name: {{ .Values.gitea.ldap.existingSecret }} - - name: GITEA_LDAP_PASSWORD + name: {{ $value.existingSecret }} + - name: GITEA_LDAP_PASSWORD_{{ $idx }} valueFrom: secretKeyRef: key: bindPassword - name: {{ .Values.gitea.ldap.existingSecret }} + name: {{ $value.existingSecret }} {{- else }} - - name: GITEA_LDAP_BIND_DN - value: {{ .Values.gitea.ldap.bindDn | quote }} - - name: GITEA_LDAP_PASSWORD - value: {{ .Values.gitea.ldap.bindPassword | quote }} + - name: GITEA_LDAP_BIND_DN_{{ $idx }} + value: {{ $value.bindDn | quote }} + - name: GITEA_LDAP_PASSWORD_{{ $idx }} + value: {{ $value.bindPassword | quote }} + {{- end }} {{- end }} {{- end }} {{- if .Values.gitea.admin.existingSecret }} diff --git a/values.yaml b/values.yaml index 83a71f8..ee96232 100644 --- a/values.yaml +++ b/values.yaml @@ -154,21 +154,20 @@ gitea: # additionalLabels: # prometheus-release: prom1 - ldap: - enabled: false - #existingSecret: gitea-ldap-secret - #name: - #securityProtocol: - #host: - #port: - #userSearchBase: - #userFilter: - #adminFilter: - #emailAttribute: - #bindDn: - #bindPassword: - #usernameAttribute: - #sshPublicKeyAttribute: + ldap: [] + # - name: "LDAP 1" + # existingSecret: + # securityProtocol: + # host: + # port: + # userSearchBase: + # userFilter: + # adminFilter: + # emailAttribute: + # bindDn: + # bindPassword: + # usernameAttribute: + # publicSSHKeyAttribute: oauth: enabled: false -- 2.40.1 From 3fd34a9455539c7c43e77922ea639489e953a1af Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sun, 17 Oct 2021 00:08:17 +0800 Subject: [PATCH 077/390] 1.15.4 (#230) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/230 Reviewed-by: justusbunsi Reviewed-by: pat-s Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 5f5fe26..beda163 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.15.3 +appVersion: 1.15.4 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index 55c5713..b56378f 100644 --- a/README.md +++ b/README.md @@ -487,7 +487,7 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.15.3 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.15.4 | |image.pullPolicy| Image pull policy | Always | |image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | diff --git a/values.yaml b/values.yaml index ee96232..d6e7a53 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.15.3 + tag: 1.15.4 pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From 82763f109b6ab190a57cf0156f219708e8eb3de0 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Fri, 5 Nov 2021 12:06:48 +0800 Subject: [PATCH 078/390] feat/markdownlint (#200) Hi, this patch contains a markdownlinter. I think this has the advantage that all users stick to the same format and the `README.md` follows a consistent structure. The markdownlinter can be configured via the `.markdownlint.yaml` file. All possible options are [here](https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml) documented. I have created the initialie configuration. However, can be adapted to suggestions for change. Has of course the consequence that if necessary the `README.md` would have to be adapted. I have formatted this in advance according to the defined rules. For users which use visual-code as IDE is additionally a plugin [available](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint). Co-authored-by: Markus Pesch Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/200 Reviewed-by: Lunny Xiao Reviewed-by: pat-s Co-authored-by: Markus Pesch Co-committed-by: Markus Pesch --- .drone.yml | 68 +++--- .markdownlint.yaml | 149 +++++++++++++ README.md | 536 +++++++++++++++++++++++++-------------------- 3 files changed, 487 insertions(+), 266 deletions(-) create mode 100644 .markdownlint.yaml diff --git a/.drone.yml b/.drone.yml index c09487d..55272c7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,5 +1,6 @@ --- kind: pipeline +type: docker name: lint platform: @@ -7,12 +8,18 @@ platform: arch: arm64 steps: -- name: lint +- name: helm lint pull: always image: alpine:3.13 commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - - helm lint + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - helm lint + +- name: markdown lint + pull: always + image: docker.io/volkerraschek/markdownlint:latest + commands: + - markdownlint *.md - name: discord pull: always @@ -29,6 +36,7 @@ steps: --- kind: pipeline +type: docker name: release-version platform: @@ -37,33 +45,33 @@ platform: trigger: event: - - tag + - tag steps: - - name: generate-chart - pull: always - image: alpine:3.13 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - - apk add --no-cache curl - - helm dependency update - - helm package --version "${DRONE_TAG##v}" ./ - - mkdir gitea - - mv gitea*.tgz gitea/ - - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml - - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml +- name: generate-chart + pull: always + image: alpine:3.13 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - apk add --no-cache curl + - helm dependency update + - helm package --version "${DRONE_TAG##v}" ./ + - mkdir gitea + - mv gitea*.tgz gitea/ + - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml + - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml - - name: upload-chart - pull: always - image: plugins/s3:latest - settings: - bucket: gitea-artifacts - endpoint: https://storage.gitea.io - path_style: true - access_key: - from_secret: aws_access_key_id - secret_key: - from_secret: aws_secret_access_key - source: gitea/* - target: /charts - strip_prefix: gitea/ \ No newline at end of file +- name: upload-chart + pull: always + image: plugins/s3:latest + settings: + bucket: gitea-artifacts + endpoint: https://storage.gitea.io + path_style: true + access_key: + from_secret: aws_access_key_id + secret_key: + from_secret: aws_secret_access_key + source: gitea/* + target: /charts + strip_prefix: gitea/ diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..6cf752c --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,149 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + names: + - Gitea + - PostgreSQL + - MariaDB + - MySQL + - Memcached + - Prometheus + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" \ No newline at end of file diff --git a/README.md b/README.md index b56378f..caa3050 100644 --- a/README.md +++ b/README.md @@ -1,46 +1,53 @@ # Gitea Helm Chart -[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. +[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting +solution written in Go. It is published under the MIT license. ## Introduction -This helm chart has taken some inspiration from -But takes a completely different approach in providing a database and cache with dependencies. -Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories. +This helm chart has taken some inspiration from [jfelten's helm +chart](https://github.com/jfelten/gitea-helm-chart). But takes a completely +different approach in providing a database and cache with dependencies. +Additionally, this chart provides LDAP and admin user configuration with values, +as well as being deployed as a statefulset to retain stored repositories. ## Dependencies -Gitea can be run with an external database and cache. This chart provides those dependencies, which can be -enabled, or disabled via [configuration](#configuration). +Gitea can be run with an external database and cache. This chart provides those +dependencies, which can be enabled, or disabled via +[configuration](#configuration). Dependencies: -* Postgresql -* Memcached -* Mysql +- PostgreSQL +- Memcached +- MySQL ## Installing ```sh - helm repo add gitea-charts https://dl.gitea.io/charts/ - helm repo update - helm install gitea gitea-charts/gitea +helm repo add gitea-charts https://dl.gitea.io/charts/ +helm repo update +helm install gitea gitea-charts/gitea ``` ## Prerequisites -* Kubernetes 1.12+ -* Helm 3.0+ -* PV provisioner for persistent data support +- Kubernetes 1.12+ +- Helm 3.0+ +- PV provisioner for persistent data support ## Chart upgrade from 3.x.x to 4.0.0 -:warning: The most recent 4.0.0 update brings some breaking changes. Please note the following changes in the Chart to upgrade successfully. :warning: +:warning: The most recent `4.0.0` update brings some breaking changes. Please note +the following changes in the Chart to upgrade successfully. :warning: ### Ingress changes -To provide a more flexible Ingress configuration we now support not only host settings but also provide configuration for the path and pathType. So this change changes the hosts from a simple string list, to a list containing a more complex object for more configuration. - +To provide a more flexible Ingress configuration we now support not only host +settings but also provide configuration for the path and pathType. So this +change changes the hosts from a simple string list, to a list containing a more +complex object for more configuration. ```diff ingress: @@ -61,7 +68,8 @@ ingress: # - git.example.com ``` -If you want everything as it was before, you can simply add the following code to all your host entries. +If you want everything as it was before, you can simply add the following code +to all your host entries. ```yaml paths: @@ -71,71 +79,92 @@ paths: ### Dropped kebab-case support -In 3.x.x it was possible to provide an ldap configuration via kebab-case, this support has now been dropped and only camel case is supported. -See [LDAP section](#ldap-settings) for more information. +In 3.x.x it was possible to provide an ldap configuration via kebab-case, this +support has now been dropped and only camel case is supported. See [LDAP +section](#ldap-settings) for more information. ### Dependency update -The chart comes with multiple databases and memcached as dependency, the latest release updated the dependencies. +The chart comes with multiple databases and Memcached as dependency, the latest +release updated the dependencies. -- memcached: 4.2.20 -> 5.9.0 -- postgresql: 9.7.2 -> 10.3.17 -- mariadb: 8.0.0 -> 9.3.6 +- Memcached: `4.2.20` -> `5.9.0` +- PostgreSQL: `9.7.2` -> `10.3.17` +- MariaDB: `8.0.0` -> `9.3.6` -If you're using the builtin databases you will most likely redeploy the chart in order to update the database correctly. +If you're using the builtin databases you will most likely redeploy the chart in +order to update the database correctly. ### Execution of initPreScript -Generally spoken, this might not be a breaking change, but it is worth to be mentioned. +Generally spoken, this might not be a breaking change, but it is worth to be +mentioned. -Prior to 4.0.0 only one init container was used to both setup directories and configure Gitea. As of now the actual Gitea configuration is separated from the other pre-execution. This also includes the execution of _initPreScript_. If you have such script, please be aware of this. Dynamically prepare the Gitea setup during execution by e.g. adding environment variables to the execution context won't work anymore. +Prior to `4.0.0` only one init container was used to both setup directories and +configure Gitea. As of now the actual Gitea configuration is separated from the +other pre-execution. This also includes the execution of _initPreScript_. If you +have such script, please be aware of this. Dynamically prepare the Gitea setup +during execution by e.g. adding environment variables to the execution context +won't work anymore. ## Gitea Version 1.14.X repository ROOT -Previously the ROOT folder for the gitea repositories was located at /data/git/gitea-repositories -1.14 changed this to /data/gitea-repositories. +Previously the ROOT folder for the Gitea repositories was located at +`/data/git/gitea-repositories`. In version `1.14` has the path been changed to +`/data/gitea-repositories`. -This chart will set the gitea.config.repository.ROOT value default to /data/git/gitea-repositories +This chart will set the `gitea.config.repository.ROOT` value default to +`/data/git/gitea-repositories`. ## Configure Commit Signing -When using the rootless image the gpg key folder was is not persistent by default. If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. Prior to [PR 186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. +When using the rootless image the gpg key folder was is not persistent by +default. If you consider using signed commits for internal Gitea activities +(e.g. initial commit), you'd need to provide a signing key. Prior to +[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be +re-imported once the container got replaced by another. -The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. By default this section is disabled to maintain backwards compatibility. +The mentioned PR introduced a new configuration object `signing` allowing you to +configure prerequisites for commit signing. By default this section is disabled +to maintain backwards compatibility. ```yaml - signing: - enabled: false - gpgHome: /data/git/.gnupg +signing: + enabled: false + gpgHome: /data/git/.gnupg ``` ## Examples ### Gitea Configuration -Gitea offers lots of configuration options. This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). +Gitea offers lots of configuration options. This is fully described in the +[Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). ```yaml - gitea: - config: - APP_NAME: "Gitea: With a cup of tea." - repository: - ROOT: "~/gitea-repositories" - repository.pull-request: - WORK_IN_PROGRESS_PREFIXES: "WIP:,[WIP]:" +gitea: + config: + APP_NAME: "Gitea: With a cup of tea." + repository: + ROOT: "~/gitea-repositories" + repository.pull-request: + WORK_IN_PROGRESS_PREFIXES: "WIP:,[WIP]:" ``` ### Default Configuration -This chart will set a few defaults in the gitea configuration based on the service and ingress settings. All defaults can be overwritten in gitea.config. +This chart will set a few defaults in the Gitea configuration based on the +service and ingress settings. All defaults can be overwritten in `gitea.config`. -INSTALL_LOCK is always set to true, since we want to configure gitea with this helm chart and everything is taken care of. +INSTALL_LOCK is always set to true, since we want to configure Gitea with this +helm chart and everything is taken care of. *All default settings are made directly in the generated app.ini, not in the Values.* #### Database defaults -If a builtIn database is enabled the database configuration is set automatically. For example, postgresql builtIn will appear in the app.ini as: +If a builtIn database is enabled the database configuration is set +automatically. For example, PostgreSQL builtIn will appear in the app.ini as: ```ini [database] @@ -148,7 +177,8 @@ USER = gitea #### Memcached defaults -Memcached is handled the exact same way as database builtIn. Once memcached builtIn is enabled, this chart will generate the following part in the app.ini: +Memcached is handled the exact same way as database builtIn. Once Memcached +builtIn is enabled, this chart will generate the following part in the `app.ini`: ```ini [cache] @@ -159,8 +189,9 @@ HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211 #### Server defaults -The server defaults are a bit more complex. -If ingress is enabled, the ROOT_URL, DOMAIN and SSH_DOMAIN will be set accordingly. HTTP_PORT always defaults to 3000 as well as SSH_PORT to 22. +The server defaults are a bit more complex. If ingress is `enabled`, the +`ROOT_URL`, `DOMAIN` and `SSH_DOMAIN` will be set accordingly. `HTTP_PORT` +always defaults to `3000` as well as `SSH_PORT` to `22`. ```ini [server] @@ -186,42 +217,46 @@ ENABLED = false ### External Database -An external Database can be used instead of builtIn postgresql or mysql. +An external Database can be used instead of builtIn PostgreSQL or MySQL. ```yaml - gitea: - database: - builtIn: - postgresql: - enabled: false +gitea: + database: + builtIn: + postgresql: + enabled: false - config: - database: - DB_TYPE: mysql - HOST: 127.0.0.1:3306 - NAME: gitea - USER: root - PASSWD: gitea - SCHEMA: gitea + config: + database: + DB_TYPE: mysql + HOST: 127.0.0.1:3306 + NAME: gitea + USER: root + PASSWD: gitea + SCHEMA: gitea ``` ### Ports and external url -By default port 3000 is used for web traffic and 22 for ssh. Those can be changed: +By default port `3000` is used for web traffic and `22` for ssh. Those can be changed: ```yaml - service: - http: - port: 3000 - ssh: - port: 22 +service: + http: + port: 3000 + ssh: + port: 22 ``` -This helm chart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the `gitea.config` dict. However you should know what you're doing. +This helm chart automatically configures the clone urls to use the correct +ports. You can change these ports by hand using the `gitea.config` dict. However +you should know what you're doing. ### ClusterIP -By default the clusterIP will be set to None, which is the default for headless services. However if you want to omit the clusterIP field in the service, use the following values: +By default the clusterIP will be set to None, which is the default for headless +services. However if you want to omit the clusterIP field in the service, use +the following values: ```yaml service: @@ -237,8 +272,9 @@ service: ### SSH and Ingress -If you're using ingress and wan't to use SSH, keep in mind, that ingress is not able to forward SSH Ports. -You will need a LoadBalancer like metallb and a setting in your ssh service annotations. +If you're using ingress and won't to use SSH, keep in mind, that ingress is not +able to forward SSH Ports. You will need a LoadBalancer like `metallb` and a +setting in your ssh service annotations. ```yaml service: @@ -267,33 +303,37 @@ More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). ### Cache -This helm chart can use a built in cache. The default is memcached from bitnami. +This helm chart can use a built in cache. The default is Memcached from bitnami. ```yaml - gitea: - cache: - builtIn: - enabled: true +gitea: + cache: + builtIn: + enabled: true ``` -If the built in cache should not be used simply configure the cache in gitea.config +If the built in cache should not be used simply configure the cache in +`gitea.config`. ```yaml - gitea: - config: - cache: - ENABLED: true - ADAPTER: memory - INTERVAL: 60 - HOST: 127.0.0.1:9090 +gitea: + config: + cache: + ENABLED: true + ADAPTER: memory + INTERVAL: 60 + HOST: 127.0.0.1:9090 ``` ### Persistence -Gitea will be deployed as a statefulset. By simply enabling the persistence and setting the storage class according to your cluster -everything else will be taken care of. The following example will create a PVC as a part of the statefulset. This PVC will not be deleted even if you uninstall the chart. +Gitea will be deployed as a statefulset. By simply enabling the persistence and +setting the storage class according to your cluster everything else will be +taken care of. The following example will create a PVC as a part of the +statefulset. This PVC will not be deleted even if you uninstall the chart. -Please note, that an empty storageClass in the persistence will result in kubernetes using your default storage class. +Please note, that an empty storageClass in the persistence will result in +kubernetes using your default storage class. If you want to use your own storageClass define it as followed: @@ -303,7 +343,8 @@ persistence: storageClass: myOwnStorageClass ``` -When using Postgresql as dependency, this will also be deployed as a statefulset by default. +When using PostgreSQL as dependency, this will also be deployed as a statefulset +by default. If you want to manage your own PVC you can simply pass the PVC name to the chart. @@ -315,7 +356,7 @@ If you want to manage your own PVC you can simply pass the PVC name to the chart In case that peristence has been disabled it will simply use an empty dir volume. -Postgresql handles the persistence in the exact same way. +PostgreSQL handles the persistence in the exact same way. You can interact with the postgres settings as displayed in the following example: ```yaml @@ -325,7 +366,7 @@ You can interact with the postgres settings as displayed in the following exampl existingClaim: MyAwesomeGiteaPostgresClaim ``` -Mysql also handles persistence the same, even though it is not deployed as a statefulset. +MySQL also handles persistence the same, even though it is not deployed as a statefulset. You can interact with the postgres settings as displayed in the following example: ```yaml @@ -337,9 +378,10 @@ You can interact with the postgres settings as displayed in the following exampl ### Admin User -This chart enables you to create a default admin user. It is also possible to update the password for this user by upgrading or redeloying the chart. -It is not possible to delete an admin user after it has been created. This has to be done in the ui. -You cannot use `admin` as username. +This chart enables you to create a default admin user. It is also possible to +update the password for this user by upgrading or redeloying the chart. It is +not possible to delete an admin user after it has been created. This has to be +done in the ui. You cannot use `admin` as username. ```yaml gitea: @@ -412,7 +454,9 @@ gitea: ... ``` -:warning: Some options are just flags and therefore don't any values. If they are defined in `gitea.ldap` configuration, they will be passed to the gitea cli without any value. Affected options: +:warning: Some options are just flags and therefore don't any values. If they +are defined in `gitea.ldap` configuration, they will be passed to the Gitea cli +without any value. Affected options: - notActive - skipTlsVerify @@ -422,30 +466,37 @@ gitea: ### OAuth2 Settings -Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the ui. -All OAuth2 values from are available. +Like the admin user, OAuth2 settings can be updated and disabled but not +deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values, +which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are +available. ```yaml - gitea: - oauth: - enabled: true - name: 'MyAwesomeGiteaOAuth' - provider: 'openidConnect' - key: 'hello' - secret: 'world' - autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' - #useCustomUrls: - #customAuthUrl: - #customTokenUrl: - #customProfileUrl: - #customEmailUrl: +gitea: + oauth: + enabled: true + name: 'MyAwesomeGiteaOAuth' + provider: 'openidConnect' + key: 'hello' + secret: 'world' + autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' + #useCustomUrls: + #customAuthUrl: + #customTokenUrl: + #customProfileUrl: + #customEmailUrl: ``` ### Metrics and profiling -A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics endpoint is exposed via the ingress, manage access using ingress annotations for example. +A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling +endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics +endpoint is exposed via the ingress, manage access using ingress annotations for +example. -To deploy the `ServiceMonitor`, you first need to ensure that you have deployed `prometheus-operator` and its CRDs: https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions. +To deploy the `ServiceMonitor`, you first need to ensure that you have deployed +`prometheus-operator` and its +[CRDs](https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions). ```yaml gitea: @@ -464,183 +515,196 @@ gitea: Annotations can be added to the Gitea pod. ```yaml - gitea: - podAnnotations: {} +gitea: + podAnnotations: {} ``` ## Configuration ### Others -| Parameter | Description | Default | -|-------------------------------------------|--------------------------------------------------------|-------------| -| statefulset.terminationGracePeriodSeconds | How long to wait until forcefully kill the pod | 60 | -| statefulset.env | Additional environment variables to pass to containers | [] | -| extraVolumes | Additional volumes to mount to the Gitea statefulset | {} | -| extraVolumeMounts | Additional volume mounts for the Gitea containers | {} | -| initPreScript | Bash script copied verbatim to start of init container | | -| securityContext | Run as a specific securityContext | {} | -| schedulerName | Use an alternate scheduler, e.g. "stork" | | +| Parameter | Description | Default | +| ------------------------------------------| -------------------------------------------------------- | ------- | +| statefulset.terminationGracePeriodSeconds | How long to wait until forcefully kill the pod | `60` | +| statefulset.env | Additional environment variables to pass to containers | `[]` | +| extraVolumes | Additional volumes to mount to the Gitea statefulset | `{}` | +| extraVolumeMounts | Additional volume mounts for the Gitea containers | `{}` | +| initPreScript | Bash script copied verbatim to start of init container | | +| securityContext | Run as a specific securityContext | `{}` | +| schedulerName | Use an alternate scheduler, e.g. "stork" | | ### Image -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.15.4 | -|image.pullPolicy| Image pull policy | Always | -|image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | +| Parameter | Description | Default | +| -----------------| ----------------------------------------------------------------------------------------- | ------------- | +| image.repository | Image to start for this pod | `gitea/gitea` | +| image.tag | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` | +| image.pullPolicy | Image pull policy | `Always` | +| image.rootless | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | ### Persistence -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|persistence.enabled| Enable persistence for Gitea |true| -|persistence.existingClaim| Use an existing claim to store repository information | | -|persistence.size| Size for persistence to store repo information | 10Gi | -|persistence.accessModes|AccessMode for persistence|| -|persistence.storageClass|Storage class for repository persistence|| -|persistence.labels|Labels for the persistence volume claim to be created|{}| -|persistence.annotations|Annotations for the persistence volume claim to be created|{}| +| Parameter | Description | Default | +| ------------------------- | ---------------------------------------------------------- | ------- | +| persistence.enabled | Enable persistence for Gitea | `true` | +| persistence.existingClaim | Use an existing claim to store repository information | | +| persistence.size | Size for persistence to store repo information | `10Gi` | +| persistence.accessModes | AccessMode for persistence | | +| persistence.storageClass | Storage class for repository persistence | | +| persistence.labels | Labels for the persistence volume claim to be created | `{}` | +| persistence.annotations | Annotations for the persistence volume claim to be created | `{}` | ### Ingress -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|ingress.enabled| enable ingress | false| -|ingress.annotations| add ingress annotations | | -|ingress.hosts[0].host | add hosts for ingress | git.example.com | -|ingress.hosts[0].paths[0].path | add path for each ingress host | / | -|ingress.hosts[0].paths[0].pathType | add ingress path type | Prefix | -|ingress.tls| add ingress tls settings|[]| -|ingress.className| add ingress class name. Only used in k8s 1.19+ | | +| Parameter | Description | Default | +| ---------------------------------- | ---------------------------------------------- | ----------------- | +| ingress.enabled | enable ingress | `false` | +| ingress.annotations | add ingress annotations | | +| ingress.hosts[0].host | add hosts for ingress | `git.example.com` | +| ingress.hosts[0].paths[0].path | add path for each ingress host | `/` | +| ingress.hosts[0].paths[0].pathType | add ingress path type | `Prefix` | +| ingress.tls | add ingress tls settings | `[]` | +| ingress.className | add ingress class name. Only used in k8s 1.19+ | | ### Service #### Web -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|service.http.type| Kubernetes service type for web traffic | ClusterIP | -|service.http.port| Port for web traffic | 3000 | -|service.http.clusterIP| ClusterIP setting for http autosetup for statefulset is None | None | -|service.http.loadBalancerIP| LoadBalancer Ip setting | | -|service.http.nodePort| NodePort for http service | | -|service.http.externalTrafficPolicy| If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -|service.http.externalIPs| http service external IP addresses | | -|service.http.loadBalancerSourceRanges| Source range filter for http loadbalancer | [] | -|service.http.annotations| http service annotations | | +| Parameter | Description | Default | +| --------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------- | +| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | +| `service.http.port` | Port for web traffic | `3000` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | +| `service.http.loadBalancerIP` | LoadBalancer Ip setting | | +| `service.http.nodePort` | NodePort for http service | | +| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | +| `service.http.externalIPs` | http service external IP addresses | | +| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | +| `service.http.annotations` | http service annotations | | #### SSH -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|service.ssh.type| Kubernetes service type for ssh traffic | ClusterIP | -|service.ssh.port| Port for ssh traffic | 22 | -|service.ssh.loadBalancerIP| LoadBalancer Ip setting | | -|service.ssh.nodePort| NodePort for ssh service | | -|service.ssh.externalTrafficPolicy| If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -|service.ssh.externalIPs| ssh service external IP addresses | | -|service.ssh.loadBalancerSourceRanges| Source range filter for ssh loadbalancer | [] | -|service.ssh.annotations| ssh service annotations | | +| Parameter | Description | Default | +| -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ----------- | +| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | +| `service.ssh.port` | Port for ssh traffic | `22` | +| `service.ssh.loadBalancerIP` | LoadBalancer Ip setting | | +| `service.ssh.nodePort` | NodePort for ssh service | | +| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | +| `service.ssh.externalIPs` | ssh service external IP addresses | | +| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | +| `service.ssh.annotations` | ssh service annotations | | ### Gitea Configuration -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|gitea.config | Everything in `app.ini` can be configured with this dict. See [Examples](#examples) for more details | {} | +| Parameter | Description | Default | +| -------------- | ---------------------------------------------------------------------------------------------------- | ------- | +| `gitea.config` | Everything in `app.ini` can be configured with this dict. See [Examples](#examples) for more details | `{}` | ### Gitea Probes -Configure Liveness, Readiness and Startup [Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) +Configure Liveness, Readiness and Startup +[Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|gitea.livenessProbe.enabled | Enable liveness probe | true | -|gitea.livenessProbe.initialDelaySeconds | Delay before probe start| 200 | -|gitea.livenessProbe.timeoutSeconds | probe timeout | 1 | -|gitea.livenessProbe.periodSeconds | period between probes | 10 | -|gitea.livenessProbe.successThreshold | Minimum consecutive success probes | 1 | -|gitea.livenessProbe.failureThreshold | Minimum consecutive error probes | 10 | -|gitea.readinessProbe.enabled | Enable readiness probe | true | -|gitea.readinessProbe.initialDelaySeconds | Delay before probe start| 5 | -|gitea.readinessProbe.timeoutSeconds | probe timeout | 1 | -|gitea.readinessProbe.periodSeconds | period between probes | 10 | -|gitea.readinessProbe.successThreshold | Minimum consecutive success probes | 1 | -|gitea.readinessProbe.failureThreshold | Minimum consecutive error probes | 3 | -|gitea.startupProbe.enabled | Enable startup probe | false | -|gitea.startupProbe.initialDelaySeconds | Delay before probe start| 60 | -|gitea.startupProbe.timeoutSeconds | probe timeout | 1 | -|gitea.startupProbe.periodSeconds | period between probes | 10 | -|gitea.startupProbe.successThreshold | Minimum consecutive success probes | 1 | -|gitea.startupProbe.failureThreshold | Minimum consecutive error probes | 10 | -|gitea.customLivenessProbe | Custom liveness probe (needs `gitea.livenessProbe.enabled: false`) | | -|gitea.customReadinessProbe | Custom readiness probe (needs `gitea.readinessProbe.enabled: false`) | | -|gitea.customStartupProbe | Custom startup probe (needs `gitea.startupProbe.enabled: false`) | | +| Parameter | Description | Default | +| ------------------------------------------ | -------------------------------------------------------------------- | ------- | +| `gitea.livenessProbe.enabled` | Enable liveness probe | `true` | +| `gitea.livenessProbe.initialDelaySeconds` | Delay before probe start | `200` | +| `gitea.livenessProbe.timeoutSeconds` | probe timeout | `1` | +| `gitea.livenessProbe.periodSeconds` | period between probes | `10` | +| `gitea.livenessProbe.successThreshold` | Minimum consecutive success probes | `1` | +| `gitea.livenessProbe.failureThreshold` | Minimum consecutive error probes | `10` | +| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | +| `gitea.readinessProbe.initialDelaySeconds` | Delay before probe start | `5` | +| `gitea.readinessProbe.timeoutSeconds` | probe timeout | `1` | +| `gitea.readinessProbe.periodSeconds` | period between probes | `10` | +| `gitea.readinessProbe.successThreshold` | Minimum consecutive success probes | `1` | +| `gitea.readinessProbe.failureThreshold` | Minimum consecutive error probes | `3` | +| `gitea.startupProbe.enabled` | Enable startup probe | `false` | +| `gitea.startupProbe.initialDelaySeconds` | Delay before probe start | `60` | +| `gitea.startupProbe.timeoutSeconds` | probe timeout | `1` | +| `gitea.startupProbe.periodSeconds` | period between probes | `10` | +| `gitea.startupProbe.successThreshold` | Minimum consecutive success probes | `1` | +| `gitea.startupProbe.failureThreshold` | Minimum consecutive error probes | `10` | +| `gitea.customLivenessProbe` | Custom liveness probe (needs `gitea.livenessProbe.enabled: false`) | | +| `gitea.customReadinessProbe` | Custom readiness probe (needs `gitea.readinessProbe.enabled: false`) | | +| `gitea.customStartupProbe` | Custom startup probe (needs `gitea.startupProbe.enabled: false`) | | ### Memcached BuiltIn -Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. +Memcached is loaded as a dependency from +[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if +enabled in the values. Complete Configuration can be taken from their website. The following parameters are the defaults set by this chart -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|memcached.service.port|Memcached Port| 11211| +| Parameter | Description | Default | +| ------------------------ | -------------- | ------- | +| `memcached.service.port` | Memcached Port | 11211 | -### Mysql BuiltIn +### MySQL BuiltIn -Mysql is loaded as a dependency from stable. Configuration can be found on this [website](https://github.com/helm/charts/tree/master/stable/mysql). +MySQL is loaded as a dependency from stable. Configuration can be found on this +[website](https://github.com/helm/charts/tree/master/stable/mysql). The following parameters are the defaults set by this chart -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|mysql.root.password|Password for the root user. Ignored if existing secret is provided|gitea| -|mysql.db.user|Username of new user to create.|gitea| -|mysql.db.password|Password for the new user. Ignored if existing secret is provided|gitea| -|mysql.db.name|Name for new database to create.|gitea| -|mysql.service.port|Port to connect to mysql service|3306| -|mysql.persistence.size|Persistence size for mysql |10Gi| +| Parameter | Description | Default | +| ------------------------ | ------------------------------------------------------------------ | ------- | +| `mysql.root.password` | Password for the root user. Ignored if existing secret is provided | `gitea` | +| `mysql.db.user` | Username of new user to create. | `gitea` | +| `mysql.db.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | +| `mysql.db.name` | Name for new database to create. | `gitea` | +| `mysql.service.port` | Port to connect to MySQL service | `3306` | +| `mysql.persistence.size` | Persistence size for MySQL | `10Gi` | -### Postgresql BuiltIn +### PostgreSQL BuiltIn -Postgresql is loaded as a dependency from Bitnami. The chart configuration can be found in this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) repository. +PostgreSQL is loaded as a dependency from Bitnami. The chart configuration can +be found in this +[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) +repository. The following parameters are the defaults set by this chart -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|postgresql.global.postgresql.postgresqlDatabase| PostgreSQL database (overrides postgresqlDatabase)|gitea| -|postgresql.global.postgresql.postgresqlUsername| PostgreSQL username (overrides postgresqlUsername)|gitea| -|postgresql.global.postgresql.postgresqlPassword| PostgreSQL admin password (overrides postgresqlPassword)|gitea| -|postgresql.global.postgresql.servicePort|PostgreSQL port (overrides service.port)|5432| -|postgresql.persistence.size| PVC Storage Request for PostgreSQL volume |10Gi| +| Parameter | Description | Default | +| ------------------------------------------------- | -------------------------------------------------------- | ------- | +| `postgresql.global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides postgresqlDatabase) | `gitea` | +| `postgresql.global.postgresql.postgresqlUsername` | PostgreSQL username (overrides postgresqlUsername) | `gitea` | +| `postgresql.global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides postgresqlPassword) | `gitea` | +| `postgresql.global.postgresql.servicePort` | PostgreSQL port (overrides service.port) | `5432` | +| `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | ### MariaDB BuiltIn -MariaDB is loaded as a dependency from bitnami. Configuration can be found in this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) repository. +MariaDB is loaded as a dependency from bitnami. Configuration can be found in +this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) +repository. The following parameters are the defaults set by this chart -| Parameter | Description | Default | -|---------------------|-----------------------------------|------------------------------| -|mariadb.auth.username|Username of new user to create.|gitea| -|mariadb.auth.password|Password for the new user. Ignored if existing secret is provided|gitea| -|mariadb.auth.database|Name for new database to create.|gitea| -|mariadb.auth.rootPassword|Password for the root user.|gitea| -|mariadb.primary.service.port|Port to connect to mariadb service|3306| -|mariadb.primary.persistence.size|Persistence size for mariadb |10Gi| +| Parameter | Description | Default | +| ---------------------------------- | ----------------------------------------------------------------- | ------- | +| `mariadb.auth.username` | Username of new user to create. | `gitea` | +| `mariadb.auth.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | +| `mariadb.auth.database` | Name for new database to create. | `gitea` | +| `mariadb.auth.rootPassword` | Password for the root user. | `gitea` | +| `mariadb.primary.service.port` | Port to connect to MariaDB service | `3306` | +| `mariadb.primary.persistence.size` | Persistence size for MariaDB | `10Gi` | ## Local development & testing -For local development and testing of pull requests, the following workflow can be used: +For local development and testing of pull requests, the following workflow can +be used: 1. Install `minikube` and `helm`. 2. Start a `minikube` cluster via `minikube start`. -3. From the `gitea/helm-chart` directory execute `helm install --dependency-update gitea . -f values.yaml`. - This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally. - If you want to test a branch, make sure to switch to the respective branch first. -4. Gitea is now deployed in `minikube`. - To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace default port-forward svc/gitea-http 3000:3000`. - Now Gitea is accessible at http://localhost:3000. +3. From the `gitea/helm-chart` directory execute the following command. This + will install the dependencies listed in `Chart.yml` and deploy the current + state of the helm chart found locally. If you want to test a branch, make + sure to switch to the respective branch first. + `helm install --dependency-update gitea . -f values.yaml`. +4. Gitea is now deployed in `minikube`. To access it, it's port needs to be + forwarded first from `minikube` to localhost first via `kubectl --namespace + default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at + [http://localhost:3000](http://localhost:3000). -- 2.40.1 From 0461fa92a96c3f032c4a5038f95a771850fe1c55 Mon Sep 17 00:00:00 2001 From: luhahn Date: Sat, 20 Nov 2021 05:15:45 +0800 Subject: [PATCH 079/390] Rework app.ini generation (#239) App ini is now generated by environment-to-ini This should prevent some of the problems we had earlier with persisting the app.ini Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239 Reviewed-by: justusbunsi Reviewed-by: Andrew Thornton Co-authored-by: luhahn Co-committed-by: luhahn --- README.md | 95 +++++++++++++++++++++----------- templates/gitea/config.yaml | 36 ++++++++++-- templates/gitea/init.yaml | 3 - templates/gitea/statefulset.yaml | 28 +++++++++- 4 files changed, 118 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index caa3050..fe7aeee 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,35 @@ helm install gitea gitea-charts/gitea - Helm 3.0+ - PV provisioner for persistent data support +## Chart upgrade to 5.0.0 + +:warning: The most recent `5.0.0` update brings some major and breaking changes. +Please note the following changes in the Chart to upgrade successfully. :warning: + +### App.ini generation + +The app.ini generation has changed and now utilizes the environment-to-ini +script provided by newer Gitea versions. + +:boom: The Helm Chart now requires Gitea versions of at least 1.11.0. + +This change ensures, that the app.ini is now persistent. + +#### Secret Key generation + +Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated +automatically in certain situations: + +- New install: By default the secrets are created automatically. If you provide + secrets via `gitea.config` they will be used instead of automatic generation. +- Existing installs: The secrets won't be deployed, neither via + configuration nor via auto generation. We explicitly prevent to set new secrets. + +:rotating_light: It would be possible to set new secret keys manually by entering +the running container and rewriting the app.ini by hand. However, this it is +not advisable to do so for existing installations. Certain settings like +_LDAP_ would not be readable anymore. + ## Chart upgrade from 3.x.x to 4.0.0 :warning: The most recent `4.0.0` update brings some breaking changes. Please note @@ -523,48 +552,48 @@ gitea: ### Others -| Parameter | Description | Default | -| ------------------------------------------| -------------------------------------------------------- | ------- | -| statefulset.terminationGracePeriodSeconds | How long to wait until forcefully kill the pod | `60` | -| statefulset.env | Additional environment variables to pass to containers | `[]` | -| extraVolumes | Additional volumes to mount to the Gitea statefulset | `{}` | -| extraVolumeMounts | Additional volume mounts for the Gitea containers | `{}` | -| initPreScript | Bash script copied verbatim to start of init container | | -| securityContext | Run as a specific securityContext | `{}` | -| schedulerName | Use an alternate scheduler, e.g. "stork" | | +| Parameter | Description | Default | +| ------------------------------------------- | -------------------------------------------------------------------- | ------- | +| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | +| `statefulset.env` | Additional environment variables to pass to containers | `[]` | +| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `{}` | +| `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `{}` | +| `initPreScript` | Bash script copied verbatim to start of init container | | +| `securityContext` | Run as a specific securityContext | `{}` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork" | | ### Image -| Parameter | Description | Default | -| -----------------| ----------------------------------------------------------------------------------------- | ------------- | -| image.repository | Image to start for this pod | `gitea/gitea` | -| image.tag | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` | -| image.pullPolicy | Image pull policy | `Always` | -| image.rootless | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| Parameter | Description | Default | +| ------------------ | ----------------------------------------------------------------------------------------- | ------------- | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | ### Persistence -| Parameter | Description | Default | -| ------------------------- | ---------------------------------------------------------- | ------- | -| persistence.enabled | Enable persistence for Gitea | `true` | -| persistence.existingClaim | Use an existing claim to store repository information | | -| persistence.size | Size for persistence to store repo information | `10Gi` | -| persistence.accessModes | AccessMode for persistence | | -| persistence.storageClass | Storage class for repository persistence | | -| persistence.labels | Labels for the persistence volume claim to be created | `{}` | -| persistence.annotations | Annotations for the persistence volume claim to be created | `{}` | +| Parameter | Description | Default | +| --------------------------- | ---------------------------------------------------------- | ------- | +| `persistence.enabled` | Enable persistence for Gitea | `true` | +| `persistence.existingClaim` | Use an existing claim to store repository information | | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | | +| `persistence.storageClass` | Storage class for repository persistence | | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | ### Ingress -| Parameter | Description | Default | -| ---------------------------------- | ---------------------------------------------- | ----------------- | -| ingress.enabled | enable ingress | `false` | -| ingress.annotations | add ingress annotations | | -| ingress.hosts[0].host | add hosts for ingress | `git.example.com` | -| ingress.hosts[0].paths[0].path | add path for each ingress host | `/` | -| ingress.hosts[0].paths[0].pathType | add ingress path type | `Prefix` | -| ingress.tls | add ingress tls settings | `[]` | -| ingress.className | add ingress class name. Only used in k8s 1.19+ | | +| Parameter | Description | Default | +| ------------------------------------ | ---------------------------------------------- | ----------------- | +| `ingress.enabled` | enable ingress | `false` | +| `ingress.annotations` | add ingress annotations | | +| `ingress.hosts[0].host` | add hosts for ingress | `git.example.com` | +| `ingress.hosts[0].paths[0].path` | add path for each ingress host | `/` | +| `ingress.hosts[0].paths[0].pathType` | add ingress path type | `Prefix` | +| `ingress.tls` | add ingress tls settings | `[]` | +| `ingress.className` | add ingress class name. Only used in k8s 1.19+ | | ### Service diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 416d495..3eca2a0 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -6,7 +6,10 @@ metadata: {{- include "gitea.labels" . | nindent 4 }} type: Opaque stringData: - app.ini: |- + config_environment.sh: |- + #!/usr/bin/env bash + set -euo pipefail + {{- if not (hasKey .Values.gitea.config "cache") -}} {{- $_ := set .Values.gitea.config "cache" dict -}} {{- end -}} @@ -31,6 +34,10 @@ stringData: {{- $_ := set .Values.gitea.config "repository" dict -}} {{- end -}} + {{- if not (hasKey .Values.gitea.config "oauth2") -}} + {{- $_ := set .Values.gitea.config "oauth2" dict -}} + {{- end -}} + {{- /* repository default settings */ -}} {{- if not .Values.gitea.config.repository.ROOT -}} {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} @@ -132,17 +139,34 @@ stringData: {{- end -}} {{- end -}} - {{- /* autogenerate app.ini */ -}} + {{- if not (hasKey .Values.gitea.config.security "INTERNAL_TOKEN") }} + export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) + {{- end }} + {{- if not (hasKey .Values.gitea.config.security "SECRET_KEY") }} + export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) + {{- end }} + {{- if not (hasKey .Values.gitea.config.oauth2 "JWT_SECRET") }} + export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) + {{- end }} + + {{- /* autogenerate app.ini environment values */ -}} {{- range $key, $value := .Values.gitea.config }} {{- if kindIs "map" $value }} {{- if gt (len $value) 0 }} - - [{{ $key }}] {{- range $n_key, $n_value := $value }} - {{ $n_key | upper }} = {{ $n_value }} + export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $n_key | upper }}={{ $n_value }} {{- end }} {{- end }} {{- else }} - {{ $key | upper }} = {{ $value }} + export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $key | upper }}={{ $value }} {{- end }} {{- end }} + + # safety to prevent rewrite of secret keys if an app.ini already exists + if [ -f ${GITEA_APP_INI} ]; then + unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN + unset ENV_TO_INI__SECURITY__SECRET_KEY + unset ENV_TO_INI__OAUTH2__JWT_SECRET + fi + + environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index c40ef7b..1ce50c4 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -33,9 +33,6 @@ stringData: chown 1000:1000 "${GITEA_TEMP}" chmod ug+rwx "${GITEA_TEMP}" - # Copy config file to writable volume - cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini - chmod a+rwx /data/gitea/conf/app.ini configure_gitea.sh: |- #!/usr/bin/env bash diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 1ddd529..3b006b2 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -60,8 +60,31 @@ spec: mountPath: /usr/sbin - name: temp mountPath: /tmp + - name: data + mountPath: /data + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + - name: init-app-ini + image: "{{ include "gitea.image" . }}" + command: ["/usr/sbin/config_environment.sh"] + env: + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + - name: GITEA_TEMP + value: /tmp/gitea + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- end }} + volumeMounts: - name: config - mountPath: /etc/gitea/conf + mountPath: /usr/sbin + - name: temp + mountPath: /tmp - name: data mountPath: /data {{- if .Values.extraVolumeMounts }} @@ -236,10 +259,11 @@ spec: - name: init secret: secretName: {{ include "gitea.fullname" . }}-init - defaultMode: 0777 + defaultMode: 110 - name: config secret: secretName: {{ include "gitea.fullname" . }} + defaultMode: 110 {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} -- 2.40.1 From bfa68f6f5877761022a57bba57e1904ffc320ca2 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 13 Dec 2021 16:50:08 +0800 Subject: [PATCH 080/390] Drop custom probes (#248) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As a replacement, the default probes are now fully configurable and used as-is during Chart deployment. Fixes: #189 ⚠️ BREAKING ⚠️ --- Users have to remove the `custom` prefix from their probes, if customized. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/248 Reviewed-by: luhahn Reviewed-by: Andrew Thornton Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 52 +++++++++++++++++++++++++++----- templates/gitea/statefulset.yaml | 39 ++++-------------------- values.yaml | 39 +++++++----------------- 3 files changed, 61 insertions(+), 69 deletions(-) diff --git a/README.md b/README.md index fe7aeee..0fb82e7 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ Please note the following changes in the Chart to upgrade successfully. :warning The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions. -:boom: The Helm Chart now requires Gitea versions of at least 1.11.0. +> :boom: The Helm Chart now requires Gitea versions of at least 1.11.0. This change ensures, that the app.ini is now persistent. @@ -61,11 +61,32 @@ automatically in certain situations: - Existing installs: The secrets won't be deployed, neither via configuration nor via auto generation. We explicitly prevent to set new secrets. -:rotating_light: It would be possible to set new secret keys manually by entering +> :rotating_light: It would be possible to set new secret keys manually by entering the running container and rewriting the app.ini by hand. However, this it is not advisable to do so for existing installations. Certain settings like _LDAP_ would not be readable anymore. +### Probes + +> :boom: `gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` +have been removed. + +They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe` +and `gitea.startupProbe` which are now fully configurable and used _as-is_ for +a Chart deployment. +If you have customized their values instead of using the `custom` prefixed settings, +please ensure that you remove the `enabled` property from each of them. + +In case you want to disable one of these probes, let's say the `livenessProbe`, add +the following to your values. The `podAnnotation` is just there to have a bit more +context. + +```diff +gitea: ++ livenessProbe: + podAnnotations: {} +``` + ## Chart upgrade from 3.x.x to 4.0.0 :warning: The most recent `4.0.0` update brings some breaking changes. Please note @@ -635,29 +656,44 @@ gitea: Configure Liveness, Readiness and Startup [Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). +#### Liveness probe + +- Default status: Enabled +- Default action: tcp socket connect + | Parameter | Description | Default | | ------------------------------------------ | -------------------------------------------------------------------- | ------- | -| `gitea.livenessProbe.enabled` | Enable liveness probe | `true` | | `gitea.livenessProbe.initialDelaySeconds` | Delay before probe start | `200` | | `gitea.livenessProbe.timeoutSeconds` | probe timeout | `1` | | `gitea.livenessProbe.periodSeconds` | period between probes | `10` | | `gitea.livenessProbe.successThreshold` | Minimum consecutive success probes | `1` | | `gitea.livenessProbe.failureThreshold` | Minimum consecutive error probes | `10` | -| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | + +#### Readiness probe + +- Default status: Enabled +- Default action: tcp socket connect + +| Parameter | Description | Default | +| ------------------------------------------ | -------------------------------------------------------------------- | ------- | | `gitea.readinessProbe.initialDelaySeconds` | Delay before probe start | `5` | | `gitea.readinessProbe.timeoutSeconds` | probe timeout | `1` | | `gitea.readinessProbe.periodSeconds` | period between probes | `10` | | `gitea.readinessProbe.successThreshold` | Minimum consecutive success probes | `1` | | `gitea.readinessProbe.failureThreshold` | Minimum consecutive error probes | `3` | -| `gitea.startupProbe.enabled` | Enable startup probe | `false` | + +#### Startup probe + +- Default status: Disabled +- Default action: tcp socket connect + +| Parameter | Description | Default | +| ------------------------------------------ | -------------------------------------------------------------------- | ------- | | `gitea.startupProbe.initialDelaySeconds` | Delay before probe start | `60` | | `gitea.startupProbe.timeoutSeconds` | probe timeout | `1` | | `gitea.startupProbe.periodSeconds` | period between probes | `10` | | `gitea.startupProbe.successThreshold` | Minimum consecutive success probes | `1` | | `gitea.startupProbe.failureThreshold` | Minimum consecutive error probes | `10` | -| `gitea.customLivenessProbe` | Custom liveness probe (needs `gitea.livenessProbe.enabled: false`) | | -| `gitea.customReadinessProbe` | Custom readiness probe (needs `gitea.readinessProbe.enabled: false`) | | -| `gitea.customStartupProbe` | Custom startup probe (needs `gitea.startupProbe.enabled: false`) | | ### Memcached BuiltIn diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 3b006b2..1d5aa18 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -192,44 +192,17 @@ spec: - name: profiler containerPort: 6060 {{- end }} - {{- if .Values.gitea.livenessProbe.enabled }} + {{- if .Values.gitea.livenessProbe }} livenessProbe: - tcpSocket: - port: http - initialDelaySeconds: {{ .Values.gitea.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.gitea.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.gitea.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.gitea.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.gitea.livenessProbe.failureThreshold }} - {{- else if .Values.gitea.customLivenessProbe }} - livenessProbe: - {{- toYaml .Values.gitea.customLivenessProbe | nindent 12 }} + {{- toYaml .Values.gitea.livenessProbe | nindent 12 }} {{- end }} - {{- if .Values.gitea.readinessProbe.enabled }} + {{- if .Values.gitea.readinessProbe }} readinessProbe: - tcpSocket: - port: http - initialDelaySeconds: {{ .Values.gitea.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.gitea.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.gitea.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.gitea.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.gitea.readinessProbe.failureThreshold }} - {{- else if .Values.gitea.customReadinessProbe }} - readinessProbe: - {{- toYaml .Values.gitea.customReadinessProbe | nindent 12 }} + {{- toYaml .Values.gitea.readinessProbe | nindent 12 }} {{- end }} - {{- if .Values.gitea.startupProbe.enabled }} + {{- if .Values.gitea.startupProbe }} startupProbe: - tcpSocket: - port: http - initialDelaySeconds: {{ .Values.gitea.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.gitea.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.gitea.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.gitea.startupProbe.successThreshold }} - failureThreshold: {{ .Values.gitea.startupProbe.failureThreshold }} - {{- else if .Values.gitea.customStartupProbe }} - startupProbe: - {{- toYaml .Values.gitea.customStartupProbe | nindent 12 }} + {{- toYaml .Values.gitea.startupProbe | nindent 12 }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/values.yaml b/values.yaml index d6e7a53..fabc055 100644 --- a/values.yaml +++ b/values.yaml @@ -207,49 +207,32 @@ gitea: builtIn: enabled: true + # Modify the liveness probe for your needs or completely disable it by commenting out. livenessProbe: - enabled: true + tcpSocket: + port: http initialDelaySeconds: 200 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 + + # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: - enabled: true + tcpSocket: + port: http initialDelaySeconds: 5 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 3 - startupProbe: - enabled: false - initialDelaySeconds: 60 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 10 - # customLivenessProbe: - # httpGet: - # path: /user/login - # port: http - # initialDelaySeconds: 60 - # periodSeconds: 10 - # successThreshold: 1 - # failureThreshold: 10 - # customReadinessProbe: - # httpGet: - # path: /user/login - # port: http - # initialDelaySeconds: 5 - # periodSeconds: 10 - # successThreshold: 1 - # failureThreshold: 3 - # customStartupProbe: - # httpGet: - # path: /user/login + # # Uncomment the startup probe to enable and modify it for your needs. + # startupProbe: + # tcpSocket: # port: http # initialDelaySeconds: 60 + # timeoutSeconds: 1 # periodSeconds: 10 # successThreshold: 1 # failureThreshold: 10 -- 2.40.1 From bef0cea1b117d822f01d51b8fab5b9b1be841454 Mon Sep 17 00:00:00 2001 From: nmasse-itix Date: Sat, 18 Dec 2021 19:10:48 +0800 Subject: [PATCH 081/390] split the securityContext in two: pod and container securityContext (#259) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hello ! I'm using the new Helm chart (5.x) and I really like the new configuration mechanism. 👍 I would like to contribute the following enhancement. ## The problem I want to solve I'm trying to deploy Gitea in a Kubernetes shared platform and I need to make sure each instance is running as a different user so that in case of container escape, the risk of data leak is minimized. Additionally, on my platform (OpenShift), arbitrary users (such as uid 1000 for Gitea) are not allowed. The current helm chart does not allow me to achieve this because: - the container security context is configurable only for the main container. The security context of init containers cannot be specified. - a fixed uid is hard coded - a fixed fs group is hard coded Also, the securityContext of a pod and the securityContext of a container do not accept the same options. - https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core - https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#securitycontext-v1-core ## How I'm solving the problem I split the `securityContext` (values.yaml) in two: `containerSecurityContext` and `podSecurityContext`. The containerSecurityContext applies to all containers (init and main) in order to be consistent with file permissions. The behavior for existing deployments is unchanged: - fsGroup 1000 is the default value for the podSecurityContext variable - the "configure-gitea" init container uses the uid 1000 unless otherwise stated in the containerSecurityContext - the main container is using the existing securityContext variable when defined in order not to break existing deployments and uses the new containerSecurityContext variable if not. This approach is well tested: it is used consistently on bitnami's Helm charts. ## How I tested I tested both root and rootless variants on a Kubernetes 1.22, as well as rootless variant on OpenShift 4.7. **rootless variant on Kubernetes**: ```yaml podSecurityContext: fsGroup: 10001 containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - SYS_CHROOT privileged: false runAsGroup: 10001 runAsNonRoot: true runAsUser: 10001 extraVolumes: - name: var-lib-gitea emptyDir: {} extraVolumeMounts: - name: var-lib-gitea readOnly: false mountPath: "/var/lib/gitea" ``` **rootless variant on OpenShift**: ```yaml podSecurityContext: fsGroup: null containerSecurityContext: allowPrivilegeEscalation: false privileged: false runAsNonRoot: true runAsUser: 1000790000 extraVolumes: - name: var-lib-gitea emptyDir: {} extraVolumeMounts: - name: var-lib-gitea readOnly: false mountPath: "/var/lib/gitea" ``` Let me know if something is unclear. Co-authored-by: Nicolas MASSE Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/259 Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: nmasse-itix Co-committed-by: nmasse-itix --- README.md | 3 ++- templates/gitea/statefulset.yaml | 20 +++++++++++++++++--- values.yaml | 12 ++++++++++-- 3 files changed, 29 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 0fb82e7..a97bd84 100644 --- a/README.md +++ b/README.md @@ -580,7 +580,8 @@ gitea: | `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `{}` | | `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `{}` | | `initPreScript` | Bash script copied verbatim to start of init container | | -| `securityContext` | Run as a specific securityContext | `{}` | +| `podSecurityContext.fsGroup` | Set the shared file system group for all containers | 1000 | +| `containerSecurityContext` | Run init and gitea containers as a specific securityContext | `{}` | | `schedulerName` | Use an alternate scheduler, e.g. "stork" | | ### Image diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 1d5aa18..734f342 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -38,7 +38,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} securityContext: - fsGroup: 1000 + {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: init-directories image: "{{ include "gitea.image" . }}" @@ -65,6 +65,8 @@ spec: {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} - name: init-app-ini image: "{{ include "gitea.image" . }}" command: ["/usr/sbin/config_environment.sh"] @@ -90,11 +92,18 @@ spec: {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} - name: configure-gitea image: "{{ include "gitea.image" . }}" command: ["/usr/sbin/configure_gitea.sh"] securityContext: - runAsUser: 1000 + {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} + {{- $csc := deepCopy .Values.containerSecurityContext -}} + {{- if not (hasKey $csc "runAsUser") -}} + {{- $_ := set $csc "runAsUser" 1000 -}} + {{- end -}} + {{- toYaml $csc | nindent 12 }} env: - name: GITEA_APP_INI value: /data/gitea/conf/app.ini @@ -207,7 +216,12 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- /* Honor the deprecated securityContext variable when defined */ -}} + {{- if .Values.containerSecurityContext -}} + {{ toYaml .Values.containerSecurityContext | nindent 12 -}} + {{- else -}} + {{ toYaml .Values.securityContext | nindent 12 -}} + {{- end }} volumeMounts: - name: temp mountPath: /tmp diff --git a/values.yaml b/values.yaml index fabc055..ef6f324 100644 --- a/values.yaml +++ b/values.yaml @@ -14,8 +14,11 @@ image: imagePullSecrets: [] -# only usable with rootless image due to image design -securityContext: {} +# Security context is only usable with rootless image due to image design +podSecurityContext: + fsGroup: 1000 + +containerSecurityContext: {} # allowPrivilegeEscalation: false # capabilities: # drop: @@ -33,6 +36,11 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +# DEPRECATED. The securityContext variable has been split two: +# - containerSecurityContext +# - podSecurityContext. +securityContext: {} + service: http: type: ClusterIP -- 2.40.1 From d97b1567e2e321e335685a088d0bb1be9336c748 Mon Sep 17 00:00:00 2001 From: iMartyn Date: Mon, 20 Dec 2021 19:54:37 +0800 Subject: [PATCH 082/390] Enable overriding of ingress api version for systems where detection doesn't work (#252) fixes #251 The rendering is a bit more programatic but the result is the same if you don't have an override. This makes the code a little easier at the end of the template, and slightly less easier to read at the beginning, which I think is a valid tradeoff. Co-authored-by: Martyn Ranyard Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/252 Reviewed-by: justusbunsi Reviewed-by: luhahn Co-authored-by: iMartyn Co-committed-by: iMartyn --- README.md | 19 ++++++++++--------- templates/gitea/ingress.yaml | 16 +++++++++------- values.yaml | 3 +++ 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index a97bd84..59db63e 100644 --- a/README.md +++ b/README.md @@ -607,15 +607,16 @@ gitea: ### Ingress -| Parameter | Description | Default | -| ------------------------------------ | ---------------------------------------------- | ----------------- | -| `ingress.enabled` | enable ingress | `false` | -| `ingress.annotations` | add ingress annotations | | -| `ingress.hosts[0].host` | add hosts for ingress | `git.example.com` | -| `ingress.hosts[0].paths[0].path` | add path for each ingress host | `/` | -| `ingress.hosts[0].paths[0].pathType` | add ingress path type | `Prefix` | -| `ingress.tls` | add ingress tls settings | `[]` | -| `ingress.className` | add ingress class name. Only used in k8s 1.19+ | | +| Parameter | Description | Default | +| ------------------------------------ | ---------------------------------------------------------------------------- | -------------------------------------------------- | +| `ingress.enabled` | enable ingress | `false` | +| `ingress.annotations` | add ingress annotations | | +| `ingress.hosts[0].host` | add hosts for ingress | `git.example.com` | +| `ingress.hosts[0].paths[0].path` | add path for each ingress host | `/` | +| `ingress.hosts[0].paths[0].pathType` | add ingress path type | `Prefix` | +| `ingress.tls` | add ingress tls settings | `[]` | +| `ingress.className` | add ingress class name. Only used in k8s 1.19+ | | +| `ingress.apiVersion` | specify APIVersion of ingress object. Mostly would only be used for argocd. | version indicated by helm's `Capabilities` object. | ### Service diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 2af0804..224e777 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -1,13 +1,15 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "gitea.fullname" . -}} {{- $httpPort := .Values.service.http.port -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} -apiVersion: networking.k8s.io/v1 +{{- $apiVersion := "extensions/v1beta1" -}} +{{- if .Values.ingress.apiVersion -}} +{{- $apiVersion = .Values.ingress.apiVersion -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- $apiVersion = "networking.k8s.io/v1" }} {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 +{{- $apiVersion = "networking.k8s.io/v1beta1" }} {{- end }} +apiVersion: {{ $apiVersion }} kind: Ingress metadata: name: {{ $fullName }} @@ -38,11 +40,11 @@ spec: paths: {{- range .paths }} - path: {{ .path }} - {{- if and .pathType ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") }} + {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }} pathType: {{ .pathType }} {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if eq $apiVersion "networking.k8s.io/v1" }} service: name: {{ $fullName }}-http port: diff --git a/values.yaml b/values.yaml index ef6f324..1290ef9 100644 --- a/values.yaml +++ b/values.yaml @@ -78,6 +78,9 @@ ingress: # - secretName: chart-example-tls # hosts: # - git.example.com + # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar + # If helm doesn't correctly detect your ingress API version you can set it here. + # apiVersion: networking.k8s.io/v1 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious -- 2.40.1 From cd09ccfcdb97b2540dad466103c838610ef14710 Mon Sep 17 00:00:00 2001 From: "aleksey.sergey" Date: Mon, 20 Dec 2021 19:58:44 +0800 Subject: [PATCH 083/390] add support for persistence.subPath option (#263) Hello, PR adds a `persistence.subPath` option to provide user more flexibility on mounting the `data` PV. https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath The setting is similar to e.g. `primary.persistence.subPath` in MariaDB helm chart: https://github.com/bitnami/charts/tree/master/bitnami/mariadb Co-authored-by: Aleksey Sergey Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/263 Reviewed-by: justusbunsi Reviewed-by: luhahn Co-authored-by: aleksey.sergey Co-committed-by: aleksey.sergey --- README.md | 3 ++- templates/gitea/statefulset.yaml | 12 ++++++++++++ values.yaml | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 59db63e..f220d31 100644 --- a/README.md +++ b/README.md @@ -581,7 +581,7 @@ gitea: | `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `{}` | | `initPreScript` | Bash script copied verbatim to start of init container | | | `podSecurityContext.fsGroup` | Set the shared file system group for all containers | 1000 | -| `containerSecurityContext` | Run init and gitea containers as a specific securityContext | `{}` | +| `containerSecurityContext` | Run init and Gitea containers as a specific securityContext | `{}` | | `schedulerName` | Use an alternate scheduler, e.g. "stork" | | ### Image @@ -602,6 +602,7 @@ gitea: | `persistence.size` | Size for persistence to store repo information | `10Gi` | | `persistence.accessModes` | AccessMode for persistence | | | `persistence.storageClass` | Storage class for repository persistence | | +| `persistence.subPath` | Subdirectory of the volume to mount at | | | `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | | `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 734f342..66dd287 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -62,6 +62,9 @@ spec: mountPath: /tmp - name: data mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} @@ -89,6 +92,9 @@ spec: mountPath: /tmp - name: data mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} @@ -161,6 +167,9 @@ spec: mountPath: /tmp - name: data mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} @@ -227,6 +236,9 @@ spec: mountPath: /tmp - name: data mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} diff --git a/values.yaml b/values.yaml index 1290ef9..5740b7f 100644 --- a/values.yaml +++ b/values.yaml @@ -121,6 +121,7 @@ persistence: labels: {} annotations: {} # storageClass: + # subPath: # additional volumes to add to the Gitea statefulset. extraVolumes: -- 2.40.1 From 6d9362ed3979d73d4ab35eed1da77c816af63fa7 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 20 Dec 2021 22:43:55 +0800 Subject: [PATCH 084/390] Rework OAuth sources (#244) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This change request includes two different things to improve OAuth source handling: - Allow multiple OAuth source configuration (Fixes: #191) - Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242) ⚠️ BREAKING ⚠️ --- Users need to migrate their `gitea.oauth` configuration. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244 Reviewed-by: luhahn Reviewed-by: Andrew Thornton Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 51 +++++++++++++++++++++++++------- templates/_helpers.tpl | 17 +++++++++-- templates/gitea/init.yaml | 14 +++++---- templates/gitea/statefulset.yaml | 20 ++++++++++++- values.yaml | 25 ++++++++-------- 5 files changed, 95 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index f220d31..3b5efd0 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,13 @@ gitea: podAnnotations: {} ``` +### Multiple OAuth authentication sources + +With `5.0.0` of this Chart it is now possible to configure Gitea with multiple +OAuth sources. As a result, you need to update an existing OAuth configuration +in your customized `values.yaml` by replacing the object with settings to a list +of settings objects. See [OAuth2 Settings](#oauth-settings) section for details. + ## Chart upgrade from 3.x.x to 4.0.0 :warning: The most recent `4.0.0` update brings some breaking changes. Please note @@ -521,20 +528,42 @@ deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are available. +Multiple OAuth2 sources can be configured with additional OAuth list items. + ```yaml gitea: oauth: - enabled: true - name: 'MyAwesomeGiteaOAuth' - provider: 'openidConnect' - key: 'hello' - secret: 'world' - autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' - #useCustomUrls: - #customAuthUrl: - #customTokenUrl: - #customProfileUrl: - #customEmailUrl: + - name: 'MyAwesomeGiteaOAuth' + provider: 'openidConnect' + key: 'hello' + secret: 'world' + autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' + #useCustomUrls: + #customAuthUrl: + #customTokenUrl: + #customProfileUrl: + #customEmailUrl: +``` + +You can also use an existing secret to set the `key` and `secret`: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-oauth-secret +type: Opaque +stringData: + key: hello + secret: world +``` + +```yaml +gitea: + oauth: + - name: 'MyAwesomeGiteaOAuth' + existingSecret: gitea-oauth-secret + ... ``` ### Metrics and profiling diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 26c6aa0..e25f816 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -138,9 +138,20 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.oauth_settings" -}} -{{- range $key, $val := .Values.gitea.oauth -}} -{{- if ne $key "enabled" -}} -{{- printf "--%s %s " ($key | kebabcase) ($val | squote) -}} +{{- $idx := index . 0 }} +{{- $values := index . 1 }} + +{{- if not (hasKey $values "key") -}} +{{- $_ := set $values "key" (printf "${GITEA_OAUTH_KEY_%d}" $idx) -}} +{{- end -}} + +{{- if not (hasKey $values "secret") -}} +{{- $_ := set $values "secret" (printf "${GITEA_OAUTH_SECRET_%d}" $idx) -}} +{{- end -}} + +{{- range $key, $val := $values -}} +{{- if and (ne $key "enabled") (ne $key "existingSecret") -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 1ce50c4..8137d67 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -104,23 +104,27 @@ stringData: configure_ldap - {{- if .Values.gitea.oauth.enabled }} function configure_oauth() { - local OAUTH_NAME={{ (printf "%s" .Values.gitea.oauth.name) | squote }} + {{- if .Values.gitea.oauth }} + {{- range $idx, $value := .Values.gitea.oauth }} + local OAUTH_NAME={{ (printf "%s" $value.name) | squote }} local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") if [[ -z "${AUTH_ID}" ]]; then echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." - gitea admin auth add-oauth {{- include "gitea.oauth_settings" . | indent 1 }} + gitea admin auth add-oauth {{- include "gitea.oauth_settings" (list $idx $value) | indent 1 }} echo '...installed.' else echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..." - gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" . | indent 1 }} + gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" (list $idx $value) | indent 1 }} echo '...sync settings done.' fi + {{- end }} + {{- else }} + echo 'no oauth configuration... skipping.' + {{- end }} } configure_oauth - {{- end }} echo '==== END GITEA CONFIGURATION ====' diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 66dd287..6542296 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -20,7 +20,9 @@ spec: {{- range $idx, $value := .Values.gitea.ldap }} checksum/ldap_{{ $idx }}: {{ include "gitea.ldap_settings" (list $idx $value) | sha256sum }} {{- end }} - checksum/oauth: {{ include "gitea.oauth_settings" . | sha256sum }} + {{- range $idx, $value := .Values.gitea.oauth }} + checksum/oauth_{{ $idx }}: {{ include "gitea.oauth_settings" (list $idx $value) | sha256sum }} + {{- end }} {{- with .Values.gitea.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -140,6 +142,22 @@ spec: {{- end }} {{- end }} {{- end }} + {{- if .Values.gitea.oauth }} + {{- range $idx, $value := .Values.gitea.oauth }} + {{- if $value.existingSecret }} + - name: GITEA_OAUTH_KEY_{{ $idx }} + valueFrom: + secretKeyRef: + key: key + name: {{ $value.existingSecret }} + - name: GITEA_OAUTH_SECRET_{{ $idx }} + valueFrom: + secretKeyRef: + key: secret + name: {{ $value.existingSecret }} + {{- end }} + {{- end }} + {{- end }} {{- if .Values.gitea.admin.existingSecret }} - name: GITEA_ADMIN_USERNAME valueFrom: diff --git a/values.yaml b/values.yaml index 5740b7f..d22ca52 100644 --- a/values.yaml +++ b/values.yaml @@ -181,18 +181,19 @@ gitea: # usernameAttribute: # publicSSHKeyAttribute: - oauth: - enabled: false - #name: - #provider: - #key: - #secret: - #autoDiscoverUrl: - #useCustomUrls: - #customAuthUrl: - #customTokenUrl: - #customProfileUrl: - #customEmailUrl: + # Either specify inline `key` and `secret` or refer to them via `existingSecret` + oauth: [] + # - name: 'OAuth 1' + # provider: + # key: + # secret: + # existingSecret: + # autoDiscoverUrl: + # useCustomUrls: + # customAuthUrl: + # customTokenUrl: + # customProfileUrl: + # customEmailUrl: config: {} # APP_NAME: "Gitea: Git with a cup of tea" -- 2.40.1 From 66683e14df45e76a2347fbd0893d4d61158c190e Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 21 Dec 2021 18:59:18 +0800 Subject: [PATCH 085/390] Remove "enabled" key check from OAuth (#267) As this key must not exist anymore, we don't have to check it. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/267 Reviewed-by: luhahn Reviewed-by: wxiaoguang Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index e25f816..42b8bed 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -150,7 +150,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- range $key, $val := $values -}} -{{- if and (ne $key "enabled") (ne $key "existingSecret") -}} +{{- if ne $key "existingSecret" -}} {{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} {{- end -}} {{- end -}} -- 2.40.1 From 7b0a1c7ae6f163268aa888ba1b5fb972ae002cd7 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 22 Dec 2021 18:44:04 +0800 Subject: [PATCH 086/390] Generic way for configuring Gitea app.ini (#240) With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources. These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps. - Fixes #243 - Fixes #174 - Fixes #260 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240 Reviewed-by: luhahn Reviewed-by: wxiaoguang Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .markdownlint.yaml | 4 +- README.md | 46 +++++++ templates/_helpers.tpl | 154 +++++++++++++++++++++ templates/gitea/config.yaml | 229 +++++++++++++------------------ templates/gitea/statefulset.yaml | 13 ++ values.yaml | 6 + 6 files changed, 314 insertions(+), 138 deletions(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 6cf752c..a67574a 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -135,6 +135,8 @@ MD044: - MySQL - Memcached - Prometheus + - Git + - GitOps # Include code blocks code_blocks: false @@ -146,4 +148,4 @@ MD046: # MD048/code-fence-style - Code fence style MD048: # Code fence syle - style: "backtick" \ No newline at end of file + style: "backtick" diff --git a/README.md b/README.md index 3b5efd0..c544e37 100644 --- a/README.md +++ b/README.md @@ -272,6 +272,52 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` +### Additional _app.ini_ settings + +> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) +section cannot be defined that way.** + +Some settings inside _app.ini_ (like passwords or whole authentication configurations) +must be considered sensitive and therefore should not be passed via plain text +inside the _values.yaml_ file. In times of _GitOps_ the values.yaml could be stored +in a Git repository where sensitive data should never be accessible. + +The Helm Chart supports this approach and let the user define custom sources like +Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation +or update. + +```yaml +gitea: + additionalConfigSources: + - secret: + secretName: gitea-app-ini-oauth + - configMap: + name: gitea-app-ini-plaintext +``` + +This would mount the two additional volumes (`oauth` and `some-additionals`) +from different sources to the init containerwhere the _app.ini_ gets updated. +All files mounted that way will be read and converted to environment variables +and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini). + +The key of such additional source represents the section inside the _app.ini_. +The value for each key can be multiline ini-like definitions. + +In example, the referenced `gitea-app-ini-plaintext` could look like this. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-app-ini-plaintext +data: + session: | + PROVIDER=memory + SAME_SITE=strict + cron.archive_cleanup: | + ENABLED=true +``` + ### External Database An external Database can be used instead of builtIn PostgreSQL or MySQL. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 42b8bed..fcb3874 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -155,3 +155,157 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- end -}} {{- end -}} + +{{- define "gitea.inline_configuration" -}} + {{- include "gitea.inline_configuration.init" . -}} + {{- include "gitea.inline_configuration.defaults" . -}} + + {{- $generals := list -}} + {{- $inlines := dict -}} + + {{- range $key, $value := .Values.gitea.config }} + {{- if kindIs "map" $value }} + {{- if gt (len $value) 0 }} + {{- $section := default list (get $inlines $key) -}} + {{- range $n_key, $n_value := $value }} + {{- $section = append $section (printf "%s=%v" $n_key $n_value) -}} + {{- end }} + {{- $_ := set $inlines $key (join "\n" $section) -}} + {{- end -}} + {{- else }} + {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") -}} + {{- $generals = append $generals (printf "%s=%s" $key $value) -}} + {{- else -}} + {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}} + {{- end -}} + {{- end }} + {{- end }} + + {{- $_ := set $inlines "_generals_" (join "\n" $generals) -}} + {{- toYaml $inlines -}} +{{- end -}} + +{{- define "gitea.inline_configuration.init" -}} + {{- if not (hasKey .Values.gitea.config "cache") -}} + {{- $_ := set .Values.gitea.config "cache" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "server") -}} + {{- $_ := set .Values.gitea.config "server" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "metrics") -}} + {{- $_ := set .Values.gitea.config "metrics" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "database") -}} + {{- $_ := set .Values.gitea.config "database" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "security") -}} + {{- $_ := set .Values.gitea.config "security" dict -}} + {{- end -}} + {{- if not .Values.gitea.config.repository -}} + {{- $_ := set .Values.gitea.config "repository" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "oauth2") -}} + {{- $_ := set .Values.gitea.config "oauth2" dict -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.inline_configuration.defaults" -}} + {{- include "gitea.inline_configuration.defaults.server" . -}} + {{- include "gitea.inline_configuration.defaults.database" . -}} + + {{- if not .Values.gitea.config.repository.ROOT -}} + {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} + {{- end -}} + {{- if not .Values.gitea.config.security.INSTALL_LOCK -}} + {{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} + {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} + {{- end -}} + {{- if .Values.gitea.cache.builtIn.enabled -}} + {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} + {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}} + {{- if not (.Values.gitea.config.cache.HOST) -}} + {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.inline_configuration.defaults.server" -}} + {{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}} + {{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}} + {{- end -}} + {{- if not .Values.gitea.config.server.PROTOCOL -}} + {{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}} + {{- end -}} + {{- if not (.Values.gitea.config.server.DOMAIN) -}} + {{- if gt (len .Values.ingress.hosts) 0 -}} + {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}} + {{- else -}} + {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}} + {{- end -}} + {{- end -}} + {{- if not .Values.gitea.config.server.ROOT_URL -}} + {{- if .Values.ingress.enabled -}} + {{- if gt (len .Values.ingress.tls) 0 -}} + {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}} + {{- else -}} + {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0).host) -}} + {{- end -}} + {{- else -}} + {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}} + {{- end -}} + {{- end -}} + {{- if not .Values.gitea.config.server.SSH_DOMAIN -}} + {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}} + {{- end -}} + {{- if not .Values.gitea.config.server.SSH_PORT -}} + {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} + {{- if not .Values.image.rootless -}} + {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} + {{- else -}} + {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}} + {{- end -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} + {{- if .Values.image.rootless -}} + {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} + {{- end -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} + {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}} + {{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.inline_configuration.defaults.database" -}} + {{- if .Values.gitea.database.builtIn.postgresql.enabled -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} + {{- if not (.Values.gitea.config.database.HOST) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} + {{- end -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}} + {{- else if .Values.gitea.database.builtIn.mysql.enabled -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} + {{- if not (.Values.gitea.config.database.HOST) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}} + {{- end -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}} + {{- else if .Values.gitea.database.builtIn.mariadb.enabled -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} + {{- if not (.Values.gitea.config.database.HOST) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}} + {{- end -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}} + {{- end -}} +{{- end -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 3eca2a0..78bceab 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -1,5 +1,15 @@ apiVersion: v1 kind: Secret +metadata: + name: {{ include "gitea.fullname" . }}-inline-config + labels: + {{- include "gitea.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- include "gitea.inline_configuration" . | nindent 2 }} +--- +apiVersion: v1 +kind: Secret metadata: name: {{ include "gitea.fullname" . }} labels: @@ -10,160 +20,105 @@ stringData: #!/usr/bin/env bash set -euo pipefail - {{- if not (hasKey .Values.gitea.config "cache") -}} - {{- $_ := set .Values.gitea.config "cache" dict -}} - {{- end -}} + function env2ini::log() { + printf "${1}\n" + } - {{- if not (hasKey .Values.gitea.config "server") -}} - {{- $_ := set .Values.gitea.config "server" dict -}} - {{- end -}} + function env2ini::read_config_to_env() { + local section="${1}" + local line="${2}" - {{- if not (hasKey .Values.gitea.config "metrics") -}} - {{- $_ := set .Values.gitea.config "metrics" dict -}} - {{- end -}} + if [[ -z "${line}" ]]; then + # skip empty line + return + fi + + # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line + local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" - {{- if not (hasKey .Values.gitea.config "database") -}} - {{- $_ := set .Values.gitea.config "database" dict -}} - {{- end -}} + if [[ -z "${setting}" ]]; then + env2ini::log ' ! invalid setting' + exit 1 + fi - {{- if not (hasKey .Values.gitea.config "security") -}} - {{- $_ := set .Values.gitea.config "security" dict -}} - {{- end -}} + local value='' + local regex="^${setting}(\s*)=(\s*)(.*)" + if [[ $line =~ $regex ]]; then + value="${BASH_REMATCH[3]}" + else + env2ini::log ' ! invalid setting' + exit 1 + fi - {{- if not .Values.gitea.config.repository -}} - {{- $_ := set .Values.gitea.config "repository" dict -}} - {{- end -}} + env2ini::log " + '${setting}'" - {{- if not (hasKey .Values.gitea.config "oauth2") -}} - {{- $_ := set .Values.gitea.config "oauth2" dict -}} - {{- end -}} + if [[ -z "${section}" ]]; then + export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase + return + fi - {{- /* repository default settings */ -}} - {{- if not .Values.gitea.config.repository.ROOT -}} - {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} - {{- end -}} + local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches + masked_section="${masked_section//-/_0X2D_}" - {{- /* security default settings */ -}} - {{- if not .Values.gitea.config.security.INSTALL_LOCK -}} - {{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}} - {{- end -}} + export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase + } - {{- /* server default settings */ -}} - {{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}} - {{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}} - {{- end -}} - {{- if not .Values.gitea.config.server.PROTOCOL -}} - {{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}} - {{- end -}} - {{- if not (.Values.gitea.config.server.DOMAIN) -}} - {{- if gt (len .Values.ingress.hosts) 0 -}} - {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}} - {{- else -}} - {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}} - {{- end -}} - {{- end -}} - {{- if not .Values.gitea.config.server.ROOT_URL -}} - {{- if .Values.ingress.enabled -}} - {{- if gt (len .Values.ingress.tls) 0 -}} - {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}} - {{- else -}} - {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0).host) -}} - {{- end -}} - {{- else -}} - {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}} - {{- end -}} - {{- end -}} - {{- if not .Values.gitea.config.server.SSH_DOMAIN -}} - {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}} - {{- end -}} - {{- if not .Values.gitea.config.server.SSH_PORT -}} - {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} - {{- end -}} - {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} - {{- if not .Values.image.rootless -}} - {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} - {{- else -}} - {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}} - {{- end -}} - {{- end -}} - {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} - {{- if .Values.image.rootless -}} - {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} - {{- end -}} - {{- end -}} - {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} - {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}} - {{- end -}} - {{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}} - {{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}} - {{- end -}} + function env2ini::process_config_file() { + local config_file="${1}" + local section="$(basename "${config_file}")" - {{- /* metrics default settings */ -}} - {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} - {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} - {{- end -}} + if [[ $section == '_generals_' ]]; then + env2ini::log " [ini root]" + section='' + else + env2ini::log " ${section}" + fi - {{- /* database default settings */ -}} - {{- if .Values.gitea.database.builtIn.postgresql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} - {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} - {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}} - {{ else if .Values.gitea.database.builtIn.mysql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} - {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}} - {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}} - {{ else if .Values.gitea.database.builtIn.mariadb.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} - {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}} - {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}} - {{- end -}} + while read -r line; do + env2ini::read_config_to_env "${section}" "${line}" + done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading + } - {{- /* cache default settings */ -}} - {{- if .Values.gitea.cache.builtIn.enabled -}} - {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} - {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}} - {{- if not (.Values.gitea.config.cache.HOST) -}} - {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}} - {{- end -}} - {{- end -}} + function env2ini::load_config_sources() { + local path="${1}" - {{- if not (hasKey .Values.gitea.config.security "INTERNAL_TOKEN") }} - export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) - {{- end }} - {{- if not (hasKey .Values.gitea.config.security "SECRET_KEY") }} - export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) - {{- end }} - {{- if not (hasKey .Values.gitea.config.oauth2 "JWT_SECRET") }} - export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) - {{- end }} + env2ini::log "Processing $(basename "${path}")..." - {{- /* autogenerate app.ini environment values */ -}} - {{- range $key, $value := .Values.gitea.config }} - {{- if kindIs "map" $value }} - {{- if gt (len $value) 0 }} - {{- range $n_key, $n_value := $value }} - export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $n_key | upper }}={{ $n_value }} - {{- end }} - {{- end }} - {{- else }} - export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $key | upper }}={{ $value }} - {{- end }} - {{- end }} + while read -d '' configFile; do + env2ini::process_config_file "${configFile}" + done < <(find "${path}" -type l -not -name '..data' -print0) + + env2ini::log "\n" + } + + function env2ini::generate_initial_secrets() { + # These environment variables will either be + # - overwritten with user defined values, + # - initially used to set up Gitea + # Anyway, they won't harm existing app.ini files + + export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) + export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) + export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) + + env2ini::log "...Initial secrets generated\n" + } + + # MUST BE CALLED BEFORE OTHER CONFIGURATION + env2ini::generate_initial_secrets + + env2ini::load_config_sources '/env-to-ini-mounts/inlines/' + env2ini::load_config_sources '/env-to-ini-mounts/additionals/' + + env2ini::log "=== All configuration sources loaded ===\n" # safety to prevent rewrite of secret keys if an app.ini already exists if [ -f ${GITEA_APP_INI} ]; then + env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:' + env2ini::log ' - security.INTERNAL_TOKEN' + env2ini::log ' - security.SECRET_KEY' + env2ini::log ' - oauth2.JWT_SECRET' + unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN unset ENV_TO_INI__SECURITY__SECRET_KEY unset ENV_TO_INI__OAUTH2__JWT_SECRET diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 6542296..b0385b4 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -97,6 +97,12 @@ spec: {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} + - name: inline-config-sources + mountPath: /env-to-ini-mounts/inlines/ + {{- range $idx, $value := .Values.gitea.additionalConfigSources }} + - name: additional-config-sources-{{ $idx }} + mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/" + {{- end }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} @@ -284,6 +290,13 @@ spec: {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} + - name: inline-config-sources + secret: + secretName: {{ include "gitea.fullname" . }}-inline-config + {{- range $idx, $value := .Values.gitea.additionalConfigSources }} + - name: additional-config-sources-{{ $idx }} + {{- toYaml $value | nindent 10 }} + {{- end }} - name: temp emptyDir: {} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} diff --git a/values.yaml b/values.yaml index d22ca52..610a765 100644 --- a/values.yaml +++ b/values.yaml @@ -205,6 +205,12 @@ gitea: # security: # PASSWORD_COMPLEXITY: spec + additionalConfigSources: [] + # - secret: + # secretName: gitea-app-ini-oauth + # - configMap: + # name: gitea-app-ini-plaintext + podAnnotations: {} database: -- 2.40.1 From d97ea18626b83bea5a91b9eb576a43f86c03f61b Mon Sep 17 00:00:00 2001 From: luhahn Date: Wed, 22 Dec 2021 23:41:35 +0800 Subject: [PATCH 087/390] Remove builtIn dependency values (#268) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ⚠️ Breaking Moved the values to enable the dependencies into the dependencies itself, this way we don't need a seperate field in the values and it is more obvious how to enable for example postgresql. Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/268 Reviewed-by: justusbunsi Reviewed-by: Andrew Thornton --- Chart.yaml | 8 ++++---- README.md | 46 +++++++++++++++++++++++++++++++----------- templates/_helpers.tpl | 20 +++++++++--------- values.yaml | 17 ++++------------ 4 files changed, 52 insertions(+), 39 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index beda163..b28898d 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -33,16 +33,16 @@ dependencies: - name: memcached repository: https://charts.bitnami.com/bitnami version: 5.9.0 - condition: gitea.cache.builtIn.enabled + condition: memcached.enabled - name: mysql repository: https://charts.bitnami.com/bitnami version: 6.14.10 - condition: gitea.database.builtIn.mysql.enabled + condition: mysql.enabled - name: postgresql repository: https://charts.bitnami.com/bitnami version: 10.3.17 - condition: gitea.database.builtIn.postgresql.enabled + condition: postgresql.enabled - name: mariadb repository: https://charts.bitnami.com/bitnami version: 9.3.6 - condition: gitea.database.builtIn.mariadb.enabled + condition: mariadb.enabled diff --git a/README.md b/README.md index c544e37..a7f7bcf 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,28 @@ helm install gitea gitea-charts/gitea :warning: The most recent `5.0.0` update brings some major and breaking changes. Please note the following changes in the Chart to upgrade successfully. :warning: +### Enable Dependencies + +:warning: The values to enable the dependencies, +such as PostgreSQL, Memcached, MySQL and MariaDB +have been moved from `gitea.database.builtIn.` to the dependency values. :warning: + +You can now enable the dependencies as followed: + +```yaml +memcached: + enabled: true + +postgresql: + enabled: true + +mysql: + enabled: false + +mariadb: + enabled: false +``` + ### App.ini generation The app.ini generation has changed and now utilizes the environment-to-ini @@ -324,11 +346,6 @@ An external Database can be used instead of builtIn PostgreSQL or MySQL. ```yaml gitea: - database: - builtIn: - postgresql: - enabled: false - config: database: DB_TYPE: mysql @@ -337,6 +354,9 @@ gitea: USER: root PASSWD: gitea SCHEMA: gitea + +postgresql: + enabled: false ``` ### Ports and external url @@ -409,10 +429,8 @@ More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). This helm chart can use a built in cache. The default is Memcached from bitnami. ```yaml -gitea: - cache: - builtIn: - enabled: true +memcached: + enabled: true ``` If the built in cache should not be used simply configure the cache in @@ -781,9 +799,10 @@ enabled in the values. Complete Configuration can be taken from their website. The following parameters are the defaults set by this chart -| Parameter | Description | Default | -| ------------------------ | -------------- | ------- | -| `memcached.service.port` | Memcached Port | 11211 | +| Parameter | Description | Default | +| ------------------------ | --------------------------- | ------- | +| `memcached.service.port` | Memcached Port | 11211 | +| `memcached.enabled` | Enable Memcached dependency | `true` | ### MySQL BuiltIn @@ -800,6 +819,7 @@ The following parameters are the defaults set by this chart | `mysql.db.name` | Name for new database to create. | `gitea` | | `mysql.service.port` | Port to connect to MySQL service | `3306` | | `mysql.persistence.size` | Persistence size for MySQL | `10Gi` | +| `mysql.enabled` | Enable MySQL dependency | `false` | ### PostgreSQL BuiltIn @@ -817,6 +837,7 @@ The following parameters are the defaults set by this chart | `postgresql.global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides postgresqlPassword) | `gitea` | | `postgresql.global.postgresql.servicePort` | PostgreSQL port (overrides service.port) | `5432` | | `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | +| `postgresql.enabled` | Enable PostgreSQL dependency | `true` | ### MariaDB BuiltIn @@ -834,6 +855,7 @@ The following parameters are the defaults set by this chart | `mariadb.auth.rootPassword` | Password for the root user. | `gitea` | | `mariadb.primary.service.port` | Port to connect to MariaDB service | `3306` | | `mariadb.primary.persistence.size` | Persistence size for MariaDB | `10Gi` | +| `mariadb.enabled` | Enable MariaDB dependency | `false` | ## Local development & testing diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index fcb3874..e7d98ea 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -64,11 +64,11 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "db.servicename" -}} -{{- if .Values.gitea.database.builtIn.postgresql.enabled -}} +{{- if .Values.postgresql.enabled -}} {{- printf "%s-postgresql" .Release.Name -}} -{{- else if .Values.gitea.database.builtIn.mysql.enabled -}} +{{- else if .Values.mysql.enabled -}} {{- printf "%s-mysql" .Release.Name -}} -{{- else if .Values.gitea.database.builtIn.mariadb.enabled -}} +{{- else if .Values.mariadb.enabled -}} {{- printf "%s-mariadb" .Release.Name -}} {{- else if ne .Values.gitea.config.database.DB_TYPE "sqlite3" -}} {{- $parts := split ":" .Values.gitea.config.database.HOST -}} @@ -77,11 +77,11 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "db.port" -}} -{{- if .Values.gitea.database.builtIn.postgresql.enabled -}} +{{- if .Values.postgresql.enabled -}} {{ .Values.postgresql.global.postgresql.servicePort }} -{{- else if .Values.gitea.database.builtIn.mysql.enabled -}} +{{- else if .Values.mysql.enabled -}} {{ .Values.mysql.service.port }} -{{- else if .Values.gitea.database.builtIn.mariadb.enabled -}} +{{- else if .Values.mariadb.enabled -}} {{ .Values.mariadb.primary.service.port }} {{- else -}} {{- end -}} @@ -222,7 +222,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} - {{- if .Values.gitea.cache.builtIn.enabled -}} + {{- if .Values.memcached.enabled -}} {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}} {{- if not (.Values.gitea.config.cache.HOST) -}} @@ -283,7 +283,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.inline_configuration.defaults.database" -}} - {{- if .Values.gitea.database.builtIn.postgresql.enabled -}} + {{- if .Values.postgresql.enabled -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} @@ -291,7 +291,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}} {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}} {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}} - {{- else if .Values.gitea.database.builtIn.mysql.enabled -}} + {{- else if .Values.mysql.enabled -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}} @@ -299,7 +299,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}} {{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}} {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}} - {{- else if .Values.gitea.database.builtIn.mariadb.enabled -}} + {{- else if .Values.mariadb.enabled -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}} diff --git a/values.yaml b/values.yaml index 610a765..11cc183 100644 --- a/values.yaml +++ b/values.yaml @@ -213,19 +213,6 @@ gitea: podAnnotations: {} - database: - builtIn: - postgresql: - enabled: true - mysql: - enabled: false - mariadb: - enabled: false - - cache: - builtIn: - enabled: true - # Modify the liveness probe for your needs or completely disable it by commenting out. livenessProbe: tcpSocket: @@ -257,10 +244,12 @@ gitea: # failureThreshold: 10 memcached: + enabled: true service: port: 11211 postgresql: + enabled: true global: postgresql: postgresqlDatabase: gitea @@ -271,6 +260,7 @@ postgresql: size: 10Gi mysql: + enabled: false root: password: gitea db: @@ -283,6 +273,7 @@ mysql: size: 10Gi mariadb: + enabled: false auth: database: gitea username: gitea -- 2.40.1 From c27140c4cb39a5ffadfe693da7bcc7d9529bf6f2 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 23 Dec 2021 00:25:32 +0800 Subject: [PATCH 088/390] Add deprecation fail-safe for Chart templating (#269) With release 5.0.0 there are so many deprecations and breaking changes that it is probably a good way to assist the users with values migration before breaking their environments. This adds another template file that doesn't render anything but ensures the removal of dropped or deprecated settings from customized values files. For when it is necessary, this check can be disabled via new setting `checkDeprecation`. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/269 Reviewed-by: luhahn Reviewed-by: wxiaoguang Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .drone.yml | 8 ++++++++ templates/gitea/deprecation.yaml | 34 ++++++++++++++++++++++++++++++++ values.yaml | 4 ++++ 3 files changed, 46 insertions(+) create mode 100644 templates/gitea/deprecation.yaml diff --git a/.drone.yml b/.drone.yml index 55272c7..d1f2138 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,6 +15,14 @@ steps: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm lint +- name: helm template + pull: always + image: alpine:3.13 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - helm dependency update + - helm template --debug gitea-helm . + - name: markdown lint pull: always image: docker.io/volkerraschek/markdownlint:latest diff --git a/templates/gitea/deprecation.yaml b/templates/gitea/deprecation.yaml new file mode 100644 index 0000000..057c5bd --- /dev/null +++ b/templates/gitea/deprecation.yaml @@ -0,0 +1,34 @@ +{{- if .Values.checkDeprecation -}} + {{/* CUSTOM PROBES */}} + {{- if .Values.gitea.customLivenessProbe -}} + {{- fail "`gitea.customLivenessProbe` does no longer exist. Please refer to the changelog and configure `gitea.livenessProbe` instead." -}} + {{- end -}} + {{- if .Values.gitea.customReadinessProbe -}} + {{- fail "`gitea.customReadinessProbe` does no longer exist. Please refer to the changelog and configure `gitea.readinessProbe` instead." -}} + {{- end -}} + {{- if .Values.gitea.customStartupProbe -}} + {{- fail "`gitea.customStartupProbe` does no longer exist. Please refer to the changelog and configure `gitea.startupProbe` instead." -}} + {{- end -}} + + {{/* LDAP SOURCES */}} + {{- if kindIs "map" .Values.gitea.ldap -}} + {{- fail "You can configure multiple LDAP sources. Please refer to the changelog and switch `gitea.ldap` from object to array notation." -}} + {{- end -}} + + {{/* OAUTH SOURCES */}} + {{- if kindIs "map" .Values.gitea.oauth -}} + {{- fail "You can configure multiple OAuth sources. Please refer to the changelog and switch `gitea.oauth` from object to array notation." -}} + {{- end -}} + + {{/* BUILTIN */}} + {{- if .Values.gitea.cache -}} + {{- if .Values.gitea.cache.builtIn -}} + {{- fail "`gitea.cache.builtIn` does no longer exist. Please use `memcached` at root level instead." -}} + {{- end -}} + {{- end -}} + {{- if .Values.gitea.database -}} + {{- if .Values.gitea.database.builtIn -}} + {{- fail "`gitea.database.builtIn` does no longer exist. Builtin databases can be configured inside the dependencies itself. Please refer to the changelog." -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/values.yaml b/values.yaml index 11cc183..18a8f20 100644 --- a/values.yaml +++ b/values.yaml @@ -284,3 +284,7 @@ mariadb: port: 3306 persistence: size: 10Gi + +# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. +# Set it to false to skip this basic validation check. +checkDeprecation: true -- 2.40.1 From 5bb91510df2d88d48370146209c0d7e5ef3df921 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 23 Dec 2021 03:56:36 +0800 Subject: [PATCH 089/390] Bump Gitea version to 1.15.8 (#270) As title. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/270 Reviewed-by: techknowlogick Reviewed-by: Gusted Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index b28898d..4001603 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.15.4 +appVersion: 1.15.8 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index a7f7bcf..b364f6b 100644 --- a/README.md +++ b/README.md @@ -682,7 +682,7 @@ gitea: | Parameter | Description | Default | | ------------------ | ----------------------------------------------------------------------------------------- | ------------- | | `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` | +| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.15.8` | | `image.pullPolicy` | Image pull policy | `Always` | | `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | diff --git a/values.yaml b/values.yaml index 18a8f20..ff137da 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.15.4 + tag: 1.15.8 pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From d550b5a2c4a4cabd157783a9e89d4f7426d10b9d Mon Sep 17 00:00:00 2001 From: nmasse-itix Date: Thu, 23 Dec 2021 18:50:56 +0800 Subject: [PATCH 090/390] Improve support for gitea instances not running as root or uid 1000 (#266) ## Context PR #259 introduced support for running Gitea as a uid different than 1000 (git) or 0 (root). ## Problem In init_directory_structure.sh, there is a "chown 1000:1000" on /tmp/gitea. This chown only works when running as root or when the target directory is already owned by uid 1000. As a result, the init container "init-directories" fails on startup when running Gitea with a uid different from 0 or 1000. Initially, I worked around it by implementing an "initPreScript". But it would make user's life easier if we can make it work out-of-the-box. ## Resolution I'm taking model on the chown a few lines above that depends on the value of image.rootless. Since the chown only works on default (root) image and is useless on rootless image, there is no need to run it on rootless image. Co-authored-by: Nicolas MASSE Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/266 Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: nmasse-itix Co-committed-by: nmasse-itix --- templates/gitea/init.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 8137d67..5854c7a 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -30,7 +30,9 @@ stringData: # prepare temp directory structure mkdir -p "${GITEA_TEMP}" + {{- if not .Values.image.rootless }} chown 1000:1000 "${GITEA_TEMP}" + {{- end }} chmod ug+rwx "${GITEA_TEMP}" configure_gitea.sh: |- -- 2.40.1 From 7fc444c08e72f6baf8666102b9b0015af964361b Mon Sep 17 00:00:00 2001 From: luhahn Date: Thu, 23 Dec 2021 21:43:21 +0800 Subject: [PATCH 091/390] Update README with multiple LDAP Sources (#271) We did not mention the multiple LDAP Sources as a breaking change. Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/271 Reviewed-by: justusbunsi Reviewed-by: Andrew Thornton --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b364f6b..cf2230b 100644 --- a/README.md +++ b/README.md @@ -109,12 +109,13 @@ gitea: podAnnotations: {} ``` -### Multiple OAuth authentication sources +### Multiple OAuth and LDAP authentication sources With `5.0.0` of this Chart it is now possible to configure Gitea with multiple -OAuth sources. As a result, you need to update an existing OAuth configuration +OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration in your customized `values.yaml` by replacing the object with settings to a list -of settings objects. See [OAuth2 Settings](#oauth-settings) section for details. +of settings objects. See [OAuth2 Settings](#oauth-settings) and +[LDAP Settings](#ldap-settings) section for details. ## Chart upgrade from 3.x.x to 4.0.0 -- 2.40.1 From c010c3857e9fa15d2a565692b99ad96224195cd2 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 20 Jan 2022 16:22:36 +0800 Subject: [PATCH 092/390] update to gitea 1.15.10 (#278) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/278 Reviewed-by: Lunny Xiao Reviewed-by: luhahn Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 4001603..c4f4705 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.15.8 +appVersion: 1.15.10 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index cf2230b..fb11139 100644 --- a/README.md +++ b/README.md @@ -683,7 +683,7 @@ gitea: | Parameter | Description | Default | | ------------------ | ----------------------------------------------------------------------------------------- | ------------- | | `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.15.8` | +| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.15.10` | | `image.pullPolicy` | Image pull policy | `Always` | | `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | diff --git a/values.yaml b/values.yaml index ff137da..81adcf3 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.15.8 + tag: 1.15.10 pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From f2948646bafb5a4422b8b44a55caa0ed30730355 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 10 Feb 2022 23:44:41 +0800 Subject: [PATCH 093/390] Fix markdown lint in CI (#295) I saw a few PRs including this. Maybe it's good to have this as fast as possible to prevent others providing this fix, too. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/295 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fb11139..7c7d7bd 100644 --- a/README.md +++ b/README.md @@ -239,7 +239,7 @@ service and ingress settings. All defaults can be overwritten in `gitea.config`. INSTALL_LOCK is always set to true, since we want to configure Gitea with this helm chart and everything is taken care of. -*All default settings are made directly in the generated app.ini, not in the Values.* +_All default settings are made directly in the generated app.ini, not in the Values._ #### Database defaults -- 2.40.1 From 7bdf742e818185d2ccde7850e8fd182d86b5cd0f Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 14 Feb 2022 16:00:47 +0800 Subject: [PATCH 094/390] Add example for Kubernetes secret as additional source (#294) As discussed in #286, an example for using Kubernetes secrets as additional configuration source was missing. This adds it. Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/294 Reviewed-by: techknowlogick Reviewed-by: luhahn Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 7c7d7bd..303679b 100644 --- a/README.md +++ b/README.md @@ -341,6 +341,21 @@ data: ENABLED=true ``` +Or when using a Kubernetes secret, having the same data structure: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-security-related-configuration +type: Opaque +stringData: + security: | + PASSWORD_COMPLEXITY=off + session: | + SAME_SITE=strict +``` + ### External Database An external Database can be used instead of builtIn PostgreSQL or MySQL. -- 2.40.1 From 6896c7caaeb236312dd4976dc0e12f148e842158 Mon Sep 17 00:00:00 2001 From: a-zen Date: Fri, 25 Feb 2022 17:18:57 +0800 Subject: [PATCH 095/390] added hostPort support for ssh (#276) This fixes my feature request (#275) to support hostPort to expose the ssh port. Co-authored-by: alex Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/276 Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: a-zen Co-committed-by: a-zen --- README.md | 1 + templates/gitea/statefulset.yaml | 3 +++ values.yaml | 1 + 3 files changed, 5 insertions(+) diff --git a/README.md b/README.md index 303679b..a6be3c2 100644 --- a/README.md +++ b/README.md @@ -752,6 +752,7 @@ gitea: | `service.ssh.port` | Port for ssh traffic | `22` | | `service.ssh.loadBalancerIP` | LoadBalancer Ip setting | | | `service.ssh.nodePort` | NodePort for ssh service | | +| `service.ssh.hostPort` | HostPort for ssh service | | | `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | | `service.ssh.externalIPs` | ssh service external IP addresses | | | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index b0385b4..d96ad34 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -228,6 +228,9 @@ spec: ports: - name: ssh containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} + {{- if .Values.service.ssh.hostPort }} + hostPort: {{ .Values.service.ssh.hostPort }} + {{- end }} - name: http containerPort: {{ .Values.gitea.config.server.HTTP_PORT }} {{- if .Values.gitea.config.server.ENABLE_PPROF }} diff --git a/values.yaml b/values.yaml index 81adcf3..a4487d6 100644 --- a/values.yaml +++ b/values.yaml @@ -60,6 +60,7 @@ service: #nodePort: #externalTrafficPolicy: #externalIPs: + #hostPort: loadBalancerSourceRanges: [] annotations: -- 2.40.1 From 1a3ce54dfcb95ae9429999455deb0689b89e8858 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sat, 26 Feb 2022 06:01:16 +0800 Subject: [PATCH 096/390] update to 1.16.2 (#293) replaces #290 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/293 --- .drone.yml | 9 ++++----- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.drone.yml b/.drone.yml index d1f2138..7af0bcf 100644 --- a/.drone.yml +++ b/.drone.yml @@ -10,14 +10,14 @@ platform: steps: - name: helm lint pull: always - image: alpine:3.13 + image: alpine:3.15 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm lint - name: helm template pull: always - image: alpine:3.13 + image: alpine:3.15 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm dependency update @@ -58,7 +58,7 @@ trigger: steps: - name: generate-chart pull: always - image: alpine:3.13 + image: alpine:3.15 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - apk add --no-cache curl @@ -74,8 +74,7 @@ steps: image: plugins/s3:latest settings: bucket: gitea-artifacts - endpoint: https://storage.gitea.io - path_style: true + endpoint: https://ams3.digitaloceanspaces.com access_key: from_secret: aws_access_key_id secret_key: diff --git a/Chart.yaml b/Chart.yaml index c4f4705..1215e01 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.15.10 +appVersion: 1.16.2 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index a6be3c2..560c008 100644 --- a/README.md +++ b/README.md @@ -698,7 +698,7 @@ gitea: | Parameter | Description | Default | | ------------------ | ----------------------------------------------------------------------------------------- | ------------- | | `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.15.10` | +| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.16.2` | | `image.pullPolicy` | Image pull policy | `Always` | | `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | diff --git a/values.yaml b/values.yaml index a4487d6..55dc82a 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,7 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.15.10 + tag: 1.16.2 pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From 78b585800996929dec0c82529eb55360d4e93648 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 1 Mar 2022 22:55:44 +0800 Subject: [PATCH 097/390] Simplify version handling (#250) - Drop super legacy `image.version` value (see #92 description) - Always use `appVersion` from Chart.yaml as image tag if non specified --- Don't know whether this is a breaking change regarding image.version drop. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/250 Reviewed-by: techknowlogick Reviewed-by: luhahn Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 12 ++++++------ templates/_helpers.tpl | 8 +++----- values.yaml | 3 ++- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 560c008..40510c9 100644 --- a/README.md +++ b/README.md @@ -695,12 +695,12 @@ gitea: ### Image -| Parameter | Description | Default | -| ------------------ | ----------------------------------------------------------------------------------------- | ------------- | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.16.2` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| Parameter | Description | Default | +| ------------------ | ----------------------------------------------------------------------------------------- | ---------------------------------- | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | see [Chart.AppVersion](Chart.yaml) | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | ### Persistence diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index e7d98ea..40471ee 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -36,7 +36,7 @@ Create image name and tag used by the deployment. */}} {{- define "gitea.image" -}} {{- $name := .Values.image.repository -}} -{{- $tag := ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion -}} {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} {{- printf "%s:%s%s" $name $tag $rootless -}} {{- end -}} @@ -48,10 +48,8 @@ Common labels helm.sh/chart: {{ include "gitea.chart" . }} app: {{ include "gitea.name" . }} {{ include "gitea.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -version: {{ .Chart.AppVersion | quote }} -{{- end }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} diff --git a/values.yaml b/values.yaml index 55dc82a..702e4d5 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,8 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.16.2 + # Overrides the image tag whose default is the chart appVersion. + tag: "" pullPolicy: Always rootless: false # only possible when running 1.14 or later -- 2.40.1 From d35de55248062b217e6f42958e872b60821eeb79 Mon Sep 17 00:00:00 2001 From: luhahn Date: Wed, 2 Mar 2022 08:25:49 +0800 Subject: [PATCH 098/390] Remove db connection check (#299) This will remove the db connection check, which has caused some trouble in the past. It will now simply run _gitea migrate_ and output a message, if the database is not available. Co-authored-by: Lucas Hahn Co-authored-by: Lunny Xiao Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/299 Reviewed-by: justusbunsi Reviewed-by: Lunny Xiao Co-authored-by: luhahn Co-committed-by: luhahn --- templates/_helpers.tpl | 24 ------------------------ templates/gitea/init.yaml | 30 +++++++----------------------- 2 files changed, 7 insertions(+), 47 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 40471ee..2d12b81 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -61,30 +61,6 @@ app.kubernetes.io/name: {{ include "gitea.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} -{{- define "db.servicename" -}} -{{- if .Values.postgresql.enabled -}} -{{- printf "%s-postgresql" .Release.Name -}} -{{- else if .Values.mysql.enabled -}} -{{- printf "%s-mysql" .Release.Name -}} -{{- else if .Values.mariadb.enabled -}} -{{- printf "%s-mariadb" .Release.Name -}} -{{- else if ne .Values.gitea.config.database.DB_TYPE "sqlite3" -}} -{{- $parts := split ":" .Values.gitea.config.database.HOST -}} -{{- printf "%s %s" $parts._0 $parts._1 -}} -{{- end -}} -{{- end -}} - -{{- define "db.port" -}} -{{- if .Values.postgresql.enabled -}} -{{ .Values.postgresql.global.postgresql.servicePort }} -{{- else if .Values.mysql.enabled -}} -{{ .Values.mysql.service.port }} -{{- else if .Values.mariadb.enabled -}} -{{ .Values.mariadb.primary.service.port }} -{{- else -}} -{{- end -}} -{{- end -}} - {{- define "postgresql.dns" -}} {{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}} {{- end -}} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 5854c7a..00af29b 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -40,31 +40,15 @@ stringData: set -euo pipefail - {{- if include "db.servicename" . }} - # Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de - function test_db_connection() { - local RETRY=0 - local MAX=30 - - echo 'Wait for database to become avialable...' - until [ "${RETRY}" -ge "${MAX}" ]; do - nc -vz -w2 {{ include "db.servicename" . }} {{ include "db.port" . }} && break - RETRY=$[${RETRY}+1] - echo "...not ready yet (${RETRY}/${MAX})" - done - - if [ "${RETRY}" -ge "${MAX}" ]; then - echo "Database not reachable after '${MAX}' attempts!" - exit 1 - fi - } - - test_db_connection - {{- end }} - echo '==== BEGIN GITEA CONFIGURATION ====' - gitea migrate + { # try + gitea migrate + } || { # catch + echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds" + exit 1 + } + {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} function configure_admin_user() { -- 2.40.1 From 95309671630d7d3bcba97f389da8bd6a8847c8f7 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 4 Mar 2022 16:32:18 +0800 Subject: [PATCH 099/390] 1.16.3 (#300) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/300 Reviewed-by: Lunny Xiao Reviewed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 1215e01..905fdcf 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.16.2 +appVersion: 1.16.3 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 62b82459de0b3287ae0108c81b844c1f9b0d4114 Mon Sep 17 00:00:00 2001 From: luhahn Date: Wed, 9 Mar 2022 14:47:55 +0800 Subject: [PATCH 100/390] Consider environment variables during app.ini creation (#298) This PR improves the handling and injection into _app.ini_ of user defined environment variables via env-to-ini script. Fixes #297 Co-authored-by: Lucas Hahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/298 Reviewed-by: justusbunsi Reviewed-by: 6543 <6543@obermui.de> --- README.md | 34 +++++++++++++++++++++++++++ templates/gitea/config.yaml | 40 ++++++++++++++++++++++++++++++++ templates/gitea/statefulset.yaml | 3 +++ values.yaml | 2 ++ 4 files changed, 79 insertions(+) diff --git a/README.md b/README.md index 40510c9..9ed15c3 100644 --- a/README.md +++ b/README.md @@ -356,6 +356,40 @@ stringData: SAME_SITE=strict ``` +#### User defined environment variables in app.ini + +Users are able to define their own environment variables, +which are loaded into the containers. We also support to +directly interact with the generated _app.ini_. + +To inject self defined variables into the _app.ini_ a +certain format needs to be honored. This is +described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) +page. + +Note that the Prefix on this helm chart is `ENV_TO_INI`. + +For example a database setting needs to have the following +format: + +```yaml +gitea: + additionalConfigFromEnvs: + - name: ENV_TO_INI__DATABASE__HOST + value: my.own.host + - name: ENV_TO_INI__DATABASE__PASSWD + valueFrom: + secretKeyRef: + name: postgres-secret + key: password +``` + +Priority (highest to lowest) for defining app.ini variables: + +1. Environment variables prefixed with `ENV_TO_INI` +2. Additional config sources +3. Values defined in `gitea.config` + ### External Database An external Database can be used instead of builtIn PostgreSQL or MySQL. diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 78bceab..8416ee6 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -63,6 +63,41 @@ stringData: export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase } + function env2ini::reload_preset_envs() { + env2ini::log "Reloading preset envs..." + + while read -r line; do + if [[ -z "${line}" ]]; then + # skip empty line + return + fi + + # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line + local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" + + if [[ -z "${setting}" ]]; then + env2ini::log ' ! invalid setting' + exit 1 + fi + + local value='' + local regex="^${setting}(\s*)=(\s*)(.*)" + if [[ $line =~ $regex ]]; then + value="${BASH_REMATCH[3]}" + else + env2ini::log ' ! invalid setting' + exit 1 + fi + + env2ini::log " + '${setting}'" + + export "${setting^^}=${value}" # '^^' makes the variable content uppercase + done < "/tmp/existing-envs" + + rm /tmp/existing-envs + } + + function env2ini::process_config_file() { local config_file="${1}" local section="$(basename "${config_file}")" @@ -104,12 +139,17 @@ stringData: env2ini::log "...Initial secrets generated\n" } + env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs + # MUST BE CALLED BEFORE OTHER CONFIGURATION env2ini::generate_initial_secrets env2ini::load_config_sources '/env-to-ini-mounts/inlines/' env2ini::load_config_sources '/env-to-ini-mounts/additionals/' + # load existing envs to override auto generated envs + env2ini::reload_preset_envs + env2ini::log "=== All configuration sources loaded ===\n" # safety to prevent rewrite of secret keys if an app.ini already exists diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index d96ad34..ff6c9e1 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -87,6 +87,9 @@ spec: {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} + {{- if .Values.gitea.additionalConfigFromEnvs }} + {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }} + {{- end }} volumeMounts: - name: config mountPath: /usr/sbin diff --git a/values.yaml b/values.yaml index 702e4d5..8bf8799 100644 --- a/values.yaml +++ b/values.yaml @@ -213,6 +213,8 @@ gitea: # - configMap: # name: gitea-app-ini-plaintext + additionalConfigFromEnvs: [] + podAnnotations: {} # Modify the liveness probe for your needs or completely disable it by commenting out. -- 2.40.1 From 982ae60d8e85e0061d3b0d826cde5a7fe8aa9532 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 15 Mar 2022 06:16:48 +0800 Subject: [PATCH 101/390] 1.16.4 Signed-off-by: techknowlogick --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 905fdcf..d6908f1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.16.3 +appVersion: 1.16.4 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 844c8daa0bd547558cffd61ee1e5143e511abb4e Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 24 Mar 2022 10:59:17 +0800 Subject: [PATCH 102/390] 1.16.5 Signed-off-by: techknowlogick --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index d6908f1..72a9c51 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.16.4 +appVersion: 1.16.5 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From d94226765d6e1f197a3112e1b1abbcd73a8bea33 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sat, 26 Mar 2022 02:28:39 +0800 Subject: [PATCH 103/390] close #302 Signed-off-by: techknowlogick --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9ed15c3..d44881f 100644 --- a/README.md +++ b/README.md @@ -445,7 +445,7 @@ service: ### SSH and Ingress -If you're using ingress and won't to use SSH, keep in mind, that ingress is not +If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports. You will need a LoadBalancer like `metallb` and a setting in your ssh service annotations. -- 2.40.1 From 46b190addadb7870868d93f9a32654e17a52eac9 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 21 Apr 2022 09:03:01 +0800 Subject: [PATCH 104/390] 1.16.6 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 72a9c51..4d27732 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.16.5 +appVersion: 1.16.6 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From a7bc46015ebc2e42e59ebb06c7a270d8d892ac21 Mon Sep 17 00:00:00 2001 From: takirala Date: Thu, 21 Apr 2022 23:55:53 +0800 Subject: [PATCH 105/390] feat: configurable annotations for gitea StatefulSet (#315) Fixes #314 Right now, the gitea StatefulSet does not allow any annotations to be configured via the helmchart - see https://gitea.com/gitea/helm-chart/src/tag/v5.0.4/templates/gitea/statefulset.yaml#L4-L6 My use case: I am trying to use Reloader (https://github.com/stakater/Reloader) so that I can configure my values.yaml such that i can set some annotations on the StatefulSet and thus Reloader can rollout a restart of gitea StatefulSet whenever a watched secret or configmap is updated. Co-authored-by: Tarun Gupta Akirala Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/315 Reviewed-by: techknowlogick Reviewed-by: justusbunsi Co-authored-by: takirala Co-committed-by: takirala --- README.md | 1 + templates/gitea/statefulset.yaml | 4 ++++ values.yaml | 1 + 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index d44881f..9ce59f3 100644 --- a/README.md +++ b/README.md @@ -718,6 +718,7 @@ gitea: | Parameter | Description | Default | | ------------------------------------------- | -------------------------------------------------------------------- | ------- | +| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | | `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | | `statefulset.env` | Additional environment variables to pass to containers | `[]` | | `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `{}` | diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index ff6c9e1..8ae7bd6 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -2,6 +2,10 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "gitea.fullname" . }} + annotations: + {{- if .Values.statefulset.annotations }} + {{- toYaml .Values.statefulset.annotations | nindent 4 }} + {{- end }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: diff --git a/values.yaml b/values.yaml index 8bf8799..f2fd36f 100644 --- a/values.yaml +++ b/values.yaml @@ -113,6 +113,7 @@ statefulset: # value: my-value terminationGracePeriodSeconds: 60 labels: {} + annotations: {} persistence: enabled: true -- 2.40.1 From b06b3edf1dcb2174870cbe297ff7ed6dc04a02f5 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 22 Apr 2022 06:13:19 +0800 Subject: [PATCH 106/390] Consider imagePullPolicy for init containers (#317) The default behaviour for container image pulls depend on different values such as image tag usage and its value. See https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting It leads to an unintended behaviour for this Helm Chart. Kubernetes will always pull the image for init containers when using the `latest` Gitea image tag, even if `Values.image.pullPolicy` defines a different value for the runtime container. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/317 Reviewed-by: techknowlogick Reviewed-by: Gusted Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/gitea/statefulset.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 8ae7bd6..7dbe417 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -48,6 +48,7 @@ spec: initContainers: - name: init-directories image: "{{ include "gitea.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["/usr/sbin/init_directory_structure.sh"] env: - name: GITEA_APP_INI @@ -78,6 +79,7 @@ spec: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - name: init-app-ini image: "{{ include "gitea.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["/usr/sbin/config_environment.sh"] env: - name: GITEA_APP_INI @@ -118,6 +120,7 @@ spec: - name: configure-gitea image: "{{ include "gitea.image" . }}" command: ["/usr/sbin/configure_gitea.sh"] + imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} {{- $csc := deepCopy .Values.containerSecurityContext -}} -- 2.40.1 From 52ed32ae749bce53b20387642ec2b6f6e7857ef6 Mon Sep 17 00:00:00 2001 From: svenihoney Date: Mon, 25 Apr 2022 19:56:25 +0800 Subject: [PATCH 107/390] Allow configuration of ipFamilyPolicy and ipFamilies (#313) To enable access to e.g. the SSH port by IPv6, the selection of ipFamilyPolicy and ipFamilies service attributes is necessary. Enable the possibility to configure these by helm values. Co-authored-by: Sven Fischer Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/313 Reviewed-by: justusbunsi Reviewed-by: luhahn Co-authored-by: svenihoney Co-committed-by: svenihoney --- README.md | 8 ++++++++ templates/gitea/http-svc.yaml | 7 +++++++ templates/gitea/ssh-svc.yaml | 7 +++++++ values.yaml | 4 ++++ 4 files changed, 26 insertions(+) diff --git a/README.md b/README.md index 9ce59f3..fc1d207 100644 --- a/README.md +++ b/README.md @@ -776,9 +776,13 @@ gitea: | `service.http.nodePort` | NodePort for http service | | | `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | | `service.http.externalIPs` | http service external IP addresses | | +| `service.http.ipFamilyPolicy` | http service dual-stack policy | | +| `service.http.ipFamilies` | http service dual-stack familiy selection | | | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.annotations` | http service annotations | | +For dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + #### SSH | Parameter | Description | Default | @@ -790,9 +794,13 @@ gitea: | `service.ssh.hostPort` | HostPort for ssh service | | | `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | | `service.ssh.externalIPs` | ssh service external IP addresses | | +| `service.ssh.ipFamilyPolicy` | ssh service dual-stack policy | | +| `service.ssh.ipFamilies` | ssh service dual-stack familiy selection | | | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.annotations` | ssh service annotations | | +For dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ### Gitea Configuration | Parameter | Description | Default | diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index ed3aa8a..659724c 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -21,6 +21,13 @@ spec: externalIPs: {{- toYaml .Values.service.http.externalIPs | nindent 4 }} {{- end }} + {{- if .Values.service.http.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.http.ipFamilyPolicy }} + {{- end }} + {{- with .Values.service.http.ipFamilies }} + ipFamilies: + {{- toYaml . | nindent 4 }} + {{- end -}} {{- if .Values.service.http.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.service.http.externalTrafficPolicy }} {{- end }} diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index e81cada..620f624 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -26,6 +26,13 @@ spec: externalIPs: {{- toYaml .Values.service.ssh.externalIPs | nindent 4 }} {{- end }} + {{- if .Values.service.ssh.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.ssh.ipFamilyPolicy }} + {{- end }} + {{- with .Values.service.ssh.ipFamilies }} + ipFamilies: + {{- toYaml . | nindent 4 }} + {{- end -}} {{- if .Values.service.ssh.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.service.ssh.externalTrafficPolicy }} {{- end }} diff --git a/values.yaml b/values.yaml index f2fd36f..b6e6fbc 100644 --- a/values.yaml +++ b/values.yaml @@ -51,6 +51,8 @@ service: #nodePort: #externalTrafficPolicy: #externalIPs: + #ipFamilyPolicy: + #ipFamilies: loadBalancerSourceRanges: [] annotations: ssh: @@ -61,6 +63,8 @@ service: #nodePort: #externalTrafficPolicy: #externalIPs: + #ipFamilyPolicy: + #ipFamilies: #hostPort: loadBalancerSourceRanges: [] annotations: -- 2.40.1 From 80032dfc5c34950edea384e0227f7ab7c994f4ef Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 2 May 2022 13:36:55 +0800 Subject: [PATCH 108/390] 1.16.7 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 4d27732..f24978b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.16.6 +appVersion: 1.16.7 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From a466206d9e6682832d108d58d0683da3291715f2 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 17 May 2022 09:01:34 +0800 Subject: [PATCH 109/390] 1.16.8 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index f24978b..f184cb3 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.16.7 +appVersion: 1.16.8 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From e59fbc4008ec2ea95598fd126d671925d34c7b52 Mon Sep 17 00:00:00 2001 From: takirala Date: Fri, 3 Jun 2022 13:50:12 +0800 Subject: [PATCH 110/390] feat: switch to github raw url for bitnami charts (#324) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/324 Reviewed-by: techknowlogick Reviewed-by: justusbunsi Co-authored-by: takirala Co-committed-by: takirala --- Chart.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index f184cb3..d26b4ad 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -29,20 +29,21 @@ maintainers: - name: Steven Kriegler email: sk.bunsenbrenner@gmail.com +# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: - name: memcached - repository: https://charts.bitnami.com/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami version: 5.9.0 condition: memcached.enabled - name: mysql - repository: https://charts.bitnami.com/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami version: 6.14.10 condition: mysql.enabled - name: postgresql - repository: https://charts.bitnami.com/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami version: 10.3.17 condition: postgresql.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami version: 9.3.6 condition: mariadb.enabled -- 2.40.1 From 9cb822f41c7a7f45f88ec6ed136682494944cc37 Mon Sep 17 00:00:00 2001 From: cnfatal Date: Thu, 9 Jun 2022 18:55:08 +0800 Subject: [PATCH 111/390] add global values support (#322) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/322 Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: cnfatal Co-committed-by: cnfatal --- templates/_helpers.tpl | 32 +++++++++++++++++++++++++++++++- templates/gitea/statefulset.yaml | 9 ++------- values.yaml | 8 ++++++++ 3 files changed, 41 insertions(+), 8 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 2d12b81..608cfcc 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -35,10 +35,40 @@ Create chart name and version as used by the chart label. Create image name and tag used by the deployment. */}} {{- define "gitea.image" -}} +{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $name := .Values.image.repository -}} {{- $tag := .Values.image.tag | default .Chart.AppVersion -}} {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} -{{- printf "%s:%s%s" $name $tag $rootless -}} +{{- if $registry -}} + {{- printf "%s/%s:%s%s" $registry $name $tag $rootless -}} +{{- else -}} + {{- printf "%s:%s%s" $name $tag $rootless -}} +{{- end -}} +{{- end -}} + +{{/* +Docker Image Registry Secret Names evaluating values as templates +*/}} +{{- define "gitea.images.pullSecrets" -}} +{{- $pullSecrets := .Values.imagePullSecrets -}} +{{- range .Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (dict "name" .) -}} +{{- end -}} +{{- if (not (empty $pullSecrets)) }} +imagePullSecrets: +{{ toYaml $pullSecrets }} +{{- end }} +{{- end -}} + + +{{/* +Storage Class +*/}} +{{- define "gitea.persistence.storageClass" -}} +{{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }} +{{- if $storageClass }} +storageClassName: {{ $storageClass | quote }} +{{- end }} {{- end -}} {{/* diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 7dbe417..9618d84 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -39,10 +39,7 @@ spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "gitea.images.pullSecrets" . | nindent 6 }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: @@ -342,9 +339,7 @@ spec: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} - {{- if .Values.persistence.storageClass }} - storageClassName: {{ .Values.persistence.storageClass | quote }} - {{- end }} + {{- include "gitea.persistence.storageClass" . | indent 8 }} resources: requests: storage: {{ .Values.persistence.size | quote }} diff --git a/values.yaml b/values.yaml index b6e6fbc..5c86cd4 100644 --- a/values.yaml +++ b/values.yaml @@ -1,6 +1,14 @@ # Default values for gitea. # This is a YAML-formatted file. # Declare variables to be passed into your templates. +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" replicaCount: 1 -- 2.40.1 From b3b91e20447dcfb302bc465320b2a16d4720a793 Mon Sep 17 00:00:00 2001 From: cnfatal Date: Thu, 9 Jun 2022 19:21:25 +0800 Subject: [PATCH 112/390] generate readme Parameters from values.yaml (#323) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/323 Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: cnfatal Co-committed-by: cnfatal --- Makefile | 15 ++ README.md | 324 ++++++++++++++++--------------- templates/gitea/statefulset.yaml | 12 +- values.yaml | 222 ++++++++++++++++++--- 4 files changed, 378 insertions(+), 195 deletions(-) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f644df7 --- /dev/null +++ b/Makefile @@ -0,0 +1,15 @@ +readme: helm-doc + readme-generator -v values.yaml -r README.md + markdownlint *.md -f + +.PHONY: helm-doc +helm-doc: +ifeq (, $(shell which readme-generator)) + @{ \ + set -e ;\ + echo 'installing readme-generator-for-helm' ;\ + npm install -g readme-generator-for-helm ;\ + } +else + echo 'readme-generator-for-helm is already installed' +endif \ No newline at end of file diff --git a/README.md b/README.md index fc1d207..7060ed9 100644 --- a/README.md +++ b/README.md @@ -712,210 +712,220 @@ gitea: podAnnotations: {} ``` -## Configuration +## Parameters -### Others +### Global -| Parameter | Description | Default | -| ------------------------------------------- | -------------------------------------------------------------------- | ------- | -| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | -| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | -| `statefulset.env` | Additional environment variables to pass to containers | `[]` | -| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `{}` | -| `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `{}` | -| `initPreScript` | Bash script copied verbatim to start of init container | | -| `podSecurityContext.fsGroup` | Set the shared file system group for all containers | 1000 | -| `containerSecurityContext` | Run init and Gitea containers as a specific securityContext | `{}` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork" | | +| Name | Description | Value | +| ------------------------- | ------------------------------------------------------------------------- | --------------- | +| `global.imageRegistry` | global image registry override | `""` | +| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | +| `global.storageClass` | global storage class override | `""` | +| `replicaCount` | number of replicas for the statefulset | `1` | +| `clusterDomain` | cluster domain | `cluster.local` | ### Image -| Parameter | Description | Default | -| ------------------ | ----------------------------------------------------------------------------------------- | ---------------------------------- | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | see [Chart.AppVersion](Chart.yaml) | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| Name | Description | Value | +| ------------------ | ------------------------------------------------------------------------------------------ | ------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `""` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | -### Persistence +### Security -| Parameter | Description | Default | -| --------------------------- | ---------------------------------------------------------- | ------- | -| `persistence.enabled` | Enable persistence for Gitea | `true` | -| `persistence.existingClaim` | Use an existing claim to store repository information | | -| `persistence.size` | Size for persistence to store repo information | `10Gi` | -| `persistence.accessModes` | AccessMode for persistence | | -| `persistence.storageClass` | Storage class for repository persistence | | -| `persistence.subPath` | Subdirectory of the volume to mount at | | -| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | -| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | - -### Ingress - -| Parameter | Description | Default | -| ------------------------------------ | ---------------------------------------------------------------------------- | -------------------------------------------------- | -| `ingress.enabled` | enable ingress | `false` | -| `ingress.annotations` | add ingress annotations | | -| `ingress.hosts[0].host` | add hosts for ingress | `git.example.com` | -| `ingress.hosts[0].paths[0].path` | add path for each ingress host | `/` | -| `ingress.hosts[0].paths[0].pathType` | add ingress path type | `Prefix` | -| `ingress.tls` | add ingress tls settings | `[]` | -| `ingress.className` | add ingress class name. Only used in k8s 1.19+ | | -| `ingress.apiVersion` | specify APIVersion of ingress object. Mostly would only be used for argocd. | version indicated by helm's `Capabilities` object. | +| Name | Description | Value | +| ---------------------------- | --------------------------------------------------------------- | ------ | +| `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` | +| `containerSecurityContext` | Security context | `{}` | +| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` | ### Service -#### Web +| Name | Description | Value | +| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | +| `service.http.port` | Port number for web traffic | `3000` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | +| `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | +| `service.http.nodePort` | NodePort for http service | `nil` | +| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | +| `service.http.externalIPs` | External IPs for service | `nil` | +| `service.http.ipFamilyPolicy` | HTTP service dual-stack policy | `nil` | +| `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | +| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | +| `service.http.annotations` | HTTP service annotations | `{}` | +| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | +| `service.ssh.port` | Port number for ssh traffic | `22` | +| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for statefulset is None | `None` | +| `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | +| `service.ssh.nodePort` | NodePort for ssh service | `nil` | +| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | +| `service.ssh.externalIPs` | External IPs for service | `nil` | +| `service.ssh.ipFamilyPolicy` | SSH service dual-stack policy | `nil` | +| `service.ssh.ipFamilies` | SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | +| `service.ssh.hostPort` | HostPort for ssh service | `nil` | +| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | +| `service.ssh.annotations` | SSH service annotations | `{}` | -| Parameter | Description | Default | -| --------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ----------- | -| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | -| `service.http.port` | Port for web traffic | `3000` | -| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | -| `service.http.loadBalancerIP` | LoadBalancer Ip setting | | -| `service.http.nodePort` | NodePort for http service | | -| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -| `service.http.externalIPs` | http service external IP addresses | | -| `service.http.ipFamilyPolicy` | http service dual-stack policy | | -| `service.http.ipFamilies` | http service dual-stack familiy selection | | -| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | -| `service.http.annotations` | http service annotations | | +### Ingress -For dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.className` | Ingress class name | `nil` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | +| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | +| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | +| `ingress.tls` | Ingress tls settings | `[]` | +| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | -#### SSH +### StatefulSet -| Parameter | Description | Default | -| -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ----------- | -| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | -| `service.ssh.port` | Port for ssh traffic | `22` | -| `service.ssh.loadBalancerIP` | LoadBalancer Ip setting | | -| `service.ssh.nodePort` | NodePort for ssh service | | -| `service.ssh.hostPort` | HostPort for ssh service | | -| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | | -| `service.ssh.externalIPs` | ssh service external IP addresses | | -| `service.ssh.ipFamilyPolicy` | ssh service dual-stack policy | | -| `service.ssh.ipFamilies` | ssh service dual-stack familiy selection | | -| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | -| `service.ssh.annotations` | ssh service annotations | | +| Name | Description | Value | +| ------------------------------------------- | ------------------------------------------------------ | ----- | +| `resources` | Kubernetes resources | `{}` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` | +| `nodeSelector` | NodeSelector for the statefulset | `{}` | +| `tolerations` | Tolerations for the statefulset | `[]` | +| `affinity` | Affinity for the statefulset | `{}` | +| `statefulset.env` | Additional environment variables to pass to containers | `[]` | +| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | +| `statefulset.labels` | Labels for the statefulset | `{}` | +| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | -For dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). +### Persistence -### Gitea Configuration +| Name | Description | Value | +| --------------------------- | ---------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `nil` | +| `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `nil` | -| Parameter | Description | Default | -| -------------- | ---------------------------------------------------------------------------------------------------- | ------- | -| `gitea.config` | Everything in `app.ini` can be configured with this dict. See [Examples](#examples) for more details | `{}` | +### Init -### Gitea Probes +| Name | Description | Value | +| --------------- | --------------------------------------------------------------------- | ----- | +| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` | -Configure Liveness, Readiness and Startup -[Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). +### Signing -#### Liveness probe +| Name | Description | Value | +| ----------------- | ---------------------------- | ------------------ | +| `signing.enabled` | Enable commit/action signing | `false` | +| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -- Default status: Enabled -- Default action: tcp socket connect +### Gitea -| Parameter | Description | Default | -| ------------------------------------------ | -------------------------------------------------------------------- | ------- | -| `gitea.livenessProbe.initialDelaySeconds` | Delay before probe start | `200` | -| `gitea.livenessProbe.timeoutSeconds` | probe timeout | `1` | -| `gitea.livenessProbe.periodSeconds` | period between probes | `10` | -| `gitea.livenessProbe.successThreshold` | Minimum consecutive success probes | `1` | -| `gitea.livenessProbe.failureThreshold` | Minimum consecutive error probes | `10` | +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config` | Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) | `{}` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | -#### Readiness probe +### LivenessProbe -- Default status: Enabled -- Default action: tcp socket connect +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------ | ------ | +| `gitea.livenessProbe.enabled` | Enable liveness probe | `true` | +| `gitea.livenessProbe.tcpSocket.port` | Port to probe for liveness | `http` | +| `gitea.livenessProbe.initialDelaySeconds` | Initial delay before liveness probe is initiated | `200` | +| `gitea.livenessProbe.timeoutSeconds` | Timeout for liveness probe | `1` | +| `gitea.livenessProbe.periodSeconds` | Period for liveness probe | `10` | +| `gitea.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | +| `gitea.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `10` | -| Parameter | Description | Default | -| ------------------------------------------ | -------------------------------------------------------------------- | ------- | -| `gitea.readinessProbe.initialDelaySeconds` | Delay before probe start | `5` | -| `gitea.readinessProbe.timeoutSeconds` | probe timeout | `1` | -| `gitea.readinessProbe.periodSeconds` | period between probes | `10` | -| `gitea.readinessProbe.successThreshold` | Minimum consecutive success probes | `1` | -| `gitea.readinessProbe.failureThreshold` | Minimum consecutive error probes | `3` | +### ReadinessProbe -#### Startup probe +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------- | ------ | +| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | +| `gitea.readinessProbe.tcpSocket.port` | Port to probe for readiness | `http` | +| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | +| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | +| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | +| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | -- Default status: Disabled -- Default action: tcp socket connect +### StartupProbe -| Parameter | Description | Default | -| ------------------------------------------ | -------------------------------------------------------------------- | ------- | -| `gitea.startupProbe.initialDelaySeconds` | Delay before probe start | `60` | -| `gitea.startupProbe.timeoutSeconds` | probe timeout | `1` | -| `gitea.startupProbe.periodSeconds` | period between probes | `10` | -| `gitea.startupProbe.successThreshold` | Minimum consecutive success probes | `1` | -| `gitea.startupProbe.failureThreshold` | Minimum consecutive error probes | `10` | +| Name | Description | Value | +| ---------------------------------------- | ----------------------------------------------- | ------- | +| `gitea.startupProbe.enabled` | Enable startup probe | `false` | +| `gitea.startupProbe.tcpSocket.port` | Port to probe for startup | `http` | +| `gitea.startupProbe.initialDelaySeconds` | Initial delay before startup probe is initiated | `60` | +| `gitea.startupProbe.timeoutSeconds` | Timeout for startup probe | `1` | +| `gitea.startupProbe.periodSeconds` | Period for startup probe | `10` | +| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` | +| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` | -### Memcached BuiltIn +### Memcached -Memcached is loaded as a dependency from -[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if -enabled in the values. Complete Configuration can be taken from their website. +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | +| `memcached.service.port` | Port for Memcached | `11211` | -The following parameters are the defaults set by this chart +### PostgreSQL -| Parameter | Description | Default | -| ------------------------ | --------------------------- | ------- | -| `memcached.service.port` | Memcached Port | 11211 | -| `memcached.enabled` | Enable Memcached dependency | `true` | - -### MySQL BuiltIn - -MySQL is loaded as a dependency from stable. Configuration can be found on this -[website](https://github.com/helm/charts/tree/master/stable/mysql). - -The following parameters are the defaults set by this chart - -| Parameter | Description | Default | -| ------------------------ | ------------------------------------------------------------------ | ------- | -| `mysql.root.password` | Password for the root user. Ignored if existing secret is provided | `gitea` | -| `mysql.db.user` | Username of new user to create. | `gitea` | -| `mysql.db.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | -| `mysql.db.name` | Name for new database to create. | `gitea` | -| `mysql.service.port` | Port to connect to MySQL service | `3306` | -| `mysql.persistence.size` | Persistence size for MySQL | `10Gi` | -| `mysql.enabled` | Enable MySQL dependency | `false` | - -### PostgreSQL BuiltIn - -PostgreSQL is loaded as a dependency from Bitnami. The chart configuration can -be found in this -[Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) -repository. - -The following parameters are the defaults set by this chart - -| Parameter | Description | Default | +| Name | Description | Value | | ------------------------------------------------- | -------------------------------------------------------- | ------- | +| `postgresql.enabled` | Enable PostgreSQL | `true` | | `postgresql.global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides postgresqlDatabase) | `gitea` | | `postgresql.global.postgresql.postgresqlUsername` | PostgreSQL username (overrides postgresqlUsername) | `gitea` | | `postgresql.global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides postgresqlPassword) | `gitea` | | `postgresql.global.postgresql.servicePort` | PostgreSQL port (overrides service.port) | `5432` | | `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | -| `postgresql.enabled` | Enable PostgreSQL dependency | `true` | -### MariaDB BuiltIn +### MySQL -MariaDB is loaded as a dependency from bitnami. Configuration can be found in -this [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) -repository. +| Name | Description | Value | +| ------------------------ | ------------------------------------------------------------------ | ------- | +| `mysql.enabled` | Enable MySQL | `false` | +| `mysql.root.password` | Password for the root user. Ignored if existing secret is provided | `gitea` | +| `mysql.db.user` | Username of new user to create. | `gitea` | +| `mysql.db.password` | Password for the new user.Ignored if existing secret is provided | `gitea` | +| `mysql.db.name` | Name for new database to create. | `gitea` | +| `mysql.service.port` | Port to connect to MySQL service | `3306` | +| `mysql.persistence.size` | PVC Storage Request for MySQL volume | `10Gi` | -The following parameters are the defaults set by this chart +### MariaDB -| Parameter | Description | Default | +| Name | Description | Value | | ---------------------------------- | ----------------------------------------------------------------- | ------- | -| `mariadb.auth.username` | Username of new user to create. | `gitea` | +| `mariadb.enabled` | Enable MariaDB | `false` | +| `mariadb.auth.database` | Name of the database to create. | `gitea` | +| `mariadb.auth.username` | Username of the new user to create. | `gitea` | | `mariadb.auth.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | -| `mariadb.auth.database` | Name for new database to create. | `gitea` | | `mariadb.auth.rootPassword` | Password for the root user. | `gitea` | | `mariadb.primary.service.port` | Port to connect to MariaDB service | `3306` | | `mariadb.primary.persistence.size` | Persistence size for MariaDB | `10Gi` | -| `mariadb.enabled` | Enable MariaDB dependency | `false` | + +### Advanced + +| Name | Description | Value | +| ------------------ | ---------------------------------------------------- | ------ | +| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | ## Local development & testing diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 9618d84..742abd8 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -244,17 +244,17 @@ spec: - name: profiler containerPort: 6060 {{- end }} - {{- if .Values.gitea.livenessProbe }} + {{- if .Values.gitea.livenessProbe.enabled }} livenessProbe: - {{- toYaml .Values.gitea.livenessProbe | nindent 12 }} + {{- toYaml (omit .Values.gitea.livenessProbe "enabled") | nindent 12 }} {{- end }} - {{- if .Values.gitea.readinessProbe }} + {{- if .Values.gitea.readinessProbe.enabled }} readinessProbe: - {{- toYaml .Values.gitea.readinessProbe | nindent 12 }} + {{- toYaml (omit .Values.gitea.readinessProbe "enabled") | nindent 12 }} {{- end }} - {{- if .Values.gitea.startupProbe }} + {{- if .Values.gitea.startupProbe.enabled }} startupProbe: - {{- toYaml .Values.gitea.startupProbe | nindent 12 }} + {{- toYaml (omit .Values.gitea.startupProbe "enabled") | nindent 12 }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/values.yaml b/values.yaml index 5c86cd4..b01e424 100644 --- a/values.yaml +++ b/values.yaml @@ -1,6 +1,11 @@ # Default values for gitea. # This is a YAML-formatted file. # Declare variables to be passed into your templates. +## @section Global +# +## @param global.imageRegistry global image registry override +## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` +## @param global.storageClass global storage class override global: imageRegistry: "" ## E.g. @@ -10,23 +15,36 @@ global: imagePullSecrets: [] storageClass: "" +## @param replicaCount number of replicas for the statefulset replicaCount: 1 +## @param clusterDomain cluster domain clusterDomain: cluster.local +## @section Image +## @param image.registry image registry, e.g. gcr.io,docker.io +## @param image.repository Image to start for this pod +## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) +## @param image.pullPolicy Image pull policy +## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher image: + registry: "" repository: gitea/gitea # Overrides the image tag whose default is the chart appVersion. tag: "" pullPolicy: Always rootless: false # only possible when running 1.14 or later +## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] +## @section Security # Security context is only usable with rootless image due to image design +## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. podSecurityContext: fsGroup: 1000 +## @param containerSecurityContext Security context containerSecurityContext: {} # allowPrivilegeEscalation: false # capabilities: @@ -45,41 +63,77 @@ containerSecurityContext: {} # runAsNonRoot: true # runAsUser: 1000 -# DEPRECATED. The securityContext variable has been split two: -# - containerSecurityContext -# - podSecurityContext. +## @depracated The securityContext variable has been split two: +## - containerSecurityContext +## - podSecurityContext. +## @param securityContext Run init and Gitea containers as a specific securityContext securityContext: {} +## @section Service service: + ## @param service.http.type Kubernetes service type for web traffic + ## @param service.http.port Port number for web traffic + ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None + ## @param service.http.loadBalancerIP LoadBalancer IP setting + ## @param service.http.nodePort NodePort for http service + ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.http.externalIPs External IPs for service + ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy + ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer + ## @param service.http.annotations HTTP service annotations http: type: ClusterIP port: 3000 clusterIP: None - #loadBalancerIP: - #nodePort: - #externalTrafficPolicy: - #externalIPs: - #ipFamilyPolicy: - #ipFamilies: + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: loadBalancerSourceRanges: [] - annotations: + annotations: {} + ## @param service.ssh.type Kubernetes service type for ssh traffic + ## @param service.ssh.port Port number for ssh traffic + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None + ## @param service.ssh.loadBalancerIP LoadBalancer IP setting + ## @param service.ssh.nodePort NodePort for ssh service + ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.ssh.externalIPs External IPs for service + ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy + ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.ssh.hostPort HostPort for ssh service + ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer + ## @param service.ssh.annotations SSH service annotations ssh: type: ClusterIP port: 22 clusterIP: None - #loadBalancerIP: - #nodePort: - #externalTrafficPolicy: - #externalIPs: - #ipFamilyPolicy: - #ipFamilies: - #hostPort: + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + hostPort: loadBalancerSourceRanges: [] - annotations: + annotations: {} + +## @section Ingress +## @param ingress.enabled Enable ingress +## @param ingress.className Ingress class name +## @param ingress.annotations Ingress annotations +## @param ingress.hosts[0].host Default Ingress host +## @param ingress.hosts[0].paths[0].path Default Ingress path +## @param ingress.hosts[0].paths[0].pathType Ingress path type +## @param ingress.tls Ingress tls settings +## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. ingress: enabled: false # className: nginx + className: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" @@ -96,6 +150,9 @@ ingress: # If helm doesn't correctly detect your ingress API version you can set it here. # apiVersion: networking.k8s.io/v1 +## @section StatefulSet +# +## @param resources Kubernetes resources resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -111,14 +168,22 @@ resources: {} ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## -# schedulerName: +## @param schedulerName Use an alternate scheduler, e.g. "stork" +schedulerName: "" +## @param nodeSelector NodeSelector for the statefulset nodeSelector: {} +## @param tolerations Tolerations for the statefulset tolerations: [] +## @param affinity Affinity for the statefulset affinity: {} +## @param statefulset.env Additional environment variables to pass to containers +## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod +## @param statefulset.labels Labels for the statefulset +## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created statefulset: env: [] # - name: VARIABLE @@ -127,18 +192,28 @@ statefulset: labels: {} annotations: {} +## @section Persistence +# +## @param persistence.enabled Enable persistent storage +## @param persistence.existingClaim Use an existing claim to store repository information +## @param persistence.size Size for persistence to store repo information +## @param persistence.accessModes AccessMode for persistence +## @param persistence.labels Labels for the persistence volume claim to be created +## @param persistence.annotations Annotations for the persistence volume claim to be created +## @param persistence.storageClass Name of the storage class to use +## @param persistence.subPath Subdirectory of the volume to mount at persistence: enabled: true - # existingClaim: + existingClaim: size: 10Gi accessModes: - ReadWriteOnce labels: {} annotations: {} - # storageClass: - # subPath: + storageClass: + subPath: -# additional volumes to add to the Gitea statefulset. +## @param extraVolumes Additional volumes to mount to the Gitea statefulset extraVolumes: # - name: postgres-ssl-vol # secret: @@ -148,12 +223,14 @@ extraVolumes: # additional volumes to mount, both to the init container and to the main # container. As an example, can be used to mount a client cert when connecting # to an external Postgres server. +## @param extraVolumeMounts Additional volume mounts for the Gitea containers extraVolumeMounts: # - name: postgres-ssl-vol # readOnly: true # mountPath: "/pg-ssl" -# bash shell script copied verbatim to the start of the init-container. +## @section Init +## @param initPreScript Bash shell script copied verbatim to the start of the init-container. initPreScript: "" # # initPreScript: | @@ -163,17 +240,30 @@ initPreScript: "" # chmod 400 /data/git/.postgresql/postgresql.key # Configure commit/action signing prerequisites +## @section Signing +# +## @param signing.enabled Enable commit/action signing +## @param signing.gpgHome GPG home directory signing: enabled: false gpgHome: /data/git/.gnupg +## @section Gitea +# gitea: + ## @param gitea.admin.username Username for the Gitea admin user + ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials + ## @param gitea.admin.password Password for the Gitea admin user + ## @param gitea.admin.email Email for the Gitea admin user admin: #existingSecret: gitea-admin-secret + existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: "gitea@local.domain" + ## @param gitea.metrics.enabled Enable Gitea metrics + ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor metrics: enabled: false serviceMonitor: @@ -181,6 +271,7 @@ gitea: # additionalLabels: # prometheus-release: prom1 + ## @param gitea.ldap LDAP configuration ldap: [] # - name: "LDAP 1" # existingSecret: @@ -197,6 +288,7 @@ gitea: # publicSSHKeyAttribute: # Either specify inline `key` and `secret` or refer to them via `existingSecret` + ## @param gitea.oauth OAuth configuration oauth: [] # - name: 'OAuth 1' # provider: @@ -210,6 +302,7 @@ gitea: # customProfileUrl: # customEmailUrl: + ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) config: {} # APP_NAME: "Gitea: Git with a cup of tea" # RUN_MODE: dev @@ -220,18 +313,31 @@ gitea: # security: # PASSWORD_COMPLEXITY: spec + ## @param gitea.additionalConfigSources Additional configuration from secret or configmap additionalConfigSources: [] # - secret: # secretName: gitea-app-ini-oauth # - configMap: # name: gitea-app-ini-plaintext + ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables additionalConfigFromEnvs: [] + ## @param gitea.podAnnotations Annotations for the Gitea pod podAnnotations: {} + ## @section LivenessProbe + # + ## @param gitea.livenessProbe.enabled Enable liveness probe + ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness + ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated + ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe + ## @param gitea.livenessProbe.periodSeconds Period for liveness probe + ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe + ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe # Modify the liveness probe for your needs or completely disable it by commenting out. livenessProbe: + enabled: true tcpSocket: port: http initialDelaySeconds: 200 @@ -240,8 +346,18 @@ gitea: successThreshold: 1 failureThreshold: 10 + ## @section ReadinessProbe + # + ## @param gitea.readinessProbe.enabled Enable readiness probe + ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness + ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated + ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe + ## @param gitea.readinessProbe.periodSeconds Period for readiness probe + ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe + ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe # Modify the readiness probe for your needs or completely disable it by commenting out. readinessProbe: + enabled: true tcpSocket: port: http initialDelaySeconds: 5 @@ -251,20 +367,42 @@ gitea: failureThreshold: 3 # # Uncomment the startup probe to enable and modify it for your needs. - # startupProbe: - # tcpSocket: - # port: http - # initialDelaySeconds: 60 - # timeoutSeconds: 1 - # periodSeconds: 10 - # successThreshold: 1 - # failureThreshold: 10 + ## @section StartupProbe + # + ## @param gitea.startupProbe.enabled Enable startup probe + ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup + ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated + ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe + ## @param gitea.startupProbe.periodSeconds Period for startup probe + ## @param gitea.startupProbe.successThreshold Success threshold for startup probe + ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe + startupProbe: + enabled: false + tcpSocket: + port: http + initialDelaySeconds: 60 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 +## @section Memcached +# +## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. +## @param memcached.service.port Port for memcached memcached: enabled: true service: port: 11211 +## @section PostgreSQL +# +## @param postgresql.enabled Enable PostgreSQL +## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase) +## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername) +## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword) +## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port) +## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume postgresql: enabled: true global: @@ -276,6 +414,15 @@ postgresql: persistence: size: 10Gi +## @section MySQL +# +## @param mysql.enabled Enable MySQL +## @param mysql.root.password Password for the root user. Ignored if existing secret is provided +## @param mysql.db.user Username of new user to create. +## @param mysql.db.password Password for the new user.Ignored if existing secret is provided +## @param mysql.db.name Name for new database to create. +## @param mysql.service.port Port to connect to MySQL service +## @param mysql.persistence.size PVC Storage Request for MySQL volume mysql: enabled: false root: @@ -289,6 +436,15 @@ mysql: persistence: size: 10Gi +## @section MariaDB +# +## @param mariadb.enabled Enable MariaDB +## @param mariadb.auth.database Name of the database to create. +## @param mariadb.auth.username Username of the new user to create. +## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided +## @param mariadb.auth.rootPassword Password for the root user. +## @param mariadb.primary.service.port Port to connect to MariaDB service +## @param mariadb.primary.persistence.size Persistence size for MariaDB mariadb: enabled: false auth: @@ -304,4 +460,6 @@ mariadb: # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # Set it to false to skip this basic validation check. +## @section Advanced +## @param checkDeprecation Set it to false to skip this basic validation check. checkDeprecation: true -- 2.40.1 From 2cc3195eaadabc987f077a5351b3c8a36cedd3ef Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 13 Jun 2022 03:35:24 +0800 Subject: [PATCH 113/390] Improve contribution part of this repository (#328) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/328 Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .drone.yml | 14 +- .gitea/PULL_REQUEST_TEMPLATE.md | 41 ++ .gitignore | 3 +- .helmignore | 7 +- .markdownlintignore | 3 + .npmrc | 1 + CONTRIBUTING.md | 52 +++ Makefile | 21 +- README.md | 17 +- package-lock.json | 721 ++++++++++++++++++++++++++++++++ package.json | 19 + values.yaml | 2 +- 12 files changed, 863 insertions(+), 38 deletions(-) create mode 100644 .gitea/PULL_REQUEST_TEMPLATE.md create mode 100644 .markdownlintignore create mode 100644 .npmrc create mode 100644 CONTRIBUTING.md create mode 100644 package-lock.json create mode 100644 package.json diff --git a/.drone.yml b/.drone.yml index 7af0bcf..b7632ae 100644 --- a/.drone.yml +++ b/.drone.yml @@ -10,24 +10,26 @@ platform: steps: - name: helm lint pull: always - image: alpine:3.15 + image: alpine:3.16 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm lint - name: helm template pull: always - image: alpine:3.15 + image: alpine:3.16 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm dependency update - helm template --debug gitea-helm . -- name: markdown lint +- name: verify readme pull: always - image: docker.io/volkerraschek/markdownlint:latest + image: alpine:3.16 commands: - - markdownlint *.md + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git + - make readme + - git diff --exit-code --name-only README.md - name: discord pull: always @@ -58,7 +60,7 @@ trigger: steps: - name: generate-chart pull: always - image: alpine:3.15 + image: alpine:3.16 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - apk add --no-cache curl diff --git a/.gitea/PULL_REQUEST_TEMPLATE.md b/.gitea/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..1121296 --- /dev/null +++ b/.gitea/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,41 @@ + + +### Description of the change + + + +### Benefits + + + +### Possible drawbacks + + + +### Applicable issues + + + - fixes # + +### Additional information + + + +### ⚠ BREAKING + + + +### Checklist + + + +- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) +- [ ] Breaking changes are documented in the `README.md` diff --git a/.gitignore b/.gitignore index 18c1386..6200d0a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ -charts +charts/ +node_modules/ Chart.lock .DS_Store diff --git a/.helmignore b/.helmignore index 7449b68..a8cc816 100644 --- a/.helmignore +++ b/.helmignore @@ -20,5 +20,8 @@ .idea/ *.tmproj .vscode/ -#charts/ -#Chart.lock +node_modules/ +.npmrc +package.json +package-lock.json +.gitea/ diff --git a/.markdownlintignore b/.markdownlintignore new file mode 100644 index 0000000..5922fa5 --- /dev/null +++ b/.markdownlintignore @@ -0,0 +1,3 @@ +.gitea/ +node_modules/ +charts/ diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..b6f27f1 --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +engine-strict=true diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..d06973c --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,52 @@ +# Contribution Guidelines + +Any type of contribution is welcome; from new features, bug fixes, tests, +refactorings for easier maintainability or documentation improvements. + +## Development environment + +- [`node`](https://nodejs.org/en/) at least current LTS +- [`helm`](https://helm.sh/docs/intro/install/) +- `make` is optional; you may call the commands directly + +When using Visual Studio Code as IDE, following plugins might be useful: + +- [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) +- [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint) +- [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense) + +## Documentation Requirements + +The `README.md` must include all configuration options. The parameters section +is generated by extracting the parameter annotations from the `values.yaml` file, +by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). + +If changes were made on configuration options, run `make readme` to update the +README file. + +## Pull Request Requirements + +When submitting or updating a PR: + +- make sure it passes CI builds. +- do not make independent changes in one PR. +- try to avoid rebases. They make code reviews for large PRs and comments much harder. +- if applicable, use the PR template for a well-defined PR description. +- clearly mark breaking changes. + +## Local development & testing + +For local development and testing of pull requests, the following workflow can +be used: + +1. Install `minikube` and `helm`. +2. Start a `minikube` cluster via `minikube start`. +3. From the `gitea/helm-chart` directory execute the following command. This + will install the dependencies listed in `Chart.yml` and deploy the current + state of the helm chart found locally. If you want to test a branch, make + sure to switch to the respective branch first. + `helm install --dependency-update gitea . -f values.yaml`. +4. Gitea is now deployed in `minikube`. To access it, it's port needs to be + forwarded first from `minikube` to localhost first via `kubectl --namespace + default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at + [http://localhost:3000](http://localhost:3000). diff --git a/Makefile b/Makefile index f644df7..720a657 100644 --- a/Makefile +++ b/Makefile @@ -1,15 +1,8 @@ -readme: helm-doc - readme-generator -v values.yaml -r README.md - markdownlint *.md -f +.PHONY: prepare-environment +prepare-environment: + npm install -.PHONY: helm-doc -helm-doc: -ifeq (, $(shell which readme-generator)) - @{ \ - set -e ;\ - echo 'installing readme-generator-for-helm' ;\ - npm install -g readme-generator-for-helm ;\ - } -else - echo 'readme-generator-for-helm is already installed' -endif \ No newline at end of file +.PHONY: readme +readme: prepare-environment + npm run readme:parameters + npm run readme:lint diff --git a/README.md b/README.md index 7060ed9..a43cde1 100644 --- a/README.md +++ b/README.md @@ -927,19 +927,8 @@ gitea: | ------------------ | ---------------------------------------------------- | ------ | | `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | -## Local development & testing +## Contributing -For local development and testing of pull requests, the following workflow can -be used: +Expected workflow is: Fork -> Patch -> Push -> Pull Request -1. Install `minikube` and `helm`. -2. Start a `minikube` cluster via `minikube start`. -3. From the `gitea/helm-chart` directory execute the following command. This - will install the dependencies listed in `Chart.yml` and deploy the current - state of the helm chart found locally. If you want to test a branch, make - sure to switch to the respective branch first. - `helm install --dependency-update gitea . -f values.yaml`. -4. Gitea is now deployed in `minikube`. To access it, it's port needs to be - forwarded first from `minikube` to localhost first via `kubectl --namespace - default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at - [http://localhost:3000](http://localhost:3000). +See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..5f0c69c --- /dev/null +++ b/package-lock.json @@ -0,0 +1,721 @@ +{ + "name": "gitea-helm-chart", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "name": "gitea-helm-chart", + "license": "MIT", + "devDependencies": { + "markdownlint-cli": "^0.31.1", + "readme-generator-for-helm": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/main" + }, + "engines": { + "node": ">=16.0.0", + "npm": ">=8.0.0" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "dev": true, + "engines": { + "node": ">= 10" + } + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true + }, + "node_modules/deep-extend": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", + "dev": true, + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/dot-object": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/dot-object/-/dot-object-2.1.4.tgz", + "integrity": "sha512-7FXnyyCLFawNYJ+NhkqyP9Wd2yzuo+7n9pGiYpkmXCTYa8Ci2U0eUNDVg5OuO5Pm6aFXI2SWN8/N/w7SJWu1WA==", + "dev": true, + "dependencies": { + "commander": "^4.0.0", + "glob": "^7.1.5" + }, + "bin": { + "dot-object": "bin/dot-object" + } + }, + "node_modules/dot-object/node_modules/commander": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", + "dev": true, + "engines": { + "node": ">= 6" + } + }, + "node_modules/entities": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", + "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==", + "dev": true, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "dev": true + }, + "node_modules/get-stdin": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/ignore": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", + "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", + "dev": true, + "engines": { + "node": ">= 4" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "dev": true, + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "node_modules/ini": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", + "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsonc-parser": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.0.0.tgz", + "integrity": "sha512-fQzRfAbIBnR0IQvftw9FJveWiHp72Fg20giDrHz6TdfB12UH/uue0D3hm57UB5KgAVuniLMCaS8P1IMj9NR7cA==", + "dev": true + }, + "node_modules/linkify-it": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", + "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", + "dev": true, + "dependencies": { + "uc.micro": "^1.0.1" + } + }, + "node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true + }, + "node_modules/markdown-it": { + "version": "12.3.2", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", + "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", + "dev": true, + "dependencies": { + "argparse": "^2.0.1", + "entities": "~2.1.0", + "linkify-it": "^3.0.1", + "mdurl": "^1.0.1", + "uc.micro": "^1.0.5" + }, + "bin": { + "markdown-it": "bin/markdown-it.js" + } + }, + "node_modules/markdown-table": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz", + "integrity": "sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==", + "dev": true, + "dependencies": { + "repeat-string": "^1.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/markdownlint": { + "version": "0.25.1", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.25.1.tgz", + "integrity": "sha512-AG7UkLzNa1fxiOv5B+owPsPhtM4D6DoODhsJgiaNg1xowXovrYgOnLqAgOOFQpWOlHFVQUzjMY5ypNNTeov92g==", + "dev": true, + "dependencies": { + "markdown-it": "12.3.2" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/markdownlint-cli": { + "version": "0.31.1", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.31.1.tgz", + "integrity": "sha512-keIOMwQn+Ch7MoBwA+TdkyVMuxAeZFEGmIIlvwgV0Z1TGS5MxPnRr29XCLhkNzCHU+uNKGjU+VEjLX+Z9kli6g==", + "dev": true, + "dependencies": { + "commander": "~9.0.0", + "get-stdin": "~9.0.0", + "glob": "~7.2.0", + "ignore": "~5.2.0", + "js-yaml": "^4.1.0", + "jsonc-parser": "~3.0.0", + "markdownlint": "~0.25.1", + "markdownlint-rule-helpers": "~0.16.0", + "minimatch": "~3.0.5", + "run-con": "~1.2.10" + }, + "bin": { + "markdownlint": "markdownlint.js" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/markdownlint-cli/node_modules/commander": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", + "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", + "dev": true, + "engines": { + "node": "^12.20.0 || >=14" + } + }, + "node_modules/markdownlint-cli/node_modules/minimatch": { + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", + "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", + "dev": true, + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/markdownlint-rule-helpers": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.16.0.tgz", + "integrity": "sha512-oEacRUVeTJ5D5hW1UYd2qExYI0oELdYK72k1TKGvIeYJIbqQWAz476NAc7LNixSySUhcNl++d02DvX0ccDk9/w==", + "dev": true + }, + "node_modules/mdurl": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", + "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==", + "dev": true + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/minimist": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", + "dev": true + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dev": true, + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/readme-generator-for-helm": { + "version": "2.4.0", + "resolved": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/main", + "integrity": "sha512-W5ziOuId0M00YQRDlA5le3oEguWe8hoINhivOAgEF+AZkk2bDoNxuFUaJIxqAUEvZRA8qlTfUlu+w90EOFbTLw==", + "dev": true, + "license": "ISC", + "dependencies": { + "commander": "^7.1.0", + "dot-object": "^2.1.4", + "lodash": "^4.17.21", + "markdown-table": "^2.0.0", + "yaml": "^2.0.0-3" + }, + "bin": { + "readme-generator": "bin/index.js" + } + }, + "node_modules/repeat-string": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", + "integrity": "sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==", + "dev": true, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/run-con": { + "version": "1.2.10", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.10.tgz", + "integrity": "sha512-n7PZpYmMM26ZO21dd8y3Yw1TRtGABjRtgPSgFS/nhzfvbJMXFtJhJVyEgayMiP+w/23craJjsnfDvx4W4ue/HQ==", + "dev": true, + "dependencies": { + "deep-extend": "^0.6.0", + "ini": "~2.0.0", + "minimist": "^1.2.5", + "strip-json-comments": "~3.1.1" + }, + "bin": { + "run-con": "cli.js" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/uc.micro": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", + "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", + "dev": true + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true + }, + "node_modules/yaml": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.1.tgz", + "integrity": "sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw==", + "dev": true, + "engines": { + "node": ">= 14" + } + } + }, + "dependencies": { + "argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, + "balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true + }, + "deep-extend": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", + "dev": true + }, + "dot-object": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/dot-object/-/dot-object-2.1.4.tgz", + "integrity": "sha512-7FXnyyCLFawNYJ+NhkqyP9Wd2yzuo+7n9pGiYpkmXCTYa8Ci2U0eUNDVg5OuO5Pm6aFXI2SWN8/N/w7SJWu1WA==", + "dev": true, + "requires": { + "commander": "^4.0.0", + "glob": "^7.1.5" + }, + "dependencies": { + "commander": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", + "dev": true + } + } + }, + "entities": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", + "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==", + "dev": true + }, + "fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "dev": true + }, + "get-stdin": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", + "dev": true + }, + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + }, + "ignore": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", + "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", + "dev": true + }, + "inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "dev": true, + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "ini": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", + "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "dev": true + }, + "js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "requires": { + "argparse": "^2.0.1" + } + }, + "jsonc-parser": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.0.0.tgz", + "integrity": "sha512-fQzRfAbIBnR0IQvftw9FJveWiHp72Fg20giDrHz6TdfB12UH/uue0D3hm57UB5KgAVuniLMCaS8P1IMj9NR7cA==", + "dev": true + }, + "linkify-it": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", + "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", + "dev": true, + "requires": { + "uc.micro": "^1.0.1" + } + }, + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true + }, + "markdown-it": { + "version": "12.3.2", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", + "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", + "dev": true, + "requires": { + "argparse": "^2.0.1", + "entities": "~2.1.0", + "linkify-it": "^3.0.1", + "mdurl": "^1.0.1", + "uc.micro": "^1.0.5" + } + }, + "markdown-table": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz", + "integrity": "sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==", + "dev": true, + "requires": { + "repeat-string": "^1.0.0" + } + }, + "markdownlint": { + "version": "0.25.1", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.25.1.tgz", + "integrity": "sha512-AG7UkLzNa1fxiOv5B+owPsPhtM4D6DoODhsJgiaNg1xowXovrYgOnLqAgOOFQpWOlHFVQUzjMY5ypNNTeov92g==", + "dev": true, + "requires": { + "markdown-it": "12.3.2" + } + }, + "markdownlint-cli": { + "version": "0.31.1", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.31.1.tgz", + "integrity": "sha512-keIOMwQn+Ch7MoBwA+TdkyVMuxAeZFEGmIIlvwgV0Z1TGS5MxPnRr29XCLhkNzCHU+uNKGjU+VEjLX+Z9kli6g==", + "dev": true, + "requires": { + "commander": "~9.0.0", + "get-stdin": "~9.0.0", + "glob": "~7.2.0", + "ignore": "~5.2.0", + "js-yaml": "^4.1.0", + "jsonc-parser": "~3.0.0", + "markdownlint": "~0.25.1", + "markdownlint-rule-helpers": "~0.16.0", + "minimatch": "~3.0.5", + "run-con": "~1.2.10" + }, + "dependencies": { + "commander": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", + "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", + "dev": true + }, + "minimatch": { + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", + "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + } + } + }, + "markdownlint-rule-helpers": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.16.0.tgz", + "integrity": "sha512-oEacRUVeTJ5D5hW1UYd2qExYI0oELdYK72k1TKGvIeYJIbqQWAz476NAc7LNixSySUhcNl++d02DvX0ccDk9/w==", + "dev": true + }, + "mdurl": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", + "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==", + "dev": true + }, + "minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "minimist": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", + "dev": true + }, + "once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dev": true, + "requires": { + "wrappy": "1" + } + }, + "path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "dev": true + }, + "readme-generator-for-helm": { + "version": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/main", + "integrity": "sha512-W5ziOuId0M00YQRDlA5le3oEguWe8hoINhivOAgEF+AZkk2bDoNxuFUaJIxqAUEvZRA8qlTfUlu+w90EOFbTLw==", + "dev": true, + "requires": { + "commander": "^7.1.0", + "dot-object": "^2.1.4", + "lodash": "^4.17.21", + "markdown-table": "^2.0.0", + "yaml": "^2.0.0-3" + } + }, + "repeat-string": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", + "integrity": "sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==", + "dev": true + }, + "run-con": { + "version": "1.2.10", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.10.tgz", + "integrity": "sha512-n7PZpYmMM26ZO21dd8y3Yw1TRtGABjRtgPSgFS/nhzfvbJMXFtJhJVyEgayMiP+w/23craJjsnfDvx4W4ue/HQ==", + "dev": true, + "requires": { + "deep-extend": "^0.6.0", + "ini": "~2.0.0", + "minimist": "^1.2.5", + "strip-json-comments": "~3.1.1" + } + }, + "strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true + }, + "uc.micro": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", + "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", + "dev": true + }, + "wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true + }, + "yaml": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.1.tgz", + "integrity": "sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw==", + "dev": true + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..007e11f --- /dev/null +++ b/package.json @@ -0,0 +1,19 @@ +{ + "name": "gitea-helm-chart", + "homepage": "https://gitea.com/gitea/helm-chart.git", + "license": "MIT", + "private": true, + "engineStrict": true, + "engines": { + "node": ">=16.0.0", + "npm": ">=8.0.0" + }, + "scripts": { + "readme:lint": "markdownlint *.md -f", + "readme:parameters": "readme-generator -v values.yaml -r README.md" + }, + "devDependencies": { + "markdownlint-cli": "^0.31.1", + "readme-generator-for-helm": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/main" + } +} diff --git a/values.yaml b/values.yaml index b01e424..92fcd5b 100644 --- a/values.yaml +++ b/values.yaml @@ -389,7 +389,7 @@ gitea: ## @section Memcached # ## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. -## @param memcached.service.port Port for memcached +## @param memcached.service.port Port for Memcached memcached: enabled: true service: -- 2.40.1 From 0172a59889d4318a76982c7d7f3b6bda0e2c9a6c Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 15 Jun 2022 15:37:25 +0800 Subject: [PATCH 114/390] Properly lock chart dependencies (#326) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/326 Reviewed-by: techknowlogick Reviewed-by: luhahn Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitignore | 1 - Chart.lock | 15 +++++++++++++++ Chart.yaml | 8 ++++---- 3 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 Chart.lock diff --git a/.gitignore b/.gitignore index 6200d0a..22b7fa6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ charts/ node_modules/ -Chart.lock .DS_Store diff --git a/Chart.lock b/Chart.lock new file mode 100644 index 0000000..245110d --- /dev/null +++ b/Chart.lock @@ -0,0 +1,15 @@ +dependencies: +- name: memcached + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 5.9.0 +- name: mysql + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 6.14.10 +- name: postgresql + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 10.3.17 +- name: mariadb + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 9.3.6 +digest: sha256:08f967276fa0c083e9756a974a9791a487a71be0a226dc14351b3e5a2641e8fd +generated: "2022-06-11T12:18:36.672047+02:00" diff --git a/Chart.yaml b/Chart.yaml index d26b4ad..9ffd730 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -32,18 +32,18 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: - name: memcached - repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 5.9.0 condition: memcached.enabled - name: mysql - repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 6.14.10 condition: mysql.enabled - name: postgresql - repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 10.3.17 condition: postgresql.enabled - name: mariadb - repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 9.3.6 condition: mariadb.enabled -- 2.40.1 From 33586d26cfd8b5c458d90b0a9c9d08b1fdd20881 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 23 Jun 2022 23:41:10 +0800 Subject: [PATCH 115/390] Describe breaking changes for 6.0.0 (#327) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/327 Reviewed-by: luhahn Reviewed-by: wxiaoguang Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index a43cde1..0530574 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,20 @@ helm install gitea gitea-charts/gitea - Helm 3.0+ - PV provisioner for persistent data support +## Chart upgrade to 6.0.0 + +:warning: The most recent `6.0.0` update brings some major and breaking changes. +Please note the following changes in the Chart to upgrade successfully. :warning: + +### Enabled flag for `startupProbe` + +Prior to this version the `startupProbe` was just a commented sample within the +`values.yaml`. With the migration to an auto-generated [Parameters](#parameters) +section, a new parameter `gitea.startupProbe.enabled` has been introduced set to +`false` by default. If you are using the `startupProbe` you need to add that new +parameter and set it to `true`. Otherwise, your defined probe won't be considered +after the upgrade. + ## Chart upgrade to 5.0.0 :warning: The most recent `5.0.0` update brings some major and breaking changes. -- 2.40.1 From bc16cc81348aaa6fd3b70cddf7c240abb826f90a Mon Sep 17 00:00:00 2001 From: dek Date: Mon, 27 Jun 2022 14:35:55 +0800 Subject: [PATCH 116/390] add dnsConfig value support (#329) Description of the change Add support for a new value: dnsConfig, to be passed to the statefulset pod template configuration. Default is {}, and does not change anything from current default pod configuration. Benefits Ability to fix some issues encountered with Alpine-based docker images, which may break DNS resolving on some clusters. In particular, this allows to lower the ndots value, which fixes DNS resolving of FQDNs. dnsConfig: options: - name: ndots value: "1" Also, with this setting, one can set other parameters to finely tune DNS configuration for Gitea pods, if needed: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config Possible drawbacks None. Additional information Some relevant links about the issue this setting allows to fix: https://stackoverflow.com/questions/65181012/does-alpine-have-known-dns-issue-within-kubernetes https://gitlab.alpinelinux.org/alpine/aports/-/issues/9017 Checklist Parameters are documented in the values.yaml and added to the README.md using readme-generator-for-helm Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/329 Reviewed-by: justusbunsi Reviewed-by: luhahn Co-authored-by: dek Co-committed-by: dek --- README.md | 1 + templates/gitea/statefulset.yaml | 4 ++++ values.yaml | 3 +++ 3 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 0530574..f476e73 100644 --- a/README.md +++ b/README.md @@ -807,6 +807,7 @@ gitea: | `nodeSelector` | NodeSelector for the statefulset | `{}` | | `tolerations` | Tolerations for the statefulset | `[]` | | `affinity` | Affinity for the statefulset | `{}` | +| `dnsConfig` | dnsConfig for the statefulset | `{}` | | `statefulset.env` | Additional environment variables to pass to containers | `[]` | | `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | | `statefulset.labels` | Labels for the statefulset | `{}` | diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 742abd8..bb2b42c 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -287,6 +287,10 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: + {{- toYaml .Values.dnsConfig | nindent 8 }} {{- end }} volumes: - name: init diff --git a/values.yaml b/values.yaml index 92fcd5b..3589506 100644 --- a/values.yaml +++ b/values.yaml @@ -180,6 +180,9 @@ tolerations: [] ## @param affinity Affinity for the statefulset affinity: {} +## @param dnsConfig dnsConfig for the statefulset +dnsConfig: {} + ## @param statefulset.env Additional environment variables to pass to containers ## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod ## @param statefulset.labels Labels for the statefulset -- 2.40.1 From aa97cdab5bb00f19d38022b291b670cb7685cf91 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 10 Jul 2022 04:43:04 +0800 Subject: [PATCH 117/390] Restore default behavior description for image tag (#330) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/330 Reviewed-by: luhahn Reviewed-by: wxiaoguang Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 16 ++++++++-------- values.yaml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index f476e73..370e21a 100644 --- a/README.md +++ b/README.md @@ -740,14 +740,14 @@ gitea: ### Image -| Name | Description | Value | -| ------------------ | ------------------------------------------------------------------------------------------ | ------------- | -| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `""` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | -| `imagePullSecrets` | Secret to use for pulling the image | `[]` | +| Name | Description | Value | +| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/values.yaml b/values.yaml index 3589506..6f084dc 100644 --- a/values.yaml +++ b/values.yaml @@ -24,7 +24,7 @@ clusterDomain: cluster.local ## @section Image ## @param image.registry image registry, e.g. gcr.io,docker.io ## @param image.repository Image to start for this pod -## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) +## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. ## @param image.pullPolicy Image pull policy ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher image: -- 2.40.1 From 32735ed4df873b82a23ff5696180c34310277ca0 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sat, 16 Jul 2022 01:27:48 +0800 Subject: [PATCH 118/390] Restructure changelog/upgrading approach (#331) Description of the change Mostly, this change just moves the changelog to the bottom of the README which helps new users to see the actual documentation. As the structure for the changes itself is slightly different, there are some changes in wording so that it still makes sense. But mostly structural changes. The change within the dependency section is due to a broken link since auto-generating the parameters section. Now there are links to every dependency related parameters. Benefits It helps us to maintain a clear structure for the README of this project. Possible drawbacks Our users are currently trained to look at the top of the document to see the changes. They now have to scroll down or use the quick link from installation section. Applicable issues fixes #247 Additional information Every version section starts with a disclaimer right now. This is duplicated and might hide important text due to its existence. A centralized intruduction at top of the upgrading section tells the reader what to expect from that whole section. I've also noticed that on ArtifactHub the emotes are not rendered correctly. So I replaced them with the actual ones and reduced their usage. That way it better highlights those parts the reader must not miss. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/331 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 361 +++++++++++++++++++++++++++--------------------------- 1 file changed, 182 insertions(+), 179 deletions(-) diff --git a/README.md b/README.md index 370e21a..257478b 100644 --- a/README.md +++ b/README.md @@ -15,13 +15,14 @@ as well as being deployed as a statefulset to retain stored repositories. Gitea can be run with an external database and cache. This chart provides those dependencies, which can be enabled, or disabled via -[configuration](#configuration). +configuration. Dependencies: -- PostgreSQL -- Memcached -- MySQL +- PostgreSQL ([configuration](#postgresql)) +- Memcached ([configuration](#memcached)) +- MySQL ([configuration](#mysql)) +- MariaDB ([configuration](#mariadb)) ## Installing @@ -31,185 +32,15 @@ helm repo update helm install gitea gitea-charts/gitea ``` +When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom +of this document for major and breaking changes. + ## Prerequisites - Kubernetes 1.12+ - Helm 3.0+ - PV provisioner for persistent data support -## Chart upgrade to 6.0.0 - -:warning: The most recent `6.0.0` update brings some major and breaking changes. -Please note the following changes in the Chart to upgrade successfully. :warning: - -### Enabled flag for `startupProbe` - -Prior to this version the `startupProbe` was just a commented sample within the -`values.yaml`. With the migration to an auto-generated [Parameters](#parameters) -section, a new parameter `gitea.startupProbe.enabled` has been introduced set to -`false` by default. If you are using the `startupProbe` you need to add that new -parameter and set it to `true`. Otherwise, your defined probe won't be considered -after the upgrade. - -## Chart upgrade to 5.0.0 - -:warning: The most recent `5.0.0` update brings some major and breaking changes. -Please note the following changes in the Chart to upgrade successfully. :warning: - -### Enable Dependencies - -:warning: The values to enable the dependencies, -such as PostgreSQL, Memcached, MySQL and MariaDB -have been moved from `gitea.database.builtIn.` to the dependency values. :warning: - -You can now enable the dependencies as followed: - -```yaml -memcached: - enabled: true - -postgresql: - enabled: true - -mysql: - enabled: false - -mariadb: - enabled: false -``` - -### App.ini generation - -The app.ini generation has changed and now utilizes the environment-to-ini -script provided by newer Gitea versions. - -> :boom: The Helm Chart now requires Gitea versions of at least 1.11.0. - -This change ensures, that the app.ini is now persistent. - -#### Secret Key generation - -Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated -automatically in certain situations: - -- New install: By default the secrets are created automatically. If you provide - secrets via `gitea.config` they will be used instead of automatic generation. -- Existing installs: The secrets won't be deployed, neither via - configuration nor via auto generation. We explicitly prevent to set new secrets. - -> :rotating_light: It would be possible to set new secret keys manually by entering -the running container and rewriting the app.ini by hand. However, this it is -not advisable to do so for existing installations. Certain settings like -_LDAP_ would not be readable anymore. - -### Probes - -> :boom: `gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` -have been removed. - -They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe` -and `gitea.startupProbe` which are now fully configurable and used _as-is_ for -a Chart deployment. -If you have customized their values instead of using the `custom` prefixed settings, -please ensure that you remove the `enabled` property from each of them. - -In case you want to disable one of these probes, let's say the `livenessProbe`, add -the following to your values. The `podAnnotation` is just there to have a bit more -context. - -```diff -gitea: -+ livenessProbe: - podAnnotations: {} -``` - -### Multiple OAuth and LDAP authentication sources - -With `5.0.0` of this Chart it is now possible to configure Gitea with multiple -OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration -in your customized `values.yaml` by replacing the object with settings to a list -of settings objects. See [OAuth2 Settings](#oauth-settings) and -[LDAP Settings](#ldap-settings) section for details. - -## Chart upgrade from 3.x.x to 4.0.0 - -:warning: The most recent `4.0.0` update brings some breaking changes. Please note -the following changes in the Chart to upgrade successfully. :warning: - -### Ingress changes - -To provide a more flexible Ingress configuration we now support not only host -settings but also provide configuration for the path and pathType. So this -change changes the hosts from a simple string list, to a list containing a more -complex object for more configuration. - -```diff -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" -- hosts: -- - git.example.com -+ hosts: -+ - host: git.example.com -+ paths: -+ - path: / -+ pathType: Prefix - tls: [] - # - secretName: chart-example-tls - # hosts: - # - git.example.com -``` - -If you want everything as it was before, you can simply add the following code -to all your host entries. - -```yaml -paths: - - path: / - pathType: Prefix -``` - -### Dropped kebab-case support - -In 3.x.x it was possible to provide an ldap configuration via kebab-case, this -support has now been dropped and only camel case is supported. See [LDAP -section](#ldap-settings) for more information. - -### Dependency update - -The chart comes with multiple databases and Memcached as dependency, the latest -release updated the dependencies. - -- Memcached: `4.2.20` -> `5.9.0` -- PostgreSQL: `9.7.2` -> `10.3.17` -- MariaDB: `8.0.0` -> `9.3.6` - -If you're using the builtin databases you will most likely redeploy the chart in -order to update the database correctly. - -### Execution of initPreScript - -Generally spoken, this might not be a breaking change, but it is worth to be -mentioned. - -Prior to `4.0.0` only one init container was used to both setup directories and -configure Gitea. As of now the actual Gitea configuration is separated from the -other pre-execution. This also includes the execution of _initPreScript_. If you -have such script, please be aware of this. Dynamically prepare the Gitea setup -during execution by e.g. adding environment variables to the execution context -won't work anymore. - -## Gitea Version 1.14.X repository ROOT - -Previously the ROOT folder for the Gitea repositories was located at -`/data/git/gitea-repositories`. In version `1.14` has the path been changed to -`/data/gitea-repositories`. - -This chart will set the `gitea.config.repository.ROOT` value default to -`/data/git/gitea-repositories`. - ## Configure Commit Signing When using the rootless image the gpg key folder was is not persistent by @@ -639,8 +470,8 @@ gitea: ... ``` -:warning: Some options are just flags and therefore don't any values. If they -are defined in `gitea.ldap` configuration, they will be passed to the Gitea cli +⚠️ Some options are just flags and therefore don't have any values. If they +are defined in `gitea.ldap` configuration, they will be passed to the Gitea CLI without any value. Affected options: - notActive @@ -947,3 +778,175 @@ gitea: Expected workflow is: Fork -> Patch -> Push -> Pull Request See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. + +## Upgrading + +This section lists major and breaking changes of each Helm Chart version. +Please read them carefully to upgrade successfully. + +### To 6.0.0 + +#### New `enabled` flag for `startupProbe` + +Prior to this version the `startupProbe` was just a commented sample within the +`values.yaml`. With the migration to an auto-generated [Parameters](#parameters) +section, a new parameter `gitea.startupProbe.enabled` has been introduced set to +`false` by default. + +If you are using the `startupProbe` you need to add that new +parameter and set it to `true`. Otherwise, your defined probe won't be considered +after the upgrade. + +### To 5.0.0 + +> 💥 The Helm Chart now requires Gitea versions of at least 1.11.0. + +#### Enable Dependencies + +The values to enable the dependencies, +such as PostgreSQL, Memcached, MySQL and MariaDB +have been moved from `gitea.database.builtIn.` to the dependency values. + +You can now enable the dependencies as followed: + +```yaml +memcached: + enabled: true + +postgresql: + enabled: true + +mysql: + enabled: false + +mariadb: + enabled: false +``` + +#### App.ini generation + +The app.ini generation has changed and now utilizes the environment-to-ini +script provided by newer Gitea versions. This change ensures, that the app.ini +is now persistent. + +##### Secret Key generation + +Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated +automatically in certain situations: + +- New install: By default the secrets are created automatically. If you provide + secrets via `gitea.config` they will be used instead of automatic generation. +- Existing installs: The secrets won't be deployed, neither via + configuration nor via auto generation. We explicitly prevent to set new secrets. + +> 💡 It would be possible to set new secret keys manually by entering +the running container and rewriting the app.ini by hand. However, this it is +not advisable to do so for existing installations. Certain settings like +_LDAP_ would not be readable anymore. + +#### Probes + +`gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` +have been removed. + +They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe` +and `gitea.startupProbe` which are now fully configurable and used _as-is_ for +a Chart deployment. +If you have customized their values instead of using the `custom` prefixed settings, +please ensure that you remove the `enabled` property from each of them. + +In case you want to disable one of these probes, let's say the `livenessProbe`, add +the following to your values. The `podAnnotation` is just there to have a bit more +context. + +```diff +gitea: ++ livenessProbe: + podAnnotations: {} +``` + +#### Multiple OAuth and LDAP authentication sources + +With `5.0.0` of this Chart it is now possible to configure Gitea with multiple +OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration +in your customized `values.yaml` by replacing the object with settings to a list +of settings objects. See [OAuth2 Settings](#oauth2-settings) and +[LDAP Settings](#ldap-settings) section for details. + +### To 4.0.0 + +#### Ingress changes + +To provide a more flexible Ingress configuration we now support not only host +settings but also provide configuration for the path and pathType. So this +change changes the hosts from a simple string list, to a list containing a more +complex object for more configuration. + +```diff +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" +- hosts: +- - git.example.com ++ hosts: ++ - host: git.example.com ++ paths: ++ - path: / ++ pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - git.example.com +``` + +If you want everything as it was before, you can simply add the following code +to all your host entries. + +```yaml +paths: + - path: / + pathType: Prefix +``` + +#### Dropped kebab-case support + +In 3.x.x it was possible to provide an ldap configuration via kebab-case, this +support has now been dropped and only camel case is supported. See [LDAP +section](#ldap-settings) for more information. + +#### Dependency update + +The chart comes with multiple databases and Memcached as dependency, the latest +release updated the dependencies. + +- Memcached: `4.2.20` -> `5.9.0` +- PostgreSQL: `9.7.2` -> `10.3.17` +- MariaDB: `8.0.0` -> `9.3.6` + +If you're using the builtin databases you will most likely redeploy the chart in +order to update the database correctly. + +#### Execution of initPreScript + +Generally spoken, this might not be a breaking change, but it is worth to be +mentioned. + +Prior to `4.0.0` only one init container was used to both setup directories and +configure Gitea. As of now the actual Gitea configuration is separated from the +other pre-execution. This also includes the execution of _initPreScript_. If you +have such script, please be aware of this. Dynamically prepare the Gitea setup +during execution by e.g. adding environment variables to the execution context +won't work anymore. + +### Misc + +#### Gitea Version 1.14.X repository ROOT + +Previously the ROOT folder for the Gitea repositories was located at +`/data/git/gitea-repositories`. In version `1.14` has the path been changed to +`/data/gitea-repositories`. + +This chart will set the `gitea.config.repository.ROOT` value default to +`/data/git/gitea-repositories`. -- 2.40.1 From 58fc28f6d066b7d881d0c8a10cf633c6bc13237a Mon Sep 17 00:00:00 2001 From: huww98 Date: Thu, 28 Jul 2022 16:29:33 +0800 Subject: [PATCH 119/390] fix: correctly handle tls ingress (#94) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/94 Reviewed-by: techknowlogick Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: huww98 Co-committed-by: huww98 --- templates/_helpers.tpl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 608cfcc..9c2c63c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -160,6 +160,14 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- end -}} +{{- define "gitea.public_protocol" -}} +{{- if and .Values.ingress.enabled (gt (len .Values.ingress.tls) 0) -}} +https +{{- else -}} +{{ .Values.gitea.config.server.PROTOCOL }} +{{- end -}} +{{- end -}} + {{- define "gitea.inline_configuration" -}} {{- include "gitea.inline_configuration.init" . -}} {{- include "gitea.inline_configuration.defaults" . -}} @@ -250,15 +258,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- end -}} {{- if not .Values.gitea.config.server.ROOT_URL -}} - {{- if .Values.ingress.enabled -}} - {{- if gt (len .Values.ingress.tls) 0 -}} - {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}} - {{- else -}} - {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0).host) -}} - {{- end -}} - {{- else -}} - {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}} - {{- end -}} + {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}} {{- end -}} {{- if not .Values.gitea.config.server.SSH_DOMAIN -}} {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}} -- 2.40.1 From 7801c9c5c9c101217575d47f87cf478de2e47f8f Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 4 Aug 2022 20:47:24 +0800 Subject: [PATCH 120/390] Pre-generate LFS_JWT_SECRET during init phase (#335) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/335 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/gitea/config.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 8416ee6..73104e6 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -135,6 +135,7 @@ stringData: export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) + export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) env2ini::log "...Initial secrets generated\n" } @@ -158,10 +159,12 @@ stringData: env2ini::log ' - security.INTERNAL_TOKEN' env2ini::log ' - security.SECRET_KEY' env2ini::log ' - oauth2.JWT_SECRET' + env2ini::log ' - server.LFS_JWT_SECRET' unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN unset ENV_TO_INI__SECURITY__SECRET_KEY unset ENV_TO_INI__OAUTH2__JWT_SECRET + unset ENV_TO_INI__SERVER__LFS_JWT_SECRET fi environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI -- 2.40.1 From a4ab5f981ffd7f368545e1629cd4fac9c35aa1d7 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 4 Aug 2022 21:46:04 +0800 Subject: [PATCH 121/390] Skip processing non-provided additional configs (#336) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/336 Reviewed-by: luhahn Reviewed-by: Lunny Xiao Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/gitea/config.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 73104e6..bcc7c4d 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -117,13 +117,15 @@ stringData: function env2ini::load_config_sources() { local path="${1}" - env2ini::log "Processing $(basename "${path}")..." + if [[ -d "${path}" ]]; then + env2ini::log "Processing $(basename "${path}")..." - while read -d '' configFile; do - env2ini::process_config_file "${configFile}" - done < <(find "${path}" -type l -not -name '..data' -print0) + while read -d '' configFile; do + env2ini::process_config_file "${configFile}" + done < <(find "${path}" -type l -not -name '..data' -print0) - env2ini::log "\n" + env2ini::log "\n" + fi } function env2ini::generate_initial_secrets() { -- 2.40.1 From 299d6db142a28f07ab994b73a1b2e96fda83db11 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 8 Aug 2022 03:32:19 +0800 Subject: [PATCH 122/390] Split "extraVolumeMounts" into init and container mounts (#337) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/337 Reviewed-by: luhahn Reviewed-by: lafriks Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 38 ++++++++++++++++++++++---------- templates/_helpers.tpl | 18 +++++++++++++++ templates/gitea/statefulset.yaml | 18 +++++---------- values.yaml | 18 ++++++++++----- 4 files changed, 61 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 257478b..2fc73f7 100644 --- a/README.md +++ b/README.md @@ -646,18 +646,20 @@ gitea: ### Persistence -| Name | Description | Value | -| --------------------------- | ---------------------------------------------------------- | ------------------- | -| `persistence.enabled` | Enable persistent storage | `true` | -| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` | -| `persistence.size` | Size for persistence to store repo information | `10Gi` | -| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | -| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | -| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | -| `persistence.storageClass` | Name of the storage class to use | `nil` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | -| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `nil` | -| `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `nil` | +| Name | Description | Value | +| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `[]` | +| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | +| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | +| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | ### Init @@ -786,6 +788,18 @@ Please read them carefully to upgrade successfully. ### To 6.0.0 +#### Different volume mounts for init-containers and runtime container + +**The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and +`extraContainerVolumeMounts`. You can now have different mounts for the initialization +phase and Gitea runtime. The deprecated `extraVolumeMounts` will still be available +for the time being and is mounted into every container. If you want to switch to +the new settings and want to mount specific volumes into all containers, you have +to configure their mount points within both new settings. + +**Combining values from the deprecated setting with values from the new settings +is not possible.** + #### New `enabled` flag for `startupProbe` Prior to this version the `startupProbe` was just a commented sample within the diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 9c2c63c..0e481e0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -313,3 +313,21 @@ https {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}} {{- end -}} {{- end -}} + +{{- define "gitea.init-additional-mounts" -}} + {{- /* Honor the deprecated extraVolumeMounts variable when defined */ -}} + {{- if gt (len .Values.extraInitVolumeMounts) 0 -}} + {{- toYaml .Values.extraInitVolumeMounts -}} + {{- else if gt (len .Values.extraVolumeMounts) 0 -}} + {{- toYaml .Values.extraVolumeMounts -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.container-additional-mounts" -}} + {{- /* Honor the deprecated extraVolumeMounts variable when defined */ -}} + {{- if gt (len .Values.extraContainerVolumeMounts) 0 -}} + {{- toYaml .Values.extraContainerVolumeMounts -}} + {{- else if gt (len .Values.extraVolumeMounts) 0 -}} + {{- toYaml .Values.extraVolumeMounts -}} + {{- end -}} +{{- end -}} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index bb2b42c..ed9a887 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -69,9 +69,7 @@ spec: {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} + {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - name: init-app-ini @@ -109,9 +107,7 @@ spec: - name: additional-config-sources-{{ $idx }} mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/" {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} + {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - name: configure-gitea @@ -201,9 +197,7 @@ spec: {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} + {{- include "gitea.init-additional-mounts" . | nindent 12 }} terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} @@ -273,9 +267,7 @@ spec: {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} + {{- include "gitea.container-additional-mounts" . | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -301,7 +293,7 @@ spec: secret: secretName: {{ include "gitea.fullname" . }} defaultMode: 110 - {{- if .Values.extraVolumes }} + {{- if gt (len .Values.extraVolumes) 0 }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} - name: inline-config-sources diff --git a/values.yaml b/values.yaml index 6f084dc..bd8c4d0 100644 --- a/values.yaml +++ b/values.yaml @@ -217,17 +217,23 @@ persistence: subPath: ## @param extraVolumes Additional volumes to mount to the Gitea statefulset -extraVolumes: +extraVolumes: [] # - name: postgres-ssl-vol # secret: # secretName: gitea-postgres-ssl +## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. +extraContainerVolumeMounts: [] -# additional volumes to mount, both to the init container and to the main -# container. As an example, can be used to mount a client cert when connecting -# to an external Postgres server. -## @param extraVolumeMounts Additional volume mounts for the Gitea containers -extraVolumeMounts: +## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. +extraInitVolumeMounts: [] + +## @depracated The extraVolumeMounts variable has been split two: +## - extraContainerVolumeMounts +## - extraInitVolumeMounts +## As an example, can be used to mount a client cert when connecting to an external Postgres server. +## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container +extraVolumeMounts: [] # - name: postgres-ssl-vol # readOnly: true # mountPath: "/pg-ssl" -- 2.40.1 From 58d21e07f9f8f48200610be95b2d9cd2392153de Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 23 Aug 2022 02:51:21 +0800 Subject: [PATCH 123/390] Bump Gitea version to 1.17.1 (#353) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change Bumps Gitea version to 1.17.1. 🙂 ### Applicable issues - fixes #340 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/353 Reviewed-by: luhahn Reviewed-by: Andrew Thornton Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 9ffd730..19b11a6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.16.8 +appVersion: 1.17.1 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 51bb72090ecc30886d53e200e1cb149e1cd1cbfd Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 23 Aug 2022 03:22:30 +0800 Subject: [PATCH 124/390] bogus commit --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index b7632ae..d0244e3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -44,6 +44,7 @@ steps: - changed - failure + --- kind: pipeline type: docker -- 2.40.1 From bb26a872e94b2159367c768ddaa5c91c671aa002 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 7 Sep 2022 09:21:38 +0800 Subject: [PATCH 125/390] 1.17.2 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 19b11a6..446305a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.17.1 +appVersion: 1.17.2 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 6e5ae5c9129e41716c3a889ef5e9c7b9261688fa Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 25 Sep 2022 23:21:52 +0800 Subject: [PATCH 126/390] Increase line length linter to 200 (#355) As discussed in #348 fix #348 Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/355 Reviewed-by: justusbunsi Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- .markdownlint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index a67574a..6320f35 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -45,7 +45,7 @@ MD012: # MD013/line-length - Line length MD013: # Number of characters - line_length: 80 + line_length: 200 # Number of characters for headings heading_line_length: 80 # Number of characters for code blocks -- 2.40.1 From 0d1f74889864f6082810dc59f033cd0d76f294df Mon Sep 17 00:00:00 2001 From: cboin1996 Date: Mon, 26 Sep 2022 04:08:56 +0800 Subject: [PATCH 127/390] check existence of `/data/gitea/conf/` instead of `/data/gitea/` (#310) ### Description of the change Checking the existence of the config directory should be done with the directory path itself. Not its parent directory. This simple fix addresses that by using the config directory for its existence check. ### Benefits Prior to #337 there was no other way to install this helm chart using the `extraVolumeMounts` setting with these values: ```yaml replicaCount: %d extraVolumes: - name: config-volume configMap: name: %s extraVolumeMounts: - name: config-volume mountPath: /data/gitea/templates/custom ``` Without this fix, the Gitea pod would never initialize, and would crashloop with the same error in #296. ### Additional information Mounting a configMap to `/data/gitea/templates/custom` causes the `/data/gitea` folder to exist even though the `/data/gitea/conf` had not been initialized yet. The initialization script saw that the `/data/gitea` dir existed and exited early without initializing `/data/gitea/conf`. Co-authored-by: cboin1996 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/310 Reviewed-by: justusbunsi Reviewed-by: pat-s Co-authored-by: cboin1996 Co-committed-by: cboin1996 --- templates/gitea/init.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 00af29b..8ea3aa9 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -26,7 +26,7 @@ stringData: {{- end }} mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea ] && mkdir -p /data/gitea/conf + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf # prepare temp directory structure mkdir -p "${GITEA_TEMP}" -- 2.40.1 From b8f0310c43bd71dd48ac92b70d8ebdb94d43c29b Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 28 Sep 2022 16:18:59 +0800 Subject: [PATCH 128/390] Add gpg configuration settings (#343) ### Description of the change This PR adds support for gpg key setup. It allows to pass the gpg private key content inline inside `values.yaml` or refer to an existing secret containing the key content data. ### Benefits Administrators don't need to manually setup the gpg environment from inside a running container. It also eliminates the breaking change of Gitea 1.17 regarding `[git].HOME` as the `GNUPGHOME` environment variable is used consistently to relocate the `.gnupg` directory to its former location. ### Applicable issues - fixes #107 ### Additional information This PR add the first unit tests to this Helm Chart, ensuring templating integrity for signing related configuration. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Co-authored-by: justusbunsi Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/343 Reviewed-by: luhahn Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .drone.yml | 9 ++ .gitignore | 1 + .helmignore | 1 + CONTRIBUTING.md | 10 ++ Makefile | 4 + README.md | 71 +++++++++----- templates/_helpers.tpl | 4 + templates/gitea/gpg-secret.yaml | 16 ++++ templates/gitea/init.yaml | 13 +++ templates/gitea/statefulset.yaml | 43 +++++++++ unittests/gpg-secret/signing-disabled.yaml | 13 +++ unittests/gpg-secret/signing-enabled.yaml | 40 ++++++++ unittests/init/basic.yaml | 15 +++ .../init/init_directory_structure.sh.yaml | 53 +++++++++++ unittests/statefulset/basic.yaml | 17 ++++ unittests/statefulset/signing-disabled.yaml | 40 ++++++++ unittests/statefulset/signing-enabled.yaml | 93 +++++++++++++++++++ values.yaml | 8 ++ 18 files changed, 429 insertions(+), 22 deletions(-) create mode 100644 templates/gitea/gpg-secret.yaml create mode 100644 unittests/gpg-secret/signing-disabled.yaml create mode 100644 unittests/gpg-secret/signing-enabled.yaml create mode 100644 unittests/init/basic.yaml create mode 100644 unittests/init/init_directory_structure.sh.yaml create mode 100644 unittests/statefulset/basic.yaml create mode 100644 unittests/statefulset/signing-disabled.yaml create mode 100644 unittests/statefulset/signing-enabled.yaml diff --git a/.drone.yml b/.drone.yml index d0244e3..b9365c4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,6 +23,15 @@ steps: - helm dependency update - helm template --debug gitea-helm . +- name: helm unittests + pull: always + image: alpine:3.16 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash + - helm plugin install https://github.com/heyhabito/helm-unittest + - helm dependency update + - make unittests + - name: verify readme pull: always image: alpine:3.16 diff --git a/.gitignore b/.gitignore index 22b7fa6..10261af 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ charts/ node_modules/ .DS_Store +unittests/*/__snapshot__/ diff --git a/.helmignore b/.helmignore index a8cc816..048126d 100644 --- a/.helmignore +++ b/.helmignore @@ -25,3 +25,4 @@ node_modules/ package.json package-lock.json .gitea/ +unittests/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d06973c..78f77d9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,3 +50,13 @@ be used: forwarded first from `minikube` to localhost first via `kubectl --namespace default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at [http://localhost:3000](http://localhost:3000). + +### Unit tests + +```bash +# install the unittest plugin +$ helm plugin install https://github.com/heyhabito/helm-unittest + +# run the unittests +make unittests +``` diff --git a/Makefile b/Makefile index 720a657..2b61849 100644 --- a/Makefile +++ b/Makefile @@ -6,3 +6,7 @@ prepare-environment: readme: prepare-environment npm run readme:parameters npm run readme:lint + +.PHONY: unittests +unittests: + helm unittest --helm3 --strict -f 'unittests/**/*.yaml' ./ diff --git a/README.md b/README.md index 2fc73f7..d7eaa66 100644 --- a/README.md +++ b/README.md @@ -41,24 +41,6 @@ of this document for major and breaking changes. - Helm 3.0+ - PV provisioner for persistent data support -## Configure Commit Signing - -When using the rootless image the gpg key folder was is not persistent by -default. If you consider using signed commits for internal Gitea activities -(e.g. initial commit), you'd need to provide a signing key. Prior to -[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be -re-imported once the container got replaced by another. - -The mentioned PR introduced a new configuration object `signing` allowing you to -configure prerequisites for commit signing. By default this section is disabled -to maintain backwards compatibility. - -```yaml -signing: - enabled: false - gpgHome: /data/git/.gnupg -``` - ## Examples ### Gitea Configuration @@ -525,6 +507,49 @@ gitea: ... ``` +## Configure commit signing + +When using the rootless image the gpg key folder is not persistent by +default. If you consider using signed commits for internal Gitea activities +(e.g. initial commit), you'd need to provide a signing key. Prior to +[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be +re-imported once the container got replaced by another. + +The mentioned PR introduced a new configuration object `signing` allowing you to +configure prerequisites for commit signing. By default this section is disabled +to maintain backwards compatibility. + +```yaml +signing: + enabled: false + gpgHome: /data/git/.gnupg +``` + +Regardless of the used container image the `signing` object allows to specify a +private gpg key. Either using the `signing.privateKey` to define the key inline, +or refer to an existing secret containing the key data by using `signing.existingKey`. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-gitea-gpg-key +type: Opaque +stringData: + privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + ... + -----END PGP PRIVATE KEY BLOCK----- +``` + +```yaml +signing: + existingSecret: custom-gitea-gpg-key +``` + +To use the gpg key, Gitea needs to be configured accordingly. A detailed description +can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). + ### Metrics and profiling A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling @@ -669,10 +694,12 @@ gitea: ### Signing -| Name | Description | Value | -| ----------------- | ---------------------------- | ------------------ | -| `signing.enabled` | Enable commit/action signing | `false` | -| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------- | ------------------ | +| `signing.enabled` | Enable commit/action signing | `false` | +| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | +| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` | +| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 0e481e0..5bdcca9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -331,3 +331,7 @@ https {{- toYaml .Values.extraVolumeMounts -}} {{- end -}} {{- end -}} + +{{- define "gitea.gpg-key-secret-name" -}} +{{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }} +{{- end -}} diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml new file mode 100644 index 0000000..29b6d4f --- /dev/null +++ b/templates/gitea/gpg-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.signing.enabled -}} +{{- if and (empty .Values.signing.privateKey) (empty .Values.signing.existingSecret) -}} + {{- fail "Either specify `signing.privateKey` or `signing.existingKey`" -}} +{{- end }} +{{- if and (not (empty .Values.signing.privateKey)) (empty .Values.signing.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitea.gpg-key-secret-name" . }} + labels: + {{- include "gitea.labels" . | nindent 4 }} +type: Opaque +data: + privateKey: {{ .Values.signing.privateKey | b64enc }} +{{- end }} +{{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 8ea3aa9..0337388 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -6,6 +6,11 @@ metadata: {{- include "gitea.labels" . | nindent 4 }} type: Opaque stringData: + configure_gpg_environment.sh: |- + #!/usr/bin/env bash + set -eu + + gpg --import /raw/private.asc init_directory_structure.sh: |- #!/usr/bin/env bash @@ -35,6 +40,14 @@ stringData: {{- end }} chmod ug+rwx "${GITEA_TEMP}" + {{ if .Values.signing.enabled -}} + if [ ! -d "${GNUPGHOME}" ]; then + mkdir -p "${GNUPGHOME}" + chmod 700 "${GNUPGHOME}" + chown 1000:1000 "${GNUPGHOME}" + fi + {{- end }} + configure_gitea.sh: |- #!/usr/bin/env bash diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index ed9a887..ce6f550 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -59,6 +59,10 @@ spec: {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} + {{- if .Values.signing.enabled }} + - name: GNUPGHOME + value: {{ .Values.signing.gpgHome }} + {{- end }} volumeMounts: - name: init mountPath: /usr/sbin @@ -110,6 +114,36 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- if .Values.signing.enabled }} + - name: configure-gpg + image: "{{ include "gitea.image" . }}" + command: ["/usr/sbin/configure_gpg_environment.sh"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} + {{- $csc := deepCopy .Values.containerSecurityContext -}} + {{- if not (hasKey $csc "runAsUser") -}} + {{- $_ := set $csc "runAsUser" 1000 -}} + {{- end -}} + {{- toYaml $csc | nindent 12 }} + env: + - name: GNUPGHOME + value: {{ .Values.signing.gpgHome }} + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: data + mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + - name: gpg-private-key + mountPath: /raw + readOnly: true + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} - name: configure-gitea image: "{{ include "gitea.image" . }}" command: ["/usr/sbin/configure_gitea.sh"] @@ -305,6 +339,15 @@ spec: {{- end }} - name: temp emptyDir: {} + {{- if .Values.signing.enabled }} + - name: gpg-private-key + secret: + secretName: {{ include "gitea.gpg-key-secret-name" . }} + items: + - key: privateKey + path: private.asc + defaultMode: 0100 + {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: diff --git a/unittests/gpg-secret/signing-disabled.yaml b/unittests/gpg-secret/signing-disabled.yaml new file mode 100644 index 0000000..3b1aba4 --- /dev/null +++ b/unittests/gpg-secret/signing-disabled.yaml @@ -0,0 +1,13 @@ +suite: GPG secret template (signing disabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/gpg-secret.yaml +tests: + - it: renders nothing + set: + signing.enabled: false + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/gpg-secret/signing-enabled.yaml b/unittests/gpg-secret/signing-enabled.yaml new file mode 100644 index 0000000..3c742e9 --- /dev/null +++ b/unittests/gpg-secret/signing-enabled.yaml @@ -0,0 +1,40 @@ +suite: GPG secret template (signing enabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/gpg-secret.yaml +tests: + - it: fails rendering when nothing is configured + set: + signing: + enabled: true + asserts: + - failedTemplate: + errorMessage: Either specify `signing.privateKey` or `signing.existingKey` + - it: skips rendering using external secret reference + set: + signing: + enabled: true + existingSecret: "external-secret-reference" + asserts: + - hasDocuments: + count: 0 + - it: renders secret specification using inline gpg key + set: + signing: + enabled: true + privateKey: "gpg-key-placeholder" + asserts: + - hasDocuments: + count: 1 + - documentIndex: 0 + containsDocument: + kind: Secret + apiVersion: v1 + name: gitea-unittests-gpg-key + - isNotEmpty: + path: metadata.labels + - equal: + path: data.privateKey + value: "Z3BnLWtleS1wbGFjZWhvbGRlcg==" diff --git a/unittests/init/basic.yaml b/unittests/init/basic.yaml new file mode 100644 index 0000000..f2b746e --- /dev/null +++ b/unittests/init/basic.yaml @@ -0,0 +1,15 @@ +suite: Init template (basic) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/init.yaml +tests: + - it: renders a secret + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Secret + apiVersion: v1 + name: gitea-unittests-init diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml new file mode 100644 index 0000000..75b43ea --- /dev/null +++ b/unittests/init/init_directory_structure.sh.yaml @@ -0,0 +1,53 @@ +suite: Init template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/init.yaml +tests: + - it: skips gpg script block for disabled signing + asserts: + - equal: + path: stringData.[init_directory_structure.sh] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + chown 1000:1000 /data + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chown 1000:1000 "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + - it: adds gpg script block for enabled signing + set: + signing.enabled: true + asserts: + - equal: + path: stringData.[init_directory_structure.sh] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + chown 1000:1000 /data + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chown 1000:1000 "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + + if [ ! -d "${GNUPGHOME}" ]; then + mkdir -p "${GNUPGHOME}" + chmod 700 "${GNUPGHOME}" + chown 1000:1000 "${GNUPGHOME}" + fi diff --git a/unittests/statefulset/basic.yaml b/unittests/statefulset/basic.yaml new file mode 100644 index 0000000..00fb684 --- /dev/null +++ b/unittests/statefulset/basic.yaml @@ -0,0 +1,17 @@ +suite: Statefulset template (basic) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: renders a statefulset + template: templates/gitea/statefulset.yaml + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests diff --git a/unittests/statefulset/signing-disabled.yaml b/unittests/statefulset/signing-disabled.yaml new file mode 100644 index 0000000..4f9f2ce --- /dev/null +++ b/unittests/statefulset/signing-disabled.yaml @@ -0,0 +1,40 @@ +suite: Statefulset template (signing disabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: skips gpg init container + template: templates/gitea/statefulset.yaml + asserts: + - notContains: + path: spec.template.spec.initContainers + any: true + content: + name: configure-gpg + - it: skips gpg env in `init-directories` init container + template: templates/gitea/statefulset.yaml + set: + signing.enabled: true + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: GNUPGHOME + value: /data/git/.gnupg + - it: skips gpg env in runtime container + template: templates/gitea/statefulset.yaml + asserts: + - notContains: + path: spec.template.spec.containers[0].env + content: + name: GNUPGHOME + - it: skips gpg volume spec + template: templates/gitea/statefulset.yaml + asserts: + - notContains: + path: spec.template.spec.volumes + content: + name: gpg-private-key diff --git a/unittests/statefulset/signing-enabled.yaml b/unittests/statefulset/signing-enabled.yaml new file mode 100644 index 0000000..ecb237f --- /dev/null +++ b/unittests/statefulset/signing-enabled.yaml @@ -0,0 +1,93 @@ +suite: Statefulset template (signing enabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: adds gpg init container + template: templates/gitea/statefulset.yaml + set: + signing: + enabled: true + existingSecret: "custom-gpg-secret" + asserts: + - equal: + path: spec.template.spec.initContainers[2].name + value: configure-gpg + - equal: + path: spec.template.spec.initContainers[2].command + value: ["/usr/sbin/configure_gpg_environment.sh"] + - equal: + path: spec.template.spec.initContainers[2].securityContext + value: + runAsUser: 1000 + - equal: + path: spec.template.spec.initContainers[2].env + value: + - name: GNUPGHOME + value: /data/git/.gnupg + - equal: + path: spec.template.spec.initContainers[2].volumeMounts + value: + - name: init + mountPath: /usr/sbin + - name: data + mountPath: /data + - name: gpg-private-key + mountPath: /raw + readOnly: true + - it: adds gpg env in `init-directories` init container + template: templates/gitea/statefulset.yaml + set: + signing.enabled: true + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: GNUPGHOME + value: /data/git/.gnupg + - it: adds gpg env in runtime container + template: templates/gitea/statefulset.yaml + set: + signing.enabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: GNUPGHOME + value: /data/git/.gnupg + - it: adds gpg volume spec + template: templates/gitea/statefulset.yaml + set: + signing: + enabled: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: gpg-private-key + secret: + secretName: gitea-unittests-gpg-key + items: + - key: privateKey + path: private.asc + defaultMode: 0100 + - it: supports gpg volume spec with external reference + template: templates/gitea/statefulset.yaml + set: + signing: + enabled: true + existingSecret: custom-gpg-secret + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: gpg-private-key + secret: + secretName: custom-gpg-secret + items: + - key: privateKey + path: private.asc + defaultMode: 0100 diff --git a/values.yaml b/values.yaml index bd8c4d0..5958d24 100644 --- a/values.yaml +++ b/values.yaml @@ -253,9 +253,17 @@ initPreScript: "" # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory +## @param signing.privateKey Inline private gpg key for signed Gitea actions +## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false gpgHome: /data/git/.gnupg + privateKey: "" + # privateKey: |- + # -----BEGIN PGP PRIVATE KEY BLOCK----- + # ... + # -----END PGP PRIVATE KEY BLOCK----- + existingSecret: "" ## @section Gitea # -- 2.40.1 From d1f5dca5735539c7bb6a8c04f41914a3024486b5 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 14 Oct 2022 00:16:41 +0800 Subject: [PATCH 129/390] Lock readme-generator-for-helm dependency (#369) With every push on main/master branch of that repository, the referenced tarball is replaced, causing npm integrity checks to fail. Locking the used reference to a specific commit hash is more reliable. There is an open issue regarding publishing on NPM. As long as this is not resolved, we would need to use this workaround to get updates. (https://github.com/bitnami-labs/readme-generator-for-helm/issues/36) Signed-off-by: justusbunsi Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/369 Reviewed-by: pat-s Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- package-lock.json | 24 ++++++++++++------------ package.json | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5f0c69c..78a9d97 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "markdownlint-cli": "^0.31.1", - "readme-generator-for-helm": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/main" + "readme-generator-for-helm": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/498ea5d19478a36556f1636e1e041a7510d09289" }, "engines": { "node": ">=16.0.0", @@ -332,9 +332,9 @@ } }, "node_modules/readme-generator-for-helm": { - "version": "2.4.0", - "resolved": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/main", - "integrity": "sha512-W5ziOuId0M00YQRDlA5le3oEguWe8hoINhivOAgEF+AZkk2bDoNxuFUaJIxqAUEvZRA8qlTfUlu+w90EOFbTLw==", + "version": "2.4.1", + "resolved": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/498ea5d19478a36556f1636e1e041a7510d09289", + "integrity": "sha512-vCIT2YuskoOU38vNd/if6EhWCVBixdle0e4w2070jv82MlctrQ/5HAYpHZ0cRZCkfoUJ2QOxkGa38nAgUvBb+A==", "dev": true, "license": "ISC", "dependencies": { @@ -397,9 +397,9 @@ "dev": true }, "node_modules/yaml": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.1.tgz", - "integrity": "sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.3.tgz", + "integrity": "sha512-AacA8nRULjKMX2DvWvOAdBZMOfQlypSFkjcOcu9FalllIDJ1kvlREzcdIZmidQUqqeMv7jorHjq2HlLv/+c2lg==", "dev": true, "engines": { "node": ">= 14" @@ -664,8 +664,8 @@ "dev": true }, "readme-generator-for-helm": { - "version": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/main", - "integrity": "sha512-W5ziOuId0M00YQRDlA5le3oEguWe8hoINhivOAgEF+AZkk2bDoNxuFUaJIxqAUEvZRA8qlTfUlu+w90EOFbTLw==", + "version": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/498ea5d19478a36556f1636e1e041a7510d09289", + "integrity": "sha512-vCIT2YuskoOU38vNd/if6EhWCVBixdle0e4w2070jv82MlctrQ/5HAYpHZ0cRZCkfoUJ2QOxkGa38nAgUvBb+A==", "dev": true, "requires": { "commander": "^7.1.0", @@ -712,9 +712,9 @@ "dev": true }, "yaml": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.1.tgz", - "integrity": "sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.3.tgz", + "integrity": "sha512-AacA8nRULjKMX2DvWvOAdBZMOfQlypSFkjcOcu9FalllIDJ1kvlREzcdIZmidQUqqeMv7jorHjq2HlLv/+c2lg==", "dev": true } } diff --git a/package.json b/package.json index 007e11f..c39e58a 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "markdownlint-cli": "^0.31.1", - "readme-generator-for-helm": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/main" + "readme-generator-for-helm": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/498ea5d19478a36556f1636e1e041a7510d09289" } } -- 2.40.1 From 6c59fe361d35a3e341880bbf9215f0ddaf1c4084 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 17 Oct 2022 04:19:45 +0800 Subject: [PATCH 130/390] v1.17.3 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 446305a..2b4ed96 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.17.2 +appVersion: 1.17.3 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 57a1cd27d9a6cc014f425fabeadb0db34f242b0e Mon Sep 17 00:00:00 2001 From: dajoen74 Date: Tue, 18 Oct 2022 13:47:21 +0800 Subject: [PATCH 131/390] Gpg init fails to import key (#371) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change The init container for gpg key import doesn´t work. There is a not a tty error. ### Benefits This will run gpg in batch mode. Eliminating the tty error. ### Possible drawbacks None that I can think off. ### Applicable issues - fixes #370 ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [X] Breaking changes are documented in the `README.md` Co-authored-by: Jeroen Verhoeven Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/371 Reviewed-by: techknowlogick Reviewed-by: justusbunsi Co-authored-by: dajoen74 Co-committed-by: dajoen74 --- templates/gitea/init.yaml | 2 +- unittests/init/init_directory_structure.sh.yaml | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 0337388..838460b 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -10,7 +10,7 @@ stringData: #!/usr/bin/env bash set -eu - gpg --import /raw/private.asc + gpg --batch --import /raw/private.asc init_directory_structure.sh: |- #!/usr/bin/env bash diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml index 75b43ea..7be2336 100644 --- a/unittests/init/init_directory_structure.sh.yaml +++ b/unittests/init/init_directory_structure.sh.yaml @@ -5,6 +5,17 @@ release: templates: - templates/gitea/init.yaml tests: + - it: runs gpg in batch mode + set: + signing.enabled: true + asserts: + - equal: + path: stringData.[configure_gpg_environment.sh] + value: |- + #!/usr/bin/env bash + set -eu + + gpg --batch --import /raw/private.asc - it: skips gpg script block for disabled signing asserts: - equal: -- 2.40.1 From d5ce1a47eaad935ea709b7a03bfdf6c69bac8f32 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 21 Oct 2022 00:35:19 +0800 Subject: [PATCH 132/390] Temporary revert GPG feature for semver based retagging (#373) Feature #343 happens to be a breaking change when enabling `.Values.signing` but not specifying any of the new private key properties. Tag `v6.0.2` is therefore not following semantic versioning. This temporarily reverts commit b8f0310c43bd71dd48ac92b70d8ebdb94d43c29b and a fix-up commit 57a1cd27d9a6cc014f425fabeadb0db34f242b0e to retag 6.0.2 as 6.0.3. Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/373 Reviewed-by: techknowlogick Reviewed-by: luhahn --- .drone.yml | 9 -- .gitignore | 1 - .helmignore | 1 - CONTRIBUTING.md | 10 -- Makefile | 4 - README.md | 71 +++++--------- templates/_helpers.tpl | 4 - templates/gitea/gpg-secret.yaml | 16 ---- templates/gitea/init.yaml | 13 --- templates/gitea/statefulset.yaml | 43 --------- unittests/gpg-secret/signing-disabled.yaml | 13 --- unittests/gpg-secret/signing-enabled.yaml | 40 -------- unittests/init/basic.yaml | 15 --- .../init/init_directory_structure.sh.yaml | 64 ------------- unittests/statefulset/basic.yaml | 17 ---- unittests/statefulset/signing-disabled.yaml | 40 -------- unittests/statefulset/signing-enabled.yaml | 93 ------------------- values.yaml | 8 -- 18 files changed, 22 insertions(+), 440 deletions(-) delete mode 100644 templates/gitea/gpg-secret.yaml delete mode 100644 unittests/gpg-secret/signing-disabled.yaml delete mode 100644 unittests/gpg-secret/signing-enabled.yaml delete mode 100644 unittests/init/basic.yaml delete mode 100644 unittests/init/init_directory_structure.sh.yaml delete mode 100644 unittests/statefulset/basic.yaml delete mode 100644 unittests/statefulset/signing-disabled.yaml delete mode 100644 unittests/statefulset/signing-enabled.yaml diff --git a/.drone.yml b/.drone.yml index b9365c4..d0244e3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,15 +23,6 @@ steps: - helm dependency update - helm template --debug gitea-helm . -- name: helm unittests - pull: always - image: alpine:3.16 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash - - helm plugin install https://github.com/heyhabito/helm-unittest - - helm dependency update - - make unittests - - name: verify readme pull: always image: alpine:3.16 diff --git a/.gitignore b/.gitignore index 10261af..22b7fa6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ charts/ node_modules/ .DS_Store -unittests/*/__snapshot__/ diff --git a/.helmignore b/.helmignore index 048126d..a8cc816 100644 --- a/.helmignore +++ b/.helmignore @@ -25,4 +25,3 @@ node_modules/ package.json package-lock.json .gitea/ -unittests/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 78f77d9..d06973c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,13 +50,3 @@ be used: forwarded first from `minikube` to localhost first via `kubectl --namespace default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at [http://localhost:3000](http://localhost:3000). - -### Unit tests - -```bash -# install the unittest plugin -$ helm plugin install https://github.com/heyhabito/helm-unittest - -# run the unittests -make unittests -``` diff --git a/Makefile b/Makefile index 2b61849..720a657 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,3 @@ prepare-environment: readme: prepare-environment npm run readme:parameters npm run readme:lint - -.PHONY: unittests -unittests: - helm unittest --helm3 --strict -f 'unittests/**/*.yaml' ./ diff --git a/README.md b/README.md index d7eaa66..2fc73f7 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,24 @@ of this document for major and breaking changes. - Helm 3.0+ - PV provisioner for persistent data support +## Configure Commit Signing + +When using the rootless image the gpg key folder was is not persistent by +default. If you consider using signed commits for internal Gitea activities +(e.g. initial commit), you'd need to provide a signing key. Prior to +[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be +re-imported once the container got replaced by another. + +The mentioned PR introduced a new configuration object `signing` allowing you to +configure prerequisites for commit signing. By default this section is disabled +to maintain backwards compatibility. + +```yaml +signing: + enabled: false + gpgHome: /data/git/.gnupg +``` + ## Examples ### Gitea Configuration @@ -507,49 +525,6 @@ gitea: ... ``` -## Configure commit signing - -When using the rootless image the gpg key folder is not persistent by -default. If you consider using signed commits for internal Gitea activities -(e.g. initial commit), you'd need to provide a signing key. Prior to -[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be -re-imported once the container got replaced by another. - -The mentioned PR introduced a new configuration object `signing` allowing you to -configure prerequisites for commit signing. By default this section is disabled -to maintain backwards compatibility. - -```yaml -signing: - enabled: false - gpgHome: /data/git/.gnupg -``` - -Regardless of the used container image the `signing` object allows to specify a -private gpg key. Either using the `signing.privateKey` to define the key inline, -or refer to an existing secret containing the key data by using `signing.existingKey`. - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: custom-gitea-gpg-key -type: Opaque -stringData: - privateKey: |- - -----BEGIN PGP PRIVATE KEY BLOCK----- - ... - -----END PGP PRIVATE KEY BLOCK----- -``` - -```yaml -signing: - existingSecret: custom-gitea-gpg-key -``` - -To use the gpg key, Gitea needs to be configured accordingly. A detailed description -can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). - ### Metrics and profiling A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling @@ -694,12 +669,10 @@ gitea: ### Signing -| Name | Description | Value | -| ------------------------ | ----------------------------------------------------------------- | ------------------ | -| `signing.enabled` | Enable commit/action signing | `false` | -| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` | -| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | +| Name | Description | Value | +| ----------------- | ---------------------------- | ------------------ | +| `signing.enabled` | Enable commit/action signing | `false` | +| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | ### Gitea diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 5bdcca9..0e481e0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -331,7 +331,3 @@ https {{- toYaml .Values.extraVolumeMounts -}} {{- end -}} {{- end -}} - -{{- define "gitea.gpg-key-secret-name" -}} -{{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }} -{{- end -}} diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml deleted file mode 100644 index 29b6d4f..0000000 --- a/templates/gitea/gpg-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.signing.enabled -}} -{{- if and (empty .Values.signing.privateKey) (empty .Values.signing.existingSecret) -}} - {{- fail "Either specify `signing.privateKey` or `signing.existingKey`" -}} -{{- end }} -{{- if and (not (empty .Values.signing.privateKey)) (empty .Values.signing.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "gitea.gpg-key-secret-name" . }} - labels: - {{- include "gitea.labels" . | nindent 4 }} -type: Opaque -data: - privateKey: {{ .Values.signing.privateKey | b64enc }} -{{- end }} -{{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 838460b..8ea3aa9 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -6,11 +6,6 @@ metadata: {{- include "gitea.labels" . | nindent 4 }} type: Opaque stringData: - configure_gpg_environment.sh: |- - #!/usr/bin/env bash - set -eu - - gpg --batch --import /raw/private.asc init_directory_structure.sh: |- #!/usr/bin/env bash @@ -40,14 +35,6 @@ stringData: {{- end }} chmod ug+rwx "${GITEA_TEMP}" - {{ if .Values.signing.enabled -}} - if [ ! -d "${GNUPGHOME}" ]; then - mkdir -p "${GNUPGHOME}" - chmod 700 "${GNUPGHOME}" - chown 1000:1000 "${GNUPGHOME}" - fi - {{- end }} - configure_gitea.sh: |- #!/usr/bin/env bash diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index ce6f550..ed9a887 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -59,10 +59,6 @@ spec: {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} - {{- if .Values.signing.enabled }} - - name: GNUPGHOME - value: {{ .Values.signing.gpgHome }} - {{- end }} volumeMounts: - name: init mountPath: /usr/sbin @@ -114,36 +110,6 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- if .Values.signing.enabled }} - - name: configure-gpg - image: "{{ include "gitea.image" . }}" - command: ["/usr/sbin/configure_gpg_environment.sh"] - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} - {{- $csc := deepCopy .Values.containerSecurityContext -}} - {{- if not (hasKey $csc "runAsUser") -}} - {{- $_ := set $csc "runAsUser" 1000 -}} - {{- end -}} - {{- toYaml $csc | nindent 12 }} - env: - - name: GNUPGHOME - value: {{ .Values.signing.gpgHome }} - volumeMounts: - - name: init - mountPath: /usr/sbin - - name: data - mountPath: /data - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - - name: gpg-private-key - mountPath: /raw - readOnly: true - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- end }} - name: configure-gitea image: "{{ include "gitea.image" . }}" command: ["/usr/sbin/configure_gitea.sh"] @@ -339,15 +305,6 @@ spec: {{- end }} - name: temp emptyDir: {} - {{- if .Values.signing.enabled }} - - name: gpg-private-key - secret: - secretName: {{ include "gitea.gpg-key-secret-name" . }} - items: - - key: privateKey - path: private.asc - defaultMode: 0100 - {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: diff --git a/unittests/gpg-secret/signing-disabled.yaml b/unittests/gpg-secret/signing-disabled.yaml deleted file mode 100644 index 3b1aba4..0000000 --- a/unittests/gpg-secret/signing-disabled.yaml +++ /dev/null @@ -1,13 +0,0 @@ -suite: GPG secret template (signing disabled) -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/gpg-secret.yaml -tests: - - it: renders nothing - set: - signing.enabled: false - asserts: - - hasDocuments: - count: 0 diff --git a/unittests/gpg-secret/signing-enabled.yaml b/unittests/gpg-secret/signing-enabled.yaml deleted file mode 100644 index 3c742e9..0000000 --- a/unittests/gpg-secret/signing-enabled.yaml +++ /dev/null @@ -1,40 +0,0 @@ -suite: GPG secret template (signing enabled) -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/gpg-secret.yaml -tests: - - it: fails rendering when nothing is configured - set: - signing: - enabled: true - asserts: - - failedTemplate: - errorMessage: Either specify `signing.privateKey` or `signing.existingKey` - - it: skips rendering using external secret reference - set: - signing: - enabled: true - existingSecret: "external-secret-reference" - asserts: - - hasDocuments: - count: 0 - - it: renders secret specification using inline gpg key - set: - signing: - enabled: true - privateKey: "gpg-key-placeholder" - asserts: - - hasDocuments: - count: 1 - - documentIndex: 0 - containsDocument: - kind: Secret - apiVersion: v1 - name: gitea-unittests-gpg-key - - isNotEmpty: - path: metadata.labels - - equal: - path: data.privateKey - value: "Z3BnLWtleS1wbGFjZWhvbGRlcg==" diff --git a/unittests/init/basic.yaml b/unittests/init/basic.yaml deleted file mode 100644 index f2b746e..0000000 --- a/unittests/init/basic.yaml +++ /dev/null @@ -1,15 +0,0 @@ -suite: Init template (basic) -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/init.yaml -tests: - - it: renders a secret - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: Secret - apiVersion: v1 - name: gitea-unittests-init diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml deleted file mode 100644 index 7be2336..0000000 --- a/unittests/init/init_directory_structure.sh.yaml +++ /dev/null @@ -1,64 +0,0 @@ -suite: Init template -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/init.yaml -tests: - - it: runs gpg in batch mode - set: - signing.enabled: true - asserts: - - equal: - path: stringData.[configure_gpg_environment.sh] - value: |- - #!/usr/bin/env bash - set -eu - - gpg --batch --import /raw/private.asc - - it: skips gpg script block for disabled signing - asserts: - - equal: - path: stringData.[init_directory_structure.sh] - value: |- - #!/usr/bin/env bash - - set -euo pipefail - - set -x - chown 1000:1000 /data - mkdir -p /data/git/.ssh - chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf - - # prepare temp directory structure - mkdir -p "${GITEA_TEMP}" - chown 1000:1000 "${GITEA_TEMP}" - chmod ug+rwx "${GITEA_TEMP}" - - it: adds gpg script block for enabled signing - set: - signing.enabled: true - asserts: - - equal: - path: stringData.[init_directory_structure.sh] - value: |- - #!/usr/bin/env bash - - set -euo pipefail - - set -x - chown 1000:1000 /data - mkdir -p /data/git/.ssh - chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf - - # prepare temp directory structure - mkdir -p "${GITEA_TEMP}" - chown 1000:1000 "${GITEA_TEMP}" - chmod ug+rwx "${GITEA_TEMP}" - - if [ ! -d "${GNUPGHOME}" ]; then - mkdir -p "${GNUPGHOME}" - chmod 700 "${GNUPGHOME}" - chown 1000:1000 "${GNUPGHOME}" - fi diff --git a/unittests/statefulset/basic.yaml b/unittests/statefulset/basic.yaml deleted file mode 100644 index 00fb684..0000000 --- a/unittests/statefulset/basic.yaml +++ /dev/null @@ -1,17 +0,0 @@ -suite: Statefulset template (basic) -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/statefulset.yaml - - templates/gitea/config.yaml -tests: - - it: renders a statefulset - template: templates/gitea/statefulset.yaml - asserts: - - hasDocuments: - count: 1 - - containsDocument: - kind: StatefulSet - apiVersion: apps/v1 - name: gitea-unittests diff --git a/unittests/statefulset/signing-disabled.yaml b/unittests/statefulset/signing-disabled.yaml deleted file mode 100644 index 4f9f2ce..0000000 --- a/unittests/statefulset/signing-disabled.yaml +++ /dev/null @@ -1,40 +0,0 @@ -suite: Statefulset template (signing disabled) -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/statefulset.yaml - - templates/gitea/config.yaml -tests: - - it: skips gpg init container - template: templates/gitea/statefulset.yaml - asserts: - - notContains: - path: spec.template.spec.initContainers - any: true - content: - name: configure-gpg - - it: skips gpg env in `init-directories` init container - template: templates/gitea/statefulset.yaml - set: - signing.enabled: true - asserts: - - contains: - path: spec.template.spec.initContainers[0].env - content: - name: GNUPGHOME - value: /data/git/.gnupg - - it: skips gpg env in runtime container - template: templates/gitea/statefulset.yaml - asserts: - - notContains: - path: spec.template.spec.containers[0].env - content: - name: GNUPGHOME - - it: skips gpg volume spec - template: templates/gitea/statefulset.yaml - asserts: - - notContains: - path: spec.template.spec.volumes - content: - name: gpg-private-key diff --git a/unittests/statefulset/signing-enabled.yaml b/unittests/statefulset/signing-enabled.yaml deleted file mode 100644 index ecb237f..0000000 --- a/unittests/statefulset/signing-enabled.yaml +++ /dev/null @@ -1,93 +0,0 @@ -suite: Statefulset template (signing enabled) -release: - name: gitea-unittests - namespace: testing -templates: - - templates/gitea/statefulset.yaml - - templates/gitea/config.yaml -tests: - - it: adds gpg init container - template: templates/gitea/statefulset.yaml - set: - signing: - enabled: true - existingSecret: "custom-gpg-secret" - asserts: - - equal: - path: spec.template.spec.initContainers[2].name - value: configure-gpg - - equal: - path: spec.template.spec.initContainers[2].command - value: ["/usr/sbin/configure_gpg_environment.sh"] - - equal: - path: spec.template.spec.initContainers[2].securityContext - value: - runAsUser: 1000 - - equal: - path: spec.template.spec.initContainers[2].env - value: - - name: GNUPGHOME - value: /data/git/.gnupg - - equal: - path: spec.template.spec.initContainers[2].volumeMounts - value: - - name: init - mountPath: /usr/sbin - - name: data - mountPath: /data - - name: gpg-private-key - mountPath: /raw - readOnly: true - - it: adds gpg env in `init-directories` init container - template: templates/gitea/statefulset.yaml - set: - signing.enabled: true - asserts: - - contains: - path: spec.template.spec.initContainers[0].env - content: - name: GNUPGHOME - value: /data/git/.gnupg - - it: adds gpg env in runtime container - template: templates/gitea/statefulset.yaml - set: - signing.enabled: true - asserts: - - contains: - path: spec.template.spec.containers[0].env - content: - name: GNUPGHOME - value: /data/git/.gnupg - - it: adds gpg volume spec - template: templates/gitea/statefulset.yaml - set: - signing: - enabled: true - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: gpg-private-key - secret: - secretName: gitea-unittests-gpg-key - items: - - key: privateKey - path: private.asc - defaultMode: 0100 - - it: supports gpg volume spec with external reference - template: templates/gitea/statefulset.yaml - set: - signing: - enabled: true - existingSecret: custom-gpg-secret - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: gpg-private-key - secret: - secretName: custom-gpg-secret - items: - - key: privateKey - path: private.asc - defaultMode: 0100 diff --git a/values.yaml b/values.yaml index 5958d24..bd8c4d0 100644 --- a/values.yaml +++ b/values.yaml @@ -253,17 +253,9 @@ initPreScript: "" # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory -## @param signing.privateKey Inline private gpg key for signed Gitea actions -## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false gpgHome: /data/git/.gnupg - privateKey: "" - # privateKey: |- - # -----BEGIN PGP PRIVATE KEY BLOCK----- - # ... - # -----END PGP PRIVATE KEY BLOCK----- - existingSecret: "" ## @section Gitea # -- 2.40.1 From 9ed671d685589ee5cba66baa590f66d5d1e90c0a Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 5 Dec 2022 20:56:08 +0800 Subject: [PATCH 133/390] Switch to official npm release of readme generator (#375) This is a follow up for #369. They published the package on NPM. https://github.com/bitnami-labs/readme-generator-for-helm/issues/36 Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/375 Reviewed-by: pat-s Reviewed-by: Lunny Xiao Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- package-lock.json | 62 +++++++++++++++++++++++------------------------ package.json | 4 +-- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/package-lock.json b/package-lock.json index 78a9d97..4a19561 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,14 +7,30 @@ "name": "gitea-helm-chart", "license": "MIT", "devDependencies": { - "markdownlint-cli": "^0.31.1", - "readme-generator-for-helm": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/498ea5d19478a36556f1636e1e041a7510d09289" + "@bitnami/readme-generator-for-helm": "^2.4.2", + "markdownlint-cli": "^0.31.1" }, "engines": { "node": ">=16.0.0", "npm": ">=8.0.0" } }, + "node_modules/@bitnami/readme-generator-for-helm": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.4.2.tgz", + "integrity": "sha512-2kIXOjRiKJ3PBoBD6EaImp4SNyGM/w67ZPPwbuJi5NeXesupQjFyhIhcKliIledlpuiSrMeH9l80yl6hvmYHUA==", + "dev": true, + "dependencies": { + "commander": "^7.1.0", + "dot-object": "^2.1.4", + "lodash": "^4.17.21", + "markdown-table": "^2.0.0", + "yaml": "^2.0.0-3" + }, + "bin": { + "readme-generator": "bin/index.js" + } + }, "node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -331,23 +347,6 @@ "node": ">=0.10.0" } }, - "node_modules/readme-generator-for-helm": { - "version": "2.4.1", - "resolved": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/498ea5d19478a36556f1636e1e041a7510d09289", - "integrity": "sha512-vCIT2YuskoOU38vNd/if6EhWCVBixdle0e4w2070jv82MlctrQ/5HAYpHZ0cRZCkfoUJ2QOxkGa38nAgUvBb+A==", - "dev": true, - "license": "ISC", - "dependencies": { - "commander": "^7.1.0", - "dot-object": "^2.1.4", - "lodash": "^4.17.21", - "markdown-table": "^2.0.0", - "yaml": "^2.0.0-3" - }, - "bin": { - "readme-generator": "bin/index.js" - } - }, "node_modules/repeat-string": { "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", @@ -407,6 +406,19 @@ } }, "dependencies": { + "@bitnami/readme-generator-for-helm": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.4.2.tgz", + "integrity": "sha512-2kIXOjRiKJ3PBoBD6EaImp4SNyGM/w67ZPPwbuJi5NeXesupQjFyhIhcKliIledlpuiSrMeH9l80yl6hvmYHUA==", + "dev": true, + "requires": { + "commander": "^7.1.0", + "dot-object": "^2.1.4", + "lodash": "^4.17.21", + "markdown-table": "^2.0.0", + "yaml": "^2.0.0-3" + } + }, "argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -663,18 +675,6 @@ "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", "dev": true }, - "readme-generator-for-helm": { - "version": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/498ea5d19478a36556f1636e1e041a7510d09289", - "integrity": "sha512-vCIT2YuskoOU38vNd/if6EhWCVBixdle0e4w2070jv82MlctrQ/5HAYpHZ0cRZCkfoUJ2QOxkGa38nAgUvBb+A==", - "dev": true, - "requires": { - "commander": "^7.1.0", - "dot-object": "^2.1.4", - "lodash": "^4.17.21", - "markdown-table": "^2.0.0", - "yaml": "^2.0.0-3" - } - }, "repeat-string": { "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", diff --git a/package.json b/package.json index c39e58a..deaa802 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "readme:parameters": "readme-generator -v values.yaml -r README.md" }, "devDependencies": { - "markdownlint-cli": "^0.31.1", - "readme-generator-for-helm": "https://github.com/bitnami-labs/readme-generator-for-helm/tarball/498ea5d19478a36556f1636e1e041a7510d09289" + "@bitnami/readme-generator-for-helm": "^2.4.2", + "markdownlint-cli": "^0.31.1" } } -- 2.40.1 From 279bacb9414cb5b01c649552f17c5aeb95f7c910 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 22 Dec 2022 08:18:31 +0800 Subject: [PATCH 134/390] v1.17.4 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 2b4ed96..6ca2fec 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.17.3 +appVersion: 1.17.4 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 4f7bc17d34854bbf98d6e4e169ebe09f29499566 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 27 Dec 2022 17:18:36 +0800 Subject: [PATCH 135/390] Bump alpine version in CI (#384) To fix package installation issues. Apparently installing `helm` in 3.16 fails constantly. Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/384 Reviewed-by: justusbunsi Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- .drone.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index d0244e3..972cee4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -10,14 +10,14 @@ platform: steps: - name: helm lint pull: always - image: alpine:3.16 + image: alpine:3.17 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm lint - name: helm template pull: always - image: alpine:3.16 + image: alpine:3.17 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - helm dependency update @@ -25,7 +25,7 @@ steps: - name: verify readme pull: always - image: alpine:3.16 + image: alpine:3.17 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git - make readme @@ -61,7 +61,7 @@ trigger: steps: - name: generate-chart pull: always - image: alpine:3.16 + image: alpine:3.17 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - apk add --no-cache curl -- 2.40.1 From 6574b1b2320e06d042b80599a8e77575c690f0ac Mon Sep 17 00:00:00 2001 From: JSchlarb Date: Wed, 28 Dec 2022 18:30:15 +0800 Subject: [PATCH 136/390] Ignore unrelated helm files from bundling (#385) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change Exluding non helm chart related files from release artifact ### Benefits Smaller release artifacts ### Possible drawbacks Exluded files not visible any within the artifact ### Applicable issues None ### Additional information None ### ⚠ BREAKING None ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` Co-authored-by: Julian Schlarb Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/385 Reviewed-by: justusbunsi Reviewed-by: pat-s Co-authored-by: JSchlarb Co-committed-by: JSchlarb --- .helmignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.helmignore b/.helmignore index a8cc816..fe6af29 100644 --- a/.helmignore +++ b/.helmignore @@ -25,3 +25,8 @@ node_modules/ package.json package-lock.json .gitea/ +Makefile +.markdownlintignore +.markdownlint.yaml +.drone.yml +CONTRIBUTING.md \ No newline at end of file -- 2.40.1 From 8b6a00603adc1012e5345c2baa1e6f4c3d6066f6 Mon Sep 17 00:00:00 2001 From: robv89r Date: Tue, 10 Jan 2023 14:54:55 +0800 Subject: [PATCH 137/390] Update 'values.yaml' (#394) ### Description of the change Corrects the spelling of the word deprecated. ### Benefits Documentation free of misspelled words is more likely to be viewed as "professional". ### Possible drawbacks None that I can think of ### Applicable issues - fixes #393 ### Additional information There may be other misspelled words or incorrectly phrased passages that aren't addressed in this PR. For reference, see the online dictionary for the correct spelling of deprecated. https://www.merriam-webster.com/dictionary/deprecated ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [X] Breaking changes are documented in the `README.md` Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/394 Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: robv89r Co-committed-by: robv89r --- values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/values.yaml b/values.yaml index bd8c4d0..ad0ca31 100644 --- a/values.yaml +++ b/values.yaml @@ -63,7 +63,7 @@ containerSecurityContext: {} # runAsNonRoot: true # runAsUser: 1000 -## @depracated The securityContext variable has been split two: +## @deprecated The securityContext variable has been split two: ## - containerSecurityContext ## - podSecurityContext. ## @param securityContext Run init and Gitea containers as a specific securityContext @@ -228,7 +228,7 @@ extraContainerVolumeMounts: [] ## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. extraInitVolumeMounts: [] -## @depracated The extraVolumeMounts variable has been split two: +## @deprecated The extraVolumeMounts variable has been split two: ## - extraContainerVolumeMounts ## - extraInitVolumeMounts ## As an example, can be used to mount a client cert when connecting to an external Postgres server. -- 2.40.1 From 19e9b07e6e2adabffc570a00724660c34ee5a39f Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 18 Jan 2023 00:58:10 +0800 Subject: [PATCH 138/390] Re-add GPG configuration feature (#374) This reverts d5ce1a47eaad935ea709b7a03bfdf6c69bac8f32 and therefore adds the GPG feature back into main. As it is a breaking change, this PR now also contains the required upgrade notes. Closes #107 again. Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/374 Reviewed-by: pat-s Reviewed-by: John Olheiser --- .drone.yml | 9 ++ .gitignore | 1 + .helmignore | 3 +- CONTRIBUTING.md | 10 ++ Makefile | 4 + README.md | 78 +++++++++++----- templates/_helpers.tpl | 4 + templates/gitea/gpg-secret.yaml | 16 ++++ templates/gitea/init.yaml | 13 +++ templates/gitea/statefulset.yaml | 43 +++++++++ unittests/gpg-secret/signing-disabled.yaml | 13 +++ unittests/gpg-secret/signing-enabled.yaml | 40 ++++++++ unittests/init/basic.yaml | 15 +++ .../init/init_directory_structure.sh.yaml | 64 +++++++++++++ unittests/statefulset/basic.yaml | 17 ++++ unittests/statefulset/signing-disabled.yaml | 40 ++++++++ unittests/statefulset/signing-enabled.yaml | 93 +++++++++++++++++++ values.yaml | 8 ++ 18 files changed, 448 insertions(+), 23 deletions(-) create mode 100644 templates/gitea/gpg-secret.yaml create mode 100644 unittests/gpg-secret/signing-disabled.yaml create mode 100644 unittests/gpg-secret/signing-enabled.yaml create mode 100644 unittests/init/basic.yaml create mode 100644 unittests/init/init_directory_structure.sh.yaml create mode 100644 unittests/statefulset/basic.yaml create mode 100644 unittests/statefulset/signing-disabled.yaml create mode 100644 unittests/statefulset/signing-enabled.yaml diff --git a/.drone.yml b/.drone.yml index 972cee4..4f78db2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,6 +23,15 @@ steps: - helm dependency update - helm template --debug gitea-helm . +- name: helm unittests + pull: always + image: alpine:3.17 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash + - helm plugin install https://github.com/heyhabito/helm-unittest + - helm dependency update + - make unittests + - name: verify readme pull: always image: alpine:3.17 diff --git a/.gitignore b/.gitignore index 22b7fa6..10261af 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ charts/ node_modules/ .DS_Store +unittests/*/__snapshot__/ diff --git a/.helmignore b/.helmignore index fe6af29..e608c23 100644 --- a/.helmignore +++ b/.helmignore @@ -29,4 +29,5 @@ Makefile .markdownlintignore .markdownlint.yaml .drone.yml -CONTRIBUTING.md \ No newline at end of file +CONTRIBUTING.md +unittests/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d06973c..78f77d9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,3 +50,13 @@ be used: forwarded first from `minikube` to localhost first via `kubectl --namespace default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at [http://localhost:3000](http://localhost:3000). + +### Unit tests + +```bash +# install the unittest plugin +$ helm plugin install https://github.com/heyhabito/helm-unittest + +# run the unittests +make unittests +``` diff --git a/Makefile b/Makefile index 720a657..2b61849 100644 --- a/Makefile +++ b/Makefile @@ -6,3 +6,7 @@ prepare-environment: readme: prepare-environment npm run readme:parameters npm run readme:lint + +.PHONY: unittests +unittests: + helm unittest --helm3 --strict -f 'unittests/**/*.yaml' ./ diff --git a/README.md b/README.md index 2fc73f7..a5c1ce6 100644 --- a/README.md +++ b/README.md @@ -41,24 +41,6 @@ of this document for major and breaking changes. - Helm 3.0+ - PV provisioner for persistent data support -## Configure Commit Signing - -When using the rootless image the gpg key folder was is not persistent by -default. If you consider using signed commits for internal Gitea activities -(e.g. initial commit), you'd need to provide a signing key. Prior to -[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be -re-imported once the container got replaced by another. - -The mentioned PR introduced a new configuration object `signing` allowing you to -configure prerequisites for commit signing. By default this section is disabled -to maintain backwards compatibility. - -```yaml -signing: - enabled: false - gpgHome: /data/git/.gnupg -``` - ## Examples ### Gitea Configuration @@ -525,6 +507,49 @@ gitea: ... ``` +## Configure commit signing + +When using the rootless image the gpg key folder is not persistent by +default. If you consider using signed commits for internal Gitea activities +(e.g. initial commit), you'd need to provide a signing key. Prior to +[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be +re-imported once the container got replaced by another. + +The mentioned PR introduced a new configuration object `signing` allowing you to +configure prerequisites for commit signing. By default this section is disabled +to maintain backwards compatibility. + +```yaml +signing: + enabled: false + gpgHome: /data/git/.gnupg +``` + +Regardless of the used container image the `signing` object allows to specify a +private gpg key. Either using the `signing.privateKey` to define the key inline, +or refer to an existing secret containing the key data by using `signing.existingKey`. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-gitea-gpg-key +type: Opaque +stringData: + privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + ... + -----END PGP PRIVATE KEY BLOCK----- +``` + +```yaml +signing: + existingSecret: custom-gitea-gpg-key +``` + +To use the gpg key, Gitea needs to be configured accordingly. A detailed description +can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). + ### Metrics and profiling A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling @@ -669,10 +694,12 @@ gitea: ### Signing -| Name | Description | Value | -| ----------------- | ---------------------------- | ------------------ | -| `signing.enabled` | Enable commit/action signing | `false` | -| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------- | ------------------ | +| `signing.enabled` | Enable commit/action signing | `false` | +| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | +| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` | +| `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea @@ -786,6 +813,13 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully. +### To 7.0.0 + +#### Private GPG key configuration for Gitea signing actions + +Having `signing.enabled=true` now requires to use either `signing.privateKey` or `signing.existingSecret` so that the Chart can automatically prepare the GPG key for Gitea internal signing actions. +See [Configure commit signing](#configure-commit-signing) for details. + ### To 6.0.0 #### Different volume mounts for init-containers and runtime container diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 0e481e0..5bdcca9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -331,3 +331,7 @@ https {{- toYaml .Values.extraVolumeMounts -}} {{- end -}} {{- end -}} + +{{- define "gitea.gpg-key-secret-name" -}} +{{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }} +{{- end -}} diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml new file mode 100644 index 0000000..29b6d4f --- /dev/null +++ b/templates/gitea/gpg-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.signing.enabled -}} +{{- if and (empty .Values.signing.privateKey) (empty .Values.signing.existingSecret) -}} + {{- fail "Either specify `signing.privateKey` or `signing.existingKey`" -}} +{{- end }} +{{- if and (not (empty .Values.signing.privateKey)) (empty .Values.signing.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitea.gpg-key-secret-name" . }} + labels: + {{- include "gitea.labels" . | nindent 4 }} +type: Opaque +data: + privateKey: {{ .Values.signing.privateKey | b64enc }} +{{- end }} +{{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 8ea3aa9..838460b 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -6,6 +6,11 @@ metadata: {{- include "gitea.labels" . | nindent 4 }} type: Opaque stringData: + configure_gpg_environment.sh: |- + #!/usr/bin/env bash + set -eu + + gpg --batch --import /raw/private.asc init_directory_structure.sh: |- #!/usr/bin/env bash @@ -35,6 +40,14 @@ stringData: {{- end }} chmod ug+rwx "${GITEA_TEMP}" + {{ if .Values.signing.enabled -}} + if [ ! -d "${GNUPGHOME}" ]; then + mkdir -p "${GNUPGHOME}" + chmod 700 "${GNUPGHOME}" + chown 1000:1000 "${GNUPGHOME}" + fi + {{- end }} + configure_gitea.sh: |- #!/usr/bin/env bash diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index ed9a887..ce6f550 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -59,6 +59,10 @@ spec: {{- if .Values.statefulset.env }} {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} + {{- if .Values.signing.enabled }} + - name: GNUPGHOME + value: {{ .Values.signing.gpgHome }} + {{- end }} volumeMounts: - name: init mountPath: /usr/sbin @@ -110,6 +114,36 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- if .Values.signing.enabled }} + - name: configure-gpg + image: "{{ include "gitea.image" . }}" + command: ["/usr/sbin/configure_gpg_environment.sh"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} + {{- $csc := deepCopy .Values.containerSecurityContext -}} + {{- if not (hasKey $csc "runAsUser") -}} + {{- $_ := set $csc "runAsUser" 1000 -}} + {{- end -}} + {{- toYaml $csc | nindent 12 }} + env: + - name: GNUPGHOME + value: {{ .Values.signing.gpgHome }} + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: data + mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + - name: gpg-private-key + mountPath: /raw + readOnly: true + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} - name: configure-gitea image: "{{ include "gitea.image" . }}" command: ["/usr/sbin/configure_gitea.sh"] @@ -305,6 +339,15 @@ spec: {{- end }} - name: temp emptyDir: {} + {{- if .Values.signing.enabled }} + - name: gpg-private-key + secret: + secretName: {{ include "gitea.gpg-key-secret-name" . }} + items: + - key: privateKey + path: private.asc + defaultMode: 0100 + {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: diff --git a/unittests/gpg-secret/signing-disabled.yaml b/unittests/gpg-secret/signing-disabled.yaml new file mode 100644 index 0000000..3b1aba4 --- /dev/null +++ b/unittests/gpg-secret/signing-disabled.yaml @@ -0,0 +1,13 @@ +suite: GPG secret template (signing disabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/gpg-secret.yaml +tests: + - it: renders nothing + set: + signing.enabled: false + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/gpg-secret/signing-enabled.yaml b/unittests/gpg-secret/signing-enabled.yaml new file mode 100644 index 0000000..3c742e9 --- /dev/null +++ b/unittests/gpg-secret/signing-enabled.yaml @@ -0,0 +1,40 @@ +suite: GPG secret template (signing enabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/gpg-secret.yaml +tests: + - it: fails rendering when nothing is configured + set: + signing: + enabled: true + asserts: + - failedTemplate: + errorMessage: Either specify `signing.privateKey` or `signing.existingKey` + - it: skips rendering using external secret reference + set: + signing: + enabled: true + existingSecret: "external-secret-reference" + asserts: + - hasDocuments: + count: 0 + - it: renders secret specification using inline gpg key + set: + signing: + enabled: true + privateKey: "gpg-key-placeholder" + asserts: + - hasDocuments: + count: 1 + - documentIndex: 0 + containsDocument: + kind: Secret + apiVersion: v1 + name: gitea-unittests-gpg-key + - isNotEmpty: + path: metadata.labels + - equal: + path: data.privateKey + value: "Z3BnLWtleS1wbGFjZWhvbGRlcg==" diff --git a/unittests/init/basic.yaml b/unittests/init/basic.yaml new file mode 100644 index 0000000..f2b746e --- /dev/null +++ b/unittests/init/basic.yaml @@ -0,0 +1,15 @@ +suite: Init template (basic) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/init.yaml +tests: + - it: renders a secret + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Secret + apiVersion: v1 + name: gitea-unittests-init diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml new file mode 100644 index 0000000..7be2336 --- /dev/null +++ b/unittests/init/init_directory_structure.sh.yaml @@ -0,0 +1,64 @@ +suite: Init template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/init.yaml +tests: + - it: runs gpg in batch mode + set: + signing.enabled: true + asserts: + - equal: + path: stringData.[configure_gpg_environment.sh] + value: |- + #!/usr/bin/env bash + set -eu + + gpg --batch --import /raw/private.asc + - it: skips gpg script block for disabled signing + asserts: + - equal: + path: stringData.[init_directory_structure.sh] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + chown 1000:1000 /data + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chown 1000:1000 "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + - it: adds gpg script block for enabled signing + set: + signing.enabled: true + asserts: + - equal: + path: stringData.[init_directory_structure.sh] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + chown 1000:1000 /data + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chown 1000:1000 "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + + if [ ! -d "${GNUPGHOME}" ]; then + mkdir -p "${GNUPGHOME}" + chmod 700 "${GNUPGHOME}" + chown 1000:1000 "${GNUPGHOME}" + fi diff --git a/unittests/statefulset/basic.yaml b/unittests/statefulset/basic.yaml new file mode 100644 index 0000000..00fb684 --- /dev/null +++ b/unittests/statefulset/basic.yaml @@ -0,0 +1,17 @@ +suite: Statefulset template (basic) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: renders a statefulset + template: templates/gitea/statefulset.yaml + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests diff --git a/unittests/statefulset/signing-disabled.yaml b/unittests/statefulset/signing-disabled.yaml new file mode 100644 index 0000000..4f9f2ce --- /dev/null +++ b/unittests/statefulset/signing-disabled.yaml @@ -0,0 +1,40 @@ +suite: Statefulset template (signing disabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: skips gpg init container + template: templates/gitea/statefulset.yaml + asserts: + - notContains: + path: spec.template.spec.initContainers + any: true + content: + name: configure-gpg + - it: skips gpg env in `init-directories` init container + template: templates/gitea/statefulset.yaml + set: + signing.enabled: true + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: GNUPGHOME + value: /data/git/.gnupg + - it: skips gpg env in runtime container + template: templates/gitea/statefulset.yaml + asserts: + - notContains: + path: spec.template.spec.containers[0].env + content: + name: GNUPGHOME + - it: skips gpg volume spec + template: templates/gitea/statefulset.yaml + asserts: + - notContains: + path: spec.template.spec.volumes + content: + name: gpg-private-key diff --git a/unittests/statefulset/signing-enabled.yaml b/unittests/statefulset/signing-enabled.yaml new file mode 100644 index 0000000..ecb237f --- /dev/null +++ b/unittests/statefulset/signing-enabled.yaml @@ -0,0 +1,93 @@ +suite: Statefulset template (signing enabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: adds gpg init container + template: templates/gitea/statefulset.yaml + set: + signing: + enabled: true + existingSecret: "custom-gpg-secret" + asserts: + - equal: + path: spec.template.spec.initContainers[2].name + value: configure-gpg + - equal: + path: spec.template.spec.initContainers[2].command + value: ["/usr/sbin/configure_gpg_environment.sh"] + - equal: + path: spec.template.spec.initContainers[2].securityContext + value: + runAsUser: 1000 + - equal: + path: spec.template.spec.initContainers[2].env + value: + - name: GNUPGHOME + value: /data/git/.gnupg + - equal: + path: spec.template.spec.initContainers[2].volumeMounts + value: + - name: init + mountPath: /usr/sbin + - name: data + mountPath: /data + - name: gpg-private-key + mountPath: /raw + readOnly: true + - it: adds gpg env in `init-directories` init container + template: templates/gitea/statefulset.yaml + set: + signing.enabled: true + asserts: + - contains: + path: spec.template.spec.initContainers[0].env + content: + name: GNUPGHOME + value: /data/git/.gnupg + - it: adds gpg env in runtime container + template: templates/gitea/statefulset.yaml + set: + signing.enabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: GNUPGHOME + value: /data/git/.gnupg + - it: adds gpg volume spec + template: templates/gitea/statefulset.yaml + set: + signing: + enabled: true + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: gpg-private-key + secret: + secretName: gitea-unittests-gpg-key + items: + - key: privateKey + path: private.asc + defaultMode: 0100 + - it: supports gpg volume spec with external reference + template: templates/gitea/statefulset.yaml + set: + signing: + enabled: true + existingSecret: custom-gpg-secret + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: gpg-private-key + secret: + secretName: custom-gpg-secret + items: + - key: privateKey + path: private.asc + defaultMode: 0100 diff --git a/values.yaml b/values.yaml index ad0ca31..ebd2e50 100644 --- a/values.yaml +++ b/values.yaml @@ -253,9 +253,17 @@ initPreScript: "" # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory +## @param signing.privateKey Inline private gpg key for signed Gitea actions +## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false gpgHome: /data/git/.gnupg + privateKey: "" + # privateKey: |- + # -----BEGIN PGP PRIVATE KEY BLOCK----- + # ... + # -----END PGP PRIVATE KEY BLOCK----- + existingSecret: "" ## @section Gitea # -- 2.40.1 From ccec32c144c857abc6a75b1639e22104926697c7 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 18 Jan 2023 19:40:04 +0800 Subject: [PATCH 139/390] Bump Gitea image to 1.18.1 (#395) As title: Bump Gitea image to 1.18.1. Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/395 Reviewed-by: John Olheiser Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.yaml | 2 +- README.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 6ca2fec..f22b989 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.17.4 +appVersion: 1.18.1 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index a5c1ce6..34cf5b4 100644 --- a/README.md +++ b/README.md @@ -815,6 +815,10 @@ Please read them carefully to upgrade successfully. ### To 7.0.0 +#### Gitea 1.18.1 + +This Chart version updates Gitea to 1.18.1. Don't miss any application related [breaking changes of 1.18.0](https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/#breaking-changes). + #### Private GPG key configuration for Gitea signing actions Having `signing.enabled=true` now requires to use either `signing.privateKey` or `signing.existingSecret` so that the Chart can automatically prepare the GPG key for Gitea internal signing actions. -- 2.40.1 From 83c184826b80cf4d7949e926c4a7d160010c1483 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 20 Jan 2023 14:26:45 +0800 Subject: [PATCH 140/390] bump to 1.18.2 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index f22b989..194a8b1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.18.1 +appVersion: 1.18.2 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From da4120809fcadd8d240b3054ed3f916c1c2efac4 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 24 Jan 2023 00:53:20 +0800 Subject: [PATCH 141/390] Bump Gitea to 1.18.3 (#397) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/397 Reviewed-by: John Olheiser Reviewed-by: techknowlogick --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 194a8b1..0e7f1b5 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.18.2 +appVersion: 1.18.3 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From e47edbddf9d57a3ddb1fdc397b6454cdee32c06d Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 8 Feb 2023 05:57:32 +0800 Subject: [PATCH 142/390] use drone secrets for s3 info (#399) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/399 --- .drone.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4f78db2..40fc93e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -85,8 +85,16 @@ steps: pull: always image: plugins/s3:latest settings: - bucket: gitea-artifacts - endpoint: https://ams3.digitaloceanspaces.com + acl: + from_secret: aws_s3_acl + region: + from_secret: aws_s3_region + bucket: + from_secret: aws_s3_bucket + endpoint: + from_secret: aws_s3_endpoint + path_style: + from_secret: aws_s3_path_style access_key: from_secret: aws_access_key_id secret_key: -- 2.40.1 From 513ad812287eec3dfead25a9735eedfffef4122b Mon Sep 17 00:00:00 2001 From: siretart Date: Tue, 21 Feb 2023 05:09:04 +0800 Subject: [PATCH 143/390] Bump Gitea to 1.18.4 (#402) Signed-off-by: siretart Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/402 Reviewed-by: justusbunsi Reviewed-by: John Olheiser Co-authored-by: siretart Co-committed-by: siretart --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 0e7f1b5..35d449f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.18.3 +appVersion: 1.18.4 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 01bb9b4a7774c169eac084aa12612e818d6bfdfa Mon Sep 17 00:00:00 2001 From: podain77 Date: Wed, 22 Feb 2023 01:53:25 +0800 Subject: [PATCH 144/390] Add support for hostAliases (#401) ### Description of the change It is required to add custom mapping between hostnames and IP addresses for the gitea pods to be able to access external services like oauth providers or webhook servers. It is common to take global variables for the entires and set them using hostAliases in the pod template. ### Benefits Give us more flexibility when using gitea in various network environments. ### Applicable issues - fixes #400 ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Co-authored-by: Taekyun Kim Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/401 Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: podain77 Co-committed-by: podain77 --- README.md | 1 + templates/gitea/statefulset.yaml | 4 ++++ values.yaml | 5 +++++ 3 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 34cf5b4..bb64eb6 100644 --- a/README.md +++ b/README.md @@ -591,6 +591,7 @@ gitea: | `global.imageRegistry` | global image registry override | `""` | | `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | | `global.storageClass` | global storage class override | `""` | +| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | | `replicaCount` | number of replicas for the statefulset | `1` | | `clusterDomain` | cluster domain | `cluster.local` | diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index ce6f550..04cbdc5 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -302,6 +302,10 @@ spec: subPath: {{ .Values.persistence.subPath }} {{- end }} {{- include "gitea.container-additional-mounts" . | nindent 12 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/values.yaml b/values.yaml index ebd2e50..1213221 100644 --- a/values.yaml +++ b/values.yaml @@ -6,6 +6,7 @@ ## @param global.imageRegistry global image registry override ## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` ## @param global.storageClass global storage class override +## @param global.hostAliases global hostAliases which will be added to the pod's hosts files global: imageRegistry: "" ## E.g. @@ -14,6 +15,10 @@ global: ## imagePullSecrets: [] storageClass: "" + hostAliases: [] + # - ip: 192.168.137.2 + # hostnames: + # - example.com ## @param replicaCount number of replicas for the statefulset replicaCount: 1 -- 2.40.1 From 578a6cb867ad656f2b889256371fd73617a4b6a5 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 22 Feb 2023 04:38:08 +0800 Subject: [PATCH 145/390] Bump Gitea to 1.18.5 (#403) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/403 Reviewed-by: John Olheiser Reviewed-by: techknowlogick --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 35d449f..f0b09c0 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.18.4 +appVersion: 1.18.5 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From b6d275c4f526796dc945b6362357affa65acb50f Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 26 Feb 2023 20:52:32 +0800 Subject: [PATCH 146/390] Update memcached and use new OCI registry (#405) OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html fixes #404 I think we should switch all other binami charts to also use the new OCI registry as according to their blog post, this will be the future method they're heading to. Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/405 Reviewed-by: techknowlogick Reviewed-by: Lunny Xiao --- Chart.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index f0b09c0..4f0bc4c 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -31,9 +31,11 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: +# OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) +# Chart release date: 2023-02 - name: memcached - repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami - version: 5.9.0 + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.3.7 condition: memcached.enabled - name: mysql repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami -- 2.40.1 From 18100cca116489e8317c5a81d19f7bf7326021a4 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 26 Feb 2023 22:42:43 +0800 Subject: [PATCH 147/390] Fixup Chart.lock inconsistency (#406) Introduced with b6d275c4f526796dc945b6362357affa65acb50f Signed-off-by: justusbunsi Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/406 Reviewed-by: pat-s Reviewed-by: Lunny Xiao Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 245110d..bf9e60f 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: memcached - repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami - version: 5.9.0 + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.3.7 - name: mysql repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 6.14.10 @@ -11,5 +11,5 @@ dependencies: - name: mariadb repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 9.3.6 -digest: sha256:08f967276fa0c083e9756a974a9791a487a71be0a226dc14351b3e5a2641e8fd -generated: "2022-06-11T12:18:36.672047+02:00" +digest: sha256:eb786e862718ddd8c66d66b0a7d3501bd7fbb3c8edef12a406c9544159971965 +generated: "2023-02-26T13:51:59.1429398+01:00" -- 2.40.1 From c46bf7c60fefdd7f63a2e7031a4b9faacdb70b5b Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 8 Mar 2023 03:50:40 +0800 Subject: [PATCH 148/390] Format README (#408) Some small formatting changes which are auto-applied by the markdown code styler in vscode (which I am using a lot). These are also present in #407. Merging this before/in general would help be a bit when tinkering with the README. Mainly indentation related, plus some single quotes -> double quotes changes. Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/408 Reviewed-by: Lunny Xiao Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- .editorconfig | 12 +++++++ CONTRIBUTING.md | 1 + README.md | 84 ++++++++++++++++++++++++------------------------- 3 files changed, 55 insertions(+), 42 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ebe51d3 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = false +insert_final_newline = false \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 78f77d9..14bfc13 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,6 +14,7 @@ When using Visual Studio Code as IDE, following plugins might be useful: - [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) - [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint) - [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense) +- [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) ## Documentation Requirements diff --git a/README.md b/README.md index bb64eb6..d339a7d 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,7 @@ ENABLED = false ### Additional _app.ini_ settings > **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) -section cannot be defined that way.** +> section cannot be defined that way.** Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text @@ -347,9 +347,9 @@ by default. If you want to manage your own PVC you can simply pass the PVC name to the chart. ```yaml - persistence: - enabled: true - existingClaim: MyAwesomeGiteaClaim +persistence: + enabled: true + existingClaim: MyAwesomeGiteaClaim ``` In case that peristence has been disabled it will simply use an empty dir volume. @@ -358,20 +358,20 @@ PostgreSQL handles the persistence in the exact same way. You can interact with the postgres settings as displayed in the following example: ```yaml - postgresql: - persistence: - enabled: true - existingClaim: MyAwesomeGiteaPostgresClaim +postgresql: + persistence: + enabled: true + existingClaim: MyAwesomeGiteaPostgresClaim ``` MySQL also handles persistence the same, even though it is not deployed as a statefulset. You can interact with the postgres settings as displayed in the following example: ```yaml - mysql: - persistence: - enabled: true - existingClaim: MyAwesomeGiteaMysqlClaim +mysql: + persistence: + enabled: true + existingClaim: MyAwesomeGiteaMysqlClaim ``` ### Admin User @@ -382,11 +382,11 @@ not possible to delete an admin user after it has been created. This has to be done in the ui. You cannot use `admin` as username. ```yaml - gitea: - admin: - username: "MyAwesomeGiteaAdmin" - password: "AReallyAwesomeGiteaPassword" - email: "gi@tea.com" +gitea: + admin: + username: "MyAwesomeGiteaAdmin" + password: "AReallyAwesomeGiteaPassword" + email: "gi@tea.com" ``` You can also use an existing Secret to configure the admin user: @@ -404,8 +404,8 @@ stringData: ```yaml gitea: - admin: - existingSecret: gitea-admin-secret + admin: + existingSecret: gitea-admin-secret ``` ### LDAP Settings @@ -416,20 +416,20 @@ All LDAP values from are avail Multiple LDAP sources can be configured with additional LDAP list items. ```yaml - gitea: - ldap: - - name: MyAwesomeGiteaLdap - securityProtocol: unencrypted - host: "127.0.0.1" - port: "389" - userSearchBase: ou=Users,dc=example,dc=com - userFilter: sAMAccountName=%s - adminFilter: CN=Admin,CN=Group,DC=example,DC=com - emailAttribute: mail - bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com - bindPassword: JustAnotherBindPw - usernameAttribute: CN - publicSSHKeyAttribute: publicSSHKey +gitea: + ldap: + - name: MyAwesomeGiteaLdap + securityProtocol: unencrypted + host: "127.0.0.1" + port: "389" + userSearchBase: ou=Users,dc=example,dc=com + userFilter: sAMAccountName=%s + adminFilter: CN=Admin,CN=Group,DC=example,DC=com + emailAttribute: mail + bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com + bindPassword: JustAnotherBindPw + usernameAttribute: CN + publicSSHKeyAttribute: publicSSHKey ``` You can also use an existing secret to set the bindDn and bindPassword: @@ -474,11 +474,11 @@ Multiple OAuth2 sources can be configured with additional OAuth list items. ```yaml gitea: oauth: - - name: 'MyAwesomeGiteaOAuth' - provider: 'openidConnect' - key: 'hello' - secret: 'world' - autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' + - name: "MyAwesomeGiteaOAuth" + provider: "openidConnect" + key: "hello" + secret: "world" + autoDiscoverUrl: "https://gitea.example.com/.well-known/openid-configuration" #useCustomUrls: #customAuthUrl: #customTokenUrl: @@ -502,7 +502,7 @@ stringData: ```yaml gitea: oauth: - - name: 'MyAwesomeGiteaOAuth' + - name: "MyAwesomeGiteaOAuth" existingSecret: gitea-oauth-secret ... ``` @@ -893,9 +893,9 @@ automatically in certain situations: configuration nor via auto generation. We explicitly prevent to set new secrets. > 💡 It would be possible to set new secret keys manually by entering -the running container and rewriting the app.ini by hand. However, this it is -not advisable to do so for existing installations. Certain settings like -_LDAP_ would not be readable anymore. +> the running container and rewriting the app.ini by hand. However, this it is +> not advisable to do so for existing installations. Certain settings like +> _LDAP_ would not be readable anymore. #### Probes -- 2.40.1 From 452aeadddfc1f89ed6df4c52c6a9625a23961cd9 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 9 Mar 2023 01:14:33 +0800 Subject: [PATCH 149/390] Add section describing versioning and update policy (#347) After recent discussions in Discord. Feel free to modify as needed! Co-authored-by: pat-s Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/347 Reviewed-by: Lunny Xiao Reviewed-by: justusbunsi Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index d339a7d..4c9914c 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,22 @@ different approach in providing a database and cache with dependencies. Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories. +## Update and versioning policy + +The Gitea helm chart versioning does not follow Gitea's versioning. +The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-chart/releases). + +The chart aims to follow Gitea's releases closely. +There might be times when the chart is behind the latest Gitea release. +This might be caused by different reasons, most often due to time constraints of the maintainers (remember, all work here is done voluntarily in the spare time of people). +If you're eager to use the latest Gitea version earlier than this chart catches up, then change the tag in `values.yaml` to the latest Gitea version. +Note that besides the exact Gitea version one can also use the `:1` tag to automatically follow the latest Gitea version. +This should be combined with `image.pullPolicy: "Always"`. +Important: Using the `:1` will also automatically jump to new minor release (e.g. from 1.13 to 1.14) which may eventually cause incompatibilities if major/breaking changes happened between these versions. +This is due to Gitea not strictly following [semantic versioning](https://semver.org/#summary) as breaking changes do not increase the major version. +I.e., "minor" version bumps are considered "major". +Yet most often no issues will be encountered and the chart maintainers aim to communicate early/upfront if this would be the case. + ## Dependencies Gitea can be run with an external database and cache. This chart provides those -- 2.40.1 From 9a6cb4d35792d6b0fb8207f93dac4c620528d8a4 Mon Sep 17 00:00:00 2001 From: ooms97 Date: Thu, 9 Mar 2023 23:25:45 +0800 Subject: [PATCH 150/390] Make test pods optional and allow image override (#360) ### Description of the change Make the test-connection Pod optional and override the wget container's image. ### Benefits Allows users to enable/disabled the test-connection Pod and override the wget container's image. ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [X] Breaking changes are documented in the `README.md` Co-authored-by: Umer Anwar Co-authored-by: ooms97 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/360 Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: ooms97 Co-committed-by: ooms97 --- README.md | 9 ++++++--- templates/tests/test-http-connection.yaml | 4 +++- values.yaml | 8 ++++++++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4c9914c..35eb8b1 100644 --- a/README.md +++ b/README.md @@ -815,9 +815,12 @@ gitea: ### Advanced -| Name | Description | Value | -| ------------------ | ---------------------------------------------------- | ------ | -| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | +| Name | Description | Value | +| ------------------ | ------------------------------------------------------------------ | --------- | +| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | +| `test.enabled` | Set it to false to disable test-connection Pod. | `true` | +| `test.image.name` | Image name for the wget container used in the test-connection Pod. | `busybox` | +| `test.image.tag` | Image tag for the wget container used in the test-connection Pod. | `latest` | ## Contributing diff --git a/templates/tests/test-http-connection.yaml b/templates/tests/test-http-connection.yaml index 7fab1b7..8157442 100644 --- a/templates/tests/test-http-connection.yaml +++ b/templates/tests/test-http-connection.yaml @@ -1,3 +1,4 @@ +{{- if .Values.test.enabled }} apiVersion: v1 kind: Pod metadata: @@ -9,7 +10,8 @@ metadata: spec: containers: - name: wget - image: busybox + image: "{{ .Values.test.image.name }}:{{ .Values.test.image.tag }}" command: ['wget'] args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}'] restartPolicy: Never +{{- end }} diff --git a/values.yaml b/values.yaml index 1213221..1d25a82 100644 --- a/values.yaml +++ b/values.yaml @@ -484,4 +484,12 @@ mariadb: # Set it to false to skip this basic validation check. ## @section Advanced ## @param checkDeprecation Set it to false to skip this basic validation check. +## @param test.enabled Set it to false to disable test-connection Pod. +## @param test.image.name Image name for the wget container used in the test-connection Pod. +## @param test.image.tag Image tag for the wget container used in the test-connection Pod. checkDeprecation: true +test: + enabled: true + image: + name: busybox + tag: latest -- 2.40.1 From 4869aed6addd8290f9c464ef721d1b0962852aec Mon Sep 17 00:00:00 2001 From: towo Date: Tue, 21 Mar 2023 14:16:41 +0800 Subject: [PATCH 151/390] Fix wrong reference to `existingKey` (#415) ### Description of the change Fix a wrong reference to `signing.existingKey`, `signing.existingSecret` was what was meant and what is used in the chart. ### Benefits Less confusion when trying to use the Helm chart. ### Possible drawbacks Evangelists of `existingKey` storming the barricades even though `existingKey` is long dead. ### Applicable issues None, nobody noticed enough to care, apparently. Co-authored-by: Tobias Wolter Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/415 Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: towo Co-committed-by: towo --- README.md | 2 +- templates/gitea/gpg-secret.yaml | 2 +- unittests/gpg-secret/signing-enabled.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 35eb8b1..316717e 100644 --- a/README.md +++ b/README.md @@ -543,7 +543,7 @@ signing: Regardless of the used container image the `signing` object allows to specify a private gpg key. Either using the `signing.privateKey` to define the key inline, -or refer to an existing secret containing the key data by using `signing.existingKey`. +or refer to an existing secret containing the key data by using `signing.existingSecret`. ```yaml apiVersion: v1 diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml index 29b6d4f..12dce66 100644 --- a/templates/gitea/gpg-secret.yaml +++ b/templates/gitea/gpg-secret.yaml @@ -1,6 +1,6 @@ {{- if .Values.signing.enabled -}} {{- if and (empty .Values.signing.privateKey) (empty .Values.signing.existingSecret) -}} - {{- fail "Either specify `signing.privateKey` or `signing.existingKey`" -}} + {{- fail "Either specify `signing.privateKey` or `signing.existingSecret`" -}} {{- end }} {{- if and (not (empty .Values.signing.privateKey)) (empty .Values.signing.existingSecret) -}} apiVersion: v1 diff --git a/unittests/gpg-secret/signing-enabled.yaml b/unittests/gpg-secret/signing-enabled.yaml index 3c742e9..4040793 100644 --- a/unittests/gpg-secret/signing-enabled.yaml +++ b/unittests/gpg-secret/signing-enabled.yaml @@ -11,7 +11,7 @@ tests: enabled: true asserts: - failedTemplate: - errorMessage: Either specify `signing.privateKey` or `signing.existingKey` + errorMessage: Either specify `signing.privateKey` or `signing.existingSecret` - it: skips rendering using external secret reference set: signing: -- 2.40.1 From 1be9fae08b54742383e9f78fc3aa09a29b09a4fd Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 21 Mar 2023 23:53:13 +0800 Subject: [PATCH 152/390] test: use official unittest plugin (#410) ### Description of the change Switch to official `helm-unittest` which is now alive again at https://github.com/helm-unittest/helm-unittest ### Applicable issues - ref #199 ### Checklist - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [ ] Breaking changes are documented in the `README.md` Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/410 Reviewed-by: justusbunsi Reviewed-by: pat-s Co-authored-by: Michael Kriese Co-committed-by: Michael Kriese --- .drone.yml | 2 +- CONTRIBUTING.md | 2 +- Makefile | 2 +- unittests/init/init_directory_structure.sh.yaml | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 40fc93e..98f3aa1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -28,7 +28,7 @@ steps: image: alpine:3.17 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash - - helm plugin install https://github.com/heyhabito/helm-unittest + - helm plugin install https://github.com/helm-unittest/helm-unittest - helm dependency update - make unittests diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 14bfc13..7f8f4f0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -56,7 +56,7 @@ be used: ```bash # install the unittest plugin -$ helm plugin install https://github.com/heyhabito/helm-unittest +$ helm plugin install https://github.com/helm-unittest/helm-unittest # run the unittests make unittests diff --git a/Makefile b/Makefile index 2b61849..ff48c63 100644 --- a/Makefile +++ b/Makefile @@ -9,4 +9,4 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --helm3 --strict -f 'unittests/**/*.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' ./ diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml index 7be2336..3b03f66 100644 --- a/unittests/init/init_directory_structure.sh.yaml +++ b/unittests/init/init_directory_structure.sh.yaml @@ -10,7 +10,7 @@ tests: signing.enabled: true asserts: - equal: - path: stringData.[configure_gpg_environment.sh] + path: stringData["configure_gpg_environment.sh"] value: |- #!/usr/bin/env bash set -eu @@ -19,7 +19,7 @@ tests: - it: skips gpg script block for disabled signing asserts: - equal: - path: stringData.[init_directory_structure.sh] + path: stringData["init_directory_structure.sh"] value: |- #!/usr/bin/env bash @@ -40,7 +40,7 @@ tests: signing.enabled: true asserts: - equal: - path: stringData.[init_directory_structure.sh] + path: stringData["init_directory_structure.sh"] value: |- #!/usr/bin/env bash -- 2.40.1 From fdac9e904800a2b61ac753054358dcdbeb9bfe31 Mon Sep 17 00:00:00 2001 From: pi3ch Date: Wed, 22 Mar 2023 16:13:31 +0800 Subject: [PATCH 153/390] Support for SSH log level (#358) Re https://gitea.com/gitea/helm-chart/issues/224#issuecomment-717087 Co-authored-by: justusbunsi Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/358 Reviewed-by: pat-s Reviewed-by: strk Reviewed-by: justusbunsi Co-authored-by: pi3ch Co-committed-by: pi3ch --- README.md | 1 + templates/gitea/statefulset.yaml | 4 ++ unittests/statefulset/ssh-configuration.yaml | 40 ++++++++++++++++++++ values.yaml | 4 ++ 4 files changed, 49 insertions(+) create mode 100644 unittests/statefulset/ssh-configuration.yaml diff --git a/README.md b/README.md index 316717e..2c8d12c 100644 --- a/README.md +++ b/README.md @@ -734,6 +734,7 @@ gitea: | `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | | `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | | `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | ### LivenessProbe diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 04cbdc5..6394e9a 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -243,6 +243,10 @@ spec: value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }} - name: SSH_PORT value: {{ .Values.gitea.config.server.SSH_PORT | quote }} + {{- if not .Values.image.rootless }} + - name: SSH_LOG_LEVEL + value: {{ .Values.gitea.ssh.logLevel | quote }} + {{- end }} - name: GITEA_APP_INI value: /data/gitea/conf/app.ini - name: GITEA_CUSTOM diff --git a/unittests/statefulset/ssh-configuration.yaml b/unittests/statefulset/ssh-configuration.yaml new file mode 100644 index 0000000..24ffc3a --- /dev/null +++ b/unittests/statefulset/ssh-configuration.yaml @@ -0,0 +1,40 @@ +suite: Statefulset template (SSH configuration) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: supports defining SSH log level for root based image + template: templates/gitea/statefulset.yaml + set: + image.rootless: false + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SSH_LOG_LEVEL + value: "INFO" + - it: supports overriding SSH log level + template: templates/gitea/statefulset.yaml + set: + image.rootless: false + gitea.ssh.logLevel: "DEBUG" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SSH_LOG_LEVEL + value: "DEBUG" + - it: skips SSH_LOG_LEVEL for rootless image + template: templates/gitea/statefulset.yaml + set: + image.rootless: true + gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here + asserts: + - notContains: + path: spec.template.spec.containers[0].env + any: true + content: + name: SSH_LOG_LEVEL diff --git a/values.yaml b/values.yaml index 1d25a82..b67508d 100644 --- a/values.yaml +++ b/values.yaml @@ -348,6 +348,10 @@ gitea: ## @param gitea.podAnnotations Annotations for the Gitea pod podAnnotations: {} + ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image. + ssh: + logLevel: "INFO" + ## @section LivenessProbe # ## @param gitea.livenessProbe.enabled Enable liveness probe -- 2.40.1 From 5cb0802b7b1ed76ea09364fd83368316e321cd3c Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 28 Mar 2023 01:12:29 +0800 Subject: [PATCH 154/390] [Breaking] Bump postgres chart to latest release (#391) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See discussion in #387 Upgrade notes to Chart v11.x and Postgres 14.x: https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/ The current version in Gitea is using `11.11.0-debian-10-r62` from 2021-04. Bumping the chart to the latest (v12.x) would use the image `15.2.0-debian-11-r14` which would be a jump from postgres 11 to postgres 15. There are no specific notes for the v12.x chart release, hence we might be able to just go to 12.x directly. There have been some param renamings which I've reflected in the README. **⚠️ BREAKING** Users have to migrate their Postgres DB by e.g. restoring a previously created database dump into a clean installation. Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/391 Reviewed-by: techknowlogick Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 8 ++++---- Chart.yaml | 5 +++-- README.md | 32 +++++++++++++++++++------------- templates/_helpers.tpl | 8 ++++---- values.yaml | 27 +++++++++++++++------------ 5 files changed, 45 insertions(+), 35 deletions(-) diff --git a/Chart.lock b/Chart.lock index bf9e60f..b1bf83a 100644 --- a/Chart.lock +++ b/Chart.lock @@ -6,10 +6,10 @@ dependencies: repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 6.14.10 - name: postgresql - repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami - version: 10.3.17 + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.2.6 - name: mariadb repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 9.3.6 -digest: sha256:eb786e862718ddd8c66d66b0a7d3501bd7fbb3c8edef12a406c9544159971965 -generated: "2023-02-26T13:51:59.1429398+01:00" +digest: sha256:2115873999bfccaaa3308dd4cd374def696572938cc240079ea338b9d8fd9723 +generated: "2023-03-27T10:04:33.619453+02:00" diff --git a/Chart.yaml b/Chart.yaml index 4f0bc4c..9424c00 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,9 +41,10 @@ dependencies: repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 6.14.10 condition: mysql.enabled +# Chart release date: 2023-02 - name: postgresql - repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami - version: 10.3.17 + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.2.6 condition: postgresql.enabled - name: mariadb repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami diff --git a/README.md b/README.md index 2c8d12c..c83c1ed 100644 --- a/README.md +++ b/README.md @@ -368,7 +368,7 @@ persistence: existingClaim: MyAwesomeGiteaClaim ``` -In case that peristence has been disabled it will simply use an empty dir volume. +In case that persistence has been disabled it will simply use an empty dir volume. PostgreSQL handles the persistence in the exact same way. You can interact with the postgres settings as displayed in the following example: @@ -781,14 +781,14 @@ gitea: ### PostgreSQL -| Name | Description | Value | -| ------------------------------------------------- | -------------------------------------------------------- | ------- | -| `postgresql.enabled` | Enable PostgreSQL | `true` | -| `postgresql.global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides postgresqlDatabase) | `gitea` | -| `postgresql.global.postgresql.postgresqlUsername` | PostgreSQL username (overrides postgresqlUsername) | `gitea` | -| `postgresql.global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides postgresqlPassword) | `gitea` | -| `postgresql.global.postgresql.servicePort` | PostgreSQL port (overrides service.port) | `5432` | -| `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | +| Name | Description | Value | +| ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | +| `postgresql.enabled` | Enable PostgreSQL | `true` | +| `postgresql.global.postgresql.auth.password` | Password for the "Gitea" user (overrides `auth.password`) | `gitea` | +| `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | +| `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | +| `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | ### MySQL @@ -834,12 +834,18 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully. +### To 8.0.0 + +#### Postgres Update from v11 to v15 + +This Chart version updates the Postgres chart dependency and subsequently Postgres from v11 to v15. +Please read the [Postgres Release Notes](https://www.postgresql.org/docs/release/) for version-specific changes. +With respect to `values.yaml`, parameters `username`, `database` and `password` have been regrouped under `auth` and slightly renamed. +`persistence` has also been regrouped under the `primary` key. +Please adjust your `values.yaml` accordingly. + ### To 7.0.0 -#### Gitea 1.18.1 - -This Chart version updates Gitea to 1.18.1. Don't miss any application related [breaking changes of 1.18.0](https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/#breaking-changes). - #### Private GPG key configuration for Gitea signing actions Having `signing.enabled=true` now requires to use either `signing.privateKey` or `signing.existingSecret` so that the Chart can automatically prepare the GPG key for Gitea internal signing actions. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 5bdcca9..fc5a05c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -92,7 +92,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}} +{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} {{- end -}} {{- define "mysql.dns" -}} @@ -292,9 +292,9 @@ https {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.auth.database -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.auth.username -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.auth.password -}} {{- else if .Values.mysql.enabled -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} {{- if not (.Values.gitea.config.database.HOST) -}} diff --git a/values.yaml b/values.yaml index b67508d..9e14913 100644 --- a/values.yaml +++ b/values.yaml @@ -125,7 +125,6 @@ service: loadBalancerSourceRanges: [] annotations: {} - ## @section Ingress ## @param ingress.enabled Enable ingress ## @param ingress.className Ingress class name @@ -424,21 +423,25 @@ memcached: ## @section PostgreSQL # ## @param postgresql.enabled Enable PostgreSQL -## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase) -## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername) -## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword) -## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port) -## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume +## @param postgresql.global.postgresql.auth.password Password for the "gitea" user (overrides `auth.password`) +## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) +## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume postgresql: enabled: true global: postgresql: - postgresqlDatabase: gitea - postgresqlUsername: gitea - postgresqlPassword: gitea - servicePort: 5432 - persistence: - size: 10Gi + auth: + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql: 5432 + primary: + persistence: + size: 10Gi ## @section MySQL # -- 2.40.1 From ae9a71ea11417ebc715fec8b2137cdddf598be09 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 29 Mar 2023 01:02:04 +0800 Subject: [PATCH 155/390] Remove mysql and mariadb chart deps (#417) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As discussed in Discord. Supersedes #412 and #407. **⚠️ BREAKING** Users depending on the built-in MySQL or MariaDB chart have to switch to an self-managed database, or Postgres Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/417 Reviewed-by: justusbunsi Reviewed-by: John Olheiser Reviewed-by: yardenshoham Co-authored-by: pat-s Co-committed-by: pat-s --- .markdownlint.yaml | 2 -- Chart.lock | 10 ++------- Chart.yaml | 9 -------- README.md | 50 ++++++++++-------------------------------- templates/_helpers.tpl | 8 ------- values.yaml | 44 ------------------------------------- 6 files changed, 13 insertions(+), 110 deletions(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 6320f35..1ca2b5b 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -131,8 +131,6 @@ MD044: names: - Gitea - PostgreSQL - - MariaDB - - MySQL - Memcached - Prometheus - Git diff --git a/Chart.lock b/Chart.lock index b1bf83a..8658084 100644 --- a/Chart.lock +++ b/Chart.lock @@ -2,14 +2,8 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts version: 6.3.7 -- name: mysql - repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami - version: 6.14.10 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.2.6 -- name: mariadb - repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami - version: 9.3.6 -digest: sha256:2115873999bfccaaa3308dd4cd374def696572938cc240079ea338b9d8fd9723 -generated: "2023-03-27T10:04:33.619453+02:00" +digest: sha256:c2026881f71eca24c72e9da3e798a1ad2a5af8e86a39a5341015584eaacf8b64 +generated: "2023-03-27T19:20:21.125036+02:00" diff --git a/Chart.yaml b/Chart.yaml index 9424c00..533fe12 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -37,16 +37,7 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts version: 6.3.7 condition: memcached.enabled -- name: mysql - repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami - version: 6.14.10 - condition: mysql.enabled -# Chart release date: 2023-02 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.2.6 condition: postgresql.enabled -- name: mariadb - repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami - version: 9.3.6 - condition: mariadb.enabled diff --git a/README.md b/README.md index c83c1ed..ccc06b5 100644 --- a/README.md +++ b/README.md @@ -37,8 +37,6 @@ Dependencies: - PostgreSQL ([configuration](#postgresql)) - Memcached ([configuration](#memcached)) -- MySQL ([configuration](#mysql)) -- MariaDB ([configuration](#mariadb)) ## Installing @@ -235,14 +233,17 @@ Priority (highest to lowest) for defining app.ini variables: ### External Database -An external Database can be used instead of builtIn PostgreSQL or MySQL. +Any external Database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. +In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm. + +If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. ```yaml gitea: config: database: DB_TYPE: mysql - HOST: 127.0.0.1:3306 + HOST: NAME: gitea USER: root PASSWD: gitea @@ -380,16 +381,6 @@ postgresql: existingClaim: MyAwesomeGiteaPostgresClaim ``` -MySQL also handles persistence the same, even though it is not deployed as a statefulset. -You can interact with the postgres settings as displayed in the following example: - -```yaml -mysql: - persistence: - enabled: true - existingClaim: MyAwesomeGiteaMysqlClaim -``` - ### Admin User This chart enables you to create a default admin user. It is also possible to @@ -790,30 +781,6 @@ gitea: | `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | | `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | -### MySQL - -| Name | Description | Value | -| ------------------------ | ------------------------------------------------------------------ | ------- | -| `mysql.enabled` | Enable MySQL | `false` | -| `mysql.root.password` | Password for the root user. Ignored if existing secret is provided | `gitea` | -| `mysql.db.user` | Username of new user to create. | `gitea` | -| `mysql.db.password` | Password for the new user.Ignored if existing secret is provided | `gitea` | -| `mysql.db.name` | Name for new database to create. | `gitea` | -| `mysql.service.port` | Port to connect to MySQL service | `3306` | -| `mysql.persistence.size` | PVC Storage Request for MySQL volume | `10Gi` | - -### MariaDB - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------- | ------- | -| `mariadb.enabled` | Enable MariaDB | `false` | -| `mariadb.auth.database` | Name of the database to create. | `gitea` | -| `mariadb.auth.username` | Username of the new user to create. | `gitea` | -| `mariadb.auth.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | -| `mariadb.auth.rootPassword` | Password for the root user. | `gitea` | -| `mariadb.primary.service.port` | Port to connect to MariaDB service | `3306` | -| `mariadb.primary.persistence.size` | Persistence size for MariaDB | `10Gi` | - ### Advanced | Name | Description | Value | @@ -836,6 +803,11 @@ Please read them carefully to upgrade successfully. ### To 8.0.0 +#### Removal of MariaDB and MySQL DB chart dependencies + +In this version support for DB chart dependencies of MySQL and MariaDB have been removed to simplify the maintenance of the helm chart. +External MySQL and MariaDB databases are still supported and will be in the future. + #### Postgres Update from v11 to v15 This Chart version updates the Postgres chart dependency and subsequently Postgres from v11 to v15. @@ -883,7 +855,7 @@ after the upgrade. #### Enable Dependencies The values to enable the dependencies, -such as PostgreSQL, Memcached, MySQL and MariaDB +such as PostgreSQL, Memcached, MySQL and MariaDB. have been moved from `gitea.database.builtIn.` to the dependency values. You can now enable the dependencies as followed: diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index fc5a05c..1732bd2 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -95,14 +95,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} {{- end -}} -{{- define "mysql.dns" -}} -{{- printf "%s-mysql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "mariadb.dns" -}} -{{- printf "%s-mariadb.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mariadb.primary.service.port | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{- define "memcached.dns" -}} {{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}} {{- end -}} diff --git a/values.yaml b/values.yaml index 9e14913..fd839b0 100644 --- a/values.yaml +++ b/values.yaml @@ -443,50 +443,6 @@ postgresql: persistence: size: 10Gi -## @section MySQL -# -## @param mysql.enabled Enable MySQL -## @param mysql.root.password Password for the root user. Ignored if existing secret is provided -## @param mysql.db.user Username of new user to create. -## @param mysql.db.password Password for the new user.Ignored if existing secret is provided -## @param mysql.db.name Name for new database to create. -## @param mysql.service.port Port to connect to MySQL service -## @param mysql.persistence.size PVC Storage Request for MySQL volume -mysql: - enabled: false - root: - password: gitea - db: - user: gitea - password: gitea - name: gitea - service: - port: 3306 - persistence: - size: 10Gi - -## @section MariaDB -# -## @param mariadb.enabled Enable MariaDB -## @param mariadb.auth.database Name of the database to create. -## @param mariadb.auth.username Username of the new user to create. -## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided -## @param mariadb.auth.rootPassword Password for the root user. -## @param mariadb.primary.service.port Port to connect to MariaDB service -## @param mariadb.primary.persistence.size Persistence size for MariaDB -mariadb: - enabled: false - auth: - database: gitea - username: gitea - password: gitea - rootPassword: gitea - primary: - service: - port: 3306 - persistence: - size: 10Gi - # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. # Set it to false to skip this basic validation check. ## @section Advanced -- 2.40.1 From fb5c615f6180050d650b1420c848a018e19072c8 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 29 Mar 2023 01:10:15 +0800 Subject: [PATCH 156/390] Bump Gitea to 1.19.0 (#418) As title. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/418 Reviewed-by: John Olheiser Reviewed-by: yardenshoham --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 533fe12..b667084 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.18.5 +appVersion: 1.19.0 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 0f4e1e488a34c2e148dcb1e4b164ce7dc841a3d8 Mon Sep 17 00:00:00 2001 From: Maximilian Marschall Date: Wed, 29 Mar 2023 03:02:29 +0800 Subject: [PATCH 157/390] remove mariadb and mysql from _helpers.tpl (#421) ### Description of the change Removes checks for mariadb and mysql from _helpers.tpl ### Benefits Fixes the helm-chart version 8.0.0 if using a external database ### Applicable issues - fixes #420 - fixes #419 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/421 Reviewed-by: justusbunsi Reviewed-by: John Olheiser Reviewed-by: delvh Reviewed-by: yardenshoham Co-authored-by: Maximilian Marschall Co-committed-by: Maximilian Marschall --- templates/_helpers.tpl | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 1732bd2..f8078ff 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -287,22 +287,6 @@ https {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.auth.database -}} {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.auth.username -}} {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.auth.password -}} - {{- else if .Values.mysql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} - {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}} - {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}} - {{- else if .Values.mariadb.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} - {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}} - {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}} {{- end -}} {{- end -}} -- 2.40.1 From a0ba3c9bef03fbe94766764b789205e59bd09e56 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 29 Mar 2023 05:11:33 +0800 Subject: [PATCH 158/390] Bump memcached to add arm64 support (#422) And allow overriding the `image` section so users could possible also use other image tags. fix #285 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/422 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 6 +++--- Chart.yaml | 6 +++--- README.md | 8 ++++---- templates/_helpers.tpl | 2 +- values.yaml | 13 +++++++++++-- 5 files changed, 22 insertions(+), 13 deletions(-) diff --git a/Chart.lock b/Chart.lock index 8658084..59b0519 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.7 + version: 6.3.13 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.2.6 -digest: sha256:c2026881f71eca24c72e9da3e798a1ad2a5af8e86a39a5341015584eaacf8b64 -generated: "2023-03-27T19:20:21.125036+02:00" +digest: sha256:7a37054b0ae841314b1e309fec6f1edc0f22f77161ee915ebfb1ce011457884c +generated: "2023-03-28T21:20:51.230043+02:00" diff --git a/Chart.yaml b/Chart.yaml index b667084..ed2f257 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -32,12 +32,12 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) -# Chart release date: 2023-02 +# Chart release date: 2023-03 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.7 + version: 6.3.13 condition: memcached.enabled - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.2.6 - condition: postgresql.enabled + condition: postgresql.enabled \ No newline at end of file diff --git a/README.md b/README.md index ccc06b5..de3d5de 100644 --- a/README.md +++ b/README.md @@ -765,10 +765,10 @@ gitea: ### Memcached -| Name | Description | Value | -| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | -| `memcached.service.port` | Port for Memcached | `11211` | +| Name | Description | Value | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | +| `memcached.service.ports.memcached` | Port for Memcached | `11211` | ### PostgreSQL diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index f8078ff..97c286c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -96,7 +96,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "memcached.dns" -}} -{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.ports.memcached | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "gitea.default_domain" -}} diff --git a/values.yaml b/values.yaml index fd839b0..030832f 100644 --- a/values.yaml +++ b/values.yaml @@ -414,11 +414,20 @@ gitea: ## @section Memcached # ## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. -## @param memcached.service.port Port for Memcached +## ref: https://hub.docker.com/r/bitnami/memcached/tags/ +## @param memcached.service.ports.memcached Port for Memcached memcached: enabled: true + # image: + # registry: docker.io + # repository: bitnami/memcached + # tag: "" + # digest: "" + # pullPolicy: IfNotPresent + # pullSecrets: [] service: - port: 11211 + ports: + memcached: 11211 ## @section PostgreSQL # -- 2.40.1 From 6915a4b401a919700c3d0f9d46d1a5279d2b75c7 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 29 Mar 2023 05:12:10 +0800 Subject: [PATCH 159/390] Add chart author (#411) and format YAML (maybe we should also update the maintainers list if some are not active anymore?) Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/411 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index ed2f257..5cae49e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -28,6 +28,8 @@ maintainers: email: lucas.hahn@novum-rgi.de - name: Steven Kriegler email: sk.bunsenbrenner@gmail.com + - name: Patrick Schratz + email: patrick.schratz@gmail.com # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: -- 2.40.1 From 87c59b2fca7f97a361564dcf988c0e725693da50 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 29 Mar 2023 05:18:23 +0800 Subject: [PATCH 160/390] Format all files with `prettier` VSCode plugin and add `yamllint` in CI (#413) @justusbunsi to end my formatting mess... ;) I am not fully sure myself about the linebreaks in `values.yaml` but I don't think there's an easy way to change that behavior. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/413 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- .drone.yml | 153 ++++++++++++++++--------------- .markdownlint.yaml | 12 +-- .yamllint | 20 ++++ Chart.lock | 12 +-- Chart.yaml | 20 ++-- unittests/init/basic.yaml | 2 +- unittests/statefulset/basic.yaml | 2 +- values.yaml | 17 ++-- 8 files changed, 134 insertions(+), 104 deletions(-) create mode 100644 .yamllint diff --git a/.drone.yml b/.drone.yml index 98f3aa1..93098ca 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,51 +8,56 @@ platform: arch: arm64 steps: -- name: helm lint - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - - helm lint + - name: helm lint + pull: always + image: alpine:3.17 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - helm lint -- name: helm template - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - - helm dependency update - - helm template --debug gitea-helm . + - name: helm template + pull: always + image: alpine:3.17 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - helm dependency update + - helm template --debug gitea-helm . -- name: helm unittests - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash - - helm plugin install https://github.com/helm-unittest/helm-unittest - - helm dependency update - - make unittests + - name: helm unittests + pull: always + image: alpine:3.17 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash + - helm plugin install https://github.com/helm-unittest/helm-unittest + - helm dependency update + - make unittests -- name: verify readme - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git - - make readme - - git diff --exit-code --name-only README.md + - name: verify readme + pull: always + image: alpine:3.17 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git + - make readme + - git diff --exit-code --name-only README.md -- name: discord - pull: always - image: appleboy/drone-discord:1.2.4 - environment: - DISCORD_WEBHOOK_ID: - from_secret: discord_webhook_id - DISCORD_WEBHOOK_TOKEN: - from_secret: discord_webhook_token - when: - status: - - changed - - failure + - name: yaml lint + pull: always + image: cytopia/yamllint:alpine-1 + commands: + - yamllint -f colored . + - name: discord + pull: always + image: appleboy/drone-discord:1.2.4 + environment: + DISCORD_WEBHOOK_ID: + from_secret: discord_webhook_id + DISCORD_WEBHOOK_TOKEN: + from_secret: discord_webhook_token + when: + status: + - changed + - failure --- kind: pipeline @@ -65,40 +70,40 @@ platform: trigger: event: - - tag + - tag steps: -- name: generate-chart - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - - apk add --no-cache curl - - helm dependency update - - helm package --version "${DRONE_TAG##v}" ./ - - mkdir gitea - - mv gitea*.tgz gitea/ - - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml - - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml + - name: generate-chart + pull: always + image: alpine:3.17 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - apk add --no-cache curl + - helm dependency update + - helm package --version "${DRONE_TAG##v}" ./ + - mkdir gitea + - mv gitea*.tgz gitea/ + - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml + - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml -- name: upload-chart - pull: always - image: plugins/s3:latest - settings: - acl: - from_secret: aws_s3_acl - region: - from_secret: aws_s3_region - bucket: - from_secret: aws_s3_bucket - endpoint: - from_secret: aws_s3_endpoint - path_style: - from_secret: aws_s3_path_style - access_key: - from_secret: aws_access_key_id - secret_key: - from_secret: aws_secret_access_key - source: gitea/* - target: /charts - strip_prefix: gitea/ + - name: upload-chart + pull: always + image: plugins/s3:latest + settings: + acl: + from_secret: aws_s3_acl + region: + from_secret: aws_s3_region + bucket: + from_secret: aws_s3_bucket + endpoint: + from_secret: aws_s3_endpoint + path_style: + from_secret: aws_s3_path_style + access_key: + from_secret: aws_access_key_id + secret_key: + from_secret: aws_secret_access_key + source: gitea/* + target: /charts + strip_prefix: gitea/ diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 1ca2b5b..305545f 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -129,12 +129,12 @@ MD041: MD044: # List of proper names names: - - Gitea - - PostgreSQL - - Memcached - - Prometheus - - Git - - GitOps + - Gitea + - PostgreSQL + - Memcached + - Prometheus + - Git + - GitOps # Include code blocks code_blocks: false diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..90128be --- /dev/null +++ b/.yamllint @@ -0,0 +1,20 @@ +--- +extends: default + +ignore: | + .yamllint + node_modules + templates + + +rules: + truthy: + allowed-values: ['true', 'false'] + check-keys: False + level: error + line-length: disable + document-start: disable + comments: + min-spaces-from-content: 1 + braces: + max-spaces-inside: 2 \ No newline at end of file diff --git a/Chart.lock b/Chart.lock index 59b0519..44f821e 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,9 @@ dependencies: -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.13 -- name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 12.2.6 + - name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.3.13 + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.2.6 digest: sha256:7a37054b0ae841314b1e309fec6f1edc0f22f77161ee915ebfb1ce011457884c generated: "2023-03-28T21:20:51.230043+02:00" diff --git a/Chart.yaml b/Chart.yaml index 5cae49e..2c3ac2e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -33,13 +33,13 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: -# OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) -# Chart release date: 2023-03 -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.13 - condition: memcached.enabled -- name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 12.2.6 - condition: postgresql.enabled \ No newline at end of file + # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) + # Chart release date: 2023-03 + - name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.3.13 + condition: memcached.enabled + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.2.6 + condition: postgresql.enabled diff --git a/unittests/init/basic.yaml b/unittests/init/basic.yaml index f2b746e..25027f5 100644 --- a/unittests/init/basic.yaml +++ b/unittests/init/basic.yaml @@ -10,6 +10,6 @@ tests: - hasDocuments: count: 1 - containsDocument: - kind: Secret + kind: Secret apiVersion: v1 name: gitea-unittests-init diff --git a/unittests/statefulset/basic.yaml b/unittests/statefulset/basic.yaml index 00fb684..047067b 100644 --- a/unittests/statefulset/basic.yaml +++ b/unittests/statefulset/basic.yaml @@ -12,6 +12,6 @@ tests: - hasDocuments: count: 1 - containsDocument: - kind: StatefulSet + kind: StatefulSet apiVersion: apps/v1 name: gitea-unittests diff --git a/values.yaml b/values.yaml index 030832f..086d06c 100644 --- a/values.yaml +++ b/values.yaml @@ -138,7 +138,8 @@ ingress: enabled: false # className: nginx className: - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: @@ -157,7 +158,8 @@ ingress: ## @section StatefulSet # ## @param resources Kubernetes resources -resources: {} +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -192,7 +194,8 @@ dnsConfig: {} ## @param statefulset.labels Labels for the statefulset ## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created statefulset: - env: [] + env: + [] # - name: VARIABLE # value: my-value terminationGracePeriodSeconds: 60 @@ -277,7 +280,7 @@ gitea: ## @param gitea.admin.password Password for the Gitea admin user ## @param gitea.admin.email Email for the Gitea admin user admin: - #existingSecret: gitea-admin-secret + # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d @@ -293,7 +296,8 @@ gitea: # prometheus-release: prom1 ## @param gitea.ldap LDAP configuration - ldap: [] + ldap: + [] # - name: "LDAP 1" # existingSecret: # securityProtocol: @@ -310,7 +314,8 @@ gitea: # Either specify inline `key` and `secret` or refer to them via `existingSecret` ## @param gitea.oauth OAuth configuration - oauth: [] + oauth: + [] # - name: 'OAuth 1' # provider: # key: -- 2.40.1 From 25500d7ca233b43b7ec3bf6c557135763b330541 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 1 Apr 2023 19:18:17 +0800 Subject: [PATCH 161/390] Ignore `Chart.lock` for formatters/linters (#424) This might hopefully help with the formatting issues around `Chart.lock`. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/424 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- .markdownlintignore | 1 + .prettierignore | 1 + Chart.lock | 12 ++++++------ 3 files changed, 8 insertions(+), 6 deletions(-) create mode 100644 .prettierignore diff --git a/.markdownlintignore b/.markdownlintignore index 5922fa5..0ba7dcd 100644 --- a/.markdownlintignore +++ b/.markdownlintignore @@ -1,3 +1,4 @@ .gitea/ node_modules/ charts/ +Chart.lock \ No newline at end of file diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..fafeafa --- /dev/null +++ b/.prettierignore @@ -0,0 +1 @@ +Chart.lock \ No newline at end of file diff --git a/Chart.lock b/Chart.lock index 44f821e..59b0519 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,9 @@ dependencies: - - name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.13 - - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 12.2.6 +- name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.3.13 +- name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.2.6 digest: sha256:7a37054b0ae841314b1e309fec6f1edc0f22f77161ee915ebfb1ce011457884c generated: "2023-03-28T21:20:51.230043+02:00" -- 2.40.1 From 00395e79b039599bab748e11034063591676bc01 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 1 Apr 2023 19:35:11 +0800 Subject: [PATCH 162/390] Add resource specs to init container (#423) Supersedes stalled #362 I opted for defining `requests` while leaving `limits` open. This might help for scheduling without restricting performance during init. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/423 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 9 ++++++--- templates/gitea/statefulset.yaml | 8 ++++++++ values.yaml | 10 ++++++++++ 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index de3d5de..f7b0ed9 100644 --- a/README.md +++ b/README.md @@ -696,9 +696,12 @@ gitea: ### Init -| Name | Description | Value | -| --------------- | --------------------------------------------------------------------- | ----- | -| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` | +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------ | ------- | +| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` | +| `initContainers.resources.limits` | initContainers.limits Kubernetes resource limits for init containers | `{}` | +| `initContainers.resources.requests.cpu` | initContainers.requests.cpu Kubernetes cpu resource limits for init containers | `100m` | +| `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi` | ### Signing diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 6394e9a..71818d1 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -76,6 +76,8 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + resources: + {{- toYaml .Values.initContainers.resources | nindent 12 }} - name: init-app-ini image: "{{ include "gitea.image" . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -114,6 +116,8 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + resources: + {{- toYaml .Values.initContainers.resources | nindent 12 }} {{- if .Values.signing.enabled }} - name: configure-gpg image: "{{ include "gitea.image" . }}" @@ -143,6 +147,8 @@ spec: {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} + resources: + {{- toYaml .Values.initContainers.resources | nindent 12 }} {{- end }} - name: configure-gitea image: "{{ include "gitea.image" . }}" @@ -232,6 +238,8 @@ spec: subPath: {{ .Values.persistence.subPath }} {{- end }} {{- include "gitea.init-additional-mounts" . | nindent 12 }} + resources: + {{- toYaml .Values.initContainers.resources | nindent 12 }} terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} diff --git a/values.yaml b/values.yaml index 086d06c..c07676e 100644 --- a/values.yaml +++ b/values.yaml @@ -255,6 +255,16 @@ initPreScript: "" # chown -R git:git /data/git/.postgresql/ # chmod 400 /data/git/.postgresql/postgresql.key +## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers +## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers +## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers +initContainers: + resources: + limits: {} + requests: + cpu: 100m + memory: 128Mi + # Configure commit/action signing prerequisites ## @section Signing # -- 2.40.1 From bfaf822a367f94284fb5eae82eb89dd04680e902 Mon Sep 17 00:00:00 2001 From: Casey Buto Date: Fri, 7 Apr 2023 18:58:34 +0800 Subject: [PATCH 163/390] feat: Add support for setting priorityClassName (#430) ### Description of the change Adds support for setting priorityClassName on the Gitea pod. ### Benefits Users can take advantage of https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ with Gitea. ### Applicable issues - fixes #429 ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/430 Reviewed-by: pat-s Co-authored-by: Casey Buto Co-committed-by: Casey Buto --- README.md | 1 + templates/gitea/statefulset.yaml | 3 +++ values.yaml | 3 +++ 3 files changed, 7 insertions(+) diff --git a/README.md b/README.md index f7b0ed9..1b00460 100644 --- a/README.md +++ b/README.md @@ -672,6 +672,7 @@ gitea: | `tolerations` | Tolerations for the statefulset | `[]` | | `affinity` | Affinity for the statefulset | `{}` | | `dnsConfig` | dnsConfig for the statefulset | `{}` | +| `priorityClassName` | priorityClassName for the statefulset | `""` | | `statefulset.env` | Additional environment variables to pass to containers | `[]` | | `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | | `statefulset.labels` | Labels for the statefulset | `{}` | diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 71818d1..b11813b 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -39,6 +39,9 @@ spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} {{- include "gitea.images.pullSecrets" . | nindent 6 }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/values.yaml b/values.yaml index c07676e..de358c6 100644 --- a/values.yaml +++ b/values.yaml @@ -189,6 +189,9 @@ affinity: {} ## @param dnsConfig dnsConfig for the statefulset dnsConfig: {} +## @param priorityClassName priorityClassName for the statefulset +priorityClassName: "" + ## @param statefulset.env Additional environment variables to pass to containers ## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod ## @param statefulset.labels Labels for the statefulset -- 2.40.1 From c0b2fdf8fad60dce73d82d3c68136377b292a13e Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 14 Apr 2023 02:21:21 +0800 Subject: [PATCH 164/390] Remove discord webhook (#435) Broken since a long time and probably not used by anyone Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/435 Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- .drone.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.drone.yml b/.drone.yml index 93098ca..bee26f1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -46,19 +46,6 @@ steps: commands: - yamllint -f colored . - - name: discord - pull: always - image: appleboy/drone-discord:1.2.4 - environment: - DISCORD_WEBHOOK_ID: - from_secret: discord_webhook_id - DISCORD_WEBHOOK_TOKEN: - from_secret: discord_webhook_token - when: - status: - - changed - - failure - --- kind: pipeline type: docker -- 2.40.1 From a9779c97249837bfd1ef3bf35454e3cdac2677c4 Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 14 Apr 2023 02:25:37 +0800 Subject: [PATCH 165/390] Bump to 1.19.1 (#433) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/433 Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 2c3ac2e..7b9134c 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.19.0 +appVersion: 1.19.1 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 9f0b65f38661eabfa65b25256809ffb16967623c Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 14 Apr 2023 14:45:37 +0800 Subject: [PATCH 166/390] Fix unittests (#434) Unclear why it only appeared now and not earlier. Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/434 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- .drone.yml | 2 +- unittests/init/init_directory_structure.sh.yaml | 8 ++++++++ unittests/statefulset/signing-disabled.yaml | 4 ++-- unittests/statefulset/signing-enabled.yaml | 3 +++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index bee26f1..95a7ff1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -28,7 +28,7 @@ steps: image: alpine:3.17 commands: - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash - - helm plugin install https://github.com/helm-unittest/helm-unittest + - helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest - helm dependency update - make unittests diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml index 3b03f66..ddfa981 100644 --- a/unittests/init/init_directory_structure.sh.yaml +++ b/unittests/init/init_directory_structure.sh.yaml @@ -8,6 +8,10 @@ tests: - it: runs gpg in batch mode set: signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- asserts: - equal: path: stringData["configure_gpg_environment.sh"] @@ -38,6 +42,10 @@ tests: - it: adds gpg script block for enabled signing set: signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- asserts: - equal: path: stringData["init_directory_structure.sh"] diff --git a/unittests/statefulset/signing-disabled.yaml b/unittests/statefulset/signing-disabled.yaml index 4f9f2ce..cc7bad4 100644 --- a/unittests/statefulset/signing-disabled.yaml +++ b/unittests/statefulset/signing-disabled.yaml @@ -17,9 +17,9 @@ tests: - it: skips gpg env in `init-directories` init container template: templates/gitea/statefulset.yaml set: - signing.enabled: true + signing.enabled: false asserts: - - contains: + - notContains: path: spec.template.spec.initContainers[0].env content: name: GNUPGHOME diff --git a/unittests/statefulset/signing-enabled.yaml b/unittests/statefulset/signing-enabled.yaml index ecb237f..0d68bd9 100644 --- a/unittests/statefulset/signing-enabled.yaml +++ b/unittests/statefulset/signing-enabled.yaml @@ -42,6 +42,7 @@ tests: template: templates/gitea/statefulset.yaml set: signing.enabled: true + signing.existingSecret: "custom-gpg-secret" asserts: - contains: path: spec.template.spec.initContainers[0].env @@ -52,6 +53,7 @@ tests: template: templates/gitea/statefulset.yaml set: signing.enabled: true + signing.existingSecret: "custom-gpg-secret" asserts: - contains: path: spec.template.spec.containers[0].env @@ -63,6 +65,7 @@ tests: set: signing: enabled: true + existingSecret: "gitea-unittests-gpg-key" asserts: - contains: path: spec.template.spec.volumes -- 2.40.1 From 7434556b37a4a5808841d53c763a28afaff9b0bd Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 14 Apr 2023 14:54:34 +0800 Subject: [PATCH 167/390] Use Gitea Actions for release publishing (#436) Co-authored-by: pat-s Co-authored-by: pat-s Co-authored-by: Lunny Xiao Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/436 Reviewed-by: pat-s Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- .drone.yml | 49 ---------------------------- .gitea/workflows/release-version.yml | 38 +++++++++++++++++++++ 2 files changed, 38 insertions(+), 49 deletions(-) create mode 100644 .gitea/workflows/release-version.yml diff --git a/.drone.yml b/.drone.yml index 95a7ff1..ba6ca11 100644 --- a/.drone.yml +++ b/.drone.yml @@ -45,52 +45,3 @@ steps: image: cytopia/yamllint:alpine-1 commands: - yamllint -f colored . - ---- -kind: pipeline -type: docker -name: release-version - -platform: - os: linux - arch: arm64 - -trigger: - event: - - tag - -steps: - - name: generate-chart - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - - apk add --no-cache curl - - helm dependency update - - helm package --version "${DRONE_TAG##v}" ./ - - mkdir gitea - - mv gitea*.tgz gitea/ - - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml - - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml - - - name: upload-chart - pull: always - image: plugins/s3:latest - settings: - acl: - from_secret: aws_s3_acl - region: - from_secret: aws_s3_region - bucket: - from_secret: aws_s3_bucket - endpoint: - from_secret: aws_s3_endpoint - path_style: - from_secret: aws_s3_path_style - access_key: - from_secret: aws_access_key_id - secret_key: - from_secret: aws_secret_access_key - source: gitea/* - target: /charts - strip_prefix: gitea/ diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml new file mode 100644 index 0000000..2711ab3 --- /dev/null +++ b/.gitea/workflows/release-version.yml @@ -0,0 +1,38 @@ +name: generate-chart + +on: + push: + tags: + - "*" + +jobs: + generate-chart-publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: install tools + run: | + apt update -y + apt install -y curl helm python python3-pip + pip install awscli + - name: package chart + run: | + helm dependency update + helm package --version "${GITHUB_REF#refs/tags/v}" ./ + mkdir gitea + mv gitea*.tgz gitea/ + curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml + helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml + - name: aws credential configure + uses: https://github.com/aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY}} + aws-region: ${{ secrets.AWS_REGION }} + - name: install aws cli + run: | + apt update -y && + pip install awscli + - name: Copy files to S3 and clear cache + run: | + aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ -- 2.40.1 From e768a6acdcfb41f3c3b229566db5897cfb3e3db1 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 14 Apr 2023 15:49:18 +0800 Subject: [PATCH 168/390] Fix release tag ci --- .gitea/workflows/release-version.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 2711ab3..f82cd96 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -13,7 +13,11 @@ jobs: - name: install tools run: | apt update -y - apt install -y curl helm python python3-pip + apt install -y curl + curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list + apt update -y + apt install python helm python3-pip apt-transport-https pip install awscli - name: package chart run: | -- 2.40.1 From 95076eb11fc4385c081ff8cc961ed97df0bc6525 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 14 Apr 2023 16:08:04 +0800 Subject: [PATCH 169/390] Fix yaml lint --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index f82cd96..4c03050 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -13,11 +13,11 @@ jobs: - name: install tools run: | apt update -y - apt install -y curl + apt install -y curl curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list apt update -y - apt install python helm python3-pip apt-transport-https + apt install python helm python3-pip apt-transport-https pip install awscli - name: package chart run: | -- 2.40.1 From 76e47ef6f037967bddfc21d5d5ba77b2085dfd9b Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 14 Apr 2023 18:19:41 +0800 Subject: [PATCH 170/390] Add -y to fix apt install on ci --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 4c03050..c2efebd 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -17,7 +17,7 @@ jobs: curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list apt update -y - apt install python helm python3-pip apt-transport-https + apt install -y python helm python3-pip apt-transport-https pip install awscli - name: package chart run: | -- 2.40.1 From d8bb3527654e80592e32af808dbbd48e680420d0 Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 14 Apr 2023 21:06:43 +0800 Subject: [PATCH 171/390] Fix aws secrets (#438) @lunny It still looks like that the IAM user does not have enough permissions for the S3 sync operation. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/438 Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index c2efebd..b30ee7f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -28,10 +28,10 @@ jobs: curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml - name: aws credential configure - uses: https://github.com/aws-actions/configure-aws-credentials@v1 + uses: https://github.com/aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ secrets.AWS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY}} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} - name: install aws cli run: | -- 2.40.1 From 0861260c5d9902e6f36c65bbf7b6f1008c3658bc Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sat, 15 Apr 2023 04:21:00 +0800 Subject: [PATCH 172/390] update to use actions for testing PRs (#439) Run PR tests using Gitea Actions Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/439 Reviewed-by: yardenshoham Co-authored-by: techknowlogick Co-committed-by: techknowlogick --- .drone.yml | 47 ------------------------------------ .gitea/workflows/test-pr.yml | 36 +++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 47 deletions(-) delete mode 100644 .drone.yml create mode 100644 .gitea/workflows/test-pr.yml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index ba6ca11..0000000 --- a/.drone.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -kind: pipeline -type: docker -name: lint - -platform: - os: linux - arch: arm64 - -steps: - - name: helm lint - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - - helm lint - - - name: helm template - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm - - helm dependency update - - helm template --debug gitea-helm . - - - name: helm unittests - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash - - helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest - - helm dependency update - - make unittests - - - name: verify readme - pull: always - image: alpine:3.17 - commands: - - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git - - make readme - - git diff --exit-code --name-only README.md - - - name: yaml lint - pull: always - image: cytopia/yamllint:alpine-1 - commands: - - yamllint -f colored . diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml new file mode 100644 index 0000000..ea06564 --- /dev/null +++ b/.gitea/workflows/test-pr.yml @@ -0,0 +1,36 @@ +name: check-and-test + +on: + - pull_request + +jobs: + check-and-test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: install tools + run: | + apt update -y + apt install -y curl make + curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list + apt update -y + apt install -y helm python3-pip + pip install yamllint + - name: dependency update + run: helm dependency update + - name: lint + run: helm lint + - name: template + run: | + helm template --debug gitea-helm . + - name: unit tests + run: | + helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest + make unittests + - name: verify readme + run: | + make readme + git diff --exit-code --name-only README.md + - name: yaml lint + uses: https://github.com/ibiqlik/action-yamllint@v3 -- 2.40.1 From c274911aab84cc76b8876ac81866e3a13ecd91cc Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Apr 2023 23:01:03 +0800 Subject: [PATCH 173/390] README: one sentence per line (#440) Fix #376 Editors should do the job of soft-wrapping in case a line get's too long. One sentence per line simplifies reviews and diffs a lot as it let's one comment on a piece of text that is contextually sound and not split over multiple lines. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/440 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 290 +++++++++++++++++++++++------------------------------- 1 file changed, 121 insertions(+), 169 deletions(-) diff --git a/README.md b/README.md index 1b00460..37952c7 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,13 @@ # Gitea Helm Chart -[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting -solution written in Go. It is published under the MIT license. +[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go. +It is published under the MIT license. ## Introduction -This helm chart has taken some inspiration from [jfelten's helm -chart](https://github.com/jfelten/gitea-helm-chart). But takes a completely -different approach in providing a database and cache with dependencies. -Additionally, this chart provides LDAP and admin user configuration with values, -as well as being deployed as a statefulset to retain stored repositories. +This helm chart has taken some inspiration from [jfelten's helm chart](https://github.com/jfelten/gitea-helm-chart). +But takes a completely different approach in providing a database and cache with dependencies. +Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories. ## Update and versioning policy @@ -29,9 +27,8 @@ Yet most often no issues will be encountered and the chart maintainers aim to co ## Dependencies -Gitea can be run with an external database and cache. This chart provides those -dependencies, which can be enabled, or disabled via -configuration. +Gitea can be run with an external database and cache. +This chart provides those dependencies, which can be enabled, or disabled via configuration. Dependencies: @@ -46,8 +43,7 @@ helm repo update helm install gitea gitea-charts/gitea ``` -When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom -of this document for major and breaking changes. +When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. ## Prerequisites @@ -59,8 +55,8 @@ of this document for major and breaking changes. ### Gitea Configuration -Gitea offers lots of configuration options. This is fully described in the -[Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). +Gitea offers lots of configuration options. +This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). ```yaml gitea: @@ -74,18 +70,17 @@ gitea: ### Default Configuration -This chart will set a few defaults in the Gitea configuration based on the -service and ingress settings. All defaults can be overwritten in `gitea.config`. +This chart will set a few defaults in the Gitea configuration based on the service and ingress settings. +All defaults can be overwritten in `gitea.config`. -INSTALL_LOCK is always set to true, since we want to configure Gitea with this -helm chart and everything is taken care of. +INSTALL_LOCK is always set to true, since we want to configure Gitea with this helm chart and everything is taken care of. _All default settings are made directly in the generated app.ini, not in the Values._ #### Database defaults -If a builtIn database is enabled the database configuration is set -automatically. For example, PostgreSQL builtIn will appear in the app.ini as: +If a builtIn database is enabled the database configuration is set automatically. +For example, PostgreSQL builtIn will appear in the app.ini as: ```ini [database] @@ -98,8 +93,8 @@ USER = gitea #### Memcached defaults -Memcached is handled the exact same way as database builtIn. Once Memcached -builtIn is enabled, this chart will generate the following part in the `app.ini`: +Memcached is handled the exact same way as database builtIn. +Once Memcached builtIn is enabled, this chart will generate the following part in the `app.ini`: ```ini [cache] @@ -110,9 +105,9 @@ HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211 #### Server defaults -The server defaults are a bit more complex. If ingress is `enabled`, the -`ROOT_URL`, `DOMAIN` and `SSH_DOMAIN` will be set accordingly. `HTTP_PORT` -always defaults to `3000` as well as `SSH_PORT` to `22`. +The server defaults are a bit more complex. +If ingress is `enabled`, the `ROOT_URL`, `DOMAIN` and `SSH_DOMAIN` will be set accordingly. +`HTTP_PORT` always defaults to `3000` as well as `SSH_PORT` to `22`. ```ini [server] @@ -141,14 +136,11 @@ ENABLED = false > **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) > section cannot be defined that way.** -Some settings inside _app.ini_ (like passwords or whole authentication configurations) -must be considered sensitive and therefore should not be passed via plain text -inside the _values.yaml_ file. In times of _GitOps_ the values.yaml could be stored -in a Git repository where sensitive data should never be accessible. +Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file. +In times of _GitOps_ the values.yaml could be stored in a Git repository where sensitive data should never be accessible. The Helm Chart supports this approach and let the user define custom sources like -Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation -or update. +Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation or update. ```yaml gitea: @@ -161,8 +153,7 @@ gitea: This would mount the two additional volumes (`oauth` and `some-additionals`) from different sources to the init containerwhere the _app.ini_ gets updated. -All files mounted that way will be read and converted to environment variables -and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini). +All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini). The key of such additional source represents the section inside the _app.ini_. The value for each key can be multiline ini-like definitions. @@ -199,19 +190,15 @@ stringData: #### User defined environment variables in app.ini -Users are able to define their own environment variables, -which are loaded into the containers. We also support to -directly interact with the generated _app.ini_. +Users are able to define their own environment variables, which are loaded into the containers. +We also support to directly interact with the generated _app.ini_. -To inject self defined variables into the _app.ini_ a -certain format needs to be honored. This is -described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) -page. +To inject self defined variables into the _app.ini_ a certain format needs to be honored. +This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page. Note that the Prefix on this helm chart is `ENV_TO_INI`. -For example a database setting needs to have the following -format: +For example a database setting needs to have the following format: ```yaml gitea: @@ -228,8 +215,8 @@ gitea: Priority (highest to lowest) for defining app.ini variables: 1. Environment variables prefixed with `ENV_TO_INI` -2. Additional config sources -3. Values defined in `gitea.config` +1. Additional config sources +1. Values defined in `gitea.config` ### External Database @@ -255,7 +242,8 @@ postgresql: ### Ports and external url -By default port `3000` is used for web traffic and `22` for ssh. Those can be changed: +By default port `3000` is used for web traffic and `22` for ssh. +Those can be changed: ```yaml service: @@ -265,15 +253,14 @@ service: port: 22 ``` -This helm chart automatically configures the clone urls to use the correct -ports. You can change these ports by hand using the `gitea.config` dict. However -you should know what you're doing. +This helm chart automatically configures the clone urls to use the correct ports. +You can change these ports by hand using the `gitea.config` dict. +However you should know what you're doing. ### ClusterIP -By default the clusterIP will be set to None, which is the default for headless -services. However if you want to omit the clusterIP field in the service, use -the following values: +By default the `clusterIP` will be set to `None`, which is the default for headless services. +However if you want to omit the clusterIP field in the service, use the following values: ```yaml service: @@ -289,9 +276,8 @@ service: ### SSH and Ingress -If you're using ingress and want to use SSH, keep in mind, that ingress is not -able to forward SSH Ports. You will need a LoadBalancer like `metallb` and a -setting in your ssh service annotations. +If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports. +You will need a LoadBalancer like `metallb` and a setting in your ssh service annotations. ```yaml service: @@ -302,8 +288,8 @@ service: ### SSH on crio based kubernetes cluster -If you use crio as container runtime it is not possible to read from a remote -repository. You should get an error message like this: +If you use `crio` as container runtime it is not possible to read from a remote repository. +You should get an error message like this: ```bash $ git clone git@k8s-demo.internal:admin/test.git @@ -320,15 +306,15 @@ More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). ### Cache -This helm chart can use a built in cache. The default is Memcached from bitnami. +This helm chart can use a built in cache. +The default is Memcached from bitnami. ```yaml memcached: enabled: true ``` -If the built in cache should not be used simply configure the cache in -`gitea.config`. +If the built in cache should not be used simply configure the cache in `gitea.config`. ```yaml gitea: @@ -342,15 +328,14 @@ gitea: ### Persistence -Gitea will be deployed as a statefulset. By simply enabling the persistence and -setting the storage class according to your cluster everything else will be -taken care of. The following example will create a PVC as a part of the -statefulset. This PVC will not be deleted even if you uninstall the chart. +Gitea will be deployed as a statefulset. +By simply enabling the persistence and setting the storage class according to your cluster everything else will be taken care of. +The following example will create a PVC as a part of the statefulset. +This PVC will not be deleted even if you uninstall the chart. -Please note, that an empty storageClass in the persistence will result in -kubernetes using your default storage class. +Please note, that an empty storageClass in the persistence will result in kubernetes using your default storage class. -If you want to use your own storageClass define it as followed: +If you want to use your own storage class define it as follows: ```yaml persistence: @@ -358,8 +343,7 @@ persistence: storageClass: myOwnStorageClass ``` -When using PostgreSQL as dependency, this will also be deployed as a statefulset -by default. +When using PostgreSQL as dependency, this will also be deployed as a statefulset by default. If you want to manage your own PVC you can simply pass the PVC name to the chart. @@ -383,10 +367,11 @@ postgresql: ### Admin User -This chart enables you to create a default admin user. It is also possible to -update the password for this user by upgrading or redeloying the chart. It is -not possible to delete an admin user after it has been created. This has to be -done in the ui. You cannot use `admin` as username. +This chart enables you to create a default admin user. +It is also possible to update the password for this user by upgrading or redeloying the chart. +It is not possible to delete an admin user after it has been created. +This has to be done in the ui. +You cannot use `admin` as username. ```yaml gitea: @@ -439,7 +424,7 @@ gitea: publicSSHKeyAttribute: publicSSHKey ``` -You can also use an existing secret to set the bindDn and bindPassword: +You can also use an existing secret to set the `bindDn` and `bindPassword`: ```yaml apiVersion: v1 @@ -459,9 +444,9 @@ gitea: ... ``` -⚠️ Some options are just flags and therefore don't have any values. If they -are defined in `gitea.ldap` configuration, they will be passed to the Gitea CLI -without any value. Affected options: +⚠️ Some options are just flags and therefore don't have any values. +If they are defined in `gitea.ldap` configuration, they will be passed to the Gitea CLI without any value. +Affected options: - notActive - skipTlsVerify @@ -471,9 +456,9 @@ without any value. Affected options: ### OAuth2 Settings -Like the admin user, OAuth2 settings can be updated and disabled but not -deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values, -which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are +Like the admin user, OAuth2 settings can be updated and disabled but not deleted. +Deleting OAuth2 settings has to be done in the ui. +All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are available. Multiple OAuth2 sources can be configured with additional OAuth list items. @@ -516,15 +501,12 @@ gitea: ## Configure commit signing -When using the rootless image the gpg key folder is not persistent by -default. If you consider using signed commits for internal Gitea activities -(e.g. initial commit), you'd need to provide a signing key. Prior to -[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be -re-imported once the container got replaced by another. +When using the rootless image the gpg key folder is not persistent by default. +If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key. +Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another. -The mentioned PR introduced a new configuration object `signing` allowing you to -configure prerequisites for commit signing. By default this section is disabled -to maintain backwards compatibility. +The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing. +By default this section is disabled to maintain backwards compatibility. ```yaml signing: @@ -532,9 +514,8 @@ signing: gpgHome: /data/git/.gnupg ``` -Regardless of the used container image the `signing` object allows to specify a -private gpg key. Either using the `signing.privateKey` to define the key inline, -or refer to an existing secret containing the key data by using `signing.existingSecret`. +Regardless of the used container image the `signing` object allows to specify a private gpg key. +Either using the `signing.privateKey` to define the key inline, or refer to an existing secret containing the key data by using `signing.existingSecret`. ```yaml apiVersion: v1 @@ -554,19 +535,15 @@ signing: existingSecret: custom-gitea-gpg-key ``` -To use the gpg key, Gitea needs to be configured accordingly. A detailed description -can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). +To use the gpg key, Gitea needs to be configured accordingly. +A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). ### Metrics and profiling -A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling -endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics -endpoint is exposed via the ingress, manage access using ingress annotations for -example. +A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling endpoints on port 6060 can be enabled under `gitea`. +Beware that the metrics endpoint is exposed via the ingress, manage access using ingress annotations for example. -To deploy the `ServiceMonitor`, you first need to ensure that you have deployed -`prometheus-operator` and its -[CRDs](https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions). +To deploy the `ServiceMonitor`, you first need to ensure that you have deployed `prometheus-operator` and its [CRDs](https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions). ```yaml gitea: @@ -831,26 +808,21 @@ See [Configure commit signing](#configure-commit-signing) for details. #### Different volume mounts for init-containers and runtime container -**The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and -`extraContainerVolumeMounts`. You can now have different mounts for the initialization -phase and Gitea runtime. The deprecated `extraVolumeMounts` will still be available -for the time being and is mounted into every container. If you want to switch to -the new settings and want to mount specific volumes into all containers, you have -to configure their mount points within both new settings. +**The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and `extraContainerVolumeMounts`. +You can now have different mounts for the initialization phase and Gitea runtime. +The deprecated `extraVolumeMounts` will still be available for the time being and is mounted into every container. +If you want to switch to the new settings and want to mount specific volumes into all containers, you have to configure their mount points within both new settings. -**Combining values from the deprecated setting with values from the new settings -is not possible.** +**Combining values from the deprecated setting with values from the new settings is not possible.** #### New `enabled` flag for `startupProbe` -Prior to this version the `startupProbe` was just a commented sample within the -`values.yaml`. With the migration to an auto-generated [Parameters](#parameters) -section, a new parameter `gitea.startupProbe.enabled` has been introduced set to +Prior to this version the `startupProbe` was just a commented sample within the `values.yaml`. +With the migration to an auto-generated [Parameters](#parameters) section, a new parameter `gitea.startupProbe.enabled` has been introduced set to `false` by default. -If you are using the `startupProbe` you need to add that new -parameter and set it to `true`. Otherwise, your defined probe won't be considered -after the upgrade. +If you are using the `startupProbe` you need to add that new parameter and set it to `true`. +Otherwise, your defined probe won't be considered after the upgrade. ### To 5.0.0 @@ -858,9 +830,7 @@ after the upgrade. #### Enable Dependencies -The values to enable the dependencies, -such as PostgreSQL, Memcached, MySQL and MariaDB. -have been moved from `gitea.database.builtIn.` to the dependency values. +The values to enable the dependencies, such as PostgreSQL, Memcached, MySQL and MariaDB have been moved from `gitea.database.builtIn.` to the dependency values. You can now enable the dependencies as followed: @@ -880,39 +850,32 @@ mariadb: #### App.ini generation -The app.ini generation has changed and now utilizes the environment-to-ini -script provided by newer Gitea versions. This change ensures, that the app.ini -is now persistent. +The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions. +This change ensures, that the app.ini is now persistent. ##### Secret Key generation -Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated -automatically in certain situations: +Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated automatically in certain situations: -- New install: By default the secrets are created automatically. If you provide - secrets via `gitea.config` they will be used instead of automatic generation. -- Existing installs: The secrets won't be deployed, neither via - configuration nor via auto generation. We explicitly prevent to set new secrets. +- New install: By default the secrets are created automatically. + If you provide secrets via `gitea.config` they will be used instead of automatic generation. +- Existing installs: The secrets won't be deployed, neither via configuration nor via auto generation. + We explicitly prevent to set new secrets. -> 💡 It would be possible to set new secret keys manually by entering -> the running container and rewriting the app.ini by hand. However, this it is -> not advisable to do so for existing installations. Certain settings like -> _LDAP_ would not be readable anymore. +> 💡 It would be possible to set new secret keys manually by entering the running container and rewriting the app.ini by hand. +> However, this it is not advisable to do so for existing installations. +> Certain settings like _LDAP_ would not be readable anymore. #### Probes -`gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` -have been removed. +`gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` have been removed. -They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe` -and `gitea.startupProbe` which are now fully configurable and used _as-is_ for +They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe` and `gitea.startupProbe` which are now fully configurable and used _as-is_ for a Chart deployment. -If you have customized their values instead of using the `custom` prefixed settings, -please ensure that you remove the `enabled` property from each of them. +If you have customized their values instead of using the `custom` prefixed settings, please ensure that you remove the `enabled` property from each of them. -In case you want to disable one of these probes, let's say the `livenessProbe`, add -the following to your values. The `podAnnotation` is just there to have a bit more -context. +In case you want to disable one of these probes, let's say the `livenessProbe`, add the following to your values. +The `podAnnotation` is just there to have a bit more context. ```diff gitea: @@ -922,20 +885,17 @@ gitea: #### Multiple OAuth and LDAP authentication sources -With `5.0.0` of this Chart it is now possible to configure Gitea with multiple -OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration -in your customized `values.yaml` by replacing the object with settings to a list -of settings objects. See [OAuth2 Settings](#oauth2-settings) and -[LDAP Settings](#ldap-settings) section for details. +With `5.0.0` of this Chart it is now possible to configure Gitea with multiple OAuth and LDAP sources. +As a result, you need to update an existing OAuth/LDAP configuration in your customized `values.yaml` by replacing the object with settings to a list +of settings objects. +See [OAuth2 Settings](#oauth2-settings) and [LDAP Settings](#ldap-settings) section for details. ### To 4.0.0 #### Ingress changes -To provide a more flexible Ingress configuration we now support not only host -settings but also provide configuration for the path and pathType. So this -change changes the hosts from a simple string list, to a list containing a more -complex object for more configuration. +To provide a more flexible Ingress configuration we now support not only host settings but also provide configuration for the path and pathType. +So this change changes the hosts from a simple string list, to a list containing a more complex object for more configuration. ```diff ingress: @@ -956,8 +916,7 @@ ingress: # - git.example.com ``` -If you want everything as it was before, you can simply add the following code -to all your host entries. +If you want everything as it was before, you can simply add the following code to all your host entries. ```yaml paths: @@ -967,41 +926,34 @@ paths: #### Dropped kebab-case support -In 3.x.x it was possible to provide an ldap configuration via kebab-case, this -support has now been dropped and only camel case is supported. See [LDAP -section](#ldap-settings) for more information. +In 3.x.x it was possible to provide an ldap configuration via kebab-case, this support has now been dropped and only camel case is supported. +See [LDAP section](#ldap-settings) for more information. #### Dependency update -The chart comes with multiple databases and Memcached as dependency, the latest -release updated the dependencies. +The chart comes with multiple databases and Memcached as dependency, the latest release updated the dependencies. - Memcached: `4.2.20` -> `5.9.0` - PostgreSQL: `9.7.2` -> `10.3.17` - MariaDB: `8.0.0` -> `9.3.6` -If you're using the builtin databases you will most likely redeploy the chart in -order to update the database correctly. +If you're using the builtin databases you will most likely redeploy the chart in order to update the database correctly. #### Execution of initPreScript -Generally spoken, this might not be a breaking change, but it is worth to be -mentioned. +Generally spoken, this might not be a breaking change, but it is worth to be mentioned. -Prior to `4.0.0` only one init container was used to both setup directories and -configure Gitea. As of now the actual Gitea configuration is separated from the -other pre-execution. This also includes the execution of _initPreScript_. If you -have such script, please be aware of this. Dynamically prepare the Gitea setup -during execution by e.g. adding environment variables to the execution context -won't work anymore. +Prior to `4.0.0` only one init container was used to both setup directories and configure Gitea. +As of now the actual Gitea configuration is separated from the other pre-execution. +This also includes the execution of _initPreScript_. +If you have such script, please be aware of this. +Dynamically prepare the Gitea setup during execution by e.g. adding environment variables to the execution context won't work anymore. ### Misc #### Gitea Version 1.14.X repository ROOT -Previously the ROOT folder for the Gitea repositories was located at -`/data/git/gitea-repositories`. In version `1.14` has the path been changed to -`/data/gitea-repositories`. +Previously the ROOT folder for the Gitea repositories was located at `/data/git/gitea-repositories`. +In version `1.14` has the path been changed to `/data/gitea-repositories`. -This chart will set the `gitea.config.repository.ROOT` value default to -`/data/git/gitea-repositories`. +This chart will set the `gitea.config.repository.ROOT` value default to `/data/git/gitea-repositories`. -- 2.40.1 From 5876a9e7fcd069b37c354f6f020b6e428300f548 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 30 Apr 2023 11:05:33 +0800 Subject: [PATCH 174/390] Update Gitea to 1.19.2 and bump chart deps (#442) No substantial changes in chart deps. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/442 Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 8 ++++---- Chart.yaml | 9 +++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index 59b0519..e8c974c 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.13 + version: 6.3.14 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.2.6 -digest: sha256:7a37054b0ae841314b1e309fec6f1edc0f22f77161ee915ebfb1ce011457884c -generated: "2023-03-28T21:20:51.230043+02:00" + version: 12.4.1 +digest: sha256:02d4846bf416038a42658dbca8f8001d0e3ce967b00e990048f8d420065c33fd +generated: "2023-04-28T09:32:05.295167+02:00" diff --git a/Chart.yaml b/Chart.yaml index 7b9134c..98176dc 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.19.1 +appVersion: 1.19.2 icon: https://docs.gitea.io/images/gitea.png keywords: @@ -34,12 +34,13 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) - # Chart release date: 2023-03 + # Chart release date: 2023-04 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.13 + version: 6.3.14 condition: memcached.enabled + # Chart release date: 2023-04 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.2.6 + version: 12.4.1 condition: postgresql.enabled -- 2.40.1 From 55b22d2225fa10b71adffec87fc976829ccee862 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Tue, 2 May 2023 21:32:54 +0800 Subject: [PATCH 175/390] add `extraDeploy` to add arbitrary objects to the release (#441) Signed-off-by: Cyril Jouve ### Description of the change add a new value `extraDeploy` to add arbitrary resources inspired by bitnami charts ([example](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml#L58) ### Benefits with the change, I can deploy additional resources and keep them consistent with the chart (reuse macro, same labels, etc)., same workflow (helm upgrade), etc ### Possible drawbacks ### Additional information ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/441 Reviewed-by: pat-s Reviewed-by: luhahn Reviewed-by: justusbunsi Co-authored-by: Cyril Jouve Co-committed-by: Cyril Jouve --- README.md | 3 ++- templates/gitea/extra-list.yaml | 8 ++++++++ values.yaml | 6 +++++- 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 templates/gitea/extra-list.yaml diff --git a/README.md b/README.md index 37952c7..34f7e99 100644 --- a/README.md +++ b/README.md @@ -756,7 +756,7 @@ gitea: | Name | Description | Value | | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | | `postgresql.enabled` | Enable PostgreSQL | `true` | -| `postgresql.global.postgresql.auth.password` | Password for the "Gitea" user (overrides `auth.password`) | `gitea` | +| `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | | `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | | `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | @@ -770,6 +770,7 @@ gitea: | `test.enabled` | Set it to false to disable test-connection Pod. | `true` | | `test.image.name` | Image name for the wget container used in the test-connection Pod. | `busybox` | | `test.image.tag` | Image tag for the wget container used in the test-connection Pod. | `latest` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | ## Contributing diff --git a/templates/gitea/extra-list.yaml b/templates/gitea/extra-list.yaml new file mode 100644 index 0000000..62c0aca --- /dev/null +++ b/templates/gitea/extra-list.yaml @@ -0,0 +1,8 @@ +{{- range .Values.extraDeploy }} +--- +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (. | toYaml) $ }} +{{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml index de358c6..4e3e085 100644 --- a/values.yaml +++ b/values.yaml @@ -450,7 +450,7 @@ memcached: ## @section PostgreSQL # ## @param postgresql.enabled Enable PostgreSQL -## @param postgresql.global.postgresql.auth.password Password for the "gitea" user (overrides `auth.password`) +## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) @@ -483,3 +483,7 @@ test: image: name: busybox tag: latest + +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] -- 2.40.1 From e28c1520c0584f55cbf6729c2b6229dca24e6214 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 4 May 2023 09:45:36 +0800 Subject: [PATCH 176/390] bump to 1.19.3 (#443) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/443 Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 98176dc..0689e91 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.19.2 +appVersion: 1.19.3 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From eefa169b8d6b1e98dd5c58d414eee5b438b630ae Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 5 May 2023 13:27:17 +0800 Subject: [PATCH 177/390] Update node packages (#445) Followed https://stackoverflow.com/a/71186834/4185785. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/445 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- package-lock.json | 920 +++++++++++++++++++++++++++------------------- package.json | 4 +- 2 files changed, 538 insertions(+), 386 deletions(-) diff --git a/package-lock.json b/package-lock.json index 4a19561..ffd22d5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,14 +1,14 @@ { "name": "gitea-helm-chart", - "lockfileVersion": 2, + "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "gitea-helm-chart", "license": "MIT", "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.4.2", - "markdownlint-cli": "^0.31.1" + "@bitnami/readme-generator-for-helm": "^2.5.0", + "markdownlint-cli": "^0.34.0" }, "engines": { "node": ">=16.0.0", @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.4.2.tgz", - "integrity": "sha512-2kIXOjRiKJ3PBoBD6EaImp4SNyGM/w67ZPPwbuJi5NeXesupQjFyhIhcKliIledlpuiSrMeH9l80yl6hvmYHUA==", + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.0.tgz", + "integrity": "sha512-bYggL/kWwyxjctSrIBMOcrTQSj8LA3yYcEzfGTJIFoHKl5M7ifZtox//8G5K3FTw6qdOnPZcA10fl2y4N6uB/g==", "dev": true, "dependencies": { "commander": "^7.1.0", @@ -31,6 +31,57 @@ "readme-generator": "bin/index.js" } }, + "node_modules/@isaacs/cliui": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", + "dev": true, + "dependencies": { + "string-width": "^5.1.2", + "string-width-cjs": "npm:string-width@^4.2.0", + "strip-ansi": "^7.0.1", + "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", + "wrap-ansi": "^8.1.0", + "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@pkgjs/parseargs": { + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", + "dev": true, + "optional": true, + "engines": { + "node": ">=14" + } + }, + "node_modules/ansi-regex": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/ansi-styles": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, "node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", @@ -53,6 +104,24 @@ "concat-map": "0.0.1" } }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, "node_modules/commander": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", @@ -68,6 +137,20 @@ "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", "dev": true }, + "node_modules/cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dev": true, + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/deep-extend": { "version": "0.6.0", "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", @@ -99,15 +182,46 @@ "node": ">= 6" } }, + "node_modules/eastasianwidth": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", + "dev": true + }, + "node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", + "dev": true + }, "node_modules/entities": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", - "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==", "dev": true, + "engines": { + "node": ">=0.12" + }, "funding": { "url": "https://github.com/fb55/entities?sponsor=1" } }, + "node_modules/foreground-child": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==", + "dev": true, + "dependencies": { + "cross-spawn": "^7.0.0", + "signal-exit": "^4.0.1" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", @@ -147,9 +261,9 @@ } }, "node_modules/ignore": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", - "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", + "version": "5.2.4", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz", + "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==", "dev": true, "engines": { "node": ">= 4" @@ -172,12 +286,45 @@ "dev": true }, "node_modules/ini": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", - "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ini/-/ini-3.0.1.tgz", + "integrity": "sha512-it4HyVAUTKBc6m8e1iXWvXSTdndF7HbdN713+kvLrymxTaU4AUBWrJ4vEooP+V7fexnVD3LKcBshjGGPefSMUQ==", "dev": true, "engines": { - "node": ">=10" + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "dev": true + }, + "node_modules/jackspeak": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.2.0.tgz", + "integrity": "sha512-r5XBrqIJfwRIjRt/Xr5fv9Wh09qyhHfKnYddDlpM+ibRR20qrYActpCAgU6U+d53EOEjzkvxPMVHSlgR7leXrQ==", + "dev": true, + "dependencies": { + "@isaacs/cliui": "^8.0.2" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + }, + "optionalDependencies": { + "@pkgjs/parseargs": "^0.11.0" } }, "node_modules/js-yaml": { @@ -193,15 +340,15 @@ } }, "node_modules/jsonc-parser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.0.0.tgz", - "integrity": "sha512-fQzRfAbIBnR0IQvftw9FJveWiHp72Fg20giDrHz6TdfB12UH/uue0D3hm57UB5KgAVuniLMCaS8P1IMj9NR7cA==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.0.tgz", + "integrity": "sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==", "dev": true }, "node_modules/linkify-it": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", - "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz", + "integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==", "dev": true, "dependencies": { "uc.micro": "^1.0.1" @@ -213,15 +360,24 @@ "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", "dev": true }, + "node_modules/lru-cache": { + "version": "9.1.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-9.1.1.tgz", + "integrity": "sha512-65/Jky17UwSb0BuB9V+MyDpsOtXKmYwzhyl+cOa9XUiI4uV2Ouy/2voFP3+al0BjZbJgMBD8FojMpAf+Z+qn4A==", + "dev": true, + "engines": { + "node": "14 || >=16.14" + } + }, "node_modules/markdown-it": { - "version": "12.3.2", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", - "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", + "version": "13.0.1", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz", + "integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==", "dev": true, "dependencies": { "argparse": "^2.0.1", - "entities": "~2.1.0", - "linkify-it": "^3.0.1", + "entities": "~3.0.1", + "linkify-it": "^4.0.1", "mdurl": "^1.0.1", "uc.micro": "^1.0.5" }, @@ -243,67 +399,104 @@ } }, "node_modules/markdownlint": { - "version": "0.25.1", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.25.1.tgz", - "integrity": "sha512-AG7UkLzNa1fxiOv5B+owPsPhtM4D6DoODhsJgiaNg1xowXovrYgOnLqAgOOFQpWOlHFVQUzjMY5ypNNTeov92g==", + "version": "0.28.2", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.28.2.tgz", + "integrity": "sha512-yYaQXoKKPV1zgrFsyAuZPEQoe+JrY9GDag9ObKpk09twx4OCU5lut+0/kZPrQ3W7w82SmgKhd7D8m34aG1unVw==", "dev": true, "dependencies": { - "markdown-it": "12.3.2" + "markdown-it": "13.0.1", + "markdownlint-micromark": "0.1.2" }, "engines": { - "node": ">=12" + "node": ">=14.18.0" } }, "node_modules/markdownlint-cli": { - "version": "0.31.1", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.31.1.tgz", - "integrity": "sha512-keIOMwQn+Ch7MoBwA+TdkyVMuxAeZFEGmIIlvwgV0Z1TGS5MxPnRr29XCLhkNzCHU+uNKGjU+VEjLX+Z9kli6g==", + "version": "0.34.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.34.0.tgz", + "integrity": "sha512-4G9I++VBTZkaye6Yfc/7dU6HQHcyldZEVB+bYyQJLcpJOHKk/q5ZpGqK80oKMIdlxzsA3aWOJLZ4DkoaoUWXbQ==", "dev": true, "dependencies": { - "commander": "~9.0.0", + "commander": "~10.0.1", "get-stdin": "~9.0.0", - "glob": "~7.2.0", - "ignore": "~5.2.0", + "glob": "~10.2.2", + "ignore": "~5.2.4", "js-yaml": "^4.1.0", - "jsonc-parser": "~3.0.0", - "markdownlint": "~0.25.1", - "markdownlint-rule-helpers": "~0.16.0", - "minimatch": "~3.0.5", - "run-con": "~1.2.10" + "jsonc-parser": "~3.2.0", + "markdownlint": "~0.28.2", + "minimatch": "~9.0.0", + "run-con": "~1.2.11" }, "bin": { "markdownlint": "markdownlint.js" }, "engines": { - "node": ">=12" + "node": ">=14" + } + }, + "node_modules/markdownlint-cli/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0" } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", - "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", "dev": true, "engines": { - "node": "^12.20.0 || >=14" + "node": ">=14" + } + }, + "node_modules/markdownlint-cli/node_modules/glob": { + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.2.2.tgz", + "integrity": "sha512-Xsa0BcxIC6th9UwNjZkhrMtNo/MnyRL8jGCP+uEwhA5oFOCY1f2s1/oNKY47xQ0Bg5nkjsfAEIej1VeH62bDDQ==", + "dev": true, + "dependencies": { + "foreground-child": "^3.1.0", + "jackspeak": "^2.0.3", + "minimatch": "^9.0.0", + "minipass": "^5.0.0", + "path-scurry": "^1.7.0" + }, + "bin": { + "glob": "dist/cjs/src/bin.js" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" } }, "node_modules/markdownlint-cli/node_modules/minimatch": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", - "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.0.tgz", + "integrity": "sha512-0jJj8AvgKqWN05mrwuqi8QYKx1WmYSUoKSxu5Qhs9prezTz10sxAHGNZe9J9cqIJzta8DWsleh2KaVaLl6Ru2w==", "dev": true, "dependencies": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.1" }, "engines": { - "node": "*" + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/markdownlint-rule-helpers": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.16.0.tgz", - "integrity": "sha512-oEacRUVeTJ5D5hW1UYd2qExYI0oELdYK72k1TKGvIeYJIbqQWAz476NAc7LNixSySUhcNl++d02DvX0ccDk9/w==", - "dev": true + "node_modules/markdownlint-micromark": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.2.tgz", + "integrity": "sha512-jRxlQg8KpOfM2IbCL9RXM8ZiYWz2rv6DlZAnGv8ASJQpUh6byTBnEsbuMZ6T2/uIgntyf7SKg/mEaEBo1164fQ==", + "dev": true, + "engines": { + "node": ">=14.18.0" + } }, "node_modules/mdurl": { "version": "1.0.1", @@ -324,10 +517,22 @@ } }, "node_modules/minimist": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", - "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", - "dev": true + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dev": true, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/minipass": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", + "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==", + "dev": true, + "engines": { + "node": ">=8" + } }, "node_modules/once": { "version": "1.4.0", @@ -347,6 +552,31 @@ "node": ">=0.10.0" } }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/path-scurry": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.7.0.tgz", + "integrity": "sha512-UkZUeDjczjYRE495+9thsgcVgsaCPkaw80slmfVFgllxY+IO8ubTsOpFVjDPROBqJdHfVPUFRHPBV/WciOVfWg==", + "dev": true, + "dependencies": { + "lru-cache": "^9.0.0", + "minipass": "^5.0.0" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/repeat-string": { "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", @@ -357,20 +587,149 @@ } }, "node_modules/run-con": { - "version": "1.2.10", - "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.10.tgz", - "integrity": "sha512-n7PZpYmMM26ZO21dd8y3Yw1TRtGABjRtgPSgFS/nhzfvbJMXFtJhJVyEgayMiP+w/23craJjsnfDvx4W4ue/HQ==", + "version": "1.2.11", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.11.tgz", + "integrity": "sha512-NEMGsUT+cglWkzEr4IFK21P4Jca45HqiAbIIZIBdX5+UZTB24Mb/21iNGgz9xZa8tL6vbW7CXmq7MFN42+VjNQ==", "dev": true, "dependencies": { "deep-extend": "^0.6.0", - "ini": "~2.0.0", - "minimist": "^1.2.5", + "ini": "~3.0.0", + "minimist": "^1.2.6", "strip-json-comments": "~3.1.1" }, "bin": { "run-con": "cli.js" } }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dev": true, + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/signal-exit": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.0.1.tgz", + "integrity": "sha512-uUWsN4aOxJAS8KOuf3QMyFtgm1pkb6I+KRZbRF/ghdf5T7sM+B1lLLzPDxswUjkmHyxQAVzEgG35E3NzDM9GVw==", + "dev": true, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/string-width": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "dev": true, + "dependencies": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/string-width-cjs": { + "name": "string-width", + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/string-width-cjs/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/string-width-cjs/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "node_modules/string-width-cjs/node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.0.1.tgz", + "integrity": "sha512-cXNxvT8dFNRVfhVME3JAe98mkXDYN2O1l7jmcwMnOslDeESg1rF/OZMtK0nRAhiari1unG5cD4jG3rapUAkLbw==", + "dev": true, + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/strip-ansi-cjs": { + "name": "strip-ansi", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi-cjs/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/strip-json-comments": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", @@ -389,333 +748,126 @@ "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", "dev": true }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/wrap-ansi": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", + "dev": true, + "dependencies": { + "ansi-styles": "^6.1.0", + "string-width": "^5.0.1", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi-cjs": { + "name": "wrap-ansi", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "node_modules/wrap-ansi-cjs/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "dev": true }, "node_modules/yaml": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.3.tgz", - "integrity": "sha512-AacA8nRULjKMX2DvWvOAdBZMOfQlypSFkjcOcu9FalllIDJ1kvlREzcdIZmidQUqqeMv7jorHjq2HlLv/+c2lg==", + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.2.2.tgz", + "integrity": "sha512-CBKFWExMn46Foo4cldiChEzn7S7SRV+wqiluAb6xmueD/fGyRHIhX8m14vVGgeFWjN540nKCNVj6P21eQjgTuA==", "dev": true, "engines": { "node": ">= 14" } } - }, - "dependencies": { - "@bitnami/readme-generator-for-helm": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.4.2.tgz", - "integrity": "sha512-2kIXOjRiKJ3PBoBD6EaImp4SNyGM/w67ZPPwbuJi5NeXesupQjFyhIhcKliIledlpuiSrMeH9l80yl6hvmYHUA==", - "dev": true, - "requires": { - "commander": "^7.1.0", - "dot-object": "^2.1.4", - "lodash": "^4.17.21", - "markdown-table": "^2.0.0", - "yaml": "^2.0.0-3" - } - }, - "argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true - }, - "balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", - "dev": true - }, - "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "dev": true, - "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, - "commander": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", - "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", - "dev": true - }, - "concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", - "dev": true - }, - "deep-extend": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", - "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", - "dev": true - }, - "dot-object": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/dot-object/-/dot-object-2.1.4.tgz", - "integrity": "sha512-7FXnyyCLFawNYJ+NhkqyP9Wd2yzuo+7n9pGiYpkmXCTYa8Ci2U0eUNDVg5OuO5Pm6aFXI2SWN8/N/w7SJWu1WA==", - "dev": true, - "requires": { - "commander": "^4.0.0", - "glob": "^7.1.5" - }, - "dependencies": { - "commander": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", - "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", - "dev": true - } - } - }, - "entities": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", - "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==", - "dev": true - }, - "fs.realpath": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", - "dev": true - }, - "get-stdin": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", - "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", - "dev": true - }, - "glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "dev": true, - "requires": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - } - }, - "ignore": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", - "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", - "dev": true - }, - "inflight": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", - "dev": true, - "requires": { - "once": "^1.3.0", - "wrappy": "1" - } - }, - "inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "dev": true - }, - "ini": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", - "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", - "dev": true - }, - "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, - "requires": { - "argparse": "^2.0.1" - } - }, - "jsonc-parser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.0.0.tgz", - "integrity": "sha512-fQzRfAbIBnR0IQvftw9FJveWiHp72Fg20giDrHz6TdfB12UH/uue0D3hm57UB5KgAVuniLMCaS8P1IMj9NR7cA==", - "dev": true - }, - "linkify-it": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", - "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", - "dev": true, - "requires": { - "uc.micro": "^1.0.1" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", - "dev": true - }, - "markdown-it": { - "version": "12.3.2", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", - "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", - "dev": true, - "requires": { - "argparse": "^2.0.1", - "entities": "~2.1.0", - "linkify-it": "^3.0.1", - "mdurl": "^1.0.1", - "uc.micro": "^1.0.5" - } - }, - "markdown-table": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz", - "integrity": "sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==", - "dev": true, - "requires": { - "repeat-string": "^1.0.0" - } - }, - "markdownlint": { - "version": "0.25.1", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.25.1.tgz", - "integrity": "sha512-AG7UkLzNa1fxiOv5B+owPsPhtM4D6DoODhsJgiaNg1xowXovrYgOnLqAgOOFQpWOlHFVQUzjMY5ypNNTeov92g==", - "dev": true, - "requires": { - "markdown-it": "12.3.2" - } - }, - "markdownlint-cli": { - "version": "0.31.1", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.31.1.tgz", - "integrity": "sha512-keIOMwQn+Ch7MoBwA+TdkyVMuxAeZFEGmIIlvwgV0Z1TGS5MxPnRr29XCLhkNzCHU+uNKGjU+VEjLX+Z9kli6g==", - "dev": true, - "requires": { - "commander": "~9.0.0", - "get-stdin": "~9.0.0", - "glob": "~7.2.0", - "ignore": "~5.2.0", - "js-yaml": "^4.1.0", - "jsonc-parser": "~3.0.0", - "markdownlint": "~0.25.1", - "markdownlint-rule-helpers": "~0.16.0", - "minimatch": "~3.0.5", - "run-con": "~1.2.10" - }, - "dependencies": { - "commander": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", - "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", - "dev": true - }, - "minimatch": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", - "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", - "dev": true, - "requires": { - "brace-expansion": "^1.1.7" - } - } - } - }, - "markdownlint-rule-helpers": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.16.0.tgz", - "integrity": "sha512-oEacRUVeTJ5D5hW1UYd2qExYI0oELdYK72k1TKGvIeYJIbqQWAz476NAc7LNixSySUhcNl++d02DvX0ccDk9/w==", - "dev": true - }, - "mdurl": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==", - "dev": true - }, - "minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", - "dev": true, - "requires": { - "brace-expansion": "^1.1.7" - } - }, - "minimist": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", - "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", - "dev": true - }, - "once": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", - "dev": true, - "requires": { - "wrappy": "1" - } - }, - "path-is-absolute": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", - "dev": true - }, - "repeat-string": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", - "integrity": "sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==", - "dev": true - }, - "run-con": { - "version": "1.2.10", - "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.10.tgz", - "integrity": "sha512-n7PZpYmMM26ZO21dd8y3Yw1TRtGABjRtgPSgFS/nhzfvbJMXFtJhJVyEgayMiP+w/23craJjsnfDvx4W4ue/HQ==", - "dev": true, - "requires": { - "deep-extend": "^0.6.0", - "ini": "~2.0.0", - "minimist": "^1.2.5", - "strip-json-comments": "~3.1.1" - } - }, - "strip-json-comments": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", - "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", - "dev": true - }, - "uc.micro": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", - "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", - "dev": true - }, - "wrappy": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", - "dev": true - }, - "yaml": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.1.3.tgz", - "integrity": "sha512-AacA8nRULjKMX2DvWvOAdBZMOfQlypSFkjcOcu9FalllIDJ1kvlREzcdIZmidQUqqeMv7jorHjq2HlLv/+c2lg==", - "dev": true - } } } diff --git a/package.json b/package.json index deaa802..53906d2 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "readme:parameters": "readme-generator -v values.yaml -r README.md" }, "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.4.2", - "markdownlint-cli": "^0.31.1" + "@bitnami/readme-generator-for-helm": "^2.5.0", + "markdownlint-cli": "^0.34.0" } } -- 2.40.1 From 9c7e85a2bb072d431662785db94078faadcabbcc Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 13 May 2023 18:11:14 +0800 Subject: [PATCH 178/390] Sign helm releases (#427) fix #31 First stab, need to iterate most likely. @techknowlogick @lunny Could one of you add the GPG secrets here so the signing can be tested? Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/427 Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- .gitea/workflows/release-version.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index b30ee7f..239cd37 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -19,24 +19,35 @@ jobs: apt update -y apt install -y python helm python3-pip apt-transport-https pip install awscli + + - name: Import GPG key + id: import_gpg + uses: https://github.com/crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPGSIGN_KEY }} + passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} + fingerprint: CC64B1DB67ABBEECAB24B6455FC346329753F4B0 + + # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | + # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved + helm plugin install https://github.com/pat-s/helm-gpg helm dependency update helm package --version "${GITHUB_REF#refs/tags/v}" ./ + helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea mv gitea*.tgz gitea/ curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml + - name: aws credential configure uses: https://github.com/aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ secrets.AWS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} - - name: install aws cli - run: | - apt update -y && - pip install awscli + - name: Copy files to S3 and clear cache run: | aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/ -- 2.40.1 From 0ca013647d937bd5294331d72e72e2da0ff5ad39 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 24 May 2023 05:01:22 +0800 Subject: [PATCH 179/390] Set `$HOME` to `/data/gitea/git` for rootless image (#447) fix #396 Set the default of `$HOME` to `/data/gitea/git` for rootless images to make chart openshift compliant. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/447 Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- templates/gitea/statefulset.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index b11813b..afa9c05 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -173,6 +173,10 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea + {{- if .Values.image.rootless }} + - name: HOME + value: /data/gitea/git + {{- end }} {{- if .Values.gitea.ldap }} {{- range $idx, $value := .Values.gitea.ldap }} {{- if $value.existingSecret }} @@ -268,6 +272,10 @@ spec: value: /tmp/gitea - name: TMPDIR value: /tmp/gitea + {{- if .Values.image.rootless }} + - name: HOME + value: /data/gitea/git + {{- end }} {{- if .Values.signing.enabled }} - name: GNUPGHOME value: {{ .Values.signing.gpgHome }} -- 2.40.1 From 5e5496f15d90755a6fb09b12c5e5389386707ee2 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Wed, 31 May 2023 08:47:58 +0000 Subject: [PATCH 180/390] Add support for ServiceAccount configuration (#451) ### Description of the change This adds a new values object `serviceAccount`, that allows creating a dedicated ServiceAccount with the Helm Release into the cluster. It supports all common options like labels, annotations, name override (or referring to an externally created ServiceAccount), auto-mount token, image pull secrets. It supersedes the stale PR #357. ### Benefits Users can deploy Gitea with more fine-tuned security settings. ### Applicable issues - related to #448 ### Additional information I've bumped the helm-unittest plugin in the CI build, to be able to use the `exists` and `notExists` feature in the new tests. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/451 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/workflows/test-pr.yml | 2 +- CONTRIBUTING.md | 2 + README.md | 11 ++++ templates/_helpers.tpl | 4 ++ templates/gitea/serviceaccount.yaml | 21 +++++++ templates/gitea/statefulset.yaml | 3 + unittests/serviceaccount/basic.yaml | 82 +++++++++++++++++++++++++ unittests/serviceaccount/reference.yaml | 32 ++++++++++ values.yaml | 17 +++++ 9 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 templates/gitea/serviceaccount.yaml create mode 100644 unittests/serviceaccount/basic.yaml create mode 100644 unittests/serviceaccount/reference.yaml diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index ea06564..7c351cd 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -26,7 +26,7 @@ jobs: helm template --debug gitea-helm . - name: unit tests run: | - helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest + helm plugin install --version 0.3.3 https://github.com/helm-unittest/helm-unittest make unittests - name: verify readme run: | diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7f8f4f0..255d0ee 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -61,3 +61,5 @@ $ helm plugin install https://github.com/helm-unittest/helm-unittest # run the unittests make unittests ``` + +See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions. diff --git a/README.md b/README.md index 34f7e99..ca052a3 100644 --- a/README.md +++ b/README.md @@ -655,6 +655,17 @@ gitea: | `statefulset.labels` | Labels for the statefulset | `{}` | | `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | +### ServiceAccount + +| Name | Description | Value | +| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Enable the creation of a ServiceAccount | `false` | +| `serviceAccount.name` | Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. | `""` | +| `serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `serviceAccount.imagePullSecrets` | Image pull secrets, available to the ServiceAccount | `[]` | +| `serviceAccount.annotations` | Custom annotations for the ServiceAccount | `{}` | +| `serviceAccount.labels` | Custom labels for the ServiceAccount | `{}` | + ### Persistence | Name | Description | Value | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 97c286c..51ec558 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -311,3 +311,7 @@ https {{- define "gitea.gpg-key-secret-name" -}} {{ default (printf "%s-gpg-key" (include "gitea.fullname" .)) .Values.signing.existingSecret }} {{- end -}} + +{{- define "gitea.serviceAccountName" -}} +{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} +{{- end -}} diff --git a/templates/gitea/serviceaccount.yaml b/templates/gitea/serviceaccount.yaml new file mode 100644 index 0000000..e730f9c --- /dev/null +++ b/templates/gitea/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gitea.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- . | toYaml | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- . | toYaml | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- with .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- end }} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index afa9c05..9867dd2 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -39,6 +39,9 @@ spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} + {{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }} + serviceAccountName: {{ include "gitea.serviceAccountName" . }} + {{- end }} {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} diff --git a/unittests/serviceaccount/basic.yaml b/unittests/serviceaccount/basic.yaml new file mode 100644 index 0000000..73d8e1e --- /dev/null +++ b/unittests/serviceaccount/basic.yaml @@ -0,0 +1,82 @@ +suite: ServiceAccount template (basic) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/serviceaccount.yaml +tests: + - it: skips rendering by default + asserts: + - hasDocuments: + count: 0 + - it: renders default ServiceAccount object with serviceAccount.create=true + set: + serviceAccount.create: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + name: gitea-unittests + - equal: + path: automountServiceAccountToken + value: false + - notExists: + path: imagePullSecrets + - notExists: + path: metadata.annotations + - it: allows for adding custom labels + set: + serviceAccount: + create: true + labels: + custom: label + asserts: + - equal: + path: metadata.labels.custom + value: label + - it: allows for adding custom annotations + set: + serviceAccount: + create: true + annotations: + myCustom: annotation + asserts: + - equal: + path: metadata.annotations.myCustom + value: annotation + - it: allows to override the generated name + set: + serviceAccount: + create: true + name: provided-serviceaccount-name + asserts: + - equal: + path: metadata.name + value: provided-serviceaccount-name + - it: allows to mount the token + set: + serviceAccount: + create: true + automountServiceAccountToken: true + asserts: + - equal: + path: automountServiceAccountToken + value: true + - it: allows to reference image pull secrets + set: + serviceAccount: + create: true + imagePullSecrets: + - name: testing-image-pull-secret + - name: another-pull-secret + asserts: + - contains: + path: imagePullSecrets + content: + name: testing-image-pull-secret + - contains: + path: imagePullSecrets + content: + name: another-pull-secret diff --git a/unittests/serviceaccount/reference.yaml b/unittests/serviceaccount/reference.yaml new file mode 100644 index 0000000..9c01594 --- /dev/null +++ b/unittests/serviceaccount/reference.yaml @@ -0,0 +1,32 @@ +suite: ServiceAccount template (reference) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/serviceaccount.yaml + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: does not modify the StatefulSet by default + template: templates/gitea/statefulset.yaml + asserts: + - notExists: + path: spec.serviceAccountName + - it: adds the reference to the StatefulSet with serviceAccount.create=true + template: templates/gitea/statefulset.yaml + set: + serviceAccount.create: true + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: gitea-unittests + - it: allows referencing an externally created ServiceAccount to the StatefulSet + template: templates/gitea/statefulset.yaml + set: + serviceAccount: + create: false # explicitly set to define rendering behavior + name: "externally-existing-serviceaccount" + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: externally-existing-serviceaccount diff --git a/values.yaml b/values.yaml index 4e3e085..a73a88b 100644 --- a/values.yaml +++ b/values.yaml @@ -205,6 +205,23 @@ statefulset: labels: {} annotations: {} +## @section ServiceAccount + +## @param serviceAccount.create Enable the creation of a ServiceAccount +## @param serviceAccount.name Name of the created ServiceAccount, defaults to release name. Can also link to an externally provided ServiceAccount that should be used. +## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token +## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount +## @param serviceAccount.annotations Custom annotations for the ServiceAccount +## @param serviceAccount.labels Custom labels for the ServiceAccount +serviceAccount: + create: false + name: "" + automountServiceAccountToken: false + imagePullSecrets: [] + # - name: private-registry-access + annotations: {} + labels: {} + ## @section Persistence # ## @param persistence.enabled Enable persistent storage -- 2.40.1 From b11c9c7568b7612feb90febed9f016f40dfb923c Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 11 Jun 2023 08:15:59 +0000 Subject: [PATCH 181/390] Add unittests to PR checklist (#455) ### Description of the change This should clarify that we more and more rely on unittests for the templating behavior. ### Applicable issues - fixes #199 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/455 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/PULL_REQUEST_TEMPLATE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/PULL_REQUEST_TEMPLATE.md b/.gitea/PULL_REQUEST_TEMPLATE.md index 1121296..01ad275 100644 --- a/.gitea/PULL_REQUEST_TEMPLATE.md +++ b/.gitea/PULL_REQUEST_TEMPLATE.md @@ -39,3 +39,4 @@ - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [ ] Breaking changes are documented in the `README.md` +- [ ] Templating unittests are added -- 2.40.1 From aa33330abeee32b3f1937322fa71e80112f83539 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 17 Jun 2023 22:15:49 +0000 Subject: [PATCH 182/390] Add upgrading note WRT to postgres major version update (#458) Should help users with their move from PG 11 to 15. Thanks again @pi3ch! Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/458 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index ca052a3..a2f676f 100644 --- a/README.md +++ b/README.md @@ -809,6 +809,10 @@ With respect to `values.yaml`, parameters `username`, `database` and `password` `persistence` has also been regrouped under the `primary` key. Please adjust your `values.yaml` accordingly. +**Attention**: The Postgres upgrade is not automatically handled by the chart and must be done by yourself. +See [this comment](https://gitea.com/gitea/helm-chart/issues/452#issuecomment-740885) for an extensive walkthrough. +We again highly encourage users to use an external (managed) database for production instances. + ### To 7.0.0 #### Private GPG key configuration for Gitea signing actions -- 2.40.1 From 5ed140088e4a9d2b1191876100ab9ae528e279f2 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 27 Jun 2023 20:32:01 +0000 Subject: [PATCH 183/390] Set `image.rootless` to true by default (#449) fix #432 Assuming that "everybody" is meanwhile on > 1.14. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/449 --- README.md | 2 +- .../init_directory_structure.sh-rootless.yaml | 68 +++++++++++++++++++ .../init/init_directory_structure.sh.yaml | 4 ++ values.yaml | 2 +- 4 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 unittests/init/init_directory_structure.sh-rootless.yaml diff --git a/README.md b/README.md index a2f676f..d4259c9 100644 --- a/README.md +++ b/README.md @@ -587,7 +587,7 @@ gitea: | `image.repository` | Image to start for this pod | `gitea/gitea` | | `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | | `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | | `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml new file mode 100644 index 0000000..854bcce --- /dev/null +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -0,0 +1,68 @@ +suite: Init template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/init.yaml +tests: + - it: runs gpg in batch mode + set: + signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- + asserts: + - equal: + path: stringData["configure_gpg_environment.sh"] + value: |- + #!/usr/bin/env bash + set -eu + + gpg --batch --import /raw/private.asc + - it: skips gpg script block for disabled signing + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + - it: adds gpg script block for enabled signing + set: + signing.enabled: true + signing.privateKey: |- + -----BEGIN PGP PRIVATE KEY BLOCK----- + {placeholder} + -----END PGP PRIVATE KEY BLOCK----- + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + + if [ ! -d "${GNUPGHOME}" ]; then + mkdir -p "${GNUPGHOME}" + chmod 700 "${GNUPGHOME}" + chown 1000:1000 "${GNUPGHOME}" + fi diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml index ddfa981..7e59404 100644 --- a/unittests/init/init_directory_structure.sh.yaml +++ b/unittests/init/init_directory_structure.sh.yaml @@ -7,6 +7,7 @@ templates: tests: - it: runs gpg in batch mode set: + image.rootless: false signing.enabled: true signing.privateKey: |- -----BEGIN PGP PRIVATE KEY BLOCK----- @@ -21,6 +22,8 @@ tests: gpg --batch --import /raw/private.asc - it: skips gpg script block for disabled signing + set: + image.rootless: false asserts: - equal: path: stringData["init_directory_structure.sh"] @@ -41,6 +44,7 @@ tests: chmod ug+rwx "${GITEA_TEMP}" - it: adds gpg script block for enabled signing set: + image.rootless: false signing.enabled: true signing.privateKey: |- -----BEGIN PGP PRIVATE KEY BLOCK----- diff --git a/values.yaml b/values.yaml index a73a88b..c37edc2 100644 --- a/values.yaml +++ b/values.yaml @@ -38,7 +38,7 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "" pullPolicy: Always - rootless: false # only possible when running 1.14 or later + rootless: true ## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] -- 2.40.1 From 81252dcb18c0209e8c06106c034d9ab300ee0d66 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 28 Jun 2023 06:54:22 +0000 Subject: [PATCH 184/390] Add toc to README and lint contributing.md (#461) ### Description of the change - Add ToC to README for easier navigation (and add note to `contributing.md`) - Fix some heading levels in README - Put upgrading notes into collapsible blocks - Format `contributing.md` according to MD rules - Allow `details` and `summary` elements in README - Allow for longer headings ### Benefits Better documentation ### Possible drawbacks None Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/461 Co-authored-by: pat-s Co-committed-by: pat-s --- .markdownlint.yaml | 4 +- CONTRIBUTING.md | 29 ++++++------ README.md | 114 ++++++++++++++++++++++++++++++++++----------- 3 files changed, 102 insertions(+), 45 deletions(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 305545f..7b0c356 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -47,7 +47,7 @@ MD013: # Number of characters line_length: 200 # Number of characters for headings - heading_line_length: 80 + heading_line_length: 100 # Number of characters for code blocks code_block_line_length: 80 # Include code blocks @@ -106,7 +106,7 @@ MD030: # MD033/no-inline-html - Inline HTML MD033: # Allowed elements - allowed_elements: [] + allowed_elements: [details, summary] # MD035/hr-style - Horizontal rule style MD035: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 255d0ee..ea00fdc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,12 +18,12 @@ When using Visual Studio Code as IDE, following plugins might be useful: ## Documentation Requirements -The `README.md` must include all configuration options. The parameters section -is generated by extracting the parameter annotations from the `values.yaml` file, -by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). +The `README.md` must include all configuration options. +The parameters section is generated by extracting the parameter annotations from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). -If changes were made on configuration options, run `make readme` to update the -README file. +If changes were made on configuration options, run `make readme` to update the README file. + +The ToC is created via the VSCode [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) extension which can/must also be used used to update it. ## Pull Request Requirements @@ -41,16 +41,15 @@ For local development and testing of pull requests, the following workflow can be used: 1. Install `minikube` and `helm`. -2. Start a `minikube` cluster via `minikube start`. -3. From the `gitea/helm-chart` directory execute the following command. This - will install the dependencies listed in `Chart.yml` and deploy the current - state of the helm chart found locally. If you want to test a branch, make - sure to switch to the respective branch first. - `helm install --dependency-update gitea . -f values.yaml`. -4. Gitea is now deployed in `minikube`. To access it, it's port needs to be - forwarded first from `minikube` to localhost first via `kubectl --namespace - default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at - [http://localhost:3000](http://localhost:3000). +1. Start a `minikube` cluster via `minikube start`. +1. From the `gitea/helm-chart` directory execute the following command. + This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally. + If you want to test a branch, make sure to switch to the respective branch first. + `helm install --dependency-update gitea . -f values.yaml`. +1. Gitea is now deployed in `minikube`. + To access it, it's port needs to be forwarded first from `minikube` to localhost first via `kubectl --namespace +default port-forward svc/gitea-http 3000:3000`. + Now Gitea is accessible at [http://localhost:3000](http://localhost:3000). ### Unit tests diff --git a/README.md b/README.md index d4259c9..766f04f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,46 @@ -# Gitea Helm Chart +# Gitea Helm Chart + +- [Introduction](#introduction) +- [Update and versioning policy](#update-and-versioning-policy) +- [Dependencies](#dependencies) +- [Installing](#installing) +- [Prerequisites](#prerequisites) +- [Configuration](#configuration) + - [Default Configuration](#default-configuration) + - [Additional _app.ini_ settings](#additional-appini-settings) + - [External Database](#external-database) + - [Ports and external url](#ports-and-external-url) + - [ClusterIP](#clusterip) + - [SSH and Ingress](#ssh-and-ingress) + - [SSH on crio based kubernetes cluster](#ssh-on-crio-based-kubernetes-cluster) + - [Cache](#cache) + - [Persistence](#persistence) + - [Admin User](#admin-user) + - [LDAP Settings](#ldap-settings) + - [OAuth2 Settings](#oauth2-settings) +- [Configure commit signing](#configure-commit-signing) +- [Metrics and profiling](#metrics-and-profiling) +- [Pod annotations](#pod-annotations) +- [Parameters](#parameters) + - [Global](#global) + - [Image](#image) + - [Security](#security) + - [Service](#service) + - [Ingress](#ingress) + - [StatefulSet](#statefulset) + - [ServiceAccount](#serviceaccount) + - [Persistence](#persistence-1) + - [Init](#init) + - [Signing](#signing) + - [Gitea](#gitea) + - [LivenessProbe](#livenessprobe) + - [ReadinessProbe](#readinessprobe) + - [StartupProbe](#startupprobe) + - [Memcached](#memcached) + - [PostgreSQL](#postgresql) + - [Advanced](#advanced) +- [Contributing](#contributing) +- [Upgrading](#upgrading) [Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. @@ -51,9 +93,7 @@ When upgrading, please refer to the [Upgrading](#upgrading) section at the botto - Helm 3.0+ - PV provisioner for persistent data support -## Examples - -### Gitea Configuration +## Configuration Gitea offers lots of configuration options. This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). @@ -538,7 +578,7 @@ signing: To use the gpg key, Gitea needs to be configured accordingly. A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). -### Metrics and profiling +## Metrics and profiling A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics endpoint is exposed via the ingress, manage access using ingress annotations for example. @@ -557,7 +597,7 @@ gitea: ENABLE_PPROF: true ``` -### Pod Annotations +## Pod annotations Annotations can be added to the Gitea pod. @@ -794,14 +834,16 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. This section lists major and breaking changes of each Helm Chart version. Please read them carefully to upgrade successfully. -### To 8.0.0 +
-#### Removal of MariaDB and MySQL DB chart dependencies +To 8.0.0 + +### Removal of MariaDB and MySQL DB chart dependencies In this version support for DB chart dependencies of MySQL and MariaDB have been removed to simplify the maintenance of the helm chart. External MySQL and MariaDB databases are still supported and will be in the future. -#### Postgres Update from v11 to v15 +### Postgres Update from v11 to v15 This Chart version updates the Postgres chart dependency and subsequently Postgres from v11 to v15. Please read the [Postgres Release Notes](https://www.postgresql.org/docs/release/) for version-specific changes. @@ -813,16 +855,24 @@ Please adjust your `values.yaml` accordingly. See [this comment](https://gitea.com/gitea/helm-chart/issues/452#issuecomment-740885) for an extensive walkthrough. We again highly encourage users to use an external (managed) database for production instances. -### To 7.0.0 +
-#### Private GPG key configuration for Gitea signing actions +
+ +To 7.0.0 + +### Private GPG key configuration for Gitea signing actions Having `signing.enabled=true` now requires to use either `signing.privateKey` or `signing.existingSecret` so that the Chart can automatically prepare the GPG key for Gitea internal signing actions. See [Configure commit signing](#configure-commit-signing) for details. -### To 6.0.0 +
-#### Different volume mounts for init-containers and runtime container +
+ +To 6.0.0 + +### Different volume mounts for init-containers and runtime container **The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and `extraContainerVolumeMounts`. You can now have different mounts for the initialization phase and Gitea runtime. @@ -831,7 +881,7 @@ If you want to switch to the new settings and want to mount specific volumes int **Combining values from the deprecated setting with values from the new settings is not possible.** -#### New `enabled` flag for `startupProbe` +### New `enabled` flag for `startupProbe` Prior to this version the `startupProbe` was just a commented sample within the `values.yaml`. With the migration to an auto-generated [Parameters](#parameters) section, a new parameter `gitea.startupProbe.enabled` has been introduced set to @@ -840,11 +890,15 @@ With the migration to an auto-generated [Parameters](#parameters) section, a new If you are using the `startupProbe` you need to add that new parameter and set it to `true`. Otherwise, your defined probe won't be considered after the upgrade. -### To 5.0.0 +
+ +
+ +To 5.0.0 > 💥 The Helm Chart now requires Gitea versions of at least 1.11.0. -#### Enable Dependencies +### Enable Dependencies The values to enable the dependencies, such as PostgreSQL, Memcached, MySQL and MariaDB have been moved from `gitea.database.builtIn.` to the dependency values. @@ -864,12 +918,12 @@ mariadb: enabled: false ``` -#### App.ini generation +### App.ini generation The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions. This change ensures, that the app.ini is now persistent. -##### Secret Key generation +### Secret Key generation Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated automatically in certain situations: @@ -882,7 +936,7 @@ Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated aut > However, this it is not advisable to do so for existing installations. > Certain settings like _LDAP_ would not be readable anymore. -#### Probes +### Probes `gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` have been removed. @@ -899,16 +953,20 @@ gitea: podAnnotations: {} ``` -#### Multiple OAuth and LDAP authentication sources +### Multiple OAuth and LDAP authentication sources With `5.0.0` of this Chart it is now possible to configure Gitea with multiple OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration in your customized `values.yaml` by replacing the object with settings to a list of settings objects. See [OAuth2 Settings](#oauth2-settings) and [LDAP Settings](#ldap-settings) section for details. -### To 4.0.0 +
-#### Ingress changes +
+ +To 4.0.0 + +### Ingress changes To provide a more flexible Ingress configuration we now support not only host settings but also provide configuration for the path and pathType. So this change changes the hosts from a simple string list, to a list containing a more complex object for more configuration. @@ -940,12 +998,12 @@ paths: pathType: Prefix ``` -#### Dropped kebab-case support +### Dropped kebab-case support In 3.x.x it was possible to provide an ldap configuration via kebab-case, this support has now been dropped and only camel case is supported. See [LDAP section](#ldap-settings) for more information. -#### Dependency update +### Dependency update The chart comes with multiple databases and Memcached as dependency, the latest release updated the dependencies. @@ -955,7 +1013,7 @@ The chart comes with multiple databases and Memcached as dependency, the latest If you're using the builtin databases you will most likely redeploy the chart in order to update the database correctly. -#### Execution of initPreScript +### Execution of initPreScript Generally spoken, this might not be a breaking change, but it is worth to be mentioned. @@ -965,11 +1023,11 @@ This also includes the execution of _initPreScript_. If you have such script, please be aware of this. Dynamically prepare the Gitea setup during execution by e.g. adding environment variables to the execution context won't work anymore. -### Misc - -#### Gitea Version 1.14.X repository ROOT +### Gitea Version 1.14.X repository ROOT Previously the ROOT folder for the Gitea repositories was located at `/data/git/gitea-repositories`. In version `1.14` has the path been changed to `/data/gitea-repositories`. This chart will set the `gitea.config.repository.ROOT` value default to `/data/git/gitea-repositories`. + +
-- 2.40.1 From 868c029e4dc7ba3533d065516a1afbabc6791010 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 28 Jun 2023 06:57:19 +0000 Subject: [PATCH 185/390] Document how to add custom themes (#460) ### Description of the change Add documentation how to add custom themes ### Benefits ### Possible drawbacks ### Applicable issues - fixes #301 ### Additional information ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` - [x] Templating unittests are added Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/460 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/README.md b/README.md index 766f04f..cbe9708 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ - [Configure commit signing](#configure-commit-signing) - [Metrics and profiling](#metrics-and-profiling) - [Pod annotations](#pod-annotations) +- [Themes](#themes) - [Parameters](#parameters) - [Global](#global) - [Image](#image) @@ -606,6 +607,48 @@ gitea: podAnnotations: {} ``` +## Themes + +Custom themes can be added via k8s secrets and referencing them in `values.yaml`. + +```yaml +extraVolumes: + - name: gitea-themes + secret: + secretName: gitea-themes + +extraVolumeMounts: + - name: gitea-themes + readOnly: true + mountPath: "/data/gitea/public/css" +``` + +The secret can be created via `terraform`: + +```hcl +resource "kubernetes_secret" "gitea-themes" { + metadata { + name = "gitea-themes" + namespace = "gitea" + } + + data = { + "theme-custom.css" = "${file("FULL-PATH-TO-CSS")}" + "theme-custom-dark.css" = "${file("FULL-PATH-TO-CSS")}" + } + + type = "Opaque" + + depends_on = [kubernetes_namespace.gitea] +} +``` + +or natively via `kubectl`: + +```bash +kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --namespace gitea +``` + ## Parameters ### Global -- 2.40.1 From ca76cc571ceb3f918e4f8efbc76a1ca7599e79dc Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 12 Jul 2023 05:20:01 +0000 Subject: [PATCH 186/390] bump 1.19.4 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 0689e91..b91a078 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.19.3 +appVersion: 1.19.4 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From cab7f3d0b5b78450df1885ba171561b039c7d500 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 16 Jul 2023 22:00:46 +0000 Subject: [PATCH 187/390] Change env-to-ini prefix and remove custom prefix (#464) ### Description of the change Change env-to-ini prefix and remove custom prefix. `GITEA` is the default prefix. ### Benefits Compatibility wit v1.20 (`-p` got removed) ### Possible drawbacks None ### Additional information See https://github.com/go-gitea/gitea/pull/25799 Tested with Gitea < 1.20 and >= 1.20 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/464 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 8 +++----- templates/gitea/config.yaml | 24 ++++++++++++------------ 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index cbe9708..71463f9 100644 --- a/README.md +++ b/README.md @@ -237,16 +237,14 @@ We also support to directly interact with the generated _app.ini_. To inject self defined variables into the _app.ini_ a certain format needs to be honored. This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page. -Note that the Prefix on this helm chart is `ENV_TO_INI`. - For example a database setting needs to have the following format: ```yaml gitea: additionalConfigFromEnvs: - - name: ENV_TO_INI__DATABASE__HOST + - name: GITEA__DATABASE__HOST value: my.own.host - - name: ENV_TO_INI__DATABASE__PASSWD + - name: GITEA__DATABASE__PASSWD valueFrom: secretKeyRef: name: postgres-secret @@ -255,7 +253,7 @@ gitea: Priority (highest to lowest) for defining app.ini variables: -1. Environment variables prefixed with `ENV_TO_INI` +1. Environment variables prefixed with `GITEA` 1. Additional config sources 1. Values defined in `gitea.config` diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index bcc7c4d..044ecd5 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -53,14 +53,14 @@ stringData: env2ini::log " + '${setting}'" if [[ -z "${section}" ]]; then - export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase + export "GITEA____${setting^^}=${value}" # '^^' makes the variable content uppercase return fi local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches masked_section="${masked_section//-/_0X2D_}" - export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase + export "GITEA__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase } function env2ini::reload_preset_envs() { @@ -134,15 +134,15 @@ stringData: # - initially used to set up Gitea # Anyway, they won't harm existing app.ini files - export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) - export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) - export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) - export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) + export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) + export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) + export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) + export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) env2ini::log "...Initial secrets generated\n" } - env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs + env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION env2ini::generate_initial_secrets @@ -163,10 +163,10 @@ stringData: env2ini::log ' - oauth2.JWT_SECRET' env2ini::log ' - server.LFS_JWT_SECRET' - unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN - unset ENV_TO_INI__SECURITY__SECRET_KEY - unset ENV_TO_INI__OAUTH2__JWT_SECRET - unset ENV_TO_INI__SERVER__LFS_JWT_SECRET + unset GITEA__SECURITY__INTERNAL_TOKEN + unset GITEA__SECURITY__SECRET_KEY + unset GITEA__OAUTH2__JWT_SECRET + unset GITEA__SERVER__LFS_JWT_SECRET fi - environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI + environment-to-ini -o $GITEA_APP_INI -- 2.40.1 From 6814f7f6d936df89d9647dc088e2a3abe47fd63c Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 17 Jul 2023 01:26:32 +0000 Subject: [PATCH 188/390] bump 1.20.0 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index b91a078..fac51b9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.19.4 +appVersion: 1.20.0 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From f66a192d455d78cfc87010716bc56ff0df56d000 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 07:42:51 +0200 Subject: [PATCH 189/390] document env-to-ini env saving --- templates/gitea/config.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 044ecd5..1e81ef6 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -141,7 +141,8 @@ stringData: env2ini::log "...Initial secrets generated\n" } - + + # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION -- 2.40.1 From 8e27bb9bae1d1b09f16b5e0946f68b806daeb7d9 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 19:09:42 +0000 Subject: [PATCH 190/390] [Breaking] Add HA-support; switch to `Deployment` (#437) # Changes A big shoutout to @luhahn for all his work in #205 which served as the base for this PR. ## Documentation - [x] After thinking for some time about it, I still prefer the distinct option (as started in #350), i.e. having a standalone "HA" doc under `docs/ha-setup.md` to not have a very long README (which is already quite long). Most of the information below should go into it with more details and explanations behind all of the individual components. ## Chart deps ~~- Adds `meilisearch` as a chart dependency for a HA-ready issue indexer. Only works with >= Gitea 1.20~~ ~~- Adds `redis` as a chart dependency for a HA-ready session and queue store.~~ - Adds `redis-cluster` as a chart dependency for a HA-ready session and queue store (alternative to `redis`). Only works with >= Gitea 1.19.2. - Removes `memcached` instead of `redis-cluster` - Add `postgresql-ha` as default DB dep in favor of `postgres` ## Adds smart HA chart logic The goal is to set smart config values that result in a HA-ready Gitea deployment if `replicaCount` > 1. - If `replicaCount` > 1, - `gitea.config.session.PROVIDER` is automatically set to `redis-cluster` - `gitea.config.indexer.REPO_INDEXER_ENABLED` is automatically set to `false` unless the value is `elasticsearch` or `meilisearch` - `redis-cluster` is used for `[queue]` and `[cache]` and `[session]`mode or not Configuration of external instances of `meilisearch` and `minio` are documented in a new markdown doc. ## Deployment vs Statefulset Given all the discussions about this lately (#428), I think we could use both. In the end, we do not have the requirement for a sequential pod scale up/scale down as it would happen in statefulsets. On the other side, we do not have actual stateless pods as we are attaching a RWX to the deployment. Yet I think because we do not have a leader-election requirement, spawning the pods as a deployment makes "Rolling Updates" easier and also signals users that there is no "leader election" logic and each pod can just be "destroyed" at anytime without causing interruption. Hence I think we should be able to switch from a statefulset to a deployment, even in the single-replica case. This change also brought up a templating/linting issue: the definition of `.Values.gitea.config.server.SSH_LISTEN_PORT` in `ssh-svc.yaml` just "luckily" worked so far due to naming-related lint processing. Due to the change from "statefulset" to "deployment", the processing queue changed and caused a failure complaining about `config.server.SSH_LISTEN_PORT` not being defined yet. The only way I could see to fix this was to "properly" define the value in `values.yaml` instead of conditionally definining it in `helpers.tpl`. Maybe there's a better way? ## Chart PVC Creation I've adapted the automated PVC creation from another chart to be able to provide the `storageClassName` as I couldn't get dynamic provisioning for EFS going with the current implementation. In addition the naming and approach within the Gitea chart for PV creation is a bit unusual and aligning it might be beneficial. A semi-unrelated change which will result in a breaking change for existing users but this PR includes a lot of breaking changes already, so including another one might not make it much worse... - New `persistence.mount`: whether to mount an existing PVC (via `persistence.existingClaim` - New `persistence.create`: whether to create a new PVC ## Testing As this PR does a lot of things, we need proper testing. The helm chart can be installed from the Git branch via `helm-git` as follows: ``` helm repo add gitea-charts git+https://gitea.com/gitea/helm-chart@/?ref=deployment helm install gitea --version 0.0.0 ``` It is **highly recommended** to test the chart in a dedicated namespace. I've tested this myself with both `redis` and `redis-cluster` and it seemed to work fine. I just did some basic operations though and we should do more niche testing before merging. Examplary `values.yml` for testing (only needs a valid RWX storage class):
values.yaml ```yml image: tag: "dev" PullPolicy: "Always" rootless: true replicaCount: 2 persistence: enabled: true accessModes: - ReadWriteMany storageClass: FIXME redis-cluster: enabled: false global: redis: password: gitea gitea: config: indexer: ISSUE_INDEXER_ENABLED: true REPO_INDEXER_ENABLED: false ```
## Preferred setup The preferred HA setup with respect to performance and stability might currently be as follows: - Repos: RWX (e.g. EFS or Azurefiles NFS) - Issue indexer: Meilisearch (HA) - Session and cache: Redis Cluster (HA) - Attachments/Avatars: Minio (HA) This will result in a ~ 10-pod HA setup overall. All pods have very low resource requests. fix #98 Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/437 Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 13 +- Chart.yaml | 16 +- README.md | 294 +++++++++++------- docs/ha-setup.md | 175 +++++++++++ templates/_helpers.tpl | 75 ++++- templates/gitea/config.yaml | 26 ++ .../{statefulset.yaml => deployment.yaml} | 76 ++--- templates/gitea/init.yaml | 21 ++ templates/gitea/poddisruptionbudget.yaml | 17 + templates/gitea/pvc.yaml | 24 ++ templates/gitea/ssh-svc.yaml | 2 + .../{statefulset => deployment}/basic.yaml | 10 +- .../signing-disabled.yaml | 12 +- .../signing-enabled.yaml | 14 +- .../ssh-configuration.yaml | 10 +- unittests/serviceaccount/reference.yaml | 14 +- values.yaml | 121 ++++--- 17 files changed, 675 insertions(+), 245 deletions(-) create mode 100644 docs/ha-setup.md rename templates/gitea/{statefulset.yaml => deployment.yaml} (88%) create mode 100644 templates/gitea/poddisruptionbudget.yaml create mode 100644 templates/gitea/pvc.yaml rename unittests/{statefulset => deployment}/basic.yaml (58%) rename unittests/{statefulset => deployment}/signing-disabled.yaml (76%) rename unittests/{statefulset => deployment}/signing-enabled.yaml (89%) rename unittests/{statefulset => deployment}/ssh-configuration.yaml (80%) diff --git a/Chart.lock b/Chart.lock index e8c974c..c5f80ef 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,12 @@ dependencies: -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.14 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.4.1 -digest: sha256:02d4846bf416038a42658dbca8f8001d0e3ce967b00e990048f8d420065c33fd -generated: "2023-04-28T09:32:05.295167+02:00" +- name: postgresql-ha + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.6.1 +- name: redis-cluster + repository: oci://registry-1.docker.io/bitnamicharts + version: 8.4.4 +digest: sha256:3b203051c9fb8df9e771a4d67c276190a1c63aae9bf980ef3676e2a51b2f56c7 +generated: "2023-05-13T21:47:51.823348+02:00" diff --git a/Chart.yaml b/Chart.yaml index fac51b9..d5a2d32 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -34,13 +34,17 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) - # Chart release date: 2023-04 - - name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.14 - condition: memcached.enabled - # Chart release date: 2023-04 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.4.1 condition: postgresql.enabled + # Chart release date: 2023-05 + - name: postgresql-ha + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.6.1 + condition: postgresql-ha.enabled + # Chart release date: 2023-04 + - name: redis-cluster + repository: oci://registry-1.docker.io/bitnamicharts + version: 8.4.4 + condition: redis-cluster.enabled diff --git a/README.md b/README.md index 71463f9..a167589 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ - [Update and versioning policy](#update-and-versioning-policy) - [Dependencies](#dependencies) - [Installing](#installing) -- [Prerequisites](#prerequisites) +- [High Availability](#high-availability) - [Configuration](#configuration) - [Default Configuration](#default-configuration) - [Additional _app.ini_ settings](#additional-appini-settings) @@ -24,11 +24,12 @@ - [Themes](#themes) - [Parameters](#parameters) - [Global](#global) + - [strategy](#strategy) - [Image](#image) - [Security](#security) - [Service](#service) - [Ingress](#ingress) - - [StatefulSet](#statefulset) + - [deployment](#deployment) - [ServiceAccount](#serviceaccount) - [Persistence](#persistence-1) - [Init](#init) @@ -37,7 +38,8 @@ - [LivenessProbe](#livenessprobe) - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - - [Memcached](#memcached) + - [redis-cluster](#redis-cluster) + - [PostgreSQL-ha](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) @@ -49,8 +51,8 @@ It is published under the MIT license. ## Introduction This helm chart has taken some inspiration from [jfelten's helm chart](https://github.com/jfelten/gitea-helm-chart). -But takes a completely different approach in providing a database and cache with dependencies. -Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories. +Yet it takes a completely different approach in providing a database and cache with dependencies. +Additionally, this chart allows to provide LDAP and admin user configuration with values. ## Update and versioning policy @@ -75,8 +77,8 @@ This chart provides those dependencies, which can be enabled, or disabled via co Dependencies: -- PostgreSQL ([configuration](#postgresql)) -- Memcached ([configuration](#memcached)) +- PostgreSQL HA ([configuration](#postgresql)) +- Redis Cluster ([configuration](#cache)) ## Installing @@ -88,11 +90,13 @@ helm install gitea gitea-charts/gitea When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. -## Prerequisites +## High Availability -- Kubernetes 1.12+ -- Helm 3.0+ -- PV provisioner for persistent data support +Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup. +The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready. + +Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. +See the [HA Setup](docs/ha-setup.md) document for more details. ## Configuration @@ -116,12 +120,12 @@ All defaults can be overwritten in `gitea.config`. INSTALL_LOCK is always set to true, since we want to configure Gitea with this helm chart and everything is taken care of. -_All default settings are made directly in the generated app.ini, not in the Values._ +_All default settings are made directly in the generated `app.ini`, not in the Values._ #### Database defaults If a builtIn database is enabled the database configuration is set automatically. -For example, PostgreSQL builtIn will appear in the app.ini as: +For example, PostgreSQL builtIn will appear in the `app.ini` as: ```ini [database] @@ -132,18 +136,6 @@ PASSWD = gitea USER = gitea ``` -#### Memcached defaults - -Memcached is handled the exact same way as database builtIn. -Once Memcached builtIn is enabled, this chart will generate the following part in the `app.ini`: - -```ini -[cache] -ADAPTER = memcache -ENABLED = true -HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211 -``` - #### Server defaults The server defaults are a bit more complex. @@ -192,8 +184,7 @@ gitea: name: gitea-app-ini-plaintext ``` -This would mount the two additional volumes (`oauth` and `some-additionals`) -from different sources to the init containerwhere the _app.ini_ gets updated. +This would mount the two additional volumes (`oauth` and `some-additionals`) from different sources to the init container where the _app.ini_ gets updated. All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini). The key of such additional source represents the section inside the _app.ini_. @@ -237,6 +228,9 @@ We also support to directly interact with the generated _app.ini_. To inject self defined variables into the _app.ini_ a certain format needs to be honored. This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page. +Prior to Gitea 1.20 and Chart 9.0.0 the helm chart had a custom prefix `ENV_TO_INI`. +After the support for a custom prefix was removed in Gite core, the prefix was changed to `GITEA`. + For example a database setting needs to have the following format: ```yaml @@ -259,7 +253,7 @@ Priority (highest to lowest) for defining app.ini variables: ### External Database -Any external Database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. +Any external database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm. If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. @@ -345,34 +339,23 @@ More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). ### Cache -This helm chart can use a built in cache. -The default is Memcached from bitnami. +The cache handling is done via `redis-cluster` (via the `bitnami` chart) by default. +This deployment is HA-ready but can also be used for single-pod deployments. +By default, 6 replicas are deployed for a working `redis-cluster` deployment. +Many cloud providers offer a managed redis service, which can be used instead of the built-in `redis-cluster`. ```yaml -memcached: +redis-cluster: enabled: true ``` -If the built in cache should not be used simply configure the cache in `gitea.config`. - -```yaml -gitea: - config: - cache: - ENABLED: true - ADAPTER: memory - INTERVAL: 60 - HOST: 127.0.0.1:9090 -``` - ### Persistence -Gitea will be deployed as a statefulset. +Gitea will be deployed as a deployment. By simply enabling the persistence and setting the storage class according to your cluster everything else will be taken care of. -The following example will create a PVC as a part of the statefulset. -This PVC will not be deleted even if you uninstall the chart. +The following example will create a PVC as a part of the deployment. -Please note, that an empty storageClass in the persistence will result in kubernetes using your default storage class. +Please note, that an empty `storageClass` in the persistence will result in kubernetes using your default storage class. If you want to use your own storage class define it as follows: @@ -382,14 +365,12 @@ persistence: storageClass: myOwnStorageClass ``` -When using PostgreSQL as dependency, this will also be deployed as a statefulset by default. - If you want to manage your own PVC you can simply pass the PVC name to the chart. ```yaml persistence: enabled: true - existingClaim: MyAwesomeGiteaClaim + claimName: MyAwesomeGiteaClaim ``` In case that persistence has been disabled it will simply use an empty dir volume. @@ -401,13 +382,13 @@ You can interact with the postgres settings as displayed in the following exampl postgresql: persistence: enabled: true - existingClaim: MyAwesomeGiteaPostgresClaim + claimName: MyAwesomeGiteaPostgresClaim ``` ### Admin User This chart enables you to create a default admin user. -It is also possible to update the password for this user by upgrading or redeloying the chart. +It is also possible to update the password for this user by upgrading or redeploying the chart. It is not possible to delete an admin user after it has been created. This has to be done in the ui. You cannot use `admin` as username. @@ -651,14 +632,22 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### Global -| Name | Description | Value | -| ------------------------- | ------------------------------------------------------------------------- | --------------- | -| `global.imageRegistry` | global image registry override | `""` | -| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | -| `global.storageClass` | global storage class override | `""` | -| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | -| `replicaCount` | number of replicas for the statefulset | `1` | -| `clusterDomain` | cluster domain | `cluster.local` | +| Name | Description | Value | +| ------------------------- | ------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | global image registry override | `""` | +| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | +| `global.storageClass` | global storage class override | `""` | +| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | +| `replicaCount` | number of replicas for the deployment | `1` | + +### strategy + +| Name | Description | Value | +| --------------------------------------- | -------------- | --------------- | +| `strategy.type` | strategy type | `RollingUpdate` | +| `strategy.rollingUpdate.maxSurge` | maxSurge | `100%` | +| `strategy.rollingUpdate.maxUnavailable` | maxUnavailable | `0` | +| `clusterDomain` | cluster domain | `cluster.local` | ### Image @@ -678,6 +667,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` | | `containerSecurityContext` | Security context | `{}` | | `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` | +| `podDisruptionBudget` | Pod disruption budget | `{}` | ### Service @@ -685,7 +675,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | | `service.http.port` | Port number for web traffic | `3000` | -| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for deployment is None | `None` | | `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.http.nodePort` | NodePort for http service | `nil` | | `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -696,7 +686,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `service.http.annotations` | HTTP service annotations | `{}` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | -| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for statefulset is None | `None` | +| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | | `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | | `service.ssh.nodePort` | NodePort for ssh service | `nil` | | `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | @@ -720,21 +710,22 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `ingress.tls` | Ingress tls settings | `[]` | | `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | -### StatefulSet +### deployment -| Name | Description | Value | -| ------------------------------------------- | ------------------------------------------------------ | ----- | -| `resources` | Kubernetes resources | `{}` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` | -| `nodeSelector` | NodeSelector for the statefulset | `{}` | -| `tolerations` | Tolerations for the statefulset | `[]` | -| `affinity` | Affinity for the statefulset | `{}` | -| `dnsConfig` | dnsConfig for the statefulset | `{}` | -| `priorityClassName` | priorityClassName for the statefulset | `""` | -| `statefulset.env` | Additional environment variables to pass to containers | `[]` | -| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | -| `statefulset.labels` | Labels for the statefulset | `{}` | -| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------ | ----- | +| `resources` | Kubernetes resources | `{}` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` | +| `nodeSelector` | NodeSelector for the deployment | `{}` | +| `tolerations` | Tolerations for the deployment | `[]` | +| `affinity` | Affinity for the deployment | `{}` | +| `topologySpreadConstraints` | TopologySpreadConstraints for the deployment | `[]` | +| `dnsConfig` | dnsConfig for the deployment | `{}` | +| `priorityClassName` | priorityClassName for the deployment | `""` | +| `deployment.env` | Additional environment variables to pass to containers | `[]` | +| `deployment.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | +| `deployment.labels` | Labels for the deployment | `{}` | +| `deployment.annotations` | Annotations for the Gitea deployment to be created | `{}` | ### ServiceAccount @@ -749,20 +740,22 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### Persistence -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- | -| `persistence.enabled` | Enable persistent storage | `true` | -| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` | -| `persistence.size` | Size for persistence to store repo information | `10Gi` | -| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | -| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | -| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | -| `persistence.storageClass` | Name of the storage class to use | `nil` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | -| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `[]` | -| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | -| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | -| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | +| Name | Description | Value | +| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.create` | Whether to create the persistentVolumeClaim for shared storage | `true` | +| `persistence.mount` | Whether the persistentVolumeClaim should be mounted (even if not created) | `true` | +| `persistence.claimName` | Use an existing claim to store repository information | `gitea-shared-storage` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | +| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | +| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | +| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | ### Init @@ -784,21 +777,22 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### Gitea -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.config` | Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) | `{}` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | +| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | ### LivenessProbe @@ -836,18 +830,29 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` | | `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` | -### Memcached +### redis-cluster -| Name | Description | Value | -| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | -| `memcached.service.ports.memcached` | Port for Memcached | `11211` | +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------- | ------- | +| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.global.redis.password` | Password for the "Gitea" user (overrides `password`) | `gitea` | + +### PostgreSQL-ha + +| Name | Description | Value | +| ---------------------------------------------------------------- | -------------------------------------------------------------------- | ------- | +| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | +| `postgresql-ha.global.postgresql-ha.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | +| `postgresql-ha.global.postgresql-ha.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | +| `postgresql-ha.global.postgresql-ha.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha` | PostgreSQL-ha service port (overrides `service.ports.postgresql-ha`) | `5432` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | ### PostgreSQL | Name | Description | Value | | ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | -| `postgresql.enabled` | Enable PostgreSQL | `true` | +| `postgresql.enabled` | Enable PostgreSQL | `false` | | `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | | `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | @@ -873,7 +878,72 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. ## Upgrading This section lists major and breaking changes of each Helm Chart version. -Please read them carefully to upgrade successfully. +Please read them carefully to upgrade successfully, especially the change of the **default database backend**! +If you miss this, blindly upgrading may delete your Postgres instance and you may lose your data! + +
+ +To 9.0.0 + +This chart release comes with many breaking changes while aiming for a HA-ready setup. +Please go through all of them carefully to perform a successful upgrade. +Here's a brief summary again, followed by more detailed migration instructions: + +- Switch from `Statefulset` to `Deployment` +- Switch from `Memcached` to `redis-cluster` as the default session and queue provider +- Switch from `postgres` to `postgres-ha` as the default database provider +- A chart-internal PVC bootstrapping logic + - New `persistence.mount`: whether to mount an existent PVC (even if not creating it) + - New `persistence.create`: whether to create a new PVC + - Renamed `persistence.existingClaim` to `persistence.claimName` + +While not required, we recommend to start with a RWX PV for new installations. +A RWX volume is required for installation aiming for HA. + +If you want to stay with a pre-existing RWO PV, you need to set + +- `persistence.mount=true` +- `persistence.create=false` +- `persistence.claimName` to the name of your existing PVC. + +If you do not, Gitea will create a new PVC which will in turn create a new PV. +If this happened to you by accident, you can still recover your data by setting using the settings from above in a subsequent run. + +If you want to stay with a `memcache` instead of `redis-cluster`, you need to deploy `memcache` manually (e.g. from [bitnami](https://github.com/bitnami/charts/tree/main/bitnami/memcached)) and set + +- `cache.HOST = ""` +- `cache.ADAPTER = "memcache"` +- `session.PROVIDER = "memcache"` +- `session.PROVIDER_CONFIG = ""` +- `queue.TYPE = "memcache"` +- `queue.CONN_STR = ""` + +The `memcache` connection string has the scheme `memcache://:`, e.g. `gitea-memcached.gitea.svc.cluster.local:11211`. +The first item here (``) will be different compared to the example if you deploy `memcache` yourself. + +The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time. +The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. + + +**Transitioning from a RWO to RWX Persistent Volume** + +If you want to switch to a RWX volume and go for HA, you need to + +1. Backup the data stored under `/data` +2. Let the chart create a new RWX PV (or do it statically yourself) +3. Restore the backup to the same location in the new PV + + +**Transitioning from Postgres to Postgres HA** + +If you are running with a non-HA PG DB from a previous chart release, you need to set + +- `postgresql-ha.enabled=false` +- `postgresql.enabled=true` + +This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). + +
diff --git a/docs/ha-setup.md b/docs/ha-setup.md new file mode 100644 index 0000000..1139706 --- /dev/null +++ b/docs/ha-setup.md @@ -0,0 +1,175 @@ +# High Availability + +**Experimental** + +All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. +The following document explains how to achieve this for all individual components. + +The resulting Gitea deployment will consist of ~ 10 pods (depending on the chosen components and their replicas). +One should evaluate upfront whether a HA-deployment is required as switching between HA/non-HA comes with some effort. +For production instances, HA is always recommended to increase uptime and have a frictionless update process. + +A general comment about chart dependencies and external services: +Instead of relying on chart dependencies, it is often better to rely on an external, (managed) instances (in-memory database, asset storage provider, database, etc.). +Many cloud providers offer such services, at least for databases or in-memory databases. +They might cost a bit more than using a self-hosted k8s variant but are usually easier to maintain and scale, if needed. +Also they can be centrally managed and are not linked to the Gitea helm chart or namespace. +Please consider using external services before you start with your Gitea HA setup, it will make your life (and the life of the Gitea maintainers) easier. + +This helm chart tries to help as much as possible to simplify and assert the provisioning of a HA-ready Gitea instance by implementing smart conditionals if `replicaCount` is set to a value > 1. +Nevertheless, we cannot guarantee for every possible combination of Gitea settings to work together perfectly in a HA setup. +As a general advice, we recommend to have a test environment aside on which to test possible changes/upgrades before applying these to a production installation. + +## Requirements for HA + +Storage-wise, the HA-Gitea setup requires a RWX file-system which can be shared among the deployment-based replica pods. +In addition, the following components are required for full HA-readiness: + +- A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch` +- A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system) +- A HA-ready cache (`redis-cluster`) +- A HA-ready DB + +`postgres.enabled`, which default to `true`, must be set to `false` for a HA setup. +The default `postgres` chart dependency is not HA-ready (there's a dedicated `postgres-ha` chart). + +The following sections discuss each of the components in more detail. +Note that for each component discussed, the shown configurations only provides a (working) starting point, not necessarily the most optimal setup. +We try to optimize this document over time as we have gained more experience with HA setups from users. + +## Indexers (Issues and code/repo) + +The default code indexer `bleve` is not able to allow multiple connections and hence cannot be used in a HA setup. +Alternatives are `elasticsearch` and `meilisearch` (as of >= 1.19.2). +Unless you have an existing `elasticsearch` cluster, we recommend using `meilisearch` as it is faster and requires way less resources. + +Unfortunately, `meilisearch` does only support the `ISSUE_INDEXER` and not the `REPO_INDEXER` yet ([tracking issue](https://github.com/go-gitea/gitea/pull/24149)). +This means that the `REPO_INDEXER` must still be disabled for a HA setup right now. +An alternative to the two options above for the `ISSUE_INDEXER` is `"db"`, however we recommend to just go with `meilisearch` in this case and to not bother the DB with indexing. + +To configure `meilisearch` within Gitea, do the following: + +```yml +gitea: + config: + indexer: + ISSUE_INDEXER_CONN_STR: .svc.cluster.local:7700> + ISSUE_INDEXER_ENABLED: true + ISSUE_INDEXER_TYPE: meilisearch + REPO_INDEXER_ENABLED: false + # REPO_INDEXER_TYPE: meilisearch # not yet working +``` + +Unfortunately `meilisearch` cannot be deployed in HA as of now. +Nevertheless it allows for multiple Gitea requests at the same time and is therefore required in a HA setup. + +Exemplary configuration for the [meilisearch-kubernetes](https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch) chart: + +```yaml +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 5Gi +``` + +## Cache, session and queue + +A `redis` instance is required for the in-memory cache. +Two options exist: + +- `redis` +- `redis-cluster` + +The chart provides `redis-cluster` as a dependency as this one can be used for both HA and non-HA setups. +You're also welcome to go with `redis` if you prefer or already have a running instance. + +It should be noted that `redis-cluster` support is only available starting with Gitea 1.19.2. +You can also configure an external (managed) `redis` instance to be used. +To do so, you need to set the following configuration values yourself: + +- `gitea.config.queue.TYPE`: redis` +- `gitea.config.queue.CONN_STR`: `` + +- `gitea.config.session.PROVIDER`: `redis` +- `gitea.config.session.PROVIDER_CONFIG`: `` + +- `gitea.config.cache.ENABLED`: `true` +- `gitea.config.cache.ADAPTER`: `redis` +- `gitea.config.cache.HOST`: `` + +## Object and asset storage + +Object/asset storage refers to the storage of attachments, avatars, LFS files, etc. +While most of these can be stored on the RWX file-system, it is recommended to use an external S3-compatible object storage for such, mainly for performance reasons. + +By default the chart provisions a single RWO volume to store everything (repos, avatars, packages, etc.). +This volume cannot be mounted by multiple pods. +Hence, a RWX volume is required and (optionally) an external HA-ready object storage. + +> **Note:** Double-check that the file permissions are set correctly on the RWX volume! That is everything should be owned by the `git` user which usually has `uid=1000` and `gid=1000`. + +To use `minio` you need to deploy and configure an external `minio` instance yourself and explicitly define the `STORAGE_TYPE` values as shown below. + +Note that `MINIO_BUCKET` here is just a name and does not refer to a S3 bucket. +It's the root access point for all objects belonging to the respective application, i.e., to Gitea in this case. + +```yaml +gitea: + config: + attachment: + STORAGE_TYPE: minio + lfs: + STORAGE_TYPE: minio + picture: + AVATAR_STORAGE_TYPE: minio + "storage.packages": + STORAGE_TYPE: minio + + storage: + MINIO_ENDPOINT: .svc.cluster.local:9000> + MINIO_LOCATION: + MINIO_ACCESS_KEY_ID: + MINIO_SECRET_ACCESS_KEY: + MINIO_BUCKET: + MINIO_USE_SSL: false +``` + +Exemplary configuration for the [bitnami minio](https://github.com/bitnami/charts/blob/main/bitnami/minio) chart: + +```yaml +auth: + rootUser: minio +mode: distributed +replicaCount: 4 +persistence: + enabled: true + size: 20Gi + accessModes: + - ReadWriteOnce +``` + +## Database + +If you do not have an HA-ready DB, using a managed database service in the cloud might be the easiest and most robust solution. +Remember: disable the built-in `postgres` dependency and configure the database connection manually via `gitea.config.database`: + +```yml +gitea: + database: + builtIn: + postgresql: + enabled: false + config: + database: + DB_TYPE: postgres + HOST: + NAME: + USER: +``` + +## Known issues + +- Currently Cron jobs are run on all replicas as no leader election is implemented. + See [https://github.com/go-gitea/gitea/issues/13791](https://github.com/go-gitea/gitea/issues/13791) for a discussion and possible solution. + +- Running with multiple replicas slows down Gitea a bit, i.e. page loading time increases. \ No newline at end of file diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 51ec558..a92a22c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -2,6 +2,27 @@ {{/* Expand the name of the chart. */}} + +{{- /* multiple replicas assertions */ -}} +{{- if gt .Values.replicaCount 1.0 -}} + {{- fail "When using multiple replicas, a RWX file system is required" -}} + {{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}} + {{- fail "When using multiple replicas, a RWX file system is required" -}} + {{- end }} + + {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} + {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} + {{- end }} + + {{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}} + {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} + {{- end }} + + {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} + {{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}} + {{- end }} +{{- end }} + {{- define "gitea.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -95,8 +116,22 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} {{- end -}} -{{- define "memcached.dns" -}} -{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.ports.memcached | trunc 63 | trimSuffix "-" -}} +{{- define "redis.dns" -}} +{{- if (index .Values "redis-cluster").enabled -}} +{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} +{{- end -}} +{{- end -}} + +{{- define "redis.port" -}} +{{- if (index .Values "redis-cluster").enabled -}} +{{ (index .Values "redis-cluster").service.ports.redis }} +{{- end -}} +{{- end -}} + +{{- define "redis.servicename" -}} +{{- if (index .Values "redis-cluster").enabled -}} +{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} +{{- end -}} {{- end -}} {{- define "gitea.default_domain" -}} @@ -182,6 +217,7 @@ https {{- else -}} {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}} {{- end -}} + {{- end }} {{- end }} @@ -211,6 +247,18 @@ https {{- if not (hasKey .Values.gitea.config "oauth2") -}} {{- $_ := set .Values.gitea.config "oauth2" dict -}} {{- end -}} + {{- if not (hasKey .Values.gitea.config "session") -}} + {{- $_ := set .Values.gitea.config "session" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "queue") -}} + {{- $_ := set .Values.gitea.config "queue" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "queue.issue_indexer") -}} + {{- $_ := set .Values.gitea.config "queue.issue_indexer" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "indexer") -}} + {{- $_ := set .Values.gitea.config "indexer" dict -}} + {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults" -}} @@ -226,13 +274,30 @@ https {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} - {{- if .Values.memcached.enabled -}} + {{- if (index .Values "redis-cluster").enabled -}} {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} - {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}} + {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} {{- if not (.Values.gitea.config.cache.HOST) -}} - {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}} + {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}} {{- end -}} {{- end -}} + {{- /* redis queue */ -}} + {{- if (index .Values "redis-cluster").enabled -}} + {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} + {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} + {{- end -}} + {{- /* multiple replicas */ -}} + {{- if gt .Values.replicaCount 1.0 -}} + {{- if not (get .Values.gitea.config.session "PROVIDER") -}} + {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} + {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} + {{- end -}} + {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} + {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} + {{- end -}} + {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults.server" -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 1e81ef6..ab4832d 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -16,6 +16,32 @@ metadata: {{- include "gitea.labels" . | nindent 4 }} type: Opaque stringData: + assertions: | +{{- /* multiple replicas assertions */ -}} +{{- if gt .Values.replicaCount 1.0 -}} + {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} + {{- if .Values.gitea.config.cron.GIT_GC_REPOS.enabled -}} + {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}} + {{- end }} + {{- end }} + {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} + {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} + {{- end }} + + {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} + {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} + {{- end }} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} + {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} + {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}} + {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + +{{- end }} config_environment.sh: |- #!/usr/bin/env bash set -euo pipefail diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/deployment.yaml similarity index 88% rename from templates/gitea/statefulset.yaml rename to templates/gitea/deployment.yaml index 9867dd2..0176300 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/deployment.yaml @@ -1,20 +1,27 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: {{ include "gitea.fullname" . }} annotations: - {{- if .Values.statefulset.annotations }} - {{- toYaml .Values.statefulset.annotations | nindent 4 }} + {{- if .Values.deployment.annotations }} + {{- toYaml .Values.deployment.annotations | nindent 4 }} {{- end }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + {{- if eq .Values.strategy.type "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }} + maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }} + {{- end }} selector: matchLabels: {{- include "gitea.selectorLabels" . | nindent 6 }} - {{- if .Values.statefulset.labels }} - {{- toYaml .Values.statefulset.labels | nindent 6 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 6 }} {{- end }} serviceName: {{ include "gitea.fullname" . }} template: @@ -32,8 +39,8 @@ spec: {{- end }} labels: {{- include "gitea.labels" . | nindent 8 }} - {{- if .Values.statefulset.labels }} - {{- toYaml .Values.statefulset.labels | nindent 8 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 8 }} {{- end }} spec: {{- if .Values.schedulerName }} @@ -62,8 +69,8 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea - {{- if .Values.statefulset.env }} - {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} {{- if .Values.signing.enabled }} - name: GNUPGHOME @@ -97,8 +104,8 @@ spec: value: /data - name: GITEA_TEMP value: /tmp/gitea - {{- if .Values.statefulset.env }} - {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} {{- if .Values.gitea.additionalConfigFromEnvs }} {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }} @@ -234,8 +241,8 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} - {{- if .Values.statefulset.env }} - {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} volumeMounts: - name: init @@ -250,7 +257,7 @@ spec: {{- include "gitea.init-additional-mounts" . | nindent 12 }} resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} image: "{{ include "gitea.image" . }}" @@ -283,8 +290,8 @@ spec: - name: GNUPGHOME value: {{ .Values.signing.gpgHome }} {{- end }} - {{- if .Values.statefulset.env }} - {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- if .Values.deployment.env }} + {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} ports: - name: ssh @@ -340,6 +347,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} @@ -378,38 +389,13 @@ spec: path: private.asc defaultMode: 0100 {{- end }} - {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + {{- if .Values.persistence.enabled }} + {{- if .Values.persistence.mount }} - name: data persistentVolumeClaim: - {{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} - {{- end }} + claimName: {{ .Values.persistence.claimName }} + {{- end }} {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - {{- with .Values.persistence.labels }} - labels: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- include "gitea.persistence.storageClass" . | indent 8 }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 838460b..f07f1a5 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -61,6 +61,27 @@ stringData: echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds" exit 1 } + + {{- if include "redis.servicename" . }} + function test_redis_connection() { + local RETRY=0 + local MAX=30 + + echo 'Wait for redis to become avialable...' + until [ "${RETRY}" -ge "${MAX}" ]; do + nc -vz -w2 {{ include "redis.servicename" . }} {{ include "redis.port" . }} && break + RETRY=$[${RETRY}+1] + echo "...not ready yet (${RETRY}/${MAX})" + done + + if [ "${RETRY}" -ge "${MAX}" ]; then + echo "Redis not reachable after '${MAX}' attempts!" + exit 1 + fi + } + + test_redis_connection + {{- end }} {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} diff --git a/templates/gitea/poddisruptionbudget.yaml b/templates/gitea/poddisruptionbudget.yaml new file mode 100644 index 0000000..d2b7e17 --- /dev/null +++ b/templates/gitea/poddisruptionbudget.yaml @@ -0,0 +1,17 @@ +{{- if .Values.podDisruptionBudget -}} +{{- if .Capabilities.APIVersions.Has "policy/v1" }} +apiVersion: policy/v1 +{{- else }} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodDisruptionBudget +metadata: + name: {{ include "gitea.fullname" . }} + labels: + {{- include "gitea.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "gitea.selectorLabels" . | nindent 6 }} + {{- toYaml .Values.podDisruptionBudget | nindent 2 }} +{{- end -}} \ No newline at end of file diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml new file mode 100644 index 0000000..d84ecc3 --- /dev/null +++ b/templates/gitea/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled .Values.persistence.create }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.persistence.claimName }} + namespace: {{ $.Release.Namespace }} + annotations: +{{ .Values.persistence.annotations | toYaml | indent 4}} +spec: + accessModes: + {{- if gt .Values.replicaCount 1.0 }} + - ReadWriteMany + {{- else }} + {{- .Values.persistence.accessModes | toYaml | nindent 4 }} + {{- end }} + volumeMode: Filesystem + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} + {{- end }} + volumeName: "" + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end }} \ No newline at end of file diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 620f624..3e8b3c2 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -39,7 +39,9 @@ spec: ports: - name: ssh port: {{ .Values.service.ssh.port }} + {{- if .Values.gitea.config.server.SSH_LISTEN_PORT }} targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} + {{- end }} protocol: TCP {{- if .Values.service.ssh.nodePort }} nodePort: {{ .Values.service.ssh.nodePort }} diff --git a/unittests/statefulset/basic.yaml b/unittests/deployment/basic.yaml similarity index 58% rename from unittests/statefulset/basic.yaml rename to unittests/deployment/basic.yaml index 047067b..64b7cf7 100644 --- a/unittests/statefulset/basic.yaml +++ b/unittests/deployment/basic.yaml @@ -1,17 +1,17 @@ -suite: Statefulset template (basic) +suite: deployment template (basic) release: name: gitea-unittests namespace: testing templates: - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - - it: renders a statefulset - template: templates/gitea/statefulset.yaml + - it: renders a deployment + template: templates/gitea/deployment.yaml asserts: - hasDocuments: count: 1 - containsDocument: - kind: StatefulSet + kind: Deployment apiVersion: apps/v1 name: gitea-unittests diff --git a/unittests/statefulset/signing-disabled.yaml b/unittests/deployment/signing-disabled.yaml similarity index 76% rename from unittests/statefulset/signing-disabled.yaml rename to unittests/deployment/signing-disabled.yaml index cc7bad4..9e4519a 100644 --- a/unittests/statefulset/signing-disabled.yaml +++ b/unittests/deployment/signing-disabled.yaml @@ -1,13 +1,13 @@ -suite: Statefulset template (signing disabled) +suite: deployment template (signing disabled) release: name: gitea-unittests namespace: testing templates: - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - it: skips gpg init container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml asserts: - notContains: path: spec.template.spec.initContainers @@ -15,7 +15,7 @@ tests: content: name: configure-gpg - it: skips gpg env in `init-directories` init container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing.enabled: false asserts: @@ -25,14 +25,14 @@ tests: name: GNUPGHOME value: /data/git/.gnupg - it: skips gpg env in runtime container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml asserts: - notContains: path: spec.template.spec.containers[0].env content: name: GNUPGHOME - it: skips gpg volume spec - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml asserts: - notContains: path: spec.template.spec.volumes diff --git a/unittests/statefulset/signing-enabled.yaml b/unittests/deployment/signing-enabled.yaml similarity index 89% rename from unittests/statefulset/signing-enabled.yaml rename to unittests/deployment/signing-enabled.yaml index 0d68bd9..9ada1f5 100644 --- a/unittests/statefulset/signing-enabled.yaml +++ b/unittests/deployment/signing-enabled.yaml @@ -1,13 +1,13 @@ -suite: Statefulset template (signing enabled) +suite: deployment template (signing enabled) release: name: gitea-unittests namespace: testing templates: - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - it: adds gpg init container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing: enabled: true @@ -39,7 +39,7 @@ tests: mountPath: /raw readOnly: true - it: adds gpg env in `init-directories` init container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing.enabled: true signing.existingSecret: "custom-gpg-secret" @@ -50,7 +50,7 @@ tests: name: GNUPGHOME value: /data/git/.gnupg - it: adds gpg env in runtime container - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing.enabled: true signing.existingSecret: "custom-gpg-secret" @@ -61,7 +61,7 @@ tests: name: GNUPGHOME value: /data/git/.gnupg - it: adds gpg volume spec - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing: enabled: true @@ -78,7 +78,7 @@ tests: path: private.asc defaultMode: 0100 - it: supports gpg volume spec with external reference - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: signing: enabled: true diff --git a/unittests/statefulset/ssh-configuration.yaml b/unittests/deployment/ssh-configuration.yaml similarity index 80% rename from unittests/statefulset/ssh-configuration.yaml rename to unittests/deployment/ssh-configuration.yaml index 24ffc3a..efd0525 100644 --- a/unittests/statefulset/ssh-configuration.yaml +++ b/unittests/deployment/ssh-configuration.yaml @@ -1,13 +1,13 @@ -suite: Statefulset template (SSH configuration) +suite: deployment template (SSH configuration) release: name: gitea-unittests namespace: testing templates: - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - it: supports defining SSH log level for root based image - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: image.rootless: false asserts: @@ -17,7 +17,7 @@ tests: name: SSH_LOG_LEVEL value: "INFO" - it: supports overriding SSH log level - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: image.rootless: false gitea.ssh.logLevel: "DEBUG" @@ -28,7 +28,7 @@ tests: name: SSH_LOG_LEVEL value: "DEBUG" - it: skips SSH_LOG_LEVEL for rootless image - template: templates/gitea/statefulset.yaml + template: templates/gitea/deployment.yaml set: image.rootless: true gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here diff --git a/unittests/serviceaccount/reference.yaml b/unittests/serviceaccount/reference.yaml index 9c01594..25faa03 100644 --- a/unittests/serviceaccount/reference.yaml +++ b/unittests/serviceaccount/reference.yaml @@ -4,24 +4,24 @@ release: namespace: testing templates: - templates/gitea/serviceaccount.yaml - - templates/gitea/statefulset.yaml + - templates/gitea/deployment.yaml - templates/gitea/config.yaml tests: - - it: does not modify the StatefulSet by default - template: templates/gitea/statefulset.yaml + - it: does not modify the deployment by default + template: templates/gitea/deployment.yaml asserts: - notExists: path: spec.serviceAccountName - - it: adds the reference to the StatefulSet with serviceAccount.create=true - template: templates/gitea/statefulset.yaml + - it: adds the reference to the deployment with serviceAccount.create=true + template: templates/gitea/deployment.yaml set: serviceAccount.create: true asserts: - equal: path: spec.template.spec.serviceAccountName value: gitea-unittests - - it: allows referencing an externally created ServiceAccount to the StatefulSet - template: templates/gitea/statefulset.yaml + - it: allows referencing an externally created ServiceAccount to the deployment + template: templates/gitea/deployment.yaml set: serviceAccount: create: false # explicitly set to define rendering behavior diff --git a/values.yaml b/values.yaml index c37edc2..324837a 100644 --- a/values.yaml +++ b/values.yaml @@ -20,9 +20,19 @@ global: # hostnames: # - example.com -## @param replicaCount number of replicas for the statefulset +## @param replicaCount number of replicas for the deployment replicaCount: 1 +## @section strategy +## @param strategy.type strategy type +## @param strategy.rollingUpdate.maxSurge maxSurge +## @param strategy.rollingUpdate.maxUnavailable maxUnavailable +strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: "100%" + maxUnavailable: 0 + ## @param clusterDomain cluster domain clusterDomain: cluster.local @@ -74,11 +84,16 @@ containerSecurityContext: {} ## @param securityContext Run init and Gitea containers as a specific securityContext securityContext: {} +## @param podDisruptionBudget Pod disruption budget +podDisruptionBudget: {} +# maxUnavailable: 1 +# minAvailable: 1 + ## @section Service service: ## @param service.http.type Kubernetes service type for web traffic ## @param service.http.port Port number for web traffic - ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None + ## @param service.http.clusterIP ClusterIP setting for http autosetup for deployment is None ## @param service.http.loadBalancerIP LoadBalancer IP setting ## @param service.http.nodePort NodePort for http service ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -101,7 +116,7 @@ service: annotations: {} ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic - ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None ## @param service.ssh.loadBalancerIP LoadBalancer IP setting ## @param service.ssh.nodePort NodePort for ssh service ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation @@ -155,7 +170,7 @@ ingress: # If helm doesn't correctly detect your ingress API version you can set it here. # apiVersion: networking.k8s.io/v1 -## @section StatefulSet +## @section deployment # ## @param resources Kubernetes resources resources: @@ -177,26 +192,29 @@ resources: ## @param schedulerName Use an alternate scheduler, e.g. "stork" schedulerName: "" -## @param nodeSelector NodeSelector for the statefulset +## @param nodeSelector NodeSelector for the deployment nodeSelector: {} -## @param tolerations Tolerations for the statefulset +## @param tolerations Tolerations for the deployment tolerations: [] -## @param affinity Affinity for the statefulset +## @param affinity Affinity for the deployment affinity: {} -## @param dnsConfig dnsConfig for the statefulset +## @param topologySpreadConstraints TopologySpreadConstraints for the deployment +topologySpreadConstraints: [] + +## @param dnsConfig dnsConfig for the deployment dnsConfig: {} -## @param priorityClassName priorityClassName for the statefulset +## @param priorityClassName priorityClassName for the deployment priorityClassName: "" -## @param statefulset.env Additional environment variables to pass to containers -## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod -## @param statefulset.labels Labels for the statefulset -## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created -statefulset: +## @param deployment.env Additional environment variables to pass to containers +## @param deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the pod +## @param deployment.labels Labels for the deployment +## @param deployment.annotations Annotations for the Gitea deployment to be created +deployment: env: [] # - name: VARIABLE @@ -218,14 +236,16 @@ serviceAccount: name: "" automountServiceAccountToken: false imagePullSecrets: [] - # - name: private-registry-access + # - name: private-registry-access annotations: {} labels: {} ## @section Persistence # ## @param persistence.enabled Enable persistent storage -## @param persistence.existingClaim Use an existing claim to store repository information +## @param persistence.create Whether to create the persistentVolumeClaim for shared storage +## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created) +## @param persistence.claimName Use an existing claim to store repository information ## @param persistence.size Size for persistence to store repo information ## @param persistence.accessModes AccessMode for persistence ## @param persistence.labels Labels for the persistence volume claim to be created @@ -234,7 +254,9 @@ serviceAccount: ## @param persistence.subPath Subdirectory of the volume to mount at persistence: enabled: true - existingClaim: + create: true + mount: true + claimName: gitea-shared-storage size: 10Gi accessModes: - ReadWriteOnce @@ -243,7 +265,7 @@ persistence: storageClass: subPath: -## @param extraVolumes Additional volumes to mount to the Gitea statefulset +## @param extraVolumes Additional volumes to mount to the Gitea deployment extraVolumes: [] # - name: postgres-ssl-vol # secret: @@ -358,13 +380,14 @@ gitea: # customProfileUrl: # customEmailUrl: - ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) - config: {} - # APP_NAME: "Gitea: Git with a cup of tea" - # RUN_MODE: dev - # - # server: - # SSH_PORT: 22 + ## @param gitea.config.server.SSH_PORT SSH port for rootlful Gitea image + ## @param gitea.config.server.SSH_LISTEN_PORT SSH port for rootless Gitea image + config: + # APP_NAME: "Gitea: Git with a cup of tea" + # RUN_MODE: dev + server: + SSH_PORT: 22 # rootful image + SSH_LISTEN_PORT: 2222 # rootless image # # security: # PASSWORD_COMPLEXITY: spec @@ -446,23 +469,37 @@ gitea: successThreshold: 1 failureThreshold: 10 -## @section Memcached -# -## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. -## ref: https://hub.docker.com/r/bitnami/memcached/tags/ -## @param memcached.service.ports.memcached Port for Memcached -memcached: +## @section redis-cluster +## @param redis-cluster.enabled Enable redis +## @param redis-cluster.global.redis.password Password for the "gitea" user (overrides `password`) +redis-cluster: enabled: true - # image: - # registry: docker.io - # repository: bitnami/memcached - # tag: "" - # digest: "" - # pullPolicy: IfNotPresent - # pullSecrets: [] - service: - ports: - memcached: 11211 + global: + redis: + password: gitea + +## @section postgresql-ha +# +## @param postgresql-ha.enabled Enable postgresql-ha +## @param postgresql-ha.global.postgresql-ha.auth.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql-ha.global.postgresql-ha.auth.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql-ha.global.postgresql-ha.auth.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha postgresql-ha service port (overrides `service.ports.postgresql-ha`) +## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume +postgresql-ha: + enabled: true + global: + postgresql-ha: + auth: + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql-ha: 5432 + primary: + persistence: + size: 10Gi ## @section PostgreSQL # @@ -473,7 +510,7 @@ memcached: ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume postgresql: - enabled: true + enabled: false global: postgresql: auth: -- 2.40.1 From 950e46ce440568eaf3eb12315f2bd86c15d18348 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 21:13:01 +0200 Subject: [PATCH 191/390] add experimental note --- README.md | 2 ++ docs/ha-setup.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a167589..67adb87 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,8 @@ When upgrading, please refer to the [Upgrading](#upgrading) section at the botto ## High Availability +⚠️ **EXPERIMENTAL** ⚠️ + Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup. The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready. diff --git a/docs/ha-setup.md b/docs/ha-setup.md index 1139706..4620317 100644 --- a/docs/ha-setup.md +++ b/docs/ha-setup.md @@ -1,6 +1,6 @@ # High Availability -**Experimental** +⚠️ **EXPERIMENTAL** ⚠️ All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. The following document explains how to achieve this for all individual components. -- 2.40.1 From a20c014e49968d89d67284b9aa6a6ce25f991359 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 21:17:26 +0200 Subject: [PATCH 192/390] add env-to-ini prefix to upgrading notes --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 67adb87..c9690ae 100644 --- a/README.md +++ b/README.md @@ -927,6 +927,7 @@ The above changes are motivated by the idea to tidy dependencies but also have H The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. + **Transitioning from a RWO to RWX Persistent Volume** If you want to switch to a RWX volume and go for HA, you need to @@ -936,6 +937,7 @@ If you want to switch to a RWX volume and go for HA, you need to 3. Restore the backup to the same location in the new PV + **Transitioning from Postgres to Postgres HA** If you are running with a non-HA PG DB from a previous chart release, you need to set @@ -945,6 +947,16 @@ If you are running with a non-HA PG DB from a previous chart release, you need t This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). + + +**Change of env-to-ini prefix** + +Before this release, the env-to-ini prefix was `ENV_TO_INI__`. +This allowed a clear distinction between user-provided and chart-provided env-to-ini variables. +Due to the removal custom prefix feature in the upstream implementation of env-to-ini, the prefix has been changed to the default `GITEA__`. + +If you previously had defined env vars that had the `ENV_TO_INI__` prefix, you need to change them to `GITEA__` in order for them to be picked up by the chart. +
-- 2.40.1 From 00433b97c4ebd26c94b812a6c69c3c618de6fe9b Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 21:19:48 +0200 Subject: [PATCH 193/390] add release process to contributing --- CONTRIBUTING.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ea00fdc..21d74c0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -62,3 +62,9 @@ make unittests ``` See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions. + +## Release process + +1. Create a tag following the tagging schema +1. Push the tag +1. Let CI do it's work \ No newline at end of file -- 2.40.1 From ede76d4b68dbe3e15cae15c39e458ef2bf225aca Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 17 Jul 2023 21:26:45 +0200 Subject: [PATCH 194/390] update helm deps and add makefile rule --- Chart.lock | 10 +++++----- Chart.yaml | 12 ++++++------ Makefile | 5 +++++ 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/Chart.lock b/Chart.lock index c5f80ef..44d920b 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.4.1 + version: 12.6.6 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.6.1 + version: 11.7.9 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.4.4 -digest: sha256:3b203051c9fb8df9e771a4d67c276190a1c63aae9bf980ef3676e2a51b2f56c7 -generated: "2023-05-13T21:47:51.823348+02:00" + version: 8.6.9 +digest: sha256:52296a48610712a8eb69a32b1b5818b014bfb8dac79d883e11ebdaf97d41e85d +generated: "2023-07-17T21:24:06.888357+02:00" diff --git a/Chart.yaml b/Chart.yaml index d5a2d32..7160a58 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -33,18 +33,18 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: - # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01) + # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.4.1 + version: 12.6.6 condition: postgresql.enabled - # Chart release date: 2023-05 + # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.6.1 + version: 11.7.9 condition: postgresql-ha.enabled - # Chart release date: 2023-04 + # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.4.4 + version: 8.6.9 condition: redis-cluster.enabled diff --git a/Makefile b/Makefile index ff48c63..e3e4f03 100644 --- a/Makefile +++ b/Makefile @@ -10,3 +10,8 @@ readme: prepare-environment .PHONY: unittests unittests: helm unittest --strict -f 'unittests/**/*.yaml' ./ + +.PHONY: helm +update-helm-dependencies: + helm dependency update + \ No newline at end of file -- 2.40.1 From 2ded843924404800d5dd670a7c52f97071f6ae04 Mon Sep 17 00:00:00 2001 From: yinheli Date: Tue, 18 Jul 2023 06:25:38 +0000 Subject: [PATCH 195/390] fix: Deployment has no field serviceName #466 (#467) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change remove deployment, `serviceName` ### Benefits ### Possible drawbacks ### Applicable issues - fixes #466 ### Additional information ### ⚠ BREAKING ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` - [x] Templating unittests are added Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/467 Co-authored-by: yinheli Co-committed-by: yinheli --- templates/gitea/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index 0176300..247a560 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -23,7 +23,6 @@ spec: {{- if .Values.deployment.labels }} {{- toYaml .Values.deployment.labels | nindent 6 }} {{- end }} - serviceName: {{ include "gitea.fullname" . }} template: metadata: annotations: -- 2.40.1 From de5a6edbc8189546f270bad18c6dce459890b81c Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 08:27:11 +0200 Subject: [PATCH 196/390] lint --- CONTRIBUTING.md | 2 +- README.md | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 21d74c0..f6c24bf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -67,4 +67,4 @@ See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v 1. Create a tag following the tagging schema 1. Push the tag -1. Let CI do it's work \ No newline at end of file +1. Let CI do it's work diff --git a/README.md b/README.md index c9690ae..af481ce 100644 --- a/README.md +++ b/README.md @@ -927,7 +927,6 @@ The above changes are motivated by the idea to tidy dependencies but also have H The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. - **Transitioning from a RWO to RWX Persistent Volume** If you want to switch to a RWX volume and go for HA, you need to @@ -937,7 +936,6 @@ If you want to switch to a RWX volume and go for HA, you need to 3. Restore the backup to the same location in the new PV - **Transitioning from Postgres to Postgres HA** If you are running with a non-HA PG DB from a previous chart release, you need to set @@ -948,7 +946,6 @@ If you are running with a non-HA PG DB from a previous chart release, you need t This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). - **Change of env-to-ini prefix** Before this release, the env-to-ini prefix was `ENV_TO_INI__`. -- 2.40.1 From 3a9e60ce4091c0ad8aaf6bfa4ac0d747c1f962e6 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:10:38 +0200 Subject: [PATCH 197/390] fix postgresql.dns definition in helpers.tpl --- templates/_helpers.tpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index a92a22c..65bf34c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} +{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha -}} {{- end -}} {{- define "redis.dns" -}} @@ -274,7 +274,7 @@ https {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} - {{- if (index .Values "redis-cluster").enabled -}} + {{- if (index .Values "redis-cluster").enabled -}} {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} {{- if not (.Values.gitea.config.cache.HOST) -}} @@ -349,9 +349,9 @@ https {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.auth.password -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql-ha.global.postgresql-ha.auth.database -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql-ha.global.postgresql-ha.auth.username -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql-ha.global.postgresql-ha.auth.password -}} {{- end -}} {{- end -}} -- 2.40.1 From 46fb4d8026fcfeaa63a07515f087e95310a37c49 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:23:29 +0200 Subject: [PATCH 198/390] use index function for helm --- templates/_helpers.tpl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 65bf34c..2f734a9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha -}} +{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql-ha" "service" "ports" "postgresql-ha") -}} {{- end -}} {{- define "redis.dns" -}} @@ -349,9 +349,9 @@ https {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql-ha.global.postgresql-ha.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql-ha.global.postgresql-ha.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql-ha.global.postgresql-ha.auth.password -}} + {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "database") -}} + {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "username") -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "password") -}} {{- end -}} {{- end -}} -- 2.40.1 From de1d5af8c8b62c86f2483f9308b70f1133ca03a6 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:31:58 +0200 Subject: [PATCH 199/390] more postgresql-ha adjustments --- templates/_helpers.tpl | 10 +++++----- values.yaml | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 2f734a9..6726856 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql-ha" "service" "ports" "postgresql-ha") -}} +{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql" "service" "ports" "postgresql") -}} {{- end -}} {{- define "redis.dns" -}} @@ -344,14 +344,14 @@ https {{- end -}} {{- define "gitea.inline_configuration.defaults.database" -}} - {{- if .Values.postgresql.enabled -}} + {{- if .Values.postgresql-ha.enabled -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "database") -}} - {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "username") -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql-ha" "auth" "password") -}} + {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "auth" "database") -}} + {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "auth" "username") -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "auth" "password") -}} {{- end -}} {{- end -}} diff --git a/values.yaml b/values.yaml index 324837a..1db6bfc 100644 --- a/values.yaml +++ b/values.yaml @@ -489,14 +489,14 @@ redis-cluster: postgresql-ha: enabled: true global: - postgresql-ha: + postgresql: auth: password: gitea database: gitea username: gitea service: ports: - postgresql-ha: 5432 + postgresql: 5432 primary: persistence: size: 10Gi -- 2.40.1 From dc6bab1958bcfc8ca07bfcdb4a3bfb1154fb81e0 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:34:56 +0200 Subject: [PATCH 200/390] another index --- templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 6726856..c21a8f4 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -344,7 +344,7 @@ https {{- end -}} {{- define "gitea.inline_configuration.defaults.database" -}} - {{- if .Values.postgresql-ha.enabled -}} + {{- if (index .Values "postgresql-ha" "enabled") -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} -- 2.40.1 From f108be0cd64048aaf099e56e5bb501a4eb4afec5 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 18:50:18 +0200 Subject: [PATCH 201/390] fix postgresql.dns --- templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c21a8f4..9078f72 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql-ha.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql" "service" "ports" "postgresql") -}} +{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql" "service" "ports" "postgresql") -}} {{- end -}} {{- define "redis.dns" -}} -- 2.40.1 From c6fbb6d72e8a8016dc6c21695ac451a687eba7b4 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 19:07:33 +0200 Subject: [PATCH 202/390] adjust postgresql-ha service port mappings --- templates/_helpers.tpl | 2 +- values.yaml | 13 ++++++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 9078f72..335cf9a 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,7 +113,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "global" "postgresql" "service" "ports" "postgresql") -}} +{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} {{- end -}} {{- define "redis.dns" -}} diff --git a/values.yaml b/values.yaml index 1db6bfc..ccd24d2 100644 --- a/values.yaml +++ b/values.yaml @@ -490,13 +490,12 @@ postgresql-ha: enabled: true global: postgresql: - auth: - password: gitea - database: gitea - username: gitea - service: - ports: - postgresql: 5432 + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql: 5432 primary: persistence: size: 10Gi -- 2.40.1 From 5f8de23c15ac05a03acebcd10549a97af90a2def Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 19:16:33 +0200 Subject: [PATCH 203/390] remove "auth" mapping in helpers.tpl --- templates/_helpers.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 335cf9a..5eb1cb0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -349,9 +349,9 @@ https {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "auth" "database") -}} - {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "auth" "username") -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "auth" "password") -}} + {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "database") -}} + {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "username") -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "password") -}} {{- end -}} {{- end -}} -- 2.40.1 From a247071b07b37d65915ac0424b3629e1109e395b Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 19:22:51 +0200 Subject: [PATCH 204/390] don't condition session config on multiple replicas --- templates/_helpers.tpl | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 5eb1cb0..8006bb9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -286,18 +286,15 @@ https {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- end -}} - {{- /* multiple replicas */ -}} - {{- if gt .Values.replicaCount 1.0 -}} - {{- if not (get .Values.gitea.config.session "PROVIDER") -}} + {{- if not (get .Values.gitea.config.session "PROVIDER") -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} - {{- end -}} - {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} + {{- end -}} + {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} - {{- end -}} + {{- end -}} {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} {{- end -}} - {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults.server" -}} -- 2.40.1 From 75893ad9c670cd2dee5e6ac041fd419be935cb1d Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 19:28:40 +0200 Subject: [PATCH 205/390] add explicit config example for `session`, `cache` and `queue` to migration instructions --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index af481ce..108ce97 100644 --- a/README.md +++ b/README.md @@ -926,6 +926,23 @@ The first item here (``) will be different compared to th The above changes are motivated by the idea to tidy dependencies but also have HA-ready ones at the same time. The previous `memcache` default was not HA-ready, hence we decided to switch to `redis-cluster` by default. +If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly: + +```yaml + session: + PROVIDER: redis + PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + cache: + ENABLED: true + ADAPTER: redis + HOST: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + queue: + TYPE: redis + CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& +``` + **Transitioning from a RWO to RWX Persistent Volume** -- 2.40.1 From 29c9bbb4bfec04ab22761cc2d999eb0fcb8acbed Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 18 Jul 2023 20:06:16 +0200 Subject: [PATCH 206/390] postgresql-ha: provide defaults for `postgresPassword` and `repmgrPassword` due to upstream bug --- README.md | 18 ++++++++++-------- values.yaml | 14 ++++++++++---- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 108ce97..984312e 100644 --- a/README.md +++ b/README.md @@ -841,14 +841,16 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### PostgreSQL-ha -| Name | Description | Value | -| ---------------------------------------------------------------- | -------------------------------------------------------------------- | ------- | -| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | -| `postgresql-ha.global.postgresql-ha.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | -| `postgresql-ha.global.postgresql-ha.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | -| `postgresql-ha.global.postgresql-ha.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | -| `postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha` | PostgreSQL-ha service port (overrides `service.ports.postgresql-ha`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | +| Name | Description | Value | +| -------------------------------------------------- | ---------------------------------------------------------------- | ---------- | +| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | +| `postgresql-ha.global.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | +| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | +| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql-ha.global.postgresql.postgresPassword` | Postgres Password | `changeme` | +| `postgresql-ha.global.postgresql.repmgrPassword` | Repmgr Password | `changeme` | +| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | ### PostgreSQL diff --git a/values.yaml b/values.yaml index ccd24d2..e2ac2cd 100644 --- a/values.yaml +++ b/values.yaml @@ -481,10 +481,12 @@ redis-cluster: ## @section postgresql-ha # ## @param postgresql-ha.enabled Enable postgresql-ha -## @param postgresql-ha.global.postgresql-ha.auth.password Password for the `gitea` user (overrides `auth.password`) -## @param postgresql-ha.global.postgresql-ha.auth.database Name for a custom database to create (overrides `auth.database`) -## @param postgresql-ha.global.postgresql-ha.auth.username Name for a custom user to create (overrides `auth.username`) -## @param postgresql-ha.global.postgresql-ha.service.ports.postgresql-ha postgresql-ha service port (overrides `service.ports.postgresql-ha`) +## @param postgresql-ha.global.postgresql.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql-ha.global.postgresql.postgresPassword Postgres Password +## @param postgresql-ha.global.postgresql.repmgrPassword Repmgr Password +## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`) ## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume postgresql-ha: enabled: true @@ -493,6 +495,10 @@ postgresql-ha: password: gitea database: gitea username: gitea + # FIXME: https://github.com/bitnami/charts/issues/17052 + postgresPassword: changeme + # FIXME: https://github.com/bitnami/charts/issues/17052 + repmgrPassword: changeme service: ports: postgresql: 5432 -- 2.40.1 From 19841604f76f17e4334611b7933bf0ded062f061 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 09:57:44 +0200 Subject: [PATCH 207/390] use redis-cluster instead of redis --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 984312e..b24f08c 100644 --- a/README.md +++ b/README.md @@ -932,12 +932,12 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea ```yaml session: - PROVIDER: redis + PROVIDER: redis-cluster PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& cache: ENABLED: true - ADAPTER: redis + ADAPTER: redis-cluster HOST: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& queue: -- 2.40.1 From 565cbaf292c5f9055833b763ab5fdeb8e566991f Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 12:37:53 +0000 Subject: [PATCH 208/390] Expose `persistence.volumeName` (#471) ### Benefits possibly fix #470 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/471 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 1 + templates/gitea/pvc.yaml | 4 +++- values.yaml | 6 ++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b24f08c..4477d7e 100644 --- a/README.md +++ b/README.md @@ -754,6 +754,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | | `persistence.storageClass` | Name of the storage class to use | `nil` | | `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `persistence.volumeName` | Name of persistent volume in PVC | `""` | | `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | | `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | | `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index d84ecc3..995bd10 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -17,7 +17,9 @@ spec: {{- if .Values.persistence.storageClass }} storageClassName: {{ .Values.persistence.storageClass }} {{- end }} - volumeName: "" + {{- with .Values.persistence.volumeName }} + volumeName: {{ . }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size }} diff --git a/values.yaml b/values.yaml index e2ac2cd..1204e58 100644 --- a/values.yaml +++ b/values.yaml @@ -252,6 +252,7 @@ serviceAccount: ## @param persistence.annotations Annotations for the persistence volume claim to be created ## @param persistence.storageClass Name of the storage class to use ## @param persistence.subPath Subdirectory of the volume to mount at +## @param persistence.volumeName Name of persistent volume in PVC persistence: enabled: true create: true @@ -264,6 +265,7 @@ persistence: annotations: {} storageClass: subPath: + volumeName: "" ## @param extraVolumes Additional volumes to mount to the Gitea deployment extraVolumes: [] @@ -496,9 +498,9 @@ postgresql-ha: database: gitea username: gitea # FIXME: https://github.com/bitnami/charts/issues/17052 - postgresPassword: changeme + postgresPassword: changeme # FIXME: https://github.com/bitnami/charts/issues/17052 - repmgrPassword: changeme + repmgrPassword: changeme service: ports: postgresql: 5432 -- 2.40.1 From 81612bd7882f0b3b5d70308a8e7fcfb5d165ec7c Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 15:16:45 +0000 Subject: [PATCH 209/390] Update default params of chart dependencies (#473) ### Description of the change Update default params of chart dependencies. Tested with multiple upgrades and fresh installations. Using no password auth for redis simplifies things for basic installations. Production installations should properly configure auth as they need it. ### Benefits To avoid/solve upgrading issues as in #407 and #472 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/473 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 63 +++++++++++++++++++++++++++-------------------------- values.yaml | 31 +++++++++++++------------- 2 files changed, 48 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 4477d7e..07b39fe 100644 --- a/README.md +++ b/README.md @@ -742,23 +742,23 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### Persistence -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | -| `persistence.enabled` | Enable persistent storage | `true` | -| `persistence.create` | Whether to create the persistentVolumeClaim for shared storage | `true` | -| `persistence.mount` | Whether the persistentVolumeClaim should be mounted (even if not created) | `true` | -| `persistence.claimName` | Use an existing claim to store repository information | `gitea-shared-storage` | -| `persistence.size` | Size for persistence to store repo information | `10Gi` | -| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | -| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | -| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | -| `persistence.storageClass` | Name of the storage class to use | `nil` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | -| `persistence.volumeName` | Name of persistent volume in PVC | `""` | -| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | -| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | -| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | -| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | +| Name | Description | Value | +| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.create` | Whether to create the persistentVolumeClaim for shared storage | `true` | +| `persistence.mount` | Whether the persistentVolumeClaim should be mounted (even if not created) | `true` | +| `persistence.claimName` | Use an existing claim to store repository information | `gitea-shared-storage` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations.helm.sh/resource-policy` | Resource policy for the persistence volume claim | `keep` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `persistence.volumeName` | Name of persistent volume in PVC | `""` | +| `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | +| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | +| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | +| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | ### Init @@ -835,23 +835,24 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na ### redis-cluster -| Name | Description | Value | -| ------------------------------------- | ---------------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | -| `redis-cluster.global.redis.password` | Password for the "Gitea" user (overrides `password`) | `gitea` | +| Name | Description | Value | +| --------------------------- | -------------------------------------- | ------- | +| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.usePassword` | Whether to use password authentication | `false` | ### PostgreSQL-ha -| Name | Description | Value | -| -------------------------------------------------- | ---------------------------------------------------------------- | ---------- | -| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | -| `postgresql-ha.global.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | -| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | -| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | -| `postgresql-ha.global.postgresql.postgresPassword` | Postgres Password | `changeme` | -| `postgresql-ha.global.postgresql.repmgrPassword` | Repmgr Password | `changeme` | -| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | +| Name | Description | Value | +| ------------------------------------------- | ---------------------------------------------------------------- | ----------- | +| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | +| `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` | +| `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | +| `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` | +| `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | +| `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | +| `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | ### PostgreSQL diff --git a/values.yaml b/values.yaml index 1204e58..d3ad09e 100644 --- a/values.yaml +++ b/values.yaml @@ -249,7 +249,7 @@ serviceAccount: ## @param persistence.size Size for persistence to store repo information ## @param persistence.accessModes AccessMode for persistence ## @param persistence.labels Labels for the persistence volume claim to be created -## @param persistence.annotations Annotations for the persistence volume claim to be created +## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim ## @param persistence.storageClass Name of the storage class to use ## @param persistence.subPath Subdirectory of the volume to mount at ## @param persistence.volumeName Name of persistent volume in PVC @@ -262,10 +262,11 @@ persistence: accessModes: - ReadWriteOnce labels: {} - annotations: {} storageClass: subPath: volumeName: "" + annotations: + helm.sh/resource-policy: keep ## @param extraVolumes Additional volumes to mount to the Gitea deployment extraVolumes: [] @@ -473,34 +474,34 @@ gitea: ## @section redis-cluster ## @param redis-cluster.enabled Enable redis -## @param redis-cluster.global.redis.password Password for the "gitea" user (overrides `password`) +## @param redis-cluster.usePassword Whether to use password authentication redis-cluster: enabled: true - global: - redis: - password: gitea + usePassword: false ## @section postgresql-ha # ## @param postgresql-ha.enabled Enable postgresql-ha -## @param postgresql-ha.global.postgresql.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) -## @param postgresql-ha.global.postgresql.postgresPassword Postgres Password -## @param postgresql-ha.global.postgresql.repmgrPassword Repmgr Password +## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password +## @param postgresql-ha.postgresql.postgresPassword postgres Password +## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword ## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`) ## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume postgresql-ha: - enabled: true global: postgresql: - password: gitea database: gitea username: gitea - # FIXME: https://github.com/bitnami/charts/issues/17052 - postgresPassword: changeme - # FIXME: https://github.com/bitnami/charts/issues/17052 - repmgrPassword: changeme + enabled: true + postgresql: + repmgrPassword: changeme2 + postgresPassword: changeme1 + password: changeme4 + pgpool: + adminPassword: changeme3 service: ports: postgresql: 5432 -- 2.40.1 From a5884ec67f22249315c8f4e9ea2787578c710b07 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 23:05:52 +0200 Subject: [PATCH 210/390] readd missing postgresql password for db --- README.md | 1 + values.yaml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/README.md b/README.md index 07b39fe..0748004 100644 --- a/README.md +++ b/README.md @@ -848,6 +848,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` | | `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql-ha.global.postgresql.password` | Name for a custom password to create (overrides `auth.password`) | `gitea` | | `postgresql-ha.postgresql.repmgrPassword` | Repmgr Password | `changeme2` | | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | diff --git a/values.yaml b/values.yaml index d3ad09e..c33e243 100644 --- a/values.yaml +++ b/values.yaml @@ -485,6 +485,7 @@ redis-cluster: ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql-ha.global.postgresql.password Name for a custom password to create (overrides `auth.password`) ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword @@ -494,6 +495,7 @@ postgresql-ha: global: postgresql: database: gitea + password: gitea username: gitea enabled: true postgresql: -- 2.40.1 From aa8f543c08f874754ccc3e5f136e0b46742b3992 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 19 Jul 2023 23:08:55 +0200 Subject: [PATCH 211/390] bump to 1.20 nightly for env-to-ini fix --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 7160a58..844061b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.0 +appVersion: 1.20-nightly icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 9dda709997fb67b9e1a39bef63775013f89fb2c9 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 20 Jul 2023 09:51:13 +0200 Subject: [PATCH 212/390] update terraform custom theme instructions --- README.md | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0748004..4fc4bb8 100644 --- a/README.md +++ b/README.md @@ -592,6 +592,8 @@ gitea: Custom themes can be added via k8s secrets and referencing them in `values.yaml`. +The [http provider](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) is useful here. + ```yaml extraVolumes: - name: gitea-themes @@ -614,13 +616,37 @@ resource "kubernetes_secret" "gitea-themes" { } data = { - "theme-custom.css" = "${file("FULL-PATH-TO-CSS")}" - "theme-custom-dark.css" = "${file("FULL-PATH-TO-CSS")}" + "my-theme.css" = data.http.gitea-theme-light.body + "my-theme-dark.css" = data.http.gitea-theme-dark.body + "my-theme-auto.css" = data.http.gitea-theme-auto.body } type = "Opaque" +} - depends_on = [kubernetes_namespace.gitea] + +data "http" "gitea-theme-light" { + url = "" + + request_headers = { + Accept = "application/json" + } +} + +data "http" "gitea-theme-dark" { + url = "" + + request_headers = { + Accept = "application/json" + } +} + +data "http" "gitea-theme-auto" { + url = "" + + request_headers = { + Accept = "application/json" + } } ``` -- 2.40.1 From 269ca48586a9d2561b8e04059bebd38062b7ad37 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 22 Jul 2023 10:50:27 +0200 Subject: [PATCH 213/390] 1.20.1 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 844061b..450d979 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20-nightly +appVersion: 1.20.1 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 860c2ce54249419745b116d1ef251c02af3bdd69 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 22 Jul 2023 11:46:44 +0000 Subject: [PATCH 214/390] Auto-configure non-postgresql DNS and assert single PG instance (#478) ### Description of the change Before only `postgresql-ha` was auto-configured WRT to DNS. ### Benefits Add DNS auto-config for `postgresql` dependency and assert that either `postgresql` or `postgresql-ha` is enabled. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/478 Co-authored-by: pat-s Co-committed-by: pat-s --- templates/_helpers.tpl | 21 +++++++++++++++++++-- templates/gitea/config.yaml | 9 ++++++++- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8006bb9..2dad930 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -112,9 +112,17 @@ app.kubernetes.io/name: {{ include "gitea.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} -{{- define "postgresql.dns" -}} +{{- define "postgresql-ha.dns" -}} +{{- if (index .Values "postgresql-ha").enabled -}} {{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} {{- end -}} +{{- end -}} + +{{- define "postgresql.dns" -}} +{{- if (index .Values "postgresql").enabled -}} +{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} +{{- end -}} +{{- end -}} {{- define "redis.dns" -}} {{- if (index .Values "redis-cluster").enabled -}} @@ -344,12 +352,21 @@ https {{- if (index .Values "postgresql-ha" "enabled") -}} {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql-ha.dns" .) -}} {{- end -}} {{- $_ := set .Values.gitea.config.database "NAME" (index .Values "postgresql-ha" "global" "postgresql" "database") -}} {{- $_ := set .Values.gitea.config.database "USER" (index .Values "postgresql-ha" "global" "postgresql" "username") -}} {{- $_ := set .Values.gitea.config.database "PASSWD" (index .Values "postgresql-ha" "global" "postgresql" "password") -}} {{- end -}} + {{- if (index .Values "postgresql" "enabled") -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} + {{- if not (.Values.gitea.config.database.HOST) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} + {{- end -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.auth.database -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.auth.username -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.auth.password -}} + {{- end -}} {{- end -}} {{- define "gitea.init-additional-mounts" -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index ab4832d..3f8b7e6 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -17,6 +17,12 @@ metadata: type: Opaque stringData: assertions: | + +{{- /*assert that only one PG dep is enabled */ -}} +{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} + {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} +{{- end }} + {{- /* multiple replicas assertions */ -}} {{- if gt .Values.replicaCount 1.0 -}} {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} @@ -24,10 +30,11 @@ stringData: {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}} {{- end }} {{- end }} + {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} {{- end }} - + {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} {{- end }} -- 2.40.1 From 478fd6044e971d3c991e34fa449201397c2f5ea8 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 22 Jul 2023 14:06:08 +0200 Subject: [PATCH 215/390] add minimal config example --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 4fc4bb8..5354701 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ - [High Availability](#high-availability) - [Configuration](#configuration) - [Default Configuration](#default-configuration) + - [Minimal Configuration](#minimal-configuration) - [Additional _app.ini_ settings](#additional-appini-settings) - [External Database](#external-database) - [Ports and external url](#ports-and-external-url) @@ -166,6 +167,36 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` +### Minimal Configuration + +For a minimal installation, i.e. without HA dependencies and using the built-in SQLITE DB instead of Postgres, the following configuration can be used: + +```yaml +redis-cluster: + enabled: false +postgresql: + enabled: false +postgresql-ha: + enabled: false + +persistence: + enabled: false + +gitea: + config: + database: + DB_TYPE: sqlite3 + session: + PROVIDER: memory + cache: + ADAPTER: memory + queue: + TYPE: level +``` + +This will result in a single-pod Gitea instance without any dependencies and persistence. +Do not use this configuration for production use. + ### Additional _app.ini_ settings > **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) -- 2.40.1 From 1ea6cb4633c2e01d02dc910bcb67d7710842abc7 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 31 Jul 2023 09:04:23 +0200 Subject: [PATCH 216/390] 1.20.2 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 450d979..47a4066 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.1 +appVersion: 1.20.2 icon: https://docs.gitea.io/images/gitea.png keywords: -- 2.40.1 From 5e148748ce241ef11c9fe5649bdeac27fc7c8121 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 3 Aug 2023 07:25:52 +0000 Subject: [PATCH 217/390] Update documentations link to new addresses and some other links update (#482) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/482 Reviewed-by: pat-s Co-authored-by: Lunny Xiao Co-committed-by: Lunny Xiao --- .gitea/workflows/release-version.yml | 2 +- Chart.yaml | 2 +- README.md | 20 ++++++++++++-------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 239cd37..c9cb40f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -39,7 +39,7 @@ jobs: mkdir gitea mv gitea*.tgz gitea/ curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml + helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml - name: aws credential configure uses: https://github.com/aws-actions/configure-aws-credentials@v2 diff --git a/Chart.yaml b/Chart.yaml index 47a4066..672dc4b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 appVersion: 1.20.2 -icon: https://docs.gitea.io/images/gitea.png +icon: https://gitea.com/assets/img/logo.svg keywords: - git diff --git a/README.md b/README.md index 5354701..6881e51 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,12 @@ - [High Availability](#high-availability) - [Configuration](#configuration) - [Default Configuration](#default-configuration) + - [Database defaults](#database-defaults) + - [Server defaults](#server-defaults) + - [Metrics defaults](#metrics-defaults) - [Minimal Configuration](#minimal-configuration) - [Additional _app.ini_ settings](#additional-appini-settings) + - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [External Database](#external-database) - [Ports and external url](#ports-and-external-url) - [ClusterIP](#clusterip) @@ -46,7 +50,7 @@ - [Contributing](#contributing) - [Upgrading](#upgrading) -[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go. +[Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. ## Introduction @@ -84,7 +88,7 @@ Dependencies: ## Installing ```sh -helm repo add gitea-charts https://dl.gitea.io/charts/ +helm repo add gitea-charts https://dl.gitea.com/charts/ helm repo update helm install gitea gitea-charts/gitea ``` @@ -104,7 +108,7 @@ See the [HA Setup](docs/ha-setup.md) document for more details. ## Configuration Gitea offers lots of configuration options. -This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). +This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet). ```yaml gitea: @@ -199,7 +203,7 @@ Do not use this configuration for production use. ### Additional _app.ini_ settings -> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) +> **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default) > section cannot be defined that way.** Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file. @@ -286,7 +290,7 @@ Priority (highest to lowest) for defining app.ini variables: ### External Database -Any external database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. +Any external database listed in [https://docs.gitea.com/installation/database-prep](https://docs.gitea.com/installation/database-prep) can be used instead of the built-in PostgreSQL. In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm. If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. @@ -456,7 +460,7 @@ gitea: ### LDAP Settings Like the admin user the LDAP settings can be updated. -All LDAP values from are available. +All LDAP values from are available. Multiple LDAP sources can be configured with additional LDAP list items. @@ -511,7 +515,7 @@ Affected options: Like the admin user, OAuth2 settings can be updated and disabled but not deleted. Deleting OAuth2 settings has to be done in the ui. -All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are +All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are available. Multiple OAuth2 sources can be configured with additional OAuth list items. @@ -589,7 +593,7 @@ signing: ``` To use the gpg key, Gitea needs to be configured accordingly. -A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration). +A detailed description can be found in the [official Gitea documentation](https://docs.gitea.com/administration/signing#general-configuration). ## Metrics and profiling -- 2.40.1 From 9e00bff9bd629f18573b1c059187db31b85f253c Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 21 Aug 2023 16:27:02 +0200 Subject: [PATCH 218/390] add upgrade note WRT to rootless image switch --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 6881e51..8ad2717 100644 --- a/README.md +++ b/README.md @@ -1009,6 +1009,11 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& ``` + +**Switch to rootless image by default** +If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: +Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). + **Transitioning from a RWO to RWX Persistent Volume** -- 2.40.1 From 35fcb41ce2d03b44186cc82d4ea619dc2fcb6f7d Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 21 Aug 2023 16:07:51 +0000 Subject: [PATCH 219/390] 1.20.3 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 672dc4b..16f1c70 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.2 +appVersion: 1.20.3 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From 1331ae5e960004f996017d5832e7f135e51e9daf Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 27 Aug 2023 12:05:56 +0000 Subject: [PATCH 220/390] Fix GIT_GC_CHECK for multiple replicas (#490) ### Benefits Asserting the value existence failed previously. ### Applicable issues fixes #488 ### Additional information No unit tests possible as value is parsed as a secret and then into `app.ini`. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/490 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- templates/gitea/config.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 3f8b7e6..1c7ab1d 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -25,10 +25,8 @@ stringData: {{- /* multiple replicas assertions */ -}} {{- if gt .Values.replicaCount 1.0 -}} - {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} - {{- if .Values.gitea.config.cron.GIT_GC_REPOS.enabled -}} - {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}} - {{- end }} + {{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}} + {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}} {{- end }} {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} -- 2.40.1 From 7604d5606f6ecaa24b514cedb5ec85f069d3ee2d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 30 Aug 2023 06:42:34 +0000 Subject: [PATCH 221/390] Configure Renovate (#492) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Welcome to [Renovate](https://github.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged. --- ### Detected Package Files * `values.yaml` (helm-values) * `Chart.yaml` (helmv3) * `package.json` (npm) ### What to Expect With your current configuration, Renovate will create 6 Pull Requests:
Update dependency @​bitnami/readme-generator-for-helm to v2.5.1 - Schedule: ["at any time"] - Branch name: `renovate/bitnami-readme-generator-for-helm-2.x-lockfile` - Merge into: `main` - Upgrade [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) to `2.5.1`
Update dependency markdownlint-cli to ^0.35.0 - Schedule: ["at any time"] - Branch name: `renovate/markdownlint-cli-0.x` - Merge into: `main` - Upgrade [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) to `^0.35.0`
Update postgresql Docker tag to v12.10.0 - Schedule: ["at any time"] - Branch name: `renovate/postgresql-12.x` - Merge into: `main` - Upgrade postgresql to `12.10.0`
Update postgresql-ha Docker tag to v11.9.0 - Schedule: ["at any time"] - Branch name: `renovate/postgresql-ha-11.x` - Merge into: `main` - Upgrade postgresql-ha to `11.9.0`
Update redis-cluster Docker tag to v8.8.2 - Schedule: ["at any time"] - Branch name: `renovate/redis-cluster-8.x` - Merge into: `main` - Upgrade redis-cluster to `8.8.2`
Update redis-cluster Docker tag to v9 - Schedule: ["at any time"] - Branch name: `renovate/redis-cluster-9.x` - Merge into: `main` - Upgrade redis-cluster to `9.0.1`

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for `prhourlylimit` for details. --- ❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section. If you need any further assistance then you can also [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/492 Reviewed-by: Jason Song Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- renovate.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..7190a60 --- /dev/null +++ b/renovate.json @@ -0,0 +1,3 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json" +} -- 2.40.1 From ff83bab0e22f3643bef5721ca71c317372a5aaee Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 30 Aug 2023 07:04:59 +0000 Subject: [PATCH 222/390] Update dependency @bitnami/readme-generator-for-helm to v2.5.1 (#493) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | devDependencies | patch | [`2.5.0` -> `2.5.1`](https://renovatebot.com/diffs/npm/@bitnami%2freadme-generator-for-helm/2.5.0/2.5.1) | :warning: Release Notes retrieval for this PR were skipped because no github.com credentials were available. If you are self-hosted, please see [this instruction](https://github.com/renovatebot/renovate/blob/master/docs/usage/examples/self-hosting.md#githubcom-token-for-release-notes). --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/493 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index ffd22d5..182b98c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,7 +7,7 @@ "name": "gitea-helm-chart", "license": "MIT", "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.5.0", + "@bitnami/readme-generator-for-helm": "^2.5.1", "markdownlint-cli": "^0.34.0" }, "engines": { @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.0.tgz", - "integrity": "sha512-bYggL/kWwyxjctSrIBMOcrTQSj8LA3yYcEzfGTJIFoHKl5M7ifZtox//8G5K3FTw6qdOnPZcA10fl2y4N6uB/g==", + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.1.tgz", + "integrity": "sha512-LRSq43HwfgmTJZ4rwpXHf6d7DGnY+j2BtgVlc2hPqfRtqj36NRYl83Zv9WjRGvwF8Zr6Iwa1AgvewiAxdWlMzg==", "dev": true, "dependencies": { "commander": "^7.1.0", -- 2.40.1 From 3dd6632c5f81465c15bba8dfc7c315e2bb677b4d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 30 Aug 2023 07:14:45 +0000 Subject: [PATCH 223/390] Update dependency markdownlint-cli to ^0.35.0 (#494) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.34.0` -> `^0.35.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.34.0/0.35.0) | :warning: Release Notes retrieval for this PR were skipped because no github.com credentials were available. If you are self-hosted, please see [this instruction](https://github.com/renovatebot/renovate/blob/master/docs/usage/examples/self-hosting.md#githubcom-token-for-release-notes). --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [x] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/494 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 60 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/package-lock.json b/package-lock.json index 182b98c..9ce16b3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.1", - "markdownlint-cli": "^0.34.0" + "markdownlint-cli": "^0.35.0" }, "engines": { "node": ">=16.0.0", @@ -399,39 +399,39 @@ } }, "node_modules/markdownlint": { - "version": "0.28.2", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.28.2.tgz", - "integrity": "sha512-yYaQXoKKPV1zgrFsyAuZPEQoe+JrY9GDag9ObKpk09twx4OCU5lut+0/kZPrQ3W7w82SmgKhd7D8m34aG1unVw==", + "version": "0.29.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.29.0.tgz", + "integrity": "sha512-ASAzqpODstu/Qsk0xW5BPgWnK/qjpBQ4e7IpsSvvFXcfYIjanLTdwFRJK1SIEEh0fGSMKXcJf/qhaZYHyME0wA==", "dev": true, "dependencies": { "markdown-it": "13.0.1", - "markdownlint-micromark": "0.1.2" + "markdownlint-micromark": "0.1.5" }, "engines": { - "node": ">=14.18.0" + "node": ">=16" } }, "node_modules/markdownlint-cli": { - "version": "0.34.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.34.0.tgz", - "integrity": "sha512-4G9I++VBTZkaye6Yfc/7dU6HQHcyldZEVB+bYyQJLcpJOHKk/q5ZpGqK80oKMIdlxzsA3aWOJLZ4DkoaoUWXbQ==", + "version": "0.35.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.35.0.tgz", + "integrity": "sha512-lVIIIV1MrUtjoocgDqXLxUCxlRbn7Ve8rsWppfwciUNwLlNS28AhNiyQ3PU7jjj4Qvj+rWTTvwkqg7AcdG988g==", "dev": true, "dependencies": { - "commander": "~10.0.1", + "commander": "~11.0.0", "get-stdin": "~9.0.0", - "glob": "~10.2.2", + "glob": "~10.2.7", "ignore": "~5.2.4", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.0", - "markdownlint": "~0.28.2", - "minimatch": "~9.0.0", + "markdownlint": "~0.29.0", + "minimatch": "~9.0.1", "run-con": "~1.2.11" }, "bin": { "markdownlint": "markdownlint.js" }, "engines": { - "node": ">=14" + "node": ">=16" } }, "node_modules/markdownlint-cli/node_modules/brace-expansion": { @@ -444,24 +444,24 @@ } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", - "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz", + "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==", "dev": true, "engines": { - "node": ">=14" + "node": ">=16" } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.2.2", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.2.2.tgz", - "integrity": "sha512-Xsa0BcxIC6th9UwNjZkhrMtNo/MnyRL8jGCP+uEwhA5oFOCY1f2s1/oNKY47xQ0Bg5nkjsfAEIej1VeH62bDDQ==", + "version": "10.2.7", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.2.7.tgz", + "integrity": "sha512-jTKehsravOJo8IJxUGfZILnkvVJM/MOfHRs8QcXolVef2zNI9Tqyy5+SeuOAZd3upViEZQLyFpQhYiHLrMUNmA==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^2.0.3", - "minimatch": "^9.0.0", - "minipass": "^5.0.0", + "minimatch": "^9.0.1", + "minipass": "^5.0.0 || ^6.0.2", "path-scurry": "^1.7.0" }, "bin": { @@ -475,9 +475,9 @@ } }, "node_modules/markdownlint-cli/node_modules/minimatch": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.0.tgz", - "integrity": "sha512-0jJj8AvgKqWN05mrwuqi8QYKx1WmYSUoKSxu5Qhs9prezTz10sxAHGNZe9J9cqIJzta8DWsleh2KaVaLl6Ru2w==", + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", + "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", "dev": true, "dependencies": { "brace-expansion": "^2.0.1" @@ -490,12 +490,12 @@ } }, "node_modules/markdownlint-micromark": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.2.tgz", - "integrity": "sha512-jRxlQg8KpOfM2IbCL9RXM8ZiYWz2rv6DlZAnGv8ASJQpUh6byTBnEsbuMZ6T2/uIgntyf7SKg/mEaEBo1164fQ==", + "version": "0.1.5", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.5.tgz", + "integrity": "sha512-HvofNU4QCvfUCWnocQP1IAWaqop5wpWrB0mKB6SSh0fcpV0PdmQNS6tdUuFew1utpYlUvYYzz84oDkrD76GB9A==", "dev": true, "engines": { - "node": ">=14.18.0" + "node": ">=16" } }, "node_modules/mdurl": { diff --git a/package.json b/package.json index 53906d2..49c991d 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.34.0" + "markdownlint-cli": "^0.35.0" } } -- 2.40.1 From 22872112cd159b577acc2ec820230a42acc6877b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 31 Aug 2023 11:35:23 +0000 Subject: [PATCH 224/390] Update postgresql-ha Docker tag to v11.9.0 (#496) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | postgresql-ha | minor | `11.7.9` -> `11.9.0` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/496 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 16f1c70..5fc5b00 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.7.9 + version: 11.9.0 condition: postgresql-ha.enabled # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) - name: redis-cluster -- 2.40.1 From 3276f1e76dfe846cc0c743f0278e732b998b1137 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 31 Aug 2023 11:35:49 +0000 Subject: [PATCH 225/390] Update postgresql Docker tag to v12.10.0 (#495) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | postgresql | minor | `12.6.6` -> `12.10.0` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: techknowlogick Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/495 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 5fc5b00..af193b0 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.6.6 + version: 12.10.0 condition: postgresql.enabled # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha -- 2.40.1 From 1550f9b4e09d9141a20f6a58a345ae59c64d0f3a Mon Sep 17 00:00:00 2001 From: tobiasbp Date: Thu, 31 Aug 2023 17:07:45 +0000 Subject: [PATCH 226/390] Quote values for ingress annotations as discussed in #483 (#497) Quote all values for Ingress annotations as discussed in https://gitea.com/gitea/helm-chart/issues/483 Annotations are currently not quoted, and can not be set to non-string values using the _--set_ with _helm_ (see examples in issue). Annotations for ingress-nginx MUST be quoted: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#annotations ``` !!! tip Annotation keys and values can only be strings. Other types, such as boolean or numeric values must be quoted, i.e. "true", "false", "100". ``` Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/497 Reviewed-by: pat-s Co-authored-by: tobiasbp Co-committed-by: tobiasbp --- templates/gitea/ingress.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 224e777..12100a6 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -15,10 +15,10 @@ metadata: name: {{ $fullName }} labels: {{- include "gitea.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className }} -- 2.40.1 From 30000677d7e2c41992a4be5ed5899667aca79af3 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 31 Aug 2023 19:12:49 +0200 Subject: [PATCH 227/390] update chart.lock --- Chart.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 44d920b..4292b72 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.6.6 + version: 12.10.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.7.9 + version: 11.9.0 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 8.6.9 -digest: sha256:52296a48610712a8eb69a32b1b5818b014bfb8dac79d883e11ebdaf97d41e85d -generated: "2023-07-17T21:24:06.888357+02:00" +digest: sha256:57053e05cac377167dea0f1beb6d98458f2d3789d2f57eeb8f2c54af4bb8ba60 +generated: "2023-08-31T19:12:23.741539+02:00" -- 2.40.1 From 28bd87b5a98b6615bc54be8128160e9d27e97fc0 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 5 Sep 2023 08:35:29 +0200 Subject: [PATCH 228/390] Use modern renovate.json5 file Signed-off-by: justusbunsi --- renovate.json => renovate.json5 | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename renovate.json => renovate.json5 (100%) diff --git a/renovate.json b/renovate.json5 similarity index 100% rename from renovate.json rename to renovate.json5 -- 2.40.1 From 0d9d6bcbb28984a346daa65b49f3a42c8eb21ba1 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 5 Sep 2023 08:43:24 +0200 Subject: [PATCH 229/390] Extends centralized renovate configuration Signed-off-by: justusbunsi --- renovate.json5 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 7190a60..b099f0b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,3 +1,4 @@ { - "$schema": "https://docs.renovatebot.com/renovate-schema.json" + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["gitea>gitea/renovate-config"], } -- 2.40.1 From 07fe17caf44401eb1da9dd364373030590bbc621 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 5 Sep 2023 07:15:49 +0000 Subject: [PATCH 230/390] chore(deps): update postgresql-ha docker tag to v11.9.2 (#499) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql-ha](https://github.com/bitnami/charts) | patch | `11.9.0` -> `11.9.2` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/499 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index af193b0..da05517 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.0 + version: 11.9.2 condition: postgresql-ha.enabled # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) - name: redis-cluster -- 2.40.1 From 054ee87a8c383f813e01d086182e0916bbe37ec6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 5 Sep 2023 07:16:15 +0000 Subject: [PATCH 231/390] chore(deps): update dependency markdownlint-cli to ^0.36.0 (#500) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.35.0` -> `^0.36.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.35.0/0.36.0) | --- ### Release Notes
igorshubovych/markdownlint-cli (markdownlint-cli) ### [`v0.36.0`](https://github.com/igorshubovych/markdownlint-cli/releases/tag/v0.36.0): 0.36.0 [Compare Source](https://github.com/igorshubovych/markdownlint-cli/compare/v0.35.0...v0.36.0) - Update `markdownlint` dependency to `0.30.0` - Use `micromark` in MD022/MD026/MD032/MD037/MD045/MD051 - Incorporate `micromark-extension-math` for math syntax - Allow custom rules to override information URL - Update all dependencies via `Dependabot`
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/500 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 70 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9ce16b3..7b58d1e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,8 +7,8 @@ "name": "gitea-helm-chart", "license": "MIT", "devDependencies": { - "@bitnami/readme-generator-for-helm": "^2.5.1", - "markdownlint-cli": "^0.35.0" + "@bitnami/readme-generator-for-helm": "^2.5.0", + "markdownlint-cli": "^0.36.0" }, "engines": { "node": ">=16.0.0", @@ -286,12 +286,12 @@ "dev": true }, "node_modules/ini": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/ini/-/ini-3.0.1.tgz", - "integrity": "sha512-it4HyVAUTKBc6m8e1iXWvXSTdndF7HbdN713+kvLrymxTaU4AUBWrJ4vEooP+V7fexnVD3LKcBshjGGPefSMUQ==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ini/-/ini-4.1.1.tgz", + "integrity": "sha512-QQnnxNyfvmHFIsj7gkPcYymR8Jdw/o7mp5ZFihxn6h8Ci6fh3Dx4E1gPjpQEpIuPo9XVNY/ZUwh4BPMjGyL01g==", "dev": true, "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, "node_modules/is-fullwidth-code-point": { @@ -399,33 +399,33 @@ } }, "node_modules/markdownlint": { - "version": "0.29.0", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.29.0.tgz", - "integrity": "sha512-ASAzqpODstu/Qsk0xW5BPgWnK/qjpBQ4e7IpsSvvFXcfYIjanLTdwFRJK1SIEEh0fGSMKXcJf/qhaZYHyME0wA==", + "version": "0.30.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.30.0.tgz", + "integrity": "sha512-nInuFvI/rEzanAOArW5490Ez4EYpB5ODqVM0mcDYCPx9DKJWCQqCgejjiCvbSeE7sjbDscVtZmwr665qpF5xGA==", "dev": true, "dependencies": { "markdown-it": "13.0.1", - "markdownlint-micromark": "0.1.5" + "markdownlint-micromark": "0.1.7" }, "engines": { "node": ">=16" } }, "node_modules/markdownlint-cli": { - "version": "0.35.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.35.0.tgz", - "integrity": "sha512-lVIIIV1MrUtjoocgDqXLxUCxlRbn7Ve8rsWppfwciUNwLlNS28AhNiyQ3PU7jjj4Qvj+rWTTvwkqg7AcdG988g==", + "version": "0.36.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.36.0.tgz", + "integrity": "sha512-h4WdqOam3+QOVOcJSOQuG8KvvN8dlS0OiJhbPwYWBk7VMZR40UtSSMIOpSP5B4EHPHg3W3ILSQUvqg1HNpTCxA==", "dev": true, "dependencies": { "commander": "~11.0.0", "get-stdin": "~9.0.0", - "glob": "~10.2.7", + "glob": "~10.3.4", "ignore": "~5.2.4", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.0", - "markdownlint": "~0.29.0", - "minimatch": "~9.0.1", - "run-con": "~1.2.11" + "markdownlint": "~0.30.0", + "minimatch": "~9.0.3", + "run-con": "~1.3.2" }, "bin": { "markdownlint": "markdownlint.js" @@ -453,16 +453,16 @@ } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.2.7", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.2.7.tgz", - "integrity": "sha512-jTKehsravOJo8IJxUGfZILnkvVJM/MOfHRs8QcXolVef2zNI9Tqyy5+SeuOAZd3upViEZQLyFpQhYiHLrMUNmA==", + "version": "10.3.4", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.4.tgz", + "integrity": "sha512-6LFElP3A+i/Q8XQKEvZjkEWEOTgAIALR9AO2rwT8bgPhDd1anmqDJDZ6lLddI4ehxxxR1S5RIqKe1uapMQfYaQ==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^2.0.3", "minimatch": "^9.0.1", - "minipass": "^5.0.0 || ^6.0.2", - "path-scurry": "^1.7.0" + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", + "path-scurry": "^1.10.1" }, "bin": { "glob": "dist/cjs/src/bin.js" @@ -490,9 +490,9 @@ } }, "node_modules/markdownlint-micromark": { - "version": "0.1.5", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.5.tgz", - "integrity": "sha512-HvofNU4QCvfUCWnocQP1IAWaqop5wpWrB0mKB6SSh0fcpV0PdmQNS6tdUuFew1utpYlUvYYzz84oDkrD76GB9A==", + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.7.tgz", + "integrity": "sha512-BbRPTC72fl5vlSKv37v/xIENSRDYL/7X/XoFzZ740FGEbs9vZerLrIkFRY0rv7slQKxDczToYuMmqQFN61fi4Q==", "dev": true, "engines": { "node": ">=16" @@ -562,13 +562,13 @@ } }, "node_modules/path-scurry": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.7.0.tgz", - "integrity": "sha512-UkZUeDjczjYRE495+9thsgcVgsaCPkaw80slmfVFgllxY+IO8ubTsOpFVjDPROBqJdHfVPUFRHPBV/WciOVfWg==", + "version": "1.10.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz", + "integrity": "sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==", "dev": true, "dependencies": { - "lru-cache": "^9.0.0", - "minipass": "^5.0.0" + "lru-cache": "^9.1.1 || ^10.0.0", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { "node": ">=16 || 14 >=14.17" @@ -587,14 +587,14 @@ } }, "node_modules/run-con": { - "version": "1.2.11", - "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.11.tgz", - "integrity": "sha512-NEMGsUT+cglWkzEr4IFK21P4Jca45HqiAbIIZIBdX5+UZTB24Mb/21iNGgz9xZa8tL6vbW7CXmq7MFN42+VjNQ==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.3.2.tgz", + "integrity": "sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==", "dev": true, "dependencies": { "deep-extend": "^0.6.0", - "ini": "~3.0.0", - "minimist": "^1.2.6", + "ini": "~4.1.0", + "minimist": "^1.2.8", "strip-json-comments": "~3.1.1" }, "bin": { diff --git a/package.json b/package.json index 49c991d..e4034e1 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.35.0" + "markdownlint-cli": "^0.36.0" } } -- 2.40.1 From 74fef7e4c63373f0c1ee2a84756ce27cc0074a96 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 6 Sep 2023 03:29:23 +0000 Subject: [PATCH 232/390] chore(deps): update redis-cluster docker tag to v8.8.2 (#503) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [redis-cluster](https://github.com/bitnami/charts) | minor | `8.6.9` -> `8.8.2` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/503 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Chart.lock b/Chart.lock index 4292b72..2e49552 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.10.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.0 + version: 11.9.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.6.9 -digest: sha256:57053e05cac377167dea0f1beb6d98458f2d3789d2f57eeb8f2c54af4bb8ba60 -generated: "2023-08-31T19:12:23.741539+02:00" + version: 8.8.2 +digest: sha256:5544edad468242057ee287712f196453f7de3e3ff9b3f5858a0f95ab3b5983c7 +generated: "2023-09-05T16:21:13.411638065Z" diff --git a/Chart.yaml b/Chart.yaml index da05517..5412535 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.6.9 + version: 8.8.2 condition: redis-cluster.enabled -- 2.40.1 From 38776e2b51910782a0451ce5b851a40800b27944 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 7 Sep 2023 02:23:12 +0000 Subject: [PATCH 233/390] chore(deps): update postgresql docker tag to v12.10.1 (#505) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql](https://github.com/bitnami/charts) | patch | `12.10.0` -> `12.10.1` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/505 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 2e49552..d35747b 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.10.0 + version: 12.10.1 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 11.9.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 8.8.2 -digest: sha256:5544edad468242057ee287712f196453f7de3e3ff9b3f5858a0f95ab3b5983c7 -generated: "2023-09-05T16:21:13.411638065Z" +digest: sha256:a9506ea21ff576b301fd9d16a240a55d86ca2d5bbe20ec0fd78272c855786f7f +generated: "2023-09-07T00:03:27.653856865Z" diff --git a/Chart.yaml b/Chart.yaml index 5412535..c6afb71 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.10.0 + version: 12.10.1 condition: postgresql.enabled # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) - name: postgresql-ha -- 2.40.1 From eb1391638680bf9a301954a87f01357cf8e80050 Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 8 Sep 2023 15:03:50 +0200 Subject: [PATCH 234/390] Gitea 1.20.4 --- Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index c6afb71..191cae1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.3 +appVersion: 1.20.4 icon: https://gitea.com/assets/img/logo.svg keywords: @@ -33,17 +33,17 @@ maintainers: # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: - # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml) + #https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.10.1 condition: postgresql.enabled - # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml) + # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 11.9.2 condition: postgresql-ha.enabled - # Chart release date: 2023-07 (https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml) + # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 8.8.2 -- 2.40.1 From 88d0f132d14ef85aa83bb2d3bfc8dfa5094c0b9c Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 8 Sep 2023 18:10:31 +0000 Subject: [PATCH 235/390] pin docker digests --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index b099f0b..09d21fb 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,4 +1,4 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["gitea>gitea/renovate-config"], + "extends": ["gitea>gitea/renovate-config","docker:pinDigests"], } -- 2.40.1 From 95d5fb209b1c67415058a49171a95421efe27d8b Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sat, 9 Sep 2023 14:11:47 +0000 Subject: [PATCH 236/390] Disable Docker digest pinning (#508) As per conversation in Discord. https://docs.renovatebot.com/configuration-options/#pindigests Signed-off-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/508 Reviewed-by: techknowlogick Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index 09d21fb..b099f0b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,4 +1,4 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["gitea>gitea/renovate-config","docker:pinDigests"], + "extends": ["gitea>gitea/renovate-config"], } -- 2.40.1 From 0e5bccd73220834f9d868b3075f9c119a3090e27 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 9 Sep 2023 15:36:19 +0000 Subject: [PATCH 237/390] Add support for `image.digest` (#444) fix #398 Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/444 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 1 + templates/_helpers.tpl | 13 +++- unittests/deployment/image-configuration.yaml | 78 +++++++++++++++++++ values.yaml | 2 + 4 files changed, 90 insertions(+), 4 deletions(-) create mode 100644 unittests/deployment/image-configuration.yaml diff --git a/README.md b/README.md index 8ad2717..37e57ff 100644 --- a/README.md +++ b/README.md @@ -719,6 +719,7 @@ kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --na | `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | | `image.repository` | Image to start for this pod | `gitea/gitea` | | `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | | `image.pullPolicy` | Image pull policy | `Always` | | `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | | `imagePullSecrets` | Secret to use for pulling the image | `[]` | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 2dad930..565f335 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -57,13 +57,18 @@ Create image name and tag used by the deployment. */}} {{- define "gitea.image" -}} {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} -{{- $name := .Values.image.repository -}} +{{- $repository := .Values.image.repository -}} +{{- $separator := ":" -}} {{- $tag := .Values.image.tag | default .Chart.AppVersion -}} {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} -{{- if $registry -}} - {{- printf "%s/%s:%s%s" $registry $name $tag $rootless -}} +{{- $digest := "" -}} +{{- if .Values.image.digest }} + {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} +{{- end -}} +{{- if $registry }} + {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} {{- else -}} - {{- printf "%s:%s%s" $name $tag $rootless -}} + {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} {{- end -}} {{- end -}} diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml new file mode 100644 index 0000000..cdfd73a --- /dev/null +++ b/unittests/deployment/image-configuration.yaml @@ -0,0 +1,78 @@ +suite: deployment template (image configuration) +release: + name: gitea-unittests + namespace: testing +chart: + # Override appVersion to be consistent with used digest :) + appVersion: 1.19.3 +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: default values + template: templates/gitea/deployment.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3-rootless" + - it: tag override + template: templates/gitea/deployment.yaml + set: + image.tag: "1.19.4" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.4-rootless" + - it: root-based image + template: templates/gitea/deployment.yaml + set: + image.rootless: false + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3" + - it: scoped registry + template: templates/gitea/deployment.yaml + set: + image.registry: "example.com" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "example.com/gitea/gitea:1.19.3-rootless" + - it: global registry + template: templates/gitea/deployment.yaml + set: + global.imageRegistry: "global.example.com" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "global.example.com/gitea/gitea:1.19.3-rootless" + - it: digest for rootless image + template: templates/gitea/deployment.yaml + set: + image: + rootless: true + digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: digest for root-based image + template: templates/gitea/deployment.yaml + set: + image: + rootless: false + digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: digest and global registry + template: templates/gitea/deployment.yaml + set: + global.imageRegistry: "global.example.com" + image.digest: "sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "global.example.com/gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" diff --git a/values.yaml b/values.yaml index c33e243..34c859d 100644 --- a/values.yaml +++ b/values.yaml @@ -40,6 +40,7 @@ clusterDomain: cluster.local ## @param image.registry image registry, e.g. gcr.io,docker.io ## @param image.repository Image to start for this pod ## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. +## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.pullPolicy Image pull policy ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher image: @@ -47,6 +48,7 @@ image: repository: gitea/gitea # Overrides the image tag whose default is the chart appVersion. tag: "" + digest: "" pullPolicy: Always rootless: true -- 2.40.1 From 779563141db9e1fdcca60e8fee81d6464c5aea37 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 13 Sep 2023 07:48:55 +0000 Subject: [PATCH 238/390] chore(deps): update redis-cluster docker tag to v9 (#504) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [redis-cluster](https://github.com/bitnami/charts) | major | `8.8.2` -> `9.0.4` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/504 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index d35747b..c3f5f53 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.8.2 -digest: sha256:a9506ea21ff576b301fd9d16a240a55d86ca2d5bbe20ec0fd78272c855786f7f -generated: "2023-09-07T00:03:27.653856865Z" + version: 9.0.4 +digest: sha256:eaa681df119bef7ef7973d8b13eea28e03c86e72c25a03648e4fc0d4b603ff6e +generated: "2023-09-12T00:03:47.823115644Z" diff --git a/Chart.yaml b/Chart.yaml index 191cae1..0ae1dcf 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 8.8.2 + version: 9.0.4 condition: redis-cluster.enabled -- 2.40.1 From 08c50abba93922cf41649faf149b95a8accd6fe2 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 14 Sep 2023 16:48:36 +0000 Subject: [PATCH 239/390] Update helm deps weekly (#510) As title. This modification should only apply the minor+patch updates for the helm deps of this chart on a weekly basis. Major updates should still come in with the daily renovate runs. Automerge is included but won't work as the bot cannot self-approve it's PRs and does not have merge permissions yet. The only way this might work if we allow the bot to push to a branch only and merge without opening a PR. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/510 Reviewed-by: Lunny Xiao Co-authored-by: pat-s Co-committed-by: pat-s --- renovate.json5 | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index b099f0b..52383bb 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,4 +1,13 @@ { - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["gitea>gitea/renovate-config"], + $schema: "https://docs.renovatebot.com/renovate-schema.json", + extends: ["gitea>gitea/renovate-config"], + packageRules: [ + { + description: "Automerge minor + patch dependency updates weekly", + matchManagers: ["helm"], + matchUpdateTypes: ["minor", "patch", "digest"], + automerge: true, + schedule: ["weekly"] + }, + ], } -- 2.40.1 From c6887fde0a01cadb32e0cdc188ed620b5229a72c Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 15 Sep 2023 09:11:53 +0100 Subject: [PATCH 240/390] fix renovate config --- renovate.json5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 52383bb..f68b3e1 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -4,10 +4,10 @@ packageRules: [ { description: "Automerge minor + patch dependency updates weekly", - matchManagers: ["helm"], + matchManagers: ["helmv3"], matchUpdateTypes: ["minor", "patch", "digest"], automerge: true, - schedule: ["weekly"] + "extends": ["schedule:weekly"], }, ], } -- 2.40.1 From 453ab0e211fb37cc981d5a324510c44eec2efb3e Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 15 Sep 2023 09:12:22 +0100 Subject: [PATCH 241/390] json5 --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index f68b3e1..354914d 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -7,7 +7,7 @@ matchManagers: ["helmv3"], matchUpdateTypes: ["minor", "patch", "digest"], automerge: true, - "extends": ["schedule:weekly"], + extends: ["schedule:weekly"], }, ], } -- 2.40.1 From 5e76871731b0c486351af543ecf8c2119fea57b5 Mon Sep 17 00:00:00 2001 From: Ceddaerrix Date: Fri, 22 Sep 2023 15:09:13 +0000 Subject: [PATCH 242/390] Improving DRY principle support on gitea Ingress host name (#498) ### Description of the change Introducing `tpl` function on variables related to hostname in `./templates/gitea/ingress.yaml` ### Benefits The change is intending to support the following syntax in a values.yaml such as: ``` global: giteaHostName: "gitea.my-org.com" ingress: enabled: true hosts: - host: "{{ .Values.global.giteaHostName }}" paths: - path: / pathType: Prefix tls: - secretName: gitea-tls hosts: - "{{ .Values.global.giteaHostName }}" ``` ### Possible drawbacks N/A ### Applicable issues N/A ### Additional information N/A Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/498 Reviewed-by: justusbunsi Co-authored-by: Ceddaerrix Co-committed-by: Ceddaerrix --- templates/gitea/ingress.yaml | 4 ++-- .../deployment/ingress-configuration.yaml | 23 +++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 unittests/deployment/ingress-configuration.yaml diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 12100a6..9991eec 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -28,14 +28,14 @@ spec: {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . | quote }} + - {{ tpl . $ | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ tpl .host $ | quote }} http: paths: {{- range .paths }} diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml new file mode 100644 index 0000000..6a36eb0 --- /dev/null +++ b/unittests/deployment/ingress-configuration.yaml @@ -0,0 +1,23 @@ +suite: ingress template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/ingress.yaml +tests: + - it: hostname using TPL + set: + global.giteaHostName: "gitea.example.com" + ingress.enabled: true + ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" + ingress.tls: + - secretName: gitea-tls + hosts: + - "{{ .Values.global.giteaHostName }}" + asserts: + - equal: + path: spec.tls[0].hosts[0] + value: "gitea.example.com" + - equal: + path: spec.rules[0].host + value: "gitea.example.com" -- 2.40.1 From 74cec11931af29b821ef000be3a1a7054c38d2a5 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 24 Sep 2023 17:55:21 +0000 Subject: [PATCH 243/390] chore(deps): update postgresql docker tag to v12.12.5 (#506) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index c3f5f53..5cac592 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.10.1 + version: 12.12.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 11.9.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.0.4 -digest: sha256:eaa681df119bef7ef7973d8b13eea28e03c86e72c25a03648e4fc0d4b603ff6e -generated: "2023-09-12T00:03:47.823115644Z" +digest: sha256:aba0798b2d882a0e44119cc1e586278c3433227d65c37f9035e835ab3c554965 +generated: "2023-09-22T19:18:56.559259773Z" diff --git a/Chart.yaml b/Chart.yaml index 0ae1dcf..963a759 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: #https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.10.1 + version: 12.12.5 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha -- 2.40.1 From ffbec41c88c65d2ccc81f8a709a36ad2629a2db2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 24 Sep 2023 17:58:16 +0000 Subject: [PATCH 244/390] chore(deps): update dependency markdownlint-cli to ^0.37.0 (#517) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 22 +++++++++++----------- package.json | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7b58d1e..61aa8a3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.36.0" + "markdownlint-cli": "^0.37.0" }, "engines": { "node": ">=16.0.0", @@ -399,9 +399,9 @@ } }, "node_modules/markdownlint": { - "version": "0.30.0", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.30.0.tgz", - "integrity": "sha512-nInuFvI/rEzanAOArW5490Ez4EYpB5ODqVM0mcDYCPx9DKJWCQqCgejjiCvbSeE7sjbDscVtZmwr665qpF5xGA==", + "version": "0.31.1", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.31.1.tgz", + "integrity": "sha512-CKMR2hgcIBrYlIUccDCOvi966PZ0kJExDrUi1R+oF9PvqQmCrTqjOsgIvf2403OmJ+CWomuzDoylr6KbuMyvHA==", "dev": true, "dependencies": { "markdown-it": "13.0.1", @@ -412,9 +412,9 @@ } }, "node_modules/markdownlint-cli": { - "version": "0.36.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.36.0.tgz", - "integrity": "sha512-h4WdqOam3+QOVOcJSOQuG8KvvN8dlS0OiJhbPwYWBk7VMZR40UtSSMIOpSP5B4EHPHg3W3ILSQUvqg1HNpTCxA==", + "version": "0.37.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.37.0.tgz", + "integrity": "sha512-hNKAc0bWBBuVhJbSWbUhRzavstiB4o1jh3JeSpwC4/dt6eJ54lRfYHRxVdzVp4qGWBKbeE6Pg490PFEfrKjqSg==", "dev": true, "dependencies": { "commander": "~11.0.0", @@ -423,7 +423,7 @@ "ignore": "~5.2.4", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.0", - "markdownlint": "~0.30.0", + "markdownlint": "~0.31.1", "minimatch": "~9.0.3", "run-con": "~1.3.2" }, @@ -453,9 +453,9 @@ } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.3.4", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.4.tgz", - "integrity": "sha512-6LFElP3A+i/Q8XQKEvZjkEWEOTgAIALR9AO2rwT8bgPhDd1anmqDJDZ6lLddI4ehxxxR1S5RIqKe1uapMQfYaQ==", + "version": "10.3.5", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.5.tgz", + "integrity": "sha512-bYUpUD7XDEHI4Q2O5a7PXGvyw4deKR70kHiDxzQbe925wbZknhOzUt2xBgTkYL6RBcVeXYuD9iNYeqoWbBZQnA==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", diff --git a/package.json b/package.json index e4034e1..44ef232 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.36.0" + "markdownlint-cli": "^0.37.0" } } -- 2.40.1 From c2b0b677c1b555319732d3e4ab195525b04968e2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 25 Sep 2023 03:41:55 +0000 Subject: [PATCH 245/390] chore(deps): update actions/checkout action to v4 (#509) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index c9cb40f..f1b6fb8 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -9,7 +9,7 @@ jobs: generate-chart-publish: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install tools run: | apt update -y diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 7c351cd..74e87bd 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -7,7 +7,7 @@ jobs: check-and-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install tools run: | apt update -y -- 2.40.1 From 7a9df83d18e8c8fa86567457086fee1d6885abf1 Mon Sep 17 00:00:00 2001 From: mmalyska Date: Wed, 27 Sep 2023 07:31:52 +0000 Subject: [PATCH 246/390] Update readme with renovate configuration for digest updates (#514) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change Update README with information how to configure renovate to update digest for gitea charts. ### Benefits Automatic digest updates for people using renovate. Co-authored-by: Michał Małyska <999598+mmalyska@users.noreply.github.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/514 Reviewed-by: justusbunsi Reviewed-by: pat-s Co-authored-by: mmalyska Co-committed-by: mmalyska --- README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/README.md b/README.md index 37e57ff..03bed71 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ - [Metrics and profiling](#metrics-and-profiling) - [Pod annotations](#pod-annotations) - [Themes](#themes) +- [Renovate](#renovate) - [Parameters](#parameters) - [Global](#global) - [strategy](#strategy) @@ -691,6 +692,34 @@ or natively via `kubectl`: kubectl create secret generic gitea-themes --from-file={{FULL-PATH-TO-CSS}} --namespace gitea ``` +## Renovate + +To be able to use a digest value which is automatically updated by `Renovate` a [customManager](https://docs.renovatebot.com/modules/manager/regex/) is required. +Here's an examplary `values.yml` definition which makes use of a digest: + +```yaml +image: + repository: gitea/gitea + tag: 1.20.2 + digest: sha256:6e3b85a36653894d6741d0aefb41dfaac39044e028a42e0a520cc05ebd7bfc3f +``` + +By default Renovate adds digest after the `tag`. +To comply with the Gitea helm chart definition of the digest parameter, a "customManagers" definition is required: + +```json +"customManagers": [ + { + "customType": "regex", + "description": "Apply an explicit gitea digest field match", + "fileMatch": ["values\\.ya?ml"], + "matchStrings": ["(?gitea\\/gitea)\\n(?\\s+)tag: (?[^@].*?)\\n\\s+digest: (?sha256:[a-f0-9]+)"], + "datasourceTemplate": "docker", + "autoReplaceStringTemplate": "{{depName}}\n{{indentation}}tag: {{newValue}}\n{{indentation}}digest: {{#if newDigest}}{{{newDigest}}}{{else}}{{{currentDigest}}}{{/if}}" + } +] +``` + ## Parameters ### Global -- 2.40.1 From 1f72352f14fdf66f08b3dc3e0c59672d1c9403d1 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 27 Sep 2023 09:42:41 +0200 Subject: [PATCH 247/390] renovate: set automergeStrategy --- renovate.json5 | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json5 b/renovate.json5 index 354914d..e8bcaaf 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -7,6 +7,7 @@ matchManagers: ["helmv3"], matchUpdateTypes: ["minor", "patch", "digest"], automerge: true, + automergeStrategy: "squash", extends: ["schedule:weekly"], }, ], -- 2.40.1 From 155106594607f57a4558ac1a400ccc93be395c6a Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Tue, 3 Oct 2023 17:40:34 +0000 Subject: [PATCH 248/390] bump to gitea 1.20.5 --- Chart.yaml | 100 ++++++++++++++++++++++++++--------------------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 963a759..c6236c2 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,50 +1,50 @@ -apiVersion: v2 -name: gitea -description: Gitea Helm chart for Kubernetes -type: application -version: 0.0.0 -appVersion: 1.20.4 -icon: https://gitea.com/assets/img/logo.svg - -keywords: - - git - - issue tracker - - code review - - wiki - - gitea - - gogs -sources: - - https://gitea.com/gitea/helm-chart - - https://github.com/go-gitea/gitea - - https://hub.docker.com/r/gitea/gitea/ -maintainers: - - name: Charlie Drage - email: charlie@charliedrage.com - - name: Gitea Authors - email: maintainers@gitea.io - - name: Konrad Lother - email: konrad.lother@novum-rgi.de - - name: Lucas Hahn - email: lucas.hahn@novum-rgi.de - - name: Steven Kriegler - email: sk.bunsenbrenner@gmail.com - - name: Patrick Schratz - email: patrick.schratz@gmail.com - -# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details -dependencies: - #https://github.com/bitnami/charts/blob/main/bitnami/postgresql - - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.5 - condition: postgresql.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.2 - condition: postgresql-ha.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - - name: redis-cluster - repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.4 - condition: redis-cluster.enabled +apiVersion: v2 +name: gitea +description: Gitea Helm chart for Kubernetes +type: application +version: 0.0.0 +appVersion: 1.20.5 +icon: https://gitea.com/assets/img/logo.svg + +keywords: + - git + - issue tracker + - code review + - wiki + - gitea + - gogs +sources: + - https://gitea.com/gitea/helm-chart + - https://github.com/go-gitea/gitea + - https://hub.docker.com/r/gitea/gitea/ +maintainers: + - name: Charlie Drage + email: charlie@charliedrage.com + - name: Gitea Authors + email: maintainers@gitea.io + - name: Konrad Lother + email: konrad.lother@novum-rgi.de + - name: Lucas Hahn + email: lucas.hahn@novum-rgi.de + - name: Steven Kriegler + email: sk.bunsenbrenner@gmail.com + - name: Patrick Schratz + email: patrick.schratz@gmail.com + +# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details +dependencies: + #https://github.com/bitnami/charts/blob/main/bitnami/postgresql + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.12.5 + condition: postgresql.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml + - name: postgresql-ha + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.9.2 + condition: postgresql-ha.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml + - name: redis-cluster + repository: oci://registry-1.docker.io/bitnamicharts + version: 9.0.4 + condition: redis-cluster.enabled -- 2.40.1 From c1c186b9016a891195029a03e487f62b8cc0f02e Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:24:10 +0200 Subject: [PATCH 249/390] login to docker before packaging chart --- .gitea/workflows/release-version.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index f1b6fb8..37a12ab 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -34,6 +34,7 @@ jobs: # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg helm dependency update + echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USERNAME --password-stdin helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea -- 2.40.1 From dc8a2bd667c53ae3506c5638d4d19002e46646af Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:27:16 +0200 Subject: [PATCH 250/390] login as the first action --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 37a12ab..20049d2 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -31,10 +31,10 @@ jobs: # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | + echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USERNAME --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg helm dependency update - echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USERNAME --password-stdin helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea -- 2.40.1 From cd4271a1ad3f3422d71d6334ff2b6ce59af8c269 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:29:09 +0200 Subject: [PATCH 251/390] install `docker-ce-cli` --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 20049d2..3e26d40 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -17,7 +17,7 @@ jobs: curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list apt update -y - apt install -y python helm python3-pip apt-transport-https + apt install -y python helm python3-pip apt-transport-https docker-ce-cli pip install awscli - name: Import GPG key -- 2.40.1 From 183b54fc27b2f62833c6cb4f07754c428271f73a Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:32:54 +0200 Subject: [PATCH 252/390] add docker apt repo --- .gitea/workflows/release-version.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 3e26d40..ca9138c 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -16,7 +16,10 @@ jobs: apt install -y curl curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y + curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg apt install -y python helm python3-pip apt-transport-https docker-ce-cli pip install awscli -- 2.40.1 From d2598c6161ed9a2abbfb6a439ca7ee43e1f05fc7 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:33:39 +0200 Subject: [PATCH 253/390] remove sudo --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index ca9138c..874d041 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -16,9 +16,9 @@ jobs: apt install -y curl curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y - curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg apt install -y python helm python3-pip apt-transport-https docker-ce-cli pip install awscli -- 2.40.1 From cbaad0ed8fc1a48e281316d2f7c94ddb074299d1 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:35:51 +0200 Subject: [PATCH 254/390] add gpg key first --- .gitea/workflows/release-version.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 874d041..fc9af3e 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -14,12 +14,15 @@ jobs: run: | apt update -y apt install -y curl + # helm curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - apt update -y + # docker curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg + install -m 0755 -d /etc/apt/keyrings + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null + apt update -y apt install -y python helm python3-pip apt-transport-https docker-ce-cli pip install awscli -- 2.40.1 From ef4e0dc77dd62fb1e9127c759b38d53e26392b6e Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:38:19 +0200 Subject: [PATCH 255/390] refine --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index fc9af3e..c0be7f0 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -13,14 +13,14 @@ jobs: - name: install tools run: | apt update -y - apt install -y curl + apt install -y curl ca-certificates curl gnupg # helm curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list # docker + install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg - install -m 0755 -d /etc/apt/keyrings echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y apt install -y python helm python3-pip apt-transport-https docker-ce-cli -- 2.40.1 From 7d2a375685ed1017998f439cdeb6dd370632b6d4 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 5 Oct 2023 21:40:40 +0200 Subject: [PATCH 256/390] fix workflow secrets --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index c0be7f0..3fa25c3 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -37,7 +37,7 @@ jobs: # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | - echo "$DOCKER_PASSWORD" | docker login -u $DOCKER_USERNAME --password-stdin + echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg helm dependency update -- 2.40.1 From 9802e9ae41ad6e88eb56704b4f8d86c0bee045eb Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 10 Oct 2023 19:48:00 +0000 Subject: [PATCH 257/390] Login to docker to fix workflow (#526) Same as for the release workflow. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/526 Co-authored-by: pat-s Co-committed-by: pat-s --- .gitea/workflows/test-pr.yml | 10 +++- Chart.yaml | 100 +++++++++++++++++------------------ 2 files changed, 59 insertions(+), 51 deletions(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 74e87bd..c8b36a7 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -12,11 +12,19 @@ jobs: run: | apt update -y apt install -y curl make + # helm curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list + # docker + install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y - apt install -y helm python3-pip + apt install -y helm python3-pip docker-ce-cli pip install yamllint + # login to docker + echo ${{ secrets.DOCKER_PASSWORD_PUBLIC }} | docker login -u ${{ secrets.DOCKER_USERNAME_PUBLIC }} --password-stdin - name: dependency update run: helm dependency update - name: lint diff --git a/Chart.yaml b/Chart.yaml index c6236c2..e2c394a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,50 +1,50 @@ -apiVersion: v2 -name: gitea -description: Gitea Helm chart for Kubernetes -type: application -version: 0.0.0 -appVersion: 1.20.5 -icon: https://gitea.com/assets/img/logo.svg - -keywords: - - git - - issue tracker - - code review - - wiki - - gitea - - gogs -sources: - - https://gitea.com/gitea/helm-chart - - https://github.com/go-gitea/gitea - - https://hub.docker.com/r/gitea/gitea/ -maintainers: - - name: Charlie Drage - email: charlie@charliedrage.com - - name: Gitea Authors - email: maintainers@gitea.io - - name: Konrad Lother - email: konrad.lother@novum-rgi.de - - name: Lucas Hahn - email: lucas.hahn@novum-rgi.de - - name: Steven Kriegler - email: sk.bunsenbrenner@gmail.com - - name: Patrick Schratz - email: patrick.schratz@gmail.com - -# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details -dependencies: - #https://github.com/bitnami/charts/blob/main/bitnami/postgresql - - name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.5 - condition: postgresql.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.2 - condition: postgresql-ha.enabled - # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - - name: redis-cluster - repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.4 - condition: redis-cluster.enabled +apiVersion: v2 +name: gitea +description: Gitea Helm chart for Kubernetes +type: application +version: 0.0.0 +appVersion: 1.20.5 +icon: https://gitea.com/assets/img/logo.svg + +keywords: + - git + - issue tracker + - code review + - wiki + - gitea + - gogs +sources: + - https://gitea.com/gitea/helm-chart + - https://github.com/go-gitea/gitea + - https://hub.docker.com/r/gitea/gitea/ +maintainers: + - name: Charlie Drage + email: charlie@charliedrage.com + - name: Gitea Authors + email: maintainers@gitea.io + - name: Konrad Lother + email: konrad.lother@novum-rgi.de + - name: Lucas Hahn + email: lucas.hahn@novum-rgi.de + - name: Steven Kriegler + email: sk.bunsenbrenner@gmail.com + - name: Patrick Schratz + email: patrick.schratz@gmail.com + +# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details +dependencies: + # https://github.com/bitnami/charts/blob/main/bitnami/postgresql + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.12.5 + condition: postgresql.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml + - name: postgresql-ha + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.9.2 + condition: postgresql-ha.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml + - name: redis-cluster + repository: oci://registry-1.docker.io/bitnamicharts + version: 9.0.4 + condition: redis-cluster.enabled -- 2.40.1 From 226564b74d7289a94bf17cd944821911f4af21ae Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 11 Oct 2023 19:04:37 +0000 Subject: [PATCH 258/390] Add single-pod configuration examples to README (#531) Relates to #524, #515. Both examples have been tested on a k8s dev install locally by deploying in a fresh namespace. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/531 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 99 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 72 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 03bed71..fa91de0 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ - [Database defaults](#database-defaults) - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) - - [Minimal Configuration](#minimal-configuration) + - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) - [External Database](#external-database) @@ -172,35 +172,77 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` -### Minimal Configuration +### Single-Pod Configurations -For a minimal installation, i.e. without HA dependencies and using the built-in SQLITE DB instead of Postgres, the following configuration can be used: +If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. -```yaml -redis-cluster: - enabled: false -postgresql: - enabled: false -postgresql-ha: - enabled: false +1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql`): -persistence: - enabled: false +
-gitea: - config: - database: - DB_TYPE: sqlite3 - session: - PROVIDER: memory - cache: - ADAPTER: memory - queue: - TYPE: level -``` + values.yml -This will result in a single-pod Gitea instance without any dependencies and persistence. -Do not use this configuration for production use. + ```yaml + redis-cluster: + enabled: false + postgresql: + enabled: true + postgresql-ha: + enabled: false + + persistence: + enabled: true + + gitea: + config: + database: + DB_TYPE: postgres + session: + PROVIDER: db + cache: + ADAPTER: memory + queue: + TYPE: level + indexer: + ISSUE_INDEXER_TYPE: bleve + REPO_INDEXER_ENABLED: true + ``` + +
+ +2. For a minimal DEV installation (using the built-in sqlite DB instead of Postgres): + + This will result in a single-pod Gitea instance _without any dependencies and persistence_. + **Do not use this configuration for production use**. + +
+ + values.yml + + ```yaml + redis-cluster: + enabled: false + postgresql: + enabled: false + postgresql-ha: + enabled: false + + persistence: + enabled: false + + gitea: + config: + database: + DB_TYPE: sqlite3 + session: + PROVIDER: memory + cache: + ADAPTER: memory + queue: + TYPE: level + ``` + +
### Additional _app.ini_ settings @@ -1025,15 +1067,17 @@ The previous `memcache` default was not HA-ready, hence we decided to switch to If you are coming from an existing deployment and [#356](https://gitea.com/gitea/helm-chart/issues/356) is still open, you need to set the config sections for `cache`, `session` and `queue` explicitly: ```yaml +gitea: + config: session: PROVIDER: redis-cluster PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - + cache: ENABLED: true ADAPTER: redis-cluster HOST: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - + queue: TYPE: redis CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& @@ -1041,6 +1085,7 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea **Switch to rootless image by default** + If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). -- 2.40.1 From 40751af5c75a2e1909977022a3402d35c9f96eb2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 12 Oct 2023 04:27:39 +0000 Subject: [PATCH 259/390] chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.5.2 (#533) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | devDependencies | patch | [`2.5.1` -> `2.5.2`](https://renovatebot.com/diffs/npm/@bitnami%2freadme-generator-for-helm/2.5.1/2.5.2) | --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/533 Reviewed-by: justusbunsi Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 61aa8a3..87a8be1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.1.tgz", - "integrity": "sha512-LRSq43HwfgmTJZ4rwpXHf6d7DGnY+j2BtgVlc2hPqfRtqj36NRYl83Zv9WjRGvwF8Zr6Iwa1AgvewiAxdWlMzg==", + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.2.tgz", + "integrity": "sha512-hOPksxEjC1maj5Ug0pC01M1BV0MZUU3xqvMpo1asMXvRIkKhdo649mI55sZy8mH+ow9oVWJ+0Xl5cVwCyCEXiQ==", "dev": true, "dependencies": { "commander": "^7.1.0", -- 2.40.1 From ca903c9cf3235174bc76c371a908d82727aa59c9 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 13 Oct 2023 16:04:27 +0000 Subject: [PATCH 260/390] Fix `helm dependency build` once and for all (#535) ### Description of the change We are affected by a regression of a Helm bug from May 2023. I've tested the Helm versions 3.13.1, 3.13.0 and 3.12.3. Both 3.13.x are affected. 3.12.3 works. So let's downgrade and drop the docker login in PR builds. I've also switched the `apt install helm` with an official `alpine/helm` image I am using at work. Pinning the helm version and receiving updates helps us identifying such issues in the future. For the release workflow I was a bit more reluctant with changes, since I cannot easily test them. That's why I just pinned the Helm version. Renovate will provide one PR changing both files because it's the same dependency (alpine/helm) from the same datasource (docker). https://github.com/helm/helm/issues/12062 ### Applicable issues - implicitly fixes #527 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/535 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/workflows/release-version.yml | 6 ++++- .gitea/workflows/test-pr.yml | 33 ++++++++++------------------ renovate.json5 | 10 +++++++++ 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 3fa25c3..9e0d02f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -5,6 +5,10 @@ on: tags: - "*" +env: + # renovate: datasource=docker depName=alpine/helm + HELM_VERSION: "3.12.3" + jobs: generate-chart-publish: runs-on: ubuntu-latest @@ -23,7 +27,7 @@ jobs: chmod a+r /etc/apt/keyrings/docker.gpg echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y - apt install -y python helm python3-pip apt-transport-https docker-ce-cli + apt install -y python helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli pip install awscli - name: Import GPG key diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index c8b36a7..6b8b0f2 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -3,38 +3,29 @@ name: check-and-test on: - pull_request +env: + # renovate: datasource=github-releases depName=helm-unittest/helm-unittest + HELM_UNITTEST_VERSION: "0.3.3" + jobs: check-and-test: runs-on: ubuntu-latest + container: alpine/helm:3.12.3 steps: - - uses: actions/checkout@v4 - name: install tools run: | - apt update -y - apt install -y curl make - # helm - curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list - # docker - install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg - chmod a+r /etc/apt/keyrings/docker.gpg - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - apt update -y - apt install -y helm python3-pip docker-ce-cli - pip install yamllint - # login to docker - echo ${{ secrets.DOCKER_PASSWORD_PUBLIC }} | docker login -u ${{ secrets.DOCKER_USERNAME_PUBLIC }} --password-stdin - - name: dependency update - run: helm dependency update + apk update + apk add --update make nodejs npm yamllint + - uses: actions/checkout@v4 + - name: install chart dependencies + run: helm dependency build - name: lint run: helm lint - name: template - run: | - helm template --debug gitea-helm . + run: helm template --debug gitea-helm . - name: unit tests run: | - helm plugin install --version 0.3.3 https://github.com/helm-unittest/helm-unittest + helm plugin install --version ${{ env.HELM_UNITTEST_VERSION }} https://github.com/helm-unittest/helm-unittest make unittests - name: verify readme run: | diff --git a/renovate.json5 b/renovate.json5 index e8bcaaf..bb49f4b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,16 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", extends: ["gitea>gitea/renovate-config"], + customManagers: [ + { + description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', + customType: 'regex', + fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], + matchStrings: [ + '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', + ], + }, + ], packageRules: [ { description: "Automerge minor + patch dependency updates weekly", -- 2.40.1 From 7d96eb29405b76d71ab858d063a32bc8879d231a Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 13 Oct 2023 19:19:06 +0000 Subject: [PATCH 261/390] Tell Renovate to use `kind/dependency` label (#538) As title. I think using that label helps categorizing Pull Requests. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/538 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- renovate.json5 | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json5 b/renovate.json5 index bb49f4b..f4b9100 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,6 +1,7 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", extends: ["gitea>gitea/renovate-config"], + labels: ["kind/dependency"], customManagers: [ { description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', -- 2.40.1 From eb17917b5366eab3bb8858da6a02db480be6601e Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 13 Oct 2023 19:20:01 +0000 Subject: [PATCH 262/390] Bump helm-unittest to 0.3.4 (#537) There is a regression that prevents us from going directly to 0.3.5. To prevent the upcoming Renovate PR for 0.3.5 being stuck until 0.3.6, we can use 0.3.4 until a working version is released. The Renovate PR for 0.3.5 can then be closed directly so that Renovate ignores that version. https://github.com/helm-unittest/helm-unittest/issues/219 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/537 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/workflows/test-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 6b8b0f2..3a251ae 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -5,7 +5,7 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "0.3.3" + HELM_UNITTEST_VERSION: "0.3.4" jobs: check-and-test: -- 2.40.1 From 64c6d80dcf6eeb3b153af5903db247eed7361fc4 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 13 Oct 2023 19:20:26 +0000 Subject: [PATCH 263/390] Add .vscode profile for easier contributions (#536) ### Description of the change This adds a `.vscode` folder with recommended extensions and some useful settings like unittest schema validation. The `.vscode` folder is already helm ignored during packaging. ### Possible drawbacks We would have to be careful about PR changes in that directory. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/536 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .vscode/extensions.json | 8 ++++++++ .vscode/settings.json | 8 ++++++++ CONTRIBUTING.md | 9 ++------- 3 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 .vscode/extensions.json create mode 100644 .vscode/settings.json diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 0000000..a216a96 --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,8 @@ +{ + "recommendations": [ + "yzhang.markdown-all-in-one", + "DavidAnson.vscode-markdownlint", + "Tim-Koehler.helm-intellisense", + "esbenp.prettier-vscode" + ] + } diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..d709909 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "yaml.schemas": { + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json": [ + "/unittests/**/*.yaml" + ] + }, + "yaml.schemaStore.enable": true +} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f6c24bf..075cae0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,12 +9,7 @@ refactorings for easier maintainability or documentation improvements. - [`helm`](https://helm.sh/docs/intro/install/) - `make` is optional; you may call the commands directly -When using Visual Studio Code as IDE, following plugins might be useful: - -- [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) -- [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint) -- [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense) -- [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) +When using Visual Studio Code as IDE, a [ready-to-use profile](.vscode/) is available. ## Documentation Requirements @@ -61,7 +56,7 @@ $ helm plugin install https://github.com/helm-unittest/helm-unittest make unittests ``` -See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/v0.3.3/DOCUMENT.md) for usage instructions. +See [plugin documentation](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md) for usage instructions. ## Release process -- 2.40.1 From 0cc8c6d5586fdc506f1560b18e0a9c338125a5c2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 14 Oct 2023 00:14:31 +0000 Subject: [PATCH 264/390] chore(deps): update postgresql-ha docker tag to v11.9.8 (#507) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 5cac592..1201cd2 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.12.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.2 + version: 11.9.8 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.0.4 -digest: sha256:aba0798b2d882a0e44119cc1e586278c3433227d65c37f9035e835ab3c554965 -generated: "2023-09-22T19:18:56.559259773Z" +digest: sha256:b6c659aac77f90b1ea0e498c933e14647709e57269a15c2bfc612ff81d8d4001 +generated: "2023-10-14T00:06:39.299556322Z" diff --git a/Chart.yaml b/Chart.yaml index e2c394a..cbbcb76 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.2 + version: 11.9.8 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From b68b9d91cf834e3c05d65d29860ca5dbdda8210d Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sat, 14 Oct 2023 16:05:59 +0000 Subject: [PATCH 265/390] [postgresql-ha] Use pgpool service as db connection proxy (#542) ### Description of the change The `postgresql-ha` provides a dedicated deployment and service called `pgpool`. This application is a proxy that routes the db queries to the active database replica. There's a note about that in their README[^1]. Issue #502 is a side-effect of not using that proxy. ### Possible drawbacks Using the Charts' default configuration, the `pgpool` deployment has 1 replica, making this a single-point of failure. But users can change the related `postgresql-ha.pgpool.replicaCount` to their needs. ### Applicable issues - fixes #502 ### Checklist - [x] Templating unittests are added [^1]: https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml#introduction Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/542 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/_helpers.tpl | 2 +- .../database-section_postgresql-ha.yaml | 30 +++++++++++++++++++ .../config/database-section_postgresql.yaml | 30 +++++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 unittests/config/database-section_postgresql-ha.yaml create mode 100644 unittests/config/database-section_postgresql.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 565f335..08ab1be 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -119,7 +119,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "postgresql-ha.dns" -}} {{- if (index .Values "postgresql-ha").enabled -}} -{{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} +{{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} {{- end -}} {{- end -}} diff --git a/unittests/config/database-section_postgresql-ha.yaml b/unittests/config/database-section_postgresql-ha.yaml new file mode 100644 index 0000000..f416d79 --- /dev/null +++ b/unittests/config/database-section_postgresql-ha.yaml @@ -0,0 +1,30 @@ +suite: config template | database section (postgresql-ha) +release: + name: gitea-unittests + namespace: testing +tests: + - it: connects to pgpool service + template: templates/gitea/config.yaml + set: + postgresql: + enabled: false + postgresql-ha: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.database + pattern: HOST=gitea-unittests-postgresql-ha-pgpool.testing.svc.cluster.local:5432 + - it: renders the referenced service + template: charts/postgresql-ha/templates/pgpool/service.yaml + set: + postgresql: + enabled: false + postgresql-ha: + enabled: true + asserts: + - containsDocument: + kind: Service + apiVersion: v1 + name: gitea-unittests-postgresql-ha-pgpool + namespace: testing diff --git a/unittests/config/database-section_postgresql.yaml b/unittests/config/database-section_postgresql.yaml new file mode 100644 index 0000000..5a7501b --- /dev/null +++ b/unittests/config/database-section_postgresql.yaml @@ -0,0 +1,30 @@ +suite: config template | database section (postgresql) +release: + name: gitea-unittests + namespace: testing +tests: + - it: "connects to postgresql service" + template: templates/gitea/config.yaml + set: + postgresql: + enabled: true + postgresql-ha: + enabled: false + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.database + pattern: HOST=gitea-unittests-postgresql.testing.svc.cluster.local:5432 + - it: "renders the referenced service" + template: charts/postgresql/templates/primary/svc.yaml + set: + postgresql: + enabled: true + postgresql-ha: + enabled: false + asserts: + - containsDocument: + kind: Service + apiVersion: v1 + name: gitea-unittests-postgresql + namespace: testing -- 2.40.1 From a249229ccffcf8b73fc5f1533f8de79f6f61f073 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 14 Oct 2023 16:30:51 +0000 Subject: [PATCH 266/390] Downgrade postgresql-ha to 11.9.4 (#541) As 11.9.8 included (by mistake) a major version bump from 15 -> 16 https://github.com/bitnami/charts/issues/19596 Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/541 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 1201cd2..7d6993c 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.12.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.8 + version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.0.4 -digest: sha256:b6c659aac77f90b1ea0e498c933e14647709e57269a15c2bfc612ff81d8d4001 -generated: "2023-10-14T00:06:39.299556322Z" +digest: sha256:6111aece3947a0a81ba8976da17a06ef7ba98b311907e8a769a7c372a98ab52d +generated: "2023-10-14T16:47:26.657784+02:00" diff --git a/Chart.yaml b/Chart.yaml index cbbcb76..e4ff0e0 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.8 + version: 11.9.4 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 074def2accbf94c4378a222b41c81d15a6959dfa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 15 Oct 2023 01:15:46 +0000 Subject: [PATCH 267/390] chore(deps): update postgresql docker tag to v12.12.10 (#521) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 7d6993c..7628510 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.5 + version: 12.12.10 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.0.4 -digest: sha256:6111aece3947a0a81ba8976da17a06ef7ba98b311907e8a769a7c372a98ab52d -generated: "2023-10-14T16:47:26.657784+02:00" +digest: sha256:4f258fc8ffd0f6c15942c99280f04c0b04a06bcf5998a92ea7719f13ea180be1 +generated: "2023-10-15T00:08:54.74476529Z" diff --git a/Chart.yaml b/Chart.yaml index e4ff0e0..0d21df7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.5 + version: 12.12.10 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha -- 2.40.1 From 370775537323ba95fe93fe3d849ad46e860b8575 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 16 Oct 2023 00:05:56 +0000 Subject: [PATCH 268/390] chore(deps): update redis-cluster docker tag to v9.0.12 (#511) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 7628510..09bca68 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.4 -digest: sha256:4f258fc8ffd0f6c15942c99280f04c0b04a06bcf5998a92ea7719f13ea180be1 -generated: "2023-10-15T00:08:54.74476529Z" + version: 9.0.12 +digest: sha256:14cda459c5eeadc1e86835b7436f23a8a21122fcf4fb103404de6183075cb8a3 +generated: "2023-10-15T01:17:05.004977938Z" diff --git a/Chart.yaml b/Chart.yaml index 0d21df7..8fc2ef4 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.4 + version: 9.0.12 condition: redis-cluster.enabled -- 2.40.1 From f3abf73ebcb1199507b11ded1807f726f301bbc4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 24 Oct 2023 00:07:01 +0000 Subject: [PATCH 269/390] chore(deps): update redis-cluster docker tag to v9.0.13 (#547) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 09bca68..c97be2f 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.12 -digest: sha256:14cda459c5eeadc1e86835b7436f23a8a21122fcf4fb103404de6183075cb8a3 -generated: "2023-10-15T01:17:05.004977938Z" + version: 9.0.13 +digest: sha256:3b6c4fa130c74d7c39224bdb4da79dc52c915e0b770b99cccf09825ba6648b9e +generated: "2023-10-23T00:07:09.656139992Z" diff --git a/Chart.yaml b/Chart.yaml index 8fc2ef4..7837e54 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.12 + version: 9.0.13 condition: redis-cluster.enabled -- 2.40.1 From ebc46009203f679de895b03a4ae08a061989b9d7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 1 Nov 2023 08:34:47 +0000 Subject: [PATCH 270/390] chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.6.0 (#546) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) | devDependencies | minor | [`2.5.2` -> `2.6.0`](https://renovatebot.com/diffs/npm/@bitnami%2freadme-generator-for-helm/2.5.2/2.6.0) | --- ### Release Notes
bitnami-labs/readme-generator-for-helm (@​bitnami/readme-generator-for-helm) ### [`v2.6.0`](https://github.com/bitnami-labs/readme-generator-for-helm/releases/tag/2.6.0) [Compare Source](https://github.com/bitnami-labs/readme-generator-for-helm/compare/2.5.2...2.6.0) ##### Description of the changes This new version allows setting a default value for a parameter using the default modifier ##### Issues and PRs - [#​78](https://github.com/bitnami-labs/readme-generator-for-helm/issues/78)
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/546 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 87a8be1..0faac29 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.5.2.tgz", - "integrity": "sha512-hOPksxEjC1maj5Ug0pC01M1BV0MZUU3xqvMpo1asMXvRIkKhdo649mI55sZy8mH+ow9oVWJ+0Xl5cVwCyCEXiQ==", + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.6.0.tgz", + "integrity": "sha512-LcByNCryaC2OJExL9rnhyFJ18+vrZu1gVoN2Z7j/HI42EjV4kLgT4G1KEPNnrKbls9HvozBqMG+sKZIDh0McFg==", "dev": true, "dependencies": { "commander": "^7.1.0", -- 2.40.1 From 82dc07767372cf76a67896e7acddaa87b5272f85 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 6 Nov 2023 00:17:45 +0000 Subject: [PATCH 271/390] chore(deps): update redis-cluster docker tag to v9.1.1 (#555) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index c97be2f..908e3d5 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.13 -digest: sha256:3b6c4fa130c74d7c39224bdb4da79dc52c915e0b770b99cccf09825ba6648b9e -generated: "2023-10-23T00:07:09.656139992Z" + version: 9.1.1 +digest: sha256:35358da69169541a009540a2d6a840584390e5b53dad5b647b19bd5c14c88f93 +generated: "2023-11-06T00:07:24.742145709Z" diff --git a/Chart.yaml b/Chart.yaml index 7837e54..5ce023a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.0.13 + version: 9.1.1 condition: redis-cluster.enabled -- 2.40.1 From 41e389c7cd5ee003616804466c126b19e47b4f1f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 6 Nov 2023 08:05:05 +0000 Subject: [PATCH 272/390] chore(deps): update dependency helm-unittest/helm-unittest to v0.3.6 (#554) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [helm-unittest/helm-unittest](https://github.com/helm-unittest/helm-unittest) | patch | `0.3.4` -> `v0.3.6` | --- ### Release Notes
helm-unittest/helm-unittest (helm-unittest/helm-unittest) ### [`v0.3.6`](https://github.com/helm-unittest/helm-unittest/releases/tag/v0.3.6) [Compare Source](https://github.com/helm-unittest/helm-unittest/compare/v0.3.5...v0.3.6) **Added Features** - Added templated Test Suites, to make re-usable tests possible (credits [@​hanseltime](https://github.com/hanseltime), resolves [#​57](https://github.com/helm-unittest/helm-unittest/issues/57), resolves [#​186](https://github.com/helm-unittest/helm-unittest/issues/186)) **Improvements** - Optimize installation (resolves [#​176](https://github.com/helm-unittest/helm-unittest/issues/176), resolves [#​214](https://github.com/helm-unittest/helm-unittest/issues/214), resolves [#​225](https://github.com/helm-unittest/helm-unittest/issues/225)) **Fixes** - Fix incorrect filtering template files (resolves [#​219](https://github.com/helm-unittest/helm-unittest/issues/219)) - Fix snapshot validator with Empty documents (credits [@​matthyx](https://github.com/matthyx)) - Fix inconsistent results lengthEqual validator (credits [@​hanseltime](https://github.com/hanseltime)) - Fix global values (credit [@​zidoshare](https://github.com/zidoshare), resolves [#​215](https://github.com/helm-unittest/helm-unittest/issues/215)) **Updates** - Update packages to latest patch versions - Update documenation ### [`v0.3.5`](https://github.com/helm-unittest/helm-unittest/releases/tag/v0.3.5) [Compare Source](https://github.com/helm-unittest/helm-unittest/compare/v0.3.4...v0.3.5) **Fixes** - Fix recursive subchart testing (credits [@​zidoshare](https://github.com/zidoshare), resolves [#​206](https://github.com/helm-unittest/helm-unittest/issues/206)) - Fix old containsDocument behaviour to ignore other documents in multidocument validation (resolves [#​205](https://github.com/helm-unittest/helm-unittest/issues/205)) - Fix failed_template to also work when empty documents are found (resolves [#​191](https://github.com/helm-unittest/helm-unittest/issues/191)) - Fix failed_template multi colon handling (resolves [#​200](https://github.com/helm-unittest/helm-unittest/issues/200)) - Fix glob all valid filenames (resolves [#​201](https://github.com/helm-unittest/helm-unittest/issues/201)) **Updates** - Update packages to latest patch versions - Update documenation (thanks to [@​yariksheptykin](https://github.com/yariksheptykin))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/554 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/test-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 3a251ae..0ec13da 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -5,7 +5,7 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "0.3.4" + HELM_UNITTEST_VERSION: "v0.3.6" jobs: check-and-test: -- 2.40.1 From 7de8e834330c1a9cb1de3aae70c2076970f79875 Mon Sep 17 00:00:00 2001 From: Ceddaerrix Date: Mon, 6 Nov 2023 19:03:46 +0000 Subject: [PATCH 273/390] Further improvement on DRY principle support (#529) ### Description of the change - Adding TPL use into './templates/_helpers.tpl' in "gitea.inline_configuration.defaults.server" since '.Values.ingress.hosts' referred ### Benefits - Avoid error in deployment using Gitea CHart 9.5.0 such as "Invalid ROOT_URL 'https://{{ .Values.global.giteaHostName }}': parse "https://{{ .Values.global.giteaHostName }}": invalid character "{" in host name" ### Possible drawbacks N/A ### Applicable issues - fixes #530 ### Checklist - [x] Fixing './templates/_helpers.tpl' "gitea.inline_configuration.defaults.server - [x] Templating unittests are added Co-authored-by: pat-s Co-authored-by: justusbunsi Co-authored-by: 212597596 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/529 Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: Ceddaerrix Co-committed-by: Ceddaerrix --- templates/_helpers.tpl | 2 +- unittests/deployment/inline-config.yaml | 33 +++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 unittests/deployment/inline-config.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 08ab1be..003d39f 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -319,7 +319,7 @@ https {{- end -}} {{- if not (.Values.gitea.config.server.DOMAIN) -}} {{- if gt (len .Values.ingress.hosts) 0 -}} - {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}} + {{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}} {{- else -}} {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}} {{- end -}} diff --git a/unittests/deployment/inline-config.yaml b/unittests/deployment/inline-config.yaml new file mode 100644 index 0000000..545bb36 --- /dev/null +++ b/unittests/deployment/inline-config.yaml @@ -0,0 +1,33 @@ +suite: config template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/config.yaml +tests: + - it: inline config stringData.server using TPL + set: + global.giteaHostName: "gitea.example.com" + ingress.enabled: true + ingress.hosts[0].host: "{{ .Values.global.giteaHostName }}" + ingress.tls: + - secretName: gitea-tls + hosts: + - "{{ .Values.global.giteaHostName }}" + asserts: + - documentIndex: 0 + matchRegex: + path: metadata.name + pattern: .*-inline-config$ + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: DOMAIN=gitea\.example\.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: ROOT_URL=https://gitea\.example\.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: SSH_DOMAIN=gitea\.example\.com -- 2.40.1 From bc872acdd3d64498a32403b9d57c7f4ccd700983 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 13 Nov 2023 17:19:31 +0000 Subject: [PATCH 274/390] chore(deps): update alpine/helm docker tag to v3.13.2 (#562) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine/helm | | minor | `3.12.3` -> `3.13.2` | | alpine/helm | container | minor | `3.12.3` -> `3.13.2` | --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/562 Reviewed-by: justusbunsi Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 9e0d02f..644e52f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.12.3" + HELM_VERSION: "3.13.2" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 0ec13da..9d61655 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -10,7 +10,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.12.3 + container: alpine/helm:3.13.2 steps: - name: install tools run: | -- 2.40.1 From 23847eba1c99e4cc3bab14391dff7ebd5200633e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 Nov 2023 00:15:26 +0000 Subject: [PATCH 275/390] chore(deps): update redis-cluster docker tag to v9.1.3 (#561) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 908e3d5..a40418a 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 11.9.4 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.1 -digest: sha256:35358da69169541a009540a2d6a840584390e5b53dad5b647b19bd5c14c88f93 -generated: "2023-11-06T00:07:24.742145709Z" + version: 9.1.3 +digest: sha256:6bda620320a05a5ea4efb4189a86d30092aeb0a6f3e0009538f4bea312af0863 +generated: "2023-11-14T00:08:15.790217865Z" diff --git a/Chart.yaml b/Chart.yaml index 5ce023a..2fde9b9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -46,5 +46,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.1 + version: 9.1.3 condition: redis-cluster.enabled -- 2.40.1 From 3cf91bf6e7e02e3761a3435cae5c85ede92da15f Mon Sep 17 00:00:00 2001 From: TristanHoladay Date: Tue, 14 Nov 2023 21:42:26 +0000 Subject: [PATCH 276/390] Add `image.fullOverride` (#550) ### Description of the change This PR is a continuation of the work done by @dgershman in [534](https://gitea.com/gitea/helm-chart/pulls/534), to allow users to override the image from the default rootless behavior of appending `-rootless` to the end of the image tag. ### Benefits Allows more flexibility to use externally maintained images that are rootless but don't follow the `-rootless` tag convention. ### Applicable issues - fixes #532 ### Additional information No breaking changes. This does not affect the `image.rootless` conditional checks or the current behavior if someone still wants to rely on the chart to append `-rootless`. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` - [x] Templating unittests are added Co-authored-by: TristanHoladay <40547442+TristanHoladay@users.noreply.github.com> Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/550 Reviewed-by: justusbunsi Reviewed-by: pat-s Co-authored-by: TristanHoladay Co-committed-by: TristanHoladay --- README.md | 48 ++++++++++++++----- templates/_helpers.tpl | 5 +- unittests/deployment/image-configuration.yaml | 15 ++++++ unittests/deployment/ssh-configuration.yaml | 24 ++++++++++ .../init_directory_structure.sh-rootless.yaml | 20 ++++++++ values.yaml | 2 + 6 files changed, 100 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index fa91de0..ad4799e 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ - [Database defaults](#database-defaults) - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) + - [Rootless defaults](#rootless-defaults) - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) @@ -172,6 +173,26 @@ The Prometheus `/metrics` endpoint is disabled by default. ENABLED = false ``` +#### Rootless Defaults + +If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image: + +- `$HOME` becomes `/data/gitea/git` + + [see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations + +- `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`) + + [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition + +- `SSH_LISTEN_PORT: 2222` (Unless explicity overwritten by `gitea.config.server.SSH_LISTEN_PORT`) + + [see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition + +- `SSH_LOG_LEVEL` environment variable is not injected into the container + + [see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations + ### Single-Pod Configurations If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. @@ -216,9 +237,9 @@ If HA is not needed/desired, the following configurations can be used to deploy **Do not use this configuration for production use**.
- + values.yml - + ```yaml redis-cluster: enabled: false @@ -226,10 +247,10 @@ If HA is not needed/desired, the following configurations can be used to deploy enabled: false postgresql-ha: enabled: false - + persistence: enabled: false - + gitea: config: database: @@ -785,15 +806,16 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Image -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | -| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | -| `imagePullSecrets` | Secret to use for pulling the image | `[]` | +| Name | Description | Value | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | +| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 003d39f..c2980ee 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -56,6 +56,7 @@ Create chart name and version as used by the chart label. Create image name and tag used by the deployment. */}} {{- define "gitea.image" -}} +{{- $fullOverride := .Values.image.fullOverride | default "" -}} {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $repository := .Values.image.repository -}} {{- $separator := ":" -}} @@ -65,7 +66,9 @@ Create image name and tag used by the deployment. {{- if .Values.image.digest }} {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}} {{- end -}} -{{- if $registry }} +{{- if $fullOverride }} + {{- printf "%s" $fullOverride -}} +{{- else if $registry }} {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}} {{- else -}} {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}} diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml index cdfd73a..35f8981 100644 --- a/unittests/deployment/image-configuration.yaml +++ b/unittests/deployment/image-configuration.yaml @@ -57,6 +57,21 @@ tests: - equal: path: spec.template.spec.containers[0].image value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: image fullOverride (does not append rootless) + template: templates/gitea/deployment.yaml + set: + image: + fullOverride: gitea/gitea:1.19.3 + # setting rootless, registry, repository, tag, and digest to prove that override works + rootless: true + registry: example.com + repository: example/image + tag: "1.0.0" + digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3" - it: digest for root-based image template: templates/gitea/deployment.yaml set: diff --git a/unittests/deployment/ssh-configuration.yaml b/unittests/deployment/ssh-configuration.yaml index efd0525..543fd5f 100644 --- a/unittests/deployment/ssh-configuration.yaml +++ b/unittests/deployment/ssh-configuration.yaml @@ -27,6 +27,18 @@ tests: content: name: SSH_LOG_LEVEL value: "DEBUG" + - it: supports overriding SSH log level (even when image.fullOverride set) + template: templates/gitea/deployment.yaml + set: + image.fullOverride: gitea/gitea:1.19.3 + image.rootless: false + gitea.ssh.logLevel: "DEBUG" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SSH_LOG_LEVEL + value: "DEBUG" - it: skips SSH_LOG_LEVEL for rootless image template: templates/gitea/deployment.yaml set: @@ -38,3 +50,15 @@ tests: any: true content: name: SSH_LOG_LEVEL + - it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set) + template: templates/gitea/deployment.yaml + set: + image.fullOverride: gitea/gitea:1.19.3 + image.rootless: true + gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here + asserts: + - notContains: + path: spec.template.spec.containers[0].env + any: true + content: + name: SSH_LOG_LEVEL diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml index 854bcce..29dac81 100644 --- a/unittests/init/init_directory_structure.sh-rootless.yaml +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -66,3 +66,23 @@ tests: chmod 700 "${GNUPGHOME}" chown 1000:1000 "${GNUPGHOME}" fi + - it: it does not chown /data even when image.fullOverride is set + template: templates/gitea/init.yaml + set: + image.fullOverride: gitea/gitea:1.20.5 + asserts: + - equal: + path: stringData["init_directory_structure.sh"] + value: |- + #!/usr/bin/env bash + + set -euo pipefail + + set -x + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" diff --git a/values.yaml b/values.yaml index 34c859d..15ecd06 100644 --- a/values.yaml +++ b/values.yaml @@ -43,6 +43,7 @@ clusterDomain: cluster.local ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` ## @param image.pullPolicy Image pull policy ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher +## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** image: registry: "" repository: gitea/gitea @@ -51,6 +52,7 @@ image: digest: "" pullPolicy: Always rootless: true + fullOverride: "" ## @param imagePullSecrets Secret to use for pulling the image imagePullSecrets: [] -- 2.40.1 From 7499fecc1ac74ac54e2e240ec1caa75f2fa46bb7 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 14 Nov 2023 22:23:01 +0000 Subject: [PATCH 277/390] Fix domain macro (#560) ### Description of the change This supersedes #359 by fixing the fallback domain value when no ingress host is defined. Memcached is not used anymore. PostgreSQL macro has already been fixed otherwise. ### Checklist - [x] Templating unittests are added Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/560 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/_helpers.tpl | 2 +- unittests/config/server-section_domain.yaml | 67 +++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 unittests/config/server-section_domain.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c2980ee..0843da5 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -151,7 +151,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "gitea.default_domain" -}} -{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- define "gitea.ldap_settings" -}} diff --git a/unittests/config/server-section_domain.yaml b/unittests/config/server-section_domain.yaml new file mode 100644 index 0000000..27a59c7 --- /dev/null +++ b/unittests/config/server-section_domain.yaml @@ -0,0 +1,67 @@ +suite: config template | server section (domain related) +release: + name: gitea-unittests + namespace: testing +tests: + - it: "[default values] uses ingress host for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=git.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=git.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://git.example.com + +################################################ + + - it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + set: + ingress: + hosts: [] + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=gitea-unittests-http.testing.svc.cluster.local + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=gitea-unittests-http.testing.svc.cluster.local + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://gitea-unittests-http.testing.svc.cluster.local + +################################################ + + - it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL" + template: templates/gitea/config.yaml + set: + gitea.config.server.DOMAIN: provided.example.com + ingress: + hosts: + - host: non-used.example.com + paths: + - path: / + pathType: Prefix + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nDOMAIN=provided.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nSSH_DOMAIN=provided.example.com + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nROOT_URL=http://provided.example.com -- 2.40.1 From dcf1891eddd858d0ad56e1a2fa5ea1501d287d75 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 14 Nov 2023 23:27:27 +0000 Subject: [PATCH 278/390] Publish chart on Dockerhub (#525) As title. Co-authored-by: techknowlogick Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/525 Reviewed-by: justusbunsi --- .gitea/workflows/release-version.yml | 6 +++++- README.md | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 644e52f..829bb38 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -41,7 +41,7 @@ jobs: # Using helm gpg plugin as 'helm package --sign' has issues with gpg2: https://github.com/helm/helm/issues/2843 - name: package chart run: | - echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin + echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg helm dependency update @@ -51,6 +51,10 @@ jobs: mv gitea*.tgz gitea/ curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml + # push to dockerhub + echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin + helm push gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts + helm registry logout registry-1.docker.io - name: aws credential configure uses: https://github.com/aws-actions/configure-aws-credentials@v2 diff --git a/README.md b/README.md index ad4799e..0f5b2ce 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,12 @@ helm repo update helm install gitea gitea-charts/gitea ``` +Alternatively, the chart can also be installed from Dockerhub (since v9.6.0) + +```sh +helm install gitea oci://registry-1.docker.io/giteacharts/gitea +``` + When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes. ## High Availability @@ -1105,14 +1111,18 @@ gitea: CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless..svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& ``` + **Switch to rootless image by default** + If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition: Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s). + **Transitioning from a RWO to RWX Persistent Volume** + If you want to switch to a RWX volume and go for HA, you need to @@ -1120,8 +1130,10 @@ If you want to switch to a RWX volume and go for HA, you need to 2. Let the chart create a new RWX PV (or do it statically yourself) 3. Restore the backup to the same location in the new PV + **Transitioning from Postgres to Postgres HA** + If you are running with a non-HA PG DB from a previous chart release, you need to set @@ -1130,8 +1142,10 @@ If you are running with a non-HA PG DB from a previous chart release, you need t This is needed to stay with your existing single-instance DB (as the HA-variant is the new default). + **Change of env-to-ini prefix** + Before this release, the env-to-ini prefix was `ENV_TO_INI__`. This allowed a clear distinction between user-provided and chart-provided env-to-ini variables. -- 2.40.1 From 7eea1acf057b9c5ae957d4e0565fae8ef57ccf30 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 16 Nov 2023 10:14:34 +0000 Subject: [PATCH 279/390] chore: reduce redis-cluster pods and move HA out of "experimental" state (#565) The pod reduction for `redis-cluster` should help users seeking for a Gitea deployment with less pods. Users seeking for a minimal deployment are further advised to follow https://gitea.com/gitea/helm-chart#user-content-single-pod-configurations. HA is working fine in the provided configuration and should be moved out of the "experimental" state given that there were no reports of Gitea malfunctioning reported to HA usage in recent months/since v9 release. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/565 Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 18 +++++++++--------- docs/ha-setup.md | 7 +++++-- values.yaml | 5 +++++ 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 0f5b2ce..6dfc5bd 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ - [Database defaults](#database-defaults) - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) - - [Rootless defaults](#rootless-defaults) + - [Rootless Defaults](#rootless-defaults) - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) @@ -105,10 +105,8 @@ When upgrading, please refer to the [Upgrading](#upgrading) section at the botto ## High Availability -⚠️ **EXPERIMENTAL** ⚠️ - -Since version 9.0.0 this chart has experimental support for running Gitea and it's dependencies in a HA setup. -The setup is still experimental and care must be taken for production use as Gitea core is not yet officially HA-ready. +Since version 9.0.0 this chart supports running Gitea and it's dependencies in HA mode. +Care must be taken for production use as not all implementation details of Gitea core are officially HA-ready yet. Deploying a HA-ready Gitea instance requires some effort including using HA-ready dependencies. See the [HA Setup](docs/ha-setup.md) document for more details. @@ -996,10 +994,12 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### redis-cluster -| Name | Description | Value | -| --------------------------- | -------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | -| `redis-cluster.usePassword` | Whether to use password authentication | `false` | +| Name | Description | Value | +| -------------------------------- | -------------------------------------------- | ------- | +| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.usePassword` | Whether to use password authentication | `false` | +| `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | +| `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | ### PostgreSQL-ha diff --git a/docs/ha-setup.md b/docs/ha-setup.md index 4620317..b3ed491 100644 --- a/docs/ha-setup.md +++ b/docs/ha-setup.md @@ -1,7 +1,5 @@ # High Availability -⚠️ **EXPERIMENTAL** ⚠️ - All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment. The following document explains how to achieve this for all individual components. @@ -97,6 +95,11 @@ To do so, you need to set the following configuration values yourself: - `gitea.config.cache.ADAPTER`: `redis` - `gitea.config.cache.HOST`: `` +By default, the `redis-cluster` chart provisions three standalone master nodes of which each has a single replica. +To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default. +Only the minimum required number of master pods for a functional `redis-cluster` deployment are provisioned. +For a "proper" `redis-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`. + ## Object and asset storage Object/asset storage refers to the storage of attachments, avatars, LFS files, etc. diff --git a/values.yaml b/values.yaml index 15ecd06..b6712e7 100644 --- a/values.yaml +++ b/values.yaml @@ -479,9 +479,14 @@ gitea: ## @section redis-cluster ## @param redis-cluster.enabled Enable redis ## @param redis-cluster.usePassword Whether to use password authentication +## @param redis-cluster.cluster.nodes Number of redis cluster master nodes +## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas redis-cluster: enabled: true usePassword: false + cluster: + nodes: 3 # default: 6 + replicas: 0 # default: 1 ## @section postgresql-ha # -- 2.40.1 From ead62a0dbcdaa6d347a622f9c2037dc25df37543 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 16 Nov 2023 20:42:17 +0000 Subject: [PATCH 280/390] Bump to 1.21.0 (#566) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/566 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- README.md | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 2fde9b9..624a8b7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.20.5 +appVersion: 1.21.0 icon: https://gitea.com/assets/img/logo.svg keywords: diff --git a/README.md b/README.md index 6dfc5bd..9f70734 100644 --- a/README.md +++ b/README.md @@ -706,7 +706,7 @@ extraVolumes: extraVolumeMounts: - name: gitea-themes readOnly: true - mountPath: "/data/gitea/public/css" + mountPath: "/data/gitea/public/assets/css" ``` The secret can be created via `terraform`: @@ -1051,6 +1051,15 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
+To 9.6.0 + +Chart 9.6.0 ships with Gitea 1.21.0. +While there are no breaking changes in the chart, please check the changes of the [1.21 release blog post](https://blog.gitea.com/release-of-1.21.0/). + +
+ +
+ To 9.0.0 This chart release comes with many breaking changes while aiming for a HA-ready setup. -- 2.40.1 From d52ead0be740beae4c4dc5b2670034e33630cd1b Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 16 Nov 2023 20:45:10 +0000 Subject: [PATCH 281/390] Renovate: run tests on branches, group deps and adjust schedule to weekends (#556) Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/556 Co-authored-by: pat-s Co-committed-by: pat-s --- .gitea/workflows/test-pr.yml | 8 ++++++- renovate.json5 | 44 +++++++++++++++++++++--------------- 2 files changed, 33 insertions(+), 19 deletions(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 9d61655..6cef8e3 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -1,7 +1,13 @@ name: check-and-test on: - - pull_request + pull_request: + branches: + - "*" + push: + branches: + - main + - "renovate/**" env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest diff --git a/renovate.json5 b/renovate.json5 index f4b9100..b4fd56d 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -1,25 +1,33 @@ { - $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["gitea>gitea/renovate-config"], - labels: ["kind/dependency"], + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'gitea>gitea/renovate-config', + ':automergeMinor', + 'schedule:automergeDaily', + 'schedule:weekends', + ], + labels: ['kind/dependency'], + automergeStrategy: 'squash', customManagers: [ - { - description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', - customType: 'regex', - fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], - matchStrings: [ - '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', - ], - }, - ], + { + description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', + customType: 'regex', + fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], + matchStrings: [ + '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', + ], + }, + ], packageRules: [ { - description: "Automerge minor + patch dependency updates weekly", - matchManagers: ["helmv3"], - matchUpdateTypes: ["minor", "patch", "digest"], - automerge: true, - automergeStrategy: "squash", - extends: ["schedule:weekly"], + groupName: 'subcharts (minor & patch)', + matchManagers: ['helmv3'], + matchUpdateTypes: ['minor', 'patch', 'digest'], + }, + { + groupName: 'workflow dependencies (minor & patch)', + matchManagers: ['github-actions', 'npm', 'regex'], + matchUpdateTypes: ['minor', 'patch', 'digest'], }, ], } -- 2.40.1 From 6c0699e86e245885c8630c8b52ee76f13209c9a8 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 16 Nov 2023 21:00:39 +0000 Subject: [PATCH 282/390] Switch imagePullPolicy to "IfNotPresent" (#568) ### Benefits Less image pulls. ### Additional information committed via GUI - so no signature on first commit. Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/568 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 20 ++++++++++---------- unittests/config/server-section_domain.yaml | 4 ++-- values.yaml | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 9f70734..f47df85 100644 --- a/README.md +++ b/README.md @@ -810,16 +810,16 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Image -| Name | Description | Value | -| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | -| `image.repository` | Image to start for this pod | `gitea/gitea` | -| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | -| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | -| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | -| `imagePullSecrets` | Secret to use for pulling the image | `[]` | +| Name | Description | Value | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` | +| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | ### Security diff --git a/unittests/config/server-section_domain.yaml b/unittests/config/server-section_domain.yaml index 27a59c7..cf5a3b8 100644 --- a/unittests/config/server-section_domain.yaml +++ b/unittests/config/server-section_domain.yaml @@ -19,7 +19,7 @@ tests: path: stringData.server pattern: \nROOT_URL=http://git.example.com -################################################ + ################################################ - it: "[no ingress hosts] uses gitea http service for DOMAIN|SSH_DOMAIN|ROOT_URL" template: templates/gitea/config.yaml @@ -40,7 +40,7 @@ tests: path: stringData.server pattern: \nROOT_URL=http://gitea-unittests-http.testing.svc.cluster.local -################################################ + ################################################ - it: "[provided via values] uses that for DOMAIN|SSH_DOMAIN|ROOT_URL" template: templates/gitea/config.yaml diff --git a/values.yaml b/values.yaml index b6712e7..2736a2f 100644 --- a/values.yaml +++ b/values.yaml @@ -50,7 +50,7 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: "" digest: "" - pullPolicy: Always + pullPolicy: IfNotPresent rootless: true fullOverride: "" -- 2.40.1 From f7d661ee3a3b1b750d0a7db8fbbf8a96c3199fda Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 16 Nov 2023 22:07:25 +0100 Subject: [PATCH 283/390] fix release workflow --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 829bb38..6458a88 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -49,11 +49,11 @@ jobs: helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea mv gitea*.tgz gitea/ - curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml + curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml # push to dockerhub echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | helm registry login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} registry-1.docker.io --password-stdin - helm push gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts + helm push gitea/gitea-${GITHUB_REF#refs/tags/v}.tgz oci://registry-1.docker.io/giteacharts helm registry logout registry-1.docker.io - name: aws credential configure -- 2.40.1 From 5c4bcaa1e308f89070658abce5e7d6a9be04914e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 25 Nov 2023 04:10:18 +0000 Subject: [PATCH 284/390] chore(config): migrate renovate config (#575) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- renovate.json5 | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index b4fd56d..74278dd 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -6,13 +6,17 @@ 'schedule:automergeDaily', 'schedule:weekends', ], - labels: ['kind/dependency'], + labels: [ + 'kind/dependency', + ], automergeStrategy: 'squash', customManagers: [ { description: 'Gitea-version of https://docs.renovatebot.com/presets-regexManagers/#regexmanagersgithubactionsversions', customType: 'regex', - fileMatch: ['.gitea/workflows/.+\\.ya?ml$'], + fileMatch: [ + '.gitea/workflows/.+\\.ya?ml$', + ], matchStrings: [ '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', ], @@ -21,13 +25,27 @@ packageRules: [ { groupName: 'subcharts (minor & patch)', - matchManagers: ['helmv3'], - matchUpdateTypes: ['minor', 'patch', 'digest'], + matchManagers: [ + 'helmv3', + ], + matchUpdateTypes: [ + 'minor', + 'patch', + 'digest', + ], }, { groupName: 'workflow dependencies (minor & patch)', - matchManagers: ['github-actions', 'npm', 'regex'], - matchUpdateTypes: ['minor', 'patch', 'digest'], + matchManagers: [ + 'github-actions', + 'npm', + 'custom.regex', + ], + matchUpdateTypes: [ + 'minor', + 'patch', + 'digest', + ], }, ], } -- 2.40.1 From 34c1212939e1c4184ca3bd83171dc90ecbf3f9ca Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 27 Nov 2023 18:35:42 +0000 Subject: [PATCH 285/390] Use `helm dependency build` in release build (#563) Using `helm dependency update` may result in unwillingly updating the dependencies while cutting a release. I wasn't able to do so. Most likely due to the dependency pinning in Chart.yaml and Chart.lock. Based on Helm documentation, `update` uses Chart.yaml[^1] while `build` uses Chart.lock[^2]. All in all it is safer to use `helm dependency build`. :D [^1]: https://helm.sh/docs/helm/helm_dependency_update/ [^2]: https://helm.sh/docs/helm/helm_dependency_build/ Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/563 Reviewed-by: pat-s --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 6458a88..0b516ab 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -44,7 +44,7 @@ jobs: echo ${{ secrets.DOCKER_CHARTS_PASSWORD }} | docker login -u ${{ secrets.DOCKER_CHARTS_USERNAME }} --password-stdin # FIXME: use upstream after https://github.com/technosophos/helm-gpg/issues/1 is solved helm plugin install https://github.com/pat-s/helm-gpg - helm dependency update + helm dependency build helm package --version "${GITHUB_REF#refs/tags/v}" ./ helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea -- 2.40.1 From 8bcd2dc63b00af2cd19d1c08113eaf7be19bca34 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 27 Nov 2023 18:36:47 +0000 Subject: [PATCH 286/390] Detect major dependency version bumps (#571) As seen in #507 and #569, there is no guarantee for us that minor dependency updates are actually minor updates for the dependent application itself. The Chart version might be minor - and therefore automatically merged when build is green - but the used Docker image inside the Chart could still be a major version change. To effectively prevent such automerge when the application major version changes, there is now a test file that has the currently used major versions hard-coded. In case of an actual major bump, this file has to be adjusted. Looking at `redis-cluster`, there might be several major Chart versions with the same major application version. This PR is related to #409 but does not fully resolve it. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/571 Reviewed-by: pat-s --- Makefile | 2 +- unittests/dependency-major-image-check.yaml | 42 +++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 unittests/dependency-major-image-check.yaml diff --git a/Makefile b/Makefile index e3e4f03..4e4b5bd 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml new file mode 100644 index 0000000..f50d58c --- /dev/null +++ b/unittests/dependency-major-image-check.yaml @@ -0,0 +1,42 @@ +suite: Dependency update consistency +release: + name: gitea-unittests + namespace: testing +tests: + - it: "[postgresql-ha] ensures we detect major image version upgrades" + template: charts/postgresql-ha/templates/postgresql/statefulset.yaml + set: + postgresql: + enabled: false + postgresql-ha: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: ^docker.io/bitnami/postgresql-repmgr:15.+$ + - it: "[postgresql] ensures we detect major image version upgrades" + template: charts/postgresql/templates/primary/statefulset.yaml + set: + postgresql: + enabled: true + postgresql-ha: + enabled: false + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: ^docker.io/bitnami/postgresql:15.+$ + - it: "[redis-cluster] ensures we detect major image version upgrades" + template: charts/redis-cluster/templates/redis-statefulset.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: ^docker.io/bitnami/redis-cluster:7.+$ -- 2.40.1 From b265d87f55e9549a408e8e6c6a63e872303a10dd Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 27 Nov 2023 18:38:14 +0000 Subject: [PATCH 287/390] Improve experience on writing unittests (#570) While working on #409, I noticed that some unittests contains either invalid assertion methods (`isNotEmpty`) or invalid properties (`any`) for a specific assertion method (`notContains`). As our tests pass - and I have ensured that they can fail - this seems related to the YAML schema validation in the IDE. I've noticed that `isNotEmpty` was replaced by `isNotNullOrEmpty`[^1] in version v0.3.2[^2]. At least from a schema validation point of view. It is still working. Maybe deprecated? I don't know. Regarding the `any` property, the documentation seems incorrect. I've filed a PR for it[^3]. As soon as that PR is merged and released, we could probably validate the test YAML files in our PR workflow. Last, since we renovate the used helm-unittest version, we should also renovate the used YAML schema file. [^1]: https://github.com/helm-unittest/helm-unittest/pull/139 [^2]: https://github.com/helm-unittest/helm-unittest/releases/tag/v0.3.2 [^3]: https://github.com/helm-unittest/helm-unittest/pull/243 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/570 Reviewed-by: pat-s --- .vscode/settings.json | 2 +- renovate.json5 | 9 +++++++++ unittests/gpg-secret/signing-enabled.yaml | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index d709909..812b1f8 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.3.6/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, diff --git a/renovate.json5 b/renovate.json5 index 74278dd..1831179 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -21,6 +21,15 @@ '# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?_VERSION\\s*:\\s*["\']?(?.+?)["\']?\\s', ], }, + { + description: 'Detect helm-unittest yaml schema file', + customType: 'regex', + fileMatch: ['.vscode/settings\\.json$'], + matchStrings: [ + 'https:\\/\\/raw\\.githubusercontent\\.com\\/(?[^\\s]+?)\\/(?v[0-9.]+?)\\/schema\\/helm-testsuite\\.json', + ], + datasourceTemplate: 'github-releases', + }, ], packageRules: [ { diff --git a/unittests/gpg-secret/signing-enabled.yaml b/unittests/gpg-secret/signing-enabled.yaml index 4040793..8fcab68 100644 --- a/unittests/gpg-secret/signing-enabled.yaml +++ b/unittests/gpg-secret/signing-enabled.yaml @@ -33,7 +33,7 @@ tests: kind: Secret apiVersion: v1 name: gitea-unittests-gpg-key - - isNotEmpty: + - isNotNullOrEmpty: path: metadata.labels - equal: path: data.privateKey -- 2.40.1 From 0081cabe0b2c6e758354630963055298e997b1de Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 27 Nov 2023 21:00:37 +0000 Subject: [PATCH 288/390] Bump to 1.21.1 (#576) Changelog: https://github.com/go-gitea/gitea/releases/tag/v1.21.1 Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/576 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 624a8b7..da438be 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.0 +appVersion: 1.21.1 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From 7e403d5ef67006b7c0ec0f7a319ee2992b60b523 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 4 Dec 2023 19:49:43 +0000 Subject: [PATCH 289/390] chore(deps): update postgresql-ha docker tag to v12 (#528) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | major | `11.9.4` -> `12.3.1` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/528 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- unittests/dependency-major-image-check.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Chart.lock b/Chart.lock index a40418a..5d48181 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.12.10 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.4 + version: 12.3.1 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.1.3 -digest: sha256:6bda620320a05a5ea4efb4189a86d30092aeb0a6f3e0009538f4bea312af0863 -generated: "2023-11-14T00:08:15.790217865Z" +digest: sha256:f0dc6b0142ec7bb8e7f89a48e04aca1912017f408e845db0f8b686f1217b9c7e +generated: "2023-12-01T00:12:50.856889705Z" diff --git a/Chart.yaml b/Chart.yaml index da438be..196d5c9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 11.9.4 + version: 12.3.1 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index f50d58c..db33ed7 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -15,7 +15,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql-repmgr:15.+$ + pattern: ^docker.io/bitnami/postgresql-repmgr:16.+$ - it: "[postgresql] ensures we detect major image version upgrades" template: charts/postgresql/templates/primary/statefulset.yaml set: -- 2.40.1 From a1d9059e53df441ea7227da7bf138258ac7acd65 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 10 Dec 2023 00:20:59 +0000 Subject: [PATCH 290/390] chore(deps): update postgresql-ha docker tag to v12.3.2 (#582) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 5d48181..3313ab6 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.12.10 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.1 + version: 12.3.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.1.3 -digest: sha256:f0dc6b0142ec7bb8e7f89a48e04aca1912017f408e845db0f8b686f1217b9c7e -generated: "2023-12-01T00:12:50.856889705Z" +digest: sha256:2a4acb1c862b9871ae07f245b1bc82e743885ebf03479d1ae985f91f3cb0c021 +generated: "2023-12-10T00:11:43.988506072Z" diff --git a/Chart.yaml b/Chart.yaml index 196d5c9..d4392b6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.1 + version: 12.3.2 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From d8758092993c1730e28d956e846debaf50b2282d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 11 Dec 2023 00:13:00 +0000 Subject: [PATCH 291/390] chore(deps): update dependency markdownlint-cli to ^0.38.0 (#583) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 65 +++++++++++++++++++++++++---------------------- package.json | 2 +- 2 files changed, 35 insertions(+), 32 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0faac29..90cad8b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.37.0" + "markdownlint-cli": "^0.38.0" }, "engines": { "node": ">=16.0.0", @@ -261,9 +261,9 @@ } }, "node_modules/ignore": { - "version": "5.2.4", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz", - "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==", + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", + "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", "dev": true, "engines": { "node": ">= 4" @@ -310,9 +310,9 @@ "dev": true }, "node_modules/jackspeak": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.2.0.tgz", - "integrity": "sha512-r5XBrqIJfwRIjRt/Xr5fv9Wh09qyhHfKnYddDlpM+ibRR20qrYActpCAgU6U+d53EOEjzkvxPMVHSlgR7leXrQ==", + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==", "dev": true, "dependencies": { "@isaacs/cliui": "^8.0.2" @@ -370,9 +370,9 @@ } }, "node_modules/markdown-it": { - "version": "13.0.1", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz", - "integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==", + "version": "13.0.2", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.2.tgz", + "integrity": "sha512-FtwnEuuK+2yVU7goGn/MJ0WBZMM9ZPgU9spqlFs7/A/pDIUNSOQZhUgOqYCficIuR2QaFnrt8LHqBWsbTAoI5w==", "dev": true, "dependencies": { "argparse": "^2.0.1", @@ -399,31 +399,34 @@ } }, "node_modules/markdownlint": { - "version": "0.31.1", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.31.1.tgz", - "integrity": "sha512-CKMR2hgcIBrYlIUccDCOvi966PZ0kJExDrUi1R+oF9PvqQmCrTqjOsgIvf2403OmJ+CWomuzDoylr6KbuMyvHA==", + "version": "0.32.1", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.32.1.tgz", + "integrity": "sha512-3sx9xpi4xlHlokGyHO9k0g3gJbNY4DI6oNEeEYq5gQ4W7UkiJ90VDAnuDl2U+yyXOUa6BX+0gf69ZlTUGIBp6A==", "dev": true, "dependencies": { - "markdown-it": "13.0.1", + "markdown-it": "13.0.2", "markdownlint-micromark": "0.1.7" }, "engines": { - "node": ">=16" + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/DavidAnson" } }, "node_modules/markdownlint-cli": { - "version": "0.37.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.37.0.tgz", - "integrity": "sha512-hNKAc0bWBBuVhJbSWbUhRzavstiB4o1jh3JeSpwC4/dt6eJ54lRfYHRxVdzVp4qGWBKbeE6Pg490PFEfrKjqSg==", + "version": "0.38.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.38.0.tgz", + "integrity": "sha512-qkZRKJ4LVq6CJIkRIuJsEHvhWhm+FP0E7yhHvOMrrgdykgFWNYD4wuhZTjvigbJLTKPooP79yPiUDDZBCBI5JA==", "dev": true, "dependencies": { - "commander": "~11.0.0", + "commander": "~11.1.0", "get-stdin": "~9.0.0", - "glob": "~10.3.4", - "ignore": "~5.2.4", + "glob": "~10.3.10", + "ignore": "~5.3.0", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.0", - "markdownlint": "~0.31.1", + "markdownlint": "~0.32.1", "minimatch": "~9.0.3", "run-con": "~1.3.2" }, @@ -431,7 +434,7 @@ "markdownlint": "markdownlint.js" }, "engines": { - "node": ">=16" + "node": ">=18" } }, "node_modules/markdownlint-cli/node_modules/brace-expansion": { @@ -444,28 +447,28 @@ } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz", - "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==", + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", + "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", "dev": true, "engines": { "node": ">=16" } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.3.5", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.5.tgz", - "integrity": "sha512-bYUpUD7XDEHI4Q2O5a7PXGvyw4deKR70kHiDxzQbe925wbZknhOzUt2xBgTkYL6RBcVeXYuD9iNYeqoWbBZQnA==", + "version": "10.3.10", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", + "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^2.0.3", + "jackspeak": "^2.3.5", "minimatch": "^9.0.1", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", "path-scurry": "^1.10.1" }, "bin": { - "glob": "dist/cjs/src/bin.js" + "glob": "dist/esm/bin.mjs" }, "engines": { "node": ">=16 || 14 >=14.17" diff --git a/package.json b/package.json index 44ef232..138146a 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.37.0" + "markdownlint-cli": "^0.38.0" } } -- 2.40.1 From 88a1650ce4ab191045501ad3a75f48cd3bb3447f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 11 Dec 2023 13:18:16 +0000 Subject: [PATCH 292/390] chore(deps): update postgresql docker tag to v13 (#579) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | major | `12.12.10` -> `13.2.24` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/579 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- unittests/dependency-major-image-check.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Chart.lock b/Chart.lock index 3313ab6..0acd9cf 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.10 + version: 13.2.24 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 12.3.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.1.3 -digest: sha256:2a4acb1c862b9871ae07f245b1bc82e743885ebf03479d1ae985f91f3cb0c021 -generated: "2023-12-10T00:11:43.988506072Z" +digest: sha256:a23ae06fa54de80f57931b1f87dd5562e30d6dd20d84104114751da92a83d7a1 +generated: "2023-12-10T00:22:32.894342032Z" diff --git a/Chart.yaml b/Chart.yaml index d4392b6..e994dcf 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,7 +36,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.12.10 + version: 13.2.24 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index db33ed7..27fd39b 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -28,7 +28,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql:15.+$ + pattern: ^docker.io/bitnami/postgresql:16.+$ - it: "[redis-cluster] ensures we detect major image version upgrades" template: charts/redis-cluster/templates/redis-statefulset.yaml set: -- 2.40.1 From ff932a0bf96d39c55af87da08f9ed81e8dce5a97 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 13 Dec 2023 16:56:02 +0000 Subject: [PATCH 293/390] Update README with new dependency versioning approach (#578) As discussed in https://gitea.com/gitea/helm-chart/issues/572. Also added a bit more context and updates to the overall "Dependencies" sections. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/578 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f47df85..8a3a28d 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,9 @@ - [Introduction](#introduction) - [Update and versioning policy](#update-and-versioning-policy) - [Dependencies](#dependencies) + - [HA Dependencies](#ha-dependencies) + - [Non-HA Dependencies](#non-ha-dependencies) + - [Dependency Versioning](#dependency-versioning) - [Installing](#installing) - [High Availability](#high-availability) - [Configuration](#configuration) @@ -79,13 +82,42 @@ Yet most often no issues will be encountered and the chart maintainers aim to co ## Dependencies -Gitea can be run with an external database and cache. -This chart provides those dependencies, which can be enabled, or disabled via configuration. +Gitea is most performant when run with an external database and cache. +This chart provides those dependencies via sub-charts. +Users can also configure their own external providers via the configuration. -Dependencies: +### HA Dependencies -- PostgreSQL HA ([configuration](#postgresql)) -- Redis Cluster ([configuration](#cache)) +These dependencies are enabled by default: + +- PostgreSQL HA ([Bitnami PostgreSQL-HA](https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml)) +- Redis-Cluster ([Bitnami Redis-Cluster](https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml)) + +### Non-HA Dependencies + +Alternatively, the following non-HA replacements are available: + +- PostgreSQL ([Bitnami PostgreSQL](postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml))) + +### Dependency Versioning + +Updates of sub-charts will be incorporated into the Gitea chart as they are released. +The reasoning behind this is that new users of the chart will start with the most recent sub-chart dependency versions. + +**Note** If you want to stay on an older appVersion of a sub-chart dependency (e.g. PostgreSQL), you need to override the image tag in your `values.yaml` file. +In fact, we recommend to do so right from the start to be independent of major sub-chart dependency changes as they are released. +There is no need to update to every new PostgreSQL major version - you can happily skip some and do larger updates when you are ready for them. + +We recommend to use a rolling tag like `:-debian-` to incorporate minor and patch updates for the respective major version as they are released. +Alternatively you can also use a versioning helper tool like [renovate](https://github.com/renovatebot/renovate). + +Please double-check the image repository and available tags in the sub-chart: + +- [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) +- [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) +- [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) + +and look up the image tag which fits your needs on Dockerhub. ## Installing @@ -1051,6 +1083,22 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
+To 10.0.0 + + + +**Breaking changes** + + +- Update PostgreSQL sub-chart dependencies to appVersion 16.x +- Update to sub-charts versioning approach: Users are encouraged to pin the version tag of the sub-chart dependencies to a major appVersion. + This avoids issues during chart upgrades and allows to incorporate new sub-chart versions as they are released. + Please see the new [README section describing the versioning approach for sub-chart versions](#dependency-versioning). + +
+ +
+ To 9.6.0 Chart 9.6.0 ships with Gitea 1.21.0. -- 2.40.1 From 060945a486e3ed444284e06c77a3af7bc61f9939 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 17 Dec 2023 00:21:50 +0000 Subject: [PATCH 294/390] chore(deps): update postgresql-ha docker tag to v12.3.3 (#587) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 0acd9cf..aefe5eb 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 13.2.24 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.2 + version: 12.3.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.1.3 -digest: sha256:a23ae06fa54de80f57931b1f87dd5562e30d6dd20d84104114751da92a83d7a1 -generated: "2023-12-10T00:22:32.894342032Z" +digest: sha256:c4ae8a7ddfb6670acc7f39d5728a0929f6c7666d32459229b5e4e66b19749677 +generated: "2023-12-17T00:11:27.841588235Z" diff --git a/Chart.yaml b/Chart.yaml index e994dcf..c69c2a0 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,7 +41,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.2 + version: 12.3.3 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 223069d042bfbeb34d5739d9155d67979ec75bb8 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 18 Dec 2023 08:43:18 +0000 Subject: [PATCH 295/390] Add config fallbacks for `session`, `cache` and `queue` when disabling redis-cluster (#585) ### Description of the change Add config fallbacks for `session`, `cache` and `queue` including tests. ### Benefits If users disable the default `redis-cluster` sub-chart dependency, this will configure the respective sections to use the Gitea defaults as listed in https://docs.gitea.com/next/administration/config-cheat-sheet. ### Possible drawbacks Users will run on non-optimal settings for production without knowing their config. ### Applicable issues - fixes #584 #573 #489 #476 #468 #453 ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` - [x] Templating unittests are added Co-authored-by: justusbunsi Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/585 Reviewed-by: justusbunsi --- README.md | 11 +++++++ templates/NOTES.txt | 16 ++++++++++ templates/_helpers.tpl | 32 +++++++++++++------- unittests/config/cache-config.yaml | 45 ++++++++++++++++++++++++++++ unittests/config/queue-config.yaml | 45 ++++++++++++++++++++++++++++ unittests/config/session-config.yaml | 45 ++++++++++++++++++++++++++++ 6 files changed, 183 insertions(+), 11 deletions(-) create mode 100644 unittests/config/cache-config.yaml create mode 100644 unittests/config/queue-config.yaml create mode 100644 unittests/config/session-config.yaml diff --git a/README.md b/README.md index 8a3a28d..2c0de9e 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ - [Server defaults](#server-defaults) - [Metrics defaults](#metrics-defaults) - [Rootless Defaults](#rootless-defaults) + - [Session, Cache and Queue](#session-cache-and-queue) - [Single-Pod Configurations](#single-pod-configurations) - [Additional _app.ini_ settings](#additional-appini-settings) - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini) @@ -229,6 +230,16 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us [see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations +#### Session, Cache and Queue + +The session, cache and queue settings are set to use the built-in Redis Cluster sub-chart dependency. +If Redis Cluster is disabled, the chart will fall back to the Gitea defaults which use "memory" for `session` and `cache` and "level" for `queue`. + +While these will work and even not cause immediate issues after startup, **they are not recommended for production use**. +Reasons being that a single pod will take on all the work for `session` and `cache` tasks in its available memory. +It is likely that the pod will run out of memory or will face substantial memory spikes, depending on the workload. +External tools such as `redis-cluster` or `memcached` handle these workloads much better. + ### Single-Pod Configurations If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 25b35e7..ad5a8fa 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -18,3 +18,19 @@ echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }} {{- end }} +{{- $warnings := list -}} +{{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}} + {{- $warnings = append $warnings "Gitea uses 'memory' for caching which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#cache-cache for available options." -}} +{{- end }} +{{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}} + {{- $warnings = append $warnings "Gitea uses 'leveldb' for queue actions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#queue-queue-and-queue for available options." -}} +{{- end }} +{{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}} + {{- $warnings = append $warnings "Gitea uses 'memory' for sessions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#session-session for available options." -}} +{{- end }} +{{- if gt (len $warnings) 0 }} +2. Review these warnings: +{{- range $warnings }} + - {{ . }} +{{- end }} +{{- end }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 0843da5..727401c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -290,23 +290,33 @@ https {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} - {{- if (index .Values "redis-cluster").enabled -}} - {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} - {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} - {{- if not (.Values.gitea.config.cache.HOST) -}} - {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}} - {{- end -}} - {{- end -}} {{- /* redis queue */ -}} {{- if (index .Values "redis-cluster").enabled -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} - {{- end -}} - {{- if not (get .Values.gitea.config.session "PROVIDER") -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} - {{- end -}} - {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" (include "redis.dns" .) -}} + {{- $_ := set .Values.gitea.config.cache "ADAPTER" "redis" -}} + {{- $_ := set .Values.gitea.config.cache "HOST" (include "redis.dns" .) -}} + {{- else -}} + {{- if not (get .Values.gitea.config.session "PROVIDER") -}} + {{- $_ := set .Values.gitea.config.session "PROVIDER" "memory" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.session "PROVIDER_CONFIG") -}} + {{- $_ := set .Values.gitea.config.session "PROVIDER_CONFIG" "" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.queue "TYPE") -}} + {{- $_ := set .Values.gitea.config.queue "TYPE" "level" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.queue "CONN_STR") -}} + {{- $_ := set .Values.gitea.config.queue "CONN_STR" "" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.cache "ADAPTER") -}} + {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memory" -}} + {{- end -}} + {{- if not (get .Values.gitea.config.cache "HOST") -}} + {{- $_ := set .Values.gitea.config.cache "HOST" "" -}} + {{- end -}} {{- end -}} {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml new file mode 100644 index 0000000..cd55d90 --- /dev/null +++ b/unittests/config/cache-config.yaml @@ -0,0 +1,45 @@ +suite: config template | cache config +release: + name: gitea-unittests + namespace: testing +tests: + - it: "cache is configured correctly for redis-cluster" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=redis + HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=memory + HOST= + + - it: "cache can be customized when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + gitea.config.cache.ADAPTER: custom-adapter + gitea.config.cache.HOST: custom-host + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=custom-adapter + HOST=custom-host diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml new file mode 100644 index 0000000..f83543a --- /dev/null +++ b/unittests/config/queue-config.yaml @@ -0,0 +1,45 @@ +suite: config template | queue config +release: + name: gitea-unittests + namespace: testing +tests: + - it: "queue is configured correctly for redis-cluster" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + TYPE=redis + + - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR= + TYPE=level + + - it: "queue can be customized when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + gitea.config.queue.TYPE: custom-type + gitea.config.queue.CONN_STR: custom-connection-string + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=custom-connection-string + TYPE=custom-type diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml new file mode 100644 index 0000000..2b6e771 --- /dev/null +++ b/unittests/config/session-config.yaml @@ -0,0 +1,45 @@ +suite: config template | session config +release: + name: gitea-unittests + namespace: testing +tests: + - it: "session is configured correctly for redis-cluster" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=redis + PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "session is configured correctly for 'memory' when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=memory + PROVIDER_CONFIG= + + - it: "session can be customized when redis-cluster is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + gitea.config.session.PROVIDER: custom-provider + gitea.config.session.PROVIDER_CONFIG: custom-provider-config + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=custom-provider + PROVIDER_CONFIG=custom-provider-config -- 2.40.1 From 59b246302bf7ee58812716ff2e80278a77311007 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Mon, 18 Dec 2023 08:44:51 +0000 Subject: [PATCH 296/390] Properly distinguish predefined and custom env vars in environment-to-ini (#586) ### Description of the change https://gitea.com/gitea/helm-chart/pulls/464#issuecomment-744656 was never taken into account. Somehow I missed that the PR was already merged when I replied. ### Benefits Without this fix: ```text Reloading preset envs... + 'GITEA_POSTGRESQL_HA_PGPOOL_SERVICE_PORT' + 'GITEA_POSTGRESQL_HA_POSTGRESQL_PORT_5432_TCP_PROTO' + 'GITEA_POSTGRESQL_HA_PGPOOL_PORT_5432_TCP_PROTO' + 'GITEA_POSTGRESQL_HA_PGPOOL_PORT' + 'GITEA_POSTGRESQL_HA_POSTGRESQL_PORT_5432_TCP_PORT' + 'GITEA_APP_INI' + 'GITEA_POSTGRESQL_HA_PGPOOL_PORT_5432_TCP_ADDR' + 'GITEA_POSTGRESQL_HA_POSTGRESQL_SERVICE_HOST' + 'GITEA_WORK_DIR' + 'GITEA_POSTGRESQL_HA_POSTGRESQL_PORT' + 'GITEA_POSTGRESQL_HA_POSTGRESQL_PORT_5432_TCP_ADDR' + 'GITEA_POSTGRESQL_HA_POSTGRESQL_SERVICE_PORT_POSTGRESQL' + 'GITEA_TEMP' + 'GITEA_POSTGRESQL_HA_PGPOOL_PORT_5432_TCP_PORT' + 'GITEA_POSTGRESQL_HA_PGPOOL_SERVICE_PORT_POSTGRESQL' + 'GITEA_POSTGRESQL_HA_POSTGRESQL_SERVICE_PORT' + 'GITEA_POSTGRESQL_HA_POSTGRESQL_PORT_5432_TCP' + 'GITEA_POSTGRESQL_HA_PGPOOL_PORT_5432_TCP' + 'GITEA_CUSTOM' + 'GITEA_POSTGRESQL_HA_PGPOOL_SERVICE_HOST' + 'GITEA__metrics__ENABLED' === All configuration sources loaded === ``` With this fix: ```text Reloading preset envs... + 'GITEA__metrics__ENABLED' === All configuration sources loaded === ``` Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/586 Reviewed-by: techknowlogick Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/gitea/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 1c7ab1d..e0eb6de 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -174,7 +174,7 @@ stringData: } # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs - env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs + env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION env2ini::generate_initial_secrets -- 2.40.1 From 323bcd7526b4a0988733a94a34b9e8872309df45 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 18 Dec 2023 08:51:39 +0000 Subject: [PATCH 297/390] Bump Gitea to 1.21.2 (#588) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/588 Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index c69c2a0..98db9dc 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.1 +appVersion: 1.21.2 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From f0d0c00ed62feb3aceff5b6d13e5a64fe5c1b493 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Thu, 21 Dec 2023 07:59:18 +0000 Subject: [PATCH 298/390] Properly sanitize `gitea admin` output (#590) ### Description of the change With https://github.com/go-gitea/gitea/pull/28390, Gitea 1.21.2 introduced warning log output within the result of `gitea admin ` and therefore affects the current provisioning script. That script previously assumed a clean result set and was therefore doomed to fail at _some_ point. This introduces output sanitizing to trim such logs above the actual result table. ### Applicable issues - fixes #589 ### Additional information The non-sanitized output were only an issue for admin account provisioning, and only when the username matched one of these words (in case of #589 it was `gitea`): ```text .../setting/security.go:168:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24. ``` LDAP and OAuth sources were not affected by this particular log line, but also processed non-sanitized result sets. Changing their code is a precaution. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/590 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/gitea/init.yaml | 69 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 3 deletions(-) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index f07f1a5..a67166b 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -86,7 +86,28 @@ stringData: {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} function configure_admin_user() { - local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") + local full_admin_list=$(gitea admin user list --admin) + local actual_user_table='' + + # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line + local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)" + if [[ "${full_admin_list}" =~ $regex ]]; then + actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline + else + # This code block should never be reached, as long as the output table header remains the same. + # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. + + echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users." + echo " Please review the output of 'gitea admin user list --admin' shown below." + echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." + echo "DEBUG: Output of 'gitea admin user list --admin'" + echo "--" + echo "${full_admin_list}" + echo "--" + exit 1 + fi + + local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false @@ -105,7 +126,28 @@ stringData: {{- if .Values.gitea.ldap }} {{- range $idx, $value := .Values.gitea.ldap }} local LDAP_NAME={{ (printf "%s" $value.name) | squote }} - local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") + local full_auth_list=$(gitea admin auth list --vertical-bars) + local actual_auth_table='' + + # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line + local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)" + if [[ "${full_auth_list}" =~ $regex ]]; then + actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline + else + # This code block should never be reached, as long as the output table header remains the same. + # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. + + echo "ERROR: 'configure_ldap' was not able to determine the current list of authentication sources." + echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below." + echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." + echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" + echo "--" + echo "${full_auth_list}" + echo "--" + exit 1 + fi + + local GITEA_AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") if [[ -z "${GITEA_AUTH_ID}" ]]; then echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." @@ -128,7 +170,28 @@ stringData: {{- if .Values.gitea.oauth }} {{- range $idx, $value := .Values.gitea.oauth }} local OAUTH_NAME={{ (printf "%s" $value.name) | squote }} - local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") + local full_auth_list=$(gitea admin auth list --vertical-bars) + local actual_auth_table='' + + # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line + local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)" + if [[ "${full_auth_list}" =~ $regex ]]; then + actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline + else + # This code block should never be reached, as long as the output table header remains the same. + # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. + + echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources." + echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below." + echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." + echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" + echo "--" + echo "${full_auth_list}" + echo "--" + exit 1 + fi + + local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") if [[ -z "${AUTH_ID}" ]]; then echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." -- 2.40.1 From 469eacaf1c960747177af4b3cad4e70ca03d27ed Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 23 Dec 2023 16:12:59 +0100 Subject: [PATCH 299/390] bump to gitea 1.21.3 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 98db9dc..8d11ecf 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.2 +appVersion: 1.21.3 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From 8a191f0eca0c25d504be1801cc72b3c04b2dd97d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 28 Dec 2023 00:33:07 +0000 Subject: [PATCH 300/390] chore(deps): update subcharts (minor & patch) (#593) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index aefe5eb..286441f 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.24 + version: 13.2.26 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.3 + version: 12.3.5 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.3 -digest: sha256:c4ae8a7ddfb6670acc7f39d5728a0929f6c7666d32459229b5e4e66b19749677 -generated: "2023-12-17T00:11:27.841588235Z" + version: 9.1.4 +digest: sha256:1f76d28f5fda7d10fe814416c6d1d1a02fd626d8b9e895d28acf3ebf3fa71780 +generated: "2023-12-28T00:15:48.963793716Z" diff --git a/Chart.yaml b/Chart.yaml index 8d11ecf..fc997fc 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,15 +36,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.24 + version: 13.2.26 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.3 + version: 12.3.5 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.3 + version: 9.1.4 condition: redis-cluster.enabled -- 2.40.1 From 7b7789e65d07876c90729b61aec7b9690c58f90f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 29 Dec 2023 02:33:50 +0000 Subject: [PATCH 301/390] chore(deps): update alpine/helm docker tag to v3.13.3 (#592) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 0b516ab..724a77e 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.13.2" + HELM_VERSION: "3.13.3" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 6cef8e3..3d7c11f 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.13.2 + container: alpine/helm:3.13.3 steps: - name: install tools run: | -- 2.40.1 From e9d401a9ee47f7aa72fa4e75c88c989c2a76150a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 7 Jan 2024 01:35:43 +0000 Subject: [PATCH 302/390] chore(deps): update dependency helm-unittest/helm-unittest to v0.4.0 (#595) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/test-pr.yml | 2 +- .vscode/settings.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 3d7c11f..4d09086 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -11,7 +11,7 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "v0.3.6" + HELM_UNITTEST_VERSION: "v0.4.0" jobs: check-and-test: diff --git a/.vscode/settings.json b/.vscode/settings.json index 812b1f8..d1423c9 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.3.6/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.0/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, -- 2.40.1 From d7cba5443f25520d906bcb026c9bf2c07a68f91c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 7 Jan 2024 01:56:33 +0000 Subject: [PATCH 303/390] chore(deps): update subcharts (minor & patch) (#594) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 286441f..c217ac4 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.26 + version: 13.2.27 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.5 + version: 12.3.7 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.1.4 -digest: sha256:1f76d28f5fda7d10fe814416c6d1d1a02fd626d8b9e895d28acf3ebf3fa71780 -generated: "2023-12-28T00:15:48.963793716Z" +digest: sha256:7d42d2959fedaa06981e2626136a4db301b9ddaf2b045e1eb70b29718db8510a +generated: "2024-01-07T01:40:02.087718645Z" diff --git a/Chart.yaml b/Chart.yaml index fc997fc..2f197f1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,12 +36,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.26 + version: 13.2.27 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.5 + version: 12.3.7 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 70e5da077a212ccb6c13b5b0155dd39af4ca034b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 13 Jan 2024 00:35:47 +0000 Subject: [PATCH 304/390] chore(deps): update dependency helm-unittest/helm-unittest to v0.4.1 (#599) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/test-pr.yml | 2 +- .vscode/settings.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 4d09086..961f612 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -11,7 +11,7 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "v0.4.0" + HELM_UNITTEST_VERSION: "v0.4.1" jobs: check-and-test: diff --git a/.vscode/settings.json b/.vscode/settings.json index d1423c9..aa6b188 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.0/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.1/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, -- 2.40.1 From 5dfaca13f2f215f7d15cfed191473df20123ac6e Mon Sep 17 00:00:00 2001 From: remogeissbuehler Date: Sat, 13 Jan 2024 09:58:30 +0000 Subject: [PATCH 305/390] Allowing Custom Labels in SVC Templates (#597) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change The change allows users of this chart to specify custom labels for the HTTP & SSH Services that get deployed. They are optional and if given are added to the standard list of labels. ### Benefits Certain use cases require labelling services to be able to select them in other places. Specifiying them directly in the helm chart avoids having to label by hand everytime. Concrete Use Case Example: Cilium Layer 2 Announcements require selecting services to announce via labels (see [docs](https://docs.cilium.io/en/stable/network/l2-announcements/#service-selector)). I would like to add a label to the SSH service, but not the HTTP Service (which is handled via an ingress). ### Possible drawbacks I don't see any, using this feature is optional :) ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [X] Breaking changes are documented in the `README.md` - [X] Templating unittests are added Co-authored-by: Remo Geissbühler Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/597 Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: remogeissbuehler Co-committed-by: remogeissbuehler --- README.md | 2 + templates/gitea/http-svc.yaml | 3 ++ templates/gitea/ssh-svc.yaml | 3 ++ unittests/deployment/svc-configuration.yaml | 51 +++++++++++++++++++++ values.yaml | 4 ++ 5 files changed, 63 insertions(+) create mode 100644 unittests/deployment/svc-configuration.yaml diff --git a/README.md b/README.md index 2c0de9e..a58b18f 100644 --- a/README.md +++ b/README.md @@ -888,6 +888,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.annotations` | HTTP service annotations | `{}` | +| `service.http.labels` | HTTP service additional labels | `{}` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | | `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | @@ -900,6 +901,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `service.ssh.hostPort` | HostPort for ssh service | `nil` | | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.annotations` | SSH service annotations | `{}` | +| `service.ssh.labels` | SSH service additional labels | `{}` | ### Ingress diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 659724c..0ec7370 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -4,6 +4,9 @@ metadata: name: {{ include "gitea.fullname" . }}-http labels: {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.service.http.labels }} + {{- toYaml .Values.service.http.labels | nindent 4 }} + {{- end }} annotations: {{- toYaml .Values.service.http.annotations | nindent 4 }} spec: diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 3e8b3c2..3ee756c 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -4,6 +4,9 @@ metadata: name: {{ include "gitea.fullname" . }}-ssh labels: {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.service.ssh.labels }} + {{- toYaml .Values.service.ssh.labels | nindent 4 }} + {{- end }} annotations: {{- toYaml .Values.service.ssh.annotations | nindent 4 }} spec: diff --git a/unittests/deployment/svc-configuration.yaml b/unittests/deployment/svc-configuration.yaml new file mode 100644 index 0000000..a032470 --- /dev/null +++ b/unittests/deployment/svc-configuration.yaml @@ -0,0 +1,51 @@ +suite: ssh-svc / http-svc template (Services configuration) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/ssh-svc.yaml + - templates/gitea/http-svc.yaml +tests: + - it: supports adding custom labels to ssh-svc + template: templates/gitea/ssh-svc.yaml + set: + service: + ssh: + labels: + gitea/testkey: testvalue + asserts: + - equal: + path: metadata.labels["gitea/testkey"] + value: "testvalue" + + - it: keeps existing labels (ssh) + template: templates/gitea/ssh-svc.yaml + set: + service: + ssh: + labels: {} + asserts: + - exists: + path: metadata.labels["app"] + + - it: supports adding custom labels to http-svc + template: templates/gitea/http-svc.yaml + set: + service: + http: + labels: + gitea/testkey: testvalue + asserts: + - equal: + path: metadata.labels["gitea/testkey"] + value: "testvalue" + + - it: keeps existing labels (http) + template: templates/gitea/http-svc.yaml + set: + service: + http: + labels: {} + asserts: + - exists: + path: metadata.labels["app"] diff --git a/values.yaml b/values.yaml index 2736a2f..175c27f 100644 --- a/values.yaml +++ b/values.yaml @@ -106,6 +106,7 @@ service: ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations + ## @param service.http.labels HTTP service additional labels http: type: ClusterIP port: 3000 @@ -118,6 +119,7 @@ service: ipFamilies: loadBalancerSourceRanges: [] annotations: {} + labels: {} ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None @@ -130,6 +132,7 @@ service: ## @param service.ssh.hostPort HostPort for ssh service ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations + ## @param service.ssh.labels SSH service additional labels ssh: type: ClusterIP port: 22 @@ -143,6 +146,7 @@ service: hostPort: loadBalancerSourceRanges: [] annotations: {} + labels: {} ## @section Ingress ## @param ingress.enabled Enable ingress -- 2.40.1 From f5ad4eb33d3dd1e61ea92bca4b05e029ea550b0b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 15 Jan 2024 00:20:49 +0000 Subject: [PATCH 306/390] chore(deps): update subcharts (minor & patch) (#600) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index c217ac4..04b05c0 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.27 + version: 13.2.29 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.7 + version: 12.5.0 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.4 -digest: sha256:7d42d2959fedaa06981e2626136a4db301b9ddaf2b045e1eb70b29718db8510a -generated: "2024-01-07T01:40:02.087718645Z" + version: 9.1.5 +digest: sha256:7b064a77b50336c55e4a1e8c8c673aaea54c571a575ea2ccd43504db927bc576 +generated: "2024-01-14T00:21:33.821525206Z" diff --git a/Chart.yaml b/Chart.yaml index 2f197f1..756d4e1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,15 +36,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.27 + version: 13.2.29 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.3.7 + version: 12.5.0 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.4 + version: 9.1.5 condition: redis-cluster.enabled -- 2.40.1 From a1af5eab4ed4a6a136992e57db5c17790f0d041d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 20 Jan 2024 00:51:24 +0000 Subject: [PATCH 307/390] chore(deps): update subcharts (minor & patch) (#603) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index 04b05c0..03c6c17 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.29 + version: 13.3.1 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.5.0 + version: 12.7.0 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.5 -digest: sha256:7b064a77b50336c55e4a1e8c8c673aaea54c571a575ea2ccd43504db927bc576 -generated: "2024-01-14T00:21:33.821525206Z" + version: 9.2.1 +digest: sha256:cff9fdd51856d8f0526863d5e050427e2ef2acc44b9ea4cabb88d77a5c65ca40 +generated: "2024-01-20T00:35:15.09075348Z" diff --git a/Chart.yaml b/Chart.yaml index 756d4e1..9d5a9f3 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,15 +36,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.2.29 + version: 13.3.1 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.5.0 + version: 12.7.0 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.1.5 + version: 9.2.1 condition: redis-cluster.enabled -- 2.40.1 From b84a431854f666ebbd7be511829c10d087d7d0c7 Mon Sep 17 00:00:00 2001 From: florianspk Date: Mon, 22 Jan 2024 09:33:07 +0000 Subject: [PATCH 308/390] =?UTF-8?q?Storage=20Class=20don=C2=B4t=20use=20gl?= =?UTF-8?q?obal.storageClass=20(#601)=20(#602)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change The code change ensures proper usage of gitea.persistence.storageClass, improving configuration accuracy and code readability. ### Applicable issues - fixes #601 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/602 Reviewed-by: pat-s Co-authored-by: florianspk Co-committed-by: florianspk --- templates/_helpers.tpl | 2 +- templates/gitea/pvc.yaml | 4 +- .../storage-class-configuration.yaml | 39 +++++++++++++++++++ 3 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 unittests/deployment/storage-class-configuration.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 727401c..dc76158 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -94,7 +94,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }} +{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index 995bd10..d1b2669 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -14,9 +14,7 @@ spec: {{- .Values.persistence.accessModes | toYaml | nindent 4 }} {{- end }} volumeMode: Filesystem - {{- if .Values.persistence.storageClass }} - storageClassName: {{ .Values.persistence.storageClass }} - {{- end }} + {{- include "gitea.persistence.storageClass" . | nindent 2 }} {{- with .Values.persistence.volumeName }} volumeName: {{ . }} {{- end }} diff --git a/unittests/deployment/storage-class-configuration.yaml b/unittests/deployment/storage-class-configuration.yaml new file mode 100644 index 0000000..abad587 --- /dev/null +++ b/unittests/deployment/storage-class-configuration.yaml @@ -0,0 +1,39 @@ +# File: tests/gitea-storageclass-tests.yaml + +suite: storage class configuration tests + +release: + name: gitea-storageclass-tests + namespace: testing + +templates: + - templates/gitea/pvc.yaml + +tests: + - it: should set storageClassName when persistence.storageClass is defined + template: templates/gitea/pvc.yaml + set: + persistence.storageClass: "my-storage-class" + asserts: + - equal: + path: "spec.storageClassName" + value: "my-storage-class" + + - it: should set global.storageClass when persistence.storageClass is not defined + template: templates/gitea/pvc.yaml + set: + global.storageClass: "default-storage-class" + asserts: + - equal: + path: spec.storageClassName + value: "default-storage-class" + + - it: should set storageClassName when persistence.storageClass is defined and global.storageClass is defined + template: templates/gitea/pvc.yaml + set: + global.storageClass: "default-storage-class" + persistence.storageClass: "my-storage-class" + asserts: + - equal: + path: spec.storageClassName + value: "my-storage-class" -- 2.40.1 From 4ed7818ec28d07f55e0c230fc44e182ff76ea385 Mon Sep 17 00:00:00 2001 From: Oliver Fueckert Date: Mon, 22 Jan 2024 09:35:58 +0000 Subject: [PATCH 309/390] Add labels to PVC manifest (#581) Hi, In reference to #580 I noticed that one cannot apply labels to the created PVC with persistance.labels. The label statement is missing in the template. best regards, Oliver. **helm-chart/templates/gitea/pvc.yaml:** ``` {{- if and .Values.persistence.enabled .Values.persistence.create }} kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.persistence.claimName }} namespace: {{ $.Release.Namespace }} annotations: {{ .Values.persistence.annotations | toYaml | indent 4}} spec: ... ``` **values.yaml:** ``` persistence: ## @param primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC ## enabled: true ## @param primary.persistence.existingClaim Name of an existing PVC to use ## existingClaim: "" ## @param primary.persistence.mountPath The path the volume will be mounted at ## Note: useful when using custom PostgreSQL images ## mountPath: /bitnami/postgresql ## @param primary.persistence.subPath The subdirectory of the volume to mount to ## Useful in dev environments and one PV for multiple services ## subPath: "" ## @param primary.persistence.storageClass PVC Storage Class for PostgreSQL Primary data volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" ## @param primary.persistence.accessModes PVC Access Mode for PostgreSQL volume ## accessModes: - ReadWriteOnce ## @param primary.persistence.size PVC Storage Request for PostgreSQL volume ## size: 8Gi ## @param primary.persistence.annotations Annotations for the PVC ## annotations: {} ## @param primary.persistence.labels Labels for the PVC ## labels: {} ``` ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/581 Reviewed-by: pat-s Co-authored-by: Oliver Fueckert Co-committed-by: Oliver Fueckert --- templates/gitea/pvc.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index d1b2669..601483e 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -6,6 +6,8 @@ metadata: namespace: {{ $.Release.Namespace }} annotations: {{ .Values.persistence.annotations | toYaml | indent 4}} + labels: +{{ .Values.persistence.labels | toYaml | indent 4}} spec: accessModes: {{- if gt .Values.replicaCount 1.0 }} -- 2.40.1 From aeea86b26a6679769a62cc5cd53114e2c395c035 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 22 Jan 2024 10:45:18 +0100 Subject: [PATCH 310/390] bump to gitea 1.21.4 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 9d5a9f3..b529025 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.3 +appVersion: 1.21.4 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From 6be4f8bb973bf538527935d376f93d958456367d Mon Sep 17 00:00:00 2001 From: yardenshoham Date: Fri, 26 Jan 2024 16:27:49 +0000 Subject: [PATCH 311/390] Remove outdated comment regarding Bitnami's charts (#608) We use OCI charts from Bitnami, so this comment is no longer relevant Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/608 Reviewed-by: justusbunsi Co-authored-by: yardenshoham Co-committed-by: yardenshoham --- Chart.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index b529025..b9c7b84 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -31,7 +31,6 @@ maintainers: - name: Patrick Schratz email: patrick.schratz@gmail.com -# Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql -- 2.40.1 From 829bca241d4a829db411124741f53ffbb83431bc Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 1 Feb 2024 14:11:32 +0100 Subject: [PATCH 312/390] bump gitea to 1.21.5 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index b9c7b84..5d0c12c 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.4 +appVersion: 1.21.5 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From 4d339bb05b99ff74dd4d3bed8f61b2f0c4c1c0d6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 17 Feb 2024 21:24:38 +0000 Subject: [PATCH 313/390] chore(deps): update workflow dependencies (minor & patch) (#614) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine/helm | | minor | `3.13.3` -> `3.14.0` | | alpine/helm | container | minor | `3.13.3` -> `3.14.0` | | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.38.0` -> `^0.39.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.38.0/0.39.0) | --- ### Release Notes
igorshubovych/markdownlint-cli (markdownlint-cli) ### [`v0.39.0`](https://github.com/igorshubovych/markdownlint-cli/releases/tag/v0.39.0): 0.39.0 [Compare Source](https://github.com/igorshubovych/markdownlint-cli/compare/v0.38.0...v0.39.0) - Update `markdownlint` dependency to `0.33.0` - Add `MD055`/`table-pipe-style`, `MD056`/`table-column-count` - Improve `MD005`/`MD007`/`MD024`/`MD026`/`MD038` - Incorporate `micromark-extension-directive` - Improve JSON schema, document validation - Handle trailing commas in JSONC configuration - Update all dependencies via `Dependabot`
--- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/614 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- .markdownlint.yaml | 2 +- package-lock.json | 89 ++++++++++++++++------------ package.json | 2 +- 5 files changed, 55 insertions(+), 42 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 724a77e..b376d0b 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.13.3" + HELM_VERSION: "3.14.0" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 961f612..0df1612 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.13.3 + container: alpine/helm:3.14.0 steps: - name: install tools run: | diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 7b0c356..30cdea2 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -73,7 +73,7 @@ MD022: # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content MD024: # Only check sibling headings - allow_different_nesting: true + siblings_only: true # MD025/single-title/single-h1 - Multiple top-level headings in the same document MD025: diff --git a/package-lock.json b/package-lock.json index 90cad8b..961bccf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.38.0" + "markdownlint-cli": "^0.39.0" }, "engines": { "node": ">=16.0.0", @@ -195,9 +195,9 @@ "dev": true }, "node_modules/entities": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", - "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", "dev": true, "engines": { "node": ">=0.12" @@ -340,18 +340,18 @@ } }, "node_modules/jsonc-parser": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.0.tgz", - "integrity": "sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==", + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz", + "integrity": "sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==", "dev": true }, "node_modules/linkify-it": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz", - "integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", "dev": true, "dependencies": { - "uc.micro": "^1.0.1" + "uc.micro": "^2.0.0" } }, "node_modules/lodash": { @@ -370,19 +370,20 @@ } }, "node_modules/markdown-it": { - "version": "13.0.2", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.2.tgz", - "integrity": "sha512-FtwnEuuK+2yVU7goGn/MJ0WBZMM9ZPgU9spqlFs7/A/pDIUNSOQZhUgOqYCficIuR2QaFnrt8LHqBWsbTAoI5w==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.0.0.tgz", + "integrity": "sha512-seFjF0FIcPt4P9U39Bq1JYblX0KZCjDLFFQPHpL5AzHpqPEKtosxmdq/LTVZnjfH7tjt9BxStm+wXcDBNuYmzw==", "dev": true, "dependencies": { "argparse": "^2.0.1", - "entities": "~3.0.1", - "linkify-it": "^4.0.1", - "mdurl": "^1.0.1", - "uc.micro": "^1.0.5" + "entities": "^4.4.0", + "linkify-it": "^5.0.0", + "mdurl": "^2.0.0", + "punycode.js": "^2.3.1", + "uc.micro": "^2.0.0" }, "bin": { - "markdown-it": "bin/markdown-it.js" + "markdown-it": "bin/markdown-it.mjs" } }, "node_modules/markdown-table": { @@ -399,13 +400,13 @@ } }, "node_modules/markdownlint": { - "version": "0.32.1", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.32.1.tgz", - "integrity": "sha512-3sx9xpi4xlHlokGyHO9k0g3gJbNY4DI6oNEeEYq5gQ4W7UkiJ90VDAnuDl2U+yyXOUa6BX+0gf69ZlTUGIBp6A==", + "version": "0.33.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.33.0.tgz", + "integrity": "sha512-4lbtT14A3m0LPX1WS/3d1m7Blg+ZwiLq36WvjQqFGsX3Gik99NV+VXp/PW3n+Q62xyPdbvGOCfjPqjW+/SKMig==", "dev": true, "dependencies": { - "markdown-it": "13.0.2", - "markdownlint-micromark": "0.1.7" + "markdown-it": "14.0.0", + "markdownlint-micromark": "0.1.8" }, "engines": { "node": ">=18" @@ -415,9 +416,9 @@ } }, "node_modules/markdownlint-cli": { - "version": "0.38.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.38.0.tgz", - "integrity": "sha512-qkZRKJ4LVq6CJIkRIuJsEHvhWhm+FP0E7yhHvOMrrgdykgFWNYD4wuhZTjvigbJLTKPooP79yPiUDDZBCBI5JA==", + "version": "0.39.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.39.0.tgz", + "integrity": "sha512-ZuFN7Xpsbn1Nbp0YYkeLOfXOMOfLQBik2lKRy8pVI/llmKQ2uW7x+8k5OMgF6o7XCsTDSYC/OOmeJ+3qplvnJQ==", "dev": true, "dependencies": { "commander": "~11.1.0", @@ -425,8 +426,8 @@ "glob": "~10.3.10", "ignore": "~5.3.0", "js-yaml": "^4.1.0", - "jsonc-parser": "~3.2.0", - "markdownlint": "~0.32.1", + "jsonc-parser": "~3.2.1", + "markdownlint": "~0.33.0", "minimatch": "~9.0.3", "run-con": "~1.3.2" }, @@ -493,18 +494,21 @@ } }, "node_modules/markdownlint-micromark": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.7.tgz", - "integrity": "sha512-BbRPTC72fl5vlSKv37v/xIENSRDYL/7X/XoFzZ740FGEbs9vZerLrIkFRY0rv7slQKxDczToYuMmqQFN61fi4Q==", + "version": "0.1.8", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.8.tgz", + "integrity": "sha512-1ouYkMRo9/6gou9gObuMDnvZM8jC/ly3QCFQyoSPCS2XV1ZClU0xpKbL1Ar3bWWRT1RnBZkWUEiNKrI2CwiBQA==", "dev": true, "engines": { "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/DavidAnson" } }, "node_modules/mdurl": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==", "dev": true }, "node_modules/minimatch": { @@ -580,6 +584,15 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/punycode.js": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz", + "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, "node_modules/repeat-string": { "version": "1.6.1", "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", @@ -746,9 +759,9 @@ } }, "node_modules/uc.micro": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", - "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.0.0.tgz", + "integrity": "sha512-DffL94LsNOccVn4hyfRe5rdKa273swqeA5DJpMOeFmEn1wCDc7nAbbB0gXlgBCL7TNzeTv6G7XVWzan7iJtfig==", "dev": true }, "node_modules/which": { diff --git a/package.json b/package.json index 138146a..32f1599 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.38.0" + "markdownlint-cli": "^0.39.0" } } -- 2.40.1 From 00fbf45f033a5a806730f18fba123dea6123486a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 17 Feb 2024 21:30:54 +0000 Subject: [PATCH 314/390] chore(deps): update subcharts (minor & patch) (#613) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | minor | `13.3.1` -> `13.4.6` | | [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | minor | `12.7.0` -> `12.8.2` | | [redis-cluster](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/redis-cluster)) | minor | `9.2.1` -> `9.5.20` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/613 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- unittests/dependency-major-image-check.yaml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Chart.lock b/Chart.lock index 03c6c17..5c8aa99 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.3.1 + version: 13.4.6 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.7.0 + version: 12.8.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.2.1 -digest: sha256:cff9fdd51856d8f0526863d5e050427e2ef2acc44b9ea4cabb88d77a5c65ca40 -generated: "2024-01-20T00:35:15.09075348Z" + version: 9.5.20 +digest: sha256:10ca7303e61effbe02163c0df6ed1a87f25d71edd44d1aadae971f56679ae985 +generated: "2024-02-17T00:21:51.363456958Z" diff --git a/Chart.yaml b/Chart.yaml index 5d0c12c..43f9930 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.3.1 + version: 13.4.6 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.7.0 + version: 12.8.2 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.2.1 + version: 9.5.20 condition: redis-cluster.enabled diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index 27fd39b..d90803e 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -28,7 +28,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql:16.+$ + pattern: ^registry-1.docker.io/bitnami/postgresql:16.+$ - it: "[redis-cluster] ensures we detect major image version upgrades" template: charts/redis-cluster/templates/redis-statefulset.yaml set: @@ -39,4 +39,4 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/redis-cluster:7.+$ + pattern: ^registry-1.docker.io/bitnami/redis-cluster:7.+$ -- 2.40.1 From 3ac530f66da3b7179c749a62ab96339771bba23b Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 23 Feb 2024 07:27:46 +0000 Subject: [PATCH 315/390] Add tests for HA assertion and clean up (#611) fix #604 - Assertions in `_helpers.tpl` were not effective, removed them - Updated and indented assertions in `config.yaml` - Added tests to check the assertions Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/611 Co-authored-by: pat-s Co-committed-by: pat-s --- templates/_helpers.tpl | 20 ------------ templates/gitea/config.yaml | 57 ++++++++++++++++++---------------- unittests/deployment/HA.yaml | 59 ++++++++++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+), 46 deletions(-) create mode 100644 unittests/deployment/HA.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index dc76158..45e7a28 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -3,26 +3,6 @@ Expand the name of the chart. */}} -{{- /* multiple replicas assertions */ -}} -{{- if gt .Values.replicaCount 1.0 -}} - {{- fail "When using multiple replicas, a RWX file system is required" -}} - {{- if eq (get (.Values.persistence.accessModes 0) "ReadWriteOnce") -}} - {{- fail "When using multiple replicas, a RWX file system is required" -}} - {{- end }} - - {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} - {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} - {{- end }} - - {{- if and (eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve") (eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED "true") -}} - {{- fail "When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'" -}} - {{- end }} - - {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} - {{- (printf "DEBUG: When using multiple replicas, the repo indexer must be set to 'meilisearch' or 'elasticsearch'") | fail -}} - {{- end }} -{{- end }} - {{- define "gitea.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index e0eb6de..68df5f8 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -18,35 +18,40 @@ type: Opaque stringData: assertions: | -{{- /*assert that only one PG dep is enabled */ -}} -{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} - {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} -{{- end }} - -{{- /* multiple replicas assertions */ -}} -{{- if gt .Values.replicaCount 1.0 -}} - {{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}} - {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}} - {{- end }} - - {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} - {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} - {{- end }} - - {{- if eq (get .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE") "bleve" -}} - {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} - {{- end }} - {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} - {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_TYPE") "bleve" -}} - {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} - {{- if eq (get .Values.gitea.config.indexer "REPO_INDEXER_ENABLED") "true" -}} - {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- /*assert that only one PG dep is enabled */ -}} + {{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}} + {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}} + {{- end }} + + {{- /* multiple replicas assertions */ -}} + {{- if gt .Values.replicaCount 1.0 -}} + {{- if .Values.gitea.config.cron -}} + {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}} + {{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}} + {{ fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." }} + {{- end }} {{- end }} {{- end }} + + {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}} + {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}} + {{- end }} + {{- if .Values.gitea.config.indexer -}} + {{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}} + {{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}} + {{- end }} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}} + {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}} + {{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}} + {{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}} + {{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} - {{- end }} - -{{- end }} config_environment.sh: |- #!/usr/bin/env bash set -euo pipefail diff --git a/unittests/deployment/HA.yaml b/unittests/deployment/HA.yaml new file mode 100644 index 0000000..8cc4dd1 --- /dev/null +++ b/unittests/deployment/HA.yaml @@ -0,0 +1,59 @@ +suite: deployment template (HA) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: fails with multiple replicas and "GIT_GC_REPOS" enabled + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + cron: + GIT_GC_REPOS: + ENABLED: true + asserts: + - failedTemplate: + errorMessage: "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." + - it: fails with multiple replicas and RWX file system not set + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." + - it: fails with multiple replicas and bleve issue indexer + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + indexer: + ISSUE_INDEXER_TYPE: bleve + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." + - it: fails with multiple replicas and bleve repo indexer + template: templates/gitea/deployment.yaml + set: + replicaCount: 2 + persistence: + accessModes: + - ReadWriteMany + gitea: + config: + indexer: + REPO_INDEXER_TYPE: bleve + REPO_INDEXER_ENABLED: true + asserts: + - failedTemplate: + errorMessage: "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -- 2.40.1 From 0794fe5b8b589d7be7230b3f250a165fb307cd7f Mon Sep 17 00:00:00 2001 From: pat-s Date: Fri, 23 Feb 2024 08:36:10 +0100 Subject: [PATCH 316/390] bump to gitea 1.21.6 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 43f9930..2f826f2 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.5 +appVersion: 1.21.6 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From a82540e7ebdedf73eb61b469dea3384b4b35cc94 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 26 Feb 2024 09:41:41 +0000 Subject: [PATCH 317/390] chore(deps): update aws-actions/configure-aws-credentials action to v4 (#619) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | action | major | `v2` -> `v4` | --- ### Release Notes
aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials) ### [`v4`](https://github.com/aws-actions/configure-aws-credentials/releases/tag/v4) [Compare Source](https://github.com/aws-actions/configure-aws-credentials/compare/v3...v4) This tag tracks the latest v4.x.x release ### [`v3`](https://github.com/aws-actions/configure-aws-credentials/releases/tag/v3) [Compare Source](https://github.com/aws-actions/configure-aws-credentials/compare/v2...v3) This tag tracks the latest v3.x.x release
--- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/619 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index b376d0b..d1392b8 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -57,7 +57,7 @@ jobs: helm registry logout registry-1.docker.io - name: aws credential configure - uses: https://github.com/aws-actions/configure-aws-credentials@v2 + uses: https://github.com/aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} -- 2.40.1 From 8ee589a56fc02ddde919e0dd9ce83919688a16e9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 26 Feb 2024 09:42:27 +0000 Subject: [PATCH 318/390] chore(deps): update crazy-max/ghaction-import-gpg action to v6 (#620) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | action | major | `v5` -> `v6` | --- ### Release Notes
crazy-max/ghaction-import-gpg (crazy-max/ghaction-import-gpg) ### [`v6`](https://github.com/crazy-max/ghaction-import-gpg/compare/v5...v6) [Compare Source](https://github.com/crazy-max/ghaction-import-gpg/compare/v5...v6)
--- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/620 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index d1392b8..255221d 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -32,7 +32,7 @@ jobs: - name: Import GPG key id: import_gpg - uses: https://github.com/crazy-max/ghaction-import-gpg@v5 + uses: https://github.com/crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ secrets.GPGSIGN_KEY }} passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} -- 2.40.1 From d65737681a4daa92a6dd56a97967fb98144f553e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 26 Feb 2024 09:50:40 +0000 Subject: [PATCH 319/390] chore(deps): update redis-cluster docker tag to v9.6.2 (#617) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [redis-cluster](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/redis-cluster)) | minor | `9.5.20` -> `9.6.2` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/617 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- unittests/dependency-major-image-check.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Chart.lock b/Chart.lock index 5c8aa99..0d041e7 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 12.8.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.5.20 -digest: sha256:10ca7303e61effbe02163c0df6ed1a87f25d71edd44d1aadae971f56679ae985 -generated: "2024-02-17T00:21:51.363456958Z" + version: 9.6.2 +digest: sha256:38ff6de3d4d86295d0ede2338941b91b5d6c6030b0a11248b8c295c579762280 +generated: "2024-02-24T00:22:59.731915633Z" diff --git a/Chart.yaml b/Chart.yaml index 2f826f2..abfbb84 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -45,5 +45,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.5.20 + version: 9.6.2 condition: redis-cluster.enabled diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index d90803e..3333510 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -39,4 +39,4 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^registry-1.docker.io/bitnami/redis-cluster:7.+$ + pattern: ^docker.io/bitnami/redis-cluster:7.+$ -- 2.40.1 From ab5ec8ddb9c09f6cd528514c06621d5f51c978b6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 26 Feb 2024 09:51:06 +0000 Subject: [PATCH 320/390] chore(deps): update workflow dependencies (minor & patch) (#616) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine/helm | | patch | `3.14.0` -> `3.14.2` | | alpine/helm | container | patch | `3.14.0` -> `3.14.2` | | [helm-unittest/helm-unittest](https://github.com/helm-unittest/helm-unittest) | | patch | `v0.4.1` -> `v0.4.2` | --- ### Release Notes
helm-unittest/helm-unittest (helm-unittest/helm-unittest) ### [`v0.4.2`](https://github.com/helm-unittest/helm-unittest/releases/tag/v0.4.2) [Compare Source](https://github.com/helm-unittest/helm-unittest/compare/v0.4.1...v0.4.2) **Improvements** - Improve storing generated template when debug flag enabled (credits [@​thepeak99](https://github.com/thepeak99)) - Improve development (credits [@​ivankatliarchuk](https://github.com/ivankatliarchuk)) **Fixes** - Fix global set and set override (resolves [#​210](https://github.com/helm-unittest/helm-unittest/issues/210), resolves [#​276](https://github.com/helm-unittest/helm-unittest/issues/276)) - Fix debug flag by changing name to debugPlugin flag (resolves [#​241](https://github.com/helm-unittest/helm-unittest/issues/241)) - Fix empty documentSelector (credits [@​michaelruigrok](https://github.com/michaelruigrok)) **Updates** - Update packages to latest patch versions (credits [@​ivankatliarchuk](https://github.com/ivankatliarchuk), credits [@​stavros-k](https://github.com/stavros-k), resolves [#​295](https://github.com/helm-unittest/helm-unittest/issues/295)) - Update documentation (credits [@​tochev](https://github.com/tochev))
--- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/616 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 4 ++-- .vscode/settings.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 255221d..cab0424 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.14.0" + HELM_VERSION: "3.14.2" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 0df1612..80de36a 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -11,12 +11,12 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "v0.4.1" + HELM_UNITTEST_VERSION: "v0.4.2" jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.14.0 + container: alpine/helm:3.14.2 steps: - name: install tools run: | diff --git a/.vscode/settings.json b/.vscode/settings.json index aa6b188..43a5689 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.1/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.2/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, -- 2.40.1 From ceb6de12a83f8829a84b721c63617983b04e0d32 Mon Sep 17 00:00:00 2001 From: pat-s Date: Mon, 26 Feb 2024 11:16:57 +0100 Subject: [PATCH 321/390] bump to gitea 1.21.7 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index abfbb84..71234d7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.6 +appVersion: 1.21.7 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From a3fafc90a8499ee1f4780228212f2d38fad75e9e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 3 Mar 2024 00:23:32 +0000 Subject: [PATCH 322/390] chore(deps): update redis-cluster docker tag to v9.7.0 (#621) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 0d041e7..8c5fe53 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 12.8.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.6.2 -digest: sha256:38ff6de3d4d86295d0ede2338941b91b5d6c6030b0a11248b8c295c579762280 -generated: "2024-02-24T00:22:59.731915633Z" + version: 9.7.0 +digest: sha256:c11360760ebc21f1f7a509231008c3d5e888cf1f2b201d6fceeb2fcf6e89ad09 +generated: "2024-03-02T00:40:52.530453841Z" diff --git a/Chart.yaml b/Chart.yaml index 71234d7..ff6d9d3 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -45,5 +45,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.6.2 + version: 9.7.0 condition: redis-cluster.enabled -- 2.40.1 From 6644c1701b742b70cf6d2101ef5cc48ff1c69701 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 3 Mar 2024 09:37:52 +0000 Subject: [PATCH 323/390] chore(deps): update postgresql docker tag to v14 (#622) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | major | `13.4.6` -> `14.2.3` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: pat-s Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/622 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- unittests/dependency-major-image-check.yaml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Chart.lock b/Chart.lock index 8c5fe53..cd0d611 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.6 + version: 14.2.3 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 12.8.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.7.0 -digest: sha256:c11360760ebc21f1f7a509231008c3d5e888cf1f2b201d6fceeb2fcf6e89ad09 -generated: "2024-03-02T00:40:52.530453841Z" +digest: sha256:b14da4c6ff7f5017595ead81cdb957663afc99b2c72d3414c952df5f8857dd6f +generated: "2024-03-03T00:27:57.357979839Z" diff --git a/Chart.yaml b/Chart.yaml index ff6d9d3..98d1014 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,7 +35,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.6 + version: 14.2.3 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index 3333510..cd25274 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -15,7 +15,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/postgresql-repmgr:16.+$ + pattern: bitnami/postgresql-repmgr:16.+$ - it: "[postgresql] ensures we detect major image version upgrades" template: charts/postgresql/templates/primary/statefulset.yaml set: @@ -28,7 +28,7 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^registry-1.docker.io/bitnami/postgresql:16.+$ + pattern: bitnami/postgresql:16.+$ - it: "[redis-cluster] ensures we detect major image version upgrades" template: charts/redis-cluster/templates/redis-statefulset.yaml set: @@ -39,4 +39,4 @@ tests: matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/redis-cluster:7.+$ + pattern: bitnami/redis-cluster:7.+$ -- 2.40.1 From 2d77b626acead41a6a3af2a7611474995fe24154 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 4 Mar 2024 14:55:47 +0000 Subject: [PATCH 324/390] chore(deps): update postgresql-ha docker tag to v13 (#624) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | major | `12.8.2` -> `13.4.5` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/624 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index cd0d611..2852c5a 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 14.2.3 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.8.2 + version: 13.4.5 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.7.0 -digest: sha256:b14da4c6ff7f5017595ead81cdb957663afc99b2c72d3414c952df5f8857dd6f -generated: "2024-03-03T00:27:57.357979839Z" +digest: sha256:d45b7e7809f0dff3b0cfb67f0e5fc6212adc8d3063d7ef4f8214333221124ced +generated: "2024-03-04T00:21:06.961651495Z" diff --git a/Chart.yaml b/Chart.yaml index 98d1014..b2ee279 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -40,7 +40,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 12.8.2 + version: 13.4.5 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From d2bfa0250dea97b24fd79e798314878a68cdefcc Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 13 Mar 2024 00:35:30 +0000 Subject: [PATCH 325/390] chore(deps): update subcharts (minor & patch) (#626) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index 2852c5a..0edcb97 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.3 + version: 14.3.3 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.5 + version: 13.6.1 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.7.0 -digest: sha256:d45b7e7809f0dff3b0cfb67f0e5fc6212adc8d3063d7ef4f8214333221124ced -generated: "2024-03-04T00:21:06.961651495Z" + version: 9.8.1 +digest: sha256:f703f9ca341f0d73ebb520ef7ae9e33787e24dc36a694b9132b6765e73b44e6b +generated: "2024-03-12T00:44:41.072524172Z" diff --git a/Chart.yaml b/Chart.yaml index b2ee279..85e3342 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.3 + version: 14.3.3 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.5 + version: 13.6.1 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.7.0 + version: 9.8.1 condition: redis-cluster.enabled -- 2.40.1 From 7fa896a0cee98ae1459ac263c5196b14402fede5 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 15 Mar 2024 16:02:06 +0000 Subject: [PATCH 326/390] Resolve conflicting behavior during `make readme` (#627) The current README content is a result of running markdownlint with simple fixes enabled. It shouldn't fix _any_ issues, even after generating the parameter section. Unfortunately, this is not the case right now. This resolves the long-running dispute of both tools. :wink: --- Since I already modified the `values.yaml`, I decided to include a change regarding code signing. Otherwise, it may confuse users after merging #596. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/627 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 10 +++++----- values.yaml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a58b18f..defd747 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [redis-cluster](#redis-cluster) - - [PostgreSQL-ha](#postgresql-ha) + - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) - [Contributing](#contributing) @@ -979,7 +979,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | ------------------------ | ----------------------------------------------------------------- | ------------------ | | `signing.enabled` | Enable commit/action signing | `false` | | `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | -| `signing.privateKey` | Inline private gpg key for signed Gitea actions | `""` | +| `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | ### Gitea @@ -1046,11 +1046,11 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | -### PostgreSQL-ha +### PostgreSQL HA | Name | Description | Value | | ------------------------------------------- | ---------------------------------------------------------------- | ----------- | -| `postgresql-ha.enabled` | Enable PostgreSQL-ha | `true` | +| `postgresql-ha.enabled` | Enable PostgreSQL HA | `true` | | `postgresql-ha.postgresql.password` | Password for the `gitea` user (overrides `auth.password`) | `changeme4` | | `postgresql-ha.global.postgresql.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | | `postgresql-ha.global.postgresql.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | @@ -1059,7 +1059,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | | `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL-ha volume | `10Gi` | +| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` | ### PostgreSQL diff --git a/values.yaml b/values.yaml index 175c27f..4b6f017 100644 --- a/values.yaml +++ b/values.yaml @@ -323,7 +323,7 @@ initContainers: # ## @param signing.enabled Enable commit/action signing ## @param signing.gpgHome GPG home directory -## @param signing.privateKey Inline private gpg key for signed Gitea actions +## @param signing.privateKey Inline private gpg key for signed internal Git activity ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey` signing: enabled: false @@ -492,9 +492,9 @@ redis-cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 -## @section postgresql-ha +## @section PostgreSQL HA # -## @param postgresql-ha.enabled Enable postgresql-ha +## @param postgresql-ha.enabled Enable PostgreSQL HA ## @param postgresql-ha.postgresql.password Password for the `gitea` user (overrides `auth.password`) ## @param postgresql-ha.global.postgresql.database Name for a custom database to create (overrides `auth.database`) ## @param postgresql-ha.global.postgresql.username Name for a custom user to create (overrides `auth.username`) @@ -502,8 +502,8 @@ redis-cluster: ## @param postgresql-ha.postgresql.repmgrPassword Repmgr Password ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword -## @param postgresql-ha.service.ports.postgresql postgresql service port (overrides `service.ports.postgresql`) -## @param postgresql-ha.primary.persistence.size PVC Storage Request for postgresql-ha volume +## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) +## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume postgresql-ha: global: postgresql: -- 2.40.1 From 3b2b700441e91a19a535e05de3a9eab2fef0b117 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 16 Mar 2024 12:52:11 +0000 Subject: [PATCH 327/390] chore(deps): update postgresql-ha docker tag to v14 (#628) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | major | `13.6.1` -> `14.0.0` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/628 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 0edcb97..c3f3006 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 14.3.3 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 13.6.1 + version: 14.0.0 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.8.1 -digest: sha256:f703f9ca341f0d73ebb520ef7ae9e33787e24dc36a694b9132b6765e73b44e6b -generated: "2024-03-12T00:44:41.072524172Z" +digest: sha256:7198cbc213ba08053d4896b72b59f1c8d1153542a894a82fcddfa74cf2fa4519 +generated: "2024-03-16T00:21:37.945732911Z" diff --git a/Chart.yaml b/Chart.yaml index 85e3342..5e6dce6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -40,7 +40,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 13.6.1 + version: 14.0.0 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 2a9273d32f0c9ae89903f303dcd7c565ad5e413b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 25 Mar 2024 00:38:32 +0000 Subject: [PATCH 328/390] chore(deps): update workflow dependencies (minor & patch) (#633) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 4 ++-- .vscode/settings.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index cab0424..c4cb9a0 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.14.2" + HELM_VERSION: "3.14.3" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 80de36a..9139106 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -11,12 +11,12 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "v0.4.2" + HELM_UNITTEST_VERSION: "v0.4.4" jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.14.2 + container: alpine/helm:3.14.3 steps: - name: install tools run: | diff --git a/.vscode/settings.json b/.vscode/settings.json index 43a5689..5fb5f66 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.2/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.4/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, -- 2.40.1 From 0135b102958040e085459a37c10f3ab08c576747 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 10 Apr 2024 12:49:03 +0000 Subject: [PATCH 329/390] chore(deps): update postgresql-ha docker tag to v14.0.2 (#638) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | patch | `14.0.0` -> `14.0.2` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/638 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index c3f3006..77e5311 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 14.3.3 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.0 + version: 14.0.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.8.1 -digest: sha256:7198cbc213ba08053d4896b72b59f1c8d1153542a894a82fcddfa74cf2fa4519 -generated: "2024-03-16T00:21:37.945732911Z" +digest: sha256:2acc983856ece0d40287b782f39fda37dc61e680c74cc9321a35943b0494f227 +generated: "2024-04-06T00:24:02.369372355Z" diff --git a/Chart.yaml b/Chart.yaml index 5e6dce6..10e680d 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -40,7 +40,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.0 + version: 14.0.2 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 153a664138e9ea12c2e18ca3c2d27b69b4163b6f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 14 Apr 2024 00:37:58 +0000 Subject: [PATCH 330/390] chore(deps): update postgresql-ha docker tag to v14.0.3 (#639) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 77e5311..32f79a9 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 14.3.3 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.2 + version: 14.0.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.8.1 -digest: sha256:2acc983856ece0d40287b782f39fda37dc61e680c74cc9321a35943b0494f227 -generated: "2024-04-06T00:24:02.369372355Z" +digest: sha256:7f57dc95094bdc8763bd9a6002b7afc0ec72fc69c1f0acb0970f76e4e7c30a09 +generated: "2024-04-14T00:19:21.16347599Z" diff --git a/Chart.yaml b/Chart.yaml index 10e680d..4660864 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -40,7 +40,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.2 + version: 14.0.3 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 2f809390be3c5195235a0199bf149947ed1aaf6a Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 16 Apr 2024 09:52:13 +0200 Subject: [PATCH 331/390] bump Gitea to 1.21.11 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 4660864..ae7d3b6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.7 +appVersion: 1.21.11 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From 74bae066c4713a1f09df5e2d97841b44c10933bf Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 16 Apr 2024 09:58:31 +0200 Subject: [PATCH 332/390] update docker install for release workflow from debian to ubuntu --- .gitea/workflows/release-version.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index c4cb9a0..30cd29d 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -23,9 +23,9 @@ jobs: echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list # docker install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y apt install -y python helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli pip install awscli -- 2.40.1 From 20b14b01c11dfc632bd0e4a397e6235de1c346c6 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 16 Apr 2024 10:14:04 +0200 Subject: [PATCH 333/390] update helm install logic in release wf --- .gitea/workflows/release-version.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 30cd29d..8145a64 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -19,15 +19,18 @@ jobs: apt update -y apt install -y curl ca-certificates curl gnupg # helm - curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list + curl -O https://get.helm.sh/helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz + tar -xzf helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz + mv linux-amd64/helm /usr/local/bin/ + rm -rf linux-amd64 helm-v${{ env.HELM_VERSION }}-linux-amd64.tar.gz + helm version # docker install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y - apt install -y python helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli + apt install -y python3 helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli pip install awscli - name: Import GPG key -- 2.40.1 From fd8246e51ddfe2f700b47ea523b796d18c6e98e8 Mon Sep 17 00:00:00 2001 From: pat-s Date: Tue, 16 Apr 2024 10:14:50 +0200 Subject: [PATCH 334/390] remove apt install helm command --- .gitea/workflows/release-version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 8145a64..4cc9b8a 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -30,7 +30,7 @@ jobs: chmod a+r /etc/apt/keyrings/docker.gpg echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y - apt install -y python3 helm=${{ env.HELM_VERSION }}-1 python3-pip apt-transport-https docker-ce-cli + apt install -y python3 python3-pip apt-transport-https docker-ce-cli pip install awscli - name: Import GPG key -- 2.40.1 From b768ded932545fc0aacc84233688b2ca22ddbab5 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 16 Apr 2024 08:20:32 +0000 Subject: [PATCH 335/390] chore(deps): update postgresql docker tag to v15 (#634) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | major | `14.3.3` -> `15.2.5` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/634 Reviewed-by: pat-s Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 32f79a9..dd660e8 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 14.3.3 + version: 15.2.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 14.0.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 9.8.1 -digest: sha256:7f57dc95094bdc8763bd9a6002b7afc0ec72fc69c1f0acb0970f76e4e7c30a09 -generated: "2024-04-14T00:19:21.16347599Z" +digest: sha256:c0e14be6256e5566046221e964461f2474c6f47b5fc5e6998bef07cab63ed334 +generated: "2024-04-14T00:42:18.534524663Z" diff --git a/Chart.yaml b/Chart.yaml index ae7d3b6..5e010a0 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,7 +35,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 14.3.3 + version: 15.2.5 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha -- 2.40.1 From a91624b52d5ea67913e2cdfb3d5e087f41889010 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 17 Apr 2024 06:58:01 +0000 Subject: [PATCH 336/390] chore(deps): update redis-cluster docker tag to v10 (#629) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [redis-cluster](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/redis-cluster)) | major | `9.8.1` -> `10.0.1` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/629 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index dd660e8..3202e68 100644 --- a/Chart.lock +++ b/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 14.0.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.8.1 -digest: sha256:c0e14be6256e5566046221e964461f2474c6f47b5fc5e6998bef07cab63ed334 -generated: "2024-04-14T00:42:18.534524663Z" + version: 10.0.1 +digest: sha256:cbfee678e3db8748732e455da34b05f8dae93c90ecee56e29c972a58fc271f04 +generated: "2024-04-17T00:22:53.156108052Z" diff --git a/Chart.yaml b/Chart.yaml index 5e010a0..78ff51e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -45,5 +45,5 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 9.8.1 + version: 10.0.1 condition: redis-cluster.enabled -- 2.40.1 From 42937062d93979bfca51e85b78b9e114196136c1 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 18 Apr 2024 07:23:34 +0000 Subject: [PATCH 337/390] Add codeowners file (#642) Co-authored-by: Lunny Xiao Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/642 Reviewed-by: Lunny Xiao Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- CODEOWNERS | 1 + 1 file changed, 1 insertion(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..42a693a --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @justusbunsi @pat-s \ No newline at end of file -- 2.40.1 From 617c773b7e59b20fb9935b126921393cf22de491 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 22 Apr 2024 00:41:51 +0000 Subject: [PATCH 338/390] chore(deps): update alpine/helm docker tag to v3.14.4 (#644) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 4cc9b8a..ef0e707 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.14.3" + HELM_VERSION: "3.14.4" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 9139106..22ec0c2 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.14.3 + container: alpine/helm:3.14.4 steps: - name: install tools run: | -- 2.40.1 From 15385d02eeb51d1131c96d91aaa3d863050be0bc Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 23 Apr 2024 07:13:16 +0000 Subject: [PATCH 339/390] chore(deps): update subcharts (minor & patch) (#645) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | patch | `14.0.3` -> `14.0.5` | | [redis-cluster](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/redis-cluster)) | patch | `10.0.1` -> `10.0.2` | --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/645 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 3202e68..a8883c2 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 15.2.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.3 + version: 14.0.5 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.1 -digest: sha256:cbfee678e3db8748732e455da34b05f8dae93c90ecee56e29c972a58fc271f04 -generated: "2024-04-17T00:22:53.156108052Z" + version: 10.0.2 +digest: sha256:9d09fe6921721c807217899dea60fb8f4ba2f3571475bb27c70efef1d7906e21 +generated: "2024-04-23T00:41:23.725895255Z" diff --git a/Chart.yaml b/Chart.yaml index 78ff51e..00faca9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -40,10 +40,10 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.3 + version: 14.0.5 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.1 + version: 10.0.2 condition: redis-cluster.enabled -- 2.40.1 From 509ee975c464e068972091ade99f832b13ef0efe Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 28 Apr 2024 00:43:28 +0000 Subject: [PATCH 340/390] chore(deps): update dependency @bitnami/readme-generator-for-helm to v2.6.1 (#646) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 961bccf..f093e49 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,9 +16,9 @@ } }, "node_modules/@bitnami/readme-generator-for-helm": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.6.0.tgz", - "integrity": "sha512-LcByNCryaC2OJExL9rnhyFJ18+vrZu1gVoN2Z7j/HI42EjV4kLgT4G1KEPNnrKbls9HvozBqMG+sKZIDh0McFg==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/@bitnami/readme-generator-for-helm/-/readme-generator-for-helm-2.6.1.tgz", + "integrity": "sha512-rN0m0sfbOuaNdCmQWBfSj9o4kgzz+Dw67Dl1ssDVqghv/UpLkrDmNuTxhD1CWu+sesGL66UYJ2VplGz9KxlAdg==", "dev": true, "dependencies": { "commander": "^7.1.0", -- 2.40.1 From 4f4c71fb3927ae1bf62667e4af88323d83833953 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 29 Apr 2024 00:41:48 +0000 Subject: [PATCH 341/390] chore(deps): update postgresql-ha docker tag to v14.0.6 (#647) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index a8883c2..17aa3cd 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 15.2.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.5 + version: 14.0.6 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.0.2 -digest: sha256:9d09fe6921721c807217899dea60fb8f4ba2f3571475bb27c70efef1d7906e21 -generated: "2024-04-23T00:41:23.725895255Z" +digest: sha256:04d52a4904b56a16ea14afe1c6a9d22304be0ed68cd532a62a98f4debf0c00bb +generated: "2024-04-28T00:48:00.97510472Z" diff --git a/Chart.yaml b/Chart.yaml index 00faca9..4c84f61 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -40,7 +40,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.5 + version: 14.0.6 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From dd304c1c1ac3726924d7311a688cd68c6883ffaa Mon Sep 17 00:00:00 2001 From: Dalton Russell Date: Thu, 2 May 2024 04:43:42 +0000 Subject: [PATCH 342/390] Add deployment labels to deployment (#649) ### Description of the change Applies `deployment.labels` to the deployment itself. ### Benefits Allows the user to add labels to the deployment. ### Possible drawbacks None ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [X] Templating unittests are added Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/649 Reviewed-by: justusbunsi Co-authored-by: Dalton Russell Co-committed-by: Dalton Russell --- templates/gitea/deployment.yaml | 5 ++++- unittests/deployment/basic.yaml | 14 ++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index 247a560..ca1bdd9 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- end }} labels: {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.deployment.labels }} + {{- toYaml .Values.deployment.labels | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.replicaCount }} strategy: @@ -397,4 +400,4 @@ spec: {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/unittests/deployment/basic.yaml b/unittests/deployment/basic.yaml index 64b7cf7..c18fc36 100644 --- a/unittests/deployment/basic.yaml +++ b/unittests/deployment/basic.yaml @@ -15,3 +15,17 @@ tests: kind: Deployment apiVersion: apps/v1 name: gitea-unittests + - it: deployment labels are set + template: templates/gitea/deployment.yaml + set: + deployment.labels: + hello: world + asserts: + - isSubset: + path: metadata.labels + content: + hello: world + - isSubset: + path: spec.template.metadata.labels + content: + hello: world -- 2.40.1 From 0b2f3d6eb9c2aebf4473dd98dbd3cf558d2ecf0c Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 2 May 2024 08:05:26 +0000 Subject: [PATCH 343/390] Quote image tag (#641) fix #631 Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/641 Co-authored-by: pat-s Co-committed-by: pat-s --- templates/_helpers.tpl | 2 +- unittests/deployment/image-configuration.yaml | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 45e7a28..30ee3b9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -40,7 +40,7 @@ Create image name and tag used by the deployment. {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} {{- $repository := .Values.image.repository -}} {{- $separator := ":" -}} -{{- $tag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}} {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} {{- $digest := "" -}} {{- if .Values.image.digest }} diff --git a/unittests/deployment/image-configuration.yaml b/unittests/deployment/image-configuration.yaml index 35f8981..7b1e146 100644 --- a/unittests/deployment/image-configuration.yaml +++ b/unittests/deployment/image-configuration.yaml @@ -91,3 +91,20 @@ tests: - equal: path: spec.template.spec.containers[0].image value: "global.example.com/gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a" + - it: correctly renders floating tag references + template: templates/gitea/deployment.yaml + set: + image.tag: 1.21 # use non-quoted value on purpose. See: https://gitea.com/gitea/helm-chart/issues/631 + asserts: + - equal: + path: spec.template.spec.initContainers[0].image + value: "gitea/gitea:1.21-rootless" + - equal: + path: spec.template.spec.initContainers[1].image + value: "gitea/gitea:1.21-rootless" + - equal: + path: spec.template.spec.initContainers[2].image + value: "gitea/gitea:1.21-rootless" + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.21-rootless" -- 2.40.1 From dc30c66d25a3e3bc70f78f45fb171ac737dd37bd Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 5 May 2024 01:11:45 +0000 Subject: [PATCH 344/390] chore(deps): update subcharts (minor & patch) (#652) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 17aa3cd..0802bc0 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.5 + version: 15.2.8 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.6 + version: 14.0.10 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.0.2 -digest: sha256:04d52a4904b56a16ea14afe1c6a9d22304be0ed68cd532a62a98f4debf0c00bb -generated: "2024-04-28T00:48:00.97510472Z" +digest: sha256:24edee003b5f12c9d768b1de5df0704e453261617e4f9c33db5108d41a9b7926 +generated: "2024-05-05T00:42:14.628489824Z" diff --git a/Chart.yaml b/Chart.yaml index 4c84f61..3d15b83 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,12 +35,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.5 + version: 15.2.8 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.6 + version: 14.0.10 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 548f932422afde7fe01f6fba1ed7d0da393e1d51 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 12 May 2024 00:41:34 +0000 Subject: [PATCH 345/390] chore(deps): update postgresql docker tag to v15.2.12 (#654) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 0802bc0..4d201e2 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.8 + version: 15.2.12 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 14.0.10 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.0.2 -digest: sha256:24edee003b5f12c9d768b1de5df0704e453261617e4f9c33db5108d41a9b7926 -generated: "2024-05-05T00:42:14.628489824Z" +digest: sha256:596c6ba91686123896bcbc19560b18b09a30a02a1687fb367b1b505da3423840 +generated: "2024-05-11T00:41:12.268020959Z" diff --git a/Chart.yaml b/Chart.yaml index 3d15b83..2de01a9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,7 +35,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.8 + version: 15.2.12 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha -- 2.40.1 From 4d62136a3d2c67b132c72eb2abeb189b10707c8d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 14 May 2024 00:40:39 +0000 Subject: [PATCH 346/390] chore(deps): update workflow dependencies (minor & patch) (#653) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/test-pr.yml | 2 +- .vscode/settings.json | 2 +- package-lock.json | 123 ++++++++++++++++++++--------------- package.json | 2 +- 4 files changed, 73 insertions(+), 56 deletions(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 22ec0c2..7e1a196 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -11,7 +11,7 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "v0.4.4" + HELM_UNITTEST_VERSION: "v0.5.1" jobs: check-and-test: diff --git a/.vscode/settings.json b/.vscode/settings.json index 5fb5f66..f7fde3e 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.4.4/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.1/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, diff --git a/package-lock.json b/package-lock.json index f093e49..7743c82 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.39.0" + "markdownlint-cli": "^0.40.0" }, "engines": { "node": ">=16.0.0", @@ -261,9 +261,9 @@ } }, "node_modules/ignore": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", - "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", "dev": true, "engines": { "node": ">= 4" @@ -345,6 +345,15 @@ "integrity": "sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==", "dev": true }, + "node_modules/jsonpointer": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz", + "integrity": "sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/linkify-it": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz", @@ -361,18 +370,18 @@ "dev": true }, "node_modules/lru-cache": { - "version": "9.1.1", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-9.1.1.tgz", - "integrity": "sha512-65/Jky17UwSb0BuB9V+MyDpsOtXKmYwzhyl+cOa9XUiI4uV2Ouy/2voFP3+al0BjZbJgMBD8FojMpAf+Z+qn4A==", + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==", "dev": true, "engines": { "node": "14 || >=16.14" } }, "node_modules/markdown-it": { - "version": "14.0.0", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.0.0.tgz", - "integrity": "sha512-seFjF0FIcPt4P9U39Bq1JYblX0KZCjDLFFQPHpL5AzHpqPEKtosxmdq/LTVZnjfH7tjt9BxStm+wXcDBNuYmzw==", + "version": "14.1.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz", + "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==", "dev": true, "dependencies": { "argparse": "^2.0.1", @@ -380,7 +389,7 @@ "linkify-it": "^5.0.0", "mdurl": "^2.0.0", "punycode.js": "^2.3.1", - "uc.micro": "^2.0.0" + "uc.micro": "^2.1.0" }, "bin": { "markdown-it": "bin/markdown-it.mjs" @@ -400,13 +409,13 @@ } }, "node_modules/markdownlint": { - "version": "0.33.0", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.33.0.tgz", - "integrity": "sha512-4lbtT14A3m0LPX1WS/3d1m7Blg+ZwiLq36WvjQqFGsX3Gik99NV+VXp/PW3n+Q62xyPdbvGOCfjPqjW+/SKMig==", + "version": "0.34.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.34.0.tgz", + "integrity": "sha512-qwGyuyKwjkEMOJ10XN6OTKNOVYvOIi35RNvDLNxTof5s8UmyGHlCdpngRHoRGNvQVGuxO3BJ7uNSgdeX166WXw==", "dev": true, "dependencies": { - "markdown-it": "14.0.0", - "markdownlint-micromark": "0.1.8" + "markdown-it": "14.1.0", + "markdownlint-micromark": "0.1.9" }, "engines": { "node": ">=18" @@ -416,20 +425,22 @@ } }, "node_modules/markdownlint-cli": { - "version": "0.39.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.39.0.tgz", - "integrity": "sha512-ZuFN7Xpsbn1Nbp0YYkeLOfXOMOfLQBik2lKRy8pVI/llmKQ2uW7x+8k5OMgF6o7XCsTDSYC/OOmeJ+3qplvnJQ==", + "version": "0.40.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.40.0.tgz", + "integrity": "sha512-JXhI3dRQcaqwiFYpPz6VJ7aKYheD53GmTz9y4D/d0F1MbZDGOp9pqKlbOfUX/pHP/iAoeiE4wYRmk8/kjLakxA==", "dev": true, "dependencies": { - "commander": "~11.1.0", + "commander": "~12.0.0", "get-stdin": "~9.0.0", - "glob": "~10.3.10", - "ignore": "~5.3.0", + "glob": "~10.3.12", + "ignore": "~5.3.1", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.1", - "markdownlint": "~0.33.0", - "minimatch": "~9.0.3", - "run-con": "~1.3.2" + "jsonpointer": "5.0.1", + "markdownlint": "~0.34.0", + "minimatch": "~9.0.4", + "run-con": "~1.3.2", + "toml": "~3.0.0" }, "bin": { "markdownlint": "markdownlint.js" @@ -448,25 +459,25 @@ } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", - "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-12.0.0.tgz", + "integrity": "sha512-MwVNWlYjDTtOjX5PiD7o5pK0UrFU/OYgcJfjjK4RaHZETNtjJqrZa9Y9ds88+A+f+d5lv+561eZ+yCKoS3gbAA==", "dev": true, "engines": { - "node": ">=16" + "node": ">=18" } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.3.10", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", - "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", + "version": "10.3.14", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.14.tgz", + "integrity": "sha512-4fkAqu93xe9Mk7le9v0y3VrPDqLKHarNi2s4Pv7f2yOvfhWfhc7hRPHC/JyqMqb8B/Dt/eGS4n7ykwf3fOsl8g==", "dev": true, "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^2.3.5", + "jackspeak": "^2.3.6", "minimatch": "^9.0.1", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", - "path-scurry": "^1.10.1" + "minipass": "^7.0.4", + "path-scurry": "^1.11.0" }, "bin": { "glob": "dist/esm/bin.mjs" @@ -479,9 +490,9 @@ } }, "node_modules/markdownlint-cli/node_modules/minimatch": { - "version": "9.0.3", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", - "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "version": "9.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", "dev": true, "dependencies": { "brace-expansion": "^2.0.1" @@ -494,12 +505,12 @@ } }, "node_modules/markdownlint-micromark": { - "version": "0.1.8", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.8.tgz", - "integrity": "sha512-1ouYkMRo9/6gou9gObuMDnvZM8jC/ly3QCFQyoSPCS2XV1ZClU0xpKbL1Ar3bWWRT1RnBZkWUEiNKrI2CwiBQA==", + "version": "0.1.9", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.9.tgz", + "integrity": "sha512-5hVs/DzAFa8XqYosbEAEg6ok6MF2smDj89ztn9pKkCtdKHVdPQuGMH7frFfYL9mLkvfFe4pTyAMffLbjf3/EyA==", "dev": true, "engines": { - "node": ">=16" + "node": ">=18" }, "funding": { "url": "https://github.com/sponsors/DavidAnson" @@ -533,12 +544,12 @@ } }, "node_modules/minipass": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", - "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.1.tgz", + "integrity": "sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA==", "dev": true, "engines": { - "node": ">=8" + "node": ">=16 || 14 >=14.17" } }, "node_modules/once": { @@ -569,12 +580,12 @@ } }, "node_modules/path-scurry": { - "version": "1.10.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz", - "integrity": "sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ==", + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.0.tgz", + "integrity": "sha512-LNHTaVkzaYaLGlO+0u3rQTz7QrHTFOuKyba9JMTQutkmtNew8dw8wOD7mTU/5fCPZzCWpfW0XnQKzY61P0aTaw==", "dev": true, "dependencies": { - "lru-cache": "^9.1.1 || ^10.0.0", + "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { @@ -758,10 +769,16 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/toml": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/toml/-/toml-3.0.0.tgz", + "integrity": "sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w==", + "dev": true + }, "node_modules/uc.micro": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.0.0.tgz", - "integrity": "sha512-DffL94LsNOccVn4hyfRe5rdKa273swqeA5DJpMOeFmEn1wCDc7nAbbB0gXlgBCL7TNzeTv6G7XVWzan7iJtfig==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz", + "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==", "dev": true }, "node_modules/which": { diff --git a/package.json b/package.json index 32f1599..20522b5 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.39.0" + "markdownlint-cli": "^0.40.0" } } -- 2.40.1 From b13063ad7a9a0364820bd6a23a7232806abf0523 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 23 May 2024 00:45:28 +0000 Subject: [PATCH 347/390] chore(deps): update subcharts (minor & patch) (#656) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index 4d201e2..58f8ce1 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.12 + version: 15.4.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.10 + version: 14.1.0 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.2 -digest: sha256:596c6ba91686123896bcbc19560b18b09a30a02a1687fb367b1b505da3423840 -generated: "2024-05-11T00:41:12.268020959Z" + version: 10.0.6 +digest: sha256:f5fa526c8388d241f9ed32007993893dd67a6eb9374644e7a7787824e2430349 +generated: "2024-05-22T00:38:09.769277175Z" diff --git a/Chart.yaml b/Chart.yaml index 2de01a9..f7afb84 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.12 + version: 15.4.0 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.10 + version: 14.1.0 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.2 + version: 10.0.6 condition: redis-cluster.enabled -- 2.40.1 From 21bc9a548b010fa7088126673b89f43979577e21 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 26 May 2024 00:41:07 +0000 Subject: [PATCH 348/390] chore(deps): update subcharts (minor & patch) (#658) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 58f8ce1..8387557 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 15.4.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.0 + version: 14.1.2 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.6 -digest: sha256:f5fa526c8388d241f9ed32007993893dd67a6eb9374644e7a7787824e2430349 -generated: "2024-05-22T00:38:09.769277175Z" + version: 10.2.0 +digest: sha256:9cf8e9cc91ed8e7222943de488ff2a75f49ef16115ae9c252b969a0df0d5c696 +generated: "2024-05-25T00:43:29.277245931Z" diff --git a/Chart.yaml b/Chart.yaml index f7afb84..16fd7e9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -40,10 +40,10 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.0 + version: 14.1.2 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.0.6 + version: 10.2.0 condition: redis-cluster.enabled -- 2.40.1 From f897e6350be5159670eb54a5a00cc8a90254748b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 27 May 2024 14:54:59 +0000 Subject: [PATCH 349/390] chore(deps): update workflow dependencies (minor & patch) (#660) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine/helm | | minor | `3.14.4` -> `3.15.1` | | alpine/helm | container | minor | `3.14.4` -> `3.15.1` | | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.40.0` -> `^0.41.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.40.0/0.41.0) | --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/660 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- package-lock.json | 81 ++++++++++++++++------------ package.json | 2 +- 4 files changed, 50 insertions(+), 37 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index ef0e707..1f0b49f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.14.4" + HELM_VERSION: "3.15.1" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 7e1a196..01d3981 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.14.4 + container: alpine/helm:3.15.1 steps: - name: install tools run: | diff --git a/package-lock.json b/package-lock.json index 7743c82..c00c95e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.40.0" + "markdownlint-cli": "^0.41.0" }, "engines": { "node": ">=16.0.0", @@ -310,10 +310,11 @@ "dev": true }, "node_modules/jackspeak": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", - "integrity": "sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz", + "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==", "dev": true, + "license": "BlueOak-1.0.0", "dependencies": { "@isaacs/cliui": "^8.0.2" }, @@ -425,14 +426,15 @@ } }, "node_modules/markdownlint-cli": { - "version": "0.40.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.40.0.tgz", - "integrity": "sha512-JXhI3dRQcaqwiFYpPz6VJ7aKYheD53GmTz9y4D/d0F1MbZDGOp9pqKlbOfUX/pHP/iAoeiE4wYRmk8/kjLakxA==", + "version": "0.41.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.41.0.tgz", + "integrity": "sha512-kp29tKrMKdn+xonfefjp3a/MsNzAd9c5ke0ydMEI9PR98bOjzglYN4nfMSaIs69msUf1DNkgevAIAPtK2SeX0Q==", "dev": true, + "license": "MIT", "dependencies": { - "commander": "~12.0.0", + "commander": "~12.1.0", "get-stdin": "~9.0.0", - "glob": "~10.3.12", + "glob": "~10.4.1", "ignore": "~5.3.1", "js-yaml": "^4.1.0", "jsonc-parser": "~3.2.1", @@ -440,7 +442,7 @@ "markdownlint": "~0.34.0", "minimatch": "~9.0.4", "run-con": "~1.3.2", - "toml": "~3.0.0" + "smol-toml": "~1.2.0" }, "bin": { "markdownlint": "markdownlint.js" @@ -454,36 +456,39 @@ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, + "license": "MIT", "dependencies": { "balanced-match": "^1.0.0" } }, "node_modules/markdownlint-cli/node_modules/commander": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-12.0.0.tgz", - "integrity": "sha512-MwVNWlYjDTtOjX5PiD7o5pK0UrFU/OYgcJfjjK4RaHZETNtjJqrZa9Y9ds88+A+f+d5lv+561eZ+yCKoS3gbAA==", + "version": "12.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz", + "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==", "dev": true, + "license": "MIT", "engines": { "node": ">=18" } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.3.14", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.14.tgz", - "integrity": "sha512-4fkAqu93xe9Mk7le9v0y3VrPDqLKHarNi2s4Pv7f2yOvfhWfhc7hRPHC/JyqMqb8B/Dt/eGS4n7ykwf3fOsl8g==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz", + "integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==", "dev": true, + "license": "ISC", "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^2.3.6", - "minimatch": "^9.0.1", - "minipass": "^7.0.4", - "path-scurry": "^1.11.0" + "jackspeak": "^3.1.2", + "minimatch": "^9.0.4", + "minipass": "^7.1.2", + "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -494,6 +499,7 @@ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", "dev": true, + "license": "ISC", "dependencies": { "brace-expansion": "^2.0.1" }, @@ -544,10 +550,11 @@ } }, "node_modules/minipass": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.1.tgz", - "integrity": "sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA==", + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", + "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", "dev": true, + "license": "ISC", "engines": { "node": ">=16 || 14 >=14.17" } @@ -580,16 +587,17 @@ } }, "node_modules/path-scurry": { - "version": "1.11.0", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.0.tgz", - "integrity": "sha512-LNHTaVkzaYaLGlO+0u3rQTz7QrHTFOuKyba9JMTQutkmtNew8dw8wOD7mTU/5fCPZzCWpfW0XnQKzY61P0aTaw==", + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", "dev": true, + "license": "BlueOak-1.0.0", "dependencies": { "lru-cache": "^10.2.0", "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": ">=16 || 14 >=14.18" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -661,6 +669,17 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/smol-toml": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.2.0.tgz", + "integrity": "sha512-KObxdQANC/xje3OoatMbSwQf2XAvJ0RbK+4nmQRszFNZptbNRnMWqbLF/zb4sMi9xJ6HNyhWXeuZ9zC/I/XY7w==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">= 18", + "pnpm": ">= 9" + } + }, "node_modules/string-width": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", @@ -769,12 +788,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/toml": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/toml/-/toml-3.0.0.tgz", - "integrity": "sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w==", - "dev": true - }, "node_modules/uc.micro": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz", diff --git a/package.json b/package.json index 20522b5..3cc3449 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.40.0" + "markdownlint-cli": "^0.41.0" } } -- 2.40.1 From 157e87593d70410832ff09da953f04c7d4ee16ab Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 2 Jun 2024 00:23:26 +0000 Subject: [PATCH 350/390] chore(deps): update subcharts (minor & patch) (#663) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 8387557..1126574 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.4.0 + version: 15.5.0 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.2 + version: 14.1.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.0 -digest: sha256:9cf8e9cc91ed8e7222943de488ff2a75f49ef16115ae9c252b969a0df0d5c696 -generated: "2024-05-25T00:43:29.277245931Z" +digest: sha256:f7feb678e253951354014684cca973ce7656aa8fd812e627534257dad7765069 +generated: "2024-06-01T00:49:20.470701261Z" diff --git a/Chart.yaml b/Chart.yaml index 16fd7e9..c8c3abd 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,12 +35,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.4.0 + version: 15.5.0 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.2 + version: 14.1.3 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 22848d0ce7d025567e73320ea95957897119e0c4 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 6 Jun 2024 20:36:53 +0000 Subject: [PATCH 351/390] Bump Gitea to 1.22 (#662) @justusbunsi I've been running 1.22 with this chart on some clusters for some days now without issues. I think no further adjustments are needed on the chart side. Maybe we can get some of the other open PRs in? Also: Let me know if you want to do the release this time - I did a lot lately, happy to let you have a go for this one :) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/662 Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index c8c3abd..a78360f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.21.11 +appVersion: 1.22.0 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From b7b60dd51f11e998c17fc9be5fc20d6730b77100 Mon Sep 17 00:00:00 2001 From: Ceddaerrix Date: Thu, 6 Jun 2024 20:39:41 +0000 Subject: [PATCH 352/390] DRY improvements (#664) ### Description of the change Adding support for DRY principle (via use of the TPL function) to the PVC storage class and the ingress class ### Benefits It allows to reference a variable into another one to avoid duplicating them (or using YAML anchors). It is useful and valuable when including Gitea into an umbrella chart with multiple components and to have a single variable while the components variable only refer to that single one. Example 1 ``` global: persistence: storageClass: "storage-class" persistence: storageClass: "{{ .Values.global.persistence.storageClass }}" ``` This results in having `spec.storageClassName` equal to `storage-class` in the PVC object Example 2 ``` global: ingress: className: "ingress-class" ingress: className: "{{ .Values.global.ingress.className}}" ``` This results in having `spec.ingressClassName` equal to `ingress-class` in the Ingress object ### Possible drawbacks N/A ### Checklist - [X] Templating unittests are added Co-authored-by: 212597596 Co-authored-by: pat-s Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/664 Reviewed-by: pat-s Co-authored-by: Ceddaerrix Co-committed-by: Ceddaerrix --- templates/_helpers.tpl | 2 +- templates/gitea/ingress.yaml | 2 +- .../deployment/ingress-configuration.yaml | 24 +++++++++++++++++++ unittests/pvc/pvc-configuration.yaml | 19 +++++++++++++++ 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 unittests/pvc/pvc-configuration.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 30ee3b9..4c74291 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -74,7 +74,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} +{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 9991eec..cd743fe 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -21,7 +21,7 @@ metadata: {{- end }} spec: {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} + ingressClassName: {{ tpl .Values.ingress.className . }} {{- end }} {{- if .Values.ingress.tls }} tls: diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml index 6a36eb0..a6998ee 100644 --- a/unittests/deployment/ingress-configuration.yaml +++ b/unittests/deployment/ingress-configuration.yaml @@ -15,9 +15,33 @@ tests: hosts: - "{{ .Values.global.giteaHostName }}" asserts: + - isKind: + of: Ingress - equal: path: spec.tls[0].hosts[0] value: "gitea.example.com" - equal: path: spec.rules[0].host value: "gitea.example.com" + - it: Ingress Class using TPL + set: + global.ingress.className: "ingress-class" + ingress.className: "{{ .Values.global.ingress.className }}" + ingress.enabled: true + ingress.hosts[0].host: "some-host" + ingress.tls: + - secretName: gitea-tls + hosts: + - "some-host" + asserts: + - isKind: + of: Ingress + - equal: + path: spec.tls[0].hosts[0] + value: "some-host" + - equal: + path: spec.rules[0].host + value: "some-host" + - equal: + path: spec.ingressClassName + value: "ingress-class" diff --git a/unittests/pvc/pvc-configuration.yaml b/unittests/pvc/pvc-configuration.yaml new file mode 100644 index 0000000..3431000 --- /dev/null +++ b/unittests/pvc/pvc-configuration.yaml @@ -0,0 +1,19 @@ +suite: PVC template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/pvc.yaml +tests: + - it: Storage Class using TPL + set: + global.persistence.storageClass: "storage-class" + persistence.enabled: true + persistence.create: true + persistence.storageClass: "{{ .Values.global.persistence.storageClass }}" + asserts: + - isKind: + of: PersistentVolumeClaim + - equal: + path: spec.storageClassName + value: "storage-class" -- 2.40.1 From d407eda496a8f012c30efa33171d1a51086e934a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 8 Jun 2024 01:01:27 +0000 Subject: [PATCH 353/390] chore(deps): update subcharts (minor & patch) (#665) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index 1126574..68d902f 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.0 + version: 15.5.4 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.3 + version: 14.2.3 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.0 -digest: sha256:f7feb678e253951354014684cca973ce7656aa8fd812e627534257dad7765069 -generated: "2024-06-01T00:49:20.470701261Z" + version: 10.2.3 +digest: sha256:27f6cc8c2b72a70f8b53cb6ea2c0fc22a9bb9c61f7ce73d2103447d5c778eabf +generated: "2024-06-08T00:24:11.020661786Z" diff --git a/Chart.yaml b/Chart.yaml index a78360f..e2d8a59 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.0 + version: 15.5.4 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.1.3 + version: 14.2.3 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.0 + version: 10.2.3 condition: redis-cluster.enabled -- 2.40.1 From 030322170e17ecf8c2225c9343896f9bc27699ec Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 15 Jun 2024 00:42:23 +0000 Subject: [PATCH 354/390] chore(deps): update subcharts (minor & patch) (#667) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 68d902f..721a358 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.4 + version: 15.5.5 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.3 + version: 14.2.5 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.3 -digest: sha256:27f6cc8c2b72a70f8b53cb6ea2c0fc22a9bb9c61f7ce73d2103447d5c778eabf -generated: "2024-06-08T00:24:11.020661786Z" +digest: sha256:9925f1f5b421918a3d81864e62df4e5793896327dd9996c153a19af627ed784f +generated: "2024-06-15T00:18:26.969328336Z" diff --git a/Chart.yaml b/Chart.yaml index e2d8a59..ae32bb4 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,12 +35,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.4 + version: 15.5.5 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.3 + version: 14.2.5 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 4dd17f045bce9009c9860da6105fc9960ffbd0db Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 22 Jun 2024 00:40:03 +0000 Subject: [PATCH 355/390] chore(deps): update alpine/helm docker tag to v3.15.2 (#668) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 1f0b49f..8bc374f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.15.1" + HELM_VERSION: "3.15.2" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 01d3981..df2ee51 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.15.1 + container: alpine/helm:3.15.2 steps: - name: install tools run: | -- 2.40.1 From c4168dd0298a51d97084cacbd5ee84fe1e2b4e5a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 23 Jun 2024 00:21:38 +0000 Subject: [PATCH 356/390] chore(deps): update subcharts (minor & patch) (#669) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index 721a358..d86e447 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.5 + version: 15.5.9 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.5 + version: 14.2.7 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.3 -digest: sha256:9925f1f5b421918a3d81864e62df4e5793896327dd9996c153a19af627ed784f -generated: "2024-06-15T00:18:26.969328336Z" + version: 10.2.5 +digest: sha256:c4474ed68ad3a43182f8285aca05aca562939be06863e004ffed06829ed3c81b +generated: "2024-06-22T00:44:42.719713356Z" diff --git a/Chart.yaml b/Chart.yaml index ae32bb4..907be2f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.5 + version: 15.5.9 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.5 + version: 14.2.7 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.3 + version: 10.2.5 condition: redis-cluster.enabled -- 2.40.1 From 1ac39a6f5dd0dc09c2fd933f79d75d883bf4278d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 30 Jun 2024 00:21:50 +0000 Subject: [PATCH 357/390] chore(deps): update subcharts (minor & patch) (#670) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index d86e447..a5d66f7 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.9 + version: 15.5.11 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.7 + version: 14.2.8 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.5 -digest: sha256:c4474ed68ad3a43182f8285aca05aca562939be06863e004ffed06829ed3c81b -generated: "2024-06-22T00:44:42.719713356Z" +digest: sha256:9707ed6d4527cb9e2055a20d53f921529e4649692ad0c104bd1bf2991365b812 +generated: "2024-06-29T00:19:17.596985596Z" diff --git a/Chart.yaml b/Chart.yaml index 907be2f..2d6c880 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,12 +35,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.9 + version: 15.5.11 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.7 + version: 14.2.8 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 6ffc0a37909c1318fa5d5e1242f2874e210bd570 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 6 Jul 2024 00:43:22 +0000 Subject: [PATCH 358/390] chore(deps): update subcharts (minor & patch) (#680) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 10 +++++----- Chart.yaml | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Chart.lock b/Chart.lock index a5d66f7..2a1aff0 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.11 + version: 15.5.14 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.8 + version: 14.2.11 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.5 -digest: sha256:9707ed6d4527cb9e2055a20d53f921529e4649692ad0c104bd1bf2991365b812 -generated: "2024-06-29T00:19:17.596985596Z" + version: 10.2.6 +digest: sha256:9bca43256b80ebb6c265a91f81b33ca30536a993d3089413c12fd4ac4d91d0d0 +generated: "2024-07-06T00:19:14.943493055Z" diff --git a/Chart.yaml b/Chart.yaml index 2d6c880..3a20799 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,15 +35,15 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.11 + version: 15.5.14 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.8 + version: 14.2.11 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.5 + version: 10.2.6 condition: redis-cluster.enabled -- 2.40.1 From 6226e4eaea84b7ad3ab59bcb454bdd42c90b79a2 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 7 Jul 2024 09:57:16 +0000 Subject: [PATCH 359/390] Add non-clustered redis as sub-chart (#672) Co-authored-by: Julien Co-authored-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/672 Reviewed-by: justusbunsi Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.lock | 7 +++-- Chart.yaml | 5 ++++ Makefile | 2 +- README.md | 32 +++++++++++++++------ templates/_helpers.tpl | 12 ++++++-- unittests/config/cache-config.yaml | 25 ++++++++++++++-- unittests/config/queue-config.yaml | 25 ++++++++++++++-- unittests/config/session-config.yaml | 25 ++++++++++++++-- unittests/dependency-major-image-check.yaml | 15 ++++++++++ unittests/values-conflicting-checks.yaml | 14 +++++++++ values.yaml | 22 +++++++++++++- 11 files changed, 163 insertions(+), 21 deletions(-) create mode 100644 unittests/values-conflicting-checks.yaml diff --git a/Chart.lock b/Chart.lock index 2a1aff0..a927d2d 100644 --- a/Chart.lock +++ b/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.6 -digest: sha256:9bca43256b80ebb6c265a91f81b33ca30536a993d3089413c12fd4ac4d91d0d0 -generated: "2024-07-06T00:19:14.943493055Z" +- name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.6.1 +digest: sha256:b67d5866d0e5c17ae77d617f11d0c598c93b90dd4703684799f6a77282d8d96d +generated: "2024-07-07T11:54:30.9528697+02:00" diff --git a/Chart.yaml b/Chart.yaml index 3a20799..a8eec12 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -47,3 +47,8 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.6 condition: redis-cluster.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml + - name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.6.1 + condition: redis.enabled diff --git a/Makefile b/Makefile index 4e4b5bd..cc92433 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' -f 'unittests/values-conflicting-checks.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/README.md b/README.md index defd747..56d902e 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [redis-cluster](#redis-cluster) + - [redis](#redis) - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) @@ -98,7 +99,8 @@ These dependencies are enabled by default: Alternatively, the following non-HA replacements are available: -- PostgreSQL ([Bitnami PostgreSQL](postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml))) +- PostgreSQL ([Bitnami PostgreSQL]()) +- Redis ([Bitnami Redis]()) ### Dependency Versioning @@ -117,6 +119,7 @@ Please double-check the image repository and available tags in the sub-chart: - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) +- [Redis](https://hub.docker.com/r/bitnami/redis/tags) and look up the image tag which fits your needs on Dockerhub. @@ -244,7 +247,7 @@ External tools such as `redis-cluster` or `memcached` handle these workloads muc If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance. -1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql`): +1. For a production-ready single-pod Gitea instance without external dependencies (using the chart dependency `postgresql` and `redis`):
@@ -253,6 +256,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: true postgresql: enabled: true postgresql-ha: @@ -265,12 +270,6 @@ If HA is not needed/desired, the following configurations can be used to deploy config: database: DB_TYPE: postgres - session: - PROVIDER: db - cache: - ADAPTER: memory - queue: - TYPE: level indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true @@ -290,6 +289,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: false postgresql: enabled: false postgresql-ha: @@ -1039,13 +1040,26 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### redis-cluster +Redis cluster and [Redis](#redis) cannot be enabled at the same time. + | Name | Description | Value | | -------------------------------- | -------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.enabled` | Enable redis cluster | `true` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | +### redis + +Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. + +| Name | Description | Value | +| ----------------------------- | ------------------------------------------ | ------------ | +| `redis.enabled` | Enable redis standalone or replicated | `false` | +| `redis.architecture` | Whether to use standalone or replication | `standalone` | +| `redis.global.redis.password` | Required password | `changeme` | +| `redis.master.count` | Number of Redis master instances to deploy | `1` | + ### PostgreSQL HA | Name | Description | Value | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4c74291..d8dfd7d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -113,20 +113,28 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "redis.dns" -}} -{{- if (index .Values "redis-cluster").enabled -}} +{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} +{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} +{{- else if (index .Values "redis-cluster").enabled -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} {{- end -}} {{- end -}} {{- define "redis.port" -}} {{- if (index .Values "redis-cluster").enabled -}} {{ (index .Values "redis-cluster").service.ports.redis }} +{{- else if (index .Values "redis").enabled -}} +{{ (index .Values "redis").master.service.ports.redis }} {{- end -}} {{- end -}} {{- define "redis.servicename" -}} {{- if (index .Values "redis-cluster").enabled -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- end -}} @@ -271,7 +279,7 @@ https {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} {{- /* redis queue */ -}} - {{- if (index .Values "redis-cluster").enabled -}} + {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml index cd55d90..8ebde62 100644 --- a/unittests/config/cache-config.yaml +++ b/unittests/config/cache-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: ADAPTER=redis HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" + - it: "cache is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=redis + HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: ADAPTER=memory HOST= - - it: "cache can be customized when redis-cluster is disabled" + - it: "cache can be customized when redis (or redis-cluster) is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.cache.ADAPTER: custom-adapter gitea.config.cache.HOST: custom-host asserts: diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml index f83543a..b4946c7 100644 --- a/unittests/config/queue-config.yaml +++ b/unittests/config/queue-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& TYPE=redis - - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" + - it: "queue is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + TYPE=redis + + - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: CONN_STR= TYPE=level - - it: "queue can be customized when redis-cluster is disabled" + - it: "queue can be customized when redis (and redis-cluster) are disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.queue.TYPE: custom-type gitea.config.queue.CONN_STR: custom-connection-string asserts: diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml index 2b6e771..5078cf2 100644 --- a/unittests/config/session-config.yaml +++ b/unittests/config/session-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: PROVIDER=redis PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "session is configured correctly for 'memory' when redis-cluster is disabled" + - it: "session is configured correctly for redis" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=redis + PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: PROVIDER=memory PROVIDER_CONFIG= - - it: "session can be customized when redis-cluster is disabled" + - it: "session can be customized when redis (and redis-cluster) is disabled" template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.session.PROVIDER: custom-provider gitea.config.session.PROVIDER_CONFIG: custom-provider-config asserts: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index cd25274..2646ade 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -34,9 +34,24 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST pattern: bitnami/redis-cluster:7.+$ + - it: "[redis] ensures we detect major image version upgrades" + template: charts/redis/templates/master/application.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/redis:7.+$ diff --git a/unittests/values-conflicting-checks.yaml b/unittests/values-conflicting-checks.yaml new file mode 100644 index 0000000..a257690 --- /dev/null +++ b/unittests/values-conflicting-checks.yaml @@ -0,0 +1,14 @@ +suite: Values conflicting checks +release: + name: gitea-unittests + namespace: testing +tests: + - it: fails when trying to configure redis and redis-cluster the same time + set: + redis-cluster: + enabled: true + redis: + enabled: true + asserts: + - failedTemplate: + errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one. diff --git a/values.yaml b/values.yaml index 4b6f017..8d93102 100644 --- a/values.yaml +++ b/values.yaml @@ -481,10 +481,13 @@ gitea: failureThreshold: 10 ## @section redis-cluster -## @param redis-cluster.enabled Enable redis +## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas +## @descriptionStart +## Redis cluster and [Redis](#redis) cannot be enabled at the same time. +## @descriptionEnd redis-cluster: enabled: true usePassword: false @@ -492,6 +495,23 @@ redis-cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 +## @section redis +## @param redis.enabled Enable redis standalone or replicated +## @param redis.architecture Whether to use standalone or replication +## @param redis.global.redis.password Required password +## @param redis.master.count Number of Redis master instances to deploy +## @descriptionStart +## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. +## @descriptionEnd +redis: + enabled: false + architecture: standalone + global: + redis: + password: changeme + master: + count: 1 + ## @section PostgreSQL HA # ## @param postgresql-ha.enabled Enable PostgreSQL HA -- 2.40.1 From 1dbf171ad3566dc3cddd5aa74650708da0238d6e Mon Sep 17 00:00:00 2001 From: James Harmison Date: Sun, 7 Jul 2024 09:59:29 +0000 Subject: [PATCH 360/390] Enable admin user password creation/update mode in values (#677) ### Description of the change This enables sane modes for forcing reset, as well as providing more options to users of the chart by giving them the flexibility to set the mode for password creation/modification as part of init whether the user exists or not. ### Benefits The new default should revert to the behavior before #673 became an issue, while also providing more flexibility for users who want to be able to manage their initial admin user password out-of-band after creating it the first time. ### Possible drawbacks None that I can think of. ### Applicable issues - fixes #673 ### Additional information See the discussion in #675 as well ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/677 Reviewed-by: justusbunsi Co-authored-by: James Harmison Co-committed-by: James Harmison --- README.md | 47 ++++++++++++++++++++++----------- templates/_helpers.tpl | 8 ++++++ templates/gitea/deployment.yaml | 2 ++ templates/gitea/init.yaml | 28 +++++++++++++++++--- values.yaml | 2 ++ 5 files changed, 67 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 56d902e..52dc794 100644 --- a/README.md +++ b/README.md @@ -569,6 +569,20 @@ gitea: existingSecret: gitea-admin-secret ``` +Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set. + +- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated. +- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password. +- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login. + +These modes can be set like the following: + +```yaml +gitea: + admin: + passwordMode: initialOnlyRequireReset +``` + ### LDAP Settings Like the admin user the LDAP settings can be updated. @@ -985,22 +999,23 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Gitea -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | -| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | +| Name | Description | Value | +| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | +| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | ### LivenessProbe diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index d8dfd7d..c7d13d9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -400,3 +400,11 @@ https {{- define "gitea.serviceAccountName" -}} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{- end -}} + +{{- define "gitea.admin.passwordMode" -}} +{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} +{{ .Values.gitea.admin.passwordMode }} +{{- else -}} +{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} +{{- end -}} +{{- end -}} diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index ca1bdd9..f321f22 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -243,6 +243,8 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} + - name: GITEA_ADMIN_PASSWORD_MODE + value: {{ include "gitea.admin.passwordMode" $ }} {{- if .Values.deployment.env }} {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index a67166b..0352836 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -109,13 +109,33 @@ stringData: local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then + local -a create_args + create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }}) + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then + create_args+=(--must-change-password=true) + else + create_args+=(--must-change-password=false) + fi echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." - gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false + gitea admin user create "${create_args[@]}" echo '...created.' else - echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." - gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" - echo '...password sync done.' + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + # See https://gitea.com/gitea/helm-chart/issues/673 + # --must-change-password argument was added to change-password, defaulting to true, counter to the previous behavior + # which acted as if it were provided with =false. If the argument is present in this version of gitea, then we + # should add it to prevent requiring frequent admin password resets. + local -a change_args + change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}") + if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then + change_args+=(--must-change-password=false) + fi + gitea admin user change-password "${change_args[@]}" + echo '...password sync done.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping." + fi fi } diff --git a/values.yaml b/values.yaml index 8d93102..a44eca9 100644 --- a/values.yaml +++ b/values.yaml @@ -342,12 +342,14 @@ gitea: ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.password Password for the Gitea admin user ## @param gitea.admin.email Email for the Gitea admin user + ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: "gitea@local.domain" + passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Gitea metrics ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor -- 2.40.1 From 3265a5ed5358b8358dda6b434e773696e39d4ae9 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 7 Jul 2024 14:48:54 +0200 Subject: [PATCH 361/390] Drop helm signing to release 10.3.0 Right now, the generated `.prov` file is not uploaded along with the actual `.tgz` file. This makes it impossible to verify our Helm Charts. In addition, we only sign the old-fashioned `.tgz` file, not the OCI-based releases on DockerHub. The incentive to do this very commit is an expired GPG key that prevents our release. Signed-off-by: justusbunsi --- .gitea/workflows/release-version.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 8bc374f..c57421f 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -49,7 +49,6 @@ jobs: helm plugin install https://github.com/pat-s/helm-gpg helm dependency build helm package --version "${GITHUB_REF#refs/tags/v}" ./ - helm gpg sign "gitea-${GITHUB_REF#refs/tags/v}.tgz" mkdir gitea mv gitea*.tgz gitea/ curl -s -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml -- 2.40.1 From 5c6cd932febf8c12cfa2d2858e66b6456e88ecad Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 13 Jul 2024 00:41:15 +0000 Subject: [PATCH 362/390] chore(deps): update postgresql docker tag to v15.5.16 (#683) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index a927d2d..fd62e33 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.14 + version: 15.5.16 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts version: 14.2.11 @@ -11,5 +11,5 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts version: 19.6.1 -digest: sha256:b67d5866d0e5c17ae77d617f11d0c598c93b90dd4703684799f6a77282d8d96d -generated: "2024-07-07T11:54:30.9528697+02:00" +digest: sha256:2f5e7ab97242b6254437fe1ebaff720ef93d159ae600b5ff84e6251a02ec4b25 +generated: "2024-07-13T00:17:56.909401868Z" diff --git a/Chart.yaml b/Chart.yaml index a8eec12..6e987e1 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,7 +35,7 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.14 + version: 15.5.16 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha -- 2.40.1 From a5359190259b6f503ebc41cf5e2d4409174c6a41 Mon Sep 17 00:00:00 2001 From: Karitham Date: Mon, 15 Jul 2024 15:13:25 +0000 Subject: [PATCH 363/390] feat: `service.{http,ssh}.loadBalancerClass` (#640) ### Description of the change Introduce `service.{http,ssh}.loadBalancerClass` ### Benefits Feature was not supported before. This is required if your cluster has multiple loadBalancer options and you want to select one ### Possible drawbacks More yaml. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Templating unittests are added Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/640 Reviewed-by: pat-s Co-authored-by: Karitham Co-committed-by: Karitham --- README.md | 2 + templates/gitea/http-svc.yaml | 7 ++- templates/gitea/ssh-svc.yaml | 3 + unittests/deployment/svc-configuration.yaml | 67 +++++++++++++++++++++ values.yaml | 4 ++ 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 52dc794..ec29243 100644 --- a/README.md +++ b/README.md @@ -904,6 +904,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.annotations` | HTTP service annotations | `{}` | | `service.http.labels` | HTTP service additional labels | `{}` | +| `service.http.loadBalancerClass` | Loadbalancer class | `nil` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | | `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | @@ -917,6 +918,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.annotations` | SSH service annotations | `{}` | | `service.ssh.labels` | SSH service additional labels | `{}` | +| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` | ### Ingress diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 0ec7370..06163a6 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -11,7 +11,11 @@ metadata: {{- toYaml .Values.service.http.annotations | nindent 4 }} spec: type: {{ .Values.service.http.type }} - {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} + {{- if eq .Values.service.http.type "LoadBalancer" }} + {{- if .Values.service.http.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.http.loadBalancerClass }} + {{- end }} + {{- if and .Values.service.http.loadBalancerIP }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} {{- end }} {{- if .Values.service.http.loadBalancerSourceRanges }} @@ -20,6 +24,7 @@ spec: - {{ . }} {{- end }} {{- end }} + {{- end }} {{- if .Values.service.http.externalIPs }} externalIPs: {{- toYaml .Values.service.http.externalIPs | nindent 4 }} diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 3ee756c..131b0b9 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -12,6 +12,9 @@ metadata: spec: type: {{ .Values.service.ssh.type }} {{- if eq .Values.service.ssh.type "LoadBalancer" }} + {{- if .Values.service.ssh.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }} + {{- end }} {{- if .Values.service.ssh.loadBalancerIP }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} {{- end -}} diff --git a/unittests/deployment/svc-configuration.yaml b/unittests/deployment/svc-configuration.yaml index a032470..24059ea 100644 --- a/unittests/deployment/svc-configuration.yaml +++ b/unittests/deployment/svc-configuration.yaml @@ -49,3 +49,70 @@ tests: asserts: - exists: path: metadata.labels["app"] + + - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer + template: templates/gitea/ssh-svc.yaml + set: + service: + ssh: + loadBalancerClass: "example.com/class" + type: LoadBalancer + loadBalancerIP: "1.2.3.4" + loadBalancerSourceRanges: + - "1.2.3.4/32" + - "5.6.7.8/32" + asserts: + - equal: + path: spec.loadBalancerClass + value: "example.com/class" + - equal: + path: spec.loadBalancerIP + value: "1.2.3.4" + - equal: + path: spec.loadBalancerSourceRanges + value: ["1.2.3.4/32", "5.6.7.8/32"] + + - it: does not render when loadbalancer properties are set but type is not loadBalancerClass + template: templates/gitea/http-svc.yaml + set: + service: + http: + type: ClusterIP + loadBalancerClass: "example.com/class" + loadBalancerIP: "1.2.3.4" + loadBalancerSourceRanges: + - "1.2.3.4/32" + - "5.6.7.8/32" + asserts: + - notExists: + path: spec.loadBalancerClass + - notExists: + path: spec.loadBalancerIP + - notExists: + path: spec.loadBalancerSourceRanges + + - it: does not render loadBalancerClass by default even when type is LoadBalancer + template: templates/gitea/http-svc.yaml + set: + service: + http: + type: LoadBalancer + loadBalancerIP: "1.2.3.4" + asserts: + - notExists: + path: spec.loadBalancerClass + - equal: + path: spec.loadBalancerIP + value: "1.2.3.4" + + - it: both ssh and http services exist + templates: + - templates/gitea/ssh-svc.yaml + - templates/gitea/http-svc.yaml + asserts: + - matchRegex: + path: metadata.name + pattern: "^gitea-unittests-(?:ssh|http)$" + - matchRegex: + path: spec.ports[0].name + pattern: "^(?:ssh|http)$" diff --git a/values.yaml b/values.yaml index a44eca9..af66f24 100644 --- a/values.yaml +++ b/values.yaml @@ -107,6 +107,7 @@ service: ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations ## @param service.http.labels HTTP service additional labels + ## @param service.http.loadBalancerClass Loadbalancer class http: type: ClusterIP port: 3000 @@ -120,6 +121,7 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} + loadBalancerClass: ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None @@ -133,6 +135,7 @@ service: ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations ## @param service.ssh.labels SSH service additional labels + ## @param service.ssh.loadBalancerClass Loadbalancer class ssh: type: ClusterIP port: 22 @@ -147,6 +150,7 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} + loadBalancerClass: ## @section Ingress ## @param ingress.enabled Enable ingress -- 2.40.1 From e29cd1c289441c0a3f5131f6c068c08744312722 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 20 Jul 2024 00:40:11 +0000 Subject: [PATCH 364/390] chore(deps): update alpine/helm docker tag to v3.15.3 (#687) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index c57421f..994add0 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.15.2" + HELM_VERSION: "3.15.3" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index df2ee51..cbbfcbd 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -16,7 +16,7 @@ env: jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.15.2 + container: alpine/helm:3.15.3 steps: - name: install tools run: | -- 2.40.1 From c32c6f929fcc551bd493888caf877e99b9ce69c3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 21 Jul 2024 00:21:49 +0000 Subject: [PATCH 365/390] chore(deps): update subcharts (minor & patch) (#688) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 12 ++++++------ Chart.yaml | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Chart.lock b/Chart.lock index fd62e33..0a1b8e3 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.16 + version: 15.5.17 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.11 + version: 14.2.12 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.6 + version: 10.2.7 - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 19.6.1 -digest: sha256:2f5e7ab97242b6254437fe1ebaff720ef93d159ae600b5ff84e6251a02ec4b25 -generated: "2024-07-13T00:17:56.909401868Z" + version: 19.6.2 +digest: sha256:842e8878e2da9cd62c2233f5ebfcdaa05598633a8bc2fa84803006929cf0c3cc +generated: "2024-07-20T00:44:58.227558466Z" diff --git a/Chart.yaml b/Chart.yaml index 6e987e1..a2b9c0c 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -35,20 +35,20 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.16 + version: 15.5.17 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.11 + version: 14.2.12 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.6 + version: 10.2.7 condition: redis-cluster.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 19.6.1 + version: 19.6.2 condition: redis.enabled -- 2.40.1 From 2a762f0865b69e8e95d5b7c91b1e758b44f23ee6 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sun, 21 Jul 2024 11:46:40 +0000 Subject: [PATCH 366/390] Gitea 1.22.1 (#684) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/684 Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index a2b9c0c..55a47e2 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.22.0 +appVersion: 1.22.1 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From e19723a3fb5cebcc1e6b2fc3ed54efbb984c02a2 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Tue, 23 Jul 2024 13:38:49 +0000 Subject: [PATCH 367/390] Improve Renovate behavior (#689) - Add Gitea releases for `appVersion` - Rewrite Helm changelog url to retrieve release notes Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/689 Reviewed-by: pat-s Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.yaml | 1 + renovate.json5 | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index 55a47e2..d65e571 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,6 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 +# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?.*)$ appVersion: 1.22.1 icon: https://gitea.com/assets/img/logo.svg diff --git a/renovate.json5 b/renovate.json5 index 1831179..d0a0ac6 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -30,6 +30,14 @@ ], datasourceTemplate: 'github-releases', }, + { + 'description': 'Automatically detect new Gitea releases', + 'customType': 'regex', + 'fileMatch': ['(^|/)Chart\\.yaml$'], + 'matchStrings': [ + '# renovate datasource=(?\\S+) depName=(?\\S+) extractVersion=(?\\S+)\\nappVersion:\\s?(?\\S+)\\n', + ], + }, ], packageRules: [ { @@ -56,5 +64,12 @@ 'digest', ], }, + { + description: 'Override changelog url for Helm image, to have release notes in our PRs', + matchDepNames: [ + 'alpine/helm', + ], + changelogUrl: 'https://github.com/helm/helm', + }, ], } -- 2.40.1 From 1c71764d3c5ffd02869700412b277323f6511a06 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 27 Jul 2024 00:42:36 +0000 Subject: [PATCH 368/390] chore(deps): update dependency helm-unittest/helm-unittest to v0.5.2 (#692) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/test-pr.yml | 2 +- .vscode/settings.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index cbbfcbd..78ed267 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -11,7 +11,7 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "v0.5.1" + HELM_UNITTEST_VERSION: "v0.5.2" jobs: check-and-test: diff --git a/.vscode/settings.json b/.vscode/settings.json index f7fde3e..5271d28 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.1/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, -- 2.40.1 From 339ee942606fd89ec38f95e57df16bc555e902f9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 28 Jul 2024 00:21:27 +0000 Subject: [PATCH 369/390] chore(deps): update subcharts (minor & patch) (#693) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 12 ++++++------ Chart.yaml | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Chart.lock b/Chart.lock index 0a1b8e3..9223ca5 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.17 + version: 15.5.20 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.12 + version: 14.2.14 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.7 + version: 10.2.9 - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 19.6.2 -digest: sha256:842e8878e2da9cd62c2233f5ebfcdaa05598633a8bc2fa84803006929cf0c3cc -generated: "2024-07-20T00:44:58.227558466Z" + version: 19.6.4 +digest: sha256:b6d81fdd70e6c2928e815f169749cb8f773c113a08088b0180180829558e4c18 +generated: "2024-07-27T00:47:31.621904982Z" diff --git a/Chart.yaml b/Chart.yaml index d65e571..9b467c3 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,20 +36,20 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.17 + version: 15.5.20 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.12 + version: 14.2.14 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.7 + version: 10.2.9 condition: redis-cluster.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 19.6.2 + version: 19.6.4 condition: redis.enabled -- 2.40.1 From 036b469ff9d4c2c3fe385eb623d7356157140c69 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 3 Aug 2024 00:46:33 +0000 Subject: [PATCH 370/390] chore(deps): update subcharts (minor & patch) (#695) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 9223ca5..5023ad2 100644 --- a/Chart.lock +++ b/Chart.lock @@ -4,12 +4,12 @@ dependencies: version: 15.5.20 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.14 + version: 14.2.16 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.9 + version: 10.3.0 - name: redis repository: oci://registry-1.docker.io/bitnamicharts version: 19.6.4 -digest: sha256:b6d81fdd70e6c2928e815f169749cb8f773c113a08088b0180180829558e4c18 -generated: "2024-07-27T00:47:31.621904982Z" +digest: sha256:a28c809273f313c482e3f803a0a002c3bb3a0d2090bf6b732d68ecc4710b4732 +generated: "2024-08-03T00:21:16.080925346Z" diff --git a/Chart.yaml b/Chart.yaml index 9b467c3..3e62db5 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,12 +41,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.14 + version: 14.2.16 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts - version: 10.2.9 + version: 10.3.0 condition: redis-cluster.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml - name: redis -- 2.40.1 From 9dc3f7c086797e1c9a104d699136c6dd3fe12b66 Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 29 Aug 2024 09:20:27 +0000 Subject: [PATCH 371/390] Fix persistence for `postgresql-ha` (#704) fix #703 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/704 Reviewed-by: techknowlogick Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 2 +- values.yaml | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ec29243..31bb251 100644 --- a/README.md +++ b/README.md @@ -1090,7 +1090,7 @@ Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. | `postgresql-ha.postgresql.postgresPassword` | postgres Password | `changeme1` | | `postgresql-ha.pgpool.adminPassword` | pgpool adminPassword | `changeme3` | | `postgresql-ha.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | -| `postgresql-ha.primary.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` | +| `postgresql-ha.persistence.size` | PVC Storage Request for PostgreSQL HA volume | `10Gi` | ### PostgreSQL diff --git a/values.yaml b/values.yaml index af66f24..90b6f4f 100644 --- a/values.yaml +++ b/values.yaml @@ -529,7 +529,7 @@ redis: ## @param postgresql-ha.postgresql.postgresPassword postgres Password ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) -## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume +## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume postgresql-ha: global: postgresql: @@ -546,9 +546,8 @@ postgresql-ha: service: ports: postgresql: 5432 - primary: - persistence: - size: 10Gi + persistence: + size: 10Gi ## @section PostgreSQL # -- 2.40.1 From 3fdb39df6808cb04046acc7f5d33efd332ae7f3a Mon Sep 17 00:00:00 2001 From: tobiasbp Date: Wed, 11 Sep 2024 12:49:18 +0000 Subject: [PATCH 372/390] Do not log errors in init-directories container during Gitea launch (#708) When the _init-directories_ container runs, the shell script _init_directory_structure.sh_ logs to _stderr_ because debugging is enabled with _set -x_. The output from the script, should be logged to _stdout_ instead. The issue is discussed here: https://gitea.com/gitea/helm-chart/issues/701 ### Description of the change This PR uses the _verbose_ flag with all commands in the script to log what the script is doing. ### Benefits Log entries with incorrect severity _ERROR_ will no longer be logged in _Kubernetes_. ### Possible drawbacks Log output will change. If someone had a check for certain log entries from the _init container_, that check would break. ### Checklist Updated unit tests. Co-authored-by: tobias.petersen Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/708 Reviewed-by: techknowlogick Reviewed-by: pat-s Co-authored-by: tobiasbp Co-committed-by: tobiasbp --- templates/gitea/init.yaml | 22 +++++----- .../init_directory_structure.sh-rootless.yaml | 42 ++++++++----------- .../init/init_directory_structure.sh.yaml | 38 ++++++++--------- 3 files changed, 45 insertions(+), 57 deletions(-) diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 0352836..71973e3 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -24,27 +24,25 @@ stringData: # END: initPreScript {{- end }} - set -x - {{- if not .Values.image.rootless }} - chown 1000:1000 /data + chown -v 1000:1000 /data {{- end }} - mkdir -p /data/git/.ssh - chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + mkdir -pv /data/git/.ssh + chmod -Rv 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf # prepare temp directory structure - mkdir -p "${GITEA_TEMP}" + mkdir -pv "${GITEA_TEMP}" {{- if not .Values.image.rootless }} - chown 1000:1000 "${GITEA_TEMP}" + chown -v 1000:1000 "${GITEA_TEMP}" {{- end }} - chmod ug+rwx "${GITEA_TEMP}" + chmod -v ug+rwx "${GITEA_TEMP}" {{ if .Values.signing.enabled -}} if [ ! -d "${GNUPGHOME}" ]; then - mkdir -p "${GNUPGHOME}" - chmod 700 "${GNUPGHOME}" - chown 1000:1000 "${GNUPGHOME}" + mkdir -pv "${GNUPGHOME}" + chmod -v 700 "${GNUPGHOME}" + chown -v 1000:1000 "${GNUPGHOME}" fi {{- end }} diff --git a/unittests/init/init_directory_structure.sh-rootless.yaml b/unittests/init/init_directory_structure.sh-rootless.yaml index 29dac81..e41ca4d 100644 --- a/unittests/init/init_directory_structure.sh-rootless.yaml +++ b/unittests/init/init_directory_structure.sh-rootless.yaml @@ -28,15 +28,13 @@ tests: #!/usr/bin/env bash set -euo pipefail - - set -x - mkdir -p /data/git/.ssh - chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + mkdir -pv /data/git/.ssh + chmod -Rv 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf # prepare temp directory structure - mkdir -p "${GITEA_TEMP}" - chmod ug+rwx "${GITEA_TEMP}" + mkdir -pv "${GITEA_TEMP}" + chmod -v ug+rwx "${GITEA_TEMP}" - it: adds gpg script block for enabled signing set: signing.enabled: true @@ -51,20 +49,18 @@ tests: #!/usr/bin/env bash set -euo pipefail - - set -x - mkdir -p /data/git/.ssh - chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + mkdir -pv /data/git/.ssh + chmod -Rv 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf # prepare temp directory structure - mkdir -p "${GITEA_TEMP}" - chmod ug+rwx "${GITEA_TEMP}" + mkdir -pv "${GITEA_TEMP}" + chmod -v ug+rwx "${GITEA_TEMP}" if [ ! -d "${GNUPGHOME}" ]; then - mkdir -p "${GNUPGHOME}" - chmod 700 "${GNUPGHOME}" - chown 1000:1000 "${GNUPGHOME}" + mkdir -pv "${GNUPGHOME}" + chmod -v 700 "${GNUPGHOME}" + chown -v 1000:1000 "${GNUPGHOME}" fi - it: it does not chown /data even when image.fullOverride is set template: templates/gitea/init.yaml @@ -77,12 +73,10 @@ tests: #!/usr/bin/env bash set -euo pipefail - - set -x - mkdir -p /data/git/.ssh - chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + mkdir -pv /data/git/.ssh + chmod -Rv 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf # prepare temp directory structure - mkdir -p "${GITEA_TEMP}" - chmod ug+rwx "${GITEA_TEMP}" + mkdir -pv "${GITEA_TEMP}" + chmod -v ug+rwx "${GITEA_TEMP}" diff --git a/unittests/init/init_directory_structure.sh.yaml b/unittests/init/init_directory_structure.sh.yaml index 7e59404..7327265 100644 --- a/unittests/init/init_directory_structure.sh.yaml +++ b/unittests/init/init_directory_structure.sh.yaml @@ -31,17 +31,15 @@ tests: #!/usr/bin/env bash set -euo pipefail - - set -x - chown 1000:1000 /data - mkdir -p /data/git/.ssh - chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + chown -v 1000:1000 /data + mkdir -pv /data/git/.ssh + chmod -Rv 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf # prepare temp directory structure - mkdir -p "${GITEA_TEMP}" - chown 1000:1000 "${GITEA_TEMP}" - chmod ug+rwx "${GITEA_TEMP}" + mkdir -pv "${GITEA_TEMP}" + chown -v 1000:1000 "${GITEA_TEMP}" + chmod -v ug+rwx "${GITEA_TEMP}" - it: adds gpg script block for enabled signing set: image.rootless: false @@ -57,20 +55,18 @@ tests: #!/usr/bin/env bash set -euo pipefail - - set -x - chown 1000:1000 /data - mkdir -p /data/git/.ssh - chmod -R 700 /data/git/.ssh - [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf + chown -v 1000:1000 /data + mkdir -pv /data/git/.ssh + chmod -Rv 700 /data/git/.ssh + [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf # prepare temp directory structure - mkdir -p "${GITEA_TEMP}" - chown 1000:1000 "${GITEA_TEMP}" - chmod ug+rwx "${GITEA_TEMP}" + mkdir -pv "${GITEA_TEMP}" + chown -v 1000:1000 "${GITEA_TEMP}" + chmod -v ug+rwx "${GITEA_TEMP}" if [ ! -d "${GNUPGHOME}" ]; then - mkdir -p "${GNUPGHOME}" - chmod 700 "${GNUPGHOME}" - chown 1000:1000 "${GNUPGHOME}" + mkdir -pv "${GNUPGHOME}" + chmod -v 700 "${GNUPGHOME}" + chown -v 1000:1000 "${GNUPGHOME}" fi -- 2.40.1 From 77aa11a3bbbbfc3864b91cd6055bbd3baa096787 Mon Sep 17 00:00:00 2001 From: pat-s Date: Wed, 11 Sep 2024 15:14:37 +0200 Subject: [PATCH 373/390] bump to gitea 1.22.2 --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 3e62db5..235deb6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?.*)$ -appVersion: 1.22.1 +appVersion: 1.22.2 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From e636984db1009e7bd1cb4961bdd6906131eb196d Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Wed, 18 Sep 2024 17:55:28 +0000 Subject: [PATCH 374/390] feat(serviceMonitor): custom configuration (#710) This patch extends the serviceMonitor resource to specify a custom TLS configuration used by prometheus to scrape the metrics. Furthermore, the interval and scrapeTimeout can now be adapted without changing the global defaults of the prometheus instance. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/710 Reviewed-by: pat-s Co-authored-by: Markus Pesch Co-committed-by: Markus Pesch --- README.md | 39 +++++++------ templates/gitea/servicemonitor.yaml | 19 +++++- unittests/servicemonitor/basic.yaml | 89 +++++++++++++++++++++++++++++ values.yaml | 12 +++- 4 files changed, 140 insertions(+), 19 deletions(-) create mode 100644 unittests/servicemonitor/basic.yaml diff --git a/README.md b/README.md index 31bb251..c0da2d2 100644 --- a/README.md +++ b/README.md @@ -1001,23 +1001,28 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Gitea -| Name | Description | Value | -| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | -| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | -| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | -| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` | +| `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` | +| `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | +| `gitea.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | `""` | +| `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `""` | +| `gitea.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` | +| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | ### LivenessProbe diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index 02750d0..d049f31 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.gitea.metrics.serviceMonitor.enabled -}} +{{- if and .Values.gitea.metrics.enabled .Values.gitea.metrics.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -14,4 +14,21 @@ spec: {{- include "gitea.selectorLabels" . | nindent 6 }} endpoints: - port: http + {{- if .Values.gitea.metrics.serviceMonitor.interval }} + interval: {{ .Values.gitea.metrics.serviceMonitor.interval }} + {{- end }} + {{- with .Values.gitea.metrics.serviceMonitor.relabelings }} + relabelings: + {{- . | toYaml | nindent 6 }} + {{- end }} + {{- if .Values.gitea.metrics.serviceMonitor.scheme }} + scheme: {{ .Values.gitea.metrics.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.gitea.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.gitea.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- with .Values.gitea.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- . | toYaml | nindent 6 }} + {{- end }} {{- end -}} \ No newline at end of file diff --git a/unittests/servicemonitor/basic.yaml b/unittests/servicemonitor/basic.yaml new file mode 100644 index 0000000..f5d0091 --- /dev/null +++ b/unittests/servicemonitor/basic.yaml @@ -0,0 +1,89 @@ +suite: ServiceMonitor template (basic) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/servicemonitor.yaml +tests: + - it: skips rendering by default + asserts: + - hasDocuments: + count: 0 + - it: renders default ServiceMonitor object with gitea.metrics.enabled=true + set: + gitea.metrics.enabled: true + asserts: + - hasDocuments: + count: 0 + - it: renders default ServiceMonitor object with gitea.metrics.serviceMonitor.enabled=true + set: + gitea.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 0 + - it: renders defaults + set: + gitea.metrics.enabled: true + gitea.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ServiceMonitor + apiVersion: monitoring.coreos.com/v1 + name: gitea-unittests + - notExists: + path: metadata.annotations + - notExists: + path: spec.endpoints[0].interval + - equal: + path: spec.endpoints[0].port + value: http + - notExists: + path: spec.endpoints[0].scheme + - notExists: + path: spec.endpoints[0].scrapeTimeout + - notExists: + path: spec.endpoints[0].tlsConfig + - it: renders custom scrape interval + set: + gitea.metrics.enabled: true + gitea.metrics.serviceMonitor.enabled: true + gitea.metrics.serviceMonitor.interval: 30s + gitea.metrics.serviceMonitor.scrapeTimeout: 5s + asserts: + - equal: + path: spec.endpoints[0].interval + value: 30s + - equal: + path: spec.endpoints[0].scrapeTimeout + value: 5s + - it: renders custom tls config + set: + gitea.metrics.enabled: true + gitea.metrics.serviceMonitor.enabled: true + gitea.metrics.serviceMonitor.scheme: https + gitea.metrics.serviceMonitor.tlsConfig.caFile: /etc/prometheus/tls/ca.crt + gitea.metrics.serviceMonitor.tlsConfig.certFile: /etc/prometheus/tls/tls.crt + gitea.metrics.serviceMonitor.tlsConfig.keyFile: /etc/prometheus/tls/tls.key + gitea.metrics.serviceMonitor.tlsConfig.insecureSkipVerify: false + gitea.metrics.serviceMonitor.tlsConfig.serverName: gitea-unittest + asserts: + - equal: + path: spec.endpoints[0].scheme + value: https + - equal: + path: spec.endpoints[0].tlsConfig.caFile + value: /etc/prometheus/tls/ca.crt + - equal: + path: spec.endpoints[0].tlsConfig.certFile + value: /etc/prometheus/tls/tls.crt + - equal: + path: spec.endpoints[0].tlsConfig.keyFile + value: /etc/prometheus/tls/tls.key + - equal: + path: spec.endpoints[0].tlsConfig.insecureSkipVerify + value: false + - equal: + path: spec.endpoints[0].tlsConfig.serverName + value: gitea-unittest diff --git a/values.yaml b/values.yaml index 90b6f4f..c9cc53b 100644 --- a/values.yaml +++ b/values.yaml @@ -356,13 +356,23 @@ gitea: passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Gitea metrics - ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor + ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. + ## @param gitea.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. + ## @param gitea.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. + ## @param gitea.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. Default is http. + ## @param gitea.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. + ## @param gitea.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus. metrics: enabled: false serviceMonitor: enabled: false # additionalLabels: # prometheus-release: prom1 + interval: "" + relabelings: [] + scheme: "" + scrapeTimeout: "" + tlsConfig: {} ## @param gitea.ldap LDAP configuration ldap: -- 2.40.1 From c039673e5af0350811837cbab3cb02599faf92db Mon Sep 17 00:00:00 2001 From: pat-s Date: Thu, 19 Sep 2024 21:59:47 +0000 Subject: [PATCH 375/390] Add comments about redis password policy (#706) fix #690 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/706 Co-authored-by: pat-s Co-committed-by: pat-s --- README.md | 3 +++ values.yaml | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/README.md b/README.md index c0da2d2..cf35855 100644 --- a/README.md +++ b/README.md @@ -498,6 +498,9 @@ redis-cluster: enabled: true ``` +⚠️ The redis charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-chart/issues/690). +Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. + ### Persistence Gitea will be deployed as a deployment. diff --git a/values.yaml b/values.yaml index c9cc53b..6e42107 100644 --- a/values.yaml +++ b/values.yaml @@ -498,6 +498,8 @@ gitea: ## @section redis-cluster ## @param redis-cluster.enabled Enable redis cluster +# ⚠️ The redis charts do not work well with special characters in the password (). +# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas @@ -514,6 +516,8 @@ redis-cluster: ## @section redis ## @param redis.enabled Enable redis standalone or replicated ## @param redis.architecture Whether to use standalone or replication +# ⚠️ The redis charts do not work well with special characters in the password (). +# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed. ## @param redis.global.redis.password Required password ## @param redis.master.count Number of Redis master instances to deploy ## @descriptionStart -- 2.40.1 From a08e39f8ff005a118769a2458f6a091c51ad53fd Mon Sep 17 00:00:00 2001 From: SorsOps Date: Tue, 8 Oct 2024 16:40:23 +0000 Subject: [PATCH 376/390] Fix namespace templating inconsistencies (#713) ### Description of the change Added namespaces to all the template files to better support alternate templaters in gitops systems ### Benefits Gitops system that have different ways of handling helm templates can actually deploy this chart correct, especially through subcharts ### Possible drawbacks Potential regression when upgrading, though this should be unlikely per @jessesanford 's comments with it defaulting back to the existing behaviour ### Applicable issues - Addresses https://gitea.com/gitea/helm-chart/issues/630 - Addresses https://gitea.com/gitea/helm-chart/issues/557 - Addresses https://gitea.com/gitea/helm-chart/issues/623 ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [X] Breaking changes are documented in the `README.md` Co-authored-by: SorsOps <80043879+sorsOps@users.noreply.github.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/713 Reviewed-by: pat-s Reviewed-by: justusbunsi Co-authored-by: SorsOps Co-committed-by: SorsOps --- README.md | 15 ++++++++------- templates/gitea/config.yaml | 2 ++ templates/gitea/deployment.yaml | 1 + templates/gitea/gpg-secret.yaml | 1 + templates/gitea/http-svc.yaml | 1 + templates/gitea/ingress.yaml | 1 + templates/gitea/init.yaml | 1 + templates/gitea/poddisruptionbudget.yaml | 1 + templates/gitea/pvc.yaml | 2 +- templates/gitea/serviceaccount.yaml | 2 +- templates/gitea/servicemonitor.yaml | 1 + templates/gitea/ssh-svc.yaml | 1 + templates/tests/test-http-connection.yaml | 1 + values.yaml | 3 +++ 14 files changed, 24 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index cf35855..56c0ac2 100644 --- a/README.md +++ b/README.md @@ -852,13 +852,14 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo ### Global -| Name | Description | Value | -| ------------------------- | ------------------------------------------------------------------------- | ----- | -| `global.imageRegistry` | global image registry override | `""` | -| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | -| `global.storageClass` | global storage class override | `""` | -| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | -| `replicaCount` | number of replicas for the deployment | `1` | +| Name | Description | Value | +| ------------------------- | ---------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | global image registry override | `""` | +| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | +| `global.storageClass` | global storage class override | `""` | +| `global.hostAliases` | global hostAliases which will be added to the pod's hosts files | `[]` | +| `namespace` | An explicit namespace to deploy Gitea into. Defaults to the release namespace if not specified | `""` | +| `replicaCount` | number of replicas for the deployment | `1` | ### strategy diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 68df5f8..897c8c9 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }}-inline-config + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque @@ -12,6 +13,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index f321f22..e66df68 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} annotations: {{- if .Values.deployment.annotations }} {{- toYaml .Values.deployment.annotations | nindent 4 }} diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml index 12dce66..46633c8 100644 --- a/templates/gitea/gpg-secret.yaml +++ b/templates/gitea/gpg-secret.yaml @@ -7,6 +7,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.gpg-key-secret-name" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 06163a6..28bd218 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "gitea.fullname" . }}-http + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.service.http.labels }} diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index cd743fe..dce7c90 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -13,6 +13,7 @@ apiVersion: {{ $apiVersion }} kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} annotations: diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 71973e3..5adc9a3 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gitea.fullname" . }}-init + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} type: Opaque diff --git a/templates/gitea/poddisruptionbudget.yaml b/templates/gitea/poddisruptionbudget.yaml index d2b7e17..270d5cf 100644 --- a/templates/gitea/poddisruptionbudget.yaml +++ b/templates/gitea/poddisruptionbudget.yaml @@ -7,6 +7,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} spec: diff --git a/templates/gitea/pvc.yaml b/templates/gitea/pvc.yaml index 601483e..035dbc4 100644 --- a/templates/gitea/pvc.yaml +++ b/templates/gitea/pvc.yaml @@ -3,7 +3,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.persistence.claimName }} - namespace: {{ $.Release.Namespace }} + namespace: {{ .Values.namespace | default .Release.Namespace }} annotations: {{ .Values.persistence.annotations | toYaml | indent 4}} labels: diff --git a/templates/gitea/serviceaccount.yaml b/templates/gitea/serviceaccount.yaml index e730f9c..0c211c5 100644 --- a/templates/gitea/serviceaccount.yaml +++ b/templates/gitea/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gitea.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index d049f31..1774214 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "gitea.fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 131b0b9..b2046fe 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "gitea.fullname" . }}-ssh + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- if .Values.service.ssh.labels }} diff --git a/templates/tests/test-http-connection.yaml b/templates/tests/test-http-connection.yaml index 8157442..da28ea6 100644 --- a/templates/tests/test-http-connection.yaml +++ b/templates/tests/test-http-connection.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Pod metadata: name: "{{ include "gitea.fullname" . }}-test-connection" + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{ include "gitea.labels" . | nindent 4 }} annotations: diff --git a/values.yaml b/values.yaml index 6e42107..a919224 100644 --- a/values.yaml +++ b/values.yaml @@ -20,6 +20,9 @@ global: # hostnames: # - example.com +## @param namespace An explicit namespace to deploy gitea into. Defaults to the release namespace if not specified +namespace: "" + ## @param replicaCount number of replicas for the deployment replicaCount: 1 -- 2.40.1 From aa9808bc2766c90292a57218bf442b1a0714580a Mon Sep 17 00:00:00 2001 From: rossigee Date: Fri, 18 Oct 2024 13:44:37 +0000 Subject: [PATCH 377/390] Add 'extraContainers' parameter (#697) ### Description of the change Adds an 'extraContainers' parameter. ### Benefits Users will be able to run sidecar containers as required by their environment. ### Possible drawbacks N/A ### Applicable issues - Fixes #696 ### Checklist - [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/697 Reviewed-by: justusbunsi Co-authored-by: rossigee Co-committed-by: rossigee --- README.md | 1 + templates/gitea/deployment.yaml | 5 ++++- unittests/deployment/sidecar-container.yaml | 21 +++++++++++++++++++++ values.yaml | 6 ++++++ 4 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 unittests/deployment/sidecar-container.yaml diff --git a/README.md b/README.md index 56c0ac2..3589736 100644 --- a/README.md +++ b/README.md @@ -980,6 +980,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `persistence.storageClass` | Name of the storage class to use | `nil` | | `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | | `persistence.volumeName` | Name of persistent volume in PVC | `""` | +| `extraContainers` | Additional sidecar containers to run in the pod | `[]` | | `extraVolumes` | Additional volumes to mount to the Gitea deployment | `[]` | | `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | | `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index e66df68..90f0e76 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -340,6 +340,9 @@ spec: subPath: {{ .Values.persistence.subPath }} {{- end }} {{- include "gitea.container-additional-mounts" . | nindent 12 }} + {{- if .Values.extraContainers }} + {{- toYaml .Values.extraContainers | nindent 8 }} + {{- end }} {{- with .Values.global.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} @@ -403,4 +406,4 @@ spec: {{- else if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/unittests/deployment/sidecar-container.yaml b/unittests/deployment/sidecar-container.yaml new file mode 100644 index 0000000..e41e193 --- /dev/null +++ b/unittests/deployment/sidecar-container.yaml @@ -0,0 +1,21 @@ +suite: sidecar container +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: supports adding a sidecar container + template: templates/gitea/deployment.yaml + set: + extraContainers: + - name: sidecar-bob + image: busybox + asserts: + - equal: + path: spec.template.spec.containers[1].name + value: "sidecar-bob" + - equal: + path: spec.template.spec.containers[1].image + value: "busybox" diff --git a/values.yaml b/values.yaml index a919224..2b7ad7d 100644 --- a/values.yaml +++ b/values.yaml @@ -283,6 +283,12 @@ persistence: annotations: helm.sh/resource-policy: keep +## @param extraContainers Additional sidecar containers to run in the pod +extraContainers: [] +# - name: sidecar-bob +# image: busybox +# command: [/bin/sh, -c, 'echo "Hello world"; sleep 86400'] + ## @param extraVolumes Additional volumes to mount to the Gitea deployment extraVolumes: [] # - name: postgres-ssl-vol -- 2.40.1 From 7c4d6c3797da5ca5aee05a8dc12a51a9f4ee4955 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 18 Oct 2024 13:50:35 +0000 Subject: [PATCH 378/390] Fix configuration in "external database" docs (#716) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/716 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 3589736..2888fc7 100644 --- a/README.md +++ b/README.md @@ -420,6 +420,9 @@ gitea: postgresql: enabled: false + +postgresql-ha: + enabled: false ``` ### Ports and external url -- 2.40.1 From 478af4e381b65a9236d262714c6808ac8c586f95 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 18 Oct 2024 15:09:14 +0000 Subject: [PATCH 379/390] Fix probe definition overrides (#717) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Description of the change This fixes an issue when trying to apply a custom probe that is not `tcpSocket`. ### Benefits Custom probes 🥳 ### Applicable issues - Fixes #694 ### Checklist - [x] Templating unittests are added Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/717 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- templates/_helpers.tpl | 18 +++ templates/gitea/deployment.yaml | 6 +- unittests/deployment/probes.yaml | 188 +++++++++++++++++++++++++++++++ 3 files changed, 209 insertions(+), 3 deletions(-) create mode 100644 unittests/deployment/probes.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c7d13d9..9e9c613 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -408,3 +408,21 @@ https {{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} {{- end -}} {{- end -}} + +{{/* Create a functioning probe object for rendering. Given argument must be either a livenessProbe, readinessProbe, or startupProbe */}} +{{- define "gitea.deployment.probe" -}} + {{- $probe := unset . "enabled" -}} + {{- $probeKeys := keys $probe -}} + {{- $containsCustomMethod := false -}} + {{- $chartDefaultMethod := "tcpSocket" -}} + {{- $nonChartDefaultMethods := list "exec" "httpGet" "grpc" -}} + {{- range $probeKeys -}} + {{- if has . $nonChartDefaultMethods -}} + {{- $containsCustomMethod = true -}} + {{- end -}} + {{- end -}} + {{- if $containsCustomMethod -}} + {{- $probe = unset . $chartDefaultMethod -}} + {{- end -}} + {{- toYaml $probe -}} +{{- end -}} diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index 90f0e76..9981e67 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -312,15 +312,15 @@ spec: {{- end }} {{- if .Values.gitea.livenessProbe.enabled }} livenessProbe: - {{- toYaml (omit .Values.gitea.livenessProbe "enabled") | nindent 12 }} + {{- include "gitea.deployment.probe" .Values.gitea.livenessProbe | nindent 12 }} {{- end }} {{- if .Values.gitea.readinessProbe.enabled }} readinessProbe: - {{- toYaml (omit .Values.gitea.readinessProbe "enabled") | nindent 12 }} + {{- include "gitea.deployment.probe" .Values.gitea.readinessProbe | nindent 12 }} {{- end }} {{- if .Values.gitea.startupProbe.enabled }} startupProbe: - {{- toYaml (omit .Values.gitea.startupProbe "enabled") | nindent 12 }} + {{- include "gitea.deployment.probe" .Values.gitea.startupProbe | nindent 12 }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/unittests/deployment/probes.yaml b/unittests/deployment/probes.yaml new file mode 100644 index 0000000..259f3bf --- /dev/null +++ b/unittests/deployment/probes.yaml @@ -0,0 +1,188 @@ +suite: deployment template (probes) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/deployment.yaml + - templates/gitea/config.yaml +tests: + - it: renders default liveness probe + template: templates/gitea/deployment.yaml + asserts: + - notExists: + path: spec.template.spec.containers[0].livenessProbe.enabled + - isSubset: + path: spec.template.spec.containers[0].livenessProbe + content: + failureThreshold: 10 + initialDelaySeconds: 200 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: http + timeoutSeconds: 1 + - it: renders default readiness probe + template: templates/gitea/deployment.yaml + asserts: + - notExists: + path: spec.template.spec.containers[0].readinessProbe.enabled + - isSubset: + path: spec.template.spec.containers[0].readinessProbe + content: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: http + timeoutSeconds: 1 + - it: does not render a default startup probe + template: templates/gitea/deployment.yaml + asserts: + - notExists: + path: spec.template.spec.containers[0].startupProbe + - it: allows enabling a startup probe + template: templates/gitea/deployment.yaml + set: + gitea.startupProbe.enabled: true + asserts: + - notExists: + path: spec.template.spec.containers[0].startupProbe.enabled + - isSubset: + path: spec.template.spec.containers[0].startupProbe + content: + failureThreshold: 10 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: http + timeoutSeconds: 1 + + - it: allows overwriting the default port of the liveness probe + template: templates/gitea/deployment.yaml + set: + gitea: + livenessProbe: + tcpSocket: + port: my-port + asserts: + - isSubset: + path: spec.template.spec.containers[0].livenessProbe + content: + tcpSocket: + port: my-port + + - it: allows overwriting the default port of the readiness probe + template: templates/gitea/deployment.yaml + set: + gitea: + readinessProbe: + tcpSocket: + port: my-port + asserts: + - isSubset: + path: spec.template.spec.containers[0].readinessProbe + content: + tcpSocket: + port: my-port + + - it: allows overwriting the default port of the startup probe + template: templates/gitea/deployment.yaml + set: + gitea: + startupProbe: + enabled: true + tcpSocket: + port: my-port + asserts: + - isSubset: + path: spec.template.spec.containers[0].startupProbe + content: + tcpSocket: + port: my-port + + - it: allows using a non-default method as liveness probe + template: templates/gitea/deployment.yaml + set: + gitea: + livenessProbe: + httpGet: + path: /api/healthz + port: http + initialDelaySeconds: 13371 + timeoutSeconds: 13372 + periodSeconds: 13373 + successThreshold: 13374 + failureThreshold: 13375 + asserts: + - notExists: + path: spec.template.spec.containers[0].livenessProbe.tcpSocket + - isSubset: + path: spec.template.spec.containers[0].livenessProbe + content: + failureThreshold: 13375 + initialDelaySeconds: 13371 + periodSeconds: 13373 + successThreshold: 13374 + httpGet: + path: /api/healthz + port: http + timeoutSeconds: 13372 + + - it: allows using a non-default method as readiness probe + template: templates/gitea/deployment.yaml + set: + gitea: + readinessProbe: + httpGet: + path: /api/healthz + port: http + initialDelaySeconds: 13371 + timeoutSeconds: 13372 + periodSeconds: 13373 + successThreshold: 13374 + failureThreshold: 13375 + asserts: + - notExists: + path: spec.template.spec.containers[0].readinessProbe.tcpSocket + - isSubset: + path: spec.template.spec.containers[0].readinessProbe + content: + failureThreshold: 13375 + initialDelaySeconds: 13371 + periodSeconds: 13373 + successThreshold: 13374 + httpGet: + path: /api/healthz + port: http + timeoutSeconds: 13372 + + - it: allows using a non-default method as startup probe + template: templates/gitea/deployment.yaml + set: + gitea: + startupProbe: + enabled: true + httpGet: + path: /api/healthz + port: http + initialDelaySeconds: 13371 + timeoutSeconds: 13372 + periodSeconds: 13373 + successThreshold: 13374 + failureThreshold: 13375 + asserts: + - notExists: + path: spec.template.spec.containers[0].startupProbe.tcpSocket + - isSubset: + path: spec.template.spec.containers[0].startupProbe + content: + failureThreshold: 13375 + initialDelaySeconds: 13371 + periodSeconds: 13373 + successThreshold: 13374 + httpGet: + path: /api/healthz + port: http + timeoutSeconds: 13372 -- 2.40.1 From 5c7e78b467185e1d98df77dce3ba514b2a3e5a2d Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Fri, 18 Oct 2024 15:14:56 +0000 Subject: [PATCH 380/390] Bump Gitea to 1.22.3 (#718) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/718 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 235deb6..dbdcae0 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?.*)$ -appVersion: 1.22.2 +appVersion: 1.22.3 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From f7c66c0336d211a5bfbdf9a6b95ead7c3ff6b5c0 Mon Sep 17 00:00:00 2001 From: vjm Date: Sun, 10 Nov 2024 13:35:56 +0000 Subject: [PATCH 381/390] Add Gitea Actions act runner (#666) Co-authored-by: dementhorr Co-authored-by: Vince Montalbano Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/666 Reviewed-by: justusbunsi Co-authored-by: vjm Co-committed-by: vjm --- README.md | 35 ++++++ readme-actions-dev.md | 34 ++++++ scripts/token.sh | 43 +++++++ templates/_helpers.tpl | 39 ++++++ .../act_runner/01-consistency-checks.yaml | 15 +++ .../gitea/act_runner/config-act-runner.yaml | 14 +++ .../gitea/act_runner/config-scripts.yaml | 13 ++ templates/gitea/act_runner/job.yaml | 114 ++++++++++++++++++ templates/gitea/act_runner/role-job.yaml | 25 ++++ .../gitea/act_runner/rolebinding-job.yaml | 22 ++++ templates/gitea/act_runner/secret-token.yaml | 19 +++ .../gitea/act_runner/serviceaccount-job.yaml | 13 ++ templates/gitea/act_runner/statefulset.yaml | 114 ++++++++++++++++++ .../act_runner/01-consistency-checks.yaml | 69 +++++++++++ unittests/act_runner/config-act-runner.yaml | 45 +++++++ unittests/act_runner/config-scripts.yaml | 49 ++++++++ unittests/act_runner/job.yaml | 65 ++++++++++ unittests/act_runner/role-job.yaml | 42 +++++++ unittests/act_runner/rolebinding-job.yaml | 42 +++++++ unittests/act_runner/secret-token.yaml | 42 +++++++ unittests/act_runner/serviceaccount-job.yaml | 42 +++++++ unittests/act_runner/statefulset.yaml | 95 +++++++++++++++ unittests/config/actions-config.yaml | 61 ++++++++++ values.yaml | 90 ++++++++++++++ 24 files changed, 1142 insertions(+) create mode 100644 readme-actions-dev.md create mode 100644 scripts/token.sh create mode 100644 templates/gitea/act_runner/01-consistency-checks.yaml create mode 100644 templates/gitea/act_runner/config-act-runner.yaml create mode 100644 templates/gitea/act_runner/config-scripts.yaml create mode 100644 templates/gitea/act_runner/job.yaml create mode 100644 templates/gitea/act_runner/role-job.yaml create mode 100644 templates/gitea/act_runner/rolebinding-job.yaml create mode 100644 templates/gitea/act_runner/secret-token.yaml create mode 100644 templates/gitea/act_runner/serviceaccount-job.yaml create mode 100644 templates/gitea/act_runner/statefulset.yaml create mode 100644 unittests/act_runner/01-consistency-checks.yaml create mode 100644 unittests/act_runner/config-act-runner.yaml create mode 100644 unittests/act_runner/config-scripts.yaml create mode 100644 unittests/act_runner/job.yaml create mode 100644 unittests/act_runner/role-job.yaml create mode 100644 unittests/act_runner/rolebinding-job.yaml create mode 100644 unittests/act_runner/secret-token.yaml create mode 100644 unittests/act_runner/serviceaccount-job.yaml create mode 100644 unittests/act_runner/statefulset.yaml create mode 100644 unittests/config/actions-config.yaml diff --git a/README.md b/README.md index 2888fc7..a6f4c2b 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ - [Persistence](#persistence-1) - [Init](#init) - [Signing](#signing) + - [Gitea Actions](#gitea-actions) - [Gitea](#gitea) - [LivenessProbe](#livenessprobe) - [ReadinessProbe](#readinessprobe) @@ -1007,6 +1008,40 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `signing.privateKey` | Inline private gpg key for signed internal Git activity | `""` | | `signing.existingSecret` | Use an existing secret to store the value of `signing.privateKey` | `""` | +### Gitea Actions + +| Name | Description | Value | +| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| `actions.enabled` | Create an act runner StatefulSet. | `false` | +| `actions.init.image.repository` | The image used for the init containers | `busybox` | +| `actions.init.image.tag` | The image tag used for the init containers | `1.36.1` | +| `actions.statefulset.annotations` | Act runner annotations | `{}` | +| `actions.statefulset.labels` | Act runner labels | `{}` | +| `actions.statefulset.resources` | Act runner resources | `{}` | +| `actions.statefulset.nodeSelector` | NodeSelector for the statefulset | `{}` | +| `actions.statefulset.tolerations` | Tolerations for the statefulset | `[]` | +| `actions.statefulset.affinity` | Affinity for the statefulset | `{}` | +| `actions.statefulset.actRunner.repository` | The Gitea act runner image | `gitea/act_runner` | +| `actions.statefulset.actRunner.tag` | The Gitea act runner tag | `0.2.11` | +| `actions.statefulset.actRunner.pullPolicy` | The Gitea act runner pullPolicy | `IfNotPresent` | +| `actions.statefulset.actRunner.config` | Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. | `Too complex. See values.yaml` | +| `actions.statefulset.dind.repository` | The Docker-in-Docker image | `docker` | +| `actions.statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` | +| `actions.statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` | +| `actions.provisioning.enabled` | Create a job that will create and save the token in a Kubernetes Secret | `false` | +| `actions.provisioning.annotations` | Job's annotations | `{}` | +| `actions.provisioning.labels` | Job's labels | `{}` | +| `actions.provisioning.resources` | Job's resources | `{}` | +| `actions.provisioning.nodeSelector` | NodeSelector for the job | `{}` | +| `actions.provisioning.tolerations` | Tolerations for the job | `[]` | +| `actions.provisioning.affinity` | Affinity for the job | `{}` | +| `actions.provisioning.ttlSecondsAfterFinished` | ttl for the job after finished in order to allow helm to properly recognize that the job completed | `300` | +| `actions.provisioning.publish.repository` | The image that can create the secret via kubectl | `bitnami/kubectl` | +| `actions.provisioning.publish.tag` | The publish image tag that can create the secret | `1.29.0` | +| `actions.provisioning.publish.pullPolicy` | The publish image pullPolicy that can create the secret | `IfNotPresent` | +| `actions.existingSecret` | Secret that contains the token | `""` | +| `actions.existingSecretKey` | Secret key | `""` | + ### Gitea | Name | Description | Value | diff --git a/readme-actions-dev.md b/readme-actions-dev.md new file mode 100644 index 0000000..a633ad3 --- /dev/null +++ b/readme-actions-dev.md @@ -0,0 +1,34 @@ +# Gitea Actions + +In order to use the Gitea Actions act-runner you must either: + +- enable persistence (used for automatic deployment to be able to store the token in a place accessible for the Job) +- create a secret containing the act runner token and reference it as a `existingSecret` + +In order to use Gitea Actions, you must log on the server that's running Gitea and run the command: + `gitea actions generate-runner-token` + +This command will out a token that is needed by the act-runner to register with the Gitea backend. + +Because this is a manual operation, we automated this using a Kubernetes Job using the following containers: + +1) `actions-token-create`: it uses the current `gitea-rootless` image, mounts the persistent directory to `/data/` then it saves the output from `gitea actions generate-runner-token` to `/data/actions/token` +2) `actions-token-upload`: it uses a `bitnami/kubectl` image, mounts the scripts directory (`/scripts`) and +the persistent directory (`/data/`), and using the script from `/scripts/token.sh` stores the token in a Kubernetes secret + +After the token is stored in a Kubernetes secret we can create the statefulset that contains the following containers: + +1) `act-runner`: authenticates with Gitea using the token that was stored in the secret +2) `dind`: DockerInDocker image that is used to run the actions + +If you are not using persistent volumes, you cannot use the Job to automatically generate the token. +In this case, you can use either the Web UI to generate the token or run a shell into a Gitea pod and invoke +the command `gitea actions generate-runner-token`. After generating the token, you must create a secret and use it via: + +```yaml +actions: + provisioning: + enabled: false + existingSecret: "secret-name" + existingSecretKey: "secret-key" +``` diff --git a/scripts/token.sh b/scripts/token.sh new file mode 100644 index 0000000..cbb2ebd --- /dev/null +++ b/scripts/token.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +set -eu + +timeout_delay=15 + +check_token() { + set +e + + echo "Checking for existing token..." + token="$(kubectl get secret "$SECRET_NAME" -o jsonpath="{.data['token']}" 2> /dev/null)" + [ $? -ne 0 ] && return 1 + [ -z "$token" ] && return 2 + return 0 +} + +create_token() { + echo "Waiting for new token to be generated..." + begin=$(date +%s) + end=$((begin + timeout_delay)) + while true; do + [ -f /data/actions/token ] && return 0 + [ "$(date +%s)" -gt $end ] && return 1 + sleep 5 + done +} + +store_token() { + echo "Storing the token in Kubernetes secret..." + kubectl patch secret "$SECRET_NAME" -p "{\"data\":{\"token\":\"$(base64 /data/actions/token | tr -d '\n')\"}}" +} + +if check_token; then + echo "Key already in place, exiting." + exit +fi + +if ! create_token; then + echo "Checking for an existing act runner token in secret $SECRET_NAME timed out after $timeout_delay" + exit 1 +fi + +store_token diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 9e9c613..64a5efb 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -25,6 +25,13 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} +{{/* +Create a default worker name. +*/}} +{{- define "gitea.workername" -}} +{{- printf "%s-%s" .global.Release.Name .worker | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} @@ -92,6 +99,15 @@ version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} +{{- define "gitea.labels.actRunner" -}} +helm.sh/chart: {{ include "gitea.chart" . }} +app: {{ include "gitea.name" . }}-act-runner +{{ include "gitea.selectorLabels.actRunner" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + {{/* Selector labels */}} @@ -100,6 +116,11 @@ app.kubernetes.io/name: {{ include "gitea.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} +{{- define "gitea.selectorLabels.actRunner" -}} +app.kubernetes.io/name: {{ include "gitea.name" . }}-act-runner +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + {{- define "postgresql-ha.dns" -}} {{- if (index .Values "postgresql-ha").enabled -}} {{- printf "%s-postgresql-ha-pgpool.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}} @@ -199,6 +220,15 @@ https {{- end -}} {{- end -}} +{{- define "gitea.act_runner.local_root_url" -}} +{{- if not .Values.gitea.config.server.LOCAL_ROOT_URL -}} + {{- printf "http://%s-http:%.0f" (include "gitea.fullname" .) .Values.service.http.port -}} +{{- else -}} + {{/* fallback for allowing to overwrite this value via inline config */}} + {{- .Values.gitea.config.server.LOCAL_ROOT_URL -}} +{{- end -}} +{{- end -}} + {{- define "gitea.inline_configuration" -}} {{- include "gitea.inline_configuration.init" . -}} {{- include "gitea.inline_configuration.defaults" . -}} @@ -263,6 +293,9 @@ https {{- if not (hasKey .Values.gitea.config "indexer") -}} {{- $_ := set .Values.gitea.config "indexer" dict -}} {{- end -}} + {{- if not (hasKey .Values.gitea.config "actions") -}} + {{- $_ := set .Values.gitea.config "actions" dict -}} + {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults" -}} @@ -309,6 +342,9 @@ https {{- if not .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE -}} {{- $_ := set .Values.gitea.config.indexer "ISSUE_INDEXER_TYPE" "db" -}} {{- end -}} + {{- if not .Values.gitea.config.actions.ENABLED -}} + {{- $_ := set .Values.gitea.config.actions "ENABLED" (ternary "true" "false" .Values.actions.enabled) -}} + {{- end -}} {{- end -}} {{- define "gitea.inline_configuration.defaults.server" -}} @@ -328,6 +364,9 @@ https {{- if not .Values.gitea.config.server.ROOT_URL -}} {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}} {{- end -}} + {{- if .Values.actions.enabled -}} + {{- $_ := set .Values.gitea.config.server "LOCAL_ROOT_URL" (include "gitea.act_runner.local_root_url" .) -}} + {{- end -}} {{- if not .Values.gitea.config.server.SSH_DOMAIN -}} {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}} {{- end -}} diff --git a/templates/gitea/act_runner/01-consistency-checks.yaml b/templates/gitea/act_runner/01-consistency-checks.yaml new file mode 100644 index 0000000..25ae556 --- /dev/null +++ b/templates/gitea/act_runner/01-consistency-checks.yaml @@ -0,0 +1,15 @@ +{{- if .Values.actions.enabled -}} + {{- if .Values.actions.provisioning.enabled -}} + {{- if not (and .Values.persistence.enabled .Values.persistence.mount) -}} + {{- fail "persistence.enabled and persistence.mount are required when provisioning is enabled" -}} + {{- end -}} + {{- if and .Values.persistence.enabled .Values.persistence.mount -}} + {{- if .Values.actions.existingSecret -}} + {{- fail "Can't specify both actions.provisioning.enabled and actions.existingSecret" -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if and (not .Values.actions.provisioning.enabled) (or (empty .Values.actions.existingSecret) (empty .Values.actions.existingSecretKey)) -}} + {{- fail "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" -}} + {{- end -}} +{{- end -}} diff --git a/templates/gitea/act_runner/config-act-runner.yaml b/templates/gitea/act_runner/config-act-runner.yaml new file mode 100644 index 0000000..03961ae --- /dev/null +++ b/templates/gitea/act_runner/config-act-runner.yaml @@ -0,0 +1,14 @@ +{{- if .Values.actions.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "gitea.fullname" . }}-act-runner-config + labels: + {{- include "gitea.labels" . | nindent 4 }} +data: + config.yaml: | + {{- with .Values.actions.statefulset.actRunner.config -}} + {{ . | nindent 4}} + {{- end -}} +{{- end }} diff --git a/templates/gitea/act_runner/config-scripts.yaml b/templates/gitea/act_runner/config-scripts.yaml new file mode 100644 index 0000000..688bd20 --- /dev/null +++ b/templates/gitea/act_runner/config-scripts.yaml @@ -0,0 +1,13 @@ +{{- if .Values.actions.enabled }} +{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "gitea.fullname" . }}-scripts + labels: + {{- include "gitea.labels" . | nindent 4 }} +data: +{{ (.Files.Glob "scripts/*.sh").AsConfig | indent 2 }} +{{- end }} +{{- end }} diff --git a/templates/gitea/act_runner/job.yaml b/templates/gitea/act_runner/job.yaml new file mode 100644 index 0000000..032671f --- /dev/null +++ b/templates/gitea/act_runner/job.yaml @@ -0,0 +1,114 @@ +{{- if .Values.actions.enabled }} +{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $name }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + {{- with .Values.actions.provisioning.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + app.kubernetes.io/component: token-job + annotations: + {{- with .Values.actions.provisioning.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ttlSecondsAfterFinished: {{ .Values.actions.provisioning.ttlSecondsAfterFinished }} + template: + metadata: + labels: + {{- include "gitea.labels" . | nindent 8 }} + {{- with .Values.actions.provisioning.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + app.kubernetes.io/component: token-job + spec: + initContainers: + - name: init-gitea + image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}" + command: + - sh + - -c + - | + while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do + sleep 5 + done + containers: + - name: actions-token-create + image: "{{ include "gitea.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + command: + - sh + - -c + - | + echo "Generating act_runner token via 'gitea actions generate-runner-token'..." + mkdir -p /data/actions/ + gitea actions generate-runner-token | grep -E '^.{40}$' | tr -d '\n' > /data/actions/token + resources: + {{- toYaml .Values.actions.provisioning.resources | nindent 12 }} + volumeMounts: + - name: data + mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + - name: actions-token-upload + image: "{{ .Values.actions.provisioning.publish.repository }}:{{ .Values.actions.provisioning.publish.tag }}" + imagePullPolicy: {{ .Values.actions.provisioning.publish.pullPolicy }} + env: + - name: SECRET_NAME + value: {{ $secretName }} + command: + - sh + - -c + - | + printf "Checking rights to update kubernetes act_runner secret..." + kubectl auth can-i update secret/${SECRET_NAME} + /scripts/token.sh + resources: + {{- toYaml .Values.actions.provisioning.resources | nindent 12 }} + volumeMounts: + - mountPath: /scripts + name: scripts + readOnly: true + - mountPath: /data + name: data + readOnly: true + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- with .Values.actions.provisioning.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.actions.provisioning.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.actions.provisioning.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: Never + serviceAccount: {{ $name }} + volumes: + - name: scripts + configMap: + name: {{ include "gitea.fullname" . }}-scripts + defaultMode: 0755 + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistence.claimName }} + parallelism: 1 + completions: 1 + backoffLimit: 1 +{{- end }} +{{- end }} diff --git a/templates/gitea/act_runner/role-job.yaml b/templates/gitea/act_runner/role-job.yaml new file mode 100644 index 0000000..b06c18d --- /dev/null +++ b/templates/gitea/act_runner/role-job.yaml @@ -0,0 +1,25 @@ +{{- if .Values.actions.enabled }} +{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $name }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + app.kubernetes.io/component: token-job +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - {{ $secretName }} + verbs: + - get + - update + - patch +{{- end }} +{{- end }} diff --git a/templates/gitea/act_runner/rolebinding-job.yaml b/templates/gitea/act_runner/rolebinding-job.yaml new file mode 100644 index 0000000..c80bd3e --- /dev/null +++ b/templates/gitea/act_runner/rolebinding-job.yaml @@ -0,0 +1,22 @@ +{{- if .Values.actions.enabled }} +{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $name }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + app.kubernetes.io/component: token-job +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $name }} +subjects: + - kind: ServiceAccount + name: {{ $name }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/templates/gitea/act_runner/secret-token.yaml b/templates/gitea/act_runner/secret-token.yaml new file mode 100644 index 0000000..e6ee325 --- /dev/null +++ b/templates/gitea/act_runner/secret-token.yaml @@ -0,0 +1,19 @@ +{{- if .Values.actions.enabled }} +{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + app.kubernetes.io/component: token-job +{{ $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}} +{{ if $secret -}} +data: + token: {{ (b64dec (index $secret.data "token")) | b64enc }} +{{ end -}} +{{- end }} +{{- end }} diff --git a/templates/gitea/act_runner/serviceaccount-job.yaml b/templates/gitea/act_runner/serviceaccount-job.yaml new file mode 100644 index 0000000..e2c0fb4 --- /dev/null +++ b/templates/gitea/act_runner/serviceaccount-job.yaml @@ -0,0 +1,13 @@ +{{- if .Values.actions.enabled }} +{{- if and (and .Values.actions.provisioning.enabled .Values.persistence.enabled) .Values.persistence.mount }} +{{- $name := include "gitea.workername" (dict "global" . "worker" "actions-token-job") }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $name }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + app.kubernetes.io/component: token-job +{{- end }} +{{- end }} diff --git a/templates/gitea/act_runner/statefulset.yaml b/templates/gitea/act_runner/statefulset.yaml new file mode 100644 index 0000000..7d5d096 --- /dev/null +++ b/templates/gitea/act_runner/statefulset.yaml @@ -0,0 +1,114 @@ +{{- if .Values.actions.enabled }} +{{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + {{- include "gitea.labels.actRunner" . | nindent 4 }} + {{- with .Values.actions.statefulset.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.actions.statefulset.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "gitea.fullname" . }}-act-runner +spec: + selector: + matchLabels: + {{- include "gitea.selectorLabels.actRunner" . | nindent 6 }} + template: + metadata: + labels: + {{- include "gitea.labels.actRunner" . | nindent 8 }} + {{- with .Values.actions.statefulset.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + initContainers: + - name: init-gitea + image: "{{ .Values.actions.init.image.repository }}:{{ .Values.actions.init.image.tag }}" + command: + - sh + - -c + - | + while ! nc -z {{ include "gitea.fullname" . }}-http {{ .Values.service.http.port }}; do + sleep 5 + done + containers: + - name: act-runner + image: "{{ .Values.actions.statefulset.actRunner.repository }}:{{ .Values.actions.statefulset.actRunner.tag }}" + imagePullPolicy: {{ .Values.actions.statefulset.actRunner.pullPolicy }} + workingDir: /data + env: + - name: DOCKER_HOST + value: tcp://127.0.0.1:2376 + - name: DOCKER_TLS_VERIFY + value: "1" + - name: DOCKER_CERT_PATH + value: /certs/server + - name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: "{{ .Values.actions.existingSecret | default $secretName }}" + key: "{{ .Values.actions.existingSecretKey | default "token" }}" + - name: GITEA_INSTANCE_URL + value: {{ include "gitea.act_runner.local_root_url" . }} + - name: CONFIG_FILE + value: /actrunner/config.yaml + resources: + {{- toYaml .Values.actions.statefulset.resources | nindent 12 }} + volumeMounts: + - mountPath: /actrunner/config.yaml + name: act-runner-config + subPath: config.yaml + - mountPath: /certs/server + name: docker-certs + - mountPath: /data + name: data-act-runner + - name: dind + image: "{{ .Values.actions.statefulset.dind.repository }}:{{ .Values.actions.statefulset.dind.tag }}" + imagePullPolicy: {{ .Values.actions.statefulset.dind.pullPolicy }} + env: + - name: DOCKER_HOST + value: tcp://127.0.0.1:2376 + - name: DOCKER_TLS_VERIFY + value: "1" + - name: DOCKER_CERT_PATH + value: /certs/server + securityContext: + privileged: true + resources: + {{- toYaml .Values.actions.statefulset.resources | nindent 12 }} + volumeMounts: + - mountPath: /certs/server + name: docker-certs + {{- with .Values.actions.statefulset.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.actions.statefulset.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.actions.statefulset.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: act-runner-config + configMap: + name: {{ include "gitea.fullname" . }}-act-runner-config + - name: docker-certs + emptyDir: {} + volumeClaimTemplates: + - metadata: + name: data-act-runner + spec: + accessModes: [ "ReadWriteOnce" ] + {{- include "gitea.persistence.storageClass" . | nindent 8 }} + resources: + requests: + storage: 1Mi +{{- end }} diff --git a/unittests/act_runner/01-consistency-checks.yaml b/unittests/act_runner/01-consistency-checks.yaml new file mode 100644 index 0000000..1c30924 --- /dev/null +++ b/unittests/act_runner/01-consistency-checks.yaml @@ -0,0 +1,69 @@ +suite: actions template | consistency checks +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/act_runner/01-consistency-checks.yaml +tests: + - it: fails when provisioning is enabled BUT persistence is completely disabled + set: + persistence: + enabled: false + actions: + enabled: true + provisioning: + enabled: true + asserts: + - failedTemplate: + errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled" + - it: fails when provisioning is enabled BUT mount is disabled, although persistence is enabled + set: + persistence: + enabled: true + mount: false + actions: + enabled: true + provisioning: + enabled: true + asserts: + - failedTemplate: + errorMessage: "persistence.enabled and persistence.mount are required when provisioning is enabled" + - it: fails when provisioning is enabled AND existingSecret is given + set: + actions: + enabled: true + provisioning: + enabled: true + existingSecret: "secret-reference" + asserts: + - failedTemplate: + errorMessage: "Can't specify both actions.provisioning.enabled and actions.existingSecret" + - it: fails when provisioning is disabled BUT existingSecret and existingSecretKey are missing + set: + actions: + enabled: true + provisioning: + enabled: false + asserts: + - failedTemplate: + errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" + - it: fails when provisioning is disabled BUT existingSecretKey is missing + set: + actions: + enabled: true + provisioning: + enabled: false + existingSecret: "my-secret" + asserts: + - failedTemplate: + errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" + - it: fails when provisioning is disabled BUT existingSecret is missing + set: + actions: + enabled: true + provisioning: + enabled: false + existingSecretKey: "my-secret-key" + asserts: + - failedTemplate: + errorMessage: "actions.existingSecret and actions.existingSecretKey are required when provisioning is disabled" diff --git a/unittests/act_runner/config-act-runner.yaml b/unittests/act_runner/config-act-runner.yaml new file mode 100644 index 0000000..2cba6bc --- /dev/null +++ b/unittests/act_runner/config-act-runner.yaml @@ -0,0 +1,45 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: actions template | config-act-runner +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/act_runner/config-act-runner.yaml +tests: + - it: doesn't renders a ConfigMap by default + template: templates/gitea/act_runner/config-act-runner.yaml + asserts: + - hasDocuments: + count: 0 + - it: renders a ConfigMap + template: templates/gitea/act_runner/config-act-runner.yaml + set: + actions: + enabled: true + statefulset: + actRunner: + config: | + log: + level: info + cache: + enabled: false + runner: + labels: + - "ubuntu-latest" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ConfigMap + apiVersion: v1 + name: gitea-unittests-act-runner-config + - equal: + path: data["config.yaml"] + value: | + log: + level: info + cache: + enabled: false + runner: + labels: + - "ubuntu-latest" diff --git a/unittests/act_runner/config-scripts.yaml b/unittests/act_runner/config-scripts.yaml new file mode 100644 index 0000000..da6d9aa --- /dev/null +++ b/unittests/act_runner/config-scripts.yaml @@ -0,0 +1,49 @@ +suite: actions template | config-scripts +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/act_runner/config-scripts.yaml +tests: + - it: renders a ConfigMap when all criteria are met + template: templates/gitea/act_runner/config-scripts.yaml + set: + actions: + enabled: true + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ConfigMap + apiVersion: v1 + name: gitea-unittests-scripts + - isNotNullOrEmpty: + path: data["token.sh"] + - it: doesn't renders a ConfigMap by default + template: templates/gitea/act_runner/config-scripts.yaml + asserts: + - hasDocuments: + count: 0 + - it: doesn't renders a ConfigMap with disabled actions but enabled provisioning + template: templates/gitea/act_runner/config-scripts.yaml + asserts: + - hasDocuments: + count: 0 + - it: doesn't renders a ConfigMap with disabled actions but otherwise met criteria + template: templates/gitea/act_runner/config-scripts.yaml + set: + actions: + enabled: false + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/act_runner/job.yaml b/unittests/act_runner/job.yaml new file mode 100644 index 0000000..c1d32e2 --- /dev/null +++ b/unittests/act_runner/job.yaml @@ -0,0 +1,65 @@ +suite: actions template | job +release: + name: gitea-unittests + namespace: testing +chart: + # Override appVersion to have a pinned version for comparison + appVersion: 1.19.3 +templates: + - templates/gitea/act_runner/job.yaml +tests: + - it: renders a Job + template: templates/gitea/act_runner/job.yaml + set: + actions: + enabled: true + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Job + apiVersion: batch/v1 + name: gitea-unittests-actions-token-job + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.3-rootless" + - it: tag override + template: templates/gitea/act_runner/job.yaml + set: + image.tag: "1.19.4" + actions: + enabled: true + provisioning: + enabled: true + publish: + tag: "1.29.0" + persistence: + enabled: true + mount: true + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: "gitea/gitea:1.19.4-rootless" + - equal: + path: spec.template.spec.containers[1].image + value: "bitnami/kubectl:1.29.0" + - it: doesn't renders a Job by default + template: templates/gitea/act_runner/job.yaml + asserts: + - hasDocuments: + count: 0 + - it: doesn't renders a Job when provisioning is enabled BUT actions are not enabled + template: templates/gitea/act_runner/job.yaml + set: + actions: + enabled: false + provisioning: + enabled: true + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/act_runner/role-job.yaml b/unittests/act_runner/role-job.yaml new file mode 100644 index 0000000..8c511d8 --- /dev/null +++ b/unittests/act_runner/role-job.yaml @@ -0,0 +1,42 @@ +suite: actions template | role-job +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/act_runner/role-job.yaml +tests: + - it: doesn't renders a Role by default + template: templates/gitea/act_runner/role-job.yaml + asserts: + - hasDocuments: + count: 0 + - it: renders a Role + template: templates/gitea/act_runner/role-job.yaml + set: + actions: + enabled: true + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Role + apiVersion: rbac.authorization.k8s.io/v1 + name: gitea-unittests-actions-token-job + - it: doesn't renders a Role when criteria met BUT actions are not enabled + template: templates/gitea/act_runner/role-job.yaml + set: + actions: + enabled: false + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/act_runner/rolebinding-job.yaml b/unittests/act_runner/rolebinding-job.yaml new file mode 100644 index 0000000..2073bfc --- /dev/null +++ b/unittests/act_runner/rolebinding-job.yaml @@ -0,0 +1,42 @@ +suite: actions template | rolebinding-job +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/act_runner/rolebinding-job.yaml +tests: + - it: doesn't renders a RoleBinding by default + template: templates/gitea/act_runner/rolebinding-job.yaml + asserts: + - hasDocuments: + count: 0 + - it: renders a RoleBinding + template: templates/gitea/act_runner/rolebinding-job.yaml + set: + actions: + enabled: true + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: RoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + name: gitea-unittests-actions-token-job + - it: doesn't renders a RoleBinding when criteria met BUT actions are not enabled + template: templates/gitea/act_runner/rolebinding-job.yaml + set: + actions: + enabled: false + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/act_runner/secret-token.yaml b/unittests/act_runner/secret-token.yaml new file mode 100644 index 0000000..b5054f3 --- /dev/null +++ b/unittests/act_runner/secret-token.yaml @@ -0,0 +1,42 @@ +suite: actions template | secret-token +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/act_runner/secret-token.yaml +tests: + - it: doesn't renders a Secret by default + template: templates/gitea/act_runner/secret-token.yaml + asserts: + - hasDocuments: + count: 0 + - it: renders a Secret + template: templates/gitea/act_runner/secret-token.yaml + set: + actions: + enabled: true + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Secret + apiVersion: v1 + name: gitea-unittests-actions-token + - it: doesn't renders a Secret when criteria met BUT actions are not enabled + template: templates/gitea/act_runner/secret-token.yaml + set: + actions: + enabled: false + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/act_runner/serviceaccount-job.yaml b/unittests/act_runner/serviceaccount-job.yaml new file mode 100644 index 0000000..bf8f0c8 --- /dev/null +++ b/unittests/act_runner/serviceaccount-job.yaml @@ -0,0 +1,42 @@ +suite: actions template | serviceaccount-job +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/act_runner/serviceaccount-job.yaml +tests: + - it: doesn't renders a ServiceAccount by default + template: templates/gitea/act_runner/serviceaccount-job.yaml + asserts: + - hasDocuments: + count: 0 + - it: renders a ServiceAccount + template: templates/gitea/act_runner/serviceaccount-job.yaml + set: + actions: + enabled: true + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + name: gitea-unittests-actions-token-job + - it: doesn't renders a ServiceAccount when criteria met BUT actions are not enabled + template: templates/gitea/act_runner/serviceaccount-job.yaml + set: + actions: + enabled: false + provisioning: + enabled: true + persistence: + enabled: true + mount: true + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/act_runner/statefulset.yaml b/unittests/act_runner/statefulset.yaml new file mode 100644 index 0000000..cc10157 --- /dev/null +++ b/unittests/act_runner/statefulset.yaml @@ -0,0 +1,95 @@ +suite: actions template | statefulset +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/act_runner/statefulset.yaml +tests: + - it: doesn't renders a StatefulSet by default + template: templates/gitea/act_runner/statefulset.yaml + asserts: + - hasDocuments: + count: 0 + - it: renders a StatefulSet (with given existingSecret/existingSecretKey) + template: templates/gitea/act_runner/statefulset.yaml + set: + actions: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-act-runner + - equal: + path: spec.template.spec.containers[0].env[3] + value: + name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: "my-secret" + key: "my-secret-key" + - it: renders a StatefulSet (with secret reference defaults for enabled provisioning) + template: templates/gitea/act_runner/statefulset.yaml + set: + actions: + enabled: true + provisioning: + enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-act-runner + - equal: + path: spec.template.spec.containers[0].env[3] + value: + name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: "gitea-unittests-actions-token" + key: "token" + - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env with default act-runner specific LOCAL_ROOT_URL) + template: templates/gitea/act_runner/statefulset.yaml + set: + actions: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-act-runner + - equal: + path: spec.template.spec.containers[0].env[4] + value: + name: GITEA_INSTANCE_URL + value: "http://gitea-unittests-http:3000" + - it: renders a StatefulSet (with correct GITEA_INSTANCE_URL env from customized LOCAL_ROOT_URL) + template: templates/gitea/act_runner/statefulset.yaml + set: + gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com" + actions: + enabled: true + existingSecret: "my-secret" + existingSecretKey: "my-secret-key" + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: gitea-unittests-act-runner + - equal: + path: spec.template.spec.containers[0].env[4] + value: + name: GITEA_INSTANCE_URL + value: "http://git.example.com" diff --git a/unittests/config/actions-config.yaml b/unittests/config/actions-config.yaml new file mode 100644 index 0000000..ada9694 --- /dev/null +++ b/unittests/config/actions-config.yaml @@ -0,0 +1,61 @@ +suite: config template | actions config +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/config.yaml +tests: + - it: "actions are not enabled by default" + template: templates/gitea/config.yaml + asserts: + - documentIndex: 0 + equal: + path: stringData.actions + value: |- + ENABLED=false + + - it: "actions can be enabled via inline config" + template: templates/gitea/config.yaml + set: + gitea.config.actions.ENABLED: true + asserts: + - documentIndex: 0 + equal: + path: stringData.actions + value: |- + ENABLED=true + + - it: "actions can be enabled via dedicated values object" + template: templates/gitea/config.yaml + set: + actions: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.actions + value: |- + ENABLED=true + + - it: "defines LOCAL_ROOT_URL when actions are enabled" + template: templates/gitea/config.yaml + set: + actions: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nLOCAL_ROOT_URL=http://gitea-unittests-http:3000 + + - it: "respects custom LOCAL_ROOT_URL, even when actions are enabled" + template: templates/gitea/config.yaml + set: + actions: + enabled: true + gitea.config.server.LOCAL_ROOT_URL: "http://git.example.com" + asserts: + - documentIndex: 0 + matchRegex: + path: stringData.server + pattern: \nLOCAL_ROOT_URL=http://git.example.com diff --git a/values.yaml b/values.yaml index 2b7ad7d..31c1d21 100644 --- a/values.yaml +++ b/values.yaml @@ -348,6 +348,96 @@ signing: # -----END PGP PRIVATE KEY BLOCK----- existingSecret: "" +# Configure Gitea Actions +# - must enable persistence if the job is enabled +## @section Gitea Actions +# +## @param actions.enabled Create an act runner StatefulSet. +## @param actions.init.image.repository The image used for the init containers +## @param actions.init.image.tag The image tag used for the init containers +## @param actions.statefulset.annotations Act runner annotations +## @param actions.statefulset.labels Act runner labels +## @param actions.statefulset.resources Act runner resources +## @param actions.statefulset.nodeSelector NodeSelector for the statefulset +## @param actions.statefulset.tolerations Tolerations for the statefulset +## @param actions.statefulset.affinity Affinity for the statefulset +## @param actions.statefulset.actRunner.repository The Gitea act runner image +## @param actions.statefulset.actRunner.tag The Gitea act runner tag +## @param actions.statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy +## @param actions.statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details. +## @param actions.statefulset.dind.repository The Docker-in-Docker image +## @param actions.statefulset.dind.tag The Docker-in-Docker image tag +## @param actions.statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy +## @param actions.provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret +## @param actions.provisioning.annotations Job's annotations +## @param actions.provisioning.labels Job's labels +## @param actions.provisioning.resources Job's resources +## @param actions.provisioning.nodeSelector NodeSelector for the job +## @param actions.provisioning.tolerations Tolerations for the job +## @param actions.provisioning.affinity Affinity for the job +## @param actions.provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed +## @param actions.provisioning.publish.repository The image that can create the secret via kubectl +## @param actions.provisioning.publish.tag The publish image tag that can create the secret +## @param actions.provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret +## @param actions.existingSecret Secret that contains the token +## @param actions.existingSecretKey Secret key +actions: + enabled: false + statefulset: + annotations: {} + labels: {} + resources: {} + nodeSelector: {} + tolerations: [] + affinity: {} + + actRunner: + repository: gitea/act_runner + tag: 0.2.11 + pullPolicy: IfNotPresent + + config: | + log: + level: debug + cache: + enabled: false + runner: + labels: + - "ubuntu-latest" + + dind: + repository: docker + tag: 25.0.2-dind + pullPolicy: IfNotPresent + + init: + image: + repository: busybox + # Overrides the image tag whose default is the chart appVersion. + tag: "1.36.1" + + provisioning: + enabled: false + + annotations: {} + labels: {} + resources: {} + nodeSelector: {} + tolerations: [] + affinity: {} + + publish: + repository: bitnami/kubectl + tag: 1.29.0 + pullPolicy: IfNotPresent + + ttlSecondsAfterFinished: 300 + + ## Specify an existing token secret + ## + existingSecret: "" + existingSecretKey: "" + ## @section Gitea # gitea: -- 2.40.1 From 7b892431d6eb961f963dbd5ffca7cf6e28c33c0e Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 10 Nov 2024 14:02:15 +0000 Subject: [PATCH 382/390] Support custom envs for Action DinD container (#722) Follow-up to https://gitea.com/gitea/helm-chart/pulls/666. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/722 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- README.md | 1 + templates/gitea/act_runner/statefulset.yaml | 3 +++ unittests/act_runner/statefulset.yaml | 16 ++++++++++++++++ values.yaml | 6 ++++++ 4 files changed, 26 insertions(+) diff --git a/README.md b/README.md index a6f4c2b..ec41ac5 100644 --- a/README.md +++ b/README.md @@ -1028,6 +1028,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `actions.statefulset.dind.repository` | The Docker-in-Docker image | `docker` | | `actions.statefulset.dind.tag` | The Docker-in-Docker image tag | `25.0.2-dind` | | `actions.statefulset.dind.pullPolicy` | The Docker-in-Docker pullPolicy | `IfNotPresent` | +| `actions.statefulset.dind.extraEnvs` | Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` | `[]` | | `actions.provisioning.enabled` | Create a job that will create and save the token in a Kubernetes Secret | `false` | | `actions.provisioning.annotations` | Job's annotations | `{}` | | `actions.provisioning.labels` | Job's labels | `{}` | diff --git a/templates/gitea/act_runner/statefulset.yaml b/templates/gitea/act_runner/statefulset.yaml index 7d5d096..58939d2 100644 --- a/templates/gitea/act_runner/statefulset.yaml +++ b/templates/gitea/act_runner/statefulset.yaml @@ -77,6 +77,9 @@ spec: value: "1" - name: DOCKER_CERT_PATH value: /certs/server + {{- if .Values.actions.statefulset.dind.extraEnvs }} + {{- toYaml .Values.actions.statefulset.dind.extraEnvs | nindent 12 }} + {{- end }} securityContext: privileged: true resources: diff --git a/unittests/act_runner/statefulset.yaml b/unittests/act_runner/statefulset.yaml index cc10157..cd350d9 100644 --- a/unittests/act_runner/statefulset.yaml +++ b/unittests/act_runner/statefulset.yaml @@ -93,3 +93,19 @@ tests: value: name: GITEA_INSTANCE_URL value: "http://git.example.com" + - it: allows adding custom environment variables to the docker-in-docker container + template: templates/gitea/act_runner/statefulset.yaml + set: + actions: + enabled: true + statefulset: + dind: + extraEnvs: + - name: "CUSTOM_ENV_NAME" + value: "custom env value" + asserts: + - equal: + path: spec.template.spec.containers[1].env[3] + value: + name: "CUSTOM_ENV_NAME" + value: "custom env value" diff --git a/values.yaml b/values.yaml index 31c1d21..f3998ec 100644 --- a/values.yaml +++ b/values.yaml @@ -368,6 +368,7 @@ signing: ## @param actions.statefulset.dind.repository The Docker-in-Docker image ## @param actions.statefulset.dind.tag The Docker-in-Docker image tag ## @param actions.statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy +## @param actions.statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY` ## @param actions.provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret ## @param actions.provisioning.annotations Job's annotations ## @param actions.provisioning.labels Job's labels @@ -409,6 +410,11 @@ actions: repository: docker tag: 25.0.2-dind pullPolicy: IfNotPresent + # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable. + # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456 + extraEnvs: [] + # - name: "DOCKER_IPTABLES_LEGACY" + # value: "1" init: image: -- 2.40.1 From 2be2e2a639edbc463b64ac1e4d755223def20a32 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sun, 10 Nov 2024 20:15:46 +0000 Subject: [PATCH 383/390] Ensure dev-only files are not added to the tgz package (#723) Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/723 Reviewed-by: techknowlogick --- .helmignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.helmignore b/.helmignore index e608c23..c0341ca 100644 --- a/.helmignore +++ b/.helmignore @@ -31,3 +31,8 @@ Makefile .drone.yml CONTRIBUTING.md unittests/ +.editorconfig +.prettierignore +.yamllint +CODEOWNERS +renovate.json5 -- 2.40.1 From 3bacaaad84fdae1e81cbe5a73577d5872cf08fba Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 30 Nov 2024 02:09:16 +0000 Subject: [PATCH 384/390] chore(deps): update subcharts (minor & patch) (#733) Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.lock | 8 ++++---- Chart.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Chart.lock b/Chart.lock index 5023ad2..17a14d8 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.20 + version: 15.5.38 - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.16 + version: 14.3.10 - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.3.0 - name: redis repository: oci://registry-1.docker.io/bitnamicharts version: 19.6.4 -digest: sha256:a28c809273f313c482e3f803a0a002c3bb3a0d2090bf6b732d68ecc4710b4732 -generated: "2024-08-03T00:21:16.080925346Z" +digest: sha256:462d513ac8ef7abfe26030fd2ea93eb79df167a861ebe09d6c58c7dcd5601e85 +generated: "2024-11-30T00:41:29.178889496Z" diff --git a/Chart.yaml b/Chart.yaml index dbdcae0..6cf2c41 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -36,12 +36,12 @@ dependencies: # https://github.com/bitnami/charts/blob/main/bitnami/postgresql - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.20 + version: 15.5.38 condition: postgresql.enabled # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml - name: postgresql-ha repository: oci://registry-1.docker.io/bitnamicharts - version: 14.2.16 + version: 14.3.10 condition: postgresql-ha.enabled # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml - name: redis-cluster -- 2.40.1 From 389a8460e4d24b87d0644652cb5543a787333262 Mon Sep 17 00:00:00 2001 From: Hitesh Nayak Date: Sat, 30 Nov 2024 13:59:29 +0000 Subject: [PATCH 385/390] feat(service-monitor): support bearer token authentication on metrics endpoint (#719) ### Benefits Can protect metrics endpoint with `Bearer` token authentication provided by gitea. see PR #637 for previous discussion. ### Possible drawbacks No possible drawbacks ### Applicable issues - fixes #635 ### Additional information ``` gitea: metrics: enabled: true token: "somepassword" serviceMonitor: enabled: true ``` Using above configuration is sufficient to secure /metrics endpoint with bearer token and corresponding ServiceMonitor. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [ ] ~~Breaking changes are documented in the `README.md`~~ Not applicable - [x] Templating unittests are added Signed-off-by: Hitesh Nayak Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/719 Reviewed-by: justusbunsi Co-authored-by: Hitesh Nayak Co-committed-by: Hitesh Nayak --- README.md | 17 +++++ templates/_helpers.tpl | 7 ++ templates/gitea/metrics-secret.yaml | 12 ++++ templates/gitea/servicemonitor.yaml | 8 +++ .../config/metrics-section_metrics-token.yaml | 58 +++++++++++++++ ...etrics-secret-servicemonitor-disabled.yaml | 23 ++++++ ...metrics-secret-servicemonitor-enabled.yaml | 33 +++++++++ .../servicemonitor-disabled.yaml | 23 ++++++ .../servicemonitor-enabled.yaml | 70 +++++++++++++++++++ values.yaml | 2 + 10 files changed, 253 insertions(+) create mode 100644 templates/gitea/metrics-secret.yaml create mode 100644 unittests/config/metrics-section_metrics-token.yaml create mode 100644 unittests/metric-secret/metrics-secret-servicemonitor-disabled.yaml create mode 100644 unittests/metric-secret/metrics-secret-servicemonitor-enabled.yaml create mode 100644 unittests/servicemonitor/servicemonitor-disabled.yaml create mode 100644 unittests/servicemonitor/servicemonitor-enabled.yaml diff --git a/README.md b/README.md index ec41ac5..d2dd0fd 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ - [OAuth2 Settings](#oauth2-settings) - [Configure commit signing](#configure-commit-signing) - [Metrics and profiling](#metrics-and-profiling) + - [Secure Metrics Endpoint](#secure-metrics-endpoint) - [Pod annotations](#pod-annotations) - [Themes](#themes) - [Renovate](#renovate) @@ -747,6 +748,21 @@ gitea: ENABLE_PPROF: true ``` +### Secure Metrics Endpoint + +Metrics endpoint `/metrics` can be secured by using `Bearer` token authentication. + +**Note:** Providing non-empty `TOKEN` value will also require authentication for `ServiceMonitor`. + +```yaml +gitea: + metrics: + token: "secure-token" + enabled: true + serviceMonitor: + enabled: true +``` + ## Pod annotations Annotations can be added to the Gitea pod. @@ -1053,6 +1069,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | | `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | | `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.token` | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | `nil` | | `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` | | `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` | | `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 64a5efb..1b7cf3b 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -311,6 +311,9 @@ https {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} + {{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}} + {{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}} + {{- end -}} {{- /* redis queue */ -}} {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} @@ -465,3 +468,7 @@ https {{- end -}} {{- toYaml $probe -}} {{- end -}} + +{{- define "gitea.metrics-secret-name" -}} +{{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }} +{{- end -}} \ No newline at end of file diff --git a/templates/gitea/metrics-secret.yaml b/templates/gitea/metrics-secret.yaml new file mode 100644 index 0000000..fe26596 --- /dev/null +++ b/templates/gitea/metrics-secret.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.gitea.metrics.enabled) (.Values.gitea.metrics.serviceMonitor.enabled) (.Values.gitea.metrics.token) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitea.metrics-secret-name" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} + labels: + {{- include "gitea.labels" . | nindent 4 }} +type: Opaque +data: + token: {{ .Values.gitea.metrics.token | b64enc }} +{{- end }} \ No newline at end of file diff --git a/templates/gitea/servicemonitor.yaml b/templates/gitea/servicemonitor.yaml index 1774214..502a1a8 100644 --- a/templates/gitea/servicemonitor.yaml +++ b/templates/gitea/servicemonitor.yaml @@ -32,4 +32,12 @@ spec: tlsConfig: {{- . | toYaml | nindent 6 }} {{- end }} + {{- if .Values.gitea.metrics.token }} + authorization: + type: Bearer + credentials: + name: {{ include "gitea.metrics-secret-name" . }} + key: token + optional: false + {{- end }} {{- end -}} \ No newline at end of file diff --git a/unittests/config/metrics-section_metrics-token.yaml b/unittests/config/metrics-section_metrics-token.yaml new file mode 100644 index 0000000..b8115a1 --- /dev/null +++ b/unittests/config/metrics-section_metrics-token.yaml @@ -0,0 +1,58 @@ +suite: config template | metrics section (metrics token) +release: + name: gitea-unittests + namespace: testing +tests: + - it: metrics token is set + template: templates/gitea/config.yaml + set: + gitea: + metrics: + enabled: true + token: "somepassword" + asserts: + - documentIndex: 0 + equal: + path: stringData.metrics + value: |- + ENABLED=true + TOKEN=somepassword + - it: metrics token is empty + template: templates/gitea/config.yaml + set: + gitea: + metrics: + enabled: true + token: "" + asserts: + - documentIndex: 0 + equal: + path: stringData.metrics + value: |- + ENABLED=true + - it: metrics token is nil + template: templates/gitea/config.yaml + set: + gitea: + metrics: + enabled: true + token: + asserts: + - documentIndex: 0 + equal: + path: stringData.metrics + value: |- + ENABLED=true + - it: does not configures a token if metrics are disabled + template: templates/gitea/config.yaml + set: + gitea: + metrics: + enabled: false + token: "somepassword" + asserts: + - documentIndex: 0 + equal: + path: stringData.metrics + value: |- + ENABLED=false diff --git a/unittests/metric-secret/metrics-secret-servicemonitor-disabled.yaml b/unittests/metric-secret/metrics-secret-servicemonitor-disabled.yaml new file mode 100644 index 0000000..e3776ca --- /dev/null +++ b/unittests/metric-secret/metrics-secret-servicemonitor-disabled.yaml @@ -0,0 +1,23 @@ +suite: Metrics secret template (monitoring disabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/metrics-secret.yaml +tests: + - it: renders nothing if monitoring disabled and gitea.metrics.token empty + set: + gitea.metrics.enabled: false + gitea.metrics.serviceMonitor.enabled: false + gitea.metrics.token: "" + asserts: + - hasDocuments: + count: 0 + - it: renders nothing if monitoring disabled and gitea.metrics.token not empty + set: + gitea.metrics.enabled: false + gitea.metrics.serviceMonitor.enabled: false + gitea.metrics.token: "test-token" + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/metric-secret/metrics-secret-servicemonitor-enabled.yaml b/unittests/metric-secret/metrics-secret-servicemonitor-enabled.yaml new file mode 100644 index 0000000..78e714a --- /dev/null +++ b/unittests/metric-secret/metrics-secret-servicemonitor-enabled.yaml @@ -0,0 +1,33 @@ +suite: Metrics secret template (monitoring enabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/metrics-secret.yaml +tests: + - it: renders nothing if monitoring enabled and gitea.metrics.token empty + set: + gitea.metrics.enabled: true + gitea.metrics.serviceMonitor.enabled: true + gitea.metrics.token: "" + asserts: + - hasDocuments: + count: 0 + - it: renders Secret if monitoring enabled and gitea.metrics.token not empty + set: + gitea.metrics.enabled: true + gitea.metrics.serviceMonitor.enabled: true + gitea.metrics.token: "test-token" + asserts: + - hasDocuments: + count: 1 + - documentIndex: 0 + containsDocument: + kind: Secret + apiVersion: v1 + name: gitea-unittests-metrics-secret + - isNotNullOrEmpty: + path: metadata.labels + - equal: + path: data.token + value: "dGVzdC10b2tlbg==" diff --git a/unittests/servicemonitor/servicemonitor-disabled.yaml b/unittests/servicemonitor/servicemonitor-disabled.yaml new file mode 100644 index 0000000..5b2de44 --- /dev/null +++ b/unittests/servicemonitor/servicemonitor-disabled.yaml @@ -0,0 +1,23 @@ +suite: ServiceMonitor template (monitoring disabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/servicemonitor.yaml +tests: + - it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token empty + set: + gitea.metrics.enabled: false + gitea.metrics.token: "" + gitea.metrics.serviceMonitor.enabled: false + asserts: + - hasDocuments: + count: 0 + - it: renders nothing if gitea.metrics.serviceMonitor disabled and gitea.metrics.token not empty + set: + gitea.metrics.enabled: false + gitea.metrics.token: "test-token" + gitea.metrics.serviceMonitor.enabled: false + asserts: + - hasDocuments: + count: 0 diff --git a/unittests/servicemonitor/servicemonitor-enabled.yaml b/unittests/servicemonitor/servicemonitor-enabled.yaml new file mode 100644 index 0000000..29d83ca --- /dev/null +++ b/unittests/servicemonitor/servicemonitor-enabled.yaml @@ -0,0 +1,70 @@ +suite: ServiceMonitor template (monitoring enabled) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/servicemonitor.yaml +tests: + - it: renders unsecure ServiceMonitor if gitea.metrics.token nil + set: + gitea.metrics.enabled: true + gitea.metrics.token: + gitea.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 1 + - documentIndex: 0 + containsDocument: + kind: ServiceMonitor + apiVersion: monitoring.coreos.com/v1 + name: gitea-unittests + - isNotNullOrEmpty: + path: metadata.labels + - equal: + path: spec.endpoints + value: + - port: http + - it: renders unsecure ServiceMonitor if gitea.metrics.token empty + set: + gitea.metrics.enabled: true + gitea.metrics.token: "" + gitea.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 1 + - documentIndex: 0 + containsDocument: + kind: ServiceMonitor + apiVersion: monitoring.coreos.com/v1 + name: gitea-unittests + - isNotNullOrEmpty: + path: metadata.labels + - equal: + path: spec.endpoints + value: + - port: http + - it: renders secure ServiceMonitor if gitea.metrics.token not empty + set: + gitea.metrics.enabled: true + gitea.metrics.token: "test-token" + gitea.metrics.serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 1 + - documentIndex: 0 + containsDocument: + kind: ServiceMonitor + apiVersion: monitoring.coreos.com/v1 + name: gitea-unittests + - isNotNullOrEmpty: + path: metadata.labels + - equal: + path: spec.endpoints + value: + - port: http + authorization: + type: Bearer + credentials: + name: gitea-unittests-metrics-secret + key: token + optional: false diff --git a/values.yaml b/values.yaml index f3998ec..2dfb62d 100644 --- a/values.yaml +++ b/values.yaml @@ -461,6 +461,7 @@ gitea: passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Gitea metrics + ## @param gitea.metrics.token used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. ## @param gitea.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. ## @param gitea.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. @@ -469,6 +470,7 @@ gitea: ## @param gitea.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus. metrics: enabled: false + token: serviceMonitor: enabled: false # additionalLabels: -- 2.40.1 From 5f7d35390127e523b64449631a55c88773f0ef90 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sat, 30 Nov 2024 14:47:18 +0000 Subject: [PATCH 386/390] Prevent reoccurring namespace inconsistencies (#737) https://gitea.com/gitea/helm-chart/pulls/713 ensured that all resources contain a `namespace` field. When adding Gitea actions runner support in https://gitea.com/gitea/helm-chart/pulls/666, this was an oversight. Signed-off-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/737 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- .gitea/PULL_REQUEST_TEMPLATE.md | 1 + templates/gitea/act_runner/config-act-runner.yaml | 1 + templates/gitea/act_runner/config-scripts.yaml | 1 + templates/gitea/act_runner/job.yaml | 1 + templates/gitea/act_runner/role-job.yaml | 1 + templates/gitea/act_runner/rolebinding-job.yaml | 1 + templates/gitea/act_runner/secret-token.yaml | 1 + templates/gitea/act_runner/serviceaccount-job.yaml | 1 + templates/gitea/act_runner/statefulset.yaml | 1 + 9 files changed, 9 insertions(+) diff --git a/.gitea/PULL_REQUEST_TEMPLATE.md b/.gitea/PULL_REQUEST_TEMPLATE.md index 01ad275..686d550 100644 --- a/.gitea/PULL_REQUEST_TEMPLATE.md +++ b/.gitea/PULL_REQUEST_TEMPLATE.md @@ -40,3 +40,4 @@ - [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [ ] Breaking changes are documented in the `README.md` - [ ] Templating unittests are added +- [ ] All added template resources MUST render a namespace in metadata diff --git a/templates/gitea/act_runner/config-act-runner.yaml b/templates/gitea/act_runner/config-act-runner.yaml index 03961ae..433fb69 100644 --- a/templates/gitea/act_runner/config-act-runner.yaml +++ b/templates/gitea/act_runner/config-act-runner.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "gitea.fullname" . }}-act-runner-config + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} data: diff --git a/templates/gitea/act_runner/config-scripts.yaml b/templates/gitea/act_runner/config-scripts.yaml index 688bd20..31b926e 100644 --- a/templates/gitea/act_runner/config-scripts.yaml +++ b/templates/gitea/act_runner/config-scripts.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "gitea.fullname" . }}-scripts + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} data: diff --git a/templates/gitea/act_runner/job.yaml b/templates/gitea/act_runner/job.yaml index 032671f..e8189d9 100644 --- a/templates/gitea/act_runner/job.yaml +++ b/templates/gitea/act_runner/job.yaml @@ -7,6 +7,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ $name }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} {{- with .Values.actions.provisioning.labels }} diff --git a/templates/gitea/act_runner/role-job.yaml b/templates/gitea/act_runner/role-job.yaml index b06c18d..c2afa57 100644 --- a/templates/gitea/act_runner/role-job.yaml +++ b/templates/gitea/act_runner/role-job.yaml @@ -7,6 +7,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ $name }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} app.kubernetes.io/component: token-job diff --git a/templates/gitea/act_runner/rolebinding-job.yaml b/templates/gitea/act_runner/rolebinding-job.yaml index c80bd3e..1c67e84 100644 --- a/templates/gitea/act_runner/rolebinding-job.yaml +++ b/templates/gitea/act_runner/rolebinding-job.yaml @@ -7,6 +7,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ $name }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} app.kubernetes.io/component: token-job diff --git a/templates/gitea/act_runner/secret-token.yaml b/templates/gitea/act_runner/secret-token.yaml index e6ee325..bc3416b 100644 --- a/templates/gitea/act_runner/secret-token.yaml +++ b/templates/gitea/act_runner/secret-token.yaml @@ -7,6 +7,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} app.kubernetes.io/component: token-job diff --git a/templates/gitea/act_runner/serviceaccount-job.yaml b/templates/gitea/act_runner/serviceaccount-job.yaml index e2c0fb4..dd39752 100644 --- a/templates/gitea/act_runner/serviceaccount-job.yaml +++ b/templates/gitea/act_runner/serviceaccount-job.yaml @@ -6,6 +6,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ $name }} + namespace: {{ .Values.namespace | default .Release.Namespace }} labels: {{- include "gitea.labels" . | nindent 4 }} app.kubernetes.io/component: token-job diff --git a/templates/gitea/act_runner/statefulset.yaml b/templates/gitea/act_runner/statefulset.yaml index 58939d2..46382bf 100644 --- a/templates/gitea/act_runner/statefulset.yaml +++ b/templates/gitea/act_runner/statefulset.yaml @@ -14,6 +14,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "gitea.fullname" . }}-act-runner + namespace: {{ .Values.namespace | default .Release.Namespace }} spec: selector: matchLabels: -- 2.40.1 From 52153021e33953d0861af4b86c78fe2cc393b135 Mon Sep 17 00:00:00 2001 From: justusbunsi Date: Sat, 30 Nov 2024 16:07:23 +0000 Subject: [PATCH 387/390] Finetune Renovate configuration (#738) `go-gitea/gitea` is no workflow dependency and therefore should not be grouped as such. It got automatically matched due to `custom.regex` manager in that rule. Since we now have image dependencies in our `values.yaml`, PR builds will fail when these changes are not represented in `README.md`. Using a [postUpgradeTask](https://docs.renovatebot.com/configuration-options/#postupgradetasks) allows customized Renovate behavior. Signed-off-by: justusbunsi Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/738 Co-authored-by: justusbunsi Co-committed-by: justusbunsi --- renovate.json5 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/renovate.json5 b/renovate.json5 index d0a0ac6..7605fa7 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -63,6 +63,25 @@ 'patch', 'digest', ], + matchFileNames: [ + '!Chart.yaml', + ], + }, + { + description: 'Update README.md on changes in values.yaml', + matchManagers: [ + 'helm-values', + ], + postUpgradeTasks: { + commands: [ + 'install-tool node', + 'make readme', + ], + fileFilters: [ + 'README.md', + ], + executionMode: 'update', + }, }, { description: 'Override changelog url for Helm image, to have release notes in our PRs', -- 2.40.1 From 7cae9d3404a2b55b562c6cd546a1b042d7ef67de Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 30 Nov 2024 23:34:16 +0000 Subject: [PATCH 388/390] chore(deps): update busybox docker tag to v1.37.0 (#734) This PR contains the following updates: | Package | Update | Change | |---|---|---| | busybox | minor | `1.36.1` -> `1.37.0` | --- Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/734 Reviewed-by: techknowlogick Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- README.md | 2 +- values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d2dd0fd..2f9c9ba 100644 --- a/README.md +++ b/README.md @@ -1030,7 +1030,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `actions.enabled` | Create an act runner StatefulSet. | `false` | | `actions.init.image.repository` | The image used for the init containers | `busybox` | -| `actions.init.image.tag` | The image tag used for the init containers | `1.36.1` | +| `actions.init.image.tag` | The image tag used for the init containers | `1.37.0` | | `actions.statefulset.annotations` | Act runner annotations | `{}` | | `actions.statefulset.labels` | Act runner labels | `{}` | | `actions.statefulset.resources` | Act runner resources | `{}` | diff --git a/values.yaml b/values.yaml index 2dfb62d..cf9308d 100644 --- a/values.yaml +++ b/values.yaml @@ -420,7 +420,7 @@ actions: image: repository: busybox # Overrides the image tag whose default is the chart appVersion. - tag: "1.36.1" + tag: "1.37.0" provisioning: enabled: false -- 2.40.1 From e3db83e22b923bbea7aec27c9c4dfc3e69675f35 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 30 Nov 2024 23:44:11 +0000 Subject: [PATCH 389/390] chore(deps): update dependency go-gitea/gitea to v1.22.4 (#740) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [go-gitea/gitea](https://github.com/go-gitea/gitea) | patch | `1.22.3` -> `1.22.4` | --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/740 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 6cf2c41..21a0e63 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 # renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?.*)$ -appVersion: 1.22.3 +appVersion: 1.22.4 icon: https://gitea.com/assets/img/logo.svg keywords: -- 2.40.1 From aec87c249050aca00e560e3d560dceaf13df8d0c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 30 Nov 2024 23:47:49 +0000 Subject: [PATCH 390/390] chore(deps): update workflow dependencies (minor & patch) (#735) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [alpine/helm](https://github.com/alpine-docker/helm) ([changelog](https://github.com/helm/helm)) | | minor | `3.15.3` -> `3.16.3` | | [alpine/helm](https://github.com/alpine-docker/helm) ([changelog](https://github.com/helm/helm)) | container | minor | `3.15.3` -> `3.16.3` | | [helm-unittest/helm-unittest](https://github.com/helm-unittest/helm-unittest) | | minor | `v0.5.2` -> `v0.7.0` | | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.41.0` -> `^0.43.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.41.0/0.43.0) | --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/735 Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- .gitea/workflows/release-version.yml | 2 +- .gitea/workflows/test-pr.yml | 4 +- .vscode/settings.json | 2 +- package-lock.json | 149 +++++++++++++-------------- package.json | 2 +- 5 files changed, 74 insertions(+), 85 deletions(-) diff --git a/.gitea/workflows/release-version.yml b/.gitea/workflows/release-version.yml index 994add0..3b95267 100644 --- a/.gitea/workflows/release-version.yml +++ b/.gitea/workflows/release-version.yml @@ -7,7 +7,7 @@ on: env: # renovate: datasource=docker depName=alpine/helm - HELM_VERSION: "3.15.3" + HELM_VERSION: "3.16.3" jobs: generate-chart-publish: diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml index 78ed267..2797c75 100644 --- a/.gitea/workflows/test-pr.yml +++ b/.gitea/workflows/test-pr.yml @@ -11,12 +11,12 @@ on: env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_UNITTEST_VERSION: "v0.5.2" + HELM_UNITTEST_VERSION: "v0.7.0" jobs: check-and-test: runs-on: ubuntu-latest - container: alpine/helm:3.15.3 + container: alpine/helm:3.16.3 steps: - name: install tools run: | diff --git a/.vscode/settings.json b/.vscode/settings.json index 5271d28..1b31698 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [ + "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.7.0/schema/helm-testsuite.json": [ "/unittests/**/*.yaml" ] }, diff --git a/package-lock.json b/package-lock.json index c00c95e..3edacb1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "license": "MIT", "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.41.0" + "markdownlint-cli": "^0.43.0" }, "engines": { "node": ">=16.0.0", @@ -48,16 +48,6 @@ "node": ">=12" } }, - "node_modules/@pkgjs/parseargs": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", - "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", - "dev": true, - "optional": true, - "engines": { - "node": ">=14" - } - }, "node_modules/ansi-regex": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", @@ -228,18 +218,6 @@ "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", "dev": true }, - "node_modules/get-stdin": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", - "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/glob": { "version": "7.2.3", "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", @@ -261,10 +239,11 @@ } }, "node_modules/ignore": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", - "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-6.0.2.tgz", + "integrity": "sha512-InwqeHHN2XpumIkMvpl/DCJVrAHgCsG5+cn1XlnLWGwtZBm8QJfSusItfrwx81CTp5agNZqpKU2J/ccC5nGT4A==", "dev": true, + "license": "MIT", "engines": { "node": ">= 4" } @@ -310,22 +289,19 @@ "dev": true }, "node_modules/jackspeak": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz", - "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==", + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.0.2.tgz", + "integrity": "sha512-bZsjR/iRjl1Nk1UkjGpAzLNfQtzuijhn2g+pbZb98HQ1Gk8vM9hfbxeMBP+M2/UUdwj0RqGG3mlvk2MsAqwvEw==", "dev": true, "license": "BlueOak-1.0.0", "dependencies": { "@isaacs/cliui": "^8.0.2" }, "engines": { - "node": ">=14" + "node": "20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" - }, - "optionalDependencies": { - "@pkgjs/parseargs": "^0.11.0" } }, "node_modules/js-yaml": { @@ -341,10 +317,11 @@ } }, "node_modules/jsonc-parser": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz", - "integrity": "sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==", - "dev": true + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.3.1.tgz", + "integrity": "sha512-HUgH65KyejrUFPvHFPbqOY0rsFip3Bo5wb4ngvdi1EpCYWUQDC5V+Y7mZws+DLkr4M//zQJoanu1SP+87Dv1oQ==", + "dev": true, + "license": "MIT" }, "node_modules/jsonpointer": { "version": "5.0.1", @@ -371,12 +348,13 @@ "dev": true }, "node_modules/lru-cache": { - "version": "10.2.2", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", - "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==", + "version": "11.0.2", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.0.2.tgz", + "integrity": "sha512-123qHRfJBmo2jXDbo/a5YOQrJoHF/GNQTLzQ5+IdK5pWpceK17yRc6ozlWd25FxvGKQbIUs91fDFkXmDHTKcyA==", "dev": true, + "license": "ISC", "engines": { - "node": "14 || >=16.14" + "node": "20 || >=22" } }, "node_modules/markdown-it": { @@ -410,13 +388,14 @@ } }, "node_modules/markdownlint": { - "version": "0.34.0", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.34.0.tgz", - "integrity": "sha512-qwGyuyKwjkEMOJ10XN6OTKNOVYvOIi35RNvDLNxTof5s8UmyGHlCdpngRHoRGNvQVGuxO3BJ7uNSgdeX166WXw==", + "version": "0.36.1", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.36.1.tgz", + "integrity": "sha512-s73fU2CQN7WCgjhaQUQ8wYESQNzGRNOKDd+3xgVqu8kuTEhmwepd/mxOv1LR2oV046ONrTLBFsM7IoKWNvmy5g==", "dev": true, + "license": "MIT", "dependencies": { "markdown-it": "14.1.0", - "markdownlint-micromark": "0.1.9" + "markdownlint-micromark": "0.1.12" }, "engines": { "node": ">=18" @@ -426,23 +405,22 @@ } }, "node_modules/markdownlint-cli": { - "version": "0.41.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.41.0.tgz", - "integrity": "sha512-kp29tKrMKdn+xonfefjp3a/MsNzAd9c5ke0ydMEI9PR98bOjzglYN4nfMSaIs69msUf1DNkgevAIAPtK2SeX0Q==", + "version": "0.43.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.43.0.tgz", + "integrity": "sha512-6vwurKK4B21eyYzwgX6ph13cZS7hE6LZfcS8QyD722CyxVD2RtAvbZK2p7k+FZbbKORulEuwl+hJaEq1l6/hoQ==", "dev": true, "license": "MIT", "dependencies": { "commander": "~12.1.0", - "get-stdin": "~9.0.0", - "glob": "~10.4.1", - "ignore": "~5.3.1", + "glob": "~11.0.0", + "ignore": "~6.0.2", "js-yaml": "^4.1.0", - "jsonc-parser": "~3.2.1", + "jsonc-parser": "~3.3.1", "jsonpointer": "5.0.1", - "markdownlint": "~0.34.0", - "minimatch": "~9.0.4", + "markdownlint": "~0.36.1", + "minimatch": "~10.0.1", "run-con": "~1.3.2", - "smol-toml": "~1.2.0" + "smol-toml": "~1.3.1" }, "bin": { "markdownlint": "markdownlint.js" @@ -472,49 +450,51 @@ } }, "node_modules/markdownlint-cli/node_modules/glob": { - "version": "10.4.1", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz", - "integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==", + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-11.0.0.tgz", + "integrity": "sha512-9UiX/Bl6J2yaBbxKoEBRm4Cipxgok8kQYcOPEhScPwebu2I0HoQOuYdIO6S3hLuWoZgpDpwQZMzTFxgpkyT76g==", "dev": true, "license": "ISC", "dependencies": { "foreground-child": "^3.1.0", - "jackspeak": "^3.1.2", - "minimatch": "^9.0.4", + "jackspeak": "^4.0.1", + "minimatch": "^10.0.0", "minipass": "^7.1.2", - "path-scurry": "^1.11.1" + "package-json-from-dist": "^1.0.0", + "path-scurry": "^2.0.0" }, "bin": { "glob": "dist/esm/bin.mjs" }, "engines": { - "node": ">=16 || 14 >=14.18" + "node": "20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/markdownlint-cli/node_modules/minimatch": { - "version": "9.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", - "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.0.1.tgz", + "integrity": "sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==", "dev": true, "license": "ISC", "dependencies": { "brace-expansion": "^2.0.1" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": "20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/markdownlint-micromark": { - "version": "0.1.9", - "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.9.tgz", - "integrity": "sha512-5hVs/DzAFa8XqYosbEAEg6ok6MF2smDj89ztn9pKkCtdKHVdPQuGMH7frFfYL9mLkvfFe4pTyAMffLbjf3/EyA==", + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.12.tgz", + "integrity": "sha512-RlB6EwMGgc0sxcIhOQ2+aq7Zw1V2fBnzbXKGgYK/mVWdT7cz34fteKSwfYeo4rL6+L/q2tyC9QtD/PgZbkdyJQ==", "dev": true, + "license": "MIT", "engines": { "node": ">=18" }, @@ -568,6 +548,13 @@ "wrappy": "1" } }, + "node_modules/package-json-from-dist": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", + "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", + "dev": true, + "license": "BlueOak-1.0.0" + }, "node_modules/path-is-absolute": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", @@ -587,17 +574,17 @@ } }, "node_modules/path-scurry": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", - "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.0.tgz", + "integrity": "sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==", "dev": true, "license": "BlueOak-1.0.0", "dependencies": { - "lru-cache": "^10.2.0", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" + "lru-cache": "^11.0.0", + "minipass": "^7.1.2" }, "engines": { - "node": ">=16 || 14 >=14.18" + "node": "20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -670,14 +657,16 @@ } }, "node_modules/smol-toml": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.2.0.tgz", - "integrity": "sha512-KObxdQANC/xje3OoatMbSwQf2XAvJ0RbK+4nmQRszFNZptbNRnMWqbLF/zb4sMi9xJ6HNyhWXeuZ9zC/I/XY7w==", + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.3.1.tgz", + "integrity": "sha512-tEYNll18pPKHroYSmLLrksq233j021G0giwW7P3D24jC54pQ5W5BXMsQ/Mvw1OJCmEYDgY+lrzT+3nNUtoNfXQ==", "dev": true, "license": "BSD-3-Clause", "engines": { - "node": ">= 18", - "pnpm": ">= 9" + "node": ">= 18" + }, + "funding": { + "url": "https://github.com/sponsors/cyyynthia" } }, "node_modules/string-width": { diff --git a/package.json b/package.json index 3cc3449..1b02f2a 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,6 @@ }, "devDependencies": { "@bitnami/readme-generator-for-helm": "^2.5.0", - "markdownlint-cli": "^0.41.0" + "markdownlint-cli": "^0.43.0" } } -- 2.40.1