Add support for rootless image

2021-03-03 18:32:10 +01:00
parent 2b01e6ece6
commit 4786cb4754
4 changed files with 50 additions and 20 deletions
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -31,6 +31,16 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 
 {{- end -}} 
 
+{{/* 
+Create image name and tag used by the deployment. 
+*/}} 
+{{- define "gitea.image" -}} 
+{{- $name := .Values.image.repository -}} 
+{{- $tag := ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") -}} 
+{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} 
+{{- printf "%s:%s%s" $name $tag $rootless -}} 
+{{- end -}} 
+ 
 {{/* 
 Common labels 
 */}} 
@@ -115,4 +125,4 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} 
 {{- end -}} 
 {{- end -}} 
-{{- end -}} 
+{{- end -}} 
--- a/templates/gitea/init.yaml
+++ b/templates/gitea/init.yaml
@@ -20,12 +20,17 @@ stringData:
 mkdir -p /data/git/.ssh 
 chmod -R 700 /data/git/.ssh 
 mkdir -p /data/gitea/conf 
+ 
+ # Copy config file to writable volume 
 cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini 
 chmod a+rwx /data/gitea/conf/app.ini 
 {{- if include "db.servicename" . }} 
+ # Wait for database to become avialble 
 nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \ 
 {{- end }} 
+ {{- if not .Values.image.rootless }} 
 su git -c ' \ 
+ {{- end }} 
 set -x; \ 
 gitea migrate; \ 
 {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} 
@@ -53,4 +58,6 @@ stringData:
 {{- include "gitea.oauth_settings" . | nindent 6 }} \ 
 ) \ 
 {{- end }} 
+ {{- if not .Values.image.rootless }} 
 ' 
+ {{- end }} 
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@@ -36,13 +36,19 @@ spec:
 fsGroup: 1000 
 initContainers: 
 - name: init 
- image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" 
+ image: "{{ include "gitea.image" . }}" 
 command: ["/usr/sbin/init_gitea.sh"] 
 env: 
- {{- range .Values.statefulset.env }} 
- - name: {{ .name | quote | nospace }} 
- value: {{ .value | quote }} 
- {{- end }} 
+  - name: GITEA_APP_INI 
+  value: /data/gitea/conf/app.ini 
+ - name: GITEA_CUSTOM 
+  value: /data/gitea 
+ - name: GITEA_WORK_DIR 
+ value: /data 
+ {{- range .Values.statefulset.env }} 
+ - name: {{ .name | quote | nospace }} 
+ value: {{ .value | quote }} 
+ {{- end }} 
 volumeMounts: 
 - name: init 
 mountPath: /usr/sbin 
@@ -56,7 +62,7 @@ spec:
 terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} 
 containers: 
 - name: {{ .Chart.Name }} 
- image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" 
+ image: "{{ include "gitea.image" . }}" 
 imagePullPolicy: {{ .Values.image.pullPolicy }} 
 env: 
 # SSH Port values have to be set here as well for openssh configuration 
@@ -64,6 +70,12 @@ spec:
 value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }} 
 - name: SSH_PORT 
 value: {{ .Values.gitea.config.server.SSH_PORT | quote }} 
+ - name: GITEA_APP_INI 
+ value: /data/gitea/conf/app.ini 
+ - name: GITEA_CUSTOM 
+ value: /data/gitea 
+ - name: GITEA_WORK_DIR 
+ value: /data 
 {{- range .Values.statefulset.env }} 
 - name: {{ .name | quote | nospace }} 
 value: {{ .value | quote }} 
--- a/values.yaml
+++ b/values.yaml
@@ -10,6 +10,7 @@ image:
 repository: gitea/gitea 
 tag: 1.13.7 
 pullPolicy: Always 
+ rootless: false # only possible when running the latest tag 
 
 imagePullSecrets: [] 
 
@@ -119,25 +120,25 @@ gitea:
 
 ldap: 
 enabled: false 
- #name:  
- #securityProtocol:  
- #host:  
- #port:  
- #userSearchBase:  
- #userFilter:  
- #adminFilter:  
- #emailAttribute:  
- #bindDn:  
- #bindPassword:  
- #usernameAttribute:  
+ #name: 
+ #securityProtocol: 
+ #host: 
+ #port: 
+ #userSearchBase: 
+ #userFilter: 
+ #adminFilter: 
+ #emailAttribute: 
+ #bindDn: 
+ #bindPassword: 
+ #usernameAttribute: 
 #sshPublicKeyAttribute: 
 
 oauth: 
 enabled: false 
 #name: 
 #provider: 
- #key:  
- #secret:  
+ #key: 
+ #secret: 
 #autoDiscoverUrl: 
 #useCustomUrls: 
 #customAuthUrl: