gitea/helm-gitea
Fork 169
Code Issues 54 Pull Requests 11 Actions 2 Releases 103 Activity

Merge branch 'main' into supersede-359
All checks were successful
check-and-test / check-and-test (pull_request) Successful in 1m4s
Details

Browse Source
This commit is contained in:
Patrick Schratz
2023-11-14 22:18:21 +00:00
parent 9987aeb4c8 3cf91bf6e7
commit d3306d71e0
10 changed files with 106 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/release-version.yml
View File

@@ -7,7 +7,7 @@ on:
env:
# renovate: datasource=docker depName=alpine/helm
HELM_VERSION: "3.12.3"
HELM_VERSION: "3.13.2"
jobs:
generate-chart-publish:

2
.gitea/workflows/test-pr.yml
View File

@@ -10,7 +10,7 @@ env:
jobs:
check-and-test:
runs-on: ubuntu-latest
container: alpine/helm:3.12.3
container: alpine/helm:3.13.2
steps:
- name: install tools
run: |

6
Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 11.9.4
- name: redis-cluster
repository: oci://registry-1.docker.io/bitnamicharts
version: 9.1.1
digest: sha256:35358da69169541a009540a2d6a840584390e5b53dad5b647b19bd5c14c88f93
generated: "2023-11-06T00:07:24.742145709Z"
version: 9.1.3
digest: sha256:6bda620320a05a5ea4efb4189a86d30092aeb0a6f3e0009538f4bea312af0863
generated: "2023-11-14T00:08:15.790217865Z"

2
Chart.yaml
View File

@@ -46,5 +46,5 @@ dependencies:
# https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
- name: redis-cluster
repository: oci://registry-1.docker.io/bitnamicharts
version: 9.1.1
version: 9.1.3
condition: redis-cluster.enabled

48
README.md
View File

@@ -10,6 +10,7 @@
- [Database defaults](#database-defaults)
- [Server defaults](#server-defaults)
- [Metrics defaults](#metrics-defaults)
- [Rootless defaults](#rootless-defaults)
- [Single-Pod Configurations](#single-pod-configurations)
- [Additional _app.ini_ settings](#additional-appini-settings)
- [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
@@ -172,6 +173,26 @@ The Prometheus `/metrics` endpoint is disabled by default.
ENABLED = false
```
#### Rootless Defaults
If `.Values.image.rootless: true`, then the following will occur. In case you use `.Values.image.fullOverride`, check that this works in your image:
- `$HOME` becomes `/data/gitea/git`
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside (init-)container "env" declarations
- `START_SSH_SERVER: true` (Unless explicity overwritten by `gitea.config.server.START_SSH_SERVER`)
[see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition
- `SSH_LISTEN_PORT: 2222` (Unless explicity overwritten by `gitea.config.server.SSH_LISTEN_PORT`)
[see \_helpers.tpl](./templates/_helpers.tpl) in `gitea.inline_configuration.defaults.server` definition
- `SSH_LOG_LEVEL` environment variable is not injected into the container
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations
### Single-Pod Configurations
If HA is not needed/desired, the following configurations can be used to deploy a single-pod Gitea instance.
@@ -216,9 +237,9 @@ If HA is not needed/desired, the following configurations can be used to deploy
**Do not use this configuration for production use**.
<details>
<summary>values.yml</summary>
```yaml
redis-cluster:
enabled: false
@@ -226,10 +247,10 @@ If HA is not needed/desired, the following configurations can be used to deploy
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: false
gitea:
config:
database:
@@ -785,15 +806,16 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
### Image
| Name | Description | Value |
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `image.repository` | Image to start for this pod | `gitea/gitea` |
| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` |
| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `image.pullPolicy` | Image pull policy | `Always` |
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` |
| `imagePullSecrets` | Secret to use for pulling the image | `[]` |
| Name | Description | Value |
| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` |
| `image.repository` | Image to start for this pod | `gitea/gitea` |
| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` |
| `image.digest` | Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest` | `""` |
| `image.pullPolicy` | Image pull policy | `Always` |
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `true` |
| `image.fullOverride` | Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).** | `""` |
| `imagePullSecrets` | Secret to use for pulling the image | `[]` |
### Security

5
templates/_helpers.tpl
View File

@@ -56,6 +56,7 @@ Create chart name and version as used by the chart label.
Create image name and tag used by the deployment.
*/}}
{{- define "gitea.image" -}}
{{- $fullOverride := .Values.image.fullOverride | default "" -}}
{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
{{- $repository := .Values.image.repository -}}
{{- $separator := ":" -}}
@@ -65,7 +66,9 @@ Create image name and tag used by the deployment.
{{- if .Values.image.digest }}
{{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}}
{{- end -}}
{{- if $registry }}
{{- if $fullOverride }}
{{- printf "%s" $fullOverride -}}
{{- else if $registry }}
{{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}}
{{- else -}}
{{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}}

15
unittests/deployment/image-configuration.yaml
View File

@@ -57,6 +57,21 @@ tests:
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.19.3-rootless@sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a"
- it: image fullOverride (does not append rootless)
template: templates/gitea/deployment.yaml
set:
image:
fullOverride: gitea/gitea:1.19.3
# setting rootless, registry, repository, tag, and digest to prove that override works
rootless: true
registry: example.com
repository: example/image
tag: "1.0.0"
digest: sha256:b28e8f3089b52ebe6693295df142f8c12eff354e9a4a5bfbb5c10f296c3a537a
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: "gitea/gitea:1.19.3"
- it: digest for root-based image
template: templates/gitea/deployment.yaml
set:

24
unittests/deployment/ssh-configuration.yaml
View File

@@ -27,6 +27,18 @@ tests:
content:
name: SSH_LOG_LEVEL
value: "DEBUG"
- it: supports overriding SSH log level (even when image.fullOverride set)
template: templates/gitea/deployment.yaml
set:
image.fullOverride: gitea/gitea:1.19.3
image.rootless: false
gitea.ssh.logLevel: "DEBUG"
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: SSH_LOG_LEVEL
value: "DEBUG"
- it: skips SSH_LOG_LEVEL for rootless image
template: templates/gitea/deployment.yaml
set:
@@ -38,3 +50,15 @@ tests:
any: true
content:
name: SSH_LOG_LEVEL
- it: skips SSH_LOG_LEVEL for rootless image (even when image.fullOverride set)
template: templates/gitea/deployment.yaml
set:
image.fullOverride: gitea/gitea:1.19.3
image.rootless: true
gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
asserts:
- notContains:
path: spec.template.spec.containers[0].env
any: true
content:
name: SSH_LOG_LEVEL

20
unittests/init/init_directory_structure.sh-rootless.yaml
View File

@@ -66,3 +66,23 @@ tests:
chmod 700 "${GNUPGHOME}"
chown 1000:1000 "${GNUPGHOME}"
fi
- it: it does not chown /data even when image.fullOverride is set
template: templates/gitea/init.yaml
set:
image.fullOverride: gitea/gitea:1.20.5
asserts:
- equal:
path: stringData["init_directory_structure.sh"]
value: |-
#!/usr/bin/env bash
set -euo pipefail
set -x
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"

2
values.yaml
View File

@@ -43,6 +43,7 @@ clusterDomain: cluster.local
## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
## @param image.pullPolicy Image pull policy
## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
image:
registry: ""
repository: gitea/gitea
@@ -51,6 +52,7 @@ image:
digest: ""
pullPolicy: Always
rootless: true
fullOverride: ""
## @param imagePullSecrets Secret to use for pulling the image
imagePullSecrets: []