volker.raschek/helm-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Integrate NOVUM-RGI chart into the official helm chart. (#7)

Browse Source 
Fix ssh port settings

Remove blank line from LICENSE file

add check for admin user

set PROTOCOL default to http

Add Konrad Lother as Maintainer

Update readme with generic values

make app.ini generic

- app.ini is now configurable via dictionary in values.yaml
- database and server configuration is autogenerated if not defined
- http and ssh services now use gitea config settings for targetPort
- add default security value INSTALL_LOCK = true
- clean up builtin cache settings

bump gitea version

Add values and Remove vscode TOC comments

- values enablePushCreateOrg and enablePushCreateUser have been added to repository settings

fix naming order of license and maintainers

Multiple improvements for the chart:

- add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error
- add guard for loadbalancer settings in ssh service
- use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6)
- init container now also provisions mysql and external database correctly

Fix PVC mounting issues for longhorn storageClass

Add examples to readme

Fix port setting for ssh

Fix and operator for newer helm versions

update values to support most configuration gitea offers

Replace Readme

update license file

Update helpers with dependencies, update NOTES.txt

update Chart.yaml with dependencies

Requirements.yaml removed, since this is deprecated and moved to Chart.yaml

Remove now unused dependencies and deployments

- init is no longer used since databases are initialized
  on original charts and managed with dependency
- ingress.yaml moved to templates/gitea
- deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml
- memcached also handled with helm dependency and initialized in original chart

Add initial test for gitea helm chart

Rework templates for helm chart.

- app.ini configurable via config
- admin user and ldap settings configurable via config
- using statefulset to handle pvc
- update helpers for new dependencies

remove helm build artifacts since they are not needed in this repository

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
luhahn
2020-08-23 17:56:55 +00:00
committed by techknowlogick
parent b2725ae7cf
commit 5e0cfed9be
26 changed files with 805 additions and 1433 deletions
Download Patch File Download Diff File Expand all files Collapse all files

327
values.yaml
View File

@ -1,230 +1,131 @@
## Gitea image
## ref: https://hub.docker.com/r/gitea/gitea/tags/
##
# Default values for gitea.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
tags:
mariadb: true
replicaCount: 1
images:
registry: docker.io
gitea: "gitea/gitea:1.12.2"
memcached: "memcached:1.5.19-alpine"
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
image:
repository: gitea/gitea
version: 1.12.3
pullPolicy: Always
## Cache settings for memcache
memcached:
maxItemMemory: 64
verbosity: v
extendedOptions: modern
imagePullSecrets: []
## Configure the ingress resource that allows you to access the
## Gitea installation. Set up the URL
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## Set to true to enable ingress record generation
enabled: true
## Set this to true in order to add the corresponding annotations for cert-manager
certManager: false
## When the ingress is enabled, a host pointing to this will be created
hostname: gitea.local
## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
annotations: {}
# certmanager.k8s.io/cluster-issuer: letsencrypt-prod
# kubernetes.io/ingress.class: nginx
## The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
# hosts:
# - name: gitea.local
# path: /
## The tls configuration for the ingress
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## Uncomment below to enable tls / https for let's encrypt / cert-manager
# tls:
# - hosts:
# - gitea.local
# secretName: gitea.tls
secrets:
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
# - name: gitea.local-tls
# key:
# certificate:
#
## This chart defaults to using an ingress for http, but change to LoadBalancer if using you cluster supports it
service:
## This can stay as ClusterIP as (by default) we use ingress
http:
serviceType: ClusterIP
type: ClusterIP
port: 3000
## Make the external port available
# externalPort: 8280
# externalHost: gitea.local
## SSH is commonly on port 22.. however.. you most likely already have port 22 being used by your node.
## so we use port 8022.
ssh:
serviceType: LoadBalancer
type: ClusterIP
port: 22
#nodePort: 30222
## If serving on a different external port used for determining the ssh url in the gui
externalPort: 8022
externalHost: gitea.local
externalIPs: []
#loadBalancerIP:
#nodePort:
annotations:
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
gitea:
requests:
memory: 500Mi
cpu: 1000m
limits:
memory: 2Gi
cpu: 1
memcached:
requests:
memory: 64Mi
cpu: 50m
## Update strategy - for deployments with RWO PVs attached and with a
## single replicas = 1, an update can get stuck, as the previous pod
## remains attached to the PVC. Changing the strategy to "Recreate"
## will terminate the single previous pod, so that the new, incoming
## pod can attach to the PV
# deploymentStrategy:
# rollingUpdate:
# type: "Recreate"
# type: "RollingUpdate"
# maxSurge: 1
# maxUnavailable: 1
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
## ref:
##
persistence:
ingress:
enabled: false
# existingGiteaClaim: gitea-gitea
giteaSize: 10Gi
# storageClass: glusterfs
accessMode: ReadWriteMany
## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted.
annotations:
"helm.sh/resource-policy": keep
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- git.example.com
tls: []
# - secretName: chart-example-tls
# hosts:
# - git.example.com
## if you want to mount a volume directly without using a storageClass or pvcs
# directGiteaVolumeMount:
# glusterfs:
# endpoints: "192.168.1.1 192.168.1.2 192.168.1.3"
# path: giteaData
# directPostgresVolumeMount:
# glusterfs:
# endpoints: "192.168.1.1 192.168.1.2 192.168.1.3"
# path: giteaPostgresData
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
##
## MariaDB chart configuration
##
## https://github.com/helm/charts/blob/master/stable/mariadb/values.yaml
##
mariadb:
## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
enabled: true
## Disable MariaDB replication
replication:
enabled: false
## Create a database and a database user
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run
##
db:
name: gitea
user: gitea
## If the password is not specified, mariadb will generates a random password
##
# password: ThisIsMySuperSecretPassword
## MariaDB admin password
## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#setting-the-root-password-on-first-run
##
rootUser:
# password: ThisIsMySuperSecretPassword
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
master:
persistence:
enabled: false
## mariadb data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 8Gi
## Connect to an external database instead
# externalDB:
# dbUser: "postgres"
# dbPassword: "<MY_PASSWORD>"
# dbHost: "service-name.namespace.svc.cluster.local" # or some external host
# dbPort: "5432"
# dbDatabase: "gitea"
## Actual Gitea configuration (modified the default .ini file for Gitea)
## This will skip the initial installation screen. You must have a secretKey already defined
## and disableInstaller set to True
config:
## secretKey: ThisIsMySuperSecretKeyThatsUsedInterally
disableInstaller: false
offlineMode: false
requireSignin: false
disableRegistration: false
openidSignin: true
## Common helm annotations
## Node labels and tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
nodeSelector: {}
tolerations: []
affinity: {}
## Annotations for the deployment and pods.
deploymentAnnotations: {}
podAnnotations: {}
statefulset:
terminationGracePeriodSeconds: 60
persistence:
enabled: true
# existingClaim:
size: 10Gi
accessModes:
- ReadWriteOnce
storageClass: standard
gitea:
admin:
username: gitea_admin
password: r8sA8CPHD9!bt6d
email: "gitea@local.domain"
ldap:
enabled: false
name: ""
securityProtocol: ""
host: ""
port: ""
userSearchBase: ""
userFilter: ""
adminFilter: ""
emailAttribute: ""
bindDn: ""
bindPassword: ""
usernameAttribute: ""
config: {}
# APP_NAME: "Gitea: Git with a cup of tea"
# RUN_MODE: dev
#
# server:
# SSH_PORT: 22
#
# security:
# PASSWORD_COMPLEXITY: spec
database:
builtIn:
postgresql:
enabled: true
mysql:
enabled: false
cache:
builtIn:
enabled: true
memcached:
service:
port: 11211
postgresql:
global:
postgresql:
postgresqlDatabase: gitea
postgresqlUsername: gitea
postgresqlPassword: gitea
servicePort: 5432
persistence:
size: 10Gi
mysql:
root:
password: gitea
db:
user: gitea
password: gitea
name: gitea
service:
port: 3306
persistence:
size: 10Gi