volker.raschek/helm-gitea
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

docs(README): add workaround for rotating TLS certificates

Browse Source 
The following patch extends the README of an additional chapter, how to handle
rotating TLS certificates mounted as secret into the container filesystem.
This commit is contained in:
Markus Pesch
2025-07-19 14:26:59 +02:00
parent f9efe98fe7
commit 66551d417b
1 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
README.md
View File

@@ -33,6 +33,7 @@
- [Metrics and profiling](#metrics-and-profiling)
- [Secure Metrics Endpoint](#secure-metrics-endpoint)
- [Pod annotations](#pod-annotations)
- [TLS certificate rotation](#tls-certificate-rotation)
- [Themes](#themes)
- [Renovate](#renovate)
- [Parameters](#parameters)
@@ -816,6 +817,33 @@ gitea:
podAnnotations: {}
```
## TLS certificate rotation
If Gitea uses TLS certificates that are mounted as secret in the container file system, Gitea will not automatically
apply them when the TLS certificates are rotated. Such a rotation can be for example triggered, when the cert-manager
issues new TLS certificates before expiring. Further information is described as GitHub
[issue](https://github.com/go-gitea/gitea/issues/27962).
Until the GitHub issue is not solved, a workaround can be applied. For example stakater's
[reloader](https://github.com/stakater/Reloader) controller can be used to trigger a rolling update. The following
annotation must be added to instruct the reloader controller to trigger a rolling update, when the mounted configMaps
and secrets has been changed.
```yaml
deployment:
annotations:
reloader.stakater.com/auto: "true"
```
Instead of triggering a rolling update for all configMap and secret resources, it can also be defined individually. For example,
when the secret named `gitea-tls` is mounted and the reloader controller should only listen on changes of this secret:
```yaml
deployment:
annotations:
secret.reloader.stakater.com/reload: "gitea-tls"
```
## Themes
Custom themes can be added via k8s secrets and referencing them in `values.yaml`.
@@ -1217,7 +1245,7 @@ If you miss this, blindly upgrading may delete your Postgres instance and you ma
To deploy and use "Actions", please see the new dedicated chart at <https://gitea.com/gitea/helm-actions>.
It is maintained by a seperate maintainer group and hasn't seen a release yet (at the time of the 12.0 release).
Feel encouraged to contribute if "Actions" is important to you!
This change was made to avoid overloading the existing helm chart, which is already quite large in size and configuration options.
In addition, the existing maintainers team was not actively using "Actions" which slowed down development and community contributions.
While the new chart is still young (and waiting for contributions! and maintainers), we believe that it is the best way moving forward for both parts.