6d9362ed39
Rework OAuth sources ( #244 )
...
This change request includes two different things to improve OAuth source handling:
- Allow multiple OAuth source configuration (Fixes : #191 )
- Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes : #242 )
⚠️ BREAKING ⚠️
---
Users need to migrate their `gitea.oauth` configuration.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: Andrew Thornton <art27@cantab.net >
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io >
2021-12-20 22:43:55 +08:00
cd09ccfcdb
add support for persistence.subPath option ( #263 )
...
Hello,
PR adds a `persistence.subPath` option to provide user more flexibility on mounting the `data` PV.
https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath
The setting is similar to e.g. `primary.persistence.subPath` in MariaDB helm chart:
https://github.com/bitnami/charts/tree/master/bitnami/mariadb
Co-authored-by: Aleksey Sergey <sergey.aleksey90@gmail.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/263
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: aleksey.sergey <aleksey.sergey@noreply.gitea.io >
Co-committed-by: aleksey.sergey <aleksey.sergey@noreply.gitea.io >
2021-12-20 19:58:44 +08:00
d97b1567e2
Enable overriding of ingress api version for systems where detection doesn't work ( #252 )
...
fixes #251
The rendering is a bit more programatic but the result is the same if you don't have an override. This makes the code a little easier at the end of the template, and slightly less easier to read at the beginning, which I think is a valid tradeoff.
Co-authored-by: Martyn Ranyard <m@rtyn.berlin >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/252
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: iMartyn <imartyn@noreply.gitea.io >
Co-committed-by: iMartyn <imartyn@noreply.gitea.io >
2021-12-20 19:54:37 +08:00
bef0cea1b1
split the securityContext in two: pod and container securityContext ( #259 )
...
Hello !
I'm using the new Helm chart (5.x) and I really like the new configuration mechanism. 👍
I would like to contribute the following enhancement.
## The problem I want to solve
I'm trying to deploy Gitea in a Kubernetes shared platform and I need to make sure each instance is running as a different user so that in case of container escape, the risk of data leak is minimized.
Additionally, on my platform (OpenShift), arbitrary users (such as uid 1000 for Gitea) are not allowed.
The current helm chart does not allow me to achieve this because:
- the container security context is configurable only for the main container. The security context of init containers cannot be specified.
- a fixed uid is hard coded
- a fixed fs group is hard coded
Also, the securityContext of a pod and the securityContext of a container do not accept the same options.
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#securitycontext-v1-core
## How I'm solving the problem
I split the `securityContext` (values.yaml) in two: `containerSecurityContext` and `podSecurityContext`. The containerSecurityContext applies to all containers (init and main) in order to be consistent with file permissions.
The behavior for existing deployments is unchanged:
- fsGroup 1000 is the default value for the podSecurityContext variable
- the "configure-gitea" init container uses the uid 1000 unless otherwise stated in the containerSecurityContext
- the main container is using the existing securityContext variable when defined in order not to break existing deployments and uses the new containerSecurityContext variable if not.
This approach is well tested: it is used consistently on bitnami's Helm charts.
## How I tested
I tested both root and rootless variants on a Kubernetes 1.22, as well as rootless variant on OpenShift 4.7.
**rootless variant on Kubernetes**:
```yaml
podSecurityContext:
fsGroup: 10001
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
add:
- SYS_CHROOT
privileged: false
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
extraVolumes:
- name: var-lib-gitea
emptyDir: {}
extraVolumeMounts:
- name: var-lib-gitea
readOnly: false
mountPath: "/var/lib/gitea"
```
**rootless variant on OpenShift**:
```yaml
podSecurityContext:
fsGroup: null
containerSecurityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 1000790000
extraVolumes:
- name: var-lib-gitea
emptyDir: {}
extraVolumeMounts:
- name: var-lib-gitea
readOnly: false
mountPath: "/var/lib/gitea"
```
Let me know if something is unclear.
Co-authored-by: Nicolas MASSE <nicolas.masse@itix.fr >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/259
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-authored-by: nmasse-itix <nmasse-itix@noreply.gitea.io >
Co-committed-by: nmasse-itix <nmasse-itix@noreply.gitea.io >
2021-12-18 19:10:48 +08:00
bfa68f6f58
Drop custom probes ( #248 )
...
As a replacement, the default probes are now fully configurable and used
as-is during Chart deployment.
Fixes : #189
⚠️ BREAKING ⚠️
---
Users have to remove the `custom` prefix from their probes, if customized.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/248
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: Andrew Thornton <art27@cantab.net >
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io >
2021-12-13 16:50:08 +08:00
0461fa92a9
Rework app.ini generation ( #239 )
...
App ini is now generated by environment-to-ini
This should prevent some of the problems we had earlier with persisting the app.ini
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Reviewed-by: Andrew Thornton <art27@cantab.net >
Co-authored-by: luhahn <luhahn@noreply.gitea.io >
Co-committed-by: luhahn <luhahn@noreply.gitea.io >
2021-11-20 05:15:45 +08:00
82763f109b
feat/markdownlint ( #200 )
...
Hi,
this patch contains a markdownlinter. I think this has the advantage that all users stick to the same format and the `README.md` follows a consistent structure.
The markdownlinter can be configured via the `.markdownlint.yaml` file. All possible options are [here](https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml ) documented.
I have created the initialie configuration. However, can be adapted to suggestions for change. Has of course the consequence that if necessary the `README.md` would have to be adapted. I have formatted this in advance according to the defined rules.
For users which use visual-code as IDE is additionally a plugin [available](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint ).
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/200
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-by: pat-s <pat-s@noreply.gitea.io >
Co-authored-by: Markus Pesch <volker.raschek@noreply.gitea.io >
Co-committed-by: Markus Pesch <volker.raschek@noreply.gitea.io >
2021-11-05 12:06:48 +08:00
3fd34a9455
1.15.4 ( #230 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/230
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Reviewed-by: pat-s <pat-s@noreply.gitea.io >
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
Co-committed-by: techknowlogick <techknowlogick@gitea.io >
2021-10-17 00:08:17 +08:00
3273b245e7
Add multiple LDAP sources ( #222 )
...
Add multiple add sources.
Instead of a single entry for ldap configuration we now would have a dictionary for ldap config.
This would be a breaking change for those working with the ldap config.
fixes : #190
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222
Reviewed-by: Andrew Thornton <art27@cantab.net >
Reviewed-by: pat-s <pat-s@noreply.gitea.io >
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-authored-by: luhahn <luhahn@noreply.gitea.io >
Co-committed-by: luhahn <luhahn@noreply.gitea.io >
2021-10-08 20:16:24 +08:00
b344673d11
Add dev instructions to README ( #228 )
...
FYI: My editor automatically changes two trailing whitespaces into a linebreak. I know it's not completely the same but maybe it can be accepted (would make things easier in the long run).
Co-authored-by: pat-s <patrick.schratz@gmail.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/228
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Co-authored-by: pat-s <pat-s@noreply.gitea.io >
Co-committed-by: pat-s <pat-s@noreply.gitea.io >
2021-09-28 03:52:37 +08:00
5a7d168c2e
1.15.3 ( #225 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/225
Reviewed-by: pat-s <pat-s@noreply.gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
Co-committed-by: techknowlogick <techknowlogick@gitea.io >
2021-09-26 08:44:59 +08:00
9a220c2ddd
1.15.0 ( #218 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/218
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
Co-committed-by: techknowlogick <techknowlogick@gitea.io >
2021-09-12 06:40:47 +08:00
ce3e9babec
Add support for ingressClassName ( #217 )
...
Hi,
I just add some minor changes to support specifying ingressClassName to support the newer specification in `networking.k8s.io/v1`. The annotation `kubernetes.io/ingress.class: nginx` only works with older API `networking.k8s.io/v1beta1`.
This is part of our move to support kubernetes 1.22.
Co-authored-by: Leong Wai Kit <waikit.leong@bertelsmann.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/217
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Co-authored-by: wkit23 <wkit23@noreply.gitea.io >
Co-committed-by: wkit23 <wkit23@noreply.gitea.io >
2021-09-02 10:53:48 +08:00
ba0e8b18b5
1.14.6 ( #212 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/212
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
Co-committed-by: techknowlogick <techknowlogick@gitea.io >
2021-08-13 04:14:49 +08:00
6342a4dabd
Document breaking changes ( #202 )
...
Documented some breaking changes. Please have a look and tell me, if I missed something :)
Fixes : #194
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/202
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: luhahn <luhahn@noreply.gitea.io >
Co-committed-by: luhahn <luhahn@noreply.gitea.io >
2021-07-13 01:33:38 +08:00
7de326d931
Drop kebab-case configuration notation ( #196 )
...
Currently there are two different styles for defining both ldap and oauth configuration in _values.yaml_ file: `camelCase` and `kebab-case`.
Supporting both styles created multiple regressions in the past.
⚠️ BREAKING ⚠️
---------------
These changes completely remove any support for `kebab-case` notation in _values.yaml_ in favor of `camelCase`. Configuration keys must use `camelCase`.
Only exception are Kubernetes resource keys for annotations or labels.
Fixes : #188
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/196
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io >
2021-07-06 13:28:13 +08:00
767a073a0a
SSH not working due missing security capability in CRI-O environment ( #176 )
...
This patch add the SYS_CHROOT capability if the securityContext is
undefined. Otherwise the SSH Server does not work correctly as described
in the issue #161 .
Fixes : #161
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/176
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: Markus Pesch <volker.raschek@noreply.gitea.io >
Co-committed-by: Markus Pesch <volker.raschek@noreply.gitea.io >
2021-07-01 23:02:56 +08:00
b7dbb22025
Upgrade Gitea to 1.14.3 ( #197 )
...
Fixes : #195
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/197
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io >
2021-06-30 23:25:56 +08:00
9059229acb
Rewrite init script ( #178 )
...
These changes rewrite the init script to be error aware, informative and have a bit more security awareness.
During rewrite several hidden bugs could be identified and fixed, such as:
- LDAP configuration options interpreted by the shell before passed to command
- Finding multiple ldap ids instead of one during lookup when their names are almost identical
e.g. `_my-ldap-auth` and `my-ldap-auth`
- Properly filter auth sources by their types to prevent unintended type converting attempts that fail
In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution.
Helps for: #149
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io >
2021-06-30 04:09:16 +08:00
7a3515c2f2
Customizable .gnupg folder location ( #186 )
...
The `HOME` path is not persistent when using the rootless image, so the
`.gnupg` folder isn't either. Since the chart always used `/data/...` as
mount point for storage of all kinds, it is a minimal impact to just
relocate the dynamic `$HOME/.gnupg` folder location to the persistent
`/data/git/.gnupg`. This is where the signing keys are stored when
running root based environments. Doing so will
- allow migrations between both image variants
- persist signing keys for rootless environments
Fixes : #155
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/186
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io >
2021-06-30 03:23:32 +08:00
0e191bfc7a
Support custom Ingress path ( #151 )
...
Adds support for a custom Ingress path. This allows us to run Gitea as a path in an existing domain.
Co-authored-by: Matt Kaar <mkaar@cert.org >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/151
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-authored-by: mattkaar <mattkaar@noreply.gitea.io >
Co-committed-by: mattkaar <mattkaar@noreply.gitea.io >
2021-06-25 02:28:45 +08:00
f0ed41de9e
Fix minor README flaws ( #184 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/184
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io >
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io >
2021-06-20 03:35:21 +08:00
c49dc047a4
Allow existing secrets for passwords ( #170 )
...
Allow admin user and password to be configured via existing secrets
Allow LDAP bindDn and bindPassword to be configured via existing secrets
Update Readme
Fixes : #169
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/170
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: luhahn <luhahn@noreply.gitea.io >
Co-committed-by: luhahn <luhahn@noreply.gitea.io >
2021-06-10 19:13:33 +08:00
031b58c90e
update docs for 1.14.2
...
Signed-off-by: techknowlogick <techknowlogick@gitea.io >
2021-06-08 01:55:05 +08:00
178bc0ab79
Improve http service and update Readme ( #167 )
...
This PR adds some options for the http service:
- loadBalancerIP
- nodePort
- externalTrafficPolicy
- externalIPs
Also updated the README and values.yml with the values.
Added storageClass explanation in README and empty value in values.yml
Fixes : #162
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/167
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Reviewed-by: 6543 <6543@obermui.de >
Co-authored-by: luhahn <luhahn@noreply.gitea.io >
Co-committed-by: luhahn <luhahn@noreply.gitea.io >
2021-06-08 01:53:01 +08:00
5b5ea7173a
Add value option to define schedulerName ( #150 )
...
For those who have a need to configure the schedulerName like us, make this an option just as it is for example in the postgres chart
Co-authored-by: Dimitri Ars <dimitri.ars@kpn.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/150
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: mrdima <mrdima@noreply.gitea.io >
Co-committed-by: mrdima <mrdima@noreply.gitea.io >
2021-06-07 16:41:16 +08:00
b88bbd6d4d
gitea-1.14.x-updates ( #148 )
...
This PR includes the changes from:
- https://gitea.com/gitea/helm-chart/pulls/129
- https://gitea.com/gitea/helm-chart/pulls/140
In addition it adds the possibility to include secrets via environment variables as mentioned in #60
Co-authored-by: Hans Kristian Flaatten <hans.flaatten@evry.com >
Co-authored-by: flavio.prado <flavio.prado@noreply.gitea.io >
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/148
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Reviewed-by: Andrew Thornton <art27@cantab.net >
Co-authored-by: luhahn <luhahn@noreply.gitea.io >
Co-committed-by: luhahn <luhahn@noreply.gitea.io >
2021-04-29 17:12:48 +08:00
c742b5dbc3
1.13.7 ( #139 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/139
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
Co-committed-by: techknowlogick <techknowlogick@gitea.io >
2021-04-12 15:58:17 +08:00
ec8a26ecfc
Update Gitea version to 1.13.5 ( #134 )
...
Co-authored-by: luhahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/134
Reviewed-by: Andrew Thornton <art27@cantab.net >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: luhahn <luhahn@noreply.gitea.io >
Co-committed-by: luhahn <luhahn@noreply.gitea.io >
2021-03-22 21:01:33 +08:00
8d8dd0d84e
Update README.md for typo fixes and grammar ( #131 )
...
Minor changes to grammar, minor typo fixes.
Signed-off-by: kaipmdh <kaipmdh@noreply.gitea.io >
Co-authored-by: lafriks <lafriks@noreply.gitea.io >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/131
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: lafriks <lafriks@noreply.gitea.io >
Co-authored-by: kaipmdh <kaipmdh@noreply.gitea.io >
Co-committed-by: kaipmdh <kaipmdh@noreply.gitea.io >
2021-03-17 08:09:44 +08:00
551f4e312e
Allow override kubernetes probes ( #117 )
...
- Allow overriding liveness and readiness probe
- Add optional startup probe
closes #118
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/117
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: lafriks <lafriks@noreply.gitea.io >
Co-authored-by: Michael Kriese <michael.kriese@visualon.de >
Co-committed-by: Michael Kriese <michael.kriese@visualon.de >
2021-03-01 22:46:05 +08:00
d1c58a2e77
OAuth2 configuration options ( #123 )
...
I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request.
Hope it can help others.
Co-authored-by: Marc Went <marc.went+git@redkubes.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: lafriks <lafriks@noreply.gitea.io >
Co-authored-by: Dunky13 <dunky13@noreply.gitea.io >
Co-committed-by: Dunky13 <dunky13@noreply.gitea.io >
2021-03-01 20:24:11 +08:00
33903d8f6c
Add support to run gitea with an optional securityContext ( #115 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/115
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: lafriks <lafriks@noreply.gitea.io >
Co-authored-by: martencassel <martencassel@noreply.gitea.io >
Co-committed-by: martencassel <martencassel@noreply.gitea.io >
2021-03-01 20:16:49 +08:00
790d0405c2
Fix typo enabling pprof ( #114 )
...
Nothing critical, but had a typo in the naming of the config entry to enable `pprof`.
Co-authored-by: josef <josef.nilsen@outlook.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/114
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: JosefWN <josefwn@noreply.gitea.io >
Co-committed-by: JosefWN <josefwn@noreply.gitea.io >
2021-02-17 17:44:40 +08:00
b5ab7201d1
1.13.2 ( #108 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/108
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
Co-committed-by: techknowlogick <techknowlogick@gitea.io >
2021-02-05 01:46:55 +08:00
4ad5cf1d19
Add sshPublicKeyAttribute attribute setting for ldap auth,and Allow setting labels and annotations for gitea pvc. ( #76 )
...
1. sshPublicKeyAttribute is useful to sync ssh public keys from ldap.
2. It would be easier to set pvc annotations/labels for those who are using storage services from cloud providers.
Co-authored-by: 钱卫春 <qianwch@chinasofti.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/76
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: sanigo <sanigo@noreply.gitea.io >
Co-committed-by: sanigo <sanigo@noreply.gitea.io >
2021-01-22 16:24:37 +08:00
7f828e87f6
Add support for metrics and pprof ( #100 )
...
Adds support for toggling support for `pprof` and metrics:
```yaml
gitea:
pprofEnabled: true
metrics:
enabled: true
serviceMonitor:
enabled: true
```
Co-authored-by: josef <josef.nilsen@outlook.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/100
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Co-authored-by: JosefWN <josefwn@noreply.gitea.io >
Co-committed-by: JosefWN <josefwn@noreply.gitea.io >
2021-01-21 23:45:26 +08:00
57479bdf37
enhancements to support postgres client-cert authentication ( #47 )
...
This PR adds a few new chart features which adds to the flexibility of the chart.
- allow extra volumes to be mounted (such as secrets): 2f862c5a48
- pass environment variables also to the init-container: 7044049478
- allow a preparation script to be "injected" into the init-container: 6125a69345
As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret:
```
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: gitea-postgres-ssl
data:
postgresql.crt: <base64...>
postgresql.key: <base64...>
root.crt: <base64...>
```
and then mounting this as a volume in Gitea using:
```
extraVolumes:
- name: postgres-ssl-vol
secret:
secretName: gitea-postgres-ssl
extraVolumeMounts:
- name: postgres-ssl-vol
readOnly: true
mountPath: "/pg-ssl"
```
To get the right permissions on the credentials, we'd use the `initPreScript`:
```
initPreScript: |
# copy postgres client and CA cert from mount and
# give proper permissions
mkdir -p /data/git/.postgresql
cp /pg-ssl/* /data/git/.postgresql/
chown -R git:git /data/git/.postgresql/
chmod 400 /data/git/.postgresql/postgresql.key
```
and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container):
```
statefulset:
env:
- name: "PGSSLCERT"
value: "/data/git/.postgresql/postgresql.crt"
- name: "PGSSLKEY"
value: "/data/git/.postgresql/postgresql.key"
- name: "PGSSLROOTCERT"
value: "/data/git/.postgresql/root.crt"
```
Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: 6543 <6543@obermui.de >
Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io >
Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io >
2021-01-20 19:28:39 +08:00
daba777e24
Update 'README.md' ( #102 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/102
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: fabioluciano <fabioluciano@noreply.gitea.io >
Co-committed-by: fabioluciano <fabioluciano@noreply.gitea.io >
2021-01-13 23:49:58 +08:00
54cc78b43a
1.13.1 ( #97 )
...
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/97
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: techknowlogick <techknowlogick@gitea.io >
Co-committed-by: techknowlogick <techknowlogick@gitea.io >
2021-01-02 13:07:11 +08:00
2c066d7c9e
Use image tag instead of image version in values ( #91 )
...
Use image tag instead of image version in values
Change to tenary function instead of if
Update description and add link to tag list
Fixup readme
Co-authored-by: Lauris BH <lauris@nix.lv >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/91
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Co-Authored-By: lafriks <lafriks@noreply.gitea.io >
Co-Committed-By: lafriks <lafriks@noreply.gitea.io >
2020-12-21 06:53:45 +08:00
2826258cfc
Several Improvements to Helm Chart ( #87 )
...
Improve ldap settings with helper function
Allow clusterIP for http service to be set, default to None
Use imagePullSecrets in statefulset now
Update default values
Update README
Bump Chart version
Co-authored-by: luhahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87
Reviewed-by: lafriks <lafriks@noreply.gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-Authored-By: luhahn <luhahn@noreply.gitea.io >
Co-Committed-By: luhahn <luhahn@noreply.gitea.io >
2020-12-16 20:37:47 +08:00
5311243a6e
Fix admin user creation for gitea 1.13.0, chart version 2.1.0 ( #80 )
...
Fix admin user creation for gitea 1.13.0
Add load balancer hint for ssh in README
Merge branch 'master' into fix-admin-user-creation
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/80
Reviewed-by: Andrew Thornton <art27@cantab.net >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-Authored-By: luhahn <luhahn@noreply.gitea.io >
Co-Committed-By: luhahn <luhahn@noreply.gitea.io >
2020-12-10 17:16:13 +08:00
4fdf4ef41b
Gitea 1.13.0 ( #75 )
...
Gitea 1.13.0
Update 'README.md'
Update 'values.yaml'
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/75
Reviewed-by: lafriks <lafriks@noreply.gitea.io >
Co-Authored-By: techknowlogick <techknowlogick@gitea.io >
Co-Committed-By: techknowlogick <techknowlogick@gitea.io >
2020-12-07 07:54:10 +08:00
79690ee488
Gitea 1.12.6 ( #58 )
...
Merge branch 'master' into gitea1.12.6
Gitea 1.12.6
Co-authored-by: luhahn <luhahn@noreply.gitea.io >
Co-authored-by: Matti R <matti@mdranta.net >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/58
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-Authored-By: techknowlogick <techknowlogick@gitea.io >
Co-Committed-By: techknowlogick <techknowlogick@gitea.io >
2020-11-17 15:41:27 +08:00
f62b82e956
Let storageClass be set automatically ( #45 )
...
Merge branch 'master' into master
Bump chart version and add gitea/helm-chart as link for artifacthub
Remove default value for storageClass
Remove storageClass 'Standard' and let it be set automatically
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/45
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
Reviewed-by: Andrew Thornton <art27@cantab.net >
Co-Authored-By: luhahn <luhahn@noreply.gitea.io >
Co-Committed-By: luhahn <luhahn@noreply.gitea.io >
2020-10-30 01:10:10 +08:00
a4e5943ca5
Upgrade mariadb Helm chart to 8.0.0 ( #48 )
...
Upgrade mariadb Helm chart to 8.0.0
The names of the values changed in the new Helm chart, see [1]. Thus the
Helm chart ships breaking changes and therefore bump the major version
of this Chart.yaml (not sure if you use semver?)
Furthermore, there is a bug [2] where not setting the root password
results in the mariadb entering a CrashLoopBackOff when re-installing
it. Thus set it (as done in the mysql values already).
[1] 1206942b69https://github.com/bitnami/charts/issues/3884
Co-authored-by: Andre Schröder <andre.schroedr@gmail.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/48
Reviewed-by: Andrew Thornton <art27@cantab.net >
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Co-Authored-By: schra <schra@noreply.gitea.io >
Co-Committed-By: schra <schra@noreply.gitea.io >
2020-10-22 13:13:37 +08:00
4c17cc839e
Store gitea app data in PVC ( #37 )
...
Bump Chart version
Extend REAMDE
- add default handling explanation
- add MariaDB values
Add APP_DATA_PATH default to config
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/37
Reviewed-by: Andrew Thornton <art27@cantab.net >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
2020-10-06 09:03:20 +00:00
cd982e5fcd
Fix indentation error inside of yaml example ( #30 )
...
Merge branch 'master' into fix-indentation
Merge branch 'master' into fix-indentation
Fix indentation error inside of yaml example
The `SCHEMA` key belongs to the `database` map. This commit fixes the
indindentation to properly reflect that.
Signed-off-by: Flavio Castelli <fcastelli@suse.com >
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Flavio Castelli <fcastelli@suse.com >
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/30
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-by: Andrew Thornton <art27@cantab.net >
2020-09-25 20:00:46 +00:00
ffd6e5f92c
Ability to add pod annotation to statefulset ( #24 )
...
ability to add pod annotation
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/24
Reviewed-by: luhahn <luhahn@noreply.gitea.io >
Reviewed-by: techknowlogick <techknowlogick@gitea.io >
2020-09-24 16:32:11 +00:00
