volker.raschek/helm-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
547 Commits 2 Branches 110 Tags
ee84a1750b6687aeabaa9e14a650940945b14858
Commit Graph

128 Commits

Author SHA1 Message Date
justusbunsi
299d6db142 Split "extraVolumeMounts" into init and container mounts (#337) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/337
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2022-08-08 03:32:19 +08:00
justusbunsi
aa97cdab5b Restore default behavior description for image tag (#330) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/330
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2022-07-10 04:43:04 +08:00
dek
bc16cc8134 add dnsConfig value support (#329) 
Description of the change

Add support for a new value: dnsConfig, to be passed to the statefulset pod template configuration.

Default is {}, and does not change anything from current default pod configuration.
Benefits

Ability to fix some issues encountered with Alpine-based docker images, which may break DNS resolving on some clusters.

In particular, this allows to lower the ndots value, which fixes DNS resolving of FQDNs.

dnsConfig:
  options:
    - name: ndots
      value: "1"

Also, with this setting, one can set other parameters to finely tune DNS configuration for Gitea pods, if needed:

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
Possible drawbacks

None.
Additional information

Some relevant links about the issue this setting allows to fix:

https://stackoverflow.com/questions/65181012/does-alpine-have-known-dns-issue-within-kubernetes

https://gitlab.alpinelinux.org/alpine/aports/-/issues/9017
Checklist

    Parameters are documented in the values.yaml and added to the README.md using readme-generator-for-helm

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/329
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: dek <dek@noreply.gitea.io>
Co-committed-by: dek <dek@noreply.gitea.io>
 2022-06-27 14:35:55 +08:00
justusbunsi
2cc3195eaa Improve contribution part of this repository (#328) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/328
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2022-06-13 03:35:24 +08:00
cnfatal
b3b91e2044 generate readme Parameters from values.yaml (#323) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/323
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: cnfatal <cnfatal@noreply.gitea.io>
Co-committed-by: cnfatal <cnfatal@noreply.gitea.io>
 2022-06-09 19:21:25 +08:00
cnfatal
9cb822f41c add global values support (#322) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/322
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: cnfatal <cnfatal@noreply.gitea.io>
Co-committed-by: cnfatal <cnfatal@noreply.gitea.io>
 2022-06-09 18:55:08 +08:00
svenihoney
52ed32ae74 Allow configuration of ipFamilyPolicy and ipFamilies (#313) 
To enable access to e.g. the SSH port by IPv6, the selection of ipFamilyPolicy and ipFamilies service attributes is necessary. Enable the possibility to configure these by helm values.

Co-authored-by: Sven Fischer <sven@leiderfischer.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/313
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: svenihoney <svenihoney@noreply.gitea.io>
Co-committed-by: svenihoney <svenihoney@noreply.gitea.io>
 2022-04-25 19:56:25 +08:00
takirala
a7bc46015e feat: configurable annotations for gitea StatefulSet (#315) 
Fixes #314

Right now, the gitea StatefulSet does not allow any annotations to be configured via the helmchart - see https://gitea.com/gitea/helm-chart/src/tag/v5.0.4/templates/gitea/statefulset.yaml#L4-L6

My use case:

I am trying to use Reloader (https://github.com/stakater/Reloader) so that I can configure my values.yaml such that i can set some annotations on the StatefulSet and thus Reloader can rollout a restart of gitea StatefulSet whenever a watched secret or configmap is updated.

Co-authored-by: Tarun Gupta Akirala <tarugupta.92@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/315
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: takirala <takirala@noreply.gitea.io>
Co-committed-by: takirala <takirala@noreply.gitea.io>
 2022-04-21 23:55:53 +08:00
luhahn
62b82459de Consider environment variables during app.ini creation (#298) 
This PR improves the handling and injection into _app.ini_ of user defined environment variables via env-to-ini script.

Fixes #297

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/298
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
 2022-03-09 14:47:55 +08:00
justusbunsi
78b5858009 Simplify version handling (#250) 
- Drop super legacy `image.version` value (see #92 description)
- Always use `appVersion` from Chart.yaml as image tag if non specified

---

Don't know whether this is a breaking change regarding image.version
drop.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/250
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2022-03-01 22:55:44 +08:00
techknowlogick
1a3ce54dfc update to 1.16.2 (#293) 
replaces #290

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/293
 2022-02-26 06:01:16 +08:00
a-zen
6896c7caae added hostPort support for ssh (#276) 
This fixes my feature request (#275) to support hostPort to expose the ssh port.

Co-authored-by: alex <alex@zengers.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/276
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: a-zen <a-zen@noreply.gitea.io>
Co-committed-by: a-zen <a-zen@noreply.gitea.io>
 2022-02-25 17:18:57 +08:00
techknowlogick
c010c3857e update to gitea 1.15.10 (#278) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/278
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
 2022-01-20 16:22:36 +08:00
justusbunsi
5bb91510df Bump Gitea version to 1.15.8 (#270) 
As title.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/270
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Gusted <gusted@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-12-23 03:56:36 +08:00
justusbunsi
c27140c4cb Add deprecation fail-safe for Chart templating (#269) 
With release 5.0.0 there are so many deprecations and breaking changes
that it is probably a good way to assist the users with values migration
before breaking their environments.

This adds another template file that doesn't render anything but ensures
the removal of dropped or deprecated settings from customized values
files.

For when it is necessary, this check can be disabled via new setting
`checkDeprecation`.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/269
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-12-23 00:25:32 +08:00
luhahn
d97ea18626 Remove builtIn dependency values (#268) 
⚠️ Breaking

Moved the values to enable the dependencies into the dependencies itself, this way we don't need a seperate field in the values and it is more obvious how to enable for example postgresql.

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/268
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
 2021-12-22 23:41:35 +08:00
justusbunsi
7b0a1c7ae6 Generic way for configuring Gitea app.ini (#240) 
With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources.
These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose
on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps.

- Fixes #243
- Fixes #174
- Fixes #260

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-12-22 18:44:04 +08:00
justusbunsi
6d9362ed39 Rework OAuth sources (#244) 
This change request includes two different things to improve OAuth source handling:

- Allow multiple OAuth source configuration (Fixes: #191)
- Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242)

⚠️ BREAKING ⚠️
---

Users need to migrate their `gitea.oauth` configuration.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-12-20 22:43:55 +08:00
aleksey.sergey
cd09ccfcdb add support for persistence.subPath option (#263) 
Hello,

PR adds a `persistence.subPath` option to provide user more flexibility on mounting the `data` PV.
https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath

The setting is similar to e.g. `primary.persistence.subPath` in MariaDB helm chart:
https://github.com/bitnami/charts/tree/master/bitnami/mariadb

Co-authored-by: Aleksey Sergey <sergey.aleksey90@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/263
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: aleksey.sergey <aleksey.sergey@noreply.gitea.io>
Co-committed-by: aleksey.sergey <aleksey.sergey@noreply.gitea.io>
 2021-12-20 19:58:44 +08:00
iMartyn
d97b1567e2 Enable overriding of ingress api version for systems where detection doesn't work (#252) 
fixes #251

The rendering is a bit more programatic but the result is the same if you don't have an override.  This makes the code a little easier at the end of the template, and slightly less easier to read at the beginning, which I think is a valid tradeoff.

Co-authored-by: Martyn Ranyard <m@rtyn.berlin>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/252
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: iMartyn <imartyn@noreply.gitea.io>
Co-committed-by: iMartyn <imartyn@noreply.gitea.io>
 2021-12-20 19:54:37 +08:00
nmasse-itix
bef0cea1b1 split the securityContext in two: pod and container securityContext (#259) 
Hello !

I'm using the new Helm chart (5.x) and I really like the new configuration mechanism. 👍

I would like to contribute the following enhancement.

## The problem I want to solve

I'm trying to deploy Gitea in a Kubernetes shared platform and I need to make sure each instance is running as a different user so that in case of container escape, the risk of data leak is minimized.

Additionally, on my platform (OpenShift), arbitrary users (such as uid 1000 for Gitea) are not allowed.

The current helm chart does not allow me to achieve this because:
- the container security context is configurable only for the main container. The security context of init containers cannot be specified.
- a fixed uid is hard coded
- a fixed fs group is hard coded

Also, the securityContext of a pod and the securityContext of a container do not accept the same options.

- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#securitycontext-v1-core

## How I'm solving the problem

I split the `securityContext` (values.yaml) in two: `containerSecurityContext` and `podSecurityContext`. The containerSecurityContext applies to all containers (init and main) in order to be consistent with file permissions.

The behavior for existing deployments is unchanged:

- fsGroup 1000 is the default value for the podSecurityContext variable
- the "configure-gitea" init container uses the uid 1000 unless otherwise stated in the containerSecurityContext
- the main container is using the existing securityContext variable when defined in order not to break existing deployments and uses the new containerSecurityContext variable if not.

This approach is well tested: it is used consistently on bitnami's Helm charts.

## How I tested

I tested both root and rootless variants on a Kubernetes 1.22, as well as rootless variant on OpenShift 4.7.

**rootless variant on Kubernetes**:

```yaml
podSecurityContext:
  fsGroup: 10001

containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
    add:
      - SYS_CHROOT
  privileged: false
  runAsGroup: 10001
  runAsNonRoot: true
  runAsUser: 10001

extraVolumes:
- name: var-lib-gitea
  emptyDir: {}

extraVolumeMounts:
- name: var-lib-gitea
  readOnly: false
  mountPath: "/var/lib/gitea"
```

**rootless variant on OpenShift**:

```yaml
podSecurityContext:
  fsGroup: null

containerSecurityContext:
  allowPrivilegeEscalation: false
  privileged: false
  runAsNonRoot: true
  runAsUser: 1000790000

extraVolumes:
- name: var-lib-gitea
  emptyDir: {}

extraVolumeMounts:
- name: var-lib-gitea
  readOnly: false
  mountPath: "/var/lib/gitea"
```

Let me know if something is unclear.

Co-authored-by: Nicolas MASSE <nicolas.masse@itix.fr>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/259
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
Co-committed-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
 2021-12-18 19:10:48 +08:00
justusbunsi
bfa68f6f58 Drop custom probes (#248) 
As a replacement, the default probes are now fully configurable and used
as-is during Chart deployment.

Fixes: #189

⚠️ BREAKING ⚠️
---

Users have to remove the `custom` prefix from their probes, if customized.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/248
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-12-13 16:50:08 +08:00
techknowlogick
3fd34a9455 1.15.4 (#230) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/230
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
 2021-10-17 00:08:17 +08:00
luhahn
3273b245e7 Add multiple LDAP sources (#222) 
Add multiple add sources.

Instead of a single entry for ldap configuration we now would have a dictionary for ldap config.

This would be a breaking change for those working with the ldap config.

fixes: #190

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-10-08 20:16:24 +08:00
techknowlogick
5a7d168c2e 1.15.3 (#225) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/225
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
 2021-09-26 08:44:59 +08:00
techknowlogick
9a220c2ddd 1.15.0 (#218) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/218
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
 2021-09-12 06:40:47 +08:00
wkit23
ce3e9babec Add support for ingressClassName (#217) 
Hi,

I just add some minor changes to support specifying ingressClassName to support the newer specification in `networking.k8s.io/v1`. The annotation `kubernetes.io/ingress.class: nginx` only works with older API `networking.k8s.io/v1beta1`.

This is part of our move to support kubernetes 1.22.

Co-authored-by: Leong Wai Kit <waikit.leong@bertelsmann.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/217
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wkit23 <wkit23@noreply.gitea.io>
Co-committed-by: wkit23 <wkit23@noreply.gitea.io>
 2021-09-02 10:53:48 +08:00
techknowlogick
ba0e8b18b5 1.14.6 (#212) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/212
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
 2021-08-13 04:14:49 +08:00
Markus Pesch
767a073a0a SSH not working due missing security capability in CRI-O environment (#176) 
This patch add the SYS_CHROOT capability if the securityContext is
undefined. Otherwise the SSH Server does not work correctly as described
in the issue #161.

Fixes: #161

Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/176
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: Markus Pesch <volker.raschek@noreply.gitea.io>
Co-committed-by: Markus Pesch <volker.raschek@noreply.gitea.io>
 2021-07-01 23:02:56 +08:00
justusbunsi
b7dbb22025 Upgrade Gitea to 1.14.3 (#197) 
Fixes: #195

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/197
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-06-30 23:25:56 +08:00
justusbunsi
7a3515c2f2 Customizable .gnupg folder location (#186) 
The `HOME` path is not persistent when using the rootless image, so the
`.gnupg` folder isn't either. Since the chart always used `/data/...` as
mount point for storage of all kinds, it is a minimal impact to just
relocate the dynamic `$HOME/.gnupg` folder location to the persistent
`/data/git/.gnupg`. This is where the signing keys are stored when
running root based environments. Doing so will

 - allow migrations between both image variants
 - persist signing keys for rootless environments

Fixes: #155

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/186
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-06-30 03:23:32 +08:00
mattkaar
0e191bfc7a Support custom Ingress path (#151) 
Adds support for a custom Ingress path. This allows us to run Gitea as a path in an existing domain.

Co-authored-by: Matt Kaar <mkaar@cert.org>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/151
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: mattkaar <mattkaar@noreply.gitea.io>
Co-committed-by: mattkaar <mattkaar@noreply.gitea.io>
 2021-06-25 02:28:45 +08:00
justusbunsi
f0ed41de9e Fix minor README flaws (#184) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/184
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-06-20 03:35:21 +08:00
luhahn
c49dc047a4 Allow existing secrets for passwords (#170) 
Allow admin user and password to be configured via existing secrets

Allow LDAP bindDn and bindPassword to be configured via existing secrets

Update Readme

Fixes: #169

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/170
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-06-10 19:13:33 +08:00
luhahn
178bc0ab79 Improve http service and update Readme (#167) 
This PR adds some options for the http service:

- loadBalancerIP
- nodePort
- externalTrafficPolicy
- externalIPs

Also updated the README and values.yml with the values.

Added storageClass explanation in README and empty value in values.yml

Fixes: #162

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/167
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-06-08 01:53:01 +08:00
modzilla
441f0748e9 Fixing prometheus monitoring (#157) 
At least the latest versions of prometheus watch for a label called "release" and not "prometheus" so with that change prometheus started collecting logs.

If that old label is still needed, we / I could change it to add entries from "additionalLabels", so that we are quite flexible and don't have breaking changes.

Co-authored-by: Justin Lamp <jlamp@vater-gruppe.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/157
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: modzilla <modzilla@noreply.gitea.io>
Co-committed-by: modzilla <modzilla@noreply.gitea.io>
 2021-06-07 22:28:28 +08:00
justusbunsi
5ab596937a Fix rootless image usage with enhanced security-context (#160) 
I've noticed that the commented `securityContext` is not really useable with the rootless image due to different directory structure compared to the default image.

Important for the `readOnlyRootFilesystem` is to declare the `TMPDIR` environment variable, so that the tmp directory (which is readonly in this case) won't be used. Instead, another writeable directory can be used.

Another thing is the explicit hint that all these security options cannot be used with the default (root-based) image, because of its design.

~~Although this PR would fix the referenced issue, I am not totally happy with the current implementation. It would be more straight forward to use the same mount points for both image variants. Unfortunately, this is not possible right now due to hard coded paths in the default (root) image startup scripts.~~

~~Anyone have suggestions on how this could be more simple?~~

-------

**Sum-up:**
As mentioned in Discord, this PR tried to make too many changes. The necessary changes made in 1f331a7e6577fc798196a84a957330aca0d663cd will fix an error that occurs due to restricted access to the `/tmp` directory in a rootless image with all the `securityContext` options enabled.

I also updated the default image to 1.14.2.

Fixes: #158

Co-authored-by: JustusBunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/160
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
 2021-06-07 21:27:25 +08:00
mrdima
5b5ea7173a Add value option to define schedulerName (#150) 
For those who have a need to configure the schedulerName like us, make this an option just as it is for example in the postgres chart

Co-authored-by: Dimitri Ars <dimitri.ars@kpn.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/150
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: mrdima <mrdima@noreply.gitea.io>
Co-committed-by: mrdima <mrdima@noreply.gitea.io>
 2021-06-07 16:41:16 +08:00
luhahn
b88bbd6d4d gitea-1.14.x-updates (#148) 
This PR includes the changes from:

- https://gitea.com/gitea/helm-chart/pulls/129
- https://gitea.com/gitea/helm-chart/pulls/140

In addition it adds the possibility to include secrets via environment variables as mentioned in #60

Co-authored-by: Hans Kristian Flaatten <hans.flaatten@evry.com>
Co-authored-by: flavio.prado <flavio.prado@noreply.gitea.io>
Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/148
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-04-29 17:12:48 +08:00
techknowlogick
c742b5dbc3 1.13.7 (#139) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/139
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
 2021-04-12 15:58:17 +08:00
luhahn
ec8a26ecfc Update Gitea version to 1.13.5 (#134) 
Co-authored-by: luhahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/134
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
 2021-03-22 21:01:33 +08:00
Nakrez
0f1e991889 Add possibiliy to define statefulset labels (#130) 
This change adds a new value *statefulset.labels* to allow the user to add custom labels to the StatefulSet.

An example of where this could be useful is if gitea's pvc is stored on OpenEBS. With this new option, the user can add the extra *openebs.io/sts-target-affinity* label to specify that the volume target pod should run on the same node as gitea's StatefulSet.

Co-authored-by: Baptiste Covolato <b.covolato@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/130
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Nakrez <nakrez@noreply.gitea.io>
Co-committed-by: Nakrez <nakrez@noreply.gitea.io>
 2021-03-17 08:07:42 +08:00
Michael Kriese
551f4e312e Allow override kubernetes probes (#117) 
- Allow overriding liveness and readiness probe
- Add optional startup probe

closes #118

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/117
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
 2021-03-01 22:46:05 +08:00
Dunky13
d1c58a2e77 OAuth2 configuration options (#123) 
I opened up the OAuth2 authentication option. I needed this feature, and it is available in the gitea cli. So I opened it up for configuration through this pull request.

Hope it can help others.

Co-authored-by: Marc Went <marc.went+git@redkubes.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/123
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Dunky13 <dunky13@noreply.gitea.io>
Co-committed-by: Dunky13 <dunky13@noreply.gitea.io>
 2021-03-01 20:24:11 +08:00
Starefossen
7ed82c7a63 Add ServiceMonitor Prometheus selector label (#116) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/116
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Starefossen <starefossen@noreply.gitea.io>
Co-committed-by: Starefossen <starefossen@noreply.gitea.io>
 2021-03-01 20:18:09 +08:00
martencassel
33903d8f6c Add support to run gitea with an optional securityContext (#115) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/115
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: martencassel <martencassel@noreply.gitea.io>
Co-committed-by: martencassel <martencassel@noreply.gitea.io>
 2021-03-01 20:16:49 +08:00
JPRbrs
28e94f96e3 Add loadbalancersourceranges to ssh service (#105) 
SSH service might want to limit the a range of source IPs. LoadBalancerSourceRanges
enables to limit them just passing a list of CIDR addresses to whitelist

Co-authored-by: javier <perezrubio.javier@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/105
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: JPRbrs <jprbrs@noreply.gitea.io>
Co-committed-by: JPRbrs <jprbrs@noreply.gitea.io>
 2021-02-05 04:42:42 +08:00
techknowlogick
b5ab7201d1 1.13.2 (#108) 
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/108
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-committed-by: techknowlogick <techknowlogick@gitea.io>
 2021-02-05 01:46:55 +08:00
sanigo
4ad5cf1d19 Add sshPublicKeyAttribute attribute setting for ldap auth,and Allow setting labels and annotations for gitea pvc. (#76) 
1. sshPublicKeyAttribute is useful to sync ssh public keys from ldap.
2. It would be easier to set pvc annotations/labels for those who are using storage services from cloud providers.

Co-authored-by: 钱卫春 <qianwch@chinasofti.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/76
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: sanigo <sanigo@noreply.gitea.io>
Co-committed-by: sanigo <sanigo@noreply.gitea.io>
 2021-01-22 16:24:37 +08:00
JosefWN
7f828e87f6 Add support for metrics and pprof (#100) 
Adds support for toggling support for `pprof` and metrics:

```yaml
gitea:
  pprofEnabled: true

  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
```

Co-authored-by: josef <josef.nilsen@outlook.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/100
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: JosefWN <josefwn@noreply.gitea.io>
Co-committed-by: JosefWN <josefwn@noreply.gitea.io>
 2021-01-21 23:45:26 +08:00