You've already forked helm-gitea
Compare commits
21 Commits
main
..
c69eb86eae
| Author | SHA1 | Date | |
|---|---|---|---|
 CSRBot
|
c69eb86eae
|
||
|
CSRBot
|
127fc891df | ||
|
CSRBot
|
8d0c8a99c6 | ||
|
CSRBot
|
856f154992 | ||
|
CSRBot
|
8df1a7c4a4 | ||
|
CSRBot
|
897baa4691 | ||
|
CSRBot
|
e597209986 | ||
|
CSRBot
|
f7d16c8b1a | ||
|
CSRBot
|
9783483311 | ||
|
CSRBot
|
cd05169800 | ||
|
CSRBot
|
03d4b5f0cb | ||
|
CSRBot
|
99fd476b6f | ||
|
CSRBot
|
c53077e3ca | ||
|
CSRBot
|
e1c20cc124 | ||
|
CSRBot
|
7d6792c7e8 | ||
|
CSRBot
|
5bea54ae3f | ||
|
CSRBot
|
c6f7dc8d7d | ||
|
CSRBot
|
f1e8bc0ec8 | ||
|
CSRBot
|
a361e3c2a3 | ||
|
CSRBot
|
c11c5303fc | ||
|
CSRBot
|
6ac57abdba |
@@ -8,7 +8,7 @@ on:
|
||||
jobs:
|
||||
changelog:
|
||||
runs-on: ubuntu-latest
|
||||
container: docker.io/thegeeklab/git-sv:2.1.1
|
||||
container: docker.io/thegeeklab/git-sv:2.0.11
|
||||
steps:
|
||||
- name: install tools
|
||||
run: |
|
||||
|
||||
@@ -11,7 +11,7 @@ on:
|
||||
jobs:
|
||||
check-and-test:
|
||||
runs-on: ubuntu-latest
|
||||
container: commitlint/commitlint:20.5.3
|
||||
container: commitlint/commitlint:20.5.1
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- name: check PR title
|
||||
|
||||
@@ -21,7 +21,7 @@ jobs:
|
||||
- name: Install helm
|
||||
env:
|
||||
# renovate: datasource=docker depName=alpine/helm
|
||||
HELM_VERSION: "3.21.0"
|
||||
HELM_VERSION: "3.20.2"
|
||||
run: |
|
||||
curl --fail --location --output /dev/stdout --silent --show-error https://get.helm.sh/helm-v${HELM_VERSION}-linux-$(dpkg --print-architecture).tar.gz | tar --extract --gzip --file /dev/stdin
|
||||
mv linux-$(dpkg --print-architecture)/helm /usr/local/bin/
|
||||
@@ -53,7 +53,7 @@ jobs:
|
||||
|
||||
- name: Import GPG key
|
||||
id: import_gpg
|
||||
uses: https://github.com/crazy-max/ghaction-import-gpg@v7
|
||||
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
|
||||
with:
|
||||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
|
||||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
|
||||
@@ -86,7 +86,7 @@ jobs:
|
||||
helm registry logout registry-1.docker.io
|
||||
|
||||
- name: aws credential configure
|
||||
uses: https://github.com/aws-actions/configure-aws-credentials@v6
|
||||
uses: https://github.com/aws-actions/configure-aws-credentials@v5
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
@@ -99,7 +99,7 @@ jobs:
|
||||
release-gitea:
|
||||
needs: generate-chart-publish
|
||||
runs-on: ubuntu-latest
|
||||
container: docker.io/thegeeklab/git-sv:2.1.1
|
||||
container: docker.io/thegeeklab/git-sv:2.0.11
|
||||
steps:
|
||||
- name: install tools
|
||||
run: |
|
||||
|
||||
@@ -10,12 +10,12 @@ on:
|
||||
|
||||
env:
|
||||
# renovate: datasource=github-releases depName=helm-unittest/helm-unittest
|
||||
HELM_UNITTEST_VERSION: "v1.1.0"
|
||||
HELM_UNITTEST_VERSION: "v1.0.3"
|
||||
|
||||
jobs:
|
||||
check-and-test:
|
||||
runs-on: ubuntu-latest
|
||||
container: alpine/helm:3.21.0
|
||||
container: alpine/helm:3.20.2
|
||||
steps:
|
||||
- name: install tools
|
||||
run: |
|
||||
|
||||
Vendored
+1
-1
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.1.0/schema/helm-testsuite.json": [
|
||||
"https://raw.githubusercontent.com/helm-unittest/helm-unittest/v1.0.3/schema/helm-testsuite.json": [
|
||||
"/unittests/**/*.yaml"
|
||||
]
|
||||
},
|
||||
|
||||
+1
-1
@@ -1 +1 @@
|
||||
* @volker.raschek @ChristopherHX
|
||||
* @rossigee @volker.raschek @ChristopherHX
|
||||
|
||||
+4
-1
@@ -4,7 +4,7 @@ description: Gitea Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 0.0.0
|
||||
# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
|
||||
appVersion: 1.26.2
|
||||
appVersion: 1.25.5
|
||||
icon: https://gitea.com/assets/img/logo.svg
|
||||
|
||||
annotations:
|
||||
@@ -26,6 +26,9 @@ sources:
|
||||
- https://docker.gitea.com/gitea
|
||||
|
||||
maintainers:
|
||||
# https://gitea.com/rossigee
|
||||
- name: Ross Golder
|
||||
email: ross@golder.org
|
||||
# https://gitea.com/volker.raschek
|
||||
- name: Markus Pesch
|
||||
email: markus.pesch+apps@cryptic.systems
|
||||
|
||||
@@ -280,37 +280,6 @@ If `.Values.image.rootless: true`, then the following will occur. In case you us
|
||||
|
||||
[see deployment.yaml](./templates/gitea/deployment.yaml) template inside container "env" declarations
|
||||
|
||||
#### OpenShift Compatibility
|
||||
|
||||
When installing on OpenShift, enable the compatibility profile so chart-managed pods render SCC-safe defaults and the Gitea init containers stop forcing `runAsUser: 1000`:
|
||||
|
||||
```yaml
|
||||
openshift:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
When enabled, the chart applies `allowPrivilegeEscalation: false`, drops all
|
||||
Linux capabilities, sets `runAsNonRoot: true`, uses
|
||||
`seccompProfile.type: RuntimeDefault`, and leaves `hostUsers` unset unless
|
||||
`openshift.hostUsers` is explicitly overridden.
|
||||
|
||||
The deployment keeps the existing vanilla Kubernetes behavior when OpenShift
|
||||
compatibility is disabled. Auto-detection relies on the
|
||||
`security.openshift.io/v1/SecurityContextConstraints` API, so set
|
||||
`openshift.enabled: true` explicitly when rendering outside a live cluster.
|
||||
|
||||
If you also want to expose Gitea through an OpenShift Route, enable the optional Route resource:
|
||||
|
||||
```yaml
|
||||
route:
|
||||
enabled: true
|
||||
host: git.apps.example.com
|
||||
tls:
|
||||
termination: edge
|
||||
```
|
||||
|
||||
When `route.host` is set, the chart uses it for `DOMAIN`, `SSH_DOMAIN`, and `ROOT_URL`. Setting `route.tls.termination` also switches the default `ROOT_URL` scheme to `https`.
|
||||
|
||||
#### Session, Cache and Queue
|
||||
|
||||
The session, cache and queue settings are set to use the built-in Valkey Cluster sub-chart dependency.
|
||||
@@ -412,7 +381,7 @@ gitea:
|
||||
```
|
||||
|
||||
This would mount the two additional volumes (`oauth` and `some-additionals`) from different sources to the init container where the _app.ini_ gets updated.
|
||||
All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [Gitea config edit-ini](https://docs.gitea.com/administration/config-cheat-sheet#use-environment-variables-to-setup-gitea).
|
||||
All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
|
||||
|
||||
The key of such additional source represents the section inside the _app.ini_.
|
||||
The value for each key can be multiline ini-like definitions.
|
||||
@@ -453,10 +422,10 @@ Users are able to define their own environment variables, which are loaded into
|
||||
We also support to directly interact with the generated _app.ini_.
|
||||
|
||||
To inject self defined variables into the _app.ini_ a certain format needs to be honored.
|
||||
This is described in detail on the [Gitea config edit-ini](https://docs.gitea.com/administration/config-cheat-sheet#use-environment-variables-to-setup-gitea) page.
|
||||
This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page.
|
||||
|
||||
Prior to Gitea 1.20 and Chart 9.0.0 the helm chart had a custom prefix `ENV_TO_INI`.
|
||||
After the support for a custom prefix was removed in Gitea core, the prefix was changed to `GITEA`.
|
||||
After the support for a custom prefix was removed in Gite core, the prefix was changed to `GITEA`.
|
||||
|
||||
For example a database setting needs to have the following format:
|
||||
|
||||
@@ -1006,14 +975,12 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
|
||||
### Security
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ----- |
|
||||
| `openshift.enabled` | Enable OpenShift compatibility defaults for chart-managed pods. Defaults to auto-detect based on the SecurityContextConstraints API. | `nil` |
|
||||
| `openshift.hostUsers` | Override the PodSpec hostUsers field for chart-managed pods. When unset, the field is omitted so the platform default is used. | `nil` |
|
||||
| `podSecurityContext` | Pod security context. On non-OpenShift clusters the chart defaults `fsGroup` to `1000` when this map is empty. | `{}` |
|
||||
| `containerSecurityContext` | Security context | `{}` |
|
||||
| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` |
|
||||
| `podDisruptionBudget` | Pod disruption budget | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------- | --------------------------------------------------------------- | ------ |
|
||||
| `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` |
|
||||
| `containerSecurityContext` | Security context | `{}` |
|
||||
| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` |
|
||||
| `podDisruptionBudget` | Pod disruption budget | `{}` |
|
||||
|
||||
### Service
|
||||
|
||||
@@ -1059,22 +1026,6 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` |
|
||||
| `ingress.tls` | Ingress tls settings | `[]` |
|
||||
|
||||
### Route
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------- |
|
||||
| `route.enabled` | Enable OpenShift Route | `false` |
|
||||
| `route.annotations` | Route annotations | `{}` |
|
||||
| `route.host` | Route host. When unset, OpenShift may generate one and Gitea URL defaults fall back to ingress/service values. | `""` |
|
||||
| `route.path` | Route path | `""` |
|
||||
| `route.wildcardPolicy` | Route wildcard policy | `None` |
|
||||
| `route.tls.termination` | Route TLS termination type | `nil` |
|
||||
| `route.tls.insecureEdgeTerminationPolicy` | Route insecure edge termination policy | `nil` |
|
||||
| `route.tls.key` | Route TLS key | `nil` |
|
||||
| `route.tls.certificate` | Route TLS certificate | `nil` |
|
||||
| `route.tls.caCertificate` | Route TLS CA certificate | `nil` |
|
||||
| `route.tls.destinationCACertificate` | Route destination CA certificate | `nil` |
|
||||
|
||||
### deployment
|
||||
|
||||
| Name | Description | Value |
|
||||
@@ -1147,30 +1098,29 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
|
||||
|
||||
### Gitea
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
|
||||
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
|
||||
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
|
||||
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
|
||||
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
|
||||
| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` |
|
||||
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
|
||||
| `gitea.metrics.token` | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | `nil` |
|
||||
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` |
|
||||
| `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `gitea.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
|
||||
| `gitea.ldap` | LDAP configuration | `[]` |
|
||||
| `gitea.oauth` | OAuth configuration | `[]` |
|
||||
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
|
||||
| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` |
|
||||
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
|
||||
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
|
||||
| `gitea.extraEnvSourceFile` | Source environment variables from a file during init container startup. This is especially useful for reading environment variable files generated by the Vault agent-injector. | `nil` |
|
||||
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
|
||||
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
|
||||
| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` |
|
||||
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
|
||||
| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` |
|
||||
| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` |
|
||||
| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` |
|
||||
| `gitea.metrics.enabled` | Enable Gitea metrics | `false` |
|
||||
| `gitea.metrics.token` | used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public. | `nil` |
|
||||
| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false` |
|
||||
| `gitea.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `gitea.metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. For example `http` or `https`. Default is http. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used. | `""` |
|
||||
| `gitea.metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the metric endpoint by Prometheus. | `{}` |
|
||||
| `gitea.ldap` | LDAP configuration | `[]` |
|
||||
| `gitea.oauth` | OAuth configuration | `[]` |
|
||||
| `gitea.config.server.SSH_PORT` | SSH port for rootlful Gitea image | `22` |
|
||||
| `gitea.config.server.SSH_LISTEN_PORT` | SSH port for rootless Gitea image | `2222` |
|
||||
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
|
||||
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
|
||||
| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` |
|
||||
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` |
|
||||
|
||||
### LivenessProbe
|
||||
|
||||
@@ -1577,7 +1527,7 @@ mariadb:
|
||||
|
||||
### App.ini generation <!-- omit from toc -->
|
||||
|
||||
The app.ini generation has changed and now uses the `gitea config edit-ini` subcommand introduced in Gitea 1.26.
|
||||
The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions.
|
||||
This change ensures, that the app.ini is now persistent.
|
||||
|
||||
### Secret Key generation <!-- omit from toc -->
|
||||
|
||||
Generated
+12
-12
@@ -280,9 +280,9 @@
|
||||
"license": "ISC"
|
||||
},
|
||||
"node_modules/get-east-asian-width": {
|
||||
"version": "1.6.0",
|
||||
"resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.6.0.tgz",
|
||||
"integrity": "sha512-QRbvDIbx6YklUe6RxeTeleMR0yv3cYH6PsPZHcnVn7xv7zO1BHN8r0XETu8n6Ye3Q+ahtSarc3WgtNWmehIBfA==",
|
||||
"version": "1.5.0",
|
||||
"resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.5.0.tgz",
|
||||
"integrity": "sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
@@ -432,9 +432,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/katex": {
|
||||
"version": "0.16.47",
|
||||
"resolved": "https://registry.npmjs.org/katex/-/katex-0.16.47.tgz",
|
||||
"integrity": "sha512-Eeo8Ys1doU1z+x8AZsPpQu+p/QcZBI5PeOo7QGQdy2x2m0MU/hYagBbGOmXwr5KVbEfVuWv9LpnQWeehogurjg==",
|
||||
"version": "0.16.45",
|
||||
"resolved": "https://registry.npmjs.org/katex/-/katex-0.16.45.tgz",
|
||||
"integrity": "sha512-pQpZbdBu7wCTmQUh7ufPmLr0pFoObnGUoL/yhtwJDgmmQpbkg/0HSVti25Fu4rmd1oCR6NGWe9vqTWuWv3GcNA==",
|
||||
"dev": true,
|
||||
"funding": [
|
||||
"https://opencollective.com/katex",
|
||||
@@ -569,9 +569,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/markdownlint-cli/node_modules/brace-expansion": {
|
||||
"version": "5.0.6",
|
||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
|
||||
"integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
|
||||
"version": "5.0.5",
|
||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
|
||||
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
@@ -1360,9 +1360,9 @@
|
||||
"license": "ISC"
|
||||
},
|
||||
"node_modules/yaml": {
|
||||
"version": "2.9.0",
|
||||
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.9.0.tgz",
|
||||
"integrity": "sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==",
|
||||
"version": "2.8.3",
|
||||
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
|
||||
"integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
|
||||
"dev": true,
|
||||
"license": "ISC",
|
||||
"bin": {
|
||||
|
||||
@@ -78,6 +78,7 @@ function env2ini::reload_preset_envs() {
|
||||
rm $TMP_EXISTING_ENVS_FILE
|
||||
}
|
||||
|
||||
|
||||
function env2ini::process_config_file() {
|
||||
local config_file="${1}"
|
||||
local section="$(basename "${config_file}")"
|
||||
@@ -150,4 +151,4 @@ if [ -f ${GITEA_APP_INI} ]; then
|
||||
unset GITEA__SERVER__LFS_JWT_SECRET
|
||||
fi
|
||||
|
||||
gitea config edit-ini --apply-env --config "$GITEA_APP_INI" --out "$GITEA_APP_INI"
|
||||
environment-to-ini -o $GITEA_APP_INI
|
||||
|
||||
+1
-8
@@ -1,12 +1,5 @@
|
||||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.route.enabled }}
|
||||
{{- if .Values.route.host }}
|
||||
{{ include "gitea.public_protocol" . }}://{{ tpl .Values.route.host . }}{{ .Values.route.path }}
|
||||
{{- else }}
|
||||
export ROUTE_HOST=$(kubectl get route --namespace {{ .Release.Namespace }} {{ include "gitea.fullname" . }} -o jsonpath="{.spec.host}")
|
||||
echo {{ include "gitea.public_protocol" . }}://$ROUTE_HOST{{ .Values.route.path }}
|
||||
{{- end }}
|
||||
{{- else if .Values.ingress.enabled }}
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
{{- range .paths }}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
|
||||
|
||||
+9
-98
@@ -76,87 +76,6 @@ imagePullSecrets:
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true when OpenShift compatibility defaults should be rendered.
|
||||
If openshift.enabled is unset, auto-detect via the SCC API.
|
||||
*/}}
|
||||
{{- define "gitea.openshift.enabled" -}}
|
||||
{{- if kindIs "bool" .Values.openshift.enabled -}}
|
||||
{{ ternary "true" "false" .Values.openshift.enabled }}
|
||||
{{- else if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" -}}
|
||||
true
|
||||
{{- else -}}
|
||||
false
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the pod's hostUsers setting when OpenShift compatibility is enabled.
|
||||
*/}}
|
||||
{{- define "gitea.hostUsers" -}}
|
||||
{{- if eq (include "gitea.openshift.enabled" . | trim) "true" -}}
|
||||
{{- if kindIs "bool" .Values.openshift.hostUsers -}}
|
||||
{{ ternary "true" "false" .Values.openshift.hostUsers }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render pod securityContext. On non-OpenShift clusters an empty map defaults fsGroup to 1000.
|
||||
*/}}
|
||||
{{- define "gitea.podSecurityContext" -}}
|
||||
{{- $podSecurityContext := deepCopy .Values.podSecurityContext -}}
|
||||
{{- if and (ne (include "gitea.openshift.enabled" . | trim) "true") (not (hasKey $podSecurityContext "fsGroup")) -}}
|
||||
{{- $_ := set $podSecurityContext "fsGroup" 1000 -}}
|
||||
{{- end -}}
|
||||
{{- if gt (len $podSecurityContext) 0 -}}
|
||||
{{ toYaml $podSecurityContext }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render container securityContext with OpenShift restricted SCC defaults when enabled.
|
||||
*/}}
|
||||
{{- define "gitea.containerSecurityContext" -}}
|
||||
{{- $root := index . 0 -}}
|
||||
{{- $containerSecurityContext := deepCopy (index . 1) -}}
|
||||
{{- if eq (include "gitea.openshift.enabled" $root | trim) "true" -}}
|
||||
{{- $containerSecurityContext = mergeOverwrite (dict
|
||||
"allowPrivilegeEscalation" false
|
||||
"capabilities" (dict "drop" (list "ALL"))
|
||||
"runAsNonRoot" true
|
||||
"seccompProfile" (dict "type" "RuntimeDefault")
|
||||
) $containerSecurityContext -}}
|
||||
{{- end -}}
|
||||
{{- if gt (len $containerSecurityContext) 0 -}}
|
||||
{{ toYaml $containerSecurityContext }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render the securityContext for init containers that execute Gitea/GPG commands.
|
||||
These default to runAsUser 1000 outside OpenShift to preserve existing behavior.
|
||||
*/}}
|
||||
{{- define "gitea.commandInitContainerSecurityContext" -}}
|
||||
{{- $root := index . 0 -}}
|
||||
{{- $containerSecurityContext := deepCopy (index . 1) -}}
|
||||
{{- if and (ne (include "gitea.openshift.enabled" $root | trim) "true") (not (hasKey $containerSecurityContext "runAsUser")) -}}
|
||||
{{- $_ := set $containerSecurityContext "runAsUser" 1000 -}}
|
||||
{{- end -}}
|
||||
{{- include "gitea.containerSecurityContext" (list $root $containerSecurityContext) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Render the runtime container securityContext while honoring the deprecated securityContext value.
|
||||
*/}}
|
||||
{{- define "gitea.runtimeContainerSecurityContext" -}}
|
||||
{{- $containerSecurityContext := deepCopy .Values.containerSecurityContext -}}
|
||||
{{- if and (eq (len $containerSecurityContext) 0) .Values.securityContext -}}
|
||||
{{- $containerSecurityContext = deepCopy .Values.securityContext -}}
|
||||
{{- end -}}
|
||||
{{- include "gitea.containerSecurityContext" (list . $containerSecurityContext) -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Storage Class
|
||||
@@ -220,7 +139,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- else if (index .Values "valkey-cluster").enabled -}}
|
||||
{{- printf "redis+cluster://:%s@%s-valkey-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey-cluster").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey-cluster").service.ports.valkey -}}
|
||||
{{- else if (index .Values "valkey").enabled -}}
|
||||
{{- printf "redis://:%s@%s-valkey-primary.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}}
|
||||
{{- printf "redis://:%s@%s-valkey-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "valkey").global.valkey.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "valkey").master.service.ports.valkey -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -234,9 +153,9 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
|
||||
{{- define "valkey.servicename" -}}
|
||||
{{- if (index .Values "valkey-cluster").enabled -}}
|
||||
{{- printf "%s-valkey-cluster-headless.%s.svc" .Release.Name .Release.Namespace -}}
|
||||
{{- printf "%s-valkey-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- else if (index .Values "valkey").enabled -}}
|
||||
{{- printf "%s-valkey-primary.%s.svc" .Release.Name .Release.Namespace -}}
|
||||
{{- printf "%s-valkey-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -244,16 +163,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- printf "%s-http.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.public_hostname" -}}
|
||||
{{- if and .Values.route.enabled .Values.route.host -}}
|
||||
{{ tpl .Values.route.host . }}
|
||||
{{- else if gt (len .Values.ingress.hosts) 0 -}}
|
||||
{{ tpl (index .Values.ingress.hosts 0).host $ }}
|
||||
{{- else -}}
|
||||
{{ include "gitea.default_domain" . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.ldap_settings" -}}
|
||||
{{- $idx := index . 0 }}
|
||||
{{- $values := index . 1 }}
|
||||
@@ -304,9 +213,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.public_protocol" -}}
|
||||
{{- if and .Values.route.enabled .Values.route.tls.termination -}}
|
||||
https
|
||||
{{- else if and .Values.ingress.enabled (gt (len .Values.ingress.tls) 0) -}}
|
||||
{{- if and .Values.ingress.enabled (gt (len .Values.ingress.tls) 0) -}}
|
||||
https
|
||||
{{- else -}}
|
||||
{{ .Values.gitea.config.server.PROTOCOL }}
|
||||
@@ -439,7 +346,11 @@ https
|
||||
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
|
||||
{{- end -}}
|
||||
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.public_hostname" .) -}}
|
||||
{{- if gt (len .Values.ingress.hosts) 0 -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" ( tpl (index .Values.ingress.hosts 0).host $) -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.ROOT_URL -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}}
|
||||
|
||||
@@ -43,11 +43,6 @@ spec:
|
||||
{{- toYaml .Values.deployment.labels | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- $hostUsers := include "gitea.hostUsers" . | trim }}
|
||||
{{- $podSecurityContext := include "gitea.podSecurityContext" . | trim }}
|
||||
{{- $containerSecurityContext := include "gitea.containerSecurityContext" (list . (deepCopy .Values.containerSecurityContext)) | trim }}
|
||||
{{- $commandInitContainerSecurityContext := include "gitea.commandInitContainerSecurityContext" (list . (deepCopy .Values.containerSecurityContext)) | trim }}
|
||||
{{- $runtimeContainerSecurityContext := include "gitea.runtimeContainerSecurityContext" . | trim }}
|
||||
{{- if .Values.schedulerName }}
|
||||
schedulerName: "{{ .Values.schedulerName }}"
|
||||
{{- end }}
|
||||
@@ -57,14 +52,9 @@ spec:
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if $hostUsers }}
|
||||
hostUsers: {{ $hostUsers }}
|
||||
{{- end }}
|
||||
{{- include "gitea.images.pullSecrets" . | nindent 6 }}
|
||||
{{- if $podSecurityContext }}
|
||||
securityContext:
|
||||
{{- $podSecurityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
initContainers:
|
||||
{{- if .Values.preExtraInitContainers }}
|
||||
{{- toYaml .Values.preExtraInitContainers | nindent 8 }}
|
||||
@@ -101,25 +91,15 @@ spec:
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- include "gitea.init-additional-mounts" . | nindent 12 }}
|
||||
{{- if $containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $containerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
|
||||
resources:
|
||||
{{- toYaml .Values.initContainers.resources | nindent 12 }}
|
||||
- name: init-app-ini
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if .Values.gitea.extraEnvSourceFile }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
- "-c"
|
||||
args:
|
||||
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh"
|
||||
{{- else }}
|
||||
command:
|
||||
- "{{ .Values.initContainersScriptsVolumeMountPath }}/config_environment.sh"
|
||||
{{- end }}
|
||||
env:
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
@@ -156,30 +136,23 @@ spec:
|
||||
mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/"
|
||||
{{- end }}
|
||||
{{- include "gitea.init-additional-mounts" . | nindent 12 }}
|
||||
{{- if $containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $containerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
|
||||
resources:
|
||||
{{- toYaml .Values.initContainers.resources | nindent 12 }}
|
||||
{{- if .Values.signing.enabled }}
|
||||
- name: configure-gpg
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
{{- if .Values.gitea.extraEnvSourceFile }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
- "-c"
|
||||
args:
|
||||
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
|
||||
{{- else }}
|
||||
command:
|
||||
- "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gpg_environment.sh"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if $commandInitContainerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $commandInitContainerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
|
||||
{{- $csc := deepCopy .Values.containerSecurityContext -}}
|
||||
{{- if not (hasKey $csc "runAsUser") -}}
|
||||
{{- $_ := set $csc "runAsUser" 1000 -}}
|
||||
{{- end -}}
|
||||
{{- toYaml $csc | nindent 12 }}
|
||||
env:
|
||||
- name: GNUPGHOME
|
||||
value: {{ .Values.signing.gpgHome }}
|
||||
@@ -204,21 +177,16 @@ spec:
|
||||
{{- end }}
|
||||
- name: configure-gitea
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
{{- if .Values.gitea.extraEnvSourceFile }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
- "-c"
|
||||
args:
|
||||
- "test -f {{ .Values.gitea.extraEnvSourceFile }} && source {{ .Values.gitea.extraEnvSourceFile }} || { echo 'ERROR: Failed to source {{ .Values.gitea.extraEnvSourceFile }}'; exit 1; } && {{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
|
||||
{{- else }}
|
||||
command:
|
||||
- "{{ .Values.initContainersScriptsVolumeMountPath }}/configure_gitea.sh"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- if $commandInitContainerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $commandInitContainerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- /* By default this container runs as user 1000 unless otherwise stated */ -}}
|
||||
{{- $csc := deepCopy .Values.containerSecurityContext -}}
|
||||
{{- if not (hasKey $csc "runAsUser") -}}
|
||||
{{- $_ := set $csc "runAsUser" 1000 -}}
|
||||
{{- end -}}
|
||||
{{- toYaml $csc | nindent 12 }}
|
||||
env:
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
@@ -376,10 +344,13 @@ spec:
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- if $runtimeContainerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $runtimeContainerSecurityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- /* Honor the deprecated securityContext variable when defined */ -}}
|
||||
{{- if .Values.containerSecurityContext -}}
|
||||
{{ toYaml .Values.containerSecurityContext | nindent 12 -}}
|
||||
{{- else -}}
|
||||
{{ toYaml .Values.securityContext | nindent 12 -}}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: temp
|
||||
mountPath: /tmp
|
||||
|
||||
@@ -123,7 +123,7 @@ stringData:
|
||||
# should add it to prevent requiring frequent admin password resets.
|
||||
local -a change_args
|
||||
change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}")
|
||||
if gitea admin user change-password --help | grep -F -- '--must-change-password' >/dev/null; then
|
||||
if gitea admin user change-password --help | grep -qF -- '--must-change-password'; then
|
||||
change_args+=(--must-change-password=false)
|
||||
fi
|
||||
gitea admin user change-password "${change_args[@]}"
|
||||
|
||||
@@ -1,52 +0,0 @@
|
||||
{{- if .Values.route.enabled -}}
|
||||
{{- $fullName := include "gitea.fullname" . -}}
|
||||
apiVersion: route.openshift.io/v1
|
||||
kind: Route
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
{{- with .Values.route.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.route.host }}
|
||||
host: {{ tpl .Values.route.host . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.route.path }}
|
||||
path: {{ tpl .Values.route.path . | quote }}
|
||||
{{- end }}
|
||||
to:
|
||||
kind: Service
|
||||
name: {{ $fullName }}-http
|
||||
port:
|
||||
targetPort: http
|
||||
wildcardPolicy: {{ .Values.route.wildcardPolicy }}
|
||||
{{- with .Values.route.tls }}
|
||||
{{- if .termination }}
|
||||
tls:
|
||||
termination: {{ .termination }}
|
||||
{{- if .insecureEdgeTerminationPolicy }}
|
||||
insecureEdgeTerminationPolicy: {{ .insecureEdgeTerminationPolicy }}
|
||||
{{- end }}
|
||||
{{- if .key }}
|
||||
key: |
|
||||
{{- .key | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .certificate }}
|
||||
certificate: |
|
||||
{{- .certificate | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .caCertificate }}
|
||||
caCertificate: |
|
||||
{{- .caCertificate | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .destinationCACertificate }}
|
||||
destinationCACertificate: |
|
||||
{{- .destinationCACertificate | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -9,18 +9,9 @@ metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
{{- $hostUsers := include "gitea.hostUsers" . | trim }}
|
||||
{{- $testContainerSecurityContext := include "gitea.containerSecurityContext" (list . (dict)) | trim }}
|
||||
{{- if $hostUsers }}
|
||||
hostUsers: {{ $hostUsers }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: wget
|
||||
image: "{{ .Values.test.image.name }}:{{ .Values.test.image.tag }}"
|
||||
{{- if $testContainerSecurityContext }}
|
||||
securityContext:
|
||||
{{- $testContainerSecurityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
command: ['wget']
|
||||
args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}']
|
||||
restartPolicy: Never
|
||||
|
||||
@@ -9,51 +9,27 @@ function setup() {
|
||||
export GITEA_APP_INI="$BATS_TEST_TMPDIR/app.ini"
|
||||
export TMP_EXISTING_ENVS_FILE="$BATS_TEST_TMPDIR/existing-envs"
|
||||
export ENV_TO_INI_MOUNT_POINT="$BATS_TEST_TMPDIR/env-to-ini-mounts"
|
||||
export GITEA_EDIT_INI_EXPECTED=0
|
||||
export PATH="$BATS_TEST_TMPDIR/bin:$PATH"
|
||||
|
||||
mkdir -p "$BATS_TEST_TMPDIR/bin"
|
||||
cat >"$BATS_TEST_TMPDIR/bin/gitea" <<'EOF'
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
case "$*" in
|
||||
'generate secret INTERNAL_TOKEN')
|
||||
echo 'mocked-internal-token'
|
||||
;;
|
||||
'generate secret SECRET_KEY')
|
||||
echo 'mocked-secret-key'
|
||||
;;
|
||||
'generate secret JWT_SECRET')
|
||||
echo 'mocked-jwt-secret'
|
||||
;;
|
||||
'generate secret LFS_JWT_SECRET')
|
||||
echo 'mocked-lfs-jwt-secret'
|
||||
;;
|
||||
"config edit-ini --apply-env --config $GITEA_APP_INI --out $GITEA_APP_INI")
|
||||
if [ "$GITEA_EDIT_INI_EXPECTED" -eq 1 ]; then
|
||||
echo 'Stubbed gitea config edit-ini was called!'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo 'Unexpected gitea config edit-ini invocation' >&2
|
||||
exit 127
|
||||
;;
|
||||
*)
|
||||
echo "Unexpected gitea invocation: $*" >&2
|
||||
exit 127
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
chmod +x "$BATS_TEST_TMPDIR/bin/gitea"
|
||||
stub gitea \
|
||||
"generate secret INTERNAL_TOKEN : echo 'mocked-internal-token'" \
|
||||
"generate secret SECRET_KEY : echo 'mocked-secret-key'" \
|
||||
"generate secret JWT_SECRET : echo 'mocked-jwt-secret'" \
|
||||
"generate secret LFS_JWT_SECRET : echo 'mocked-lfs-jwt-secret'"
|
||||
}
|
||||
|
||||
function teardown() {
|
||||
:
|
||||
unstub gitea
|
||||
# This condition exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open
|
||||
if [ $ENV_TO_INI_EXPECTED -eq 1 ]; then
|
||||
unstub environment-to-ini
|
||||
fi
|
||||
}
|
||||
|
||||
function expect_gitea_config_edit_ini_call() {
|
||||
export GITEA_EDIT_INI_EXPECTED=1
|
||||
# This function exists due to https://github.com/jasonkarns/bats-mock/pull/37 being still open
|
||||
function expect_environment_to_ini_call() {
|
||||
export ENV_TO_INI_EXPECTED=1
|
||||
stub environment-to-ini \
|
||||
"-o $GITEA_APP_INI : echo 'Stubbed environment-to-ini was called!'"
|
||||
}
|
||||
|
||||
function execute_test_script() {
|
||||
@@ -80,18 +56,18 @@ function write_mounted_file() {
|
||||
}
|
||||
|
||||
@test "works as expected when nothing is configured" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh
|
||||
|
||||
assert_success
|
||||
assert_line '...Initial secrets generated'
|
||||
assert_line 'Reloading preset envs...'
|
||||
assert_line '=== All configuration sources loaded ==='
|
||||
assert_line 'Stubbed gitea config edit-ini was called!'
|
||||
assert_line 'Stubbed environment-to-ini was called!'
|
||||
}
|
||||
|
||||
@test "exports initial secrets" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
run execute_test_script
|
||||
|
||||
assert_success
|
||||
@@ -102,7 +78,7 @@ function write_mounted_file() {
|
||||
}
|
||||
|
||||
@test "does NOT export initial secrets when app.ini already exists" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
touch $GITEA_APP_INI
|
||||
|
||||
run execute_test_script
|
||||
@@ -116,7 +92,7 @@ function write_mounted_file() {
|
||||
}
|
||||
|
||||
@test "ensures that preset environment variables take precedence over auto-generated ones" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
|
||||
|
||||
run execute_test_script
|
||||
@@ -126,7 +102,7 @@ function write_mounted_file() {
|
||||
}
|
||||
|
||||
@test "ensures that preset environment variables take precedence over mounted ones" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
|
||||
write_mounted_file "inlines" "oauth2" "$(cat << EOF
|
||||
JWT_SECRET=inline-jwt-secret
|
||||
@@ -141,7 +117,7 @@ EOF
|
||||
}
|
||||
|
||||
@test "ensures that additionals take precedence over inlines" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
write_mounted_file "inlines" "oauth2" "$(cat << EOF
|
||||
JWT_SECRET=inline-jwt-secret
|
||||
EOF
|
||||
@@ -160,7 +136,7 @@ EOF
|
||||
}
|
||||
|
||||
@test "ensures that dotted/dashed sections are properly masked" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
|
||||
WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
|
||||
EOF
|
||||
@@ -176,7 +152,7 @@ EOF
|
||||
##### THIS IS A BUG, BUT I WANT IT TO BE COVERED BY TESTS #####
|
||||
###############################################################
|
||||
@test "ensures uppercase section and setting names (🐞)" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
export GITEA__oauth2__JwT_Secret="pre-defined-jwt-secret"
|
||||
write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
|
||||
WORK_IN_progress_PREFIXES=WIP:,[WIP]
|
||||
@@ -191,7 +167,7 @@ EOF
|
||||
}
|
||||
|
||||
@test "treats top-level configuration as section-less" {
|
||||
expect_gitea_config_edit_ini_call
|
||||
expect_environment_to_ini_call
|
||||
write_mounted_file "inlines" "_generals_" "$(cat << EOF
|
||||
APP_NAME=Hello top-level configuration
|
||||
RUN_MODE=dev
|
||||
|
||||
@@ -31,7 +31,7 @@ tests:
|
||||
path: stringData.cache
|
||||
value: |-
|
||||
ADAPTER=redis
|
||||
HOST=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
HOST=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
|
||||
- it: "cache is configured correctly for 'memory' when valkey (or valkey-cluster) is disabled"
|
||||
template: templates/gitea/config.yaml
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
suite: config template | config_environment.sh
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: uses `gitea config edit-ini` to write app.ini from environment variables
|
||||
template: templates/gitea/config.yaml
|
||||
asserts:
|
||||
- documentIndex: 1
|
||||
matchRegex:
|
||||
path: stringData["config_environment.sh"]
|
||||
pattern: 'gitea config edit-ini --apply-env --config .+GITEA_APP_INI.+ --out .+GITEA_APP_INI'
|
||||
@@ -30,7 +30,7 @@ tests:
|
||||
equal:
|
||||
path: stringData.queue
|
||||
value: |-
|
||||
CONN_STR=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
CONN_STR=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
TYPE=redis
|
||||
|
||||
- it: "queue is configured correctly for 'levelDB' when valkey (and valkey-cluster) is disabled"
|
||||
|
||||
@@ -65,41 +65,3 @@ tests:
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nROOT_URL=http://provided.example.com
|
||||
|
||||
################################################
|
||||
|
||||
- it: "[route enabled] uses route host for DOMAIN|SSH_DOMAIN|ROOT_URL"
|
||||
template: templates/gitea/config.yaml
|
||||
set:
|
||||
route:
|
||||
enabled: true
|
||||
host: route.example.com
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nDOMAIN=route.example.com
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nSSH_DOMAIN=route.example.com
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nROOT_URL=http://route.example.com
|
||||
|
||||
################################################
|
||||
|
||||
- it: "[route tls termination] uses https for ROOT_URL"
|
||||
template: templates/gitea/config.yaml
|
||||
set:
|
||||
route:
|
||||
enabled: true
|
||||
host: route.example.com
|
||||
tls:
|
||||
termination: edge
|
||||
asserts:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData.server
|
||||
pattern: \nROOT_URL=https://route.example.com
|
||||
|
||||
@@ -31,7 +31,7 @@ tests:
|
||||
path: stringData.session
|
||||
value: |-
|
||||
PROVIDER=redis
|
||||
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-primary.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-valkey-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
|
||||
|
||||
- it: "session is configured correctly for 'memory' when valkey (and valkey-cluster) is disabled"
|
||||
template: templates/gitea/config.yaml
|
||||
|
||||
@@ -87,4 +87,4 @@ tests:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData["configure_gitea.sh"]
|
||||
pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc 6379
|
||||
pattern: nc -vz -w2 gitea-unittests-valkey-cluster-headless.testing.svc.cluster.local 6379
|
||||
|
||||
@@ -29,19 +29,18 @@ tests:
|
||||
path: data["valkey-password"]
|
||||
value: "Z2l0ZWEtcGFzc3dvcmQ="
|
||||
- it: "[valkey] renders the referenced service"
|
||||
template: charts/valkey/templates/primary/service.yaml
|
||||
template: charts/valkey/templates/headless-svc.yaml
|
||||
asserts:
|
||||
- containsDocument:
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
name: gitea-unittests-valkey-primary
|
||||
name: gitea-unittests-valkey-headless
|
||||
namespace: testing
|
||||
- documentIndex: 0
|
||||
contains:
|
||||
path: spec.ports
|
||||
content:
|
||||
name: tcp-redis
|
||||
nodePort: null
|
||||
port: 6379
|
||||
targetPort: redis
|
||||
- it: "[gitea] waits for valkey to be up and running"
|
||||
@@ -50,4 +49,4 @@ tests:
|
||||
- documentIndex: 0
|
||||
matchRegex:
|
||||
path: stringData["configure_gitea.sh"]
|
||||
pattern: nc -vz -w2 gitea-unittests-valkey-primary.testing.svc 6379
|
||||
pattern: nc -vz -w2 gitea-unittests-valkey-headless.testing.svc.cluster.local 6379
|
||||
|
||||
@@ -1,82 +0,0 @@
|
||||
suite: deployment template (extraEnvSourceFile)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: uses direct execution when extraEnvSourceFile is not set
|
||||
template: templates/gitea/deployment.yaml
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[1].command
|
||||
value: ["/usr/sbinx/config_environment.sh"]
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers[1].args
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].command
|
||||
value: ["/usr/sbinx/configure_gitea.sh"]
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers[2].args
|
||||
|
||||
- it: sources env file in init-app-ini when extraEnvSourceFile is set
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
extraEnvSourceFile: /vault/secrets/gitea
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[1].command
|
||||
value: ["/bin/bash", "-c"]
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[1].args[0]
|
||||
pattern: source /vault/secrets/gitea
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[1].args[0]
|
||||
pattern: config_environment\.sh
|
||||
|
||||
- it: sources env file in configure-gitea when extraEnvSourceFile is set
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
extraEnvSourceFile: /vault/secrets/gitea
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].command
|
||||
value: ["/bin/bash", "-c"]
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[2].args[0]
|
||||
pattern: source /vault/secrets/gitea
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[2].args[0]
|
||||
pattern: configure_gitea\.sh
|
||||
|
||||
- it: sources env file in configure-gpg when extraEnvSourceFile is set with signing enabled
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
signing:
|
||||
enabled: true
|
||||
existingSecret: "custom-gpg-secret"
|
||||
gitea:
|
||||
extraEnvSourceFile: /vault/secrets/gitea
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].command
|
||||
value: ["/bin/bash", "-c"]
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[2].args[0]
|
||||
pattern: source /vault/secrets/gitea
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[2].args[0]
|
||||
pattern: configure_gpg_environment\.sh
|
||||
|
||||
- it: includes file existence check in source command
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
gitea:
|
||||
extraEnvSourceFile: /vault/secrets/gitea
|
||||
asserts:
|
||||
- matchRegex:
|
||||
path: spec.template.spec.initContainers[1].args[0]
|
||||
pattern: "test -f /vault/secrets/gitea"
|
||||
@@ -1,106 +0,0 @@
|
||||
suite: deployment template (openshift)
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/deployment.yaml
|
||||
- templates/gitea/config.yaml
|
||||
tests:
|
||||
- it: renders openshift-compatible defaults for chart-managed containers
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
openshift.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.spec.hostUsers
|
||||
- notExists:
|
||||
path: spec.template.spec.securityContext
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[0].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[1].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
- it: does not force runAsUser 1000 for command init containers on OpenShift
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
openshift.enabled: true
|
||||
signing.enabled: true
|
||||
signing.existingSecret: custom-gpg-secret
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers[2].securityContext.runAsUser
|
||||
- notExists:
|
||||
path: spec.template.spec.initContainers[3].securityContext.runAsUser
|
||||
|
||||
- it: preserves explicit pod and container security context overrides on OpenShift
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
openshift:
|
||||
enabled: true
|
||||
hostUsers: true
|
||||
podSecurityContext:
|
||||
fsGroup: 1000620000
|
||||
containerSecurityContext:
|
||||
runAsUser: 1000620000
|
||||
runAsGroup: 1000620000
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.hostUsers
|
||||
value: true
|
||||
- equal:
|
||||
path: spec.template.spec.securityContext
|
||||
value:
|
||||
fsGroup: 1000620000
|
||||
- equal:
|
||||
path: spec.template.spec.initContainers[2].securityContext.runAsUser
|
||||
value: 1000620000
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].securityContext.runAsGroup
|
||||
value: 1000620000
|
||||
|
||||
- it: renders an explicit hostUsers=false override on OpenShift
|
||||
template: templates/gitea/deployment.yaml
|
||||
set:
|
||||
openshift:
|
||||
enabled: true
|
||||
hostUsers: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.hostUsers
|
||||
value: false
|
||||
@@ -1,58 +0,0 @@
|
||||
suite: Test route.yaml
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/gitea/route.yaml
|
||||
tests:
|
||||
- it: should create route when route.enabled is true
|
||||
set:
|
||||
route:
|
||||
enabled: true
|
||||
host: git.apps.example.com
|
||||
path: /
|
||||
annotations:
|
||||
haproxy.router.openshift.io/timeout: 5m
|
||||
tls:
|
||||
termination: edge
|
||||
insecureEdgeTerminationPolicy: Redirect
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: gitea-unittests
|
||||
- equal:
|
||||
path: metadata.annotations["haproxy.router.openshift.io/timeout"]
|
||||
value: 5m
|
||||
- equal:
|
||||
path: spec.host
|
||||
value: git.apps.example.com
|
||||
- equal:
|
||||
path: spec.path
|
||||
value: /
|
||||
- equal:
|
||||
path: spec.to.kind
|
||||
value: Service
|
||||
- equal:
|
||||
path: spec.to.name
|
||||
value: gitea-unittests-http
|
||||
- equal:
|
||||
path: spec.port.targetPort
|
||||
value: http
|
||||
- equal:
|
||||
path: spec.wildcardPolicy
|
||||
value: None
|
||||
- equal:
|
||||
path: spec.tls.termination
|
||||
value: edge
|
||||
- equal:
|
||||
path: spec.tls.insecureEdgeTerminationPolicy
|
||||
value: Redirect
|
||||
|
||||
- it: should not create route when route.enabled is false
|
||||
set:
|
||||
route.enabled: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 0
|
||||
@@ -1,33 +0,0 @@
|
||||
suite: test connection template
|
||||
release:
|
||||
name: gitea-unittests
|
||||
namespace: testing
|
||||
templates:
|
||||
- templates/tests/test-http-connection.yaml
|
||||
tests:
|
||||
- it: renders openshift-compatible defaults for the test pod
|
||||
set:
|
||||
openshift.enabled: true
|
||||
asserts:
|
||||
- notExists:
|
||||
path: spec.hostUsers
|
||||
- equal:
|
||||
path: spec.containers[0].securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
- it: renders an explicit hostUsers=false override for the test pod
|
||||
set:
|
||||
openshift:
|
||||
enabled: true
|
||||
hostUsers: false
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.hostUsers
|
||||
value: false
|
||||
+3
-56
@@ -62,14 +62,9 @@ imagePullSecrets: []
|
||||
|
||||
## @section Security
|
||||
# Security context is only usable with rootless image due to image design
|
||||
## @param openshift.enabled Enable OpenShift compatibility defaults for chart-managed pods. Defaults to auto-detect based on the SecurityContextConstraints API.
|
||||
## @param openshift.hostUsers Override the PodSpec hostUsers field for chart-managed pods. When unset, the field is omitted so the platform default is used.
|
||||
openshift:
|
||||
enabled: null
|
||||
hostUsers: null
|
||||
|
||||
## @param podSecurityContext Pod security context. On non-OpenShift clusters the chart defaults `fsGroup` to `1000` when this map is empty.
|
||||
podSecurityContext: {}
|
||||
## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
|
||||
## @param containerSecurityContext Security context
|
||||
containerSecurityContext: {}
|
||||
@@ -182,32 +177,6 @@ ingress:
|
||||
# hosts:
|
||||
# - git.example.com
|
||||
|
||||
## @section Route
|
||||
## @param route.enabled Enable OpenShift Route
|
||||
## @param route.annotations Route annotations
|
||||
## @param route.host Route host. When unset, OpenShift may generate one and Gitea URL defaults fall back to ingress/service values.
|
||||
## @param route.path Route path
|
||||
## @param route.wildcardPolicy Route wildcard policy
|
||||
## @param route.tls.termination Route TLS termination type
|
||||
## @param route.tls.insecureEdgeTerminationPolicy Route insecure edge termination policy
|
||||
## @param route.tls.key Route TLS key
|
||||
## @param route.tls.certificate Route TLS certificate
|
||||
## @param route.tls.caCertificate Route TLS CA certificate
|
||||
## @param route.tls.destinationCACertificate Route destination CA certificate
|
||||
route:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
host: ""
|
||||
path: ""
|
||||
wildcardPolicy: None
|
||||
tls:
|
||||
termination:
|
||||
insecureEdgeTerminationPolicy:
|
||||
key:
|
||||
certificate:
|
||||
caCertificate:
|
||||
destinationCACertificate:
|
||||
|
||||
## @section deployment
|
||||
#
|
||||
## @param resources Kubernetes resources
|
||||
@@ -477,28 +446,6 @@ gitea:
|
||||
## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
|
||||
additionalConfigFromEnvs: []
|
||||
|
||||
## @param gitea.extraEnvSourceFile Source environment variables from a file during init container startup. This is especially useful for reading environment variable files generated by the Vault agent-injector.
|
||||
## See the sample annotations below for reference.
|
||||
## podAnnotations:
|
||||
## vault.hashicorp.com/agent-inject: "true"
|
||||
## vault.hashicorp.com/agent-init-first: "true"
|
||||
## vault.hashicorp.com/agent-inject-secret-gitea: <path/to/secret>
|
||||
## vault.hashicorp.com/agent-inject-template-gitea: |
|
||||
## {{- with secret "path/to/secret" -}}
|
||||
## export GITEA__database__HOST="{{ .Data.data.db_host }}"
|
||||
## export GITEA__database__NAME="{{ .Data.data.db_name }}"
|
||||
## export GITEA__database__USER="{{ .Data.data.db_user }}"
|
||||
## export GITEA__database__PASSWD="{{ .Data.data.db_password }}"
|
||||
## export GITEA__queue__CONN_STR="{{ .Data.data.kv_conn_string }}"
|
||||
## export GITEA__session__PROVIDER_CONFIG="{{ .Data.data.kv_conn_string }}"
|
||||
## export GITEA__cache__HOST="{{ .Data.data.kv_conn_string }}"
|
||||
## export GITEA_ADMIN_USERNAME="{{ .Data.data.gitea_admin_user }}"
|
||||
## export GITEA_ADMIN_PASSWORD="{{ .Data.data.gitea_admin_password }}"
|
||||
## {{- end }}
|
||||
|
||||
# extraEnvSourceFile: /vault/secrets/gitea
|
||||
extraEnvSourceFile:
|
||||
|
||||
## @param gitea.podAnnotations Annotations for the Gitea pod
|
||||
podAnnotations: {}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user