Add comments about redis password policy (#706)

fix #690

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/706
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>

.gitea/workflows/release-version.yml

@@ -7,7 +7,7 @@ on:
 
 env:
   # renovate: datasource=docker depName=alpine/helm
-  HELM_VERSION: "3.15.2"
+  HELM_VERSION: "3.15.3"
 
 jobs:
   generate-chart-publish:

.gitea/workflows/test-pr.yml

@@ -11,12 +11,12 @@ on:
 
 env:
   # renovate: datasource=github-releases depName=helm-unittest/helm-unittest
-  HELM_UNITTEST_VERSION: "v0.5.1"
+  HELM_UNITTEST_VERSION: "v0.5.2"
 
 jobs:
   check-and-test:
     runs-on: ubuntu-latest
-    container: alpine/helm:3.15.2
+    container: alpine/helm:3.15.3
     steps:
       - name: install tools
         run: |

.vscode/settings.json

@@ -1,6 +1,6 @@
 {
     "yaml.schemas": {
-        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.1/schema/helm-testsuite.json": [
+        "https://raw.githubusercontent.com/helm-unittest/helm-unittest/v0.5.2/schema/helm-testsuite.json": [
             "/unittests/**/*.yaml"
         ]
     },

Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.5.14
+  version: 15.5.20
 - name: postgresql-ha
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 14.2.11
+  version: 14.2.16
 - name: redis-cluster
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 10.2.6
+  version: 10.3.0
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 19.6.1
+  version: 19.6.4
-digest: sha256:b67d5866d0e5c17ae77d617f11d0c598c93b90dd4703684799f6a77282d8d96d
+digest: sha256:a28c809273f313c482e3f803a0a002c3bb3a0d2090bf6b732d68ecc4710b4732
-generated: "2024-07-07T11:54:30.9528697+02:00"
+generated: "2024-08-03T00:21:16.080925346Z"

Chart.yaml

@@ -3,7 +3,8 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 1.22.0
+# renovate datasource=github-releases depName=go-gitea/gitea extractVersion=^v(?<version>.*)$
+appVersion: 1.22.2
 icon: https://gitea.com/assets/img/logo.svg
 
 keywords:
@@ -35,20 +36,20 @@ dependencies:
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql
   - name: postgresql
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 15.5.14
+    version: 15.5.20
     condition: postgresql.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/Chart.yaml
   - name: postgresql-ha
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 14.2.11
+    version: 14.2.16
     condition: postgresql-ha.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/Chart.yaml
   - name: redis-cluster
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 10.2.6
+    version: 10.3.0
     condition: redis-cluster.enabled
   # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
   - name: redis
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 19.6.1
+    version: 19.6.4
     condition: redis.enabled

README.md

@@ -498,6 +498,9 @@ redis-cluster:
   enabled: true
 ```
 
+⚠️ The redis charts [do not work well with special characters in the password](https://gitea.com/gitea/helm-chart/issues/690).
+Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
+
 ### Persistence
 
 Gitea will be deployed as a deployment.
@@ -904,6 +907,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
 | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer                                                                                                                                                            | `[]`        |
 | `service.http.annotations`              | HTTP service annotations                                                                                                                                                                             | `{}`        |
 | `service.http.labels`                   | HTTP service additional labels                                                                                                                                                                       | `{}`        |
+| `service.http.loadBalancerClass`        | Loadbalancer class                                                                                                                                                                                   | `nil`       |
 | `service.ssh.type`                      | Kubernetes service type for ssh traffic                                                                                                                                                              | `ClusterIP` |
 | `service.ssh.port`                      | Port number for ssh traffic                                                                                                                                                                          | `22`        |
 | `service.ssh.clusterIP`                 | ClusterIP setting for ssh autosetup for deployment is None                                                                                                                                           | `None`      |
@@ -917,6 +921,7 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
 | `service.ssh.loadBalancerSourceRanges`  | Source range filter for ssh loadbalancer                                                                                                                                                             | `[]`        |
 | `service.ssh.annotations`               | SSH service annotations                                                                                                                                                                              | `{}`        |
 | `service.ssh.labels`                    | SSH service additional labels                                                                                                                                                                        | `{}`        |
+| `service.ssh.loadBalancerClass`         | Loadbalancer class                                                                                                                                                                                   | `nil`       |
 
 ### Ingress
 
@@ -1000,14 +1005,19 @@ To comply with the Gitea helm chart definition of the digest parameter, a "custo
 ### Gitea
 
 | Name                                         | Description                                                                                                                    | Value                |
-| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- |
+| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
 | `gitea.admin.username`                       | Username for the Gitea admin user                                                                                              | `gitea_admin`        |
 | `gitea.admin.existingSecret`                 | Use an existing secret to store admin user credentials                                                                         | `nil`                |
 | `gitea.admin.password`                       | Password for the Gitea admin user                                                                                              | `r8sA8CPHD9!bt6d`    |
 | `gitea.admin.email`                          | Email for the Gitea admin user                                                                                                 | `gitea@local.domain` |
 | `gitea.admin.passwordMode`                   | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated  | `keepUpdated`        |
 | `gitea.metrics.enabled`                      | Enable Gitea metrics                                                                                                           | `false`              |
-| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor                                                                                          | `false`              |
+| `gitea.metrics.serviceMonitor.enabled`       | Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally. | `false`              |
+| `gitea.metrics.serviceMonitor.interval`      | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.                      | `""`                 |
+| `gitea.metrics.serviceMonitor.relabelings`   | RelabelConfigs to apply to samples before scraping.                                                                            | `[]`                 |
+| `gitea.metrics.serviceMonitor.scheme`        | HTTP scheme to use for scraping. For example `http` or `https`. Default is http.                                               | `""`                 |
+| `gitea.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.                           | `""`                 |
+| `gitea.metrics.serviceMonitor.tlsConfig`     | TLS configuration to use when scraping the metric endpoint by Prometheus.                                                      | `{}`                 |
 | `gitea.ldap`                                 | LDAP configuration                                                                                                             | `[]`                 |
 | `gitea.oauth`                                | OAuth configuration                                                                                                            | `[]`                 |
 | `gitea.config.server.SSH_PORT`               | SSH port for rootlful Gitea image                                                                                              | `22`                 |
@@ -1088,7 +1098,7 @@ Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
 | `postgresql-ha.postgresql.postgresPassword` | postgres Password                                                | `changeme1` |
 | `postgresql-ha.pgpool.adminPassword`        | pgpool adminPassword                                             | `changeme3` |
 | `postgresql-ha.service.ports.postgresql`    | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`      |
-| `postgresql-ha.primary.persistence.size`    | PVC Storage Request for PostgreSQL HA volume                     | `10Gi`      |
+| `postgresql-ha.persistence.size`            | PVC Storage Request for PostgreSQL HA volume                     | `10Gi`      |
 
 ### PostgreSQL
 

renovate.json5

@@ -30,6 +30,14 @@
       ],
       datasourceTemplate: 'github-releases',
     },
+    {
+      'description': 'Automatically detect new Gitea releases',
+      'customType': 'regex',
+      'fileMatch': ['(^|/)Chart\\.yaml$'],
+      'matchStrings': [
+        '# renovate datasource=(?<datasource>\\S+) depName=(?<depName>\\S+) extractVersion=(?<extractVersion>\\S+)\\nappVersion:\\s?(?<currentValue>\\S+)\\n',
+      ],
+    },
   ],
   packageRules: [
     {
@@ -56,5 +64,12 @@
         'digest',
       ],
     },
+    {
+      description: 'Override changelog url for Helm image, to have release notes in our PRs',
+      matchDepNames: [
+        'alpine/helm',
+      ],
+      changelogUrl: 'https://github.com/helm/helm',
+    },
   ],
 }

templates/gitea/http-svc.yaml

@@ -11,7 +11,11 @@ metadata:
     {{- toYaml .Values.service.http.annotations | nindent 4 }}
 spec:
   type: {{ .Values.service.http.type }}
-  {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
+  {{- if eq .Values.service.http.type "LoadBalancer" }}
+  {{- if .Values.service.http.loadBalancerClass }}
+  loadBalancerClass: {{ .Values.service.http.loadBalancerClass }}
+  {{- end }}
+  {{- if and .Values.service.http.loadBalancerIP }}
   loadBalancerIP: {{ .Values.service.http.loadBalancerIP  }}
   {{- end }}
   {{- if .Values.service.http.loadBalancerSourceRanges }}
@@ -20,6 +24,7 @@ spec:
     - {{ . }}
   {{- end }}
   {{- end }}
+  {{- end }}
   {{- if .Values.service.http.externalIPs }}
   externalIPs:
     {{- toYaml .Values.service.http.externalIPs | nindent 4 }}

templates/gitea/init.yaml

@@ -24,27 +24,25 @@ stringData:
     # END: initPreScript
     {{- end }}
 
-    set -x
-
     {{- if not .Values.image.rootless }}
-    chown 1000:1000 /data
+    chown -v 1000:1000 /data
     {{- end }}
-    mkdir -p /data/git/.ssh
+    mkdir -pv /data/git/.ssh
-    chmod -R 700 /data/git/.ssh
+    chmod -Rv 700 /data/git/.ssh
-    [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
+    [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
 
     # prepare temp directory structure
-    mkdir -p "${GITEA_TEMP}"
+    mkdir -pv "${GITEA_TEMP}"
     {{- if not .Values.image.rootless }}
-    chown 1000:1000 "${GITEA_TEMP}"
+    chown -v 1000:1000 "${GITEA_TEMP}"
     {{- end }}
-    chmod ug+rwx "${GITEA_TEMP}"
+    chmod -v ug+rwx "${GITEA_TEMP}"
 
     {{ if .Values.signing.enabled -}}
     if [ ! -d "${GNUPGHOME}" ]; then
-      mkdir -p "${GNUPGHOME}"
+      mkdir -pv "${GNUPGHOME}"
-      chmod 700 "${GNUPGHOME}"
+      chmod -v 700 "${GNUPGHOME}"
-      chown 1000:1000 "${GNUPGHOME}"
+      chown -v 1000:1000 "${GNUPGHOME}"
     fi
     {{- end }}
 

templates/gitea/servicemonitor.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.gitea.metrics.serviceMonitor.enabled -}}
+{{- if and .Values.gitea.metrics.enabled .Values.gitea.metrics.serviceMonitor.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
@@ -14,4 +14,21 @@ spec:
       {{- include "gitea.selectorLabels" . | nindent 6 }}
   endpoints:
   - port: http
+    {{- if .Values.gitea.metrics.serviceMonitor.interval }}
+    interval: {{ .Values.gitea.metrics.serviceMonitor.interval }}
+    {{- end }}
+    {{- with .Values.gitea.metrics.serviceMonitor.relabelings }}
+    relabelings:
+      {{- . | toYaml | nindent 6 }}
+    {{- end }}
+    {{- if .Values.gitea.metrics.serviceMonitor.scheme }}
+    scheme: {{ .Values.gitea.metrics.serviceMonitor.scheme }}
+    {{- end }}
+    {{- if .Values.gitea.metrics.serviceMonitor.scrapeTimeout }}
+    scrapeTimeout: {{ .Values.gitea.metrics.serviceMonitor.scrapeTimeout }}
+    {{- end }}
+    {{- with .Values.gitea.metrics.serviceMonitor.tlsConfig }}
+    tlsConfig:
+      {{- . | toYaml | nindent 6 }}
+    {{- end }}
 {{- end -}}

templates/gitea/ssh-svc.yaml

@@ -12,6 +12,9 @@ metadata:
 spec:
   type: {{ .Values.service.ssh.type }}
   {{- if eq .Values.service.ssh.type "LoadBalancer" }}
+  {{- if .Values.service.ssh.loadBalancerClass }}
+  loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }}
+  {{- end }}
   {{- if .Values.service.ssh.loadBalancerIP }}
   loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
   {{- end -}}

unittests/deployment/svc-configuration.yaml

@@ -49,3 +49,70 @@ tests:
     asserts:
       - exists:
           path: metadata.labels["app"]
+
+  - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
+    template: templates/gitea/ssh-svc.yaml
+    set:
+      service:
+        ssh:
+          loadBalancerClass: "example.com/class"
+          type: LoadBalancer
+          loadBalancerIP: "1.2.3.4"
+          loadBalancerSourceRanges:
+            - "1.2.3.4/32"
+            - "5.6.7.8/32"
+    asserts:
+      - equal:
+          path: spec.loadBalancerClass
+          value: "example.com/class"
+      - equal:
+          path: spec.loadBalancerIP
+          value: "1.2.3.4"
+      - equal:
+          path: spec.loadBalancerSourceRanges
+          value: ["1.2.3.4/32", "5.6.7.8/32"]
+
+  - it: does not render when loadbalancer properties are set but type is not loadBalancerClass
+    template: templates/gitea/http-svc.yaml
+    set:
+      service:
+        http:
+          type: ClusterIP
+          loadBalancerClass: "example.com/class"
+          loadBalancerIP: "1.2.3.4"
+          loadBalancerSourceRanges:
+            - "1.2.3.4/32"
+            - "5.6.7.8/32"
+    asserts:
+      - notExists:
+          path: spec.loadBalancerClass
+      - notExists:
+          path: spec.loadBalancerIP
+      - notExists:
+          path: spec.loadBalancerSourceRanges
+
+  - it: does not render loadBalancerClass by default even when type is LoadBalancer
+    template: templates/gitea/http-svc.yaml
+    set:
+      service:
+        http:
+          type: LoadBalancer
+          loadBalancerIP: "1.2.3.4"
+    asserts:
+      - notExists:
+          path: spec.loadBalancerClass
+      - equal:
+          path: spec.loadBalancerIP
+          value: "1.2.3.4"
+
+  - it: both ssh and http services exist
+    templates:
+      - templates/gitea/ssh-svc.yaml
+      - templates/gitea/http-svc.yaml
+    asserts:
+      - matchRegex:
+          path: metadata.name
+          pattern: "^gitea-unittests-(?:ssh|http)$"
+      - matchRegex:
+          path: spec.ports[0].name
+          pattern: "^(?:ssh|http)$"

unittests/init/init_directory_structure.sh-rootless.yaml

@@ -28,15 +28,13 @@ tests:
             #!/usr/bin/env bash
 
             set -euo pipefail
-
+            mkdir -pv /data/git/.ssh
-            set -x
+            chmod -Rv 700 /data/git/.ssh
-            mkdir -p /data/git/.ssh
+            [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
-            chmod -R 700 /data/git/.ssh
-            [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
 
             # prepare temp directory structure
-            mkdir -p "${GITEA_TEMP}"
+            mkdir -pv "${GITEA_TEMP}"
-            chmod ug+rwx "${GITEA_TEMP}"
+            chmod -v ug+rwx "${GITEA_TEMP}"
   - it: adds gpg script block for enabled signing
     set:
       signing.enabled: true
@@ -51,20 +49,18 @@ tests:
             #!/usr/bin/env bash
 
             set -euo pipefail
-
+            mkdir -pv /data/git/.ssh
-            set -x
+            chmod -Rv 700 /data/git/.ssh
-            mkdir -p /data/git/.ssh
+            [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
-            chmod -R 700 /data/git/.ssh
-            [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
 
             # prepare temp directory structure
-            mkdir -p "${GITEA_TEMP}"
+            mkdir -pv "${GITEA_TEMP}"
-            chmod ug+rwx "${GITEA_TEMP}"
+            chmod -v ug+rwx "${GITEA_TEMP}"
 
             if [ ! -d "${GNUPGHOME}" ]; then
-              mkdir -p "${GNUPGHOME}"
+              mkdir -pv "${GNUPGHOME}"
-              chmod 700 "${GNUPGHOME}"
+              chmod -v 700 "${GNUPGHOME}"
-              chown 1000:1000 "${GNUPGHOME}"
+              chown -v 1000:1000 "${GNUPGHOME}"
             fi
   - it: it does not chown /data even when image.fullOverride is set
     template: templates/gitea/init.yaml
@@ -77,12 +73,10 @@ tests:
             #!/usr/bin/env bash
 
             set -euo pipefail
-
+            mkdir -pv /data/git/.ssh
-            set -x
+            chmod -Rv 700 /data/git/.ssh
-            mkdir -p /data/git/.ssh
+            [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
-            chmod -R 700 /data/git/.ssh
-            [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
 
             # prepare temp directory structure
-            mkdir -p "${GITEA_TEMP}"
+            mkdir -pv "${GITEA_TEMP}"
-            chmod ug+rwx "${GITEA_TEMP}"
+            chmod -v ug+rwx "${GITEA_TEMP}"

unittests/init/init_directory_structure.sh.yaml

@@ -31,17 +31,15 @@ tests:
             #!/usr/bin/env bash
 
             set -euo pipefail
-
+            chown -v 1000:1000 /data
-            set -x
+            mkdir -pv /data/git/.ssh
-            chown 1000:1000 /data
+            chmod -Rv 700 /data/git/.ssh
-            mkdir -p /data/git/.ssh
+            [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
-            chmod -R 700 /data/git/.ssh
-            [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
 
             # prepare temp directory structure
-            mkdir -p "${GITEA_TEMP}"
+            mkdir -pv "${GITEA_TEMP}"
-            chown 1000:1000 "${GITEA_TEMP}"
+            chown -v 1000:1000 "${GITEA_TEMP}"
-            chmod ug+rwx "${GITEA_TEMP}"
+            chmod -v ug+rwx "${GITEA_TEMP}"
   - it: adds gpg script block for enabled signing
     set:
       image.rootless: false
@@ -57,20 +55,18 @@ tests:
             #!/usr/bin/env bash
 
             set -euo pipefail
-
+            chown -v 1000:1000 /data
-            set -x
+            mkdir -pv /data/git/.ssh
-            chown 1000:1000 /data
+            chmod -Rv 700 /data/git/.ssh
-            mkdir -p /data/git/.ssh
+            [ ! -d /data/gitea/conf ] && mkdir -pv /data/gitea/conf
-            chmod -R 700 /data/git/.ssh
-            [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
 
             # prepare temp directory structure
-            mkdir -p "${GITEA_TEMP}"
+            mkdir -pv "${GITEA_TEMP}"
-            chown 1000:1000 "${GITEA_TEMP}"
+            chown -v 1000:1000 "${GITEA_TEMP}"
-            chmod ug+rwx "${GITEA_TEMP}"
+            chmod -v ug+rwx "${GITEA_TEMP}"
 
             if [ ! -d "${GNUPGHOME}" ]; then
-              mkdir -p "${GNUPGHOME}"
+              mkdir -pv "${GNUPGHOME}"
-              chmod 700 "${GNUPGHOME}"
+              chmod -v 700 "${GNUPGHOME}"
-              chown 1000:1000 "${GNUPGHOME}"
+              chown -v 1000:1000 "${GNUPGHOME}"
             fi

unittests/servicemonitor/basic.yaml

@@ -0,0 +1,89 @@
+suite: ServiceMonitor template (basic)
+release:
+  name: gitea-unittests
+  namespace: testing
+templates:
+  - templates/gitea/servicemonitor.yaml
+tests:
+  - it: skips rendering by default
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: renders default ServiceMonitor object with gitea.metrics.enabled=true
+    set:
+      gitea.metrics.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: renders default ServiceMonitor object with gitea.metrics.serviceMonitor.enabled=true
+    set:
+      gitea.metrics.serviceMonitor.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: renders defaults
+    set:
+      gitea.metrics.enabled: true
+      gitea.metrics.serviceMonitor.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - containsDocument:
+          kind: ServiceMonitor
+          apiVersion: monitoring.coreos.com/v1
+          name: gitea-unittests
+      - notExists:
+          path: metadata.annotations
+      - notExists:
+          path: spec.endpoints[0].interval
+      - equal:
+          path: spec.endpoints[0].port
+          value: http
+      - notExists:
+          path: spec.endpoints[0].scheme
+      - notExists:
+          path: spec.endpoints[0].scrapeTimeout
+      - notExists:
+          path: spec.endpoints[0].tlsConfig
+  - it: renders custom scrape interval
+    set:
+      gitea.metrics.enabled: true
+      gitea.metrics.serviceMonitor.enabled: true
+      gitea.metrics.serviceMonitor.interval: 30s
+      gitea.metrics.serviceMonitor.scrapeTimeout: 5s
+    asserts:
+      - equal:
+          path: spec.endpoints[0].interval
+          value: 30s
+      - equal:
+          path: spec.endpoints[0].scrapeTimeout
+          value: 5s
+  - it: renders custom tls config
+    set:
+      gitea.metrics.enabled: true
+      gitea.metrics.serviceMonitor.enabled: true
+      gitea.metrics.serviceMonitor.scheme: https
+      gitea.metrics.serviceMonitor.tlsConfig.caFile: /etc/prometheus/tls/ca.crt
+      gitea.metrics.serviceMonitor.tlsConfig.certFile: /etc/prometheus/tls/tls.crt
+      gitea.metrics.serviceMonitor.tlsConfig.keyFile: /etc/prometheus/tls/tls.key
+      gitea.metrics.serviceMonitor.tlsConfig.insecureSkipVerify: false
+      gitea.metrics.serviceMonitor.tlsConfig.serverName: gitea-unittest
+    asserts:
+      - equal:
+          path: spec.endpoints[0].scheme
+          value: https
+      - equal:
+          path: spec.endpoints[0].tlsConfig.caFile
+          value: /etc/prometheus/tls/ca.crt
+      - equal:
+          path: spec.endpoints[0].tlsConfig.certFile
+          value: /etc/prometheus/tls/tls.crt
+      - equal:
+          path: spec.endpoints[0].tlsConfig.keyFile
+          value: /etc/prometheus/tls/tls.key
+      - equal:
+          path: spec.endpoints[0].tlsConfig.insecureSkipVerify
+          value: false
+      - equal:
+          path: spec.endpoints[0].tlsConfig.serverName
+          value: gitea-unittest

values.yaml

@@ -107,6 +107,7 @@ service:
   ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
   ## @param service.http.annotations HTTP service annotations
   ## @param service.http.labels HTTP service additional labels
+  ## @param service.http.loadBalancerClass Loadbalancer class
   http:
     type: ClusterIP
     port: 3000
@@ -120,6 +121,7 @@ service:
     loadBalancerSourceRanges: []
     annotations: {}
     labels: {}
+    loadBalancerClass:
   ## @param service.ssh.type Kubernetes service type for ssh traffic
   ## @param service.ssh.port Port number for ssh traffic
   ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
@@ -133,6 +135,7 @@ service:
   ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
   ## @param service.ssh.annotations SSH service annotations
   ## @param service.ssh.labels SSH service additional labels
+  ## @param service.ssh.loadBalancerClass Loadbalancer class
   ssh:
     type: ClusterIP
     port: 22
@@ -147,6 +150,7 @@ service:
     loadBalancerSourceRanges: []
     annotations: {}
     labels: {}
+    loadBalancerClass:
 
 ## @section Ingress
 ## @param ingress.enabled Enable ingress
@@ -352,13 +356,23 @@ gitea:
     passwordMode: keepUpdated
 
   ## @param gitea.metrics.enabled Enable Gitea metrics
-  ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
+  ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally.
+  ## @param gitea.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
+  ## @param gitea.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
+  ## @param gitea.metrics.serviceMonitor.scheme HTTP scheme to use for scraping. For example `http` or `https`. Default is http.
+  ## @param gitea.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended. If not specified, global Prometheus scrape timeout is used.
+  ## @param gitea.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
   metrics:
     enabled: false
     serviceMonitor:
       enabled: false
       #  additionalLabels:
       #    prometheus-release: prom1
+      interval: ""
+      relabelings: []
+      scheme: ""
+      scrapeTimeout: ""
+      tlsConfig: {}
 
   ## @param gitea.ldap LDAP configuration
   ldap:
@@ -484,6 +498,8 @@ gitea:
 
 ## @section redis-cluster
 ## @param redis-cluster.enabled Enable redis cluster
+# ⚠️ The redis charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
+# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
 ## @param redis-cluster.usePassword Whether to use password authentication
 ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes
 ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas
@@ -500,6 +516,8 @@ redis-cluster:
 ## @section redis
 ## @param redis.enabled Enable redis standalone or replicated
 ## @param redis.architecture Whether to use standalone or replication
+# ⚠️ The redis charts do not work well with special characters in the password (<https://gitea.com/gitea/helm-chart/issues/690>).
+# Consider omitting such or open an issue in the Bitnami repo and let us know once this got fixed.
 ## @param redis.global.redis.password Required password
 ## @param redis.master.count Number of Redis master instances to deploy
 ## @descriptionStart
@@ -525,7 +543,7 @@ redis:
 ## @param postgresql-ha.postgresql.postgresPassword postgres Password
 ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
 ## @param postgresql-ha.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
-## @param postgresql-ha.primary.persistence.size PVC Storage Request for PostgreSQL HA volume
+## @param postgresql-ha.persistence.size PVC Storage Request for PostgreSQL HA volume
 postgresql-ha:
   global:
     postgresql:
@@ -542,7 +560,6 @@ postgresql-ha:
   service:
     ports:
       postgresql: 5432
-  primary:
   persistence:
     size: 10Gi