The following pull request removes the `gitea` directory. With regard to
maintaining act_runners in a separate git repository or helm chart, this
additional directory becomes redundant.
The following patch adds support for network policies.
The patch does not contain any specific network policies, as it is uncertain in which environment and with which access rights gitea will be deployed.
With regard to third-party components such as PostgreSQL or Valkey, the network policy may need to be adjusted. Whether this happens directly in the helm chart or whether the user has to enter it themselves is open to discussion.
During testing, I defined a few sample network policies to get Gitea up and running. These are only examples.
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/952
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>
The following patch intoduce the dictionaries pre and postExtraInitContainers.
The dictionaries can be used to specify further initContainers before and after
the gitea initializing process. For example:
```yaml
postExtraInitContainers:
- name: foo
image: docker.io/library/busybox:latest
preExtraInitContainers:
- name: bar
image: docker.io/library/busybox:latest
```
#916
After many years of maintaining this chart alongside @justusbunsi, I am also stepping down as a maintainer.
In the following, I want to inform users about the reasons.
I am on an independent journey since ~ 1 year, which brought many new challenges and responsibilities.
Since then I have created many devops-related assets (charts, Ansible role, images) which I am now curating as part of my professional work.
Besides, I have also continued with all my FOSS-related efforts. This has summed up to ~ 20-30 projects for which I am either in a primary or secondary maintainer role.
While I have a lot of fun in this, I need to ensure to not go beyond my limits and focus on the ones which I also use in my daily dev & professional life.
Gitea isn't among these anymore since some time, which brings me to the second part of why I am stepping down:
After thinking about it for a long time and being torn between worlds, I've decided to go with Forgejo instead of Gitea for most instances I am running/maintaining.
Since then, I have used the Gitea helm chart to deploy these. This has worked out great and without issues and will likely continue to do so for the foreseeable future.
However, it lately started to feel "wrong", i.e. to continue using the Gitea chart for Forgejo deployments, especially after both projects have substantially diverged some time ago already and a Forgejo Helm Chart exists since some time. Also, I had the feeling of not being able to "commit" to one of the projects fully, being involved in both.
After launching [CodeFloe](https://codefloe.com) a few weeks ago, a public Forgejo instance, I came to the conclusion to step down as a maintainer and focus on the software that I use daily.
And as I like be fully transparent: I don't wanna hold back on the fact that I was also missing the community spirit from "the old days" quite a bit lately, both in the Discord server and the discussions in the chart. The ratio of low-quality requests in the Chart increased a lot over the last ~ 1.5 years, while at the same time the average response times of Gitea core member increased to weeks.
I hope the Gitea community can turn this around again and create a welcoming place to which its fun to contribute to in one's spare time. I enjoyed it for the most part and want to thank everyone who supported me during this time, for the general trust in Chart-related decisions, and the opportunity to personally improve on Helm chart management in general.
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/918
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
This is a direct follow-up to https://gitea.com/gitea/helm-gitea/issues/916.
Over the past months I took an unofficial break. During this time I realized that I don't have the necessary energy and spare time to maintain the Helm Chart long-term - in a way I would like to. Before that break I had ups where I was hyper-focused on the chart, and downs where everything was too much after work. I never found a sweat spot between both. This is not good for me. It is therefore with a heavy heart that I am stepping down as a maintainer.
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/917
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
<!-- Describe the scope of your change - i.e. what the change does. -->
Fix broken docs links. 😉
### Benefits
<!-- What benefits will be realized by the code change? -->
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- none
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
regression of #775
### ⚠ BREAKING
<!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [ ] Breaking changes are documented in the `README.md`
- [ ] Helm templating unittests are added (required when changing anything in `templates` folder)
- [ ] Bash unittests are added (required when changing anything in `scripts` folder)
- [ ] All added template resources MUST render a namespace in metadata
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/904
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
### Add new 'srCheckPassword' postgresql-ha value to support new postgresql-ha stream replication check requirements
Per Bitnami's [documentation](https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha#to-1600), a new 'sr_check_user' now exists for the purpose of pgpool preforming stream replication checking.
### Benefits
This change allows customizing that role's password by overriding Bitnami's chart value.
### Possible drawbacks
None that I'm aware of.
### Applicable issues
- Fixes#888
### Additional information
Per #888, the Bitnami PR where customizable stream reapplication check credentials were introduced is https://github.com/bitnami/charts/pull/33552
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Helm templating unittests are added (required when changing anything in `templates` folder)
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/894
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Jade Deane <jade.deane@gmail.com>
Co-committed-by: Jade Deane <jade.deane@gmail.com>
For rootful Gitea images, the built-in OpenSSH server is reused, and Gitea itself does not listen on any SSH port. Therefore, the `SSH_LISTEN_PORT` setting has no effect. Explicitly setting `START_SSH_SERVER` helps avoid confusion and makes the behavior clearer.
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/876
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-committed-by: Lunny Xiao <xiaolunwen@gmail.com>
The following PR add the annotation 'artifacthub.io/changes'. For each semantic
commit will be the annotation extended. Further information can be found in the
documentation of
[Artifacthub.io](https://artifacthub.io/docs/topics/annotations/helm/#supported-annotations).
The CI has been adapted. The binary jq as well as yq in >= v4.0 is required.
Otherwise will not be concatenated the YAML file correctly via the yq expression,
because the `loadstr()` expression is not available in lower versions.
Additionally the relation between the semantic commit and the Artifacthub.io
change log type should be clarified. The current relationshiop can be adapted if
needed.
Furthermore, yq will be installed as part of the CI steps. It would be great if
yq is also available as deb package in >=v4.0. This would reduce the boiler
plate to install yq and maintain the version via renovate.
Regarding the renovate expression. In my environment works this expression, but
I don't know if it also works in this gitea/renovate instance.
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/881
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>
Following the creation of the changelog via `git-sv`, the release process can also be simplified.
The new approach only requires to call `git sv tag` from a Maintainer with write access to the repo.
This will create and push the tag.
The release notes and subsequent Gitea release will then be created by the new workflow job.
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/865
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
### Description of the change
Redesigned ingress configuration to align better with implicit best practices.
### Benefits
- Smarter defaults
- More tests
- Remove [deprecated API Versions](extensions/v1beta1) (e.g. `extensions/v1beta1`) and always use `networking.k8s.io/v1`
### Possible drawbacks
Hopefully 🙃 none
### Applicable issues
fix#674
### Additional information
- Define `ingress.annotations` via helpers
- Move tests from `tests/deployment` to `tests/ingress`
- Use own tests file for ingress tpl tests
- Ensure defaults of `path` and `pathType` are always rendered
- Set top-level default value for `ingress. pathType`
- Change default of `ingress.hosts[0].paths` to `[]` to ensure proper rendering via template
### ⚠ BREAKING
I think all of these changes should be backward comp with existing ingress definitions, but surely worth highlighting in the changelog of the release.
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
- [x] Templating unittests are added
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/679
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
Migrates from Redis to Valkey.
### Benefits
The Redis License is changing from BSD-3-Clause to RSALv2 and SSPLv1 which are not open source under the OSI definition. We should consider open-source alternatives as a default replacement for Redis.
### Possible drawbacks
Large scale change, potentially breaking.
### Applicable issues
https://github.com/go-gitea/gitea/issues/32056
### ⚠ BREAKING
Major version change, redis provider changed to valkey.
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Breaking changes are documented in the `README.md`
- [X] Helm templating unittests are added (required when changing anything in `templates` folder)
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/775
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Sean Teo <sawntoe@gmail.com>
Co-committed-by: Sean Teo <sawntoe@gmail.com>
The Renovate config in this repository needs migrating. Typically this is because one or more configuration options you are using have been renamed.
You don't need to merge this PR right away, because Renovate will continue to migrate these fields internally each time it runs. But later some of these fields may be fully deprecated and the migrations removed. So it's a good idea to merge this migration PR soon.
#### [PLEASE NOTE](https://docs.renovatebot.com/configuration-options#configmigration): JSON5 config file migrated! All comments & trailing commas were removed.
🔕 **Ignore**: Close this PR and you won't be reminded about config migration again, but one day your current config may no longer be valid.
❓ Got questions? Does something look wrong to you? Please don't hesitate to [request help here](https://github.com/renovatebot/renovate/discussions).
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/861
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This is @ChristopherHX's PR
### Description of the change
Do not silently ignore actions.enabled set by user.
### Benefits
Everybody who has enabled actions act_runner do not silently end up without runners, but directly see an actionable error message.
### Possible drawbacks
You need to remove the actions section from your own values.yml to upgrade/install this chart.
The Migration Guide has not been written yet, I consider this issue as a community wiki where other maintainers are free to edit my initial post.
### Applicable issues
N/A
### Additional information
I couldn't add helm-gitea as a dependency, because of
- conflict with a7035ca4e5/templates/_helpers.tpl (L223-L230)
with one difference helm-actions did not have the referenced values and failed to render
- after resolving the above by either renaming in the helm-actions chart or removal of this leftover code in helm-gitea
- helm does not allow me to derive dynamic default values for the `actions` section for the subchart
- using yaml anchors only provided default values into helm-actions, without respecting user changes
- I only found a feature request
- It is not feasible for me in short term to add support of this section back using helm-actions
### Checklist
- [X] Helm templating unittests are added (required when changing anything in `templates` folder)
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/849
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com>
Co-committed-by: techknowlogick <techknowlogick@noreply.gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| unittests/bash/test_helper/bats-assert | digest | `e2d855b` -> `0ec504e` |
---
### Configuration
📅 **Schedule**: Branch creation - "* * * * 0,6" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOTAuMCIsInVwZGF0ZWRJblZlciI6IjM5LjE5MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJraW5kL2RlcGVuZGVuY3kiXX0=-->
Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/826
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
https://github.com/thegeeklab/git-sv
- Creates a changelog from conventional commits
- Updates the changelog in an static issue (creates the issue if missing)
- Only runs after a new commit was merged into `main`
- Automatically determines the next version based on conv commits logic
- Follows up on #788
---
The logic can also be used to create the release notes on `tag` events and the subsequent Gitea release. Didn't wanted to add all at once, though.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/794
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
The example of my latest PR based on a cpu resource limit of `100m`. But as the article describes, a cpu limit of lower than `1000m` or `1` can also lead to cpu throttling.
I've updates the README, to be correct and inform the user to take care of a correct cpu resource limit.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/795
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Markus Pesch <markus.pesch@cryptic.systems>
Co-committed-by: Markus Pesch <markus.pesch@cryptic.systems>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| unittests/bash/bats | digest | `b640ec3` -> `7ca23b1` |
---
### Configuration
📅 **Schedule**: Branch creation - "* * * * 0,6" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS43NS4xIiwidXBkYXRlZEluVmVyIjoiMzkuMTE4LjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImtpbmQvZGVwZW5kZW5jeSJdfQ==-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/754
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
### Description of the change
In the act_runner StatefulSet, this allows to mount volumes.
### Benefits
It allows to mount some volumes in any of the two containers, e.g. certificates for a private registry.
### Possible drawbacks
I can't think of any.
### Applicable issues
- Fixes#744
### Checklist
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Helm templating unittests are added (required when changing anything in `templates` folder)
Co-authored-by: Xav <grandmou@protonmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/756
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: grandmou <grandmou@noreply.gitea.com>
Co-committed-by: grandmou <grandmou@noreply.gitea.com>
### Description of the change
This adds an environment for unit testing our bash scripts, using [BATS](https://github.com/bats-core/bats-core).
It implements first tests for `config_environment.sh`.
### Benefits
Writing unit tests for bash scripts documents the expected behavior and allows it being a quality gate in our CI.
### Possible drawbacks
Not everyone is familiar with this approach and unit testing framework. Me neither, it took me some hours to get into it.
### Applicable issues
- Related to #691 where an issue in `config_environment.sh` was detected. It doesn't fixes it yet. This will be a dedicated Pull Request.
### Additional information
I've verified that the changes for Renovate are indeed working.
You may wonder why there is only one `run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh` and many `run execute_test_script` calls.
Usually, testing a script itself would be executing `run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh`. You then can assert the exit code and other things. Since the `config_environment.sh` exports environment variables and we are not able to access them from outside a `run` execution, the function `execute_test_script` wraps our script execution between environment comparison. Doing so allows us capture environment variables that were added/removed during script execution.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/724
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
### Description of the change
This is a preparation for #724 (bash script testing) which would be too complex to review if done there. I haven't changed the script contents.
### Benefits
Better IDE support, possibility for shell checks, tests.
### Possible drawbacks
-
### Additional information
I only extracted files that are native bash scripts. There are others, being a mix of Helm templating and shell scripts. Those scripts must be cleared first before extracting them as well.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/751
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
### Description of the change
This addresses 2 bugs regarding configured runner labels:
- `Cannot find: node in PATH` due to a default label that matches the runner host, not the docker-in-docker environment
- After changing the runner config, users have to manually replace the StatefulSet Pod of the runner
### Benefits
- Out-of-the-box functioning node environment
- Auto-updated runner config on changes in values
### Applicable issues
- fixes https://gitea.com/gitea/helm-chart/issues/728
- fixes https://gitea.com/gitea/helm-chart/issues/725
### Additional information
With removing the default labels from `values.yaml`, the act runner defaults will be used for new runners which fixes the "missing node" issue.
I had issues replacing the labels once the Chart defaults were used, so users might have to replace their runner manually if this is an issue.
### Checklist
- [x] Templating unittests are added
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/739
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
### Benefits
Can protect metrics endpoint with `Bearer` token authentication provided by gitea.
see PR #637 for previous discussion.
### Possible drawbacks
No possible drawbacks
### Applicable issues
- fixes#635
### Additional information
```
gitea:
metrics:
enabled: true
token: "somepassword"
serviceMonitor:
enabled: true
```
Using above configuration is sufficient to secure /metrics endpoint with bearer token and corresponding ServiceMonitor.
### Checklist
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [ ] ~~Breaking changes are documented in the `README.md`~~ Not applicable
- [x] Templating unittests are added
Signed-off-by: Hitesh Nayak <hiteshnayak305@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/719
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: Hitesh Nayak <hiteshnayak305@gmail.com>
Co-committed-by: Hitesh Nayak <hiteshnayak305@gmail.com>
When the _init-directories_ container runs, the shell script _init_directory_structure.sh_ logs to _stderr_ because debugging is enabled with _set -x_. The output from the script, should be logged to _stdout_ instead. The issue is discussed here: https://gitea.com/gitea/helm-chart/issues/701
### Description of the change
This PR uses the _verbose_ flag with all commands in the script to log what the script is doing.
### Benefits
Log entries with incorrect severity _ERROR_ will no longer be logged in _Kubernetes_.
### Possible drawbacks
Log output will change. If someone had a check for certain log entries from the _init container_, that check would break.
### Checklist
Updated unit tests.
Co-authored-by: tobias.petersen <tobias.petersen@unity3d.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/708
Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.com>
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: tobiasbp <tobiasbp@noreply.gitea.com>
Co-committed-by: tobiasbp <tobiasbp@noreply.gitea.com>
### Description of the change
Introduce `service.{http,ssh}.loadBalancerClass`
### Benefits
Feature was not supported before. This is required if your cluster has multiple loadBalancer options and you want to select one
### Possible drawbacks
More yaml.
### Checklist
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Templating unittests are added
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/640
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Karitham <kar@karitham.dev>
Co-committed-by: Karitham <kar@karitham.dev>
Right now, the generated `.prov` file is not uploaded along with the actual `.tgz` file. This makes it impossible to verify our Helm Charts.
In addition, we only sign the old-fashioned `.tgz` file, not the OCI-based releases on DockerHub.
The incentive to do this very commit is an expired GPG key that prevents our release.
Signed-off-by: justusbunsi <sk.bunsenbrenner@gmail.com>
### Description of the change
This enables sane modes for forcing reset, as well as providing more options to users of the chart by giving them the flexibility to set the mode for password creation/modification as part of init whether the user exists or not.
### Benefits
The new default should revert to the behavior before #673 became an issue, while also providing more flexibility for users who want to be able to manage their initial admin user password out-of-band after creating it the first time.
### Possible drawbacks
None that I can think of.
### Applicable issues
- fixes#673
### Additional information
See the discussion in #675 as well
### Checklist
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/677
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: James Harmison <jharmison@gmail.com>
Co-committed-by: James Harmison <jharmison@gmail.com>
### Description of the change
Adding support for DRY principle (via use of the TPL function) to the PVC storage class and the ingress class
### Benefits
It allows to reference a variable into another one to avoid duplicating them (or using YAML anchors).
It is useful and valuable when including Gitea into an umbrella chart with multiple components and to have a single variable while the components variable only refer to that single one.
Example 1
```
global:
persistence:
storageClass: "storage-class"
persistence:
storageClass: "{{ .Values.global.persistence.storageClass }}"
```
This results in having `spec.storageClassName` equal to `storage-class` in the PVC object
Example 2
```
global:
ingress:
className: "ingress-class"
ingress:
className: "{{ .Values.global.ingress.className}}"
```
This results in having `spec.ingressClassName` equal to `ingress-class` in the Ingress object
### Possible drawbacks
N/A
### Checklist
- [X] Templating unittests are added
Co-authored-by: 212597596 <cedric.henry@ge.com>
Co-authored-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/664
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Ceddaerrix <ceddaerrix@noreply.gitea.com>
Co-committed-by: Ceddaerrix <ceddaerrix@noreply.gitea.com>
@justusbunsi
I've been running 1.22 with this chart on some clusters for some days now without issues.
I think no further adjustments are needed on the chart side.
Maybe we can get some of the other open PRs in?
Also: Let me know if you want to do the release this time - I did a lot lately, happy to let you have a go for this one :)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/662
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [redis-cluster](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/redis-cluster)) | major | `9.8.1` -> `10.0.1` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNDYuMSIsInVwZGF0ZWRJblZlciI6IjM3LjI3OS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/629
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | major | `14.3.3` -> `15.2.5` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjYuMCIsInVwZGF0ZWRJblZlciI6IjM3LjI4MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/634
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | patch | `14.0.0` -> `14.0.2` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNzkuMyIsInVwZGF0ZWRJblZlciI6IjM3LjI3OS4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJraW5kL2RlcGVuZGVuY3kiXX0=-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/638
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | major | `13.6.1` -> `14.0.0` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNDYuMSIsInVwZGF0ZWRJblZlciI6IjM3LjI0Ni4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/628
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
The current README content is a result of running markdownlint with simple fixes enabled.
It shouldn't fix _any_ issues, even after generating the parameter section.
Unfortunately, this is not the case right now.
This resolves the long-running dispute of both tools. 😉
---
Since I already modified the `values.yaml`, I decided to include a change regarding code signing.
Otherwise, it may confuse users after merging #596.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/627
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | major | `12.8.2` -> `13.4.5` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMjIuMyIsInVwZGF0ZWRJblZlciI6IjM3LjIyNC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/624
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | major | `13.4.6` -> `14.2.3` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMjIuMyIsInVwZGF0ZWRJblZlciI6IjM3LjIyMi4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/622
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [redis-cluster](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/redis-cluster)) | minor | `9.5.20` -> `9.6.2` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMTAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIxMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/617
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | action | major | `v5` -> `v6` |
---
### Release Notes
<details>
<summary>crazy-max/ghaction-import-gpg (crazy-max/ghaction-import-gpg)</summary>
### [`v6`](https://github.com/crazy-max/ghaction-import-gpg/compare/v5...v6)
[Compare Source](https://github.com/crazy-max/ghaction-import-gpg/compare/v5...v6)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMTIuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIxMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/620
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
Hi,
In reference to #580
I noticed that one cannot apply labels to the created PVC with persistance.labels.
The label statement is missing in the template.
best regards,
Oliver.
**helm-chart/templates/gitea/pvc.yaml:**
```
{{- if and .Values.persistence.enabled .Values.persistence.create }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.persistence.claimName }}
namespace: {{ $.Release.Namespace }}
annotations:
{{ .Values.persistence.annotations | toYaml | indent 4}}
spec:
...
```
**values.yaml:**
```
persistence:
## @param primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC
##
enabled: true
## @param primary.persistence.existingClaim Name of an existing PVC to use
##
existingClaim: ""
## @param primary.persistence.mountPath The path the volume will be mounted at
## Note: useful when using custom PostgreSQL images
##
mountPath: /bitnami/postgresql
## @param primary.persistence.subPath The subdirectory of the volume to mount to
## Useful in dev environments and one PV for multiple services
##
subPath: ""
## @param primary.persistence.storageClass PVC Storage Class for PostgreSQL Primary data volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param primary.persistence.accessModes PVC Access Mode for PostgreSQL volume
##
accessModes:
- ReadWriteOnce
## @param primary.persistence.size PVC Storage Request for PostgreSQL volume
##
size: 8Gi
## @param primary.persistence.annotations Annotations for the PVC
##
annotations: {}
## @param primary.persistence.labels Labels for the PVC
##
labels: {}
```
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
Co-authored-by: pat-s <pat-s@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/581
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Oliver Fueckert <oliver@cubinet.de>
Co-committed-by: Oliver Fueckert <oliver@cubinet.de>
### Description of the change
The change allows users of this chart to specify custom labels for the HTTP & SSH Services that get deployed. They are optional and if given are added to the standard list of labels.
### Benefits
Certain use cases require labelling services to be able to select them in other places. Specifiying them directly in the helm chart avoids having to label by hand everytime.
Concrete Use Case Example: Cilium Layer 2 Announcements require selecting services to announce via labels (see [docs](https://docs.cilium.io/en/stable/network/l2-announcements/#service-selector)). I would like to add a label to the SSH service, but not the HTTP Service (which is handled via an ingress).
### Possible drawbacks
I don't see any, using this feature is optional :)
### Checklist
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Breaking changes are documented in the `README.md`
- [X] Templating unittests are added
Co-authored-by: Remo Geissbühler <git@remogeissbuehler.ch>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/597
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: remogeissbuehler <remogeissbuehler@noreply.gitea.com>
Co-committed-by: remogeissbuehler <remogeissbuehler@noreply.gitea.com>
### Description of the change
With https://github.com/go-gitea/gitea/pull/28390, Gitea 1.21.2 introduced warning log output within the result of `gitea admin <subcommand>` and therefore affects the current provisioning script.
That script previously assumed a clean result set and was therefore doomed to fail at _some_ point.
This introduces output sanitizing to trim such logs above the actual result table.
### Applicable issues
- fixes#589
### Additional information
The non-sanitized output were only an issue for admin account provisioning, and only when the username matched one of these words (in case of #589 it was `gitea`):
```text
.../setting/security.go:168:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.
```
LDAP and OAuth sources were not affected by this particular log line, but also processed non-sanitized result sets. Changing their code is a precaution.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/590
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
### Description of the change
Add config fallbacks for `session`, `cache` and `queue` including tests.
### Benefits
If users disable the default `redis-cluster` sub-chart dependency, this will configure the respective sections to use the Gitea defaults as listed in https://docs.gitea.com/next/administration/config-cheat-sheet.
### Possible drawbacks
Users will run on non-optimal settings for production without knowing their config.
### Applicable issues
- fixes#584#573#489#476#468#453
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
- [x] Templating unittests are added
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/585
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | major | `12.12.10` -> `13.2.24` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS40IiwidXBkYXRlZEluVmVyIjoiMzcuODMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/579
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql-ha](https://github.com/bitnami/charts) ([source](https://github.com/bitnami/charts/tree/HEAD/bitnami/postgresql-ha)) | major | `11.9.4` -> `12.3.1` |
---
### Configuration
📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy43Ny4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/528
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
While working on #409, I noticed that some unittests contains either
invalid assertion methods (`isNotEmpty`) or invalid properties (`any`)
for a specific assertion method (`notContains`).
As our tests pass - and I have ensured that they can fail - this seems
related to the YAML schema validation in the IDE.
I've noticed that `isNotEmpty` was replaced by `isNotNullOrEmpty`[^1]
in version v0.3.2[^2]. At least from a schema validation point of view.
It is still working. Maybe deprecated? I don't know.
Regarding the `any` property, the documentation seems incorrect. I've
filed a PR for it[^3]. As soon as that PR is merged and released, we
could probably validate the test YAML files in our PR workflow.
Last, since we renovate the used helm-unittest version, we should also
renovate the used YAML schema file.
[^1]: https://github.com/helm-unittest/helm-unittest/pull/139
[^2]: https://github.com/helm-unittest/helm-unittest/releases/tag/v0.3.2
[^3]: https://github.com/helm-unittest/helm-unittest/pull/243
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/570
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
As seen in #507 and #569, there is no guarantee for us that minor
dependency updates are actually minor updates for the dependent
application itself. The Chart version might be minor - and therefore
automatically merged when build is green - but the used Docker image
inside the Chart could still be a major version change.
To effectively prevent such automerge when the application major version
changes, there is now a test file that has the currently used major
versions hard-coded. In case of an actual major bump, this file has to
be adjusted.
Looking at `redis-cluster`, there might be several major Chart versions
with the same major application version.
This PR is related to #409 but does not fully resolve it.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/571
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
### Description of the change
This PR is a continuation of the work done by @dgershman in [534](https://gitea.com/gitea/helm-chart/pulls/534), to allow users to override the image from the default rootless behavior of appending `-rootless` to the end of the image tag.
### Benefits
Allows more flexibility to use externally maintained images that are rootless but don't follow the `-rootless` tag convention.
### Applicable issues
- fixes#532
### Additional information
No breaking changes. This does not affect the `image.rootless` conditional checks or the current behavior if someone still wants to rely on the chart to append `-rootless`.
### Checklist
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
- [x] Templating unittests are added
Co-authored-by: TristanHoladay <40547442+TristanHoladay@users.noreply.github.com>
Co-authored-by: pat-s <pat-s@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/550
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: TristanHoladay <tristanholaday@noreply.gitea.com>
Co-committed-by: TristanHoladay <tristanholaday@noreply.gitea.com>
### Description of the change
This adds a `.vscode` folder with recommended extensions and some useful settings like unittest schema validation.
The `.vscode` folder is already helm ignored during packaging.
### Possible drawbacks
We would have to be careful about PR changes in that directory.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/536
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
### Description of the change
We are affected by a regression of a Helm bug from May 2023. I've tested
the Helm versions 3.13.1, 3.13.0 and 3.12.3. Both 3.13.x are affected.
3.12.3 works. So let's downgrade and drop the docker login in PR builds.
I've also switched the `apt install helm` with an official `alpine/helm`
image I am using at work. Pinning the helm version and receiving updates
helps us identifying such issues in the future.
For the release workflow I was a bit more reluctant with changes, since
I cannot easily test them. That's why I just pinned the Helm version.
Renovate will provide one PR changing both files because it's the same
dependency (alpine/helm) from the same datasource (docker).
https://github.com/helm/helm/issues/12062
### Applicable issues
- implicitly fixes#527
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/535
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
### Description of the change
Introducing `tpl` function on variables related to hostname in `./templates/gitea/ingress.yaml`
### Benefits
The change is intending to support the following syntax in a values.yaml such as:
```
global:
giteaHostName: "gitea.my-org.com"
ingress:
enabled: true
hosts:
- host: "{{ .Values.global.giteaHostName }}"
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls
hosts:
- "{{ .Values.global.giteaHostName }}"
```
### Possible drawbacks
N/A
### Applicable issues
N/A
### Additional information
N/A
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/498
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: Ceddaerrix <ceddaerrix@noreply.gitea.com>
Co-committed-by: Ceddaerrix <ceddaerrix@noreply.gitea.com>
As title. This modification should only apply the minor+patch updates for the helm deps of this chart on a weekly basis. Major updates should still come in with the daily renovate runs.
Automerge is included but won't work as the bot cannot self-approve it's PRs and does not have merge permissions yet.
The only way this might work if we allow the bot to push to a branch only and merge without opening a PR.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/510
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [redis-cluster](https://github.com/bitnami/charts) | major | `8.8.2` -> `9.0.4` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi43OS4xIiwidXBkYXRlZEluVmVyIjoiMzYuODkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/504
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql](https://github.com/bitnami/charts) | patch | `12.10.0` -> `12.10.1` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi43OS4xIiwidXBkYXRlZEluVmVyIjoiMzYuNzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/505
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [redis-cluster](https://github.com/bitnami/charts) | minor | `8.6.9` -> `8.8.2` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi43OS4xIiwidXBkYXRlZEluVmVyIjoiMzYuNzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/503
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | devDependencies | minor | [`^0.35.0` -> `^0.36.0`](https://renovatebot.com/diffs/npm/markdownlint-cli/0.35.0/0.36.0) |
---
### Release Notes
<details>
<summary>igorshubovych/markdownlint-cli (markdownlint-cli)</summary>
### [`v0.36.0`](https://github.com/igorshubovych/markdownlint-cli/releases/tag/v0.36.0): 0.36.0
[Compare Source](https://github.com/igorshubovych/markdownlint-cli/compare/v0.35.0...v0.36.0)
- Update `markdownlint` dependency to `0.30.0`
- Use `micromark` in MD022/MD026/MD032/MD037/MD045/MD051
- Incorporate `micromark-extension-math` for math syntax
- Allow custom rules to override information URL
- Update all dependencies via `Dependabot`
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi43OS4xIiwidXBkYXRlZEluVmVyIjoiMzYuNzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/500
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [postgresql-ha](https://github.com/bitnami/charts) | patch | `11.9.0` -> `11.9.2` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi43OS4xIiwidXBkYXRlZEluVmVyIjoiMzYuNzkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/499
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| postgresql | minor | `12.6.6` -> `12.10.0` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMTguMCIsInVwZGF0ZWRJblZlciI6IjM1LjExOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/495
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| postgresql-ha | minor | `11.7.9` -> `11.9.0` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMTguMCIsInVwZGF0ZWRJblZlciI6IjM1LjExOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Co-authored-by: techknowlogick <techknowlogick@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/496
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
Welcome to [Renovate](https://github.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.
🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.
---
### Detected Package Files
* `values.yaml` (helm-values)
* `Chart.yaml` (helmv3)
* `package.json` (npm)
### What to Expect
With your current configuration, Renovate will create 6 Pull Requests:
<details>
<summary>Update dependency @​bitnami/readme-generator-for-helm to v2.5.1</summary>
- Schedule: ["at any time"]
- Branch name: `renovate/bitnami-readme-generator-for-helm-2.x-lockfile`
- Merge into: `main`
- Upgrade [@bitnami/readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) to `2.5.1`
</details>
<details>
<summary>Update dependency markdownlint-cli to ^0.35.0</summary>
- Schedule: ["at any time"]
- Branch name: `renovate/markdownlint-cli-0.x`
- Merge into: `main`
- Upgrade [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) to `^0.35.0`
</details>
<details>
<summary>Update postgresql Docker tag to v12.10.0</summary>
- Schedule: ["at any time"]
- Branch name: `renovate/postgresql-12.x`
- Merge into: `main`
- Upgrade postgresql to `12.10.0`
</details>
<details>
<summary>Update postgresql-ha Docker tag to v11.9.0</summary>
- Schedule: ["at any time"]
- Branch name: `renovate/postgresql-ha-11.x`
- Merge into: `main`
- Upgrade postgresql-ha to `11.9.0`
</details>
<details>
<summary>Update redis-cluster Docker tag to v8.8.2</summary>
- Schedule: ["at any time"]
- Branch name: `renovate/redis-cluster-8.x`
- Merge into: `main`
- Upgrade redis-cluster to `8.8.2`
</details>
<details>
<summary>Update redis-cluster Docker tag to v9</summary>
- Schedule: ["at any time"]
- Branch name: `renovate/redis-cluster-9.x`
- Merge into: `main`
- Upgrade redis-cluster to `9.0.1`
</details>
<br />
🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for `prhourlylimit` for details.
---
❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section.
If you need any further assistance then you can also [request help here](https://github.com/renovatebot/renovate/discussions).
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/492
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
### Description of the change
Before only `postgresql-ha` was auto-configured WRT to DNS.
### Benefits
Add DNS auto-config for `postgresql` dependency and assert that either `postgresql` or `postgresql-ha` is enabled.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/478
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
### Description of the change
Update default params of chart dependencies. Tested with multiple upgrades and fresh installations.
Using no password auth for redis simplifies things for basic installations. Production installations should properly configure auth as they need it.
### Benefits
To avoid/solve upgrading issues as in #407 and #472
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/473
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
<!-- Describe the scope of your change - i.e. what the change does. -->
remove deployment, `serviceName`
### Benefits
<!-- What benefits will be realized by the code change? -->
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- fixes#466
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
### ⚠ BREAKING
<!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
- [x] Templating unittests are added
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/467
Co-authored-by: yinheli <me@yinheli.com>
Co-committed-by: yinheli <me@yinheli.com>
# Changes
A big shoutout to @luhahn for all his work in #205 which served as the base for this PR.
## Documentation
- [x] After thinking for some time about it, I still prefer the distinct option (as started in #350), i.e. having a standalone "HA" doc under `docs/ha-setup.md` to not have a very long README (which is already quite long).
Most of the information below should go into it with more details and explanations behind all of the individual components.
## Chart deps
~~- Adds `meilisearch` as a chart dependency for a HA-ready issue indexer. Only works with >= Gitea 1.20~~
~~- Adds `redis` as a chart dependency for a HA-ready session and queue store.~~
- Adds `redis-cluster` as a chart dependency for a HA-ready session and queue store (alternative to `redis`). Only works with >= Gitea 1.19.2.
- Removes `memcached` instead of `redis-cluster`
- Add `postgresql-ha` as default DB dep in favor of `postgres`
## Adds smart HA chart logic
The goal is to set smart config values that result in a HA-ready Gitea deployment if `replicaCount` > 1.
- If `replicaCount` > 1,
- `gitea.config.session.PROVIDER` is automatically set to `redis-cluster`
- `gitea.config.indexer.REPO_INDEXER_ENABLED` is automatically set to `false` unless the value is `elasticsearch` or `meilisearch`
- `redis-cluster` is used for `[queue]` and `[cache]` and `[session]`mode or not
Configuration of external instances of `meilisearch` and `minio` are documented in a new markdown doc.
## Deployment vs Statefulset
Given all the discussions about this lately (#428), I think we could use both.
In the end, we do not have the requirement for a sequential pod scale up/scale down as it would happen in statefulsets.
On the other side, we do not have actual stateless pods as we are attaching a RWX to the deployment.
Yet I think because we do not have a leader-election requirement, spawning the pods as a deployment makes "Rolling Updates" easier and also signals users that there is no "leader election" logic and each pod can just be "destroyed" at anytime without causing interruption.
Hence I think we should be able to switch from a statefulset to a deployment, even in the single-replica case.
This change also brought up a templating/linting issue: the definition of `.Values.gitea.config.server.SSH_LISTEN_PORT` in `ssh-svc.yaml` just "luckily" worked so far due to naming-related lint processing. Due to the change from "statefulset" to "deployment", the processing queue changed and caused a failure complaining about `config.server.SSH_LISTEN_PORT` not being defined yet.
The only way I could see to fix this was to "properly" define the value in `values.yaml` instead of conditionally definining it in `helpers.tpl`. Maybe there's a better way?
## Chart PVC Creation
I've adapted the automated PVC creation from another chart to be able to provide the `storageClassName` as I couldn't get dynamic provisioning for EFS going with the current implementation.
In addition the naming and approach within the Gitea chart for PV creation is a bit unusual and aligning it might be beneficial.
A semi-unrelated change which will result in a breaking change for existing users but this PR includes a lot of breaking changes already, so including another one might not make it much worse...
- New `persistence.mount`: whether to mount an existing PVC (via `persistence.existingClaim`
- New `persistence.create`: whether to create a new PVC
## Testing
As this PR does a lot of things, we need proper testing.
The helm chart can be installed from the Git branch via `helm-git` as follows:
```
helm repo add gitea-charts git+https://gitea.com/gitea/helm-chart@/?ref=deployment
helm install gitea --version 0.0.0
```
It is **highly recommended** to test the chart in a dedicated namespace.
I've tested this myself with both `redis` and `redis-cluster` and it seemed to work fine.
I just did some basic operations though and we should do more niche testing before merging.
Examplary `values.yml` for testing (only needs a valid RWX storage class):
<details>
<summary>values.yaml</summary>
```yml
image:
tag: "dev"
PullPolicy: "Always"
rootless: true
replicaCount: 2
persistence:
enabled: true
accessModes:
- ReadWriteMany
storageClass: FIXME
redis-cluster:
enabled: false
global:
redis:
password: gitea
gitea:
config:
indexer:
ISSUE_INDEXER_ENABLED: true
REPO_INDEXER_ENABLED: false
```
</details>
## Preferred setup
The preferred HA setup with respect to performance and stability might currently be as follows:
- Repos: RWX (e.g. EFS or Azurefiles NFS)
- Issue indexer: Meilisearch (HA)
- Session and cache: Redis Cluster (HA)
- Attachments/Avatars: Minio (HA)
This will result in a ~ 10-pod HA setup overall.
All pods have very low resource requests.
fix#98
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/437
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
Add documentation how to add custom themes
### Benefits
<!-- What benefits will be realized by the code change? -->
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- fixes#301
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
- [x] Templating unittests are added
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/460
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
### Description of the change
- Add ToC to README for easier navigation (and add note to `contributing.md`)
- Fix some heading levels in README
- Put upgrading notes into collapsible blocks
- Format `contributing.md` according to MD rules
- Allow `details` and `summary` elements in README
- Allow for longer headings
### Benefits
Better documentation
### Possible drawbacks
None
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/461
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>
### Description of the change
This adds a new values object `serviceAccount`, that allows creating a dedicated ServiceAccount with the Helm Release into the cluster. It supports all common options like labels, annotations, name override (or referring to an externally created ServiceAccount), auto-mount token, image pull secrets.
It supersedes the stale PR #357.
### Benefits
Users can deploy Gitea with more fine-tuned security settings.
### Applicable issues
- related to #448
### Additional information
I've bumped the helm-unittest plugin in the CI build, to be able to use the `exists` and `notExists` feature in the new tests.
### Checklist
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/451
Reviewed-by: pat-s <pat-s@noreply.gitea.com>
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Signed-off-by: Cyril Jouve <jv.cyril@gmail.com>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
<!-- Describe the scope of your change - i.e. what the change does. -->
add a new value `extraDeploy` to add arbitrary resources
inspired by bitnami charts ([example](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml#L58)
### Benefits
<!-- What benefits will be realized by the code change? -->
with the change, I can deploy additional resources and keep them consistent with the chart (reuse macro, same labels, etc)., same workflow (helm upgrade), etc
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/441
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: Cyril Jouve <jv.cyril@gmail.com>
Co-committed-by: Cyril Jouve <jv.cyril@gmail.com>
### Description of the change
Fix a wrong reference to `signing.existingKey`, `signing.existingSecret` was what was meant and what is used in the chart.
### Benefits
Less confusion when trying to use the Helm chart.
### Possible drawbacks
Evangelists of `existingKey` storming the barricades even though `existingKey` is long dead.
### Applicable issues
None, nobody noticed enough to care, apparently.
Co-authored-by: Tobias Wolter <towo@towo.eu>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/415
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: towo <towo@noreply.gitea.io>
Co-committed-by: towo <towo@noreply.gitea.io>
### Description of the change
Corrects the spelling of the word deprecated.
### Benefits
Documentation free of misspelled words is more likely to be viewed as "professional".
### Possible drawbacks
None that I can think of
### Applicable issues
- fixes#393
### Additional information
There may be other misspelled words or incorrectly phrased passages that aren't addressed in this PR.
For reference, see the online dictionary for the correct spelling of deprecated.
https://www.merriam-webster.com/dictionary/deprecated
### Checklist
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Breaking changes are documented in the `README.md`
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/394
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: robv89r <robv8r@noreply.gitea.io>
Co-committed-by: robv89r <robv8r@noreply.gitea.io>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
Exluding non helm chart related files from release artifact
### Benefits
Smaller release artifacts
### Possible drawbacks
Exluded files not visible any within the artifact
### Applicable issues
None
### Additional information
None
### ⚠ BREAKING
None
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
Co-authored-by: Julian Schlarb <js@project-deadline.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/385
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Co-authored-by: JSchlarb <jschlarb@noreply.gitea.io>
Co-committed-by: JSchlarb <jschlarb@noreply.gitea.io>
### Description of the change
This PR adds support for gpg key setup. It allows to pass the gpg private key content inline inside `values.yaml` or refer to an existing secret containing the key content data.
### Benefits
Administrators don't need to manually setup the gpg environment from inside a running container. It also eliminates the breaking change of Gitea 1.17 regarding `[git].HOME` as the `GNUPGHOME` environment variable is used consistently to relocate the `.gnupg` directory to its former location.
### Applicable issues
- fixes#107
### Additional information
This PR add the first unit tests to this Helm Chart, ensuring templating integrity for signing related configuration.
### Checklist
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com>
Co-authored-by: pat-s <pat-s@noreply.gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/343
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
### Description of the change
Checking the existence of the config directory should be done with the directory path itself. Not its parent directory.
This simple fix addresses that by using the config directory for its existence check.
### Benefits
Prior to #337 there was no other way to install this helm chart using the `extraVolumeMounts` setting with these values:
```yaml
replicaCount: %d
extraVolumes:
- name: config-volume
configMap:
name: %s
extraVolumeMounts:
- name: config-volume
mountPath: /data/gitea/templates/custom
```
Without this fix, the Gitea pod would never initialize, and would crashloop with the same error in #296.
### Additional information
Mounting a configMap to `/data/gitea/templates/custom` causes the `/data/gitea` folder to exist even though the `/data/gitea/conf` had not been initialized yet. The initialization script saw that the `/data/gitea` dir existed and exited early without initializing `/data/gitea/conf`.
Co-authored-by: cboin1996 <christianboin@hotmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/310
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: pat-s <pat-s@noreply.gitea.io>
Co-authored-by: cboin1996 <cboin1996@noreply.gitea.io>
Co-committed-by: cboin1996 <cboin1996@noreply.gitea.io>
Description of the change
Mostly, this change just moves the changelog to the bottom of the README which helps new users to see the actual documentation. As the structure for the changes itself is slightly different, there are some changes in wording so that it still makes sense. But mostly structural changes.
The change within the dependency section is due to a broken link since auto-generating the parameters section. Now there are links to every dependency related parameters.
Benefits
It helps us to maintain a clear structure for the README of this project.
Possible drawbacks
Our users are currently trained to look at the top of the document to see the changes. They now have to scroll down or use the quick link from installation section.
Applicable issues
fixes#247
Additional information
Every version section starts with a disclaimer right now. This is duplicated and might hide important text due to its existence. A centralized intruduction at top of the upgrading section tells the reader what to expect from that whole section.
I've also noticed that on ArtifactHub the emotes are not rendered correctly. So I replaced them with the actual ones and reduced their usage. That way it better highlights those parts the reader must not miss.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/331
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
## Context
PR #259 introduced support for running Gitea as a uid different than 1000 (git) or 0 (root).
## Problem
In init_directory_structure.sh, there is a "chown 1000:1000" on /tmp/gitea.
This chown only works when running as root or when the target directory is already owned by uid 1000.
As a result, the init container "init-directories" fails on startup when running Gitea with a uid different from 0 or 1000.
Initially, I worked around it by implementing an "initPreScript". But it would make user's life easier if we can make it work out-of-the-box.
## Resolution
I'm taking model on the chown a few lines above that depends on the value of image.rootless. Since the chown only works on default (root) image and is useless on rootless image, there is no need to run it on rootless image.
Co-authored-by: Nicolas MASSE <nicolas.masse@itix.fr>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/266
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
Co-committed-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
With release 5.0.0 there are so many deprecations and breaking changes
that it is probably a good way to assist the users with values migration
before breaking their environments.
This adds another template file that doesn't render anything but ensures
the removal of dropped or deprecated settings from customized values
files.
For when it is necessary, this check can be disabled via new setting
`checkDeprecation`.
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/269
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources.
These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose
on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps.
- Fixes#243
- Fixes#174
- Fixes#260
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Hello !
I'm using the new Helm chart (5.x) and I really like the new configuration mechanism. 👍
I would like to contribute the following enhancement.
## The problem I want to solve
I'm trying to deploy Gitea in a Kubernetes shared platform and I need to make sure each instance is running as a different user so that in case of container escape, the risk of data leak is minimized.
Additionally, on my platform (OpenShift), arbitrary users (such as uid 1000 for Gitea) are not allowed.
The current helm chart does not allow me to achieve this because:
- the container security context is configurable only for the main container. The security context of init containers cannot be specified.
- a fixed uid is hard coded
- a fixed fs group is hard coded
Also, the securityContext of a pod and the securityContext of a container do not accept the same options.
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#securitycontext-v1-core
## How I'm solving the problem
I split the `securityContext` (values.yaml) in two: `containerSecurityContext` and `podSecurityContext`. The containerSecurityContext applies to all containers (init and main) in order to be consistent with file permissions.
The behavior for existing deployments is unchanged:
- fsGroup 1000 is the default value for the podSecurityContext variable
- the "configure-gitea" init container uses the uid 1000 unless otherwise stated in the containerSecurityContext
- the main container is using the existing securityContext variable when defined in order not to break existing deployments and uses the new containerSecurityContext variable if not.
This approach is well tested: it is used consistently on bitnami's Helm charts.
## How I tested
I tested both root and rootless variants on a Kubernetes 1.22, as well as rootless variant on OpenShift 4.7.
**rootless variant on Kubernetes**:
```yaml
podSecurityContext:
fsGroup: 10001
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
add:
- SYS_CHROOT
privileged: false
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
extraVolumes:
- name: var-lib-gitea
emptyDir: {}
extraVolumeMounts:
- name: var-lib-gitea
readOnly: false
mountPath: "/var/lib/gitea"
```
**rootless variant on OpenShift**:
```yaml
podSecurityContext:
fsGroup: null
containerSecurityContext:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
runAsUser: 1000790000
extraVolumes:
- name: var-lib-gitea
emptyDir: {}
extraVolumeMounts:
- name: var-lib-gitea
readOnly: false
mountPath: "/var/lib/gitea"
```
Let me know if something is unclear.
Co-authored-by: Nicolas MASSE <nicolas.masse@itix.fr>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/259
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-authored-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
Co-committed-by: nmasse-itix <nmasse-itix@noreply.gitea.io>
Currently there are two different styles for defining both ldap and oauth configuration in _values.yaml_ file: `camelCase` and `kebab-case`.
Supporting both styles created multiple regressions in the past.
⚠️ BREAKING ⚠️
---------------
These changes completely remove any support for `kebab-case` notation in _values.yaml_ in favor of `camelCase`. Configuration keys must use `camelCase`.
Only exception are Kubernetes resource keys for annotations or labels.
Fixes: #188
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/196
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
These changes rewrite the init script to be error aware, informative and have a bit more security awareness.
During rewrite several hidden bugs could be identified and fixed, such as:
- LDAP configuration options interpreted by the shell before passed to command
- Finding multiple ldap ids instead of one during lookup when their names are almost identical
e.g. `_my-ldap-auth` and `my-ldap-auth`
- Properly filter auth sources by their types to prevent unintended type converting attempts that fail
In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution.
Helps for: #149
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
The `HOME` path is not persistent when using the rootless image, so the
`.gnupg` folder isn't either. Since the chart always used `/data/...` as
mount point for storage of all kinds, it is a minimal impact to just
relocate the dynamic `$HOME/.gnupg` folder location to the persistent
`/data/git/.gnupg`. This is where the signing keys are stored when
running root based environments. Doing so will
- allow migrations between both image variants
- persist signing keys for rootless environments
Fixes: #155
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/186
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
I've noticed that the commented `securityContext` is not really useable with the rootless image due to different directory structure compared to the default image.
Important for the `readOnlyRootFilesystem` is to declare the `TMPDIR` environment variable, so that the tmp directory (which is readonly in this case) won't be used. Instead, another writeable directory can be used.
Another thing is the explicit hint that all these security options cannot be used with the default (root-based) image, because of its design.
~~Although this PR would fix the referenced issue, I am not totally happy with the current implementation. It would be more straight forward to use the same mount points for both image variants. Unfortunately, this is not possible right now due to hard coded paths in the default (root) image startup scripts.~~
~~Anyone have suggestions on how this could be more simple?~~
-------
**Sum-up:**
As mentioned in Discord, this PR tried to make too many changes. The necessary changes made in 1f331a7e6577fc798196a84a957330aca0d663cd will fix an error that occurs due to restricted access to the `/tmp` directory in a rootless image with all the `securityContext` options enabled.
I also updated the default image to 1.14.2.
Fixes: #158
Co-authored-by: JustusBunsi <sk.bunsenbrenner@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/160
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
This change adds a new value *statefulset.labels* to allow the user to add custom labels to the StatefulSet.
An example of where this could be useful is if gitea's pvc is stored on OpenEBS. With this new option, the user can add the extra *openebs.io/sts-target-affinity* label to specify that the volume target pod should run on the same node as gitea's StatefulSet.
Co-authored-by: Baptiste Covolato <b.covolato@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/130
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Nakrez <nakrez@noreply.gitea.io>
Co-committed-by: Nakrez <nakrez@noreply.gitea.io>
There are currently 2 issues that prevent using this chart to deploy gitea with a SQLite3 database.
1) The value from *gitea.config.database.HOST* is used to set *db.servicename* when all the databases under *gitea.database.buildIn* are not enabled. This causes a type error during the template processing:
`Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:24:20: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:64:31: executing "db.servicename" at <.Values.gitea.config.database.HOST>: wrong type for value; expected string; got interface {}`
2) In *init_gitea.sh*, we use the value *db.servicename* and *db.port* to ping the database. If this database responds to ping, we proceed with the init. The problem here is that *db.port* is not set when all the databases under *gitea.database.buildIn* are disabled. In turn, this raises an error from busybox's *nc*, because no parameter is passed for *PORT*. This causes the init container to go in *CrashLoopBackOff* forever.
The simple fix that is proposed in this PR is to check wether or not *.Values.gitea.config.database.DB_TYPE* is set to determine the value *db.servicename*. If *DB_TYPE* is *'sqlite3'*, leave *db.servicename* empty and use that to bypass the database ping.
Co-authored-by: Baptiste Covolato <b.covolato@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/124
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Co-authored-by: Nakrez <nakrez@noreply.gitea.io>
Co-committed-by: Nakrez <nakrez@noreply.gitea.io>
This pull request adds the `app` and `version` labels that are used by Istio.
> Pods with app and version labels: We recommend adding an explicit app label and version label to the specification of the pods deployed using a Kubernetes Deployment. The app and version labels add contextual information to the metrics and telemetry that Istio collects.
>
> * The app label: Each deployment should have a distinct app label with a meaningful value. The app label is used to add contextual information in distributed tracing.
>
> * The version label: This label indicates the version of the application corresponding to the particular deployment.
From https://istio.io/latest/docs/ops/deployment/requirements/#pod-requirements
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/121
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: lafriks <lafriks@noreply.gitea.io>
Co-authored-by: Starefossen <starefossen@noreply.gitea.io>
Co-committed-by: Starefossen <starefossen@noreply.gitea.io>
This PR adds a few new chart features which adds to the flexibility of the chart.
- allow extra volumes to be mounted (such as secrets): 2f862c5a48
- pass environment variables also to the init-container: 7044049478
- allow a preparation script to be "injected" into the init-container: 6125a69345
As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret:
```
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: gitea-postgres-ssl
data:
postgresql.crt: <base64...>
postgresql.key: <base64...>
root.crt: <base64...>
```
and then mounting this as a volume in Gitea using:
```
extraVolumes:
- name: postgres-ssl-vol
secret:
secretName: gitea-postgres-ssl
extraVolumeMounts:
- name: postgres-ssl-vol
readOnly: true
mountPath: "/pg-ssl"
```
To get the right permissions on the credentials, we'd use the `initPreScript`:
```
initPreScript: |
# copy postgres client and CA cert from mount and
# give proper permissions
mkdir -p /data/git/.postgresql
cp /pg-ssl/* /data/git/.postgresql/
chown -R git:git /data/git/.postgresql/
chmod 400 /data/git/.postgresql/postgresql.key
```
and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container):
```
statefulset:
env:
- name: "PGSSLCERT"
value: "/data/git/.postgresql/postgresql.crt"
- name: "PGSSLKEY"
value: "/data/git/.postgresql/postgresql.key"
- name: "PGSSLROOTCERT"
value: "/data/git/.postgresql/root.crt"
```
Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io>
Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io>
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
-Describe the scope of your change - i.e. what the change does.
-Describe any known limitations with your change.
-Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
<!-- Describe the scope of your change - i.e. what the change does. -->
### Benefits
<!-- What benefits will be realized by the code change? -->
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- Fixes #
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
### ⚠ BREAKING
<!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [ ] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [ ] Breaking changes are documented in the `README.md`
- [ ] Helm templating unittests are added (required when changing anything in `templates` folder)
- [ ] Bash unittests are added (required when changing anything in `scripts` folder)
- [ ] All added template resources MUST render a namespace in metadata
Any type of contribution is welcome; from new features, bug fixes, tests,
refactorings for easier maintainability or documentation improvements.
## Development environment
- [`node`](https://nodejs.org/en/) at least current LTS
- [`helm`](https://helm.sh/docs/intro/install/)
-`make` is optional; you may call the commands directly
When using Visual Studio Code as IDE, a [ready-to-use profile](.vscode/) is available.
## Documentation Requirements
The `README.md` must include all configuration options.
The parameters section is generated by extracting the parameter annotations from the `values.yaml` file, by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm).
If changes were made on configuration options, run `make readme` to update the README file.
The ToC is created via the VSCode [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) extension which can/must also be used used to update it.
## Pull Request Requirements
When submitting or updating a PR:
- make sure it passes CI builds.
- do not make independent changes in one PR.
- try to avoid rebases. They make code reviews for large PRs and comments much harder.
- if applicable, use the PR template for a well-defined PR description.
- clearly mark breaking changes.
- format the PR title following the [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/#specification) schema
## Local development & testing
For local development and testing of pull requests, the following workflow can
be used:
1. Install `minikube` and `helm`.
1. Start a `minikube` cluster via `minikube start`.
1. From the `gitea/helm-gitea` directory execute the following command.
This will install the dependencies listed in `Chart.yml` and deploy the current state of the helm chart found locally.
If you want to test a branch, make sure to switch to the respective branch first.
All components (in-memory DB, volume/asset storage, code indexer) used by Gitea must be deployed in a HA-ready fashion to achieve a full HA-ready Gitea deployment.
The following document explains how to achieve this for all individual components.
The resulting Gitea deployment will consist of ~ 10 pods (depending on the chosen components and their replicas).
One should evaluate upfront whether a HA-deployment is required as switching between HA/non-HA comes with some effort.
For production instances, HA is always recommended to increase uptime and have a frictionless update process.
A general comment about chart dependencies and external services:
Instead of relying on chart dependencies, it is often better to rely on an external, (managed) instances (in-memory database, asset storage provider, database, etc.).
Many cloud providers offer such services, at least for databases or in-memory databases.
They might cost a bit more than using a self-hosted k8s variant but are usually easier to maintain and scale, if needed.
Also they can be centrally managed and are not linked to the Gitea helm chart or namespace.
Please consider using external services before you start with your Gitea HA setup, it will make your life (and the life of the Gitea maintainers) easier.
This helm chart tries to help as much as possible to simplify and assert the provisioning of a HA-ready Gitea instance by implementing smart conditionals if `replicaCount` is set to a value > 1.
Nevertheless, we cannot guarantee for every possible combination of Gitea settings to work together perfectly in a HA setup.
As a general advice, we recommend to have a test environment aside on which to test possible changes/upgrades before applying these to a production installation.
## Requirements for HA
Storage-wise, the HA-Gitea setup requires a RWX file-system which can be shared among the deployment-based replica pods.
In addition, the following components are required for full HA-readiness:
- A HA-ready issue (and optionally code) indexer: `elasticsearch` or `meilisearch`
- A HA-ready external object/asset storage (`minio`) (optional, assets can also be stored on the RWX file-system)
- A HA-ready cache (`valkey-cluster`)
- A HA-ready DB
`postgres.enabled`, which default to `true`, must be set to `false` for a HA setup.
The default `postgres` chart dependency is not HA-ready (there's a dedicated `postgres-ha` chart).
The following sections discuss each of the components in more detail.
Note that for each component discussed, the shown configurations only provides a (working) starting point, not necessarily the most optimal setup.
We try to optimize this document over time as we have gained more experience with HA setups from users.
## Indexers (Issues and code/repo)
The default code indexer `bleve` is not able to allow multiple connections and hence cannot be used in a HA setup.
Alternatives are `elasticsearch` and `meilisearch` (as of >= 1.19.2).
Unless you have an existing `elasticsearch` cluster, we recommend using `meilisearch` as it is faster and requires way less resources.
Unfortunately, `meilisearch` does only support the `ISSUE_INDEXER` and not the `REPO_INDEXER` yet ([tracking issue](https://github.com/go-gitea/gitea/pull/24149)).
This means that the `REPO_INDEXER` must still be disabled for a HA setup right now.
An alternative to the two options above for the `ISSUE_INDEXER` is `"db"`, however we recommend to just go with `meilisearch` in this case and to not bother the DB with indexing.
To configure `meilisearch` within Gitea, do the following:
By default, the `valkey-cluster` chart provisions three standalone master nodes of which each has a single replica.
To reduce the number of pods for a default Gitea deployment, we opted to omit the replicas (`replicas: 0`) by default.
Only the minimum required number of master pods for a functional `valkey-cluster` deployment are provisioned.
For a "proper" `valkey-cluster` setup however, we recommend to set `replicas: 1` and `nodes: 6`.
## Object and asset storage
Object/asset storage refers to the storage of attachments, avatars, LFS files, etc.
While most of these can be stored on the RWX file-system, it is recommended to use an external S3-compatible object storage for such, mainly for performance reasons.
By default the chart provisions a single RWO volume to store everything (repos, avatars, packages, etc.).
This volume cannot be mounted by multiple pods.
Hence, a RWX volume is required and (optionally) an external HA-ready object storage.
> **Note:** Double-check that the file permissions are set correctly on the RWX volume! That is everything should be owned by the `git` user which usually has `uid=1000` and `gid=1000`.
To use `minio` you need to deploy and configure an external `minio` instance yourself and explicitly define the `STORAGE_TYPE` values as shown below.
Note that `MINIO_BUCKET` here is just a name and does not refer to a S3 bucket.
It's the root access point for all objects belonging to the respective application, i.e., to Gitea in this case.
{{- if eq (get .Values.gitea.config.cache "ADAPTER") "memory" -}}
{{- $warnings = append $warnings "Gitea uses 'memory' for caching which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#cache-cache for available options." -}}
{{- end }}
{{- if eq (get .Values.gitea.config.queue "TYPE") "level" -}}
{{- $warnings = append $warnings "Gitea uses 'leveldb' for queue actions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#queue-queue-and-queue for available options." -}}
{{- end }}
{{- if eq (get .Values.gitea.config.session "PROVIDER") "memory" -}}
{{- $warnings = append $warnings "Gitea uses 'memory' for sessions which is not recommended for production use. See https://docs.gitea.com/next/administration/config-cheat-sheet#session-session for available options." -}}
{{printf"gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'".Values.gitea.admin.passwordMode|fail}}
{{- fail "The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9." -}}
{{- /*assert that only one PG dep is enabled */ -}}
{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}}
{{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}}
{{- end }}
{{- /* multiple replicas assertions */ -}}
{{- if gt (.Values.replicaCount | int) 1 -}}
{{- if .Values.gitea.config.cron -}}
{{- if .Values.gitea.config.cron.GIT_GC_REPOS -}}
{{- if eq .Values.gitea.config.cron.GIT_GC_REPOS.ENABLED true -}}
{{fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'." }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
{{- fail "When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany." -}}
{{- end }}
{{- if .Values.gitea.config.indexer -}}
{{- if eq .Values.gitea.config.indexer.ISSUE_INDEXER_TYPE "bleve" -}}
{{- fail "When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)." -}}
{{- end }}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_TYPE -}}
{{- if eq .Values.gitea.config.indexer.REPO_INDEXER_TYPE "bleve" -}}
{{- if .Values.gitea.config.indexer.REPO_INDEXER_ENABLED -}}
{{- if eq .Values.gitea.config.indexer.REPO_INDEXER_ENABLED true -}}
{{- fail "When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled." -}}
{{- fail "`gitea.customLivenessProbe` does no longer exist. Please refer to the changelog and configure `gitea.livenessProbe` instead." -}}
{{- end -}}
{{- if .Values.gitea.customReadinessProbe -}}
{{- fail "`gitea.customReadinessProbe` does no longer exist. Please refer to the changelog and configure `gitea.readinessProbe` instead." -}}
{{- end -}}
{{- if .Values.gitea.customStartupProbe -}}
{{- fail "`gitea.customStartupProbe` does no longer exist. Please refer to the changelog and configure `gitea.startupProbe` instead." -}}
{{- end -}}
{{/* LDAP SOURCES */}}
{{- if kindIs "map" .Values.gitea.ldap -}}
{{- fail "You can configure multiple LDAP sources. Please refer to the changelog and switch `gitea.ldap` from object to array notation." -}}
{{- end -}}
{{/* OAUTH SOURCES */}}
{{- if kindIs "map" .Values.gitea.oauth -}}
{{- fail "You can configure multiple OAuth sources. Please refer to the changelog and switch `gitea.oauth` from object to array notation." -}}
{{- end -}}
{{/* BUILTIN */}}
{{- if .Values.gitea.cache -}}
{{- if .Values.gitea.cache.builtIn -}}
{{- fail "`gitea.cache.builtIn` does no longer exist. Please use `memcached` at root level instead." -}}
{{- end -}}
{{- end -}}
{{- if .Values.gitea.database -}}
{{- if .Values.gitea.database.builtIn -}}
{{- fail "`gitea.database.builtIn` does no longer exist. Builtin databases can be configured inside the dependencies itself. Please refer to the changelog." -}}
- it:fails when trying to configure actions due to removal
set:
actions:
enabled:true
asserts:
- failedTemplate:
errorMessage:The actions sub-chart has been outsourced to a dedicated chart available at https://gitea.com/gitea/helm-actions. For assistance with the migration process, check https://gitea.com/gitea/helm-actions/issues/9.
value:"Z2l0ZWEtcGFzc3dvcmQ="# postgresql-ha.postgresql.password is overwritten by postgresql-ha.global.postgresql.password and should not be referenced here
- it:"[postgresql-ha] pgpool.adminPassword is applied as expected"
- it:fails with multiple replicas and "GIT_GC_REPOS" enabled
template:templates/deployment.yaml
set:
replicaCount:2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
cron:
GIT_GC_REPOS:
ENABLED:true
asserts:
- failedTemplate:
errorMessage:"Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'gitea.config.cron.GIT_GC_REPOS.enabled = false'."
- it:fails with multiple replicas and RWX file system not set
template:templates/deployment.yaml
set:
replicaCount:2
asserts:
- failedTemplate:
errorMessage:"When using multiple replicas, a RWX file system is required and persistence.accessModes[0] must be set to ReadWriteMany."
- it:fails with multiple replicas and bleve issue indexer
template:templates/deployment.yaml
set:
replicaCount:2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
indexer:
ISSUE_INDEXER_TYPE:bleve
asserts:
- failedTemplate:
errorMessage:"When using multiple replicas, the issue indexer (gitea.config.indexer.ISSUE_INDEXER_TYPE) must be set to a HA-ready provider such as 'meilisearch', 'elasticsearch' or 'db' (if the DB is HA-ready)."
- it:fails with multiple replicas and bleve repo indexer
template:templates/deployment.yaml
set:
replicaCount:2
persistence:
accessModes:
- ReadWriteMany
gitea:
config:
indexer:
REPO_INDEXER_TYPE:bleve
REPO_INDEXER_ENABLED:true
asserts:
- failedTemplate:
errorMessage:"When using multiple replicas, the repo indexer (gitea.config.indexer.REPO_INDEXER_TYPE) must be set to 'meilisearch' or 'elasticsearch' or disabled."
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.