bump to 1.19.3 (#443)

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/443
Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.io>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>

.drone.yml

@@ -1,96 +0,0 @@
----
-kind: pipeline
-type: docker
-name: lint
-
-platform:
-  os: linux
-  arch: arm64
-
-steps:
-- name: helm lint
-  pull: always
-  image: alpine:3.17
-  commands:
-  - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-  - helm lint
-
-- name: helm template
-  pull: always
-  image: alpine:3.17
-  commands:
-  - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-  - helm dependency update
-  - helm template --debug gitea-helm .
-
-- name: helm unittests
-  pull: always
-  image: alpine:3.17
-  commands:
-  - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make helm git bash
-  - helm plugin install https://github.com/heyhabito/helm-unittest
-  - helm dependency update
-  - make unittests
-
-- name: verify readme
-  pull: always
-  image: alpine:3.17
-  commands:
-  - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git
-  - make readme
-  - git diff --exit-code --name-only README.md
-
-- name: discord
-  pull: always
-  image: appleboy/drone-discord:1.2.4
-  environment:
-    DISCORD_WEBHOOK_ID:
-      from_secret: discord_webhook_id
-    DISCORD_WEBHOOK_TOKEN:
-      from_secret: discord_webhook_token
-  when:
-    status:
-    - changed
-    - failure
-
-
----
-kind: pipeline
-type: docker
-name: release-version
-
-platform:
-  os: linux
-  arch: arm64
-
-trigger:
-  event:
-  - tag
-
-steps:
-- name: generate-chart
-  pull: always
-  image: alpine:3.17
-  commands:
-    - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm
-    - apk add --no-cache curl
-    - helm dependency update
-    - helm package --version "${DRONE_TAG##v}" ./
-    - mkdir gitea
-    - mv gitea*.tgz gitea/
-    - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml
-    - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
-
-- name: upload-chart
-  pull: always
-  image: plugins/s3:latest
-  settings:
-    bucket: gitea-artifacts
-    endpoint: https://ams3.digitaloceanspaces.com
-    access_key:
-      from_secret: aws_access_key_id
-    secret_key:
-      from_secret: aws_secret_access_key
-    source: gitea/*
-    target: /charts
-    strip_prefix: gitea/

.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = false

.gitea/workflows/release-version.yml

@@ -0,0 +1,42 @@
+name: generate-chart
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  generate-chart-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: install tools
+        run: |
+          apt update -y
+          apt install -y curl
+          curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
+          apt update -y
+          apt install -y python helm python3-pip apt-transport-https
+          pip install awscli
+      - name: package chart
+        run: |
+          helm dependency update
+          helm package --version "${GITHUB_REF#refs/tags/v}" ./
+          mkdir gitea
+          mv gitea*.tgz gitea/
+          curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
+          helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
+      - name: aws credential configure
+        uses: https://github.com/aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+      - name: install aws cli
+        run: |
+          apt update -y &&
+          pip install awscli
+      - name: Copy files to S3 and clear cache
+        run: |
+          aws s3 sync gitea/ s3://${{ secrets.AWS_S3_BUCKET}}/charts/

.gitea/workflows/test-pr.yml

@@ -0,0 +1,36 @@
+name: check-and-test
+
+on:
+  - pull_request
+
+jobs:
+  check-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: install tools
+        run: |
+          apt update -y
+          apt install -y curl make
+          curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | tee /etc/apt/sources.list.d/helm-stable-debian.list
+          apt update -y
+          apt install -y helm python3-pip
+          pip install yamllint
+      - name: dependency update
+        run: helm dependency update
+      - name: lint
+        run: helm lint
+      - name: template
+        run: |
+          helm template --debug gitea-helm .
+      - name: unit tests
+        run: |
+          helm plugin install --version 0.3.1 https://github.com/helm-unittest/helm-unittest
+          make unittests
+      - name: verify readme
+        run: |
+          make readme
+          git diff --exit-code --name-only README.md
+      - name: yaml lint
+        uses: https://github.com/ibiqlik/action-yamllint@v3

.markdownlint.yaml

@@ -131,8 +131,6 @@ MD044:
   names:
     - Gitea
     - PostgreSQL
-  - MariaDB
-  - MySQL
     - Memcached
     - Prometheus
     - Git

.markdownlintignore

@@ -1,3 +1,4 @@
 .gitea/
 node_modules/
 charts/
+Chart.lock

.prettierignore

@@ -0,0 +1 @@
+Chart.lock

.yamllint

@@ -0,0 +1,20 @@
+---
+extends: default
+
+ignore: |
+  .yamllint
+  node_modules
+  templates
+
+
+rules:
+  truthy:
+    allowed-values: ['true', 'false']
+    check-keys: False
+    level: error
+  line-length: disable
+  document-start: disable
+  comments:
+    min-spaces-from-content: 1
+  braces:
+    max-spaces-inside: 2

CONTRIBUTING.md

@@ -14,6 +14,7 @@ When using Visual Studio Code as IDE, following plugins might be useful:
 - [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one)
 - [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint)
 - [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense)
+- [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode)
 
 ## Documentation Requirements
 
@@ -55,7 +56,7 @@ be used:
 
 ```bash
 # install the unittest plugin
-$ helm plugin install https://github.com/heyhabito/helm-unittest
+$ helm plugin install https://github.com/helm-unittest/helm-unittest
 
 # run the unittests
 make unittests

Chart.lock

@@ -1,15 +1,9 @@
 dependencies:
 - name: memcached
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 5.9.0
-- name: mysql
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 6.14.10
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 6.3.14
 - name: postgresql
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 10.3.17
-- name: mariadb
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 9.3.6
-digest: sha256:08f967276fa0c083e9756a974a9791a487a71be0a226dc14351b3e5a2641e8fd
-generated: "2022-06-11T12:18:36.672047+02:00"
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 12.4.1
+digest: sha256:02d4846bf416038a42658dbca8f8001d0e3ce967b00e990048f8d420065c33fd
+generated: "2023-04-28T09:32:05.295167+02:00"

Chart.yaml

@@ -3,7 +3,7 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 1.18.2
+appVersion: 1.19.3
 icon: https://docs.gitea.io/images/gitea.png
 
 keywords:
@@ -28,22 +28,19 @@ maintainers:
     email: lucas.hahn@novum-rgi.de
   - name: Steven Kriegler
     email: sk.bunsenbrenner@gmail.com
+  - name: Patrick Schratz
+    email: patrick.schratz@gmail.com
 
 # Bitnami charts are served from GitHub CDN - See https://github.com/bitnami/charts/issues/10539 for details
 dependencies:
-- name: memcached
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 5.9.0
+  # OCI registry: https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html (2023-01)
+  # Chart release date: 2023-04
+  - name: memcached
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 6.3.14
     condition: memcached.enabled
-- name: mysql
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 6.14.10
-  condition: mysql.enabled
-- name: postgresql
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 10.3.17
+  # Chart release date: 2023-04
+  - name: postgresql
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 12.4.1
     condition: postgresql.enabled
-- name: mariadb
-  repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
-  version: 9.3.6
-  condition: mariadb.enabled

Makefile

@@ -9,4 +9,4 @@ readme: prepare-environment
 
 .PHONY: unittests
 unittests:
-	helm unittest --helm3 --strict -f 'unittests/**/*.yaml' ./
+	helm unittest --strict -f 'unittests/**/*.yaml' ./

README.md

@@ -1,28 +1,39 @@
 # Gitea Helm Chart
 
-[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting
-solution written in Go. It is published under the MIT license.
+[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go.
+It is published under the MIT license.
 
 ## Introduction
 
-This helm chart has taken some inspiration from [jfelten's helm
-chart](https://github.com/jfelten/gitea-helm-chart). But takes a completely
-different approach in providing a database and cache with dependencies.
-Additionally, this chart provides LDAP and admin user configuration with values,
-as well as being deployed as a statefulset to retain stored repositories.
+This helm chart has taken some inspiration from [jfelten's helm chart](https://github.com/jfelten/gitea-helm-chart).
+But takes a completely different approach in providing a database and cache with dependencies.
+Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories.
+
+## Update and versioning policy
+
+The Gitea helm chart versioning does not follow Gitea's versioning.
+The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-chart/releases).
+
+The chart aims to follow Gitea's releases closely.
+There might be times when the chart is behind the latest Gitea release.
+This might be caused by different reasons, most often due to time constraints of the maintainers (remember, all work here is done voluntarily in the spare time of people).
+If you're eager to use the latest Gitea version earlier than this chart catches up, then change the tag in `values.yaml` to the latest Gitea version.
+Note that besides the exact Gitea version one can also use the `:1` tag to automatically follow the latest Gitea version.
+This should be combined with `image.pullPolicy: "Always"`.
+Important: Using the `:1` will also automatically jump to new minor release (e.g. from 1.13 to 1.14) which may eventually cause incompatibilities if major/breaking changes happened between these versions.
+This is due to Gitea not strictly following [semantic versioning](https://semver.org/#summary) as breaking changes do not increase the major version.
+I.e., "minor" version bumps are considered "major".
+Yet most often no issues will be encountered and the chart maintainers aim to communicate early/upfront if this would be the case.
 
 ## Dependencies
 
-Gitea can be run with an external database and cache. This chart provides those
-dependencies, which can be enabled, or disabled via
-configuration.
+Gitea can be run with an external database and cache.
+This chart provides those dependencies, which can be enabled, or disabled via configuration.
 
 Dependencies:
 
 - PostgreSQL ([configuration](#postgresql))
 - Memcached ([configuration](#memcached))
-- MySQL ([configuration](#mysql))
-- MariaDB ([configuration](#mariadb))
 
 ## Installing
 
@@ -32,8 +43,7 @@ helm repo update
 helm install gitea gitea-charts/gitea
 ```
 
-When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom
-of this document for major and breaking changes.
+When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom of this document for major and breaking changes.
 
 ## Prerequisites
 
@@ -45,8 +55,8 @@ of this document for major and breaking changes.
 
 ### Gitea Configuration
 
-Gitea offers lots of configuration options. This is fully described in the
-[Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/).
+Gitea offers lots of configuration options.
+This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/).
 
 ```yaml
 gitea:
@@ -60,18 +70,17 @@ gitea:
 
 ### Default Configuration
 
-This chart will set a few defaults in the Gitea configuration based on the
-service and ingress settings. All defaults can be overwritten in `gitea.config`.
+This chart will set a few defaults in the Gitea configuration based on the service and ingress settings.
+All defaults can be overwritten in `gitea.config`.
 
-INSTALL_LOCK is always set to true, since we want to configure Gitea with this
-helm chart and everything is taken care of.
+INSTALL_LOCK is always set to true, since we want to configure Gitea with this helm chart and everything is taken care of.
 
 _All default settings are made directly in the generated app.ini, not in the Values._
 
 #### Database defaults
 
-If a builtIn database is enabled the database configuration is set
-automatically. For example, PostgreSQL builtIn will appear in the app.ini as:
+If a builtIn database is enabled the database configuration is set automatically.
+For example, PostgreSQL builtIn will appear in the app.ini as:
 
 ```ini
 [database]
@@ -84,8 +93,8 @@ USER = gitea
 
 #### Memcached defaults
 
-Memcached is handled the exact same way as database builtIn. Once Memcached
-builtIn is enabled, this chart will generate the following part in the `app.ini`:
+Memcached is handled the exact same way as database builtIn.
+Once Memcached builtIn is enabled, this chart will generate the following part in the `app.ini`:
 
 ```ini
 [cache]
@@ -96,9 +105,9 @@ HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211
 
 #### Server defaults
 
-The server defaults are a bit more complex. If ingress is `enabled`, the
-`ROOT_URL`, `DOMAIN` and `SSH_DOMAIN` will be set accordingly. `HTTP_PORT`
-always defaults to `3000` as well as `SSH_PORT` to `22`.
+The server defaults are a bit more complex.
+If ingress is `enabled`, the `ROOT_URL`, `DOMAIN` and `SSH_DOMAIN` will be set accordingly.
+`HTTP_PORT` always defaults to `3000` as well as `SSH_PORT` to `22`.
 
 ```ini
 [server]
@@ -125,16 +134,13 @@ ENABLED = false
 ### Additional _app.ini_ settings
 
 > **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)
-section cannot be defined that way.**
+> section cannot be defined that way.**
 
-Some settings inside _app.ini_ (like passwords or whole authentication configurations)
-must be considered sensitive and therefore should not be passed via plain text
-inside the _values.yaml_ file. In times of _GitOps_ the values.yaml could be stored
-in a Git repository where sensitive data should never be accessible.
+Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file.
+In times of _GitOps_ the values.yaml could be stored in a Git repository where sensitive data should never be accessible.
 
 The Helm Chart supports this approach and let the user define custom sources like
-Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation
-or update.
+Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation or update.
 
 ```yaml
 gitea:
@@ -147,8 +153,7 @@ gitea:
 
 This would mount the two additional volumes (`oauth` and `some-additionals`)
 from different sources to the init containerwhere the _app.ini_ gets updated.
-All files mounted that way will be read and converted to environment variables
-and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
+All files mounted that way will be read and converted to environment variables and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
 
 The key of such additional source represents the section inside the _app.ini_.
 The value for each key can be multiline ini-like definitions.
@@ -185,19 +190,15 @@ stringData:
 
 #### User defined environment variables in app.ini
 
-Users are able to define their own environment variables,
-which are loaded into the containers. We also support to
-directly interact with the generated _app.ini_.
+Users are able to define their own environment variables, which are loaded into the containers.
+We also support to directly interact with the generated _app.ini_.
 
-To inject self defined variables into the _app.ini_ a
-certain format needs to be honored. This is
-described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini)
-page.
+To inject self defined variables into the _app.ini_ a certain format needs to be honored.
+This is described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) page.
 
 Note that the Prefix on this helm chart is `ENV_TO_INI`.
 
-For example a database setting needs to have the following
-format:
+For example a database setting needs to have the following format:
 
 ```yaml
 gitea:
@@ -214,19 +215,22 @@ gitea:
 Priority (highest to lowest) for defining app.ini variables:
 
 1. Environment variables prefixed with `ENV_TO_INI`
-2. Additional config sources
-3. Values defined in `gitea.config`
+1. Additional config sources
+1. Values defined in `gitea.config`
 
 ### External Database
 
-An external Database can be used instead of builtIn PostgreSQL or MySQL.
+Any external Database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL.
+In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm.
+
+If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL.
 
 ```yaml
 gitea:
   config:
     database:
       DB_TYPE: mysql
-      HOST: 127.0.0.1:3306
+      HOST: <mysql HOST>
       NAME: gitea
       USER: root
       PASSWD: gitea
@@ -238,7 +242,8 @@ postgresql:
 
 ### Ports and external url
 
-By default port `3000` is used for web traffic and `22` for ssh. Those can be changed:
+By default port `3000` is used for web traffic and `22` for ssh.
+Those can be changed:
 
 ```yaml
 service:
@@ -248,15 +253,14 @@ service:
     port: 22
 ```
 
-This helm chart automatically configures the clone urls to use the correct
-ports. You can change these ports by hand using the `gitea.config` dict. However
-you should know what you're doing.
+This helm chart automatically configures the clone urls to use the correct ports.
+You can change these ports by hand using the `gitea.config` dict.
+However you should know what you're doing.
 
 ### ClusterIP
 
-By default the clusterIP will be set to None, which is the default for headless
-services. However if you want to omit the clusterIP field in the service, use
-the following values:
+By default the `clusterIP` will be set to `None`, which is the default for headless services.
+However if you want to omit the clusterIP field in the service, use the following values:
 
 ```yaml
 service:
@@ -272,9 +276,8 @@ service:
 
 ### SSH and Ingress
 
-If you're using ingress and want to use SSH, keep in mind, that ingress is not
-able to forward SSH Ports. You will need a LoadBalancer like `metallb` and a
-setting in your ssh service annotations.
+If you're using ingress and want to use SSH, keep in mind, that ingress is not able to forward SSH Ports.
+You will need a LoadBalancer like `metallb` and a setting in your ssh service annotations.
 
 ```yaml
 service:
@@ -285,8 +288,8 @@ service:
 
 ### SSH on crio based kubernetes cluster
 
-If you use crio as container runtime it is not possible to read from a remote
-repository. You should get an error message like this:
+If you use `crio` as container runtime it is not possible to read from a remote repository.
+You should get an error message like this:
 
 ```bash
 $ git clone git@k8s-demo.internal:admin/test.git
@@ -303,15 +306,15 @@ More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161).
 
 ### Cache
 
-This helm chart can use a built in cache. The default is Memcached from bitnami.
+This helm chart can use a built in cache.
+The default is Memcached from bitnami.
 
 ```yaml
 memcached:
   enabled: true
 ```
 
-If the built in cache should not be used simply configure the cache in
-`gitea.config`.
+If the built in cache should not be used simply configure the cache in `gitea.config`.
 
 ```yaml
 gitea:
@@ -325,15 +328,14 @@ gitea:
 
 ### Persistence
 
-Gitea will be deployed as a statefulset. By simply enabling the persistence and
-setting the storage class according to your cluster everything else will be
-taken care of. The following example will create a PVC as a part of the
-statefulset. This PVC will not be deleted even if you uninstall the chart.
+Gitea will be deployed as a statefulset.
+By simply enabling the persistence and setting the storage class according to your cluster everything else will be taken care of.
+The following example will create a PVC as a part of the statefulset.
+This PVC will not be deleted even if you uninstall the chart.
 
-Please note, that an empty storageClass in the persistence will result in
-kubernetes using your default storage class.
+Please note, that an empty storageClass in the persistence will result in kubernetes using your default storage class.
 
-If you want to use your own storageClass define it as followed:
+If you want to use your own storage class define it as follows:
 
 ```yaml
 persistence:
@@ -341,48 +343,38 @@ persistence:
   storageClass: myOwnStorageClass
 ```
 
-When using PostgreSQL as dependency, this will also be deployed as a statefulset
-by default.
+When using PostgreSQL as dependency, this will also be deployed as a statefulset by default.
 
 If you want to manage your own PVC you can simply pass the PVC name to the chart.
 
 ```yaml
-  persistence:
+persistence:
   enabled: true
   existingClaim: MyAwesomeGiteaClaim
 ```
 
-In case that peristence has been disabled it will simply use an empty dir volume.
+In case that persistence has been disabled it will simply use an empty dir volume.
 
 PostgreSQL handles the persistence in the exact same way.
 You can interact with the postgres settings as displayed in the following example:
 
 ```yaml
-  postgresql:
+postgresql:
   persistence:
     enabled: true
     existingClaim: MyAwesomeGiteaPostgresClaim
 ```
 
-MySQL also handles persistence the same, even though it is not deployed as a statefulset.
-You can interact with the postgres settings as displayed in the following example:
-
-```yaml
-  mysql:
-    persistence:
-      enabled: true
-      existingClaim: MyAwesomeGiteaMysqlClaim
-```
-
 ### Admin User
 
-This chart enables you to create a default admin user. It is also possible to
-update the password for this user by upgrading or redeloying the chart. It is
-not possible to delete an admin user after it has been created. This has to be
-done in the ui. You cannot use `admin` as username.
+This chart enables you to create a default admin user.
+It is also possible to update the password for this user by upgrading or redeloying the chart.
+It is not possible to delete an admin user after it has been created.
+This has to be done in the ui.
+You cannot use `admin` as username.
 
 ```yaml
-  gitea:
+gitea:
   admin:
     username: "MyAwesomeGiteaAdmin"
     password: "AReallyAwesomeGiteaPassword"
@@ -416,7 +408,7 @@ All LDAP values from <https://docs.gitea.io/en-us/command-line/#admin> are avail
 Multiple LDAP sources can be configured with additional LDAP list items.
 
 ```yaml
-  gitea:
+gitea:
   ldap:
     - name: MyAwesomeGiteaLdap
       securityProtocol: unencrypted
@@ -432,7 +424,7 @@ Multiple LDAP sources can be configured with additional LDAP list items.
       publicSSHKeyAttribute: publicSSHKey
 ```
 
-You can also use an existing secret to set the bindDn and bindPassword:
+You can also use an existing secret to set the `bindDn` and `bindPassword`:
 
 ```yaml
 apiVersion: v1
@@ -452,9 +444,9 @@ gitea:
         ...
 ```
 
-⚠️ Some options are just flags and therefore don't have any values. If they
-are defined in `gitea.ldap` configuration, they will be passed to the Gitea CLI
-without any value. Affected options:
+⚠️ Some options are just flags and therefore don't have any values.
+If they are defined in `gitea.ldap` configuration, they will be passed to the Gitea CLI without any value.
+Affected options:
 
 - notActive
 - skipTlsVerify
@@ -464,9 +456,9 @@ without any value. Affected options:
 
 ### OAuth2 Settings
 
-Like the admin user, OAuth2 settings can be updated and disabled but not
-deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values,
-which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are
+Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
+Deleting OAuth2 settings has to be done in the ui.
+All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are
 available.
 
 Multiple OAuth2 sources can be configured with additional OAuth list items.
@@ -474,11 +466,11 @@ Multiple OAuth2 sources can be configured with additional OAuth list items.
 ```yaml
 gitea:
   oauth:
-    - name: 'MyAwesomeGiteaOAuth'
-      provider: 'openidConnect'
-      key: 'hello'
-      secret: 'world'
-      autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration'
+    - name: "MyAwesomeGiteaOAuth"
+      provider: "openidConnect"
+      key: "hello"
+      secret: "world"
+      autoDiscoverUrl: "https://gitea.example.com/.well-known/openid-configuration"
       #useCustomUrls:
       #customAuthUrl:
       #customTokenUrl:
@@ -502,22 +494,19 @@ stringData:
 ```yaml
 gitea:
   oauth:
-    - name: 'MyAwesomeGiteaOAuth'
+    - name: "MyAwesomeGiteaOAuth"
       existingSecret: gitea-oauth-secret
         ...
 ```
 
 ## Configure commit signing
 
-When using the rootless image the gpg key folder is not persistent by
-default. If you consider using signed commits for internal Gitea activities
-(e.g. initial commit), you'd need to provide a signing key. Prior to
-[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be
-re-imported once the container got replaced by another.
+When using the rootless image the gpg key folder is not persistent by default.
+If you consider using signed commits for internal Gitea activities (e.g. initial commit), you'd need to provide a signing key.
+Prior to [PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be re-imported once the container got replaced by another.
 
-The mentioned PR introduced a new configuration object `signing` allowing you to
-configure prerequisites for commit signing. By default this section is disabled
-to maintain backwards compatibility.
+The mentioned PR introduced a new configuration object `signing` allowing you to configure prerequisites for commit signing.
+By default this section is disabled to maintain backwards compatibility.
 
 ```yaml
 signing:
@@ -525,9 +514,8 @@ signing:
   gpgHome: /data/git/.gnupg
 ```
 
-Regardless of the used container image the `signing` object allows to specify a
-private gpg key. Either using the `signing.privateKey` to define the key inline,
-or refer to an existing secret containing the key data by using `signing.existingKey`.
+Regardless of the used container image the `signing` object allows to specify a private gpg key.
+Either using the `signing.privateKey` to define the key inline, or refer to an existing secret containing the key data by using `signing.existingSecret`.
 
 ```yaml
 apiVersion: v1
@@ -547,19 +535,15 @@ signing:
   existingSecret: custom-gitea-gpg-key
 ```
 
-To use the gpg key, Gitea needs to be configured accordingly. A detailed description
-can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration).
+To use the gpg key, Gitea needs to be configured accordingly.
+A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration).
 
 ### Metrics and profiling
 
-A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling
-endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics
-endpoint is exposed via the ingress, manage access using ingress annotations for
-example.
+A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling endpoints on port 6060 can be enabled under `gitea`.
+Beware that the metrics endpoint is exposed via the ingress, manage access using ingress annotations for example.
 
-To deploy the `ServiceMonitor`, you first need to ensure that you have deployed
-`prometheus-operator` and its
-[CRDs](https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions).
+To deploy the `ServiceMonitor`, you first need to ensure that you have deployed `prometheus-operator` and its [CRDs](https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions).
 
 ```yaml
 gitea:
@@ -591,6 +575,7 @@ gitea:
 | `global.imageRegistry`    | global image registry override                                            | `""`            |
 | `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]`            |
 | `global.storageClass`     | global storage class override                                             | `""`            |
+| `global.hostAliases`      | global hostAliases which will be added to the pod's hosts files           | `[]`            |
 | `replicaCount`            | number of replicas for the statefulset                                    | `1`             |
 | `clusterDomain`           | cluster domain                                                            | `cluster.local` |
 
@@ -664,6 +649,7 @@ gitea:
 | `tolerations`                               | Tolerations for the statefulset                        | `[]`  |
 | `affinity`                                  | Affinity for the statefulset                           | `{}`  |
 | `dnsConfig`                                 | dnsConfig for the statefulset                          | `{}`  |
+| `priorityClassName`                         | priorityClassName for the statefulset                  | `""`  |
 | `statefulset.env`                           | Additional environment variables to pass to containers | `[]`  |
 | `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod         | `60`  |
 | `statefulset.labels`                        | Labels for the statefulset                             | `{}`  |
@@ -689,8 +675,11 @@ gitea:
 ### Init
 
 | Name                                       | Description                                                                          | Value   |
-| --------------- | --------------------------------------------------------------------- | ----- |
+| ------------------------------------------ | ------------------------------------------------------------------------------------ | ------- |
 | `initPreScript`                            | Bash shell script copied verbatim to the start of the init-container.                | `""`    |
+| `initContainers.resources.limits`          | initContainers.limits Kubernetes resource limits for init containers                 | `{}`    |
+| `initContainers.resources.requests.cpu`    | initContainers.requests.cpu Kubernetes cpu resource limits for init containers       | `100m`  |
+| `initContainers.resources.requests.memory` | initContainers.requests.memory Kubernetes memory resource limits for init containers | `128Mi` |
 
 ### Signing
 
@@ -717,6 +706,7 @@ gitea:
 | `gitea.additionalConfigSources`        | Additional configuration from secret or configmap                                                             | `[]`                 |
 | `gitea.additionalConfigFromEnvs`       | Additional configuration sources from environment variables                                                   | `[]`                 |
 | `gitea.podAnnotations`                 | Annotations for the Gitea pod                                                                                 | `{}`                 |
+| `gitea.ssh.logLevel`                   | Configure OpenSSH's log level. Only available for root-based Gitea image.                                     | `INFO`               |
 
 ### LivenessProbe
 
@@ -757,50 +747,30 @@ gitea:
 ### Memcached
 
 | Name                                | Description                                                                                                                                                                                           | Value   |
-| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
 | `memcached.enabled`                 | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true`  |
-| `memcached.service.port` | Port for Memcached                                                                                                                                                                                    | `11211` |
+| `memcached.service.ports.memcached` | Port for Memcached                                                                                                                                                                                    | `11211` |
 
 ### PostgreSQL
 
 | Name                                                    | Description                                                      | Value   |
-| ------------------------------------------------- | -------------------------------------------------------- | ------- |
+| ------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
 | `postgresql.enabled`                                    | Enable PostgreSQL                                                | `true`  |
-| `postgresql.global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides postgresqlDatabase)       | `gitea` |
-| `postgresql.global.postgresql.postgresqlUsername` | PostgreSQL username (overrides postgresqlUsername)       | `gitea` |
-| `postgresql.global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides postgresqlPassword) | `gitea` |
-| `postgresql.global.postgresql.servicePort`        | PostgreSQL port (overrides service.port)                 | `5432`  |
-| `postgresql.persistence.size`                     | PVC Storage Request for PostgreSQL volume                | `10Gi`  |
-
-### MySQL
-
-| Name                     | Description                                                        | Value   |
-| ------------------------ | ------------------------------------------------------------------ | ------- |
-| `mysql.enabled`          | Enable MySQL                                                       | `false` |
-| `mysql.root.password`    | Password for the root user. Ignored if existing secret is provided | `gitea` |
-| `mysql.db.user`          | Username of new user to create.                                    | `gitea` |
-| `mysql.db.password`      | Password for the new user.Ignored if existing secret is provided   | `gitea` |
-| `mysql.db.name`          | Name for new database to create.                                   | `gitea` |
-| `mysql.service.port`     | Port to connect to MySQL service                                   | `3306`  |
-| `mysql.persistence.size` | PVC Storage Request for MySQL volume                               | `10Gi`  |
-
-### MariaDB
-
-| Name                               | Description                                                       | Value   |
-| ---------------------------------- | ----------------------------------------------------------------- | ------- |
-| `mariadb.enabled`                  | Enable MariaDB                                                    | `false` |
-| `mariadb.auth.database`            | Name of the database to create.                                   | `gitea` |
-| `mariadb.auth.username`            | Username of the new user to create.                               | `gitea` |
-| `mariadb.auth.password`            | Password for the new user. Ignored if existing secret is provided | `gitea` |
-| `mariadb.auth.rootPassword`        | Password for the root user.                                       | `gitea` |
-| `mariadb.primary.service.port`     | Port to connect to MariaDB service                                | `3306`  |
-| `mariadb.primary.persistence.size` | Persistence size for MariaDB                                      | `10Gi`  |
+| `postgresql.global.postgresql.auth.password`            | Password for the `gitea` user (overrides `auth.password`)        | `gitea` |
+| `postgresql.global.postgresql.auth.database`            | Name for a custom database to create (overrides `auth.database`) | `gitea` |
+| `postgresql.global.postgresql.auth.username`            | Name for a custom user to create (overrides `auth.username`)     | `gitea` |
+| `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`)   | `5432`  |
+| `postgresql.primary.persistence.size`                   | PVC Storage Request for PostgreSQL volume                        | `10Gi`  |
 
 ### Advanced
 
 | Name               | Description                                                        | Value     |
-| ------------------ | ---------------------------------------------------- | ------ |
+| ------------------ | ------------------------------------------------------------------ | --------- |
 | `checkDeprecation` | Set it to false to skip this basic validation check.               | `true`    |
+| `test.enabled`     | Set it to false to disable test-connection Pod.                    | `true`    |
+| `test.image.name`  | Image name for the wget container used in the test-connection Pod. | `busybox` |
+| `test.image.tag`   | Image tag for the wget container used in the test-connection Pod.  | `latest`  |
+| `extraDeploy`      | Array of extra objects to deploy with the release                  | `[]`      |
 
 ## Contributing
 
@@ -813,12 +783,23 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details.
 This section lists major and breaking changes of each Helm Chart version.
 Please read them carefully to upgrade successfully.
 
+### To 8.0.0
+
+#### Removal of MariaDB and MySQL DB chart dependencies
+
+In this version support for DB chart dependencies of MySQL and MariaDB have been removed to simplify the maintenance of the helm chart.
+External MySQL and MariaDB databases are still supported and will be in the future.
+
+#### Postgres Update from v11 to v15
+
+This Chart version updates the Postgres chart dependency and subsequently Postgres from v11 to v15.
+Please read the [Postgres Release Notes](https://www.postgresql.org/docs/release/) for version-specific changes.
+With respect to `values.yaml`, parameters `username`, `database` and `password` have been regrouped under `auth` and slightly renamed.
+`persistence` has also been regrouped under the `primary` key.
+Please adjust your `values.yaml` accordingly.
+
 ### To 7.0.0
 
-#### Gitea 1.18.1
-
-This Chart version updates Gitea to 1.18.1. Don't miss any application related [breaking changes of 1.18.0](https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/#breaking-changes).
-
 #### Private GPG key configuration for Gitea signing actions
 
 Having `signing.enabled=true` now requires to use either `signing.privateKey` or `signing.existingSecret` so that the Chart can automatically prepare the GPG key for Gitea internal signing actions.
@@ -828,26 +809,21 @@ See [Configure commit signing](#configure-commit-signing) for details.
 
 #### Different volume mounts for init-containers and runtime container
 
-**The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and
-`extraContainerVolumeMounts`. You can now have different mounts for the initialization
-phase and Gitea runtime. The deprecated `extraVolumeMounts` will still be available
-for the time being and is mounted into every container. If you want to switch to
-the new settings and want to mount specific volumes into all containers, you have
-to configure their mount points within both new settings.
+**The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and `extraContainerVolumeMounts`.
+You can now have different mounts for the initialization phase and Gitea runtime.
+The deprecated `extraVolumeMounts` will still be available for the time being and is mounted into every container.
+If you want to switch to the new settings and want to mount specific volumes into all containers, you have to configure their mount points within both new settings.
 
-**Combining values from the deprecated setting with values from the new settings
-is not possible.**
+**Combining values from the deprecated setting with values from the new settings is not possible.**
 
 #### New `enabled` flag for `startupProbe`
 
-Prior to this version the `startupProbe` was just a commented sample within the
-`values.yaml`. With the migration to an auto-generated [Parameters](#parameters)
-section, a new parameter `gitea.startupProbe.enabled` has been introduced set to
+Prior to this version the `startupProbe` was just a commented sample within the `values.yaml`.
+With the migration to an auto-generated [Parameters](#parameters) section, a new parameter `gitea.startupProbe.enabled` has been introduced set to
 `false` by default.
 
-If you are using the `startupProbe` you need to add that new
-parameter and set it to `true`. Otherwise, your defined probe won't be considered
-after the upgrade.
+If you are using the `startupProbe` you need to add that new parameter and set it to `true`.
+Otherwise, your defined probe won't be considered after the upgrade.
 
 ### To 5.0.0
 
@@ -855,9 +831,7 @@ after the upgrade.
 
 #### Enable Dependencies
 
-The values to enable the dependencies,
-such as PostgreSQL, Memcached, MySQL and MariaDB
-have been moved from `gitea.database.builtIn.` to the dependency values.
+The values to enable the dependencies, such as PostgreSQL, Memcached, MySQL and MariaDB have been moved from `gitea.database.builtIn.` to the dependency values.
 
 You can now enable the dependencies as followed:
 
@@ -877,39 +851,32 @@ mariadb:
 
 #### App.ini generation
 
-The app.ini generation has changed and now utilizes the environment-to-ini
-script provided by newer Gitea versions. This change ensures, that the app.ini
-is now persistent.
+The app.ini generation has changed and now utilizes the environment-to-ini script provided by newer Gitea versions.
+This change ensures, that the app.ini is now persistent.
 
 ##### Secret Key generation
 
-Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated
-automatically in certain situations:
+Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated automatically in certain situations:
 
-- New install: By default the secrets are created automatically. If you provide
-  secrets via `gitea.config` they will be used instead of automatic generation.
-- Existing installs: The secrets won't be deployed, neither via
-  configuration nor via auto generation. We explicitly prevent to set new secrets.
+- New install: By default the secrets are created automatically.
+  If you provide secrets via `gitea.config` they will be used instead of automatic generation.
+- Existing installs: The secrets won't be deployed, neither via configuration nor via auto generation.
+  We explicitly prevent to set new secrets.
 
-> 💡 It would be possible to set new secret keys manually by entering
-the running container and rewriting the app.ini by hand. However, this it is
-not advisable to do so for existing installations. Certain settings like
-_LDAP_ would not be readable anymore.
+> 💡 It would be possible to set new secret keys manually by entering the running container and rewriting the app.ini by hand.
+> However, this it is not advisable to do so for existing installations.
+> Certain settings like _LDAP_ would not be readable anymore.
 
 #### Probes
 
-`gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe`
-have been removed.
+`gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` have been removed.
 
-They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe`
-and `gitea.startupProbe` which are now fully configurable and used _as-is_ for
+They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe` and `gitea.startupProbe` which are now fully configurable and used _as-is_ for
 a Chart deployment.
-If you have customized their values instead of using the `custom` prefixed settings,
-please ensure that you remove the `enabled` property from each of them.
+If you have customized their values instead of using the `custom` prefixed settings, please ensure that you remove the `enabled` property from each of them.
 
-In case you want to disable one of these probes, let's say the `livenessProbe`, add
-the following to your values. The `podAnnotation` is just there to have a bit more
-context.
+In case you want to disable one of these probes, let's say the `livenessProbe`, add the following to your values.
+The `podAnnotation` is just there to have a bit more context.
 
 ```diff
 gitea:
@@ -919,20 +886,17 @@ gitea:
 
 #### Multiple OAuth and LDAP authentication sources
 
-With `5.0.0` of this Chart it is now possible to configure Gitea with multiple
-OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration
-in your customized `values.yaml` by replacing the object with settings to a list
-of settings objects. See [OAuth2 Settings](#oauth2-settings) and
-[LDAP Settings](#ldap-settings) section for details.
+With `5.0.0` of this Chart it is now possible to configure Gitea with multiple OAuth and LDAP sources.
+As a result, you need to update an existing OAuth/LDAP configuration in your customized `values.yaml` by replacing the object with settings to a list
+of settings objects.
+See [OAuth2 Settings](#oauth2-settings) and [LDAP Settings](#ldap-settings) section for details.
 
 ### To 4.0.0
 
 #### Ingress changes
 
-To provide a more flexible Ingress configuration we now support not only host
-settings but also provide configuration for the path and pathType. So this
-change changes the hosts from a simple string list, to a list containing a more
-complex object for more configuration.
+To provide a more flexible Ingress configuration we now support not only host settings but also provide configuration for the path and pathType.
+So this change changes the hosts from a simple string list, to a list containing a more complex object for more configuration.
 
 ```diff
 ingress:
@@ -953,8 +917,7 @@ ingress:
   #      - git.example.com
 ```
 
-If you want everything as it was before, you can simply add the following code
-to all your host entries.
+If you want everything as it was before, you can simply add the following code to all your host entries.
 
 ```yaml
 paths:
@@ -964,41 +927,34 @@ paths:
 
 #### Dropped kebab-case support
 
-In 3.x.x it was possible to provide an ldap configuration via kebab-case, this
-support has now been dropped and only camel case is supported. See [LDAP
-section](#ldap-settings) for more information.
+In 3.x.x it was possible to provide an ldap configuration via kebab-case, this support has now been dropped and only camel case is supported.
+See [LDAP section](#ldap-settings) for more information.
 
 #### Dependency update
 
-The chart comes with multiple databases and Memcached as dependency, the latest
-release updated the dependencies.
+The chart comes with multiple databases and Memcached as dependency, the latest release updated the dependencies.
 
 - Memcached: `4.2.20` -> `5.9.0`
 - PostgreSQL: `9.7.2` -> `10.3.17`
 - MariaDB: `8.0.0` -> `9.3.6`
 
-If you're using the builtin databases you will most likely redeploy the chart in
-order to update the database correctly.
+If you're using the builtin databases you will most likely redeploy the chart in order to update the database correctly.
 
 #### Execution of initPreScript
 
-Generally spoken, this might not be a breaking change, but it is worth to be
-mentioned.
+Generally spoken, this might not be a breaking change, but it is worth to be mentioned.
 
-Prior to `4.0.0` only one init container was used to both setup directories and
-configure Gitea. As of now the actual Gitea configuration is separated from the
-other pre-execution. This also includes the execution of _initPreScript_. If you
-have such script, please be aware of this. Dynamically prepare the Gitea setup
-during execution by e.g. adding environment variables to the execution context
-won't work anymore.
+Prior to `4.0.0` only one init container was used to both setup directories and configure Gitea.
+As of now the actual Gitea configuration is separated from the other pre-execution.
+This also includes the execution of _initPreScript_.
+If you have such script, please be aware of this.
+Dynamically prepare the Gitea setup during execution by e.g. adding environment variables to the execution context won't work anymore.
 
 ### Misc
 
 #### Gitea Version 1.14.X repository ROOT
 
-Previously the ROOT folder for the Gitea repositories was located at
-`/data/git/gitea-repositories`. In version `1.14` has the path been changed to
-`/data/gitea-repositories`.
+Previously the ROOT folder for the Gitea repositories was located at `/data/git/gitea-repositories`.
+In version `1.14` has the path been changed to `/data/gitea-repositories`.
 
-This chart will set the `gitea.config.repository.ROOT` value default to
-`/data/git/gitea-repositories`.
+This chart will set the `gitea.config.repository.ROOT` value default to `/data/git/gitea-repositories`.

templates/_helpers.tpl

@@ -92,19 +92,11 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
 {{- define "postgresql.dns" -}}
-{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}}
-{{- end -}}
-
-{{- define "mysql.dns" -}}
-{{- printf "%s-mysql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "mariadb.dns" -}}
-{{- printf "%s-mariadb.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mariadb.primary.service.port | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
 {{- end -}}
 
 {{- define "memcached.dns" -}}
-{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.ports.memcached | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
 {{- define "gitea.default_domain" -}}
@@ -292,25 +284,9 @@ https
     {{- if not (.Values.gitea.config.database.HOST) -}}
       {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
     {{- end -}}
-    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.postgresqlDatabase -}}
-    {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.postgresqlUsername -}}
-    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.postgresqlPassword -}}
-  {{- else if .Values.mysql.enabled -}}
-    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "mysql" -}}
-    {{- if not (.Values.gitea.config.database.HOST) -}}
-      {{- $_ := set .Values.gitea.config.database "HOST"      (include "mysql.dns" .) -}}
-    {{- end -}}
-    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.mysql.db.name -}}
-    {{- $_ := set .Values.gitea.config.database "USER"      .Values.mysql.db.user -}}
-    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.mysql.db.password -}}
-  {{- else if .Values.mariadb.enabled -}}
-    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "mysql" -}}
-    {{- if not (.Values.gitea.config.database.HOST) -}}
-      {{- $_ := set .Values.gitea.config.database "HOST"      (include "mariadb.dns" .) -}}
-    {{- end -}}
-    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.mariadb.auth.database -}}
-    {{- $_ := set .Values.gitea.config.database "USER"      .Values.mariadb.auth.username -}}
-    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.mariadb.auth.password -}}
+    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.auth.database -}}
+    {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.auth.username -}}
+    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.auth.password -}}
   {{- end -}}
 {{- end -}}
 

templates/gitea/extra-list.yaml

@@ -0,0 +1,8 @@
+{{- range .Values.extraDeploy }}
+---
+{{- if typeIs "string" . }}
+    {{- tpl . $ }}
+{{- else }}
+    {{- tpl (. | toYaml) $ }}
+{{- end }}
+{{- end }}

templates/gitea/gpg-secret.yaml

@@ -1,6 +1,6 @@
 {{- if .Values.signing.enabled -}}
 {{- if and (empty .Values.signing.privateKey) (empty .Values.signing.existingSecret) -}}
-  {{- fail "Either specify `signing.privateKey` or `signing.existingKey`" -}}
+  {{- fail "Either specify `signing.privateKey` or `signing.existingSecret`" -}}
 {{- end }}
 {{- if and (not (empty .Values.signing.privateKey)) (empty .Values.signing.existingSecret) -}}
 apiVersion: v1

templates/gitea/statefulset.yaml

@@ -39,6 +39,9 @@ spec:
       {{- if .Values.schedulerName }}
       schedulerName: "{{ .Values.schedulerName }}"
       {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+      {{- end }}
       {{- include "gitea.images.pullSecrets" . | nindent 6 }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -76,6 +79,8 @@ spec:
             {{- include "gitea.init-additional-mounts" . | nindent 12 }}
           securityContext:
             {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+          resources:
+            {{- toYaml .Values.initContainers.resources | nindent 12 }}
         - name: init-app-ini
           image: "{{ include "gitea.image" . }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -114,6 +119,8 @@ spec:
             {{- include "gitea.init-additional-mounts" . | nindent 12 }}
           securityContext:
             {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+          resources:
+            {{- toYaml .Values.initContainers.resources | nindent 12 }}
         {{- if .Values.signing.enabled }}
         - name: configure-gpg
           image: "{{ include "gitea.image" . }}"
@@ -143,6 +150,8 @@ spec:
             {{- if .Values.extraVolumeMounts }}
             {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
             {{- end }}
+          resources:
+            {{- toYaml .Values.initContainers.resources | nindent 12 }}
         {{- end }}
         - name: configure-gitea
           image: "{{ include "gitea.image" . }}"
@@ -232,6 +241,8 @@ spec:
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
             {{- include "gitea.init-additional-mounts" . | nindent 12 }}
+          resources:
+            {{- toYaml .Values.initContainers.resources | nindent 12 }}
       terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
       containers:
         - name: {{ .Chart.Name }}
@@ -243,6 +254,10 @@ spec:
               value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
             - name: SSH_PORT
               value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
+            {{- if not .Values.image.rootless }}
+            - name: SSH_LOG_LEVEL
+              value: {{ .Values.gitea.ssh.logLevel | quote }}
+            {{- end }}
             - name: GITEA_APP_INI
               value: /data/gitea/conf/app.ini
             - name: GITEA_CUSTOM
@@ -302,6 +317,10 @@ spec:
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
             {{- include "gitea.container-additional-mounts" . | nindent 12 }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

templates/tests/test-http-connection.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.test.enabled }}
 apiVersion: v1
 kind: Pod
 metadata:
@@ -9,7 +10,8 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: "{{ .Values.test.image.name }}:{{ .Values.test.image.tag }}"
       command: ['wget']
       args:  ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}']
   restartPolicy: Never
+{{- end }}

unittests/gpg-secret/signing-enabled.yaml

@@ -11,7 +11,7 @@ tests:
         enabled: true
     asserts:
       - failedTemplate:
-          errorMessage: Either specify `signing.privateKey` or `signing.existingKey`
+          errorMessage: Either specify `signing.privateKey` or `signing.existingSecret`
   - it: skips rendering using external secret reference
     set:
       signing:

unittests/init/init_directory_structure.sh.yaml

@@ -8,9 +8,13 @@ tests:
   - it: runs gpg in batch mode
     set:
       signing.enabled: true
+      signing.privateKey: |-
+        -----BEGIN PGP PRIVATE KEY BLOCK-----
+        {placeholder}
+        -----END PGP PRIVATE KEY BLOCK-----
     asserts:
       - equal:
-          path: stringData.[configure_gpg_environment.sh]
+          path: stringData["configure_gpg_environment.sh"]
           value: |-
             #!/usr/bin/env bash
             set -eu
@@ -19,7 +23,7 @@ tests:
   - it: skips gpg script block for disabled signing
     asserts:
       - equal:
-          path: stringData.[init_directory_structure.sh]
+          path: stringData["init_directory_structure.sh"]
           value: |-
             #!/usr/bin/env bash
 
@@ -38,9 +42,13 @@ tests:
   - it: adds gpg script block for enabled signing
     set:
       signing.enabled: true
+      signing.privateKey: |-
+        -----BEGIN PGP PRIVATE KEY BLOCK-----
+        {placeholder}
+        -----END PGP PRIVATE KEY BLOCK-----
     asserts:
       - equal:
-          path: stringData.[init_directory_structure.sh]
+          path: stringData["init_directory_structure.sh"]
           value: |-
             #!/usr/bin/env bash
 

unittests/statefulset/signing-disabled.yaml

@@ -17,9 +17,9 @@ tests:
   - it: skips gpg env in `init-directories` init container
     template: templates/gitea/statefulset.yaml
     set:
-      signing.enabled: true
+      signing.enabled: false
     asserts:
-      - contains:
+      - notContains:
           path: spec.template.spec.initContainers[0].env
           content:
             name: GNUPGHOME

unittests/statefulset/signing-enabled.yaml

@@ -42,6 +42,7 @@ tests:
     template: templates/gitea/statefulset.yaml
     set:
       signing.enabled: true
+      signing.existingSecret: "custom-gpg-secret"
     asserts:
       - contains:
           path: spec.template.spec.initContainers[0].env
@@ -52,6 +53,7 @@ tests:
     template: templates/gitea/statefulset.yaml
     set:
       signing.enabled: true
+      signing.existingSecret: "custom-gpg-secret"
     asserts:
       - contains:
           path: spec.template.spec.containers[0].env
@@ -63,6 +65,7 @@ tests:
     set:
       signing:
         enabled: true
+        existingSecret: "gitea-unittests-gpg-key"
     asserts:
       - contains:
           path: spec.template.spec.volumes

unittests/statefulset/ssh-configuration.yaml

@@ -0,0 +1,40 @@
+suite: Statefulset template (SSH configuration)
+release:
+  name: gitea-unittests
+  namespace: testing
+templates:
+  - templates/gitea/statefulset.yaml
+  - templates/gitea/config.yaml
+tests:
+  - it: supports defining SSH log level for root based image
+    template: templates/gitea/statefulset.yaml
+    set:
+      image.rootless: false
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: SSH_LOG_LEVEL
+            value: "INFO"
+  - it: supports overriding SSH log level
+    template: templates/gitea/statefulset.yaml
+    set:
+      image.rootless: false
+      gitea.ssh.logLevel: "DEBUG"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: SSH_LOG_LEVEL
+            value: "DEBUG"
+  - it: skips SSH_LOG_LEVEL for rootless image
+    template: templates/gitea/statefulset.yaml
+    set:
+      image.rootless: true
+      gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          any: true
+          content:
+            name: SSH_LOG_LEVEL

values.yaml

@@ -6,6 +6,7 @@
 ## @param global.imageRegistry global image registry override
 ## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
 ## @param global.storageClass global storage class override
+## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
 global:
   imageRegistry: ""
   ## E.g.
@@ -14,6 +15,10 @@ global:
   ##
   imagePullSecrets: []
   storageClass: ""
+  hostAliases: []
+  # - ip: 192.168.137.2
+  #   hostnames:
+  #   - example.com
 
 ## @param replicaCount number of replicas for the statefulset
 replicaCount: 1
@@ -120,7 +125,6 @@ service:
     loadBalancerSourceRanges: []
     annotations: {}
 
-
 ## @section Ingress
 ## @param ingress.enabled Enable ingress
 ## @param ingress.className Ingress class name
@@ -134,7 +138,8 @@ ingress:
   enabled: false
   # className: nginx
   className:
-  annotations: {}
+  annotations:
+    {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
@@ -153,7 +158,8 @@ ingress:
 ## @section StatefulSet
 #
 ## @param resources Kubernetes resources
-resources: {}
+resources:
+  {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -183,12 +189,16 @@ affinity: {}
 ## @param dnsConfig dnsConfig for the statefulset
 dnsConfig: {}
 
+## @param priorityClassName priorityClassName for the statefulset
+priorityClassName: ""
+
 ## @param statefulset.env  Additional environment variables to pass to containers
 ## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
 ## @param statefulset.labels Labels for the statefulset
 ## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
 statefulset:
-  env: []
+  env:
+    []
     # - name: VARIABLE
     #   value: my-value
   terminationGracePeriodSeconds: 60
@@ -248,6 +258,16 @@ initPreScript: ""
 #   chown -R git:git /data/git/.postgresql/
 #   chmod 400 /data/git/.postgresql/postgresql.key
 
+## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers
+## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers
+## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers
+initContainers:
+  resources:
+    limits: {}
+    requests:
+      cpu: 100m
+      memory: 128Mi
+
 # Configure commit/action signing prerequisites
 ## @section Signing
 #
@@ -273,7 +293,7 @@ gitea:
   ## @param gitea.admin.password Password for the Gitea admin user
   ## @param gitea.admin.email Email for the Gitea admin user
   admin:
-    #existingSecret: gitea-admin-secret
+    # existingSecret: gitea-admin-secret
     existingSecret:
     username: gitea_admin
     password: r8sA8CPHD9!bt6d
@@ -289,7 +309,8 @@ gitea:
       #    prometheus-release: prom1
 
   ## @param gitea.ldap LDAP configuration
-  ldap: []
+  ldap:
+    []
     # - name: "LDAP 1"
     #  existingSecret:
     #  securityProtocol:
@@ -306,7 +327,8 @@ gitea:
 
   # Either specify inline `key` and `secret` or refer to them via `existingSecret`
   ## @param gitea.oauth OAuth configuration
-  oauth: []
+  oauth:
+    []
     # - name: 'OAuth 1'
     #   provider:
     #   key:
@@ -343,6 +365,10 @@ gitea:
   ## @param gitea.podAnnotations Annotations for the Gitea pod
   podAnnotations: {}
 
+  ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image.
+  ssh:
+    logLevel: "INFO"
+
   ## @section LivenessProbe
   #
   ## @param gitea.livenessProbe.enabled Enable liveness probe
@@ -406,72 +432,41 @@ gitea:
 ## @section Memcached
 #
 ## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
-## @param memcached.service.port Port for Memcached
+## ref: https://hub.docker.com/r/bitnami/memcached/tags/
+## @param memcached.service.ports.memcached Port for Memcached
 memcached:
   enabled: true
+  # image:
+  #   registry: docker.io
+  #   repository: bitnami/memcached
+  #   tag: ""
+  #   digest: ""
+  #   pullPolicy: IfNotPresent
+  #   pullSecrets: []
   service:
-    port: 11211
+    ports:
+      memcached: 11211
 
 ## @section PostgreSQL
 #
 ## @param postgresql.enabled Enable PostgreSQL
-## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase)
-## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername)
-## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword)
-## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port)
-## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume
+## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
+## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
+## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
+## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
+## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
 postgresql:
   enabled: true
   global:
     postgresql:
-      postgresqlDatabase: gitea
-      postgresqlUsername: gitea
-      postgresqlPassword: gitea
-      servicePort: 5432
-  persistence:
-    size: 10Gi
-
-## @section MySQL
-#
-## @param mysql.enabled Enable MySQL
-## @param mysql.root.password Password for the root user. Ignored if existing secret is provided
-## @param mysql.db.user Username of new user to create.
-## @param mysql.db.password Password for the new user.Ignored if existing secret is provided
-## @param mysql.db.name Name for new database to create.
-## @param mysql.service.port Port to connect to MySQL service
-## @param mysql.persistence.size PVC Storage Request for MySQL volume
-mysql:
-  enabled: false
-  root:
-    password: gitea
-  db:
-    user: gitea
-    password: gitea
-    name: gitea
-  service:
-    port: 3306
-  persistence:
-    size: 10Gi
-
-## @section MariaDB
-#
-## @param mariadb.enabled Enable MariaDB
-## @param mariadb.auth.database Name of the database to create.
-## @param mariadb.auth.username Username of the new user to create.
-## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided
-## @param mariadb.auth.rootPassword Password for the root user.
-## @param mariadb.primary.service.port Port to connect to MariaDB service
-## @param mariadb.primary.persistence.size Persistence size for MariaDB
-mariadb:
-  enabled: false
       auth:
+        password: gitea
         database: gitea
         username: gitea
-    password: gitea
-    rootPassword: gitea
-  primary:
       service:
-      port: 3306
+        ports:
+          postgresql: 5432
+  primary:
     persistence:
       size: 10Gi
 
@@ -479,4 +474,16 @@ mariadb:
 # Set it to false to skip this basic validation check.
 ## @section Advanced
 ## @param checkDeprecation Set it to false to skip this basic validation check.
+## @param test.enabled Set it to false to disable test-connection Pod.
+## @param test.image.name Image name for the wget container used in the test-connection Pod.
+## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
 checkDeprecation: true
+test:
+  enabled: true
+  image:
+    name: busybox
+    tag: latest
+
+## @param extraDeploy Array of extra objects to deploy with the release
+##
+extraDeploy: []