Fix GIT_GC_CHECK for multiple replicas (#490)

### Benefits

Asserting the value existence failed previously.

### Applicable issues

fixes #488

### Additional information

No unit tests possible as value is parsed as a secret and then into `app.ini`.

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/490
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: pat-s <patrick.schratz@gmail.com>
Co-committed-by: pat-s <patrick.schratz@gmail.com>

.gitea/workflows/release-version.yml

@@ -39,7 +39,7 @@ jobs:
           mkdir gitea
           mv gitea*.tgz gitea/
           curl -L -o gitea/index.yaml https://dl.gitea.com/charts/index.yaml
-          helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml
+          helm repo index gitea/ --url https://dl.gitea.com/charts --merge gitea/index.yaml
 
       - name: aws credential configure
         uses: https://github.com/aws-actions/configure-aws-credentials@v2

Chart.yaml

@@ -3,8 +3,8 @@ name: gitea
 description: Gitea Helm chart for Kubernetes
 type: application
 version: 0.0.0
-appVersion: 1.20-nightly
-icon: https://docs.gitea.io/images/gitea.png
+appVersion: 1.20.3
+icon: https://gitea.com/assets/img/logo.svg
 
 keywords:
   - git

README.md

@@ -7,7 +7,12 @@
 - [High Availability](#high-availability)
 - [Configuration](#configuration)
   - [Default Configuration](#default-configuration)
+    - [Database defaults](#database-defaults)
+    - [Server defaults](#server-defaults)
+    - [Metrics defaults](#metrics-defaults)
+  - [Minimal Configuration](#minimal-configuration)
   - [Additional _app.ini_ settings](#additional-appini-settings)
+    - [User defined environment variables in app.ini](#user-defined-environment-variables-in-appini)
   - [External Database](#external-database)
   - [Ports and external url](#ports-and-external-url)
   - [ClusterIP](#clusterip)
@@ -45,7 +50,7 @@
 - [Contributing](#contributing)
 - [Upgrading](#upgrading)
 
-[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting solution written in Go.
+[Gitea](https://gitea.com) is a community managed lightweight code hosting solution written in Go.
 It is published under the MIT license.
 
 ## Introduction
@@ -83,7 +88,7 @@ Dependencies:
 ## Installing
 
 ```sh
-helm repo add gitea-charts https://dl.gitea.io/charts/
+helm repo add gitea-charts https://dl.gitea.com/charts/
 helm repo update
 helm install gitea gitea-charts/gitea
 ```
@@ -103,7 +108,7 @@ See the [HA Setup](docs/ha-setup.md) document for more details.
 ## Configuration
 
 Gitea offers lots of configuration options.
-This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/).
+This is fully described in the [Gitea Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet).
 
 ```yaml
 gitea:
@@ -166,9 +171,39 @@ The Prometheus `/metrics` endpoint is disabled by default.
 ENABLED = false
 ```
 
+### Minimal Configuration
+
+For a minimal installation, i.e. without HA dependencies and using the built-in SQLITE DB instead of Postgres, the following configuration can be used:
+
+```yaml
+redis-cluster:
+  enabled: false
+postgresql:
+  enabled: false
+postgresql-ha:
+  enabled: false
+
+persistence:
+  enabled: false
+
+gitea:
+  config:
+    database:
+      DB_TYPE: sqlite3
+    session:
+      PROVIDER: memory
+    cache:
+      ADAPTER: memory
+    queue:
+      TYPE: level
+```
+
+This will result in a single-pod Gitea instance without any dependencies and persistence.
+Do not use this configuration for production use.
+
 ### Additional _app.ini_ settings
 
-> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)
+> **The [generic](https://docs.gitea.com/administration/config-cheat-sheet#overall-default)
 > section cannot be defined that way.**
 
 Some settings inside _app.ini_ (like passwords or whole authentication configurations) must be considered sensitive and therefore should not be passed via plain text inside the _values.yaml_ file.
@@ -255,7 +290,7 @@ Priority (highest to lowest) for defining app.ini variables:
 
 ### External Database
 
-Any external database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL.
+Any external database listed in [https://docs.gitea.com/installation/database-prep](https://docs.gitea.com/installation/database-prep) can be used instead of the built-in PostgreSQL.
 In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm.
 
 If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL.
@@ -425,7 +460,7 @@ gitea:
 ### LDAP Settings
 
 Like the admin user the LDAP settings can be updated.
-All LDAP values from <https://docs.gitea.io/en-us/command-line/#admin> are available.
+All LDAP values from <https://docs.gitea.com/administration/command-line#admin> are available.
 
 Multiple LDAP sources can be configured with additional LDAP list items.
 
@@ -480,7 +515,7 @@ Affected options:
 
 Like the admin user, OAuth2 settings can be updated and disabled but not deleted.
 Deleting OAuth2 settings has to be done in the ui.
-All OAuth2 values, which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are
+All OAuth2 values, which are documented [here](https://docs.gitea.com/administration/command-line#admin), are
 available.
 
 Multiple OAuth2 sources can be configured with additional OAuth list items.
@@ -558,7 +593,7 @@ signing:
 ```
 
 To use the gpg key, Gitea needs to be configured accordingly.
-A detailed description can be found in the [official Gitea documentation](https://docs.gitea.io/en-us/signing/#general-configuration).
+A detailed description can be found in the [official Gitea documentation](https://docs.gitea.com/administration/signing#general-configuration).
 
 ## Metrics and profiling
 
@@ -592,6 +627,8 @@ gitea:
 
 Custom themes can be added via k8s secrets and referencing them in `values.yaml`.
 
+The [http provider](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) is useful here.
+
 ```yaml
 extraVolumes:
   - name: gitea-themes
@@ -614,13 +651,37 @@ resource "kubernetes_secret" "gitea-themes" {
   }
 
   data = {
-    "theme-custom.css"      = "${file("FULL-PATH-TO-CSS")}"
-    "theme-custom-dark.css" = "${file("FULL-PATH-TO-CSS")}"
+    "my-theme.css"      = data.http.gitea-theme-light.body
+    "my-theme-dark.css" = data.http.gitea-theme-dark.body
+    "my-theme-auto.css" = data.http.gitea-theme-auto.body
   }
 
   type = "Opaque"
+}
 
-  depends_on = [kubernetes_namespace.gitea]
+
+data "http" "gitea-theme-light" {
+  url = "<raw theme url>"
+
+  request_headers = {
+    Accept = "application/json"
+  }
+}
+
+data "http" "gitea-theme-dark" {
+  url = "<raw theme url>"
+
+  request_headers = {
+    Accept = "application/json"
+  }
+}
+
+data "http" "gitea-theme-auto" {
+  url = "<raw theme url>"
+
+  request_headers = {
+    Accept = "application/json"
+  }
 }
 ```
 
@@ -948,6 +1009,11 @@ If you are coming from an existing deployment and [#356](https://gitea.com/gitea
       CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.<namespace>.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
 ```
 
+<!-- markdownlint-disable-next-line -->
+**Switch to rootless image by default**
+If you are facing errors like `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED` due to this automatic transition:
+Have a look at [this discussion](https://gitea.com/gitea/helm-chart/issues/487#issue-220660) and either set `image.rootless: false` or manually update your `~/.ssh/known_hosts` file(s).
+
 <!-- markdownlint-disable-next-line -->
 **Transitioning from a RWO to RWX Persistent Volume**
 

templates/_helpers.tpl

@@ -112,9 +112,17 @@ app.kubernetes.io/name: {{ include "gitea.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
-{{- define "postgresql.dns" -}}
+{{- define "postgresql-ha.dns" -}}
+{{- if (index .Values "postgresql-ha").enabled -}}
 {{- printf "%s-postgresql-ha-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "postgresql-ha" "service" "ports" "postgresql") -}}
 {{- end -}}
+{{- end -}}
+
+{{- define "postgresql.dns" -}}
+{{- if (index .Values "postgresql").enabled -}}
+{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}}
+{{- end -}}
+{{- end -}}
 
 {{- define "redis.dns" -}}
 {{- if (index .Values "redis-cluster").enabled -}}
@@ -344,12 +352,21 @@ https
   {{- if (index .Values "postgresql-ha" "enabled") -}}
     {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
     {{- if not (.Values.gitea.config.database.HOST) -}}
-      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
+      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql-ha.dns" .) -}}
     {{- end -}}
     {{- $_ := set .Values.gitea.config.database "NAME"      (index .Values "postgresql-ha" "global" "postgresql" "database") -}}
     {{- $_ := set .Values.gitea.config.database "USER"      (index .Values "postgresql-ha" "global" "postgresql" "username") -}}
     {{- $_ := set .Values.gitea.config.database "PASSWD"    (index .Values "postgresql-ha" "global" "postgresql" "password") -}}
   {{- end -}}
+  {{- if (index .Values "postgresql" "enabled") -}}
+    {{- $_ := set .Values.gitea.config.database "DB_TYPE"   "postgres" -}}
+    {{- if not (.Values.gitea.config.database.HOST) -}}
+      {{- $_ := set .Values.gitea.config.database "HOST"      (include "postgresql.dns" .) -}}
+    {{- end -}}
+    {{- $_ := set .Values.gitea.config.database "NAME"      .Values.postgresql.global.postgresql.auth.database -}}
+    {{- $_ := set .Values.gitea.config.database "USER"      .Values.postgresql.global.postgresql.auth.username -}}
+    {{- $_ := set .Values.gitea.config.database "PASSWD"    .Values.postgresql.global.postgresql.auth.password -}}
+  {{- end -}}
 {{- end -}}
 
 {{- define "gitea.init-additional-mounts" -}}

templates/gitea/config.yaml

@@ -17,13 +17,18 @@ metadata:
 type: Opaque
 stringData:
   assertions: |
+
+{{- /*assert that only one PG dep is enabled */ -}}
+{{- if and (.Values.postgresql.enabled) (index .Values "postgresql-ha" "enabled") -}}
+  {{- fail "Only one of postgresql or postgresql-ha can be enabled at the same time." -}}
+{{- end }}
+
 {{- /* multiple replicas assertions */ -}}
 {{- if gt .Values.replicaCount 1.0 -}}
-  {{- if .Values.gitea.config.cron.GIT_GC_REPOS -}}
-    {{- if .Values.gitea.config.cron.GIT_GC_REPOS.enabled -}}
-      {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'GIT_GC_REPOS.enabled = false'." -}}
-    {{- end }}
+  {{- if (get (get .Values.gitea.config "cron.GIT_GC_REPOS") "ENABLED") -}}
+    {{- fail "Invoking the garbage collector via CRON is not yet supported when running with multiple replicas. Please set 'cron.GIT_GC_REPOS.enabled = false'." -}}
   {{- end }}
+
   {{- if eq (first .Values.persistence.accessModes) "ReadWriteOnce" -}}
     {{- fail "When using multiple replicas, a RWX file system is required and gitea.persistence.accessModes[0] must be set to ReadWriteMany." -}}
   {{- end }}