marko/Gitea-HelmChart
1
0
Fork 0
mirror of https://gitea.com/gitea/helm-chart.git synced 2024-07-04 23:34:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rework app.ini generation (#239)

Browse Source 
App ini is now generated by environment-to-ini

This should prevent some of the problems we had earlier with persisting the app.ini

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io>
Reviewed-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
This commit is contained in:
luhahn 2021-11-20 05:15:45 +08:00
parent 82763f109b
commit 0461fa92a9
4 changed files with 118 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
README.md
View File

@ -37,6 +37,35 @@ helm install gitea gitea-charts/gitea
- Helm 3.0+ - Helm 3.0+
- PV provisioner for persistent data support - PV provisioner for persistent data support
## Chart upgrade to 5.0.0
:warning: The most recent `5.0.0` update brings some major and breaking changes.
Please note the following changes in the Chart to upgrade successfully. :warning:
### App.ini generation
The app.ini generation has changed and now utilizes the environment-to-ini
script provided by newer Gitea versions.
:boom: The Helm Chart now requires Gitea versions of at least 1.11.0.
This change ensures, that the app.ini is now persistent.
#### Secret Key generation
Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated
automatically in certain situations:
- New install: By default the secrets are created automatically. If you provide
secrets via `gitea.config` they will be used instead of automatic generation.
- Existing installs: The secrets won't be deployed, neither via
configuration nor via auto generation. We explicitly prevent to set new secrets.
:rotating_light: It would be possible to set new secret keys manually by entering
the running container and rewriting the app.ini by hand. However, this it is
not advisable to do so for existing installations. Certain settings like
_LDAP_ would not be readable anymore.
## Chart upgrade from 3.x.x to 4.0.0 ## Chart upgrade from 3.x.x to 4.0.0
:warning: The most recent `4.0.0` update brings some breaking changes. Please note :warning: The most recent `4.0.0` update brings some breaking changes. Please note
@ -523,48 +552,48 @@ gitea:
### Others ### Others
| Parameter | Description | Default | | Parameter | Description | Default |
| ------------------------------------------| -------------------------------------------------------- | ------- | | ------------------------------------------- | -------------------------------------------------------------------- | ------- |
| statefulset.terminationGracePeriodSeconds | How long to wait until forcefully kill the pod | `60` | | `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` |
| statefulset.env | Additional environment variables to pass to containers | `[]` | | `statefulset.env` | Additional environment variables to pass to containers | `[]` |
| extraVolumes | Additional volumes to mount to the Gitea statefulset | `{}` | | `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `{}` |
| extraVolumeMounts | Additional volume mounts for the Gitea containers | `{}` | | `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `{}` |
| initPreScript | Bash script copied verbatim to start of init container | | | `initPreScript` | Bash script copied verbatim to start of init container | |
| securityContext | Run as a specific securityContext | `{}` | | `securityContext` | Run as a specific securityContext | `{}` |
| schedulerName | Use an alternate scheduler, e.g. "stork" | | | `schedulerName` | Use an alternate scheduler, e.g. "stork" | |
### Image ### Image
| Parameter | Description | Default | | Parameter | Description | Default |
| -----------------| ----------------------------------------------------------------------------------------- | ------------- | | ------------------ | ----------------------------------------------------------------------------------------- | ------------- |
| image.repository | Image to start for this pod | `gitea/gitea` | | `image.repository` | Image to start for this pod | `gitea/gitea` |
| image.tag | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` | | `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` |
| image.pullPolicy | Image pull policy | `Always` | | `image.pullPolicy` | Image pull policy | `Always` |
| image.rootless | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | | `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
### Persistence ### Persistence
| Parameter | Description | Default | | Parameter | Description | Default |
| ------------------------- | ---------------------------------------------------------- | ------- | | --------------------------- | ---------------------------------------------------------- | ------- |
| persistence.enabled | Enable persistence for Gitea | `true` | | `persistence.enabled` | Enable persistence for Gitea | `true` |
| persistence.existingClaim | Use an existing claim to store repository information | | | `persistence.existingClaim` | Use an existing claim to store repository information | |
| persistence.size | Size for persistence to store repo information | `10Gi` | | `persistence.size` | Size for persistence to store repo information | `10Gi` |
| persistence.accessModes | AccessMode for persistence | | | `persistence.accessModes` | AccessMode for persistence | |
| persistence.storageClass | Storage class for repository persistence | | | `persistence.storageClass` | Storage class for repository persistence | |
| persistence.labels | Labels for the persistence volume claim to be created | `{}` | | `persistence.labels` | Labels for the persistence volume claim to be created | `{}` |
| persistence.annotations | Annotations for the persistence volume claim to be created | `{}` | | `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` |
### Ingress ### Ingress
| Parameter | Description | Default | | Parameter | Description | Default |
| ---------------------------------- | ---------------------------------------------- | ----------------- | | ------------------------------------ | ---------------------------------------------- | ----------------- |
| ingress.enabled | enable ingress | `false` | | `ingress.enabled` | enable ingress | `false` |
| ingress.annotations | add ingress annotations | | | `ingress.annotations` | add ingress annotations | |
| ingress.hosts[0].host | add hosts for ingress | `git.example.com` | | `ingress.hosts[0].host` | add hosts for ingress | `git.example.com` |
| ingress.hosts[0].paths[0].path | add path for each ingress host | `/` | | `ingress.hosts[0].paths[0].path` | add path for each ingress host | `/` |
| ingress.hosts[0].paths[0].pathType | add ingress path type | `Prefix` | | `ingress.hosts[0].paths[0].pathType` | add ingress path type | `Prefix` |
| ingress.tls | add ingress tls settings | `[]` | | `ingress.tls` | add ingress tls settings | `[]` |
| ingress.className | add ingress class name. Only used in k8s 1.19+ | | | `ingress.className` | add ingress class name. Only used in k8s 1.19+ | |
### Service ### Service

36
templates/gitea/config.yaml
View File

@ -6,7 +6,10 @@ metadata:
{{- include "gitea.labels" . | nindent 4 }} {{- include "gitea.labels" . | nindent 4 }}
type: Opaque type: Opaque
stringData: stringData:
app.ini: |- config_environment.sh: |-
#!/usr/bin/env bash
set -euo pipefail
{{- if not (hasKey .Values.gitea.config "cache") -}} {{- if not (hasKey .Values.gitea.config "cache") -}}
{{- $_ := set .Values.gitea.config "cache" dict -}} {{- $_ := set .Values.gitea.config "cache" dict -}}
{{- end -}} {{- end -}}
@ -31,6 +34,10 @@ stringData:
{{- $_ := set .Values.gitea.config "repository" dict -}} {{- $_ := set .Values.gitea.config "repository" dict -}}
{{- end -}} {{- end -}}
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
{{- end -}}
{{- /* repository default settings */ -}} {{- /* repository default settings */ -}}
{{- if not .Values.gitea.config.repository.ROOT -}} {{- if not .Values.gitea.config.repository.ROOT -}}
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
@ -132,17 +139,34 @@ stringData:
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- /* autogenerate app.ini */ -}} {{- if not (hasKey .Values.gitea.config.security "INTERNAL_TOKEN") }}
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
{{- end }}
{{- if not (hasKey .Values.gitea.config.security "SECRET_KEY") }}
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
{{- end }}
{{- if not (hasKey .Values.gitea.config.oauth2 "JWT_SECRET") }}
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
{{- end }}
{{- /* autogenerate app.ini environment values */ -}}
{{- range $key, $value := .Values.gitea.config }} {{- range $key, $value := .Values.gitea.config }}
{{- if kindIs "map" $value }} {{- if kindIs "map" $value }}
{{- if gt (len $value) 0 }} {{- if gt (len $value) 0 }}
[{{ $key }}]
{{- range $n_key, $n_value := $value }} {{- range $n_key, $n_value := $value }}
{{ $n_key | upper }} = {{ $n_value }} export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $n_key | upper }}={{ $n_value }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- else }} {{- else }}
{{ $key | upper }} = {{ $value }} export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $key | upper }}={{ $value }}
{{- end }} {{- end }}
{{- end }} {{- end }}
# safety to prevent rewrite of secret keys if an app.ini already exists
if [ -f ${GITEA_APP_INI} ]; then
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
unset ENV_TO_INI__SECURITY__SECRET_KEY
unset ENV_TO_INI__OAUTH2__JWT_SECRET
fi
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI

3
templates/gitea/init.yaml
View File

@ -33,9 +33,6 @@ stringData:
chown 1000:1000 "${GITEA_TEMP}" chown 1000:1000 "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}" chmod ug+rwx "${GITEA_TEMP}"
# Copy config file to writable volume
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
chmod a+rwx /data/gitea/conf/app.ini
configure_gitea.sh: |- configure_gitea.sh: |-
#!/usr/bin/env bash #!/usr/bin/env bash

28
templates/gitea/statefulset.yaml
View File

@ -60,8 +60,31 @@ spec:
mountPath: /usr/sbin mountPath: /usr/sbin
- name: temp - name: temp
mountPath: /tmp mountPath: /tmp
- name: data
mountPath: /data
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
- name: init-app-ini
image: "{{ include "gitea.image" . }}"
command: ["/usr/sbin/config_environment.sh"]
env:
- name: GITEA_APP_INI
value: /data/gitea/conf/app.ini
- name: GITEA_CUSTOM
value: /data/gitea
- name: GITEA_WORK_DIR
value: /data
- name: GITEA_TEMP
value: /tmp/gitea
{{- if .Values.statefulset.env }}
{{- toYaml .Values.statefulset.env | nindent 12 }}
{{- end }}
volumeMounts:
- name: config - name: config
mountPath: /etc/gitea/conf mountPath: /usr/sbin
- name: temp
mountPath: /tmp
- name: data - name: data
mountPath: /data mountPath: /data
{{- if .Values.extraVolumeMounts }} {{- if .Values.extraVolumeMounts }}
@ -236,10 +259,11 @@ spec:
- name: init - name: init
secret: secret:
secretName: {{ include "gitea.fullname" . }}-init secretName: {{ include "gitea.fullname" . }}-init
defaultMode: 0777 defaultMode: 110
- name: config - name: config
secret: secret:
secretName: {{ include "gitea.fullname" . }} secretName: {{ include "gitea.fullname" . }}
defaultMode: 110
{{- if .Values.extraVolumes }} {{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }} {{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }} {{- end }}