mirror of
https://gitea.com/gitea/helm-chart.git
synced 2024-07-04 23:34:12 +02:00
Rework app.ini generation (#239)
App ini is now generated by environment-to-ini This should prevent some of the problems we had earlier with persisting the app.ini Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
This commit is contained in:
parent
82763f109b
commit
0461fa92a9
95
README.md
95
README.md
@ -37,6 +37,35 @@ helm install gitea gitea-charts/gitea
|
|||||||
- Helm 3.0+
|
- Helm 3.0+
|
||||||
- PV provisioner for persistent data support
|
- PV provisioner for persistent data support
|
||||||
|
|
||||||
|
## Chart upgrade to 5.0.0
|
||||||
|
|
||||||
|
:warning: The most recent `5.0.0` update brings some major and breaking changes.
|
||||||
|
Please note the following changes in the Chart to upgrade successfully. :warning:
|
||||||
|
|
||||||
|
### App.ini generation
|
||||||
|
|
||||||
|
The app.ini generation has changed and now utilizes the environment-to-ini
|
||||||
|
script provided by newer Gitea versions.
|
||||||
|
|
||||||
|
:boom: The Helm Chart now requires Gitea versions of at least 1.11.0.
|
||||||
|
|
||||||
|
This change ensures, that the app.ini is now persistent.
|
||||||
|
|
||||||
|
#### Secret Key generation
|
||||||
|
|
||||||
|
Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated
|
||||||
|
automatically in certain situations:
|
||||||
|
|
||||||
|
- New install: By default the secrets are created automatically. If you provide
|
||||||
|
secrets via `gitea.config` they will be used instead of automatic generation.
|
||||||
|
- Existing installs: The secrets won't be deployed, neither via
|
||||||
|
configuration nor via auto generation. We explicitly prevent to set new secrets.
|
||||||
|
|
||||||
|
:rotating_light: It would be possible to set new secret keys manually by entering
|
||||||
|
the running container and rewriting the app.ini by hand. However, this it is
|
||||||
|
not advisable to do so for existing installations. Certain settings like
|
||||||
|
_LDAP_ would not be readable anymore.
|
||||||
|
|
||||||
## Chart upgrade from 3.x.x to 4.0.0
|
## Chart upgrade from 3.x.x to 4.0.0
|
||||||
|
|
||||||
:warning: The most recent `4.0.0` update brings some breaking changes. Please note
|
:warning: The most recent `4.0.0` update brings some breaking changes. Please note
|
||||||
@ -523,48 +552,48 @@ gitea:
|
|||||||
|
|
||||||
### Others
|
### Others
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| ------------------------------------------| -------------------------------------------------------- | ------- |
|
| ------------------------------------------- | -------------------------------------------------------------------- | ------- |
|
||||||
| statefulset.terminationGracePeriodSeconds | How long to wait until forcefully kill the pod | `60` |
|
| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` |
|
||||||
| statefulset.env | Additional environment variables to pass to containers | `[]` |
|
| `statefulset.env` | Additional environment variables to pass to containers | `[]` |
|
||||||
| extraVolumes | Additional volumes to mount to the Gitea statefulset | `{}` |
|
| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `{}` |
|
||||||
| extraVolumeMounts | Additional volume mounts for the Gitea containers | `{}` |
|
| `extraVolumeMounts` | Additional volume mounts for the Gitea containers | `{}` |
|
||||||
| initPreScript | Bash script copied verbatim to start of init container | |
|
| `initPreScript` | Bash script copied verbatim to start of init container | |
|
||||||
| securityContext | Run as a specific securityContext | `{}` |
|
| `securityContext` | Run as a specific securityContext | `{}` |
|
||||||
| schedulerName | Use an alternate scheduler, e.g. "stork" | |
|
| `schedulerName` | Use an alternate scheduler, e.g. "stork" | |
|
||||||
|
|
||||||
### Image
|
### Image
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| -----------------| ----------------------------------------------------------------------------------------- | ------------- |
|
| ------------------ | ----------------------------------------------------------------------------------------- | ------------- |
|
||||||
| image.repository | Image to start for this pod | `gitea/gitea` |
|
| `image.repository` | Image to start for this pod | `gitea/gitea` |
|
||||||
| image.tag | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` |
|
| `image.tag` | [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | `1.14.6` |
|
||||||
| image.pullPolicy | Image pull policy | `Always` |
|
| `image.pullPolicy` | Image pull policy | `Always` |
|
||||||
| image.rootless | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
|
| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` |
|
||||||
|
|
||||||
### Persistence
|
### Persistence
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| ------------------------- | ---------------------------------------------------------- | ------- |
|
| --------------------------- | ---------------------------------------------------------- | ------- |
|
||||||
| persistence.enabled | Enable persistence for Gitea | `true` |
|
| `persistence.enabled` | Enable persistence for Gitea | `true` |
|
||||||
| persistence.existingClaim | Use an existing claim to store repository information | |
|
| `persistence.existingClaim` | Use an existing claim to store repository information | |
|
||||||
| persistence.size | Size for persistence to store repo information | `10Gi` |
|
| `persistence.size` | Size for persistence to store repo information | `10Gi` |
|
||||||
| persistence.accessModes | AccessMode for persistence | |
|
| `persistence.accessModes` | AccessMode for persistence | |
|
||||||
| persistence.storageClass | Storage class for repository persistence | |
|
| `persistence.storageClass` | Storage class for repository persistence | |
|
||||||
| persistence.labels | Labels for the persistence volume claim to be created | `{}` |
|
| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` |
|
||||||
| persistence.annotations | Annotations for the persistence volume claim to be created | `{}` |
|
| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` |
|
||||||
|
|
||||||
### Ingress
|
### Ingress
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| ---------------------------------- | ---------------------------------------------- | ----------------- |
|
| ------------------------------------ | ---------------------------------------------- | ----------------- |
|
||||||
| ingress.enabled | enable ingress | `false` |
|
| `ingress.enabled` | enable ingress | `false` |
|
||||||
| ingress.annotations | add ingress annotations | |
|
| `ingress.annotations` | add ingress annotations | |
|
||||||
| ingress.hosts[0].host | add hosts for ingress | `git.example.com` |
|
| `ingress.hosts[0].host` | add hosts for ingress | `git.example.com` |
|
||||||
| ingress.hosts[0].paths[0].path | add path for each ingress host | `/` |
|
| `ingress.hosts[0].paths[0].path` | add path for each ingress host | `/` |
|
||||||
| ingress.hosts[0].paths[0].pathType | add ingress path type | `Prefix` |
|
| `ingress.hosts[0].paths[0].pathType` | add ingress path type | `Prefix` |
|
||||||
| ingress.tls | add ingress tls settings | `[]` |
|
| `ingress.tls` | add ingress tls settings | `[]` |
|
||||||
| ingress.className | add ingress class name. Only used in k8s 1.19+ | |
|
| `ingress.className` | add ingress class name. Only used in k8s 1.19+ | |
|
||||||
|
|
||||||
### Service
|
### Service
|
||||||
|
|
||||||
|
@ -6,7 +6,10 @@ metadata:
|
|||||||
{{- include "gitea.labels" . | nindent 4 }}
|
{{- include "gitea.labels" . | nindent 4 }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
app.ini: |-
|
config_environment.sh: |-
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
{{- if not (hasKey .Values.gitea.config "cache") -}}
|
{{- if not (hasKey .Values.gitea.config "cache") -}}
|
||||||
{{- $_ := set .Values.gitea.config "cache" dict -}}
|
{{- $_ := set .Values.gitea.config "cache" dict -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@ -31,6 +34,10 @@ stringData:
|
|||||||
{{- $_ := set .Values.gitea.config "repository" dict -}}
|
{{- $_ := set .Values.gitea.config "repository" dict -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
|
||||||
|
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- /* repository default settings */ -}}
|
{{- /* repository default settings */ -}}
|
||||||
{{- if not .Values.gitea.config.repository.ROOT -}}
|
{{- if not .Values.gitea.config.repository.ROOT -}}
|
||||||
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
|
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
|
||||||
@ -132,17 +139,34 @@ stringData:
|
|||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- /* autogenerate app.ini */ -}}
|
{{- if not (hasKey .Values.gitea.config.security "INTERNAL_TOKEN") }}
|
||||||
|
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
|
||||||
|
{{- end }}
|
||||||
|
{{- if not (hasKey .Values.gitea.config.security "SECRET_KEY") }}
|
||||||
|
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
|
||||||
|
{{- end }}
|
||||||
|
{{- if not (hasKey .Values.gitea.config.oauth2 "JWT_SECRET") }}
|
||||||
|
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- /* autogenerate app.ini environment values */ -}}
|
||||||
{{- range $key, $value := .Values.gitea.config }}
|
{{- range $key, $value := .Values.gitea.config }}
|
||||||
{{- if kindIs "map" $value }}
|
{{- if kindIs "map" $value }}
|
||||||
{{- if gt (len $value) 0 }}
|
{{- if gt (len $value) 0 }}
|
||||||
|
|
||||||
[{{ $key }}]
|
|
||||||
{{- range $n_key, $n_value := $value }}
|
{{- range $n_key, $n_value := $value }}
|
||||||
{{ $n_key | upper }} = {{ $n_value }}
|
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $n_key | upper }}={{ $n_value }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
{{ $key | upper }} = {{ $value }}
|
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $key | upper }}={{ $value }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
# safety to prevent rewrite of secret keys if an app.ini already exists
|
||||||
|
if [ -f ${GITEA_APP_INI} ]; then
|
||||||
|
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
|
||||||
|
unset ENV_TO_INI__SECURITY__SECRET_KEY
|
||||||
|
unset ENV_TO_INI__OAUTH2__JWT_SECRET
|
||||||
|
fi
|
||||||
|
|
||||||
|
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
|
||||||
|
@ -33,9 +33,6 @@ stringData:
|
|||||||
chown 1000:1000 "${GITEA_TEMP}"
|
chown 1000:1000 "${GITEA_TEMP}"
|
||||||
chmod ug+rwx "${GITEA_TEMP}"
|
chmod ug+rwx "${GITEA_TEMP}"
|
||||||
|
|
||||||
# Copy config file to writable volume
|
|
||||||
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
|
|
||||||
chmod a+rwx /data/gitea/conf/app.ini
|
|
||||||
configure_gitea.sh: |-
|
configure_gitea.sh: |-
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
@ -60,8 +60,31 @@ spec:
|
|||||||
mountPath: /usr/sbin
|
mountPath: /usr/sbin
|
||||||
- name: temp
|
- name: temp
|
||||||
mountPath: /tmp
|
mountPath: /tmp
|
||||||
|
- name: data
|
||||||
|
mountPath: /data
|
||||||
|
{{- if .Values.extraVolumeMounts }}
|
||||||
|
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
- name: init-app-ini
|
||||||
|
image: "{{ include "gitea.image" . }}"
|
||||||
|
command: ["/usr/sbin/config_environment.sh"]
|
||||||
|
env:
|
||||||
|
- name: GITEA_APP_INI
|
||||||
|
value: /data/gitea/conf/app.ini
|
||||||
|
- name: GITEA_CUSTOM
|
||||||
|
value: /data/gitea
|
||||||
|
- name: GITEA_WORK_DIR
|
||||||
|
value: /data
|
||||||
|
- name: GITEA_TEMP
|
||||||
|
value: /tmp/gitea
|
||||||
|
{{- if .Values.statefulset.env }}
|
||||||
|
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /etc/gitea/conf
|
mountPath: /usr/sbin
|
||||||
|
- name: temp
|
||||||
|
mountPath: /tmp
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
{{- if .Values.extraVolumeMounts }}
|
{{- if .Values.extraVolumeMounts }}
|
||||||
@ -236,10 +259,11 @@ spec:
|
|||||||
- name: init
|
- name: init
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ include "gitea.fullname" . }}-init
|
secretName: {{ include "gitea.fullname" . }}-init
|
||||||
defaultMode: 0777
|
defaultMode: 110
|
||||||
- name: config
|
- name: config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ include "gitea.fullname" . }}
|
secretName: {{ include "gitea.fullname" . }}
|
||||||
|
defaultMode: 110
|
||||||
{{- if .Values.extraVolumes }}
|
{{- if .Values.extraVolumes }}
|
||||||
{{- toYaml .Values.extraVolumes | nindent 8 }}
|
{{- toYaml .Values.extraVolumes | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
Loading…
Reference in New Issue
Block a user