From 2826258cfc5a5b60a2f01914f144400b40af3d32 Mon Sep 17 00:00:00 2001 From: luhahn Date: Wed, 16 Dec 2020 20:37:47 +0800 Subject: [PATCH] Several Improvements to Helm Chart (#87) Improve ldap settings with helper function Allow clusterIP for http service to be set, default to None Use imagePullSecrets in statefulset now Update default values Update README Bump Chart version Co-authored-by: luhahn Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87 Reviewed-by: lafriks Reviewed-by: Lunny Xiao Co-Authored-By: luhahn Co-Committed-By: luhahn --- Chart.yaml | 2 +- README.md | 39 ++++++++++++++++++++++++++++++++ templates/_helpers.tpl | 11 +++++++++ templates/gitea/http-svc.yaml | 4 ++-- templates/gitea/init.yaml | 26 ++------------------- templates/gitea/ssh-svc.yaml | 4 ++-- templates/gitea/statefulset.yaml | 4 ++++ values.yaml | 4 ++++ 8 files changed, 65 insertions(+), 29 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index fdf8393..19ff242 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitea description: Gitea Helm chart for Kubernetes type: application -version: 2.1.2 +version: 2.1.3 appVersion: 1.13.0 icon: https://docs.gitea.io/images/gitea.png diff --git a/README.md b/README.md index 6947d48..10fd140 100644 --- a/README.md +++ b/README.md @@ -132,6 +132,22 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing. +### ClusterIP + +By default the clusterIP will be set to None, which is the default for headless services. However if you want to omit the clusterIP field in the service, use the following values: + +```yaml +service: + http: + type: ClusterIP + port: 3000 + clusterIP: + ssh: + type: ClusterIP + port: 22 + clusterIP: +``` + ### SSH and Ingress If you're using ingress and wan't to use SSH, keep in mind, that ingress is not able to forward SSH Ports. @@ -220,6 +236,10 @@ It is not possible to delete an admin user after it has been created. This has t ### LDAP Settings Like the admin user the ldap settings can be updated but also disabled or deleted. +All ldap values from https://docs.gitea.io/en-us/command-line/#admin are available. +You can either use them in camel case or kebab case. + +camelCase: ```yaml gitea: @@ -238,6 +258,25 @@ Like the admin user the ldap settings can be updated but also disabled or delete usernameAttribute: CN ``` +kebab-case: + +```yaml + gitea: + ldap: + enabled: true + name: 'MyAwesomeGiteaLdap' + security-protocol: unencrypted + host: "127.0.0.1" + port: "389" + user-search-base: ou=Users,dc=example,dc=com + user-filter: sAMAccountName=%s + admin-filter: CN=Admin,CN=Group,DC=example,DC=com + email-attribute: mail + bind-dn: CN=ldap read,OU=Spezial,DC=example,DC=com + bind-password: JustAnotherBindPw + username-attribute: CN +``` + ### Pod Annotations Annotations can be added to the Gitea pod. diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 1da21a6..bcbbe24 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -95,3 +95,14 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- define "gitea.ldap_settings" -}} +{{- range $key, $val := .Values.gitea.ldap -}} +{{- if ne $key "enabled" -}} +{{- if eq $key "port" -}} +{{- printf "--%s %s " ($key | kebabcase) $val -}} +{{- else -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 54fd7a8..20c0de6 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -11,8 +11,8 @@ spec: {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} {{- end }} - {{ if eq .Values.service.http.type "ClusterIP" }} - clusterIP: None + {{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }} + clusterIP: {{ .Values.service.http.clusterIP }} {{- end }} ports: - name: http diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index a3ec9f4..fd60719 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -24,34 +24,12 @@ stringData: {{- end }} {{- if .Values.gitea.ldap.enabled }} gitea admin auth add-ldap \ - --name {{ .Values.gitea.ldap.name | quote }} \ - --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \ - --host {{ .Values.gitea.ldap.host | quote }} \ - --port {{ .Values.gitea.ldap.port | int}} \ - --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \ - --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \ - --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \ - --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \ - --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \ - --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \ - --synchronize-users \ - --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \ + {{- include "gitea.ldap_settings" . | nindent 6 }} \ || \ ( \ export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \ gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \ - --name {{ .Values.gitea.ldap.name | quote }} \ - --security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \ - --host {{ .Values.gitea.ldap.host | quote }} \ - --port {{ .Values.gitea.ldap.port | int}} \ - --user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \ - --user-filter {{ .Values.gitea.ldap.userFilter | quote }} \ - --admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \ - --email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \ - --bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \ - --bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \ - --synchronize-users \ - --username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \ + {{- include "gitea.ldap_settings" . | nindent 6 }} \ ) \ {{- end }} ' \ No newline at end of file diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index e588b93..5ce60cb 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -11,8 +11,8 @@ spec: {{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} {{- end }} - {{- if eq .Values.service.ssh.type "ClusterIP" }} - clusterIP: None + {{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }} + clusterIP: {{ .Values.service.ssh.clusterIP }} {{- end }} {{- if .Values.service.ssh.externalIPs }} externalIPs: diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 7347816..b90bc9e 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -20,6 +20,10 @@ spec: labels: {{- include "gitea.selectorLabels" . | nindent 8 }} spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} securityContext: fsGroup: 1000 initContainers: diff --git a/values.yaml b/values.yaml index 133f4f8..1fd79cd 100644 --- a/values.yaml +++ b/values.yaml @@ -17,10 +17,14 @@ service: http: type: ClusterIP port: 3000 + clusterIP: None + #loadBalancerIP: + #nodePort: annotations: ssh: type: ClusterIP port: 22 + clusterIP: None #loadBalancerIP: #nodePort: #externalTrafficPolicy: