mirror of
https://gitea.com/gitea/helm-chart.git
synced 2024-06-30 21:40:35 +02:00
Several Improvements to Helm Chart (#87)
Improve ldap settings with helper function Allow clusterIP for http service to be set, default to None Use imagePullSecrets in statefulset now Update default values Update README Bump Chart version Co-authored-by: luhahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/87 Reviewed-by: lafriks <lafriks@noreply.gitea.io> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-Authored-By: luhahn <luhahn@noreply.gitea.io> Co-Committed-By: luhahn <luhahn@noreply.gitea.io>
This commit is contained in:
parent
943eda6d5f
commit
2826258cfc
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: gitea
|
name: gitea
|
||||||
description: Gitea Helm chart for Kubernetes
|
description: Gitea Helm chart for Kubernetes
|
||||||
type: application
|
type: application
|
||||||
version: 2.1.2
|
version: 2.1.3
|
||||||
appVersion: 1.13.0
|
appVersion: 1.13.0
|
||||||
icon: https://docs.gitea.io/images/gitea.png
|
icon: https://docs.gitea.io/images/gitea.png
|
||||||
|
|
||||||
|
|
39
README.md
39
README.md
|
@ -132,6 +132,22 @@ By default port 3000 is used for web traffic and 22 for ssh. Those can be change
|
||||||
|
|
||||||
This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing.
|
This helmchart automatically configures the clone urls to use the correct ports. You can change these ports by hand using the gitea.config dict. However you should know what you're doing.
|
||||||
|
|
||||||
|
### ClusterIP
|
||||||
|
|
||||||
|
By default the clusterIP will be set to None, which is the default for headless services. However if you want to omit the clusterIP field in the service, use the following values:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
service:
|
||||||
|
http:
|
||||||
|
type: ClusterIP
|
||||||
|
port: 3000
|
||||||
|
clusterIP:
|
||||||
|
ssh:
|
||||||
|
type: ClusterIP
|
||||||
|
port: 22
|
||||||
|
clusterIP:
|
||||||
|
```
|
||||||
|
|
||||||
### SSH and Ingress
|
### SSH and Ingress
|
||||||
|
|
||||||
If you're using ingress and wan't to use SSH, keep in mind, that ingress is not able to forward SSH Ports.
|
If you're using ingress and wan't to use SSH, keep in mind, that ingress is not able to forward SSH Ports.
|
||||||
|
@ -220,6 +236,10 @@ It is not possible to delete an admin user after it has been created. This has t
|
||||||
### LDAP Settings
|
### LDAP Settings
|
||||||
|
|
||||||
Like the admin user the ldap settings can be updated but also disabled or deleted.
|
Like the admin user the ldap settings can be updated but also disabled or deleted.
|
||||||
|
All ldap values from https://docs.gitea.io/en-us/command-line/#admin are available.
|
||||||
|
You can either use them in camel case or kebab case.
|
||||||
|
|
||||||
|
camelCase:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
gitea:
|
gitea:
|
||||||
|
@ -238,6 +258,25 @@ Like the admin user the ldap settings can be updated but also disabled or delete
|
||||||
usernameAttribute: CN
|
usernameAttribute: CN
|
||||||
```
|
```
|
||||||
|
|
||||||
|
kebab-case:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
gitea:
|
||||||
|
ldap:
|
||||||
|
enabled: true
|
||||||
|
name: 'MyAwesomeGiteaLdap'
|
||||||
|
security-protocol: unencrypted
|
||||||
|
host: "127.0.0.1"
|
||||||
|
port: "389"
|
||||||
|
user-search-base: ou=Users,dc=example,dc=com
|
||||||
|
user-filter: sAMAccountName=%s
|
||||||
|
admin-filter: CN=Admin,CN=Group,DC=example,DC=com
|
||||||
|
email-attribute: mail
|
||||||
|
bind-dn: CN=ldap read,OU=Spezial,DC=example,DC=com
|
||||||
|
bind-password: JustAnotherBindPw
|
||||||
|
username-attribute: CN
|
||||||
|
```
|
||||||
|
|
||||||
### Pod Annotations
|
### Pod Annotations
|
||||||
|
|
||||||
Annotations can be added to the Gitea pod.
|
Annotations can be added to the Gitea pod.
|
||||||
|
|
|
@ -95,3 +95,14 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
|
{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "gitea.ldap_settings" -}}
|
||||||
|
{{- range $key, $val := .Values.gitea.ldap -}}
|
||||||
|
{{- if ne $key "enabled" -}}
|
||||||
|
{{- if eq $key "port" -}}
|
||||||
|
{{- printf "--%s %s " ($key | kebabcase) $val -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -11,8 +11,8 @@ spec:
|
||||||
{{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
|
{{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }}
|
||||||
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
|
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{ if eq .Values.service.http.type "ClusterIP" }}
|
{{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }}
|
||||||
clusterIP: None
|
clusterIP: {{ .Values.service.http.clusterIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
|
|
|
@ -24,34 +24,12 @@ stringData:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.gitea.ldap.enabled }}
|
{{- if .Values.gitea.ldap.enabled }}
|
||||||
gitea admin auth add-ldap \
|
gitea admin auth add-ldap \
|
||||||
--name {{ .Values.gitea.ldap.name | quote }} \
|
{{- include "gitea.ldap_settings" . | nindent 6 }} \
|
||||||
--security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
|
|
||||||
--host {{ .Values.gitea.ldap.host | quote }} \
|
|
||||||
--port {{ .Values.gitea.ldap.port | int}} \
|
|
||||||
--user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
|
|
||||||
--user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
|
|
||||||
--admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
|
|
||||||
--email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
|
|
||||||
--bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
|
|
||||||
--bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
|
|
||||||
--synchronize-users \
|
|
||||||
--username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
|
|
||||||
|| \
|
|| \
|
||||||
( \
|
( \
|
||||||
export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \
|
export GITEA_AUTH_ID=$(gitea admin auth list | grep {{ .Values.gitea.ldap.name | quote }} | awk -F " " "{print \$1}"); \
|
||||||
gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
|
gitea admin auth update-ldap --id ${GITEA_AUTH_ID} \
|
||||||
--name {{ .Values.gitea.ldap.name | quote }} \
|
{{- include "gitea.ldap_settings" . | nindent 6 }} \
|
||||||
--security-protocol {{ .Values.gitea.ldap.securityProtocol | quote }} \
|
|
||||||
--host {{ .Values.gitea.ldap.host | quote }} \
|
|
||||||
--port {{ .Values.gitea.ldap.port | int}} \
|
|
||||||
--user-search-base {{ .Values.gitea.ldap.userSearchBase | quote }} \
|
|
||||||
--user-filter {{ .Values.gitea.ldap.userFilter | quote }} \
|
|
||||||
--admin-filter {{ .Values.gitea.ldap.adminFilter | quote }} \
|
|
||||||
--email-attribute {{ .Values.gitea.ldap.emailAttribute | quote }} \
|
|
||||||
--bind-dn {{ .Values.gitea.ldap.bindDn | quote }} \
|
|
||||||
--bind-password {{ .Values.gitea.ldap.bindPassword | quote }} \
|
|
||||||
--synchronize-users \
|
|
||||||
--username-attribute {{ .Values.gitea.ldap.usernameAttribute | quote }} \
|
|
||||||
) \
|
) \
|
||||||
{{- end }}
|
{{- end }}
|
||||||
'
|
'
|
|
@ -11,8 +11,8 @@ spec:
|
||||||
{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
|
{{- if and .Values.service.ssh.loadBalancerIP (eq .Values.service.ssh.type "LoadBalancer") }}
|
||||||
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
|
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if eq .Values.service.ssh.type "ClusterIP" }}
|
{{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }}
|
||||||
clusterIP: None
|
clusterIP: {{ .Values.service.ssh.clusterIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.service.ssh.externalIPs }}
|
{{- if .Values.service.ssh.externalIPs }}
|
||||||
externalIPs:
|
externalIPs:
|
||||||
|
|
|
@ -20,6 +20,10 @@ spec:
|
||||||
labels:
|
labels:
|
||||||
{{- include "gitea.selectorLabels" . | nindent 8 }}
|
{{- include "gitea.selectorLabels" . | nindent 8 }}
|
||||||
spec:
|
spec:
|
||||||
|
{{- with .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 1000
|
fsGroup: 1000
|
||||||
initContainers:
|
initContainers:
|
||||||
|
|
|
@ -17,10 +17,14 @@ service:
|
||||||
http:
|
http:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
port: 3000
|
port: 3000
|
||||||
|
clusterIP: None
|
||||||
|
#loadBalancerIP:
|
||||||
|
#nodePort:
|
||||||
annotations:
|
annotations:
|
||||||
ssh:
|
ssh:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
port: 22
|
port: 22
|
||||||
|
clusterIP: None
|
||||||
#loadBalancerIP:
|
#loadBalancerIP:
|
||||||
#nodePort:
|
#nodePort:
|
||||||
#externalTrafficPolicy:
|
#externalTrafficPolicy:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user