diff --git a/Chart.yaml b/Chart.yaml index 1dc9a13..be8ff92 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,7 +3,7 @@ name: gitea description: Gitea Helm chart for Kubernetes type: application version: 0.0.0 -appVersion: 1.13.7 +appVersion: 1.14.1 icon: https://docs.gitea.io/images/gitea.png keywords: diff --git a/README.md b/README.md index d2332f9..c453aec 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,13 @@ Dependencies: * Helm 3.0+ * PV provisioner for persistent data support +## Gitea Version 1.14.X repository ROOT + +Previously the ROOT folder for the gitea repositories was located at /data/git/gitea-repositories +1.14 changed this to /data/gitea-repositories. + +This chart will set the gitea.config.repository.ROOT value default to /data/git/gitea-repositories + ## Examples ### Gitea Configuration @@ -375,8 +382,9 @@ Annotations can be added to the Gitea pod. | Parameter | Description | Default | |---------------------|-----------------------------------|------------------------------| |image.repository| Image to start for this pod | gitea/gitea | -|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.13.7 | +|image.tag| [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated) | 1.14.1 | |image.pullPolicy| Image pull policy | Always | +|image.rootless | Wether or not to pull the rootless version of gitea, only works on gitea 1.14.x or higher | false | ### Persistence diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index b685865..4f2841c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -31,6 +31,16 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create image name and tag used by the deployment. +*/}} +{{- define "gitea.image" -}} +{{- $name := .Values.image.repository -}} +{{- $tag := ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") -}} +{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} +{{- printf "%s:%s%s" $name $tag $rootless -}} +{{- end -}} + {{/* Common labels */}} @@ -115,4 +125,4 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} {{- end -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/templates/gitea/config.yaml b/templates/gitea/config.yaml index 83c3154..6f1e74f 100644 --- a/templates/gitea/config.yaml +++ b/templates/gitea/config.yaml @@ -27,12 +27,21 @@ stringData: {{- $_ := set .Values.gitea.config "security" dict -}} {{- end -}} - {{- /* security default settings */ -}} + {{- if not .Values.gitea.config.repository -}} + {{- $_ := set .Values.gitea.config "repository" dict -}} + {{- end -}} + + {{- /* repository default settings */ -}} + {{- if not .Values.gitea.config.repository.ROOT -}} + {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} + {{- end -}} + + {{- /* security default settings */ -}} {{- if not .Values.gitea.config.security.INSTALL_LOCK -}} {{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}} {{- end -}} - {{- /* server default settings */ -}} + {{- /* server default settings */ -}} {{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}} {{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}} {{- end -}} @@ -64,7 +73,16 @@ stringData: {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} {{- end -}} {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} + {{- if not .Values.image.rootless -}} {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} + {{- else -}} + {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}} + {{- end -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} + {{- if .Values.image.rootless -}} + {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} + {{- end -}} {{- end -}} {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}} @@ -80,7 +98,7 @@ stringData: {{- /* database default settings */ -}} {{- if .Values.gitea.database.builtIn.postgresql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} @@ -88,7 +106,7 @@ stringData: {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}} {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}} {{ else if .Values.gitea.database.builtIn.mysql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}} {{- end -}} @@ -113,7 +131,7 @@ stringData: {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}} {{- end -}} {{- end -}} - + {{- /* autogenerate app.ini */ -}} {{- range $key, $value := .Values.gitea.config }} {{- if kindIs "map" $value }} @@ -127,4 +145,4 @@ stringData: {{- else }} {{ $key | upper }} = {{ $value }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 4fe4d1f..2b4b59d 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -20,18 +20,27 @@ stringData: mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh mkdir -p /data/gitea/conf + + # Copy config file to writable volume cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini chmod a+rwx /data/gitea/conf/app.ini {{- if include "db.servicename" . }} + # Wait for database to become avialble nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \ {{- end }} + {{- if not .Values.image.rootless }} su git -c ' \ + {{- end }} set -x; \ gitea migrate; \ {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} gitea admin create-user --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ || \ - gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \ + gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} \ + || \ + gitea admin user create --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ + || \ + gitea admin user change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \ {{- end }} {{- if .Values.gitea.ldap.enabled }} gitea admin auth add-ldap \ @@ -53,4 +62,6 @@ stringData: {{- include "gitea.oauth_settings" . | nindent 6 }} \ ) \ {{- end }} + {{- if not .Values.image.rootless }} ' + {{- end }} diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 4e19c9b..9b331fb 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -36,13 +36,18 @@ spec: fsGroup: 1000 initContainers: - name: init - image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" + image: "{{ include "gitea.image" . }}" command: ["/usr/sbin/init_gitea.sh"] env: - {{- range .Values.statefulset.env }} - - name: {{ .name | quote | nospace }} - value: {{ .value | quote }} - {{- end }} + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- end }} volumeMounts: - name: init mountPath: /usr/sbin @@ -56,7 +61,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}" + image: "{{ include "gitea.image" . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: # SSH Port values have to be set here as well for openssh configuration @@ -64,9 +69,16 @@ spec: value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }} - name: SSH_PORT value: {{ .Values.gitea.config.server.SSH_PORT | quote }} - {{- range .Values.statefulset.env }} - - name: {{ .name | quote | nospace }} - value: {{ .value | quote }} + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + - name: GITEA_TEMP + value: /tmp/gitea + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} {{- end }} ports: - name: ssh @@ -121,6 +133,8 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} volumeMounts: + - name: temp + mountPath: /tmp/gitea - name: data mountPath: /data {{- if .Values.extraVolumeMounts }} @@ -149,6 +163,8 @@ spec: {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} + - name: temp + emptyDir: {} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: diff --git a/values.yaml b/values.yaml index 5c4c860..bec2288 100644 --- a/values.yaml +++ b/values.yaml @@ -8,12 +8,22 @@ clusterDomain: cluster.local image: repository: gitea/gitea - tag: 1.13.7 + tag: 1.14.1 pullPolicy: Always + rootless: false # only possible when running 1.14 or later imagePullSecrets: [] securityContext: {} +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - ALL +# privileged: false +# readOnlyRootFilesystem: true +# runAsGroup: 1000 +# runAsNonRoot: true +# runAsUser: 1000 service: http: @@ -119,25 +129,25 @@ gitea: ldap: enabled: false - #name: - #securityProtocol: - #host: - #port: - #userSearchBase: - #userFilter: - #adminFilter: - #emailAttribute: - #bindDn: - #bindPassword: - #usernameAttribute: + #name: + #securityProtocol: + #host: + #port: + #userSearchBase: + #userFilter: + #adminFilter: + #emailAttribute: + #bindDn: + #bindPassword: + #usernameAttribute: #sshPublicKeyAttribute: oauth: enabled: false #name: #provider: - #key: - #secret: + #key: + #secret: #autoDiscoverUrl: #useCustomUrls: #customAuthUrl: