187243937c
There is a mistake in the documentation for MariaDB persistence. It states that you should set mariadb.persistence.enabled to true but it as actually mariadb.master.persistence.enabled (see sample below). Without it, it only create volumes with EmptyDir that does not survive if the pod is deleted or moved to another node |
||
|---|---|---|
| charts | ||
| templates | ||
| Chart.lock | ||
| Chart.yaml | ||
| LICENSE | ||
| README.md | ||
| requirements.yaml | ||
| values.yaml | ||
Gitea
Gitea is a lightweight GitHub clone. This is for those who wish to self host their own git repos on kubernetes.
This chart is based upon the work done by @jfelten
TLDR
helm repo add k8s-land https://charts.k8s.land
helm install gitea k8s-land/gitea
Introduction
This chart bootstraps both Gitea and MariaDB.
In this chart, the following are ran:
- Gitea
- Memcached
- Mariadb
Prerequisites
- Kubernetes 1.12+
- Helm 3.0+
- PV provisioner for persistent data support
Installing the Chart
By default, we use ingress to expose the service.
To install WITHOUT persistent storage / development:
helm repo add k8s-land https://charts.k8s.land
helm install gitea k8s-land/gitea
For production / installing with persistent data:
helm show values k8s-land/gitea > values.yaml
vim values.yaml # Edit to enable persistent storage
helm install gitea k8s-land/gitea -f values.yaml
Database Configuration
By default, we will launch a Mariadb database:
mariadb:
enabled: true
To use an external database, disable the in-pod database and fill in the "externalDB" values:
mariadb:
enabled: false
#Connect to an external database
externalDB:
dbUser: "postgres"
dbPassword: "<MY_PASSWORD>"
dbHost: "db-service-name.namespace.svc.cluster.local" # or some external host
dbPort: "5432"
dbDatabase: "gitea"
Persistent Data
By default, persistent data is not enabled and thus you'll have to enable it from within the values.yaml.
Unless otherwise set to true, data will be deleted when the Pod is restarted.
To prevent data loss, we will enable persistent data.
First, enable persistency:
persistence:
enabled: true
If you wish for helm NOT to replace data when re-deploying (updating the chart), add the resource-policy annotation:
persistence:
annotations:
"helm.sh/resource-policy": keep
To use a previously created PVC / volume, use the following:
existingGiteaClaim: gitea-gitea
Ingress And External Host/Ports
Gitea requires ports to be exposed for accessibility. The recommended way is using ingress, however, you can supply LoadBalancer to your values alternatively.
By default, we expose via an ingress:
To expose via an ingress:
ingress:
enabled: true
To expose the web application this chart will generate an ingress using the ingress controller of choice if specified. If an ingress is enabled services.http.externalHost must be specified. To expose SSH services it relies on either a LoadBalancer or NodePort.
Upgrading
When upgrading, make sure you have the following enabled:
- Persistency for both Gitea + mariadb (you have to set both the db user password
mariadb.db.passwordand root usermariadb.rootUser.password) - Using
existingGiteaClaim - Due to using the bitnami/mariadb chart, make sure to HARDCODE your passwords within
values.yaml. Or else you'll be unable to update mariadb
Configuration
Refer to values.yaml for the full run-down on defaults.
The following table lists the configurable parameters of this chart and their default values.
| Parameter | Description | Default |
|---|
Global parameters
| images.gitea | gitea image | gitea/gitea:1.9.3 |
| images.memcached | memcached image | memcached:1.5.19-alpine |
| images.pullPolicy | Image pull policy | IfNotPresent |
| images.pullSecrets | Specify an array of pull secrets | [] |
| memcached.maxItemMemory | Max item memory | 64 |
| memcached.verbosity | Verbosity | v |
| memcached.extendedOptions | Extended options for memcached | modern |
Ingress parameters
| ingress.enabled | Switch to create ingress for this chart deployment | true |
| ingress.hostname | Hostname to be used for the ingress | gitea.local |
| ingress.certManager | Asks if we want to use cert-manager or not (let's encrypt, etc.) | true |
| ingress.annotations | Annotations used by the ingress | [] |
| ingress.hosts | Additional hosts to be used by the ingress | [] |
| ingress.tls | TLS secret keys to be used with Gitea | [] |
Gitea parameters
| service.http.serviceType | type of kubernetes services used for http i.e. ClusterIP, NodePort or LoadBalancer | ClusterIP |
| service.http.port | http port for web traffic | 3000 |
| service.http.NodePort | Manual NodePort for web traffic | nil |
| service.http.externalPort | Port exposed on the internet by a load balancer or firewall that redirects to the ingress or NodePort | 8280 |
| service.http.externalHost | IP or DNS name exposed on the internet by a load balancer or firewall that redirects to the ingress or Node for http traffic | gitea.local |
| service.ssh.serviceType | type of kubernetes services used for ssh i.e. ClusterIP, NodePort or LoadBalancer | ClusterIP |
| service.ssh.port | http port for web traffic | 22 |
| service.ssh.NodePort | Manual NodePort for ssh traffic | nil |
| service.ssh.externalPort | Port exposed on the internet by a load balancer or firewall that redirects to the ingress or NodePort | nil |
| service.ssh.externalHost | IP or DNS name exposed on the internet by a load balancer or firewall that redirects to the ingress or Node for http traffic | gitea.local |
| resources.gitea.requests.memory | gitea container memory request | 500Mi |
| resources.gitea.requests.cpu | gitea container request cpu | 1000m |
| resources.gitea.limits.memory | gitea container memory limits | 2Gi |
| resources.gitea.limits.cpu | gitea container CPU/Memory resource requests/limits | 1 |
| resources.memcached.requests.memory | memcached container memory request | 64Mi |
| resources.memcached.requests.cpu | memcached container request cpu | 50m |
| persistence.enabled | Create PVCs to store gitea data | false |
| persistence.existingGiteaClaim | Already existing PVC that should be used for gitea data. | nil |
| persistence.giteaSize | Size of gitea pvc to create | 10Gi |
| persistence.annotations | Annotations to set on created PVCs | nil |
| persistence.storageClass | StorageClass to use for dynamic provision if not 'default' | nil |
| podAnnotations | Annotations to set on the pod | {} |
Database parameters
| mariadb.enabled | Enable or disable mariadb | true |
| mariadb.rootUser.password | MariaDB admin password: you must hardcode it if you want to support upgrades | nil |
| mariadb.replication.enabled | Enable or disable replication | false |
| mariadb.db.name | Database name to create | gitea |
| mariadb.db.user | Database user to create | gitea |
| mariadb.db.password | Password for the database: you must hardcode it if you want to support upgrades | _random 10 character long alphanumeric |
| mariadb.master.persistence.enabled | Enable or disable persistence | true |
| mariadb.master.persistence.accessMode | What access mode to use | ReadWriteOnce |
| mariadb.master.persistence.size | What size of database to use | 8Gi |
| externalDB.dbUser | external db user | unset |
| externalDB.dbPassword | external db password | unset |
| externalDB.dbHost | external db host | unset |
| externalDB.dbPort | external db port | unset |
| externalDB.dbDatabase | external db database name | unset |
Gitea configuration
| config.disableInstaller | Disable the installer | false |
| config.offlineMode | Sets Gitea's Offline Mode. Values are true or false. | false |
| config.requireSignin | Require Gitea user to be signed in to see any pages. Values are true or false. | false |
| config.disableRegistration | Disable Gitea's user registration. Values are true or false. | false |
| config.openidSignin | Allow login with OpenID. Values are true or false. | true |
| nodeSelector | Node to be selected | {} |
| affinity | Affinity settings for pod assignment | {} |
| tolerations | Toleration labels for pod assignment | [] |
| deploymentAnnotations | Deployment annotations to be used | {} |
| podAnnotations | Pod deployment annotations to be used | {} |