gitea/helm-chart
45
54
Fork 127
Code Issues 30 Pull Requests 8 Actions Releases 87 Activity

Unable to switch gitea.config.server.PROTOCOL back to http from https without deleting pod #344

New Issue
Closed
opened 2022-08-10 15:33:55 +00:00 by kindrobot · 5 comments
kindrobot commented 2022-08-10 15:33:55 +00:00
Copy Link

Summary

I use Gitea on k8s behind a Caddy reverse proxy which does SSL termination. I was trying to upgrade my Gitea helm deployment so that the public URL it showed was https (e.g. for cloning). I mistakenly changed gitea.config.server.PROTOCOL to https which caused gitea to fail to start because I didn't have a certificate set up. However, after switching PROTOCOL back to http and upgrading, gitea still tried to start HTTPS and crashed. I ended up having to delete the pod and upgrade to get it to "take" the http value for PROTOCOL.

Steps to reproduce

  1. run helm3 install gitea-issue gitea-charts/gitea --values values.yaml with the following values.yml

    global:
  storageClass: "nfs-csi"

replicaCount: 1

ingress:
  enabled: true
  hosts:
    - host: git-issue.kindrobot.ca
      paths:
        - path: /
          pathType: Prefix
  tls: []

gitea:
  admin:
    username: AzureDiamond
    password: hunter2
    email: "me@example.com"
  config:
    service:
      DISABLE_REGISTRATION: true
`

  2. visit gitea instance; observe that it's running

  3. run helm3 upgrade gitea-issue gitea-charts/gitea --values values.yaml with the following values

    global:
  storageClass: "nfs-csi"

replicaCount: 1

ingress:
  enabled: true
  hosts:
    - host: git-issue.kindrobot.ca
      paths:
        - path: /
          pathType: Prefix
  tls: []

gitea:
  admin:
    username: AzureDiamond
    password: hunter2
    email: "me@example.com"
  config:
    server:
      PROTOCOL: https
    service:
      DISABLE_REGISTRATION: true
`

  4. visit gitea instance; observe 503 nginx error (expected as SSL cert has not been configured)

  5. run kubectl logs gitea-issue-0 observe

    2022/08/10 15:20:39 cmd/web.go:208:listen() [I] Listen: https://0.0.0.0:3000
2022/08/10 15:20:39 cmd/web.go:212:listen() [I] AppURL(ROOT_URL): https://git-issue.kindrobot.ca/
2022/08/10 15:20:39 cmd/web_https.go:171:runHTTPS() [E] Failed to load https cert file  for tcp:0.0.0.0:3000: open : no such file or directory
2022/08/10 15:20:39 cmd/web.go:258:listen() [C] Failed to start server: open : no such file or directory
2022/08/10 15:20:39 cmd/web.go:260:listen() [I] HTTP Listener: 0.0.0.0:3000 Closed

  6. run helm3 upgrade gitea-issue gitea-charts/gitea --values values.yaml with the following values

    global:
  storageClass: "nfs-csi"

replicaCount: 1

ingress:
  enabled: true
  hosts:
    - host: git-issue.kindrobot.ca
      paths:
        - path: /
          pathType: Prefix
  tls: []

gitea:
  admin:
    username: AzureDiamond
    password: hunter2
    email: "me@example.com"
  config:
    server:
      PROTOCOL: http
    service:
      DISABLE_REGISTRATION: true
`

  7. visit gitea instance; observe 503 nginx error (unexpected, because PROTOCOL was explicitly set back to http)

  8. run kubectl logs gitea-issue-0 observe

    2022/08/10 15:21:11 cmd/web.go:208:listen() [I] Listen: https://0.0.0.0:3000
2022/08/10 15:21:11 cmd/web.go:212:listen() [I] AppURL(ROOT_URL): https://git-issue.kindrobot.ca/
2022/08/10 15:21:11 cmd/web_https.go:171:runHTTPS() [E] Failed to load https cert file  for tcp:0.0.0.0:3000: open : no such file or directory
2022/08/10 15:21:11 cmd/web.go:258:listen() [C] Failed to start server: open : no such file or directory
2022/08/10 15:21:11 cmd/web.go:260:listen() [I] HTTP Listener: 0.0.0.0:3000 Closed

Work around

  1. run kubectl delete gitea-issue-0
  2. run helm3 upgrade gitea-issue gitea-charts/gitea --values values.yaml with PROTOCOL set to html
  3. visit gitea instance; observe everything working fine
## Summary I use Gitea on k8s behind a Caddy reverse proxy which does SSL termination. I was trying to upgrade my Gitea helm deployment so that the public URL it showed was https (e.g. for cloning). I mistakenly changed `gitea.config.server.PROTOCOL` to `https` which caused gitea to fail to start because I didn't have a certificate set up. However, after switching `PROTOCOL` back to `http` and upgrading, gitea still tried to start HTTPS and crashed. I ended up having to delete the pod and upgrade to get it to "take" the `http` value for `PROTOCOL`. ## Steps to reproduce 1. run `helm3 install gitea-issue gitea-charts/gitea --values values.yaml` with the following values.yml ```yaml global: storageClass: "nfs-csi" replicaCount: 1 ingress: enabled: true hosts: - host: git-issue.kindrobot.ca paths: - path: / pathType: Prefix tls: [] gitea: admin: username: AzureDiamond password: hunter2 email: "me@example.com" config: service: DISABLE_REGISTRATION: true ` 1. visit gitea instance; observe that it's running 1. run `helm3 upgrade gitea-issue gitea-charts/gitea --values values.yaml` with the following values ```yaml global: storageClass: "nfs-csi" replicaCount: 1 ingress: enabled: true hosts: - host: git-issue.kindrobot.ca paths: - path: / pathType: Prefix tls: [] gitea: admin: username: AzureDiamond password: hunter2 email: "me@example.com" config: server: PROTOCOL: https service: DISABLE_REGISTRATION: true ` 1. visit gitea instance; observe 503 nginx error (expected as SSL cert has not been configured) 1. run `kubectl logs gitea-issue-0` observe ``` 2022/08/10 15:20:39 cmd/web.go:208:listen() [I] Listen: https://0.0.0.0:3000 2022/08/10 15:20:39 cmd/web.go:212:listen() [I] AppURL(ROOT_URL): https://git-issue.kindrobot.ca/ 2022/08/10 15:20:39 cmd/web_https.go:171:runHTTPS() [E] Failed to load https cert file for tcp:0.0.0.0:3000: open : no such file or directory 2022/08/10 15:20:39 cmd/web.go:258:listen() [C] Failed to start server: open : no such file or directory 2022/08/10 15:20:39 cmd/web.go:260:listen() [I] HTTP Listener: 0.0.0.0:3000 Closed ``` 1. run `helm3 upgrade gitea-issue gitea-charts/gitea --values values.yaml` with the following values ```yaml global: storageClass: "nfs-csi" replicaCount: 1 ingress: enabled: true hosts: - host: git-issue.kindrobot.ca paths: - path: / pathType: Prefix tls: [] gitea: admin: username: AzureDiamond password: hunter2 email: "me@example.com" config: server: PROTOCOL: http service: DISABLE_REGISTRATION: true ` 1. visit gitea instance; observe 503 nginx error (unexpected, because `PROTOCOL` was explicitly set back to `http`) 1. run `kubectl logs gitea-issue-0` observe ``` 2022/08/10 15:21:11 cmd/web.go:208:listen() [I] Listen: https://0.0.0.0:3000 2022/08/10 15:21:11 cmd/web.go:212:listen() [I] AppURL(ROOT_URL): https://git-issue.kindrobot.ca/ 2022/08/10 15:21:11 cmd/web_https.go:171:runHTTPS() [E] Failed to load https cert file for tcp:0.0.0.0:3000: open : no such file or directory 2022/08/10 15:21:11 cmd/web.go:258:listen() [C] Failed to start server: open : no such file or directory 2022/08/10 15:21:11 cmd/web.go:260:listen() [I] HTTP Listener: 0.0.0.0:3000 Closed ``` ## Work around 1. run `kubectl delete gitea-issue-0` 1. run `helm3 upgrade gitea-issue gitea-charts/gitea --values values.yaml` with `PROTOCOL` set to `html` 1. visit gitea instance; observe everything working fine
justusbunsi commented 2022-08-10 22:41:50 +00:00
Member
Copy Link

It might be a bug with the checksums for configmap or secret content. Thanks for the detailed description.

It might be a bug with the checksums for configmap or secret content. Thanks for the detailed description.
justusbunsi commented 2022-08-21 15:46:52 +00:00
Member
Copy Link

So, the checksums are generated as expected. It has something to do with statefulset being in a pending state from the previous attempt (using https). For some reason it does not replace the pod automatically in such case. Further investigate required. Maybe even forcing pod removal in such case using Helm hooks.

Right now it seems a "natural" behavior and the pod must be removed manually.

So, the checksums are generated as expected. It has something to do with statefulset being in a pending state from the previous attempt (using https). For some reason it does not replace the pod automatically in such case. Further investigate required. Maybe even forcing pod removal in such case using Helm hooks. Right now it seems a "natural" behavior and the pod must be removed manually.
pat-s commented 2023-02-26 12:59:50 +00:00
Member
Copy Link

I guess this might be a case of "too much investigation/work needed" for too less gain?

@justusbunsi I'd favor closing here unless you have immediate plans to tackle this? Primarily to clean up a bit and not having such unclear/minor issues hanging around.

I guess this might be a case of "too much investigation/work needed" for too less gain? @justusbunsi I'd favor closing here unless you have immediate plans to tackle this? Primarily to clean up a bit and not having such unclear/minor issues hanging around.
justusbunsi commented 2023-02-26 15:48:43 +00:00
Member
Copy Link

The behavior of not being able to restore default values in app.ini is a duplicate of #356 and as stated there, a regression of #239. This will be fixed sooner or later.

The requirement of replacing the pod itself is how the Chart currently works. For an actual on-the-fly configuration Gitea must be able to

  • reload app.ini changes without restarting the server, and
  • provide either an endpoint for posting a whole configuration file that is being processed or allow specifying an internal token that can be used to call existing API endpoints to configure the instance

This is something I am thinking about for quite some time now. And it requires some fundamental changes in Gitea and the Helm Chart. At some point I like to realize such kind of Configuration as Code for Gitea.

All in all I agree that we can close this issue as duplicate of #356.

The behavior of not being able to restore default values in app.ini is a duplicate of #356 and as stated there, a regression of #239. This will be fixed sooner or later. The requirement of replacing the pod itself is how the Chart currently works. For an actual on-the-fly configuration Gitea must be able to - reload app.ini changes without restarting the server, and - provide either an endpoint for posting a whole configuration file that is being processed or allow specifying an internal token that can be used to call existing API endpoints to configure the instance This is something I am thinking about for quite some time now. And it requires some fundamental changes in Gitea and the Helm Chart. At some point I like to realize such kind of Configuration as Code for Gitea. All in all I agree that we can close this issue as duplicate of #356.
pat-s commented 2023-05-19 20:09:18 +00:00
Member
Copy Link

Duplicate of #356

Duplicate of #356
pat-s closed this issue 2023-05-19 20:09:19 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
renovate/workflow-dependencies-(minor-and-patch)
app-ini-recreation
fix-env-to-ini
clean-app-ini
gitea-ha
v10.1.4
v10.1.3
v10.1.2
v10.1.1
v10.1.0
v10.0.2
v10.0.1
v10.0.0
v9.6.1
v9.6.0
v9.5.1
v9.5.0
v9.4.0
v9.3.0
v9.2.1
v9.2.0
v9.1.0
v9.0.4
v9.0.3
v9.0.2
v9.0.1
v9.0.0
v8.3.0
v8.2.0
v8.1.0
v8.0.3
v8.0.2
v8.0.1
v8.0.0
v7.0.4
v7.0.3
v7.0.2
v7.0.1
v7.0.0
v6.0.5
v6.0.4
v6.0.3
v6.0.2
v6.0.1
v6.0.0
v5.0.9
v5.0.8
v5.0.7
v5.0.6
v5.0.5
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
v4.1.1
v4.1.0
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.0.0
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.11
v2.1.10
v2.1.9
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
Labels
Clear labels   
has
backport

  
in progress

   
invalid
  
kind
breaking

  
kind
bug

  
kind
build

  
kind
dependency

  
kind
deployment

  
kind
docs

  
kind
enhancement

  
kind
feature

  
kind
lint

  
kind
proposal

  
kind
question

  
kind
refactor

  
kind
security

  
kind
testing

  
kind
translation

  
kind
ui

  
need
backport

  
priority
critical

  
priority
low

  
priority
maybe

  
priority
medium

  
reviewed
duplicate

  
reviewed
invalid

  
reviewed
wontfix

  
skip-changelog
  
status
blocked

  
status
needs-feedback

  
status
needs-reviews

  
status
wip

  
upstream
gitea

  
upstream
other

No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/helm-chart#344
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?