Add support for rootless image #129

Starefossen · 2021-03-03T18:20:03Z

Starefossen commented

2021-03-03 18:20:03 +00:00

This pull request adds rootless support that has been introduced in the upcoming v1.14 version (latest-rootless tag). The rootless image is a requirement for running as an non-root user which is reccomended best practice – even inside contaienrs.

The changes here are based on the discussion in #115.

? There are some differences with default variables in the two images which presents some challenges with supporting both.

Tasks

add image.rootless boolean option
container image name with -rootles suffix
disable su git in init script when running rootless
set required environment variables
create writable tmp volume

This pull request adds rootless support that has been introduced in the upcoming v1.14 version (`latest-rootless` tag). The rootless image is a requirement for running as an non-root user which is reccomended best practice – even inside contaienrs. The changes here are based on the discussion in #115. ? There are some differences with default variables in the two images which presents some challenges with supporting both. #### Tasks * [x] add `image.rootless` boolean option * [x] container image name with `-rootles` suffix * [x] disable `su git` in init script when running rootless * [x] set required environment variables * [x] create writable tmp volume

👍 3

Starefossen force-pushed rootless from a3b9c2531b to a6dde4f4f3

2021-03-03 18:26:56 +00:00

Compare

Starefossen force-pushed rootless from cb536708a0 to 93390c3693

2021-03-06 10:19:32 +00:00

Compare

Starefossen changed title from ~~WIP: Add support for rootless image~~ to Add support for rootless image

2021-03-06 22:34:48 +00:00

Starefossen added spent time 2021-03-06 22:35:01 +00:00

4h

Starefossen commented

2021-03-06 22:35:43 +00:00

This is ready for review. I am currently running this for my installation.

sapk commented

2021-04-04 15:57:02 +00:00

Thanks, I will try this on my new install. Can you rebase the PR ?

Starefossen force-pushed rootless from d163eb0463 to d549cc675a

2021-04-04 18:47:45 +00:00

Compare

Starefossen commented

2021-04-04 18:49:36 +00:00

@sapk rebased, I have running this in production since I opened the PR. Working great so far ?

👍 1

sapk approved these changes 2021-04-04 20:38:19 +00:00

Dismissed

sapk left a comment

Yes this seems good. It would jsut need to add the rootless value to the README.md to indicate it but it can be done later since by default false.

sapk commented

2021-04-04 20:58:57 +00:00

I had to move the gitea-repositories inside the pvc to migrate from an non-rootless image.
This should be a common path rewrite with any docker rootless migration since path were pretty bad before. This comment is just if someone encounter the same problem.

mv git/gitea-repositories ./

I had to move the `gitea-repositories` inside the pvc to migrate from an non-rootless image. This should be a common path rewrite with any docker rootless migration since path were pretty bad before. This comment is just if someone encounter the same problem. ```bash mv git/gitea-repositories ./ ```

luhahn commented

2021-04-06 08:16:44 +00:00

Hi there, sorry for the late response. I will fokus on this PR this week.

luhahn requested changes 2021-04-12 08:45:50 +00:00

Dismissed

luhahn left a comment

Currently getting Error 500 on existing repositories when upgrading.

I'm looking into this issue

Currently getting Error 500 on existing repositories when upgrading. I'm looking into this issue

luhahn requested changes 2021-04-12 09:19:49 +00:00

Dismissed

templates/gitea/config.yaml

						
				@ -27,12 +27,12 @@ stringData:

				    {{- $_ := set .Values.gitea.config "security" dict -}}

				    {{- end -}}

luhahn commented

2021-04-12 09:19:44 +00:00

In order to migrate from pre 1.14 to 1.14 we need this in config.yaml

{{- if not .Values.gitea.config.repository -}}
{{- $_ := set .Values.gitea.config "repository" dict -}}
{{- end -}}

{{- /* repo default settings */ -}}
{{- if not .Values.gitea.config.repository.ROOT -}}
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
{{- end -}}

In order to migrate from pre 1.14 to 1.14 we need this in config.yaml ```yaml {{- if not .Values.gitea.config.repository -}} {{- $_ := set .Values.gitea.config "repository" dict -}} {{- end -}} {{- /* repo default settings */ -}} {{- if not .Values.gitea.config.repository.ROOT -}} {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} {{- end -}} ```

luhahn commented

2021-04-12 09:23:15 +00:00

@Starefossen please rebase and add the suggested lines into config.yaml :)

luhahn requested changes 2021-04-19 08:42:31 +00:00

luhahn left a comment

Readding change request

luhahn commented

2021-04-19 08:43:12 +00:00

@Starefossen any news on when you can back to this commit and do the changes, so we can merge it ?

Dunky13 commented

2021-04-19 13:10:25 +00:00

Looking forward to this upgrade, do you guys have any ETA on this?

luhahn commented

2021-04-22 07:02:01 +00:00

@Dunky13 IF Starefossen will not reply until tomorrow i will cherry-pick all pending changes into a single branch from the currently open PRs and prepare an update

👍 1

luhahn referenced this pull request

2021-04-23 13:07:09 +00:00

gitea-1.14.x-updates #148

luhahn commented

2021-04-23 13:10:07 +00:00

now included in #148

now included in https://gitea.com/gitea/helm-chart/pulls/148

luhahn closed this pull request

2021-04-23 13:40:42 +00:00

luhahn referenced this issue from a commit

2021-04-29 09:12:49 +00:00