Add support for rootless image #129
|
@ -31,6 +31,16 @@ Create chart name and version as used by the chart label.
|
|||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create image name and tag used by the deployment.
|
||||
*/}}
|
||||
{{- define "gitea.image" -}}
|
||||
{{- $name := .Values.image.repository -}}
|
||||
{{- $tag := ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") -}}
|
||||
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
|
||||
{{- printf "%s:%s%s" $name $tag $rootless -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
|
@ -115,4 +125,4 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -27,12 +27,12 @@ stringData:
|
|||
{{- $_ := set .Values.gitea.config "security" dict -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- /* security default settings */ -}}
|
||||
{{- /* security default settings */ -}}
|
||||
{{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
|
||||
{{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /* server default settings */ -}}
|
||||
{{- /* server default settings */ -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
|
||||
{{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
|
||||
{{- end -}}
|
||||
|
@ -64,7 +64,16 @@ stringData:
|
|||
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
|
||||
{{- if not .Values.image.rootless -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}}
|
||||
{{- if .Values.image.rootless -}}
|
||||
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
|
||||
{{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}}
|
||||
|
@ -80,7 +89,7 @@ stringData:
|
|||
|
||||
{{- /* database default settings */ -}}
|
||||
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
|
||||
{{- end -}}
|
||||
|
@ -88,7 +97,7 @@ stringData:
|
|||
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
|
||||
{{ else if .Values.gitea.database.builtIn.mysql.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}}
|
||||
{{- end -}}
|
||||
|
@ -113,7 +122,7 @@ stringData:
|
|||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- /* autogenerate app.ini */ -}}
|
||||
{{- range $key, $value := .Values.gitea.config }}
|
||||
{{- if kindIs "map" $value }}
|
||||
|
@ -127,4 +136,4 @@ stringData:
|
|||
{{- else }}
|
||||
{{ $key | upper }} = {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -19,12 +19,17 @@ stringData:
|
|||
mkdir -p /data/git/.ssh
|
||||
chmod -R 700 /data/git/.ssh
|
||||
mkdir -p /data/gitea/conf
|
||||
|
||||
# Copy config file to writable volume
|
||||
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
|
||||
chmod a+rwx /data/gitea/conf/app.ini
|
||||
{{- if include "db.servicename" . }}
|
||||
# Wait for database to become avialble
|
||||
nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
|
||||
{{- end }}
|
||||
{{- if not .Values.image.rootless }}
|
||||
su git -c ' \
|
||||
{{- end }}
|
||||
set -x; \
|
||||
gitea migrate; \
|
||||
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
|
||||
|
@ -52,4 +57,6 @@ stringData:
|
|||
{{- include "gitea.oauth_settings" . | nindent 6 }} \
|
||||
) \
|
||||
{{- end }}
|
||||
{{- if not .Values.image.rootless }}
|
||||
'
|
||||
{{- end }}
|
||||
|
|
|
@ -36,13 +36,19 @@ spec:
|
|||
fsGroup: 1000
|
||||
initContainers:
|
||||
- name: init
|
||||
image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}"
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
command: ["/usr/sbin/init_gitea.sh"]
|
||||
env:
|
||||
{{- range .Values.statefulset.env }}
|
||||
- name: {{ .name | quote | nospace }}
|
||||
value: {{ .value | quote }}
|
||||
{{- end }}
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
- name: GITEA_CUSTOM
|
||||
value: /data/gitea
|
||||
- name: GITEA_WORK_DIR
|
||||
value: /data
|
||||
{{- range .Values.statefulset.env }}
|
||||
- name: {{ .name | quote | nospace }}
|
||||
value: {{ .value | quote }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: init
|
||||
mountPath: /usr/sbin
|
||||
|
@ -56,7 +62,7 @@ spec:
|
|||
terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}"
|
||||
image: "{{ include "gitea.image" . }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
env:
|
||||
# SSH Port values have to be set here as well for openssh configuration
|
||||
|
@ -64,6 +70,14 @@ spec:
|
|||
value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
|
||||
- name: SSH_PORT
|
||||
value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
|
||||
- name: GITEA_APP_INI
|
||||
value: /data/gitea/conf/app.ini
|
||||
- name: GITEA_CUSTOM
|
||||
value: /data/gitea
|
||||
- name: GITEA_WORK_DIR
|
||||
value: /data
|
||||
- name: GITEA_TEMP
|
||||
value: /tmp/gitea
|
||||
{{- range .Values.statefulset.env }}
|
||||
- name: {{ .name | quote | nospace }}
|
||||
value: {{ .value | quote }}
|
||||
|
@ -121,6 +135,8 @@ spec:
|
|||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
volumeMounts:
|
||||
- name: temp
|
||||
mountPath: /tmp/gitea
|
||||
- name: data
|
||||
mountPath: /data
|
||||
{{- if .Values.extraVolumeMounts }}
|
||||
|
@ -149,6 +165,8 @@ spec:
|
|||
{{- if .Values.extraVolumes }}
|
||||
{{- toYaml .Values.extraVolumes | nindent 8 }}
|
||||
{{- end }}
|
||||
- name: temp
|
||||
emptyDir: {}
|
||||
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
|
|
36
values.yaml
36
values.yaml
|
@ -10,10 +10,20 @@ image:
|
|||
repository: gitea/gitea
|
||||
tag: 1.13.5
|
||||
pullPolicy: Always
|
||||
rootless: false # only possible when running 1.14 or later
|
||||
|
||||
imagePullSecrets: []
|
||||
|
||||
securityContext: {}
|
||||
# allowPrivilegeEscalation: false
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# privileged: false
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsGroup: 1000
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
service:
|
||||
http:
|
||||
|
@ -119,25 +129,25 @@ gitea:
|
|||
|
||||
ldap:
|
||||
enabled: false
|
||||
#name:
|
||||
#securityProtocol:
|
||||
#host:
|
||||
#port:
|
||||
#userSearchBase:
|
||||
#userFilter:
|
||||
#adminFilter:
|
||||
#emailAttribute:
|
||||
#bindDn:
|
||||
#bindPassword:
|
||||
#usernameAttribute:
|
||||
#name:
|
||||
#securityProtocol:
|
||||
#host:
|
||||
#port:
|
||||
#userSearchBase:
|
||||
#userFilter:
|
||||
#adminFilter:
|
||||
#emailAttribute:
|
||||
#bindDn:
|
||||
#bindPassword:
|
||||
#usernameAttribute:
|
||||
#sshPublicKeyAttribute:
|
||||
|
||||
oauth:
|
||||
enabled: false
|
||||
#name:
|
||||
#provider:
|
||||
#key:
|
||||
#secret:
|
||||
#key:
|
||||
#secret:
|
||||
#autoDiscoverUrl:
|
||||
#useCustomUrls:
|
||||
#customAuthUrl:
|
||||
|
|
Loading…
Reference in New Issue
Block a user
In order to migrate from pre 1.14 to 1.14 we need this in config.yaml