gitea/helm-chart
45
54
Fork 127
Code Issues 30 Pull Requests 7 Actions Releases 87 Activity

Add support for rootless image #129

Closed
Starefossen wants to merge 4 commits from Starefossen/helm-chart:rootless into main
pull from: Starefossen/helm-chart:rootless
merge into: gitea:main
Conversation 10 Commits 4 Files Changed 5 +80 -26
5 changed files with 80 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
templates/_helpers.tpl
View File

@ -31,6 +31,16 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create image name and tag used by the deployment.
*/}}
{{- define "gitea.image" -}}
{{- $name := .Values.image.repository -}}
{{- $tag := ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") -}}
{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
{{- printf "%s:%s%s" $name $tag $rootless -}}
{{- end -}}
{{/*
Common labels
*/}}
@ -115,4 +125,4 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

21
templates/gitea/config.yaml
View File

@ -27,12 +27,12 @@ stringData:
{{- $_ := set .Values.gitea.config "security" dict -}}
{{- end -}}
luhahn commented 2021-04-12 09:19:44 +00:00
Review
Copy Link

In order to migrate from pre 1.14 to 1.14 we need this in config.yaml

{{- if not .Values.gitea.config.repository -}}
{{- $_ := set .Values.gitea.config "repository" dict -}}
{{- end -}}

{{- /* repo default settings */ -}}
{{- if not .Values.gitea.config.repository.ROOT -}}
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
{{- end -}}
In order to migrate from pre 1.14 to 1.14 we need this in config.yaml ```yaml {{- if not .Values.gitea.config.repository -}} {{- $_ := set .Values.gitea.config "repository" dict -}} {{- end -}} {{- /* repo default settings */ -}} {{- if not .Values.gitea.config.repository.ROOT -}} {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} {{- end -}} ```
{{- /* security default settings */ -}}
{{- /* security default settings */ -}}
{{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
{{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
{{- end -}}
{{- /* server default settings */ -}}
{{- /* server default settings */ -}}
{{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
{{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
{{- end -}}
@ -64,7 +64,16 @@ stringData:
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
{{- if not .Values.image.rootless -}}
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
{{- else -}}
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}}
{{- end -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}}
{{- if .Values.image.rootless -}}
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}}
{{- end -}}
{{- end -}}
{{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
{{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}}
@ -80,7 +89,7 @@ stringData:
{{- /* database default settings */ -}}
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
{{- end -}}
@ -88,7 +97,7 @@ stringData:
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
{{ else if .Values.gitea.database.builtIn.mysql.enabled -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
{{- if not (.Values.gitea.config.database.HOST) -}}
{{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}}
{{- end -}}
@ -113,7 +122,7 @@ stringData:
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
{{- end -}}
{{- end -}}
{{- /* autogenerate app.ini */ -}}
{{- range $key, $value := .Values.gitea.config }}
{{- if kindIs "map" $value }}
@ -127,4 +136,4 @@ stringData:
{{- else }}
{{ $key | upper }} = {{ $value }}
{{- end }}
{{- end }}
{{- end }}

7
templates/gitea/init.yaml
View File

@ -19,12 +19,17 @@ stringData:
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
mkdir -p /data/gitea/conf
# Copy config file to writable volume
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
chmod a+rwx /data/gitea/conf/app.ini
{{- if include "db.servicename" . }}
# Wait for database to become avialble
nc -v -w2 -z {{ include "db.servicename" . }} {{ include "db.port" . }} && \
{{- end }}
{{- if not .Values.image.rootless }}
su git -c ' \
{{- end }}
set -x; \
gitea migrate; \
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
@ -52,4 +57,6 @@ stringData:
{{- include "gitea.oauth_settings" . | nindent 6 }} \
) \
{{- end }}
{{- if not .Values.image.rootless }}
'
{{- end }}

30
templates/gitea/statefulset.yaml
View File

@ -36,13 +36,19 @@ spec:
fsGroup: 1000
initContainers:
- name: init
image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}"
image: "{{ include "gitea.image" . }}"
command: ["/usr/sbin/init_gitea.sh"]
env:
{{- range .Values.statefulset.env }}
- name: {{ .name | quote | nospace }}
value: {{ .value | quote }}
{{- end }}
- name: GITEA_APP_INI
value: /data/gitea/conf/app.ini
- name: GITEA_CUSTOM
value: /data/gitea
- name: GITEA_WORK_DIR
value: /data
{{- range .Values.statefulset.env }}
- name: {{ .name | quote | nospace }}
value: {{ .value | quote }}
{{- end }}
volumeMounts:
- name: init
mountPath: /usr/sbin
@ -56,7 +62,7 @@ spec:
terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ ternary .Values.image.version .Values.image.tag (hasKey .Values.image "version") }}"
image: "{{ include "gitea.image" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
# SSH Port values have to be set here as well for openssh configuration
@ -64,6 +70,14 @@ spec:
value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }}
- name: SSH_PORT
value: {{ .Values.gitea.config.server.SSH_PORT | quote }}
- name: GITEA_APP_INI
value: /data/gitea/conf/app.ini
- name: GITEA_CUSTOM
value: /data/gitea
- name: GITEA_WORK_DIR
value: /data
- name: GITEA_TEMP
value: /tmp/gitea
{{- range .Values.statefulset.env }}
- name: {{ .name | quote | nospace }}
value: {{ .value | quote }}
@ -121,6 +135,8 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
volumeMounts:
- name: temp
mountPath: /tmp/gitea
- name: data
mountPath: /data
{{- if .Values.extraVolumeMounts }}
@ -149,6 +165,8 @@ spec:
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
- name: temp
emptyDir: {}
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:

36
values.yaml
View File

@ -10,10 +10,20 @@ image:
repository: gitea/gitea
tag: 1.13.5
pullPolicy: Always
rootless: false # only possible when running 1.14 or later
imagePullSecrets: []
securityContext: {}
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# privileged: false
# readOnlyRootFilesystem: true
# runAsGroup: 1000
# runAsNonRoot: true
# runAsUser: 1000
service:
http:
@ -119,25 +129,25 @@ gitea:
ldap:
enabled: false
#name:
#securityProtocol:
#host:
#port:
#userSearchBase:
#userFilter:
#adminFilter:
#emailAttribute:
#bindDn:
#bindPassword:
#usernameAttribute:
#name:
#securityProtocol:
#host:
#port:
#userSearchBase:
#userFilter:
#adminFilter:
#emailAttribute:
#bindDn:
#bindPassword:
#usernameAttribute:
#sshPublicKeyAttribute:
oauth:
enabled: false
#name:
#provider:
#key:
#secret:
#key:
#secret:
#autoDiscoverUrl:
#useCustomUrls:
#customAuthUrl: