diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ebe51d3 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = false +insert_final_newline = false \ No newline at end of file diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 6320f35..305545f 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -129,14 +129,12 @@ MD041: MD044: # List of proper names names: - - Gitea - - PostgreSQL - - MariaDB - - MySQL - - Memcached - - Prometheus - - Git - - GitOps + - Gitea + - PostgreSQL + - Memcached + - Prometheus + - Git + - GitOps # Include code blocks code_blocks: false diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml index 14bb5e3..439e048 100644 --- a/.woodpecker/lint.yml +++ b/.woodpecker/lint.yml @@ -15,7 +15,6 @@ pipeline: pull: true commands: - apk add --no-cache helm - - helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - helm dependency build helm-lint: @@ -48,3 +47,9 @@ pipeline: - apk add --no-cache make nodejs npm git - make readme - git diff --exit-code --name-only README.md + + yaml-lint: + image: cytopia/yamllint:alpine-1 + pull: true + commands: + - yamllint -f colored . diff --git a/.woodpecker/release-version.yml b/.woodpecker/release-version.yml index 9837477..aff779c 100644 --- a/.woodpecker/release-version.yml +++ b/.woodpecker/release-version.yml @@ -14,7 +14,6 @@ pipeline: pull: true commands: - apk add --no-cache git nodejs npm helm - - helm repo add bitnami https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - helm dependency build - rm -rf tmp/ - helm package --version "${CI_COMMIT_TAG##v}" -d tmp/ ./ diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..90128be --- /dev/null +++ b/.yamllint @@ -0,0 +1,20 @@ +--- +extends: default + +ignore: | + .yamllint + node_modules + templates + + +rules: + truthy: + allowed-values: ['true', 'false'] + check-keys: False + level: error + line-length: disable + document-start: disable + comments: + min-spaces-from-content: 1 + braces: + max-spaces-inside: 2 \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 78f77d9..7f8f4f0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,6 +14,7 @@ When using Visual Studio Code as IDE, following plugins might be useful: - [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) - [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint) - [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense) +- [Prettier - Code formatter](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) ## Documentation Requirements @@ -55,7 +56,7 @@ be used: ```bash # install the unittest plugin -$ helm plugin install https://github.com/heyhabito/helm-unittest +$ helm plugin install https://github.com/helm-unittest/helm-unittest # run the unittests make unittests diff --git a/Chart.lock b/Chart.lock index ec9cd8b..6e0c73f 100644 --- a/Chart.lock +++ b/Chart.lock @@ -2,14 +2,8 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts version: 6.3.14 -- name: mysql - repository: oci://registry-1.docker.io/bitnamicharts - version: 9.7.1 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts version: 12.2.7 -- name: mariadb - repository: oci://registry-1.docker.io/bitnamicharts - version: 11.5.6 -digest: sha256:077ea499386a62933d01ef9574c79c2f2e56de2d44a53261289476f194ef6746 -generated: "2023-04-04T00:07:00.457853047Z" +digest: sha256:8d216c4da56f12dea7e83c302b157574815a51bc475bfc4d379cf1f837e67152 +generated: "2023-04-04T15:49:13.6824226+02:00" diff --git a/Chart.yaml b/Chart.yaml index e557640..6bb74d4 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -25,21 +25,12 @@ maintainers: # Bitnami charts are served from Docker Hub # https://hub.docker.com/u/bitnamicharts # https://blog.bitnami.com/2023/01/bitnami-helm-charts-available-as-oci.html - dependencies: -- name: memcached - repository: oci://registry-1.docker.io/bitnamicharts - version: 6.3.14 - condition: memcached.enabled -- name: mysql - repository: oci://registry-1.docker.io/bitnamicharts - version: 9.7.1 - condition: mysql.enabled -- name: postgresql - repository: oci://registry-1.docker.io/bitnamicharts - version: 12.2.7 - condition: postgresql.enabled -- name: mariadb - repository: oci://registry-1.docker.io/bitnamicharts - version: 11.5.6 - condition: mariadb.enabled + - name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.3.14 + condition: memcached.enabled + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.2.7 + condition: postgresql.enabled diff --git a/README.md b/README.md index 459862e..99c8c68 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,22 @@ This helm chart is based on official [Gitea helm chart](https://gitea.com/gitea/ Additionally, this chart provides LDAP and admin user configuration with values, as well as being deployed as a statefulset to retain stored repositories. +## Update and versioning policy + +The Gitea helm chart versioning does not follow Gitea's versioning. +The latest chart version can be looked up in [https://dl.gitea.com/charts](https://dl.gitea.com/charts) or in the [repository releases](https://gitea.com/gitea/helm-chart/releases). + +The chart aims to follow Gitea's releases closely. +There might be times when the chart is behind the latest Gitea release. +This might be caused by different reasons, most often due to time constraints of the maintainers (remember, all work here is done voluntarily in the spare time of people). +If you're eager to use the latest Gitea version earlier than this chart catches up, then change the tag in `values.yaml` to the latest Gitea version. +Note that besides the exact Gitea version one can also use the `:1` tag to automatically follow the latest Gitea version. +This should be combined with `image.pullPolicy: "Always"`. +Important: Using the `:1` will also automatically jump to new minor release (e.g. from 1.13 to 1.14) which may eventually cause incompatibilities if major/breaking changes happened between these versions. +This is due to Gitea not strictly following [semantic versioning](https://semver.org/#summary) as breaking changes do not increase the major version. +I.e., "minor" version bumps are considered "major". +Yet most often no issues will be encountered and the chart maintainers aim to communicate early/upfront if this would be the case. + ## Dependencies Forgejo can be run with an external database and cache. This chart provides those @@ -21,8 +37,6 @@ Dependencies: - PostgreSQL ([configuration](#postgresql)) - Memcached ([configuration](#memcached)) -- MySQL ([configuration](#mysql)) -- MariaDB ([configuration](#mariadb)) ## Installing @@ -223,14 +237,17 @@ Priority (highest to lowest) for defining app.ini variables: ### External Database -An external Database can be used instead of builtIn PostgreSQL or MySQL. +Any external Database listed in [https://docs.gitea.io/en-us/database-prep/](https://docs.gitea.io/en-us/database-prep/) can be used instead of the built-in PostgreSQL. +In fact, it is **highly recommended** to use an external database to ensure a stable Gitea installation longterm. + +If an external database is used, no matter which type, make sure to set `postgresql.enabled` to `false` to disable the use of the built-in PostgreSQL. ```yaml gitea: config: database: DB_TYPE: mysql - HOST: 127.0.0.1:3306 + HOST: NAME: gitea USER: root PASSWD: gitea @@ -356,28 +373,16 @@ persistence: existingClaim: MyAwesomeGiteaClaim ``` -In case that peristence has been disabled it will simply use an empty dir volume. +In case that persistence has been disabled it will simply use an empty dir volume. PostgreSQL handles the persistence in the exact same way. You can interact with the postgres settings as displayed in the following example: ```yaml postgresql: - primary: - persistence: - enabled: true - existingClaim: MyAwesomeGiteaPostgresClaim -``` - -MySQL also handles persistence the same, even though it is not deployed as a statefulset. -You can interact with the postgres settings as displayed in the following example: - -```yaml -mysql: - primary: - persistence: - enabled: true - existingClaim: MyAwesomeGiteaMysqlClaim + persistence: + enabled: true + existingClaim: MyAwesomeGiteaPostgresClaim ``` ### Admin User @@ -479,11 +484,11 @@ Multiple OAuth2 sources can be configured with additional OAuth list items. ```yaml gitea: oauth: - - name: 'MyAwesomeGiteaOAuth' - provider: 'openidConnect' - key: 'hello' - secret: 'world' - autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' + - name: "MyAwesomeGiteaOAuth" + provider: "openidConnect" + key: "hello" + secret: "world" + autoDiscoverUrl: "https://gitea.example.com/.well-known/openid-configuration" #useCustomUrls: #customAuthUrl: #customTokenUrl: @@ -507,7 +512,7 @@ stringData: ```yaml gitea: oauth: - - name: 'MyAwesomeGiteaOAuth' + - name: "MyAwesomeGiteaOAuth" existingSecret: gitea-oauth-secret ``` @@ -531,7 +536,8 @@ signing: Regardless of the used container image the `signing` object allows to specify a private gpg key. Either using the `signing.privateKey` to define the key inline, -or refer to an existing secret containing the key data by using `signing.existingKey`. + +or refer to an existing secret containing the key data by using `signing.existingSecret`. ```yaml apiVersion: v1 @@ -722,6 +728,7 @@ gitea: | `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | | `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | | `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Gitea image. | `INFO` | ### LivenessProbe @@ -763,58 +770,32 @@ gitea: Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. -| Name | Description | Value | -| ----------------------------------- | ------------------ | ------- | -| `memcached.enabled` | Enable Memcached | `true` | -| `memcached.service.ports.memcached` | Port for Memcached | `11211` | +| Name | Description | Value | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | +| `memcached.service.ports.memcached` | Port for Memcached | `11211` | ### PostgreSQL PostgreSQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) if enabled in the values. Complete Configuration can be taken from their website. -| Name | Description | Value | -| --------------------------------------------- | ----------------------------------------- | ------- | -| `postgresql.enabled` | Enable PostgreSQL | `true` | -| `postgresql.auth.database` | PostgreSQL database | `gitea` | -| `postgresql.auth.username` | PostgreSQL username | `gitea` | -| `postgresql.auth.password` | PostgreSQL username | `gitea` | -| `postgresql.auth.postgresPassword` | PostgreSQL admin password | `gitea` | -| `postgresql.primary.service.ports.postgresql` | Port to connect to PostgreSQL service | `5432` | -| `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | - -### MySQL - -MySQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mysql) if enabled in the values. Complete Configuration can be taken from their website. - -| Name | Description | Value | -| ----------------------------------- | ------------------------------------------------------------------ | ------- | -| `mysql.enabled` | Enable MySQL | `false` | -| `mysql.auth.database` | Name for new database to create. | `gitea` | -| `mysql.auth.username` | Username of new user to create. | `gitea` | -| `mysql.auth.password` | Password for the new user.Ignored if existing secret is provided | `gitea` | -| `mysql.auth.rootPassword` | Password for the root user. Ignored if existing secret is provided | `gitea` | -| `mysql.primary.service.ports.mysql` | Port to connect to MySQL service | `3306` | -| `mysql.primary.persistence.size` | PVC Storage Request for MySQL volume | `10Gi` | - -### MariaDB - -MariaDB is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) if enabled in the values. Complete Configuration can be taken from their website. - -| Name | Description | Value | -| ------------------------------------- | ----------------------------------------------------------------- | ------- | -| `mariadb.enabled` | Enable MariaDB | `false` | -| `mariadb.auth.database` | Name of the database to create. | `gitea` | -| `mariadb.auth.username` | Username of the new user to create. | `gitea` | -| `mariadb.auth.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | -| `mariadb.auth.rootPassword` | Password for the root user. | `gitea` | -| `mariadb.primary.service.ports.mysql` | Port to connect to MariaDB service | `3306` | -| `mariadb.primary.persistence.size` | Persistence size for MariaDB | `10Gi` | +| Name | Description | Value | +| ------------------------------------------------------- | ---------------------------------------------------------------- | ------- | +| `postgresql.enabled` | Enable PostgreSQL | `true` | +| `postgresql.global.postgresql.auth.password` | Password for the `gitea` user (overrides `auth.password`) | `gitea` | +| `postgresql.global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `gitea` | +| `postgresql.global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `gitea` | +| `postgresql.global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `5432` | +| `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | ### Advanced -| Name | Description | Value | -| ------------------ | ---------------------------------------------------- | ------ | -| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | +| Name | Description | Value | +| ------------------ | ------------------------------------------------------------------ | --------- | +| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | +| `test.enabled` | Set it to false to disable test-connection Pod. | `true` | +| `test.image.name` | Image name for the wget container used in the test-connection Pod. | `busybox` | +| `test.image.tag` | Image tag for the wget container used in the test-connection Pod. | `latest` | ## Contributing @@ -824,5 +805,5 @@ See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. ## Upgrading -This section lists major and breaking changes of each Helm Chart version. +This section lists major and breaking changes of each Helm Chart version Please read them carefully to upgrade successfully. diff --git a/artifacthub-repo.yml b/artifacthub-repo.yml index dca8cd9..08a1473 100644 --- a/artifacthub-repo.yml +++ b/artifacthub-repo.yml @@ -3,7 +3,7 @@ # https://artifacthub.io/docs/topics/repositories/helm-charts/#oci-support # publish via: # oras push codeberg.org/forgejo-contrib/forgejo:artifacthub.io --config artifacthub.config.json:application/vnd.cncf.artifacthub.config.v1+yaml artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml -repositoryID: 'ec84c95a-a288-4aaa-a690-a656b57e3136' +repositoryID: "ec84c95a-a288-4aaa-a690-a656b57e3136" owners: # (optional, used to claim repository ownership) - name: viceice - email: michael.kriese@visualon.de \ No newline at end of file + email: michael.kriese@visualon.de diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 7fd7372..97c286c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -92,15 +92,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "postgresql.dns" -}} -{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.primary.service.ports.postgresql -}} -{{- end -}} - -{{- define "mysql.dns" -}} -{{- printf "%s-mysql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mysql.primary.service.ports.mysql | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "mariadb.dns" -}} -{{- printf "%s-mariadb.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mariadb.primary.service.ports.mysql | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.service.ports.postgresql -}} {{- end -}} {{- define "memcached.dns" -}} @@ -292,25 +284,9 @@ https {{- if not (.Values.gitea.config.database.HOST) -}} {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.auth.password -}} - {{- else if .Values.mysql.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} - {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}} - {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.auth.password -}} - {{- else if .Values.mariadb.enabled -}} - {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} - {{- if not (.Values.gitea.config.database.HOST) -}} - {{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}} - {{- end -}} - {{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}} - {{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}} - {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.auth.database -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.auth.username -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.auth.password -}} {{- end -}} {{- end -}} diff --git a/templates/gitea/gpg-secret.yaml b/templates/gitea/gpg-secret.yaml index 29b6d4f..12dce66 100644 --- a/templates/gitea/gpg-secret.yaml +++ b/templates/gitea/gpg-secret.yaml @@ -1,6 +1,6 @@ {{- if .Values.signing.enabled -}} {{- if and (empty .Values.signing.privateKey) (empty .Values.signing.existingSecret) -}} - {{- fail "Either specify `signing.privateKey` or `signing.existingKey`" -}} + {{- fail "Either specify `signing.privateKey` or `signing.existingSecret`" -}} {{- end }} {{- if and (not (empty .Values.signing.privateKey)) (empty .Values.signing.existingSecret) -}} apiVersion: v1 diff --git a/templates/gitea/statefulset.yaml b/templates/gitea/statefulset.yaml index 04cbdc5..6394e9a 100644 --- a/templates/gitea/statefulset.yaml +++ b/templates/gitea/statefulset.yaml @@ -243,6 +243,10 @@ spec: value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }} - name: SSH_PORT value: {{ .Values.gitea.config.server.SSH_PORT | quote }} + {{- if not .Values.image.rootless }} + - name: SSH_LOG_LEVEL + value: {{ .Values.gitea.ssh.logLevel | quote }} + {{- end }} - name: GITEA_APP_INI value: /data/gitea/conf/app.ini - name: GITEA_CUSTOM diff --git a/templates/tests/test-http-connection.yaml b/templates/tests/test-http-connection.yaml index 7fab1b7..8157442 100644 --- a/templates/tests/test-http-connection.yaml +++ b/templates/tests/test-http-connection.yaml @@ -1,3 +1,4 @@ +{{- if .Values.test.enabled }} apiVersion: v1 kind: Pod metadata: @@ -9,7 +10,8 @@ metadata: spec: containers: - name: wget - image: busybox + image: "{{ .Values.test.image.name }}:{{ .Values.test.image.tag }}" command: ['wget'] args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}'] restartPolicy: Never +{{- end }} diff --git a/unittests/gpg-secret/signing-enabled.yaml b/unittests/gpg-secret/signing-enabled.yaml index 84cdc3f..3ef5997 100644 --- a/unittests/gpg-secret/signing-enabled.yaml +++ b/unittests/gpg-secret/signing-enabled.yaml @@ -11,7 +11,7 @@ tests: enabled: true asserts: - failedTemplate: - errorMessage: Either specify `signing.privateKey` or `signing.existingKey` + errorMessage: Either specify `signing.privateKey` or `signing.existingSecret` - it: skips rendering using external secret reference set: signing: diff --git a/unittests/init/basic.yaml b/unittests/init/basic.yaml index cfa8a17..292a92d 100644 --- a/unittests/init/basic.yaml +++ b/unittests/init/basic.yaml @@ -10,6 +10,6 @@ tests: - hasDocuments: count: 1 - containsDocument: - kind: Secret + kind: Secret apiVersion: v1 name: forgejo-unittests-init diff --git a/unittests/statefulset/basic.yaml b/unittests/statefulset/basic.yaml index b487ba1..f1a4c41 100644 --- a/unittests/statefulset/basic.yaml +++ b/unittests/statefulset/basic.yaml @@ -12,6 +12,6 @@ tests: - hasDocuments: count: 1 - containsDocument: - kind: StatefulSet + kind: StatefulSet apiVersion: apps/v1 name: forgejo-unittests diff --git a/unittests/statefulset/ssh-configuration.yaml b/unittests/statefulset/ssh-configuration.yaml new file mode 100644 index 0000000..24ffc3a --- /dev/null +++ b/unittests/statefulset/ssh-configuration.yaml @@ -0,0 +1,40 @@ +suite: Statefulset template (SSH configuration) +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/statefulset.yaml + - templates/gitea/config.yaml +tests: + - it: supports defining SSH log level for root based image + template: templates/gitea/statefulset.yaml + set: + image.rootless: false + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SSH_LOG_LEVEL + value: "INFO" + - it: supports overriding SSH log level + template: templates/gitea/statefulset.yaml + set: + image.rootless: false + gitea.ssh.logLevel: "DEBUG" + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: SSH_LOG_LEVEL + value: "DEBUG" + - it: skips SSH_LOG_LEVEL for rootless image + template: templates/gitea/statefulset.yaml + set: + image.rootless: true + gitea.ssh.logLevel: "DEBUG" # explicitly defining a non-standard level here + asserts: + - notContains: + path: spec.template.spec.containers[0].env + any: true + content: + name: SSH_LOG_LEVEL diff --git a/values.yaml b/values.yaml index d00bf4d..b9951e7 100644 --- a/values.yaml +++ b/values.yaml @@ -125,7 +125,6 @@ service: loadBalancerSourceRanges: [] annotations: {} - ## @section Ingress ## @param ingress.enabled Enable ingress ## @param ingress.className Ingress class name @@ -139,7 +138,8 @@ ingress: enabled: false # className: nginx className: - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: @@ -158,7 +158,8 @@ ingress: ## @section StatefulSet # ## @param resources Kubernetes resources -resources: {} +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -193,7 +194,8 @@ dnsConfig: {} ## @param statefulset.labels Labels for the statefulset ## @param statefulset.annotations Annotations for the Forgejo StatefulSet to be created statefulset: - env: [] + env: + [] # - name: VARIABLE # value: my-value terminationGracePeriodSeconds: 60 @@ -278,7 +280,7 @@ gitea: ## @param gitea.admin.password Password for the Forgejo admin user ## @param gitea.admin.email Email for the Forgejo admin user admin: - #existingSecret: gitea-admin-secret + # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d @@ -294,7 +296,8 @@ gitea: # prometheus-release: prom1 ## @param gitea.ldap LDAP configuration - ldap: [] + ldap: + [] # - name: "LDAP 1" # existingSecret: # securityProtocol: @@ -311,7 +314,8 @@ gitea: # Either specify inline `key` and `secret` or refer to them via `existingSecret` ## @param gitea.oauth OAuth configuration - oauth: [] + oauth: + [] # - name: 'OAuth 1' # provider: # key: @@ -348,6 +352,10 @@ gitea: ## @param gitea.podAnnotations Annotations for the Forgejo pod podAnnotations: {} + ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image. + ssh: + logLevel: "INFO" + ## @section LivenessProbe # ## @param gitea.livenessProbe.enabled Enable liveness probe @@ -413,10 +421,18 @@ gitea: ## Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. ## @descriptionEnd # -## @param memcached.enabled Enable Memcached +## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. +## ref: https://hub.docker.com/r/bitnami/memcached/tags/ ## @param memcached.service.ports.memcached Port for Memcached memcached: enabled: true + # image: + # registry: docker.io + # repository: bitnami/memcached + # tag: "" + # digest: "" + # pullPolicy: IfNotPresent + # pullSecrets: [] service: ports: memcached: 11211 @@ -427,77 +443,23 @@ memcached: ## @descriptionEnd # ## @param postgresql.enabled Enable PostgreSQL -## @param postgresql.auth.database PostgreSQL database -## @param postgresql.auth.username PostgreSQL username -## @param postgresql.auth.password PostgreSQL username -## @param postgresql.auth.postgresPassword PostgreSQL admin password -## @param postgresql.primary.service.ports.postgresql Port to connect to PostgreSQL service +## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`) +## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume postgresql: enabled: true - auth: - database: gitea - username: gitea - password: gitea - postgresPassword: gitea + global: + postgresql: + auth: + password: gitea + database: gitea + username: gitea + service: + ports: + postgresql: 5432 primary: - service: - ports: - postgresql: 5432 - persistence: - size: 10Gi - -## @section MySQL -## @descriptionStart -## MySQL is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mysql) if enabled in the values. Complete Configuration can be taken from their website. -## @descriptionEnd -# -# -## @param mysql.enabled Enable MySQL -## @param mysql.auth.database Name for new database to create. -## @param mysql.auth.username Username of new user to create. -## @param mysql.auth.password Password for the new user.Ignored if existing secret is provided -## @param mysql.auth.rootPassword Password for the root user. Ignored if existing secret is provided -## @param mysql.primary.service.ports.mysql Port to connect to MySQL service -## @param mysql.primary.persistence.size PVC Storage Request for MySQL volume -mysql: - enabled: false - auth: - database: gitea - username: gitea - password: gitea - rootPassword: gitea - primary: - service: - ports: - mysql: 3306 - persistence: - size: 10Gi - -## @section MariaDB -## @descriptionStart -## MariaDB is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) if enabled in the values. Complete Configuration can be taken from their website. -## @descriptionEnd -# -# -## @param mariadb.enabled Enable MariaDB -## @param mariadb.auth.database Name of the database to create. -## @param mariadb.auth.username Username of the new user to create. -## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided -## @param mariadb.auth.rootPassword Password for the root user. -## @param mariadb.primary.service.ports.mysql Port to connect to MariaDB service -## @param mariadb.primary.persistence.size Persistence size for MariaDB -mariadb: - enabled: false - auth: - database: gitea - username: gitea - password: gitea - rootPassword: gitea - primary: - service: - ports: - mysql: 3306 persistence: size: 10Gi @@ -505,4 +467,12 @@ mariadb: # Set it to false to skip this basic validation check. ## @section Advanced ## @param checkDeprecation Set it to false to skip this basic validation check. +## @param test.enabled Set it to false to disable test-connection Pod. +## @param test.image.name Image name for the wget container used in the test-connection Pod. +## @param test.image.tag Image tag for the wget container used in the test-connection Pod. checkDeprecation: true +test: + enabled: true + image: + name: busybox + tag: latest