From 55c599d822928d72a2e29eac5434cb53f7804027 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Wed, 31 Jul 2024 11:02:10 +0000 Subject: [PATCH] feat: merge upstream change week 2024-31 (#688) Reviewed-on: https://code.forgejo.org/forgejo-helm/forgejo-helm/pulls/688 --- Chart.lock | 7 +- Chart.yaml | 5 ++ Makefile | 2 +- README.md | 78 +++++++++++++------ package.json | 2 +- templates/_helpers.tpl | 22 +++++- templates/gitea/deployment.yaml | 2 + templates/gitea/http-svc.yaml | 7 +- templates/gitea/ingress.yaml | 2 +- templates/gitea/init.yaml | 21 ++++- templates/gitea/ssh-svc.yaml | 3 + unittests/config/cache-config.yaml | 25 +++++- unittests/config/queue-config.yaml | 25 +++++- unittests/config/session-config.yaml | 25 +++++- unittests/dependency-major-image-check.yaml | 17 +++- .../deployment/ingress-configuration.yaml | 24 ++++++ unittests/deployment/svc-configuration.yaml | 67 ++++++++++++++++ unittests/pvc/pvc-configuration.yaml | 19 +++++ unittests/values-conflicting-checks.yaml | 14 ++++ values.yaml | 29 ++++++- 20 files changed, 352 insertions(+), 44 deletions(-) create mode 100644 unittests/pvc/pvc-configuration.yaml create mode 100644 unittests/values-conflicting-checks.yaml diff --git a/Chart.lock b/Chart.lock index b2a0170..0e6a8a1 100644 --- a/Chart.lock +++ b/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: redis-cluster repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.9 -digest: sha256:1e9d1de99e188fbd7c3eb3305a9ff6e0428313b181b83b9dea1051e5b134de1b -generated: "2024-07-25T12:30:38.908174676Z" +- name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.6.4 +digest: sha256:b6d81fdd70e6c2928e815f169749cb8f773c113a08088b0180180829558e4c18 +generated: "2024-07-31T12:20:13.5972612+02:00" diff --git a/Chart.yaml b/Chart.yaml index 2f13f9a..72bfb52 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -41,3 +41,8 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts version: 10.2.9 condition: redis-cluster.enabled + # https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml + - name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.6.4 + condition: redis.enabled diff --git a/Makefile b/Makefile index 8354304..dd97d84 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ readme: prepare-environment .PHONY: unittests unittests: - helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ + helm unittest --strict -f 'unittests/**/*.yaml' ./ .PHONY: helm update-helm-dependencies: diff --git a/README.md b/README.md index 765f13f..427db75 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ - [ReadinessProbe](#readinessprobe) - [StartupProbe](#startupprobe) - [redis-cluster](#redis-cluster) + - [redis](#redis) - [PostgreSQL HA](#postgresql-ha) - [PostgreSQL](#postgresql) - [Advanced](#advanced) @@ -94,7 +95,8 @@ These dependencies are enabled by default: Alternatively, the following non-HA replacements are available: -- PostgreSQL ([Bitnami PostgreSQL]()) +- PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)) +- Redis ([Bitnami Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml)) ### Dependency Versioning @@ -113,6 +115,7 @@ Please double-check the image repository and available tags in the sub-chart: - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) +- [Redis](https://hub.docker.com/r/bitnami/redis/tags) and look up the image tag which fits your needs on Dockerhub. @@ -247,7 +250,7 @@ External tools such as `redis-cluster` or `memcached` handle these workloads muc If HA is not needed/desired, the following configurations can be used to deploy a single-pod Forgejo instance. -1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql`): +1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql` and `redis`):
@@ -256,6 +259,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: true postgresql: enabled: true postgresql-ha: @@ -268,12 +273,6 @@ If HA is not needed/desired, the following configurations can be used to deploy config: database: DB_TYPE: postgres - session: - PROVIDER: db - cache: - ADAPTER: memory - queue: - TYPE: level indexer: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true @@ -293,6 +292,8 @@ If HA is not needed/desired, the following configurations can be used to deploy ```yaml redis-cluster: enabled: false + redis: + enabled: false postgresql: enabled: false postgresql-ha: @@ -572,6 +573,20 @@ gitea: existingSecret: gitea-admin-secret ``` +Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set. + +- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated. +- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password. +- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login. + +These modes can be set like the following: + +```yaml +gitea: + admin: + passwordMode: initialOnlyRequireReset +``` + ### LDAP Settings Like the admin user the LDAP settings can be updated. @@ -892,6 +907,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.annotations` | HTTP service annotations | `{}` | | `service.http.labels` | HTTP service additional labels | `{}` | +| `service.http.loadBalancerClass` | Loadbalancer class | `nil` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.port` | Port number for ssh traffic | `22` | | `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | @@ -905,6 +921,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.annotations` | SSH service annotations | `{}` | | `service.ssh.labels` | SSH service additional labels | `{}` | +| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` | ### Ingress @@ -987,20 +1004,21 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus ### Gitea -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------- | -------------------- | -| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | -| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | -| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | -| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | -| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | -| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | -| `gitea.ldap` | LDAP configuration | `[]` | -| `gitea.oauth` | OAuth configuration | `[]` | -| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | -| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | -| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | -| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | +| Name | Description | Value | +| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | +| `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` | +| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | +| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | ### `app.ini` overrides @@ -1098,14 +1116,28 @@ blocks, while the keys themselves remain in all caps. Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. Complete Configuration can be taken from their website. +Redis cluster and [Redis](#redis) cannot be enabled at the same time. | Name | Description | Value | | -------------------------------- | -------------------------------------------- | ------- | -| `redis-cluster.enabled` | Enable redis | `true` | +| `redis-cluster.enabled` | Enable redis cluster | `true` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | +### Redis® + +Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. +Complete Configuration can be taken from their website. +Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. + +| Name | Description | Value | +| ----------------------------- | ------------------------------------------ | ------------ | +| `redis.enabled` | Enable redis standalone or replicated | `false` | +| `redis.architecture` | Whether to use standalone or replication | `standalone` | +| `redis.global.redis.password` | Required password | `changeme` | +| `redis.master.count` | Number of Redis master instances to deploy | `1` | + ### PostgreSQL HA PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. diff --git a/package.json b/package.json index 8f274e0..b7fdba4 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "prettier-fix": "prettier --write --ignore-unknown --cache '**/*.*'", "readme:lint": "markdownlint *.md -f", "readme:parameters": "readme-generator -v values.yaml -r README.md", - "test": "helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./" + "test": "helm unittest --strict -f 'unittests/**/*.yaml' ./" }, "devDependencies": { "@bitnami/readme-generator-for-helm": "2.6.1", diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 30ee3b9..c7d13d9 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -74,7 +74,7 @@ imagePullSecrets: Storage Class */}} {{- define "gitea.persistence.storageClass" -}} -{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} +{{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }} {{- if $storageClass }} storageClassName: {{ $storageClass | quote }} {{- end }} @@ -113,20 +113,28 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{- define "redis.dns" -}} -{{- if (index .Values "redis-cluster").enabled -}} +{{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} +{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}} +{{- else if (index .Values "redis-cluster").enabled -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}} {{- end -}} {{- end -}} {{- define "redis.port" -}} {{- if (index .Values "redis-cluster").enabled -}} {{ (index .Values "redis-cluster").service.ports.redis }} +{{- else if (index .Values "redis").enabled -}} +{{ (index .Values "redis").master.service.ports.redis }} {{- end -}} {{- end -}} {{- define "redis.servicename" -}} {{- if (index .Values "redis-cluster").enabled -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} +{{- else if (index .Values "redis").enabled -}} +{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- end -}} {{- end -}} @@ -271,7 +279,7 @@ https {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- end -}} {{- /* redis queue */ -}} - {{- if (index .Values "redis-cluster").enabled -}} + {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} @@ -392,3 +400,11 @@ https {{- define "gitea.serviceAccountName" -}} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{- end -}} + +{{- define "gitea.admin.passwordMode" -}} +{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}} +{{ .Values.gitea.admin.passwordMode }} +{{- else -}} +{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }} +{{- end -}} +{{- end -}} diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml index ca1bdd9..f321f22 100644 --- a/templates/gitea/deployment.yaml +++ b/templates/gitea/deployment.yaml @@ -243,6 +243,8 @@ spec: - name: GITEA_ADMIN_PASSWORD value: {{ .Values.gitea.admin.password | quote }} {{- end }} + - name: GITEA_ADMIN_PASSWORD_MODE + value: {{ include "gitea.admin.passwordMode" $ }} {{- if .Values.deployment.env }} {{- toYaml .Values.deployment.env | nindent 12 }} {{- end }} diff --git a/templates/gitea/http-svc.yaml b/templates/gitea/http-svc.yaml index 0ec7370..06163a6 100644 --- a/templates/gitea/http-svc.yaml +++ b/templates/gitea/http-svc.yaml @@ -11,7 +11,11 @@ metadata: {{- toYaml .Values.service.http.annotations | nindent 4 }} spec: type: {{ .Values.service.http.type }} - {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} + {{- if eq .Values.service.http.type "LoadBalancer" }} + {{- if .Values.service.http.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.http.loadBalancerClass }} + {{- end }} + {{- if and .Values.service.http.loadBalancerIP }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} {{- end }} {{- if .Values.service.http.loadBalancerSourceRanges }} @@ -20,6 +24,7 @@ spec: - {{ . }} {{- end }} {{- end }} + {{- end }} {{- if .Values.service.http.externalIPs }} externalIPs: {{- toYaml .Values.service.http.externalIPs | nindent 4 }} diff --git a/templates/gitea/ingress.yaml b/templates/gitea/ingress.yaml index 9991eec..cd743fe 100644 --- a/templates/gitea/ingress.yaml +++ b/templates/gitea/ingress.yaml @@ -21,7 +21,7 @@ metadata: {{- end }} spec: {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} + ingressClassName: {{ tpl .Values.ingress.className . }} {{- end }} {{- if .Values.ingress.tls }} tls: diff --git a/templates/gitea/init.yaml b/templates/gitea/init.yaml index 6c89dc7..434486a 100644 --- a/templates/gitea/init.yaml +++ b/templates/gitea/init.yaml @@ -109,13 +109,26 @@ stringData: local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then + local -a create_args + create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }}) + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then + create_args+=(--must-change-password=true) + else + create_args+=(--must-change-password=false) + fi echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." - gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false + gitea admin user create "${create_args[@]}" echo '...created.' else - echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." - gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false - echo '...password sync done.' + if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + local -a change_args + change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false) + gitea admin user change-password "${change_args[@]}" + echo '...password sync done.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping." + fi fi } diff --git a/templates/gitea/ssh-svc.yaml b/templates/gitea/ssh-svc.yaml index 3ee756c..131b0b9 100644 --- a/templates/gitea/ssh-svc.yaml +++ b/templates/gitea/ssh-svc.yaml @@ -12,6 +12,9 @@ metadata: spec: type: {{ .Values.service.ssh.type }} {{- if eq .Values.service.ssh.type "LoadBalancer" }} + {{- if .Values.service.ssh.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }} + {{- end }} {{- if .Values.service.ssh.loadBalancerIP }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} {{- end -}} diff --git a/unittests/config/cache-config.yaml b/unittests/config/cache-config.yaml index f0291a4..b935fd1 100644 --- a/unittests/config/cache-config.yaml +++ b/unittests/config/cache-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: ADAPTER=redis HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "cache is configured correctly for 'memory' when redis-cluster is disabled" + - it: 'cache is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.cache + value: |- + ADAPTER=redis + HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: ADAPTER=memory HOST= - - it: 'cache can be customized when redis-cluster is disabled' + - it: 'cache can be customized when redis (or redis-cluster) is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.cache.ADAPTER: custom-adapter gitea.config.cache.HOST: custom-host asserts: diff --git a/unittests/config/queue-config.yaml b/unittests/config/queue-config.yaml index fcc1998..cdb2678 100644 --- a/unittests/config/queue-config.yaml +++ b/unittests/config/queue-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& TYPE=redis - - it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" + - it: 'queue is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.queue + value: |- + CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + TYPE=redis + + - it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: CONN_STR= TYPE=level - - it: 'queue can be customized when redis-cluster is disabled' + - it: 'queue can be customized when redis (and redis-cluster) are disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.queue.TYPE: custom-type gitea.config.queue.CONN_STR: custom-connection-string asserts: diff --git a/unittests/config/session-config.yaml b/unittests/config/session-config.yaml index cf5fb1b..2a49baa 100644 --- a/unittests/config/session-config.yaml +++ b/unittests/config/session-config.yaml @@ -8,6 +8,8 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -16,11 +18,28 @@ tests: PROVIDER=redis PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& - - it: "session is configured correctly for 'memory' when redis-cluster is disabled" + - it: 'session is configured correctly for redis' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + equal: + path: stringData.session + value: |- + PROVIDER=redis + PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& + + - it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled" + template: templates/gitea/config.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: false asserts: - documentIndex: 0 equal: @@ -29,11 +48,13 @@ tests: PROVIDER=memory PROVIDER_CONFIG= - - it: 'session can be customized when redis-cluster is disabled' + - it: 'session can be customized when redis (and redis-cluster) is disabled' template: templates/gitea/config.yaml set: redis-cluster: enabled: false + redis: + enabled: false gitea.config.session.PROVIDER: custom-provider gitea.config.session.PROVIDER_CONFIG: custom-provider-config asserts: diff --git a/unittests/dependency-major-image-check.yaml b/unittests/dependency-major-image-check.yaml index a8967c3..6892613 100644 --- a/unittests/dependency-major-image-check.yaml +++ b/unittests/dependency-major-image-check.yaml @@ -34,9 +34,24 @@ tests: set: redis-cluster: enabled: true + redis: + enabled: false asserts: - documentIndex: 0 matchRegex: path: spec.template.spec.containers[0].image # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST - pattern: ^docker.io/bitnami/redis-cluster:7.+$ + pattern: bitnami/redis-cluster:7.+$ + - it: '[redis] ensures we detect major image version upgrades' + template: charts/redis/templates/master/application.yaml + set: + redis-cluster: + enabled: false + redis: + enabled: true + asserts: + - documentIndex: 0 + matchRegex: + path: spec.template.spec.containers[0].image + # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST + pattern: bitnami/redis:7.+$ diff --git a/unittests/deployment/ingress-configuration.yaml b/unittests/deployment/ingress-configuration.yaml index 2d2476e..4dfda51 100644 --- a/unittests/deployment/ingress-configuration.yaml +++ b/unittests/deployment/ingress-configuration.yaml @@ -15,9 +15,33 @@ tests: hosts: - '{{ .Values.global.giteaHostName }}' asserts: + - isKind: + of: Ingress - equal: path: spec.tls[0].hosts[0] value: 'gitea.example.com' - equal: path: spec.rules[0].host value: 'gitea.example.com' + - it: Ingress Class using TPL + set: + global.ingress.className: 'ingress-class' + ingress.className: '{{ .Values.global.ingress.className }}' + ingress.enabled: true + ingress.hosts[0].host: 'some-host' + ingress.tls: + - secretName: gitea-tls + hosts: + - 'some-host' + asserts: + - isKind: + of: Ingress + - equal: + path: spec.tls[0].hosts[0] + value: 'some-host' + - equal: + path: spec.rules[0].host + value: 'some-host' + - equal: + path: spec.ingressClassName + value: 'ingress-class' diff --git a/unittests/deployment/svc-configuration.yaml b/unittests/deployment/svc-configuration.yaml index 0ddccad..ee3d6a6 100644 --- a/unittests/deployment/svc-configuration.yaml +++ b/unittests/deployment/svc-configuration.yaml @@ -59,3 +59,70 @@ tests: - equal: path: spec.ports[0].targetPort value: 2222 + + - it: render service.ssh.loadBalancerClass if set and type is LoadBalancer + template: templates/gitea/ssh-svc.yaml + set: + service: + ssh: + loadBalancerClass: 'example.com/class' + type: LoadBalancer + loadBalancerIP: '1.2.3.4' + loadBalancerSourceRanges: + - '1.2.3.4/32' + - '5.6.7.8/32' + asserts: + - equal: + path: spec.loadBalancerClass + value: 'example.com/class' + - equal: + path: spec.loadBalancerIP + value: '1.2.3.4' + - equal: + path: spec.loadBalancerSourceRanges + value: ['1.2.3.4/32', '5.6.7.8/32'] + + - it: does not render when loadbalancer properties are set but type is not loadBalancerClass + template: templates/gitea/http-svc.yaml + set: + service: + http: + type: ClusterIP + loadBalancerClass: 'example.com/class' + loadBalancerIP: '1.2.3.4' + loadBalancerSourceRanges: + - '1.2.3.4/32' + - '5.6.7.8/32' + asserts: + - notExists: + path: spec.loadBalancerClass + - notExists: + path: spec.loadBalancerIP + - notExists: + path: spec.loadBalancerSourceRanges + + - it: does not render loadBalancerClass by default even when type is LoadBalancer + template: templates/gitea/http-svc.yaml + set: + service: + http: + type: LoadBalancer + loadBalancerIP: '1.2.3.4' + asserts: + - notExists: + path: spec.loadBalancerClass + - equal: + path: spec.loadBalancerIP + value: '1.2.3.4' + + - it: both ssh and http services exist + templates: + - templates/gitea/ssh-svc.yaml + - templates/gitea/http-svc.yaml + asserts: + - matchRegex: + path: metadata.name + pattern: '^gitea-unittests-forgejo-(?:ssh|http)$' + - matchRegex: + path: spec.ports[0].name + pattern: '^(?:ssh|http)$' diff --git a/unittests/pvc/pvc-configuration.yaml b/unittests/pvc/pvc-configuration.yaml new file mode 100644 index 0000000..c3afaaf --- /dev/null +++ b/unittests/pvc/pvc-configuration.yaml @@ -0,0 +1,19 @@ +suite: PVC template +release: + name: gitea-unittests + namespace: testing +templates: + - templates/gitea/pvc.yaml +tests: + - it: Storage Class using TPL + set: + global.persistence.storageClass: 'storage-class' + persistence.enabled: true + persistence.create: true + persistence.storageClass: '{{ .Values.global.persistence.storageClass }}' + asserts: + - isKind: + of: PersistentVolumeClaim + - equal: + path: spec.storageClassName + value: 'storage-class' diff --git a/unittests/values-conflicting-checks.yaml b/unittests/values-conflicting-checks.yaml new file mode 100644 index 0000000..a257690 --- /dev/null +++ b/unittests/values-conflicting-checks.yaml @@ -0,0 +1,14 @@ +suite: Values conflicting checks +release: + name: gitea-unittests + namespace: testing +tests: + - it: fails when trying to configure redis and redis-cluster the same time + set: + redis-cluster: + enabled: true + redis: + enabled: true + asserts: + - failedTemplate: + errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one. diff --git a/values.yaml b/values.yaml index 058eb70..7e67426 100644 --- a/values.yaml +++ b/values.yaml @@ -107,6 +107,7 @@ service: ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.annotations HTTP service annotations ## @param service.http.labels HTTP service additional labels + ## @param service.http.loadBalancerClass Loadbalancer class http: type: ClusterIP port: 3000 @@ -120,6 +121,7 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} + loadBalancerClass: ## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.port Port number for ssh traffic ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None @@ -133,6 +135,7 @@ service: ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.annotations SSH service annotations ## @param service.ssh.labels SSH service additional labels + ## @param service.ssh.loadBalancerClass Loadbalancer class ssh: type: ClusterIP port: 22 @@ -147,6 +150,7 @@ service: loadBalancerSourceRanges: [] annotations: {} labels: {} + loadBalancerClass: ## @section Ingress ## @param ingress.enabled Enable ingress @@ -342,12 +346,14 @@ gitea: ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.password Password for the Forgejo admin user ## @param gitea.admin.email Email for the Forgejo admin user + ## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated admin: # existingSecret: gitea-admin-secret existingSecret: username: gitea_admin password: r8sA8CPHD9!bt6d email: 'gitea@local.domain' + passwordMode: keepUpdated ## @param gitea.metrics.enabled Enable Forgejo metrics ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor @@ -626,9 +632,10 @@ gitea: ## @descriptionStart ## Redis® Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. ## Complete Configuration can be taken from their website. +## Redis cluster and [Redis](#redis) cannot be enabled at the same time. ## @descriptionEnd # -## @param redis-cluster.enabled Enable redis +## @param redis-cluster.enabled Enable redis cluster ## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas @@ -639,6 +646,26 @@ redis-cluster: nodes: 3 # default: 6 replicas: 0 # default: 1 +## @section Redis® +## @descriptionStart +## Redis® is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values. +## Complete Configuration can be taken from their website. +## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time. +## @descriptionEnd +# +## @param redis.enabled Enable redis standalone or replicated +## @param redis.architecture Whether to use standalone or replication +## @param redis.global.redis.password Required password +## @param redis.master.count Number of Redis master instances to deploy +redis: + enabled: false + architecture: standalone + global: + redis: + password: changeme + master: + count: 1 + ## @section PostgreSQL HA ## @descriptionStart ## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values.