DevFW-CICD/forgejo-helm
16
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: merge upstream change week 2024-31 (#688)

Browse source 
Reviewed-on: https://code.forgejo.org/forgejo-helm/forgejo-helm/pulls/688
This commit is contained in:
Michael Kriese 2024-07-31 11:02:10 +00:00
parent d000400926
commit 55c599d822
20 changed files with 352 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Chart.lock
View file

@ -8,5 +8,8 @@ dependencies:
- name: redis-cluster - name: redis-cluster
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 10.2.9 version: 10.2.9
digest: sha256:1e9d1de99e188fbd7c3eb3305a9ff6e0428313b181b83b9dea1051e5b134de1b - name: redis
generated: "2024-07-25T12:30:38.908174676Z" repository: oci://registry-1.docker.io/bitnamicharts
version: 19.6.4
digest: sha256:b6d81fdd70e6c2928e815f169749cb8f773c113a08088b0180180829558e4c18
generated: "2024-07-31T12:20:13.5972612+02:00"

5
Chart.yaml
View file

@ -41,3 +41,8 @@ dependencies:
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 10.2.9 version: 10.2.9
condition: redis-cluster.enabled condition: redis-cluster.enabled
# https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 19.6.4
condition: redis.enabled

2
Makefile
View file

@ -9,7 +9,7 @@ readme: prepare-environment
.PHONY: unittests .PHONY: unittests
unittests: unittests:
helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./ helm unittest --strict -f 'unittests/**/*.yaml' ./
.PHONY: helm .PHONY: helm
update-helm-dependencies: update-helm-dependencies:

78
README.md
View file

@ -50,6 +50,7 @@
- [ReadinessProbe](#readinessprobe) - [ReadinessProbe](#readinessprobe)
- [StartupProbe](#startupprobe) - [StartupProbe](#startupprobe)
- [redis-cluster](#redis-cluster) - [redis-cluster](#redis-cluster)
- [redis](#redis)
- [PostgreSQL HA](#postgresql-ha) - [PostgreSQL HA](#postgresql-ha)
- [PostgreSQL](#postgresql) - [PostgreSQL](#postgresql)
- [Advanced](#advanced) - [Advanced](#advanced)
@ -94,7 +95,8 @@ These dependencies are enabled by default:
Alternatively, the following non-HA replacements are available: Alternatively, the following non-HA replacements are available:
- PostgreSQL ([Bitnami PostgreSQL](<postgresql](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml)>)) - PostgreSQL ([Bitnami PostgreSQL](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/Chart.yaml))
- Redis ([Bitnami Redis](https://github.com/bitnami/charts/blob/main/bitnami/redis/Chart.yaml))
### Dependency Versioning ### Dependency Versioning
@ -113,6 +115,7 @@ Please double-check the image repository and available tags in the sub-chart:
- [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags) - [PostgreSQL-HA](https://hub.docker.com/r/bitnami/postgresql-repmgr/tags)
- [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags) - [PostgreSQL](https://hub.docker.com/r/bitnami/postgresql/tags)
- [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags) - [Redis Cluster](https://hub.docker.com/r/bitnami/redis-cluster/tags)
- [Redis](https://hub.docker.com/r/bitnami/redis/tags)
and look up the image tag which fits your needs on Dockerhub. and look up the image tag which fits your needs on Dockerhub.
@ -247,7 +250,7 @@ External tools such as `redis-cluster` or `memcached` handle these workloads muc
If HA is not needed/desired, the following configurations can be used to deploy a single-pod Forgejo instance. If HA is not needed/desired, the following configurations can be used to deploy a single-pod Forgejo instance.
1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql`): 1. For a production-ready single-pod Forgejo instance without external dependencies (using the chart dependency `postgresql` and `redis`):
<details> <details>
@ -256,6 +259,8 @@ If HA is not needed/desired, the following configurations can be used to deploy
```yaml ```yaml
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: true
postgresql: postgresql:
enabled: true enabled: true
postgresql-ha: postgresql-ha:
@ -268,12 +273,6 @@ If HA is not needed/desired, the following configurations can be used to deploy
config: config:
database: database:
DB_TYPE: postgres DB_TYPE: postgres
session:
PROVIDER: db
cache:
ADAPTER: memory
queue:
TYPE: level
indexer: indexer:
ISSUE_INDEXER_TYPE: bleve ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true REPO_INDEXER_ENABLED: true
@ -293,6 +292,8 @@ If HA is not needed/desired, the following configurations can be used to deploy
```yaml ```yaml
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: false
postgresql: postgresql:
enabled: false enabled: false
postgresql-ha: postgresql-ha:
@ -572,6 +573,20 @@ gitea:
existingSecret: gitea-admin-secret existingSecret: gitea-admin-secret
``` ```
Whether you use the existing Secret or specify a user name and password, there are three modes for how the admin user password is created or set.
- `keepUpdated` (the default) will set the admin user password, and reset it to the defined value every time the pod is recreated.
- `initialOnlyNoReset` will set the admin user password when creating it, but never try to update the password.
- `initialOnlyRequireReset` will set the admin user password when creating it, never update it, and require that the password be changed at the initial login.
These modes can be set like the following:
```yaml
gitea:
admin:
passwordMode: initialOnlyRequireReset
```
### LDAP Settings ### LDAP Settings
Like the admin user the LDAP settings can be updated. Like the admin user the LDAP settings can be updated.
@ -892,6 +907,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | | `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` |
| `service.http.annotations` | HTTP service annotations | `{}` | | `service.http.annotations` | HTTP service annotations | `{}` |
| `service.http.labels` | HTTP service additional labels | `{}` | | `service.http.labels` | HTTP service additional labels | `{}` |
| `service.http.loadBalancerClass` | Loadbalancer class | `nil` |
| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | | `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` |
| `service.ssh.port` | Port number for ssh traffic | `22` | | `service.ssh.port` | Port number for ssh traffic | `22` |
| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` | | `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for deployment is None | `None` |
@ -905,6 +921,7 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | | `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` |
| `service.ssh.annotations` | SSH service annotations | `{}` | | `service.ssh.annotations` | SSH service annotations | `{}` |
| `service.ssh.labels` | SSH service additional labels | `{}` | | `service.ssh.labels` | SSH service additional labels | `{}` |
| `service.ssh.loadBalancerClass` | Loadbalancer class | `nil` |
### Ingress ### Ingress
@ -987,20 +1004,21 @@ To comply with the Forgejo helm chart definition of the digest parameter, a "cus
### Gitea ### Gitea
| Name | Description | Value | | Name | Description | Value |
| -------------------------------------- | --------------------------------------------------------------------------- | -------------------- | | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------- |
| `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` | | `gitea.admin.username` | Username for the Forgejo admin user | `gitea_admin` |
| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | | `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` |
| `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` | | `gitea.admin.password` | Password for the Forgejo admin user | `r8sA8CPHD9!bt6d` |
| `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` | | `gitea.admin.email` | Email for the Forgejo admin user | `gitea@local.domain` |
| `gitea.metrics.enabled` | Enable Forgejo metrics | `false` | | `gitea.admin.passwordMode` | Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated | `keepUpdated` |
| `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` | | `gitea.metrics.enabled` | Enable Forgejo metrics | `false` |
| `gitea.ldap` | LDAP configuration | `[]` | | `gitea.metrics.serviceMonitor.enabled` | Enable Forgejo metrics service monitor | `false` |
| `gitea.oauth` | OAuth configuration | `[]` | | `gitea.ldap` | LDAP configuration | `[]` |
| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | | `gitea.oauth` | OAuth configuration | `[]` |
| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | | `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` |
| `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` | | `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` |
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` | | `gitea.podAnnotations` | Annotations for the Forgejo pod | `{}` |
| `gitea.ssh.logLevel` | Configure OpenSSH's log level. Only available for root-based Forgejo image. | `INFO` |
### `app.ini` overrides ### `app.ini` overrides
@ -1098,14 +1116,28 @@ blocks, while the keys themselves remain in all caps.
Redis&reg; Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. Redis&reg; Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values.
Complete Configuration can be taken from their website. Complete Configuration can be taken from their website.
Redis cluster and [Redis](#redis) cannot be enabled at the same time.
| Name | Description | Value | | Name | Description | Value |
| -------------------------------- | -------------------------------------------- | ------- | | -------------------------------- | -------------------------------------------- | ------- |
| `redis-cluster.enabled` | Enable redis | `true` | | `redis-cluster.enabled` | Enable redis cluster | `true` |
| `redis-cluster.usePassword` | Whether to use password authentication | `false` | | `redis-cluster.usePassword` | Whether to use password authentication | `false` |
| `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` | | `redis-cluster.cluster.nodes` | Number of redis cluster master nodes | `3` |
| `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` | | `redis-cluster.cluster.replicas` | Number of redis cluster master node replicas | `0` |
### Redis&reg;
Redis&reg; is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values.
Complete Configuration can be taken from their website.
Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
| Name | Description | Value |
| ----------------------------- | ------------------------------------------ | ------------ |
| `redis.enabled` | Enable redis standalone or replicated | `false` |
| `redis.architecture` | Whether to use standalone or replication | `standalone` |
| `redis.global.redis.password` | Required password | `changeme` |
| `redis.master.count` | Number of Redis master instances to deploy | `1` |
### PostgreSQL HA ### PostgreSQL HA
PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values.

2
package.json
View file

@ -11,7 +11,7 @@
"prettier-fix": "prettier --write --ignore-unknown --cache '**/*.*'", "prettier-fix": "prettier --write --ignore-unknown --cache '**/*.*'",
"readme:lint": "markdownlint *.md -f", "readme:lint": "markdownlint *.md -f",
"readme:parameters": "readme-generator -v values.yaml -r README.md", "readme:parameters": "readme-generator -v values.yaml -r README.md",
"test": "helm unittest --strict -f 'unittests/**/*.yaml' -f 'unittests/dependency-major-image-check.yaml' ./" "test": "helm unittest --strict -f 'unittests/**/*.yaml' ./"
}, },
"devDependencies": { "devDependencies": {
"@bitnami/readme-generator-for-helm": "2.6.1", "@bitnami/readme-generator-for-helm": "2.6.1",

22
templates/_helpers.tpl
View file

@ -74,7 +74,7 @@ imagePullSecrets:
Storage Class Storage Class
*/}} */}}
{{- define "gitea.persistence.storageClass" -}} {{- define "gitea.persistence.storageClass" -}}
{{- $storageClass := .Values.persistence.storageClass | default .Values.global.storageClass }} {{- $storageClass := (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
{{- if $storageClass }} {{- if $storageClass }}
storageClassName: {{ $storageClass | quote }} storageClassName: {{ $storageClass | quote }}
{{- end }} {{- end }}
@ -113,20 +113,28 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}} {{- end -}}
{{- define "redis.dns" -}} {{- define "redis.dns" -}}
{{- if (index .Values "redis-cluster").enabled -}} {{- if and ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
{{- fail "redis and redis-cluster cannot be enabled at the same time. Please only choose one." -}}
{{- else if (index .Values "redis-cluster").enabled -}}
{{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}} {{- printf "redis+cluster://:%s@%s-redis-cluster-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis-cluster").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis-cluster").service.ports.redis -}}
{{- else if (index .Values "redis").enabled -}}
{{- printf "redis://:%s@%s-redis-headless.%s.svc.%s:%g/0?pool_size=100&idle_timeout=180s&" (index .Values "redis").global.redis.password .Release.Name .Release.Namespace .Values.clusterDomain (index .Values "redis").master.service.ports.redis -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "redis.port" -}} {{- define "redis.port" -}}
{{- if (index .Values "redis-cluster").enabled -}} {{- if (index .Values "redis-cluster").enabled -}}
{{ (index .Values "redis-cluster").service.ports.redis }} {{ (index .Values "redis-cluster").service.ports.redis }}
{{- else if (index .Values "redis").enabled -}}
{{ (index .Values "redis").master.service.ports.redis }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "redis.servicename" -}} {{- define "redis.servicename" -}}
{{- if (index .Values "redis-cluster").enabled -}} {{- if (index .Values "redis-cluster").enabled -}}
{{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}} {{- printf "%s-redis-cluster-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
{{- else if (index .Values "redis").enabled -}}
{{- printf "%s-redis-headless.%s.svc.%s" .Release.Name .Release.Namespace .Values.clusterDomain -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
@ -271,7 +279,7 @@ https
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
{{- end -}} {{- end -}}
{{- /* redis queue */ -}} {{- /* redis queue */ -}}
{{- if (index .Values "redis-cluster").enabled -}} {{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}} {{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
{{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}} {{- $_ := set .Values.gitea.config.queue "CONN_STR" (include "redis.dns" .) -}}
{{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}} {{- $_ := set .Values.gitea.config.session "PROVIDER" "redis" -}}
@ -392,3 +400,11 @@ https
{{- define "gitea.serviceAccountName" -}} {{- define "gitea.serviceAccountName" -}}
{{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }} {{ .Values.serviceAccount.name | default (include "gitea.fullname" .) }}
{{- end -}} {{- end -}}
{{- define "gitea.admin.passwordMode" -}}
{{- if has .Values.gitea.admin.passwordMode (tuple "keepUpdated" "initialOnlyNoReset" "initialOnlyRequireReset") -}}
{{ .Values.gitea.admin.passwordMode }}
{{- else -}}
{{ printf "gitea.admin.passwordMode must be set to one of 'keepUpdated', 'initialOnlyNoReset', or 'initialOnlyRequireReset'. Received: '%s'" .Values.gitea.admin.passwordMode | fail }}
{{- end -}}
{{- end -}}

2
templates/gitea/deployment.yaml
View file

@ -243,6 +243,8 @@ spec:
- name: GITEA_ADMIN_PASSWORD - name: GITEA_ADMIN_PASSWORD
value: {{ .Values.gitea.admin.password | quote }} value: {{ .Values.gitea.admin.password | quote }}
{{- end }} {{- end }}
- name: GITEA_ADMIN_PASSWORD_MODE
value: {{ include "gitea.admin.passwordMode" $ }}
{{- if .Values.deployment.env }} {{- if .Values.deployment.env }}
{{- toYaml .Values.deployment.env | nindent 12 }} {{- toYaml .Values.deployment.env | nindent 12 }}
{{- end }} {{- end }}

7
templates/gitea/http-svc.yaml
View file

@ -11,7 +11,11 @@ metadata:
{{- toYaml .Values.service.http.annotations | nindent 4 }} {{- toYaml .Values.service.http.annotations | nindent 4 }}
spec: spec:
type: {{ .Values.service.http.type }} type: {{ .Values.service.http.type }}
{{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} {{- if eq .Values.service.http.type "LoadBalancer" }}
{{- if .Values.service.http.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.http.loadBalancerClass }}
{{- end }}
{{- if and .Values.service.http.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} loadBalancerIP: {{ .Values.service.http.loadBalancerIP }}
{{- end }} {{- end }}
{{- if .Values.service.http.loadBalancerSourceRanges }} {{- if .Values.service.http.loadBalancerSourceRanges }}
@ -20,6 +24,7 @@ spec:
- {{ . }} - {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.service.http.externalIPs }} {{- if .Values.service.http.externalIPs }}
externalIPs: externalIPs:
{{- toYaml .Values.service.http.externalIPs | nindent 4 }} {{- toYaml .Values.service.http.externalIPs | nindent 4 }}

2
templates/gitea/ingress.yaml
View file

@ -21,7 +21,7 @@ metadata:
{{- end }} {{- end }}
spec: spec:
{{- if .Values.ingress.className }} {{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }} ingressClassName: {{ tpl .Values.ingress.className . }}
{{- end }} {{- end }}
{{- if .Values.ingress.tls }} {{- if .Values.ingress.tls }}
tls: tls:

21
templates/gitea/init.yaml
View file

@ -109,13 +109,26 @@ stringData:
local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}")
if [[ -z "${ACCOUNT_ID}" ]]; then if [[ -z "${ACCOUNT_ID}" ]]; then
local -a create_args
create_args=(--admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }})
if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = initialOnlyRequireReset ]]; then
create_args+=(--must-change-password=true)
else
create_args+=(--must-change-password=false)
fi
echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false gitea admin user create "${create_args[@]}"
echo '...created.' echo '...created.'
else else
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." if [[ "${GITEA_ADMIN_PASSWORD_MODE}" = keepUpdated ]]; then
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
echo '...password sync done.' local -a change_args
change_args=(--username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --must-change-password=false)
gitea admin user change-password "${change_args[@]}"
echo '...password sync done.'
else
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist, but update mode is set to '${GITEA_ADMIN_PASSWORD_MODE}'. Skipping."
fi
fi fi
} }

3
templates/gitea/ssh-svc.yaml
View file

@ -12,6 +12,9 @@ metadata:
spec: spec:
type: {{ .Values.service.ssh.type }} type: {{ .Values.service.ssh.type }}
{{- if eq .Values.service.ssh.type "LoadBalancer" }} {{- if eq .Values.service.ssh.type "LoadBalancer" }}
{{- if .Values.service.ssh.loadBalancerClass }}
loadBalancerClass: {{ .Values.service.ssh.loadBalancerClass }}
{{- end }}
{{- if .Values.service.ssh.loadBalancerIP }} {{- if .Values.service.ssh.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }}
{{- end -}} {{- end -}}

25
unittests/config/cache-config.yaml
View file

@ -8,6 +8,8 @@ tests:
set: set:
redis-cluster: redis-cluster:
enabled: true enabled: true
redis:
enabled: false
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
equal: equal:
@ -16,11 +18,28 @@ tests:
ADAPTER=redis ADAPTER=redis
HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& HOST=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "cache is configured correctly for 'memory' when redis-cluster is disabled" - it: 'cache is configured correctly for redis'
template: templates/gitea/config.yaml template: templates/gitea/config.yaml
set: set:
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.cache
value: |-
ADAPTER=redis
HOST=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "cache is configured correctly for 'memory' when redis (or redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
equal: equal:
@ -29,11 +48,13 @@ tests:
ADAPTER=memory ADAPTER=memory
HOST= HOST=
- it: 'cache can be customized when redis-cluster is disabled' - it: 'cache can be customized when redis (or redis-cluster) is disabled'
template: templates/gitea/config.yaml template: templates/gitea/config.yaml
set: set:
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: false
gitea.config.cache.ADAPTER: custom-adapter gitea.config.cache.ADAPTER: custom-adapter
gitea.config.cache.HOST: custom-host gitea.config.cache.HOST: custom-host
asserts: asserts:

25
unittests/config/queue-config.yaml
View file

@ -8,6 +8,8 @@ tests:
set: set:
redis-cluster: redis-cluster:
enabled: true enabled: true
redis:
enabled: false
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
equal: equal:
@ -16,11 +18,28 @@ tests:
CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& CONN_STR=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
TYPE=redis TYPE=redis
- it: "queue is configured correctly for 'levelDB' when redis-cluster is disabled" - it: 'queue is configured correctly for redis'
template: templates/gitea/config.yaml template: templates/gitea/config.yaml
set: set:
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.queue
value: |-
CONN_STR=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
TYPE=redis
- it: "queue is configured correctly for 'levelDB' when redis (and redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
equal: equal:
@ -29,11 +48,13 @@ tests:
CONN_STR= CONN_STR=
TYPE=level TYPE=level
- it: 'queue can be customized when redis-cluster is disabled' - it: 'queue can be customized when redis (and redis-cluster) are disabled'
template: templates/gitea/config.yaml template: templates/gitea/config.yaml
set: set:
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: false
gitea.config.queue.TYPE: custom-type gitea.config.queue.TYPE: custom-type
gitea.config.queue.CONN_STR: custom-connection-string gitea.config.queue.CONN_STR: custom-connection-string
asserts: asserts:

25
unittests/config/session-config.yaml
View file

@ -8,6 +8,8 @@ tests:
set: set:
redis-cluster: redis-cluster:
enabled: true enabled: true
redis:
enabled: false
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
equal: equal:
@ -16,11 +18,28 @@ tests:
PROVIDER=redis PROVIDER=redis
PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s& PROVIDER_CONFIG=redis+cluster://:@gitea-unittests-redis-cluster-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "session is configured correctly for 'memory' when redis-cluster is disabled" - it: 'session is configured correctly for redis'
template: templates/gitea/config.yaml template: templates/gitea/config.yaml
set: set:
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
equal:
path: stringData.session
value: |-
PROVIDER=redis
PROVIDER_CONFIG=redis://:changeme@gitea-unittests-redis-headless.testing.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
- it: "session is configured correctly for 'memory' when redis (and redis-cluster) is disabled"
template: templates/gitea/config.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: false
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
equal: equal:
@ -29,11 +48,13 @@ tests:
PROVIDER=memory PROVIDER=memory
PROVIDER_CONFIG= PROVIDER_CONFIG=
- it: 'session can be customized when redis-cluster is disabled' - it: 'session can be customized when redis (and redis-cluster) is disabled'
template: templates/gitea/config.yaml template: templates/gitea/config.yaml
set: set:
redis-cluster: redis-cluster:
enabled: false enabled: false
redis:
enabled: false
gitea.config.session.PROVIDER: custom-provider gitea.config.session.PROVIDER: custom-provider
gitea.config.session.PROVIDER_CONFIG: custom-provider-config gitea.config.session.PROVIDER_CONFIG: custom-provider-config
asserts: asserts:

17
unittests/dependency-major-image-check.yaml
View file

@ -34,9 +34,24 @@ tests:
set: set:
redis-cluster: redis-cluster:
enabled: true enabled: true
redis:
enabled: false
asserts: asserts:
- documentIndex: 0 - documentIndex: 0
matchRegex: matchRegex:
path: spec.template.spec.containers[0].image path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST # IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: ^docker.io/bitnami/redis-cluster:7.+$ pattern: bitnami/redis-cluster:7.+$
- it: '[redis] ensures we detect major image version upgrades'
template: charts/redis/templates/master/application.yaml
set:
redis-cluster:
enabled: false
redis:
enabled: true
asserts:
- documentIndex: 0
matchRegex:
path: spec.template.spec.containers[0].image
# IN CASE OF AN INTENTIONAL MAJOR BUMP, ADJUST THIS TEST
pattern: bitnami/redis:7.+$

24
unittests/deployment/ingress-configuration.yaml
View file

@ -15,9 +15,33 @@ tests:
hosts: hosts:
- '{{ .Values.global.giteaHostName }}' - '{{ .Values.global.giteaHostName }}'
asserts: asserts:
- isKind:
of: Ingress
- equal: - equal:
path: spec.tls[0].hosts[0] path: spec.tls[0].hosts[0]
value: 'gitea.example.com' value: 'gitea.example.com'
- equal: - equal:
path: spec.rules[0].host path: spec.rules[0].host
value: 'gitea.example.com' value: 'gitea.example.com'
- it: Ingress Class using TPL
set:
global.ingress.className: 'ingress-class'
ingress.className: '{{ .Values.global.ingress.className }}'
ingress.enabled: true
ingress.hosts[0].host: 'some-host'
ingress.tls:
- secretName: gitea-tls
hosts:
- 'some-host'
asserts:
- isKind:
of: Ingress
- equal:
path: spec.tls[0].hosts[0]
value: 'some-host'
- equal:
path: spec.rules[0].host
value: 'some-host'
- equal:
path: spec.ingressClassName
value: 'ingress-class'

67
unittests/deployment/svc-configuration.yaml
View file

@ -59,3 +59,70 @@ tests:
- equal: - equal:
path: spec.ports[0].targetPort path: spec.ports[0].targetPort
value: 2222 value: 2222
- it: render service.ssh.loadBalancerClass if set and type is LoadBalancer
template: templates/gitea/ssh-svc.yaml
set:
service:
ssh:
loadBalancerClass: 'example.com/class'
type: LoadBalancer
loadBalancerIP: '1.2.3.4'
loadBalancerSourceRanges:
- '1.2.3.4/32'
- '5.6.7.8/32'
asserts:
- equal:
path: spec.loadBalancerClass
value: 'example.com/class'
- equal:
path: spec.loadBalancerIP
value: '1.2.3.4'
- equal:
path: spec.loadBalancerSourceRanges
value: ['1.2.3.4/32', '5.6.7.8/32']
- it: does not render when loadbalancer properties are set but type is not loadBalancerClass
template: templates/gitea/http-svc.yaml
set:
service:
http:
type: ClusterIP
loadBalancerClass: 'example.com/class'
loadBalancerIP: '1.2.3.4'
loadBalancerSourceRanges:
- '1.2.3.4/32'
- '5.6.7.8/32'
asserts:
- notExists:
path: spec.loadBalancerClass
- notExists:
path: spec.loadBalancerIP
- notExists:
path: spec.loadBalancerSourceRanges
- it: does not render loadBalancerClass by default even when type is LoadBalancer
template: templates/gitea/http-svc.yaml
set:
service:
http:
type: LoadBalancer
loadBalancerIP: '1.2.3.4'
asserts:
- notExists:
path: spec.loadBalancerClass
- equal:
path: spec.loadBalancerIP
value: '1.2.3.4'
- it: both ssh and http services exist
templates:
- templates/gitea/ssh-svc.yaml
- templates/gitea/http-svc.yaml
asserts:
- matchRegex:
path: metadata.name
pattern: '^gitea-unittests-forgejo-(?:ssh|http)$'
- matchRegex:
path: spec.ports[0].name
pattern: '^(?:ssh|http)$'

19
unittests/pvc/pvc-configuration.yaml Normal file
View file

@ -0,0 +1,19 @@
suite: PVC template
release:
name: gitea-unittests
namespace: testing
templates:
- templates/gitea/pvc.yaml
tests:
- it: Storage Class using TPL
set:
global.persistence.storageClass: 'storage-class'
persistence.enabled: true
persistence.create: true
persistence.storageClass: '{{ .Values.global.persistence.storageClass }}'
asserts:
- isKind:
of: PersistentVolumeClaim
- equal:
path: spec.storageClassName
value: 'storage-class'

14
unittests/values-conflicting-checks.yaml Normal file
View file

@ -0,0 +1,14 @@
suite: Values conflicting checks
release:
name: gitea-unittests
namespace: testing
tests:
- it: fails when trying to configure redis and redis-cluster the same time
set:
redis-cluster:
enabled: true
redis:
enabled: true
asserts:
- failedTemplate:
errorMessage: redis and redis-cluster cannot be enabled at the same time. Please only choose one.

29
values.yaml
View file

@ -107,6 +107,7 @@ service:
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
## @param service.http.annotations HTTP service annotations ## @param service.http.annotations HTTP service annotations
## @param service.http.labels HTTP service additional labels ## @param service.http.labels HTTP service additional labels
## @param service.http.loadBalancerClass Loadbalancer class
http: http:
type: ClusterIP type: ClusterIP
port: 3000 port: 3000
@ -120,6 +121,7 @@ service:
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
annotations: {} annotations: {}
labels: {} labels: {}
loadBalancerClass:
## @param service.ssh.type Kubernetes service type for ssh traffic ## @param service.ssh.type Kubernetes service type for ssh traffic
## @param service.ssh.port Port number for ssh traffic ## @param service.ssh.port Port number for ssh traffic
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for deployment is None
@ -133,6 +135,7 @@ service:
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
## @param service.ssh.annotations SSH service annotations ## @param service.ssh.annotations SSH service annotations
## @param service.ssh.labels SSH service additional labels ## @param service.ssh.labels SSH service additional labels
## @param service.ssh.loadBalancerClass Loadbalancer class
ssh: ssh:
type: ClusterIP type: ClusterIP
port: 22 port: 22
@ -147,6 +150,7 @@ service:
loadBalancerSourceRanges: [] loadBalancerSourceRanges: []
annotations: {} annotations: {}
labels: {} labels: {}
loadBalancerClass:
## @section Ingress ## @section Ingress
## @param ingress.enabled Enable ingress ## @param ingress.enabled Enable ingress
@ -342,12 +346,14 @@ gitea:
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
## @param gitea.admin.password Password for the Forgejo admin user ## @param gitea.admin.password Password for the Forgejo admin user
## @param gitea.admin.email Email for the Forgejo admin user ## @param gitea.admin.email Email for the Forgejo admin user
## @param gitea.admin.passwordMode Mode for how to set/update the admin user password. Options are: initialOnlyNoReset, initialOnlyRequireReset, and keepUpdated
admin: admin:
# existingSecret: gitea-admin-secret # existingSecret: gitea-admin-secret
existingSecret: existingSecret:
username: gitea_admin username: gitea_admin
password: r8sA8CPHD9!bt6d password: r8sA8CPHD9!bt6d
email: 'gitea@local.domain' email: 'gitea@local.domain'
passwordMode: keepUpdated
## @param gitea.metrics.enabled Enable Forgejo metrics ## @param gitea.metrics.enabled Enable Forgejo metrics
## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor ## @param gitea.metrics.serviceMonitor.enabled Enable Forgejo metrics service monitor
@ -626,9 +632,10 @@ gitea:
## @descriptionStart ## @descriptionStart
## Redis&reg; Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values. ## Redis&reg; Cluster is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) if enabled in the values.
## Complete Configuration can be taken from their website. ## Complete Configuration can be taken from their website.
## Redis cluster and [Redis](#redis) cannot be enabled at the same time.
## @descriptionEnd ## @descriptionEnd
# #
## @param redis-cluster.enabled Enable redis ## @param redis-cluster.enabled Enable redis cluster
## @param redis-cluster.usePassword Whether to use password authentication ## @param redis-cluster.usePassword Whether to use password authentication
## @param redis-cluster.cluster.nodes Number of redis cluster master nodes ## @param redis-cluster.cluster.nodes Number of redis cluster master nodes
## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas ## @param redis-cluster.cluster.replicas Number of redis cluster master node replicas
@ -639,6 +646,26 @@ redis-cluster:
nodes: 3 # default: 6 nodes: 3 # default: 6
replicas: 0 # default: 1 replicas: 0 # default: 1
## @section Redis&reg;
## @descriptionStart
## Redis&reg; is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/redis) if enabled in the values.
## Complete Configuration can be taken from their website.
## Redis and [Redis cluster](#redis-cluster) cannot be enabled at the same time.
## @descriptionEnd
#
## @param redis.enabled Enable redis standalone or replicated
## @param redis.architecture Whether to use standalone or replication
## @param redis.global.redis.password Required password
## @param redis.master.count Number of Redis master instances to deploy
redis:
enabled: false
architecture: standalone
global:
redis:
password: changeme
master:
count: 1
## @section PostgreSQL HA ## @section PostgreSQL HA
## @descriptionStart ## @descriptionStart
## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values. ## PostgreSQL HA is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) if enabled in the values.