fix

apps/gitea/apps_v1_Deployment_gitea-memcached.yaml

@@ -1,89 +0,0 @@
-# Source: gitea/charts/memcached/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gitea-memcached
-  namespace: vynil-ci
-  labels:
-    app.kubernetes.io/name: memcached
-    helm.sh/chart: memcached-6.3.14
-    app.kubernetes.io/instance: gitea
-    app.kubernetes.io/managed-by: Helm
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: memcached
-      app.kubernetes.io/instance: gitea
-  replicas: 1
-  strategy:
-    rollingUpdate: {}
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: memcached
-        helm.sh/chart: memcached-6.3.14
-        app.kubernetes.io/instance: gitea
-        app.kubernetes.io/managed-by: Helm
-      annotations:
-    spec:
-      
-      affinity:
-        podAffinity:
-          
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - podAffinityTerm:
-                labelSelector:
-                  matchLabels:
-                    app.kubernetes.io/name: memcached
-                    app.kubernetes.io/instance: gitea
-                topologyKey: kubernetes.io/hostname
-              weight: 1
-        nodeAffinity:
-          
-      securityContext:
-        fsGroup: 1001
-      serviceAccountName: default
-      containers:
-        - name: memcached
-          image: docker.io/bitnami/memcached:1.6.19-debian-11-r7
-          imagePullPolicy: "IfNotPresent"
-          securityContext:
-            runAsNonRoot: true
-            runAsUser: 1001
-          env:
-            - name: BITNAMI_DEBUG
-              value: "false"
-            - name: MEMCACHED_PORT_NUMBER
-              value: "11211"
-          ports:
-            - name: memcache
-              containerPort: 11211
-          livenessProbe:
-            failureThreshold: 6
-            initialDelaySeconds: 30
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 5
-            tcpSocket:
-              port: memcache
-          readinessProbe:
-            failureThreshold: 6
-            initialDelaySeconds: 5
-            periodSeconds: 5
-            successThreshold: 1
-            timeoutSeconds: 3
-            tcpSocket:
-              port: memcache
-          resources:
-            limits: {}
-            requests:
-              cpu: 250m
-              memory: 256Mi
-          volumeMounts:
-            - name: tmp
-              mountPath: /tmp
-      volumes:
-        - name: tmp
-          emptyDir: {}

apps/gitea/apps_v1_Deployment_gitea.yaml

@@ -1,36 +1,40 @@
-# Source: gitea/templates/gitea/statefulset.yaml
+# Source: gitea/templates/gitea/deployment.yaml
 apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
 metadata:
   name: gitea
   annotations:
   labels:
-    helm.sh/chart: gitea-8.3.0
+    helm.sh/chart: gitea-9.5.0
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: gitea
-    app.kubernetes.io/version: "1.19.3"
+    app.kubernetes.io/version: "1.20.5"
-    version: "1.19.3"
+    version: "1.20.5"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 100%
   selector:
     matchLabels:
       app.kubernetes.io/name: gitea
       app.kubernetes.io/instance: gitea
-  serviceName: gitea
   template:
     metadata:
       annotations:
-        checksum/config: 234d12dce3bffb5b46e857b1e3afc54c872531615a53a40b15776bb4e1e23fa0
+        checksum/config: ad2ce0a245d17a13676e98bfc6d1833351e36e913af45f98b89299cc83f3fc11
-        checksum/ldap_0: 9356e28431e375c7fc7d624460a9f41c243f14c3f9765c40aa2b13cf46203eaf
+        checksum/ldap_0: d9e7446d3ea8b10f29ff9cb1e1a885db73ccb22f3d1a9e054611607e1c168226
       labels:
-        helm.sh/chart: gitea-8.3.0
+        helm.sh/chart: gitea-9.5.0
         app: gitea
         app.kubernetes.io/name: gitea
         app.kubernetes.io/instance: gitea
-        app.kubernetes.io/version: "1.19.3"
+        app.kubernetes.io/version: "1.20.5"
-        version: "1.19.3"
+        version: "1.20.5"
         app.kubernetes.io/managed-by: Helm
     spec:
       
@@ -38,7 +42,7 @@ spec:
         fsGroup: 1000
       initContainers:
         - name: init-directories
-          image: "gitea/gitea:1.19.3"
+          image: "gitea/gitea:1.20.5-rootless"
           imagePullPolicy: Always
           command: ["/usr/sbin/init_directory_structure.sh"]
           env:
@@ -50,8 +54,6 @@ spec:
               value: /data
             - name: GITEA_TEMP
               value: /tmp/gitea
-            - name: TZ
-              value: Europe/Paris
           volumeMounts:
             - name: init
               mountPath: /usr/sbin
@@ -70,7 +72,7 @@ spec:
               cpu: 100m
               memory: 128Mi
         - name: init-app-ini
-          image: "gitea/gitea:1.19.3"
+          image: "gitea/gitea:1.20.5-rootless"
           imagePullPolicy: Always
           command: ["/usr/sbin/config_environment.sh"]
           env:
@@ -82,8 +84,6 @@ spec:
               value: /data
             - name: GITEA_TEMP
               value: /tmp/gitea
-            - name: TZ
-              value: Europe/Paris
             - name: ENV_TO_INI__DATABASE__LOG_SQL
               value: "false"
             - name: ENV_TO_INI__LOG__LEVEL
@@ -108,7 +108,7 @@ spec:
               cpu: 100m
               memory: 128Mi
         - name: configure-gitea
-          image: "gitea/gitea:1.19.3"
+          image: "gitea/gitea:1.20.5-rootless"
           command: ["/usr/sbin/configure_gitea.sh"]
           imagePullPolicy: Always
           securityContext:
@@ -125,6 +125,8 @@ spec:
               value: /data
             - name: GITEA_TEMP
               value: /tmp/gitea
+            - name: HOME
+              value: /data/gitea/git
             - name: GITEA_LDAP_BIND_DN_0
               valueFrom:
                 secretKeyRef:
@@ -145,8 +147,6 @@ spec:
                 secretKeyRef:
                   key:  password
                   name: gitea-admin-user
-            - name: TZ
-              value: Europe/Paris
           volumeMounts:
             - name: init
               mountPath: /usr/sbin
@@ -163,7 +163,7 @@ spec:
       terminationGracePeriodSeconds: 60
       containers:
         - name: gitea
-          image: "gitea/gitea:1.19.3"
+          image: "gitea/gitea:1.20.5-rootless"
           imagePullPolicy: Always
           env:
             # SSH Port values have to be set here as well for openssh configuration
@@ -171,8 +171,6 @@ spec:
               value: "2222"
             - name: SSH_PORT
               value: "2222"
-            - name: SSH_LOG_LEVEL
-              value: "INFO"
             - name: GITEA_APP_INI
               value: /data/gitea/conf/app.ini
             - name: GITEA_CUSTOM
@@ -183,8 +181,8 @@ spec:
               value: /tmp/gitea
             - name: TMPDIR
               value: /tmp/gitea
-            - name: TZ
+            - name: HOME
-              value: Europe/Paris
+              value: /data/gitea/git
           ports:
             - name: ssh
               containerPort: 2222
@@ -236,12 +234,6 @@ spec:
             secretName: gitea-inline-config
         - name: temp
           emptyDir: {}
-  volumeClaimTemplates:
+        - name: data
-    - metadata:
+          persistentVolumeClaim:
-        name: data
+            claimName: gitea-shared-storage
-      spec:
-        accessModes:
-            - "ReadWriteOnce"        
-        resources:
-          requests:
-            storage: "10Gi"

apps/gitea/datas.tf

@@ -37,11 +37,6 @@ data "kustomization_overlay" "data" {
   common_labels = local.common-labels
   namespace = var.namespace
   resources = [for file in fileset(path.module, "*.yaml"): file if ! contains(["index.yaml", "v1_ConfigMap_gitea-themes.yaml"], file)]
-  images {
-    name = "docker.io/bitnami/memcached"
-    new_name = "${var.images.memcached.registry}/${var.images.memcached.repository}"
-    new_tag = "${var.images.memcached.tag}"
-  }
   patches {
     target {
       kind = "Deployment"
@@ -102,14 +97,25 @@ data "kustomization_overlay" "data" {
                 value: "INFO"
               - name: TZ
                 value: ${var.timezone}
-        volumeClaimTemplates:
+    EOF
-        - metadata:
+  }
-            name: data
+
+  patches {
+    target {
+      kind = "PersistentVolumeClaim"
+      name = "gitea-shared-storage"
+    }
+    patch = <<-EOF
+      kind: PersistentVolumeClaim
+      apiVersion: v1
+      metadata:
+        name: gitea-shared-storage
         annotations:
           k8up.io/backup: "true"
       spec:
         accessModes:
-            - "ReadWriteOnce"
+        - "${var.volume.accessMode}"
+        volumeMode: Filesystem
         resources:
           requests:
             storage: "${var.volume.size}"

apps/gitea/index.rhai

@@ -4,7 +4,7 @@ const SRC=src;
 const DEST=dest;
 fn pre_pack() {
     shell("helm repo add gitea-charts https://dl.gitea.io/charts/");
-    shell(`helm template gitea --version 8.3.0 gitea-charts/gitea --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`);
+    shell(`helm template gitea --version 9.5.0 gitea-charts/gitea --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`);
 }
 fn post_pack() {
     shell(`rm -f ${global::DEST}/v1_Pod_gitea-test-connection.yaml`);

apps/gitea/index.yaml

@@ -9,40 +9,55 @@ metadata:
     A painless self-hosted Git service.
     Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
 options:
-  push-create:
+  load-balancer:
     default:
-      org: 'true'
+      ip: ''
-      private: 'false'
-      user: 'true'
     examples:
-    - org: 'true'
+    - ip: ''
-      private: 'false'
-      user: 'true'
     properties:
-      org:
+      ip:
-        default: 'true'
+        default: ''
-        type: string
-      private:
-        default: 'false'
-        type: string
-      user:
-        default: 'true'
         type: string
     type: object
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  sub-domain:
+    default: git
+    examples:
+    - git
+    type: string
   disable-registration:
     default: true
     examples:
     - true
     type: boolean
+  default-branch:
+    default: main
+    examples:
+    - main
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
   domain:
     default: your-company
     examples:
     - your-company
     type: string
-  timezone:
+  app-group:
-    default: Europe/Paris
+    default: dev
     examples:
-    - Europe/Paris
+    - dev
+    type: string
+  release:
+    default: 8.3.0
+    examples:
+    - 8.3.0
     type: string
   replicas:
     default: 1
@@ -69,153 +84,10 @@ options:
         default: gitea_admin
         type: string
     type: object
-  issuer:
+  timezone:
-    default: letsencrypt-prod
+    default: Europe/Paris
     examples:
-    - letsencrypt-prod
+    - Europe/Paris
-    type: string
-  app-group:
-    default: dev
-    examples:
-    - dev
-    type: string
-  postgres:
-    default:
-      replicas: 1
-      storage: 10Gi
-      version: '14'
-    examples:
-    - replicas: 1
-      storage: 10Gi
-      version: '14'
-    properties:
-      replicas:
-        default: 1
-        type: integer
-      storage:
-        default: 10Gi
-        type: string
-      version:
-        default: '14'
-        type: string
-    type: object
-  release:
-    default: 8.3.0
-    examples:
-    - 8.3.0
-    type: string
-  volume:
-    default:
-      size: 10Gi
-    examples:
-    - size: 10Gi
-    properties:
-      size:
-        default: 10Gi
-        type: string
-    type: object
-  images:
-    default:
-      gitea:
-        pullPolicy: IfNotPresent
-        registry: docker.io
-        repository: gitea/gitea
-        tag: 1.19.3
-      memcached:
-        registry: docker.io
-        repository: bitnami/memcached
-        tag: 1.6.22
-    examples:
-    - gitea:
-        pullPolicy: IfNotPresent
-        registry: docker.io
-        repository: gitea/gitea
-        tag: 1.19.3
-      memcached:
-        registry: docker.io
-        repository: bitnami/memcached
-        tag: 1.6.22
-    properties:
-      gitea:
-        default:
-          pullPolicy: IfNotPresent
-          registry: docker.io
-          repository: gitea/gitea
-          tag: 1.19.3
-        properties:
-          pullPolicy:
-            default: IfNotPresent
-            enum:
-            - Always
-            - Never
-            - IfNotPresent
-            type: string
-          registry:
-            default: docker.io
-            type: string
-          repository:
-            default: gitea/gitea
-            type: string
-          tag:
-            default: 1.19.3
-            type: string
-        type: object
-      memcached:
-        default:
-          registry: docker.io
-          repository: bitnami/memcached
-          tag: 1.6.22
-        properties:
-          registry:
-            default: docker.io
-            type: string
-          repository:
-            default: bitnami/memcached
-            type: string
-          tag:
-            default: 1.6.22
-            type: string
-        type: object
-    type: object
-  theme:
-    default: gitea-modern
-    examples:
-    - gitea-modern
-    type: string
-  load-balancer:
-    default:
-      ip: ''
-    examples:
-    - ip: ''
-    properties:
-      ip:
-        default: ''
-        type: string
-    type: object
-  sub-domain:
-    default: git
-    examples:
-    - git
-    type: string
-  webhook:
-    default:
-      allowed-hosts: private
-      skip-tls-verify: false
-    examples:
-    - allowed-hosts: private
-      skip-tls-verify: false
-    properties:
-      allowed-hosts:
-        default: private
-        type: string
-      skip-tls-verify:
-        default: false
-        type: boolean
-    type: object
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
     type: string
   backups:
     default:
@@ -323,15 +195,161 @@ options:
         default: false
         type: boolean
     type: object
-  ingress-class:
+  webhook:
-    default: traefik
+    default:
+      allowed-hosts: private
+      skip-tls-verify: false
     examples:
-    - traefik
+    - allowed-hosts: private
+      skip-tls-verify: false
+    properties:
+      allowed-hosts:
+        default: private
         type: string
-  default-branch:
+      skip-tls-verify:
-    default: main
+        default: false
+        type: boolean
+    type: object
+  images:
+    default:
+      gitea:
+        pullPolicy: IfNotPresent
+        registry: docker.io
+        repository: gitea/gitea
+        tag: 1.20.5-rootless
     examples:
-    - main
+    - gitea:
+        pullPolicy: IfNotPresent
+        registry: docker.io
+        repository: gitea/gitea
+        tag: 1.20.5-rootless
+    properties:
+      gitea:
+        default:
+          pullPolicy: IfNotPresent
+          registry: docker.io
+          repository: gitea/gitea
+          tag: 1.20.5-rootless
+        properties:
+          pullPolicy:
+            default: IfNotPresent
+            enum:
+            - Always
+            - Never
+            - IfNotPresent
+            type: string
+          registry:
+            default: docker.io
+            type: string
+          repository:
+            default: gitea/gitea
+            type: string
+          tag:
+            default: 1.20.5-rootless
+            type: string
+        type: object
+    type: object
+  volume:
+    default:
+      accessMode: ReadWriteOnce
+      size: 10Gi
+    examples:
+    - accessMode: ReadWriteOnce
+      size: 10Gi
+    properties:
+      accessMode:
+        default: ReadWriteOnce
+        enum:
+        - ReadWriteOnce
+        - ReadOnlyMany
+        - ReadWriteMany
+        type: string
+      size:
+        default: 10Gi
+        type: string
+    type: object
+  theme:
+    default: gitea-modern
+    examples:
+    - gitea-modern
+    type: string
+  redis:
+    default:
+      exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.12
+      storage: 2Gi
+    examples:
+    - exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.12
+      storage: 2Gi
+    properties:
+      exporter:
+        default:
+          enabled: true
+          image: quay.io/opstree/redis-exporter:v1.44.0
+        properties:
+          enabled:
+            default: true
+            type: boolean
+          image:
+            default: quay.io/opstree/redis-exporter:v1.44.0
+            type: string
+        type: object
+      image:
+        default: quay.io/opstree/redis:v7.0.12
+        type: string
+      storage:
+        default: 2Gi
+        type: string
+    type: object
+  push-create:
+    default:
+      org: 'true'
+      private: 'false'
+      user: 'true'
+    examples:
+    - org: 'true'
+      private: 'false'
+      user: 'true'
+    properties:
+      org:
+        default: 'true'
+        type: string
+      private:
+        default: 'false'
+        type: string
+      user:
+        default: 'true'
+        type: string
+    type: object
+  postgres:
+    default:
+      replicas: 1
+      storage: 10Gi
+      version: '14'
+    examples:
+    - replicas: 1
+      storage: 10Gi
+      version: '14'
+    properties:
+      replicas:
+        default: 1
+        type: integer
+      storage:
+        default: 10Gi
+        type: string
+      version:
+        default: '14'
+        type: string
+    type: object
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
     type: string
 dependencies:
 - dist: null

apps/gitea/inline-config.tf

@@ -11,9 +11,21 @@ resource "kubernetes_secret_v1" "gitea_inline_config" {
     security     = "INSTALL_LOCK=true"
     service      =  "DISABLE_REGISTRATION=${var.disable-registration}"
     cache        = <<-EOF
-ADAPTER=memcache
+ADAPTER=redis
 ENABLED=true
-HOST=gitea-memcached.${var.namespace}.svc:11211
+HOST=redis://:@${var.instance}-${var.component}-redis-headless.${var.namespace}.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+    EOF
+    queue = <<-EOF
+CONN_STR=redis://:@${var.instance}-${var.component}-redis-headless.${var.namespace}.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+TYPE=redis
+    EOF
+    session = <<-EOF
+PROVIDER=db
+PROVIDER_CONFIG=redis://:@${var.instance}-${var.component}-redis-headless.${var.namespace}.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+    EOF
+    indexer = <<-EOF
+ISSUE_INDEXER_TYPE=bleve
+REPO_INDEXER_ENABLED=true
     EOF
     database = <<-EOF
 DB_TYPE=postgres
@@ -39,6 +51,7 @@ ROOT_URL=https://${var.sub-domain}.${var.domain-name}
 SSH_DOMAIN=${var.sub-domain}.${var.domain-name}
 SSH_LISTEN_PORT=${var.ssh-port}
 SSH_PORT=${var.ssh-port}
+START_SSH_SERVER=true
     EOF
     ui = <<-EOF
 DEFAULT_THEME=${var.theme}

apps/gitea/redis.tf

@@ -0,0 +1,32 @@
+locals {
+  redis-labels = merge(local.common-labels, {
+    "app.kubernetes.io/component" = "redis"
+  })
+}
+resource "kubectl_manifest" "prj_redis" {
+  yaml_body  = <<-EOF
+    apiVersion: "redis.redis.opstreelabs.in/v1beta1"
+    kind: "Redis"
+    metadata:
+      name: "${var.instance}-${var.component}-redis"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.redis-labels)}
+    spec:
+      kubernetesConfig:
+        image: "${var.redis.image}"
+        imagePullPolicy: "IfNotPresent"
+      storage:
+        volumeClaimTemplate:
+          spec:
+            accessModes: ["ReadWriteOnce"]
+            resources:
+              requests:
+                storage: "${var.redis.storage}"
+      redisExporter:
+        enabled: ${var.redis.exporter.enabled}
+        image: "${var.redis.exporter.image}"
+      securityContext:
+        runAsUser: 1000
+        fsGroup: 1000
+  EOF
+}

apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml

@@ -0,0 +1,15 @@
+# Source: gitea/templates/gitea/pvc.yaml
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: gitea-shared-storage
+  namespace: vynil-ci
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 10Gi

apps/gitea/v1_Secret_gitea-init.yaml

@@ -4,12 +4,12 @@ kind: Secret
 metadata:
   name: gitea-init
   labels:
-    helm.sh/chart: gitea-8.3.0
+    helm.sh/chart: gitea-9.5.0
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: gitea
-    app.kubernetes.io/version: "1.19.3"
+    app.kubernetes.io/version: "1.20.5"
-    version: "1.19.3"
+    version: "1.20.5"
     app.kubernetes.io/managed-by: Helm
 type: Opaque
 stringData:
@@ -24,14 +24,12 @@ stringData:
     set -euo pipefail
 
     set -x
-    chown 1000:1000 /data
     mkdir -p /data/git/.ssh
     chmod -R 700 /data/git/.ssh
     [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf
 
     # prepare temp directory structure
     mkdir -p "${GITEA_TEMP}"
-    chown 1000:1000 "${GITEA_TEMP}"
     chmod ug+rwx "${GITEA_TEMP}"
 
     
@@ -65,16 +63,16 @@ stringData:
     configure_admin_user
 
     function configure_ldap() {
-      local LDAP_NAME='Authentik'
+      local LDAP_NAME='vynil'
       local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " "  "{print \$1}")
 
       if [[ -z "${GITEA_AUTH_ID}" ]]; then
         echo "No ldap configuration found with name "${LDAP_NAME}". Installing it now..."
-        gitea admin auth add-ldap --admin-filter "${LDAP_ADMIN_FILTER}" --avatar-attribute 'jpegPhoto' --bind-dn "${GITEA_LDAP_BIND_DN_0}" --bind-password "${GITEA_LDAP_PASSWORD_0}" --email-attribute 'mail' --firstname-attribute 'givenname' --host "${LDAP_HOST}" --name 'Authentik' --port 389 --security-protocol 'unencrypted' --surname-attribute 'name' --user-filter "${LDAP_USER_FILTER}" --user-search-base "${LDAP_USER_SEARCH_BASE}" --username-attribute 'cn' 
+        gitea admin auth add-ldap --admin-filter "${LDAP_ADMIN_FILTER}" --avatar-attribute 'jpegPhoto' --bind-dn "${GITEA_LDAP_BIND_DN_0}" --bind-password "${GITEA_LDAP_PASSWORD_0}" --email-attribute 'mail' --firstname-attribute 'givenname' --host "${LDAP_HOST}" --name 'vynil' --port 389 --security-protocol 'unencrypted' --surname-attribute 'name' --user-filter "${LDAP_USER_FILTER}" --user-search-base "${LDAP_USER_SEARCH_BASE}" --username-attribute 'cn' 
         echo '...installed.'
       else
         echo "Existing ldap configuration with name "${LDAP_NAME}": '${GITEA_AUTH_ID}'. Running update to sync settings..."
-        gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" --admin-filter "${LDAP_ADMIN_FILTER}" --avatar-attribute 'jpegPhoto' --bind-dn "${GITEA_LDAP_BIND_DN_0}" --bind-password "${GITEA_LDAP_PASSWORD_0}" --email-attribute 'mail' --firstname-attribute 'givenname' --host "${LDAP_HOST}" --name 'Authentik' --port 389 --security-protocol 'unencrypted' --surname-attribute 'name' --user-filter "${LDAP_USER_FILTER}" --user-search-base "${LDAP_USER_SEARCH_BASE}" --username-attribute 'cn' 
+        gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" --admin-filter "${LDAP_ADMIN_FILTER}" --avatar-attribute 'jpegPhoto' --bind-dn "${GITEA_LDAP_BIND_DN_0}" --bind-password "${GITEA_LDAP_PASSWORD_0}" --email-attribute 'mail' --firstname-attribute 'givenname' --host "${LDAP_HOST}" --name 'vynil' --port 389 --security-protocol 'unencrypted' --surname-attribute 'name' --user-filter "${LDAP_USER_FILTER}" --user-search-base "${LDAP_USER_SEARCH_BASE}" --username-attribute 'cn' 
         echo '...sync settings done.'
       fi
     }

apps/gitea/v1_Secret_gitea.yaml

@@ -4,15 +4,16 @@ kind: Secret
 metadata:
   name: gitea
   labels:
-    helm.sh/chart: gitea-8.3.0
+    helm.sh/chart: gitea-9.5.0
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: gitea
-    app.kubernetes.io/version: "1.19.3"
+    app.kubernetes.io/version: "1.20.5"
-    version: "1.19.3"
+    version: "1.20.5"
     app.kubernetes.io/managed-by: Helm
 type: Opaque
 stringData:
+  assertions: |
   config_environment.sh: |-
     #!/usr/bin/env bash
     set -euo pipefail
@@ -50,14 +51,14 @@ stringData:
       env2ini::log "    + '${setting}'"
 
       if [[ -z "${section}" ]]; then
-        export "ENV_TO_INI____${setting^^}=${value}"                           # '^^' makes the variable content uppercase
+        export "GITEA____${setting^^}=${value}"                           # '^^' makes the variable content uppercase
         return
       fi
 
       local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches
       masked_section="${masked_section//-/_0X2D_}"
 
-      export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
+      export "GITEA__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
     }
 
     function env2ini::reload_preset_envs() {
@@ -131,15 +132,16 @@ stringData:
       #   - initially used to set up Gitea
       # Anyway, they won't harm existing app.ini files
 
-      export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
+      export GITEA__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
-      export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
+      export GITEA__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
-      export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
+      export GITEA__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
-      export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
+      export GITEA__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
 
       env2ini::log "...Initial secrets generated\n"
     }
     
-    env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs
+    # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
+    env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs
     
     # MUST BE CALLED BEFORE OTHER CONFIGURATION
     env2ini::generate_initial_secrets
@@ -160,10 +162,10 @@ stringData:
       env2ini::log '  - oauth2.JWT_SECRET'
       env2ini::log '  - server.LFS_JWT_SECRET'
 
-      unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
+      unset GITEA__SECURITY__INTERNAL_TOKEN
-      unset ENV_TO_INI__SECURITY__SECRET_KEY
+      unset GITEA__SECURITY__SECRET_KEY
-      unset ENV_TO_INI__OAUTH2__JWT_SECRET
+      unset GITEA__OAUTH2__JWT_SECRET
-      unset ENV_TO_INI__SERVER__LFS_JWT_SECRET
+      unset GITEA__SERVER__LFS_JWT_SECRET
     fi
 
-    environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
+    environment-to-ini -o $GITEA_APP_INI

apps/gitea/v1_Service_gitea-http.yaml

@@ -4,12 +4,12 @@ kind: Service
 metadata:
   name: gitea-http
   labels:
-    helm.sh/chart: gitea-8.3.0
+    helm.sh/chart: gitea-9.5.0
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: gitea
-    app.kubernetes.io/version: "1.19.3"
+    app.kubernetes.io/version: "1.20.5"
-    version: "1.19.3"
+    version: "1.20.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
     {}
@@ -19,7 +19,7 @@ spec:
   ports:
   - name: http
     port: 3000
-    targetPort: 3000
+    targetPort: 
   selector:
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: gitea

apps/gitea/v1_Service_gitea-memcached.yaml

@@ -1,23 +0,0 @@
-# Source: gitea/charts/memcached/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea-memcached
-  namespace: vynil-ci
-  labels:
-    app.kubernetes.io/name: memcached
-    helm.sh/chart: memcached-6.3.14
-    app.kubernetes.io/instance: gitea
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-spec:
-  type: ClusterIP
-  sessionAffinity: None
-  ports:
-    - name: memcache
-      port: 11211
-      targetPort: memcache
-      nodePort: null
-  selector:
-    app.kubernetes.io/name: memcached
-    app.kubernetes.io/instance: gitea

apps/gitea/v1_Service_gitea-ssh.yaml

@@ -4,12 +4,12 @@ kind: Service
 metadata:
   name: gitea-ssh
   labels:
-    helm.sh/chart: gitea-8.3.0
+    helm.sh/chart: gitea-9.5.0
     app: gitea
     app.kubernetes.io/name: gitea
     app.kubernetes.io/instance: gitea
-    app.kubernetes.io/version: "1.19.3"
+    app.kubernetes.io/version: "1.20.5"
-    version: "1.19.3"
+    version: "1.20.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
     metallb.universe.tf/address-pool: mlb-pool-public