diff --git a/apps/gitea/apps_v1_Deployment_gitea.yaml b/apps/gitea/apps_v1_Deployment_gitea.yaml index 1c33d49..aa7a909 100644 --- a/apps/gitea/apps_v1_Deployment_gitea.yaml +++ b/apps/gitea/apps_v1_Deployment_gitea.yaml @@ -5,12 +5,12 @@ metadata: name: gitea annotations: labels: - helm.sh/chart: gitea-9.5.0 + helm.sh/chart: gitea-10.1.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.21.11" + version: "1.21.11" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -26,15 +26,15 @@ spec: template: metadata: annotations: - checksum/config: ad2ce0a245d17a13676e98bfc6d1833351e36e913af45f98b89299cc83f3fc11 + checksum/config: d717f60ade106d6c565601b0ad889768e36e11d1355dfa3556467d525646fab9 checksum/oauth_0: 8082487c20cf56dc3aff5b15ecf79483bc184c497ffb48237cf48c1a8757fcf2 labels: - helm.sh/chart: gitea-9.5.0 + helm.sh/chart: gitea-10.1.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.21.11" + version: "1.21.11" app.kubernetes.io/managed-by: Helm spec: @@ -42,8 +42,8 @@ spec: fsGroup: 1000 initContainers: - name: init-directories - image: "gitea/gitea:1.20.5-rootless" - imagePullPolicy: Always + image: "gitea/gitea:1.21.11-rootless" + imagePullPolicy: IfNotPresent command: ["/usr/sbin/init_directory_structure.sh"] env: - name: GITEA_APP_INI @@ -72,8 +72,8 @@ spec: cpu: 100m memory: 128Mi - name: init-app-ini - image: "gitea/gitea:1.20.5-rootless" - imagePullPolicy: Always + image: "gitea/gitea:1.21.11-rootless" + imagePullPolicy: IfNotPresent command: ["/usr/sbin/config_environment.sh"] env: - name: GITEA_APP_INI @@ -108,9 +108,9 @@ spec: cpu: 100m memory: 128Mi - name: configure-gitea - image: "gitea/gitea:1.20.5-rootless" + image: "gitea/gitea:1.21.11-rootless" command: ["/usr/sbin/configure_gitea.sh"] - imagePullPolicy: Always + imagePullPolicy: IfNotPresent securityContext: capabilities: add: @@ -163,8 +163,8 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: gitea - image: "gitea/gitea:1.20.5-rootless" - imagePullPolicy: Always + image: "gitea/gitea:1.21.11-rootless" + imagePullPolicy: IfNotPresent env: # SSH Port values have to be set here as well for openssh configuration - name: SSH_LISTEN_PORT diff --git a/apps/gitea/check.rhai b/apps/gitea/check.rhai new file mode 100644 index 0000000..1d67ecd --- /dev/null +++ b/apps/gitea/check.rhai @@ -0,0 +1,13 @@ +const DOMAIN = config.domain; +fn check_domain() { + assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`); +} +fn check_authentik() { + assert(have_namespace(`${global::DOMAIN}-auth`), `There is no ${global::DOMAIN}-auth namespace`); + assert(have_install(`${global::DOMAIN}-auth`, "authentik"), `No authentik installation in ${global::DOMAIN}-auth`); + assert(have_secret(`${global::DOMAIN}-auth`, "authentik"), `No authentik secret in ${global::DOMAIN}-auth`); +} +fn pre_check() { + check_domain(); + check_authentik(); +} diff --git a/apps/gitea/datas.tf b/apps/gitea/datas.tf index f204441..719cf66 100644 --- a/apps/gitea/datas.tf +++ b/apps/gitea/datas.tf @@ -136,6 +136,7 @@ data "kustomization_overlay" "data" { - name: gitea image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}" imagePullPolicy: IfNotPresent + resources: ${jsonencode(var.resources)} volumeMounts: - name: certs mountPath: /etc/ssl/certs diff --git a/apps/gitea/index.rhai b/apps/gitea/index.rhai new file mode 100644 index 0000000..18c01ac --- /dev/null +++ b/apps/gitea/index.rhai @@ -0,0 +1,5 @@ +const NS=config.namespace; +const SRC=src; +fn pre_install() { + shell(`kubectl create -n ${global::NS} -f ${global::SRC}/v1_ConfigMap_gitea-themes.yaml || :`); +} diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index 80e7d2d..378ba23 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -161,7 +161,7 @@ options: pull_policy: IfNotPresent registry: docker.io repository: gitea/gitea - tag: 1.20.5-rootless + tag: 1.21.11-rootless postgresql: registry: ghcr.io repository: cloudnative-pg/postgresql @@ -181,7 +181,7 @@ options: pull_policy: IfNotPresent registry: docker.io repository: gitea/gitea - tag: 1.20.5-rootless + tag: 1.21.11-rootless postgresql: registry: ghcr.io repository: cloudnative-pg/postgresql @@ -202,7 +202,7 @@ options: pull_policy: IfNotPresent registry: docker.io repository: gitea/gitea - tag: 1.20.5-rootless + tag: 1.21.11-rootless properties: pull_policy: default: IfNotPresent @@ -218,7 +218,7 @@ options: default: gitea/gitea type: string tag: - default: 1.20.5-rootless + default: 1.21.11-rootless type: string type: object postgresql: @@ -363,6 +363,47 @@ options: examples: - 1 type: integer + resources: + default: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + examples: + - limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + properties: + limits: + default: + cpu: 1000m + memory: 512Mi + properties: + cpu: + default: 1000m + type: string + memory: + default: 512Mi + type: string + type: object + requests: + default: + cpu: 100m + memory: 256Mi + properties: + cpu: + default: 100m + type: string + memory: + default: 256Mi + type: string + type: object + type: object ssh-port: default: 2222 examples: diff --git a/apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml b/apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml index bc8d999..7e77821 100644 --- a/apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml +++ b/apps/gitea/v1_PersistentVolumeClaim_gitea-shared-storage.yaml @@ -6,10 +6,13 @@ metadata: namespace: vynil-ci annotations: helm.sh/resource-policy: keep + labels: + {} spec: accessModes: - ReadWriteOnce volumeMode: Filesystem + resources: requests: storage: 10Gi \ No newline at end of file diff --git a/apps/gitea/v1_Secret_gitea-init.yaml b/apps/gitea/v1_Secret_gitea-init.yaml index 4c3de65..a557272 100644 --- a/apps/gitea/v1_Secret_gitea-init.yaml +++ b/apps/gitea/v1_Secret_gitea-init.yaml @@ -4,12 +4,12 @@ kind: Secret metadata: name: gitea-init labels: - helm.sh/chart: gitea-9.5.0 + helm.sh/chart: gitea-10.1.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.21.11" + version: "1.21.11" app.kubernetes.io/managed-by: Helm type: Opaque stringData: @@ -48,7 +48,28 @@ stringData: exit 1 } function configure_admin_user() { - local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") + local full_admin_list=$(gitea admin user list --admin) + local actual_user_table='' + + # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line + local regex="(.*)(ID\s+Username\s+Email\s+IsActive.*)" + if [[ "${full_admin_list}" =~ $regex ]]; then + actual_user_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline + else + # This code block should never be reached, as long as the output table header remains the same. + # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. + + echo "ERROR: 'configure_admin_user' was not able to determine the current list of admin users." + echo " Please review the output of 'gitea admin user list --admin' shown below." + echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." + echo "DEBUG: Output of 'gitea admin user list --admin'" + echo "--" + echo "${full_admin_list}" + echo "--" + exit 1 + fi + + local ACCOUNT_ID=$(echo "${actual_user_table}" | grep -E "\s+${GITEA_ADMIN_USERNAME}\s+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email "git-admin@local.com" --must-change-password=false @@ -70,7 +91,28 @@ stringData: function configure_oauth() { local OAUTH_NAME='vynil' - local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") + local full_auth_list=$(gitea admin auth list --vertical-bars) + local actual_auth_table='' + + # We might have distorted output due to warning logs, so we have to detect the actual user table by its headline and trim output above that line + local regex="(.*)(ID\s+\|Name\s+\|Type\s+\|Enabled.*)" + if [[ "${full_auth_list}" =~ $regex ]]; then + actual_auth_table=$(echo "${BASH_REMATCH[2]}" | tail -n+2) # tail'ing to drop the table headline + else + # This code block should never be reached, as long as the output table header remains the same. + # If this code block is reached, the regex doesn't match anymore and we probably have to adjust this script. + + echo "ERROR: 'configure_oauth' was not able to determine the current list of authentication sources." + echo " Please review the output of 'gitea admin auth list --vertical-bars' shown below." + echo " If you think it is an issue with the Helm Chart provisioning, file an issue at https://gitea.com/gitea/helm-chart/issues." + echo "DEBUG: Output of 'gitea admin auth list --vertical-bars'" + echo "--" + echo "${full_auth_list}" + echo "--" + exit 1 + fi + + local AUTH_ID=$(echo "${actual_auth_table}" | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") if [[ -z "${AUTH_ID}" ]]; then echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." diff --git a/apps/gitea/v1_Secret_gitea.yaml b/apps/gitea/v1_Secret_gitea.yaml index 25f8fb3..ad7cff9 100644 --- a/apps/gitea/v1_Secret_gitea.yaml +++ b/apps/gitea/v1_Secret_gitea.yaml @@ -4,12 +4,12 @@ kind: Secret metadata: name: gitea labels: - helm.sh/chart: gitea-9.5.0 + helm.sh/chart: gitea-10.1.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.21.11" + version: "1.21.11" app.kubernetes.io/managed-by: Helm type: Opaque stringData: @@ -141,7 +141,7 @@ stringData: } # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs - env | (grep GITEA || [[ $? == 1 ]]) > /tmp/existing-envs + env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs # MUST BE CALLED BEFORE OTHER CONFIGURATION env2ini::generate_initial_secrets diff --git a/apps/gitea/v1_Service_gitea-http.yaml b/apps/gitea/v1_Service_gitea-http.yaml index adcb0ff..6f54f47 100644 --- a/apps/gitea/v1_Service_gitea-http.yaml +++ b/apps/gitea/v1_Service_gitea-http.yaml @@ -4,12 +4,12 @@ kind: Service metadata: name: gitea-http labels: - helm.sh/chart: gitea-9.5.0 + helm.sh/chart: gitea-10.1.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.21.11" + version: "1.21.11" app.kubernetes.io/managed-by: Helm annotations: {} diff --git a/apps/gitea/v1_Service_gitea-ssh.yaml b/apps/gitea/v1_Service_gitea-ssh.yaml index 312b0ea..3face02 100644 --- a/apps/gitea/v1_Service_gitea-ssh.yaml +++ b/apps/gitea/v1_Service_gitea-ssh.yaml @@ -4,12 +4,12 @@ kind: Service metadata: name: gitea-ssh labels: - helm.sh/chart: gitea-9.5.0 + helm.sh/chart: gitea-10.1.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea - app.kubernetes.io/version: "1.20.5" - version: "1.20.5" + app.kubernetes.io/version: "1.21.11" + version: "1.21.11" app.kubernetes.io/managed-by: Helm annotations: metallb.universe.tf/address-pool: mlb-pool-public