| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- {{- define "gitea.workload" -}}
- workload:
- gitea:
- enabled: true
- primary: true
- type: Deployment
- podSpec:
- hostNetwork: {{ .Values.giteaNetwork.hostNetwork }}
- containers:
- gitea:
- enabled: true
- primary: true
- imageSelector: image
- securityContext:
- runAsUser: {{ .Values.giteaRunAs.user }}
- runAsGroup: {{ .Values.giteaRunAs.group }}
- envFrom:
- - secretRef:
- name: gitea-creds
- - configMapRef:
- name: gitea-config
- {{ with .Values.giteaConfig.additionalEnvs }}
- envList:
- {{ range $env := . }}
- - name: {{ $env.name }}
- value: {{ $env.value }}
- {{ end }}
- {{ end }}
- probes:
- {{ $protocol := "http" }}
- {{ if .Values.giteaNetwork.certificateID }}
- {{ $protocol = "https" }}
- {{ end }}
- liveness:
- enabled: true
- type: {{ $protocol }}
- path: /api/healthz
- port: {{ .Values.giteaNetwork.webPort }}
- readiness:
- enabled: true
- type: {{ $protocol }}
- path: /api/healthz
- port: {{ .Values.giteaNetwork.webPort }}
- startup:
- enabled: true
- type: {{ $protocol }}
- path: /api/healthz
- port: {{ .Values.giteaNetwork.webPort }}
- initContainers:
- {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
- "UID" .Values.giteaRunAs.user
- "GID" .Values.giteaRunAs.group
- "mode" "check"
- "type" "install") | nindent 8 }}
- {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
- "secretName" "postgres-creds") | nindent 8 }}
- {{/* Service */}}
- service:
- gitea:
- enabled: true
- primary: true
- type: NodePort
- targetSelector: gitea
- ports:
- webui:
- enabled: true
- primary: true
- port: {{ .Values.giteaNetwork.webPort }}
- nodePort: {{ .Values.giteaNetwork.webPort }}
- targetSelector: gitea
- ssh:
- enabled: true
- port: {{ .Values.giteaNetwork.sshPort }}
- nodePort: {{ .Values.giteaNetwork.sshPort }}
- targetSelector: gitea
- {{/* Persistence */}}
- persistence:
- data:
- enabled: true
- {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.giteaStorage.data) | nindent 4 }}
- targetSelector:
- gitea:
- gitea:
- mountPath: /var/lib/gitea
- {{- if and (eq .Values.giteaStorage.data.type "ixVolume")
- (not (.Values.giteaStorage.data.ixVolumeConfig | default dict).aclEnable) }}
- 01-permissions:
- mountPath: /mnt/directories/data
- {{- end }}
- config:
- enabled: true
- {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.giteaStorage.config) | nindent 4 }}
- targetSelector:
- gitea:
- gitea:
- mountPath: /etc/gitea
- {{- if and (eq .Values.giteaStorage.config.type "ixVolume")
- (not (.Values.giteaStorage.config.ixVolumeConfig | default dict).aclEnable) }}
- 01-permissions:
- mountPath: /mnt/directories/config
- {{- end }}
- gitea-temp:
- enabled: true
- type: emptyDir
- targetSelector:
- gitea:
- gitea:
- mountPath: /tmp/gitea
- {{- range $idx, $storage := .Values.giteaStorage.additionalStorages }}
- {{ printf "gitea-%v:" (int $idx) }}
- enabled: true
- {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
- targetSelector:
- gitea:
- gitea:
- mountPath: {{ $storage.mountPath }}
- {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
- 01-permissions:
- mountPath: /mnt/directories{{ $storage.mountPath }}
- {{- end }}
- {{- end }}
- {{ if .Values.giteaNetwork.certificateID }}
- cert:
- enabled: true
- type: secret
- objectName: gitea-cert
- defaultMode: "0600"
- items:
- - key: tls.key
- path: private.key
- - key: tls.crt
- path: public.crt
- targetSelector:
- gitea:
- gitea:
- mountPath: /etc/certs/gitea
- readOnly: true
- {{ end }}
- {{- end -}}
|
