diff --git a/incubator/gitea/0.0.1/CHANGELOG.md b/incubator/gitea/0.0.1/CHANGELOG.md new file mode 100644 index 00000000000..6248dbd0c80 --- /dev/null +++ b/incubator/gitea/0.0.1/CHANGELOG.md @@ -0,0 +1,4 @@ + + +### gitea-0.0.1 (2021-10-01) + diff --git a/incubator/gitea/0.0.1/CONFIG.md b/incubator/gitea/0.0.1/CONFIG.md new file mode 100644 index 00000000000..fc9b2fa2d5f --- /dev/null +++ b/incubator/gitea/0.0.1/CONFIG.md @@ -0,0 +1,8 @@ +# Configuration Options + +##### Connecting to other apps +If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide: +https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/ + +##### Available config options +In the future this page is going to contain an automated list of options available in the installation/edit UI. diff --git a/incubator/gitea/0.0.1/Chart.lock b/incubator/gitea/0.0.1/Chart.lock new file mode 100644 index 00000000000..b0af9ef3677 --- /dev/null +++ b/incubator/gitea/0.0.1/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: common + repository: https://truecharts.org + version: 8.0.13 +- name: postgresql + repository: https://truecharts.org/ + version: 3.0.4 +- name: memcached + repository: https://charts.bitnami.com/bitnami + version: 5.15.3 +digest: sha256:31ea20ec333f850afa9cf3a2496456944683769564b80fd997d8321ca3f56830 +generated: "2021-10-01T12:22:17.047015624Z" diff --git a/incubator/gitea/0.0.1/Chart.yaml b/incubator/gitea/0.0.1/Chart.yaml new file mode 100644 index 00000000000..17b6d0007ab --- /dev/null +++ b/incubator/gitea/0.0.1/Chart.yaml @@ -0,0 +1,37 @@ +apiVersion: v2 +appVersion: "1.15.3-roo" +dependencies: +- name: common + repository: https://truecharts.org + version: 8.0.13 +- condition: postgresql.enabled + name: postgresql + repository: https://truecharts.org/ + version: 3.0.4 +- condition: memcached.enabled + name: memcached + repository: https://charts.bitnami.com/bitnami + version: 5.15.3 +deprecated: false +description: Self hosted GIT repositories +home: https://github.com/truecharts/apps/tree/master/charts/stable/gitea +icon: https://docs.gitea.io/images/gitea.png +keywords: +- git +- issue tracker +- code review +- wiki +- gitea +- gogs +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: truecharts.org +name: gitea +sources: +- https://gitea.com/gitea/helm-chart +- https://github.com/go-gitea/gitea +- https://hub.docker.com/r/gitea/gitea/ +type: application +version: 0.0.1 diff --git a/incubator/gitea/0.0.1/README.md b/incubator/gitea/0.0.1/README.md new file mode 100644 index 00000000000..b165f4b9a68 --- /dev/null +++ b/incubator/gitea/0.0.1/README.md @@ -0,0 +1,41 @@ +# Introduction + +Self hosted GIT repositories + +TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation. +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)** + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | memcached | 5.15.3 | +| https://truecharts.org/ | postgresql | 3.0.4 | +| https://truecharts.org | common | 8.0.13 | + +## Installing the Chart + +To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/). + +## Uninstalling the Chart + +To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/). + +## Support + +- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first. +- See the [Wiki](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) +--- +All Rights Reserved - The TrueCharts Project diff --git a/incubator/gitea/0.0.1/app-readme.md b/incubator/gitea/0.0.1/app-readme.md new file mode 100644 index 00000000000..3b02da87104 --- /dev/null +++ b/incubator/gitea/0.0.1/app-readme.md @@ -0,0 +1,3 @@ +Self hosted GIT repositories + +This App is supplied by TrueCharts, for more information please visit https://truecharts.org diff --git a/incubator/gitea/0.0.1/charts/common-8.0.13.tgz b/incubator/gitea/0.0.1/charts/common-8.0.13.tgz new file mode 100644 index 00000000000..b1c063e6951 Binary files /dev/null and b/incubator/gitea/0.0.1/charts/common-8.0.13.tgz differ diff --git a/incubator/gitea/0.0.1/charts/memcached-5.15.3.tgz b/incubator/gitea/0.0.1/charts/memcached-5.15.3.tgz new file mode 100644 index 00000000000..d5fe8c275b7 Binary files /dev/null and b/incubator/gitea/0.0.1/charts/memcached-5.15.3.tgz differ diff --git a/incubator/gitea/0.0.1/charts/postgresql-3.0.4.tgz b/incubator/gitea/0.0.1/charts/postgresql-3.0.4.tgz new file mode 100644 index 00000000000..7f2314ece05 Binary files /dev/null and b/incubator/gitea/0.0.1/charts/postgresql-3.0.4.tgz differ diff --git a/incubator/gitea/0.0.1/helm-values.md b/incubator/gitea/0.0.1/helm-values.md new file mode 100644 index 00000000000..8233210f237 --- /dev/null +++ b/incubator/gitea/0.0.1/helm-values.md @@ -0,0 +1,83 @@ +# Default Helm-Values + +TrueCharts is primarily build to supply TrueNAS SCALE Apps. +However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file. + +Most of our Apps also consume our "common" Helm Chart. +If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart. +You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| admin.email | string | `"gitea@local.domain"` | | +| admin.password | string | `"r8sA8CPHD9!bt6d"` | | +| admin.username | string | `"giteaadmin"` | | +| config.APP_NAME | string | `"Gitea: Git with a cup of tea"` | | +| config.RUN_MODE | string | `"dev"` | | +| customConfig | list | `[]` | | +| envFrom[0].configMapRef.name | string | `"gitea-env"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"gitea/gitea"` | | +| image.tag | string | `"1.15.3-rootless"` | | +| initContainers.0-init-postgresdb.command[0] | string | `"sh"` | | +| initContainers.0-init-postgresdb.command[1] | string | `"-c"` | | +| initContainers.0-init-postgresdb.command[2] | string | `"until pg_isready -U gitea -h ${pghost} ; do sleep 2 ; done"` | | +| initContainers.0-init-postgresdb.env[0].name | string | `"pghost"` | | +| initContainers.0-init-postgresdb.env[0].valueFrom.secretKeyRef.key | string | `"plainhost"` | | +| initContainers.0-init-postgresdb.env[0].valueFrom.secretKeyRef.name | string | `"dbcreds"` | | +| initContainers.0-init-postgresdb.image | string | `"{{ .Values.postgresqlImage.repository}}:{{ .Values.postgresqlImage.tag }}"` | | +| initContainers.0-init-postgresdb.imagePullPolicy | string | `"IfNotPresent"` | | +| initContainers.1-init-directories.command[0] | string | `"/usr/sbin/init_directory_structure.sh"` | | +| initContainers.1-init-directories.envFrom[0].configMapRef.name | string | `"gitea-env"` | | +| initContainers.1-init-directories.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | | +| initContainers.1-init-directories.securityContext.runAsNonRoot | bool | `false` | | +| initContainers.1-init-directories.securityContext.runAsUser | int | `0` | | +| initContainers.1-init-directories.volumeMounts[0].mountPath | string | `"/usr/sbin"` | | +| initContainers.1-init-directories.volumeMounts[0].name | string | `"init"` | | +| initContainers.1-init-directories.volumeMounts[1].mountPath | string | `"/tmp"` | | +| initContainers.1-init-directories.volumeMounts[1].name | string | `"temp"` | | +| initContainers.1-init-directories.volumeMounts[2].mountPath | string | `"/etc/gitea/conf"` | | +| initContainers.1-init-directories.volumeMounts[2].name | string | `"config"` | | +| initContainers.1-init-directories.volumeMounts[3].mountPath | string | `"/data"` | | +| initContainers.1-init-directories.volumeMounts[3].name | string | `"data"` | | +| initContainers.2-configure-gitea.command[0] | string | `"/usr/sbin/configure_gitea.sh"` | | +| initContainers.2-configure-gitea.envFrom[0].configMapRef.name | string | `"gitea-env"` | | +| initContainers.2-configure-gitea.image | string | `"{{ .Values.image.repository }}:{{ .Values.image.tag }}"` | | +| initContainers.2-configure-gitea.volumeMounts[0].mountPath | string | `"/usr/sbin"` | | +| initContainers.2-configure-gitea.volumeMounts[0].name | string | `"init"` | | +| initContainers.2-configure-gitea.volumeMounts[1].mountPath | string | `"/tmp"` | | +| initContainers.2-configure-gitea.volumeMounts[1].name | string | `"temp"` | | +| initContainers.2-configure-gitea.volumeMounts[2].mountPath | string | `"/data"` | | +| initContainers.2-configure-gitea.volumeMounts[2].name | string | `"data"` | | +| ldap.enabled | bool | `false` | | +| memcached | object | `{"enabled":true}` | memcached dependency settings | +| metrics.enabled | bool | `false` | | +| metrics.serviceMonitor.enabled | bool | `false` | | +| oauth.enabled | bool | `false` | | +| persistence.data.accessMode | string | `"ReadWriteOnce"` | | +| persistence.data.enabled | bool | `true` | | +| persistence.data.mountPath | string | `"/data"` | | +| persistence.data.size | string | `"100Gi"` | | +| persistence.data.type | string | `"pvc"` | | +| persistence.temp.enabled | bool | `true` | | +| persistence.temp.mountPath | string | `"/tmp"` | | +| persistence.temp.type | string | `"emptyDir"` | | +| persistence.varlib.enabled | bool | `true` | | +| persistence.varlib.mountPath | string | `"/var/lib/gitea"` | | +| persistence.varlib.type | string | `"emptyDir"` | | +| postgresql.enabled | bool | `true` | | +| postgresql.existingSecret | string | `"dbcreds"` | | +| postgresql.postgresqlDatabase | string | `"gitea"` | | +| postgresql.postgresqlUsername | string | `"gitea"` | | +| postgresqlImage.pullPolicy | string | `"IfNotPresent"` | | +| postgresqlImage.repository | string | `"bitnami/postgresql"` | | +| postgresqlImage.tag | string | `"13.4.0@sha256:33c276dffe6140d32f357753993c4088cf945a2d02d4c20d310f5a5e9d6e4a36"` | | +| service.main.ports.main.port | int | `3000` | | +| service.ssh.ports.ssh.port | int | `2222` | | +| service.ssh.ports.ssh.targetPort | int | `2222` | | +| signing.enabled | bool | `true` | | +| signing.gpgHome | string | `"/data/git/.gnupg"` | | + +All Rights Reserved - The TrueCharts Project diff --git a/incubator/gitea/0.0.1/ix_values.yaml b/incubator/gitea/0.0.1/ix_values.yaml new file mode 100644 index 00000000000..c6be7a8f22d --- /dev/null +++ b/incubator/gitea/0.0.1/ix_values.yaml @@ -0,0 +1,122 @@ +## +# This file contains Values.yaml content that gets added to the output of questions.yaml +# It's ONLY meant for content that the user is NOT expected to change. +# Example: Everything under "image" is not included in questions.yaml but is included here. +## + +image: + repository: gitea/gitea + tag: 1.15.3-rootless + pullPolicy: IfNotPresent + +postgresqlImage: + repository: bitnami/postgresql + pullPolicy: IfNotPresent + tag: 13.4.0@sha256:33c276dffe6140d32f357753993c4088cf945a2d02d4c20d310f5a5e9d6e4a36 + +envFrom: + - configMapRef: + name: gitea-env + +initContainers: + 0-init-postgresdb: + image: "{{ .Values.postgresqlImage.repository}}:{{ .Values.postgresqlImage.tag }}" + command: + - "sh" + - "-c" + - "until pg_isready -U gitea -h ${pghost} ; do sleep 2 ; done" + imagePullPolicy: IfNotPresent + env: + - name: pghost + valueFrom: + secretKeyRef: + name: dbcreds + key: plainhost + 1-init-directories: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ["/usr/sbin/init_directory_structure.sh"] + securityContext: + runAsUser: 0 + runAsNonRoot: false + envFrom: + - configMapRef: + name: gitea-env + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: temp + mountPath: /tmp + - name: config + mountPath: /etc/gitea/conf + - name: data + mountPath: /data + 2-configure-gitea: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ["/usr/sbin/configure_gitea.sh"] + envFrom: + - configMapRef: + name: gitea-env + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: temp + mountPath: /tmp + - name: data + mountPath: /data + +# Configure commit/action signing prerequisites +signing: + enabled: true + gpgHome: /data/git/.gnupg + +metrics: + enabled: false + serviceMonitor: + enabled: false + # additionalLabels: + # prometheus-release: prom1 + +ldap: + enabled: false + # name: + # securityProtocol: + # host: + # port: + # userSearchBase: + # userFilter: + # adminFilter: + # emailAttribute: + # bindDn: + # bindPassword: + # usernameAttribute: + # sshPublicKeyAttribute: + +oauth: + enabled: false + # name: + # provider: + # key: + # secret: + # autoDiscoverUrl: + # useCustomUrls: + # customAuthUrl: + # customTokenUrl: + # customProfileUrl: + # customEmailUrl: + +# Enabled postgres +postgresql: + enabled: true + postgresqlUsername: gitea + postgresqlDatabase: gitea + existingSecret: dbcreds + +# -- memcached dependency settings +memcached: + enabled: true + + +## +# Most other defaults are set in questions.yaml +# For other options please refer to the wiki, default_values.yaml or the common library chart +## diff --git a/incubator/gitea/0.0.1/questions.yaml b/incubator/gitea/0.0.1/questions.yaml new file mode 100644 index 00000000000..bcbb4d22365 --- /dev/null +++ b/incubator/gitea/0.0.1/questions.yaml @@ -0,0 +1,2070 @@ +groups: + - name: "Container Image" + description: "Image to be used for container" + - name: "Controller" + description: "Configure workload deployment" + - name: "Container Configuration" + description: "additional container configuration" + - name: "App Configuration" + description: "App specific config options" + - name: "Networking and Services" + description: "Configure Network and Services for container" + - name: "Storage and Persistence" + description: "Persist and share data that is separate from the container" + - name: "Ingress" + description: "Ingress Configuration" + - name: "Security and Permissions" + description: "Configure security context and permissions" + - name: "Resources and Devices" + description: "Specify resources/devices to be allocated to workload" + - name: "Middlewares" + description: "Traefik Middlewares" + - name: "Addons" + description: "Addon Configuration" + - name: "Advanced" + description: "Advanced Configuration" +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: true + - variable: controller + group: "Controller" + label: "" + schema: + type: dict + attrs: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "Recreate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" + - variable: advanced + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: "Extra Args" + schema: + type: list + default: [] + items: + - variable: argItem + label: "Arg" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: labelsList + label: "Controller Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: " Controller Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + type: dict + attrs: + - variable: TZ + label: "Timezone" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: UMASK + label: "UMASK" + description: "Sets the UMASK env var for LinuxServer.io (compatible) containers" + schema: + type: string + default: "002" + - variable: envList + label: "Image environment" + group: "Container Configuration" + schema: + type: list + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: expertpodconf + group: "Container Configuration" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: termination + group: "Container Configuration" + label: "Termination settings" + schema: + type: dict + attrs: + - variable: gracePeriodSeconds + label: "Grace Period Seconds" + schema: + type: int + default: 10 + - variable: podLabelsList + group: "Container Configuration" + label: "Pod Labels" + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: podAnnotationsList + group: "Container Configuration" + label: "Pod Annotations" + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: admin + group: "App Configuration" + label: "Admin Credentials" + schema: + type: dict + attrs: + - variable: username + label: "username" + schema: + type: string + required: true + - variable: password + label: "password" + schema: + type: string + required: true + - variable: email + label: "email" + schema: + type: string + required: true + + - variable: config + group: "App Configuration" + label: "Admin Configuration" + schema: + type: dict + attrs: + - variable: APP_NAME + label: "APP_NAME" + schema: + type: string + required: true + - variable: RUN_MODE + label: "RUN_MODE" + schema: + type: string + required: true + + + - variable: customConfig + group: "App Configuration" + label: "Custom Configuration parameters" + schema: + type: list + default: [] + items: + - variable: catagoryItem + label: "Catagory" + schema: + type: dict + attrs: + - variable: name + label: "Config Catagory Name" + schema: + type: string + required: true + - variable: keys + label: "Configuration Parameters" + schema: + type: list + default: [] + items: + - variable: configItem + label: "parameter" + schema: + type: dict + attrs: + - variable: name + label: "Parameter Name" + schema: + type: string + required: true + - variable: value + label: "Parameter Value" + schema: + type: string + required: true + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "NodePort" + enum: + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: targetPort + label: "Target Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 3000 + editable: false + hidden: true + - variable: port + label: "Container Port" + schema: + type: int + default: 3000 + editable: true + required: true + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort" + schema: + type: int + min: 9000 + max: 65535 + default: 36108 + required: true + - variable: ssh + label: "SSH Service" + description: "The SSH service" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "LoadBalancer" + enum: + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + type: dict + attrs: + - variable: ssh + label: "Main Service Port Configuration" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: protocol + label: "Port Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: targetPort + label: "Target Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 2222 + editable: false + hidden: true + - variable: port + label: "Container Port" + schema: + type: int + default: 2222 + editable: true + required: true + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort" + schema: + type: int + min: 9000 + max: 65535 + default: 36095 + required: true + + + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false + + - variable: dnsPolicy + group: "Networking and Services" + label: "dnsPolicy" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "ClusterFirst" + description: "ClusterFirst" + - value: "ClusterFirstWithHostNet" + description: "ClusterFirstWithHostNet" + - value: "None" + description: "None" + + - variable: dnsConfig + label: "DNS Configuration" + group: "Networking and Services" + description: "Specify custom DNS configuration which will be applied to the pod" + schema: + type: dict + attrs: + - variable: nameservers + label: "Nameservers" + schema: + default: [] + type: list + items: + - variable: nameserver + label: "Nameserver" + schema: + type: string + - variable: options + label: "options" + schema: + default: [] + type: list + items: + - variable: option + label: "Option Entry" + schema: + type: string + - variable: searches + label: "Searches" + schema: + default: [] + type: list + items: + - variable: search + label: "Search Entry" + schema: + type: string + + - variable: serviceList + label: "Add Manual Custom Services" + group: "Networking and Services" + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: "Custom Service" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "NodePort" + enum: + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: portsList + label: "Additional Service Ports" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom ports" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Port Name" + schema: + type: string + default: "" + - variable: protocol + label: "Port Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: targetPort + label: "Target Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: port + label: "Container Port" + schema: + type: int + required: true + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort" + schema: + type: int + min: 9000 + max: 65535 + + - variable: persistence + label: "Integrated Persistent Storage" + description: "Integrated Persistent Storage" + group: "Storage and Persistence" + schema: + type: dict + attrs: + - variable: varlib + label: "App varlib mount" + description: "Stores some temporary files" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + hidden: true + default: true + - variable: type + label: "(Advanced) Type of Storage" + description: "Sets the persistence type" + schema: + type: string + default: "emptyDir" + hidden: true + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "/var/lib/gitea" + hidden: true + - variable: temp + label: "App temp mount" + description: "Stores some temporary files" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + hidden: true + default: true + - variable: type + label: "(Advanced) Type of Storage" + description: "Sets the persistence type" + schema: + type: string + default: "emptyDir" + hidden: true + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "/tmp" + hidden: true + - variable: data + label: "App data Storage" + description: "Stores the Application Configuration." + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + - variable: type + label: "(Advanced) Type of Storage" + description: "Sets the persistence type" + schema: + type: string + default: "pvc" + enum: + - value: "pvc" + description: "pvc" + - value: "emptyDir" + description: "emptyDir" + - value: "hostPath" + description: "hostPath" + - variable: storageClass + label: "(Advanced) storageClass" + description: " Warning: Anything other than SCALE-ZFS will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: hostPathType + label: "hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "/data" + hidden: true + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: accessMode + label: "Access Mode (Advanced)" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "100Gi" + + - variable: persistenceList + label: "Additional app storage" + group: "Storage and Persistence" + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: "Custom Storage" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + hidden: true + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: type + label: "(Advanced) Type of Storage" + description: "Sets the persistence type" + schema: + type: string + default: "hostPath" + enum: + - value: "pvc" + description: "pvc" + - value: "emptyDir" + description: "emptyDir" + - value: "hostPath" + description: "hostPath" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "" + required: true + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "100Gi" + + - variable: ingress + label: "" + group: "Ingress" + schema: + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: "(Advanced) Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: ingressList + label: "Add Manual Custom Ingresses" + group: "Ingress" + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: "Custom Ingress" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + - variable: service + label: "Linked Service" + schema: + type: dict + attrs: + - variable: name + label: "Service Name" + schema: + type: string + default: "" + - variable: port + label: "Service Port" + schema: + type: int + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: "Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + - variable: securityContext + group: "Security and Permissions" + label: "Security Context" + schema: + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: supplementalGroups + label: "supplemental Groups" + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: "supplemental Group" + schema: + type: int + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: "OnRootMismatch" + enum: + - value: "OnRootMismatch" + description: "OnRootMismatch" + - value: "Always" + description: "Always" + + - variable: resources + group: "Resources and Devices" + label: "" + schema: + type: dict + attrs: + - variable: limits + label: "Advanced Limit Resource Consumption" + schema: + type: dict + attrs: + - variable: cpu + label: "CPU" + schema: + type: string + default: "4000m" + valid_chars: '^([0-9]+)(\.[0-9]?|m?)$' + - variable: memory + label: "Memory RAM" + schema: + type: string + default: "8Gi" + valid_chars: '^([0-9.]+)([EPTGMK]i?|[EPTGMK]?|e[0-9]+)$' + - variable: requests + label: "Advanced Request minimum resources required" + schema: + type: dict + attrs: + - variable: cpu + label: "CPU" + schema: + type: string + default: "10m" + valid_chars: '^([0-9]+)(\.[0-9]?|m?)$' + - variable: memory + label: "Memory RAM" + schema: + type: string + default: "50Mi" + valid_chars: '^([0-9.]+)([EPTGMK]i?|[EPTGMK]?|e[0-9]+)$' + + - variable: autoscaling + group: "Resources and Devices" + label: "(Advanced) Horizontal Pod Autoscaler" + schema: + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: target + label: "Target" + description: "deployment name, defaults to main deployment" + schema: + type: string + default: "" + - variable: minReplicas + label: "Minimum Replicas" + schema: + type: int + default: 1 + - variable: maxReplicas + label: "Maximum Replicas" + schema: + type: int + default: 5 + - variable: targetCPUUtilizationPercentage + label: "Target CPU Utilization Percentage" + schema: + type: int + default: 80 + - variable: targetMemoryUtilizationPercentage + label: "Target Memory Utilization Percentage" + schema: + type: int + default: 80 + + + - variable: addons + group: "Addons" + label: "" + schema: + type: dict + attrs: + - variable: vpn + label: "VPN" + schema: + type: dict + attrs: + - variable: type + label: "Type" + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: "disabled" + - value: "openvpn" + description: "OpenVPN" + - value: "wireguard" + description: "Wireguard" + - variable: openvpn + label: "OpenVPN Settings" + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: "authentication username" + description: "authentication username, optional" + schema: + type: string + default: "" + - variable: password + label: "authentication password" + description: "authentication credentials" + schema: + type: string + default: "" + required: true + - variable: killSwitch + label: "Enable killswitch" + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: "Killswitch Excluded IPv4 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: "IPv4 Network" + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: "Killswitch Excluded IPv6 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: "IPv6 Network" + schema: + type: string + required: true + + - variable: configFile + label: "VPN Config File Location" + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: hostPathType + label: "hostPathType" + schema: + type: string + default: "File" + hidden: true + - variable: noMount + label: "noMount" + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: "Full path to file" + description: "path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + required: true + - variable: envList + label: "VPN environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + - variable: codeserver + label: "Codeserver" + schema: + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: "Git Settings" + schema: + type: dict + attrs: + - variable: deployKey + description: "Raw SSH private key" + label: "deployKey" + schema: + type: string + - variable: deployKeyBase64 + description: "Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence" + label: "deployKeyBase64" + schema: + type: string + - variable: service + label: "" + schema: + type: dict + attrs: + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "NodePort" + enum: + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ports + label: "" + schema: + type: dict + attrs: + - variable: codeserver + label: "" + schema: + type: dict + attrs: + - variable: nodePort + description: "leave empty to disable" + label: "nodePort" + schema: + type: int + default: 36107 + - variable: envList + label: "Codeserver environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + - variable: promtail + label: "Promtail" + schema: + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: "Loki URL" + schema: + type: string + required: true + - variable: logs + label: "Log Paths" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: path + label: "Path" + schema: + type: string + required: true + - variable: args + label: "Promtail ecommand line arguments" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: "Arg" + schema: + type: string + required: true + - variable: envList + label: "Promtail environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + + + - variable: netshoot + label: "Netshoot" + schema: + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: "Netshoot environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + - variable: identity_providers + group: "Advanced" + label: "Authelia Identity Providers (BETA)" + schema: + type: dict + attrs: + - variable: oidc + label: "OpenID Connect(BETA)" + schema: + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: access_token_lifespan + label: "Access Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: authorize_code_lifespan + label: "Authorize Code Lifespan" + schema: + type: string + default: "1m" + required: true + - variable: id_token_lifespan + label: "ID Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: refresh_token_lifespan + label: "Refresh Token Lifespan" + schema: + type: string + default: "90m" + required: true + - variable: enable_client_debug_messages + label: "Enable Client Debug Messages" + schema: + type: boolean + default: false + - variable: minimum_parameter_entropy + label: "Minimum Parameter Entropy" + schema: + type: int + default: 8 + hidden: true + - variable: clients + label: "Clients" + schema: + type: list + default: [] + items: + - variable: clientEntry + label: "Client" + schema: + type: dict + attrs: + - variable: id + label: "ID/Name" + description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration." + schema: + type: string + default: "myapp" + required: true + - variable: description + label: "Description" + description: "The description to show to users when they end up on the consent screen. Defaults to the ID above." + schema: + type: string + default: "My Application" + required: true + - variable: secret + label: "Secret" + description: "The client secret is a shared secret between Authelia and the consumer of this client." + schema: + type: string + default: "" + required: true + - variable: public + label: "public" + description: "Sets the client to public. This should typically not be set, please see the documentation for usage." + schema: + type: boolean + default: false + - variable: authorization_policy + label: "Authorization Policy" + description: "The policy to require for this client; one_factor or two_factor." + schema: + type: string + default: "two_factor" + enum: + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - variable: userinfo_signing_algorithm + label: "Userinfo Signing Algorithm" + description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256." + schema: + type: string + default: "none" + enum: + - value: "none" + description: "none" + - value: "RS256" + description: "RS256" + - variable: audience + label: "Audience" + description: "Audience this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: audienceEntry + label: "" + schema: + type: string + default: "" + required: true + - variable: scopes + label: "Scopes" + description: "Scopes this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: ScopeEntry + label: "Scope" + schema: + type: string + default: "openid" + required: true + - variable: redirect_uris + label: "redirect_uris" + description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client." + schema: + type: list + default: [] + items: + - variable: uriEntry + label: "Url" + schema: + type: string + default: "https://oidc.example.com/oauth2/callback" + required: true + - variable: grant_types + description: "Grant Types configures which grants this client can obtain." + label: "grant_types" + schema: + type: list + default: [] + items: + - variable: grantEntry + label: "Grant" + schema: + type: string + default: "refresh_token" + required: true + - variable: response_types + description: "Response Types configures which responses this client can be sent." + label: "response_types" + schema: + type: list + default: [] + items: + - variable: responseEntry + label: "type" + schema: + type: string + default: "code" + required: true + - variable: response_modes + description: "Response Modes configures which response modes this client supports." + label: "response_modes" + schema: + type: list + default: [] + items: + - variable: modeEntry + label: "Mode" + schema: + type: string + default: "form_post" + required: true diff --git a/incubator/gitea/0.0.1/templates/_configmap.tpl b/incubator/gitea/0.0.1/templates/_configmap.tpl new file mode 100644 index 00000000000..f3c2c78786d --- /dev/null +++ b/incubator/gitea/0.0.1/templates/_configmap.tpl @@ -0,0 +1,24 @@ +{{/* Define the configmap */}} +{{- define "gitea.configmap" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-env +data: + GITEA_APP_INI: "/data/gitea/conf/app.ini" + GITEA_CUSTOM: "/data/gitea" + GITEA_WORK_DIR: "/data" + GITEA_TEMP: "/tmp/gitea" + GITEA_ADMIN_USERNAME: {{ .Values.admin.username }} + GITEA_ADMIN_PASSWORD: {{ .Values.admin.password }} + SSH_PORT: {{ .Values.service.ssh.ports.ssh.port | quote }} + SSH_LISTEN_PORT: {{ .Values.service.ssh.ports.ssh.targetPort | quote }} + GITEA_APP_INI: "/data/gitea/conf/app.ini" + GITEA_CUSTOM: "/data/gitea" + GITEA_WORK_DIR: "/data" + GITEA_TEMP: "/tmp/gitea" + TMPDIR: "/tmp/gitea" + GNUPGHOME: "/data/git/.gnupg" + +{{- end -}} diff --git a/incubator/gitea/0.0.1/templates/_secrets.tpl b/incubator/gitea/0.0.1/templates/_secrets.tpl new file mode 100644 index 00000000000..79edf0ae2a6 --- /dev/null +++ b/incubator/gitea/0.0.1/templates/_secrets.tpl @@ -0,0 +1,270 @@ +{{/* Define the secrets */}} +{{- define "gitea.secrets" -}} +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "common.labels" . | nindent 4 }} + name: dbcreds +{{- $dbprevious := lookup "v1" "Secret" .Release.Namespace "dbcreds" }} +{{- $dbPass := "" }} +data: +{{- if $dbprevious }} + {{- $dbPass = ( index $dbprevious.data "postgresql-password" ) | b64dec }} + postgresql-password: {{ ( index $dbprevious.data "postgresql-password" ) }} + postgresql-postgres-password: {{ ( index $dbprevious.data "postgresql-postgres-password" ) }} +{{- else }} + {{- $dbPass = randAlphaNum 50 }} + postgresql-password: {{ $dbPass | b64enc | quote }} + postgresql-postgres-password: {{ randAlphaNum 50 | b64enc | quote }} +{{- end }} + url: {{ ( printf "%v%v:%v@%v-%v:%v/%v" "postgresql://" .Values.postgresql.postgresqlUsername $dbPass .Release.Name "postgresql" "5432" .Values.postgresql.postgresqlDatabase ) | b64enc | quote }} + plainhost: {{ ( printf "%v-%v" .Release.Name "postgresql" ) | b64enc | quote }} +type: Opaque + + +--- + +{{- $DOMAIN := ( printf "%s-gitea.%s.svc.%s" .Release.Name .Release.Namespace "cluster.local" | quote ) -}} +{{- if and ( .Values.ingress.main.enabled ) ( gt (len .Values.ingress.main.hosts) 0 ) -}} +{{- $DOMAIN = (index .Values.ingress.main.hosts 0).host -}} +{{- end -}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + {{- include "common.labels" . | nindent 4 }} +type: Opaque +stringData: + app.ini: |- + APP_NAME = {{ .Values.config.APP_NAME }} + RUN_MODE = {{ .Values.config.RUN_MODE }} + + [cache] + ADAPTER = memcache + ENABLED = true + HOST = {{ printf "%v-%v:%v" .Release.Name "memcached" "11211" }} + {{- range $catindex, $catvalue := .Values.customConfig }} + {{- if eq $catvalue.name "cache" }} + {{- range $index, $value := $catvalue.keys }} + {{ $value.name }} = {{ $value.value }} + {{- end }} + {{- end }} + {{- end }} + + [database] + DB_TYPE = postgres + HOST = {{ printf "%v-%v:%v" .Release.Name "postgresql" "5432" }} + NAME = {{ .Values.postgresql.postgresqlDatabase }} + PASSWD = {{ $dbPass }} + USER = {{ .Values.postgresql.postgresqlUsername }} + {{- range $catindex, $catvalue := .Values.customConfig }} + {{- if eq $catvalue.name "database" }} + {{- range $index, $value := $catvalue.keys }} + {{ $value.name }} = {{ $value.value }} + {{- end }} + {{- end }} + {{- end }} + + [metrics] + ENABLED = {{ .Values.metrics.enabled }} + {{- range $catindex, $catvalue := .Values.customConfig }} + {{- if eq $catvalue.name "metrics" }} + {{- range $index, $value := $catvalue.keys }} + {{ $value.name }} = {{ $value.value }} + {{- end }} + {{- end }} + {{- end }} + + [repository] + ROOT = /data/git/gitea-repositories + {{- range $catindex, $catvalue := .Values.customConfig }} + {{- if eq $catvalue.name "repository" }} + {{- range $index, $value := $catvalue.keys }} + {{ $value.name }} = {{ $value.value }} + {{- end }} + {{- end }} + {{- end }} + + + [security] + INSTALL_LOCK = true + PASSWORD_COMPLEXITY = spec + {{- range $catindex, $catvalue := .Values.customConfig }} + {{- if eq $catvalue.name "security" }} + {{- range $index, $value := $catvalue.keys }} + {{ $value.name }} = {{ $value.value }} + {{- end }} + {{- end }} + {{- end }} + + [server] + APP_DATA_PATH = /data + DOMAIN = {{ $DOMAIN }} + ENABLE_PPROF = false + HTTP_PORT = {{ .Values.service.main.ports.main.port }} + PROTOCOL = http + {{- if and ( .Values.ingress.main.enabled ) ( gt (len .Values.ingress.main.hosts) 0 ) }} + ROOT_URL = {{ printf "https://%s" $DOMAIN }} + {{- else }} + ROOT_URL = {{ printf "http://%s" $DOMAIN }} + {{- end }} + SSH_DOMAIN = {{ $DOMAIN }} + SSH_LISTEN_PORT = {{ .Values.service.ssh.ports.ssh.targetPort }} + SSH_PORT = {{ .Values.service.ssh.ports.ssh.port }} + START_SSH_SERVER = true + {{- range $catindex, $catvalue := .Values.customConfig }} + {{- if eq $catvalue.name "server" }} + {{- range $index, $value := $catvalue.keys }} + {{ $value.name }} = {{ $value.value }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $catindex, $catvalue := .Values.customConfig }} + {{- if not ( or ( eq $catvalue.name "server" ) ( eq $catvalue.name "server" ) ( eq $catvalue.name "security" ) ( eq $catvalue.name "repository" ) ( eq $catvalue.name "metrics" ) ( eq $catvalue.name "database" ) ( eq $catvalue.name "cache" ) ) }} + [{{ $catvalue.name }}] + {{- range $index, $value := $catvalue.keys }} + {{ $value.name }} = {{ $value.value }} + {{- end }} + {{- end }} + {{- end }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-init + labels: + {{- include "common.labels" . | nindent 4 }} +type: Opaque +stringData: + init_directory_structure.sh: |- + #!/usr/bin/env bash + + set -euo pipefail + + {{- if .Values.initPreScript }} + # BEGIN: initPreScript + {{- with .Values.initPreScript -}} + {{ . | nindent 4}} + {{- end -}} + # END: initPreScript + {{- end }} + + set -x + + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "${GITEA_TEMP}" + chmod ug+rwx "${GITEA_TEMP}" + + # Copy config file to writable volume + cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini + chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "/data/gitea" + chmod a+rwx /data/gitea/conf/app.ini + + # Patch dockercontainer for dynamic users + chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "/var/lib/gitea" + + configure_gitea.sh: |- + #!/usr/bin/env bash + + set -euo pipefail + + + # Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de + function test_db_connection() { + local RETRY=0 + local MAX=30 + + echo 'Wait for database to become avialable...' + until [ "${RETRY}" -ge "${MAX}" ]; do + nc -vz -w2 {{ printf "%v-%v" .Release.Name "postgresql" }} 5432 && break + RETRY=$[${RETRY}+1] + echo "...not ready yet (${RETRY}/${MAX})" + done + + if [ "${RETRY}" -ge "${MAX}" ]; then + echo "Database not reachable after '${MAX}' attempts!" + exit 1 + fi + } + + test_db_connection + + + echo '==== BEGIN GITEA MIGRATION ====' + + gitea migrate + + echo '==== BEGIN GITEA CONFIGURATION ====' + + {{- if or .Values.admin.existingSecret (and .Values.admin.username .Values.admin.password) }} + function configure_admin_user() { + local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") + if [[ -z "${ACCOUNT_ID}" ]]; then + echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." + gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.admin.email | quote }} --must-change-password=false + echo '...created.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" + echo '...password sync done.' + fi + } + + configure_admin_user + {{- end }} + + {{- if .Values.ldap.enabled }} + function configure_ldap() { + local LDAP_NAME={{ (printf "%s" .Values.ldap.name) | squote }} + local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") + + if [[ -z "${GITEA_AUTH_ID}" ]]; then + echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." + gitea admin auth add-ldap {{- include "gitea.ldap_settings" . | indent 1 }} + echo '...installed.' + else + echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..." + gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" . | indent 1 }} + echo '...sync settings done.' + fi + } + + configure_ldap + {{- end }} + + {{- if .Values.oauth.enabled }} + function configure_oauth() { + local OAUTH_NAME={{ (printf "%s" .Values.oauth.name) | squote }} + local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") + + if [[ -z "${AUTH_ID}" ]]; then + echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." + gitea admin auth add-oauth {{- include "gitea.oauth_settings" . | indent 1 }} + echo '...installed.' + else + echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..." + gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" . | indent 1 }} + echo '...sync settings done.' + fi + } + + configure_oauth + {{- end }} + + echo '==== END GITEA CONFIGURATION ====' + + +{{- end -}} diff --git a/incubator/gitea/0.0.1/templates/common.yaml b/incubator/gitea/0.0.1/templates/common.yaml new file mode 100644 index 00000000000..be409737195 --- /dev/null +++ b/incubator/gitea/0.0.1/templates/common.yaml @@ -0,0 +1,38 @@ +{{/* Make sure all variables are set properly */}} +{{- include "common.values.setup" . }} + +{{/* Render secrets for gitea */}} +{{- include "gitea.secrets" . }} + +{{/* Render configmap for gitea */}} +{{- include "gitea.configmap" . }} + +{{/* Append the general secret volumes to the volumes */}} +{{- define "gitea.initvolume" -}} +enabled: "true" +mountPath: "/secrets/ini" +readOnly: true +type: "custom" +volumeSpec: + secret: + secretName: {{ include "common.names.fullname" . }}-init + defaultMode: 0777 +{{- end -}} + +{{/* Append the general secret volumes to the volumes */}} +{{- define "gitea.configvolume" -}} +enabled: "true" +mountPath: "/secrets/config" +readOnly: true +type: "custom" +volumeSpec: + secret: + secretName: {{ include "common.names.fullname" . }} +{{- end -}} + +{{- $_ := set .Values.persistence "init" (include "gitea.initvolume" . | fromYaml) -}} +{{- $_ := set .Values.persistence "config" (include "gitea.configvolume" . | fromYaml) -}} + + +{{/* Render the templates */}} +{{ include "common.all" . }} diff --git a/incubator/gitea/0.0.1/test_values.yaml b/incubator/gitea/0.0.1/test_values.yaml new file mode 100644 index 00000000000..796e9efa886 --- /dev/null +++ b/incubator/gitea/0.0.1/test_values.yaml @@ -0,0 +1,152 @@ +image: + repository: gitea/gitea + tag: 1.15.3-rootless + pullPolicy: IfNotPresent + +postgresqlImage: + repository: bitnami/postgresql + pullPolicy: IfNotPresent + tag: 13.4.0@sha256:33c276dffe6140d32f357753993c4088cf945a2d02d4c20d310f5a5e9d6e4a36 + +service: + main: + ports: + main: + port: 3000 + ssh: + ports: + ssh: + port: 2222 + targetPort: 2222 + +envFrom: + - configMapRef: + name: gitea-env + +initContainers: + 0-init-postgresdb: + image: "{{ .Values.postgresqlImage.repository}}:{{ .Values.postgresqlImage.tag }}" + command: + - "sh" + - "-c" + - "until pg_isready -U gitea -h ${pghost} ; do sleep 2 ; done" + imagePullPolicy: IfNotPresent + env: + - name: pghost + valueFrom: + secretKeyRef: + name: dbcreds + key: plainhost + 1-init-directories: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ["/usr/sbin/init_directory_structure.sh"] + securityContext: + runAsUser: 0 + runAsNonRoot: false + envFrom: + - configMapRef: + name: gitea-env + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: temp + mountPath: /tmp + - name: config + mountPath: /etc/gitea/conf + - name: data + mountPath: /data + 2-configure-gitea: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ["/usr/sbin/configure_gitea.sh"] + envFrom: + - configMapRef: + name: gitea-env + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: temp + mountPath: /tmp + - name: data + mountPath: /data + +persistence: + data: + enabled: true + mountPath: "/data" + type: pvc + accessMode: ReadWriteOnce + size: "100Gi" + temp: + enabled: true + mountPath: "/tmp" + type: emptyDir + varlib: + enabled: true + mountPath: "/var/lib/gitea" + type: emptyDir + +# Configure commit/action signing prerequisites +signing: + enabled: true + gpgHome: /data/git/.gnupg + +admin: + username: giteaadmin + password: r8sA8CPHD9!bt6d + email: "gitea@local.domain" + +metrics: + enabled: false + serviceMonitor: + enabled: false + # additionalLabels: + # prometheus-release: prom1 + +ldap: + enabled: false + # name: + # securityProtocol: + # host: + # port: + # userSearchBase: + # userFilter: + # adminFilter: + # emailAttribute: + # bindDn: + # bindPassword: + # usernameAttribute: + # sshPublicKeyAttribute: + +oauth: + enabled: false + # name: + # provider: + # key: + # secret: + # autoDiscoverUrl: + # useCustomUrls: + # customAuthUrl: + # customTokenUrl: + # customProfileUrl: + # customEmailUrl: + +config: + APP_NAME: "Gitea: Git with a cup of tea" + RUN_MODE: dev + +customConfig: [] + # - name: test + # keys: + # - name: testkey + # value: testvalue + +# Enabled postgres +postgresql: + enabled: true + postgresqlUsername: gitea + postgresqlDatabase: gitea + existingSecret: dbcreds + +# -- memcached dependency settings +memcached: + enabled: true diff --git a/incubator/gitea/0.0.1/values.yaml b/incubator/gitea/0.0.1/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/incubator/gitea/item.yaml b/incubator/gitea/item.yaml new file mode 100644 index 00000000000..dfdc51c9327 --- /dev/null +++ b/incubator/gitea/item.yaml @@ -0,0 +1,3 @@ +categories: + - GIT +icon_url: https://docs.gitea.io/images/gitea.png