truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-06-15 06:28:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update catalog information

Browse Source
This commit is contained in:
sonicaj
2023-04-12 10:28:30 +00:00
parent 6a1e4bd8ef
commit 9633226c54
35 changed files with 2155 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
catalog.json
View File

@@ -9,13 +9,13 @@
"healthy": true,
"healthy_error": null,
"location": "/__w/charts/charts/charts/ix-chart",
"latest_version": "2212.0.1",
"latest_version": "2304.0.0",
"latest_app_version": "v1",
"latest_human_version": "v1_2212.0.1",
"last_update": "2022-12-19 11:37:56",
"latest_human_version": "v1_2304.0.0",
"last_update": "2023-04-11 15:36:44",
"name": "ix-chart",
"recommended": false,
"title": "Ix-chart",
"title": "ix-chart",
"icon_url": null
},
"home-assistant": {
@@ -415,7 +415,7 @@
"latest_version": "1.0.0",
"latest_app_version": "v0.107.26",
"latest_human_version": "v0.107.26_1.0.0",
"last_update": null,
"last_update": "2023-04-11 15:36:31",
"name": "adguard-home",
"recommended": false,
"title": "AdGuard Home",
@@ -440,6 +440,25 @@
"title": "Vaultwarden",
"icon": "https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png",
"icon_url": null
},
"gitea": {
"app_readme": "<h1>Gitea</h1>\n<p><a href=\"https://gitea.io/en-us\">Gitea</a> - Git with a cup of tea</p>\n<blockquote>\n<p>When application is installed, a container will be launched with <strong>root</strong> privileges.\nThis is required in order to apply the correct permissions to the <code>gitea</code> directories.\nAfterward, the <code>gitea</code> container will run as a <strong>non</strong>-root user (Default: <code>568</code>).\nSame applies to the <code>postgres</code> container. This will run afterwards as a <strong>non</strong>-root user (<code>999</code>).\nOn each upgrade, a container will be launched with <strong>root</strong> privileges in order to apply the correct\npermissions to the <code>postgres</code> <strong>backups</strong> directory. Container that performs the backup will run as a <strong>non</strong>-root user (<code>999</code>) afterwards.\nKeep in mind the permissions on the backup directory will be changed to <code>999:999</code> on <strong>every</strong> update.\nBut will only be changed once for the <code>gitea</code> and <code>postgres</code> data directories.</p>\n</blockquote>\n<p>On initial startup a setup wizard will be launched with settings for <code>database</code>, <code>ports</code>, <code>path</code>, and <code>domain</code> prefilled.\nKeep them as they are, fill anything you want in the optional settings section and click on <code>Install Gitea</code>.</p>",
"categories": [
"git",
"gitea"
],
"description": "Gitea - Git with a cup of tea",
"healthy": true,
"healthy_error": null,
"location": "/__w/charts/charts/community/gitea",
"latest_version": "1.0.0",
"latest_app_version": "1.19.0",
"latest_human_version": "1.19.0_1.0.0",
"last_update": null,
"name": "gitea",
"recommended": false,
"title": "Gitea",
"icon_url": "https://gitea.com/assets/img/logo.svg"
}
},
"enterprise": {

23
charts/ix-chart/2304.0.0/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/ix-chart/2304.0.0/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common/2207.0.0
version: 2207.0.0
digest: sha256:a301ba0f99ec1e08a60a7f0a0320aa02d225993572f2f056f09520f06df88b37
generated: "2023-03-23T16:05:17.17021698+02:00"

20
charts/ix-chart/2304.0.0/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
name: ix-chart
description: A Helm chart for deploying simple workloads Kubernetes
annotations:
title: ix-chart
type: application
version: 2304.0.0
apiVersion: v2
appVersion: v1
kubeVersion: ">=1.16.0-0"
maintainers:
- name: truenas
url: https://www.truenas.com/
dependencies:
- name: common
repository: file://../../../common/2207.0.0
version: 2207.0.0
home: https://www.truenas.com/
icon: https://www.ixsystems.com/wp-content/uploads/2021/06/ix_logo_200x47.png
keywords: []
sources: []

117
charts/ix-chart/2304.0.0/README.md Normal file
View File

@@ -0,0 +1,117 @@
# iX Chart
iX-chart is a chart designed to let user deploy a docker image in a TrueNAS SCALE kubernetes cluster.
It provides a mechanism to specify workload type, add external host interfaces in the pods, configure volumes and allocate host resources to the workload.
This chart will deploy a docker image as a kubernetes workload allowing user to configure the workload deployment / management.
## Introduction
iX-chart is designed for simple single docker image deployments.
## Configuration
The following table lists the configurable parameters of the iX chart and
their default values.
| Parameter | Description | Default |
|:-------------------------------|:----------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|
| `workloadType` | Specify type of workload to deploy | `Deployment` |
| `cronSchedule` | Specify schedule for cronjob if `workloadType` is `CronJob`. | `{"minute": "5", "hour": "*", "dom": "*", "month": "*", "dow": "*"}` |
| `image.repository` | The image repository to pull from | `debian` |
| `image.tag` | The image tag to pull from | `latest` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `updateStrategy` | Upgrade Policy | `RollingUpdate` |
| `jobRestartPolicy` | Restart Policy for job type workload ( only applicable if `workloadType` is `Job`/`CronJob` | `OnFailure` |
| `containerCommand` | Commands to execute inside container overriding image CMD default | `null` |
| `containerArgs` | Specify arguments for container command | `null` |
| `containerEnvironmentVariables`| Container Environment Variables | `null` |
| `externalInterfaces` | Add external interfaces in the pod | `null` |
| `dnsPolicy` | Specify DNS Policy for pod | `Default` |
| `dnsConfig` | Specify custom DNS configuration which will be applied to the pod | `{"nameservers": [], "searches": []}` |
| `hostNetwork` | Use host network for workload ( similar to docker host networking ) | `false` |
| `hostPortsList` | Specify ports of host and workload to forward traffic from host port to workload port. | `null` |
| `portForwardingList` | Specify ports of node and workload to forward traffic from node port to workload port | `null` |
| `hostPathVolumes` | Specify host paths to be used as hostpath volumes for the workload | `null` |
| `volumes` | Specify `ix_volumes` | `null` |
| `livenessProbe` | Configure Liveness Probe for workload | `null` |
| `gpuConfiguration` | Allocate GPU to workload ( if available ) | `{}` |
## Persistence
Chart release iX chart offers 2 ways to have persistent storage:
1) `hostPathVolumes`
2) `volumes`
For (1), they are kubernetes host path volumes which the user can assign to the workload with RO/RW permissions.
(2) is a host path volume as well but it operates differently then (1) in terms of where it lives and how it's lifecycle is tied to the chart release.
For (2), users specify where they would like persistent storage in the workload and a dataset name ( it should be unique per each chart release ), based on this input,
system will create a dataset and then use it as a host path volume for the workload. During upgrades, snapshot will be taken for these volumes and on rollback users can subsequently
restore the snapshots hence the data.
When a chart release will be deleted, all (2) volumes data will be deleted unlike (1) ( until of course they are not in the chart release's dataset path ).
## Recommended Persistence Configuration Examples
The following is a recommended configuration example for creating ix volumes
```
"volumes": [
{
"datasetName": "ix_volume1",
"mountPath": "/mount_test1"
},
{
"datasetName": "ix_volume2",
"mountPath": "/mount_test2"
}
]
```
`mountPath` refers to the path inside the pod.
---
The following is a recommended configuration example for `hostPathVolumes`
```
"hostPathVolumes": [
{
"hostPath": "/mnt/pool/test_dir",
"mountPath": "/test_dir",
"readOnly": true
},
{
"hostPath": "/mnt/pool/test_file",
"mountPath": "/test_file",
"readOnly": true
}
]
```
## External Interfaces Configuration Examples
```
"externalInterfaces": [
{
"hostInterface": "ens3",
"ipam": {"type": "dhcp"}
},
{
"hostInterface": "br0",
"ipam": {
"type": "static",
"staticIPConfigurations": ["192.168.0.120/24"],
"staticRoutes": [
{"destination": "0.0.0.0/0", "gateway": "192.168.0.1"}
]
}
}
]
```
The first entry in the above configuration example will add an external interface in the pod using macvlan with `ipam` being set to `dhcp`.
Second entry will add an external interface in the pod using `bridge` and using static IP configuration for the external interface.

4
charts/ix-chart/2304.0.0/app-readme.md Normal file
View File

@@ -0,0 +1,4 @@
# iX-Chart
iX-chart is a chart designed to let user deploy a docker image in a TrueNAS SCALE kubernetes cluster.
It provides a mechanism to specify workload type, add external host interfaces in the pods, configure volumes and allocate host resources to the workload.

BIN
charts/ix-chart/2304.0.0/charts/common-2207.0.0.tgz Normal file
View File

Binary file not shown.

46
charts/ix-chart/2304.0.0/ci/test-values.yaml Normal file
View File

@@ -0,0 +1,46 @@
# Default values for ix-chart.
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: latest
# Restart / Update policy
updateStrategy: RollingUpdate
jobRestartPolicy: OnFailure
# Container CMD / entrypoint
containerCommand: []
containerArgs: []
containerEnvironmentVariables: []
# Network related configuration
externalInterfaces: []
portForwardingList: [{"containerPort": 80, "nodePort": 32000}]
hostPortsList: []
hostNetwork: false
dnsPolicy: Default
dnsConfig:
nameservers: []
searches: []
# Storage related configuration
hostPathVolumes: []
volumes: []
emptyDirVolumes: []
# Probes
# Liveness Probe
livenessProbe: null
# Workload type
workloadType: "Deployment"
gpuConfiguration: {}
securityContext:
privileged: false
capabilities: []
tty: true
stdin: true
# CI Enabled
ci: true

647
charts/ix-chart/2304.0.0/questions.yaml Normal file
View File

@@ -0,0 +1,647 @@
groups:
- name: "Container Images"
description: "Image to be used for container"
- name: "Container Entrypoint"
description: "Configuration of the executable that will be run when the container is started"
- name: "Container Environment Variables"
description: "Set the environment that will be visible to the container"
- name: "Networking"
description: "Configure networking for container"
- name: "Port Forwarding"
description: "Configure ports to forward to workload"
- name: "Storage"
description: "Persist and share data that is separate from the lifecycle of the container"
- name: "Health Check"
description: "Define mechanism to periodically probe the container to ensure it's functioning as desired"
- name: "Workload Details"
description: "Configure how workload should be deployed"
- name: "Scaling/Upgrade Policy"
description: "Configure how pods are replaced when configuration is upgraded"
- name: "Restart Policy"
description: "Configure when pod should be restarted in case of failure"
- name: "Resource Reservation"
description: "Specify resources to be allocated to workload"
- name: "Resource Limits"
description: "Set CPU/memory limits for Kubernetes Pod"
- name: "Portal Configuration"
description: "Configure UI web portal"
questions:
- variable: enableUIPortal
label: "Enable WebUI Portal (only supported in TrueNAS SCALE Bluefin)"
description: "Enable webui portal for easier access to workload ( Only valid for TrueNAS SCALE Bluefin )"
group: "Portal Configuration"
schema:
type: boolean
default: false
- variable: portalDetails
label: "WebUI Portal"
description: "Configure WebUI Portal"
group: "Portal Configuration"
schema:
show_if: [["enableUIPortal", "=", true]]
type: dict
attrs:
- variable: portalName
label: "Portal Name"
description: "Specify a UI Portal name to use which would be displayed in the UI"
schema:
type: string
default: "Web Portal"
- variable: protocol
label: "Protocol for Portal"
description: "Specify protocol for portal"
schema:
type: string
default: "http"
enum:
- value: "http"
description: "HTTP Protocol"
- value: "https"
description: "HTTPS Protocol"
- variable: useNodeIP
label: "Use Node IP for Portal IP/Domain"
schema:
type: boolean
default: true
- variable: host
description: "IP/Domain to use for accessing the portal"
label: "Portal IP/Domain"
schema:
show_if: [["useNodeIP", "=", false]]
type: string
$ref:
- "definitions/nodeIP"
- variable: port
label: "Port"
description: "Specify port to be used for Portal access"
schema:
type: int
max: 65535
default: 15000
# Workload type
- variable: workloadType
description: "Please specify type of workload to deploy"
label: "Workload Type"
group: "Workload Details"
schema:
type: string
hidden: true
default: "Deployment"
required: true
enum:
- value: "Deployment"
description: "Deploy a Deployment workload"
- value: "Job"
description: "Deploy job workload"
- value: "CronJob"
description: "Deploy cronjob workload"
# Cronjob schedule
- variable: cronSchedule
label: "Cron Schedule"
group: "Workload Details"
schema:
hidden: true
type: cron
show_if: [["workloadType", "=", "CronJob"]]
default:
minute: "5"
# Image related
- variable: image
description: "Docker Image Details"
label: "Docker Image"
group: "Container Images"
schema:
type: dict
required: true
attrs:
- variable: repository
description: "Docker image repository"
label: "Image repository"
schema:
type: string
required: true
- variable: tag
description: "Tag to use for specified image"
label: "Image Tag"
schema:
type: string
default: "latest"
- variable: pullPolicy
description: "Docker Image Pull Policy"
label: "Image Pull Policy"
schema:
type: string
default: "IfNotPresent"
enum:
- value: "IfNotPresent"
description: "Only pull image if not present on host"
- value: "Always"
description: "Always pull image even if present on host"
- value: "Never"
description: "Never pull image even if it's not present on host"
# Update strategy
- variable: updateStrategy
description: "Upgrade Policy"
label: "Update Strategy"
group: "Scaling/Upgrade Policy"
schema:
type: string
show_if: [["workloadType", "=", "Deployment"]]
default: "Recreate"
enum:
- value: "RollingUpdate"
description: "Create new pods and then kill old ones"
- value: "Recreate"
description: "Kill existing pods before creating new ones"
# Restart Policy
- variable: jobRestartPolicy
description: "Restart Policy for Job"
label: "Restart Policy"
group: "Restart Policy"
schema:
hidden: true
type: string
default: "OnFailure"
show_if: [["workloadType", "!=", "Deployment"]]
enum:
- value: "OnFailure"
description: "Only restart job if it fails"
- value: "Never"
description: "Never restart job even if it fails"
# Configurable CMD / Entrypoint / Environment Variables
- variable: containerCommand
description: "Commands to execute inside container overriding image CMD default"
label: "Container CMD"
group: "Container Entrypoint"
schema:
type: list
items:
- variable: command
description: "Container Command"
label: "Command"
schema:
type: string
- variable: containerArgs
description: "Specify arguments for container command"
label: "Container Args"
group: "Container Entrypoint"
schema:
type: list
items:
- variable: arg
description: "Container Arg"
label: "Arg"
schema:
type: string
- variable: containerEnvironmentVariables
description: "Container Environment Variables"
label: "Container Environment Variables"
group: "Container Environment Variables"
schema:
type: list
items:
- variable: environmentVariable
description: "Container Environment Variable"
label: "Container Environment Variable"
schema:
type: dict
attrs:
- variable: name
description: "Environment Variable Name"
label: "Environment Variable Name"
schema:
type: string
required: true
- variable: value
description: "Environment Variable Value"
label: "Environment Variable Value"
schema:
type: string
required: true
# Networking options
- variable: externalInterfaces
description: "Add External Interfaces"
label: "Add external Interfaces"
group: "Networking"
schema:
type: list
items:
- variable: interfaceConfiguration
description: "Interface Configuration"
label: "Interface Configuration"
schema:
type: dict
$ref:
- "normalize/interfaceConfiguration"
attrs:
- variable: hostInterface
description: "Please specify host interface"
label: "Host Interface"
schema:
type: string
required: true
$ref:
- "definitions/interface"
- variable: ipam
description: "Define how IP Address will be managed"
label: "IP Address Management"
schema:
type: dict
required: true
attrs:
- variable: type
description: "Specify type for IPAM"
label: "IPAM Type"
schema:
type: string
required: true
enum:
- value: "dhcp"
description: "Use DHCP"
- value: "static"
description: "Use static IP"
show_subquestions_if: "static"
subquestions:
- variable: staticIPConfigurations
label: "Static IP Addresses"
schema:
type: list
items:
- variable: staticIP
label: "Static IP"
schema:
type: ipaddr
cidr: true
- variable: staticRoutes
label: "Static Routes"
schema:
type: list
items:
- variable: staticRouteConfiguration
label: "Static Route Configuration"
schema:
type: dict
attrs:
- variable: destination
label: "Destination"
schema:
type: ipaddr
cidr: true
required: true
- variable: gateway
label: "Gateway"
schema:
type: ipaddr
cidr: false
required: true
- variable: dnsPolicy
label: "DNS Policy"
description: "Default behaviour is where Pod inherits the name resolution configuration from the node that the pods run on, if None is specified, It allows a Pod to ignore DNS settings from the Kubernetes environment."
group: "Networking"
schema:
type: string
default: "Default"
enum:
- value: "Default"
description: "Use Default DNS Policy where Pod will inherit the name resolution configuration from the node."
- value: "ClusterFirst"
description: >
"Kubernetes internal DNS will be prioritised and resolved first. If the domain does not resolve with internal
kubernetes DNS, the DNS query will be forwarded to the upstream nameserver inherited from the node. This is
useful if the workload needs to access other service(s)/workload(s) using kubernetes internal DNS."
- value: "ClusterFirstWithHostNet"
description: "For Pods running with hostNetwork and wanting to prioritise internal kubernetes DNS should make use of this policy."
- value: "None"
description: "Ignore DNS settings from the Kubernetes cluster"
- variable: dnsConfig
label: "DNS Configuration"
group: "Networking"
description: "Specify custom DNS configuration which will be applied to the pod"
schema:
type: dict
attrs:
- variable: nameservers
label: "Nameservers"
schema:
default: []
type: list
items:
- variable: nameserver
label: "Nameserver"
schema:
type: string
- variable: searches
label: "Searches"
schema:
default: []
type: list
items:
- variable: search
label: "Search Entry"
schema:
type: string
- variable: options
label: "DNS Options"
schema:
type: list
items:
- variable: optionsEntry
label: "Option Entry Configuration"
schema:
type: dict
attrs:
- variable: name
label: "Option Name"
schema:
type: string
required: true
- variable: value
label: "Option Value"
schema:
type: string
required: true
- variable: hostNetwork
label: "Provide access to node network namespace for the workload"
group: "Networking"
schema:
type: boolean
default: false
show_if: [["externalInterfaces", "=", []]]
- variable: hostPortsList
label: "Specify host ports for the workload"
description: "Only use host ports if scaling of a workload is not required"
group: "Networking"
schema:
show_if: [["updateStrategy", "=", "Recreate"]]
type: list
hidden: true
items:
- variable: hostPortConfiguration
label: "Host Port Configuration"
schema:
type: dict
attrs:
- variable: containerPort
label: "Container Port"
schema:
type: string
required: true
- variable: hostPort
label: "Host Port"
schema:
type: string
required: true
- variable: portForwardingList
label: "Specify Node ports to forward to workload"
group: "Port Forwarding"
description: "Specify ports of node and workload to forward traffic from node port to workload port"
schema:
type: list
show_if: [["hostNetwork", "=", false]]
items:
- variable: portForwarding
label: "Port Forwarding Configuration"
schema:
type: dict
attrs:
- variable: containerPort
label: "Container Port"
schema:
type: int
required: true
- variable: nodePort
label: "Node Port"
schema:
type: int
required: true
min: 9000
max: 65535
- variable: protocol
label: "Protocol"
schema:
type: string
default: "TCP"
enum:
- value: "TCP"
description: "TCP Protocol"
- value: "UDP"
description: "UDP Protocol"
# Storage Options
# Host path based volumes
- variable: hostPathVolumes
label: "Host Path Volumes"
group: "Storage"
schema:
type: list
items:
- variable: hostPathConfiguration
label: "Host Path Configuration"
schema:
type: dict
attrs:
- variable: hostPath
label: "Host Path"
schema:
type: hostpath
required: true
- variable: mountPath
label: "Mount Path"
description: "Path where host path will be mounted inside the pod"
schema:
type: path
required: true
- variable: readOnly
label: "Read Only"
schema:
type: boolean
default: false
- variable: emptyDirVolumes
label: "Memory Backed Volumes"
description: "Mount memory based temporary volumes for fast access i.e consuming /dev/shm"
group: "Storage"
schema:
type: list
items:
- variable: emptyDirVolume
label: "Memory Backed Volume"
schema:
type: dict
attrs:
- variable: mountPath
label: "Mount Path"
description: "Path where temporary path will be mounted inside the pod"
schema:
type: path
required: true
# Volumes
- variable: volumes
label: "Volumes"
group: "Storage"
schema:
type: list
items:
- variable: volume
label: "Volume"
schema:
type: dict
$ref:
- "normalize/ixVolume"
attrs:
- variable: mountPath
label: "Mount Path"
description: "Path where the volume will be mounted inside the pod"
schema:
type: path
required: true
- variable: datasetName
label: "Dataset Name"
schema:
type: string
required: true
# Pod Probes
# Liveness Probe
- variable: livenessProbe
label: "Liveness Probe"
description: "Configure Liveness Probe"
group: "Health Check"
schema:
hidden: true
type: dict
default: null
"null": true
attrs:
- variable: command
label: "Liveness command"
description: "Specify a command to determine liveness of pod"
schema:
type: list
required: true
items:
- variable: commandArg
label: "Command Arg"
schema:
type: string
- variable: initialDelaySeconds
label: "Seconds Delay"
description: "Seconds to delay the first liveness probe"
schema:
type: int
default: 5
- variable: periodSeconds
label: "Period Seconds"
description: "Specify number of seconds to run liveness probe"
schema:
type: int
default: 10
# Specify GPU configuration
- variable: gpuConfiguration
label: "GPU Configuration"
group: "Resource Reservation"
schema:
type: dict
$ref:
- "definitions/gpuConfiguration"
attrs: []
- variable: tty
label: "Enable TTY"
description: "Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled."
group: "Workload Details"
schema:
type: boolean
default: false
- variable: stdin
label: "Enable STDIN"
description: "Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled."
group: "Workload Details"
schema:
type: boolean
default: false
- variable: securityContext
label: "Security Context"
group: "Workload Details"
schema:
type: dict
attrs:
- variable: privileged
label: "Privileged Mode"
description: "Determines if any container in a pod can enable privileged mode. By default a container is not allowed to access any devices on the host, but a 'privileged' container is given access to all devices on the host. This allows the container nearly all the same access as processes running on the host."
schema:
type: boolean
default: false
- variable: capabilities
label: "Capabilities"
description: "With Linux capabilities, you can grant certain privileges to a process without granting all the privileges of the root user."
schema:
type: list
items:
- variable: capability
description: "Add Capability"
label: "Add Capability"
schema:
type: string
- variable: enableRunAsUser
label: "Configure Container User and Group ID"
description: "Configure security context runAsUser and runAsGroup variables"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: runAsUser
label: "Run Container As User"
description: "Configure user id for container."
schema:
type: int
default: 568
- variable: runAsGroup
label: "Run Container As Group"
description: "Configure group id for container."
schema:
type: int
default: 568
- variable: enableResourceLimits
label: "Enable Pod resource limits"
group: "Resource Limits"
schema:
type: boolean
default: false
- variable: cpuLimit
label: "CPU Limit"
description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100."
group: "Resource Limits"
schema:
type: string
show_if: [["enableResourceLimits", "=", true]]
valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)"
default: "4000m"
- variable: memLimit
label: "Memory Limit"
group: "Resource Limits"
description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi"
schema:
type: string
show_if: [["enableResourceLimits", "=", true]]
valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
default: "8Gi"

2
charts/ix-chart/2304.0.0/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,2 @@
1. Get the application URL by running these commands:

77
charts/ix-chart/2304.0.0/templates/_containers.tpl Normal file
View File

@@ -0,0 +1,77 @@
{{/*
Container Command
*/}}
{{- define "containerCommand" }}
{{- if .Values.containerCommand }}
command:
{{- range .Values.containerCommand }}
- {{ . | quote}}
{{- end }}
{{- end }}
{{- end }}
{{/*
Container Args
*/}}
{{- define "containerArgs" }}
{{- if .Values.containerArgs }}
args:
{{- range .Values.containerArgs }}
- {{ . | quote}}
{{- end }}
{{- end }}
{{- end }}
{{/*
Container Environment Variables
*/}}
{{- define "containerEnvVariables" }}
{{- if .Values.containerEnvironmentVariables }}
env:
{{- range .Values.containerEnvironmentVariables }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Container Liveness Probe
*/}}
{{- define "containerLivenssProbe" }}
{{- if .Values.livenessProbe }}
livenessProbe:
exec:
command:
{{ toYaml .Values.livenessProbe.command | indent 16 }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.periodSeconds }}
{{- end }}
{{- end }}
{{/*
Container Ports
*/}}
{{- define "containerPorts" }}
{{- if or .Values.portForwardingList .Values.hostPortsList }}
ports:
{{- range $index, $config := .Values.portForwardingList }}
- containerPort: {{ $config.containerPort }}
{{- end }}
{{- range $index, $config := .Values.hostPortsList }}
- containerPort: {{ $config.containerPort }}
hostPort: {{ $config.hostPort }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Container Resource Configuration
*/}}
{{- define "containerResourceConfiguration" }}
{{- if .Values.gpuConfiguration }}
resources:
limits:
{{- toYaml .Values.gpuConfiguration | nindent 4 }}
{{- end }}
{{- end }}

71
charts/ix-chart/2304.0.0/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,71 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ix-chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ix-chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ix-chart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "ix-chart.labels" -}}
helm.sh/chart: {{ include "ix-chart.chart" . }}
{{ include "ix-chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "ix-chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ix-chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "ix-chart.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "ix-chart.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Convert cron schema object to cron format
*/}}
{{- define "cronExpression" }}
{{- printf "%s %s %s %s %s " .minute .hour .dom .month .dow }}
{{- end }}

30
charts/ix-chart/2304.0.0/templates/_networking.tpl Normal file
View File

@@ -0,0 +1,30 @@
{{/*
DNS Configuration
*/}}
{{- define "dnsConfiguration" }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- if .Values.dnsConfig }}
dnsConfig:
{{- toYaml .Values.dnsConfig | nindent 2 }}
{{- end }}
{{- end }}
{{/*
Get configuration for host network
*/}}
{{- define "hostNetworkingConfiguration" -}}
{{- $host := default false .Values.hostNetwork -}}
{{- if or .Values.externalInterfaces (eq $host false) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/* Validate portal port */}}
{{- if .Values.enableUIPortal }}
{{- if and (not .Values.hostNetwork) (lt .Values.portalDetails.port 9000) }}
{{- fail (printf "Port (%d) is too low. Minimum allowed port is 9000." .Values.portalDetails.port) }}
{{- end }}
{{- end }}

51
charts/ix-chart/2304.0.0/templates/_volumes.tpl Normal file
View File

@@ -0,0 +1,51 @@
{{/*
Volumes Configuration
*/}}
{{- define "volumeConfiguration" }}
{{- if or .Values.ixVolumes .Values.hostPathVolumes .Values.emptyDirVolumes }}
volumes:
{{ $host_p := list }}
{{- range $index, $hostPathConfiguration := .Values.hostPathVolumes }}
- name: ix-host-path-{{ $.Release.Name }}-{{ $index }}
hostPath:
path: {{ $hostPathConfiguration.hostPath }}
{{ $host_p = mustAppend $host_p $hostPathConfiguration.hostPath }}
{{- end }}
{{- range $index, $hostPathConfiguration := .Values.ixVolumes }}
{{ $dsName := base $hostPathConfiguration.hostPath }}
- name: ix-host-volume-{{ $.Release.Name }}-{{ $dsName }}
hostPath:
path: {{ $hostPathConfiguration.hostPath }}
{{ $host_p = mustAppend $host_p $hostPathConfiguration.hostPath }}
{{- end }}
{{ include "common.storage.hostPathsValidation" $host_p }}
{{- range $index, $emptyDirConfiguration := .Values.emptyDirVolumes }}
- name: ix-emptydir-volume-{{ $.Release.Name }}-{{ $index }}
emptyDir:
medium: Memory
{{- end }}
{{- end }}
{{- end }}
{{/*
Volume Mounts Configuration
*/}}
{{- define "volumeMountsConfiguration" }}
{{- if or .Values.hostPathVolumes .Values.ixVolumes .Values.emptyDirVolumes }}
volumeMounts:
{{- range $index, $hostPathConfiguration := .Values.hostPathVolumes }}
- mountPath: {{ $hostPathConfiguration.mountPath }}
name: ix-host-path-{{ $.Release.Name }}-{{ $index }}
readOnly: {{ $hostPathConfiguration.readOnly }}
{{- end }}
{{- range $index, $hostPathConfiguration := .Values.volumes }}
- mountPath: {{ $hostPathConfiguration.mountPath }}
name: ix-host-volume-{{ $.Release.Name }}-{{ $hostPathConfiguration.datasetName }}
{{- end }}
{{- range $index, $emptyDirConfiguration := .Values.emptyDirVolumes }}
- mountPath: {{ $emptyDirConfiguration.mountPath }}
name: ix-emptydir-volume-{{ $.Release.Name }}-{{ $index }}
{{- end }}
{{- end }}
{{- end }}

183
charts/ix-chart/2304.0.0/templates/_workload.tpl Normal file
View File

@@ -0,0 +1,183 @@
{{/*
Check if workload type is a deployment
*/}}
{{- define "workloadIsDeployment" }}
{{- if eq .Values.workloadType "Deployment" }}
{{- true -}}
{{- else }}
{{- false -}}
{{- end }}
{{- end }}
{{/*
Check if workload type is a cronjob
*/}}
{{- define "workloadIsCronJob" }}
{{- if eq .Values.workloadType "CronJob" }}
{{- true -}}
{{- else }}
{{- false -}}
{{- end }}
{{- end }}
{{/*
Get API Version based on workload type
*/}}
{{- define "apiVersion" -}}
{{- if eq (include "workloadIsDeployment" .) "true" }}
{{- printf "apps/v1" }}
{{- else if eq (include "workloadIsCronJob" .) "true" }}
{{- printf "batch/v1beta1" }}
{{- else }}
{{- printf "batch/v1" }}
{{- end }}
{{- end }}
{{/*
Get Restart policy based on workload type
*/}}
{{- define "restartPolicy" -}}
{{- if eq (include "workloadIsDeployment" .) "true" }}
{{- print "Always" }}
{{- else }}
{{- printf "%s" .Values.jobRestartPolicy }}
{{- end }}
{{- end }}
{{/*
Pod specification
*/}}
{{- define "podSepc" }}
restartPolicy: {{ template "restartPolicy" . }}
hostNetwork: {{ template "hostNetworkingConfiguration" . }}
containers:
- name: {{ .Chart.Name }}
{{ include "common.resources.limitation" . | nindent 2 }}
{{- include "volumeMountsConfiguration" . | indent 2}}
tty: {{ .Values.tty }}
stdin: {{ .Values.stdin }}
securityContext:
privileged: {{ .Values.securityContext.privileged }}
{{ if .Values.securityContext.enableRunAsUser }}
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
{{ end }}
{{ if .Values.securityContext.capabilities }}
capabilities:
add: {{ toYaml .Values.securityContext.capabilities | nindent 8 }}
{{ end }}
{{ if .Values.ci }}
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 2
startupProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 60
successThreshold: 1
{{ end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- include "containerCommand" . | indent 2 }}
{{- include "containerArgs" . | indent 2 }}
{{- include "containerEnvVariables" . | indent 2 }}
{{- include "containerLivenssProbe" . | indent 2 }}
{{- include "containerPorts" . | indent 2 }}
{{- include "containerResourceConfiguration" . | indent 2 }}
{{- include "volumeConfiguration" . }}
{{- include "dnsConfiguration" . }}
{{- end }}
{{/*
Annotations for workload
*/}}
{{- define "workloadAnnotations" }}
rollme: {{ randAlphaNum 5 | quote }}
{{- if .Values.ixExternalInterfacesConfigurationNames }}
k8s.v1.cni.cncf.io/networks: {{ join ", " .Values.ixExternalInterfacesConfigurationNames }}
{{- end }}
{{- end }}
{{/*
Metadata for workload
*/}}
{{- define "commonMetadataWorkload" }}
labels:
{{- include "ix-chart.selectorLabels" . | nindent 2 }}
annotations:
{{- include "workloadAnnotations" . | nindent 2 }}
{{- end }}
{{/*
Deployment Spec
*/}}
{{- define "deploymentSpec" }}
strategy:
{{- if and (eq .Values.updateStrategy "RollingUpdate") .Values.hostPortsList }}
{{- fail "RollingUpdate is not allowed when host ports are specified" }}
{{- else if and (eq .Values.updateStrategy "RollingUpdate") .Values.hostNetwork }}
{{- fail "RollingUpdate is not allowed when host network is enabled" }}
{{- end }}
type: {{ .Values.updateStrategy }}
selector:
matchLabels:
{{- include "ix-chart.selectorLabels" . | nindent 4 }}
template:
metadata:
{{ include "commonMetadataWorkload" . | nindent 4 }}
spec:
{{- include "podSepc" . | indent 4 }}
{{- end }}
{{/*
Job Spec Common
*/}}
{{- define "jobSpecCommon" }}
metadata:
{{ include "commonMetadataWorkload" . | nindent 4 }}
spec:
{{- include "podSepc" . | indent 2 }}
{{- end }}
{{/*
Job Spec
*/}}
{{- define "jobSpec" }}
template:
{{ include "jobSpecCommon" . | nindent 2 }}
{{- end }}
{{/*
CronJob Spec
*/}}
{{- define "cronJobSpec" }}
schedule: {{ include "cronExpression" .Values.cronSchedule | quote }}
jobTemplate:
spec:
{{ include "jobSpec" . | nindent 4 }}
{{- end }}

9
charts/ix-chart/2304.0.0/templates/external-interfaces.yaml Normal file
View File

@@ -0,0 +1,9 @@
{{- range $index, $iface := .Values.ixExternalInterfacesConfiguration }}
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: ix-{{ $.Release.Name }}-{{ $index }}
spec:
config: '{{ $iface }}'
{{- end }}

20
charts/ix-chart/2304.0.0/templates/service.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and (.Values.portForwardingList) (eq (include "hostNetworkingConfiguration" .) "false") }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "ix-chart.fullname" . }}
labels:
{{- include "ix-chart.labels" . | nindent 4 }}
spec:
type: NodePort
ports:
{{- range $index, $config := .Values.portForwardingList }}
- port: {{ $config.containerPort }}
targetPort: {{ $config.containerPort }}
protocol: {{ $config.protocol }}
nodePort: {{ $config.nodePort }}
name: ix-{{ $.Release.Name }}-{{ $config.nodePort }}-{{ $index }}
{{- end }}
selector:
{{- include "ix-chart.selectorLabels" . | nindent 4 }}
{{- end }}

14
charts/ix-chart/2304.0.0/templates/workload.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: {{ template "apiVersion" . }}
kind: {{ .Values.workloadType }}
metadata:
name: {{ include "ix-chart.fullname" . }}
labels:
{{- include "ix-chart.labels" . | nindent 4 }}
spec:
{{- if eq (include "workloadIsDeployment" .) "true" }}
{{ include "deploymentSpec" . | nindent 2 }}
{{- else if eq (include "workloadIsCronJob" .) "true" }}
{{ include "cronJobSpec" . | nindent 2 }}
{{- else }}
{{ include "jobSpec" . | nindent 2 }}
{{- end }}

2
charts/ix-chart/item.yaml Normal file
View File

@@ -0,0 +1,2 @@
categories:
- generic

6
community/gitea/1.0.0/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common
version: 1.0.3
digest: sha256:1a090020cfa582aff29906320874ffe9b543fcc6c2423c281f434514f2653e02
generated: "2023-04-06T19:00:01.577717432+03:00"

25
community/gitea/1.0.0/Chart.yaml Normal file
View File

@@ -0,0 +1,25 @@
name: gitea
description: Gitea - Git with a cup of tea
annotations:
title: Gitea
type: application
version: 1.0.0
apiVersion: v2
appVersion: '1.19.0'
kubeVersion: '>=1.16.0-0'
maintainers:
- name: truenas
url: https://www.truenas.com/
dependencies:
- name: common
repository: file://../../../common
version: 1.0.3
home: https://gitea.io/en-us
icon: https://gitea.com/assets/img/logo.svg
sources:
- https://gitea.io/en-us
- https://github.com/truenas/charts/tree/master/community/gitea
- https://docs.gitea.io/en-us/install-with-docker-rootless
keywords:
- git
- gitea

15
community/gitea/1.0.0/README.md Normal file
View File

@@ -0,0 +1,15 @@
# Gitea
[Gitea](https://gitea.io/en-us) - Git with a cup of tea
> When application is installed, a container will be launched with **root** privileges.
> This is required in order to apply the correct permissions to the `gitea` directories.
> Afterward, the `gitea` container will run as a **non**-root user (Default: `568`).
> Same applies to the `postgres` container. This will run afterwards as a **non**-root user (`999`).
> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
> But will only be changed once for the `gitea` and `postgres` data directories.
On initial startup a setup wizard will be launched with settings for database, ports and root url prefilled.
Keep them as they are, fill the Administration section and click on `Install Gitea`.

15
community/gitea/1.0.0/app-readme.md Normal file
View File

@@ -0,0 +1,15 @@
# Gitea
[Gitea](https://gitea.io/en-us) - Git with a cup of tea
> When application is installed, a container will be launched with **root** privileges.
> This is required in order to apply the correct permissions to the `gitea` directories.
> Afterward, the `gitea` container will run as a **non**-root user (Default: `568`).
> Same applies to the `postgres` container. This will run afterwards as a **non**-root user (`999`).
> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
> But will only be changed once for the `gitea` and `postgres` data directories.
On initial startup a setup wizard will be launched with settings for `database`, `ports`, `path`, and `domain` prefilled.
Keep them as they are, fill anything you want in the optional settings section and click on `Install Gitea`.

BIN
community/gitea/1.0.0/charts/common-1.0.3.tgz Normal file
View File

Binary file not shown.

16
community/gitea/1.0.0/ci/basic-values.yaml Normal file
View File

@@ -0,0 +1,16 @@
giteaStorage:
data:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/data
config:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/config
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgBackup
giteaNetwork:
rootURL: http://localhost:30000

103
community/gitea/1.0.0/ci/https-values.yaml Normal file
View File

@@ -0,0 +1,103 @@
giteaStorage:
data:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/data
config:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/config
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgData
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/pgBackup
giteaNetwork:
certificateID: 1
rootURL: https://gitea.example.com:30000
ixCertificates:
"1":
certificate: |
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
M7Y3vwxshpo=
-----END CERTIFICATE-----
privatekey: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
//L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
3G15AKCXo7jjOUtHY01DCQ==
-----END PRIVATE KEY-----

44
community/gitea/1.0.0/ix_values.yaml Normal file
View File

@@ -0,0 +1,44 @@
image:
repository: gitea/gitea
pullPolicy: IfNotPresent
tag: 1.19.0-rootless
resources:
limits:
cpu: 4000m
memory: 8Gi
giteaConfig:
additionalEnvs: []
giteaNetwork:
webPort: 30000
sshPort: 30001
certificateID: ""
rootURL: ""
hostNetwork: false
# FIXME: Currently only user 1000 works.
# Any other uid is not mapped to the internal "git" user.
# https://github.com/go-gitea/gitea/issues/23632
giteaRunAs:
user: 1000
group: 1000
giteaStorage:
data:
type: ixVolume
hostPath: ""
datasetName: data
config:
type: ixVolume
hostPath: ""
datasetName: config
pgData:
type: ixVolume
hostPath: ""
datasetName: pgData
pgBackup:
type: ixVolume
hostPath: ""
datasetName: pgBackup

315
community/gitea/1.0.0/questions.yaml Normal file
View File

@@ -0,0 +1,315 @@
groups:
- name: Gitea Configuration
description: Configure Gitea
- name: User and Group Configuration
description: Configure User and Group for Gitea
- name: Network Configuration
description: Configure Network for Gitea
- name: Storage Configuration
description: Configure Storage for Gitea
- name: Resources Configuration
description: Configure Resources for Gitea
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_path"
questions:
- variable: giteaConfig
label: ""
group: Gitea Configuration
schema:
type: dict
attrs:
- variable: additionalEnvs
label: Additional Environment Variables
description: Configure additional environment variables for Gitea.
schema:
type: list
default: []
items:
- variable: env
label: Environment Variable
schema:
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: giteaRunAs
label: ""
group: User and Group Configuration
schema:
type: dict
hidden: true
attrs:
- variable: user
label: User ID
description: The user id that Gitea will run as.
schema:
type: int
min: 1
# FIXME: See values.yaml
hidden: true
editable: false
default: 1000
required: true
- variable: group
label: Group ID
description: The group id that Gitea will run as.
schema:
type: int
min: 1
# FIXME: See values.yaml
hidden: true
editable: false
default: 1000
required: true
- variable: giteaNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: webPort
label: Web Port
description: The port for the Gitea WebUI.
schema:
type: int
default: 30000
min: 9000
max: 65535
required: true
- variable: sshPort
label: SSH Port
description: The port for the Gitea SSH.
schema:
type: int
default: 30001
min: 9000
max: 65535
required: true
- variable: hostNetwork
label: Host Network
description: |
Bind to the host network. It's recommended to keep this disabled.
schema:
type: boolean
default: false
- variable: rootURL
label: Root URL
description: The URL that Gitea will be available at.
schema:
type: string
default: ""
required: true
- variable: certificateID
label: Certificate
description: |
The certificate to use for Gitea
schema:
type: int
"null": true
$ref:
- "definitions/certificate"
- variable: giteaStorage
label: ""
group: Storage Configuration
schema:
type: dict
attrs:
- variable: data
label: Gitea Data Storage
description: The path to store Gitea data.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: data
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: config
label: Gitea Configuration Storage
description: The path to store Gitea configuration storage.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: config
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: pgData
label: Gitea Postgres Data Storage
description: The path to store Gitea Postgres Data.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: pgData
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: pgBackup
label: Gitea Postgres Backup Storage
description: The path to store Gitea Postgres Backup.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: pgBackup
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: resources
label: ""
group: Resources Configuration
schema:
type: dict
attrs:
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: cpu
label: CPU
description: CPU limit for Gitea.
schema:
type: string
default: 4000m
required: true
- variable: memory
label: Memory
description: Memory limit for Gitea.
schema:
type: string
default: 8Gi
required: true

1
community/gitea/1.0.0/templates/NOTES.txt Normal file
View File

@@ -0,0 +1 @@
{{ include "ix.v1.common.lib.chart.notes" $ }}

60
community/gitea/1.0.0/templates/_configuration.tpl Normal file
View File

@@ -0,0 +1,60 @@
{{- define "gitea.configuration" -}}
{{ if not (hasPrefix "http" .Values.giteaNetwork.rootURL) }}
{{ fail "Gitea - Expected [Root URL] to have the following format [http(s)://(sub).domain.tld(:port)] or [http://IP_ADDRESS:port]" }}
{{ end }}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $dbHost := (printf "%s-postgres" $fullname) -}}
{{- $dbUser := "gitea" -}}
{{- $dbName := "gitea" -}}
{{- $dbPass := (randAlphaNum 32) -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
{{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
{{- end -}}
{{ $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }}
secret:
postgres-creds:
enabled: true
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $dbHost }}
POSTGRES_URL: {{ $dbURL }}
gitea-creds:
enabled: true
data:
GITEA__database__DB_TYPE: postgres
GITEA__database__PASSWD: {{ $dbPass }}
GITEA__database__HOST: {{ $dbHost }}
GITEA__database__NAME: {{ $dbName }}
GITEA__database__USER: {{ $dbUser }}
configmap:
gitea-config:
enabled: true
data:
{{ $protocol := "http" }}
GITEA__server__HTTP_PORT: {{ .Values.giteaNetwork.webPort | quote }}
GITEA__server__SSH_PORT: {{ .Values.giteaNetwork.sshPort | quote }}
GITEA__server__SSH_LISTEN_PORT: {{ .Values.giteaNetwork.sshPort | quote }}
GITEA__server__ROOT_URL: {{ .Values.giteaNetwork.rootURL | quote }}
{{ if .Values.giteaNetwork.certificateID }}
{{ $protocol = "https" }}
GITEA__server__CERT_FILE: /etc/certs/gitea/public.crt
GITEA__server__KEY_FILE: /etc/certs/gitea/private.key
{{ end }}
GITEA__server__PROTOCOL: {{ $protocol }}
{{ with .Values.giteaNetwork.certificateID }}
scaleCertificate:
gitea-cert:
enabled: true
id: {{ . }}
{{ end }}
{{- end -}}

123
community/gitea/1.0.0/templates/_gitea.tpl Normal file
View File

@@ -0,0 +1,123 @@
{{- define "gitea.workload" -}}
workload:
gitea:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: {{ .Values.giteaNetwork.hostNetwork }}
containers:
gitea:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: {{ .Values.giteaRunAs.user }}
runAsGroup: {{ .Values.giteaRunAs.group }}
envFrom:
- secretRef:
name: gitea-creds
- configMapRef:
name: gitea-config
{{ with .Values.giteaConfig.additionalEnvs }}
env:
{{ range $env := . }}
{{ $env.name }}: {{ $env.value }}
{{ end }}
{{ end }}
probes:
{{ $protocol := "http" }}
{{ if .Values.giteaNetwork.certificateID }}
{{ $protocol = "https" }}
{{ end }}
liveness:
enabled: true
type: {{ $protocol }}
path: /api/healthz
port: {{ .Values.giteaNetwork.webPort }}
readiness:
enabled: true
type: {{ $protocol }}
path: /api/healthz
port: {{ .Values.giteaNetwork.webPort }}
startup:
enabled: true
type: {{ $protocol }}
path: /api/healthz
port: {{ .Values.giteaNetwork.webPort }}
initContainers:
{{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
"UID" .Values.giteaRunAs.user
"GID" .Values.giteaRunAs.group
"type" "install") | nindent 8 }}
{{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
"secretName" "postgres-creds") | nindent 8 }}
{{/* Service */}}
service:
gitea:
enabled: true
primary: true
type: NodePort
targetSelector: gitea
ports:
webui:
enabled: true
primary: true
port: {{ .Values.giteaNetwork.webPort }}
nodePort: {{ .Values.giteaNetwork.webPort }}
targetSelector: gitea
ssh:
enabled: true
port: {{ .Values.giteaNetwork.sshPort }}
nodePort: {{ .Values.giteaNetwork.sshPort }}
targetSelector: gitea
{{/* Persistence */}}
persistence:
data:
enabled: true
type: {{ .Values.giteaStorage.data.type }}
datasetName: {{ .Values.giteaStorage.data.datasetName | default "" }}
hostPath: {{ .Values.giteaStorage.data.hostPath | default "" }}
targetSelector:
gitea:
gitea:
mountPath: /var/lib/gitea
01-permissions:
mountPath: /mnt/directories/data
config:
enabled: true
type: {{ .Values.giteaStorage.config.type }}
datasetName: {{ .Values.giteaStorage.config.datasetName | default "" }}
hostPath: {{ .Values.giteaStorage.config.hostPath | default "" }}
targetSelector:
gitea:
gitea:
mountPath: /etc/gitea
01-permissions:
mountPath: /mnt/directories/config
gitea-temp:
enabled: true
type: emptyDir
targetSelector:
gitea:
gitea:
mountPath: /tmp/gitea
{{ if .Values.giteaNetwork.certificateID }}
cert:
enabled: true
type: secret
objectName: gitea-cert
defaultMode: "0600"
items:
- key: tls.key
path: private.key
- key: tls.crt
path: public.crt
targetSelector:
gitea:
gitea:
mountPath: /etc/certs/gitea
readOnly: true
{{ end }}
{{- end -}}

21
community/gitea/1.0.0/templates/_portal.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{- define "gitea.portal" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
path: /
port: {{ .Values.giteaNetwork.webPort | quote }}
{{ if or (hasPrefix "https://" .Values.giteaNetwork.rootURL) .Values.giteaNetwork.certificateID }}
protocol: https
{{ else }}
protocol: http
{{ end }}
{{- $host := "$node_ip" -}}
{{ with .Values.giteaNetwork.rootURL }} {{/* Trim protocol and trailing slash */}}
{{ $host = (. | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/") }}
{{ $host = mustRegexReplaceAll "(.*):[0-9]+" $host "${1}" }}
{{ end }}
host: {{ $host }}
{{- end -}}

50
community/gitea/1.0.0/templates/_postgres.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{- define "postgres.workload" -}}
workload:
{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds"
"resources" .Values.resources
"ixChartContext" .Values.ixChartContext) | nindent 2 }}
{{/* Service */}}
service:
postgres:
enabled: true
type: ClusterIP
targetSelector: postgres
ports:
postgres:
enabled: true
primary: true
port: 5432
targetSelector: postgres
{{/* Persistence */}}
persistence:
postgresdata:
enabled: true
type: {{ .Values.giteaStorage.pgData.type }}
datasetName: {{ .Values.giteaStorage.pgData.datasetName | default "" }}
hostPath: {{ .Values.giteaStorage.pgData.hostPath | default "" }}
targetSelector:
# Postgres pod
postgres:
# Postgres container
postgres:
mountPath: /var/lib/postgresql/data
# Permissions container
permissions:
mountPath: /mnt/directories/postgres_data
postgresbackup:
enabled: true
type: {{ .Values.giteaStorage.pgBackup.type }}
datasetName: {{ .Values.giteaStorage.pgBackup.datasetName | default "" }}
hostPath: {{ .Values.giteaStorage.pgBackup.hostPath | default "" }}
targetSelector:
# Postgres backup pod
postgresbackup:
# Postgres backup container
postgresbackup:
mountPath: /postgres_backup
# Permissions container
permissions:
mountPath: /mnt/directories/postgres_backup
{{- end -}}

11
community/gitea/1.0.0/templates/common.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- include "ix.v1.common.loader.init" . -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "gitea.configuration" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "gitea.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
{{/* Create the configmap for portal manually*/}}
{{- include "gitea.portal" $ -}}
{{- include "ix.v1.common.loader.apply" . -}}

4
community/gitea/item.yaml Normal file
View File

@@ -0,0 +1,4 @@
icon_url: https://gitea.com/assets/img/logo.svg
categories:
- git
- gitea