From 8e72d7acb3fe9d3018a21520f186ba6e6c29f371 Mon Sep 17 00:00:00 2001 From: Tamas Kiss Date: Wed, 15 Jan 2025 07:00:19 +0100 Subject: [PATCH] upgrade to 10.1.4 --- gitea.tf | 95 ++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 75 insertions(+), 20 deletions(-) diff --git a/gitea.tf b/gitea.tf index 5cc142f..50368d4 100644 --- a/gitea.tf +++ b/gitea.tf @@ -10,21 +10,21 @@ resource "helm_release" "this" { repository = "https://dl.gitea.io/charts/" chart = "gitea" - version = "7.0.4" + version = "10.1.4" create_namespace = false set { - name = "clusterDomain" + name = "clusterDomain" value = "k8s.lawndale" } values = [ jsonencode({ ingress = { - enabled = true + enabled = true + className = "traefik" annotations = { - "kubernetes.io/ingress.class" = "traefik" "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure" "traefik.ingress.kubernetes.io/router.tls" = "true" "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain @@ -50,11 +50,17 @@ resource "helm_release" "this" { } ] } + service = { + http = { + externalTrafficPolicy = "Local" + } + } }), jsonencode({ service = { ssh = { - type = "LoadBalancer" + type = "LoadBalancer" + externalTrafficPolicy = "Local" } } }), @@ -101,42 +107,83 @@ resource "helm_release" "this" { gitea = { config = { mailer = { - ENABLED = true - FROM = "gitea@git.thomasklein.me" - PROTOCOL = "smtp" + ENABLED = true + FROM = "gitea@git.thomasklein.me" + PROTOCOL = "smtp" SMTP_ADDR = "nat.lawndale" SMTP_PORT = "25" ## Deprecated config for 1.17 - HOST = "nat.lawndale:25" + HOST = "nat.lawndale:25" IS_TLS_ENABLED = false - MAILER_TYPE = "smtp" + MAILER_TYPE = "smtp" } } } }), jsonencode({ persistence = { - enabled = true - existingClaim = module.gitea_persistance.pvc_name + enabled = true + create = false + claimName = module.gitea_persistance.pvc_name } }), jsonencode({ postgresql = { enabled = true - persistence = { - enabled = true - existingClaim = module.postgres_persistance.pvc_name + primary = { + persistence = { + enabled = true + existingClaim = module.postgres_persistance.pvc_name + claimName = module.postgres_persistance.pvc_name + } + podSecurityContext = { + enabled = true + } + volumePermissions = { + enabled = true + } } - podSecurityContext = { - enabled = true - } - volumePermissions = { - enabled = true + } + }), + # Non-HA config base, see https://gitea.com/gitea/helm-chart/src/tag/v10.1.4#single-pod-configurations + jsonencode({ + "redis-cluster" = { + enabled = false + } + "postgresql-ha" = { + enabled = false + } + gitea = { + config = { + database = { + DB_TYPE = "postgres" + } + session = { + PROVIDER = "db" + } + cache = { + ADAPTER = "memory" + } + queue = { + TYPE = "level" + } + indexer = { + ISSUE_INDEXER_TYPE = "bleve" + REPO_INDEXER_ENABLED = true + } } } }), ] + set_sensitive { + name = "postgresql.global.postgresql.auth.password" + value = random_password.postgresql_gitea.result + } + set_sensitive { + name = "postgresql.global.postgresql.auth.postgresPassword" + value = random_password.postgresql.result + } set_sensitive { name = "gitea.oauth[0].key" value = aws_cognito_user_pool_client.gitea.id @@ -152,6 +199,14 @@ resource "helm_release" "this" { } } +resource "random_password" "postgresql_gitea" { + length = 5 +} + +resource "random_password" "postgresql" { + length = 10 +} + resource "random_password" "gitea_admin" { length = 16 special = true