chore: bump gitea to v9.3.0 (#1544)

* chore: bump gitea to v9.3.0 * chore: update description, address code review * feat: code review * feat: redis-luster requires at least 6 nodes
mesosphere · Sep 11, 2023 · f101d89 · f101d89
1 parent ba3f2f3
commit f101d89
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 17 deletions.
diff --git a/licenses.d2iq.yaml b/licenses.d2iq.yaml
@@ -3,9 +3,9 @@ ignore:
   - docker.io/mesosphere/kommander2-kubetools
   - docker.io/nginxinc/nginx-unprivileged:1.22.0-alpine
   - docker.io/bitnami/external-dns:0.13.5-debian-11-r55
-  - docker.io/bitnami/memcached:1.6.15-debian-11-r8
   - docker.io/bitnami/postgresql:11.16.0-debian-11-r9
   - docker.io/bitnami/postgresql:15.2.0-debian-11-r21
+  - docker.io/bitnami/redis-cluster:7.0.12-debian-11-r2
   - docker.io/library/busybox:1
   - gcr.io/kubecost1/cost-model:prod-1.104.0
   - gcr.io/kubecost1/frontend:prod-1.104.0
@@ -89,7 +89,7 @@ resources:
       - license_path: LICENSE
         ref: v${image_tag}
         url: https://github.com/fluent/fluent-bit
-  - container_image: docker.io/gitea/gitea:1.19.2-rootless
+  - container_image: docker.io/gitea/gitea:1.20.3-rootless
     sources:
       - license_path: LICENSE
         ref: v${image_tag%-rootless}

diff --git a/services/gitea/8.2.0/defaults/cm.yaml → services/gitea/9.3.0/defaults/cm.yaml b/services/gitea/8.2.0/defaults/cm.yaml → services/gitea/9.3.0/defaults/cm.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: gitea-8.2.0-d2iq-defaults
+  name: gitea-9.3.0-d2iq-defaults
   namespace: ${releaseNamespace}
 data:
   values.yaml: |-
@@ -21,9 +21,9 @@ data:
             pathType: ImplementationSpecific
     gitea:
       additionalConfigFromEnvs:
-        - name: ENV_TO_INI__SERVER__SSL_MIN_VERSION
+        - name: GITEA__SERVER__SSL_MIN_VERSION
           value: tlsv1.3
-        - name: ENV_TO_INI__SERVER__SSL_MAX_VERSION
+        - name: GITEA__SERVER__SSL_MAX_VERSION
           value: tlsv1.3
       admin:
         existingSecret: ${adminCredentialsSecret}
@@ -37,6 +37,17 @@ data:
         service:
           REQUIRE_SIGNIN_VIEW: false
           DISABLE_REGISTRATION: true
+        session:
+          PROVIDER: redis
+          PROVIDER_CONFIG: redis+cluster://:gitea@gitea-redis-cluster-headless.${releaseNamespace}.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+        cache:
+          ENABLED: true
+          ADAPTER: redis
+          HOST: redis+cluster://:gitea@gitea-redis-cluster-headless.${releaseNamespace}.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+        queue:
+          TYPE: redis
+          CONN_STR: redis+cluster://:gitea@gitea-redis-cluster-headless.${releaseNamespace}v.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
+
       startupProbe:
         enabled: true
         tcpSocket:
@@ -46,28 +57,36 @@ data:
         periodSeconds: 10
         successThreshold: 1
         failureThreshold: 10
-    statefulset:
+    deployment:
       annotations:
         secret.reloader.stakater.com/reload: ${tlsCertificateSecret}
     service:
       http:
         port: 443
         clusterIP:
     extraVolumes:
-    - name: git-tls
-      secret:
-        secretName: ${tlsCertificateSecret}
+      - name: git-tls
+        secret:
+          secretName: ${tlsCertificateSecret}
     extraVolumeMounts:
-    - name: git-tls
-      readOnly: true
-      mountPath: "/git-tls"
+      - name: git-tls
+        readOnly: true
+        mountPath: "/git-tls"
     clusterDomain: cluster.local.
-    memcached:
+    redis-cluster:
       priorityClassName: "dkp-critical-priority"
-      image:
-        tag: 1.6.15-debian-11-r8
+      cluster:
+        nodes: 6
+    postgresql-ha:
+      enabled: false
     postgresql:
+      enabled: true
       primary:
         priorityClassName: "dkp-critical-priority"
       image:
         tag: 11.16.0-debian-11-r9
+    persistence:
+      enabled: true
+      create: false
+      mount: true
+      claimName: "data-gitea-0"
diff --git a/...s/gitea/8.2.0/defaults/kustomization.yaml → ...s/gitea/9.3.0/defaults/kustomization.yaml b/...s/gitea/8.2.0/defaults/kustomization.yaml → ...s/gitea/9.3.0/defaults/kustomization.yaml
diff --git a/services/gitea/8.2.0/gitea.yaml → services/gitea/9.3.0/gitea.yaml b/services/gitea/8.2.0/gitea.yaml → services/gitea/9.3.0/gitea.yaml
@@ -11,7 +11,7 @@ spec:
         kind: HelmRepository
         name: dl.gitea.io-charts
         namespace: kommander-flux
-      version: 8.2.0
+      version: 9.3.0
   interval: 15s
   install:
     crds: CreateReplace
@@ -25,5 +25,5 @@ spec:
   releaseName: gitea
   valuesFrom:
     - kind: ConfigMap
-      name: gitea-8.2.0-d2iq-defaults
+      name: gitea-9.3.0-d2iq-defaults
   targetNamespace: ${releaseNamespace}
diff --git a/services/gitea/8.2.0/kustomization.yaml → services/gitea/9.3.0/kustomization.yaml b/services/gitea/8.2.0/kustomization.yaml → services/gitea/9.3.0/kustomization.yaml
@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - pvc.yaml
   - gitea.yaml
diff --git a/services/gitea/9.3.0/pvc.yaml b/services/gitea/9.3.0/pvc.yaml
@@ -0,0 +1,23 @@
+---
+# In the previous versions (v8.x and prior), PVC was automatically managed by the Statefulset, while in the
+# new versions (v9.x and later), it is automatically handled by the Helm chart.
+#
+# To avoid breaking the compatibility with previous installations, we do not let Helm chart create PVC (see `persistence.create` in cm.yaml file)
+# and for new installations we create a PVC object using the name `data-gitea-0` that is the same name used in
+# gitea v8.x and older versions. This way, we can keep the existing PVC for upgrade process.
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: data-gitea-0
+  namespace: ${releaseNamespace}
+  annotations:
+    helm.sh/resource-policy: keep
+    kustomize.toolkit.fluxcd.io/prune: disabled
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 10Gi
+---