Features 11017 and 11018: setup of mgmt cluster and git repo
This change incorporates the changes to setup a mgmt cluster for
cloud-native operations in OSM following a GitOps model, which includes
the setup of an internal git repository.
Change-Id: If828d18ad64d852a9a89ec9ba7c2d3a96d281565
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/installers/mgmt-cluster/gitea/00-custom-config.rc b/installers/mgmt-cluster/gitea/00-custom-config.rc
new file mode 100644
index 0000000..e5b0c6b
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/00-custom-config.rc
@@ -0,0 +1,28 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Transitent file to be sourced to bootstrap some key variables
+
+# Random passwords
+export GITEA_ADMINISTRATOR_PASSWORD=$(apg -a 1 -M sncl -n 1 -m 12 -x 12 -E \\\*\'\"\`\$\<\{\})
+export GITEA_STD_USER_PASS=$(apg -a 1 -M sncl -n 1 -m 10 -x 10 -E \\\*\'\"\`\$\<\{\})
+
+# Uncomment to deploy Gitea only as ClusterIP service (i.e., no LoadBalancer)
+# export GITEA_CHART_VALUES_FILE=values-all.yaml
+#
+# Uncomment to deploy Gitea using an Ingress for web services
+# export GITEA_CHART_VALUES_FILE=values-all.yaml
diff --git a/installers/mgmt-cluster/gitea/01-base-config.rc b/installers/mgmt-cluster/gitea/01-base-config.rc
new file mode 100644
index 0000000..c682a7a
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/01-base-config.rc
@@ -0,0 +1,42 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Base inputs, unlikely to change
+export GITEA_ENV_NAME=${GITEA_ENV_NAME:-gitea-at-osm}
+
+# Chart values, selecting the mode of deployment
+export GITEA_CHART_VALUES_FILE=${GITEA_CHART_VALUES_FILE:-values-standalone.yaml}
+
+# Location where credentials should be saved
+export CREDENTIALS_DIR=${CREDENTIALS_DIR:-../../../.credentials}; export CREDENTIALS_DIR=$(readlink -f "${CREDENTIALS_DIR}")
+
+# Admin user
+export GITEA_ADMINISTRATOR_USERNAME=${GITEA_ADMINISTRATOR_USERNAME:-osm-admin}
+#--------- CHANGE DEFAULT:
+export GITEA_ADMINISTRATOR_PASSWORD=${GITEA_ADMINISTRATOR_PASSWORD:-PleaseChange123%}
+#------------------------
+export GITEA_ADMINISTRATOR_TOKEN_NAME=${GITEA_ADMINISTRATOR_TOKEN_NAME:-admin-token}
+
+# Regular user
+export GITEA_STD_USERNAME=${GITEA_STD_USERNAME:-osm-developer}
+#--------- CHANGE DEFAULT:
+export GITEA_STD_USER_PASS=${GITEA_STD_USER_PASS:-PleaseChange123!}
+#------------------------
+export GITEA_STD_TOKEN_NAME=${GITEA_STD_TOKEN_NAME:-developer-token}
+
+# (optional) Organization name
+export GITEA_EXTRA_ORGANIZATION=${GITEA_EXTRA_ORGANIZATION:-OSM}
diff --git a/installers/mgmt-cluster/gitea/02-deploy-gitea.sh b/installers/mgmt-cluster/gitea/02-deploy-gitea.sh
new file mode 100755
index 0000000..67a22d9
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/02-deploy-gitea.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+if [[ -z "${GITEA_ENV_NAME}" ]]; then
+ m "No target environment was loaded. Please source one of the .rc environment files first. $DURATION" "$RED"
+ exit 1
+fi
+
+# Deploy Helm chart with required values
+helm repo add gitea-charts https://dl.gitea.io/charts/
+m "Deploying Gitea's Helm chart..."
+helm install gitea gitea-charts/gitea \
+ --version=7.0.4 \
+ --namespace=gitea \
+ --values "${HERE}/${GITEA_CHART_VALUES_FILE}" \
+ --set=gitea.admin.username="${GITEA_ADMINISTRATOR_USERNAME}" \
+ --set=gitea.admin.password="${GITEA_ADMINISTRATOR_PASSWORD@Q}" \
+ --create-namespace \
+ --wait
+
+m "Waiting for Gitea to start..."
+# See: https://github.com/kubernetes/kubernetes/issues/79606
+kubectl rollout status statefulset/gitea --namespace=gitea --watch --timeout=1h
diff --git a/installers/mgmt-cluster/gitea/03-get-gitea-connection-info.rc b/installers/mgmt-cluster/gitea/03-get-gitea-connection-info.rc
new file mode 100644
index 0000000..fed055b
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/03-get-gitea-connection-info.rc
@@ -0,0 +1,120 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Retrieves Gitea connection info data
+
+# Helper function to monitor progress of a condition
+function monitor_condition() {
+ local CONDITION="$1" # Function with the condition
+ local MESSAGE="${2:-}" # Message during each check
+ local TIMEOUT="${3:-300}" # Timeout, in seconds (default: 5 minutes)
+ local STEP="${4:-2}" # Polling period (default: 2 seconds)
+
+ until "${CONDITION}" || [ ${TIMEOUT} -le 0 ]
+ do
+ echo -en "${MESSAGE}"
+
+ ((TIMEOUT-=${STEP}))
+
+ sleep "${STEP}"
+ done
+
+ "${CONDITION}"
+}
+
+# Check that the IP associated to the Ingress service is available
+function ingress_service_ip_available() {
+ kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}' > /dev/null
+}
+
+# Wait until the IP associated to the Ingress service is available
+function wait_until_ingress_service_ip_available() {
+ monitor_condition ingress_service_ip_available "External IP address for Ingress not ready yet...\n" 300 5
+ if [[ $? -ne 0 ]]
+ then
+ echo -e "\nFATAL: Timeout waiting for external IP address for Ingress to be ready. ABORTED.\n"
+ exit 1
+ fi
+}
+
+# Internal services and ports
+export GITEA_INTERNAL_HTTP_IP=gitea-http.gitea
+export GITEA_INTERNAL_SSH_IP=gitea-ssh.gitea
+export GITEA_HTTP_PORT=$(kubectl get svc/gitea-http -n gitea -o jsonpath='{.spec.ports[0].port}')
+export GITEA_SSH_PORT=$(kubectl get svc/gitea-ssh -n gitea -o jsonpath='{.spec.ports[0].port}')
+
+# If applicable, gets recommended service IP addresses
+## SSH service
+if [[ -n $(kubectl get svc/gitea-ssh -n gitea -o jsonpath='{.status.loadBalancer.ingress[0].ip}') ]]
+then
+ # Retrieves the external IP address
+ export GITEA_SSH_IP=$(kubectl get svc/gitea-ssh -n gitea -o jsonpath='{.status.loadBalancer.ingress[0].ip}') || true
+else
+ # Otherwise just uses the internal service name
+ export GITEA_SSH_IP=${GITEA_INTERNAL_SSH_IP}
+fi
+## HTTP service
+if [[ -n $(kubectl get svc/gitea-http -n gitea -o jsonpath='{.status.loadBalancer.ingress[0].ip}') ]]
+then
+ # Retrieves the external IP addresses (if it exists)
+ export GITEA_HTTP_IP=$(kubectl get svc/gitea-http -n gitea -o jsonpath='{.status.loadBalancer.ingress[0].ip}') || true
+# In case it is behind an Ingress
+elif [[ -n $(kubectl get ingress/gitea -n gitea 2> /dev/null) ]]
+then
+ # Waits until the external IP address is available
+ echo "Waiting until the Ingress service IP address is available..."
+ wait_until_ingress_service_ip_available
+
+ # Retrieves the external IP address of the Ingress service
+ export GITEA_HTTP_IP=$(kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') || true
+ echo "Got it: ${GITEA_HTTP_IP}"
+else
+ # Otherwise just uses the internal service name
+ export GITEA_HTTP_IP=${GITEA_INTERNAL_HTTP_IP}
+fi
+
+# Applicable URLs
+export GITEA_HTTP_HOST_DOMAIN="git.${GITEA_HTTP_IP}.nip.io"
+export GITEA_HTTP_URL="http://git.${GITEA_HTTP_IP}.nip.io"
+export GITEA_SSH_URL="git.${GITEA_SSH_IP}.nip.io"
+export GITEA_INTERNAL_HTTP_URL="http://${GITEA_INTERNAL_HTTP_IP}"
+export GITEA_INTERNAL_SSH_URL="${GITEA_INTERNAL_SSH_IP}"
+
+# Add explicit ports if required
+if [[ "${GITEA_HTTP_PORT}" != 80 ]]
+then
+ export GITEA_INTERNAL_HTTP_URL="${GITEA_INTERNAL_HTTP_URL}:${GITEA_HTTP_PORT}"
+
+ # If it is not behind an Ingress, the port will be the original one, not necessarily 80
+ if [[ -z $(kubectl get ingress/gitea -n gitea 2> /dev/null) ]]
+ then
+ export GITEA_HTTP_URL="${GITEA_HTTP_URL}:${GITEA_HTTP_PORT}"
+ fi
+fi
+
+# Add port to SSH URL if needed
+export GITEA_SSH_SERVER="${GITEA_SSH_URL}"
+export GITEA_INTERNAL_SSH_SERVER="${GITEA_INTERNAL_SSH_URL}"
+if [[ "${GITEA_SSH_PORT}" != 22 ]]
+then
+ export GITEA_SSH_URL="${GITEA_SSH_URL}:${GITEA_SSH_PORT}"
+ export GITEA_INTERNAL_SSH_URL="${GITEA_INTERNAL_SSH_URL}:${GITEA_SSH_PORT}"
+fi
+
+# Complete the SSH URLs to avoid ambiguity
+export GITEA_SSH_URL="ssh://git@${GITEA_SSH_URL}"
+export GITEA_INTERNAL_SSH_URL="ssh://git@${GITEA_INTERNAL_SSH_URL}"
diff --git a/installers/mgmt-cluster/gitea/04-fix-and-use-external-gitea-urls.sh b/installers/mgmt-cluster/gitea/04-fix-and-use-external-gitea-urls.sh
new file mode 100755
index 0000000..cb4ba81
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/04-fix-and-use-external-gitea-urls.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+# If there are no external IP addresses, exits
+# [[ -z $(kubectl get svc/gitea-http -n gitea -o jsonpath='{.status.loadBalancer.ingress[0].ip}') ]] && exit 0
+
+# Update the server base URLs, based on the exposed IP address(es)
+m "Updating base URLs in the server to use external IP address(es)..."
+helm upgrade --install gitea gitea-charts/gitea \
+ --version=7.0.4 \
+ --namespace=gitea \
+ --values "${HERE}/${GITEA_CHART_VALUES_FILE}" \
+ --set=gitea.admin.username="${GITEA_ADMINISTRATOR_USERNAME}" \
+ --set=gitea.admin.password="${GITEA_ADMINISTRATOR_PASSWORD}" \
+ --set=gitea.config.server.DOMAIN="${GITEA_SSH_SERVER}" \
+ --set=gitea.config.server.ROOT_URL="${GITEA_HTTP_URL}" \
+ --set=ingress.hosts[0].host="${GITEA_HTTP_HOST_DOMAIN}" \
+ --wait
diff --git a/installers/mgmt-cluster/gitea/05-export-connection-info.sh b/installers/mgmt-cluster/gitea/05-export-connection-info.sh
new file mode 100755
index 0000000..8e903c0
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/05-export-connection-info.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+# Prints URLs for HTTP access
+m "HTTP URL: ${GITEA_HTTP_URL}"
+m "SSH URL: ${GITEA_SSH_URL}"
+m "HTTP Host Domain: ${GITEA_HTTP_HOST_DOMAIN}"
+m "Internal HTTP URL: ${GITEA_INTERNAL_HTTP_URL}"
+m "Internal SSH URL: ${GITEA_INTERNAL_SSH_URL}"
+echo
+
+# Saves locally to local environment at credentials folder
+m "Saving local enviroment to credentials folder..."
+
+cat << EOF > "${CREDENTIALS_DIR}/gitea_environment.rc"
+export GITEA_HTTP_URL=${GITEA_HTTP_URL}
+export GITEA_SSH_URL=${GITEA_SSH_URL}
+export GITEA_SSH_SERVER=${GITEA_SSH_SERVER}
+export GITEA_HTTP_HOST_DOMAIN=${GITEA_HTTP_HOST_DOMAIN}
+export GITEA_INTERNAL_HTTP_URL=${GITEA_INTERNAL_HTTP_URL}
+export GITEA_INTERNAL_SSH_URL=${GITEA_INTERNAL_SSH_URL}
+export GITEA_INTERNAL_SSH_SERVER=${GITEA_INTERNAL_SSH_SERVER}
+export GITEA_INTERNAL_HTTP_IP=${GITEA_INTERNAL_HTTP_IP}
+export GITEA_INTERNAL_SSH_IP=${GITEA_INTERNAL_SSH_IP}
+export GITEA_HTTP_PORT=${GITEA_HTTP_PORT}
+export GITEA_SSH_PORT=${GITEA_SSH_PORT}
+export GITEA_ADMINISTRATOR_USERNAME=${GITEA_ADMINISTRATOR_USERNAME}
+export GITEA_ADMINISTRATOR_PASSWORD='${GITEA_ADMINISTRATOR_PASSWORD}'
+export GITEA_STD_USERNAME=${GITEA_STD_USERNAME}
+export GITEA_STD_USER_PASS='${GITEA_STD_USER_PASS}'
+EOF
+
+m "Done."
+echo
+
+# Saves into K8s cluster as a secret
+m "Saving enviroment to secret into K8s cluster..."
+
+kubectl delete secret gitea-environment -n gitea 2> /dev/null || true
+kubectl create secret generic gitea-environment -n gitea \
+ --from-literal=GITEA_HTTP_URL=${GITEA_HTTP_URL} \
+ --from-literal=GITEA_SSH_URL=${GITEA_SSH_URL} \
+ --from-literal=GITEA_HTTP_HOST_DOMAIN=${GITEA_HTTP_HOST_DOMAIN} \
+ --from-literal=GITEA_INTERNAL_HTTP_URL=${GITEA_INTERNAL_HTTP_URL} \
+ --from-literal=GITEA_INTERNAL_SSH_URL=${GITEA_INTERNAL_SSH_URL} \
+ --from-literal=GITEA_INTERNAL_SSH_SERVER=${GITEA_INTERNAL_SSH_SERVER} \
+ --from-literal=GITEA_INTERNAL_HTTP_IP=${GITEA_INTERNAL_HTTP_IP} \
+ --from-literal=GITEA_INTERNAL_SSH_IP=${GITEA_INTERNAL_SSH_IP} \
+ --from-literal=GITEA_HTTP_PORT=${GITEA_HTTP_PORT} \
+ --from-literal=GITEA_SSH_PORT=${GITEA_SSH_PORT} \
+ --from-literal=GITEA_ADMINISTRATOR_USERNAME=${GITEA_ADMINISTRATOR_USERNAME} \
+ --from-literal=GITEA_ADMINISTRATOR_PASSWORD=${GITEA_ADMINISTRATOR_PASSWORD} \
+ --from-literal=GITEA_STD_USERNAME=${GITEA_STD_USERNAME} \
+ --from-literal=GITEA_STD_USER_PASS=${GITEA_STD_USER_PASS}
+
+m "Done."
+echo
+m "Example: To retrieve Gitea's HTTP URL:"
+m "kubectl get secret gitea-environment -n gitea -o jsonpath='{.data.GITEA_HTTP_URL}' | base64 -d" ${CYAN}
+echo
diff --git a/installers/mgmt-cluster/gitea/90-provision-gitea-for-osm.sh b/installers/mgmt-cluster/gitea/90-provision-gitea-for-osm.sh
new file mode 100755
index 0000000..f2ada07
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/90-provision-gitea-for-osm.sh
@@ -0,0 +1,154 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+#####################################################################
+# Step 1: Create regular user and obtain tokens
+#####################################################################
+
+# Creates an aditional regular user
+# ---------------------------------
+m "Creating new user \"${GITEA_STD_USERNAME}\"..."
+"${HERE}/admin/create-user.sh" "${GITEA_STD_USERNAME}" "${GITEA_STD_USER_PASS}" "${GITEA_STD_USERNAME}@gitea"
+# "${HERE}/admin/create-user.sh" "${GITEA_STD_USERNAME}" "${GITEA_STD_USER_PASS}" "${GITEA_STD_USERNAME}@gitea" --admin
+
+m "New username: ${GITEA_STD_USERNAME}" "$CYAN"
+#m "New user's password: ${GITEA_STD_USER_PASS}" "$CYAN"
+
+# Creates access token for the admin
+# ----------------------------------
+export GITEA_ADMINISTRATOR_TOKEN=$( \
+ "${HERE}/admin/create-cmd-access-token.sh" "${GITEA_ADMINISTRATOR_USERNAME}" "${GITEA_ADMINISTRATOR_TOKEN_NAME}" | \
+ grep 'Access token was successfully created' | \
+ cut -d ' ' -f 6 \
+)
+m "Admin token name: ${GITEA_ADMINISTRATOR_TOKEN_NAME}"
+m "Admin token: ${GITEA_ADMINISTRATOR_TOKEN}"
+
+# Creates access token for the user
+# ---------------------------------
+export GITEA_STD_TOKEN=$( \
+ "${HERE}/admin/create-cmd-access-token.sh" "${GITEA_STD_USERNAME}" "${GITEA_STD_TOKEN_NAME}" | \
+ grep 'Access token was successfully created' | \
+ cut -d ' ' -f 6 \
+)
+m "Standard user token name: ${GITEA_STD_TOKEN_NAME}"
+m "Standard user token: ${GITEA_STD_TOKEN}"
+
+# # Alternative method, via API
+# # ---------------------------
+# export GITEA_STD_TOKEN=$( \
+# "${HERE}/admin/create-api-access-token.sh" "${GITEA_HTTP_URL}" "${GITEA_STD_USERNAME}" "${GITEA_STD_USER_PASS}" "${GITEA_STD_TOKEN_NAME}" \
+# )
+
+# Save tokens
+# ---------------------------------
+m "Saving tokens to credentials folder..."
+
+cat << EOF > "${CREDENTIALS_DIR}/gitea_tokens.rc"
+export GITEA_ADMINISTRATOR_TOKEN_NAME=${GITEA_ADMINISTRATOR_TOKEN_NAME}
+export GITEA_ADMINISTRATOR_TOKEN=${GITEA_ADMINISTRATOR_TOKEN}
+export GITEA_STD_TOKEN_NAME=${GITEA_STD_TOKEN_NAME}
+export GITEA_STD_TOKEN=${GITEA_STD_TOKEN}
+EOF
+
+m "Done."
+
+# Saves into K8s cluster as a secret
+m "Saving tokens to secret into K8s cluster..."
+
+kubectl delete secret gitea-tokens -n gitea 2> /dev/null || true
+kubectl create secret generic gitea-tokens -n gitea \
+ --from-literal=GITEA_ADMINISTRATOR_TOKEN_NAME=${GITEA_ADMINISTRATOR_TOKEN_NAME} \
+ --from-literal=GITEA_ADMINISTRATOR_TOKEN=${GITEA_ADMINISTRATOR_TOKEN} \
+ --from-literal=GITEA_STD_TOKEN_NAME=${GITEA_STD_TOKEN_NAME} \
+ --from-literal=GITEA_STD_TOKEN=${GITEA_STD_TOKEN}
+
+m "Done."
+echo
+m "Example: To retrieve token for standard user:"
+m "kubectl get secret gitea-tokens -n gitea -o jsonpath='{.data.GITEA_STD_TOKEN}' | base64 -d" ${CYAN}
+echo
+
+
+#####################################################################
+# Step 2: Create repositories
+#####################################################################
+
+# Loads tokens
+# ---------------------------------
+# m "Reloading tokens..."
+# source "${CREDENTIALS_DIR}/gitea_tokens.rc"
+# echo
+
+# Creates `fleet-osm` and `sw-catalogs-osm` repos in the space of the standard user
+# ----------------------------------------------------
+export REPO=fleet-osm
+m "Creating ${REPO} repo..."
+"${HERE}/admin/create-user-repository.sh" "${GITEA_HTTP_URL}" "${GITEA_STD_USERNAME}" "${GITEA_STD_TOKEN}" "${REPO}" false
+m "Done."
+echo
+
+export REPO=sw-catalogs-osm
+m "Creating ${REPO} repo..."
+"${HERE}/admin/create-user-repository.sh" "${GITEA_HTTP_URL}" "${GITEA_STD_USERNAME}" "${GITEA_STD_TOKEN}" "${REPO}" false
+m "Done."
+echo
+
+# Deletes a repo in the space of the standard user
+# ------------------------------------------------------
+# export REPO=name-of-repo-to-delete
+# "${HERE}/admin/delete-user-repository.sh" "${GITEA_HTTP_URL}" "${GITEA_STD_USERNAME}" "${GITEA_STD_TOKEN}" "${REPO}"
+
+
+
+# #####################################################################
+# # Other provisioning actions, for reference:
+# #####################################################################
+
+# # Creates new organization
+# # ------------------------
+# # "${HERE}/admin/create-org.sh" "${GITEA_HTTP_URL}" "${GITEA_ADMINISTRATOR_USERNAME}" "${GITEA_ADMINISTRATOR_TOKEN}" "${GITEA_EXTRA_ORGANIZATION}" private
+
+# # Creates a new repo in the organization
+# # --------------------------------------
+# # export REPO=test-repo
+# # "${HERE}/admin/create-org-repository.sh" "${GITEA_HTTP_URL}" "${GITEA_STD_USERNAME}" "${GITEA_ADMINISTRATOR_TOKEN}" "${GITEA_EXTRA_ORGANIZATION}" "${REPO}" true
+
+# # Deletes the repo in the space of the standard user
+# # --------------------------------------------------
+# # "${HERE}/admin/delete-org-repository.sh" "${GITEA_HTTP_URL}" "${GITEA_STD_USERNAME}" "${GITEA_ADMINISTRATOR_TOKEN}" "${GITEA_EXTRA_ORGANIZATION}" "${REPO}"
+
+# # Deletes organization
+# # --------------------
+# # "${HERE}/admin/delete-org.sh" "${GITEA_HTTP_URL}" "${GITEA_ADMINISTRATOR_USERNAME}" "${GITEA_ADMINISTRATOR_TOKEN}" "${GITEA_EXTRA_ORGANIZATION}"
+
+# # Creates a new repo in the space of the standard user
+# # ----------------------------------------------------
+# # export REPO=test-user-repo
+# # "${HERE}/admin/create-user-repository.sh" "${GITEA_HTTP_URL}" "${GITEA_STD_USERNAME}" "${GITEA_STD_TOKEN}" "${REPO}" false
+
+# # Deletes the new repo in the space of the standard user
+# # ------------------------------------------------------
+# # "${HERE}/admin/delete-user-repository.sh" "${GITEA_HTTP_URL}" "${GITEA_STD_USERNAME}" "${GITEA_STD_TOKEN}" "${REPO}"
diff --git a/installers/mgmt-cluster/gitea/91-provision-local-git-user.sh b/installers/mgmt-cluster/gitea/91-provision-local-git-user.sh
new file mode 100755
index 0000000..27f9ffe
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/91-provision-local-git-user.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+# Create new user
+export USER_NAME=$(git config --get user.name)
+export USER_MAIL=$(git config --get user.email)
+export USER_PASS="${GITEA_STD_USER_PASS}" # Same as standard user
+"${HERE}/admin/create-user.sh" \
+ "${USER_NAME}" \
+ "${USER_PASS}" \
+ "${USER_MAIL}"
+
+# Create token
+export USER_TOKEN_NAME=user_token_name
+export USER_TOKEN=$( \
+ "${HERE}/admin/create-cmd-access-token.sh" \
+ "${USER_NAME}" \
+ "${USER_TOKEN_NAME}" | \
+ grep 'Access token was successfully created' | \
+ cut -d ' ' -f 6 \
+)
+
+# Add user's public SSH key
+"${HERE}/admin/create-user-ssh-key.sh" \
+ "${GITEA_HTTP_URL}" \
+ "${USER_NAME}" \
+ "${USER_TOKEN}" \
+ "$(<${HOME}/.ssh/id_rsa.pub)" \
+ "local_user_ssh_key" \
+ false
+
+# Add user as collaborator of the relevant repos
+## Fleet repo
+"${HERE}/admin/add-collaborator-to-user-repo.sh" \
+ "${GITEA_HTTP_URL}" \
+ "${GITEA_STD_USERNAME}" \
+ "${GITEA_STD_TOKEN}" \
+ "fleet-osm" \
+ "${USER_NAME}" \
+ "write"
+
+## SW-Catalogs repo
+"${HERE}/admin/add-collaborator-to-user-repo.sh" \
+ "${GITEA_HTTP_URL}" \
+ "${GITEA_STD_USERNAME}" \
+ "${GITEA_STD_TOKEN}" \
+ "sw-catalogs-osm" \
+ "${USER_NAME}" \
+ "write"
+
+# Prevents non-interactive recognition of the SSH host
+ssh-keyscan -p "${GITEA_SSH_PORT}" "${GITEA_SSH_SERVER}" >> ~/.ssh/known_hosts
diff --git a/installers/mgmt-cluster/gitea/ALL-IN-ONE-Gitea-install.sh b/installers/mgmt-cluster/gitea/ALL-IN-ONE-Gitea-install.sh
new file mode 100755
index 0000000..b6bbffd
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/ALL-IN-ONE-Gitea-install.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+############################################
+# Main script starts here
+############################################
+
+source "${HERE}/00-custom-config.rc"
+source "${HERE}/01-base-config.rc"
+"${HERE}/02-deploy-gitea.sh"
+source "${HERE}/03-get-gitea-connection-info.rc"
+"${HERE}/04-fix-and-use-external-gitea-urls.sh"
+"${HERE}/05-export-connection-info.sh"
+
+# Uncomment to provision for use from OSM
+# "${HERE}/90-provision-gitea-for-osm.sh"
diff --git a/installers/mgmt-cluster/gitea/README.md b/installers/mgmt-cluster/gitea/README.md
new file mode 100644
index 0000000..4af5128
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/README.md
@@ -0,0 +1,115 @@
+<!--
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+implied.
+See the License for the specific language governing permissions and
+limitations under the License
+-->
+# Gitea
+
+[TOC]
+
+[Gitea](https://gitea.io/en-us/) hosts private git repositories.
+
+[Reference page on GitHub](https://github.com/go-gitea/gitea).
+
+## Installation
+
+### TL;DR
+
+First, select the desired K8s `kubeconfig` and default context where Gitea will be installed.
+
+Then, for an installation with default configuration run:
+
+```bash
+./ALL-IN-ONE-Gitea-install.sh
+```
+
+For use then you could do:
+
+```bash
+source "${CREDENTIALS_DIR}/gitea_environment.rc"
+```
+
+For Gitea provisioning for OSM usage (tokens, users and repos), you can just use this script:
+
+```bash
+source "${CREDENTIALS_DIR}/gitea_environment.rc"
+source "${CREDENTIALS_DIR}/gitea_tokens.rc"
+./90-provision-gitea-for-osm.sh"
+```
+
+Alternatively, in case you wanted to set up Gitea programmatically for other use cases without using the UI (which is always a possibility), including the setup of Gitea tokens, the creation of users, the creation of repos, etc., you should have a look at all the operations captured in `90-provision-gitea-for-osm.sh` (including the commented examples) and create a custom provisioning script that fits your needs.
+
+For your convenience (although it would not be strictly required), you may also enable the local Git user to interact with the significant repos:
+
+```bash
+source "${CREDENTIALS_DIR}/gitea_environment.rc"
+source "${CREDENTIALS_DIR}/gitea_tokens.rc"
+./91-provision-local-git-user.sh"
+```
+
+### Overview of the installation process
+
+This folder provides helper scripts to complete a full standalone installation of Gitea on Kubernetes using the current `kubeconfig` and the current context.
+
+**WARNING:** In case your current `kubeconfig` context does not point to your desired K8s cluster target, simply select it **before** applying any of the scripts:
+
+```bash
+export KUBECONFIG=/absolute/path/to/kubeconfig.yaml
+kubectl config use-context put-your-desired-context-here
+# Alternatively, you may use `kubectx` for interactive selection of your default context
+```
+
+Once selected the K8s target, the following environment files and scripts should be applied in the order indicated by their prefix number, noting that `*.rc` files should be sourced and `*.sh` files should be executed. Here is their utility:
+
+- `00-custom-config.rc`: (optional) Used to override selectively some environment variables that may condition the behaviour of the installer scripts. By default, just generates random values for Gitea passwords, but it may edited for further customizations if needed. If not sourced, the rest of scripts will work normally with sensible defaults (note that default passwords will be applied).
+- `01-base-config.rc`: Sets sensible defaults to environment variables for Gitea configuration in case they had not been set explicitly before, either via `00-custom-config.rc` or by other means.
+- `02-deploy-gitea.sh`: Makes a Gitea installation based on the config variables set in previous steps.
+ - It is deployed to the `gitea` namespace using the [published Helm chart](https://docs.gitea.io/en-us/install-on-kubernetes/).
+ - Default base Git URLs:
+ - The internal base git HTTP URL is `http://gitea-http.gitea:8080`.
+ - The internal base git SSH URL is `ssh://gitea-ssh.gitea:22`.
+ - If applicable, the exposed (external) base git HTTP URL takes the shape `http://git.${GITEA_HTTP_IP}.nip.io:${GITEA_HTTP_PORT}`, where `${GITEA_HTTP_PORT}` is 8080 by default.
+ - If applicable, the exposed (external) base git SSH URL takes the shape `ssh://git.${GITEA_SSH_IP}.nip.io:${GITEA_SSH_PORT}`, where `${GITEA_HTTP_PORT}` is 22 by default.
+- `03-get-gitea-connection-info.rc`
+- `04-fix-and-use-external-gitea-urls.sh`: (optional) Fixes the base domain of Gitea to point to a `nip.io` URL pointing to the **external** load balancer service IP.
+- `05-export-connection-info.sh`: Determines full connection URLs and exports data to `${CREDENTIALS_DIR}` folder and into a K8s secret.
+- (optional) `90-provision-gitea-for-osm.sh`: Run post-provisioning tasks in Gitea with scripted operations to support its use from OSM:
+ - Create access tokens for the admin and the new standard user.
+ - Create new standard user `${GITEA_STD_USERNAME}`.
+ - Export tokens to local file in `${CREDENTIALS_DIR}` folder and into a K8s secr
+ - Creates default repos for OSM: `fleet-osm` and `sw-catalogs-osm`.
+- (optional) `91-provision-local-git-user.sh`: Enable the local Git user to interact with the significant repos supporting its use from OSM:
+ - Add the local Git user to Gitea as a profile.
+ - Upload the public SSH key (to allow SSH operations).
+ - Add the user as _collaborator_ to both repos.
+
+For testing you can use `gitea` in the Gitea main pod via
+
+```bash
+./admin/shell.sh
+su git
+gitea <your_command_goes_here>
+```
+
+## Administration
+
+Admin operations on Gitea can be handled in two different ways:
+
+1. Using the `./admin/gitea.sh` script, which wraps the Gitea CLI in the main pod, or
+2. Using `./admin/api.sh` to call the [Swagger endpoints](https://try.gitea.io/api/swagger).
+ - For these operations you may need the tokens saved at `${CREDENTIALS_DIR}/gitea_tokens.rc` as environment variables ready to be sourced.
+
+In both cases, you will need to source the environment variables saved at `${CREDENTIALS_DIR}/gitea_environment.rc`.
+
+Some common helper scripts for common admin operations are also available in the `./admin/` folder.
+
+You can find many useful (commented) examples of admin operations in `90-provision-gitea-for-osm.sh`.
diff --git a/installers/mgmt-cluster/gitea/admin/add-collaborator-to-user-repo.sh b/installers/mgmt-cluster/gitea/admin/add-collaborator-to-user-repo.sh
new file mode 100755
index 0000000..352685f
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/add-collaborator-to-user-repo.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+SERVER_URL=$1
+USERNAME=$2
+TOKEN=$3
+REPO=$4
+COLLABORATOR=$5
+PERMISSION=${6:-"write"}
+
+"$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+ PUT \
+ "repos/${USERNAME}/${REPO}/collaborators/${COLLABORATOR}" \
+ "{\"permission\": \"${PERMISSION}\"}"
diff --git a/installers/mgmt-cluster/gitea/admin/api.sh b/installers/mgmt-cluster/gitea/admin/api.sh
new file mode 100755
index 0000000..de5b345
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/api.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+# Wrapper function for raw calls to Gitea API
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+SERVER_URL=$1
+TOKEN=$2
+VERB=$3
+URI=$4
+DATA=$5
+
+if [ -z "$DATA" ]; then
+ kubectl exec statefulset/gitea --container=gitea --namespace=gitea --quiet -- \
+ curl --silent --fail \
+ "${SERVER_URL}/api/v1/${URI}" \
+ --request "${VERB}" \
+ --header "Authorization: token ${TOKEN}" \
+ --header 'Accept: application/json'
+else
+ kubectl exec statefulset/gitea --container=gitea --namespace=gitea --quiet -- \
+ curl --silent --fail \
+ --request "$VERB" \
+ "${SERVER_URL}/api/v1/${URI}" \
+ --header "Authorization: token ${TOKEN}" \
+ --header 'Accept: application/json' \
+ --header 'Content-Type: application/json' \
+ --data "${DATA}"
+fi
diff --git a/installers/mgmt-cluster/gitea/admin/create-api-access-token.sh b/installers/mgmt-cluster/gitea/admin/create-api-access-token.sh
new file mode 100755
index 0000000..f7679e6
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/create-api-access-token.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+SERVER_URL=$1
+USERNAME=$2
+PASSWORD=$3
+TOKEN_NAME=$4
+
+# Unfortunately this inconsistently spits out logs stdout, making it challenging to parse
+# "$HERE/gitea" admin user generate-access-token --username "$USERNAME" --raw | tail -1 > "$HERE/tokens/$USERNAME"
+
+# See: https://docs.gitea.io/en-us/api-usage/#generating-and-listing-api-tokens
+
+# Delete old "${TOKEN_NAME}" token (if existed)
+kubectl exec statefulset/gitea --container=gitea --namespace=gitea --quiet -- \
+curl --silent --fail \
+ "${SERVER_URL}/api/v1/users/$USERNAME/tokens/${TOKEN_NAME}" \
+ --user "$USERNAME:$PASSWORD" \
+ --request DELETE \
+ --header 'Accept: application/json' || true > /dev/null
+
+# Create new "${TOKEN_NAME}" token
+# (this is our only chance to retrieve the sha1)
+kubectl exec statefulset/gitea --container=gitea --namespace=gitea --quiet -- \
+curl --silent --fail \
+ "${SERVER_URL}/api/v1/users/$USERNAME/tokens" \
+ --user "$USERNAME:$PASSWORD" \
+ --request POST \
+ --header 'Accept: application/json' \
+ --header 'Content-Type: application/json' \
+ --data "{\"name\": \"${TOKEN_NAME}\"}" | jq --raw-output .sha1
diff --git a/installers/mgmt-cluster/gitea/admin/create-cmd-access-token.sh b/installers/mgmt-cluster/gitea/admin/create-cmd-access-token.sh
new file mode 100755
index 0000000..222b899
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/create-cmd-access-token.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+USERNAME=$1
+TOKEN_NAME=$2
+
+# gitea admin user generate-access-token --username myname --token-name mytoken
+"$HERE/gitea.sh" admin user generate-access-token \
+ --username "${USERNAME}" \
+ --token-name \'"${TOKEN_NAME}"\' \
+ "${@:4}"
diff --git a/installers/mgmt-cluster/gitea/admin/create-org-repository.sh b/installers/mgmt-cluster/gitea/admin/create-org-repository.sh
new file mode 100755
index 0000000..6cb591c
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/create-org-repository.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+USERNAME=$1
+PASSWORD=$2
+ORG=$3
+
+SERVER_URL=$1
+USERNAME=$2
+TOKEN=$3
+ORG=$4
+REPO=$5
+PRIVATE=${6:-true}
+
+"$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+ POST \
+ "orgs/${ORG}/repos" \
+ "{\"name\": \"${REPO}\", \"default_branch\": \"main\", \"private\": ${PRIVATE}}"
diff --git a/installers/mgmt-cluster/gitea/admin/create-org.sh b/installers/mgmt-cluster/gitea/admin/create-org.sh
new file mode 100755
index 0000000..02dfe7c
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/create-org.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+SERVER_URL=$1
+USERNAME=$2
+TOKEN=$3
+ORG=$4
+VISIBILITY=${5:-public}
+
+# Root organizations
+# ------------------
+"$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+ POST \
+ orgs \
+ "{\"username\": \"${ORG}\", \"visibility\": \"${VISIBILITY}\"}"
+
+# Organizations on user path
+# --------------------------
+# "$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+# POST \
+# admin/users/${USERNAME}/orgs \
+# "{\"username\": \"${ORG}\"}"
diff --git a/installers/mgmt-cluster/gitea/admin/create-user-repository.sh b/installers/mgmt-cluster/gitea/admin/create-user-repository.sh
new file mode 100755
index 0000000..686c1a9
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/create-user-repository.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+SERVER_URL=$1
+USERNAME=$2
+TOKEN=$3
+REPO=$4
+PRIVATE=${5:-true}
+
+"$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+ POST \
+ user/repos \
+ "{\"name\": \"${REPO}\", \"default_branch\": \"main\", \"private\": ${PRIVATE}}"
diff --git a/installers/mgmt-cluster/gitea/admin/create-user-ssh-key.sh b/installers/mgmt-cluster/gitea/admin/create-user-ssh-key.sh
new file mode 100755
index 0000000..7dc0661
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/create-user-ssh-key.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+# PARAMETERS:
+# ==========
+# 1) Server URL
+# 2) Username
+# 3) Token
+# 4) SSH key content
+# 5) SSH key name in Gitea's user profile
+# 6) Read only?
+SERVER_URL=$1
+USERNAME=$2
+TOKEN=$3
+SSH_KEY="${4}"
+KEY_NAME=$5
+READ_ONLY=${6:-false}
+
+"$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+ POST \
+ user/keys \
+ "{\"key\": \"${SSH_KEY}\", \"read_only\": ${READ_ONLY}, \"title\": \"${KEY_NAME}\"}"
diff --git a/installers/mgmt-cluster/gitea/admin/create-user.sh b/installers/mgmt-cluster/gitea/admin/create-user.sh
new file mode 100755
index 0000000..6812427
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/create-user.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/../library/functions.sh"
+source "${HERE}/../library/trap.sh"
+
+USERNAME=$1
+PASSWORD="${2}"
+EMAIL=$3
+
+"$HERE/gitea.sh" admin user create \
+ --username "$USERNAME" \
+ --password \'"${PASSWORD}"\' \
+ --email "$EMAIL" \
+ --must-change-password=false \
+ "${@:4}"
diff --git a/installers/mgmt-cluster/gitea/admin/delete-org-repository.sh b/installers/mgmt-cluster/gitea/admin/delete-org-repository.sh
new file mode 100755
index 0000000..ba3b796
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/delete-org-repository.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+USERNAME=$1
+PASSWORD=$2
+ORG=$3
+
+SERVER_URL=$1
+USERNAME=$2
+TOKEN=$3
+ORG=$4
+REPO=$5
+
+"$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+ DELETE \
+ repos/${ORG}/${REPO}
diff --git a/installers/mgmt-cluster/gitea/admin/delete-org.sh b/installers/mgmt-cluster/gitea/admin/delete-org.sh
new file mode 100755
index 0000000..66a2eba
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/delete-org.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+SERVER_URL=$1
+USERNAME=$2
+TOKEN=$3
+ORG=$4
+
+# Root organizations
+# ------------------
+"$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+ DELETE \
+ orgs/${ORG}
diff --git a/installers/mgmt-cluster/gitea/admin/delete-user-repository.sh b/installers/mgmt-cluster/gitea/admin/delete-user-repository.sh
new file mode 100755
index 0000000..2c403a2
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/delete-user-repository.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+. "$HERE/../library/trap.sh"
+
+SERVER_URL=$1
+USERNAME=$2
+TOKEN=$3
+REPO=$4
+
+"$HERE/api.sh" "${SERVER_URL}" "${TOKEN}" \
+ DELETE \
+ repos/${USERNAME}/${REPO}
diff --git a/installers/mgmt-cluster/gitea/admin/gitea.sh b/installers/mgmt-cluster/gitea/admin/gitea.sh
new file mode 100755
index 0000000..697f303
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/gitea.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+
+# Note: we cannot run "gitea" as root
+kubectl exec statefulset/gitea --container=gitea --namespace=gitea --quiet -- \
+su git -c "gitea --quiet $*"
diff --git a/installers/mgmt-cluster/gitea/admin/shell.sh b/installers/mgmt-cluster/gitea/admin/shell.sh
new file mode 100755
index 0000000..004b5fd
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/admin/shell.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e
+
+HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+. "$HERE/../library/functions.sh"
+
+kubectl exec statefulset/gitea --container=gitea --namespace=gitea --tty --stdin --quiet -- /bin/bash
diff --git a/installers/mgmt-cluster/gitea/library/functions.sh b/installers/mgmt-cluster/gitea/library/functions.sh
new file mode 100755
index 0000000..638a1d2
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/library/functions.sh
@@ -0,0 +1,91 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+RESET='\033[0m'
+
+# Colored messages (blue is the default)
+# Examples:
+# m "hello world"
+# m "hello world" "$GREEN"
+function m() {
+ local COLOR=${2:-$BLUE}
+ echo -e "$COLOR$1$RESET"
+}
+
+function copy_function() {
+ local ORIG_FUNC=$(declare -f $1)
+ local NEWNAME_FUNC="$2${ORIG_FUNC#$1}"
+ eval "$NEWNAME_FUNC"
+}
+
+function replace_text() {
+ local FILE=$1
+ local START=$2
+ local END=$3
+ local NEW=$4
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ echo "$NEW" >> "$T"
+ tail -n +$((END+1)) "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function insert_text() {
+ local FILE=$1
+ local START=$2
+ local NEW=$3
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ echo "$NEW" >> "$T"
+ tail -n +$START "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function remove_text() {
+ local FILE=$1
+ local START=$2
+ local END=$3
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ tail -n +$((END+1)) "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function envsubst_cp() {
+ local FROM_FILE=$1
+ local TO_FILE=$2
+ mkdir --parents "$(dirname "$TO_FILE")"
+ cat "$FROM_FILE" | envsubst > "$TO_FILE"
+}
+
+function envsubst_dir() {
+ local FROM_DIR=$1
+ local TO_DIR=$2
+ rm --recursive --force "$TO_DIR"
+ mkdir --parents "$TO_DIR"
+ pushd "$FROM_DIR" > /dev/null
+ local F
+ find . -type f | while read F; do
+ envsubst_cp "$F" "$TO_DIR/$F"
+ done
+ popd > /dev/null
+}
diff --git a/installers/mgmt-cluster/gitea/library/trap.sh b/installers/mgmt-cluster/gitea/library/trap.sh
new file mode 100755
index 0000000..2a1156d
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/library/trap.sh
@@ -0,0 +1,48 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+function goodbye() {
+ local DURATION=$(date --date=@$(( "$(date +%s)" - "$TRAP_START_TIME" )) --utc +%T)
+ local CODE=$1
+ cd "$TRAP_DIR"
+ if [ "$CODE" == 0 ]; then
+ m "$(realpath --relative-to="$HERE" "$0") succeeded! $DURATION" "$GREEN"
+ elif [ "$CODE" == abort ]; then
+ m "Aborted $(realpath --relative-to="$HERE" "$0")! $DURATION" "$RED"
+ else
+ m "Oh no! $(realpath --relative-to="$HERE" "$0") failed! $DURATION" "$RED"
+ fi
+}
+
+function trap_EXIT() {
+ local ERR=$?
+ goodbye "$ERR"
+ exit "$ERR"
+}
+
+function trap_INT() {
+ goodbye abort
+ trap - EXIT
+ exit 1
+}
+
+TRAP_DIR=$PWD
+TRAP_START_TIME=$(date +%s)
+
+trap trap_INT INT
+
+trap trap_EXIT EXIT
diff --git a/installers/mgmt-cluster/gitea/values-all.yaml b/installers/mgmt-cluster/gitea/values-all.yaml
new file mode 100644
index 0000000..82be6fc
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/values-all.yaml
@@ -0,0 +1,505 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Default values for gitea.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+## @section Global
+#
+## @param global.imageRegistry global image registry override
+## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
+## @param global.storageClass global storage class override
+## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
+global:
+ imageRegistry: ""
+ ## E.g.
+ ## imagePullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ imagePullSecrets: []
+ storageClass: ""
+ hostAliases: []
+ # - ip: 192.168.137.2
+ # hostnames:
+ # - example.com
+
+## @param replicaCount number of replicas for the statefulset
+replicaCount: 1
+
+## @param clusterDomain cluster domain
+clusterDomain: cluster.local
+
+## @section Image
+## @param image.registry image registry, e.g. gcr.io,docker.io
+## @param image.repository Image to start for this pod
+## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
+## @param image.pullPolicy Image pull policy
+## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
+image:
+ registry: ""
+ repository: gitea/gitea
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ pullPolicy: Always
+ rootless: false # only possible when running 1.14 or later
+
+## @param imagePullSecrets Secret to use for pulling the image
+imagePullSecrets: []
+
+## @section Security
+# Security context is only usable with rootless image due to image design
+## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
+podSecurityContext:
+ fsGroup: 1000
+
+## @param containerSecurityContext Security context
+containerSecurityContext: {}
+# allowPrivilegeEscalation: false
+# capabilities:
+# drop:
+# - ALL
+# # Add the SYS_CHROOT capability for root and rootless images if you intend to
+# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
+# # get an error message from the SSH server that it is not possible to read from
+# # the repository.
+# # https://gitea.com/gitea/helm-chart/issues/161
+# add:
+# - SYS_CHROOT
+# privileged: false
+# readOnlyRootFilesystem: true
+# runAsGroup: 1000
+# runAsNonRoot: true
+# runAsUser: 1000
+
+## @deprecated The securityContext variable has been split two:
+## - containerSecurityContext
+## - podSecurityContext.
+## @param securityContext Run init and Gitea containers as a specific securityContext
+securityContext: {}
+
+## @section Service
+service:
+ ## @param service.http.type Kubernetes service type for web traffic
+ ## @param service.http.port Port number for web traffic
+ ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
+ ## @param service.http.loadBalancerIP LoadBalancer IP setting
+ ## @param service.http.nodePort NodePort for http service
+ ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.http.externalIPs External IPs for service
+ ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
+ ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
+ ## @param service.http.annotations HTTP service annotations
+ http:
+ type: ClusterIP
+ port: 3000
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ loadBalancerSourceRanges: []
+ annotations: {}
+ ## @param service.ssh.type Kubernetes service type for ssh traffic
+ ## @param service.ssh.port Port number for ssh traffic
+ ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
+ ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
+ ## @param service.ssh.nodePort NodePort for ssh service
+ ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.ssh.externalIPs External IPs for service
+ ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
+ ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.ssh.hostPort HostPort for ssh service
+ ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
+ ## @param service.ssh.annotations SSH service annotations
+ ssh:
+ type: ClusterIP
+ port: 22
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ hostPort:
+ loadBalancerSourceRanges: []
+ annotations: {}
+
+
+## @section Ingress
+## @param ingress.enabled Enable ingress
+## @param ingress.className Ingress class name
+## @param ingress.annotations Ingress annotations
+## @param ingress.hosts[0].host Default Ingress host
+## @param ingress.hosts[0].paths[0].path Default Ingress path
+## @param ingress.hosts[0].paths[0].pathType Ingress path type
+## @param ingress.tls Ingress tls settings
+## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
+ingress:
+ enabled: false
+ # className: nginx
+ className:
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: git.example.com
+ paths:
+ - path: /
+ pathType: Prefix
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - git.example.com
+ # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
+ # If helm doesn't correctly detect your ingress API version you can set it here.
+ # apiVersion: networking.k8s.io/v1
+
+## @section StatefulSet
+#
+## @param resources Kubernetes resources
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+## @param schedulerName Use an alternate scheduler, e.g. "stork"
+schedulerName: ""
+
+## @param nodeSelector NodeSelector for the statefulset
+nodeSelector: {}
+
+## @param tolerations Tolerations for the statefulset
+tolerations: []
+
+## @param affinity Affinity for the statefulset
+affinity: {}
+
+## @param dnsConfig dnsConfig for the statefulset
+dnsConfig: {}
+
+## @param statefulset.env Additional environment variables to pass to containers
+## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
+## @param statefulset.labels Labels for the statefulset
+## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
+statefulset:
+ env: []
+ # - name: VARIABLE
+ # value: my-value
+ terminationGracePeriodSeconds: 60
+ labels: {}
+ annotations: {}
+
+## @section Persistence
+#
+## @param persistence.enabled Enable persistent storage
+## @param persistence.existingClaim Use an existing claim to store repository information
+## @param persistence.size Size for persistence to store repo information
+## @param persistence.accessModes AccessMode for persistence
+## @param persistence.labels Labels for the persistence volume claim to be created
+## @param persistence.annotations Annotations for the persistence volume claim to be created
+## @param persistence.storageClass Name of the storage class to use
+## @param persistence.subPath Subdirectory of the volume to mount at
+persistence:
+ enabled: true
+ existingClaim:
+ size: 10Gi
+ accessModes:
+ - ReadWriteOnce
+ labels: {}
+ annotations: {}
+ storageClass:
+ subPath:
+
+## @param extraVolumes Additional volumes to mount to the Gitea statefulset
+extraVolumes: []
+# - name: postgres-ssl-vol
+# secret:
+# secretName: gitea-postgres-ssl
+
+## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
+extraContainerVolumeMounts: []
+
+## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
+extraInitVolumeMounts: []
+
+## @deprecated The extraVolumeMounts variable has been split two:
+## - extraContainerVolumeMounts
+## - extraInitVolumeMounts
+## As an example, can be used to mount a client cert when connecting to an external Postgres server.
+## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
+extraVolumeMounts: []
+# - name: postgres-ssl-vol
+# readOnly: true
+# mountPath: "/pg-ssl"
+
+## @section Init
+## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
+initPreScript: ""
+#
+# initPreScript: |
+# mkdir -p /data/git/.postgresql
+# cp /pg-ssl/* /data/git/.postgresql/
+# chown -R git:git /data/git/.postgresql/
+# chmod 400 /data/git/.postgresql/postgresql.key
+
+# Configure commit/action signing prerequisites
+## @section Signing
+#
+## @param signing.enabled Enable commit/action signing
+## @param signing.gpgHome GPG home directory
+## @param signing.privateKey Inline private gpg key for signed Gitea actions
+## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
+signing:
+ enabled: false
+ gpgHome: /data/git/.gnupg
+ privateKey: ""
+ # privateKey: |-
+ # -----BEGIN PGP PRIVATE KEY BLOCK-----
+ # ...
+ # -----END PGP PRIVATE KEY BLOCK-----
+ existingSecret: ""
+
+## @section Gitea
+#
+gitea:
+ ## @param gitea.admin.username Username for the Gitea admin user
+ ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
+ ## @param gitea.admin.password Password for the Gitea admin user
+ ## @param gitea.admin.email Email for the Gitea admin user
+ admin:
+ #existingSecret: gitea-admin-secret
+ existingSecret:
+ username: gitea_admin
+ password: r8sA8CPHD9!bt6d
+ email: "gitea@local.domain"
+
+ ## @param gitea.metrics.enabled Enable Gitea metrics
+ ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
+ metrics:
+ enabled: false
+ serviceMonitor:
+ enabled: false
+ # additionalLabels:
+ # prometheus-release: prom1
+
+ ## @param gitea.ldap LDAP configuration
+ ldap: []
+ # - name: "LDAP 1"
+ # existingSecret:
+ # securityProtocol:
+ # host:
+ # port:
+ # userSearchBase:
+ # userFilter:
+ # adminFilter:
+ # emailAttribute:
+ # bindDn:
+ # bindPassword:
+ # usernameAttribute:
+ # publicSSHKeyAttribute:
+
+ # Either specify inline `key` and `secret` or refer to them via `existingSecret`
+ ## @param gitea.oauth OAuth configuration
+ oauth: []
+ # - name: 'OAuth 1'
+ # provider:
+ # key:
+ # secret:
+ # existingSecret:
+ # autoDiscoverUrl:
+ # useCustomUrls:
+ # customAuthUrl:
+ # customTokenUrl:
+ # customProfileUrl:
+ # customEmailUrl:
+
+ ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
+ config: {}
+ # APP_NAME: "Gitea: Git with a cup of tea"
+ # RUN_MODE: dev
+ #
+ # server:
+ # SSH_PORT: 22
+ #
+ # security:
+ # PASSWORD_COMPLEXITY: spec
+
+ ## @param gitea.additionalConfigSources Additional configuration from secret or configmap
+ additionalConfigSources: []
+ # - secret:
+ # secretName: gitea-app-ini-oauth
+ # - configMap:
+ # name: gitea-app-ini-plaintext
+
+ ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
+ additionalConfigFromEnvs: []
+
+ ## @param gitea.podAnnotations Annotations for the Gitea pod
+ podAnnotations: {}
+
+ ## @section LivenessProbe
+ #
+ ## @param gitea.livenessProbe.enabled Enable liveness probe
+ ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
+ ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
+ ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
+ ## @param gitea.livenessProbe.periodSeconds Period for liveness probe
+ ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
+ ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
+ # Modify the liveness probe for your needs or completely disable it by commenting out.
+ livenessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 200
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+ ## @section ReadinessProbe
+ #
+ ## @param gitea.readinessProbe.enabled Enable readiness probe
+ ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
+ ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
+ ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
+ ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
+ ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
+ ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
+ # Modify the readiness probe for your needs or completely disable it by commenting out.
+ readinessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ # # Uncomment the startup probe to enable and modify it for your needs.
+ ## @section StartupProbe
+ #
+ ## @param gitea.startupProbe.enabled Enable startup probe
+ ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
+ ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
+ ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
+ ## @param gitea.startupProbe.periodSeconds Period for startup probe
+ ## @param gitea.startupProbe.successThreshold Success threshold for startup probe
+ ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
+ startupProbe:
+ enabled: false
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 60
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+## @section Memcached
+#
+## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
+## @param memcached.service.port Port for Memcached
+memcached:
+ enabled: true
+ service:
+ port: 11211
+
+## @section PostgreSQL
+#
+## @param postgresql.enabled Enable PostgreSQL
+## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase)
+## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername)
+## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword)
+## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port)
+## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume
+postgresql:
+ enabled: true
+ global:
+ postgresql:
+ postgresqlDatabase: gitea
+ postgresqlUsername: gitea
+ postgresqlPassword: gitea
+ servicePort: 5432
+ persistence:
+ size: 10Gi
+
+## @section MySQL
+#
+## @param mysql.enabled Enable MySQL
+## @param mysql.root.password Password for the root user. Ignored if existing secret is provided
+## @param mysql.db.user Username of new user to create.
+## @param mysql.db.password Password for the new user.Ignored if existing secret is provided
+## @param mysql.db.name Name for new database to create.
+## @param mysql.service.port Port to connect to MySQL service
+## @param mysql.persistence.size PVC Storage Request for MySQL volume
+mysql:
+ enabled: false
+ root:
+ password: gitea
+ db:
+ user: gitea
+ password: gitea
+ name: gitea
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+## @section MariaDB
+#
+## @param mariadb.enabled Enable MariaDB
+## @param mariadb.auth.database Name of the database to create.
+## @param mariadb.auth.username Username of the new user to create.
+## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided
+## @param mariadb.auth.rootPassword Password for the root user.
+## @param mariadb.primary.service.port Port to connect to MariaDB service
+## @param mariadb.primary.persistence.size Persistence size for MariaDB
+mariadb:
+ enabled: false
+ auth:
+ database: gitea
+ username: gitea
+ password: gitea
+ rootPassword: gitea
+ primary:
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
+# Set it to false to skip this basic validation check.
+## @section Advanced
+## @param checkDeprecation Set it to false to skip this basic validation check.
+checkDeprecation: true
+
diff --git a/installers/mgmt-cluster/gitea/values-standalone-ingress-ssh2222.yaml b/installers/mgmt-cluster/gitea/values-standalone-ingress-ssh2222.yaml
new file mode 100644
index 0000000..bf1296a
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/values-standalone-ingress-ssh2222.yaml
@@ -0,0 +1,509 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Default values for gitea.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+## @section Global
+#
+## @param global.imageRegistry global image registry override
+## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
+## @param global.storageClass global storage class override
+## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
+global:
+ imageRegistry: ""
+ ## E.g.
+ ## imagePullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ imagePullSecrets: []
+ storageClass: ""
+ hostAliases: []
+ # - ip: 192.168.137.2
+ # hostnames:
+ # - example.com
+
+## @param replicaCount number of replicas for the statefulset
+replicaCount: 1
+
+## @param clusterDomain cluster domain
+clusterDomain: cluster.local
+
+## @section Image
+## @param image.registry image registry, e.g. gcr.io,docker.io
+## @param image.repository Image to start for this pod
+## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
+## @param image.pullPolicy Image pull policy
+## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
+image:
+ registry: ""
+ repository: gitea/gitea
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ pullPolicy: Always
+ rootless: false # only possible when running 1.14 or later
+
+## @param imagePullSecrets Secret to use for pulling the image
+imagePullSecrets: []
+
+## @section Security
+# Security context is only usable with rootless image due to image design
+## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
+podSecurityContext:
+ fsGroup: 1000
+
+## @param containerSecurityContext Security context
+containerSecurityContext: {}
+# allowPrivilegeEscalation: false
+# capabilities:
+# drop:
+# - ALL
+# # Add the SYS_CHROOT capability for root and rootless images if you intend to
+# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
+# # get an error message from the SSH server that it is not possible to read from
+# # the repository.
+# # https://gitea.com/gitea/helm-chart/issues/161
+# add:
+# - SYS_CHROOT
+# privileged: false
+# readOnlyRootFilesystem: true
+# runAsGroup: 1000
+# runAsNonRoot: true
+# runAsUser: 1000
+
+## @deprecated The securityContext variable has been split two:
+## - containerSecurityContext
+## - podSecurityContext.
+## @param securityContext Run init and Gitea containers as a specific securityContext
+securityContext: {}
+
+## @section Service
+service:
+ ## @param service.http.type Kubernetes service type for web traffic
+ ## @param service.http.port Port number for web traffic
+ ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
+ ## @param service.http.loadBalancerIP LoadBalancer IP setting
+ ## @param service.http.nodePort NodePort for http service
+ ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.http.externalIPs External IPs for service
+ ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
+ ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
+ ## @param service.http.annotations HTTP service annotations
+ http:
+ type: ClusterIP
+ # port: 3000
+ port: 8080
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ loadBalancerSourceRanges: []
+ annotations: {}
+ ## @param service.ssh.type Kubernetes service type for ssh traffic
+ ## @param service.ssh.port Port number for ssh traffic
+ ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
+ ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
+ ## @param service.ssh.nodePort NodePort for ssh service
+ ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.ssh.externalIPs External IPs for service
+ ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
+ ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.ssh.hostPort HostPort for ssh service
+ ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
+ ## @param service.ssh.annotations SSH service annotations
+ ssh:
+ type: LoadBalancer
+ port: 2222
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ hostPort:
+ loadBalancerSourceRanges: []
+ annotations: {}
+
+
+## @section Ingress
+## @param ingress.enabled Enable ingress
+## @param ingress.className Ingress class name
+## @param ingress.annotations Ingress annotations
+## @param ingress.hosts[0].host Default Ingress host
+## @param ingress.hosts[0].paths[0].path Default Ingress path
+## @param ingress.hosts[0].paths[0].pathType Ingress path type
+## @param ingress.tls Ingress tls settings
+## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
+ingress:
+ enabled: true
+ className: nginx
+ # className:
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: git.miejemplo.com
+ paths:
+ - path: /
+ pathType: Prefix
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - git.example.com
+ # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
+ # If helm doesn't correctly detect your ingress API version you can set it here.
+ # apiVersion: networking.k8s.io/v1
+
+## @section StatefulSet
+#
+## @param resources Kubernetes resources
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+## @param schedulerName Use an alternate scheduler, e.g. "stork"
+schedulerName: ""
+
+## @param nodeSelector NodeSelector for the statefulset
+nodeSelector: {}
+
+## @param tolerations Tolerations for the statefulset
+tolerations: []
+
+## @param affinity Affinity for the statefulset
+affinity: {}
+
+## @param dnsConfig dnsConfig for the statefulset
+dnsConfig: {}
+
+## @param statefulset.env Additional environment variables to pass to containers
+## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
+## @param statefulset.labels Labels for the statefulset
+## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
+statefulset:
+ env: []
+ # - name: VARIABLE
+ # value: my-value
+ terminationGracePeriodSeconds: 60
+ labels: {}
+ annotations: {}
+
+## @section Persistence
+#
+## @param persistence.enabled Enable persistent storage
+## @param persistence.existingClaim Use an existing claim to store repository information
+## @param persistence.size Size for persistence to store repo information
+## @param persistence.accessModes AccessMode for persistence
+## @param persistence.labels Labels for the persistence volume claim to be created
+## @param persistence.annotations Annotations for the persistence volume claim to be created
+## @param persistence.storageClass Name of the storage class to use
+## @param persistence.subPath Subdirectory of the volume to mount at
+persistence:
+ enabled: true
+ existingClaim:
+ size: 10Gi
+ accessModes:
+ - ReadWriteOnce
+ labels: {}
+ annotations: {}
+ storageClass:
+ subPath:
+
+## @param extraVolumes Additional volumes to mount to the Gitea statefulset
+extraVolumes: []
+# - name: postgres-ssl-vol
+# secret:
+# secretName: gitea-postgres-ssl
+
+## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
+extraContainerVolumeMounts: []
+
+## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
+extraInitVolumeMounts: []
+
+## @deprecated The extraVolumeMounts variable has been split two:
+## - extraContainerVolumeMounts
+## - extraInitVolumeMounts
+## As an example, can be used to mount a client cert when connecting to an external Postgres server.
+## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
+extraVolumeMounts: []
+# - name: postgres-ssl-vol
+# readOnly: true
+# mountPath: "/pg-ssl"
+
+## @section Init
+## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
+initPreScript: ""
+#
+# initPreScript: |
+# mkdir -p /data/git/.postgresql
+# cp /pg-ssl/* /data/git/.postgresql/
+# chown -R git:git /data/git/.postgresql/
+# chmod 400 /data/git/.postgresql/postgresql.key
+
+# Configure commit/action signing prerequisites
+## @section Signing
+#
+## @param signing.enabled Enable commit/action signing
+## @param signing.gpgHome GPG home directory
+## @param signing.privateKey Inline private gpg key for signed Gitea actions
+## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
+signing:
+ enabled: false
+ gpgHome: /data/git/.gnupg
+ privateKey: ""
+ # privateKey: |-
+ # -----BEGIN PGP PRIVATE KEY BLOCK-----
+ # ...
+ # -----END PGP PRIVATE KEY BLOCK-----
+ existingSecret: ""
+
+## @section Gitea
+#
+gitea:
+ ## @param gitea.admin.username Username for the Gitea admin user
+ ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
+ ## @param gitea.admin.password Password for the Gitea admin user
+ ## @param gitea.admin.email Email for the Gitea admin user
+ admin:
+ #existingSecret: gitea-admin-secret
+ existingSecret:
+ username: gitea_admin
+ password: r8sA8CPHD9!bt6d
+ email: "gitea@local.domain"
+
+ ## @param gitea.metrics.enabled Enable Gitea metrics
+ ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
+ metrics:
+ enabled: false
+ serviceMonitor:
+ enabled: false
+ # additionalLabels:
+ # prometheus-release: prom1
+
+ ## @param gitea.ldap LDAP configuration
+ ldap: []
+ # - name: "LDAP 1"
+ # existingSecret:
+ # securityProtocol:
+ # host:
+ # port:
+ # userSearchBase:
+ # userFilter:
+ # adminFilter:
+ # emailAttribute:
+ # bindDn:
+ # bindPassword:
+ # usernameAttribute:
+ # publicSSHKeyAttribute:
+
+ # Either specify inline `key` and `secret` or refer to them via `existingSecret`
+ ## @param gitea.oauth OAuth configuration
+ oauth: []
+ # - name: 'OAuth 1'
+ # provider:
+ # key:
+ # secret:
+ # existingSecret:
+ # autoDiscoverUrl:
+ # useCustomUrls:
+ # customAuthUrl:
+ # customTokenUrl:
+ # customProfileUrl:
+ # customEmailUrl:
+
+ ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
+ config:
+ # APP_NAME: "Gitea: Git with a cup of tea"
+
+ # RUN_MODE: dev
+ #
+ server:
+ DOMAIN: git.miejemplo.com
+ ROOT_URL: http://git.miejemplo.com
+ # SSH_PORT: 22
+ #
+ # security:
+ # PASSWORD_COMPLEXITY: spec
+
+ ## @param gitea.additionalConfigSources Additional configuration from secret or configmap
+ additionalConfigSources: []
+ # - secret:
+ # secretName: gitea-app-ini-oauth
+ # - configMap:
+ # name: gitea-app-ini-plaintext
+
+ ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
+ additionalConfigFromEnvs: []
+
+ ## @param gitea.podAnnotations Annotations for the Gitea pod
+ podAnnotations: {}
+
+ ## @section LivenessProbe
+ #
+ ## @param gitea.livenessProbe.enabled Enable liveness probe
+ ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
+ ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
+ ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
+ ## @param gitea.livenessProbe.periodSeconds Period for liveness probe
+ ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
+ ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
+ # Modify the liveness probe for your needs or completely disable it by commenting out.
+ livenessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 200
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+ ## @section ReadinessProbe
+ #
+ ## @param gitea.readinessProbe.enabled Enable readiness probe
+ ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
+ ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
+ ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
+ ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
+ ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
+ ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
+ # Modify the readiness probe for your needs or completely disable it by commenting out.
+ readinessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ # # Uncomment the startup probe to enable and modify it for your needs.
+ ## @section StartupProbe
+ #
+ ## @param gitea.startupProbe.enabled Enable startup probe
+ ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
+ ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
+ ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
+ ## @param gitea.startupProbe.periodSeconds Period for startup probe
+ ## @param gitea.startupProbe.successThreshold Success threshold for startup probe
+ ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
+ startupProbe:
+ enabled: false
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 60
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+## @section Memcached
+#
+## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
+## @param memcached.service.port Port for Memcached
+memcached:
+ enabled: true
+ service:
+ port: 11211
+
+## @section PostgreSQL
+#
+## @param postgresql.enabled Enable PostgreSQL
+## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase)
+## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername)
+## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword)
+## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port)
+## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume
+postgresql:
+ enabled: true
+ global:
+ postgresql:
+ postgresqlDatabase: gitea
+ postgresqlUsername: gitea
+ postgresqlPassword: gitea
+ servicePort: 5432
+ persistence:
+ size: 10Gi
+
+## @section MySQL
+#
+## @param mysql.enabled Enable MySQL
+## @param mysql.root.password Password for the root user. Ignored if existing secret is provided
+## @param mysql.db.user Username of new user to create.
+## @param mysql.db.password Password for the new user.Ignored if existing secret is provided
+## @param mysql.db.name Name for new database to create.
+## @param mysql.service.port Port to connect to MySQL service
+## @param mysql.persistence.size PVC Storage Request for MySQL volume
+mysql:
+ enabled: false
+ root:
+ password: gitea
+ db:
+ user: gitea
+ password: gitea
+ name: gitea
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+## @section MariaDB
+#
+## @param mariadb.enabled Enable MariaDB
+## @param mariadb.auth.database Name of the database to create.
+## @param mariadb.auth.username Username of the new user to create.
+## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided
+## @param mariadb.auth.rootPassword Password for the root user.
+## @param mariadb.primary.service.port Port to connect to MariaDB service
+## @param mariadb.primary.persistence.size Persistence size for MariaDB
+mariadb:
+ enabled: false
+ auth:
+ database: gitea
+ username: gitea
+ password: gitea
+ rootPassword: gitea
+ primary:
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
+# Set it to false to skip this basic validation check.
+## @section Advanced
+## @param checkDeprecation Set it to false to skip this basic validation check.
+checkDeprecation: true
+
diff --git a/installers/mgmt-cluster/gitea/values-standalone-ingress.yaml b/installers/mgmt-cluster/gitea/values-standalone-ingress.yaml
new file mode 100644
index 0000000..4c4bb31
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/values-standalone-ingress.yaml
@@ -0,0 +1,509 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Default values for gitea.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+## @section Global
+#
+## @param global.imageRegistry global image registry override
+## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
+## @param global.storageClass global storage class override
+## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
+global:
+ imageRegistry: ""
+ ## E.g.
+ ## imagePullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ imagePullSecrets: []
+ storageClass: ""
+ hostAliases: []
+ # - ip: 192.168.137.2
+ # hostnames:
+ # - example.com
+
+## @param replicaCount number of replicas for the statefulset
+replicaCount: 1
+
+## @param clusterDomain cluster domain
+clusterDomain: cluster.local
+
+## @section Image
+## @param image.registry image registry, e.g. gcr.io,docker.io
+## @param image.repository Image to start for this pod
+## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
+## @param image.pullPolicy Image pull policy
+## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
+image:
+ registry: ""
+ repository: gitea/gitea
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ pullPolicy: Always
+ rootless: false # only possible when running 1.14 or later
+
+## @param imagePullSecrets Secret to use for pulling the image
+imagePullSecrets: []
+
+## @section Security
+# Security context is only usable with rootless image due to image design
+## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
+podSecurityContext:
+ fsGroup: 1000
+
+## @param containerSecurityContext Security context
+containerSecurityContext: {}
+# allowPrivilegeEscalation: false
+# capabilities:
+# drop:
+# - ALL
+# # Add the SYS_CHROOT capability for root and rootless images if you intend to
+# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
+# # get an error message from the SSH server that it is not possible to read from
+# # the repository.
+# # https://gitea.com/gitea/helm-chart/issues/161
+# add:
+# - SYS_CHROOT
+# privileged: false
+# readOnlyRootFilesystem: true
+# runAsGroup: 1000
+# runAsNonRoot: true
+# runAsUser: 1000
+
+## @deprecated The securityContext variable has been split two:
+## - containerSecurityContext
+## - podSecurityContext.
+## @param securityContext Run init and Gitea containers as a specific securityContext
+securityContext: {}
+
+## @section Service
+service:
+ ## @param service.http.type Kubernetes service type for web traffic
+ ## @param service.http.port Port number for web traffic
+ ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
+ ## @param service.http.loadBalancerIP LoadBalancer IP setting
+ ## @param service.http.nodePort NodePort for http service
+ ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.http.externalIPs External IPs for service
+ ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
+ ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
+ ## @param service.http.annotations HTTP service annotations
+ http:
+ type: ClusterIP
+ # port: 3000
+ port: 8080
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ loadBalancerSourceRanges: []
+ annotations: {}
+ ## @param service.ssh.type Kubernetes service type for ssh traffic
+ ## @param service.ssh.port Port number for ssh traffic
+ ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
+ ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
+ ## @param service.ssh.nodePort NodePort for ssh service
+ ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.ssh.externalIPs External IPs for service
+ ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
+ ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.ssh.hostPort HostPort for ssh service
+ ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
+ ## @param service.ssh.annotations SSH service annotations
+ ssh:
+ type: LoadBalancer
+ port: 22
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ hostPort:
+ loadBalancerSourceRanges: []
+ annotations: {}
+
+
+## @section Ingress
+## @param ingress.enabled Enable ingress
+## @param ingress.className Ingress class name
+## @param ingress.annotations Ingress annotations
+## @param ingress.hosts[0].host Default Ingress host
+## @param ingress.hosts[0].paths[0].path Default Ingress path
+## @param ingress.hosts[0].paths[0].pathType Ingress path type
+## @param ingress.tls Ingress tls settings
+## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
+ingress:
+ enabled: true
+ className: nginx
+ # className:
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: git.miejemplo.com
+ paths:
+ - path: /
+ pathType: Prefix
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - git.example.com
+ # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
+ # If helm doesn't correctly detect your ingress API version you can set it here.
+ # apiVersion: networking.k8s.io/v1
+
+## @section StatefulSet
+#
+## @param resources Kubernetes resources
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+## @param schedulerName Use an alternate scheduler, e.g. "stork"
+schedulerName: ""
+
+## @param nodeSelector NodeSelector for the statefulset
+nodeSelector: {}
+
+## @param tolerations Tolerations for the statefulset
+tolerations: []
+
+## @param affinity Affinity for the statefulset
+affinity: {}
+
+## @param dnsConfig dnsConfig for the statefulset
+dnsConfig: {}
+
+## @param statefulset.env Additional environment variables to pass to containers
+## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
+## @param statefulset.labels Labels for the statefulset
+## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
+statefulset:
+ env: []
+ # - name: VARIABLE
+ # value: my-value
+ terminationGracePeriodSeconds: 60
+ labels: {}
+ annotations: {}
+
+## @section Persistence
+#
+## @param persistence.enabled Enable persistent storage
+## @param persistence.existingClaim Use an existing claim to store repository information
+## @param persistence.size Size for persistence to store repo information
+## @param persistence.accessModes AccessMode for persistence
+## @param persistence.labels Labels for the persistence volume claim to be created
+## @param persistence.annotations Annotations for the persistence volume claim to be created
+## @param persistence.storageClass Name of the storage class to use
+## @param persistence.subPath Subdirectory of the volume to mount at
+persistence:
+ enabled: true
+ existingClaim:
+ size: 10Gi
+ accessModes:
+ - ReadWriteOnce
+ labels: {}
+ annotations: {}
+ storageClass:
+ subPath:
+
+## @param extraVolumes Additional volumes to mount to the Gitea statefulset
+extraVolumes: []
+# - name: postgres-ssl-vol
+# secret:
+# secretName: gitea-postgres-ssl
+
+## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
+extraContainerVolumeMounts: []
+
+## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
+extraInitVolumeMounts: []
+
+## @deprecated The extraVolumeMounts variable has been split two:
+## - extraContainerVolumeMounts
+## - extraInitVolumeMounts
+## As an example, can be used to mount a client cert when connecting to an external Postgres server.
+## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
+extraVolumeMounts: []
+# - name: postgres-ssl-vol
+# readOnly: true
+# mountPath: "/pg-ssl"
+
+## @section Init
+## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
+initPreScript: ""
+#
+# initPreScript: |
+# mkdir -p /data/git/.postgresql
+# cp /pg-ssl/* /data/git/.postgresql/
+# chown -R git:git /data/git/.postgresql/
+# chmod 400 /data/git/.postgresql/postgresql.key
+
+# Configure commit/action signing prerequisites
+## @section Signing
+#
+## @param signing.enabled Enable commit/action signing
+## @param signing.gpgHome GPG home directory
+## @param signing.privateKey Inline private gpg key for signed Gitea actions
+## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
+signing:
+ enabled: false
+ gpgHome: /data/git/.gnupg
+ privateKey: ""
+ # privateKey: |-
+ # -----BEGIN PGP PRIVATE KEY BLOCK-----
+ # ...
+ # -----END PGP PRIVATE KEY BLOCK-----
+ existingSecret: ""
+
+## @section Gitea
+#
+gitea:
+ ## @param gitea.admin.username Username for the Gitea admin user
+ ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
+ ## @param gitea.admin.password Password for the Gitea admin user
+ ## @param gitea.admin.email Email for the Gitea admin user
+ admin:
+ #existingSecret: gitea-admin-secret
+ existingSecret:
+ username: gitea_admin
+ password: r8sA8CPHD9!bt6d
+ email: "gitea@local.domain"
+
+ ## @param gitea.metrics.enabled Enable Gitea metrics
+ ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
+ metrics:
+ enabled: false
+ serviceMonitor:
+ enabled: false
+ # additionalLabels:
+ # prometheus-release: prom1
+
+ ## @param gitea.ldap LDAP configuration
+ ldap: []
+ # - name: "LDAP 1"
+ # existingSecret:
+ # securityProtocol:
+ # host:
+ # port:
+ # userSearchBase:
+ # userFilter:
+ # adminFilter:
+ # emailAttribute:
+ # bindDn:
+ # bindPassword:
+ # usernameAttribute:
+ # publicSSHKeyAttribute:
+
+ # Either specify inline `key` and `secret` or refer to them via `existingSecret`
+ ## @param gitea.oauth OAuth configuration
+ oauth: []
+ # - name: 'OAuth 1'
+ # provider:
+ # key:
+ # secret:
+ # existingSecret:
+ # autoDiscoverUrl:
+ # useCustomUrls:
+ # customAuthUrl:
+ # customTokenUrl:
+ # customProfileUrl:
+ # customEmailUrl:
+
+ ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
+ config:
+ # APP_NAME: "Gitea: Git with a cup of tea"
+
+ # RUN_MODE: dev
+ #
+ server:
+ DOMAIN: git.miejemplo.com
+ ROOT_URL: http://git.miejemplo.com
+ # SSH_PORT: 22
+ #
+ # security:
+ # PASSWORD_COMPLEXITY: spec
+
+ ## @param gitea.additionalConfigSources Additional configuration from secret or configmap
+ additionalConfigSources: []
+ # - secret:
+ # secretName: gitea-app-ini-oauth
+ # - configMap:
+ # name: gitea-app-ini-plaintext
+
+ ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
+ additionalConfigFromEnvs: []
+
+ ## @param gitea.podAnnotations Annotations for the Gitea pod
+ podAnnotations: {}
+
+ ## @section LivenessProbe
+ #
+ ## @param gitea.livenessProbe.enabled Enable liveness probe
+ ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
+ ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
+ ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
+ ## @param gitea.livenessProbe.periodSeconds Period for liveness probe
+ ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
+ ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
+ # Modify the liveness probe for your needs or completely disable it by commenting out.
+ livenessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 200
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+ ## @section ReadinessProbe
+ #
+ ## @param gitea.readinessProbe.enabled Enable readiness probe
+ ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
+ ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
+ ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
+ ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
+ ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
+ ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
+ # Modify the readiness probe for your needs or completely disable it by commenting out.
+ readinessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ # # Uncomment the startup probe to enable and modify it for your needs.
+ ## @section StartupProbe
+ #
+ ## @param gitea.startupProbe.enabled Enable startup probe
+ ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
+ ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
+ ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
+ ## @param gitea.startupProbe.periodSeconds Period for startup probe
+ ## @param gitea.startupProbe.successThreshold Success threshold for startup probe
+ ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
+ startupProbe:
+ enabled: false
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 60
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+## @section Memcached
+#
+## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
+## @param memcached.service.port Port for Memcached
+memcached:
+ enabled: true
+ service:
+ port: 11211
+
+## @section PostgreSQL
+#
+## @param postgresql.enabled Enable PostgreSQL
+## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase)
+## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername)
+## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword)
+## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port)
+## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume
+postgresql:
+ enabled: true
+ global:
+ postgresql:
+ postgresqlDatabase: gitea
+ postgresqlUsername: gitea
+ postgresqlPassword: gitea
+ servicePort: 5432
+ persistence:
+ size: 10Gi
+
+## @section MySQL
+#
+## @param mysql.enabled Enable MySQL
+## @param mysql.root.password Password for the root user. Ignored if existing secret is provided
+## @param mysql.db.user Username of new user to create.
+## @param mysql.db.password Password for the new user.Ignored if existing secret is provided
+## @param mysql.db.name Name for new database to create.
+## @param mysql.service.port Port to connect to MySQL service
+## @param mysql.persistence.size PVC Storage Request for MySQL volume
+mysql:
+ enabled: false
+ root:
+ password: gitea
+ db:
+ user: gitea
+ password: gitea
+ name: gitea
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+## @section MariaDB
+#
+## @param mariadb.enabled Enable MariaDB
+## @param mariadb.auth.database Name of the database to create.
+## @param mariadb.auth.username Username of the new user to create.
+## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided
+## @param mariadb.auth.rootPassword Password for the root user.
+## @param mariadb.primary.service.port Port to connect to MariaDB service
+## @param mariadb.primary.persistence.size Persistence size for MariaDB
+mariadb:
+ enabled: false
+ auth:
+ database: gitea
+ username: gitea
+ password: gitea
+ rootPassword: gitea
+ primary:
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
+# Set it to false to skip this basic validation check.
+## @section Advanced
+## @param checkDeprecation Set it to false to skip this basic validation check.
+checkDeprecation: true
+
diff --git a/installers/mgmt-cluster/gitea/values-standalone.yaml b/installers/mgmt-cluster/gitea/values-standalone.yaml
new file mode 100644
index 0000000..867fc05
--- /dev/null
+++ b/installers/mgmt-cluster/gitea/values-standalone.yaml
@@ -0,0 +1,509 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Default values for gitea.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+## @section Global
+#
+## @param global.imageRegistry global image registry override
+## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
+## @param global.storageClass global storage class override
+## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
+global:
+ imageRegistry: ""
+ ## E.g.
+ ## imagePullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ imagePullSecrets: []
+ storageClass: ""
+ hostAliases: []
+ # - ip: 192.168.137.2
+ # hostnames:
+ # - example.com
+
+## @param replicaCount number of replicas for the statefulset
+replicaCount: 1
+
+## @param clusterDomain cluster domain
+clusterDomain: cluster.local
+
+## @section Image
+## @param image.registry image registry, e.g. gcr.io,docker.io
+## @param image.repository Image to start for this pod
+## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
+## @param image.pullPolicy Image pull policy
+## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
+image:
+ registry: ""
+ repository: gitea/gitea
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ pullPolicy: Always
+ rootless: false # only possible when running 1.14 or later
+
+## @param imagePullSecrets Secret to use for pulling the image
+imagePullSecrets: []
+
+## @section Security
+# Security context is only usable with rootless image due to image design
+## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
+podSecurityContext:
+ fsGroup: 1000
+
+## @param containerSecurityContext Security context
+containerSecurityContext: {}
+# allowPrivilegeEscalation: false
+# capabilities:
+# drop:
+# - ALL
+# # Add the SYS_CHROOT capability for root and rootless images if you intend to
+# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
+# # get an error message from the SSH server that it is not possible to read from
+# # the repository.
+# # https://gitea.com/gitea/helm-chart/issues/161
+# add:
+# - SYS_CHROOT
+# privileged: false
+# readOnlyRootFilesystem: true
+# runAsGroup: 1000
+# runAsNonRoot: true
+# runAsUser: 1000
+
+## @deprecated The securityContext variable has been split two:
+## - containerSecurityContext
+## - podSecurityContext.
+## @param securityContext Run init and Gitea containers as a specific securityContext
+securityContext: {}
+
+## @section Service
+service:
+ ## @param service.http.type Kubernetes service type for web traffic
+ ## @param service.http.port Port number for web traffic
+ ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
+ ## @param service.http.loadBalancerIP LoadBalancer IP setting
+ ## @param service.http.nodePort NodePort for http service
+ ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.http.externalIPs External IPs for service
+ ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
+ ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
+ ## @param service.http.annotations HTTP service annotations
+ http:
+ type: LoadBalancer
+ # port: 3000
+ port: 8080
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ loadBalancerSourceRanges: []
+ annotations: {}
+ ## @param service.ssh.type Kubernetes service type for ssh traffic
+ ## @param service.ssh.port Port number for ssh traffic
+ ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
+ ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
+ ## @param service.ssh.nodePort NodePort for ssh service
+ ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
+ ## @param service.ssh.externalIPs External IPs for service
+ ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
+ ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
+ ## @param service.ssh.hostPort HostPort for ssh service
+ ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
+ ## @param service.ssh.annotations SSH service annotations
+ ssh:
+ type: LoadBalancer
+ port: 22
+ clusterIP: None
+ loadBalancerIP:
+ nodePort:
+ externalTrafficPolicy:
+ externalIPs:
+ ipFamilyPolicy:
+ ipFamilies:
+ hostPort:
+ loadBalancerSourceRanges: []
+ annotations: {}
+
+
+## @section Ingress
+## @param ingress.enabled Enable ingress
+## @param ingress.className Ingress class name
+## @param ingress.annotations Ingress annotations
+## @param ingress.hosts[0].host Default Ingress host
+## @param ingress.hosts[0].paths[0].path Default Ingress path
+## @param ingress.hosts[0].paths[0].pathType Ingress path type
+## @param ingress.tls Ingress tls settings
+## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
+ingress:
+ enabled: false
+ # className: nginx
+ className:
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: git.example.com
+ paths:
+ - path: /
+ pathType: Prefix
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - git.example.com
+ # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
+ # If helm doesn't correctly detect your ingress API version you can set it here.
+ # apiVersion: networking.k8s.io/v1
+
+## @section StatefulSet
+#
+## @param resources Kubernetes resources
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+## @param schedulerName Use an alternate scheduler, e.g. "stork"
+schedulerName: ""
+
+## @param nodeSelector NodeSelector for the statefulset
+nodeSelector: {}
+
+## @param tolerations Tolerations for the statefulset
+tolerations: []
+
+## @param affinity Affinity for the statefulset
+affinity: {}
+
+## @param dnsConfig dnsConfig for the statefulset
+dnsConfig: {}
+
+## @param statefulset.env Additional environment variables to pass to containers
+## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
+## @param statefulset.labels Labels for the statefulset
+## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
+statefulset:
+ env: []
+ # - name: VARIABLE
+ # value: my-value
+ terminationGracePeriodSeconds: 60
+ labels: {}
+ annotations: {}
+
+## @section Persistence
+#
+## @param persistence.enabled Enable persistent storage
+## @param persistence.existingClaim Use an existing claim to store repository information
+## @param persistence.size Size for persistence to store repo information
+## @param persistence.accessModes AccessMode for persistence
+## @param persistence.labels Labels for the persistence volume claim to be created
+## @param persistence.annotations Annotations for the persistence volume claim to be created
+## @param persistence.storageClass Name of the storage class to use
+## @param persistence.subPath Subdirectory of the volume to mount at
+persistence:
+ enabled: true
+ existingClaim:
+ size: 10Gi
+ accessModes:
+ - ReadWriteOnce
+ labels: {}
+ annotations: {}
+ storageClass:
+ subPath:
+
+## @param extraVolumes Additional volumes to mount to the Gitea statefulset
+extraVolumes: []
+# - name: postgres-ssl-vol
+# secret:
+# secretName: gitea-postgres-ssl
+
+## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
+extraContainerVolumeMounts: []
+
+## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
+extraInitVolumeMounts: []
+
+## @deprecated The extraVolumeMounts variable has been split two:
+## - extraContainerVolumeMounts
+## - extraInitVolumeMounts
+## As an example, can be used to mount a client cert when connecting to an external Postgres server.
+## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
+extraVolumeMounts: []
+# - name: postgres-ssl-vol
+# readOnly: true
+# mountPath: "/pg-ssl"
+
+## @section Init
+## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
+initPreScript: ""
+#
+# initPreScript: |
+# mkdir -p /data/git/.postgresql
+# cp /pg-ssl/* /data/git/.postgresql/
+# chown -R git:git /data/git/.postgresql/
+# chmod 400 /data/git/.postgresql/postgresql.key
+
+# Configure commit/action signing prerequisites
+## @section Signing
+#
+## @param signing.enabled Enable commit/action signing
+## @param signing.gpgHome GPG home directory
+## @param signing.privateKey Inline private gpg key for signed Gitea actions
+## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
+signing:
+ enabled: false
+ gpgHome: /data/git/.gnupg
+ privateKey: ""
+ # privateKey: |-
+ # -----BEGIN PGP PRIVATE KEY BLOCK-----
+ # ...
+ # -----END PGP PRIVATE KEY BLOCK-----
+ existingSecret: ""
+
+## @section Gitea
+#
+gitea:
+ ## @param gitea.admin.username Username for the Gitea admin user
+ ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
+ ## @param gitea.admin.password Password for the Gitea admin user
+ ## @param gitea.admin.email Email for the Gitea admin user
+ admin:
+ #existingSecret: gitea-admin-secret
+ existingSecret:
+ username: gitea_admin
+ password: r8sA8CPHD9!bt6d
+ email: "gitea@local.domain"
+
+ ## @param gitea.metrics.enabled Enable Gitea metrics
+ ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
+ metrics:
+ enabled: false
+ serviceMonitor:
+ enabled: false
+ # additionalLabels:
+ # prometheus-release: prom1
+
+ ## @param gitea.ldap LDAP configuration
+ ldap: []
+ # - name: "LDAP 1"
+ # existingSecret:
+ # securityProtocol:
+ # host:
+ # port:
+ # userSearchBase:
+ # userFilter:
+ # adminFilter:
+ # emailAttribute:
+ # bindDn:
+ # bindPassword:
+ # usernameAttribute:
+ # publicSSHKeyAttribute:
+
+ # Either specify inline `key` and `secret` or refer to them via `existingSecret`
+ ## @param gitea.oauth OAuth configuration
+ oauth: []
+ # - name: 'OAuth 1'
+ # provider:
+ # key:
+ # secret:
+ # existingSecret:
+ # autoDiscoverUrl:
+ # useCustomUrls:
+ # customAuthUrl:
+ # customTokenUrl:
+ # customProfileUrl:
+ # customEmailUrl:
+
+ ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
+ config:
+ # APP_NAME: "Gitea: Git with a cup of tea"
+
+ # RUN_MODE: dev
+ #
+ server:
+ DOMAIN: git.miejemplo.com
+ ROOT_URL: http://git.miejemplo.com
+ # SSH_PORT: 22
+ #
+ # security:
+ # PASSWORD_COMPLEXITY: spec
+
+ ## @param gitea.additionalConfigSources Additional configuration from secret or configmap
+ additionalConfigSources: []
+ # - secret:
+ # secretName: gitea-app-ini-oauth
+ # - configMap:
+ # name: gitea-app-ini-plaintext
+
+ ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
+ additionalConfigFromEnvs: []
+
+ ## @param gitea.podAnnotations Annotations for the Gitea pod
+ podAnnotations: {}
+
+ ## @section LivenessProbe
+ #
+ ## @param gitea.livenessProbe.enabled Enable liveness probe
+ ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
+ ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
+ ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
+ ## @param gitea.livenessProbe.periodSeconds Period for liveness probe
+ ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
+ ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
+ # Modify the liveness probe for your needs or completely disable it by commenting out.
+ livenessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 200
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+ ## @section ReadinessProbe
+ #
+ ## @param gitea.readinessProbe.enabled Enable readiness probe
+ ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
+ ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
+ ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
+ ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
+ ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
+ ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
+ # Modify the readiness probe for your needs or completely disable it by commenting out.
+ readinessProbe:
+ enabled: true
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ # # Uncomment the startup probe to enable and modify it for your needs.
+ ## @section StartupProbe
+ #
+ ## @param gitea.startupProbe.enabled Enable startup probe
+ ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
+ ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
+ ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
+ ## @param gitea.startupProbe.periodSeconds Period for startup probe
+ ## @param gitea.startupProbe.successThreshold Success threshold for startup probe
+ ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
+ startupProbe:
+ enabled: false
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 60
+ timeoutSeconds: 1
+ periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 10
+
+## @section Memcached
+#
+## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
+## @param memcached.service.port Port for Memcached
+memcached:
+ enabled: true
+ service:
+ port: 11211
+
+## @section PostgreSQL
+#
+## @param postgresql.enabled Enable PostgreSQL
+## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase)
+## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername)
+## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword)
+## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port)
+## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume
+postgresql:
+ enabled: true
+ global:
+ postgresql:
+ postgresqlDatabase: gitea
+ postgresqlUsername: gitea
+ postgresqlPassword: gitea
+ servicePort: 5432
+ persistence:
+ size: 10Gi
+
+## @section MySQL
+#
+## @param mysql.enabled Enable MySQL
+## @param mysql.root.password Password for the root user. Ignored if existing secret is provided
+## @param mysql.db.user Username of new user to create.
+## @param mysql.db.password Password for the new user.Ignored if existing secret is provided
+## @param mysql.db.name Name for new database to create.
+## @param mysql.service.port Port to connect to MySQL service
+## @param mysql.persistence.size PVC Storage Request for MySQL volume
+mysql:
+ enabled: false
+ root:
+ password: gitea
+ db:
+ user: gitea
+ password: gitea
+ name: gitea
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+## @section MariaDB
+#
+## @param mariadb.enabled Enable MariaDB
+## @param mariadb.auth.database Name of the database to create.
+## @param mariadb.auth.username Username of the new user to create.
+## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided
+## @param mariadb.auth.rootPassword Password for the root user.
+## @param mariadb.primary.service.port Port to connect to MariaDB service
+## @param mariadb.primary.persistence.size Persistence size for MariaDB
+mariadb:
+ enabled: false
+ auth:
+ database: gitea
+ username: gitea
+ password: gitea
+ rootPassword: gitea
+ primary:
+ service:
+ port: 3306
+ persistence:
+ size: 10Gi
+
+# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
+# Set it to false to skip this basic validation check.
+## @section Advanced
+## @param checkDeprecation Set it to false to skip this basic validation check.
+checkDeprecation: true
+