Rewrite init script (#178)

These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-30 04:09:16 +08:00 · 2021-06-30 04:09:16 +08:00 · 9059229acb
commit 9059229acb
parent 6a6eb35106
4 changed files with 130 additions and 41 deletions
--- a/templates/gitea/statefulset.yaml
+++ b/templates/gitea/statefulset.yaml
@ -38,9 +38,38 @@ spec:
      securityContext:
        fsGroup: 1000
      initContainers:
-        - name: init
+        - name: init-directories
          image: "{{ include "gitea.image" . }}"
-          command: ["/usr/sbin/init_gitea.sh"]
+          command: ["/usr/sbin/init_directory_structure.sh"]
+          env:
+            - name: GITEA_APP_INI
+              value: /data/gitea/conf/app.ini
+            - name: GITEA_CUSTOM
+              value: /data/gitea
+            - name: GITEA_WORK_DIR
+              value: /data
+            - name: GITEA_TEMP
+              value: /tmp/gitea
+            {{- if .Values.statefulset.env }}
+            {{- toYaml .Values.statefulset.env | nindent 12 }}
+            {{- end }}
+          volumeMounts:
+            - name: init
+              mountPath: /usr/sbin
+            - name: temp
+              mountPath: /tmp
+            - name: config
+              mountPath: /etc/gitea/conf
+            - name: data
+              mountPath: /data
+            {{- if .Values.extraVolumeMounts }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+        - name: configure-gitea
+          image: "{{ include "gitea.image" . }}"
+          command: ["/usr/sbin/configure_gitea.sh"]
+          securityContext:
+            runAsUser: 1000
          env:
            - name: GITEA_APP_INI
              value: /data/gitea/conf/app.ini
@ -92,8 +121,6 @@ spec:
              mountPath: /usr/sbin
            - name: temp
              mountPath: /tmp
-            - name: config
-              mountPath: /etc/gitea/conf
            - name: data
              mountPath: /data
            {{- if .Values.extraVolumeMounts }}