matthew/helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow existing secrets for passwords (#170)

Browse Source 
Allow admin user and password to be configured via existing secrets

Allow LDAP bindDn and bindPassword to be configured via existing secrets

Update Readme

Fixes: #169

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/170
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
This commit is contained in:
luhahn 2021-06-10 19:13:33 +08:00 committed by Lunny Xiao
parent 6e841e6e26
commit c49dc047a4
5 changed files with 93 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
README.md
View File

@ -262,6 +262,25 @@ You cannot use `admin` as username.
email: "gi@tea.com"
```
You can also use an existing Secret to configure the admin user:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: gitea-admin-secret
type: Opaque
stringData:
username: MyAwesomeGiteaAdmin
password: AReallyAwesomeGiteaPassword
```
```yaml
gitea:
admin:
existingSecret: gitea-admin-secret
```
### LDAP Settings
Like the admin user the LDAP settings can be updated, but also disabled or deleted.
@ -306,6 +325,26 @@ kebab-case:
bind-password: JustAnotherBindPw
username-attribute: CN
```
You can also use an existing secret to set the bindDn and bindPassword:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: gitea-ldap-secret
type: Opaque
stringData:
bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com
bindPassword: JustAnotherBindPw
```
```yaml
gitea:
ldap:
existingSecret: gitea-ldap-secret
```
### OAuth2 Settings
Like the admin user the OAuth2 settings can be updated but also disabled or deleted.

16
templates/_helpers.tpl
View File

@ -108,9 +108,21 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "gitea.ldap_settings" -}}
{{- if or (not (hasKey .Values.gitea.ldap "bindDn")) (not (hasKey .Values.gitea.ldap "bind-dn")) -}}
{{- $_ := set .Values.gitea.ldap "bindDn" "" -}}
{{- end -}}
{{- if or (not (hasKey .Values.gitea.ldap "bindPassword")) (not (hasKey .Values.gitea.ldap "bind-password")) -}}
{{- $_ := set .Values.gitea.ldap "bindPassword" "" -}}
{{- end -}}
{{- range $key, $val := .Values.gitea.ldap -}}
{{- if ne $key "enabled" -}}
{{- if eq $key "port" -}}
{{- if and (ne $key "enabled") (ne $key "existingSecret") -}}
{{- if eq ($key | kebabcase) "bind-dn" -}}
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_BIND_DN}" | quote ) -}}
{{- else if eq ($key | kebabcase) "bind-password" -}}
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}}
{{- else if eq $key "port" -}}
{{- printf "--%s %d " ($key | kebabcase) ($val | int) -}}
{{- else -}}
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}

8
templates/gitea/init.yaml
View File

@ -41,13 +41,13 @@ stringData:
set -x; \
gitea migrate; \
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
gitea admin create-user --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
gitea admin create-user --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|| \
gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} \
gitea admin change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" \
|| \
gitea admin user create --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
gitea admin user create --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|| \
gitea admin user change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"; \
{{- end }}
{{- if .Values.gitea.ldap.enabled }}
gitea admin auth add-ldap \

34
templates/gitea/statefulset.yaml
View File

@ -50,6 +50,40 @@ spec:
value: /data
- name: GITEA_TEMP
value: /tmp/gitea
{{- if .Values.gitea.ldap.existingSecret }}
- name: GITEA_LDAP_BIND_DN
valueFrom:
secretKeyRef:
key: bindDn
name: {{ .Values.gitea.ldap.existingSecret }}
- name: GITEA_LDAP_PASSWORD
valueFrom:
secretKeyRef:
key: bindPassword
name: {{ .Values.gitea.ldap.existingSecret }}
{{- else }}
- name: GITEA_LDAP_BIND_DN
value: {{ .Values.gitea.ldap.bindDn | quote }}
- name: GITEA_ADMIN_PASSWORD
value: {{ .Values.gitea.ldap.bindPassword | quote }}
{{- end }}
{{- if .Values.gitea.admin.existingSecret }}
- name: GITEA_ADMIN_USERNAME
valueFrom:
secretKeyRef:
key: username
name: {{ .Values.gitea.admin.existingSecret }}
- name: GITEA_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: {{ .Values.gitea.admin.existingSecret }}
{{- else }}
- name: GITEA_ADMIN_USERNAME
value: {{ .Values.gitea.admin.username | quote }}
- name: GITEA_ADMIN_PASSWORD
value: {{ .Values.gitea.admin.password | quote }}
{{- end }}
{{- if .Values.statefulset.env }}
{{- toYaml .Values.statefulset.env | nindent 12 }}
{{- end }}

2
values.yaml
View File

@ -127,6 +127,7 @@ initPreScript: ""
gitea:
admin:
#existingSecret: gitea-admin-secret
username: gitea_admin
password: r8sA8CPHD9!bt6d
email: "gitea@local.domain"
@ -140,6 +141,7 @@ gitea:
ldap:
enabled: false
#existingSecret: gitea-ldap-secret
#name:
#securityProtocol:
#host: