matthew/helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow existing secrets for passwords (#170)

Browse Source 
Allow admin user and password to be configured via existing secrets

Allow LDAP bindDn and bindPassword to be configured via existing secrets

Update Readme

Fixes: #169

Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/170
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: luhahn <luhahn@noreply.gitea.io>
Co-committed-by: luhahn <luhahn@noreply.gitea.io>
This commit is contained in:
luhahn 2021-06-10 19:13:33 +08:00 committed by Lunny Xiao
parent 6e841e6e26
commit c49dc047a4
5 changed files with 93 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
README.md
View File

@ -262,6 +262,25 @@ You cannot use `admin` as username.
email: "gi@tea.com" email: "gi@tea.com"
``` ```
You can also use an existing Secret to configure the admin user:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: gitea-admin-secret
type: Opaque
stringData:
username: MyAwesomeGiteaAdmin
password: AReallyAwesomeGiteaPassword
```
```yaml
gitea:
admin:
existingSecret: gitea-admin-secret
```
### LDAP Settings ### LDAP Settings
Like the admin user the LDAP settings can be updated, but also disabled or deleted. Like the admin user the LDAP settings can be updated, but also disabled or deleted.
@ -306,6 +325,26 @@ kebab-case:
bind-password: JustAnotherBindPw bind-password: JustAnotherBindPw
username-attribute: CN username-attribute: CN
``` ```
You can also use an existing secret to set the bindDn and bindPassword:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: gitea-ldap-secret
type: Opaque
stringData:
bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com
bindPassword: JustAnotherBindPw
```
```yaml
gitea:
ldap:
existingSecret: gitea-ldap-secret
```
### OAuth2 Settings ### OAuth2 Settings
Like the admin user the OAuth2 settings can be updated but also disabled or deleted. Like the admin user the OAuth2 settings can be updated but also disabled or deleted.

16
templates/_helpers.tpl
View File

@ -108,9 +108,21 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}} {{- end -}}
{{- define "gitea.ldap_settings" -}} {{- define "gitea.ldap_settings" -}}
{{- if or (not (hasKey .Values.gitea.ldap "bindDn")) (not (hasKey .Values.gitea.ldap "bind-dn")) -}}
{{- $_ := set .Values.gitea.ldap "bindDn" "" -}}
{{- end -}}
{{- if or (not (hasKey .Values.gitea.ldap "bindPassword")) (not (hasKey .Values.gitea.ldap "bind-password")) -}}
{{- $_ := set .Values.gitea.ldap "bindPassword" "" -}}
{{- end -}}
{{- range $key, $val := .Values.gitea.ldap -}} {{- range $key, $val := .Values.gitea.ldap -}}
{{- if ne $key "enabled" -}} {{- if and (ne $key "enabled") (ne $key "existingSecret") -}}
{{- if eq $key "port" -}} {{- if eq ($key | kebabcase) "bind-dn" -}}
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_BIND_DN}" | quote ) -}}
{{- else if eq ($key | kebabcase) "bind-password" -}}
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}}
{{- else if eq $key "port" -}}
{{- printf "--%s %d " ($key | kebabcase) ($val | int) -}} {{- printf "--%s %d " ($key | kebabcase) ($val | int) -}}
{{- else -}} {{- else -}}
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} {{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}

8
templates/gitea/init.yaml
View File

@ -41,13 +41,13 @@ stringData:
set -x; \ set -x; \
gitea migrate; \ gitea migrate; \
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }} {{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
gitea admin create-user --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ gitea admin create-user --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|| \ || \
gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} \ gitea admin change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" \
|| \ || \
gitea admin user create --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \ gitea admin user create --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|| \ || \
gitea admin user change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \ gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"; \
{{- end }} {{- end }}
{{- if .Values.gitea.ldap.enabled }} {{- if .Values.gitea.ldap.enabled }}
gitea admin auth add-ldap \ gitea admin auth add-ldap \

34
templates/gitea/statefulset.yaml
View File

@ -50,6 +50,40 @@ spec:
value: /data value: /data
- name: GITEA_TEMP - name: GITEA_TEMP
value: /tmp/gitea value: /tmp/gitea
{{- if .Values.gitea.ldap.existingSecret }}
- name: GITEA_LDAP_BIND_DN
valueFrom:
secretKeyRef:
key: bindDn
name: {{ .Values.gitea.ldap.existingSecret }}
- name: GITEA_LDAP_PASSWORD
valueFrom:
secretKeyRef:
key: bindPassword
name: {{ .Values.gitea.ldap.existingSecret }}
{{- else }}
- name: GITEA_LDAP_BIND_DN
value: {{ .Values.gitea.ldap.bindDn | quote }}
- name: GITEA_ADMIN_PASSWORD
value: {{ .Values.gitea.ldap.bindPassword | quote }}
{{- end }}
{{- if .Values.gitea.admin.existingSecret }}
- name: GITEA_ADMIN_USERNAME
valueFrom:
secretKeyRef:
key: username
name: {{ .Values.gitea.admin.existingSecret }}
- name: GITEA_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: {{ .Values.gitea.admin.existingSecret }}
{{- else }}
- name: GITEA_ADMIN_USERNAME
value: {{ .Values.gitea.admin.username | quote }}
- name: GITEA_ADMIN_PASSWORD
value: {{ .Values.gitea.admin.password | quote }}
{{- end }}
{{- if .Values.statefulset.env }} {{- if .Values.statefulset.env }}
{{- toYaml .Values.statefulset.env | nindent 12 }} {{- toYaml .Values.statefulset.env | nindent 12 }}
{{- end }} {{- end }}

2
values.yaml
View File

@ -127,6 +127,7 @@ initPreScript: ""
gitea: gitea:
admin: admin:
#existingSecret: gitea-admin-secret
username: gitea_admin username: gitea_admin
password: r8sA8CPHD9!bt6d password: r8sA8CPHD9!bt6d
email: "gitea@local.domain" email: "gitea@local.domain"
@ -140,6 +141,7 @@ gitea:
ldap: ldap:
enabled: false enabled: false
#existingSecret: gitea-ldap-secret
#name: #name:
#securityProtocol: #securityProtocol:
#host: #host: