7b0a1c7ae6
With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources. These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps. - Fixes #243 - Fixes #174 - Fixes #260 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
128 lines
4.0 KiB
YAML
128 lines
4.0 KiB
YAML
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "gitea.fullname" . }}-inline-config
|
|
labels:
|
|
{{- include "gitea.labels" . | nindent 4 }}
|
|
type: Opaque
|
|
stringData:
|
|
{{- include "gitea.inline_configuration" . | nindent 2 }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "gitea.fullname" . }}
|
|
labels:
|
|
{{- include "gitea.labels" . | nindent 4 }}
|
|
type: Opaque
|
|
stringData:
|
|
config_environment.sh: |-
|
|
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
function env2ini::log() {
|
|
printf "${1}\n"
|
|
}
|
|
|
|
function env2ini::read_config_to_env() {
|
|
local section="${1}"
|
|
local line="${2}"
|
|
|
|
if [[ -z "${line}" ]]; then
|
|
# skip empty line
|
|
return
|
|
fi
|
|
|
|
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
|
|
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
|
|
|
|
if [[ -z "${setting}" ]]; then
|
|
env2ini::log ' ! invalid setting'
|
|
exit 1
|
|
fi
|
|
|
|
local value=''
|
|
local regex="^${setting}(\s*)=(\s*)(.*)"
|
|
if [[ $line =~ $regex ]]; then
|
|
value="${BASH_REMATCH[3]}"
|
|
else
|
|
env2ini::log ' ! invalid setting'
|
|
exit 1
|
|
fi
|
|
|
|
env2ini::log " + '${setting}'"
|
|
|
|
if [[ -z "${section}" ]]; then
|
|
export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase
|
|
return
|
|
fi
|
|
|
|
local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches
|
|
masked_section="${masked_section//-/_0X2D_}"
|
|
|
|
export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
|
|
}
|
|
|
|
function env2ini::process_config_file() {
|
|
local config_file="${1}"
|
|
local section="$(basename "${config_file}")"
|
|
|
|
if [[ $section == '_generals_' ]]; then
|
|
env2ini::log " [ini root]"
|
|
section=''
|
|
else
|
|
env2ini::log " ${section}"
|
|
fi
|
|
|
|
while read -r line; do
|
|
env2ini::read_config_to_env "${section}" "${line}"
|
|
done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading
|
|
}
|
|
|
|
function env2ini::load_config_sources() {
|
|
local path="${1}"
|
|
|
|
env2ini::log "Processing $(basename "${path}")..."
|
|
|
|
while read -d '' configFile; do
|
|
env2ini::process_config_file "${configFile}"
|
|
done < <(find "${path}" -type l -not -name '..data' -print0)
|
|
|
|
env2ini::log "\n"
|
|
}
|
|
|
|
function env2ini::generate_initial_secrets() {
|
|
# These environment variables will either be
|
|
# - overwritten with user defined values,
|
|
# - initially used to set up Gitea
|
|
# Anyway, they won't harm existing app.ini files
|
|
|
|
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
|
|
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
|
|
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
|
|
|
|
env2ini::log "...Initial secrets generated\n"
|
|
}
|
|
|
|
# MUST BE CALLED BEFORE OTHER CONFIGURATION
|
|
env2ini::generate_initial_secrets
|
|
|
|
env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
|
|
env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
|
|
|
|
env2ini::log "=== All configuration sources loaded ===\n"
|
|
|
|
# safety to prevent rewrite of secret keys if an app.ini already exists
|
|
if [ -f ${GITEA_APP_INI} ]; then
|
|
env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
|
|
env2ini::log ' - security.INTERNAL_TOKEN'
|
|
env2ini::log ' - security.SECRET_KEY'
|
|
env2ini::log ' - oauth2.JWT_SECRET'
|
|
|
|
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
|
|
unset ENV_TO_INI__SECURITY__SECRET_KEY
|
|
unset ENV_TO_INI__OAUTH2__JWT_SECRET
|
|
fi
|
|
|
|
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
|