gitea/helm-chart
45
54
Fork 127
Code Issues 30 Pull Requests 8 Actions Releases 87 Activity

missing examples for additional secret config sources #286

New Issue
Closed
opened 2022-01-30 16:53:43 +00:00 by volker.raschek · 5 comments
volker.raschek commented 2022-01-30 16:53:43 +00:00
Contributor
Copy Link

Hi,

I tried to move the database and mail credentials into a seperate secret. For example the database credentials:

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  USER: myuser
  PASSWD: mysecretpassword

The secret is included via additionalConfigSources:

gitea:
  additionalConfigSources:
    - secret:
        secretName: gitea-app-ini-database

The database section of the app.ini contains only values which must not be protected.

gitea: 
  config:
    database:
      CHARSET: utf8
      DB_TYPE: postgres
      HOST: myhost:5432
      NAME: postgres
      SSL_MODE: disable
      SCHEMA: gitea

If i deploy this configuration, I get an Init:CrashLoopBackOff error. There is only one example to include app.ini configurations via gitea-app-ini-plaintext. Unfortunately none with a secret. It would be great if someone here could help me and expand the README for an example with an additionalConfig as secret.

Hi, I tried to move the database and mail credentials into a seperate secret. For example the database credentials: ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: USER: myuser PASSWD: mysecretpassword ``` The secret is included via `additionalConfigSources`: ```yaml gitea: additionalConfigSources: - secret: secretName: gitea-app-ini-database ``` The `database` section of the `app.ini` contains only values which must not be protected. ``` gitea: config: database: CHARSET: utf8 DB_TYPE: postgres HOST: myhost:5432 NAME: postgres SSL_MODE: disable SCHEMA: gitea ``` If i deploy this configuration, I get an `Init:CrashLoopBackOff` error. There is only one example to include `app.ini` configurations via `gitea-app-ini-plaintext`. Unfortunately none with a secret. It would be great if someone here could help me and expand the README for an example with an additionalConfig as secret.
volker.raschek commented 2022-01-30 16:58:50 +00:00
Author
Contributor
Copy Link

It seems that the bug is already known, because I also use an external database.

#279

It seems that the bug is already known, because I also use an external database. https://gitea.com/gitea/helm-chart/pulls/279
justusbunsi commented 2022-02-01 13:11:30 +00:00
Member
Copy Link

Hi @volker.raschek. The expected data structure inside a Kubernetes secret and Kubernetes ConfigMap are identical.

Both types are mounted as files into the container. Your secret needs to look like the following:

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  database: |
    USER: myuser
    PASSWD: mysecretpassword

The key database must match the section key inside app.ini and represents a file during ini creation. Let me know if this structure works for you. It should. ?

I see that the documentation is not as explaining as hoped. Will update the docs according to that requirement.

Hi @volker.raschek. The expected data structure inside a Kubernetes secret and Kubernetes ConfigMap are identical. Both types are mounted as files into the container. Your secret needs to look like the following: ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: database: | USER: myuser PASSWD: mysecretpassword ``` The key `database` must match the section key inside `app.ini` and represents a file during ini creation. Let me know if this structure works for you. It should. ? --- I see that the documentation is not as explaining as hoped. Will update the docs according to that requirement.
volker.raschek commented 2022-02-01 21:58:33 +00:00
Author
Contributor
Copy Link

Hi @justusbunsi,

Your secret needs to look like the following:

I adapted my secret. The database key was invalid. I tried to deploy gitea again with the credentials stored as secret. I received an other error from an init-container, that the database setting is invalid:

$ kubectl logs gitea-0 -c init-app-ini | tail -n 3
Processing additionals...
  database
  ! invalid setting

The secret looks like your example above. I don't know why it does not work. Any idea?

Hi @justusbunsi, > Your secret needs to look like the following: I adapted my secret. The `database` key was invalid. I tried to deploy gitea again with the credentials stored as secret. I received an other error from an init-container, that the database setting is invalid: ```bash $ kubectl logs gitea-0 -c init-app-ini | tail -n 3 Processing additionals... database ! invalid setting ``` The secret looks like your example above. I don't know why it does not work. Any idea?
justusbunsi commented 2022-02-02 04:53:19 +00:00
Member
Copy Link

Oh. I forgot to change one little but important thing in my snippet. The : need to be =.

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  database: |
    USER=myuser
    PASSWD=mysecretpassword

Please try this again.

Oh. I forgot to change one little but important thing in my snippet. The : need to be =. ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: database: | USER=myuser PASSWD=mysecretpassword ``` Please try this again.
volker.raschek commented 2022-02-02 15:32:21 +00:00
Author
Contributor
Copy Link

Hi @justusbunsi,

this works. Thanks a lot for your help.

I think this should be documented to avoid issues related to this topic in future.

Volker

Hi @justusbunsi, this works. Thanks a lot for your help. I think this should be documented to avoid issues related to this topic in future. Volker
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
has
backport

  
in progress

   
invalid
  
kind
breaking

  
kind
bug

  
kind
build

  
kind
dependency

  
kind
deployment

  
kind
docs

  
kind
enhancement

  
kind
feature

  
kind
lint

  
kind
proposal

  
kind
question

  
kind
refactor

  
kind
security

  
kind
testing

  
kind
translation

  
kind
ui

  
need
backport

  
priority
critical

  
priority
low

  
priority
maybe

  
priority
medium

  
reviewed
duplicate

  
reviewed
invalid

  
reviewed
wontfix

  
skip-changelog
  
status
blocked

  
status
needs-feedback

  
status
needs-reviews

  
status
wip

  
upstream
gitea

  
upstream
other

No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/helm-chart#286
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?