gitea/helm-chart
45
54
Fork 127
Code Issues 30 Pull Requests 8 Actions Releases 87 Activity

allowed pass db credential through secret. #60

New Issue
Closed
opened 2020-11-17 19:09:31 +00:00 by wener · 9 comments
wener commented 2020-11-17 19:09:31 +00:00
Copy Link

Using gitops, deploy must go through git, but this chart require clear credential.

During the init, can mount the external secret as env or somthing to provice extra conf for app.ini.

Using gitops, deploy must go through git, but this chart require clear credential. During the init, can mount the external secret as env or somthing to provice extra conf for app.ini.
👍 1
lunny added the
kind
proposal
 label 2020-11-18 03:37:23 +00:00
luhahn commented 2020-11-19 10:49:08 +00:00
Member
Copy Link

Do you want this option for the admin password only or for the database credentials as well?

Do you want this option for the admin password only or for the database credentials as well?
viceice commented 2021-01-28 05:32:01 +00:00
Contributor
Copy Link

I think this should be for all passwords / secrets.

Maybe the chart can optionally use key-value pairs from an existing secret?

I think this should be for all passwords / secrets. Maybe the chart can optionally use key-value pairs from an existing secret?
Starefossen commented 2021-02-16 22:48:21 +00:00
Contributor
Copy Link

Injecting database credentials via secrets is a requirement if you want to use gitea with the Kubernetes PostgreSQL operator.

Injecting database credentials via secrets is a requirement if you want to use gitea with the Kubernetes PostgreSQL operator.
luhahn commented 2021-04-12 12:01:50 +00:00
Member
Copy Link

I currently have no idea how to do this properly :/

It is no problem at all to inject those secrets as env variables. However to set the database passwords we somehow need to get them into the app.ini.

First idea would be to check if secrets are available and set a placeholder in the generated app.ini and set it later in the init container via sed.

But im not really happy with this approach

I currently have no idea how to do this properly :/ It is no problem at all to inject those secrets as env variables. However to set the database passwords we somehow need to get them into the app.ini. First idea would be to check if secrets are available and set a placeholder in the generated app.ini and set it later in the init container via sed. But im not really happy with this approach
rema commented 2021-04-22 10:36:18 +00:00
Copy Link

I am also interested in providing secrets to gitea using environment variables instead of setting them in plain format in app.ini. I did a bit of research and found out, since gitea image v1.14.1, there is the possibility to override everything in app.ini by passing ENVs by following the pattern "GITEA__SECTION_NAME__KEY_NAME". You can read more about this feature Managing Deployments With Environment Variables

So if I understand it correctly, we just need to extend the {{Values.statefulset.env}} to support not only simple "value" but also a "valueFrom" object. e.g:
...
env:
- name: GITEA_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nameOfSecret
key: password

Thanks

I am also interested in providing secrets to gitea using environment variables instead of setting them in plain format in app.ini. I did a bit of research and found out, since gitea image v1.14.1, there is the possibility to override everything in app.ini by passing ENVs by following the pattern "GITEA__SECTION_NAME__KEY_NAME". You can read more about this feature [Managing Deployments With Environment Variables](https://docs.gitea.io/en-us/install-with-docker/#managing-deployments-with-environment-variables) So if I understand it correctly, we just need to extend the {{Values.statefulset.env}} to support not only simple "value" but also a "valueFrom" object. e.g: ... env: - name: GITEA_ADMIN_PASSWORD valueFrom: secretKeyRef: name: nameOfSecret key: password Thanks
🎉 1
luhahn commented 2021-04-23 10:57:56 +00:00
Member
Copy Link

will check this, thanks for the hint :)

will check this, thanks for the hint :)
luhahn referenced this issue from a commit 2021-04-29 09:12:49 +00:00
gitea-1.14.x-updates (#148)
luhahn commented 2021-04-29 09:19:13 +00:00
Member
Copy Link

merged with #148

merged with #148
wener commented 2021-08-01 17:13:09 +00:00
Author
Copy Link

@luhahn still don't get how can I pass db conf by secret, there is no gitea.database.existingSecret like admin

@luhahn still don't get how can I pass db conf by secret, there is no gitea.database.existingSecret like admin
wener reopened this issue 2021-08-01 17:13:09 +00:00
wener commented 2021-08-01 17:15:32 +00:00
Author
Copy Link

ok, 1.14 support from env. like

- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=db:3306
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea
ok, 1.14 support from env. like ```yaml - GITEA__database__DB_TYPE=mysql - GITEA__database__HOST=db:3306 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=gitea ```
wener closed this issue 2021-08-01 17:15:32 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
renovate/workflow-dependencies-(minor-and-patch)
app-ini-recreation
fix-env-to-ini
clean-app-ini
gitea-ha
v10.1.4
v10.1.3
v10.1.2
v10.1.1
v10.1.0
v10.0.2
v10.0.1
v10.0.0
v9.6.1
v9.6.0
v9.5.1
v9.5.0
v9.4.0
v9.3.0
v9.2.1
v9.2.0
v9.1.0
v9.0.4
v9.0.3
v9.0.2
v9.0.1
v9.0.0
v8.3.0
v8.2.0
v8.1.0
v8.0.3
v8.0.2
v8.0.1
v8.0.0
v7.0.4
v7.0.3
v7.0.2
v7.0.1
v7.0.0
v6.0.5
v6.0.4
v6.0.3
v6.0.2
v6.0.1
v6.0.0
v5.0.9
v5.0.8
v5.0.7
v5.0.6
v5.0.5
v5.0.4
v5.0.3
v5.0.2
v5.0.1
v5.0.0
v4.1.1
v4.1.0
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.0.0
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.11
v2.1.10
v2.1.9
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
Labels
Clear labels   
has
backport

  
in progress

   
invalid
  
kind
breaking

  
kind
bug

  
kind
build

  
kind
dependency

  
kind
deployment

  
kind
docs

  
kind
enhancement

  
kind
feature

  
kind
lint

  
kind
proposal

  
kind
question

  
kind
refactor

  
kind
security

  
kind
testing

  
kind
translation

  
kind
ui

  
need
backport

  
priority
critical

  
priority
low

  
priority
maybe

  
priority
medium

  
reviewed
duplicate

  
reviewed
invalid

  
reviewed
wontfix

  
skip-changelog
  
status
blocked

  
status
needs-feedback

  
status
needs-reviews

  
status
wip

  
upstream
gitea

  
upstream
other

No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
5 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/helm-chart#60
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?