allowed pass db credential through secret. #60
Labels
No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
No Milestone
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/helm-chart#60
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Using gitops, deploy must go through git, but this chart require clear credential.
During the init, can mount the external secret as env or somthing to provice extra conf for app.ini.
Do you want this option for the admin password only or for the database credentials as well?
I think this should be for all passwords / secrets.
Maybe the chart can optionally use key-value pairs from an existing secret?
Injecting database credentials via secrets is a requirement if you want to use gitea with the Kubernetes PostgreSQL operator.
I currently have no idea how to do this properly :/
It is no problem at all to inject those secrets as env variables. However to set the database passwords we somehow need to get them into the app.ini.
First idea would be to check if secrets are available and set a placeholder in the generated app.ini and set it later in the init container via sed.
But im not really happy with this approach
I am also interested in providing secrets to gitea using environment variables instead of setting them in plain format in app.ini. I did a bit of research and found out, since gitea image v1.14.1, there is the possibility to override everything in app.ini by passing ENVs by following the pattern "GITEA__SECTION_NAME__KEY_NAME". You can read more about this feature Managing Deployments With Environment Variables
So if I understand it correctly, we just need to extend the {{Values.statefulset.env}} to support not only simple "value" but also a "valueFrom" object. e.g:
...
env:
- name: GITEA_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nameOfSecret
key: password
Thanks
will check this, thanks for the hint :)
merged with #148
@luhahn still don't get how can I pass db conf by secret, there is no gitea.database.existingSecret like admin
ok, 1.14 support from env. like