Allow existing secrets for passwords #170
39
README.md
39
README.md
@ -262,6 +262,25 @@ You cannot use `admin` as username.
|
||||
email: "gi@tea.com"
|
||||
```
|
||||
|
||||
You can also use an existing Secret to configure the admin user:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-admin-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
username: MyAwesomeGiteaAdmin
|
||||
password: AReallyAwesomeGiteaPassword
|
||||
```
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
admin:
|
||||
existingSecret: gitea-admin-secret
|
||||
```
|
||||
|
||||
### LDAP Settings
|
||||
|
||||
Like the admin user the LDAP settings can be updated, but also disabled or deleted.
|
||||
@ -306,6 +325,26 @@ kebab-case:
|
||||
bind-password: JustAnotherBindPw
|
||||
username-attribute: CN
|
||||
```
|
||||
|
||||
You can also use an existing secret to set the bindDn and bindPassword:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-ldap-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com
|
||||
bindPassword: JustAnotherBindPw
|
||||
```
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
ldap:
|
||||
luhahn marked this conversation as resolved
Outdated
|
||||
existingSecret: gitea-ldap-secret
|
||||
```
|
||||
|
||||
### OAuth2 Settings
|
||||
|
||||
Like the admin user the OAuth2 settings can be updated but also disabled or deleted.
|
||||
|
@ -108,9 +108,21 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.ldap_settings" -}}
|
||||
{{- if or (not (hasKey .Values.gitea.ldap "bindDn")) (not (hasKey .Values.gitea.ldap "bind-dn")) -}}
|
||||
{{- $_ := set .Values.gitea.ldap "bindDn" "" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if or (not (hasKey .Values.gitea.ldap "bindPassword")) (not (hasKey .Values.gitea.ldap "bind-password")) -}}
|
||||
{{- $_ := set .Values.gitea.ldap "bindPassword" "" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $key, $val := .Values.gitea.ldap -}}
|
||||
{{- if ne $key "enabled" -}}
|
||||
{{- if eq $key "port" -}}
|
||||
{{- if and (ne $key "enabled") (ne $key "existingSecret") -}}
|
||||
{{- if eq ($key | kebabcase) "bind-dn" -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_BIND_DN}" | quote ) -}}
|
||||
{{- else if eq ($key | kebabcase) "bind-password" -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}}
|
||||
{{- else if eq $key "port" -}}
|
||||
{{- printf "--%s %d " ($key | kebabcase) ($val | int) -}}
|
||||
{{- else -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
|
||||
|
@ -41,13 +41,13 @@ stringData:
|
||||
set -x; \
|
||||
gitea migrate; \
|
||||
{{- if and .Values.gitea.admin.username .Values.gitea.admin.password }}
|
||||
gitea admin create-user --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
gitea admin create-user --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
|| \
|
||||
gitea admin change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} \
|
||||
gitea admin change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" \
|
||||
|| \
|
||||
gitea admin user create --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }} --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
gitea admin user create --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email }} --admin --must-change-password=false \
|
||||
|| \
|
||||
gitea admin user change-password --username {{ .Values.gitea.admin.username }} --password {{ .Values.gitea.admin.password | quote }}; \
|
||||
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"; \
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.ldap.enabled }}
|
||||
gitea admin auth add-ldap \
|
||||
|
@ -50,6 +50,40 @@ spec:
|
||||
value: /data
|
||||
- name: GITEA_TEMP
|
||||
value: /tmp/gitea
|
||||
{{- if .Values.gitea.ldap.existingSecret }}
|
||||
- name: GITEA_LDAP_BIND_DN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: bindDn
|
||||
name: {{ .Values.gitea.ldap.existingSecret }}
|
||||
- name: GITEA_LDAP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: bindPassword
|
||||
name: {{ .Values.gitea.ldap.existingSecret }}
|
||||
{{- else }}
|
||||
- name: GITEA_LDAP_BIND_DN
|
||||
value: {{ .Values.gitea.ldap.bindDn | quote }}
|
||||
- name: GITEA_ADMIN_PASSWORD
|
||||
value: {{ .Values.gitea.ldap.bindPassword | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.admin.existingSecret }}
|
||||
- name: GITEA_ADMIN_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: username
|
||||
name: {{ .Values.gitea.admin.existingSecret }}
|
||||
- name: GITEA_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: {{ .Values.gitea.admin.existingSecret }}
|
||||
{{- else }}
|
||||
- name: GITEA_ADMIN_USERNAME
|
||||
value: {{ .Values.gitea.admin.username | quote }}
|
||||
- name: GITEA_ADMIN_PASSWORD
|
||||
value: {{ .Values.gitea.admin.password | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.statefulset.env }}
|
||||
{{- toYaml .Values.statefulset.env | nindent 12 }}
|
||||
{{- end }}
|
||||
|
@ -127,6 +127,7 @@ initPreScript: ""
|
||||
|
||||
gitea:
|
||||
admin:
|
||||
#existingSecret: gitea-admin-secret
|
||||
username: gitea_admin
|
||||
password: r8sA8CPHD9!bt6d
|
||||
email: "gitea@local.domain"
|
||||
@ -140,6 +141,7 @@ gitea:
|
||||
|
||||
ldap:
|
||||
enabled: false
|
||||
#existingSecret: gitea-ldap-secret
|
||||
#name:
|
||||
#securityProtocol:
|
||||
#host:
|
||||
|
Loading…
Reference in New Issue
Block a user
Whouldn't it be
gitea.ldap.existingSecret
instead ofgitea.admin.existingSecret
for the ldap configuration?good catch!