Generic way for configuring Gitea app.ini #240
|
@ -289,11 +289,9 @@ or update.
|
|||
```yaml
|
||||
gitea:
|
||||
additionalConfigSources:
|
||||
- name: oauth
|
||||
secret:
|
||||
- secret:
|
||||
secretName: gitea-app-ini-oauth
|
||||
- name: some-additionals
|
||||
configMap:
|
||||
- configMap:
|
||||
name: gitea-app-ini-plaintext
|
||||
```
|
||||
|
||||
|
|
|
@ -10,6 +10,50 @@ stringData:
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
function env2ini::log() {
|
||||
echo "${1}"
|
||||
}
|
||||
|
||||
function env2ini::read_config_to_env() {
|
||||
local section="${1}"
|
||||
local line="${2}"
|
||||
|
||||
# xargs echo -n trims all whitespaces and a trailing new line
|
||||
local setting=$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)
|
||||
local value=$(awk -F '=' '{print $NF}' <<< "${line}" | xargs echo -n)
|
||||
justusbunsi marked this conversation as resolved
Outdated
|
||||
|
||||
if [[ -z "${setting}" ]]; then
|
||||
env2ini::log " ? unprocessable line '${line}'"
|
||||
return
|
||||
fi
|
||||
|
||||
env2ini::log " + '${setting}' to '${section}'"
|
||||
|
||||
local masked_section="${section//./_0X2E_}" # // instructs to replace all matches
|
||||
masked_section="${masked_section//-/_0X2D_}"
|
||||
|
||||
export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}"
|
||||
justusbunsi marked this conversation as resolved
Outdated
justusbunsi
commented
Users can have spaces around the Users can have spaces around the `=` character in their config sources. Just like it is possible within `app.ini`. This regex takes this into account when stripping the setting name from the line to parse.
|
||||
}
|
||||
|
||||
function env2ini::process_config_file() {
|
||||
local config_file="${1}"
|
||||
local section="$(basename "${config_file}")"
|
||||
justusbunsi marked this conversation as resolved
Outdated
justusbunsi
commented
I've decided to let the script fail in case any line is not processable. That way the user is required to fix their configuration before the currently applied breaks somehow. Open for discussion here. I've decided to let the script fail in case any line is not processable. That way the user is required to fix their configuration before the currently applied breaks somehow. Open for discussion here.
|
||||
|
||||
env2ini::log "=== Found additional source: ${config_file} ==="
|
||||
|
||||
while read -r line; do
|
||||
env2ini::read_config_to_env "${section}" "${line}"
|
||||
done < "${config_file}"
|
||||
}
|
||||
|
||||
function env2ini::load_additional_config_sources() {
|
||||
while read -d '' configFile; do
|
||||
env2ini::process_config_file "${configFile}"
|
||||
done < <(find /env-to-ini-mounts/ -type l -not -name '..data' -print0)
|
||||
|
||||
env2ini::log "=== All additional config sources processed ==="
|
||||
}
|
||||
|
||||
justusbunsi marked this conversation as resolved
Outdated
justusbunsi
commented
This broke with the switch to `____` ensures that global settings inside app.ini are actually taken into account and stored at the correct ini level.
This broke with the switch to `environment-to-ini` tool.
|
||||
{{- if not (hasKey .Values.gitea.config "cache") -}}
|
||||
{{- $_ := set .Values.gitea.config "cache" dict -}}
|
||||
{{- end -}}
|
||||
|
@ -162,8 +206,15 @@ stringData:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
env2ini::load_additional_config_sources
|
||||
justusbunsi marked this conversation as resolved
Outdated
justusbunsi
commented
The functions I wrote above gives us the possibility to completely rewrite the I think it's out of scope for this PR but I really like the idea of separating user input from Chart script logic. The functions I wrote above gives us the possibility to completely rewrite the `config.yaml` file content. We could split scripts from data and use a ConfigMap for the script instead of Secret. The values that are currently rendered by the Helm template engine could be written to a separate Kubernetes Secret which then gets processed along with the additional config sources.
I think it's out of scope for this PR but I really like the idea of separating user input from Chart script logic.
justusbunsi
commented
? I had time to implement this as well. ? I had time to implement this as well.
|
||||
|
||||
# safety to prevent rewrite of secret keys if an app.ini already exists
|
||||
if [ -f ${GITEA_APP_INI} ]; then
|
||||
env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
|
||||
env2ini::log ' -> security.INTERNAL_TOKEN'
|
||||
env2ini::log ' -> security.SECRET_KEY'
|
||||
env2ini::log ' -> oauth2.JWT_SECRET'
|
||||
|
||||
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
|
||||
unset ENV_TO_INI__SECURITY__SECRET_KEY
|
||||
unset ENV_TO_INI__OAUTH2__JWT_SECRET
|
||||
|
|
|
@ -97,6 +97,10 @@ spec:
|
|||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
{{- range $idx, $value := .Values.gitea.additionalConfigSources }}
|
||||
- name: additional-config-sources-{{ $idx }}
|
||||
mountPath: "/env-to-ini-mounts/{{ $idx }}/"
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumeMounts }}
|
||||
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
|
@ -284,8 +288,15 @@ spec:
|
|||
{{- if .Values.extraVolumes }}
|
||||
{{- toYaml .Values.extraVolumes | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- range $idx, $value := .Values.gitea.additionalConfigSources }}
|
||||
- name: additional-config-sources-{{ $idx }}
|
||||
{{- toYaml $value | nindent 10 }}
|
||||
{{- end }}
|
||||
- name: temp
|
||||
emptyDir: {}
|
||||
{{- if .Values.extraVolumeMounts }}
|
||||
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
|
|
|
@ -205,6 +205,12 @@ gitea:
|
|||
# security:
|
||||
# PASSWORD_COMPLEXITY: spec
|
||||
|
||||
additionalConfigSources: []
|
||||
# - secret:
|
||||
# secretName: gitea-app-ini-oauth
|
||||
# - configMap:
|
||||
# name: gitea-app-ini-plaintext
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
database:
|
||||
|
|
TODO: Proper handling for values with
=
and"
inside.