gitea/helm-chart
45
54
Fork 127
Code Issues 30 Pull Requests 8 Actions Releases 87 Activity

Generic way for configuring Gitea app.ini #240

Merged
luhahn merged 8 commits from justusbunsi/helm-chart:feature/rework-sensitive-ini-settings into master 2021-12-22 10:44:05 +00:00
Conversation 7 Commits 8 Files Changed 6 +51 -1
2 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 33cca725ca - Show all commits

4
.markdownlint.yaml
View File

@ -135,6 +135,8 @@ MD044:
- MySQL
- Memcached
- Prometheus
- Git
- GitOps
# Include code blocks
code_blocks: false
@ -146,4 +148,4 @@ MD046:
# MD048/code-fence-style - Code fence style
MD048:
# Code fence syle
style: "backtick"
style: "backtick"

48
README.md
View File

@ -272,6 +272,54 @@ The Prometheus `/metrics` endpoint is disabled by default.
ENABLED = false
```
### Additional _app.ini_ settings
> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)
section cannot be defined that way.**
Some settings inside _app.ini_ (like passwords or whole authentication configurations)
must be considered sensitive and therefore should not be passed via plain text
inside the _values.yaml_ file. In times of _GitOps_ the values.yaml could be stored
in a Git repository where sensitive data should never be accessible.
The Helm Chart supports this approach and let the user define custom sources like
Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation
or update.
```yaml
gitea:
additionalConfigSources:
- name: oauth
secret:
secretName: gitea-app-ini-oauth
- name: some-additionals
configMap:
name: gitea-app-ini-plaintext
```
This would mount the two additional volumes (`oauth` and `some-additionals`)
from different sources to the init containerwhere the _app.ini_ gets updated.
All files mounted that way will be read and converted to environment variables
and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
The key of such additional source represents the section inside the _app.ini_.
The value for each key can be multiline ini-like definitions.
In example, the referenced `gitea-app-ini-plaintext` could look like this.
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-app-ini-plaintext
data:
session: |
PROVIDER=memory
SAME_SITE=strict
cron.archive_cleanup: |
ENABLED=true
```
### External Database
An external Database can be used instead of builtIn PostgreSQL or MySQL.