Rework OAuth sources #244
21
README.md
21
README.md
|
@ -545,6 +545,27 @@ gitea:
|
|||
#customEmailUrl:
|
||||
```
|
||||
|
||||
You can also use an existing secret to set the `key` and `secret`:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-oauth-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
key: hello
|
||||
secret: world
|
||||
```
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
oauth:
|
||||
- name: 'MyAwesomeGiteaOAuth'
|
||||
existingSecret: gitea-oauth-secret
|
||||
...
|
||||
```
|
||||
|
||||
### Metrics and profiling
|
||||
|
||||
A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling
|
||||
|
|
|
@ -141,9 +141,17 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||
{{- $idx := index . 0 }}
|
||||
justusbunsi marked this conversation as resolved
Outdated
|
||||
{{- $values := index . 1 }}
|
||||
|
||||
{{- if not (hasKey $values "key") -}}
|
||||
{{- $_ := set $values "key" (printf "${GITEA_OAUTH_KEY_%d}" $idx) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (hasKey $values "secret") -}}
|
||||
{{- $_ := set $values "secret" (printf "${GITEA_OAUTH_SECRET_%d}" $idx) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $key, $val := $values -}}
|
||||
{{- if ne $key "enabled" -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ($val | squote) -}}
|
||||
{{- if and (ne $key "enabled") (ne $key "existingSecret") -}}
|
||||
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -142,6 +142,22 @@ spec:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.oauth }}
|
||||
{{- range $idx, $value := .Values.gitea.oauth }}
|
||||
{{- if $value.existingSecret }}
|
||||
- name: GITEA_OAUTH_KEY_{{ $idx }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: key
|
||||
name: {{ $value.existingSecret }}
|
||||
- name: GITEA_OAUTH_SECRET_{{ $idx }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: secret
|
||||
name: {{ $value.existingSecret }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.gitea.admin.existingSecret }}
|
||||
- name: GITEA_ADMIN_USERNAME
|
||||
valueFrom:
|
||||
|
|
|
@ -181,11 +181,13 @@ gitea:
|
|||
# usernameAttribute:
|
||||
# publicSSHKeyAttribute:
|
||||
|
||||
# Either specify inline `key` and `secret` or refer to them via `existingSecret`
|
||||
oauth: []
|
||||
# - name: 'OAuth 1'
|
||||
# provider:
|
||||
# key:
|
||||
# secret:
|
||||
# existingSecret:
|
||||
# autoDiscoverUrl:
|
||||
# useCustomUrls:
|
||||
# customAuthUrl:
|
||||
|
|
Loading…
Reference in New Issue
Block a user
we could add oauth password/secret key deployment via existing secrets like in the ldap settings. Otherwise idx won't be needed here.