gitea: Cleanup config and rotate secrets

This commit is contained in:
Lauri Võsandi 2023-08-14 23:38:01 +03:00
parent f0c4be9b7d
commit ca4ded3d0d

View File

@ -12,6 +12,26 @@ spec:
name: default name: default
secretName: git-tls secretName: git-tls
--- ---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: gitea-security-secret-key
spec:
size: 32
mapping:
- key: secret
value: "%(plaintext)s"
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: gitea-security-internal-token
spec:
size: 32
mapping:
- key: secret
value: "%(plaintext)s"
---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: OIDCGWClient kind: OIDCGWClient
metadata: metadata:
@ -55,8 +75,8 @@ spec:
- name: gitea - name: gitea
image: gitea/gitea:1.20.2 image: gitea/gitea:1.20.2
env: env:
- name: GITEA__OPENID__ENABLE_OPENID_SIGNIN - name: GITEA__ADMIN__DISABLE_REGULAR_ORG_CREATION
value: "false" value: "true"
- name: GITEA__SERVER__SSH_SERVER_HOST_KEYS - name: GITEA__SERVER__SSH_SERVER_HOST_KEYS
value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519 value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519
- name: GITEA__SERVER__START_SSH_SERVER - name: GITEA__SERVER__START_SSH_SERVER
@ -97,10 +117,6 @@ spec:
value: "false" value: "false"
- name: GITEA__SECURITY__INSTALL_LOCK - name: GITEA__SECURITY__INSTALL_LOCK
value: "true" value: "true"
- name: GITEA__SECURITY__SECRET_KEY
value: t2RrFCn4Q22MFPc
- name: GITEA__SECURITY__LOGIN_REMEMBER_DAYS
value: "30"
- name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM - name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM
value: "true" value: "true"
- name: GITEA__SERVICE__DISABLE_REGISTRATION - name: GITEA__SERVICE__DISABLE_REGISTRATION
@ -125,10 +141,6 @@ spec:
value: "false" value: "false"
- name: GITEA__CRON__ENABLED - name: GITEA__CRON__ENABLED
value: "true" value: "true"
- name: GITEA__I18N__LANGS
value: en-US
- name: GITEA__I18N__NAMES
value: English
- name: GITEA__DATABASE__PASSWD - name: GITEA__DATABASE__PASSWD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@ -147,8 +159,13 @@ spec:
- name: GITEA__SECURITY__INTERNAL_TOKEN - name: GITEA__SECURITY__INTERNAL_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-secrets name: gitea-security-internal-token
key: GITEA__SECURITY__INTERNAL_TOKEN key: secret
- name: GITEA__SECURITY__SECRET_KEY
valueFrom:
secretKeyRef:
name: gitea-security-secret-key
key: secret
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http name: http
@ -199,4 +216,3 @@ spec:
name: https name: https
targetPort: 3000 targetPort: 3000
sessionAffinity: ClientIP sessionAffinity: ClientIP
publishNotReadyAddresses: true