forked from k-space/kube
gitea: Cleanup config and rotate secrets
This commit is contained in:
parent
f0c4be9b7d
commit
ca4ded3d0d
@ -12,6 +12,26 @@ spec:
|
|||||||
name: default
|
name: default
|
||||||
secretName: git-tls
|
secretName: git-tls
|
||||||
---
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: SecretClaim
|
||||||
|
metadata:
|
||||||
|
name: gitea-security-secret-key
|
||||||
|
spec:
|
||||||
|
size: 32
|
||||||
|
mapping:
|
||||||
|
- key: secret
|
||||||
|
value: "%(plaintext)s"
|
||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: SecretClaim
|
||||||
|
metadata:
|
||||||
|
name: gitea-security-internal-token
|
||||||
|
spec:
|
||||||
|
size: 32
|
||||||
|
mapping:
|
||||||
|
- key: secret
|
||||||
|
value: "%(plaintext)s"
|
||||||
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: OIDCGWClient
|
kind: OIDCGWClient
|
||||||
metadata:
|
metadata:
|
||||||
@ -55,8 +75,8 @@ spec:
|
|||||||
- name: gitea
|
- name: gitea
|
||||||
image: gitea/gitea:1.20.2
|
image: gitea/gitea:1.20.2
|
||||||
env:
|
env:
|
||||||
- name: GITEA__OPENID__ENABLE_OPENID_SIGNIN
|
- name: GITEA__ADMIN__DISABLE_REGULAR_ORG_CREATION
|
||||||
value: "false"
|
value: "true"
|
||||||
- name: GITEA__SERVER__SSH_SERVER_HOST_KEYS
|
- name: GITEA__SERVER__SSH_SERVER_HOST_KEYS
|
||||||
value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519
|
value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519
|
||||||
- name: GITEA__SERVER__START_SSH_SERVER
|
- name: GITEA__SERVER__START_SSH_SERVER
|
||||||
@ -97,10 +117,6 @@ spec:
|
|||||||
value: "false"
|
value: "false"
|
||||||
- name: GITEA__SECURITY__INSTALL_LOCK
|
- name: GITEA__SECURITY__INSTALL_LOCK
|
||||||
value: "true"
|
value: "true"
|
||||||
- name: GITEA__SECURITY__SECRET_KEY
|
|
||||||
value: t2RrFCn4Q22MFPc
|
|
||||||
- name: GITEA__SECURITY__LOGIN_REMEMBER_DAYS
|
|
||||||
value: "30"
|
|
||||||
- name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM
|
- name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM
|
||||||
value: "true"
|
value: "true"
|
||||||
- name: GITEA__SERVICE__DISABLE_REGISTRATION
|
- name: GITEA__SERVICE__DISABLE_REGISTRATION
|
||||||
@ -125,10 +141,6 @@ spec:
|
|||||||
value: "false"
|
value: "false"
|
||||||
- name: GITEA__CRON__ENABLED
|
- name: GITEA__CRON__ENABLED
|
||||||
value: "true"
|
value: "true"
|
||||||
- name: GITEA__I18N__LANGS
|
|
||||||
value: en-US
|
|
||||||
- name: GITEA__I18N__NAMES
|
|
||||||
value: English
|
|
||||||
- name: GITEA__DATABASE__PASSWD
|
- name: GITEA__DATABASE__PASSWD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
@ -147,8 +159,13 @@ spec:
|
|||||||
- name: GITEA__SECURITY__INTERNAL_TOKEN
|
- name: GITEA__SECURITY__INTERNAL_TOKEN
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: gitea-secrets
|
name: gitea-security-internal-token
|
||||||
key: GITEA__SECURITY__INTERNAL_TOKEN
|
key: secret
|
||||||
|
- name: GITEA__SECURITY__SECRET_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: gitea-security-secret-key
|
||||||
|
key: secret
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
name: http
|
name: http
|
||||||
@ -199,4 +216,3 @@ spec:
|
|||||||
name: https
|
name: https
|
||||||
targetPort: 3000
|
targetPort: 3000
|
||||||
sessionAffinity: ClientIP
|
sessionAffinity: ClientIP
|
||||||
publishNotReadyAddresses: true
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user