gitea: Cleanup config and rotate secrets
This commit is contained in:
parent
f0c4be9b7d
commit
ca4ded3d0d
@ -12,6 +12,26 @@ spec:
|
||||
name: default
|
||||
secretName: git-tls
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: SecretClaim
|
||||
metadata:
|
||||
name: gitea-security-secret-key
|
||||
spec:
|
||||
size: 32
|
||||
mapping:
|
||||
- key: secret
|
||||
value: "%(plaintext)s"
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: SecretClaim
|
||||
metadata:
|
||||
name: gitea-security-internal-token
|
||||
spec:
|
||||
size: 32
|
||||
mapping:
|
||||
- key: secret
|
||||
value: "%(plaintext)s"
|
||||
---
|
||||
apiVersion: codemowers.io/v1alpha1
|
||||
kind: OIDCGWClient
|
||||
metadata:
|
||||
@ -55,8 +75,8 @@ spec:
|
||||
- name: gitea
|
||||
image: gitea/gitea:1.20.2
|
||||
env:
|
||||
- name: GITEA__OPENID__ENABLE_OPENID_SIGNIN
|
||||
value: "false"
|
||||
- name: GITEA__ADMIN__DISABLE_REGULAR_ORG_CREATION
|
||||
value: "true"
|
||||
- name: GITEA__SERVER__SSH_SERVER_HOST_KEYS
|
||||
value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519
|
||||
- name: GITEA__SERVER__START_SSH_SERVER
|
||||
@ -97,10 +117,6 @@ spec:
|
||||
value: "false"
|
||||
- name: GITEA__SECURITY__INSTALL_LOCK
|
||||
value: "true"
|
||||
- name: GITEA__SECURITY__SECRET_KEY
|
||||
value: t2RrFCn4Q22MFPc
|
||||
- name: GITEA__SECURITY__LOGIN_REMEMBER_DAYS
|
||||
value: "30"
|
||||
- name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM
|
||||
value: "true"
|
||||
- name: GITEA__SERVICE__DISABLE_REGISTRATION
|
||||
@ -125,10 +141,6 @@ spec:
|
||||
value: "false"
|
||||
- name: GITEA__CRON__ENABLED
|
||||
value: "true"
|
||||
- name: GITEA__I18N__LANGS
|
||||
value: en-US
|
||||
- name: GITEA__I18N__NAMES
|
||||
value: English
|
||||
- name: GITEA__DATABASE__PASSWD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@ -147,8 +159,13 @@ spec:
|
||||
- name: GITEA__SECURITY__INTERNAL_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-secrets
|
||||
key: GITEA__SECURITY__INTERNAL_TOKEN
|
||||
name: gitea-security-internal-token
|
||||
key: secret
|
||||
- name: GITEA__SECURITY__SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-security-secret-key
|
||||
key: secret
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
@ -199,4 +216,3 @@ spec:
|
||||
name: https
|
||||
targetPort: 3000
|
||||
sessionAffinity: ClientIP
|
||||
publishNotReadyAddresses: true
|
||||
|
Loading…
Reference in New Issue
Block a user