k-space/kube
12
1
Fork 3
Code Issues 62 Pull Requests 1 Wiki Activity

gitea: Cleanup config and rotate secrets

Browse Source
This commit is contained in:
Lauri Võsandi
2023-08-14 23:38:01 +03:00
parent f0c4be9b7d
commit ca4ded3d0d
1 changed files with 29 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
gitea/application.yaml
View File

@@ -12,6 +12,26 @@ spec:
name: default name: default
secretName: git-tls secretName: git-tls
--- ---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: gitea-security-secret-key
spec:
size: 32
mapping:
- key: secret
value: "%(plaintext)s"
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: gitea-security-internal-token
spec:
size: 32
mapping:
- key: secret
value: "%(plaintext)s"
---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: OIDCGWClient kind: OIDCGWClient
metadata: metadata:
@@ -55,8 +75,8 @@ spec:
- name: gitea - name: gitea
image: gitea/gitea:1.20.2 image: gitea/gitea:1.20.2
env: env:
- name: GITEA__OPENID__ENABLE_OPENID_SIGNIN - name: GITEA__ADMIN__DISABLE_REGULAR_ORG_CREATION
value: "false" value: "true"
- name: GITEA__SERVER__SSH_SERVER_HOST_KEYS - name: GITEA__SERVER__SSH_SERVER_HOST_KEYS
value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519 value: ssh/gitea.rsa,ssh/gitea.ecdsa,ssh/gitea.ed25519
- name: GITEA__SERVER__START_SSH_SERVER - name: GITEA__SERVER__START_SSH_SERVER
@@ -97,10 +117,6 @@ spec:
value: "false" value: "false"
- name: GITEA__SECURITY__INSTALL_LOCK - name: GITEA__SECURITY__INSTALL_LOCK
value: "true" value: "true"
- name: GITEA__SECURITY__SECRET_KEY
value: t2RrFCn4Q22MFPc
- name: GITEA__SECURITY__LOGIN_REMEMBER_DAYS
value: "30"
- name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM - name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM
value: "true" value: "true"
- name: GITEA__SERVICE__DISABLE_REGISTRATION - name: GITEA__SERVICE__DISABLE_REGISTRATION
@@ -125,10 +141,6 @@ spec:
value: "false" value: "false"
- name: GITEA__CRON__ENABLED - name: GITEA__CRON__ENABLED
value: "true" value: "true"
- name: GITEA__I18N__LANGS
value: en-US
- name: GITEA__I18N__NAMES
value: English
- name: GITEA__DATABASE__PASSWD - name: GITEA__DATABASE__PASSWD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -147,8 +159,13 @@ spec:
- name: GITEA__SECURITY__INTERNAL_TOKEN - name: GITEA__SECURITY__INTERNAL_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-secrets name: gitea-security-internal-token
key: GITEA__SECURITY__INTERNAL_TOKEN key: secret
- name: GITEA__SECURITY__SECRET_KEY
valueFrom:
secretKeyRef:
name: gitea-security-secret-key
key: secret
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http name: http
@@ -199,4 +216,3 @@ spec:
name: https name: https
targetPort: 3000 targetPort: 3000
sessionAffinity: ClientIP sessionAffinity: ClientIP
publishNotReadyAddresses: true