missing examples for additional secret config sources #286

New Issue

Closed

opened 2022-01-30 16:53:43 +00:00 by volker.raschek · 5 comments

volker.raschek commented 2022-01-30 16:53:43 +00:00 (Migrated from gitea.com)

Copy Link

Hi,

I tried to move the database and mail credentials into a seperate secret. For example the database credentials:

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  USER: myuser
  PASSWD: mysecretpassword

The secret is included via additionalConfigSources:

gitea:
  additionalConfigSources:
    - secret:
        secretName: gitea-app-ini-database

The database section of the app.ini contains only values which must not be protected.

gitea: 
  config:
    database:
      CHARSET: utf8
      DB_TYPE: postgres
      HOST: myhost:5432
      NAME: postgres
      SSL_MODE: disable
      SCHEMA: gitea

If i deploy this configuration, I get an Init:CrashLoopBackOff error. There is only one example to include app.ini configurations via gitea-app-ini-plaintext. Unfortunately none with a secret. It would be great if someone here could help me and expand the README for an example with an additionalConfig as secret.

Hi, I tried to move the database and mail credentials into a seperate secret. For example the database credentials: ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: USER: myuser PASSWD: mysecretpassword ``` The secret is included via `additionalConfigSources`: ```yaml gitea: additionalConfigSources: - secret: secretName: gitea-app-ini-database ``` The `database` section of the `app.ini` contains only values which must not be protected. ``` gitea: config: database: CHARSET: utf8 DB_TYPE: postgres HOST: myhost:5432 NAME: postgres SSL_MODE: disable SCHEMA: gitea ``` If i deploy this configuration, I get an `Init:CrashLoopBackOff` error. There is only one example to include `app.ini` configurations via `gitea-app-ini-plaintext`. Unfortunately none with a secret. It would be great if someone here could help me and expand the README for an example with an additionalConfig as secret.

volker.raschek commented 2022-01-30 16:58:50 +00:00 (Migrated from gitea.com)

Copy Link

It seems that the bug is already known, because I also use an external database.

https://gitea.com/gitea/helm-chart/pulls/279

It seems that the bug is already known, because I also use an external database. https://gitea.com/gitea/helm-chart/pulls/279

justusbunsi commented 2022-02-01 13:11:30 +00:00 (Migrated from gitea.com)

Copy Link

Hi @volker.raschek. The expected data structure inside a Kubernetes secret and Kubernetes ConfigMap are identical.

Both types are mounted as files into the container. Your secret needs to look like the following:

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  database: |
    USER: myuser
    PASSWD: mysecretpassword

The key database must match the section key inside app.ini and represents a file during ini creation. Let me know if this structure works for you. It should. ?

---

I see that the documentation is not as explaining as hoped. Will update the docs according to that requirement.

Hi @volker.raschek. The expected data structure inside a Kubernetes secret and Kubernetes ConfigMap are identical. Both types are mounted as files into the container. Your secret needs to look like the following: ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: database: | USER: myuser PASSWD: mysecretpassword ``` The key `database` must match the section key inside `app.ini` and represents a file during ini creation. Let me know if this structure works for you. It should. ? --- I see that the documentation is not as explaining as hoped. Will update the docs according to that requirement.

volker.raschek commented 2022-02-01 21:58:33 +00:00 (Migrated from gitea.com)

Copy Link

Hi @justusbunsi,

Your secret needs to look like the following:

I adapted my secret. The database key was invalid. I tried to deploy gitea again with the credentials stored as secret. I received an other error from an init-container, that the database setting is invalid:

$ kubectl logs gitea-0 -c init-app-ini | tail -n 3
Processing additionals...
  database
  ! invalid setting

The secret looks like your example above. I don't know why it does not work. Any idea?

Hi @justusbunsi, > Your secret needs to look like the following: I adapted my secret. The `database` key was invalid. I tried to deploy gitea again with the credentials stored as secret. I received an other error from an init-container, that the database setting is invalid: ```bash $ kubectl logs gitea-0 -c init-app-ini | tail -n 3 Processing additionals... database ! invalid setting ``` The secret looks like your example above. I don't know why it does not work. Any idea?

justusbunsi commented 2022-02-02 04:53:19 +00:00 (Migrated from gitea.com)

Copy Link

Oh. I forgot to change one little but important thing in my snippet. The : need to be =.

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  database: |
    USER=myuser
    PASSWD=mysecretpassword

Please try this again.

Oh. I forgot to change one little but important thing in my snippet. The : need to be =. ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: database: | USER=myuser PASSWD=mysecretpassword ``` Please try this again.

volker.raschek commented 2022-02-02 15:32:21 +00:00 (Migrated from gitea.com)

Copy Link

Hi @justusbunsi,

this works. Thanks a lot for your help.

I think this should be documented to avoid issues related to this topic in future.

Volker

Hi @justusbunsi, this works. Thanks a lot for your help. I think this should be documented to avoid issues related to this topic in future. Volker

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

renovate/postgresql-ha-15.x

renovate/postgresql-16.x

renovate/redis-20.x

renovate/redis-cluster-11.x

fix-674

app-ini-recreation

fix-env-to-ini

clean-app-ini

gitea-ha

v10.6.0

v10.5.0

v10.4.1

v10.4.0

v10.3.0

v10.2.0

v10.1.4

v10.1.3

v10.1.2

v10.1.1

v10.1.0

v10.0.2

v10.0.1

v10.0.0

v9.6.1

v9.6.0

v9.5.1

v9.5.0

v9.4.0

v9.3.0

v9.2.1

v9.2.0

v9.1.0

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.3.0

v8.2.0

v8.1.0

v8.0.3

v8.0.2

v8.0.1

v8.0.0

v7.0.4

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.9

v5.0.8

v5.0.7

v5.0.6

v5.0.5

v5.0.4

v5.0.3

v5.0.2

v5.0.1

v5.0.0

v4.1.1

v4.1.0

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.0

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.11

v2.1.10

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

Labels

Clear labels

has/backport

in progress

invalid

kind/breaking

kind/bug

kind/build

kind/dependency

kind/deployment

kind/docs

kind/enhancement

kind/feature

kind/lint

kind/proposal

kind/question

kind/refactor

kind/security

kind/testing

kind/translation

kind/ui

need/backport

priority/critical

priority/low

priority/maybe

priority/medium

reviewed/duplicate

reviewed/invalid

reviewed/wontfix

skip-changelog

status/blocked

status/needs-feedback

status/needs-reviews

status/wip

upstream/gitea

upstream/other

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

lunny

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lunny/helm-chart#286

No description provided.