lunny/helm-chart
1
0
Fork 1
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

missing examples for additional secret config sources #286

New Issue
Closed
opened 2022-01-30 16:53:43 +00:00 by volker.raschek · 5 comments
volker.raschek commented 2022-01-30 16:53:43 +00:00 (Migrated from gitea.com)
Copy Link
Copy Source

Hi,

I tried to move the database and mail credentials into a seperate secret. For example the database credentials:

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  USER: myuser
  PASSWD: mysecretpassword

The secret is included via additionalConfigSources:

gitea:
  additionalConfigSources:
    - secret:
        secretName: gitea-app-ini-database

The database section of the app.ini contains only values which must not be protected.

gitea: 
  config:
    database:
      CHARSET: utf8
      DB_TYPE: postgres
      HOST: myhost:5432
      NAME: postgres
      SSL_MODE: disable
      SCHEMA: gitea

If i deploy this configuration, I get an Init:CrashLoopBackOff error. There is only one example to include app.ini configurations via gitea-app-ini-plaintext. Unfortunately none with a secret. It would be great if someone here could help me and expand the README for an example with an additionalConfig as secret.

Hi, I tried to move the database and mail credentials into a seperate secret. For example the database credentials: ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: USER: myuser PASSWD: mysecretpassword ``` The secret is included via `additionalConfigSources`: ```yaml gitea: additionalConfigSources: - secret: secretName: gitea-app-ini-database ``` The `database` section of the `app.ini` contains only values which must not be protected. ``` gitea: config: database: CHARSET: utf8 DB_TYPE: postgres HOST: myhost:5432 NAME: postgres SSL_MODE: disable SCHEMA: gitea ``` If i deploy this configuration, I get an `Init:CrashLoopBackOff` error. There is only one example to include `app.ini` configurations via `gitea-app-ini-plaintext`. Unfortunately none with a secret. It would be great if someone here could help me and expand the README for an example with an additionalConfig as secret.
volker.raschek commented 2022-01-30 16:58:50 +00:00 (Migrated from gitea.com)
Copy Link
Copy Source

It seems that the bug is already known, because I also use an external database.

https://gitea.com/gitea/helm-chart/pulls/279

It seems that the bug is already known, because I also use an external database. https://gitea.com/gitea/helm-chart/pulls/279
justusbunsi commented 2022-02-01 13:11:30 +00:00 (Migrated from gitea.com)
Copy Link
Copy Source

Hi @volker.raschek. The expected data structure inside a Kubernetes secret and Kubernetes ConfigMap are identical.

Both types are mounted as files into the container. Your secret needs to look like the following:

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  database: |
    USER: myuser
    PASSWD: mysecretpassword

The key database must match the section key inside app.ini and represents a file during ini creation. Let me know if this structure works for you. It should. ?

I see that the documentation is not as explaining as hoped. Will update the docs according to that requirement.

Hi @volker.raschek. The expected data structure inside a Kubernetes secret and Kubernetes ConfigMap are identical. Both types are mounted as files into the container. Your secret needs to look like the following: ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: database: | USER: myuser PASSWD: mysecretpassword ``` The key `database` must match the section key inside `app.ini` and represents a file during ini creation. Let me know if this structure works for you. It should. ? --- I see that the documentation is not as explaining as hoped. Will update the docs according to that requirement.
volker.raschek commented 2022-02-01 21:58:33 +00:00 (Migrated from gitea.com)
Copy Link
Copy Source

Hi @justusbunsi,

Your secret needs to look like the following:

I adapted my secret. The database key was invalid. I tried to deploy gitea again with the credentials stored as secret. I received an other error from an init-container, that the database setting is invalid:

$ kubectl logs gitea-0 -c init-app-ini | tail -n 3
Processing additionals...
  database
  ! invalid setting

The secret looks like your example above. I don't know why it does not work. Any idea?

Hi @justusbunsi, > Your secret needs to look like the following: I adapted my secret. The `database` key was invalid. I tried to deploy gitea again with the credentials stored as secret. I received an other error from an init-container, that the database setting is invalid: ```bash $ kubectl logs gitea-0 -c init-app-ini | tail -n 3 Processing additionals... database ! invalid setting ``` The secret looks like your example above. I don't know why it does not work. Any idea?
justusbunsi commented 2022-02-02 04:53:19 +00:00 (Migrated from gitea.com)
Copy Link
Copy Source

Oh. I forgot to change one little but important thing in my snippet. The : need to be =.

apiVersion: v1
kind: Secret
metadata:
  name: gitea-app-ini-database
type: Opaque
stringData:
  database: |
    USER=myuser
    PASSWD=mysecretpassword

Please try this again.

Oh. I forgot to change one little but important thing in my snippet. The : need to be =. ```yaml apiVersion: v1 kind: Secret metadata: name: gitea-app-ini-database type: Opaque stringData: database: | USER=myuser PASSWD=mysecretpassword ``` Please try this again.
volker.raschek commented 2022-02-02 15:32:21 +00:00 (Migrated from gitea.com)
Copy Link
Copy Source

Hi @justusbunsi,

this works. Thanks a lot for your help.

I think this should be documented to avoid issues related to this topic in future.

Volker

Hi @justusbunsi, this works. Thanks a lot for your help. I think this should be documented to avoid issues related to this topic in future. Volker
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
has/backport
in progress
invalid
kind/breaking
kind/bug
kind/build
kind/dependency
kind/deployment
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/proposal
kind/question
kind/refactor
kind/security
kind/testing
kind/translation
kind/ui
need/backport
priority/critical
priority/low
priority/maybe
priority/medium
reviewed/duplicate
reviewed/invalid
reviewed/wontfix
skip-changelog
status/blocked
status/needs-feedback
status/needs-reviews
status/wip
upstream/gitea
upstream/other
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
lunny (Lunny Xiao)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: lunny/helm-chart#286
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?