lunny/helm-chart
1
0
Fork 1
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

Rework app.ini generation #239

Merged
luhahn merged 1 commits from refs/pull/239/head into master 2021-11-19 21:15:46 +00:00
Conversation 6 Commits 1 Files Changed 3 +4 -10
3 changed files with 4 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -58,12 +58,11 @@ automatically in certain situations:
- New install: By default the secrets are created automatically. If you provide
secrets via `gitea.config` they will be used instead of automatic generation.
- Existing installs: By default the secrets won't be deployed, neither via
configuration nor via auto generation.
- Existing install with `gitea.enforceAppSecretRecreation`: will allow again automatic
generation or deploy via `gitea.config`
- Existing installs: The secrets won't be deployed, neither via
configuration nor via auto generation. We explicitly prevent to set new secrets.
:rotating_light: Although the Chart provides resetting secret keys, it is
:rotating_light: It would be possible to set new secret keys manually by entering
the running container and rewriting the app.ini by hand. However, this it is
not advisable to do so for existing installations. Certain settings like
_LDAP_ would not be readable anymore.
@ -562,7 +561,6 @@ gitea:
| `initPreScript` | Bash script copied verbatim to start of init container | |
| `securityContext` | Run as a specific securityContext | `{}` |
| `schedulerName` | Use an alternate scheduler, e.g. "stork" | |
| `gitea.enforceAppSecretRecreation` | Enforce new secret key generation (SECRET_KEY, INTERNAL_TOKEN, etc.) | `false` |
### Image

2
templates/gitea/config.yaml
View File

@ -162,13 +162,11 @@ stringData:
{{- end }}
{{- end }}
{{- if not .Values.gitea.enforceAppSecretRecreation }}
# safety to prevent rewrite of secret keys if an app.ini already exists
if [ -f ${GITEA_APP_INI} ]; then
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
unset ENV_TO_INI__SECURITY__SECRET_KEY
unset ENV_TO_INI__OAUTH2__JWT_SECRET
fi
{{- end }}
environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI

2
values.yaml
View File

@ -141,8 +141,6 @@ signing:
gpgHome: /data/git/.gnupg
gitea:
enforceAppSecretRecreation: false
admin:
#existingSecret: gitea-admin-secret
username: gitea_admin