Started updating mailer-config
Configured secret env vars for mailer credentials to be loaded at pod runtime. We may want to write our credentials to an encrypted file so we can use the __FILE feature described here: https://github.com/go-gitea/gitea/issues/19856. Or we may want to encrypt our secrets as described here: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
This commit is contained in:
parent
09a471d5e5
commit
e4946b4fa0
4 changed files with 35 additions and 2 deletions
|
@ -6,6 +6,7 @@
|
||||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||||
[dda.c4k-common.yaml :as yaml]
|
[dda.c4k-common.yaml :as yaml]
|
||||||
[dda.c4k-common.common :as cm]
|
[dda.c4k-common.common :as cm]
|
||||||
|
[dda.c4k-common.base64 :as b64]
|
||||||
[dda.c4k-common.predicate :as pred]
|
[dda.c4k-common.predicate :as pred]
|
||||||
[dda.c4k-common.postgres :as postgres]))
|
[dda.c4k-common.postgres :as postgres]))
|
||||||
|
|
||||||
|
@ -27,6 +28,7 @@
|
||||||
"gitea/deployment.yaml" (rc/inline "gitea/deployment.yaml")
|
"gitea/deployment.yaml" (rc/inline "gitea/deployment.yaml")
|
||||||
"gitea/certificate.yaml" (rc/inline "gitea/certificate.yaml")
|
"gitea/certificate.yaml" (rc/inline "gitea/certificate.yaml")
|
||||||
"gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml")
|
"gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml")
|
||||||
|
"gitea/secrets.yaml" (rc/inline "gitea/secrets.yaml")
|
||||||
"gitea/services.yaml" (rc/inline "gitea/services.yaml")
|
"gitea/services.yaml" (rc/inline "gitea/services.yaml")
|
||||||
"gitea/traefik-middleware.yaml" (rc/inline "gitea/traefik-middleware.yaml")
|
"gitea/traefik-middleware.yaml" (rc/inline "gitea/traefik-middleware.yaml")
|
||||||
"gitea/volumes.yaml" (rc/inline "gitea/volumes.yaml")
|
"gitea/volumes.yaml" (rc/inline "gitea/volumes.yaml")
|
||||||
|
@ -47,6 +49,15 @@
|
||||||
(cm/replace-all-matching-values-by-new-value "DBUSER" postgres-db-user)
|
(cm/replace-all-matching-values-by-new-value "DBUSER" postgres-db-user)
|
||||||
(cm/replace-all-matching-values-by-new-value "DBPW" postgres-db-password))))
|
(cm/replace-all-matching-values-by-new-value "DBPW" postgres-db-password))))
|
||||||
|
|
||||||
|
(defn-spec generate-secrets pred/map-or-seq?
|
||||||
|
[config config?]
|
||||||
|
(let [{:keys [mailer-user mailer-pw]} config]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "gitea/secrets.yaml")
|
||||||
|
(cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user))
|
||||||
|
(cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw))
|
||||||
|
)))
|
||||||
|
|
||||||
(defn-spec generate-ingress pred/map-or-seq?
|
(defn-spec generate-ingress pred/map-or-seq?
|
||||||
[config config?]
|
[config config?]
|
||||||
(let [{:keys [fqdn issuer]} config]
|
(let [{:keys [fqdn issuer]} config]
|
||||||
|
|
|
@ -55,7 +55,7 @@ data:
|
||||||
[picture]
|
[picture]
|
||||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||||
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
||||||
DISABLE_GRAVATAR = false
|
DISABLE_GRAVATAR = true # do we want our gitea talking to gravatar?
|
||||||
ENABLE_FEDERATED_AVATAR = true
|
ENABLE_FEDERATED_AVATAR = true
|
||||||
|
|
||||||
[attachment]
|
[attachment]
|
||||||
|
@ -91,7 +91,13 @@ data:
|
||||||
;JWT_SECRET =
|
;JWT_SECRET =
|
||||||
|
|
||||||
[mailer]
|
[mailer]
|
||||||
ENABLED = false
|
ENABLED = false
|
||||||
|
FROM = gitea@meissa-gmbh.de
|
||||||
|
MAILER_TYPE = smtp
|
||||||
|
HOST = mail.routing.net:587
|
||||||
|
IS_TLS_ENABLED = true
|
||||||
|
USER =
|
||||||
|
PASSWD =
|
||||||
|
|
||||||
[openid]
|
[openid]
|
||||||
ENABLE_OPENID_SIGNIN = true
|
ENABLE_OPENID_SIGNIN = true
|
||||||
|
|
|
@ -24,6 +24,8 @@ spec:
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
name: gitea-env
|
name: gitea-env
|
||||||
|
- secretRef:
|
||||||
|
name: gitea-secrets
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: app-ini-config-volume
|
- name: app-ini-config-volume
|
||||||
mountPath: "/tmp/app.ini"
|
mountPath: "/tmp/app.ini"
|
||||||
|
@ -32,6 +34,8 @@ spec:
|
||||||
mountPath: "/var/lib/gitea"
|
mountPath: "/var/lib/gitea"
|
||||||
- name: gitea-data-volume
|
- name: gitea-data-volume
|
||||||
mountPath: "/data"
|
mountPath: "/data"
|
||||||
|
- name: gitea-secret-volume
|
||||||
|
mountPath: "/run/secrets"
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 22
|
- containerPort: 22
|
||||||
name: git-ssh
|
name: git-ssh
|
||||||
|
@ -47,3 +51,7 @@ spec:
|
||||||
- name: gitea-data-volume
|
- name: gitea-data-volume
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: gitea-data-pvc
|
claimName: gitea-data-pvc
|
||||||
|
- name: gitea-secret-volume
|
||||||
|
secret:
|
||||||
|
secretName: gitea-secrets
|
||||||
|
|
||||||
|
|
8
src/main/resources/gitea/secrets.yaml
Normal file
8
src/main/resources/gitea/secrets.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: gitea-secrets
|
||||||
|
data:
|
||||||
|
GITEA__mailer__USER: MAILERUSER
|
||||||
|
GITEA__mailer__PASSWD: MAILERPW
|
||||||
|
|
Loading…
Reference in a new issue