volker.raschek/helm-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(service-monitor): support bearer token authentication on metrics endpoint (#719)

Browse Source 
### Benefits

Can protect metrics endpoint with `Bearer` token authentication provided by gitea.
see PR #637 for previous discussion.

### Possible drawbacks

No possible drawbacks

### Applicable issues

- fixes #635

### Additional information

```
gitea:
  metrics:
    enabled: true
    token: "somepassword"
    serviceMonitor:
      enabled: true
```

Using above configuration is sufficient to secure /metrics endpoint with bearer token and corresponding ServiceMonitor.

### Checklist

- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [ ] ~~Breaking changes are documented in the `README.md`~~ Not applicable
- [x] Templating unittests are added

Signed-off-by: Hitesh Nayak <hiteshnayak305@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/719
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: Hitesh Nayak <hiteshnayak305@gmail.com>
Co-committed-by: Hitesh Nayak <hiteshnayak305@gmail.com>
This commit is contained in:
Hitesh Nayak
2024-11-30 13:59:29 +00:00
committed by justusbunsi
parent 3bacaaad84
commit 389a8460e4
10 changed files with 253 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
templates/_helpers.tpl
View File

@ -311,6 +311,9 @@ https
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
{{- end -}}
{{- if and (not (hasKey .Values.gitea.config.metrics "TOKEN")) (.Values.gitea.metrics.token) (.Values.gitea.metrics.enabled) -}}
{{- $_ := set .Values.gitea.config.metrics "TOKEN" .Values.gitea.metrics.token -}}
{{- end -}}
{{- /* redis queue */ -}}
{{- if or ((index .Values "redis-cluster").enabled) ((index .Values "redis").enabled) -}}
{{- $_ := set .Values.gitea.config.queue "TYPE" "redis" -}}
@ -465,3 +468,7 @@ https
{{- end -}}
{{- toYaml $probe -}}
{{- end -}}
{{- define "gitea.metrics-secret-name" -}}
{{ default (printf "%s-metrics-secret" (include "gitea.fullname" .)) }}
{{- end -}}

12
templates/gitea/metrics-secret.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if and (.Values.gitea.metrics.enabled) (.Values.gitea.metrics.serviceMonitor.enabled) (.Values.gitea.metrics.token) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "gitea.metrics-secret-name" . }}
namespace: {{ .Values.namespace | default .Release.Namespace }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
type: Opaque
data:
token: {{ .Values.gitea.metrics.token | b64enc }}
{{- end }}

8
templates/gitea/servicemonitor.yaml
View File

@ -32,4 +32,12 @@ spec:
tlsConfig:
{{- . | toYaml | nindent 6 }}
{{- end }}
{{- if .Values.gitea.metrics.token }}
authorization:
type: Bearer
credentials:
name: {{ include "gitea.metrics-secret-name" . }}
key: token
optional: false
{{- end }}
{{- end -}}