volker.raschek/helm-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

0 Releases 110 Tags

  • v2.1.7 57479bdf37

    enhancements to support postgres client-cert authentication (#47)

    Ghost released this 2021-01-20 12:28:39 +01:00 | 474 commits to main since this release

    This PR adds a few new chart features which adds to the flexibility of the chart.

    • allow extra volumes to be mounted (such as secrets): 2f862c5a48
    • pass environment variables also to the init-container: 7044049478
    • allow a preparation script to be "injected" into the init-container: 6125a69345

    As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a gitea-postgres-ssl secret:

    apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: gitea-postgres-ssl
data:
  postgresql.crt: <base64...>
  postgresql.key: <base64...>
  root.crt: <base64...>

    and then mounting this as a volume in Gitea using:

    extraVolumes:
- name: postgres-ssl-vol
  secret:
    secretName: gitea-postgres-ssl

extraVolumeMounts:
- name: postgres-ssl-vol
  readOnly: true
  mountPath: "/pg-ssl"

    To get the right permissions on the credentials, we'd use the initPreScript:

    initPreScript: |
  # copy postgres client and CA cert from mount and
  # give proper permissions
  mkdir -p /data/git/.postgresql
  cp /pg-ssl/* /data/git/.postgresql/
  chown -R git:git /data/git/.postgresql/
  chmod 400 /data/git/.postgresql/postgresql.key

    and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container):

    statefulset:
  env:
  - name:  "PGSSLCERT"
    value: "/data/git/.postgresql/postgresql.crt"
  - name:  "PGSSLKEY"
    value: "/data/git/.postgresql/postgresql.key"
  - name:  "PGSSLROOTCERT"
    value: "/data/git/.postgresql/root.crt"

    Co-authored-by: Peter GardfjÀll peter.gardfjall.work@gmail.com
    Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47
    Reviewed-by: luhahn luhahn@noreply.gitea.io
    Reviewed-by: 6543 6543@obermui.de
    Co-authored-by: petergardfjall petergardfjall@noreply.gitea.io
    Co-committed-by: petergardfjall petergardfjall@noreply.gitea.io

    Downloads