diff --git a/template/stacks/core/argocd/manifests/argocd-forgejo-access-token.yaml b/template/stacks/core/argocd/manifests/argocd-forgejo-access-token.yaml deleted file mode 100644 index 8003a1f..0000000 --- a/template/stacks/core/argocd/manifests/argocd-forgejo-access-token.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: forgejo-access-token - namespace: argocd -spec: - secretStoreRef: - name: gitea - kind: ClusterSecretStore - refreshInterval: "0" - target: - name: forgejo-access-token - template: - engineVersion: v2 - data: - forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}" - forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}" - metadata: - labels: - app.kubernetes.io/part-of: argocd - data: - - secretKey: FORGEJO_ACCESS_USERNAME - remoteRef: - key: forgejo-access-token - property: username - - secretKey: FORGEJO_ACCESS_TOKEN - remoteRef: - key: forgejo-access-token - property: token diff --git a/template/stacks/core/argocd/manifests/argocd-secret.yaml b/template/stacks/core/argocd/manifests/argocd-secret.yaml deleted file mode 100644 index 105bdf4..0000000 --- a/template/stacks/core/argocd/manifests/argocd-secret.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: auth-generic-oauth-secret - namespace: argocd -spec: - secretStoreRef: - name: keycloak - kind: ClusterSecretStore - refreshInterval: "0" - target: - name: auth-generic-oauth-secret - template: - engineVersion: v2 - data: - client_secret: "{{.ARGOCD_CLIENT_SECRET}}" - metadata: - labels: - app.kubernetes.io/part-of: argocd - data: - - secretKey: ARGOCD_CLIENT_SECRET - remoteRef: - key: keycloak-clients - property: ARGOCD_CLIENT_SECRET \ No newline at end of file diff --git a/template/stacks/core/argocd/manifests/argocd-sso-config.yaml b/template/stacks/core/argocd/manifests/argocd-sso-config.yaml deleted file mode 100644 index 27160cf..0000000 --- a/template/stacks/core/argocd/manifests/argocd-sso-config.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: argocd-config - namespace: argocd -spec: - template: - metadata: - generateName: argocd-config- - spec: - restartPolicy: OnFailure - containers: - - name: push - image: docker.io/library/ubuntu:22.04 - env: - - name: FORGEJO_USER - valueFrom: - secretKeyRef: - name: forgejo-access-token - key: forgejo_username - - name: FORGEJO_TOKEN - valueFrom: - secretKeyRef: - name: forgejo-access-token - key: forgejo_token - command: ["/bin/bash", "-c"] - args: - - | - #! /bin/bash - - apt -qq update - apt -qq install git wget -y - if [[ "$(uname -m)" == "x86_64" ]]; then - wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 - install yq_linux_amd64 /usr/local/bin/yq - rm yq_linux_amd64 - else - wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64 - install yq_linux_arm64 /usr/local/bin/yq - rm yq_linux_arm64 - fi - - git config --global user.email "bot@bots.de" - git config --global user.name "bot" - - git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git - cd edfbuilder - yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml - - git add stacks/core/argocd/values.yaml - git commit -m "adds Forgejo SSO config" - git push - backoffLimit: 99 \ No newline at end of file diff --git a/template/stacks/core/forgejo/manifests/forgejo-access-token.yaml b/template/stacks/core/forgejo/manifests/forgejo-access-token.yaml deleted file mode 100644 index 215af67..0000000 --- a/template/stacks/core/forgejo/manifests/forgejo-access-token.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: forgejo-access-token - namespace: gitea -spec: - secretStoreRef: - name: gitea - kind: ClusterSecretStore - refreshInterval: "0" - target: - name: forgejo-access-token - template: - engineVersion: v2 - data: - forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}" - forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}" - data: - - secretKey: FORGEJO_ACCESS_USERNAME - remoteRef: - key: forgejo-access-token - property: username - - secretKey: FORGEJO_ACCESS_TOKEN - remoteRef: - key: forgejo-access-token - property: token diff --git a/template/stacks/core/forgejo/manifests/forgejo-secret.yaml b/template/stacks/core/forgejo/manifests/forgejo-secret.yaml deleted file mode 100644 index d449c24..0000000 --- a/template/stacks/core/forgejo/manifests/forgejo-secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: auth-generic-oauth-secret - namespace: gitea -spec: - secretStoreRef: - name: keycloak - kind: ClusterSecretStore - refreshInterval: "0" - target: - name: auth-generic-oauth-secret - template: - engineVersion: v2 - data: - key: "{{.FORGEJO_CLIENT_ID}}" - secret: "{{.FORGEJO_CLIENT_SECRET}}" - data: - - secretKey: FORGEJO_CLIENT_ID - remoteRef: - key: keycloak-clients - property: FORGEJO_CLIENT_ID - - secretKey: FORGEJO_CLIENT_SECRET - remoteRef: - key: keycloak-clients - property: FORGEJO_CLIENT_SECRET diff --git a/template/stacks/core/forgejo/manifests/forgejo-sso-config.yaml b/template/stacks/core/forgejo/manifests/forgejo-sso-config.yaml deleted file mode 100644 index 875e348..0000000 --- a/template/stacks/core/forgejo/manifests/forgejo-sso-config.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: forgejo-config - namespace: gitea -spec: - template: - metadata: - generateName: forgejo-config- - spec: - restartPolicy: OnFailure - containers: - - name: push - image: docker.io/library/ubuntu:22.04 - env: - - name: FORGEJO_USER - valueFrom: - secretKeyRef: - name: forgejo-access-token - key: forgejo_username - - name: FORGEJO_TOKEN - valueFrom: - secretKeyRef: - name: forgejo-access-token - key: forgejo_token - command: ["/bin/bash", "-c"] - args: - - | - #! /bin/bash - - apt -qq update - apt -qq install git wget -y - if [[ "$(uname -m)" == "x86_64" ]]; then - wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 - install yq_linux_amd64 /usr/local/bin/yq - rm yq_linux_amd64 - else - wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64 - install yq_linux_arm64 /usr/local/bin/yq - rm yq_linux_arm64 - fi - - git config --global user.email "bot@bots.de" - git config --global user.name "giteaAdmin" - - git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git - cd edfbuilder - yq eval ".gitea.oauth = [ - { - \"name\": \"Keycloak\", - \"provider\": \"openidConnect\", - \"existingSecret\": \"auth-generic-oauth-secret\", - \"autoDiscoverUrl\": \"https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/.well-known/openid-configuration\" - } - ] | - (.gitea.oauth[] | .name) |= (. style=\"single\") - | - (.gitea.oauth[] | .provider) |= (. style=\"single\") - | - (.gitea.oauth[] | .existingSecret) |= (. style=\"single\") - | - (.gitea.oauth[] | .autoDiscoverUrl) |= (. style=\"single\") - " -i stacks/core/forgejo/values.yaml - - yq eval '.gitea.config.oauth2_client = - { - "ENABLE_AUTO_REGISTRATION" : true, - "ACCOUNT_LINKING" : "auto" - } - ' -i stacks/core/forgejo/values.yaml - - git add stacks/core/forgejo/values.yaml - git commit -m "adds Forgejo SSO config" - git push - backoffLimit: 99 \ No newline at end of file diff --git a/template/stacks/core/forgejo/manifests/secret-forgejo.yaml b/template/stacks/core/forgejo/manifests/secret-forgejo.yaml deleted file mode 100644 index d449c24..0000000 --- a/template/stacks/core/forgejo/manifests/secret-forgejo.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: auth-generic-oauth-secret - namespace: gitea -spec: - secretStoreRef: - name: keycloak - kind: ClusterSecretStore - refreshInterval: "0" - target: - name: auth-generic-oauth-secret - template: - engineVersion: v2 - data: - key: "{{.FORGEJO_CLIENT_ID}}" - secret: "{{.FORGEJO_CLIENT_SECRET}}" - data: - - secretKey: FORGEJO_CLIENT_ID - remoteRef: - key: keycloak-clients - property: FORGEJO_CLIENT_ID - - secretKey: FORGEJO_CLIENT_SECRET - remoteRef: - key: keycloak-clients - property: FORGEJO_CLIENT_SECRET