From 620f7a3fd92c02f260eae6aa5b86822a982c93a4 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Mon, 14 Apr 2025 13:30:50 +0200 Subject: [PATCH 01/30] adds a kubernetes job that configures Forgejo --- .../core/forgejo-sso/forgejo-sso-config.yaml | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 template/stacks/core/forgejo-sso/forgejo-sso-config.yaml diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml new file mode 100644 index 0000000..5d877e4 --- /dev/null +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: forgejo-config + namespace: gitea +# annotations: +# argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + generateName: forgejo-config- + spec: + # serviceAccountName: forgejo-config + restartPolicy: Never + containers: + - name: push + image: docker.io/library/ubuntu:22.04 + command: ["/bin/bash", "-c"] + args: + - | + #! /bin/bash + + apt -qq update + apt -qq install git wget -y + if [[ "$(uname -m)" == "x86_64" ]]; then + wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 + install yq_linux_amd64 /usr/local/bin/yq + rm yq_linux_amd64 + else + wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64 + install yq_linux_arm64 /usr/local/bin/yq + rm yq_linux_arm64 + fi + + DOMAIN=192-168-197-2.c-one-infra.de + GIT_USERNAME=bot + GIT_PASSWORD=ca78ba327f61588a564907638920d163936863c9 + + git config --global user.email "bot@bots.de" + git config --global user.name "bot" + + git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + cd edfbuilder + yq eval ".gitea.oauth = [ + { + \"name\": \"Keycloak\", + \"provider\": \"openidConnect\", + \"existingSecret\": \"auth-generic-oauth-secret\", + \"autoDiscoverUrl\": \"https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration\" + } + ] | + (.gitea.oauth[] | .name) |= (. style=\"single\") + | + (.gitea.oauth[] | .provider) |= (. style=\"single\") + | + (.gitea.oauth[] | .existingSecret) |= (. style=\"single\") + | + (.gitea.oauth[] | .autoDiscoverUrl) |= (. style=\"single\") + " -i stacks/core/forgejo/values.yaml + + yq eval '.gitea.config.oauth2_client = + { + "ENABLE_AUTO_REGISTRATION" : true, + "ACCOUNT_LINKING" : "auto" + } + ' -i stacks/core/forgejo/values.yaml + + git add stacks/core/forgejo/values.yaml + git commit -m "adds Forgejo SSO config" + git push \ No newline at end of file From b533f7adf3d58b37bf578d7c73d144f768719621 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Mon, 14 Apr 2025 16:39:37 +0200 Subject: [PATCH 02/30] adds a kubernetes job that configures ArgoCD --- .../core/argocd-sso/argocd-sso-config.yaml | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 template/stacks/core/argocd-sso/argocd-sso-config.yaml diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml new file mode 100644 index 0000000..5ecfcd8 --- /dev/null +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: argocd-config + namespace: argocd +# annotations: +# argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + generateName: argocd-config- + spec: + # serviceAccountName: argocd-config + restartPolicy: OnFailure + containers: + - name: push + image: docker.io/library/ubuntu:22.04 + envFrom: + - secretRef: + name: auth-generic-oauth-secret # thats the external secret the job should wait for + - secretRef: + name: k8s-job-token # edpbuilder should create this automatically and feed it to this job + command: ["/bin/bash", "-c"] + args: + - | + #! /bin/bash + + if [[ "$client_secret" == "" ]]; + then + exit 1 + fi + + apt -qq update + apt -qq install git wget -y + if [[ "$(uname -m)" == "x86_64" ]]; then + wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 + install yq_linux_amd64 /usr/local/bin/yq + rm yq_linux_amd64 + else + wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64 + install yq_linux_arm64 /usr/local/bin/yq + rm yq_linux_arm64 + fi + + DOMAIN=192-168-197-2.c-one-infra.de + GIT_USERNAME=giteaAdmin + GIT_PASSWORD=2e53bfe27b64a5aa4e8bc591e15b33cc92ff95fa + + git config --global user.email "bot@bots.de" + git config --global user.name "bot" + + git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + cd edfbuilder + yq eval '.configs.cm.oidc.config = + { + "name": "Keycloak", + "issuer": "https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration", + "clientID": "argocd", + "clientSecret": "$auth-generic-oauth-secret:client_secret", + "requestedScopes": ["openid", "profile", "email", "groups"] + } + ' -i stacks/core/argocd/values.yaml + + git add stacks/core/argocd/values.yaml + git commit -m "adds Forgejo SSO config" + git push + backoffLimit: 99 \ No newline at end of file From d90402b74a202718bbde2cef8d580fff1bde2145 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Mon, 14 Apr 2025 16:56:45 +0200 Subject: [PATCH 03/30] renaming --- .../core/forgejo-sso/{secret-forgejo.yaml => forgejo-secret.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename template/stacks/core/forgejo-sso/{secret-forgejo.yaml => forgejo-secret.yaml} (100%) diff --git a/template/stacks/core/forgejo-sso/secret-forgejo.yaml b/template/stacks/core/forgejo-sso/forgejo-secret.yaml similarity index 100% rename from template/stacks/core/forgejo-sso/secret-forgejo.yaml rename to template/stacks/core/forgejo-sso/forgejo-secret.yaml From 701771ad13426ecbbdb3ad15a403fd3f9914f1d0 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Mon, 14 Apr 2025 17:42:27 +0200 Subject: [PATCH 04/30] adds secretRefs to the jobs --- .../core/argocd-sso/argocd-sso-config.yaml | 10 +------- .../core/forgejo-sso/forgejo-sso-config.yaml | 23 ++++++++++++++----- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index 5ecfcd8..7553279 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -52,15 +52,7 @@ spec: git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder - yq eval '.configs.cm.oidc.config = - { - "name": "Keycloak", - "issuer": "https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration", - "clientID": "argocd", - "clientSecret": "$auth-generic-oauth-secret:client_secret", - "requestedScopes": ["openid", "profile", "email", "groups"] - } - ' -i stacks/core/argocd/values.yaml + yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml git add stacks/core/argocd/values.yaml git commit -m "adds Forgejo SSO config" diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index 5d877e4..228ee6f 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -11,16 +11,26 @@ spec: metadata: generateName: forgejo-config- spec: - # serviceAccountName: forgejo-config - restartPolicy: Never + # serviceAccountName: bot + restartPolicy: OnFailure containers: - name: push image: docker.io/library/ubuntu:22.04 + envFrom: + - secretRef: + name: auth-generic-oauth-secret # thats the external secret the job should wait for + - secretRef: + name: k8s-job-token # edpbuilder should create this automatically and feed it to this job command: ["/bin/bash", "-c"] args: - | #! /bin/bash + if [[ "$client_secret" == "" ]]; + then + exit 1 + fi + apt -qq update apt -qq install git wget -y if [[ "$(uname -m)" == "x86_64" ]]; then @@ -34,11 +44,11 @@ spec: fi DOMAIN=192-168-197-2.c-one-infra.de - GIT_USERNAME=bot - GIT_PASSWORD=ca78ba327f61588a564907638920d163936863c9 + GIT_USERNAME=giteaAdmin + GIT_PASSWORD=2e53bfe27b64a5aa4e8bc591e15b33cc92ff95fa git config --global user.email "bot@bots.de" - git config --global user.name "bot" + git config --global user.name "giteaAdmin" git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder @@ -68,4 +78,5 @@ spec: git add stacks/core/forgejo/values.yaml git commit -m "adds Forgejo SSO config" - git push \ No newline at end of file + git push + backoffLimit: 99 \ No newline at end of file From 5165583b9a7fd75d923fb7c2f411007b77751fc8 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 16 Apr 2025 14:53:10 +0200 Subject: [PATCH 05/30] testing --- .../core/argocd-sso/argocd-sso-config.yaml | 27 ++++++++++--------- .../core/forgejo-sso/forgejo-sso-config.yaml | 6 ++--- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index 7553279..8461b3c 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -16,21 +16,22 @@ spec: containers: - name: push image: docker.io/library/ubuntu:22.04 - envFrom: - - secretRef: - name: auth-generic-oauth-secret # thats the external secret the job should wait for - - secretRef: - name: k8s-job-token # edpbuilder should create this automatically and feed it to this job + env: + - name: ARGOCD_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: auth-generic-oauth-secret + key: client_secret + # envFrom: + # - secretRef: + # name: auth-generic-oauth-secret # thats the external secret the job should wait for + # - secretRef: + # name: k8s-job-token # edpbuilder should create this automatically and feed it to this job command: ["/bin/bash", "-c"] args: - | #! /bin/bash - if [[ "$client_secret" == "" ]]; - then - exit 1 - fi - apt -qq update apt -qq install git wget -y if [[ "$(uname -m)" == "x86_64" ]]; then @@ -45,14 +46,14 @@ spec: DOMAIN=192-168-197-2.c-one-infra.de GIT_USERNAME=giteaAdmin - GIT_PASSWORD=2e53bfe27b64a5aa4e8bc591e15b33cc92ff95fa + GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a git config --global user.email "bot@bots.de" git config --global user.name "bot" - git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git cd edfbuilder - yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml + yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml git add stacks/core/argocd/values.yaml git commit -m "adds Forgejo SSO config" diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index 228ee6f..cffcefa 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -45,19 +45,19 @@ spec: DOMAIN=192-168-197-2.c-one-infra.de GIT_USERNAME=giteaAdmin - GIT_PASSWORD=2e53bfe27b64a5aa4e8bc591e15b33cc92ff95fa + GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a git config --global user.email "bot@bots.de" git config --global user.name "giteaAdmin" - git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git cd edfbuilder yq eval ".gitea.oauth = [ { \"name\": \"Keycloak\", \"provider\": \"openidConnect\", \"existingSecret\": \"auth-generic-oauth-secret\", - \"autoDiscoverUrl\": \"https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration\" + \"autoDiscoverUrl\": \"https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/.well-known/openid-configuration\" } ] | (.gitea.oauth[] | .name) |= (. style=\"single\") From 42d65e95be53711fbd58c1374a33166bd14447b2 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 16 Apr 2025 14:59:25 +0200 Subject: [PATCH 06/30] testing --- .../stacks/core/forgejo-sso/forgejo-sso-config.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index cffcefa..1e2c139 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -16,11 +16,11 @@ spec: containers: - name: push image: docker.io/library/ubuntu:22.04 - envFrom: - - secretRef: - name: auth-generic-oauth-secret # thats the external secret the job should wait for - - secretRef: - name: k8s-job-token # edpbuilder should create this automatically and feed it to this job + # envFrom: + # - secretRef: + # name: auth-generic-oauth-secret # thats the external secret the job should wait for + # - secretRef: + # name: k8s-job-token # edpbuilder should create this automatically and feed it to this job command: ["/bin/bash", "-c"] args: - | From 11d9ad5fcc026b1e79783a7c50d02a58f88214d7 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 16 Apr 2025 15:24:28 +0200 Subject: [PATCH 07/30] testing --- .../stacks/core/argocd-sso/argocd-sso-config.yaml | 4 ++-- .../stacks/core/forgejo-sso/forgejo-sso-config.yaml | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index 8461b3c..a374afb 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -51,9 +51,9 @@ spec: git config --global user.email "bot@bots.de" git config --global user.name "bot" - git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git + git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder - yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml + yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://${DOMAIN}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml git add stacks/core/argocd/values.yaml git commit -m "adds Forgejo SSO config" diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index 1e2c139..3d51b86 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -26,10 +26,10 @@ spec: - | #! /bin/bash - if [[ "$client_secret" == "" ]]; - then - exit 1 - fi + # if [[ "$client_secret" == "" ]]; + # then + # exit 1 + # fi apt -qq update apt -qq install git wget -y @@ -50,14 +50,14 @@ spec: git config --global user.email "bot@bots.de" git config --global user.name "giteaAdmin" - git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git + git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder yq eval ".gitea.oauth = [ { \"name\": \"Keycloak\", \"provider\": \"openidConnect\", \"existingSecret\": \"auth-generic-oauth-secret\", - \"autoDiscoverUrl\": \"https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/.well-known/openid-configuration\" + \"autoDiscoverUrl\": \"https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration\" } ] | (.gitea.oauth[] | .name) |= (. style=\"single\") From cce8c51b75a4fd4ca7bc4b4bab7eceecd94c7e57 Mon Sep 17 00:00:00 2001 From: richardrobertreitz Date: Thu, 17 Apr 2025 10:54:47 +0000 Subject: [PATCH 08/30] Add template/stacks/core/argocd-sso/argocd-forgejo-access-token.yaml --- .../argocd-forgejo-access-token.yaml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 template/stacks/core/argocd-sso/argocd-forgejo-access-token.yaml diff --git a/template/stacks/core/argocd-sso/argocd-forgejo-access-token.yaml b/template/stacks/core/argocd-sso/argocd-forgejo-access-token.yaml new file mode 100644 index 0000000..8003a1f --- /dev/null +++ b/template/stacks/core/argocd-sso/argocd-forgejo-access-token.yaml @@ -0,0 +1,29 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: forgejo-access-token + namespace: argocd +spec: + secretStoreRef: + name: gitea + kind: ClusterSecretStore + refreshInterval: "0" + target: + name: forgejo-access-token + template: + engineVersion: v2 + data: + forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}" + forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}" + metadata: + labels: + app.kubernetes.io/part-of: argocd + data: + - secretKey: FORGEJO_ACCESS_USERNAME + remoteRef: + key: forgejo-access-token + property: username + - secretKey: FORGEJO_ACCESS_TOKEN + remoteRef: + key: forgejo-access-token + property: token From 74523447ae7b7b8077546ac2bb6f508b1cd4dd5c Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Thu, 17 Apr 2025 12:56:58 +0200 Subject: [PATCH 09/30] adds the correct secrets --- .../core/argocd-sso/argocd-sso-config.yaml | 14 +++++++++++-- .../core/forgejo-sso/forgejo-sso-config.yaml | 20 +++++++++++++++++-- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index a374afb..2770527 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -22,6 +22,16 @@ spec: secretKeyRef: name: auth-generic-oauth-secret key: client_secret + - name: FORGEJO_USER + valueFrom: + secretKeyRef: + name: forgejo-access-token + key: forgejo_username + - name: FORGEJO_TOKEN + valueFrom: + secretKeyRef: + name: forgejo-access-token + key: forgejo_token # envFrom: # - secretRef: # name: auth-generic-oauth-secret # thats the external secret the job should wait for @@ -46,14 +56,14 @@ spec: DOMAIN=192-168-197-2.c-one-infra.de GIT_USERNAME=giteaAdmin - GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a + GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3 git config --global user.email "bot@bots.de" git config --global user.name "bot" git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder - yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://${DOMAIN}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml + yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml git add stacks/core/argocd/values.yaml git commit -m "adds Forgejo SSO config" diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index 3d51b86..cc7e82a 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -16,6 +16,22 @@ spec: containers: - name: push image: docker.io/library/ubuntu:22.04 + env: + - name: FORGEJO_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: auth-generic-oauth-secret + key: client_secret + - name: FORGEJO_USER + valueFrom: + secretKeyRef: + name: forgejo-access-token + key: forgejo_username + - name: FORGEJO_TOKEN + valueFrom: + secretKeyRef: + name: forgejo-access-token + key: forgejo_token # envFrom: # - secretRef: # name: auth-generic-oauth-secret # thats the external secret the job should wait for @@ -45,7 +61,7 @@ spec: DOMAIN=192-168-197-2.c-one-infra.de GIT_USERNAME=giteaAdmin - GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a + GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3 git config --global user.email "bot@bots.de" git config --global user.name "giteaAdmin" @@ -57,7 +73,7 @@ spec: \"name\": \"Keycloak\", \"provider\": \"openidConnect\", \"existingSecret\": \"auth-generic-oauth-secret\", - \"autoDiscoverUrl\": \"https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration\" + \"autoDiscoverUrl\": \"https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe/.well-known/openid-configuration\" } ] | (.gitea.oauth[] | .name) |= (. style=\"single\") From 0e26cc9a3f1bbe46fbf670006aaf750cd0ae690a Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Thu, 17 Apr 2025 13:09:43 +0200 Subject: [PATCH 10/30] adds forgejo-access-token external secret for gitea namespace --- .../forgejo-sso/forgejo-access-token.yaml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 template/stacks/core/forgejo-sso/forgejo-access-token.yaml diff --git a/template/stacks/core/forgejo-sso/forgejo-access-token.yaml b/template/stacks/core/forgejo-sso/forgejo-access-token.yaml new file mode 100644 index 0000000..c5e56d3 --- /dev/null +++ b/template/stacks/core/forgejo-sso/forgejo-access-token.yaml @@ -0,0 +1,29 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: forgejo-access-token + namespace: gitea +spec: + secretStoreRef: + name: gitea + kind: ClusterSecretStore + refreshInterval: "0" + target: + name: forgejo-access-token + template: + engineVersion: v2 + data: + forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}" + forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}" + metadata: + labels: + app.kubernetes.io/part-of: argocd + data: + - secretKey: FORGEJO_ACCESS_USERNAME + remoteRef: + key: forgejo-access-token + property: username + - secretKey: FORGEJO_ACCESS_TOKEN + remoteRef: + key: forgejo-access-token + property: token From 9dd9184cfd7329f8234a95406116e98840084ed2 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Thu, 17 Apr 2025 14:31:56 +0200 Subject: [PATCH 11/30] uses the new secrets for 'git clone'-command --- template/stacks/core/argocd-sso/argocd-sso-config.yaml | 2 +- template/stacks/core/forgejo-sso/forgejo-sso-config.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index 2770527..f9b7b1c 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -61,7 +61,7 @@ spec: git config --global user.email "bot@bots.de" git config --global user.name "bot" - git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + git clone https://${FORGEJO_USER}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index cc7e82a..a9a9a3a 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -21,7 +21,7 @@ spec: valueFrom: secretKeyRef: name: auth-generic-oauth-secret - key: client_secret + key: secret - name: FORGEJO_USER valueFrom: secretKeyRef: @@ -66,7 +66,7 @@ spec: git config --global user.email "bot@bots.de" git config --global user.name "giteaAdmin" - git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder yq eval ".gitea.oauth = [ { From ba2b7dbc9f4670a037fd2709edf85a9b1cafed5c Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Thu, 17 Apr 2025 14:46:29 +0200 Subject: [PATCH 12/30] adds missing secret for 'git clone'-command --- template/stacks/core/argocd-sso/argocd-sso-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index f9b7b1c..35647ea 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -61,7 +61,7 @@ spec: git config --global user.email "bot@bots.de" git config --global user.name "bot" - git clone https://${FORGEJO_USER}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git cd edfbuilder yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml From 4e50289d91ea908819ce44b75f26d0903df2b006 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Thu, 17 Apr 2025 15:50:35 +0200 Subject: [PATCH 13/30] testing the hydration of domains --- template/stacks/core/argocd-sso/argocd-sso-config.yaml | 4 ++-- template/stacks/core/forgejo-sso/forgejo-sso-config.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index 35647ea..4c83757 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -61,9 +61,9 @@ spec: git config --global user.email "bot@bots.de" git config --global user.name "bot" - git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git cd edfbuilder - yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml + yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml git add stacks/core/argocd/values.yaml git commit -m "adds Forgejo SSO config" diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index a9a9a3a..3ed97b2 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -66,14 +66,14 @@ spec: git config --global user.email "bot@bots.de" git config --global user.name "giteaAdmin" - git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git + git clone https://${FORGEJO_USER}:${FORGEJO_TOKEN}@{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder.git cd edfbuilder yq eval ".gitea.oauth = [ { \"name\": \"Keycloak\", \"provider\": \"openidConnect\", \"existingSecret\": \"auth-generic-oauth-secret\", - \"autoDiscoverUrl\": \"https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe/.well-known/openid-configuration\" + \"autoDiscoverUrl\": \"https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/.well-known/openid-configuration\" } ] | (.gitea.oauth[] | .name) |= (. style=\"single\") From f783a582c6e325d66d768ef09a3aec04bb63c83e Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Thu, 17 Apr 2025 16:45:59 +0200 Subject: [PATCH 14/30] does cleanup --- .../stacks/core/argocd-sso/argocd-sso-config.yaml | 11 +---------- .../core/forgejo-sso/forgejo-sso-config.yaml | 14 -------------- 2 files changed, 1 insertion(+), 24 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index 4c83757..8513828 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -11,7 +11,7 @@ spec: metadata: generateName: argocd-config- spec: - # serviceAccountName: argocd-config + # serviceAccountName: bot restartPolicy: OnFailure containers: - name: push @@ -32,11 +32,6 @@ spec: secretKeyRef: name: forgejo-access-token key: forgejo_token - # envFrom: - # - secretRef: - # name: auth-generic-oauth-secret # thats the external secret the job should wait for - # - secretRef: - # name: k8s-job-token # edpbuilder should create this automatically and feed it to this job command: ["/bin/bash", "-c"] args: - | @@ -54,10 +49,6 @@ spec: rm yq_linux_arm64 fi - DOMAIN=192-168-197-2.c-one-infra.de - GIT_USERNAME=giteaAdmin - GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3 - git config --global user.email "bot@bots.de" git config --global user.name "bot" diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index 3ed97b2..d85de44 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -32,21 +32,11 @@ spec: secretKeyRef: name: forgejo-access-token key: forgejo_token - # envFrom: - # - secretRef: - # name: auth-generic-oauth-secret # thats the external secret the job should wait for - # - secretRef: - # name: k8s-job-token # edpbuilder should create this automatically and feed it to this job command: ["/bin/bash", "-c"] args: - | #! /bin/bash - # if [[ "$client_secret" == "" ]]; - # then - # exit 1 - # fi - apt -qq update apt -qq install git wget -y if [[ "$(uname -m)" == "x86_64" ]]; then @@ -59,10 +49,6 @@ spec: rm yq_linux_arm64 fi - DOMAIN=192-168-197-2.c-one-infra.de - GIT_USERNAME=giteaAdmin - GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3 - git config --global user.email "bot@bots.de" git config --global user.name "giteaAdmin" From 6ac5a9450359850cefbe82d4bbf48fbcfb54bfa6 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Tue, 22 Apr 2025 09:55:18 +0200 Subject: [PATCH 15/30] updates Forgejo sync policy --- template/stacks/core/forgejo.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/template/stacks/core/forgejo.yaml b/template/stacks/core/forgejo.yaml index a89d576..6e2f06f 100644 --- a/template/stacks/core/forgejo.yaml +++ b/template/stacks/core/forgejo.yaml @@ -12,6 +12,7 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true + - Replace=true destination: name: in-cluster namespace: gitea From 4447c299879b0ee8db14777f24d2610be63361ea Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Tue, 22 Apr 2025 14:59:44 +0200 Subject: [PATCH 16/30] cancel last ommit --- template/stacks/core/forgejo.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/template/stacks/core/forgejo.yaml b/template/stacks/core/forgejo.yaml index 6e2f06f..a89d576 100644 --- a/template/stacks/core/forgejo.yaml +++ b/template/stacks/core/forgejo.yaml @@ -12,7 +12,6 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true - - Replace=true destination: name: in-cluster namespace: gitea From c8eac10fcfc278f333389e154a7560e60d9418db Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Tue, 22 Apr 2025 15:11:16 +0200 Subject: [PATCH 17/30] muss so --- template/stacks/core/forgejo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index 90b01a6..b98bbf3 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -1,5 +1,5 @@ redis-cluster: - enabled: false + enabled: true postgresql: enabled: false postgresql-ha: From 6afdc2c64f6262551417307c76b6d02b7a8b3b15 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Tue, 22 Apr 2025 15:17:34 +0200 Subject: [PATCH 18/30] removes some comments --- template/stacks/core/argocd-sso/argocd-sso-config.yaml | 3 --- template/stacks/core/forgejo-sso/forgejo-sso-config.yaml | 3 --- 2 files changed, 6 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index 8513828..6beca14 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -4,14 +4,11 @@ kind: Job metadata: name: argocd-config namespace: argocd -# annotations: -# argocd.argoproj.io/hook: PostSync spec: template: metadata: generateName: argocd-config- spec: - # serviceAccountName: bot restartPolicy: OnFailure containers: - name: push diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index d85de44..bbb4178 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -4,14 +4,11 @@ kind: Job metadata: name: forgejo-config namespace: gitea -# annotations: -# argocd.argoproj.io/hook: PostSync spec: template: metadata: generateName: forgejo-config- spec: - # serviceAccountName: bot restartPolicy: OnFailure containers: - name: push From ee08dc2f3394d33fde204f53c7690df2e5a4a76c Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 23 Apr 2025 10:56:34 +0200 Subject: [PATCH 19/30] testing redis changes --- template/stacks/core/forgejo/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index b98bbf3..15a4bd5 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -1,5 +1,7 @@ redis-cluster: - enabled: true + enabled: false +redis: + enabled: true postgresql: enabled: false postgresql-ha: From 15d9160b16aa1a93d8b9aa824cfa2efb5398e9b4 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 23 Apr 2025 11:02:59 +0200 Subject: [PATCH 20/30] testing redis changes --- template/stacks/core/forgejo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index 15a4bd5..f35f1c7 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -1,7 +1,7 @@ redis-cluster: enabled: false redis: - enabled: true + enabled: false postgresql: enabled: false postgresql-ha: From fbee7995e14eb9bc9ada247929b4f8dd82180f42 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 23 Apr 2025 11:14:27 +0200 Subject: [PATCH 21/30] testing redis changes --- template/stacks/core/forgejo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index f35f1c7..15a4bd5 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -1,7 +1,7 @@ redis-cluster: enabled: false redis: - enabled: false + enabled: true postgresql: enabled: false postgresql-ha: From 7e599a94223fd8533cf13b2fbf5176e5705224b4 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 23 Apr 2025 11:21:51 +0200 Subject: [PATCH 22/30] testing redis changes --- template/stacks/core/forgejo/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index 15a4bd5..fa040ea 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -1,7 +1,7 @@ redis-cluster: - enabled: false + enabled: true redis: - enabled: true + enabled: false postgresql: enabled: false postgresql-ha: From abeeb7ee23e50605ebcd9a2af79e871b32560534 Mon Sep 17 00:00:00 2001 From: Bot Date: Wed, 23 Apr 2025 13:20:24 +0200 Subject: [PATCH 23/30] chore(backstage): pin to backstage-edp v1.1.0 --- .../stacks/ref-implementation/backstage/manifests/install.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml index c86f6fa..88f0d0e 100644 --- a/template/stacks/ref-implementation/backstage/manifests/install.yaml +++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml @@ -264,7 +264,8 @@ spec: name: gitea-credentials - secretRef: name: argocd-credentials - image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/backstage-edp:development + image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/backstage-edp:1.1.0 + imagePullPolicy: Always name: backstage ports: - containerPort: 7007 From 183cec8a9d77fdd197543237b5f8e353dde5d9f4 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 23 Apr 2025 14:37:50 +0200 Subject: [PATCH 24/30] testing redis changes --- template/stacks/core/forgejo/values.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index b98bbf3..3dd820c 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -24,11 +24,14 @@ gitea: database: DB_TYPE: sqlite3 session: - PROVIDER: memory + PROVIDER: redis + PROVIDER_CONFIG: network=tcp,addr=forgejo-redis-cluster-headless.gitea.svc.cluster.local:6379 cache: - ADAPTER: memory + ADAPTER: redis + HOST: forgejo-redis-cluster-headless.gitea.svc.cluster.local:6379 queue: - TYPE: level + TYPE: redis + CONN_STR: redis://forgejo-redis-cluster-headless.gitea.svc.cluster.local:6379/0 server: DOMAIN: '{{{ .Env.DOMAIN_GITEA }}}' ROOT_URL: 'https://{{{ .Env.DOMAIN_GITEA }}}:443' From 7287a6cf56498ecb012cb6955ab46b6207875ae1 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Wed, 23 Apr 2025 15:03:49 +0200 Subject: [PATCH 25/30] testing redis changes --- template/stacks/core/forgejo/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index 3dd820c..cb378e9 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -25,13 +25,10 @@ gitea: DB_TYPE: sqlite3 session: PROVIDER: redis - PROVIDER_CONFIG: network=tcp,addr=forgejo-redis-cluster-headless.gitea.svc.cluster.local:6379 cache: ADAPTER: redis - HOST: forgejo-redis-cluster-headless.gitea.svc.cluster.local:6379 queue: TYPE: redis - CONN_STR: redis://forgejo-redis-cluster-headless.gitea.svc.cluster.local:6379/0 server: DOMAIN: '{{{ .Env.DOMAIN_GITEA }}}' ROOT_URL: 'https://{{{ .Env.DOMAIN_GITEA }}}:443' From 4fd88985efa27962f767ccdc6d841cc977f5089a Mon Sep 17 00:00:00 2001 From: "Franz.Germann" Date: Thu, 24 Apr 2025 15:29:34 +0000 Subject: [PATCH 26/30] template/stacks/core/forgejo.yaml aktualisiert --- template/stacks/core/forgejo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/core/forgejo.yaml b/template/stacks/core/forgejo.yaml index a89d576..52463b3 100644 --- a/template/stacks/core/forgejo.yaml +++ b/template/stacks/core/forgejo.yaml @@ -18,7 +18,7 @@ spec: sources: - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git path: . - targetRevision: v11.0.5-depends + targetRevision: v12.0.0-depends helm: valueFiles: - $values/stacks/core/forgejo/values.yaml From dbd391d29c135a4d12632a88df72d184fce85ab9 Mon Sep 17 00:00:00 2001 From: "Franz.Germann" Date: Thu, 24 Apr 2025 16:07:22 +0000 Subject: [PATCH 27/30] template/stacks/core/forgejo/values.yaml aktualisiert --- template/stacks/core/forgejo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index cb378e9..4bf9a9d 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -1,5 +1,5 @@ redis-cluster: - enabled: true + enabled: false postgresql: enabled: false postgresql-ha: From d3546717c09716b12ac5a4105db9a04a7906ab60 Mon Sep 17 00:00:00 2001 From: "Franz.Germann" Date: Thu, 24 Apr 2025 16:11:58 +0000 Subject: [PATCH 28/30] template/stacks/core/forgejo/values.yaml aktualisiert --- template/stacks/core/forgejo/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index 4bf9a9d..90b01a6 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -24,11 +24,11 @@ gitea: database: DB_TYPE: sqlite3 session: - PROVIDER: redis + PROVIDER: memory cache: - ADAPTER: redis + ADAPTER: memory queue: - TYPE: redis + TYPE: level server: DOMAIN: '{{{ .Env.DOMAIN_GITEA }}}' ROOT_URL: 'https://{{{ .Env.DOMAIN_GITEA }}}:443' From f434e0680f0a2d426e78ae2ba9f806cda1681b88 Mon Sep 17 00:00:00 2001 From: "Franz.Germann" Date: Fri, 25 Apr 2025 10:54:28 +0000 Subject: [PATCH 29/30] template/stacks/core/forgejo/values.yaml aktualisiert --- template/stacks/core/forgejo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index 90b01a6..b98bbf3 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -1,5 +1,5 @@ redis-cluster: - enabled: false + enabled: true postgresql: enabled: false postgresql-ha: From 16dde9ead1855c1064f86dad8d0fe16fc68e5010 Mon Sep 17 00:00:00 2001 From: "franz.germann" Date: Fri, 25 Apr 2025 14:09:17 +0200 Subject: [PATCH 30/30] final changes --- template/stacks/core/argocd-sso/argocd-sso-config.yaml | 5 ----- template/stacks/core/forgejo-sso/forgejo-access-token.yaml | 3 --- template/stacks/core/forgejo-sso/forgejo-sso-config.yaml | 5 ----- 3 files changed, 13 deletions(-) diff --git a/template/stacks/core/argocd-sso/argocd-sso-config.yaml b/template/stacks/core/argocd-sso/argocd-sso-config.yaml index 6beca14..27160cf 100644 --- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml +++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml @@ -14,11 +14,6 @@ spec: - name: push image: docker.io/library/ubuntu:22.04 env: - - name: ARGOCD_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: auth-generic-oauth-secret - key: client_secret - name: FORGEJO_USER valueFrom: secretKeyRef: diff --git a/template/stacks/core/forgejo-sso/forgejo-access-token.yaml b/template/stacks/core/forgejo-sso/forgejo-access-token.yaml index c5e56d3..215af67 100644 --- a/template/stacks/core/forgejo-sso/forgejo-access-token.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-access-token.yaml @@ -15,9 +15,6 @@ spec: data: forgejo_username: "{{.FORGEJO_ACCESS_USERNAME}}" forgejo_token: "{{.FORGEJO_ACCESS_TOKEN}}" - metadata: - labels: - app.kubernetes.io/part-of: argocd data: - secretKey: FORGEJO_ACCESS_USERNAME remoteRef: diff --git a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml index bbb4178..875e348 100644 --- a/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml +++ b/template/stacks/core/forgejo-sso/forgejo-sso-config.yaml @@ -14,11 +14,6 @@ spec: - name: push image: docker.io/library/ubuntu:22.04 env: - - name: FORGEJO_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: auth-generic-oauth-secret - key: secret - name: FORGEJO_USER valueFrom: secretKeyRef: