Compare commits
No commits in common. "0668eb7c5f7b018730fe735be2dc0b106df37b9e" and "cce8c51b75a4fd4ca7bc4b4bab7eceecd94c7e57" have entirely different histories.
0668eb7c5f
...
cce8c51b75
2 changed files with 4 additions and 30 deletions
|
@ -22,16 +22,6 @@ spec:
|
|||
secretKeyRef:
|
||||
name: auth-generic-oauth-secret
|
||||
key: client_secret
|
||||
- name: FORGEJO_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: forgejo-access-token
|
||||
key: forgejo_username
|
||||
- name: FORGEJO_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: forgejo-access-token
|
||||
key: forgejo_token
|
||||
# envFrom:
|
||||
# - secretRef:
|
||||
# name: auth-generic-oauth-secret # thats the external secret the job should wait for
|
||||
|
@ -56,14 +46,14 @@ spec:
|
|||
|
||||
DOMAIN=192-168-197-2.c-one-infra.de
|
||||
GIT_USERNAME=giteaAdmin
|
||||
GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3
|
||||
GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a
|
||||
|
||||
git config --global user.email "bot@bots.de"
|
||||
git config --global user.name "bot"
|
||||
|
||||
git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git
|
||||
cd edfbuilder
|
||||
yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml
|
||||
yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://${DOMAIN}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml
|
||||
|
||||
git add stacks/core/argocd/values.yaml
|
||||
git commit -m "adds Forgejo SSO config"
|
||||
|
|
|
@ -16,22 +16,6 @@ spec:
|
|||
containers:
|
||||
- name: push
|
||||
image: docker.io/library/ubuntu:22.04
|
||||
env:
|
||||
- name: FORGEJO_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: auth-generic-oauth-secret
|
||||
key: client_secret
|
||||
- name: FORGEJO_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: forgejo-access-token
|
||||
key: forgejo_username
|
||||
- name: FORGEJO_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: forgejo-access-token
|
||||
key: forgejo_token
|
||||
# envFrom:
|
||||
# - secretRef:
|
||||
# name: auth-generic-oauth-secret # thats the external secret the job should wait for
|
||||
|
@ -61,7 +45,7 @@ spec:
|
|||
|
||||
DOMAIN=192-168-197-2.c-one-infra.de
|
||||
GIT_USERNAME=giteaAdmin
|
||||
GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3
|
||||
GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a
|
||||
|
||||
git config --global user.email "bot@bots.de"
|
||||
git config --global user.name "giteaAdmin"
|
||||
|
@ -73,7 +57,7 @@ spec:
|
|||
\"name\": \"Keycloak\",
|
||||
\"provider\": \"openidConnect\",
|
||||
\"existingSecret\": \"auth-generic-oauth-secret\",
|
||||
\"autoDiscoverUrl\": \"https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe/.well-known/openid-configuration\"
|
||||
\"autoDiscoverUrl\": \"https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration\"
|
||||
}
|
||||
] |
|
||||
(.gitea.oauth[] | .name) |= (. style=\"single\")
|
||||
|
|
Reference in a new issue