From 0db9ad6f41fe9e24e0acb58d3f423bfad5361e6d Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Sun, 14 Dec 2025 22:06:25 -0300 Subject: [PATCH] gitea: pin secret/internal token and include secret manifest --- services/gitea/deployment.yaml | 10 ++++++++++ services/gitea/kustomization.yaml | 1 + services/gitea/secret.yaml | 10 ++++++++++ 3 files changed, 21 insertions(+) create mode 100644 services/gitea/secret.yaml diff --git a/services/gitea/deployment.yaml b/services/gitea/deployment.yaml index 45689726..66670a9f 100644 --- a/services/gitea/deployment.yaml +++ b/services/gitea/deployment.yaml @@ -131,6 +131,16 @@ spec: value: "trace" - name: GITEA__service__REQUIRE_SIGNIN_VIEW value: "false" + - name: GITEA__security__SECRET_KEY + valueFrom: + secretKeyRef: + name: gitea-secret + key: SECRET_KEY + - name: GITEA__security__INTERNAL_TOKEN + valueFrom: + secretKeyRef: + name: gitea-secret + key: INTERNAL_TOKEN - name: DB_TYPE value: "postgres" - name: DB_HOST diff --git a/services/gitea/kustomization.yaml b/services/gitea/kustomization.yaml index 36d6c238..1ea9af40 100644 --- a/services/gitea/kustomization.yaml +++ b/services/gitea/kustomization.yaml @@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml + - secret.yaml - deployment.yaml - service.yaml - pvc.yaml diff --git a/services/gitea/secret.yaml b/services/gitea/secret.yaml new file mode 100644 index 00000000..11a533d6 --- /dev/null +++ b/services/gitea/secret.yaml @@ -0,0 +1,10 @@ +# services/gitea/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-secret + namespace: gitea +type: Opaque +stringData: + SECRET_KEY: "QVOarq1Tb8Lxm2esuB7MoWeK7wkNGpdePFRDyBhj1Rc" + INTERNAL_TOKEN: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NTQ1NzU3Mzd9.QVOarq1Tb8Lxm2esuB7MoWeK7wkNGpdePFRDyBhj1Rc"