gitea: pin secret/internal token and include secret manifest

services/gitea/deployment.yaml

@@ -131,6 +131,16 @@ spec:
               value: "trace"
             - name: GITEA__service__REQUIRE_SIGNIN_VIEW
               value: "false"
+            - name: GITEA__security__SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secret
+                  key: SECRET_KEY
+            - name: GITEA__security__INTERNAL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secret
+                  key: INTERNAL_TOKEN
             - name: DB_TYPE
               value: "postgres"
             - name: DB_HOST

services/gitea/kustomization.yaml

@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - namespace.yaml
+  - secret.yaml
   - deployment.yaml
   - service.yaml
   - pvc.yaml

services/gitea/secret.yaml

@@ -0,0 +1,10 @@
+# services/gitea/secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-secret
+  namespace: gitea
+type: Opaque
+stringData:
+  SECRET_KEY: "QVOarq1Tb8Lxm2esuB7MoWeK7wkNGpdePFRDyBhj1Rc"
+  INTERNAL_TOKEN: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NTQ1NzU3Mzd9.QVOarq1Tb8Lxm2esuB7MoWeK7wkNGpdePFRDyBhj1Rc"