From 29da4be557f90b95afba3a3f54f62d40b7c0912c Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Sun, 14 Dec 2025 22:06:25 -0300 Subject: [PATCH] gitea: pin secret/internal token and include secret manifest --- services/gitea/deployment.yaml | 10 ++++++++++ services/gitea/kustomization.yaml | 1 + services/gitea/secret.yaml | 10 ++++++++++ 3 files changed, 21 insertions(+) create mode 100644 services/gitea/secret.yaml diff --git a/services/gitea/deployment.yaml b/services/gitea/deployment.yaml index 4568972..66670a9 100644 --- a/services/gitea/deployment.yaml +++ b/services/gitea/deployment.yaml @@ -131,6 +131,16 @@ spec: value: "trace" - name: GITEA__service__REQUIRE_SIGNIN_VIEW value: "false" + - name: GITEA__security__SECRET_KEY + valueFrom: + secretKeyRef: + name: gitea-secret + key: SECRET_KEY + - name: GITEA__security__INTERNAL_TOKEN + valueFrom: + secretKeyRef: + name: gitea-secret + key: INTERNAL_TOKEN - name: DB_TYPE value: "postgres" - name: DB_HOST diff --git a/services/gitea/kustomization.yaml b/services/gitea/kustomization.yaml index 36d6c23..1ea9af4 100644 --- a/services/gitea/kustomization.yaml +++ b/services/gitea/kustomization.yaml @@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml + - secret.yaml - deployment.yaml - service.yaml - pvc.yaml diff --git a/services/gitea/secret.yaml b/services/gitea/secret.yaml new file mode 100644 index 0000000..11a533d --- /dev/null +++ b/services/gitea/secret.yaml @@ -0,0 +1,10 @@ +# services/gitea/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-secret + namespace: gitea +type: Opaque +stringData: + SECRET_KEY: "QVOarq1Tb8Lxm2esuB7MoWeK7wkNGpdePFRDyBhj1Rc" + INTERNAL_TOKEN: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NTQ1NzU3Mzd9.QVOarq1Tb8Lxm2esuB7MoWeK7wkNGpdePFRDyBhj1Rc"