From 9b994111cbb1052752a4375286872f4d57c32e28 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Sun, 14 Dec 2025 21:49:07 -0300 Subject: [PATCH] gitea: remove bootstrap job (immutable error) --- services/gitea/kustomization.yaml | 1 - services/gitea/oidc-job.yaml | 98 ------------------------------- 2 files changed, 99 deletions(-) delete mode 100644 services/gitea/oidc-job.yaml diff --git a/services/gitea/kustomization.yaml b/services/gitea/kustomization.yaml index 9731b76..36d6c23 100644 --- a/services/gitea/kustomization.yaml +++ b/services/gitea/kustomization.yaml @@ -7,4 +7,3 @@ resources: - service.yaml - pvc.yaml - ingress.yaml - - oidc-job.yaml diff --git a/services/gitea/oidc-job.yaml b/services/gitea/oidc-job.yaml deleted file mode 100644 index 73aacbb..0000000 --- a/services/gitea/oidc-job.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# services/gitea/oidc-job.yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: gitea-oidc-bootstrap - namespace: gitea -spec: - # clean and recreate when the manifest changes to avoid immutable pod fields - template: {} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: gitea-oidc-bootstrap - namespace: gitea -spec: - ttlSecondsAfterFinished: 1800 - backoffLimit: 1 - template: - metadata: - labels: - app: gitea - job: gitea-oidc-bootstrap - spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: gitea - topologyKey: kubernetes.io/hostname - restartPolicy: OnFailure - volumes: - - name: gitea-data - persistentVolumeClaim: - claimName: gitea-data - containers: - - name: gitea-oidc-bootstrap - image: gitea/gitea:1.23 - imagePullPolicy: IfNotPresent - volumeMounts: - - name: gitea-data - mountPath: /data - env: - - name: CLIENT_ID - valueFrom: - secretKeyRef: - name: gitea-oidc - key: client_id - - name: CLIENT_SECRET - valueFrom: - secretKeyRef: - name: gitea-oidc - key: client_secret - - name: DISCOVERY_URL - valueFrom: - secretKeyRef: - name: gitea-oidc - key: openid_auto_discovery_url - command: - - /bin/bash - - -c - - | - set -euo pipefail - APPINI=/data/gitea/conf/app.ini - BIN=/usr/local/bin/gitea - list="$($BIN -c "$APPINI" admin auth list)" - id=$(echo "$list" | awk '$2=="keycloak"{print $1}') - if [ -n "$id" ]; then - echo "Updating existing auth source id=$id" - $BIN -c "$APPINI" admin auth update-oauth \ - --id "$id" \ - --name keycloak \ - --provider openidConnect \ - --key "$CLIENT_ID" \ - --secret "$CLIENT_SECRET" \ - --auto-discover-url "$DISCOVERY_URL" \ - --scopes "openid profile email" \ - --group-claim-name groups \ - --admin-group admin \ - --skip-local-2fa - else - echo "Creating keycloak auth source" - $BIN -c "$APPINI" admin auth add-oauth \ - --name keycloak \ - --provider openidConnect \ - --key "$CLIENT_ID" \ - --secret "$CLIENT_SECRET" \ - --auto-discover-url "$DISCOVERY_URL" \ - --scopes "openid profile email" \ - --group-claim-name groups \ - --admin-group admin \ - --skip-local-2fa - fi