bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/gitea/oidc-job.yaml

90 lines
2.8 KiB
YAML
Raw Blame History

# services/gitea/oidc-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gitea-oidc-bootstrap
namespace: gitea
spec:
ttlSecondsAfterFinished: 1800
backoffLimit: 1
template:
metadata:
labels:
app: gitea
job: gitea-oidc-bootstrap
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: gitea
topologyKey: kubernetes.io/hostname
restartPolicy: OnFailure
volumes:
- name: gitea-data
persistentVolumeClaim:
claimName: gitea-data
containers:
- name: gitea-oidc-bootstrap
image: gitea/gitea:1.23
imagePullPolicy: IfNotPresent
volumeMounts:
- name: gitea-data
mountPath: /data
env:
- name: CLIENT_ID
valueFrom:
secretKeyRef:
name: gitea-oidc
key: client_id
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: gitea-oidc
key: client_secret
- name: DISCOVERY_URL
valueFrom:
secretKeyRef:
name: gitea-oidc
key: openid_auto_discovery_url
command:
- /bin/bash
- -c
- |
set -euo pipefail
APPINI=/data/gitea/conf/app.ini
BIN=/usr/local/bin/gitea
list="$($BIN -c "$APPINI" admin auth list)"
id=$(echo "$list" | awk '$2=="keycloak"{print $1}')
if [ -n "$id" ]; then
echo "Updating existing auth source id=$id"
$BIN -c "$APPINI" admin auth update-oauth \
--id "$id" \
--name keycloak \
--provider openidConnect \
--key "$CLIENT_ID" \
--secret "$CLIENT_SECRET" \
--auto-discover-url "$DISCOVERY_URL" \
--scopes "openid profile email" \
--group-claim-name groups \
--admin-group admin \
--skip-local-2fa
else
echo "Creating keycloak auth source"
$BIN -c "$APPINI" admin auth add-oauth \
--name keycloak \
--provider openidConnect \
--key "$CLIENT_ID" \
--secret "$CLIENT_SECRET" \
--auto-discover-url "$DISCOVERY_URL" \
--scopes "openid profile email" \
--group-claim-name groups \
--admin-group admin \
--skip-local-2fa
fi
Reference in New Issue View Git Blame Copy Permalink