fix

2023-11-28 13:30:08 +01:00
parent 5e0ff76cae
commit 0d38840784
4 changed files with 165 additions and 130 deletions
--- a/apps/gitea/datas.tf
+++ b/apps/gitea/datas.tf
@@ -44,6 +44,24 @@ data "kustomization_overlay" "data" {
  common_labels = local.common-labels
  namespace = var.namespace
  resources = [for file in fileset(path.module, "*.yaml"): file if ! contains(["index.yaml", "v1_ConfigMap_gitea-themes.yaml"], file)]
+  patches {
+    target {
+      kind = "Secret"
+      name = "gitea-init"
+    }
+    patch = <<-EOF
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: gitea-init
+      stringData:
+        configure_local_certs.sh: |-
+          #!/usr/bin/env bash
+          cp /etc/ssl/certs/ca-certificates.crt /etc/local-certs
+          cat /etc/local-ca/ca.crt >>/etc/local-certs/ca-certificates.crt
+          exec ./configure_gitea.sh
+    EOF
+  }
  patches {
    target {
      kind = "Deployment"
@@ -60,6 +78,13 @@ data "kustomization_overlay" "data" {
        replicas: ${var.replicas}
        template:
          spec:
+            volumes:
+              - name: certs
+                emptyDir: {}
+            - name: localcerts
+              secret:
+                secretName: "${var.instance}-cert"
+                defaultMode: 0444
            initContainers:
            - name: init-directories
              image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}"
@@ -68,8 +93,15 @@ data "kustomization_overlay" "data" {
              image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}"
              imagePullPolicy: IfNotPresent
            - name: configure-gitea
+              command: ["/usr/sbin/configure_local_certs.sh"]
              image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}"
              imagePullPolicy: IfNotPresent
+              volumeMounts:
+              - name: localcerts
+                mountPath: /etc/local-ca
+                readOnly: true
+              - name: certs
+                mountPath: /etc/local-certs
              env:
              - name: VYNIL_OAUTH_DISCOVERY
                value: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/${var.component}-${var.instance}/.well-known/openid-configuration"
@@ -109,6 +141,9 @@ data "kustomization_overlay" "data" {
            - name: gitea
              image: "${var.images.gitea.registry}/${var.images.gitea.repository}:${var.images.gitea.tag}"
              imagePullPolicy: IfNotPresent
+              volumeMounts:
+              - name: certs
+                mountPath: /etc/ssl/certs
              env:
              - name: SSH_LISTEN_PORT
                value: "2222"