fix: Inject ca-bundle into gitea container
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Danny Bessems 2023-08-25 14:13:01 +02:00
parent b2ae56e54b
commit 90082ca36a
2 changed files with 17 additions and 0 deletions

View File

@ -34,6 +34,7 @@
kubeconfig: "{{ kubeconfig.path }}"
loop:
- argo-cd
- gitea
# - kube-system
- name: Store root certificate in namespaced configmaps/secrets
@ -63,6 +64,12 @@
data:
- key: git.{{ vapp['metacluster.fqdn'] }}
value: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
- name: step-certificates-certs
namespace: gitea
kind: secret
data:
- key: ca_chain.crt
value: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ _newline ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
- name: step-certificates-certs
namespace: kube-system
kind: secret

View File

@ -135,6 +135,16 @@ components:
chart: gitea-charts/gitea
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
chart_values: !unsafe |
extraVolumes:
- secret:
defaultMode: 420
name: step-certificates-certs
name: step-certificates-certs
extraVolumeMounts:
- mountPath: /etc/ssl/certs/ca-chain.crt
name: step-certificates-certs
readOnly: true
subPath: ca_chain.crt
gitea:
admin:
username: administrator