Install
Helmfile/Helm​
Add the following in your helmfile.yaml.gotmpl or use helm directly with the same parameters.
Gitea​
- name: gitea-secrets
namespace: kosmos-dev-restricted
chart: ../../gitea/gitea-secrets
skipDeps: true
values:
- trustedCA: "ref+k8s://v1/Secret/kosmos-system-restricted/kosmos-ca-secret/tls.crt"
labels:
app: gitea
- name: keycloakimporter-import-gitea
needs:
- kosmos-iam/keycloakimporter-init-realm-kosmos
- kosmos-dev-restricted/gitea-secrets
namespace: kosmos-dev-restricted
chart: ../../keycloakimporter/keycloakimporter
wait: true
waitForJobs: true
labels:
app: gitea
values:
- ./values_templates/gitea/import-client-gitea.yaml.gotmpl
- name: gitea
namespace: kosmos-dev-restricted
needs: [kosmos-dev-restricted/gitea-secrets, kosmos-dev-restricted/keycloakimporter-import-gitea]
chart: ../../gitea/gitea
skipDeps: true
labels:
app: gitea
values:
- ../../gitea/values/values.yaml
- ingress:
hosts:
- host: gitea.{{ .StateValues.domain }}
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- gitea.{{ .StateValues.domain }}
persistence:
size: 1Gi
- gitea:
oauth:
- name: "OIDC"
provider: "openidConnect"
autoDiscoverUrl: "https://auth.{{ .StateValues.domain }}/realms/kosmos/.well-known/openid-configuration"
existingSecret: gitea-oidc-secret
# fine grain SSO config
groupClaimName: "giteam"
requiredClaimName: "giteam"
adminGroup: "admin"
groupTeamMap: '{"admin" : {"athea" : ["Owners"]}}'
info
For more information on Keycloak Importer see here
Run:
helmfile sync -f helmfile.yaml.gotmpl -l app=gitea
Test​
Get admin user (atheaadmin) and password if needed with the following or directly in the kubernetes/rancher dashboard.
kubectl -n kosmos-dev-restricted get secrets gitea-admin-secret -o jsonpath={.data.username} | base64 -d
kubectl -n kosmos-dev-restricted get secrets gitea-admin-secret -o jsonpath={.data.password} | base64 -d