9 lines
4.8 KiB
YAML
9 lines
4.8 KiB
YAML
---
|
|
apiVersion: v1
|
|
data:
|
|
configure-gitea-kubectl.sh: "#!/bin/bash\napt-get update && apt-get install -y curl jq\n\ncurl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl\nchmod +x ./kubectl\nmv ./kubectl /usr/local/bin\n\nfunction wait_for_keycloak() {\n echo \"Checking keycloak...\"\n echo \"\"\n while true; do\n NAMESPACE=\"keycloak\"\n LABEL=\"app=keycloak\"\n CONTAINER=\"keycloak\"\n\n # Find the first pod name matching label and is Running\n PODS=$(kubectl get pods -n \"$NAMESPACE\" -l \"$LABEL\" --field-selector=status.phase=Running -o jsonpath=\"{.items[*].metadata.name}\")\n FIRST_POD=$(echo \"$PODS\" | awk '{print $1}')\n if [[ -z \"$FIRST_POD\" ]]; then\n echo \"No running pod with label $LABEL in namespace $NAMESPACE found yet.\"\n echo \"Waiting 10 seconds...\"\n sleep 10\n continue\n fi\n POD=$FIRST_POD\n\n echo \"Found running pod: $POD\"\n # Check if the specific container is present and ready\n IS_READY=$(kubectl get pod \"$POD\" -n \"$NAMESPACE\" -o jsonpath=\"{.status.containerStatuses[?(@.name=='$CONTAINER')].ready}\")\n if [[ \"$IS_READY\" == \"true\" ]]; then\n echo \"Container '$CONTAINER' in pod '$POD' is ready.\"\n break\n else\n echo \"Container '$CONTAINER' in pod '$POD' is NOT ready.\"\n fi\n done\n}\n\nwait_for_keycloak\n\n# randomize token name to avoid collisions\nRANDOM_TOKEN_NAME='giteajob-'$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 5)\n\nkubectl -n cf-gitea exec deploy/gitea -c gitea -- \\\n gitea admin user create --username $ADMIN_USERNAME --password $ADMIN_PASSWORD --admin=true --must-change-password=false --email ${ADMIN_USERNAME}@${DOMAIN}\n\nadmin_token=$(kubectl -n cf-gitea exec deploy/gitea -c gitea -- \\\n gitea admin user generate-access-token --raw --username $ADMIN_USERNAME --token-name ${RANDOM_TOKEN_NAME} --scopes all\n)\n\n# Update Gitea config to use correct domain\nkubectl -n cf-gitea exec deploy/gitea -c gitea -- \\\n sed -i -e \"s/git\\.example\\.com/gitea\\.$DOMAIN/g\" /data/gitea/conf/app.ini\n\nkubectl -n cf-gitea exec deploy/gitea -c gitea -- \\\n sed -i -e \"s/http:/https:/g\" /data/gitea/conf/app.ini\n\n# Rename user forge to forge_user\ncurl -H \"Content-Type: application/json\" -H \"Authorization: Bearer ${admin_token}\" -d '{\"new_username\": \"forge_user\"}' https://gitea.${DOMAIN}/api/v1/admin/users/forge/rename\n\n# create organization forge\ncurl -H \"Content-Type: application/json\" -H \"Authorization: Bearer ${admin_token}\" -d '{\"username\": \"forge\"}' https://gitea.${DOMAIN}/api/v1/admin/users/forge_user/orgs\n\n# create team Developers with write access to org and save the ID\nTEAM_ID=$(curl -H \"Content-Type: application/json\" -H \"Authorization: Bearer ${admin_token}\" -d '{\"name\": \"Developers\", \"permission\": \"write\", \"units\": [\"repo.actions\",\"repo.code\",\"repo.issues\",\"repo.ext_issues\",\"repo.wiki\",\"repo.ext_wiki\",\"repo.pulls\",\"repo.releases\",\"repo.projects\",\"repo.ext_wiki\"]}' https://gitea.${DOMAIN}/api/v1/orgs/forge/teams | jq -r '.id')\n\n# transfer repo clusterforge to org forge\ncurl -H \"Content-Type: application/json\" -H \"Authorization: Bearer ${admin_token}\" -d '{\"new_owner\": \"forge\"}' https://gitea.${DOMAIN}/api/v1/repos/forge_user/clusterforge/transfer\n\n# add forge repo to Developer teams \ncurl -H \"Content-Type: application/json\" -X PUT -H \"Authorization: Bearer ${admin_token}\" https://gitea.${DOMAIN}/api/v1/teams/${TEAM_ID}/repos/forge/clusterforge\n\n# add user forge_user as admin collaborator to repo clusterforge\ncurl -H \"Content-Type: application/json\" -H \"Authorization: Bearer ${admin_token}\" -d '{\"permission\": \"admin\"}' https://gitea.${DOMAIN}/api/v1/repos/forge/clusterforge/collaborators/forge_user\n\n\n\nkubectl -n cf-gitea exec deploy/gitea -c gitea -- \\\n gitea admin auth add-oauth \\\n --name \"Keycloak\" \\\n --provider openidConnect \\\n --key \"gitea\" \\\n --secret ${CLIENT_SECRET} \\\n --group-claim-name \"groups\" \\\n --scopes \"groups\" \\\n --group-team-map \"{\\\"/gitea-users\\\":{\\\"forge\\\":[\\\"Developers\\\"]}}\" \\\n --auto-discover-url \"https://kc.${DOMAIN}/realms/k8s/.well-known/openid-configuration\"\n\n\npodname=$(kubectl -n cf-gitea get pods --selector=app=gitea -o jsonpath='{.items[*].metadata.name}')\n\necho \"Restarting gitea pod after keycloak is alive\"\nkubectl -n cf-gitea delete --wait=false pod/$podname\n\necho \"Restarting minio tenant pool pod after keycloak is alive\"\nkubectl -n minio-tenant-default delete --wait=false pod/default-minio-tenant-pool-0-0\n"
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: gitea-config-script
|
|
namespace: keycloak
|