fix: create user from secret instead of env

2024-12-22 06:15:20 +00:00 · 2024-12-22 06:15:20 +00:00 · 0fd5175a1d
commit 0fd5175a1d
parent 0a86bed0ce
2 changed files with 26 additions and 26 deletions
--- a/manifests/bin/createadmin.sh
+++ b/manifests/bin/createadmin.sh
@ -2,32 +2,29 @@

 function get_token() {
    kubectl exec app-0 -- gitea admin user generate-access-token \
-            --username "$NAME" \
-            --token-name "${NAME^^}" \
+            --username "$name" \
+            --token-name "${name^^}" \
            --scopes "$scopes" \
        | awk '{print $NF}'
 }

-export NAME="$1"
+name="$1"
 scopes="$2"
-export EMAIL="$NAME@$BASE_URL"
-export SECRET="gitea-$NAME"
+email="$name@$BASE_URL"
+secret="gitea-$name"

-if ! kubectl get secret "$SECRET" > /dev/null 2>&1; then
-    p="$(openssl rand -hex 32)"
-    kapply common/createadmin.yaml
-else
-    p="$(kgseckey "$SECRET" password)"
+if ! kubectl get secret "$secret" > /dev/null 2>&1; then
+    kcreatesec "$secret" \
+        --from-literal=email="$email" \
+        --from-literal=username="$name" \
+        --from-literal=password="$(openssl rand -hex 32)"
+    SECRET="$secret" kapply common/createadmin.yaml
 fi

-opts=()
 if [ -n "$scopes" ]; then
-    token="$(kgseckey "$SECRET" token || get_token)"
-    opts+=(--from-literal=token="$token")
+    kcreatesec "$secret" \
+        --from-literal=email="$email" \
+        --from-literal=username="$name" \
+        --from-literal=password="$(kgseckey "$secret" password)" \
+        --from-literal=token="$(kgseckey "$secret" token || get_token)"
 fi
-
-kcreatesec "$SECRET" \
-    --from-literal=email="$NAME@$BASE_URL" \
-    --from-literal=username="$NAME" \
-    --from-literal=password="$p" \
-    "${opts[@]}"
--- a/manifests/common/createadmin.yaml
+++ b/manifests/common/createadmin.yaml
@ -10,17 +10,20 @@ spec:
      containers:
        - name: createuser
          image: "$IMAGEAPP"
+          envFrom:
+            - secretRef:
+                name: "$SECRET"
          command:
            - bash
            - -c
            - |
-              gitea admin user change-password --must-change-password=false \
-                --username "$NAME" \
-                --password "$PASS" 2> /dev/null \
-              || gitea admin user create --admin --must-change-password=false \
-                --email "$EMAIL" \
-                --username "$NAME" \
-                --password "$PASS"
+              gitea admin user change-password --must-change-password=false
+                --username "$username"
+                --password "$password"
+              || gitea admin user create --admin --must-change-password=false
+                --email "$email"
+                --username "$username"
+                --password "$password"
          volumeMounts:
            - name: config
              mountPath: /etc/gitea/app.ini