fix: create user from main pod instead of job

2024-12-22 06:47:14 +00:00 · 2024-12-22 06:47:14 +00:00 · db7a6b226d
commit db7a6b226d
parent 5395428902
2 changed files with 19 additions and 52 deletions
--- a/manifests/bin/createadmin.sh
+++ b/manifests/bin/createadmin.sh
@ -12,19 +12,25 @@ name="$1"
 scopes="$2"
 email="$name@$BASE_URL"
 secret="gitea-$name"
+passwd="$(kgseckey "$secret" password)"

-if ! kubectl get secret "$secret" > /dev/null 2>&1; then
-    kcreatesec "$secret" \
-        --from-literal=email="$email" \
-        --from-literal=username="$name" \
-        --from-literal=password="$(openssl rand -hex 32)"
-    NAME="$name" SECRET="$secret" kapply common/createadmin.yaml
+if [ -z "$passwd" ]; then
+    passwd="$(openssl rand -hex 32)"
+    kubectl exec statefulset/app -- \
+        gitea admin user create --admin --must-change-password=false \
+            --email "$email" \
+            --username "$name" \
+            --password "$passwd"
 fi

-if [ -n "$scopes" ]; then
-    kcreatesec "$secret" \
-        --from-literal=email="$email" \
-        --from-literal=username="$name" \
-        --from-literal=password="$(kgseckey "$secret" password)" \
-        --from-literal=token="$(kgseckey "$secret" token || get_token)"
-fi
+opts=()
+[ -n "$scopes" ] && opts+=(
+    --from-literal=token="$(kgseckey "$secret" token || get_token)"
+    --from-literal=tokenscopes="$scopes"
+)
+
+kcreatesec "$secret" \
+    --from-literal=email="$email" \
+    --from-literal=username="$name" \
+    --from-literal=password="$passwd" \
+    "${opts[@]}"
--- a/manifests/common/createadmin.yaml
+++ b/manifests/common/createadmin.yaml
@ -1,39 +0,0 @@
---
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "createadmin-$NAME"
-spec:
-  template:
-    spec:
-      restartPolicy: Never
-      containers:
-        - name: createuser
-          image: "$IMAGEAPP"
-          envFrom:
-            - secretRef:
-                name: "$SECRET"
-          command:
-            - bash
-            - -c
-            - gitea admin user change-password --must-change-password=false \
-                --username "$username" \
-                --password "$password" \
-              || gitea admin user create --admin --must-change-password=false \
-                --email "$email" \
-                --username "$username" \
-                --password "$password" \
-          volumeMounts:
-            - name: config
-              mountPath: /etc/gitea/app.ini
-              subPath: app.ini
-            - name: secrets
-              mountPath: /etc/gitea/secrets/
-      volumes:
-        - name: config
-          configMap:
-            name: gitea
-        - name: secrets
-          secret:
-            secretName: gitea
-  backoffLimit: 4