this repo has no description
fix(vault): explicit k8s host
+14
-8
+9
-8
platform/staging/forgejo.yaml
+9
-8
platform/staging/forgejo.yaml
···
51
51
OPENID_CONNECT_SCOPES: "email profile"
52
52
USERNAME: username
53
53
service:
54
-
ENABLE_INTERNAL_SIGNIN: false
55
-
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
54
+
ENABLE_INTERNAL_SIGNIN: true
55
+
DISABLE_REGISTRATION: true
56
56
"service.explore":
57
57
DISABLE_USERS_PAGE: true
58
58
actions:
···
63
63
SHOW_FOOTER_VERSION: false
64
64
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
65
65
SHOW_FOOTER_POWERED_BY: false
66
-
oauth:
67
-
- name: SSO
68
-
provider: 'openidConnect'
69
-
autoDiscoverUrl: https://dex.cloudlab.khuedoan.com/.well-known/openid-configuration
70
-
key: vault:secret/data/forgejo/oauth#key
71
-
secret: vault:secret/data/forgejo/oauth#secret
66
+
# Staging does not currently run Dex, so keep Forgejo self-contained.
67
+
# oauth:
68
+
# - name: SSO
69
+
# provider: 'openidConnect'
70
+
# autoDiscoverUrl: https://dex.cloudlab.khuedoan.com/.well-known/openid-configuration
71
+
# key: vault:secret/data/forgejo/oauth#key
72
+
# secret: vault:secret/data/forgejo/oauth#secret
72
73
admin:
73
74
email: admin@cloudlab.khuedoan.com
74
75
username: forgejo_admin
+5
platform/staging/vault.yaml
+5
platform/staging/vault.yaml
···
97
97
policies:
98
98
- allow_secrets
99
99
ttl: 1h
100
+
config:
101
+
# Needs to be explicit, otherwise it will fallback to
102
+
# https://$KUBERNETES_SERVICE_HOST & breaks on IPv6-only
103
+
# cluster because the address is not bracketed
104
+
kubernetes_host: https://kubernetes.default.svc.cluster.local:443
100
105
type: kubernetes
101
106
policies:
102
107
- name: allow_secrets