diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml index b5ef3d1..78cd00e 100644 --- a/config/rbac/cluster_role.yaml +++ b/config/rbac/cluster_role.yaml @@ -8,6 +8,7 @@ rules: - "" resources: - pods + - pods/exec - services - services/finalizers - endpoints diff --git a/config/rbac/namespaced/role.yaml b/config/rbac/namespaced/role.yaml index 307835b..62c7472 100644 --- a/config/rbac/namespaced/role.yaml +++ b/config/rbac/namespaced/role.yaml @@ -8,6 +8,7 @@ rules: - "" resources: - pods + - pods/exec - services - services/finalizers - endpoints diff --git a/hack/operate.conf b/hack/operate.conf index 1f2b848..4336b6e 100644 --- a/hack/operate.conf +++ b/hack/operate.conf @@ -1,5 +1,5 @@ IMG=quay.io/redhatgov/gitea-operator KIND=Gitea CR_SAMPLE=redhatgov_v1alpha1_gitea_openshift.yaml -VERSION=0.0.3 +VERSION=0.0.4 CHANNELS=alpha diff --git a/roles/gitea-ocp/defaults/main.yml b/roles/gitea-ocp/defaults/main.yml index b5ff7da..b161608 100644 --- a/roles/gitea-ocp/defaults/main.yml +++ b/roles/gitea-ocp/defaults/main.yml @@ -3,6 +3,9 @@ _gitea_state: present _gitea_namespace: gitea _gitea_name: gitea +_gitea_admin_user: administrator +_gitea_admin_email: tssc@redhat.com + _gitea_postgresql_service_name: postgresql _gitea_postgresql_database_name: giteadb _gitea_postgresql_user: giteauser diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index 700cbd8..7836700 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -78,3 +78,38 @@ retries: 50 delay: 10 ignore_errors: yes + +- name: Get Gitea pod info + k8s_info: + api_version: v1 + kind: Pod + namespace: '{{ _gitea_namespace }}' + label_selectors: + - "app={{ _gitea_name }}" + register: gitea_pod + +- set_fact: + gitea_pod_name: '{{ gitea_pod.resources[0].metadata.name }}' + +- name: Check for administrator credential secret + k8s_info: + namespace: "{{ _gitea_namespace }}" + kind: Secret + name: "{{ _gitea_name }}-admin-credentials" + register: gitea_admin_credentials + +- name: Generate administrator password + block: + - set_fact: + gitea_admin_password: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}" + + - name: Create gitea-admin-credentials Secret + k8s: + definition: "{{ lookup('template', 'secret.yml.j2') | from_yaml }}" + + - name: Create Gitea admin user + community.kubernetes.k8s_exec: + namespace: "{{ _gitea_namespace }}" + pod: '{{ gitea_pod_name }}' + command: /home/gitea/gitea --config=/home/gitea/conf/app.ini admin create-user --username '{{ _gitea_admin_user }}' --password '{{ gitea_admin_password }}' --admin --email '{{ _gitea_admin_email }}' --access-token --must-change-password=false + when: not gitea_admin_credentials.resources diff --git a/roles/gitea-ocp/templates/secret.yml.j2 b/roles/gitea-ocp/templates/secret.yml.j2 new file mode 100644 index 0000000..9edbd16 --- /dev/null +++ b/roles/gitea-ocp/templates/secret.yml.j2 @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ _gitea_name }}-admin-credentials" + namespace: "{{ _gitea_namespace }}" +data: + username: "{{ 'administrator' | b64encode }}" + password: "{{ gitea_admin_password | b64encode }}"