ADD: addend gitlab

2026-03-12 14:23:02 +01:00
parent f0a02c3740
commit 2ea9f3973f
8 changed files with 612 additions and 1 deletions
--- a/k3s/apps/gitLab/manifest/secret.yaml
+++ b/k3s/apps/gitLab/manifest/secret.yaml
@@ -0,0 +1,58 @@
+# ─── Secret ───────────────────────────────────────────────────────
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitlab-secrets
+  namespace: gitlab
+type: Opaque
+stringData:
+  GITLAB_ROOT_PASSWORD: "NewPassword123!"
+  GITLAB_OMNIBUS_CONFIG: |
+    external_url 'https://gitlab.henryathome.home64.de'
+    gitlab_rails['gitlab_shell_ssh_port'] = 31022
+    nginx['listen_port'] = 80
+    nginx['listen_https'] = false
+    nginx['proxy_set_headers'] = {
+      'X-Forwarded-Proto' => 'https',
+      'X-Forwarded-Ssl' => 'on'
+    }
+    prometheus_monitoring['enable'] = false
+
+    # Authentik SSO (OpenID Connect)
+    gitlab_rails['omniauth_enabled'] = true
+    gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
+    gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
+    gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
+    gitlab_rails['omniauth_sync_profile_attributes'] = ['email', 'name']
+    gitlab_rails['omniauth_block_auto_created_users'] = false
+    gitlab_rails['omniauth_providers'] = [
+      {
+        name: "openid_connect",
+        label: "Authentik",
+        args: {
+          name: "openid_connect",
+          scope: ["openid", "profile", "email"],
+          response_type: "code",
+          issuer: "https://authentik.henryathome.home64.de/application/o/gitlab/",
+          discovery: true,
+          client_auth_method: "query",
+          uid_field: "sub",
+          pkce: true,
+          client_options: {
+            identifier: "HaKYx5sj767TYywPOekXD99ylk4NdPEX85UWa9Jo",
+            secret: "9AazToYtgYdfaAgZauR8FMNJVj0qF8qePz0Gq5TPYK9fiE45QUDoEM1v3CEROiSI2BngXJVRqSEgBszSyieHe283w8Ube0yWXzesLNS84qR3fDWWSpbJ3sLZBlJMKMUj",
+            redirect_uri: "https://gitlab.henryathome.home64.de/users/auth/openid_connect/callback"
+          }
+        }
+      }
+    ]
+
+---
+# ─── ConfigMap ────────────────────────────────────────────────────
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitlab-config
+  namespace: gitlab
+data:
+  GITLAB_TIMEZONE: "Europe/Berlin"