59 lines
2.2 KiB
YAML
59 lines
2.2 KiB
YAML
# ─── Secret ───────────────────────────────────────────────────────
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: gitlab-secrets
|
|
namespace: gitlab
|
|
type: Opaque
|
|
stringData:
|
|
GITLAB_ROOT_PASSWORD: "NewPassword123!"
|
|
GITLAB_OMNIBUS_CONFIG: |
|
|
external_url 'https://gitlab.henryathome.home64.de'
|
|
gitlab_rails['gitlab_shell_ssh_port'] = 31022
|
|
nginx['listen_port'] = 80
|
|
nginx['listen_https'] = false
|
|
nginx['proxy_set_headers'] = {
|
|
'X-Forwarded-Proto' => 'https',
|
|
'X-Forwarded-Ssl' => 'on'
|
|
}
|
|
prometheus_monitoring['enable'] = false
|
|
|
|
# Authentik SSO (OpenID Connect)
|
|
gitlab_rails['omniauth_enabled'] = true
|
|
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
|
|
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
|
|
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
|
|
gitlab_rails['omniauth_sync_profile_attributes'] = ['email', 'name']
|
|
gitlab_rails['omniauth_block_auto_created_users'] = false
|
|
gitlab_rails['omniauth_providers'] = [
|
|
{
|
|
name: "openid_connect",
|
|
label: "Authentik",
|
|
args: {
|
|
name: "openid_connect",
|
|
scope: ["openid", "profile", "email"],
|
|
response_type: "code",
|
|
issuer: "https://authentik.henryathome.home64.de/application/o/gitlab/",
|
|
discovery: true,
|
|
client_auth_method: "query",
|
|
uid_field: "sub",
|
|
pkce: true,
|
|
client_options: {
|
|
identifier: "HaKYx5sj767TYywPOekXD99ylk4NdPEX85UWa9Jo",
|
|
secret: "9AazToYtgYdfaAgZauR8FMNJVj0qF8qePz0Gq5TPYK9fiE45QUDoEM1v3CEROiSI2BngXJVRqSEgBszSyieHe283w8Ube0yWXzesLNS84qR3fDWWSpbJ3sLZBlJMKMUj",
|
|
redirect_uri: "https://gitlab.henryathome.home64.de/users/auth/openid_connect/callback"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
|
|
---
|
|
# ─── ConfigMap ────────────────────────────────────────────────────
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: gitlab-config
|
|
namespace: gitlab
|
|
data:
|
|
GITLAB_TIMEZONE: "Europe/Berlin"
|