From 9b063afba0046d50ba691efe1f45159b97c2149e Mon Sep 17 00:00:00 2001 From: jeffusion Date: Thu, 5 Mar 2026 14:08:28 +0800 Subject: [PATCH] fix(k8s): remove stale GITEA_ACCESS_TOKEN/GITEA_API_URL/QDRANT_URL from k8s config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These env vars are no longer read by the application — all runtime settings are managed through the Admin Dashboard Web UI backed by SQLite. Only PORT remains in the ConfigMap. Secret resource removed entirely. README k8s sections updated accordingly. --- README.md | 18 ++++-------------- docs/README.zh-CN.md | 16 ++++------------ k8s/gitea-assistant.yaml | 30 ++++-------------------------- 3 files changed, 12 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index a16a756..e4acf5b 100644 --- a/README.md +++ b/README.md @@ -183,23 +183,13 @@ docker-compose up -d Kubernetes manifests are located in the `k8s/` directory. -**1. Configure Secrets** +**1. Configure** -Only the Gitea access token needs to be in the Secret (the only sensitive env-var-level setting): +The only env var in the ConfigMap is `PORT`. All other settings (Gitea connection, webhook secret, admin password, review engine, Feishu, etc.) are configured through the **Admin Dashboard Web UI** after deployment — they are auto-seeded with secure defaults on first boot. -```bash -echo -n "your_gitea_token" | base64 -``` +Ensure persistent storage is configured for the `/app/data` directory to retain the SQLite database and encryption key. -Update `GITEA_ACCESS_TOKEN` in `k8s/gitea-assistant.yaml`. - -**2. Configure Application** - -Edit the ConfigMap in `k8s/gitea-assistant.yaml`: - -- Set `GITEA_API_URL` to your Gitea instance API endpoint - -> **Note**: All other settings (webhook secret, admin password, review engine, Feishu, etc.) are configured through the Admin Dashboard Web UI after deployment. They are auto-seeded on first boot. Ensure persistent storage is configured for the `/app/data` directory. +**2. Deploy** **3. Deploy** ```bash diff --git a/docs/README.zh-CN.md b/docs/README.zh-CN.md index 8dc32b2..1d24a6c 100644 --- a/docs/README.zh-CN.md +++ b/docs/README.zh-CN.md @@ -183,21 +183,13 @@ docker-compose up -d Kubernetes 部署清单位于 `k8s/` 目录。 -**1. 配置密钥** +**1. 配置** -只需将 Gitea 访问令牌编码为 base64 并填入 `k8s/gitea-assistant.yaml`: +ConfigMap 中唯一的环境变量是 `PORT`。所有其他设置(Gitea 连接、Webhook 密钥、管理员密码、审查引擎、飞书等)均在部署后通过 **Web 管理后台** 配置,首次启动时自动以安全默认值初始化。 -```bash -echo -n "your_gitea_token" | base64 -``` +请确保为 `/app/data` 目录配置持久化存储,以保留 SQLite 数据库和加密密钥。 -**2. 配置应用** - -编辑 `k8s/gitea-assistant.yaml` 中的 ConfigMap: - -- 将 `GITEA_API_URL` 设置为你的 Gitea 实例 API 地址 - -> **注意**: 所有其他设置(Webhook 密钥、管理员密码、审查引擎、飞书等)均在应用部署后通过管理后台进行配置,首次启动时自动初始化。请确保为 `/app/data` 目录配置持久化存储。 +**2. 部署** **3. 部署** ```bash diff --git a/k8s/gitea-assistant.yaml b/k8s/gitea-assistant.yaml index 1f84863..e6b7278 100644 --- a/k8s/gitea-assistant.yaml +++ b/k8s/gitea-assistant.yaml @@ -1,21 +1,5 @@ --- -# Secret for sensitive environment variables -# Replace base64-encoded values before applying: -# echo -n "your_value" | base64 -apiVersion: v1 -kind: Secret -metadata: - name: gitea-assistant-secret - namespace: gitea-assistant - labels: - app.kubernetes.io/name: gitea-assistant - app.kubernetes.io/part-of: gitea-assistant -type: Opaque -data: - # REQUIRED: replace with your own base64-encoded Gitea access token - GITEA_ACCESS_TOKEN: eW91cl9naXRlYV90b2tlbg== - ---- +# ConfigMap: only infrastructure-level env vars that must be known before DB init apiVersion: v1 kind: ConfigMap metadata: @@ -25,14 +9,10 @@ metadata: app.kubernetes.io/name: gitea-assistant app.kubernetes.io/part-of: gitea-assistant data: - # Required: set to your Gitea instance API endpoint - GITEA_API_URL: "http://localhost:3000/api/v1" PORT: "3000" - # Optional: Qdrant vector DB for memory features (configure memory settings via Web UI) - QDRANT_URL: "http://qdrant.gitea-assistant.svc.cluster.local:6333" - # All other settings (review engine, Feishu, admin password, etc.) are managed - # through the Admin Dashboard Web UI. They are auto-seeded on first boot. - + # All settings (Gitea connection, webhook secret, admin password, review engine, + # Feishu, memory, etc.) are managed through the Admin Dashboard Web UI. + # They are auto-seeded with secure defaults on first boot. --- apiVersion: apps/v1 kind: Deployment @@ -63,8 +43,6 @@ spec: envFrom: - configMapRef: name: gitea-assistant-config - - secretRef: - name: gitea-assistant-secret resources: limits: memory: "512Mi"