forked from public/stack
179 lines
4.2 KiB
YAML
179 lines
4.2 KiB
YAML
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: forgejo
|
|
labels:
|
|
app: forgejo
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
targetPort: http
|
|
- name: ssh
|
|
port: 22
|
|
targetPort: ssh
|
|
selector:
|
|
app: forgejo
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: forgejo
|
|
labels:
|
|
app: forgejo
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: forgejo
|
|
serviceName: forgejo
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: forgejo
|
|
spec:
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
initContainers:
|
|
- name: forgejo-ensure-directories
|
|
image: codeberg.org/forgejo/forgejo:1.20.5-0
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
command: ["sh"]
|
|
args:
|
|
- -c
|
|
- |-
|
|
mkdir -p /data/git/.ssh
|
|
mkdir -p /data/gitea
|
|
chmod go-rwx /data/git/.ssh
|
|
chmod go-rwx /data/gitea
|
|
volumeMounts:
|
|
- name: forgejo-data
|
|
mountPath: /data
|
|
- name: config-templater
|
|
image: codeberg.org/forgejo/forgejo:1.20.5-0
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
command: ["environment-to-ini"]
|
|
args:
|
|
- --config
|
|
- /input/app_template.ini
|
|
- --out
|
|
- /output/app.ini
|
|
volumeMounts:
|
|
- name: forgejo-config-template
|
|
mountPath: /input
|
|
- name: forgejo-config
|
|
mountPath: /output
|
|
- name: forgejo-migrate
|
|
image: codeberg.org/forgejo/forgejo:1.20.5-0
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
command: ["forgejo"]
|
|
args:
|
|
- -c
|
|
- /etc/forgejo/app.ini
|
|
- migrate
|
|
volumeMounts:
|
|
- name: forgejo-data
|
|
mountPath: /data
|
|
- name: forgejo-config
|
|
mountPath: /etc/forgejo
|
|
- name: forgejo-oidc
|
|
image: codeberg.org/forgejo/forgejo:1.20.5-0
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
command: ["sh"]
|
|
args:
|
|
- -c
|
|
- >-
|
|
forgejo -c /etc/forgejo/app.ini admin auth add-oauth
|
|
--name $(AUTH_PROVIDER_NAME)
|
|
--provider openidConnect
|
|
--key $(AUTH_PROVIDER_KEY)
|
|
--secret $(AUTH_PROVIDER_SECRET)
|
|
--auto-discover-url $(AUTH_PROVIDER_URL)
|
|
|| true
|
|
volumeMounts:
|
|
- name: forgejo-data
|
|
mountPath: /data
|
|
- name: forgejo-config
|
|
mountPath: /etc/forgejo
|
|
containers:
|
|
- name: forgejo-web
|
|
image: codeberg.org/forgejo/forgejo:1.20.5-0
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
command: ["forgejo"]
|
|
args:
|
|
- -c
|
|
- /etc/forgejo/app.ini
|
|
- web
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
volumeMounts:
|
|
- name: forgejo-data
|
|
mountPath: /data
|
|
- name: forgejo-config
|
|
mountPath: /etc/forgejo
|
|
- name: forgejo-ssh
|
|
image: codeberg.org/forgejo/forgejo:1.20.5-0
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
command: ["/usr/sbin/sshd"]
|
|
args:
|
|
- -D
|
|
- -e
|
|
- -p
|
|
- "2222"
|
|
- -o
|
|
- PidFile=/tmp/sshd.pid
|
|
ports:
|
|
- containerPort: 2222
|
|
name: ssh
|
|
volumeMounts:
|
|
- name: forgejo-data
|
|
mountPath: /data
|
|
- name: forgejo-config
|
|
mountPath: /etc/forgejo
|
|
volumes:
|
|
- name: forgejo-config
|
|
emptyDir: {}
|
|
- name: forgejo-config-template
|
|
configMap:
|
|
name: forgejo-config-template
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: forgejo-data
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|