public
/
stack
5
0
Fork 1
Code Issues 4 Pull Requests 1 Packages Projects Releases Wiki Activity
stack/kustomizations/forgejo/resources.yaml

179 lines
4.3 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: Service
metadata:
name: forgejo
labels:
app: forgejo
spec:
ports:
- name: http
port: 80
targetPort: http
- name: ssh
port: 22
targetPort: ssh
selector:
app: forgejo
type: ClusterIP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: forgejo
labels:
app: forgejo
spec:
replicas: 1
selector:
matchLabels:
app: forgejo
serviceName: forgejo
template:
metadata:
labels:
app: forgejo
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
seccompProfile:
type: RuntimeDefault
initContainers:
- name: forgejo-ensure-directories
image: codeberg.org/forgejo/forgejo:1.21.11-1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
command: ["sh"]
args:
- -c
- |-
mkdir -p /data/git/.ssh
mkdir -p /data/gitea
chmod go-rwx /data/git/.ssh
chmod go-rwx /data/gitea
volumeMounts:
- name: forgejo-data
mountPath: /data
- name: config-templater
image: codeberg.org/forgejo/forgejo:1.21.11-1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
command: ["environment-to-ini"]
args:
- --config
- /input/app_template.ini
- --out
- /output/app.ini
volumeMounts:
- name: forgejo-config-template
mountPath: /input
- name: forgejo-config
mountPath: /output
- name: forgejo-migrate
image: codeberg.org/forgejo/forgejo:1.21.11-1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
command: ["forgejo"]
args:
- -c
- /etc/forgejo/app.ini
- migrate
volumeMounts:
- name: forgejo-data
mountPath: /data
- name: forgejo-config
mountPath: /etc/forgejo
- name: forgejo-oidc
image: codeberg.org/forgejo/forgejo:1.21.11-1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
command: ["sh"]
args:
- -c
- >-
forgejo -c /etc/forgejo/app.ini admin auth add-oauth
--name $(AUTH_PROVIDER_NAME)
--provider openidConnect
--key $(AUTH_PROVIDER_KEY)
--secret $(AUTH_PROVIDER_SECRET)
--auto-discover-url $(AUTH_PROVIDER_URL)
|| true
volumeMounts:
- name: forgejo-data
mountPath: /data
- name: forgejo-config
mountPath: /etc/forgejo
containers:
- name: forgejo-web
image: codeberg.org/forgejo/forgejo:1.21.11-1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
command: ["forgejo"]
args:
- -c
- /etc/forgejo/app.ini
- web
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: forgejo-data
mountPath: /data
- name: forgejo-config
mountPath: /etc/forgejo
- name: forgejo-ssh
image: codeberg.org/forgejo/forgejo:1.21.11-1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
command: ["/usr/sbin/sshd"]
args:
- -D
- -e
- -p
- "2222"
- -o
- PidFile=/tmp/sshd.pid
ports:
- containerPort: 2222
name: ssh
volumeMounts:
- name: forgejo-data
mountPath: /data
- name: forgejo-config
mountPath: /etc/forgejo
volumes:
- name: forgejo-config
emptyDir: {}
- name: forgejo-config-template
configMap:
name: forgejo-config-template
volumeClaimTemplates:
- metadata:
name: forgejo-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
Reference in New Issue View Git Blame Copy Permalink