--- apiVersion: v1 kind: Namespace metadata: name: gogs --- apiVersion: apps/v1 kind: Deployment metadata: name: gogs namespace: gogs spec: strategy: type: Recreate selector: matchLabels: app: gogs replicas: 1 template: metadata: labels: app: gogs spec: containers: - name: gogs ## Gogs container with `ssh` added. This ssh isn't servicing git operations, only used in hooks to mirror repos. ## TODO make a real Dockerfile out of this # # FROM gogs/gogs:next-0.14.1 # USER root # RUN apk --no-cache --no-progress --logfile=no add openssh # USER git:git image: jibby0/gogs-next-ssh:0.14.1 env: - name: SOCAT_LINK value: "false" name: DISABLE_REGISTRATION value: "true" ports: - containerPort: 2222 name: ssh-svc - containerPort: 3000 name: http-web-svc volumeMounts: - mountPath: "/data" name: data livenessProbe: httpGet: path: / port: 3000 failureThreshold: 10 initialDelaySeconds: 30 periodSeconds: 10 securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop: - ALL securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch volumes: - name: data persistentVolumeClaim: claimName: gogs-pvc --- apiVersion: v1 kind: Service metadata: name: gogs-service namespace: gogs spec: selector: app: gogs type: ClusterIP ports: - name: gogs-web-port protocol: TCP port: 3000 targetPort: http-web-svc - name: gogs-ssh-port protocol: TCP port: 2222 targetPort: ssh-svc --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: gogs-ssh namespace: gogs spec: entryPoints: - gogsssh routes: - match: HostSNI(`*`) services: - name: gogs-service port: 2222