| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 |
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: gogs
- namespace: gogs
- spec:
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: gogs
- replicas: 1
- template:
- metadata:
- labels:
- app: gogs
- spec:
- containers:
- - name: gogs
- ## Gogs container with `ssh` added. This ssh isn't servicing git operations, only used in hooks to mirror repos.
- ## TODO make a real Dockerfile out of this
- #
- # FROM gogs/gogs:next-0.14.1
- # USER root
- # RUN apk --no-cache --no-progress --logfile=no add openssh
- # USER git:git
- image: jibby0/gogs-next-ssh:0.14.1
- env:
- - name: SOCAT_LINK
- value: "false"
- name: DISABLE_REGISTRATION
- value: "true"
- ports:
- - containerPort: 2222
- name: ssh-svc
- - containerPort: 3000
- name: http-web-svc
- volumeMounts:
- - mountPath: "/data"
- name: data
- livenessProbe:
- httpGet:
- path: /
- port: 3000
- failureThreshold: 10
- initialDelaySeconds: 30
- periodSeconds: 10
- securityContext:
- runAsNonRoot: true
- runAsUser: 1000
- runAsGroup: 1000
- allowPrivilegeEscalation: false
- seccompProfile:
- type: RuntimeDefault
- capabilities:
- drop:
- - ALL
- securityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- volumes:
- - name: data
- persistentVolumeClaim:
- claimName: gogs-pvc
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: gogs-service
- namespace: gogs
- spec:
- selector:
- app: gogs
- type: ClusterIP
- ports:
- - name: gogs-web-port
- protocol: TCP
- port: 3000
- targetPort: http-web-svc
- - name: gogs-ssh-port
- protocol: TCP
- port: 2222
- targetPort: ssh-svc
- ---
- apiVersion: traefik.io/v1alpha1
- kind: IngressRouteTCP
- metadata:
- name: gogs-ssh
- namespace: gogs
- spec:
- entryPoints:
- - gogsssh
- routes:
- - match: HostSNI(`*`)
- services:
- - name: gogs-service
- port: 2222
|
