apiVersion: apps/v1 kind: Deployment metadata: name: git-server namespace: cicd labels: app: git-server spec: replicas: 1 selector: matchLabels: app: git-server template: metadata: labels: app: git-server spec: securityContext: fsGroup: 1000 initContainers: - name: setup image: alpine:3.19 command: - /bin/sh - -c - | mkdir -p /cache-init chown -R 101:1000 /cache-init mkdir -p /ssh-init chown -R 0:0 /ssh-init volumeMounts: - name: cgit-cache mountPath: /cache-init - name: ssh-host-keys mountPath: /ssh-init containers: # Container 1: SSH Git Server - name: git-server image: registry.lan.buetow.org:30001/git-server:1.0 imagePullPolicy: Always ports: - containerPort: 22 name: ssh protocol: TCP volumeMounts: - name: repos mountPath: /repos - name: git-ssh-keys mountPath: /home/git/.ssh/authorized_keys subPath: authorized_keys readOnly: true - name: ssh-host-keys mountPath: /etc/ssh securityContext: runAsUser: 0 runAsGroup: 0 allowPrivilegeEscalation: false capabilities: drop: ["ALL"] resources: requests: cpu: 50m memory: 128Mi limits: cpu: 250m memory: 256Mi # Container 2: CGit Web UI - name: cgit image: joseluisq/alpine-cgit:latest ports: - containerPort: 8080 name: http protocol: TCP env: - name: CGIT_TITLE value: "f3s Git Repository Browser" - name: CGIT_DESC value: "Browse git repositories" volumeMounts: - name: repos mountPath: /repos readOnly: true - name: cgit-config mountPath: /etc/cgitrc subPath: cgitrc readOnly: true - name: cgit-cache mountPath: /var/cache/cgit securityContext: runAsUser: 101 runAsGroup: 101 allowPrivilegeEscalation: false capabilities: drop: ["ALL"] resources: requests: cpu: 50m memory: 128Mi limits: cpu: 250m memory: 256Mi volumes: - name: repos persistentVolumeClaim: claimName: git-server-pvc - name: git-ssh-keys secret: secretName: git-server-authorized-keys defaultMode: 0400 - name: cgit-config configMap: name: cgit-config - name: cgit-cache emptyDir: {} - name: ssh-host-keys emptyDir: {}