--- apiVersion: apps/v1 kind: Deployment metadata: name: rio labels: {{- include "common.app.labels" . | nindent 4 }} spec: selector: matchLabels: {{- include "common.app.labels" . | nindent 6 }} template: metadata: labels: {{- include "common.app.labels" . | nindent 8 }} spec: containers: - name: rio image: "{{ .Values.image }}:{{ .Values.imageTag }}" env: - name: PAGES_DOMAIN value: {{ .Values.config.domain }} - name: GITEA_URL value: {{ .Values.config.giteaUrl | quote }} - name: HOST value: "0.0.0.0" - name: PORT value: "4443" - name: HTTP_HOST value: "0.0.0.0" - name: HTTP_PORT value: "8080" - name: ACME_DNS_PROVIDER value: {{ .Values.config.acme.dnsProvider }} {{- .Values.config.acme.env | toYaml | nindent 12 }} - name: TOKEN_FILE value: /etc/rio/secrets/gitea-token - name: ACME_EMAIL value: {{ .Values.config.acme.email }} - name: CERTS_FILE value: /var/lib/rio/certs.json - name: ACME_FILE value: /var/lib/rio/acme.json - name: ACME_SERVER value: {{ .Values.config.acme.server }} {{- if .Values.config.metrics.enabled }} - name: METRICS_URL value: {{ .Values.config.metrics.url }} {{- end }} ports: - containerPort: 8080 protocol: TCP name: http - containerPort: 4443 protocol: TCP name: https securityContext: runAsNonRoot: true runAsUser: 10004 runAsGroup: 10004 readOnlyRootFilesystem: true capabilities: drop: - ALL volumeMounts: - mountPath: /etc/rio/secrets/ name: secrets - mountPath: /var/lib/rio/ name: data volumes: - name: secrets secret: secretName: {{ .Values.config.secretName }} - name: data persistentVolumeClaim: claimName: rio-data