74 lines
2.3 KiB
YAML
74 lines
2.3 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: rio
|
|
labels: {{- include "common.app.labels" . | nindent 4 }}
|
|
spec:
|
|
selector:
|
|
matchLabels: {{- include "common.app.labels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
labels: {{- include "common.app.labels" . | nindent 8 }}
|
|
spec:
|
|
containers:
|
|
- name: rio
|
|
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
|
|
env:
|
|
- name: PAGES_DOMAIN
|
|
value: {{ .Values.config.domain }}
|
|
- name: GITEA_URL
|
|
value: {{ .Values.config.giteaUrl | quote }}
|
|
- name: HOST
|
|
value: "0.0.0.0"
|
|
- name: PORT
|
|
value: "4443"
|
|
- name: HTTP_HOST
|
|
value: "0.0.0.0"
|
|
- name: HTTP_PORT
|
|
value: "8080"
|
|
- name: ACME_DNS_PROVIDER
|
|
value: {{ .Values.config.acme.dnsProvider }}
|
|
{{- .Values.config.acme.env | toYaml | nindent 12 }}
|
|
- name: TOKEN_FILE
|
|
value: /etc/rio/secrets/gitea-token
|
|
- name: ACME_EMAIL
|
|
value: {{ .Values.config.acme.email }}
|
|
- name: CERTS_FILE
|
|
value: /var/lib/rio/certs.json
|
|
- name: ACME_FILE
|
|
value: /var/lib/rio/acme.json
|
|
- name: ACME_SERVER
|
|
value: {{ .Values.config.acme.server }}
|
|
{{- if .Values.config.metrics.enabled }}
|
|
- name: METRICS_URL
|
|
value: {{ .Values.config.metrics.url }}
|
|
{{- end }}
|
|
ports:
|
|
- containerPort: 8080
|
|
protocol: TCP
|
|
name: http
|
|
- containerPort: 4443
|
|
protocol: TCP
|
|
name: https
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 10004
|
|
runAsGroup: 10004
|
|
readOnlyRootFilesystem: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
volumeMounts:
|
|
- mountPath: /etc/rio/secrets/
|
|
name: secrets
|
|
- mountPath: /var/lib/rio/
|
|
name: data
|
|
volumes:
|
|
- name: secrets
|
|
secret:
|
|
secretName: {{ .Values.config.secretName }}
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: rio-data
|