apiVersion: v1 kind: ConfigMap metadata: name: "gitea" data: USER: git USER_UID: "1000" USER_GID: "1000" GITEA__DEFAULT__APP_NAME: "Xeserv internal git" GITEA__storage__STORAGE_TYPE: minio #GITEA__storage__STORAGE_TYPE: local GITEA__storage__SERVE_DIRECT: "false" GITEA__storage__MINIO_ENDPOINT: minio.xeserv.us GITEA__storage__MINIO_BUCKET: gitea GITEA__storage__MINIO_LOCATION: auto GITEA__storage__MINIO_USE_SSL: "true" GITEA__service__DISABLE_REGISTRATION: "false" GITEA__service__REGISTER_MANUAL_CONFIRM: "true" GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true" GITEA__server__SSH_DOMAIN: "git.gitea.svc.alrest.xeserv.us" GITEA__service.explore__REQUIRE_SIGNIN_VIEW: "true" --- apiVersion: v1 kind: ConfigMap metadata: name: gitea-custom data: robots.txt: | User-agent: * Disallow: / # "templates/custom/header.tmpl": | # --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea labels: xeiaso.net/thing: http annotations: keel.sh/policy: all keel.sh/trigger: poll keel.sh/pollSchedule: "@hourly" spec: replicas: 1 strategy: type: Recreate selector: matchLabels: xeiaso.net/thing: http template: metadata: labels: xeiaso.net/thing: http spec: securityContext: fsGroup: 1000 imagePullSecrets: - name: techarohq-botstopper volumes: - name: data persistentVolumeClaim: claimName: gitea - name: internal-certs secret: secretName: gitea-internal-tls - name: custom configMap: name: gitea-custom - name: anubis configMap: name: anubis-cfg - name: botstopper-css configMap: name: botstopper-custom-css containers: - name: main image: gitea/gitea:1-rootless imagePullPolicy: Always resources: limits: cpu: "2" memory: "2Gi" requests: cpu: "1" memory: "1Gi" securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: gitea - secretRef: name: gitea-secrets ports: - name: http containerPort: 3000 protocol: TCP - name: ssh containerPort: 2222 protocol: TCP volumeMounts: - name: data mountPath: /var/lib/gitea subPath: data - name: data mountPath: /etc/gitea subPath: conf - name: custom mountPath: /var/lib/gitea/custom livenessProbe: httpGet: path: /api/healthz port: http initialDelaySeconds: 200 timeoutSeconds: 5 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 - name: relayd image: ghcr.io/xe/x/relayd:latest imagePullPolicy: "Always" resources: limits: cpu: "500m" memory: "512Mi" requests: cpu: "100m" memory: "256Mi" securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault env: - name: BIND value: ":8443" - name: PROXY_TO value: "http://localhost:3000" volumeMounts: - name: "internal-certs" mountPath: "/xe/pki" readOnly: true - name: anubis image: ghcr.io/techarohq/botstopper/anubis:latest imagePullPolicy: Always env: - name: "BIND" value: ":8080" - name: "DIFFICULTY" value: "4" - name: "ERROR_TITLE" value: "Error detected" - name: "METRICS_BIND" value: ":9090" - name: "OVERLAY_FOLDER" value: "/xe/cfg/botstopper" - name: "POLICY_FNAME" value: "/xe/cfg/anubis/botPolicies.yaml" - name: "SERVE_ROBOTS_TXT" value: "true" - name: "TARGET" value: "http://localhost:3000" - name: ED25519_PRIVATE_KEY_HEX valueFrom: secretKeyRef: name: anubis-key key: ED25519_PRIVATE_KEY_HEX # - name: "SLOG_LEVEL" # value: "debug" volumeMounts: - name: anubis mountPath: /xe/cfg/anubis - name: botstopper-css mountPath: /xe/cfg/botstopper/static/css resources: limits: cpu: 500m memory: 128Mi requests: cpu: 250m memory: 128Mi securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: RuntimeDefault