forked from k-space/kube
gitea: Switch to rootless image
This commit is contained in:
parent
ca4ded3d0d
commit
46677df2a3
@ -71,9 +71,16 @@ spec:
|
||||
app.kubernetes.io/name: gitea
|
||||
spec:
|
||||
enableServiceLinks: false
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
containers:
|
||||
- name: gitea
|
||||
image: gitea/gitea:1.20.2
|
||||
image: gitea/gitea:1.20.2-rootless
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
env:
|
||||
- name: GITEA__ADMIN__DISABLE_REGULAR_ORG_CREATION
|
||||
value: "true"
|
||||
@ -85,8 +92,8 @@ spec:
|
||||
value: "/cert/tls.crt"
|
||||
- name: GITEA__SERVER__KEY_FILE
|
||||
value: "/cert/tls.key"
|
||||
- name: GITEA__SERVER__SSH_LISTEN_PORT
|
||||
value: "2222"
|
||||
- name: GITEA__SERVER__SSH_PORT
|
||||
value: "22"
|
||||
- name: GITEA__SERVER__PROTOCOL
|
||||
value: https
|
||||
- name: GITEA__SERVER__REDIRECT_OTHER_PORT
|
||||
@ -174,11 +181,19 @@ spec:
|
||||
- containerPort: 2222
|
||||
name: ssh
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /etc/gitea
|
||||
name: etc
|
||||
- mountPath: /cert
|
||||
name: cert
|
||||
- mountPath: /data
|
||||
- mountPath: /var/lib/gitea
|
||||
name: data
|
||||
volumes:
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
- name: etc
|
||||
emptyDir: {}
|
||||
- name: cert
|
||||
secret:
|
||||
secretName: git-tls
|
||||
|
Loading…
Reference in New Issue
Block a user