gitea: Switch to rootless image

This commit is contained in:
Lauri Võsandi 2023-08-15 08:08:46 +03:00
parent ca4ded3d0d
commit 46677df2a3

View File

@ -71,9 +71,16 @@ spec:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
spec: spec:
enableServiceLinks: false enableServiceLinks: false
securityContext:
fsGroup: 1000
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
containers: containers:
- name: gitea - name: gitea
image: gitea/gitea:1.20.2 image: gitea/gitea:1.20.2-rootless
securityContext:
readOnlyRootFilesystem: true
env: env:
- name: GITEA__ADMIN__DISABLE_REGULAR_ORG_CREATION - name: GITEA__ADMIN__DISABLE_REGULAR_ORG_CREATION
value: "true" value: "true"
@ -85,8 +92,8 @@ spec:
value: "/cert/tls.crt" value: "/cert/tls.crt"
- name: GITEA__SERVER__KEY_FILE - name: GITEA__SERVER__KEY_FILE
value: "/cert/tls.key" value: "/cert/tls.key"
- name: GITEA__SERVER__SSH_LISTEN_PORT - name: GITEA__SERVER__SSH_PORT
value: "2222" value: "22"
- name: GITEA__SERVER__PROTOCOL - name: GITEA__SERVER__PROTOCOL
value: https value: https
- name: GITEA__SERVER__REDIRECT_OTHER_PORT - name: GITEA__SERVER__REDIRECT_OTHER_PORT
@ -174,11 +181,19 @@ spec:
- containerPort: 2222 - containerPort: 2222
name: ssh name: ssh
volumeMounts: volumeMounts:
- mountPath: /tmp
name: tmp
- mountPath: /etc/gitea
name: etc
- mountPath: /cert - mountPath: /cert
name: cert name: cert
- mountPath: /data - mountPath: /var/lib/gitea
name: data name: data
volumes: volumes:
- name: tmp
emptyDir: {}
- name: etc
emptyDir: {}
- name: cert - name: cert
secret: secret:
secretName: git-tls secretName: git-tls