apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: gitea-server
  namespace: gitea
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: gitea-server
    spec:
      initContainers:
        - name: init-config
          image: busybox
          command: ['sh', '-c', 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && chown -R 1000:1000 /data/gitea']
          volumeMounts:
          - mountPath: /data
            name: gitea-server-data
          - mountPath: /root/conf
            name: config
      containers:
      # This is only used for the initial setup, it does nothing once a app.ini
      # file exists in the conf/ directory of the data directory
      # (/data/gitea/conf in our case)
      - env:
        - name: DB_HOST
          value: gitea-db:3306
        - name: DB_NAME
          value: gitea
        - name: DB_PASSWD
          valueFrom:
            secretKeyRef:
              name: gitea-mysql-pass
              key: password
        - name: DB_TYPE
          value: mysql
        - name: DB_USER
          value: gitea
        - name: ROOT_URL
          value: https://gitea.kosmos.org
        - name: RUN_MODE
          value: prod
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: gitea-secret-key
              key: password
        - name: SSH_DOMAIN
          value: gitea.kosmos.org
        image: 5apps/gitea:latest
        name: gitea-server
        ports:
        - containerPort: 3000
        - containerPort: 3001
        - containerPort: 22
        resources: {}
        volumeMounts:
        - mountPath: /data
          name: gitea-server-data
      restartPolicy: Always
      volumes:
      - name: gitea-server-data
        persistentVolumeClaim:
          claimName: gitea-server-data
      - name: config
        secret:
          secretName: gitea-config
          items:
            - key: app.ini
              path: app.ini
              mode: 256
            - key: cert.pem
              path: cert.pem
              mode: 256
            - key: key.pem
              path: key.pem
              mode: 256
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gitea-server-data
  namespace: gitea
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
  name: gitea-server
  namespace: gitea
  labels:
    name: gitea-server
spec:
  type: LoadBalancer
  # preserves the client source IP
  externalTrafficPolicy: Local
  ports:
    - name: "ssh"
      port: 22
      targetPort: 22
    - name: "http"
      port: 80
      targetPort: 3001
    - name: "https"
      port: 443
      targetPort: 3000
  selector:
    name: gitea-server