apiVersion: extensions/v1beta1 kind: Deployment metadata: name: gitea-server labels: app: gitea spec: replicas: 1 template: metadata: labels: name: gitea-server app: gitea spec: initContainers: - name: init-config image: busybox command: ['sh', '-c', 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && chown -R 1000:1000 /data/gitea'] volumeMounts: - mountPath: /data name: gitea-server-data - mountPath: /root/conf name: config containers: # This is only used for the initial setup, it does nothing once a app.ini # file exists in the conf/ directory of the data directory # (/data/gitea/conf in our case) - name: gitea-server image: gitea/gitea:1.7.1 ports: - containerPort: 3000 - containerPort: 3001 - containerPort: 22 volumeMounts: - mountPath: /data name: gitea-server-data restartPolicy: Always volumes: - name: gitea-server-data persistentVolumeClaim: claimName: gitea-server-data - name: config secret: secretName: gitea-config items: - key: app.ini path: app.ini mode: 256 - key: cert.pem path: cert.pem mode: 256 - key: key.pem path: key.pem mode: 256 --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gitea-server-data labels: app: gitea spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- apiVersion: v1 kind: Service metadata: name: gitea-server labels: name: gitea-server app: gitea spec: type: LoadBalancer # preserves the client source IP externalTrafficPolicy: Local ports: - name: "ssh" port: 22 targetPort: 22 - name: "http" port: 80 targetPort: 3001 - name: "https" port: 443 targetPort: 3000 selector: name: gitea-server