blob: 73392adaad81f07c4699e4a5812780647d3c4838 (
plain) (
tree)
|
|
---
apiVersion: v1
kind: Secret
metadata:
name: gcsr-secrets
type: Opaque
data:
username: "Z2l0LXRhemppbi5nbWFpbC5jb20="
# This credential is a GCSR 'gitcookie' token.
password: '{{ passLookup "gcsr-tazjin-password" | b64enc }}'
# This credential is an OAuth token for builds.sr.ht
sourcehut: '{{ passLookup "sr.ht-token" | b64enc }}'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cgit
labels:
app: cgit
spec:
replicas: 1
selector:
matchLabels:
app: cgit
template:
metadata:
labels:
app: cgit
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: cgit
image: nixery.local/shell/web.cgit-taz:{{ gitHEAD }}
command: [ "cgit-launch" ]
env:
- name: HOME
value: /git
volumeMounts:
- name: git-volume
mountPath: /git
- name: sync-gcsr
image: nixery.local/shell/ops.sync-gcsr:{{ gitHEAD }}
command: [ "sync-gcsr" ]
env:
- name: SYNC_USER
valueFrom:
secretKeyRef:
name: gcsr-secrets
key: username
- name: SYNC_PASS
valueFrom:
secretKeyRef:
name: gcsr-secrets
key: password
- name: SRHT_TOKEN
valueFrom:
secretKeyRef:
name: gcsr-secrets
key: sourcehut
volumeMounts:
- name: git-volume
mountPath: /git
volumes:
- name: git-volume
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: cgit
spec:
selector:
app: cgit
ports:
- protocol: TCP
port: 80
targetPort: 8080
|
