about summary refs log tree commit diff
path: root/ops/infra/kubernetes/cgit
diff options
context:
space:
mode:
Diffstat (limited to 'ops/infra/kubernetes/cgit')
-rw-r--r--ops/infra/kubernetes/cgit/config.yaml80
1 files changed, 80 insertions, 0 deletions
diff --git a/ops/infra/kubernetes/cgit/config.yaml b/ops/infra/kubernetes/cgit/config.yaml
new file mode 100644
index 000000000000..73392adaad81
--- /dev/null
+++ b/ops/infra/kubernetes/cgit/config.yaml
@@ -0,0 +1,80 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gcsr-secrets
+type: Opaque
+data:
+  username: "Z2l0LXRhemppbi5nbWFpbC5jb20="
+  # This credential is a GCSR 'gitcookie' token.
+  password: '{{ passLookup "gcsr-tazjin-password" | b64enc }}'
+  # This credential is an OAuth token for builds.sr.ht
+  sourcehut: '{{ passLookup "sr.ht-token" | b64enc }}'
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cgit
+  labels:
+    app: cgit
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cgit
+  template:
+    metadata:
+      labels:
+        app: cgit
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      containers:
+      - name: cgit
+        image: nixery.local/shell/web.cgit-taz:{{ gitHEAD }}
+        command: [ "cgit-launch" ]
+        env:
+          - name: HOME
+            value: /git
+        volumeMounts:
+          - name: git-volume
+            mountPath: /git
+      - name: sync-gcsr
+        image: nixery.local/shell/ops.sync-gcsr:{{ gitHEAD }}
+        command: [ "sync-gcsr" ]
+        env:
+          - name: SYNC_USER
+            valueFrom:
+              secretKeyRef:
+                name: gcsr-secrets
+                key: username
+          - name: SYNC_PASS
+            valueFrom:
+              secretKeyRef:
+                name: gcsr-secrets
+                key: password
+          - name: SRHT_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: gcsr-secrets
+                key: sourcehut
+        volumeMounts:
+          - name: git-volume
+            mountPath: /git
+      volumes:
+        - name: git-volume
+          emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cgit
+spec:
+  selector:
+    app: cgit
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080