apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea
  namespace: gitea
  labels:
    app.kubernetes.io/name: gitea
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: gitea
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: gitea
    spec:
      priorityClassName: system-cluster-critical
      serviceAccountName: gitea
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
      containers:
        - name: gitea
          image: bitnami/gitea:1.22.1
          securityContext:
            allowPrivilegeEscalation: false
          env:
            - name: BITNAMI_DEBUG
              value: "false"
            - name: GITEA_ADMIN_USER
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: admin_username
            - name: GITEA_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: admin_password
            - name: GITEA_ADMIN_EMAIL
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: admin_email
            - name: GITEA_APP_NAME
              value: "gitea"
            - name: GITEA_RUN_MODE
              value: "prod"
            - name: GITEA_SSH_LISTEN_PORT
              value: "2222"
            - name: GITEA_SSH_PORT
              value: "10022"
            - name: GITEA_HTTP_PORT
              value: "3000"
            - name: GITEA_ROOT_URL
              value: "https://gitea.cluster.edward.sydney"
            - name: GITEA_ENABLE_OPENID_SIGNIN
              value: "false"
            - name: GITEA_ENABLE_OPENID_SIGNUP
              value: "false"
            - name: GITEA_DATABASE_HOST
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: db_host
            - name: GITEA_DATABASE_PORT_NUMBER
              value: "5432"
            - name: GITEA_DATABASE_NAME
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: db_name
            - name: GITEA_DATABASE_USERNAME
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: db_user
            - name: GITEA_DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: gitea-secrets
                  key: db_password
            - name: GITEA_SMTP_ENABLED
              value: "false"
          ports:
            - name: http
              containerPort: 3000
            - name: ssh
              containerPort: 2222
          startupProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 600
            periodSeconds: 10
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 5
          livenessProbe:
            tcpSocket:
              port: http
            initialDelaySeconds: 600
            periodSeconds: 10
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: 30
            periodSeconds: 5
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 5
          volumeMounts:
            - name: gitea-data
              mountPath: /bitnami/gitea
            - name: empty-dir
              mountPath: /opt/bitnami/gitea
              subPath: app-base-dir
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
      volumes:
        - name: empty-dir
          emptyDir: {}
        - name: gitea-data
          persistentVolumeClaim:
            claimName: gitea-pvc