From 503a857e2ccd6cf9799593daa77f338c45f2d0bf Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Thu, 13 Mar 2025 18:39:32 +0100 Subject: [PATCH 1/4] chore(deployment): switch to rootless container --- k8s/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index b47751c..9c756b4 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -21,7 +21,7 @@ spec: app: forgejo-pod spec: containers: - - image: codeberg.org/forgejo/forgejo:10.0.1 + - image: codeberg.org/forgejo/forgejo:10.0.1-rootless imagePullPolicy: Always env: - name: USER_UID From 1068609bbe7f33f642b24a2b815094a771af5ef0 Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Thu, 13 Mar 2025 18:45:59 +0100 Subject: [PATCH 2/4] chore(ci): add yamllint --- .woodpecker.yaml | 13 +++++++++++++ .yamllint | 12 ++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 .woodpecker.yaml create mode 100644 .yamllint diff --git a/.woodpecker.yaml b/.woodpecker.yaml new file mode 100644 index 0000000..7a00e98 --- /dev/null +++ b/.woodpecker.yaml @@ -0,0 +1,13 @@ +--- +labels: + backend: kubernetes +steps: + - name: linting + image: cytopia/yamllint:latest + commands: + - yamllint -f colored -s . +when: + - event: + - push + - manual + - pull_request diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..0453817 --- /dev/null +++ b/.yamllint @@ -0,0 +1,12 @@ +--- +yaml-files: + - '*.yaml' + - '*.yml' + - '.yamllint' + +extends: default + +rules: + line-length: disable + indentation: + indent-sequences: consistent From c16f9aa534e68916a807e5766ffda6d13c74df8d Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Thu, 13 Mar 2025 18:47:51 +0100 Subject: [PATCH 3/4] chore(k8s): adjust files for yamllint rules --- k8s/deployment.yaml | 13 +++++++------ k8s/ingress.yaml | 7 ++++--- k8s/namespace.yaml | 3 ++- k8s/persistentvolumeclaim.yaml | 3 ++- k8s/service.yaml | 3 ++- 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index 9c756b4..d7bd1fc 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -30,12 +31,12 @@ spec: value: "1000" name: forgejo ports: - - containerPort: 3000 - name: web - protocol: TCP - - containerPort: 22 - name: ssh - protocol: TCP + - containerPort: 3000 + name: web + protocol: TCP + - containerPort: 22 + name: ssh + protocol: TCP volumeMounts: - mountPath: "/data" name: forgejo-pv-storage diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml index cdddc40..05ee522 100644 --- a/k8s/ingress.yaml +++ b/k8s/ingress.yaml @@ -1,3 +1,4 @@ +--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -22,6 +23,6 @@ spec: path: / pathType: Prefix tls: - - hosts: - - git.svc.neuber.io - secretName: forgejo-tls-key + - hosts: + - git.svc.neuber.io + secretName: forgejo-tls-key diff --git a/k8s/namespace.yaml b/k8s/namespace.yaml index 94bf0b6..b159cc0 100644 --- a/k8s/namespace.yaml +++ b/k8s/namespace.yaml @@ -1,6 +1,7 @@ +--- apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/instance: forgejo - name: forgejo \ No newline at end of file + name: forgejo diff --git a/k8s/persistentvolumeclaim.yaml b/k8s/persistentvolumeclaim.yaml index 91a0549..58be915 100644 --- a/k8s/persistentvolumeclaim.yaml +++ b/k8s/persistentvolumeclaim.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -9,7 +10,7 @@ metadata: namespace: forgejo spec: accessModes: - - ReadWriteOnce + - ReadWriteOnce volumeMode: Filesystem volumeName: pvc-64e344d5-9dbe-4de4-9e6f-a1bad1da300e resources: diff --git a/k8s/service.yaml b/k8s/service.yaml index f4f9e88..424b181 100644 --- a/k8s/service.yaml +++ b/k8s/service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: @@ -17,4 +18,4 @@ spec: targetPort: 22 selector: app: forgejo-pod - type: ClusterIP \ No newline at end of file + type: ClusterIP From 1c3ebe5d81a541ec8033f82e8e87085b34b97508 Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Thu, 13 Mar 2025 18:59:25 +0100 Subject: [PATCH 4/4] chore(deployment): fix permissions --- k8s/deployment.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index d7bd1fc..ed2fff2 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -23,7 +23,7 @@ spec: spec: containers: - image: codeberg.org/forgejo/forgejo:10.0.1-rootless - imagePullPolicy: Always + imagePullPolicy: IfNotPresent env: - name: USER_UID value: "1000" @@ -40,6 +40,14 @@ spec: volumeMounts: - mountPath: "/data" name: forgejo-pv-storage + initContainers: + - name: fix-permissions + image: busybox + imagePullPolicy: IfNotPresent + command: ["sh", "-c", "chown -R 1000:1000 /mnt"] + volumeMounts: + - mountPath: "/mnt" + name: forgejo-pv-storage volumes: - name: forgejo-pv-storage persistentVolumeClaim: