maxbirkin/gooseek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
32102c379a4802246f4b67d9b0af3e59bd462b6c
gooseek/backend/deploy/k8s/gitea/deployment.yaml
home d2ef146474
Some checks failed
Build and Deploy GooSeek / build-and-deploy (push) Has been cancelled
Details
security: upgrade Gitea to 1.25.4, add security headers 
- Update Gitea from 1.22.6 to 1.25.4 (fixes CVE-2026-20736, CVE-2026-20912)
- Disable public registration
- Disable Swagger API
- Add nginx-ingress security headers:
  - X-Content-Type-Options: nosniff
  - X-XSS-Protection: 1; mode=block
  - Referrer-Policy: strict-origin-when-cross-origin
  - Permissions-Policy
- Enable HSTS preload
- Reorganize Gitea K8s manifests into gitea/ directory

Made-with: Cursor
2026-03-02 22:01:51 +03:00

89 lines
2.4 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: gitea
labels:
app: gitea
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
initContainers:
- name: init-config
image: busybox:1.36
command: ['sh', '-c', 'mkdir -p /data/gitea/conf && cp -f /config/app.ini /data/gitea/conf/app.ini && chmod 666 /data/gitea/conf/app.ini && chown -R 1000:1000 /data/gitea']
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
containers:
- name: gitea
image: gitea/gitea:1.25.4
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 3000
protocol: TCP
- name: ssh
containerPort: 22
protocol: TCP
env:
- name: GITEA__security__INSTALL_LOCK
value: "true"
- name: GITEA__server__DOMAIN
value: git.gooseek.ru
- name: GITEA__server__ROOT_URL
value: https://git.gooseek.ru/
- name: GITEA__server__SSH_DOMAIN
value: git.gooseek.ru
- name: GITEA__service__DISABLE_REGISTRATION
value: "true"
- name: GITEA__api__ENABLE_SWAGGER
value: "false"
volumeMounts:
- name: data
mountPath: /data
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "1Gi"
cpu: "1000m"
livenessProbe:
httpGet:
path: /api/healthz
port: 3000
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: /api/healthz
port: 3000
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 5
volumes:
- name: data
persistentVolumeClaim:
claimName: gitea-data
- name: config
configMap:
name: gitea-config
Reference in New Issue View Git Blame Copy Permalink