--- podSecurityContext: runAsUser: 2000 runAsGroup: 2000 fsGroup: 2000 fsGroupChangePolicy: "OnRootMismatch" runAsNonRoot: true securityContext: privileged: false allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: "RuntimeDefault" image: repository: nginx tag: latest ingress: host: halloween.dajeffers.com ingressClassName: nginx tlsEnabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-cloudflare-prod initContainers: - name: init-con image: hugomods/hugo tag: latest command: | cp /hugo.conf/setup_hugo.sh /tmp/ && chmod +x /tmp/setup_hugo.sh && /tmp/setup_hugo.sh securityContext: runAsUser: 2000 runAsGroup: 2000 fsGroup: 2000 fsGroupChangePolicy: "OnRootMismatch" runAsNonRoot: true privileged: false allowPrivilegeEscalation: false capabilities: drop: - ALL seccompProfile: type: "RuntimeDefault" volumeMounts: - mountPath: /var/cache/nginx name: cache-volume - mountPath: /var/run name: run-volume # - mountPath: nginx-conf # name: nginx-conf # subPath: default.conf # readOnly: true volumes: - name: cache-volume emptyDir: sizeLimit: 500Mi - name: run-volume emptyDir: sizeLimit: 500Mi # - name: nginx-conf # configMap: # name: nginx-conf # items: # - key: nginx.conf # path: nginx.conf monitor: enabled: true probe: enabled: true resources: requests: cpu: 200m memory: 200Mi limits: memory: 200Mi volumes: - name: init-hugo fileName: setup_hugo.sh path: /hugo.conf subPath: setup_hugo.sh # yamllint disable rule:line-length fileContent: | #!/usr/bin/env sh # Getting and building Hugo site source cd /tmp/ git clone https://git.sadmin.pro/DaJeffers/halloween.dajeffers.com.git && cd halloween.dajeffers.com && hugo && # Copying the built Hugo site to the shared volume for serving with Nginx mkdir -p /usr/share/nginx/html && cp -r ./public/. /usr/share/nginx/html # yamllint enable rule:line-length - name: shared-static-files emptyDir: true path: /usr/share/nginx/html vars: TZ: 'America/New_York'