David Jeffers
33e59745d0
All checks were successful
continuous-integration/drone/push Build is passing
114 lines
2.5 KiB
YAML
114 lines
2.5 KiB
YAML
---
|
|
podSecurityContext:
|
|
runAsUser: 2000
|
|
runAsGroup: 2000
|
|
fsGroup: 2000
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
runAsNonRoot: true
|
|
|
|
securityContext:
|
|
privileged: false
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
|
|
image:
|
|
repository: nginx
|
|
tag: latest
|
|
|
|
ingress:
|
|
host: halloween.dajeffers.com
|
|
ingressClassName: nginx
|
|
tlsEnabled: true
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-cloudflare-prod
|
|
|
|
initContainers:
|
|
- name: init-con
|
|
image: hugomods/hugo
|
|
tag: latest
|
|
command: |
|
|
cp /hugo.conf/setup_hugo.sh /tmp/ &&
|
|
chmod +x /tmp/setup_hugo.sh &&
|
|
/tmp/setup_hugo.sh
|
|
securityContext:
|
|
runAsUser: 2000
|
|
runAsGroup: 2000
|
|
fsGroup: 2000
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
runAsNonRoot: true
|
|
privileged: false
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
add:
|
|
- CHOWN
|
|
- DAV_OVERRIDE
|
|
- SETGID
|
|
- SETUID
|
|
- NET_BIND_SERVICE
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
volumeMounts:
|
|
- mountPath: /var/cache/nginx
|
|
name: cache-volume
|
|
- mountPath: /var/run
|
|
name: run-volume
|
|
# - mountPath: nginx-conf
|
|
# name: nginx-conf
|
|
# subPath: default.conf
|
|
# readOnly: true
|
|
volumes:
|
|
- name: cache-volume
|
|
emptyDir:
|
|
sizeLimit: 500Mi
|
|
- name: run-volume
|
|
emptyDir:
|
|
sizeLimit: 500Mi
|
|
# - name: nginx-conf
|
|
# configMap:
|
|
# name: nginx-conf
|
|
# items:
|
|
# - key: nginx.conf
|
|
# path: nginx.conf
|
|
|
|
monitor:
|
|
enabled: true
|
|
|
|
probe:
|
|
enabled: true
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 200Mi
|
|
limits:
|
|
memory: 200Mi
|
|
|
|
volumes:
|
|
- name: init-hugo
|
|
fileName: setup_hugo.sh
|
|
path: /hugo.conf
|
|
subPath: setup_hugo.sh
|
|
# yamllint disable rule:line-length
|
|
fileContent: |
|
|
#!/usr/bin/env sh
|
|
# Getting and building Hugo site source
|
|
cd /tmp/
|
|
git clone https://git.sadmin.pro/DaJeffers/halloween.dajeffers.com.git &&
|
|
cd halloween.dajeffers.com && hugo &&
|
|
|
|
# Copying the built Hugo site to the shared volume for serving with Nginx
|
|
mkdir -p /usr/share/nginx/html && cp -r ./public/. /usr/share/nginx/html
|
|
# yamllint enable rule:line-length
|
|
- name: shared-static-files
|
|
emptyDir: true
|
|
path: /usr/share/nginx/html
|
|
|
|
vars:
|
|
TZ: 'America/New_York'
|