apiVersion: apps/v1 kind: Deployment metadata: name: gitlab-shell namespace: public-service labels: app: gitlab component: gitlab-shell spec: selector: matchLabels: app: gitlab component: gitlab-shell template: metadata: labels: app: gitlab component: gitlab-shell spec: initContainers: - name: configure image: busybox:latest imagePullPolicy: IfNotPresent command: ['sh', '/config/configure'] env: resources: requests: cpu: 50m volumeMounts: - name: shell-config mountPath: /config readOnly: true - name: shell-init-secrets mountPath: /init-config readOnly: true - name: shell-secrets mountPath: /init-secrets readOnly: false containers: - name: gitlab-shell image: registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.7.0 imagePullPolicy: IfNotPresent ports: - containerPort: 2222 name: ssh env: - name: GITALY_FEATURE_DEFAULT_ON value: "1" - name: CONFIG_TEMPLATE_DIRECTORY value: '/etc/gitlab-shell' - name: CONFIG_DIRECTORY value: '/srv/gitlab-shell' - name: KEYS_DIRECTORY value: '/etc/gitlab-secrets/ssh' resources: requests: cpu: 0 memory: 6M livenessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 3 successThreshold: 1 failureThreshold: 3 volumeMounts: - name: shell-config mountPath: '/etc/gitlab-shell' - name: shell-secrets mountPath: '/etc/gitlab-secrets' readOnly: true - name: sshd-config mountPath: /etc/ssh/sshd_config subPath: sshd_config readOnly: true - name: etc-ssl-certs mountPath: /etc/ssl/certs/ readOnly: true securityContext: runAsUser: 1000 fsGroup: 1000 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: gitlab component: gitlab-shell volumes: - name: shell-config configMap: name: gitlab-shell - name: sshd-config configMap: name: gitlab-shell-sshd - name: shell-init-secrets projected: defaultMode: 0440 sources: - secret: name: "gitlab-shell-host-keys" - secret: name: "gitlab-shell-secret" items: - key: "secret" path: shell/.gitlab_shell_secret - name: shell-secrets emptyDir: medium: "Memory" - name: etc-ssl-certs emptyDir: medium: "Memory"