1apiVersion: apps/v1
 2kind: Deployment
 3metadata:
 4  name: legit
 5  labels:
 6    app: legit
 7spec:
 8  selector:
 9    matchLabels:
10      app: legit
11  replicas: 1
12  strategy:
13    type: RollingUpdate
14  template:
15    metadata:
16      labels:
17        app: legit
18    spec:
19      nodeSelector:
20        kubernetes.io/hostname: denna
21      securityContext:
22        runAsUser: 1001 # git
23        runAsGroup: 100 # users
24      containers:
25        - name: legit
26          image: sini:5000/legit:latest
27          imagePullPolicy: Always
28          ports:
29            - containerPort: 5555
30          args:
31            - -config
32            - /config.yaml
33          volumeMounts:
34            - name: repos
35              mountPath: /var/www/git
36              readOnly: true
37      volumes:
38        - name: repos
39          hostPath:
40            path: /home/git
41---
42apiVersion: v1
43kind: Service
44metadata:
45  name: legit
46spec:
47  selector:
48    app: legit
49  ports:
50    - name: legit-http
51      port: 5555
52      targetPort: 5555
53---
54apiVersion: networking.k8s.io/v1
55kind: Ingress
56metadata:
57  name: git.icyphox.sh
58  namespace: default
59  annotations:
60    cert-manager.io/cluster-issuer: "letsencrypt-prod"
61    nginx.ingress.kubernetes.io/configuration-snippet: |-
62      location /robots.txt {
63        return 200 "User-Agent: Amazonbot\nDisallow: /\n\nUser-Agent: AhrefsBot\nDisallow: /\n";
64      }      
65spec:
66  ingressClassName: nginx
67  tls:
68    - hosts:
69        - git.icyphox.sh
70      secretName: git-icyphox-sh-tls
71  rules:
72    - host: git.icyphox.sh
73      http:
74        paths:
75          - path: /
76            pathType: Prefix
77            backend:
78              service:
79                name: legit
80                port:
81                  number: 5555