kubernetes-templates/semaphoreui.yml

@@ -27,9 +27,8 @@ data:
   db-password: c2VYbk42RGt1cFJaN0Y=
   admin-password: QmxhY2tzdGFyMkBob21l
   access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE=
-  
+  # SSH Keys (Base64)
-  # CLEAN BASE64 STRINGS (No spaces or newlines)
+  id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0=
-  id_ed25519: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZWQyNTUxOQAAACDnDP06snc4Ci73FOImgNk3Mblsno53hj6XD2SK15dZbAAAAJgel/2wHpf9sAAAAAtzc2gtZWQyNTUxOQAAACDnDP06snc4Ci73FOImgNk3Mblsno53hj6XD2SK15dZbAAAAEBThqcrsWeeUZzEyWVZbhDiJdOEBFXJH85sa1Cc+WWCI+cM/TqydzgKLvcU4iaA2TcxuWyejneGPpcPZIrXl1lsAAAADmtod2V6aUBEQVJLU1VOAQIDBAUGBw==
   id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4=
 ---
 apiVersion: v1
@@ -50,8 +49,6 @@ kind: Deployment
 metadata:
   name: semaphore
   namespace: semaphore
-  labels:
-    app: semaphore
 spec:
   replicas: 1
   selector:
@@ -72,10 +69,24 @@ spec:
       hostAliases:
         - ip: "169.255.58.144"
           hostnames:
-           - "gitea.khongisa.co.za"
+            - "gitea.khongisa.co.za"
+      
+      initContainers:
+        - name: volume-permissions
+          image: busybox:latest
+          command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chown -R 1001:1001 /home/semaphore /tmp/semaphore"]
+          volumeMounts:
+            - name: semaphore-persistent-storage
+              mountPath: /home/semaphore
+              subPath: home
+            - name: semaphore-persistent-storage
+              mountPath: /tmp/semaphore
+              subPath: tmp
+
       securityContext:
         runAsUser: 1001
         fsGroup: 1001
+
       containers:
         - name: semaphore
           image: semaphoreui/semaphore:latest
@@ -115,19 +126,24 @@ spec:
             - name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
               valueFrom: { secretKeyRef: { name: semaphore-secrets, key: access-key-encryption } }
           volumeMounts:            
-            - name: semaphore-tmp
+            - name: semaphore-persistent-storage
+              mountPath: /home/semaphore
+              subPath: home
+            - name: semaphore-persistent-storage
               mountPath: /tmp/semaphore
-            - name: ssh-keys-volume
+              subPath: tmp
+            - name: ssh-keys-secret
               mountPath: /home/semaphore/.ssh/id_ed25519
               subPath: id_ed25519
-            - name: ssh-keys-volume
+            - name: ssh-keys-secret
               mountPath: /home/semaphore/.ssh/id_ed25519.pub
               subPath: id_ed25519.pub
+
       volumes:
-        - name: semaphore-tmp
+        - name: semaphore-persistent-storage
           persistentVolumeClaim:
             claimName: semaphore-data-pvc
-        - name: ssh-keys-volume
+        - name: ssh-keys-secret
           secret:
             secretName: semaphore-secrets
             defaultMode: 384