2026-04-12 13:29:15 +02:00
1 changed files with 29 additions and 13 deletions
--- a/kubernetes-templates/semaphoreui.yml
+++ b/kubernetes-templates/semaphoreui.yml
@@ -27,9 +27,8 @@ data:
  db-password: c2VYbk42RGt1cFJaN0Y=
  admin-password: QmxhY2tzdGFyMkBob21l
  access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE=
-  
-  # CLEAN BASE64 STRINGS (No spaces or newlines)
-  id_ed25519: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZWQyNTUxOQAAACDnDP06snc4Ci73FOImgNk3Mblsno53hj6XD2SK15dZbAAAAJgel/2wHpf9sAAAAAtzc2gtZWQyNTUxOQAAACDnDP06snc4Ci73FOImgNk3Mblsno53hj6XD2SK15dZbAAAAEBThqcrsWeeUZzEyWVZbhDiJdOEBFXJH85sa1Cc+WWCI+cM/TqydzgKLvcU4iaA2TcxuWyejneGPpcPZIrXl1lsAAAADmtod2V6aUBEQVJLU1VOAQIDBAUGBw==
+  # SSH Keys (Base64)
+  id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0=
  id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4=
 ---
 apiVersion: v1
@@ -50,8 +49,6 @@ kind: Deployment
 metadata:
  name: semaphore
  namespace: semaphore
-  labels:
-    app: semaphore
 spec:
  replicas: 1
  selector:
@@ -72,10 +69,24 @@ spec:
      hostAliases:
        - ip: "169.255.58.144"
          hostnames:
-           - "gitea.khongisa.co.za"
+            - "gitea.khongisa.co.za"
+      
+      initContainers:
+        - name: volume-permissions
+          image: busybox:latest
+          command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chown -R 1001:1001 /home/semaphore /tmp/semaphore"]
+          volumeMounts:
+            - name: semaphore-persistent-storage
+              mountPath: /home/semaphore
+              subPath: home
+            - name: semaphore-persistent-storage
+              mountPath: /tmp/semaphore
+              subPath: tmp
+
      securityContext:
        runAsUser: 1001
        fsGroup: 1001
+
      containers:
        - name: semaphore
          image: semaphoreui/semaphore:latest
@@ -114,23 +125,28 @@ spec:
              valueFrom: { secretKeyRef: { name: semaphore-secrets, key: admin-password } }
            - name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
              valueFrom: { secretKeyRef: { name: semaphore-secrets, key: access-key-encryption } }
-          volumeMounts:
-            - name: semaphore-tmp
+          volumeMounts:            
+            - name: semaphore-persistent-storage
+              mountPath: /home/semaphore
+              subPath: home
+            - name: semaphore-persistent-storage
              mountPath: /tmp/semaphore
-            - name: ssh-keys-volume
+              subPath: tmp
+            - name: ssh-keys-secret
              mountPath: /home/semaphore/.ssh/id_ed25519
              subPath: id_ed25519
-            - name: ssh-keys-volume
+            - name: ssh-keys-secret
              mountPath: /home/semaphore/.ssh/id_ed25519.pub
              subPath: id_ed25519.pub
+
      volumes:
-        - name: semaphore-tmp
+        - name: semaphore-persistent-storage
          persistentVolumeClaim:
            claimName: semaphore-data-pvc
-        - name: ssh-keys-volume
+        - name: ssh-keys-secret
          secret:
            secretName: semaphore-secrets
-            defaultMode: 384 
+            defaultMode: 384
            items:
              - key: id_ed25519
                path: id_ed25519