# ─── Deployment ───────────────────────────────────────────────────
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitlab
  namespace: gitlab
  labels:
    app: gitlab
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitlab
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: gitlab
    spec:
      initContainers:
        - name: fix-permissions
          image: busybox
          command:
            - sh
            - -c
            - mkdir -p /var/opt/gitlab/git-data
          volumeMounts:
            - name: gitlab-data
              mountPath: /var/opt/gitlab
            - name: gitlab-git
              mountPath: /var/opt/gitlab/git-data
            - name: gitlab-config
              mountPath: /etc/gitlab

      containers:
        - name: gitlab
          image: gitlab/gitlab-ce:latest
          imagePullPolicy: IfNotPresent
          securityContext:
            capabilities:
              add:
                - SYS_RESOURCE

          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443
            - name: ssh
              containerPort: 22

          envFrom:
            - configMapRef:
                name: gitlab-config
            - secretRef:
                name: gitlab-secrets

          resources:
            requests:
              memory: "4Gi"
              cpu: "1000m"
            limits:
              memory: "8Gi"
              cpu: "4000m"

          # ─── Mounts ─────────────────────────────────────────────
          volumeMounts:
            - name: gitlab-data    # → lokal (postgresql, redis, etc.)
              mountPath: /var/opt/gitlab
            - name: gitlab-git     # → NFS (Git-Repositories)
              mountPath: /var/opt/gitlab/git-data
            - name: gitlab-config  # → lokal
              mountPath: /etc/gitlab
            - name: gitlab-logs    # → ephemeral
              mountPath: /var/log/gitlab
            - name: shm
              mountPath: /dev/shm

          startupProbe:
            exec:
              command: ["curl", "-sf", "http://localhost/-/health"]
            failureThreshold: 40
            periodSeconds: 15

          readinessProbe:
            exec:
              command: ["curl", "-sf", "http://localhost/-/health"]
            periodSeconds: 15
            failureThreshold: 3

          livenessProbe:
            exec:
              command: ["curl", "-sf", "http://localhost/-/health"]
            periodSeconds: 30
            failureThreshold: 5

      # ─── Volumes ──────────────────────────────────────────────────
      volumes:
        - name: gitlab-data        # lokal (postgresql, redis, etc.)
          persistentVolumeClaim:
            claimName: gitlab-data-pvc

        - name: gitlab-git         # NFS (Git-Repositories)
          persistentVolumeClaim:
            claimName: gitlab-git-pvc

        - name: gitlab-config      # lokal
          persistentVolumeClaim:
            claimName: gitlab-config-pvc

        - name: gitlab-logs        # ephemeral
          emptyDir: {}

        - name: shm
          emptyDir:
            medium: Memory
            sizeLimit: 256Mi