add woodpecker-deployment #152
5 changed files with 130 additions and 0 deletions
30
app-files/apps.yaml
Normal file
30
app-files/apps.yaml
Normal file
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: woodpecker
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
sources:
|
||||
- chart: woodpecker
|
||||
repoURL: https://woodpecker-ci.org/
|
||||
targetRevision: 1.6.0
|
||||
helm:
|
||||
releaseName: woodpecker
|
||||
valueFiles:
|
||||
- $values/woodpecker/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
path: secrets
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: woodpecker
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
4
woodpecker/secrets/kustomization.yaml
Normal file
4
woodpecker/secrets/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
- ./secret-generator.yaml
|
10
woodpecker/secrets/secret-generator.yaml
Normal file
10
woodpecker/secrets/secret-generator.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: secret-generator
|
||||
annotations:
|
||||
config.kubernetes.io/function: |
|
||||
exec:
|
||||
path: ksops
|
||||
files:
|
||||
- ./secrets.enc.yaml
|
51
woodpecker/secrets/secrets.enc.yaml
Normal file
51
woodpecker/secrets/secrets.enc.yaml
Normal file
|
@ -0,0 +1,51 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: woodpecker-forgejo
|
||||
namespace: woodpecker
|
||||
aaron marked this conversation as resolved
|
||||
labels:
|
||||
app.kubernetes.io/instance: woodpecker
|
||||
type: Opaque
|
||||
data:
|
||||
WOODPECKER_FORGEJO_CLIENT: ENC[AES256_GCM,data:zTcJ9+s6Oykd2ptkaM4/FTcIriF0BarmswUyDzvLIyeBQl7mvTktPKJaeK/RudFVzdgEJA==,iv:im64HVYag5cWwo3+wINzoHMbfaiAYu67GeNexm6ffsA=,tag:a1a6eUmjyRPOzX4r8m9iuQ==,type:str]
|
||||
WOODPECKER_FORGEJO_SECRET: ENC[AES256_GCM,data:gYiC+ZYXeMGPgWnvaHHEs8pNq1UP3kFthryX346TNnM7+oJVKQjz+ufLlsKmradtH6W4ulHzmSBHByT2VHHH8uHItA+Qbs55twRL0w==,iv:4VaEMHf7K+2lEYZAMCTo+Ot018SNIzCNJs27RovaN+I=,tag:qMkWRopd4/4xGBFZk7PW/Q==,type:str]
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:DokhZ7SJGOeHnTVmnwJgmXJngaoSBZjdCAQUE76bf/tyQJoBA8Sh4vGy3VgVORY3MQIF33glxm+VNvqFWxV6LYbOvfGlJgZ5R8435NBPXfZnG/+PEungX9vQpcDvIf8ffcgGpC/Z/f3QBRAV,iv:DyuzOYf/bvUUm8NT4+8dk2hEgyqeVxOJqmt0mKCw2SQ=,tag:pvKr0hZzM4cXMErTYRr2jg==,type:str]
|
||||
WOODPECKER_PROMETHEUS_AUTH_TOKEN: ENC[AES256_GCM,data:yzYzatAWs3BO8C4rsq3KpTYrHagA0eUkSD6aOlSU8u0mfJeoVq1vTzR3lLo=,iv:bhaaf9CCSHLkhYgdsTvNlZD/FFQCL6FanhIgsaXLfOA=,tag:W+MXx47fRElZaTmsAoMvPw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzakpwaHhhclQ5MU5BOVpO
|
||||
eHY0WGF6bHlyaStxNW5WVGZIQzZnRVR3SVFrCjdrRjIzRjFheHZqdWpmYlFpODVo
|
||||
RzBsd1llNk5JZEtFbCtuN3Nrd2lTejAKLS0tIEFxOU00aGVlM1U3S0tYdFJ5NnVH
|
||||
U0h3czZCUUk5NDdlL1o1THJGSXdqMUUKA4bMrmS1o1yB+aGdUgUzWMGjfYaQ55UW
|
||||
Em+FXnis5k+3eY18YplZs3rBRiiuSHjt4WOnrwOymn3TvGixS1nA2A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WGlRZzJ4emVKazRtbGxk
|
||||
SUs3R3J4aGpZV2EvVTllb2h4Tlh6NDd2QndBCnlxdUQ1L3BReHV3eTQ2OEh1bjNM
|
||||
b3UzdjR5YlBqakN1aU9CanZrM0RqajQKLS0tIGFhVGVXSmRXbmhJVE1aOW0xYzV2
|
||||
ZStBaHZxRDhzWTVnSHFBK3J4R3R5Z2cKg/yRNnsxy0Zrwi/dcNHTzjSHcQ9ZbipN
|
||||
N1JKH1WCGdmZku3m/G0DSRdxP7yNs3rJBoOg63h632bWHKHj/pElsQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVkdsM01hVzhpaUVCYTk5
|
||||
SXZTemJudWl6YlNnTnJiN1dIQkdlbnBZZ2o0CkFvNndWbXBNcUNkSkVmeGx2aVBJ
|
||||
WkYxbHV0czBydWZpWnN6NFkwdm5aZVUKLS0tIEhNK0FLakVZMXNKRGdpYXd2WmQz
|
||||
dGZrWWhwemxSdzdjNmF2UmdVWklJeEkKmLPdUb3KcgA61fMhhiaQxwcDx0kEdh0t
|
||||
gMyW7MGzyCxkUjGxb/amuPJkq0/7MujpfHK8q0AgUztmqa6Tk02P9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-04T17:19:41Z"
|
||||
mac: ENC[AES256_GCM,data:oW62pLYPe4greXFb5rbyLhr29FltC1tcVsbwJd6x9HZ5Iz3JiLkHU49R4fObMBBt7gE/Dv+d+U5Ov/ucq3ulzvQdLffkzhIBilfHMCTksd8Dj41Q+I6mcedRnnFbPhyI2bVTivftotsbtPldYIl8PaWcmCRohM9Mjzf/TbWWrag=,iv:ZlmpKUWt0T06RaJdRJqqjeQaBoCgMhnpLcnydcgMCLI=,tag:Vgw7xuWVp/gnLNOD096z+w==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.9.0
|
35
woodpecker/values/values.yaml
Normal file
35
woodpecker/values/values.yaml
Normal file
|
@ -0,0 +1,35 @@
|
|||
server:
|
||||
ingress:
|
||||
# -- Enable the ingress for the server component
|
||||
enabled: true
|
||||
# -- Add annotations to the ingress
|
||||
annotations:
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: woodpecker.ar21.de
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: woodpecker-svc
|
||||
servicePort: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- woodpecker.ar21.de
|
||||
secretName: woodpecker-tls-key
|
||||
statefulSet:
|
||||
replicaCount: 1
|
||||
env:
|
||||
WOODPECKER_ADMIN: 'aaron'
|
||||
WOODPECKER_HOST: 'https://woodpecker.ar21.de'
|
||||
WOODPECKER_OPEN: true
|
||||
WOODPECKER_FORGEJO: true
|
||||
WOODPECKER_FORGEJO_URL: 'https://git.ar21.de'
|
||||
extraSecretNamesForEnvFrom:
|
||||
- woodpecker-forgejo
|
||||
agent:
|
||||
extraSecretNamesForEnvFrom:
|
||||
- woodpecker-forgejo
|
||||
replicaCount: 3
|
||||
env:
|
||||
WOODPECKER_MAX_WORKFLOWS: 2
|
Loading…
Reference in a new issue
If we want to avoid this SOPS definition, then the namespace definition must be in a separate file. But it is not really necessary.