add woodpecker-deployment #152

Merged
aaron merged 2 commits from woodpecker-deployment into main 2024-10-04 19:20:25 +02:00
5 changed files with 130 additions and 0 deletions

30
app-files/apps.yaml Normal file
View file

@ -0,0 +1,30 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: woodpecker
namespace: argocd
spec:
project: default
sources:
- chart: woodpecker
repoURL: https://woodpecker-ci.org/
targetRevision: 1.6.0
helm:
releaseName: woodpecker
valueFiles:
- $values/woodpecker/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: secrets
destination:
server: https://kubernetes.default.svc
namespace: woodpecker
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: false

View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ./secret-generator.yaml

View file

@ -0,0 +1,10 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./secrets.enc.yaml

View file

@ -0,0 +1,51 @@
apiVersion: v1
kind: Secret
metadata:
name: woodpecker-forgejo
namespace: woodpecker
aaron marked this conversation as resolved
Review

If we want to avoid this SOPS definition, then the namespace definition must be in a separate file. But it is not really necessary.

If we want to avoid this SOPS definition, then the namespace definition must be in a separate file. But it is not really necessary.
labels:
app.kubernetes.io/instance: woodpecker
type: Opaque
data:
WOODPECKER_FORGEJO_CLIENT: ENC[AES256_GCM,data:zTcJ9+s6Oykd2ptkaM4/FTcIriF0BarmswUyDzvLIyeBQl7mvTktPKJaeK/RudFVzdgEJA==,iv:im64HVYag5cWwo3+wINzoHMbfaiAYu67GeNexm6ffsA=,tag:a1a6eUmjyRPOzX4r8m9iuQ==,type:str]
WOODPECKER_FORGEJO_SECRET: ENC[AES256_GCM,data:gYiC+ZYXeMGPgWnvaHHEs8pNq1UP3kFthryX346TNnM7+oJVKQjz+ufLlsKmradtH6W4ulHzmSBHByT2VHHH8uHItA+Qbs55twRL0w==,iv:4VaEMHf7K+2lEYZAMCTo+Ot018SNIzCNJs27RovaN+I=,tag:qMkWRopd4/4xGBFZk7PW/Q==,type:str]
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:DokhZ7SJGOeHnTVmnwJgmXJngaoSBZjdCAQUE76bf/tyQJoBA8Sh4vGy3VgVORY3MQIF33glxm+VNvqFWxV6LYbOvfGlJgZ5R8435NBPXfZnG/+PEungX9vQpcDvIf8ffcgGpC/Z/f3QBRAV,iv:DyuzOYf/bvUUm8NT4+8dk2hEgyqeVxOJqmt0mKCw2SQ=,tag:pvKr0hZzM4cXMErTYRr2jg==,type:str]
WOODPECKER_PROMETHEUS_AUTH_TOKEN: ENC[AES256_GCM,data:yzYzatAWs3BO8C4rsq3KpTYrHagA0eUkSD6aOlSU8u0mfJeoVq1vTzR3lLo=,iv:bhaaf9CCSHLkhYgdsTvNlZD/FFQCL6FanhIgsaXLfOA=,tag:W+MXx47fRElZaTmsAoMvPw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzakpwaHhhclQ5MU5BOVpO
eHY0WGF6bHlyaStxNW5WVGZIQzZnRVR3SVFrCjdrRjIzRjFheHZqdWpmYlFpODVo
RzBsd1llNk5JZEtFbCtuN3Nrd2lTejAKLS0tIEFxOU00aGVlM1U3S0tYdFJ5NnVH
U0h3czZCUUk5NDdlL1o1THJGSXdqMUUKA4bMrmS1o1yB+aGdUgUzWMGjfYaQ55UW
Em+FXnis5k+3eY18YplZs3rBRiiuSHjt4WOnrwOymn3TvGixS1nA2A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WGlRZzJ4emVKazRtbGxk
SUs3R3J4aGpZV2EvVTllb2h4Tlh6NDd2QndBCnlxdUQ1L3BReHV3eTQ2OEh1bjNM
b3UzdjR5YlBqakN1aU9CanZrM0RqajQKLS0tIGFhVGVXSmRXbmhJVE1aOW0xYzV2
ZStBaHZxRDhzWTVnSHFBK3J4R3R5Z2cKg/yRNnsxy0Zrwi/dcNHTzjSHcQ9ZbipN
N1JKH1WCGdmZku3m/G0DSRdxP7yNs3rJBoOg63h632bWHKHj/pElsQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVkdsM01hVzhpaUVCYTk5
SXZTemJudWl6YlNnTnJiN1dIQkdlbnBZZ2o0CkFvNndWbXBNcUNkSkVmeGx2aVBJ
WkYxbHV0czBydWZpWnN6NFkwdm5aZVUKLS0tIEhNK0FLakVZMXNKRGdpYXd2WmQz
dGZrWWhwemxSdzdjNmF2UmdVWklJeEkKmLPdUb3KcgA61fMhhiaQxwcDx0kEdh0t
gMyW7MGzyCxkUjGxb/amuPJkq0/7MujpfHK8q0AgUztmqa6Tk02P9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-04T17:19:41Z"
mac: ENC[AES256_GCM,data:oW62pLYPe4greXFb5rbyLhr29FltC1tcVsbwJd6x9HZ5Iz3JiLkHU49R4fObMBBt7gE/Dv+d+U5Ov/ucq3ulzvQdLffkzhIBilfHMCTksd8Dj41Q+I6mcedRnnFbPhyI2bVTivftotsbtPldYIl8PaWcmCRohM9Mjzf/TbWWrag=,iv:ZlmpKUWt0T06RaJdRJqqjeQaBoCgMhnpLcnydcgMCLI=,tag:Vgw7xuWVp/gnLNOD096z+w==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0

View file

@ -0,0 +1,35 @@
server:
ingress:
# -- Enable the ingress for the server component
enabled: true
# -- Add annotations to the ingress
annotations:
# kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: woodpecker.ar21.de
paths:
- path: /
backend:
serviceName: woodpecker-svc
servicePort: 80
tls:
- hosts:
- woodpecker.ar21.de
secretName: woodpecker-tls-key
statefulSet:
replicaCount: 1
env:
WOODPECKER_ADMIN: 'aaron'
WOODPECKER_HOST: 'https://woodpecker.ar21.de'
WOODPECKER_OPEN: true
WOODPECKER_FORGEJO: true
WOODPECKER_FORGEJO_URL: 'https://git.ar21.de'
extraSecretNamesForEnvFrom:
- woodpecker-forgejo
agent:
extraSecretNamesForEnvFrom:
- woodpecker-forgejo
replicaCount: 3
env:
WOODPECKER_MAX_WORKFLOWS: 2