diff --git a/bootstrap/helmrepositories/helmrepository-woodpecker.yaml b/bootstrap/helmrepositories/helmrepository-woodpecker.yaml new file mode 100644 index 0000000..99c6f24 --- /dev/null +++ b/bootstrap/helmrepositories/helmrepository-woodpecker.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: woodpecker + namespace: flux-system +spec: + interval: 15m + url: https://woodpecker-ci.org/ diff --git a/bootstrap/kustomizations/kustomization-woodpecker.yaml b/bootstrap/kustomizations/kustomization-woodpecker.yaml new file mode 100644 index 0000000..de94902 --- /dev/null +++ b/bootstrap/kustomizations/kustomization-woodpecker.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: woodpecker + namespace: flux-system +spec: + interval: 15m + path: ./woodpecker + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: woodpecker + namespace: woodpecker diff --git a/bootstrap/namespaces/namespace-woodpecker.yaml b/bootstrap/namespaces/namespace-woodpecker.yaml new file mode 100644 index 0000000..9e90725 --- /dev/null +++ b/bootstrap/namespaces/namespace-woodpecker.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: woodpecker diff --git a/woodpecker/dns-endpoint.yaml b/woodpecker/dns-endpoint.yaml new file mode 100644 index 0000000..95bdcff --- /dev/null +++ b/woodpecker/dns-endpoint.yaml @@ -0,0 +1,12 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: woodpecker.michaelthomson.dev + namespace: woodpecker +spec: + endpoints: + - dnsName: woodpecker.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - server.michaelthomson.dev diff --git a/woodpecker/helmrelease-woodpecker.yaml b/woodpecker/helmrelease-woodpecker.yaml new file mode 100644 index 0000000..b926c7a --- /dev/null +++ b/woodpecker/helmrelease-woodpecker.yaml @@ -0,0 +1,328 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: woodpecker + namespace: woodpecker +spec: + chart: + spec: + chart: woodpecker + version: 1.0.x + sourceRef: + kind: HelmRepository + name: woodpecker + namespace: flux-system + interval: 15m + timeout: 5m + releaseName: woodpecker + values: + # Default values for woodpecker. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. + + # -- Overrides the name of the chart + nameOverride: "" + # -- Overrides the full name of the chart + fullnameOverride: "" + + agent: + # -- Enable the agent component + enabled: true + + # -- The number of replicas for the deployment + replicaCount: 2 + + image: + # -- The image registry + registry: docker.io + # -- The image repository + repository: woodpeckerci/woodpecker-agent + # -- The pull policy for the image + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. + tag: "" + + env: + # -- Add the environment variables for the agent component + WOODPECKER_SERVER: "woodpecker-server:9000" + WOODPECKER_BACKEND: kubernetes + WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: "longhorn" + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G + WOODPECKER_BACKEND_K8S_STORAGE_RWX: false + WOODPECKER_BACKEND_K8S_POD_LABELS: "" + WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: "" + WOODPECKER_CONNECT_RETRY_COUNT: "1" + + # -- Add extra secret that is contains environment variables + # extraSecretNamesForEnvFrom: + # - woodpecker-secret + + # -- Additional volumes that can be mounted in containers + extraVolumes: + [] + # - name: docker-config + # configMap: + # name: docker-config + # - name: data-volume + # persistentVolumeClaim: + # claimName: example + + # -- Additional volumes that will be attached to the agent container + extraVolumeMounts: + [] + # - name: ca-certs + # mountPath: /etc/ssl/certs/ca-certificates.crt + + # -- The image pull secrets + imagePullSecrets: [] + # -- Overrides the name of the chart of the agent component + nameOverride: "" + # -- Overrides the full name of the chart of the agent component + fullnameOverride: "" + + serviceAccount: + # -- Specifies whether a service account should be created (also see RBAC subsection) + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + rbac: + # -- If your cluster has RBAC enabled and you're using the Kubernetes agent- + # backend you'll need this. (this is true for almost all production clusters) + # only change this if you have a non CNCF compliant cluster, missing the RBAC endpoints + # the Role and RoleBinding are only created if serviceAccount.create is also true + create: true + # Additional annotations and labels in role and roleBinding are only needed, if you + # are using additional tooling to manage / verify roles or roleBindings (OPA, etc.) + role: + annotations: {} + labels: {} + roleBinding: + annotations: {} + labels: {} + + # -- Add pod annotations for the agent component + podAnnotations: {} + + # -- Add pod security context + podSecurityContext: + {} + # fsGroup: 2000 + + # -- Add security context + securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + # -- Specifies the resources for the agent component + resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- Specifies the labels of the nodes that the agent component must be running + nodeSelector: {} + + # -- Specifies the tolerations + tolerations: [] + + # -- Specifies the affinity + affinity: {} + + # -- Overrides the default DNS configuration + dnsConfig: {} + + # -- Using topology spread constraints, you can ensure that there is at least one agent + # pod for each topology zone, e.g. one per arch for multi-architecture clusters + # or one for each region for geographically distributed cloud-hosted clusters. + # Ref: + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: "beta.kubernetes.io/arch" + # whenUnsatisfiable: "DoNotSchedule" + # labelSelector: + # matchLabels: + # "app.kubernetes.io/name": woodpecker-agent + + server: + # -- Enable the server component + enabled: true + + statefulSet: + # -- Add annotations to the StatefulSet + annotations: {} + # -- Add labels to the StatefulSet + labels: {} + # -- Defines the number of replicas + replicaCount: 1 + # -- The maximum number of revisions that will be maintained in the StatefulSet's revision history + # Default in 10. + revisionHistoryLimit: 5 + + updateStrategy: + # -- Defines the update strategy of the StatefulSet + type: RollingUpdate + + image: + # -- The image registry + registry: docker.io + # -- The image repository + repository: woodpeckerci/woodpecker-server + # -- The image pull policy + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. + tag: "" + + # -- Add environment variables for the server component + env: + WOODPECKER_ADMIN: "woodpecker,admin" + WOODPECKER_HOST: "https://woodpecker.michaelthomson.dev" + WOODPECKER_GITEA: "true" + WOODPECKER_GITEA_URL: "http://gitea-http.gitea.svc.cluster.local:3000" + WOODPECKER_GITEA_CLIENT: "93262b6f-e472-4ba5-b28e-3b9aa3de30f6" + WOODPECKER_GITEA_SECRET: "gto_bd2gg2etyx4enh5zgnnm7yodmsrtztxkx4pgezdo7vpaboq4ejcq" + + + # -- Add extra environment variables from the secrets list + extraSecretNamesForEnvFrom: + # - woodpecker-github-client + # - woodpecker-github-secret + - woodpecker-secret + + # -- Additional volumes that can be mounted in containers + extraVolumes: + [] + # - name: docker-config + # configMap: + # name: docker-config + # - name: data-volume + # persistentVolumeClaim: + # claimName: example + + # -- Additional volumes that will be attached to the agent container + extraVolumeMounts: + [] + # - name: ca-certs + # mountPath: /etc/ssl/certs/ca-certificates.crt + + persistentVolume: + # -- Enable the creation of the persistent volume + enabled: true + # -- Defines the size of the persistent volume + size: 10Gi + # -- Defines the path where the volume should be mounted + mountPath: "/var/lib/woodpecker" + # -- Defines the storageClass of the persistent volume + storageClass: "longhorn" + + # -- The image pull secrets + imagePullSecrets: [] + # -- Overrides the name of the helm chart of the server component + nameOverride: "" + # -- Overrides the full name of the helm chart of the server component + fullnameOverride: "" + + serviceAccount: + # -- Specifies whether a service account should be created + create: false + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + # -- Add pod annotations + podAnnotations: + {} + # prometheus.io/scrape: "true" + + # -- Add pod security context + podSecurityContext: + {} + # fsGroup: 2000 + + # -- Add security context + securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + # -- The type of the service + type: ClusterIP + # -- The port of the service + port: &servicePort 80 + # -- The cluster IP of the service (optional) + clusterIP: + # -- The loadbalancer IP of the service (optional) + loadBalancerIP: + + ingress: + # -- Enable the ingress for the server component + enabled: true + # -- Add annotations to the ingress + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" + + # -- Defines which ingress controller will implement the resource + ingressClassName: traefik + + hosts: + - host: woodpecker.michaelthomson.dev + paths: + - path: / + backend: + serviceName: woodpecker-server + servicePort: *servicePort + tls: + - hosts: + - gitea.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev + + # -- Specifies the ressources for the server component + resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- Defines the labels of the node where the server component must be running + nodeSelector: {} + + # -- Add tolerations rules + tolerations: [] + + # -- Add affinity + affinity: {} + + # -- Overrides the default DNS configuration + dnsConfig: {}