initial refactor

apps/woodpecker/dns-endpoint.yaml

@@ -0,0 +1,15 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: woodpecker.michaelthomson.dev
+  namespace: woodpecker
+spec:
+  endpoints:
+  - dnsName: woodpecker.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+      - michaelthomson.ddns.net
+    providerSpecific:
+      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+        value: "true"

apps/woodpecker/kubedock-deployment.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kubedock-server
+  namespace: woodpecker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kubedock-server
+  template:
+    metadata:
+      labels:
+        app: kubedock-server
+    spec:
+      serviceAccountName: kubedock
+      containers:
+        - name: kubedock-server
+          image: joyrex2001/kubedock
+          ports:
+            - containerPort: 2475
+          args: [
+              "server",
+              "--namespace=woodpecker",
+              "--service-account=kubedock",
+              "--timeout=20m0s",
+              "--disable-dind",
+              "--reverse-proxy",
+              "--reapmax=60m",
+            ]

apps/woodpecker/kubedock-role.yaml

@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: kubedock-role
+  namespace: woodpecker
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["create", "get", "list", "delete", "watch"]
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["list", "get"]
+  - apiGroups: [""]
+    resources: ["pods/exec"]
+    verbs: ["create"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["create", "get", "list", "delete"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["create", "get", "list", "delete"]

apps/woodpecker/kubedock-rolebinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubedock-rolebinding
+  namespace: woodpecker
+subjects:
+  - kind: User
+    name: system:serviceaccount:woodpecker:kubedock
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: kubedock-role
+  apiGroup: rbac.authorization.k8s.io

apps/woodpecker/kubedock-service.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kubedock-service
+  namespace: woodpecker
+spec:
+  selector:
+    app: kubedock-server
+  type: ClusterIP
+  clusterIP: None

apps/woodpecker/kubedock-serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubedock
+  namespace: woodpecker

apps/woodpecker/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: woodpecker

apps/woodpecker/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: woodpecker-cache
+  namespace: woodpecker
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteMany

apps/woodpecker/release.yaml

@@ -0,0 +1,80 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: woodpecker
+  namespace: woodpecker
+spec:
+  chart:
+    spec:
+      chart: woodpecker
+      version: 3.x
+      sourceRef:
+        kind: HelmRepository
+        name: woodpecker
+  interval: 15m
+  timeout: 5m
+  releaseName: woodpecker
+  values:
+    agent:
+      env:
+        # -- Add the environment variables for the agent component
+        WOODPECKER_SERVER: "woodpecker-server:9000"
+        WOODPECKER_BACKEND: kubernetes
+        WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
+        WOODPECKER_BACKEND_K8S_STORAGE_CLASS: "longhorn"
+        WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
+        WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
+        WOODPECKER_BACKEND_K8S_POD_LABELS: ""
+        WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: ""
+        WOODPECKER_CONNECT_RETRY_COUNT: "1"
+
+      extraSecretNamesForEnvFrom:
+      - woodpecker-secret
+
+    server:
+      env:
+        WOODPECKER_ADMIN: "woodpecker,admin,gitea_admin,mthomson"
+        WOODPECKER_HOST: "https://woodpecker.michaelthomson.dev"
+        WOODPECKER_WEBHOOK_HOST: "http://woodpecker-server.woodpecker.svc.cluster.local:80"
+        WOODPECKER_GITEA: "true"
+        WOODPECKER_GITEA_URL: "https://gitea.michaelthomson.dev"
+        WOODPECKER_GITEA_SKIP_VERIFY: "true"
+
+      extraSecretNamesForEnvFrom:
+      - woodpecker-secret
+
+      secrets:
+      - name: woodpecker-secret-core
+
+      persistentVolume:
+        # -- Enable the creation of the persistent volume
+        enabled: true
+        # -- Defines the size of the persistent volume
+        size: 10Gi
+        # -- Defines the path where the volume should be mounted
+        mountPath: "/var/lib/woodpecker"
+        # -- Defines the storageClass of the persistent volume
+        storageClass: "longhorn"
+
+      ingress:
+        # -- Enable the ingress for the server component
+        enabled: true
+        # -- Add annotations to the ingress
+        annotations:
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+          traefik.ingress.kubernetes.io/router.tls: "true"
+
+        # -- Defines which ingress controller will implement the resource
+        ingressClassName: traefik
+
+        hosts:
+          - host: woodpecker.michaelthomson.dev
+            paths:
+              - path: /
+                backend:
+                  serviceName: woodpecker-server
+                  servicePort: 80
+        tls:
+          - hosts:
+              - woodpecker.michaelthomson.dev
+            secretName: letsencrypt-wildcard-cert-michaelthomson.dev

apps/woodpecker/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: woodpecker
+  namespace: woodpecker
+spec:
+  interval: 15m
+  url: https://woodpecker-ci.org/

apps/woodpecker/sealedsecret-woodpecker-secret.yaml

@@ -0,0 +1,23 @@
+{
+  "kind": "SealedSecret",
+  "apiVersion": "bitnami.com/v1alpha1",
+  "metadata": {
+    "name": "woodpecker-secret",
+    "namespace": "woodpecker",
+    "creationTimestamp": null
+  },
+  "spec": {
+    "template": {
+      "metadata": {
+        "name": "woodpecker-secret",
+        "namespace": "woodpecker",
+        "creationTimestamp": null
+      }
+    },
+    "encryptedData": {
+      "WOODPECKER_AGENT_SECRET": "AgA6zq0vXuV+wVXkF1E7YeORjGchFPxWFT8M3kgBvREAZ6hvB/DPBDT3w5TkSKdaIuxczxYCNwIhzKCp831NeqLH4yE/4tBQnNImGPazO93e1GAvLgsNwJZuWXFhT4ydkc6KT6koIGYAax54LJoMCF1jctUKTgon1hXimKB12KH6MrR3d/hy/i9pMB3a+298Lz8Cp0bmj8BdOklsj4nRFolQB5HDlFhrTAUb4RbuTyvjLxbVu9dKgmdScFEdSipemRkJE2zLGA72T/I5pIWRVSWL3ymrgDLDqX22yzoLjSPrT9wNm4STqZdxn6ERj4A16Bz6kRKEAbhTwv/gpxPKSBTfARQJByYuYklNzu2/p8e9nRSbHpzy6VtFjuxgnKUvH7I0iewd390UoUJUeQZisoFi9eFQU1Q41S05tAenjwUxK0T6/xp4Qp8xA9/ZVAK/gJBhCH/1eOzdMTksJ3fWCSaTlDED7Lu3l5KA7rOUvDWG0eqC6HsRqKl09KW4LJdjzQt0M8gfMa0rkptJCs+Y/rxYBroMd1RVBwT6C2NyUKQxdBKchIpxD6bDgt1Sl0+3O72ZW9iEVH2xGFveQNIDGEWsNpnVq90qvXCE7wOl7i4RWyr3H2r7WpihIOBm67CVHVUdkq/iSY35L//cwfCa/E7P6btmsuJYPdOYL0IdRzn55pHhs0XFKSf+bnJwxkgURhIWKOktSH/nVF5yJCZXCZaD8Hebfyr3n+L+0LKXdus=",
+      "WOODPECKER_GITEA_CLIENT": "AgAn9yXV84B9U4NhzU4FfXMpEKnnj0My6VAduLO7L55/V8OcNIH/AaPp5LsMzCLoy7QORaRct67p3a4/ijoAwQ0a3zRnlXBz2/czSm6pQ8rfcZKMVmOvHrIAAWcLJlHu7WjVjGdxtLbdv5S8RKNHvIdZ08RhXnFehSKpNBBWz9tHXjU/rdALD1RNvWjG0jJ1FyqtOhwdr91fzf3KrzwWs10lRE2m1y7yIx9sVLkX10ty1ABwmlZXpOXWoQxUWfzsIH+b2ny0sXi8jO61MWRFZUb/rnsZZJsPdcG2XZhAmM4U1n8KVZ9BoLd2E4oCO4hJ4zTeLW4AKaumduoZURJT2xBfAKubQMNf+bYqT+EFFtq2I//Baq+9Uo20ITsCVCLNqdUuEQ29hKAXlgOJFvP2vHsajBJ/3v80cGNMAvj+wG1Avkuz7gaLMIXUsQhU4qco4NIZZtB9W7qcNjFVoVnM6Ljy84E4Pwyjx4PiyHo9NKBohb+NUvoSJF3kNKihO8OgUo35l9Cl0IgnW7MBFhKpAr1SqS0M3qyHkt0hww5B6lk4eXD2xbGfOH/CNTXDQih6A/ggNuz+dN8O1NuH3g6LcqgO7lOARNQ3Ava+oMRMJU3k1kz3I7N/wdLOH8swzPC9t+eSaBgbihKmZH0nS9NnO+olb6KQY4k9KHdIz8EZrjKjae/AmZ/WVVFKOePQY/7p4Ux61gE2AGHHZ8TDqjXr2/dEcAb3CXy3RV0iiqrIa7TH+Dn8WXs=",
+      "WOODPECKER_GITEA_SECRET": "AgAVT8ncCJ5Uoi+McGk4UhegwkVaajBTBXs3Gdvf0Dk1hDx0dQXWo7/hopSUV8mOdN5h3P4JuVbrBYrLMUby1gCL3UgZSc6Ylc8NfiYVosdaS9Z0nrJ2AMgc3TqfVaW0I/DHyRQhvHCdF87Tou0w7W+2lDmDyRQ+z/lcfyES3B6bE6MuArZH7UFTYsV7Cah8+5fCNrqEmFhebRe10EXMWd4wwe00g/GoslQzYugvZ2Elk7atn+Mat9yLC/eTpyWKlXP81vs5O5ln1maI0r6+9l3MLPfbOjclxUjRk/epXUE/hqtwoLFH8+9irqARqD2zOb2jT830Pneb6lC0Y6P1MH03lac9wCe9Pso1AMllcVDDTco1x+XXrNJsvrQG9PoyQDueoA3TbEcnWRS1e8B61myXPYF7t7V5ySh9X/xcZBxeEarLwkJbNrDRgivrQOyMeegY/jSyMp8D9nJkJiDHTSArTiOTIkwCOa97aoFGZiNpWx0LZ9Zo+JS1FELmLgAXktvO7HGbnogjHzcy8Fepqu0EZLvqYROeJcdwLHR05jd73nAHgmkaliRf+u46G5e+pwIF8o4iK4gk1aTFO5hl02Qs3CwQiqI8pc8R5j5zgmnlP5/Kg85krz3wX7TpZCfiC18KhCpfPj+D8LPCzdYljSo5upC2gvsrNH5EtZsnChQ3ZbOH0joiO62RU+waFNwnWu0Q3FfQKwUjE96jyeFbIc5US8euJQvWREjYPGMnSkl6ldcCUMz+p54dwvlwI8oAVJd0HD0Ofcrm4g=="
+    }
+  }
+}