fix: woodpecker

projects/woodpecker/project.yml

@@ -6,14 +6,16 @@ config:
   networkPolicy:
     groups:
     - internet
+    rules:
+    - allow-agent
 
   labels:
     environment: external
 
 
 apps:
-  - name: woodpecker
-    path: charts/woodpecker
+  - name: woodpecker-server
+    path: charts/woodpecker/charts/server
     secrets:
       - name: github-oauth
         keys:
@@ -22,3 +24,15 @@ apps:
       - name: woodpecker-secret
         keys:
           - WOODPECKER_AGENT_SECRET
+
+  - name: woodpecker-agent
+    path: charts/woodpecker/charts/agent
+    namespace: woodpecker-agent
+    networkPolicy:
+      rules:
+      - allow-agent
+    secrets:
+      - name: woodpecker-secret
+        fromApp: woodpecker-server
+        keys:
+          - WOODPECKER_AGENT_SECRET

projects/woodpecker/values/woodpecker-agent.yml

@@ -0,0 +1,56 @@
+# -- The number of replicas for the deployment
+replicaCount: 2
+
+image:
+  registry: docker.io
+  repository: woodpeckerci/woodpecker-agent
+  pullPolicy: Always
+  tag: 'next'
+
+env:
+  # -- Add the environment variables for the agent component
+  WOODPECKER_SERVER: 'woodpecker-server.woodpecker.svc.cluster.local:9000'
+  WOODPECKER_BACKEND: kubernetes
+  WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-agent
+  WOODPECKER_BACKEND_K8S_STORAGE_CLASS: 'ssd'
+  WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
+  WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
+  WOODPECKER_BACKEND_K8S_POD_LABELS: ''
+  WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: ''
+  WOODPECKER_CONNECT_RETRY_COUNT: '1'
+
+# -- Add extra secret that is contains environment variables
+extraSecretNamesForEnvFrom:
+  - woodpecker-secret
+
+persistence:
+  enabled: true
+  size: 1Gi
+  storageClass: 'ssd'
+  accessModes:
+    - ReadWriteOnce
+
+# -- Add pod security context
+podSecurityContext:
+  runAsUser: 1000
+  runAsGroup: 2000
+  fsGroup: 2000
+
+# -- Add security context
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 2000
+
+# -- Specifies the resources for the agent component
+resources:
+  limits:
+    cpu: 2000m
+    memory: 1024Mi
+  requests:
+    cpu: 10m
+    memory: 10Mi

projects/woodpecker/values/woodpecker-server.yml

@@ -0,0 +1,84 @@
+statefulSet:
+  replicaCount: 1
+
+updateStrategy:
+  type: RollingUpdate
+
+image:
+  registry: docker.io
+  repository: woodpeckerci/woodpecker-server
+  pullPolicy: Always
+  tag: 'next'
+
+# -- Add environment variables for the server component
+env:
+  WOODPECKER_OPEN: "false"
+  WOODPECKER_ADMIN: "Nold360"
+  WOODPECKER_HOST: https://ci.nold.in
+  WOODPECKER_GITHUB: "true"
+  #WOODPECKER_REPO_OWNERS: "nold360"
+
+  HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
+  HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
+  http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
+  https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
+  NO_PROXY: localhost,.cluster.local,10.43.0.1
+  no_proxy: localhost,.cluster.local,10.43.0.1
+
+
+# -- Add extra environment variables from the secrets list
+extraSecretNamesForEnvFrom:
+  - woodpecker-secret
+  - github-oauth
+
+# -- Create a generic secret to store things in, e.g. env values
+secrets:
+  - name: woodpecker-store
+
+persistentVolume:
+  enabled: true
+  size: 10Gi
+  mountPath: '/var/lib/woodpecker'
+  storageClass: ''
+
+podSecurityContext:
+  fsGroup: 2000
+
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
+ingress:
+  enabled: true
+  ingressClassName: ingress-external
+  labels:
+    environment: external
+  annotations:
+    kubernetes.io/tls-acme: "true"
+    cert-manager.io/cluster-issuer: letsencrypt
+    external-dns.alpha.kubernetes.io/hostname: ci.nold.in
+    external-dns.alpha.kubernetes.io/target: nold.in
+  hosts:
+    - host: ci.nold.in
+      paths:
+      - path: /
+        backend:
+          serviceName: server
+          servicePort: 80
+  tls:
+    - secretName: ci-nold-in-tls
+      hosts:
+        - ci.nold.in
+
+# -- Specifies the ressources for the server component
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi

projects/woodpecker/values/woodpecker.yml

@@ -1,148 +0,0 @@
-agent:
-  # -- Enable the agent component
-  enabled: true
-
-  # -- The number of replicas for the deployment
-  replicaCount: 2
-
-  image:
-    registry: docker.io
-    repository: woodpeckerci/woodpecker-agent
-    pullPolicy: Always
-    tag: 'next'
-
-  env:
-    # -- Add the environment variables for the agent component
-    WOODPECKER_SERVER: 'woodpecker-server:9000'
-    WOODPECKER_BACKEND: kubernetes
-    WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
-    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: 'ssd'
-    WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
-    WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
-    WOODPECKER_BACKEND_K8S_POD_LABELS: ''
-    WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: ''
-    WOODPECKER_CONNECT_RETRY_COUNT: '1'
-
-  # -- Add extra secret that is contains environment variables
-  extraSecretNamesForEnvFrom:
-    - woodpecker-secret
-
-  persistence:
-    enabled: true
-    size: 1Gi
-    storageClass: 'ssd'
-    accessModes:
-      - ReadWriteOnce
-
-  # -- Add pod security context
-  podSecurityContext:
-    runAsUser: 1000
-    runAsGroup: 2000
-    fsGroup: 2000
-
-  # -- Add security context
-  securityContext:
-    capabilities:
-      drop:
-      - ALL
-    readOnlyRootFilesystem: true
-    runAsNonRoot: true
-    runAsUser: 1000
-    runAsGroup: 2000
-
-  # -- Specifies the resources for the agent component
-  resources:
-    limits:
-      cpu: 2000m
-      memory: 1024Mi
-    requests:
-      cpu: 10m
-      memory: 10Mi
-
-server:
-  enabled: true
-
-  statefulSet:
-    replicaCount: 1
-
-  updateStrategy:
-    type: RollingUpdate
-
-  image:
-    registry: docker.io
-    repository: woodpeckerci/woodpecker-server
-    pullPolicy: Always
-    tag: 'next'
-
-  # -- Add environment variables for the server component
-  env:
-    WOODPECKER_OPEN: "false"
-    WOODPECKER_ADMIN: "Nold360"
-    WOODPECKER_HOST: https://ci.nold.in
-    WOODPECKER_GITHUB: "true"
-    #WOODPECKER_REPO_OWNERS: "nold360"
-
-    HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
-    HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
-    http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
-    https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
-    NO_PROXY: localhost,.cluster.local,10.43.0.1
-    no_proxy: localhost,.cluster.local,10.43.0.1
-
-
-  # -- Add extra environment variables from the secrets list
-  extraSecretNamesForEnvFrom:
-    - woodpecker-secret
-    - github-oauth
-
-  # -- Create a generic secret to store things in, e.g. env values
-  secrets:
-    - name: woodpecker-store
-
-  persistentVolume:
-    enabled: true
-    size: 10Gi
-    mountPath: '/var/lib/woodpecker'
-    storageClass: ''
-
-  podSecurityContext:
-    fsGroup: 2000
-
-  securityContext:
-    capabilities:
-      drop:
-      - ALL
-    readOnlyRootFilesystem: true
-    runAsNonRoot: true
-    runAsUser: 1000
-
-  ingress:
-    enabled: true
-    ingressClassName: ingress-external
-    labels:
-      environment: external
-    annotations:
-      kubernetes.io/tls-acme: "true"
-      cert-manager.io/cluster-issuer: letsencrypt
-      external-dns.alpha.kubernetes.io/hostname: ci.nold.in
-      external-dns.alpha.kubernetes.io/target: nold.in
-    hosts:
-      - host: ci.nold.in
-        paths:
-        - path: /
-          backend:
-            serviceName: server
-            servicePort: 80
-    tls:
-      - secretName: ci-nold-in-tls
-        hosts:
-          - ci.nold.in
-
-  # -- Specifies the ressources for the server component
-  resources:
-    limits:
-      cpu: 500m
-      memory: 512Mi
-    requests:
-      cpu: 100m
-      memory: 128Mi