update(woodpecker)

projects/woodpecker/manifests/netpol.yaml

@@ -0,0 +1,16 @@
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-kubeapi
+  namespace: woodpecker
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: agent
+  egress:
+  - toEntities:
+    - kube-apiserver
+  - toPorts:
+    - ports:
+      - port: "6443"
+        protocol: TCP

projects/woodpecker/project.yml

@@ -12,8 +12,8 @@ config:
 
 
 apps:
-  - name: woodpecker-server
+  - name: woodpecker
-    path: charts/server
+    path: charts/woodpecker
     secrets:
       - name: github-oauth
         keys:
@@ -22,12 +22,3 @@ apps:
       - name: woodpecker-secret
         keys:
           - WOODPECKER_AGENT_SECRET
-
-  - name: woodpecker-agent
-    namespace: woodpecker-agent
-    path: charts/agent
-    secrets:
-      - name: woodpecker-secret
-        fromApp: woodpecker-server
-        keys:
-          - WOODPECKER_AGENT_SECRET

projects/woodpecker/values/woodpecker-agent.yaml

@@ -1,45 +0,0 @@
-replicaCount: 2
-
-image:
-  registry: docker.io
-  repository: woodpeckerci/woodpecker-agent
-  pullPolicy: Always
-  tag: "next"
-
-env:
-  WOODPECKER_SERVER: "woodpecker-server.woodpecker.svc.cluster.local:9000"
-  WOODPECKER_BACKEND: kubernetes
-  WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-agent
-  WOODPECKER_BACKEND_K8S_STORAGE_CLASS: "ssd"
-  WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1G
-  WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
-
-dind:
-  enabled: false
-
-extraSecretNamesForEnvFrom:
-- woodpecker-secret
-
-serviceAccount:
-  create: true
-  rbac:
-    create: true
-
-podSecurityContext:
-  fsGroup: 2000
-
-securityContext:
-  capabilities:
-    drop:
-    - ALL
-  readOnlyRootFilesystem: true
-  runAsNonRoot: true
-  runAsUser: 1000
-
-resources:
-  limits:
-    cpu: 4000m
-    memory: 1024Mi
-  requests:
-    cpu: 100m
-    memory: 128Mi

projects/woodpecker/values/woodpecker-server.yaml

@@ -1,81 +0,0 @@
-replicaCount: 1
-
-image:
-  registry: docker.io
-  repository: woodpeckerci/woodpecker-server
-  pullPolicy: Always
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "next"
-
-dind:
-  enabled: false
-
-env:
-  WOODPECKER_OPEN: "false"
-  WOODPECKER_ADMIN: "Nold360"
-  WOODPECKER_HOST: https://ci.nold.in
-  WOODPECKER_GITHUB: "true"
-  #WOODPECKER_REPO_OWNERS: "nold360"
-
-  HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
-  HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
-  http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
-  https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
-  NO_PROXY: localhost,.cluster.local,10.43.0.1
-  no_proxy: localhost,.cluster.local,10.43.0.1
-
-
-extraSecretNamesForEnvFrom:
-- github-oauth
-- woodpecker-secret
-
-persistentVolume:
-  enabled: true
-  size: 10Gi
-  mountPath: "/var/lib/woodpecker"
-  storageClass: "local-path"
-
-podSecurityContext:
-  fsGroup: 2000
-
-securityContext:
-  capabilities:
-    drop:
-    - ALL
-  readOnlyRootFilesystem: true
-  runAsNonRoot: true
-  runAsUser: 1000
-
-service:
-  type: ClusterIP
-  port: 80
-
-ingress:
-  enabled: true
-  ingressClassName: ingress-external
-  labels:
-    environment: external
-  annotations:
-    kubernetes.io/tls-acme: "true"
-    cert-manager.io/cluster-issuer: letsencrypt
-    external-dns.alpha.kubernetes.io/hostname: ci.nold.in
-    external-dns.alpha.kubernetes.io/target: nold.in
-  hosts:
-    - host: ci.nold.in
-      paths:
-      - path: /
-        backend:
-          serviceName: server
-          servicePort: 80
-  tls:
-    - secretName: ci-nold-in-tls
-      hosts:
-        - ci.nold.in
-
-resources:
-  limits:
-    cpu: 500m
-    memory: 512Mi
-  requests:
-    cpu: 100m
-    memory: 128Mi

projects/woodpecker/values/woodpecker.yml

@@ -0,0 +1,148 @@
+agent:
+  # -- Enable the agent component
+  enabled: true
+
+  # -- The number of replicas for the deployment
+  replicaCount: 2
+
+  image:
+    registry: docker.io
+    repository: woodpeckerci/woodpecker-agent
+    pullPolicy: Always
+    tag: 'next'
+
+  env:
+    # -- Add the environment variables for the agent component
+    WOODPECKER_SERVER: 'woodpecker-server:9000'
+    WOODPECKER_BACKEND: kubernetes
+    WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
+    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: 'ssd'
+    WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
+    WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
+    WOODPECKER_BACKEND_K8S_POD_LABELS: ''
+    WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: ''
+    WOODPECKER_CONNECT_RETRY_COUNT: '1'
+
+  # -- Add extra secret that is contains environment variables
+  extraSecretNamesForEnvFrom:
+    - woodpecker-secret
+
+  persistence:
+    enabled: true
+    size: 1Gi
+    storageClass: 'ssd'
+    accessModes:
+      - ReadWriteOnce
+
+  # -- Add pod security context
+  podSecurityContext:
+    runAsUser: 1000
+    runAsGroup: 2000
+    fsGroup: 2000
+
+  # -- Add security context
+  securityContext:
+    capabilities:
+      drop:
+      - ALL
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+    runAsUser: 1000
+    runAsGroup: 2000
+
+  # -- Specifies the resources for the agent component
+  resources:
+    limits:
+      cpu: 2000m
+      memory: 1024Mi
+    requests:
+      cpu: 10m
+      memory: 10Mi
+
+server:
+  enabled: true
+
+  statefulSet:
+    replicaCount: 1
+
+  updateStrategy:
+    type: RollingUpdate
+
+  image:
+    registry: docker.io
+    repository: woodpeckerci/woodpecker-server
+    pullPolicy: Always
+    tag: 'next'
+
+  # -- Add environment variables for the server component
+  env:
+    WOODPECKER_OPEN: "false"
+    WOODPECKER_ADMIN: "Nold360"
+    WOODPECKER_HOST: https://ci.nold.in
+    WOODPECKER_GITHUB: "true"
+    #WOODPECKER_REPO_OWNERS: "nold360"
+
+    HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
+    HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
+    http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
+    https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
+    NO_PROXY: localhost,.cluster.local,10.43.0.1
+    no_proxy: localhost,.cluster.local,10.43.0.1
+
+
+  # -- Add extra environment variables from the secrets list
+  extraSecretNamesForEnvFrom:
+    - woodpecker-secret
+    - github-oauth
+
+  # -- Create a generic secret to store things in, e.g. env values
+  secrets:
+    - name: woodpecker-store
+
+  persistentVolume:
+    enabled: true
+    size: 10Gi
+    mountPath: '/var/lib/woodpecker'
+    storageClass: ''
+
+  podSecurityContext:
+    fsGroup: 2000
+
+  securityContext:
+    capabilities:
+      drop:
+      - ALL
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+    runAsUser: 1000
+
+  ingress:
+    enabled: true
+    ingressClassName: ingress-external
+    labels:
+      environment: external
+    annotations:
+      kubernetes.io/tls-acme: "true"
+      cert-manager.io/cluster-issuer: letsencrypt
+      external-dns.alpha.kubernetes.io/hostname: ci.nold.in
+      external-dns.alpha.kubernetes.io/target: nold.in
+    hosts:
+      - host: ci.nold.in
+        paths:
+        - path: /
+          backend:
+            serviceName: server
+            servicePort: 80
+    tls:
+      - secretName: ci-nold-in-tls
+        hosts:
+          - ci.nold.in
+
+  # -- Specifies the ressources for the server component
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi