update(woodpecker)

This commit is contained in:
Gerrit Pannek 2024-05-13 10:52:49 +02:00
parent 3a11e54797
commit 75b290d8c3
5 changed files with 166 additions and 137 deletions

View file

@ -0,0 +1,16 @@
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: allow-kubeapi
namespace: woodpecker
spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: agent
egress:
- toEntities:
- kube-apiserver
- toPorts:
- ports:
- port: "6443"
protocol: TCP

View file

@ -12,8 +12,8 @@ config:
apps: apps:
- name: woodpecker-server - name: woodpecker
path: charts/server path: charts/woodpecker
secrets: secrets:
- name: github-oauth - name: github-oauth
keys: keys:
@ -22,12 +22,3 @@ apps:
- name: woodpecker-secret - name: woodpecker-secret
keys: keys:
- WOODPECKER_AGENT_SECRET - WOODPECKER_AGENT_SECRET
- name: woodpecker-agent
namespace: woodpecker-agent
path: charts/agent
secrets:
- name: woodpecker-secret
fromApp: woodpecker-server
keys:
- WOODPECKER_AGENT_SECRET

View file

@ -1,45 +0,0 @@
replicaCount: 2
image:
registry: docker.io
repository: woodpeckerci/woodpecker-agent
pullPolicy: Always
tag: "next"
env:
WOODPECKER_SERVER: "woodpecker-server.woodpecker.svc.cluster.local:9000"
WOODPECKER_BACKEND: kubernetes
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-agent
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: "ssd"
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1G
WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
dind:
enabled: false
extraSecretNamesForEnvFrom:
- woodpecker-secret
serviceAccount:
create: true
rbac:
create: true
podSecurityContext:
fsGroup: 2000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
resources:
limits:
cpu: 4000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi

View file

@ -1,81 +0,0 @@
replicaCount: 1
image:
registry: docker.io
repository: woodpeckerci/woodpecker-server
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "next"
dind:
enabled: false
env:
WOODPECKER_OPEN: "false"
WOODPECKER_ADMIN: "Nold360"
WOODPECKER_HOST: https://ci.nold.in
WOODPECKER_GITHUB: "true"
#WOODPECKER_REPO_OWNERS: "nold360"
HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
NO_PROXY: localhost,.cluster.local,10.43.0.1
no_proxy: localhost,.cluster.local,10.43.0.1
extraSecretNamesForEnvFrom:
- github-oauth
- woodpecker-secret
persistentVolume:
enabled: true
size: 10Gi
mountPath: "/var/lib/woodpecker"
storageClass: "local-path"
podSecurityContext:
fsGroup: 2000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: true
ingressClassName: ingress-external
labels:
environment: external
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt
external-dns.alpha.kubernetes.io/hostname: ci.nold.in
external-dns.alpha.kubernetes.io/target: nold.in
hosts:
- host: ci.nold.in
paths:
- path: /
backend:
serviceName: server
servicePort: 80
tls:
- secretName: ci-nold-in-tls
hosts:
- ci.nold.in
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi

View file

@ -0,0 +1,148 @@
agent:
# -- Enable the agent component
enabled: true
# -- The number of replicas for the deployment
replicaCount: 2
image:
registry: docker.io
repository: woodpeckerci/woodpecker-agent
pullPolicy: Always
tag: 'next'
env:
# -- Add the environment variables for the agent component
WOODPECKER_SERVER: 'woodpecker-server:9000'
WOODPECKER_BACKEND: kubernetes
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: 'ssd'
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
WOODPECKER_BACKEND_K8S_POD_LABELS: ''
WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: ''
WOODPECKER_CONNECT_RETRY_COUNT: '1'
# -- Add extra secret that is contains environment variables
extraSecretNamesForEnvFrom:
- woodpecker-secret
persistence:
enabled: true
size: 1Gi
storageClass: 'ssd'
accessModes:
- ReadWriteOnce
# -- Add pod security context
podSecurityContext:
runAsUser: 1000
runAsGroup: 2000
fsGroup: 2000
# -- Add security context
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 2000
# -- Specifies the resources for the agent component
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 10m
memory: 10Mi
server:
enabled: true
statefulSet:
replicaCount: 1
updateStrategy:
type: RollingUpdate
image:
registry: docker.io
repository: woodpeckerci/woodpecker-server
pullPolicy: Always
tag: 'next'
# -- Add environment variables for the server component
env:
WOODPECKER_OPEN: "false"
WOODPECKER_ADMIN: "Nold360"
WOODPECKER_HOST: https://ci.nold.in
WOODPECKER_GITHUB: "true"
#WOODPECKER_REPO_OWNERS: "nold360"
HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
NO_PROXY: localhost,.cluster.local,10.43.0.1
no_proxy: localhost,.cluster.local,10.43.0.1
# -- Add extra environment variables from the secrets list
extraSecretNamesForEnvFrom:
- woodpecker-secret
- github-oauth
# -- Create a generic secret to store things in, e.g. env values
secrets:
- name: woodpecker-store
persistentVolume:
enabled: true
size: 10Gi
mountPath: '/var/lib/woodpecker'
storageClass: ''
podSecurityContext:
fsGroup: 2000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
ingress:
enabled: true
ingressClassName: ingress-external
labels:
environment: external
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt
external-dns.alpha.kubernetes.io/hostname: ci.nold.in
external-dns.alpha.kubernetes.io/target: nold.in
hosts:
- host: ci.nold.in
paths:
- path: /
backend:
serviceName: server
servicePort: 80
tls:
- secretName: ci-nold-in-tls
hosts:
- ci.nold.in
# -- Specifies the ressources for the server component
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi