allow(gitea): argocd webhook

2024-11-15 18:19:34 +00:00 · 2022-12-13 22:01:06 +01:00 · 2022-12-13 22:01:06 +01:00 · f39d2e46bd
commit f39d2e46bd
parent 78cf0be942
3 changed files with 35 additions and 16 deletions
--- a/projects/gitea/project.yml
+++ b/projects/gitea/project.yml
@ -5,6 +5,8 @@ config:
    - internet
    rules:
    - allow-ssh
+    - allow-argocd
+    - allow-minio

  labels:
    environment: external
--- a/projects/gitea/values/gitea.yaml
+++ b/projects/gitea/values/gitea.yaml
@ -4,22 +4,20 @@ image:
  tag: 1.18-dev
  rootless: true

-statefulset:
-  env:
-    - name: HTTP_PROXY
-      value: http://proxy-squid.proxy.svc.cluster.local:3128
-    - name: HTTPS_PROXY
-      value: http://proxy-squid.proxy.svc.cluster.local:3128
-    - name: http_proxy
-      value: http://proxy-squid.proxy.svc.cluster.local:3128
-    - name: https_proxy
-      value: http://proxy-squid.proxy.svc.cluster.local:3128
-    - name: NO_PROXY
-      value: argocd-server.argocd.svc.cluster.local, 10.43.0.0/16
-    - name: no_proxy
-      value: argocd-server.argocd.svc.cluster.local, 10.43.0.0/16
-#    - name: GITEA_APP_INI
-#      value: conf/app.ini
+#statefulset:
+  #env:
+  #  - name: HTTP_PROXY
+  #    value: http://proxy-squid.proxy.svc.cluster.local:3128
+  #  - name: HTTPS_PROXY
+  #    value: http://proxy-squid.proxy.svc.cluster.local:3128
+  #  - name: http_proxy
+  #    value: http://proxy-squid.proxy.svc.cluster.local:3128
+  #  - name: https_proxy
+  #    value: http://proxy-squid.proxy.svc.cluster.local:3128
+  #  - name: NO_PROXY
+  #    value: argocd-server.argocd.svc.cluster.local,10.43.0.0/16
+  #  - name: no_proxy
+  #    value: argocd-server.argocd.svc.cluster.local,10.43.0.0/16

 securityContext:
  allowPrivilegeEscalation: false
@ -130,6 +128,10 @@ gitea:
      ENABLE_SWAGGER: false
    oauth:
      ENABLE: false
+    proxy:
+      PROXY_ENABLED: true
+      PROXY_URL: "http://proxy-squid.proxy.svc.cluster.local:3128"
+      PROXY_HOSTS: "github.com"

  additionalConfigFromEnvs:
    - name: ENV_TO_INI__DATABASE__PASSWD
--- a/resources/networkpolicy.yml
+++ b/resources/networkpolicy.yml
@ -152,3 +152,18 @@ networkPolicy:
        - namespaceSelector:
            matchLabels:
              environment: external
+
+    allow-argocd:
+      podSelector: {}
+      policyTypes:
+      - Egress
+      egress:
+      - ports:
+        - port: 80
+          protocol: TCP
+        - port: 8080
+          protocol: TCP
+        to:
+        - namespaceSelector:
+            matchLabels:
+              app.heqet.gnu.one/project: argocd