From f39d2e46bd2186fd4a76e948b1368887a38a9c8c Mon Sep 17 00:00:00 2001 From: nold Date: Tue, 13 Dec 2022 22:01:06 +0100 Subject: [PATCH] allow(gitea): argocd webhook --- projects/gitea/project.yml | 2 ++ projects/gitea/values/gitea.yaml | 34 +++++++++++++++++--------------- resources/networkpolicy.yml | 15 ++++++++++++++ 3 files changed, 35 insertions(+), 16 deletions(-) diff --git a/projects/gitea/project.yml b/projects/gitea/project.yml index 8fea52a0..442799ac 100644 --- a/projects/gitea/project.yml +++ b/projects/gitea/project.yml @@ -5,6 +5,8 @@ config: - internet rules: - allow-ssh + - allow-argocd + - allow-minio labels: environment: external diff --git a/projects/gitea/values/gitea.yaml b/projects/gitea/values/gitea.yaml index 576a6a54..341f11fc 100644 --- a/projects/gitea/values/gitea.yaml +++ b/projects/gitea/values/gitea.yaml @@ -4,22 +4,20 @@ image: tag: 1.18-dev rootless: true -statefulset: - env: - - name: HTTP_PROXY - value: http://proxy-squid.proxy.svc.cluster.local:3128 - - name: HTTPS_PROXY - value: http://proxy-squid.proxy.svc.cluster.local:3128 - - name: http_proxy - value: http://proxy-squid.proxy.svc.cluster.local:3128 - - name: https_proxy - value: http://proxy-squid.proxy.svc.cluster.local:3128 - - name: NO_PROXY - value: argocd-server.argocd.svc.cluster.local, 10.43.0.0/16 - - name: no_proxy - value: argocd-server.argocd.svc.cluster.local, 10.43.0.0/16 -# - name: GITEA_APP_INI -# value: conf/app.ini +#statefulset: + #env: + # - name: HTTP_PROXY + # value: http://proxy-squid.proxy.svc.cluster.local:3128 + # - name: HTTPS_PROXY + # value: http://proxy-squid.proxy.svc.cluster.local:3128 + # - name: http_proxy + # value: http://proxy-squid.proxy.svc.cluster.local:3128 + # - name: https_proxy + # value: http://proxy-squid.proxy.svc.cluster.local:3128 + # - name: NO_PROXY + # value: argocd-server.argocd.svc.cluster.local,10.43.0.0/16 + # - name: no_proxy + # value: argocd-server.argocd.svc.cluster.local,10.43.0.0/16 securityContext: allowPrivilegeEscalation: false @@ -130,6 +128,10 @@ gitea: ENABLE_SWAGGER: false oauth: ENABLE: false + proxy: + PROXY_ENABLED: true + PROXY_URL: "http://proxy-squid.proxy.svc.cluster.local:3128" + PROXY_HOSTS: "github.com" additionalConfigFromEnvs: - name: ENV_TO_INI__DATABASE__PASSWD diff --git a/resources/networkpolicy.yml b/resources/networkpolicy.yml index 614429e5..f0ba5b27 100644 --- a/resources/networkpolicy.yml +++ b/resources/networkpolicy.yml @@ -152,3 +152,18 @@ networkPolicy: - namespaceSelector: matchLabels: environment: external + + allow-argocd: + podSelector: {} + policyTypes: + - Egress + egress: + - ports: + - port: 80 + protocol: TCP + - port: 8080 + protocol: TCP + to: + - namespaceSelector: + matchLabels: + app.heqet.gnu.one/project: argocd