fix: woodpecker

Nold360 · Jul 24, 2024 · 6acb0d9 · 6acb0d9
1 parent de5e530
commit 6acb0d9
Show file tree

Hide file tree

Showing 4 changed files with 156 additions and 150 deletions.
diff --git a/projects/woodpecker/project.yml b/projects/woodpecker/project.yml
@@ -6,14 +6,16 @@ config:
   networkPolicy:
     groups:
     - internet
+    rules:
+    - allow-agent
 
   labels:
     environment: external
 
 
 apps:
-  - name: woodpecker
-    path: charts/woodpecker
+  - name: woodpecker-server
+    path: charts/woodpecker/charts/server
     secrets:
       - name: github-oauth
         keys:
@@ -22,3 +24,15 @@ apps:
       - name: woodpecker-secret
         keys:
           - WOODPECKER_AGENT_SECRET
+
+  - name: woodpecker-agent
+    path: charts/woodpecker/charts/agent
+    namespace: woodpecker-agent
+    networkPolicy:
+      rules:
+      - allow-agent
+    secrets:
+      - name: woodpecker-secret
+        fromApp: woodpecker-server
+        keys:
+          - WOODPECKER_AGENT_SECRET
diff --git a/projects/woodpecker/values/woodpecker-agent.yml b/projects/woodpecker/values/woodpecker-agent.yml
@@ -0,0 +1,56 @@
+# -- The number of replicas for the deployment
+replicaCount: 2
+
+image:
+  registry: docker.io
+  repository: woodpeckerci/woodpecker-agent
+  pullPolicy: Always
+  tag: 'next'
+
+env:
+  # -- Add the environment variables for the agent component
+  WOODPECKER_SERVER: 'woodpecker-server.woodpecker.svc.cluster.local:9000'
+  WOODPECKER_BACKEND: kubernetes
+  WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-agent
+  WOODPECKER_BACKEND_K8S_STORAGE_CLASS: 'ssd'
+  WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
+  WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
+  WOODPECKER_BACKEND_K8S_POD_LABELS: ''
+  WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: ''
+  WOODPECKER_CONNECT_RETRY_COUNT: '1'
+
+# -- Add extra secret that is contains environment variables
+extraSecretNamesForEnvFrom:
+  - woodpecker-secret
+
+persistence:
+  enabled: true
+  size: 1Gi
+  storageClass: 'ssd'
+  accessModes:
+    - ReadWriteOnce
+
+# -- Add pod security context
+podSecurityContext:
+  runAsUser: 1000
+  runAsGroup: 2000
+  fsGroup: 2000
+
+# -- Add security context
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 2000
+
+# -- Specifies the resources for the agent component
+resources:
+  limits:
+    cpu: 2000m
+    memory: 1024Mi
+  requests:
+    cpu: 10m
+    memory: 10Mi
diff --git a/projects/woodpecker/values/woodpecker-server.yml b/projects/woodpecker/values/woodpecker-server.yml
@@ -0,0 +1,84 @@
+statefulSet:
+  replicaCount: 1
+
+updateStrategy:
+  type: RollingUpdate
+
+image:
+  registry: docker.io
+  repository: woodpeckerci/woodpecker-server
+  pullPolicy: Always
+  tag: 'next'
+
+# -- Add environment variables for the server component
+env:
+  WOODPECKER_OPEN: "false"
+  WOODPECKER_ADMIN: "Nold360"
+  WOODPECKER_HOST: https://ci.nold.in
+  WOODPECKER_GITHUB: "true"
+  #WOODPECKER_REPO_OWNERS: "nold360"
+
+  HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
+  HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128
+  http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
+  https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128
+  NO_PROXY: localhost,.cluster.local,10.43.0.1
+  no_proxy: localhost,.cluster.local,10.43.0.1
+
+
+# -- Add extra environment variables from the secrets list
+extraSecretNamesForEnvFrom:
+  - woodpecker-secret
+  - github-oauth
+
+# -- Create a generic secret to store things in, e.g. env values
+secrets:
+  - name: woodpecker-store
+
+persistentVolume:
+  enabled: true
+  size: 10Gi
+  mountPath: '/var/lib/woodpecker'
+  storageClass: ''
+
+podSecurityContext:
+  fsGroup: 2000
+
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
+ingress:
+  enabled: true
+  ingressClassName: ingress-external
+  labels:
+    environment: external
+  annotations:
+    kubernetes.io/tls-acme: "true"
+    cert-manager.io/cluster-issuer: letsencrypt
+    external-dns.alpha.kubernetes.io/hostname: ci.nold.in
+    external-dns.alpha.kubernetes.io/target: nold.in
+  hosts:
+    - host: ci.nold.in
+      paths:
+      - path: /
+        backend:
+          serviceName: server
+          servicePort: 80
+  tls:
+    - secretName: ci-nold-in-tls
+      hosts:
+        - ci.nold.in
+
+# -- Specifies the ressources for the server component
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
diff --git a/projects/woodpecker/values/woodpecker.yml b/projects/woodpecker/values/woodpecker.yml