diff --git a/projects/woodpecker/project.yml b/projects/woodpecker/project.yml index d40e9313..bbd57875 100644 --- a/projects/woodpecker/project.yml +++ b/projects/woodpecker/project.yml @@ -6,14 +6,16 @@ config: networkPolicy: groups: - internet + rules: + - allow-agent labels: environment: external apps: - - name: woodpecker - path: charts/woodpecker + - name: woodpecker-server + path: charts/woodpecker/charts/server secrets: - name: github-oauth keys: @@ -22,3 +24,15 @@ apps: - name: woodpecker-secret keys: - WOODPECKER_AGENT_SECRET + + - name: woodpecker-agent + path: charts/woodpecker/charts/agent + namespace: woodpecker-agent + networkPolicy: + rules: + - allow-agent + secrets: + - name: woodpecker-secret + fromApp: woodpecker-server + keys: + - WOODPECKER_AGENT_SECRET diff --git a/projects/woodpecker/values/woodpecker-agent.yml b/projects/woodpecker/values/woodpecker-agent.yml new file mode 100644 index 00000000..7be2ce89 --- /dev/null +++ b/projects/woodpecker/values/woodpecker-agent.yml @@ -0,0 +1,56 @@ +# -- The number of replicas for the deployment +replicaCount: 2 + +image: + registry: docker.io + repository: woodpeckerci/woodpecker-agent + pullPolicy: Always + tag: 'next' + +env: + # -- Add the environment variables for the agent component + WOODPECKER_SERVER: 'woodpecker-server.woodpecker.svc.cluster.local:9000' + WOODPECKER_BACKEND: kubernetes + WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-agent + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: 'ssd' + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G + WOODPECKER_BACKEND_K8S_STORAGE_RWX: false + WOODPECKER_BACKEND_K8S_POD_LABELS: '' + WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: '' + WOODPECKER_CONNECT_RETRY_COUNT: '1' + +# -- Add extra secret that is contains environment variables +extraSecretNamesForEnvFrom: + - woodpecker-secret + +persistence: + enabled: true + size: 1Gi + storageClass: 'ssd' + accessModes: + - ReadWriteOnce + +# -- Add pod security context +podSecurityContext: + runAsUser: 1000 + runAsGroup: 2000 + fsGroup: 2000 + +# -- Add security context +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 2000 + +# -- Specifies the resources for the agent component +resources: + limits: + cpu: 2000m + memory: 1024Mi + requests: + cpu: 10m + memory: 10Mi diff --git a/projects/woodpecker/values/woodpecker-server.yml b/projects/woodpecker/values/woodpecker-server.yml new file mode 100644 index 00000000..7dc0ee45 --- /dev/null +++ b/projects/woodpecker/values/woodpecker-server.yml @@ -0,0 +1,84 @@ +statefulSet: + replicaCount: 1 + +updateStrategy: + type: RollingUpdate + +image: + registry: docker.io + repository: woodpeckerci/woodpecker-server + pullPolicy: Always + tag: 'next' + +# -- Add environment variables for the server component +env: + WOODPECKER_OPEN: "false" + WOODPECKER_ADMIN: "Nold360" + WOODPECKER_HOST: https://ci.nold.in + WOODPECKER_GITHUB: "true" + #WOODPECKER_REPO_OWNERS: "nold360" + + HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128 + HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128 + http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128 + https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128 + NO_PROXY: localhost,.cluster.local,10.43.0.1 + no_proxy: localhost,.cluster.local,10.43.0.1 + + +# -- Add extra environment variables from the secrets list +extraSecretNamesForEnvFrom: + - woodpecker-secret + - github-oauth + +# -- Create a generic secret to store things in, e.g. env values +secrets: + - name: woodpecker-store + +persistentVolume: + enabled: true + size: 10Gi + mountPath: '/var/lib/woodpecker' + storageClass: '' + +podSecurityContext: + fsGroup: 2000 + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + +ingress: + enabled: true + ingressClassName: ingress-external + labels: + environment: external + annotations: + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: letsencrypt + external-dns.alpha.kubernetes.io/hostname: ci.nold.in + external-dns.alpha.kubernetes.io/target: nold.in + hosts: + - host: ci.nold.in + paths: + - path: / + backend: + serviceName: server + servicePort: 80 + tls: + - secretName: ci-nold-in-tls + hosts: + - ci.nold.in + +# -- Specifies the ressources for the server component +resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi diff --git a/projects/woodpecker/values/woodpecker.yml b/projects/woodpecker/values/woodpecker.yml deleted file mode 100644 index bbde5ec4..00000000 --- a/projects/woodpecker/values/woodpecker.yml +++ /dev/null @@ -1,148 +0,0 @@ -agent: - # -- Enable the agent component - enabled: true - - # -- The number of replicas for the deployment - replicaCount: 2 - - image: - registry: docker.io - repository: woodpeckerci/woodpecker-agent - pullPolicy: Always - tag: 'next' - - env: - # -- Add the environment variables for the agent component - WOODPECKER_SERVER: 'woodpecker-server:9000' - WOODPECKER_BACKEND: kubernetes - WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: 'ssd' - WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G - WOODPECKER_BACKEND_K8S_STORAGE_RWX: false - WOODPECKER_BACKEND_K8S_POD_LABELS: '' - WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: '' - WOODPECKER_CONNECT_RETRY_COUNT: '1' - - # -- Add extra secret that is contains environment variables - extraSecretNamesForEnvFrom: - - woodpecker-secret - - persistence: - enabled: true - size: 1Gi - storageClass: 'ssd' - accessModes: - - ReadWriteOnce - - # -- Add pod security context - podSecurityContext: - runAsUser: 1000 - runAsGroup: 2000 - fsGroup: 2000 - - # -- Add security context - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 2000 - - # -- Specifies the resources for the agent component - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 10m - memory: 10Mi - -server: - enabled: true - - statefulSet: - replicaCount: 1 - - updateStrategy: - type: RollingUpdate - - image: - registry: docker.io - repository: woodpeckerci/woodpecker-server - pullPolicy: Always - tag: 'next' - - # -- Add environment variables for the server component - env: - WOODPECKER_OPEN: "false" - WOODPECKER_ADMIN: "Nold360" - WOODPECKER_HOST: https://ci.nold.in - WOODPECKER_GITHUB: "true" - #WOODPECKER_REPO_OWNERS: "nold360" - - HTTP_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128 - HTTPS_PROXY: http://proxy-squid.proxy.svc.cluster.local:3128 - http_proxy: http://proxy-squid.proxy.svc.cluster.local:3128 - https_proxy: http://proxy-squid.proxy.svc.cluster.local:3128 - NO_PROXY: localhost,.cluster.local,10.43.0.1 - no_proxy: localhost,.cluster.local,10.43.0.1 - - - # -- Add extra environment variables from the secrets list - extraSecretNamesForEnvFrom: - - woodpecker-secret - - github-oauth - - # -- Create a generic secret to store things in, e.g. env values - secrets: - - name: woodpecker-store - - persistentVolume: - enabled: true - size: 10Gi - mountPath: '/var/lib/woodpecker' - storageClass: '' - - podSecurityContext: - fsGroup: 2000 - - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - - ingress: - enabled: true - ingressClassName: ingress-external - labels: - environment: external - annotations: - kubernetes.io/tls-acme: "true" - cert-manager.io/cluster-issuer: letsencrypt - external-dns.alpha.kubernetes.io/hostname: ci.nold.in - external-dns.alpha.kubernetes.io/target: nold.in - hosts: - - host: ci.nold.in - paths: - - path: / - backend: - serviceName: server - servicePort: 80 - tls: - - secretName: ci-nold-in-tls - hosts: - - ci.nold.in - - # -- Specifies the ressources for the server component - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi