vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding wookpecker

Browse Source
This commit is contained in:
Sébastien Huss
2023-07-30 15:16:07 +02:00
parent ce44270786
commit 0f96a47aed
15 changed files with 699 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
apps/woodpecker/apps_v1_Deployment_woodpecker-agent.yaml Normal file
View File

@@ -0,0 +1,60 @@
# Source: agent/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: woodpecker-agent
labels:
helm.sh/chart: agent-0.1.5
app.kubernetes.io/name: agent
app.kubernetes.io/instance: woodpecker-agent
app.kubernetes.io/version: "v0.15.9"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: agent
app.kubernetes.io/instance: woodpecker-agent
template:
metadata:
labels:
app.kubernetes.io/name: agent
app.kubernetes.io/instance: woodpecker-agent
spec:
serviceAccountName: woodpecker-agent
securityContext:
{}
containers:
- name: agent
securityContext:
{}
image: "woodpeckerci/woodpecker-agent:v0.15.9"
imagePullPolicy: Always
ports:
- name: http
containerPort: 3000
protocol: TCP
resources:
{}
env:
- name: WOODPECKER_BACKEND
value: "kubernetes"
- name: WOODPECKER_BACKEND_K8S_NAMESPACE
value: "woodpecker"
- name: WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS
value: ""
- name: WOODPECKER_BACKEND_K8S_POD_LABELS
value: ""
- name: WOODPECKER_BACKEND_K8S_STORAGE_CLASS
value: ""
- name: WOODPECKER_BACKEND_K8S_STORAGE_RWX
value: "true"
- name: WOODPECKER_BACKEND_K8S_VOLUME_SIZE
value: "10G"
- name: WOODPECKER_CONNECT_RETRY_COUNT
value: "1"
- name: WOODPECKER_SERVER
value: "woodpecker-server.<namespace>.svc.cluster.local:9000"
envFrom:
- secretRef:
name: woodpecker-secret

76
apps/woodpecker/apps_v1_StatefulSet_woodpecker-server.yaml Normal file
View File

@@ -0,0 +1,76 @@
# Source: server/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: woodpecker-server
labels:
helm.sh/chart: server-0.1.5
app.kubernetes.io/name: server
app.kubernetes.io/instance: woodpecker-server
app.kubernetes.io/version: "v0.15.9"
app.kubernetes.io/managed-by: Helm
spec:
serviceName: woodpecker-server-headless
revisionHistoryLimit: 5
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: server
app.kubernetes.io/instance: woodpecker-server
template:
metadata:
annotations:
prometheus.io/scrape: "true"
labels:
app.kubernetes.io/name: server
app.kubernetes.io/instance: woodpecker-server
spec:
serviceAccountName: woodpecker-server
securityContext:
{}
containers:
- name: server
securityContext:
{}
image: "docker.io/woodpeckerci/woodpecker-server:v0.15.9"
imagePullPolicy: Always
ports:
- name: http
containerPort: 8000
protocol: TCP
- name: grpc
containerPort: 9000
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: 8000
readinessProbe:
httpGet:
path: /healthz
port: 8000
resources:
{}
volumeMounts:
- name: data
mountPath: /var/lib/woodpecker
env:
- name: WOODPECKER_ADMIN
value: "woodpecker,admin"
- name: WOODPECKER_GITEA
value: "true"
- name: WOODPECKER_HOST
value: "https://xxxxxxx"
envFrom:
- secretRef:
name: woodpecker-secret
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi

17
apps/woodpecker/config_server.tf Normal file
View File

@@ -0,0 +1,17 @@
resource "kubectl_manifest" "server_config" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: "${var.instance}-${var.component}-server"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data:
WOODPECKER_WEBHOOK_HOST: "http://woodpecker-server.${var.namespace}.svc"
WOODPECKER_METRICS_SERVER_ADDR: ":9001"
WOODPECKER_OPEN: "true"
WOODPECKER_DEFAULT_CLONE_IMAGE: "${var.images.git.registry}/${var.images.git.repository}:${var.images.git.tag}"
WOODPECKER_DEFAULT_PIPELINE_TIMEOUT: "60"
WOODPECKER_MAX_PIPELINE_TIMEOUT: "120"
EOF
}

143
apps/woodpecker/datas.tf Normal file
View File

@@ -0,0 +1,143 @@
locals {
dns-name = "${var.sub-domain}.${var.domain-name}"
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}
data "kustomization_overlay" "data" {
namespace = var.namespace
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
patches {
target {
kind = "Deployment"
name = "woodpecker-agent"
}
patch = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: woodpecker-agent
labels:
app.kubernetes.io/component: agent
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/component: agent
template:
metadata:
labels:
app.kubernetes.io/component: agent
spec:
serviceAccountName: woodpecker-agent
containers:
- name: agent
image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}"
imagePullPolicy: "${var.images.nextcloud.pullPolicy}"
env:
- name: WOODPECKER_BACKEND_K8S_NAMESPACE
value: "${var.namespace}"
- name: WOODPECKER_BACKEND_K8S_STORAGE_CLASS
value: "${var.storage-agent.storageClass}"
- name: WOODPECKER_BACKEND_K8S_STORAGE_RWX
value: "${var.storage-agent.writeMany}"
- name: WOODPECKER_BACKEND_K8S_VOLUME_SIZE
value: "${var.storage-agent.size}"
- name: WOODPECKER_SERVER
value: "woodpecker-server.${var.namespace}.svc:9000"
EOF
}
patches {
target {
kind = "Service"
name = "woodpecker-server"
}
patch = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: woodpecker-server
labels:
app.kubernetes.io/component: server
spec:
selector:
app.kubernetes.io/name: ${var.component}
app.kubernetes.io/instance: ${var.instance}
app.kubernetes.io/component: server
EOF
}
patches {
target {
kind = "Service"
name = "woodpecker-server-headless"
}
patch = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: woodpecker-server-headless
labels:
app.kubernetes.io/component: server
spec:
selector:
app.kubernetes.io/name: ${var.component}
app.kubernetes.io/instance: ${var.instance}
app.kubernetes.io/component: server
EOF
}
patches {
target {
kind = "StatefulSet"
name = "woodpecker-server"
}
patch = <<-EOF
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: woodpecker-server
labels:
app.kubernetes.io/component: server
spec:
selector:
matchLabels:
app.kubernetes.io/name: ${var.component}
app.kubernetes.io/instance: ${var.instance}
app.kubernetes.io/component: server
template:
metadata:
labels:
app.kubernetes.io/name: ${var.component}
app.kubernetes.io/instance: ${var.instance}
app.kubernetes.io/component: server
spec:
containers:
- name: server
image: "${var.images.server.registry}/${var.images.server.repository}:${var.images.server.tag}"
imagePullPolicy: "${var.images.server.pullPolicy}"
env:
- name: WOODPECKER_HOST
value: "https://${var.sub-domain}.${var.domain-name}"
envFrom:
- secretRef:
name: "${var.component}-${var.instance}-gitea"
- configMapKeyRef:
name: "${var.instance}-${var.component}-server"
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "${var.storage-server.accessMode}" ]
resources:
requests:
storage: ${var.storage-server.size}
EOF
}
}

47
apps/woodpecker/gitea_token.tf Normal file
View File

@@ -0,0 +1,47 @@
terraform {
required_providers {
gitea = {
source = "Lerentis/gitea"
version = "0.16.0"
}
}
}
data "kubernetes_secret_v1" "gitea" {
metadata {
name = "gitea-admin-user"
namespace = "${var.domain}-ci"
}
}
data "kubernetes_ingress_v1" "gitea" {
metadata {
name = "gitea"
namespace = "${var.domain}-ci"
}
}
provider "gitea" {
base_url = "http://gitea-http.${var.domain}-ci.svc"
username = data.kubernetes_secret_v1.gitea.data["username"]
password = data.kubernetes_secret_v1.gitea.data["password"]
}
resource "gitea_oauth2_app" "prj" {
name = var.component
redirect_uris = [
"https://${var.sub-domain}.${var.domain-name}/authorize"
]
}
resource "kubernetes_secret_v1" "oauth2-client-gitea" {
metadata {
name = "${var.component}-${var.instance}-gitea"
namespace = var.namespace
}
data = {
"WOODPECKER_GITEA_URL" = "https://${data.kubernetes_ingress_v1.gitea.spec[0].rule[0].host}"
"WOODPECKER_GITEA_CLIENT" = gitea_oauth2_app.prj.client_id
"WOODPECKER_GITEA_SECRET" = gitea_oauth2_app.prj.client_secret
}
}

178
apps/woodpecker/index.yaml Normal file
View File

@@ -0,0 +1,178 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: apps
metadata:
name: woodpecker
description: null
options:
domain:
default: your-company
examples:
- your-company
type: string
images:
default:
agent:
pullPolicy: IfNotPresent
registry: docker.io
repository: woodpeckerci/woodpecker-agent
tag: v1.0.0-alpine
git:
registry: docker.io
repository: wowoodpeckerci/plugin-git
tag: 2.1.0
server:
pullPolicy: IfNotPresent
registry: docker.io
repository: woodpeckerci/woodpecker-server
tag: v1.0.0-alpine
examples:
- agent:
pullPolicy: IfNotPresent
registry: docker.io
repository: woodpeckerci/woodpecker-agent
tag: v1.0.0-alpine
git:
registry: docker.io
repository: wowoodpeckerci/plugin-git
tag: 2.1.0
server:
pullPolicy: IfNotPresent
registry: docker.io
repository: woodpeckerci/woodpecker-server
tag: v1.0.0-alpine
properties:
agent:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: woodpeckerci/woodpecker-agent
tag: v1.0.0-alpine
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: woodpeckerci/woodpecker-agent
type: string
tag:
default: v1.0.0-alpine
type: string
type: object
git:
default:
registry: docker.io
repository: wowoodpeckerci/plugin-git
tag: 2.1.0
properties:
registry:
default: docker.io
type: string
repository:
default: wowoodpeckerci/plugin-git
type: string
tag:
default: 2.1.0
type: string
type: object
server:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: woodpeckerci/woodpecker-server
tag: v1.0.0-alpine
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: woodpeckerci/woodpecker-server
type: string
tag:
default: v1.0.0-alpine
type: string
type: object
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
sub-domain:
default: ci
examples:
- ci
type: string
storage-agent:
default:
size: 10Gi
storageClass: ''
writeMany: 'false'
examples:
- size: 10Gi
storageClass: ''
writeMany: 'false'
properties:
size:
default: 10Gi
type: string
storageClass:
default: ''
type: string
writeMany:
default: 'false'
type: string
type: object
storage-server:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
dependencies: []
providers:
kubernetes: true
authentik: true
kubectl: null
postgresql: null
restapi: null
http: null
tfaddtype: null

19
apps/woodpecker/rbac.authorization.k8s.io_v1_RoleBinding_woodpecker-agent.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Source: agent/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: woodpecker-agent
labels:
helm.sh/chart: agent-0.1.5
app.kubernetes.io/name: agent
app.kubernetes.io/instance: woodpecker-agent
app.kubernetes.io/version: "v0.15.9"
app.kubernetes.io/managed-by: Helm
subjects:
- kind: ServiceAccount
name: woodpecker-agent
namespace: vynil-ci
roleRef:
kind: Role
name: woodpecker-agent
apiGroup: rbac.authorization.k8s.io

23
apps/woodpecker/rbac.authorization.k8s.io_v1_Role_woodpecker-agent.yaml Normal file
View File

@@ -0,0 +1,23 @@
# Source: agent/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: woodpecker-agent
labels:
helm.sh/chart: agent-0.1.5
app.kubernetes.io/name: agent
app.kubernetes.io/instance: woodpecker-agent
app.kubernetes.io/version: "v0.15.9"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: [''] # '' indicates core apiGroup (don't remove)
resources: ['persistentvolumeclaims']
verbs: ['create','delete']
- apiGroups: ['']
resources: ['services']
verbs: ['create','delete']
- apiGroups: ['']
resources:
- pods
- pods/log
verbs: ['watch','create','delete','get','list']

17
apps/woodpecker/secret.tf Normal file
View File

@@ -0,0 +1,17 @@
resource "kubectl_manifest" "prj_secret" {
ignore_fields = ["metadata.annotations"]
yaml_body = <<-EOF
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: "StringSecret"
metadata:
name: "${var.component}-secret"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
forceRegenerate: false
fields:
- fieldName: "WOODPECKER_AGENT_SECRET"
length: "32"
EOF
}

12
apps/woodpecker/v1_ServiceAccount_woodpecker-agent.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
# Source: agent/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: woodpecker-agent
labels:
helm.sh/chart: agent-0.1.5
app.kubernetes.io/name: agent
app.kubernetes.io/instance: woodpecker-agent
app.kubernetes.io/version: "v0.15.9"
app.kubernetes.io/managed-by: Helm

12
apps/woodpecker/v1_ServiceAccount_woodpecker-server.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
# Source: server/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: woodpecker-server
labels:
helm.sh/chart: server-0.1.5
app.kubernetes.io/name: server
app.kubernetes.io/instance: woodpecker-server
app.kubernetes.io/version: "v0.15.9"
app.kubernetes.io/managed-by: Helm

25
apps/woodpecker/v1_Service_woodpecker-server-headless.yaml Normal file
View File

@@ -0,0 +1,25 @@
# Source: server/templates/service-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: woodpecker-server-headless
labels:
helm.sh/chart: server-0.1.5
app.kubernetes.io/name: server
app.kubernetes.io/instance: woodpecker-server
app.kubernetes.io/version: "v0.15.9"
app.kubernetes.io/managed-by: Helm
spec:
clusterIP: None
ports:
- protocol: TCP
name: http
port: 80
targetPort: 8000
- protocol: TCP
name: grpc
port: 9000
targetPort: 9000
selector:
app.kubernetes.io/name: server
app.kubernetes.io/instance: woodpecker-server

25
apps/woodpecker/v1_Service_woodpecker-server.yaml Normal file
View File

@@ -0,0 +1,25 @@
# Source: server/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: woodpecker-server
labels:
helm.sh/chart: server-0.1.5
app.kubernetes.io/name: server
app.kubernetes.io/instance: woodpecker-server
app.kubernetes.io/version: "v0.15.9"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- protocol: TCP
name: http
port: 80
targetPort: 8000
- protocol: TCP
name: grpc
port: 9000
targetPort: 9000
selector:
app.kubernetes.io/name: server
app.kubernetes.io/instance: woodpecker-server

19
meta/domain-ci/apps.tf
View File

@@ -13,6 +13,7 @@ locals {
"ingress-class" = var.ingress-class
}
gitea = { for k, v in var.gitea : k => v if k!="enable" }
woodpecker = { for k, v in var.woodpecker : k => v if k!="enable" }
}
resource "kubernetes_namespace_v1" "ci-ns" {
@@ -41,3 +42,21 @@ resource "kubectl_manifest" "gitea" {
options: ${jsonencode(merge(local.global, local.gitea))}
EOF
}
resource "kubectl_manifest" "woodpecker" {
count = var.woodpecker.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.ci-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "woodpecker"
namespace: "${var.namespace}-ci"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
component: "woodpecker"
options: ${jsonencode(merge(local.global, local.woodpecker))}
EOF
}

41
meta/domain-ci/index.yaml
View File

@@ -6,6 +6,31 @@ metadata:
name: domain-ci
description: null
options:
woodpecker:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
domain:
default: your-company
examples:
- your-company
type: string
gitea:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
domain-name:
default: your_company.com
examples:
@@ -16,11 +41,6 @@ options:
examples:
- letsencrypt-prod
type: string
domain:
default: your-company
examples:
- your-company
type: string
ingress-class:
default: traefik
examples:
@@ -41,16 +61,6 @@ options:
default: domain
type: string
type: object
gitea:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
dependencies: []
providers:
kubernetes: true
@@ -59,3 +69,4 @@ providers:
postgresql: null
restapi: null
http: null
tfaddtype: null