wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix(mycloud-git-small): add mycloud-git-small alpha (with forgejo and woodpecker)

Browse source
This commit is contained in:
WrenIX 2025-01-08 21:21:20 +01:00
parent ee51d3677e
commit d3e75b3e96
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
18 changed files with 831 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
base-values/commons.yaml
View file

@ -48,8 +48,6 @@ commons:
to:
dns: []
k8sAPI: []
smtp: []
matrix: []
grafana:
datasource:

14
base-values/mycloud-core.yaml
View file

@ -27,6 +27,20 @@ commons:
annotations:
grafana.mon.local/dashboard-folder: "myCloud"
networkpolicies:
to:
smtp: []
matrix: []
database:
- ports:
- port: 5432
protocol: "TCP"
to:
- podSelector:
matchLabels:
app.kubernetes.io/instance: mycloud-services-postgresql
app.kubernetes.io/name: postgresql
redis:
replicas: 0

19
base-values/mycloud-git-small.yaml Normal file
View file

@ -0,0 +1,19 @@
##
# commons are from mycloud-core
##
components:
mycloud-services:
# patch mycloud-core to get another database
values:
databases:
git-forgejo:
type: postgresql
git-woodpecker:
type: postgresql
mycloud-git-small:
enabled: true
namespace:
# current namespace
name:

23
mycloud-git-small/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
mycloud-git-small/Chart.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v2
name: mycloud-git-small
description: myCloud component to setup forgjo and codeberg
type: application
maintainers:
- name: WrenIX
url: https://wrenix.eu
version: 0.0.1

130
mycloud-git-small/README.md Normal file
View file

@ -0,0 +1,130 @@
---
title: "mycloud-git-small"
description: "myCloud component to setup forgjo and codeberg"
---
# mycloud-git-small
![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
myCloud component to setup forgjo and codeberg
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| WrenIX | | <https://wrenix.eu> |
## Values
### Commons
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commons.auth.host | string | `nil` | default auth.(.Values.commons.ingress.domain) |
| commons.masterPassword | string | `"CHANGEME"` | masterPassword to generate secrets |
### Commons Monitoring
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commons.grafana.dashboards.annotations | string | `nil` | annotations of grafana dashboard configmap |
| commons.grafana.dashboards.labels | object | `{"grafana_dashboard":"1"}` | labels of grafana dashboard configmap |
| commons.prometheus.monitor.labels | object | `{}` | labels on Pod- and Service-Monitor |
| commons.prometheus.rules.labels | object | `{}` | labels on PrometheusRules |
### Commons helm release
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commons.helm.release.driftDetection | object | `{}` | driftDetection of FluxCD HelmRelease |
| commons.helm.release.install | object | `{}` | install of FluxCD HelmRelease |
| commons.helm.release.test | object | `{}` | test of FluxCD HelmRelease |
| commons.helm.release.upgrade | object | `{}` | upgrade of FluxCD HelmRelease |
### Commons Ingress
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commons.ingress.annotations | object | `{"cert-manager.io/cluster-issuer":"letsencrypt-prod"}` | annotations for all ingress objects |
| commons.ingress.domain | string | `"wrenix.eu"` | top domain for all services |
| commons.ingress.tls.enabled | bool | `true` | tls on every ingress |
| commons.ingress.tls.override | list | `[]` | use own definition of tls (e.g. for own or wildcard certificate) |
### Commons mail
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commons.mail.from | string | `nil` | send from address |
| commons.mail.host | string | `""` | smtp server |
| commons.mail.password | string | `""` | smtp password |
| commons.mail.use_ssl | bool | `false` | smtp server use ssl |
| commons.mail.use_tls | bool | `false` | smtp server use start tls |
| commons.mail.username | string | `""` | smtp username |
### Commons Persistence
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commons.persistence.hostPath.enabled | bool | `false` | use hostPath instatt of PVC |
| commons.persistence.hostPath.prefix | string | `"/var/lib/mycloud"` | use hostPath under the following path |
| commons.persistence.storageClass | string | `nil` | storageClass of PVC |
### Commons theme
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commons.theme.favicon | string | `"/static/dist/assets/icons/icon.png"` | favicon everywhere |
| commons.theme.logo | string | `"/static/dist/assets/icons/icon_left_brand.svg"` | logo everywhere |
| commons.theme.title | string | `"myCloud"` | title everywhere |
### Commons Tracing
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commons.tracing.enabled | bool | `false` | enable tracing on all components |
| commons.tracing.grpc.enabled | bool | `true` | prefer grpc over http |
| commons.tracing.grpc.endpoint | string | `"tempo.monitoring.svc:4317"` | grpc endpoint |
| commons.tracing.grpc.insecure | bool | `true` | allow insecure connection per grpc |
| commons.tracing.http.endpoint | string | `"http://tempo.monitoring.svc:4318/v1/traces"` | http endpoint |
### Other Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| auth.clientID | string | `nil` | OIDC client id (default: "mycloud-git-small"-forgejo) |
| auth.clientSecret | string | `nil` | generated by .Values.commons.masterPassword |
| commons.networkpolicies.enabled | bool | `false` | |
| commons.networkpolicies.from.ingress | list | `[]` | |
| commons.networkpolicies.from.metrics | list | `[]` | |
| commons.networkpolicies.to.database | list | `[]` | |
| commons.networkpolicies.to.dns | list | `[]` | |
| databases.forgejo.host | string | `"mycloud-services-postgresql"` | default is from mysql-services |
| databases.forgejo.name | string | `"git-forgejo"` | |
| databases.forgejo.password | string | `nil` | generated by .Values.commons.masterPassword (equal to mycloud-services) |
| databases.forgejo.username | string | `"git-forgejo"` | |
| databases.woodpecker.host | string | `"mycloud-services-postgresql"` | default is from mysql-services |
| databases.woodpecker.name | string | `"git-woodpecker"` | |
| databases.woodpecker.password | string | `nil` | generated by .Values.commons.masterPassword (equal to mycloud-services) |
| databases.woodpecker.username | string | `"git-woodpecker"` | |
| forgejo | string | `nil` | |
| ingress.forgejo.annotations | string | `nil` | |
| ingress.forgejo.host | string | `nil` | default: git.(Values.commons.ingress.domain) |
| ingress.woodpecker.annotations | string | `nil` | |
| ingress.woodpecker.host | string | `nil` | default: ci.(Values.commons.ingress.domain) |
| init.namespace | string | `"bases"` | |
| init.version | int | `0` | |
| mail.from | string | `nil` | generade by Values.commons.mail.from |
| mail.host | string | `nil` | default Values.commons.mail.host |
| persistence.forgejo.size | string | `"16Gi"` | |
| persistence.forgejo.storageClass | string | `nil` | |
| traefik.enabled | bool | `true` | |
| woodpecker.admins | list | `[]` | admins of woodpecker (manage manuelle) |
| woodpecker.auth.clientID | string | `""` | need to be manuelle set, after setup on forgejo |
| woodpecker.auth.clientSecret | string | `""` | need to be manuelle set, after setup on forgejo |
| woodpecker.jobs.namespace.create | bool | `true` | |
| woodpecker.jobs.namespace.name | string | `"woodpecker"` | |
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

0
mycloud-git-small/_docs.gotmpl Normal file
View file

73
mycloud-git-small/templates/authentik-application.yaml Normal file
View file

@ -0,0 +1,73 @@
{{ $name := printf "%s-forgejo" .Release.Name }}
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: {{ .Release.Name }}-auth
spec:
chart:
spec:
sourceRef:
kind: GitRepository
name: "wrenix-helm-charts"
namespace: "flux-system"
chart: "./authentik-application"
reconcileStrategy: "Revision"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
values:
{{- $host := .Values.ingress.host | default (printf "git.%s" .Values.commons.ingress.domain) }}
blueprint:
authentik:
domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}"
provider:
type: "oidc"
name: {{ $name }}
oidc:
clientType: "confidential"
redirectURL: "https://{{ $host }}/user/oauth2/authentik/callback"
clientID: {{ .Values.auth.clientID | default $name | quote }}
clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "git-forgejo" "auth.clientSecret") | quote }}
signingKey: "authentik Self-signed Certificate"
scopes:
- name: "authentik default OAuth Mapping: OpenID 'openid'"
- name: "authentik default OAuth Mapping: OpenID 'email'"
- name: "authentik gitea OAuth Mapping: OpenID 'gitea'"
scope_name: gitea
expression: |-
groups = [group.name for group in user.ak_groups.all()]
gitea = {}
if user.is_superuser:
gitea = "admin"
if "admin" not in groups:
groups.append("admin")
else:
gitea = "user"
return {
"nickname": request.user.username,
"groups": groups,
"gitea": gitea
}
groups:
- slug: "mycloud - users"
bindID: "cefc0c13-49fa-4374-a909-e201a88a473b"
application:
policyEngineMode: "any"
openInNewTab: true
publisher: "WrenIX's myCloud"
slug: {{ $name }}
group: "Communication"
name: "Forgejo"
launchURL: "https://{{ $host }}"
icon: "https://{{ $host }}/assets/img/logo.png"
description: "With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to!"

14
mycloud-git-small/templates/configmap_init_crd.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-init
namespace: "{{ .Values.init.namespace }}"
data:
{{- if and
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
}}
init: "-1"
{{- else }}
init: "{{ add1 .Values.init.version }}"
{{- end }}

142
mycloud-git-small/templates/forgejo/release.yaml Normal file
View file

@ -0,0 +1,142 @@
{{ $name := printf "%s-forgejo" .Release.Name }}
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: {{ $name }}
spec:
chartRef:
kind: OCIRepository
name: "{{ .Release.Name }}-forgejo"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
valuesFrom:
- kind: Secret
name: {{ $name }}
valuesKey: "DATABASE_PASSWD"
targetPath: "gitea.config.database.PASSWD"
- kind: Secret
name: {{ $name }}
valuesKey: "MAILER_PASSWD"
targetPath: "gitea.config.mailer.PASSWD"
values:
{{- $host := .Values.ingress.host | default (printf "git.%s" .Values.commons.ingress.domain) }}
redis-cluster:
enabled: false
redis:
enabled: true
postgresql-ha:
enabled: false
gitea:
admin:
username: false
password: false
config:
APP_NAME: {{ .Values.commons.theme.title | quote }}
database:
DB_TYPE: postgres
HOST: {{ .Values.databases.forgejo.host | quote }}
USER: {{ .Values.databases.forgejo.username | quote }}
NAME: {{ .Values.databases.forgejo.name | quote }}
mailer:
ENABLED: true
PROTOCOL: "smtp+starttls"
SMTP_ADDR: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
SMTP_PORT: 587
USER: {{ .Values.commons.mail.username | quote }}
FROM: {{ .Values.mail.from | default (printf "\"[%s] %s\" <%s>" .Values.commons.theme.title "git" .Values.commons.mail.from) | quote }}
server:
LFS_START_SERVER: true
openid:
ENABLE_OPENID_SIGNUP: false
oauth2_client:
OPENID_CONNECT_SCOPES: "email gitea"
ENABLE_AUTO_REGISTRATION: true
USERNAME: nickname
UPDATE_AVATAR: true
ACCOUNT_LINKING: disabled
service:
DISABLE_REGISTRATION: true
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
picture:
DISABLE_GRAVATAR: true
ENABLE_FEDERATED_AVATAR: true
federation:
ENABLED: true
oauth:
- name: "authentik"
provider: "openidConnect"
autoDiscoverUrl: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/{{ $name }}/"
existingSecret: {{ $name }}
scopes: "email gitea"
groupClaimName: groups
adminGroup: admin
metrics:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
serviceMonitor:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
labels:
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }}
ingress:
enabled: true
annotations:
{{- with .Values.commons.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
hosts:
- host: "{{ $host }}"
paths:
- path: /
pathType: Prefix
{{- if .Values.commons.ingress.tls.enabled }}
tls:
{{- with .Values.commons.ingress.tls.override }}
{{- toYaml . | nindent 8 }}
{{- else }}
- secretName: "mycloud-forgejo-cert"
hosts:
- "{{ $host }}"
{{- end }}
{{- end }}
{{- if .Values.commons.persistence.hostPath.enabled }}
# TODO has no effect
extraInitContainers:
- name: "take-ownership"
image: "alpine:3"
command: ["chown", "-R", "1000:1000", "/data" ]
volumeMounts:
- name: "data"
mountPath: /data
extraVolumes:
- name: data
hostPath:
path: "{{ .Values.commons.persistence.hostPath.prefix }}/git-small/forgejo"
type: Directory
{{- end }}
persistence:
enabled: true
{{- with .Values.persistence.forgejo }}
size: {{ .size }}
{{- with .storageClass | default $.Values.commons.persistence.storageClass }}
storageClass: {{ . }}
{{- end }}
{{- if $.Values.commons.persistence.hostPath.enabled }}
create: false
mount: false
{{- end }}
{{- end }}

10
mycloud-git-small/templates/forgejo/repo.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: "{{ .Release.Name }}-forgejo"
spec:
url: oci://code.forgejo.org/forgejo-helm/forgejo
interval: 5m
ref:
semver: "^10.1.2"

12
mycloud-git-small/templates/forgejo/secret.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- $name := printf "%s-forgejo" .Release.Name }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $name | quote }}
data:
DATABASE_PASSWD: {{ .Values.databases.forgejo.password | default (derivePassword 1 "long" .Values.commons.masterPassword "git-forgejo" "database_password" | b64enc) | b64enc }}
MAILER_PASSWD: {{ .Values.commons.mail.password | b64enc }}
# for OIDC
key: {{ .Values.auth.clientID | default $name | b64enc }}
secret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "git-forgejo" "auth.clientSecret") | b64enc }}

16
mycloud-git-small/templates/forgejo/traefik.yaml Normal file
View file

@ -0,0 +1,16 @@
{{- if .Values.traefik.enabled }}
{{- $host := .Values.ingress.host | default (printf "git.%s" .Values.commons.ingress.domain) }}
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ .Release.Name }}-forgejo
spec:
entryPoints:
- ssh
routes:
- match: "HostSNI(`*`)"
services:
- name: {{ .Release.Name }}-forgejo-ssh
port: 22
{{- end }}

8
mycloud-git-small/templates/woodpecker/jobs/namespace.yaml Normal file
View file

@ -0,0 +1,8 @@
{{- with .Values.woodpecker.jobs.namespace }}
{{- if .create }}
apiVersion: v1
kind: Namespace
metadata:
name: {{ .name }}
{{- end }}
{{- end }}

141
mycloud-git-small/templates/woodpecker/release.yaml Normal file
View file

@ -0,0 +1,141 @@
{{- $name := printf "%s-woodpecker" .Release.Name }}
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: {{ $name | quote }}
spec:
chartRef:
kind: OCIRepository
name: {{ $name | quote }}
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
values:
{{- $hostCI := .Values.ingress.woodpecker.host | default (printf "ci.%s" .Values.commons.ingress.domain) }}
{{- $hostGit := .Values.ingress.woodpecker.host | default (printf "git.%s" .Values.commons.ingress.domain) }}
agent:
replicaCount: 1
env:
WOODPECKER_MAX_WORKFLOWS: 4
WOODPECKER_BACKEND_K8S_NAMESPACE: {{ .Values.woodpecker.jobs.namespace.name }}
WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
WOODPECKER_BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP: true
WOODPECKER_BACKEND_K8S_POD_LABELS: |
{
"app.kubernetes.io/name": "server",
"app.kubernetes.io/instance": "{{.Release.Namespace }}-{{ $name }}",
"app.kubernetes.io/component": "job"
}
WOODPECKER_SERVER: "{{ $name }}-server:9000"
{{- if .Values.commons.networkpolicies.enabled }}
networkPolicy:
enabled: true
egress:
enabled: true
dns:
{{- toYaml .Values.commons.networkpolicies.to.dns | nindent 12 }}
apiserver:
{{- toYaml .Values.commons.networkpolicies.to.k8sAPI | nindent 12 }}
server:
to:
- podSelector:
matchLabels:
app.kubernetes.io/name: server
app.kubernetes.io/instance: {{ $name }}
{{- end }}
persistentVolume:
enabled: false
server:
env:
WOODPECKER_OPEN: "true"
WOODPECKER_HOST: {{ printf "https://%s" $hostCI | quote }}
WOODPECKER_FORGEJO: "true"
WOODPECKER_FORGEJO_URL: {{ printf "https://%s" $hostGit | quote }}
WOODPECKER_ADMIN: {{ join "," .Values.woodpecker.admins | quote }}
WOODPECKER_DATABASE_DRIVER: postgres
WOODPECKER_LOG_FILE: "stdout"
podAnnotations:
config-hash: {{ include (print $.Template.BasePath "/woodpecker/secret.yaml") . | sha256sum }}
extraSecretNamesForEnvFrom:
- {{ $name }}
metrics:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
prometheus:
podmonitor:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
labels:
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }}
rules:
enabled: true
labels:
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
grafana:
dashboards:
enabled: true
labels:
{{- toYaml .Values.commons.grafana.dashboards.labels | nindent 12 }}
annotations:
{{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 12 }}
ingress:
enabled: true
annotations:
{{- with .Values.commons.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
hosts:
- host: {{ $hostCI }}
paths:
- path: /
{{- if .Values.commons.ingress.tls.enabled }}
tls:
{{- with .Values.commons.ingress.tls.override }}
{{- toYaml . | nindent 8 }}
{{- else }}
- secretName: "mycloud-woodpecker-cert"
hosts:
- "{{ $hostCI }}"
{{- end }}
{{- end }}
{{- if .Values.commons.networkpolicies.enabled }}
networkPolicy:
enabled: true
ingress:
http:
{{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 12 }}
metrics:
{{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 12 }}
grpc:
- podSelector:
matchLabels:
app.kubernetes.io/name: agent
app.kubernetes.io/instance: "{{ .Release.Name }}-woodpecker"
egress:
enabled: true
dns:
{{- toYaml .Values.commons.networkpolicies.to.dns | nindent 12 }}
database:
{{- with .Values.commons.networkpolicies.to.database }}
{{- toYaml . | nindent 12 }}
{{- end }}
extra:
{{/* need to call git instance*/}}
- ports:
- port: 443
protocol: TCP
to:
{{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 16 }}
{{- end }}
persistentVolume:
enabled: false

10
mycloud-git-small/templates/woodpecker/repo.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: "{{ .Release.Name }}-woodpecker"
spec:
url: oci://ghcr.io/woodpecker-ci/helm/woodpecker
interval: 10m
ref:
semver: "^2.0.0"

13
mycloud-git-small/templates/woodpecker/secret.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- $name := printf "%s-woodpecker" .Release.Name }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $name | quote }}
data:
{{- with .Values.databases.woodpecker }}
{{- $db_pass := .password | default (derivePassword 1 "long" $.Values.commons.masterPassword "git-woodpecker" "database_password" | b64enc) }}
WOODPECKER_DATABASE_DATASOURCE: {{ printf "postgres://%s:%s@%s/%s?sslmode=disable" .username $db_pass .host .name | b64enc }}
{{- end }}
WOODPECKER_FORGEJO_CLIENT: {{ .Values.woodpecker.auth.clientID | b64enc }}
WOODPECKER_FORGEJO_SECRET: {{ .Values.woodpecker.auth.clientSecret | b64enc }}

197
mycloud-git-small/values.yaml Normal file
View file

@ -0,0 +1,197 @@
init:
version: 0
namespace: "bases"
commons:
# -- masterPassword to generate secrets
# @section -- Commons
masterPassword: "CHANGEME"
auth:
# -- default auth.(.Values.commons.ingress.domain)
# @section -- Commons
host:
theme:
# -- title everywhere
# @section -- Commons theme
title: myCloud
# -- logo everywhere
# @section -- Commons theme
logo: /static/dist/assets/icons/icon_left_brand.svg
# -- favicon everywhere
# @section -- Commons theme
favicon: /static/dist/assets/icons/icon.png
mail:
# -- smtp server
# @section -- Commons mail
host: ""
# -- smtp username
# @section -- Commons mail
username: ""
# -- smtp password
# @section -- Commons mail
password: ""
# -- send from address
# @section -- Commons mail
from:
# -- smtp server use start tls
# @section -- Commons mail
use_tls: false
# -- smtp server use ssl
# @section -- Commons mail
use_ssl: false
persistence:
# -- storageClass of PVC
# @section -- Commons Persistence
storageClass:
hostPath:
# -- use hostPath instatt of PVC
# @section -- Commons Persistence
enabled: false
# -- use hostPath under the following path
# @section -- Commons Persistence
prefix: "/var/lib/mycloud"
helm:
release:
# -- install of FluxCD HelmRelease
# @section -- Commons helm release
install: {}
# -- test of FluxCD HelmRelease
# @section -- Commons helm release
test: {}
# -- upgrade of FluxCD HelmRelease
# @section -- Commons helm release
upgrade: {}
# -- driftDetection of FluxCD HelmRelease
# @section -- Commons helm release
driftDetection: {}
ingress:
# -- top domain for all services
# @section -- Commons Ingress
domain: "wrenix.eu"
# -- annotations for all ingress objects
# @section -- Commons Ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
tls:
# -- tls on every ingress
# @section -- Commons Ingress
enabled: true
# -- use own definition of tls (e.g. for own or wildcard certificate)
# @section -- Commons Ingress
override: []
networkpolicies:
enabled: false
from:
ingress: []
metrics: []
to:
dns: []
database: []
prometheus:
monitor:
# -- labels on Pod- and Service-Monitor
# @section -- Commons Monitoring
labels: {}
rules:
# -- labels on PrometheusRules
# @section -- Commons Monitoring
labels: {}
grafana:
dashboards:
# -- labels of grafana dashboard configmap
# @section -- Commons Monitoring
labels:
grafana_dashboard: "1"
# -- annotations of grafana dashboard configmap
# @section -- Commons Monitoring
annotations:
tracing:
# -- enable tracing on all components
# @section -- Commons Tracing
enabled: false
http:
# -- http endpoint
# @section -- Commons Tracing
endpoint: "http://tempo.monitoring.svc:4318/v1/traces"
grpc:
# -- prefer grpc over http
# @section -- Commons Tracing
enabled: true
# -- allow insecure connection per grpc
# @section -- Commons Tracing
insecure: true
# -- grpc endpoint
# @section -- Commons Tracing
endpoint: "tempo.monitoring.svc:4317"
auth:
# -- OIDC client id (default: "mycloud-git-small"-forgejo)
clientID:
# -- generated by .Values.commons.masterPassword
clientSecret:
ingress:
forgejo:
# -- default: git.(Values.commons.ingress.domain)
host:
annotations:
woodpecker:
# -- default: ci.(Values.commons.ingress.domain)
host:
annotations:
traefik:
enabled: true
databases:
forgejo:
# -- default is from mysql-services
host: mycloud-services-postgresql
name: git-forgejo
username: git-forgejo
# -- generated by .Values.commons.masterPassword (equal to mycloud-services)
password:
woodpecker:
# -- default is from mysql-services
host: mycloud-services-postgresql
name: git-woodpecker
username: git-woodpecker
# -- generated by .Values.commons.masterPassword (equal to mycloud-services)
password:
mail:
# -- generade by Values.commons.mail.from
from:
# -- default Values.commons.mail.host
host:
persistence:
forgejo:
storageClass:
size: 16Gi
woodpecker:
auth:
# -- need to be manuelle set, after setup on forgejo
clientID: ""
# -- need to be manuelle set, after setup on forgejo
clientSecret: ""
# -- admins of woodpecker (manage manuelle)
admins: []
jobs:
namespace:
create: true
name: "woodpecker"
forgejo: