141 lines
5 KiB
YAML
141 lines
5 KiB
YAML
{{- $name := printf "%s-woodpecker" .Release.Name }}
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: {{ $name | quote }}
|
|
spec:
|
|
chartRef:
|
|
kind: OCIRepository
|
|
name: {{ $name | quote }}
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
{{- $hostCI := .Values.ingress.woodpecker.host | default (printf "ci.%s" .Values.commons.ingress.domain) }}
|
|
{{- $hostGit := .Values.ingress.woodpecker.host | default (printf "git.%s" .Values.commons.ingress.domain) }}
|
|
agent:
|
|
replicaCount: 1
|
|
env:
|
|
WOODPECKER_MAX_WORKFLOWS: 4
|
|
WOODPECKER_BACKEND_K8S_NAMESPACE: {{ .Values.woodpecker.jobs.namespace.name }}
|
|
WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
|
|
WOODPECKER_BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP: true
|
|
WOODPECKER_BACKEND_K8S_POD_LABELS: |
|
|
{
|
|
"app.kubernetes.io/name": "server",
|
|
"app.kubernetes.io/instance": "{{.Release.Namespace }}-{{ $name }}",
|
|
"app.kubernetes.io/component": "job"
|
|
}
|
|
WOODPECKER_SERVER: "{{ $name }}-server:9000"
|
|
{{- if .Values.commons.networkpolicies.enabled }}
|
|
networkPolicy:
|
|
enabled: true
|
|
egress:
|
|
enabled: true
|
|
dns:
|
|
{{- toYaml .Values.commons.networkpolicies.to.dns | nindent 12 }}
|
|
apiserver:
|
|
{{- toYaml .Values.commons.networkpolicies.to.k8sAPI | nindent 12 }}
|
|
server:
|
|
to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: server
|
|
app.kubernetes.io/instance: {{ $name }}
|
|
{{- end }}
|
|
persistentVolume:
|
|
enabled: false
|
|
server:
|
|
env:
|
|
WOODPECKER_OPEN: "true"
|
|
WOODPECKER_HOST: {{ printf "https://%s" $hostCI | quote }}
|
|
WOODPECKER_FORGEJO: "true"
|
|
WOODPECKER_FORGEJO_URL: {{ printf "https://%s" $hostGit | quote }}
|
|
WOODPECKER_ADMIN: {{ join "," .Values.woodpecker.admins | quote }}
|
|
WOODPECKER_DATABASE_DRIVER: postgres
|
|
WOODPECKER_LOG_FILE: "stdout"
|
|
podAnnotations:
|
|
config-hash: {{ include (print $.Template.BasePath "/woodpecker/secret.yaml") . | sha256sum }}
|
|
extraSecretNamesForEnvFrom:
|
|
- {{ $name }}
|
|
metrics:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
|
|
prometheus:
|
|
podmonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PodMonitor") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 12 }}
|
|
rules:
|
|
enabled: true
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 12 }}
|
|
grafana:
|
|
dashboards:
|
|
enabled: true
|
|
labels:
|
|
{{- toYaml .Values.commons.grafana.dashboards.labels | nindent 12 }}
|
|
annotations:
|
|
{{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 12 }}
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
{{- with .Values.commons.ingress.annotations }}
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
{{- with .Values.ingress.woodpecker.annotations }}
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
hosts:
|
|
- host: {{ $hostCI }}
|
|
paths:
|
|
- path: /
|
|
{{- if .Values.commons.ingress.tls.enabled }}
|
|
tls:
|
|
{{- with .Values.commons.ingress.tls.override }}
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- else }}
|
|
- secretName: "mycloud-woodpecker-cert"
|
|
hosts:
|
|
- "{{ $hostCI }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.commons.networkpolicies.enabled }}
|
|
networkPolicy:
|
|
enabled: true
|
|
ingress:
|
|
http:
|
|
{{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 12 }}
|
|
metrics:
|
|
{{- toYaml .Values.commons.networkpolicies.from.metrics | nindent 12 }}
|
|
grpc:
|
|
- podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: agent
|
|
app.kubernetes.io/instance: "{{ .Release.Name }}-woodpecker"
|
|
egress:
|
|
enabled: true
|
|
dns:
|
|
{{- toYaml .Values.commons.networkpolicies.to.dns | nindent 12 }}
|
|
database:
|
|
{{- with .Values.commons.networkpolicies.to.database }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
extra:
|
|
{{/* need to call git instance*/}}
|
|
- ports:
|
|
- port: 443
|
|
protocol: TCP
|
|
to:
|
|
{{- toYaml .Values.commons.networkpolicies.from.ingress | nindent 16 }}
|
|
|
|
{{- end }}
|
|
persistentVolume:
|
|
enabled: false
|