Add Woodpecker CI

This commit is contained in:
Lauri Võsandi 2023-05-27 10:09:15 +03:00
parent 5dc6dca28e
commit 1d3d58f1a0
4 changed files with 257 additions and 0 deletions

View File

@ -53,3 +53,16 @@ volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true allowVolumeExpansion: true
parameters: parameters:
fsType: "xfs" fsType: "xfs"
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: woodpecker
provisioner: driver.longhorn.io
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
dataLocality: best-effort
numberOfReplicas: "1"
fsType: "xfs"

17
woodpecker/README.md Normal file
View File

@ -0,0 +1,17 @@
# Woodpecker CI
Woodpecker CI obsoletes Drone CI which has confusing licensing conditions.
Deployment steps:
```
kubectl create namespace woodpecker
kubectl create namespace woodpecker-execution
kubectl create secret generic -n woodpecker woodpecker-secret \
--from-literal=WOODPECKER_AGENT_SECRET=$(openssl rand -hex 32) \
--from-literal=WOODPECKER_GITEA_CLIENT=... \
--from-literal=WOODPECKER_GITEA_SECRET=...
kubectl create secret generic -n woodpecker-execution woodpecker-secret \
--from-literal=WOODPECKER_AGENT_SECRET=$(kubectl get secret -n woodpecker woodpecker-secret -o jsonpath="{.data.WOODPECKER_AGENT_SECRET}" | base64 -d)
kubectl apply -n woodpecker -f woodpecker-server.yml
kubectl apply -n woodpecker-execution -f woodpecker-agent.yml
```

View File

@ -0,0 +1,98 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: woodpecker-agent
namespace: woodpecker-execution
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: woodpecker-agent
namespace: woodpecker-execution
rules:
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- apiGroups:
- ''
resources:
- services
verbs:
- create
- delete
- apiGroups:
- ''
resources:
- pods
- pods/log
verbs:
- watch
- create
- delete
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: woodpecker-agent
namespace: woodpecker-execution
subjects:
- kind: ServiceAccount
name: woodpecker-agent
namespace: woodpecker-execution
roleRef:
kind: Role
name: woodpecker-agent
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: woodpecker-agent
namespace: woodpecker-execution
spec:
replicas: 2
selector:
matchLabels:
app: woodpecker-agent
template:
metadata:
labels:
app: woodpecker-agent
spec:
serviceAccountName: woodpecker-agent
securityContext:
{}
containers:
- name: agent
securityContext:
{}
image: woodpeckerci/woodpecker-agent:next
ports:
- name: http
containerPort: 3000
protocol: TCP
env:
- name: WOODPECKER_BACKEND
value: kubernetes
- name: WOODPECKER_BACKEND_K8S_NAMESPACE
value: woodpecker-execution
- name: WOODPECKER_BACKEND_K8S_STORAGE_CLASS
value: woodpecker
- name: WOODPECKER_BACKEND_K8S_STORAGE_RWX
value: "false"
- name: WOODPECKER_BACKEND_K8S_VOLUME_SIZE
value: 100Mi
- name: WOODPECKER_SERVER
value: "woodpecker-grpc.woodpecker.svc.cluster.local:9000"
- name: WOODPECKER_AGENT_SECRET
valueFrom:
secretKeyRef:
name: woodpecker-secret
key: WOODPECKER_AGENT_SECRET

View File

@ -0,0 +1,129 @@
---
apiVersion: v1
kind: Service
metadata:
name: woodpecker
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app: woodpecker
---
apiVersion: v1
kind: Service
metadata:
name: woodpecker-grpc
spec:
type: ClusterIP
ports:
- port: 9000
targetPort: grpc
protocol: TCP
name: grpc
selector:
app: woodpecker
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: woodpecker
spec:
serviceName: woodpecker
replicas: 1
selector:
matchLabels:
app: woodpecker
template:
metadata:
labels:
app: woodpecker
spec:
automountServiceAccountToken: false
securityContext:
{}
containers:
- name: server
securityContext:
{}
image: woodpeckerci/woodpecker-server:next
ports:
- name: http
containerPort: 8000
protocol: TCP
- name: grpc
containerPort: 9000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
env:
- name: WOODPECKER_ADMIN
value: laurivosandi
- name: WOODPECKER_OPEN
value: "true"
- name: WOODPECKER_ORGS
value: codemowers
- name: WOODPECKER_HOST
value: "https://woodpecker.k-space.ee"
- name: WOODPECKER_GITEA
value: "true"
- name: WOODPECKER_GITEA_URL
value: "https://git.k-space.ee/"
- name: WOODPECKER_GITEA_CLIENT
valueFrom:
secretKeyRef:
name: woodpecker-secret
key: WOODPECKER_GITEA_CLIENT
- name: WOODPECKER_GITEA_SECRET
valueFrom:
secretKeyRef:
name: woodpecker-secret
key: WOODPECKER_GITEA_SECRET
- name: "WOODPECKER_AGENT_SECRET"
valueFrom:
secretKeyRef:
name: woodpecker-secret
key: WOODPECKER_AGENT_SECRET
volumeMounts:
- name: woodpecker-data
mountPath: /var/lib/woodpecker
volumeClaimTemplates:
- metadata:
name: woodpecker-data
spec:
storageClassName: longhorn
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: woodpecker
annotations:
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- hosts:
- "*.k-space.ee"
rules:
- host: "woodpecker.k-space.ee"
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: woodpecker
port:
number: 80