forked from k-space/kube
Add Woodpecker CI
This commit is contained in:
parent
5dc6dca28e
commit
1d3d58f1a0
@ -53,3 +53,16 @@ volumeBindingMode: WaitForFirstConsumer
|
|||||||
allowVolumeExpansion: true
|
allowVolumeExpansion: true
|
||||||
parameters:
|
parameters:
|
||||||
fsType: "xfs"
|
fsType: "xfs"
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: woodpecker
|
||||||
|
provisioner: driver.longhorn.io
|
||||||
|
reclaimPolicy: Delete
|
||||||
|
volumeBindingMode: Immediate
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
dataLocality: best-effort
|
||||||
|
numberOfReplicas: "1"
|
||||||
|
fsType: "xfs"
|
||||||
|
17
woodpecker/README.md
Normal file
17
woodpecker/README.md
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# Woodpecker CI
|
||||||
|
Woodpecker CI obsoletes Drone CI which has confusing licensing conditions.
|
||||||
|
|
||||||
|
Deployment steps:
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl create namespace woodpecker
|
||||||
|
kubectl create namespace woodpecker-execution
|
||||||
|
kubectl create secret generic -n woodpecker woodpecker-secret \
|
||||||
|
--from-literal=WOODPECKER_AGENT_SECRET=$(openssl rand -hex 32) \
|
||||||
|
--from-literal=WOODPECKER_GITEA_CLIENT=... \
|
||||||
|
--from-literal=WOODPECKER_GITEA_SECRET=...
|
||||||
|
kubectl create secret generic -n woodpecker-execution woodpecker-secret \
|
||||||
|
--from-literal=WOODPECKER_AGENT_SECRET=$(kubectl get secret -n woodpecker woodpecker-secret -o jsonpath="{.data.WOODPECKER_AGENT_SECRET}" | base64 -d)
|
||||||
|
kubectl apply -n woodpecker -f woodpecker-server.yml
|
||||||
|
kubectl apply -n woodpecker-execution -f woodpecker-agent.yml
|
||||||
|
```
|
98
woodpecker/woodpecker-agent.yml
Normal file
98
woodpecker/woodpecker-agent.yml
Normal file
@ -0,0 +1,98 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: woodpecker-agent
|
||||||
|
namespace: woodpecker-execution
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: woodpecker-agent
|
||||||
|
namespace: woodpecker-execution
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- persistentvolumeclaims
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- pods/log
|
||||||
|
verbs:
|
||||||
|
- watch
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: woodpecker-agent
|
||||||
|
namespace: woodpecker-execution
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: woodpecker-agent
|
||||||
|
namespace: woodpecker-execution
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: woodpecker-agent
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: woodpecker-agent
|
||||||
|
namespace: woodpecker-execution
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: woodpecker-agent
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: woodpecker-agent
|
||||||
|
spec:
|
||||||
|
serviceAccountName: woodpecker-agent
|
||||||
|
securityContext:
|
||||||
|
{}
|
||||||
|
containers:
|
||||||
|
- name: agent
|
||||||
|
securityContext:
|
||||||
|
{}
|
||||||
|
image: woodpeckerci/woodpecker-agent:next
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 3000
|
||||||
|
protocol: TCP
|
||||||
|
env:
|
||||||
|
- name: WOODPECKER_BACKEND
|
||||||
|
value: kubernetes
|
||||||
|
- name: WOODPECKER_BACKEND_K8S_NAMESPACE
|
||||||
|
value: woodpecker-execution
|
||||||
|
- name: WOODPECKER_BACKEND_K8S_STORAGE_CLASS
|
||||||
|
value: woodpecker
|
||||||
|
- name: WOODPECKER_BACKEND_K8S_STORAGE_RWX
|
||||||
|
value: "false"
|
||||||
|
- name: WOODPECKER_BACKEND_K8S_VOLUME_SIZE
|
||||||
|
value: 100Mi
|
||||||
|
- name: WOODPECKER_SERVER
|
||||||
|
value: "woodpecker-grpc.woodpecker.svc.cluster.local:9000"
|
||||||
|
- name: WOODPECKER_AGENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: woodpecker-secret
|
||||||
|
key: WOODPECKER_AGENT_SECRET
|
129
woodpecker/woodpecker-server.yml
Normal file
129
woodpecker/woodpecker-server.yml
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: woodpecker
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
targetPort: http
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
selector:
|
||||||
|
app: woodpecker
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: woodpecker-grpc
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 9000
|
||||||
|
targetPort: grpc
|
||||||
|
protocol: TCP
|
||||||
|
name: grpc
|
||||||
|
selector:
|
||||||
|
app: woodpecker
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: woodpecker
|
||||||
|
spec:
|
||||||
|
serviceName: woodpecker
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: woodpecker
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: woodpecker
|
||||||
|
spec:
|
||||||
|
automountServiceAccountToken: false
|
||||||
|
securityContext:
|
||||||
|
{}
|
||||||
|
containers:
|
||||||
|
- name: server
|
||||||
|
securityContext:
|
||||||
|
{}
|
||||||
|
image: woodpeckerci/woodpecker-server:next
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 8000
|
||||||
|
protocol: TCP
|
||||||
|
- name: grpc
|
||||||
|
containerPort: 9000
|
||||||
|
protocol: TCP
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: http
|
||||||
|
env:
|
||||||
|
- name: WOODPECKER_ADMIN
|
||||||
|
value: laurivosandi
|
||||||
|
- name: WOODPECKER_OPEN
|
||||||
|
value: "true"
|
||||||
|
- name: WOODPECKER_ORGS
|
||||||
|
value: codemowers
|
||||||
|
- name: WOODPECKER_HOST
|
||||||
|
value: "https://woodpecker.k-space.ee"
|
||||||
|
- name: WOODPECKER_GITEA
|
||||||
|
value: "true"
|
||||||
|
- name: WOODPECKER_GITEA_URL
|
||||||
|
value: "https://git.k-space.ee/"
|
||||||
|
- name: WOODPECKER_GITEA_CLIENT
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: woodpecker-secret
|
||||||
|
key: WOODPECKER_GITEA_CLIENT
|
||||||
|
- name: WOODPECKER_GITEA_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: woodpecker-secret
|
||||||
|
key: WOODPECKER_GITEA_SECRET
|
||||||
|
- name: "WOODPECKER_AGENT_SECRET"
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: woodpecker-secret
|
||||||
|
key: WOODPECKER_AGENT_SECRET
|
||||||
|
volumeMounts:
|
||||||
|
- name: woodpecker-data
|
||||||
|
mountPath: /var/lib/woodpecker
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: woodpecker-data
|
||||||
|
spec:
|
||||||
|
storageClassName: longhorn
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 8Gi
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: woodpecker
|
||||||
|
annotations:
|
||||||
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "*.k-space.ee"
|
||||||
|
rules:
|
||||||
|
- host: "woodpecker.k-space.ee"
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- pathType: Prefix
|
||||||
|
path: /
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: woodpecker
|
||||||
|
port:
|
||||||
|
number: 80
|
Loading…
Reference in New Issue
Block a user