woodpecker: recreate to v3 on kustomize

woodpecker/README.md

@@ -1,17 +1,26 @@
-# Woodpecker CI
-Woodpecker CI obsoletes Drone CI which has confusing licensing conditions.
+First kustomize helm chart thing.
 
-Deployment steps:
+As of commit time, woodpecker chart does not support agents in separate namespace.
 
+Render it locally:
+
+```sh
+kustomize build . --enable-helm
 ```
-kubectl create namespace woodpecker
-kubectl create namespace woodpecker-execution
-kubectl create secret generic -n woodpecker woodpecker-secret \
-  --from-literal=WOODPECKER_AGENT_SECRET=$(openssl rand -hex 32) \
-  --from-literal=WOODPECKER_GITEA_CLIENT=... \
-  --from-literal=WOODPECKER_GITEA_SECRET=...
-kubectl create secret generic -n woodpecker-execution woodpecker-secret \
-  --from-literal=WOODPECKER_AGENT_SECRET=$(kubectl get secret -n woodpecker woodpecker-secret -o jsonpath="{.data.WOODPECKER_AGENT_SECRET}" | base64 -d)
-kubectl apply -n woodpecker -f woodpecker-server.yml
-kubectl apply -n woodpecker-execution -f woodpecker-agent.yml
+
+If upstream chart does not have `extraSecretNamesForEnvFrom`, patch instead:
+
+```yaml
+patches:
+- target:
+  version: v1
+  kind: StatefulSet
+  name: release-name-server
+  # or: labelSelector: app.kubernetes.io/name=server
+  patch: |-
+   - op: add
+     path: /spec/template/spec/containers/0/envFrom/-
+     value:
+       secretRef:
+         name: woodpecker-gitea-oauth2
 ```