---
apiVersion: codemowers.io/v1alpha1
kind: OIDCGWClient
metadata:
  name: woodpecker
spec:
  displayName: Woodpecker CI
  uri: https://woodpecker.k-space.ee/
  redirectUris: []
  allowedGroups:
    - k-space:floor
  grantTypes: []
  responseTypes: []
  availableScopes: []
---
apiVersion: v1
kind: Service
metadata:
  name: woodpecker
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app: woodpecker
---
apiVersion: v1
kind: Service
metadata:
  name: woodpecker-grpc
spec:
  type: ClusterIP
  ports:
    - port: 9000
      targetPort: grpc
      protocol: TCP
      name: grpc
  selector:
    app: woodpecker
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: woodpecker
spec:
  serviceName: woodpecker
  replicas: 1
  selector:
    matchLabels:
      app: woodpecker
  template:
    metadata:
      labels:
        app: woodpecker
    spec:
      automountServiceAccountToken: false
      securityContext:
        {}
      containers:
        - name: server
          image: woodpeckerci/woodpecker-server:next@sha256:d6f717236c17e82d20f3bbd0f4a8906240576515a742cc6653c6c347b72a015c
          ports:
            - name: http
              containerPort: 8000
            - name: grpc
              containerPort: 9000
          env:
            - name: WOODPECKER_ADMIN
              value: laurivosandi
            - name: WOODPECKER_OPEN
              value: "true"
            - name: WOODPECKER_HOST
              value: "https://woodpecker.k-space.ee"
            - name: WOODPECKER_GITEA
              value: "true"
            - name: WOODPECKER_GITEA_URL
              value: "https://git.k-space.ee/"
            - name: WOODPECKER_GITEA_CLIENT
              valueFrom:
                secretKeyRef:
                  name: woodpecker-secret
                  key: WOODPECKER_GITEA_CLIENT
            - name: WOODPECKER_GITEA_SECRET
              valueFrom:
                secretKeyRef:
                  name: woodpecker-secret
                  key: WOODPECKER_GITEA_SECRET
            - name: "WOODPECKER_AGENT_SECRET"
              valueFrom:
                secretKeyRef:
                  name: woodpecker-secret
                  key: WOODPECKER_AGENT_SECRET
          volumeMounts:
            - name: woodpecker-data
              mountPath: /var/lib/woodpecker
  volumeClaimTemplates:
    - metadata:
        name: woodpecker-data
      spec:
        storageClassName: longhorn
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 8Gi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: woodpecker
  annotations:
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  tls:
    - hosts:
        - "*.k-space.ee"
  rules:
    - host: "woodpecker.k-space.ee"
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: woodpecker
                port:
                  number: 80