DevFW-CICD/stacks-instances
16
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial upload

Browse source
This commit is contained in:
Stephan Lo 2025-06-08 23:57:14 +02:00
parent d25a81780b
commit 005073277b
14 changed files with 236 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
otc/ABC/stacks/core/ingress-apps.yaml → otc/ABC/registry/forgejo.yaml
View file

@ -1,24 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-apps
name: forgejo
namespace: argocd
labels:
example: ref-implementation
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: "https://kubernetes.default.svc"
name: in-cluster
namespace: argocd
source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
path: "otc/ABC/stacks/forgejo"
repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
targetRevision: HEAD
path: "otc/ABC/stacks/core/ingress-apps"
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1

3
otc/ABC/stacks/core/argocd.yaml
View file

@ -30,3 +30,6 @@ spec:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/core/argocd/manifests"

0
otc/ABC/stacks/core/ingress-apps/argocd-server.yaml → otc/ABC/stacks/core/argocd/manifests/argocd-server-ingress.yaml
View file

29
otc/ABC/stacks/core/forgejo.yaml
View file

@ -1,29 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: gitea
sources:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
path: .
targetRevision: v12.0.0-depends
helm:
valueFiles:
- $values/otc/ABC/stacks/core/forgejo/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

77
otc/ABC/stacks/core/forgejo/values.yaml
View file

@ -1,77 +0,0 @@
redis-cluster:
enabled: true
postgresql:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: true
size: 5Gi
test:
enabled: false
gitea:
additionalConfigFromEnvs:
- name: FORGEJO__APP_NAME
value: EDP Forgejo
- name: FORGEJO__APP_SLOGAN
value: Welcome to the Forgejo
# - name: ENV_TO_INI__DATABASE__PASSWD
# valueFrom:
# secretKeyRef:
# name: postgres-secret
# key: password
admin:
existingSecret: gitea-credential
config:
service:
DISABLE_REGISTRATION: true
other:
SHOW_FOOTER_VERSION: false
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
database:
DB_TYPE: sqlite3
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level
server:
DOMAIN: 'ABC'
ROOT_URL: 'https://ABC:443'
mailer:
ENABLED: true
FROM: forgejo@ABC
PROTOCOL: smtp
SMTP_ADDR: mailhog.mailhog.svc.cluster.local
SMTP_PORT: 1025
service:
ssh:
type: NodePort
nodePort: 32222
externalTrafficPolicy: Local
image:
pullPolicy: "IfNotPresent"
# Overrides the image tag whose default is the chart appVersion.
#tag: "8.0.3"
# Adds -rootless suffix to image name
rootless: true
forgejo:
runner:
enabled: true
image:
tag: latest
# replicas: 3
config:
runner:
labels:
- docker:docker://node:16-bullseye
- self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04

10
otc/ABC/stacks/core/vector/values.yaml
View file

@ -39,7 +39,11 @@ customConfig:
type: elasticsearch
inputs: [parser]
endpoints:
- https://o12y.penguin-observability.think-ahead.cloud/insert/elasticsearch/
- https://o12y.observability.think-ahead.cloud/insert/elasticsearch/
auth:
strategy: basic
user: simple-user
password: simple-password
mode: bulk
api_version: v8
compression: gzip
@ -50,5 +54,5 @@ customConfig:
VL-Time-Field: timestamp
VL-Stream-Fields: stream,kubernetes.pod_name,kubernetes.container_name,kubernetes.pod_namespace
VL-Msg-Field: message,msg,_msg,log.msg,log.message,log
AccountID: "2"
ProjectID: "2"
AccountID: "0"
ProjectID: "0"

2
otc/ABC/stacks/core/forgejo-runner.yaml → otc/ABC/stacks/forgejo/forgejo-runner.yaml
View file

@ -21,4 +21,4 @@ spec:
source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/core/forgejo-runner"
path: "otc/ABC/stacks/forgejo/forgejo-runner"

0
otc/ABC/stacks/core/forgejo-runner/dind-docker.yaml → otc/ABC/stacks/forgejo/forgejo-runner/dind-docker.yaml
View file

38
otc/ABC/stacks/forgejo/forgejo-server.yaml Normal file
View file

@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-server
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: gitea
sources:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
path: .
# first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml
# (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file)
# then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0):
# https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0
# finally update the desired version here and include "-depends", it is created by the devops pipeline.
# why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies
targetRevision: v9.0.0-depends
helm:
valueFiles:
- $values/otc/ABC/stacks/forgejo/forgejo-server/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc/ABC/stacks/forgejo/forgejo-server/manifests"

4
otc/ABC/stacks/core/ingress-apps/forgejo.yaml → otc/ABC/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml
View file

@ -6,7 +6,7 @@ metadata:
nginx.ingress.kubernetes.io/proxy-body-size: 512m
cert-manager.io/cluster-issuer: main
name: forgejo
name: forgejo-server
namespace: gitea
spec:
ingressClassName: nginx
@ -16,7 +16,7 @@ spec:
paths:
- backend:
service:
name: forgejo-http
name: forgejo-server-http
port:
number: 3000
path: /

163
otc/ABC/stacks/forgejo/forgejo-server/values.yaml Normal file
View file

@ -0,0 +1,163 @@
redis-cluster:
enabled: false
redis:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: true
size: 5Gi
test:
enabled: false
deployment:
env:
- name: SSL_CERT_FILE
value: /etc/elasticsearch/elasticsearch.cer
extraVolumeMounts:
- mountPath: /etc/elasticsearch
name: elasticsearch-cert-volume
readOnly: true
extraVolumes:
- name: elasticsearch-cert-volume
configMap:
defaultMode: 420
name: elasticsearch-cert
gitea:
additionalConfigFromEnvs:
- name: FORGEJO__storage__MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: access-key
- name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: secret-key
- name: FORGEJO__queue__CONN_STR
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__session__PROVIDER_CONFIG
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__cache__HOST
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__database__HOST
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: host_port
- name: FORGEJO__database__NAME
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: database
- name: FORGEJO__database__USER
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: username
- name: FORGEJO__database__PASSWD
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: password
- name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR
valueFrom:
secretKeyRef:
name: elasticsearch-cloud-credentials
key: connection-string
admin:
existingSecret: gitea-credential
config:
indexer:
ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: elasticsearch
# TODO next
REPO_INDEXER_ENABLED: false
# REPO_INDEXER_TYPE: meilisearch # not yet working
storage:
MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
STORAGE_TYPE: minio
MINIO_LOCATION: eu-de
MINIO_BUCKET: edp-forgejo-mycluster
MINIO_USE_SSL: true
queue:
TYPE: redis
session:
PROVIDER: redis
cache:
ENABLED: true
ADAPTER: redis
service:
DISABLE_REGISTRATION: true
other:
SHOW_FOOTER_VERSION: false
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
database:
DB_TYPE: postgres
server:
DOMAIN: 'ABC'
ROOT_URL: 'https://ABC:443'
mailer:
ENABLED: true
FROM: forgejo@ABC
PROTOCOL: smtp
SMTP_ADDR: mailhog.mailhog.svc.cluster.local
SMTP_PORT: 1025
service:
ssh:
type: NodePort
nodePort: 32222
externalTrafficPolicy: Local
image:
pullPolicy: "IfNotPresent"
# Overrides the image tag whose default is the chart appVersion.
#tag: "8.0.3"
# Adds -rootless suffix to image name
rootless: true
forgejo:
runner:
enabled: true
image:
tag: latest
# replicas: 3
config:
runner:
labels:
- docker:docker://node:16-bullseye
- self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04

2
otc/ABC/stacks/observability/victoria-k8s-stack.yaml
View file

@ -19,7 +19,7 @@ spec:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
releaseName: victoria
releaseName: vm
helm:
valueFiles:
- $values/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml

16
otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml
View file

@ -7,13 +7,9 @@ spec:
username: simple-user
password: simple-password
targetRefs:
- crd:
kind: VMSingle
name: victoria-k8s-stack-victoria-metrics-k8s-stack
namespace: observability
paths: ["/.*"]
- crd:
kind: VLogs
name: victorialogs
namespace: observability
paths: ["/.*"]
- static:
url: http://vmsingle-victoria-k8s-stack-victoria-metrics-k8s-stack:8429
paths: ["/api/v1/write/.*"]
- static:
url: http://vlogs-victorialogs:9428
paths: ["/insert/elasticsearch/.*"]

23
otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml
View file

@ -763,23 +763,12 @@ vmauth:
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: main
host: o12y.penguin-observability.think-ahead.cloud
host: o12y.ABC
tlsHosts:
- o12y.penguin-observability.think-ahead.cloud
- o12y.ABC
tlsSecretName: vmauth-tls-secret
unauthorizedUserAccessSpec:
# -- Flag, that allows to disable default VMAuth unauthorized user access config
disabled: false
discover_backend_ips: true
url_map:
- src_paths:
- '{{ .vm.read.path }}/.*'
url_prefix:
- '{{ urlJoin (omit .vm.read "path") }}/'
- src_paths:
- '{{ .vm.write.path }}/.*'
url_prefix:
- '{{ urlJoin (omit .vm.write "path") }}/'
unauthorizedUserAccessSpec: {}
selectAllByDefault: true
vmagent:
# -- Create VMAgent CR
@ -882,6 +871,10 @@ defaultDatasources:
grafana:
enabled: true
# all values for grafana helm chart can be specified here
persistence:
enabled: true
type: pvc
storageClassName: "default"
sidecar:
datasources:
enabled: true