diff --git a/otc/ABC/stacks/core/ingress-apps.yaml b/otc/ABC/registry/forgejo.yaml similarity index 55% rename from otc/ABC/stacks/core/ingress-apps.yaml rename to otc/ABC/registry/forgejo.yaml index a12ba3c..b9a864a 100644 --- a/otc/ABC/stacks/core/ingress-apps.yaml +++ b/otc/ABC/registry/forgejo.yaml @@ -1,24 +1,24 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: ingress-apps + name: forgejo namespace: argocd labels: - example: ref-implementation + env: dev finalizers: - resources-finalizer.argocd.argoproj.io spec: destination: - server: "https://kubernetes.default.svc" + name: in-cluster + namespace: argocd source: - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances + path: "otc/ABC/stacks/forgejo" + repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances" targetRevision: HEAD - path: "otc/ABC/stacks/core/ingress-apps" project: default syncPolicy: automated: + prune: true selfHeal: true syncOptions: - CreateNamespace=true - retry: - limit: -1 diff --git a/otc/ABC/stacks/core/argocd.yaml b/otc/ABC/stacks/core/argocd.yaml index ca7b05c..b4edf14 100644 --- a/otc/ABC/stacks/core/argocd.yaml +++ b/otc/ABC/stacks/core/argocd.yaml @@ -30,3 +30,6 @@ spec: - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances targetRevision: HEAD ref: values + - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances + targetRevision: HEAD + path: "otc/ABC/stacks/core/argocd/manifests" \ No newline at end of file diff --git a/otc/ABC/stacks/core/ingress-apps/argocd-server.yaml b/otc/ABC/stacks/core/argocd/manifests/argocd-server-ingress.yaml similarity index 100% rename from otc/ABC/stacks/core/ingress-apps/argocd-server.yaml rename to otc/ABC/stacks/core/argocd/manifests/argocd-server-ingress.yaml diff --git a/otc/ABC/stacks/core/forgejo.yaml b/otc/ABC/stacks/core/forgejo.yaml deleted file mode 100644 index fda7cb3..0000000 --- a/otc/ABC/stacks/core/forgejo.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: forgejo - namespace: argocd - labels: - env: dev -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: gitea - sources: - - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git - path: . - targetRevision: v12.0.0-depends - helm: - valueFiles: - - $values/otc/ABC/stacks/core/forgejo/values.yaml - - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances - targetRevision: HEAD - ref: values diff --git a/otc/ABC/stacks/core/forgejo/values.yaml b/otc/ABC/stacks/core/forgejo/values.yaml deleted file mode 100644 index 67bf773..0000000 --- a/otc/ABC/stacks/core/forgejo/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -redis-cluster: - enabled: true -postgresql: - enabled: false -postgresql-ha: - enabled: false - -persistence: - enabled: true - size: 5Gi - -test: - enabled: false - -gitea: - additionalConfigFromEnvs: - - name: FORGEJO__APP_NAME - value: EDP Forgejo - - name: FORGEJO__APP_SLOGAN - value: Welcome to the Forgejo -# - name: ENV_TO_INI__DATABASE__PASSWD -# valueFrom: -# secretKeyRef: -# name: postgres-secret -# key: password - admin: - existingSecret: gitea-credential - config: - service: - DISABLE_REGISTRATION: true - other: - SHOW_FOOTER_VERSION: false - SHOW_FOOTER_TEMPLATE_LOAD_TIME: false - database: - DB_TYPE: sqlite3 - session: - PROVIDER: memory - cache: - ADAPTER: memory - queue: - TYPE: level - server: - DOMAIN: 'ABC' - ROOT_URL: 'https://ABC:443' - mailer: - ENABLED: true - FROM: forgejo@ABC - PROTOCOL: smtp - SMTP_ADDR: mailhog.mailhog.svc.cluster.local - SMTP_PORT: 1025 - -service: - ssh: - type: NodePort - nodePort: 32222 - externalTrafficPolicy: Local - -image: - pullPolicy: "IfNotPresent" - # Overrides the image tag whose default is the chart appVersion. - #tag: "8.0.3" - # Adds -rootless suffix to image name - rootless: true - -forgejo: - runner: - enabled: true - image: - tag: latest - # replicas: 3 - config: - runner: - labels: - - docker:docker://node:16-bullseye - - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04 - - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04 - - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04 diff --git a/otc/ABC/stacks/core/vector/values.yaml b/otc/ABC/stacks/core/vector/values.yaml index 51757e5..6d98171 100644 --- a/otc/ABC/stacks/core/vector/values.yaml +++ b/otc/ABC/stacks/core/vector/values.yaml @@ -39,7 +39,11 @@ customConfig: type: elasticsearch inputs: [parser] endpoints: - - https://o12y.penguin-observability.think-ahead.cloud/insert/elasticsearch/ + - https://o12y.observability.think-ahead.cloud/insert/elasticsearch/ + auth: + strategy: basic + user: simple-user + password: simple-password mode: bulk api_version: v8 compression: gzip @@ -50,5 +54,5 @@ customConfig: VL-Time-Field: timestamp VL-Stream-Fields: stream,kubernetes.pod_name,kubernetes.container_name,kubernetes.pod_namespace VL-Msg-Field: message,msg,_msg,log.msg,log.message,log - AccountID: "2" - ProjectID: "2" \ No newline at end of file + AccountID: "0" + ProjectID: "0" \ No newline at end of file diff --git a/otc/ABC/stacks/core/forgejo-runner.yaml b/otc/ABC/stacks/forgejo/forgejo-runner.yaml similarity index 91% rename from otc/ABC/stacks/core/forgejo-runner.yaml rename to otc/ABC/stacks/forgejo/forgejo-runner.yaml index 9498391..f90eb9d 100644 --- a/otc/ABC/stacks/core/forgejo-runner.yaml +++ b/otc/ABC/stacks/forgejo/forgejo-runner.yaml @@ -21,4 +21,4 @@ spec: source: repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances targetRevision: HEAD - path: "otc/ABC/stacks/core/forgejo-runner" + path: "otc/ABC/stacks/forgejo/forgejo-runner" diff --git a/otc/ABC/stacks/core/forgejo-runner/dind-docker.yaml b/otc/ABC/stacks/forgejo/forgejo-runner/dind-docker.yaml similarity index 100% rename from otc/ABC/stacks/core/forgejo-runner/dind-docker.yaml rename to otc/ABC/stacks/forgejo/forgejo-runner/dind-docker.yaml diff --git a/otc/ABC/stacks/forgejo/forgejo-server.yaml b/otc/ABC/stacks/forgejo/forgejo-server.yaml new file mode 100644 index 0000000..2f2218a --- /dev/null +++ b/otc/ABC/stacks/forgejo/forgejo-server.yaml @@ -0,0 +1,38 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: forgejo-server + namespace: argocd + labels: + env: dev +spec: + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + retry: + limit: -1 + destination: + name: in-cluster + namespace: gitea + sources: + - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git + path: . + # first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml + # (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file) + # then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0): + # https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0 + # finally update the desired version here and include "-depends", it is created by the devops pipeline. + # why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies + targetRevision: v9.0.0-depends + helm: + valueFiles: + - $values/otc/ABC/stacks/forgejo/forgejo-server/values.yaml + - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances + targetRevision: HEAD + ref: values + - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances + targetRevision: HEAD + path: "otc/ABC/stacks/forgejo/forgejo-server/manifests" \ No newline at end of file diff --git a/otc/ABC/stacks/core/ingress-apps/forgejo.yaml b/otc/ABC/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml similarity index 89% rename from otc/ABC/stacks/core/ingress-apps/forgejo.yaml rename to otc/ABC/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml index 775140a..7370f34 100644 --- a/otc/ABC/stacks/core/ingress-apps/forgejo.yaml +++ b/otc/ABC/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml @@ -6,7 +6,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: 512m cert-manager.io/cluster-issuer: main - name: forgejo + name: forgejo-server namespace: gitea spec: ingressClassName: nginx @@ -16,7 +16,7 @@ spec: paths: - backend: service: - name: forgejo-http + name: forgejo-server-http port: number: 3000 path: / diff --git a/otc/ABC/stacks/forgejo/forgejo-server/values.yaml b/otc/ABC/stacks/forgejo/forgejo-server/values.yaml new file mode 100644 index 0000000..8a071f7 --- /dev/null +++ b/otc/ABC/stacks/forgejo/forgejo-server/values.yaml @@ -0,0 +1,163 @@ +redis-cluster: + enabled: false + +redis: + enabled: false + +postgresql: + enabled: false + +postgresql-ha: + enabled: false + +persistence: + enabled: true + size: 5Gi + +test: + enabled: false + +deployment: + env: + - name: SSL_CERT_FILE + value: /etc/elasticsearch/elasticsearch.cer + +extraVolumeMounts: + - mountPath: /etc/elasticsearch + name: elasticsearch-cert-volume + readOnly: true + +extraVolumes: + - name: elasticsearch-cert-volume + configMap: + defaultMode: 420 + name: elasticsearch-cert + +gitea: + additionalConfigFromEnvs: + - name: FORGEJO__storage__MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: access-key + - name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: secret-key + - name: FORGEJO__queue__CONN_STR + valueFrom: + secretKeyRef: + name: redis-forgejo-cloud-credentials + key: connection-string + - name: FORGEJO__session__PROVIDER_CONFIG + valueFrom: + secretKeyRef: + name: redis-forgejo-cloud-credentials + key: connection-string + - name: FORGEJO__cache__HOST + valueFrom: + secretKeyRef: + name: redis-forgejo-cloud-credentials + key: connection-string + - name: FORGEJO__database__HOST + valueFrom: + secretKeyRef: + name: postgres-forgejo-cloud-credentials + key: host_port + - name: FORGEJO__database__NAME + valueFrom: + secretKeyRef: + name: postgres-forgejo-cloud-credentials + key: database + - name: FORGEJO__database__USER + valueFrom: + secretKeyRef: + name: postgres-forgejo-cloud-credentials + key: username + - name: FORGEJO__database__PASSWD + valueFrom: + secretKeyRef: + name: postgres-forgejo-cloud-credentials + key: password + - name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR + valueFrom: + secretKeyRef: + name: elasticsearch-cloud-credentials + key: connection-string + + admin: + existingSecret: gitea-credential + + config: + indexer: + ISSUE_INDEXER_ENABLED: true + ISSUE_INDEXER_TYPE: elasticsearch + # TODO next + REPO_INDEXER_ENABLED: false + # REPO_INDEXER_TYPE: meilisearch # not yet working + + storage: + MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443 + STORAGE_TYPE: minio + MINIO_LOCATION: eu-de + MINIO_BUCKET: edp-forgejo-mycluster + MINIO_USE_SSL: true + + queue: + TYPE: redis + + session: + PROVIDER: redis + + cache: + ENABLED: true + ADAPTER: redis + + service: + DISABLE_REGISTRATION: true + + other: + SHOW_FOOTER_VERSION: false + SHOW_FOOTER_TEMPLATE_LOAD_TIME: false + + database: + DB_TYPE: postgres + + server: + DOMAIN: 'ABC' + ROOT_URL: 'https://ABC:443' + + mailer: + ENABLED: true + FROM: forgejo@ABC + PROTOCOL: smtp + SMTP_ADDR: mailhog.mailhog.svc.cluster.local + SMTP_PORT: 1025 + +service: + ssh: + type: NodePort + nodePort: 32222 + externalTrafficPolicy: Local + +image: + pullPolicy: "IfNotPresent" + # Overrides the image tag whose default is the chart appVersion. + #tag: "8.0.3" + # Adds -rootless suffix to image name + rootless: true + +forgejo: + runner: + enabled: true + image: + tag: latest + # replicas: 3 + config: + runner: + labels: + - docker:docker://node:16-bullseye + - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04 + - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04 + - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04 diff --git a/otc/ABC/stacks/observability/victoria-k8s-stack.yaml b/otc/ABC/stacks/observability/victoria-k8s-stack.yaml index 31f065d..b68cfb5 100644 --- a/otc/ABC/stacks/observability/victoria-k8s-stack.yaml +++ b/otc/ABC/stacks/observability/victoria-k8s-stack.yaml @@ -19,7 +19,7 @@ spec: - chart: victoria-metrics-k8s-stack repoURL: https://victoriametrics.github.io/helm-charts/ targetRevision: 0.48.1 - releaseName: victoria + releaseName: vm helm: valueFiles: - $values/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml diff --git a/otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml b/otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml index 0298c52..c7644b3 100644 --- a/otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml +++ b/otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml @@ -7,13 +7,9 @@ spec: username: simple-user password: simple-password targetRefs: - - crd: - kind: VMSingle - name: victoria-k8s-stack-victoria-metrics-k8s-stack - namespace: observability - paths: ["/.*"] - - crd: - kind: VLogs - name: victorialogs - namespace: observability - paths: ["/.*"] + - static: + url: http://vmsingle-victoria-k8s-stack-victoria-metrics-k8s-stack:8429 + paths: ["/api/v1/write/.*"] + - static: + url: http://vlogs-victorialogs:9428 + paths: ["/insert/elasticsearch/.*"] diff --git a/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml b/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml index 1933a2a..a48b7b4 100644 --- a/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml +++ b/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml @@ -763,23 +763,12 @@ vmauth: annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" cert-manager.io/cluster-issuer: main - host: o12y.penguin-observability.think-ahead.cloud + host: o12y.ABC tlsHosts: - - o12y.penguin-observability.think-ahead.cloud + - o12y.ABC tlsSecretName: vmauth-tls-secret - unauthorizedUserAccessSpec: - # -- Flag, that allows to disable default VMAuth unauthorized user access config - disabled: false - discover_backend_ips: true - url_map: - - src_paths: - - '{{ .vm.read.path }}/.*' - url_prefix: - - '{{ urlJoin (omit .vm.read "path") }}/' - - src_paths: - - '{{ .vm.write.path }}/.*' - url_prefix: - - '{{ urlJoin (omit .vm.write "path") }}/' + unauthorizedUserAccessSpec: {} + selectAllByDefault: true vmagent: # -- Create VMAgent CR @@ -882,6 +871,10 @@ defaultDatasources: grafana: enabled: true # all values for grafana helm chart can be specified here + persistence: + enabled: true + type: pvc + storageClassName: "default" sidecar: datasources: enabled: true