Initial upload

otc/ABC/registry/forgejo.yaml

@@ -1,24 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: ingress-apps
+  name: forgejo
   namespace: argocd
   labels:
-    example: ref-implementation
+    env: dev
   finalizers:
     - resources-finalizer.argocd.argoproj.io
 spec:
   destination:
-    server: "https://kubernetes.default.svc"
+    name: in-cluster
+    namespace: argocd
   source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+    path: "otc/ABC/stacks/forgejo"
+    repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances"
     targetRevision: HEAD
-    path: "otc/ABC/stacks/core/ingress-apps"
   project: default
   syncPolicy:
     automated:
+      prune: true
       selfHeal: true
     syncOptions:
       - CreateNamespace=true
-    retry:
-      limit: -1

otc/ABC/stacks/core/argocd.yaml

@@ -30,3 +30,6 @@ spec:
     - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
       targetRevision: HEAD
       ref: values
+    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+      targetRevision: HEAD
+      path: "otc/ABC/stacks/core/argocd/manifests"

otc/ABC/stacks/core/forgejo.yaml

@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: forgejo
-  namespace: argocd
-  labels:
-    env: dev
-spec:
-  project: default
-  syncPolicy:
-    automated:
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-    retry:
-      limit: -1
-  destination:
-    name: in-cluster
-    namespace: gitea
-  sources:
-    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
-      path: .
-      targetRevision: v12.0.0-depends
-      helm:
-        valueFiles:
-          - $values/otc/ABC/stacks/core/forgejo/values.yaml
-    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
-      targetRevision: HEAD
-      ref: values

otc/ABC/stacks/core/forgejo/values.yaml

@@ -1,77 +0,0 @@
-redis-cluster:
-  enabled: true
-postgresql:
-  enabled: false
-postgresql-ha:
-  enabled: false
-
-persistence:
-  enabled: true
-  size: 5Gi
-
-test:
-  enabled: false
-
-gitea:
-  additionalConfigFromEnvs:
-    - name: FORGEJO__APP_NAME
-      value: EDP Forgejo
-    - name: FORGEJO__APP_SLOGAN
-      value: Welcome to the Forgejo
-#    - name: ENV_TO_INI__DATABASE__PASSWD
-#      valueFrom:
-#        secretKeyRef:
-#          name: postgres-secret
-#          key: password
-  admin:
-    existingSecret: gitea-credential
-  config:
-    service:
-      DISABLE_REGISTRATION: true
-    other:
-      SHOW_FOOTER_VERSION: false
-      SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
-    database:
-      DB_TYPE: sqlite3
-    session:
-      PROVIDER: memory
-    cache:
-      ADAPTER: memory
-    queue:
-      TYPE: level
-    server:
-      DOMAIN: 'ABC'
-      ROOT_URL: 'https://ABC:443'
-    mailer:
-      ENABLED: true
-      FROM: forgejo@ABC
-      PROTOCOL: smtp
-      SMTP_ADDR: mailhog.mailhog.svc.cluster.local
-      SMTP_PORT: 1025
-
-service:
-  ssh:
-    type: NodePort
-    nodePort: 32222
-    externalTrafficPolicy: Local
-
-image:
-  pullPolicy: "IfNotPresent"
-  # Overrides the image tag whose default is the chart appVersion.
-  #tag: "8.0.3"
-  # Adds -rootless suffix to image name
-  rootless: true
-
-forgejo:
-  runner:
-    enabled: true
-    image:
-      tag: latest
-    # replicas: 3
-    config:
-      runner:
-        labels:
-          - docker:docker://node:16-bullseye
-          - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
-          - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
-          - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04

otc/ABC/stacks/core/vector/values.yaml

@@ -39,7 +39,11 @@ customConfig:
       type: elasticsearch
       inputs: [parser]
       endpoints: 
-        - https://o12y.penguin-observability.think-ahead.cloud/insert/elasticsearch/
+        - https://o12y.observability.think-ahead.cloud/insert/elasticsearch/
+      auth:
+        strategy: basic
+        user: simple-user
+        password: simple-password  
       mode: bulk
       api_version: v8
       compression: gzip
@@ -50,5 +54,5 @@ customConfig:
           VL-Time-Field: timestamp
           VL-Stream-Fields: stream,kubernetes.pod_name,kubernetes.container_name,kubernetes.pod_namespace
           VL-Msg-Field: message,msg,_msg,log.msg,log.message,log
-          AccountID: "2"
+          AccountID: "0"
-          ProjectID: "2"
+          ProjectID: "0"

otc/ABC/stacks/forgejo/forgejo-runner.yaml

@@ -21,4 +21,4 @@ spec:
   source:
     repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
     targetRevision: HEAD
-    path: "otc/ABC/stacks/core/forgejo-runner"
+    path: "otc/ABC/stacks/forgejo/forgejo-runner"

otc/ABC/stacks/forgejo/forgejo-server.yaml

@@ -0,0 +1,38 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: forgejo-server
+  namespace: argocd
+  labels:
+    env: dev
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: -1
+  destination:
+    name: in-cluster
+    namespace: gitea
+  sources:
+    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
+      path: .
+      # first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml
+      # (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file)
+      # then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0):
+      # https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0
+      # finally update the desired version here and include "-depends", it is created by the devops pipeline. 
+      # why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies
+      targetRevision: v9.0.0-depends
+      helm:
+        valueFiles:
+          - $values/otc/ABC/stacks/forgejo/forgejo-server/values.yaml
+    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+      targetRevision: HEAD
+      ref: values
+    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+      targetRevision: HEAD
+      path: "otc/ABC/stacks/forgejo/forgejo-server/manifests"

otc/ABC/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml

@@ -6,7 +6,7 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-body-size: 512m
     cert-manager.io/cluster-issuer: main
 
-  name: forgejo
+  name: forgejo-server
   namespace: gitea
 spec:
   ingressClassName: nginx
@@ -16,7 +16,7 @@ spec:
       paths:
       - backend:
           service:
-            name: forgejo-http
+            name: forgejo-server-http
             port:
               number: 3000
         path: /

otc/ABC/stacks/forgejo/forgejo-server/values.yaml

@@ -0,0 +1,163 @@
+redis-cluster:
+  enabled: false
+
+redis:
+  enabled: false
+
+postgresql:
+  enabled: false
+
+postgresql-ha:
+  enabled: false
+
+persistence:
+  enabled: true
+  size: 5Gi
+
+test:
+  enabled: false
+
+deployment:
+  env:
+    - name: SSL_CERT_FILE
+      value: /etc/elasticsearch/elasticsearch.cer
+
+extraVolumeMounts:
+  - mountPath: /etc/elasticsearch
+    name: elasticsearch-cert-volume
+    readOnly: true
+
+extraVolumes:
+  - name: elasticsearch-cert-volume
+    configMap:
+      defaultMode: 420
+      name: elasticsearch-cert
+
+gitea:
+  additionalConfigFromEnvs:
+    - name: FORGEJO__storage__MINIO_ACCESS_KEY_ID
+      valueFrom:
+        secretKeyRef:
+          name: forgejo-cloud-credentials
+          key: access-key
+    - name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY
+      valueFrom:
+        secretKeyRef:
+          name: forgejo-cloud-credentials
+          key: secret-key
+    - name: FORGEJO__queue__CONN_STR
+      valueFrom:
+        secretKeyRef:
+          name: redis-forgejo-cloud-credentials
+          key: connection-string
+    - name: FORGEJO__session__PROVIDER_CONFIG
+      valueFrom:
+        secretKeyRef:
+          name: redis-forgejo-cloud-credentials
+          key: connection-string
+    - name: FORGEJO__cache__HOST
+      valueFrom:
+        secretKeyRef:
+          name: redis-forgejo-cloud-credentials
+          key: connection-string
+    - name: FORGEJO__database__HOST
+      valueFrom:
+        secretKeyRef:
+          name: postgres-forgejo-cloud-credentials
+          key: host_port
+    - name: FORGEJO__database__NAME
+      valueFrom:
+        secretKeyRef:
+          name: postgres-forgejo-cloud-credentials
+          key: database
+    - name: FORGEJO__database__USER
+      valueFrom:
+        secretKeyRef:
+          name: postgres-forgejo-cloud-credentials
+          key: username
+    - name: FORGEJO__database__PASSWD
+      valueFrom:
+        secretKeyRef:
+          name: postgres-forgejo-cloud-credentials
+          key: password
+    - name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR
+      valueFrom:
+        secretKeyRef:
+          name: elasticsearch-cloud-credentials
+          key: connection-string
+
+  admin:
+    existingSecret: gitea-credential
+
+  config:
+    indexer:
+      ISSUE_INDEXER_ENABLED: true
+      ISSUE_INDEXER_TYPE: elasticsearch
+      # TODO next
+      REPO_INDEXER_ENABLED: false
+      # REPO_INDEXER_TYPE: meilisearch # not yet working
+
+    storage:
+      MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
+      STORAGE_TYPE: minio
+      MINIO_LOCATION: eu-de
+      MINIO_BUCKET: edp-forgejo-mycluster
+      MINIO_USE_SSL: true
+
+    queue:
+      TYPE: redis
+
+    session:
+      PROVIDER: redis
+
+    cache:
+      ENABLED: true
+      ADAPTER: redis
+
+    service:
+      DISABLE_REGISTRATION: true
+
+    other:
+      SHOW_FOOTER_VERSION: false
+      SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
+
+    database:
+      DB_TYPE: postgres
+
+    server:
+      DOMAIN: 'ABC'
+      ROOT_URL: 'https://ABC:443'
+
+    mailer:
+      ENABLED: true
+      FROM: forgejo@ABC
+      PROTOCOL: smtp
+      SMTP_ADDR: mailhog.mailhog.svc.cluster.local
+      SMTP_PORT: 1025
+
+service:
+  ssh:
+    type: NodePort
+    nodePort: 32222
+    externalTrafficPolicy: Local
+
+image:
+  pullPolicy: "IfNotPresent"
+  # Overrides the image tag whose default is the chart appVersion.
+  #tag: "8.0.3"
+  # Adds -rootless suffix to image name
+  rootless: true
+
+forgejo:
+  runner:
+    enabled: true
+    image:
+      tag: latest
+    # replicas: 3
+    config:
+      runner:
+        labels:
+          - docker:docker://node:16-bullseye
+          - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+          - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+          - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04

otc/ABC/stacks/observability/victoria-k8s-stack.yaml

@@ -19,7 +19,7 @@ spec:
     - chart: victoria-metrics-k8s-stack
       repoURL: https://victoriametrics.github.io/helm-charts/
       targetRevision: 0.48.1
-      releaseName: victoria
+      releaseName: vm
       helm:
         valueFiles:
           - $values/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml

otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml

@@ -7,13 +7,9 @@ spec:
   username: simple-user
   password: simple-password
   targetRefs:
-    - crd:
+    - static:
-        kind: VMSingle
+        url: http://vmsingle-victoria-k8s-stack-victoria-metrics-k8s-stack:8429
-        name: victoria-k8s-stack-victoria-metrics-k8s-stack
+      paths: ["/api/v1/write/.*"]
-        namespace: observability
+    - static:
-      paths: ["/.*"]
+        url: http://vlogs-victorialogs:9428
-    - crd:
+      paths: ["/insert/elasticsearch/.*"]
-        kind: VLogs
-        name: victorialogs
-        namespace: observability
-      paths: ["/.*"]  

otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml

@@ -763,23 +763,12 @@ vmauth:
       annotations:
         nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
         cert-manager.io/cluster-issuer: main
-      host: o12y.penguin-observability.think-ahead.cloud
+      host: o12y.ABC
       tlsHosts:
-        - o12y.penguin-observability.think-ahead.cloud
+        - o12y.ABC
       tlsSecretName: vmauth-tls-secret
-    unauthorizedUserAccessSpec:
+    unauthorizedUserAccessSpec: {}
-      # -- Flag, that allows to disable default VMAuth unauthorized user access config
+    selectAllByDefault: true
-      disabled: false
-      discover_backend_ips: true
-      url_map:
-        - src_paths:
-            - '{{ .vm.read.path }}/.*'
-          url_prefix:
-            - '{{ urlJoin (omit .vm.read "path") }}/'
-        - src_paths:
-            - '{{ .vm.write.path }}/.*'
-          url_prefix:
-            - '{{ urlJoin (omit .vm.write "path") }}/'
 
 vmagent:
   # -- Create VMAgent CR
@@ -882,6 +871,10 @@ defaultDatasources:
 grafana:
   enabled: true
   # all values for grafana helm chart can be specified here
+  persistence:
+    enabled: true
+    type: pvc
+    storageClassName: "default"
   sidecar:
     datasources:
       enabled: true