9bb0063f8b
Use Redis in the Forgejo configuration to support rolling updates of Forgejo itself
...
Forgejo is not able to be reconfigured by default: a queue is locked
To circumvent the problem, we need simply to enable the use of Redis as a Forgejo component
2025-04-22 12:29:50 +00:00
350e3a804c
nginx.conf
2025-04-22 14:25:44 +02:00
a9ae743de9
subpath
2025-04-22 14:13:15 +02:00
6ac5a94503
updates Forgejo sync policy
2025-04-22 09:55:18 +02:00
f783a582c6
does cleanup
2025-04-17 16:45:59 +02:00
4e50289d91
testing the hydration of domains
2025-04-17 15:50:35 +02:00
ba2b7dbc9f
adds missing secret for 'git clone'-command
2025-04-17 14:46:29 +02:00
9dd9184cfd
uses the new secrets for 'git clone'-command
2025-04-17 14:31:56 +02:00
0e26cc9a3f
adds forgejo-access-token external secret for gitea namespace
2025-04-17 13:09:43 +02:00
0668eb7c5f
Merge branch 'IPCEICIS-2297_working_oidc' of https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks into IPCEICIS-2297_working_oidc
2025-04-17 12:59:21 +02:00
74523447ae
adds the correct secrets
2025-04-17 12:56:58 +02:00
cce8c51b75
Add template/stacks/core/argocd-sso/argocd-forgejo-access-token.yaml
2025-04-17 10:54:47 +00:00
11d9ad5fcc
testing
2025-04-16 15:24:28 +02:00
42d65e95be
testing
2025-04-16 14:59:25 +02:00
5165583b9a
testing
2025-04-16 14:53:10 +02:00
701771ad13
adds secretRefs to the jobs
2025-04-14 17:42:27 +02:00
d90402b74a
renaming
2025-04-14 16:56:45 +02:00
b533f7adf3
adds a kubernetes job that configures ArgoCD
2025-04-14 16:39:37 +02:00
620f7a3fd9
adds a kubernetes job that configures Forgejo
2025-04-14 13:30:50 +02:00
1a8c2846bc
Update template/stacks/core/forgejo-sso/secret-forgejo.yaml
2025-04-12 21:21:16 +00:00
ead21d078a
Update template/stacks/core/argocd-sso/argocd-secret.yaml
2025-04-12 20:42:55 +00:00
Richard Robert Reitz
33def8aba5
Added keycloak client externalsecret for Forgejo and ArgoCD
2025-04-12 21:31:05 +02:00
Richard Robert Reitz
55a1eaa6f6
Added Forgejo to Keycloak config
2025-04-12 21:07:43 +02:00
Richard Robert Reitz
2532958de8
Added Forgejo to Keycloak config
2025-04-12 21:05:35 +02:00
7a5e29e47d
Update template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
2025-04-12 18:52:41 +00:00
3263113ebe
Update template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
2025-04-12 18:49:15 +00:00
5d0182d6ee
Update template/stacks/core/forgejo/values.yaml
2025-04-12 16:27:05 +00:00
c01d4952ad
Disabled user self registration in Forgejo
2025-04-12 16:17:20 +00:00
777d6afeb4
Update template/stacks/core/forgejo-runner/dind-docker.yaml
2025-04-11 14:12:29 +00:00
529182ee3d
logrotate-cronjob
2025-04-02 15:31:38 +02:00
dd9ddc8fdb
sidecar-script
2025-04-02 15:26:04 +02:00
6811280b92
- name: sidecar-nginx
...
image: nginx:latest
ports:
- containerPort: 8080
volumeMounts:
- name: idecar-script
mountPath: /etc/nginx
subPath: nginx.conf
subPathExpr: 'nginx.conf'
- name: idecar-script
mountPath: /tmp/sidecar.sh
subPath: sidecar.sh
mode: 0755
- name: passwd-volume
mountPath: /etc/passwd
subPath: passwd
2025-04-02 15:20:11 +02:00
949cf77c4e
sighup
2025-04-02 14:53:08 +02:00
a11947c5e7
kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found"
2025-04-02 14:40:13 +02:00
853ce17354
app: openbao-0
2025-04-02 14:39:56 +02:00
8b6b29cb9f
sleep infinity
2025-04-02 14:21:28 +02:00
4553289695
tmp
2025-04-02 13:59:01 +02:00
0f229f7adb
sleep infinity
2025-04-02 13:51:28 +02:00
cfb473659d
command: ["/bin/sh", "-c", "sleep 1000000000000000000000"]
2025-04-02 13:46:04 +02:00
795d575d5e
kill -SIGHUP $(pidof bao) || echo "OpenBAO process not found"
...
mkdir pupa
2025-04-02 13:38:34 +02:00
c754dc80bc
signal-sidecar-script
2025-04-02 13:32:15 +02:00
1a85de6cda
5k
2025-04-02 11:03:54 +02:00
5db72e2dc0
cronjob
2025-04-02 10:43:10 +02:00
ca9fd7ba39
- name: status
...
mountPath: /var/lib
2025-04-02 10:08:07 +02:00
48fb2c1481
size 1M
2025-04-02 09:53:08 +02:00
a2d2bd9b87
volumeMounts:
...
- name: host-log-storage
mountPath: /openbao/logs
2025-04-02 08:59:29 +02:00
49fdf90dd8
- name: logrotate2
2025-04-01 14:49:40 +02:00
b5a515c6f9
imroc/logrotate:latest
2025-04-01 14:44:46 +02:00
485e772016
# - name: status
...
# mountPath: /var/lib
2025-04-01 14:11:35 +02:00
71a45cc0b8
value: "* * * * *"
2025-04-01 14:04:13 +02:00
5200aa748c
5k
2025-04-01 13:53:08 +02:00
29ec426778
delaycompress rmoved
2025-04-01 13:36:33 +02:00
7b8ea2de6b
status
2025-04-01 13:28:10 +02:00
ee630c88b9
env:
...
- name: CRON_SCHEDULE
value: "0 * * * *"
- name: TINI_SUBREAPER
value:
2025-04-01 13:18:44 +02:00
fc6ee8bcae
1M
2025-04-01 12:53:31 +02:00
c9d72e9f90
should be done
2025-04-01 11:57:46 +02:00
7cc75f0095
test
2025-04-01 11:44:52 +02:00
37a9a73664
- name: passwd-volume
...
mountPath: /etc/passwd
subPath: passwd
2025-04-01 11:44:19 +02:00
ad76195004
passwd-user-configmap
2025-04-01 11:35:26 +02:00
d3b60c036a
extraArgs: "chmod o+rwx /etc/passwd"
2025-04-01 11:20:56 +02:00
de3194062d
extraArgs:
...
- |
chmod o+rwx /etc/passwd
chmod o+rwx /etc/group
2025-04-01 11:16:07 +02:00
cda3fc8179
extraArgs:
...
- chmod o+rwx /etc/passwd
- chmod o+rwx /etc/group
2025-04-01 11:15:20 +02:00
2dc751b5e3
chmod o+rwx /etc/passwd
...
chmod o+rwx /etc/group
2025-04-01 10:59:09 +02:00
12a4ed37f7
/etc/group
2025-04-01 10:51:43 +02:00
77b571b768
chown 100:100 /etc/passwd
2025-04-01 10:50:59 +02:00
6df0858cdf
- name: init
...
image: alpine:latest
2025-04-01 10:45:20 +02:00
06fb6d223f
runAsUser: 100
2025-04-01 10:21:07 +02:00
4f8eb0bc8b
chmod o+rwx /var/log/openbao
2025-04-01 10:05:55 +02:00
1164768b9f
runAsUser: 1
2025-03-31 15:53:54 +02:00
f66f437cdf
runAsUser: 100
2025-03-31 15:48:42 +02:00
ce5bdf0226
runAsUser: 1
2025-03-31 15:35:06 +02:00
56c5cc2620
- name: alloy-data
...
mountPath: /var/lib/
2025-03-31 15:24:21 +02:00
458414e779
set -e
...
mkdir -p /var/log/openbao
chown 100:100 /var/log/openbao
echo "logrotate❌ 100💯 :/home/logrotate:/bin/sh" >> /etc/passwd
echo "logrotate❌ 100:" >> /etc/group
mkdir -p /home/logrotate
# chown 100:100 /var/lib
2025-03-31 15:09:30 +02:00
8eae08aaa9
securityContext:
...
runAsUser: 0
2025-03-31 15:04:11 +02:00
ba9452e03c
chown 100:100 /var/lib
2025-03-31 14:55:39 +02:00
888d32c403
set -e
...
mkdir -p /var/log/openbao
chown 100:100 /var/log/openbao
echo "logrotate❌ 100💯 :/home/logrotate:/bin/sh" >> /etc/passwd
echo "logrotate❌ 100:" >> /etc/group
chown logrotate:logrotate /var/lib
2025-03-31 14:49:48 +02:00
6f3effeaf5
# bao audit enable file file_path=stdout
2025-03-31 14:49:09 +02:00
fd02d55dda
bao audit enable file file_path=stdout
2025-03-31 14:26:58 +02:00
63b17c9e32
echo "logrotate ❌ 100 💯 :/home/logrotate:/bin/sh" >> /etc/passwd
...
echo "logrotate❌ 100:" >> /etc/group
2025-03-31 14:10:34 +02:00
f13bf825ff
set -e
...
chown 100:100 /var/lib
tail -f /dev/null
2025-03-31 14:03:43 +02:00
abd7da5cd3
image: alpine:latest
2025-03-31 13:58:12 +02:00
a42df6275c
restart policy removed
2025-03-31 13:50:24 +02:00
5a802be864
- |
...
set -e
useradd -u 100 logrotate
chown logrotate:logrotate /var/lib
tail -f /dev/null
2025-03-31 13:45:05 +02:00
bc6ed363e2
logrotate-priviledges
2025-03-31 13:38:33 +02:00
631be775f5
chown logrotate:logrotate /var/lib/logrotate.status
2025-03-31 13:28:37 +02:00
0107666fe2
logrotate-config-volume
2025-03-31 12:31:38 +02:00
e5ccae1aab
- name: logrotate-config
...
mountPath: /etc/logrotate.conf
subPath: logrotate.conf
readOnly: true
2025-03-31 12:22:35 +02:00
f6d1842876
image: skymatic/logrotate:latest
2025-03-31 12:14:19 +02:00
508ecd3f12
imagePullPolicy: IfNotPresent
2025-03-31 12:07:24 +02:00
5e47caaee1
- name: logrotate
...
image: imroc/logrotate:latest
env:
- name: LOGROTATE_FILE_PATTERN
value: "/var/log/nginx/nginx_*.log"
- name: LOGROTATE_FILESIZE
value: "20M"
- name: LOGROTATE_FILENUM
value: "10"
- name: CRON_EXPR
value: "*/1 * * * *"
- name: CROND_LOGLEVEL
value: "7"
2025-03-31 11:54:31 +02:00
0485a8fb76
image: skymatic/logrotate:latest
2025-03-31 11:42:14 +02:00
17f578dde2
blacklabelops/logrotate
2025-03-31 11:20:56 +02:00
a35aefc376
image: debian:stable-slim
2025-03-31 11:07:40 +02:00
398c94fbc8
alpine:latest
2025-03-31 11:02:11 +02:00
30f0c6f218
debian:stable-slim
2025-03-31 10:54:23 +02:00
06303ef355
bao audit enable -path="file" file file_path=/openbao/logs/openbao/openbao.log
2025-03-31 10:30:15 +02:00
08471dee47
bao audit enable -path="file" file file_path=/var/log/openbao/openbao.log
2025-03-31 10:25:48 +02:00
881b65fcec
apiVersion: apps/v1
...
kind: DaemonSet
metadata:
name: openbao-logging-dir
namespace: openbao
spec:
selector:
matchLabels:
app: openbao-logging-dir
template:
metadata:
labels:
app: openbao-logging-dir
spec:
initContainers:
- name: creator
image: busybox
command: ["/bin/sh", "-c"]
args:
- |
set -e
mkdir -p /var/log/openbao
chown 100:100 /var/log/openbao
securityContext:
runAsUser: 0
volumeMounts:
- name: host-log
mountPath: /var/log
containers:
- name: running-container
image: busybox
command: ["sleep", "infinity"]
volumes:
- name: host-log
hostPath:
path: /var/log
type: Directory
2025-03-31 10:19:39 +02:00
3853370a8c
# - name: logrotate-config
...
# mountPath: /etc/logrotate.conf
# subPath: logrotate.conf
2025-03-31 10:10:59 +02:00
6acd284b83
- name: logrotate
...
image: alpine:latest
command: ["/bin/sh", "-c", "while true; do /usr/sbin/logrotate /etc/logrotate.conf; sleep 60; done"]
securityContext:
runAsUser: 100
volumeMounts:
- name: host-log-storage
mountPath: /openbao/logs
- name: logrotate-config
mountPath: /etc/logrotate.conf
subPath: logrotate.conf
2025-03-31 10:03:59 +02:00
