DevFW-CICD/stacks
DevFW-CICD/stacks
Archived
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: DevFW-CICD:146df7b8418e53c00a57739aa1eea05f6fa6d0cf
Branches Tags
DevFW-CICD:main
DevFW-CICD:development
DevFW-CICD:local_edpbuilder
DevFW-CICD:IPCEICIS-2951
DevFW-CICD:sso_jobs_push_to_cefor
DevFW-CICD:IPCEICIS-3796
DevFW-CICD:michals-silly-game
DevFW-CICD:django-backstage-template
DevFW-CICD:kindserver_development
DevFW-CICD:update_provider_argocd
DevFW-CICD:IPCEICIS-3110
DevFW-CICD:IPCEICIS-3111
DevFW-CICD:shipping_openbao_logs
DevFW-CICD:root_path_argocd_test
DevFW-CICD:forgego_10_update
DevFW-CICD:IPCEICIS-2435_change_argocd_path_routing_to_domain
DevFW-CICD:IPCEICIS-2643_install_keycloak_and_eso_first
DevFW-CICD:forgejo_runner_configuration_test
DevFW-CICD:helm_hydrate
DevFW-CICD:feature/externaldns_certmanager_test
DevFW-CICD:1.2.0
DevFW-CICD:1.1.1
DevFW-CICD:1.1.0
DevFW-CICD:1.0.0
...
compare: DevFW-CICD:923d5492907c11d105f85778d45236be75d91e4e
Branches Tags
DevFW-CICD:main
DevFW-CICD:development
DevFW-CICD:local_edpbuilder
DevFW-CICD:IPCEICIS-2951
DevFW-CICD:sso_jobs_push_to_cefor
DevFW-CICD:IPCEICIS-3796
DevFW-CICD:michals-silly-game
DevFW-CICD:django-backstage-template
DevFW-CICD:kindserver_development
DevFW-CICD:update_provider_argocd
DevFW-CICD:IPCEICIS-3110
DevFW-CICD:IPCEICIS-3111
DevFW-CICD:shipping_openbao_logs
DevFW-CICD:root_path_argocd_test
DevFW-CICD:forgego_10_update
DevFW-CICD:IPCEICIS-2435_change_argocd_path_routing_to_domain
DevFW-CICD:IPCEICIS-2643_install_keycloak_and_eso_first
DevFW-CICD:forgejo_runner_configuration_test
DevFW-CICD:helm_hydrate
DevFW-CICD:feature/externaldns_certmanager_test
DevFW-CICD:1.2.0
DevFW-CICD:1.1.1
DevFW-CICD:1.1.0
DevFW-CICD:1.0.0

19 commits
146df7b841 ... 923d549290

Author SHA1 Message Date
Patrick Sy
923d549290 fix(observability): Changed auth route target to new name 2025-06-10 09:16:42 +00:00
Patrick Sy
19c4694119 fix(observability): Removed auth lifetime config 2025-06-10 09:16:42 +00:00
Patrick Sy
eacdcf2eae feat(observability): Disabled grafana auth protection 2025-06-10 09:16:42 +00:00
Patrick Sy
050c774db0 fix(observability): Switched to ServerSideApply for o12y stack 2025-06-10 09:16:42 +00:00
Patrick Sy
b2ca785ff2 refactor(observability): Renamed argo app to o12y 2025-06-10 09:16:42 +00:00
franz.germann
bcfd471073 fix(vmetrics): fixed the vmetrics route 2025-06-10 09:16:42 +00:00
Patrick Sy
17b13041b4 feat(observability): Created observability-client stack 
Moved vector from core stack to observability-client
Added victoriametrics-k8s-stack to observability-client for easy vmagent
and scraping config
 2025-06-10 09:16:42 +00:00
richardrobertreitz
9bd4871127 Update template/stacks/forgejo/forgejo-server.yaml 2025-06-06 09:50:20 +00:00
richardrobertreitz
e5b633fbf4 Update template/stacks/forgejo/forgejo-server.yaml 2025-06-06 09:46:11 +00:00
Richard Robert Reitz
fc860747fd feat(forgejo,argocd): Fixed the Forgejo ingress and moved argocd and forgejo ingresses into the argocd and forgejo application manifests folder 2025-06-06 11:34:30 +02:00
Richard Robert Reitz
fc12862e12 feat(forgejo,argocd): Fixed the Forgejo ingress and moved argocd and forgejo ingresses into the argocd and forgejo application manifests folder 2025-06-06 11:29:46 +02:00
franz.germann
490e4fcfd9 fix(forgejo): renamed forgejo service to match forgejo-server- 2025-06-06 10:12:13 +02:00
Patrick Sy
358be3205b
fix(forgejo): Properly interpolate minio bucket name in forgejo config 2025-06-04 16:27:10 +02:00
Daniel Sy
b775019744
feat: 🎉 Add SSL certificate configuration for deployment 
Adds configuration for SSL certificate in the deployment settings by introducing environment variables and volume mounts for the Elasticsearch certificate.

This enhancement improves security by ensuring that the application can properly utilize SSL certificates for secure communication.
 2025-06-03 16:54:06 +02:00
Richard Robert Reitz
4761fef87c feat(forgejo): Resolved duplicate forgejo argocd application name 2025-06-03 14:19:47 +02:00
richardrobertreitz
104b811e7e Update template/registry/forgejo.yaml 2025-06-03 12:11:31 +00:00
Christopher Hase
02d9d207dd feat(forgejo): separate forgejo from core into its own stack 2025-06-03 10:17:24 +02:00
Daniel Sy
dd46f37e43
feat: Add Elasticsearch indexer configuration 
Introduces the configuration for the issue indexer using Elasticsearch, enabling the ISSUE_INDEXER feature.

Sets the ISSUE_INDEXER_ENABLED flag to true and specifies the connection string sourced from a secret.

Prepares for future enhancements by including placeholders for repository indexing options.
 2025-06-02 17:39:15 +02:00
miwr
e1bf3012e2 feat(forgejo): database reference refactoring 2025-06-02 15:05:51 +02:00
17 changed files with 1428 additions and 30 deletions
Show stats Expand all files Collapse all files

14
template/stacks/core/ingress-apps.yaml → template/registry/forgejo.yaml
View file

@ -1,24 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-apps
name: forgejo
namespace: argocd
labels:
example: ref-implementation
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: "https://kubernetes.default.svc"
name: in-cluster
namespace: argocd
source:
repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/forgejo"
repoURL: "https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}"
targetRevision: HEAD
path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/ingress-apps"
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1

24
template/registry/observability-client.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: observability-client
namespace: argocd
labels:
env: dev
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: argocd
source:
path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/observability-client"
repoURL: "https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}"
targetRevision: HEAD
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

3
template/stacks/core/argocd.yaml
View file

@ -30,3 +30,6 @@ spec:
- repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
targetRevision: HEAD
ref: values
- repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
targetRevision: HEAD
path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/argocd/manifests"

0
template/stacks/core/ingress-apps/argocd-server.yaml → template/stacks/core/argocd/manifests/argocd-server-ingress.yaml
View file

2
template/stacks/core/forgejo-runner.yaml → template/stacks/forgejo/forgejo-runner.yaml
View file

@ -21,4 +21,4 @@ spec:
source:
repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
targetRevision: HEAD
path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/forgejo-runner"
path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/forgejo/forgejo-runner"

0
template/stacks/core/forgejo-runner/dind-docker.yaml → template/stacks/forgejo/forgejo-runner/dind-docker.yaml
View file

38
template/stacks/forgejo/forgejo-server.yaml Normal file
View file

@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-server
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: gitea
sources:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
path: .
# first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml
# (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file)
# then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0):
# https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0
# finally update the desired version here and include "-depends", it is created by the devops pipeline.
# why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies
targetRevision: v9.0.0-depends
helm:
valueFiles:
- $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/forgejo/forgejo-server/values.yaml
- repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
targetRevision: HEAD
ref: values
- repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
targetRevision: HEAD
path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/forgejo/forgejo-server/manifests"

4
template/stacks/core/ingress-apps/forgejo.yaml → template/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml
View file

@ -10,7 +10,7 @@ metadata:
dns.gardener.cloud/dnsnames: {{{ .Env.DOMAIN_GITEA }}}
dns.gardener.cloud/ttl: "600"
{{{ end }}}
name: forgejo
name: forgejo-server
namespace: gitea
spec:
ingressClassName: nginx
@ -20,7 +20,7 @@ spec:
paths:
- backend:
service:
name: forgejo-http
name: forgejo-server-http
port:
number: 3000
path: /

36
template/stacks/core/forgejo/values.yaml → template/stacks/forgejo/forgejo-server/values.yaml
View file

@ -17,6 +17,22 @@ persistence:
test:
enabled: false
deployment:
env:
- name: SSL_CERT_FILE
value: /etc/elasticsearch/elasticsearch.cer
extraVolumeMounts:
- mountPath: /etc/elasticsearch
name: elasticsearch-cert-volume
readOnly: true
extraVolumes:
- name: elasticsearch-cert-volume
configMap:
defaultMode: 420
name: elasticsearch-cert
gitea:
additionalConfigFromEnvs:
- name: FORGEJO__storage__MINIO_ACCESS_KEY_ID
@ -53,27 +69,39 @@ gitea:
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: name
key: database
- name: FORGEJO__database__USER
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: user
key: username
- name: FORGEJO__database__PASSWD
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: password
- name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR
valueFrom:
secretKeyRef:
name: elasticsearch-cloud-credentials
key: connection-string
admin:
existingSecret: gitea-credential
config:
indexer:
ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: elasticsearch
# TODO next
REPO_INDEXER_ENABLED: false
# REPO_INDEXER_TYPE: meilisearch # not yet working
storage:
MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
STORAGE_TYPE: minio
MINIO_LOCATION: eu-de
MINIO_BUCKET: edp-forgejo-central-forgejo
MINIO_BUCKET: edp-forgejo-{{{ .Env.CLUSTER_ENVIRONMENT }}}
MINIO_USE_SSL: true
queue:
@ -132,4 +160,4 @@ forgejo:
- docker:docker://node:16-bullseye
- self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04

2
template/stacks/core/vector.yaml → template/stacks/observability-client/vector.yaml
View file

@ -23,7 +23,7 @@ spec:
targetRevision: 0.43.0
helm:
valueFiles:
- $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/vector/values.yaml
- $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/observability-client/vector/values.yaml
- repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
targetRevision: HEAD
ref: values

0
template/stacks/core/vector/values.yaml → template/stacks/observability-client/vector/values.yaml
View file

18
template/stacks/core/forgejo.yaml → template/stacks/observability-client/vm-client-stack.yaml
View file

@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo
name: vm-client-stack
namespace: argocd
labels:
env: dev
@ -12,18 +12,20 @@ spec:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: gitea
namespace: observability
sources:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
path: .
targetRevision: v12.0.0-depends
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
releaseName: vm
helm:
valueFiles:
- $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/forgejo/values.yaml
- $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/observability-client/vm-client-stack/values.yaml
- repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
targetRevision: HEAD
ref: values
- repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
targetRevision: HEAD
path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/observability-client/vm-client-stack/manifests"

9
template/stacks/observability-client/vm-client-stack/manifests/simple-user-secret.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: simple-user-secret
namespace: observability
type: Opaque
stringData:
username: simple-user
password: simple-password

1287
template/stacks/observability-client/vm-client-stack/values.yaml Normal file
View file

File diff suppressed because it is too large Load diff

5
template/stacks/observability/victoria-k8s-stack.yaml
View file

@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: victoria-k8s-stack
name: o12y
namespace: argocd
labels:
env: dev
@ -12,6 +12,7 @@ spec:
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
destination:
name: in-cluster
namespace: observability
@ -19,7 +20,7 @@ spec:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
releaseName: vm
releaseName: o12y
helm:
valueFiles:
- $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/observability/victoria-k8s-stack/values.yaml

4
template/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml
View file

@ -8,8 +8,8 @@ spec:
password: simple-password
targetRefs:
- static:
url: http://vmsingle-victoria-k8s-stack-victoria-metrics-k8s-stack:8429
paths: ["/api/v1/write/.*"]
url: http://vmsingle-o12y:8429
paths: ["/api/v1/write"]
- static:
url: http://vlogs-victorialogs:9428
paths: ["/insert/elasticsearch/.*"]

12
template/stacks/observability/victoria-k8s-stack/values.yaml
View file

@ -14,13 +14,13 @@ global:
# -- Override chart name
nameOverride: ""
# -- Resource full name override
fullnameOverride: ""
fullnameOverride: "o12y"
# -- Tenant to use for Grafana datasources and remote write
tenant: "0"
# -- If this chart is used in "Argocd" with "releaseName" field then
# VMServiceScrapes couldn't select the proper services.
# For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME'
argocdReleaseOverride: ""
argocdReleaseOverride: "o12y"
# -- VictoriaMetrics Operator dependency chart configuration. More values can be found [here](https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters). Also checkout [here](https://docs.victoriametrics.com/operator/vars) possible ENV variables to configure operator behaviour
victoria-metrics-operator:
@ -772,7 +772,7 @@ vmauth:
vmagent:
# -- Create VMAgent CR
enabled: true
enabled: false
# -- VMAgent annotations
annotations: {}
# -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec)
@ -875,6 +875,12 @@ grafana:
enabled: true
type: pvc
storageClassName: "default"
grafana.ini:
# auth:
# login_maximum_inactive_lifetime_duration: 0
# login_maximum_lifetime_duration: 0
security:
disable_brute_force_login_protection: true
sidecar:
datasources:
enabled: true