Added Woodpecker configuration

argocd/rbac-role.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: deployer-binding
+subjects:
+- kind: User
+  name: f91aef65-7d2a-4df8-a884-e33b05d54a31
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io

argocd/secret-store.yaml

@@ -0,0 +1,35 @@
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: woodpecker-secrets
+  namespace: woodpecker
+spec:
+  provider: azure
+  secretObjects:
+    - secretName: woodpecker-secret
+      type: Opaque
+      data:
+        - objectName: woodpecker-gitea-client
+          key: WOODPECKER_GITEA_CLIENT
+        - objectName: woodpecker-gitea-secret
+          key: WOODPECKER_GITEA_SECRET
+        - objectName: woodpecker-agent-secret
+          key: WOODPECKER_AGENT_SECRET
+  parameters:
+    usePodIdentity: "false"
+    useVMManagedIdentity: "true"
+    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"     # client_id of the user-assigned managed identity
+    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"                   # client_id of the user-assigned managed identity
+    keyvaultName: "dev-aks"
+    objects: |
+      array:
+        - |
+          objectName: woodpecker-gitea-client
+          objectType: secret
+        - |
+          objectName: woodpecker-gitea-secret
+          objectType: secret
+        - |
+          objectName: woodpecker-agent-secret
+          objectType: secret
+    tenantID: "f4e3e6f7-d21c-460e-b201-2192174e7f41"

argocd/woodpecker-agent.yaml

@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: woodpecker-agent
+  namespace: woodpecker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: woodpecker-agent
+  template:
+    metadata:
+      labels:
+        app: woodpecker-agent
+    spec:
+      containers:
+      - name: agent
+        image: woodpeckerci/woodpecker-agent:latest
+        env:
+        - name: WOODPECKER_SERVER
+          value: "woodpecker-server:9000"
+        - name: WOODPECKER_HEALTHCHECK
+          value: "false"
+        - name: WOODPECKER_AGENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: woodpecker-secret
+              key: WOODPECKER_AGENT_SECRET
+        volumeMounts:
+          - name: secrets-store
+            mountPath: "/mnt/secrets"
+            readOnly: true
+      volumes:
+        - name: secrets-store
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: "woodpecker-secrets"

argocd/woodpecker-ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: woodpecker-ingress
+  namespace: woodpecker
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: woodpecker.marcin00.pl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: woodpecker-server
+            port:
+              number: 80

argocd/woodpecker-server.yaml

@@ -0,0 +1,76 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: woodpecker-server
+  namespace: woodpecker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: woodpecker-server
+  template:
+    metadata:
+      labels:
+        app: woodpecker-server
+    spec:
+      containers:
+      - name: server
+        image: woodpeckerci/woodpecker-server:latest
+        ports:
+          - containerPort: 8000
+        env:
+        - name: WOODPECKER_OPEN
+          value: "true"
+        - name: WOODPECKER_GITEA
+          value: "true"
+        - name: WOODPECKER_GITEA_URL
+          value: "https://gitea.marcin00.pl"
+        - name: WOODPECKER_HOST
+          value: "https://woodpecker.marcin00.pl"
+        - name: WOODPECKER_AGENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: woodpecker-secret
+              key: WOODPECKER_AGENT_SECRET
+        - name: WOODPECKER_GITEA_CLIENT
+          valueFrom:
+            secretKeyRef:
+              name: woodpecker-secret
+              key: WOODPECKER_GITEA_CLIENT
+        - name: WOODPECKER_GITEA_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: woodpecker-secret
+              key: WOODPECKER_GITEA_SECRET
+        volumeMounts:
+          - name: secrets-store
+            mountPath: "/mnt/secrets"
+            readOnly: true
+          - name: woodpecker-data
+            mountPath: /var/lib/woodpecker/
+      volumes:
+        - name: secrets-store
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: "woodpecker-secrets"
+        - name: woodpecker-data
+          persistentVolumeClaim:
+              claimName: woodpecker-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: woodpecker-server
+  namespace: woodpecker
+spec:
+  selector:
+    app: woodpecker-server
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8000
+    - name: grpc
+      port: 9000
+      targetPort: 9000

argocd/woodpecker-volume.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: woodpecker-pvc
+  namespace: woodpecker
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi