pikram/k8s-ci-cd-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Woodpecker configuration

Browse Source
This commit is contained in:
Marcin-Ramotowski
2025-07-19 18:05:44 +02:00
parent 0255e817da
commit c06342296e
11 changed files with 185 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
deployment.yaml
View File

@ -1,59 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-jenkins
namespace: jenkins
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: server-jenkins
template:
metadata:
labels:
app: server-jenkins
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: admin-jenkins
containers:
- name: deployment-jenkins
image: jenkins/jenkins:lts
resources:
limits:
memory: "1Gi"
cpu: "500m"
requests:
memory: "512Mi"
cpu: "250m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: data-jenkins
mountPath: /var/jenkins_home
volumes:
- name: data-jenkins
persistentVolumeClaim:
claimName: pvc-jenkins

27
ingress.yaml
View File

@ -1,27 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jenkins-ingress
namespace: jenkins
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
nginx.ingress.kubernetes.io/enable-websocket: "true"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Forwarded-Proto: https";
spec:
ingressClassName: nginx
rules:
- host: jenkins.marcin00.pl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service-jenkins
port:
number: 8080

5
namespace.yaml
View File

@ -1,5 +0,0 @@
# Namespace (opcjonalnie)
apiVersion: v1
kind: Namespace
metadata:
name: jenkins

12
rbac-role.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: deployer-binding
subjects:
- kind: User
name: f91aef65-7d2a-4df8-a884-e33b05d54a31
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io

35
secret-store.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: woodpecker-secrets
namespace: woodpecker
spec:
provider: azure
secretObjects:
- secretName: woodpecker-secret
type: Opaque
data:
- objectName: woodpecker-gitea-client
key: WOODPECKER_GITEA_CLIENT
- objectName: woodpecker-gitea-secret
key: WOODPECKER_GITEA_SECRET
- objectName: woodpecker-agent-secret
key: WOODPECKER_AGENT_SECRET
parameters:
usePodIdentity: "false"
useVMManagedIdentity: "true"
userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
keyvaultName: "dev-aks"
objects: |
array:
- |
objectName: woodpecker-gitea-client
objectType: secret
- |
objectName: woodpecker-gitea-secret
objectType: secret
- |
objectName: woodpecker-agent-secret
objectType: secret
tenantID: "f4e3e6f7-d21c-460e-b201-2192174e7f41"

17
service.yaml
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: service-jenkins
namespace: jenkins
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: server-jenkins
type: ClusterIP
ports:
- name: http
port: 8080
targetPort: 8080

28
serviceAccount.yaml
View File

@ -1,28 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admin-jenkins
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-jenkins
namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin-jenkins
subjects:
- kind: ServiceAccount
name: admin-jenkins
namespace: jenkins

39
woodpecker-agent.yaml Normal file
View File

@ -0,0 +1,39 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: woodpecker-agent
namespace: woodpecker
spec:
replicas: 1
selector:
matchLabels:
app: woodpecker-agent
template:
metadata:
labels:
app: woodpecker-agent
spec:
containers:
- name: agent
image: woodpeckerci/woodpecker-agent:latest
env:
- name: WOODPECKER_SERVER
value: "woodpecker-server:9000"
- name: WOODPECKER_HEALTHCHECK
value: "false"
- name: WOODPECKER_AGENT_SECRET
valueFrom:
secretKeyRef:
name: woodpecker-secret
key: WOODPECKER_AGENT_SECRET
volumeMounts:
- name: secrets-store
mountPath: "/mnt/secrets"
readOnly: true
volumes:
- name: secrets-store
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "woodpecker-secrets"

20
woodpecker-ingress.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: woodpecker-ingress
namespace: woodpecker
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: woodpecker.marcin00.pl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: woodpecker-server
port:
number: 80

76
woodpecker-server.yaml Normal file
View File

@ -0,0 +1,76 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: woodpecker-server
namespace: woodpecker
spec:
replicas: 1
selector:
matchLabels:
app: woodpecker-server
template:
metadata:
labels:
app: woodpecker-server
spec:
containers:
- name: server
image: woodpeckerci/woodpecker-server:latest
ports:
- containerPort: 8000
env:
- name: WOODPECKER_OPEN
value: "true"
- name: WOODPECKER_GITEA
value: "true"
- name: WOODPECKER_GITEA_URL
value: "https://gitea.marcin00.pl"
- name: WOODPECKER_HOST
value: "https://woodpecker.marcin00.pl"
- name: WOODPECKER_AGENT_SECRET
valueFrom:
secretKeyRef:
name: woodpecker-secret
key: WOODPECKER_AGENT_SECRET
- name: WOODPECKER_GITEA_CLIENT
valueFrom:
secretKeyRef:
name: woodpecker-secret
key: WOODPECKER_GITEA_CLIENT
- name: WOODPECKER_GITEA_SECRET
valueFrom:
secretKeyRef:
name: woodpecker-secret
key: WOODPECKER_GITEA_SECRET
volumeMounts:
- name: secrets-store
mountPath: "/mnt/secrets"
readOnly: true
- name: woodpecker-data
mountPath: /var/lib/woodpecker/
volumes:
- name: secrets-store
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "woodpecker-secrets"
- name: woodpecker-data
persistentVolumeClaim:
claimName: woodpecker-pvc
---
apiVersion: v1
kind: Service
metadata:
name: woodpecker-server
namespace: woodpecker
spec:
selector:
app: woodpecker-server
ports:
- name: http
port: 80
targetPort: 8000
- name: grpc
port: 9000
targetPort: 9000

7
volume.yaml → woodpecker-volume.yaml
View File

@ -1,12 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-jenkins
namespace: jenkins
name: woodpecker-pvc
namespace: woodpecker
spec:
storageClassName: managed-premium
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storage: 1Gi