From c06342296ecfbb4bba751079d028b46372bffbd9 Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Sat, 19 Jul 2025 18:05:44 +0200 Subject: [PATCH] Added Woodpecker configuration --- deployment.yaml | 59 --------------------- ingress.yaml | 27 ---------- namespace.yaml | 5 -- rbac-role.yaml | 12 +++++ secret-store.yaml | 35 ++++++++++++ service.yaml | 17 ------ serviceAccount.yaml | 28 ---------- woodpecker-agent.yaml | 39 ++++++++++++++ woodpecker-ingress.yaml | 20 +++++++ woodpecker-server.yaml | 76 +++++++++++++++++++++++++++ volume.yaml => woodpecker-volume.yaml | 7 ++- 11 files changed, 185 insertions(+), 140 deletions(-) delete mode 100644 deployment.yaml delete mode 100644 ingress.yaml delete mode 100644 namespace.yaml create mode 100644 rbac-role.yaml create mode 100644 secret-store.yaml delete mode 100644 service.yaml delete mode 100644 serviceAccount.yaml create mode 100644 woodpecker-agent.yaml create mode 100644 woodpecker-ingress.yaml create mode 100644 woodpecker-server.yaml rename volume.yaml => woodpecker-volume.yaml (55%) diff --git a/deployment.yaml b/deployment.yaml deleted file mode 100644 index a027d5f..0000000 --- a/deployment.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: deployment-jenkins - namespace: jenkins -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: server-jenkins - template: - metadata: - labels: - app: server-jenkins - spec: - securityContext: - fsGroup: 1000 - runAsUser: 1000 - serviceAccountName: admin-jenkins - containers: - - name: deployment-jenkins - image: jenkins/jenkins:lts - resources: - limits: - memory: "1Gi" - cpu: "500m" - requests: - memory: "512Mi" - cpu: "250m" - ports: - - name: httpport - containerPort: 8080 - - name: jnlpport - containerPort: 50000 - livenessProbe: - httpGet: - path: "/login" - port: 8080 - initialDelaySeconds: 90 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - readinessProbe: - httpGet: - path: "/login" - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - volumeMounts: - - name: data-jenkins - mountPath: /var/jenkins_home - volumes: - - name: data-jenkins - persistentVolumeClaim: - claimName: pvc-jenkins diff --git a/ingress.yaml b/ingress.yaml deleted file mode 100644 index f5339e9..0000000 --- a/ingress.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: jenkins-ingress - namespace: jenkins - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/use-forwarded-headers: "true" - nginx.ingress.kubernetes.io/proxy-body-size: "50m" - nginx.ingress.kubernetes.io/enable-websocket: "true" - nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "X-Forwarded-Proto: https"; -spec: - ingressClassName: nginx - rules: - - host: jenkins.marcin00.pl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: service-jenkins - port: - number: 8080 diff --git a/namespace.yaml b/namespace.yaml deleted file mode 100644 index 58de407..0000000 --- a/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# Namespace (opcjonalnie) -apiVersion: v1 -kind: Namespace -metadata: - name: jenkins diff --git a/rbac-role.yaml b/rbac-role.yaml new file mode 100644 index 0000000..99efbd3 --- /dev/null +++ b/rbac-role.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: deployer-binding +subjects: +- kind: User + name: f91aef65-7d2a-4df8-a884-e33b05d54a31 + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/secret-store.yaml b/secret-store.yaml new file mode 100644 index 0000000..50bd504 --- /dev/null +++ b/secret-store.yaml @@ -0,0 +1,35 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: woodpecker-secrets + namespace: woodpecker +spec: + provider: azure + secretObjects: + - secretName: woodpecker-secret + type: Opaque + data: + - objectName: woodpecker-gitea-client + key: WOODPECKER_GITEA_CLIENT + - objectName: woodpecker-gitea-secret + key: WOODPECKER_GITEA_SECRET + - objectName: woodpecker-agent-secret + key: WOODPECKER_AGENT_SECRET + parameters: + usePodIdentity: "false" + useVMManagedIdentity: "true" + userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity + clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity + keyvaultName: "dev-aks" + objects: | + array: + - | + objectName: woodpecker-gitea-client + objectType: secret + - | + objectName: woodpecker-gitea-secret + objectType: secret + - | + objectName: woodpecker-agent-secret + objectType: secret + tenantID: "f4e3e6f7-d21c-460e-b201-2192174e7f41" diff --git a/service.yaml b/service.yaml deleted file mode 100644 index 04e06d1..0000000 --- a/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: service-jenkins - namespace: jenkins - annotations: - prometheus.io/scrape: 'true' - prometheus.io/path: / - prometheus.io/port: '8080' -spec: - selector: - app: server-jenkins - type: ClusterIP - ports: - - name: http - port: 8080 - targetPort: 8080 diff --git a/serviceAccount.yaml b/serviceAccount.yaml deleted file mode 100644 index d9c3f86..0000000 --- a/serviceAccount.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: admin-jenkins -rules: - - apiGroups: [""] - resources: ["*"] - verbs: ["*"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: admin-jenkins - namespace: jenkins ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: admin-jenkins -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin-jenkins -subjects: -- kind: ServiceAccount - name: admin-jenkins - namespace: jenkins diff --git a/woodpecker-agent.yaml b/woodpecker-agent.yaml new file mode 100644 index 0000000..7436ba8 --- /dev/null +++ b/woodpecker-agent.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: woodpecker-agent + namespace: woodpecker +spec: + replicas: 1 + selector: + matchLabels: + app: woodpecker-agent + template: + metadata: + labels: + app: woodpecker-agent + spec: + containers: + - name: agent + image: woodpeckerci/woodpecker-agent:latest + env: + - name: WOODPECKER_SERVER + value: "woodpecker-server:9000" + - name: WOODPECKER_HEALTHCHECK + value: "false" + - name: WOODPECKER_AGENT_SECRET + valueFrom: + secretKeyRef: + name: woodpecker-secret + key: WOODPECKER_AGENT_SECRET + volumeMounts: + - name: secrets-store + mountPath: "/mnt/secrets" + readOnly: true + volumes: + - name: secrets-store + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "woodpecker-secrets" diff --git a/woodpecker-ingress.yaml b/woodpecker-ingress.yaml new file mode 100644 index 0000000..7885b0d --- /dev/null +++ b/woodpecker-ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: woodpecker-ingress + namespace: woodpecker + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: nginx + rules: + - host: woodpecker.marcin00.pl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: woodpecker-server + port: + number: 80 diff --git a/woodpecker-server.yaml b/woodpecker-server.yaml new file mode 100644 index 0000000..a2ae1d7 --- /dev/null +++ b/woodpecker-server.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: woodpecker-server + namespace: woodpecker +spec: + replicas: 1 + selector: + matchLabels: + app: woodpecker-server + template: + metadata: + labels: + app: woodpecker-server + spec: + containers: + - name: server + image: woodpeckerci/woodpecker-server:latest + ports: + - containerPort: 8000 + env: + - name: WOODPECKER_OPEN + value: "true" + - name: WOODPECKER_GITEA + value: "true" + - name: WOODPECKER_GITEA_URL + value: "https://gitea.marcin00.pl" + - name: WOODPECKER_HOST + value: "https://woodpecker.marcin00.pl" + - name: WOODPECKER_AGENT_SECRET + valueFrom: + secretKeyRef: + name: woodpecker-secret + key: WOODPECKER_AGENT_SECRET + - name: WOODPECKER_GITEA_CLIENT + valueFrom: + secretKeyRef: + name: woodpecker-secret + key: WOODPECKER_GITEA_CLIENT + - name: WOODPECKER_GITEA_SECRET + valueFrom: + secretKeyRef: + name: woodpecker-secret + key: WOODPECKER_GITEA_SECRET + volumeMounts: + - name: secrets-store + mountPath: "/mnt/secrets" + readOnly: true + - name: woodpecker-data + mountPath: /var/lib/woodpecker/ + volumes: + - name: secrets-store + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "woodpecker-secrets" + - name: woodpecker-data + persistentVolumeClaim: + claimName: woodpecker-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: woodpecker-server + namespace: woodpecker +spec: + selector: + app: woodpecker-server + ports: + - name: http + port: 80 + targetPort: 8000 + - name: grpc + port: 9000 + targetPort: 9000 diff --git a/volume.yaml b/woodpecker-volume.yaml similarity index 55% rename from volume.yaml rename to woodpecker-volume.yaml index df45ff2..5691084 100644 --- a/volume.yaml +++ b/woodpecker-volume.yaml @@ -1,12 +1,11 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: pvc-jenkins - namespace: jenkins + name: woodpecker-pvc + namespace: woodpecker spec: - storageClassName: managed-premium accessModes: - ReadWriteOnce resources: requests: - storage: 2Gi + storage: 1Gi