Added FluxCD configuration

argocd/argocd-ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-ingress
+  namespace: argocd
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: argocd.marcin00.pl
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: argocd-server
+                port:
+                  number: 80

argocd/readme.md

@@ -0,0 +1,51 @@
+# Instrukcje konfiguracji ArgoCD
+
+## Instalacja:
+Aby wdrożyć ArgoCD wykonujemy komendy:
+```
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+```
+W celu zalogowania sekret wydobywamy komendą:
+```
+kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
+```
+Następnie wdrażamy obiekt Ingress z tego folderu.
+```
+kubectl apply -f argocd-ingress.yaml
+```
+
+## Jak wyłączyć HTTPS
+Aby wyłączyć HTTPS w ArgoCD należy otworzyć configmap:
+```
+kubectl edit configmap argocd-cmd-params-cm -n argocd
+```
+i dodać do configmap następujący tekst:
+```
+data:
+  server.insecure: "true"
+```
+Aby przeładować serwer zniszcz poda:
+```
+kubectl delete pod -n argocd argocd-server-<xxx>
+```
+
+## Jak ustawić wartość sekretu dla Webhooka Gitea
+Zapisujemy sekret do zmiennej środowiskowej GITEA_WEBHOOK_SECRET.
+Następnie tworzymy sekret za pomocą poniższej komendy
+```
+kubectl create secret generic gitea-webhook-secret \
+  --namespace argocd \
+  --from-literal=webhook.secret="$GITEA_WEBHOOK_SECRET" \
+  --type=Opaque \
+  --label=app.kubernetes.io/part-of=argocd \
+  --dry-run=client -o yaml | kubectl apply -f -
+```
+Potem modyfikujemy argocd-secret, otwieramy go komendą:
+```
+kubectl edit secret argocd-secret -n argocd
+```
+dodajemy pod klucz `data` taką oto linię:
+```
+webhook.gitea.secret: "$gitea-webhook-secret:webhook.secret"
+```

fluxcd/flux-receiver.yaml

@@ -0,0 +1,17 @@
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+  name: gitea-receiver
+  namespace: flux-system
+spec:
+  type: generic
+  events:
+    - "ping"
+    - "push"
+  secretRef:
+    name: webhook-token
+  resources:
+    - apiVersion: source.toolkit.fluxcd.io/v1
+      kind: GitRepository
+      name: user-microservice-repo
+      namespace: flux-system

fluxcd/fluxcd-secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: webhook-token
+  namespace: flux-system
+stringData:
+  token: ${GITEA_WEBHOOK_SECRET}

fluxcd/ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: webhook-receiver
+  namespace: flux-system
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: flux.marcin00.pl
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: webhook-receiver
+                port:
+                  number: 80

fluxcd/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: user-microservice
+  namespace: flux-system
+spec:
+  interval: 1m
+  path: ./apps/user-microservice
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: user-microservice-repo
+  targetNamespace: user-microservice

fluxcd/source.yaml

@@ -0,0 +1,10 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: user-microservice-repo
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://gitea.marcin00.pl/pikram/user-microservice-deploy.git
+  ref:
+    branch: argoworkflow-fluxcd

woodpecker/woodpecker-agent.yaml

@@ -19,10 +19,6 @@ spec:
         env:
         - name: WOODPECKER_SERVER
           value: "woodpecker-server:9000"
-        - name: WOODPECKER_HEALTHCHECK
-          value: "false"
-        - name: WOODPECKER_GRPC_RECONNECT
-          value: "true"
         - name: WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS_ALLOW_FROM_STEP
           value: "true"        
         - name: WOODPECKER_BACKEND_K8S_STORAGE_CLASS

woodpecker/woodpecker-permissions.yaml

@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: woodpecker-ci-role
+  namespace: woodpecker
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "pods/log", "pods/exec", "pods/status", "persistentvolumeclaims", "secrets"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: woodpecker-ci-binding
+  namespace: woodpecker
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: woodpecker
+roleRef:
+  kind: Role
+  name: woodpecker-ci-role
+  apiGroup: rbac.authorization.k8s.io