add devops
This commit is contained in:
@@ -10,4 +10,31 @@ spec:
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- gitea.milasholsting.dk
|
||||
---
|
||||
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: harbor-tls
|
||||
namespace: devops
|
||||
spec:
|
||||
secretName: harbor-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- reg.milasholsting.dk
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: grafana-tls
|
||||
namespace: devops
|
||||
spec:
|
||||
secretName: grafana-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- grafana.milasholsting.dk
|
||||
|
||||
|
||||
58
manifests/devops/gitea-actions.yaml
Normal file
58
manifests/devops/gitea-actions.yaml
Normal file
@@ -0,0 +1,58 @@
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: gitea-runner
|
||||
namespace: devops
|
||||
spec:
|
||||
serviceName: gitea-runner
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: gitea-runner
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: gitea-runner
|
||||
spec:
|
||||
containers:
|
||||
- name: runner
|
||||
image: gitea/act_runner:latest
|
||||
env:
|
||||
- name: GITEA_INSTANCE_URL
|
||||
value: "https://gitea.milasholsting.dk"
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: actions-secret
|
||||
key: registerKey
|
||||
- name: DOCKER_HOST
|
||||
value: unix:///var/run/docker/docker.sock
|
||||
- name: GITEA_RUNNER_LABELS
|
||||
value: "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: docker-sock
|
||||
mountPath: /var/run/docker
|
||||
|
||||
- name: dind
|
||||
image: reg.milasholsting.dk/devops/docker:dind
|
||||
command: ["dockerd"]
|
||||
args: ["--host=unix:///var/run/docker/docker.sock", "--host=tcp://0.0.0.0:2375"]
|
||||
securityContext:
|
||||
privileged: true
|
||||
env:
|
||||
- name: DOCKER_TLS_CERTDIR
|
||||
value: "" # Explicitly disable TLS to stick to the socket
|
||||
volumeMounts:
|
||||
- name: dind-storage
|
||||
mountPath: /var/lib/docker
|
||||
- name: docker-sock
|
||||
mountPath: /var/run/docker
|
||||
volumes:
|
||||
- name: dind-storage
|
||||
emptyDir: {}
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
- name: docker-sock
|
||||
emptyDir: {}
|
||||
14
manifests/devops/gitea-ssh-ingress.yaml
Normal file
14
manifests/devops/gitea-ssh-ingress.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: gitea-ssh
|
||||
namespace: devops # Ensure this is your Gitea namespace
|
||||
spec:
|
||||
entryPoints:
|
||||
- ssh # This MUST match the name used in your Traefik config
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: gitea-ssh # Replace with the service name from Step 1
|
||||
port: 22
|
||||
@@ -39,7 +39,12 @@ spec:
|
||||
server:
|
||||
DOMAIN: gitea.milasholsting.dk
|
||||
ROOT_URL: https://gitea.milasholsting.dk/
|
||||
|
||||
START_SSH_SERVER: true
|
||||
SSH_DOMAIN: gitea.milasholsting.dk
|
||||
SSH_PORT: 22
|
||||
SSH_LISTEN_PORT: 22
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
persistence:
|
||||
size: 20Gi
|
||||
storageClass: local-path
|
||||
|
||||
23
manifests/devops/grafana-ingress.yaml
Normal file
23
manifests/devops/grafana-ingress.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: grafana-ingress
|
||||
annotations:
|
||||
spec.ingressClassName: traefik
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
spec:
|
||||
rules:
|
||||
- host: grafana.milasholsting.dk
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: grafana
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- secretName: grafana-tls
|
||||
hosts:
|
||||
- grafana.milasholsting.dk
|
||||
12
manifests/devops/grafana.yaml
Normal file
12
manifests/devops/grafana.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChart
|
||||
metadata:
|
||||
name: grafana
|
||||
namespace: devops
|
||||
spec:
|
||||
repo: https://grafana-community.github.io/helm-charts
|
||||
chart: grafana
|
||||
targetNamespace: devops
|
||||
version: 11.6.0
|
||||
valuesContent: |-
|
||||
|
||||
57
manifests/devops/grafanaChartConfig.yaml
Normal file
57
manifests/devops/grafanaChartConfig.yaml
Normal file
@@ -0,0 +1,57 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChartConfig
|
||||
metadata:
|
||||
name: grafana
|
||||
namespace: devops
|
||||
spec:
|
||||
valuesContent: |-
|
||||
# Disable etcd monitoring. See https://github.com/cablespaghetti/k3s-monitoring/issues/4
|
||||
kubeEtcd:
|
||||
enabled: false
|
||||
|
||||
# Disable kube-controller-manager and kube-scheduler monitoring. See https://github.com/cablespaghetti/k3s-monitoring/issues/2
|
||||
kubeControllerManager:
|
||||
enabled: false
|
||||
kubeScheduler:
|
||||
enabled: false
|
||||
|
||||
prometheus:
|
||||
prometheusSpec:
|
||||
retention: 3d
|
||||
|
||||
storageSpec:
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: local-path
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
|
||||
grafana:
|
||||
plugins:
|
||||
- grafana-piechart-panel
|
||||
enabled: true
|
||||
grafana.ini:
|
||||
users:
|
||||
viewers_can_edit: true
|
||||
auth:
|
||||
disable_login_form: false
|
||||
disable_signout_menu: false
|
||||
auth.anonymous:
|
||||
enabled: false
|
||||
org_role: Admin
|
||||
auth.basic:
|
||||
enabled: true
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
type: pvc
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
size: 4Gi
|
||||
finalizers:
|
||||
- kubernetes.io/pvc-protection
|
||||
# ALTERNATIVELY IF YOU HAVE AN EXISTING CLAME YOU WISH TO USE/REUSE
|
||||
# existingClaim: prom-grafana
|
||||
12
manifests/devops/harbor.yaml
Normal file
12
manifests/devops/harbor.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChart
|
||||
metadata:
|
||||
name: harbor
|
||||
namespace: devops
|
||||
spec:
|
||||
repo: https://helm.goharbor.io
|
||||
chart: harbor
|
||||
targetNamespace: devops
|
||||
version: 1.18.2
|
||||
valuesContent: |-
|
||||
|
||||
55
manifests/devops/harborChartValues.yaml
Normal file
55
manifests/devops/harborChartValues.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChartConfig
|
||||
metadata:
|
||||
name: harbor
|
||||
namespace: devops
|
||||
spec:
|
||||
valuesContent: |-
|
||||
expose:
|
||||
type: ingress
|
||||
tls:
|
||||
certSource: secret
|
||||
secret:
|
||||
# The name of secret which contains keys named:
|
||||
# "tls.crt" - the certificate
|
||||
# "tls.key" - the private key
|
||||
secretName: "harbor-tls"
|
||||
ingress:
|
||||
className: traefik
|
||||
hosts:
|
||||
core: reg.milasholsting.dk
|
||||
notary: notary.reg.milasholsting.dk
|
||||
|
||||
externalURL: https://reg.milasholsting.dk
|
||||
|
||||
harborAdminPassword: "ChangeMe123!"
|
||||
|
||||
persistence:
|
||||
persistentVolumeClaim:
|
||||
registry:
|
||||
storageClass: local-path
|
||||
size: 100Gi
|
||||
chartmuseum:
|
||||
storageClass: local-path
|
||||
size: 5Gi
|
||||
jobservice:
|
||||
storageClass: local-path
|
||||
size: 2Gi
|
||||
database:
|
||||
storageClass: local-path
|
||||
size: 10Gi
|
||||
redis:
|
||||
storageClass: local-path
|
||||
size: 2Gi
|
||||
|
||||
database:
|
||||
internal:
|
||||
image:
|
||||
repository: goharbor/harbor-db
|
||||
tag: v2.11.0
|
||||
|
||||
redis:
|
||||
internal:
|
||||
image:
|
||||
repository: goharbor/redis-photon
|
||||
tag: v2.11.0
|
||||
@@ -4,4 +4,13 @@ resources:
|
||||
- ./namespace.yaml
|
||||
- ./gitea-admin-secret.yaml
|
||||
- ./gitea.yaml
|
||||
- ./giteaChartConfig.yaml
|
||||
- ./cert.yaml
|
||||
- ./harbor.yaml
|
||||
- ./harborChartValues.yaml
|
||||
- ./gitea-ssh-ingress.yaml
|
||||
- ./gitea-actions.yaml
|
||||
- ./gitea-action-secrets.yaml
|
||||
- ./grafana-ingress.yaml
|
||||
- ./grafana.yaml
|
||||
- ./grafanaChartConfig.yaml
|
||||
|
||||
Reference in New Issue
Block a user