DevFW-CICD/stacks-instances
14
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Automated upload for observability.buildth.ing

Browse source
This commit is contained in:
Automated pipeline 2025-08-01 09:28:22 +00:00 committed by Actions pipeline
parent 07539b26e7
commit 7d2c2a7efb
6 changed files with 91 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

4
otc/observability.buildth.ing/stacks/core/argocd.yaml
View file

@ -18,12 +18,12 @@ spec:
name: in-cluster
namespace: argocd
sources:
- repoURL: https://edp.buildth.ing/DevFW-CICD/argocd-helm.git
- repoURL: https://github.com/argoproj/argo-helm.git
path: charts/argo-cd
# TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged
# As logout make problems, it is suggested to switch from path based routing to an own argocd domain,
# similar to the CNOE amazon reference implementation and in our case, Forgejo
targetRevision: argo-cd-7.8.14-depends
targetRevision: argo-cd-7.8.28
helm:
valueFiles:
- $values/otc/observability.buildth.ing/stacks/core/argocd/values.yaml

6
otc/observability.buildth.ing/stacks/forgejo/forgejo-runner/dind-docker.yaml
View file

@ -7,7 +7,7 @@ metadata:
namespace: gitea
spec:
# Two replicas means that if one is busy, the other can pick up jobs.
replicas: 1
replicas: 3
selector:
matchLabels:
app: forgejo-runner
@ -28,7 +28,7 @@ spec:
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
initContainers:
- name: runner-register
image: code.forgejo.org/forgejo/runner:6.3.1
image: code.forgejo.org/forgejo/runner:6.4.0
command:
- "sh"
- "-c"
@ -57,7 +57,7 @@ spec:
mountPath: /data
containers:
- name: runner
image: code.forgejo.org/forgejo/runner:6.3.1
image: code.forgejo.org/forgejo/runner:6.4.0
command:
- "sh"
- "-c"

10
otc/observability.buildth.ing/stacks/forgejo/forgejo-server.yaml
View file

@ -18,15 +18,9 @@ spec:
name: in-cluster
namespace: gitea
sources:
- repoURL: https://edp.buildth.ing/DevFW-CICD/forgejo-helm.git
- repoURL: https://code.forgejo.org/forgejo-helm/forgejo-helm.git
path: .
# first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml
# (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file)
# then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0):
# https://edp.buildth.ing/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0
# finally update the desired version here and include "-depends", it is created by the devops pipeline.
# why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies
targetRevision: v12.0.0-depends
targetRevision: v12.0.0
helm:
valueFiles:
- $values/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml

79
otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml Normal file
View file

@ -0,0 +1,79 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: forgejo-s3-backup
namespace: gitea
spec:
schedule: "0 1 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: rclone
image: rclone/rclone:1.70
imagePullPolicy: IfNotPresent
env:
- name: SOURCE_BUCKET
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: bucket-name
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: access-key
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: secret-key
volumeMounts:
- name: rclone-config
mountPath: /config/rclone
readOnly: true
- name: backup-dir
mountPath: /backup
readOnly: false
command:
- /bin/sh
- -c
- |
rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum
restartPolicy: OnFailure
volumes:
- name: rclone-config
secret:
secretName: forgejo-s3-backup
- name: backup-dir
persistentVolumeClaim:
claimName: s3-backup
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: s3-backup
namespace: gitea
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: Secret
metadata:
name: forgejo-s3-backup
namespace: gitea
type: Opaque
stringData:
rclone.conf: |
[source]
type = s3
provider = HuaweiOBS
env_auth = true
endpoint = obs.eu-de.otc.t-systems.com
region = eu-de
acl = private

5
otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml
View file

@ -1,4 +1,4 @@
# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.
# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.
strategy:
type: Recreate
@ -121,7 +121,7 @@ gitea:
MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
STORAGE_TYPE: minio
MINIO_LOCATION: eu-de
MINIO_BUCKET: edp-forgejo-prod-observability
MINIO_BUCKET: "edp-forgejo-prod-observability"
MINIO_USE_SSL: true
queue:
@ -136,6 +136,7 @@ gitea:
service:
DISABLE_REGISTRATION: true
ENABLE_NOTIFY_MAIL: true
other:
SHOW_FOOTER_VERSION: false

4
otc/observability.buildth.ing/stacks/otc/ingress-nginx.yaml
View file

@ -18,9 +18,9 @@ spec:
name: in-cluster
namespace: ingress-nginx
sources:
- repoURL: https://edp.buildth.ing/DevFW-CICD/ingress-nginx-helm.git
- repoURL: https://github.com/kubernetes/ingress-nginx.git
path: charts/ingress-nginx
targetRevision: helm-chart-4.12.1-depends
targetRevision: helm-chart-4.12.1
helm:
valueFiles:
- $values/otc/observability.buildth.ing/stacks/otc/ingress-nginx/values.yaml