From 7d2c2a7efb46a7f1e27de9e208b9e7e6030d895b Mon Sep 17 00:00:00 2001 From: Automated pipeline Date: Fri, 1 Aug 2025 09:28:22 +0000 Subject: [PATCH] Automated upload for observability.buildth.ing --- .../stacks/core/argocd.yaml | 4 +- .../forgejo/forgejo-runner/dind-docker.yaml | 6 +- .../stacks/forgejo/forgejo-server.yaml | 10 +-- .../manifests/forgejo-s3-backup-cronjob.yaml | 79 +++++++++++++++++++ .../stacks/forgejo/forgejo-server/values.yaml | 5 +- .../stacks/otc/ingress-nginx.yaml | 4 +- 6 files changed, 91 insertions(+), 17 deletions(-) create mode 100644 otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml diff --git a/otc/observability.buildth.ing/stacks/core/argocd.yaml b/otc/observability.buildth.ing/stacks/core/argocd.yaml index a7f8d0a..55535dc 100644 --- a/otc/observability.buildth.ing/stacks/core/argocd.yaml +++ b/otc/observability.buildth.ing/stacks/core/argocd.yaml @@ -18,12 +18,12 @@ spec: name: in-cluster namespace: argocd sources: - - repoURL: https://edp.buildth.ing/DevFW-CICD/argocd-helm.git + - repoURL: https://github.com/argoproj/argo-helm.git path: charts/argo-cd # TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged # As logout make problems, it is suggested to switch from path based routing to an own argocd domain, # similar to the CNOE amazon reference implementation and in our case, Forgejo - targetRevision: argo-cd-7.8.14-depends + targetRevision: argo-cd-7.8.28 helm: valueFiles: - $values/otc/observability.buildth.ing/stacks/core/argocd/values.yaml diff --git a/otc/observability.buildth.ing/stacks/forgejo/forgejo-runner/dind-docker.yaml b/otc/observability.buildth.ing/stacks/forgejo/forgejo-runner/dind-docker.yaml index 033fa19..6b9ad7b 100644 --- a/otc/observability.buildth.ing/stacks/forgejo/forgejo-runner/dind-docker.yaml +++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-runner/dind-docker.yaml @@ -7,7 +7,7 @@ metadata: namespace: gitea spec: # Two replicas means that if one is busy, the other can pick up jobs. - replicas: 1 + replicas: 3 selector: matchLabels: app: forgejo-runner @@ -28,7 +28,7 @@ spec: # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration initContainers: - name: runner-register - image: code.forgejo.org/forgejo/runner:6.3.1 + image: code.forgejo.org/forgejo/runner:6.4.0 command: - "sh" - "-c" @@ -57,7 +57,7 @@ spec: mountPath: /data containers: - name: runner - image: code.forgejo.org/forgejo/runner:6.3.1 + image: code.forgejo.org/forgejo/runner:6.4.0 command: - "sh" - "-c" diff --git a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server.yaml b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server.yaml index d4bcfe7..cd4160d 100644 --- a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server.yaml +++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server.yaml @@ -18,15 +18,9 @@ spec: name: in-cluster namespace: gitea sources: - - repoURL: https://edp.buildth.ing/DevFW-CICD/forgejo-helm.git + - repoURL: https://code.forgejo.org/forgejo-helm/forgejo-helm.git path: . - # first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml - # (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file) - # then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0): - # https://edp.buildth.ing/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0 - # finally update the desired version here and include "-depends", it is created by the devops pipeline. - # why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies - targetRevision: v12.0.0-depends + targetRevision: v12.0.0 helm: valueFiles: - $values/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml diff --git a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml new file mode 100644 index 0000000..ba0aebd --- /dev/null +++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml @@ -0,0 +1,79 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: forgejo-s3-backup + namespace: gitea +spec: + schedule: "0 1 * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: rclone + image: rclone/rclone:1.70 + imagePullPolicy: IfNotPresent + env: + - name: SOURCE_BUCKET + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: bucket-name + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: access-key + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: secret-key + volumeMounts: + - name: rclone-config + mountPath: /config/rclone + readOnly: true + - name: backup-dir + mountPath: /backup + readOnly: false + command: + - /bin/sh + - -c + - | + rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum + restartPolicy: OnFailure + volumes: + - name: rclone-config + secret: + secretName: forgejo-s3-backup + - name: backup-dir + persistentVolumeClaim: + claimName: s3-backup +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: s3-backup + namespace: gitea +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi +--- +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-s3-backup + namespace: gitea +type: Opaque +stringData: + rclone.conf: | + [source] + type = s3 + provider = HuaweiOBS + env_auth = true + endpoint = obs.eu-de.otc.t-systems.com + region = eu-de + acl = private diff --git a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml index d93b40e..c693e3e 100644 --- a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml +++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml @@ -1,4 +1,4 @@ -# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. +# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. strategy: type: Recreate @@ -121,7 +121,7 @@ gitea: MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443 STORAGE_TYPE: minio MINIO_LOCATION: eu-de - MINIO_BUCKET: edp-forgejo-prod-observability + MINIO_BUCKET: "edp-forgejo-prod-observability" MINIO_USE_SSL: true queue: @@ -136,6 +136,7 @@ gitea: service: DISABLE_REGISTRATION: true + ENABLE_NOTIFY_MAIL: true other: SHOW_FOOTER_VERSION: false diff --git a/otc/observability.buildth.ing/stacks/otc/ingress-nginx.yaml b/otc/observability.buildth.ing/stacks/otc/ingress-nginx.yaml index 4d10877..db06173 100644 --- a/otc/observability.buildth.ing/stacks/otc/ingress-nginx.yaml +++ b/otc/observability.buildth.ing/stacks/otc/ingress-nginx.yaml @@ -18,9 +18,9 @@ spec: name: in-cluster namespace: ingress-nginx sources: - - repoURL: https://edp.buildth.ing/DevFW-CICD/ingress-nginx-helm.git + - repoURL: https://github.com/kubernetes/ingress-nginx.git path: charts/ingress-nginx - targetRevision: helm-chart-4.12.1-depends + targetRevision: helm-chart-4.12.1 helm: valueFiles: - $values/otc/observability.buildth.ing/stacks/otc/ingress-nginx/values.yaml