diff --git a/otc/forgejo-test.t09.de/stacks/core/argocd.yaml b/otc/forgejo-test.t09.de/stacks/core/argocd.yaml index 04b3581..1381fdd 100644 --- a/otc/forgejo-test.t09.de/stacks/core/argocd.yaml +++ b/otc/forgejo-test.t09.de/stacks/core/argocd.yaml @@ -18,12 +18,12 @@ spec: name: in-cluster namespace: argocd sources: - - repoURL: https://edp.buildth.ing/DevFW-CICD/argocd-helm.git + - repoURL: https://github.com/argoproj/argo-helm.git path: charts/argo-cd # TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged # As logout make problems, it is suggested to switch from path based routing to an own argocd domain, # similar to the CNOE amazon reference implementation and in our case, Forgejo - targetRevision: argo-cd-7.8.14-depends + targetRevision: argo-cd-7.8.28 helm: valueFiles: - $values/otc/forgejo-test.t09.de/stacks/core/argocd/values.yaml diff --git a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml index 6d53943..1f7e430 100644 --- a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml +++ b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml @@ -7,7 +7,7 @@ metadata: namespace: gitea spec: # Two replicas means that if one is busy, the other can pick up jobs. - replicas: 1 + replicas: 3 selector: matchLabels: app: forgejo-runner @@ -28,7 +28,7 @@ spec: # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration initContainers: - name: runner-register - image: code.forgejo.org/forgejo/runner:6.3.1 + image: code.forgejo.org/forgejo/runner:6.4.0 command: - "sh" - "-c" @@ -57,7 +57,7 @@ spec: mountPath: /data containers: - name: runner - image: code.forgejo.org/forgejo/runner:6.3.1 + image: code.forgejo.org/forgejo/runner:6.4.0 command: - "sh" - "-c" diff --git a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server.yaml b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server.yaml index 531e79d..5065bac 100644 --- a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server.yaml +++ b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server.yaml @@ -18,15 +18,9 @@ spec: name: in-cluster namespace: gitea sources: - - repoURL: https://edp.buildth.ing/DevFW-CICD/forgejo-helm.git + - repoURL: https://code.forgejo.org/forgejo-helm/forgejo-helm.git path: . - # first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml - # (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file) - # then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0): - # https://edp.buildth.ing/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0 - # finally update the desired version here and include "-depends", it is created by the devops pipeline. - # why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies - targetRevision: v12.0.0-depends + targetRevision: v12.0.0 helm: valueFiles: - $values/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/values.yaml diff --git a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml new file mode 100644 index 0000000..ba0aebd --- /dev/null +++ b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml @@ -0,0 +1,79 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: forgejo-s3-backup + namespace: gitea +spec: + schedule: "0 1 * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: rclone + image: rclone/rclone:1.70 + imagePullPolicy: IfNotPresent + env: + - name: SOURCE_BUCKET + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: bucket-name + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: access-key + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: forgejo-cloud-credentials + key: secret-key + volumeMounts: + - name: rclone-config + mountPath: /config/rclone + readOnly: true + - name: backup-dir + mountPath: /backup + readOnly: false + command: + - /bin/sh + - -c + - | + rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum + restartPolicy: OnFailure + volumes: + - name: rclone-config + secret: + secretName: forgejo-s3-backup + - name: backup-dir + persistentVolumeClaim: + claimName: s3-backup +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: s3-backup + namespace: gitea +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi +--- +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-s3-backup + namespace: gitea +type: Opaque +stringData: + rclone.conf: | + [source] + type = s3 + provider = HuaweiOBS + env_auth = true + endpoint = obs.eu-de.otc.t-systems.com + region = eu-de + acl = private diff --git a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/values.yaml b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/values.yaml index 78f1b6c..ea53801 100644 --- a/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/values.yaml +++ b/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/values.yaml @@ -1,4 +1,4 @@ -# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. +# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. strategy: type: Recreate @@ -17,8 +17,10 @@ postgresql-ha: persistence: enabled: true size: 200Gi + storageClass: csi-disk annotations: everest.io/crypt-key-id: b0e0a24d-d5a6-4a16-b745-8af2ed8bf46d + everest.io/disk-volume-type: GPSSD test: enabled: false @@ -121,7 +123,7 @@ gitea: MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443 STORAGE_TYPE: minio MINIO_LOCATION: eu-de - MINIO_BUCKET: edp-forgejo-forgejo-test + MINIO_BUCKET: "edp-forgejo-forgejo-test" MINIO_USE_SSL: true queue: @@ -136,6 +138,7 @@ gitea: service: DISABLE_REGISTRATION: true + ENABLE_NOTIFY_MAIL: true other: SHOW_FOOTER_VERSION: false diff --git a/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml b/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml index 6d1642d..509b93e 100644 --- a/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml +++ b/otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml @@ -536,108 +536,29 @@ alertmanager: # If you're migrating existing config, please make sure that `.Values.alertmanager.config`: # - with `useManagedConfig: false` has structure described [here](https://prometheus.io/docs/alerting/latest/configuration/). # - with `useManagedConfig: true` has structure described [here](https://docs.victoriametrics.com/operator/api/#vmalertmanagerconfig). - useManagedConfig: false + useManagedConfig: true # -- (object) Alertmanager configuration config: route: - receiver: "blackhole" - # group_by: ["alertgroup", "job"] - # group_wait: 30s - # group_interval: 5m - # repeat_interval: 12h - # routes: - # - # # Duplicate code_owner routes to teams - # # These will send alerts to team channels but continue - # # processing through the rest of the tree to handled by on-call - # - matchers: - # - code_owner_channel!="" - # - severity=~"info|warning|critical" - # group_by: ["code_owner_channel", "alertgroup", "job"] - # receiver: slack-code-owners - # - # # Standard on-call routes - # - matchers: - # - severity=~"info|warning|critical" - # receiver: slack-monitoring - # continue: true - # - # inhibit_rules: - # - target_matchers: - # - severity=~"warning|info" - # source_matchers: - # - severity=critical - # equal: - # - cluster - # - namespace - # - alertname - # - target_matchers: - # - severity=info - # source_matchers: - # - severity=warning - # equal: - # - cluster - # - namespace - # - alertname - # - target_matchers: - # - severity=info - # source_matchers: - # - alertname=InfoInhibitor - # equal: - # - cluster - # - namespace - + receiver: "outlook" + routes: + - matchers: + - alertname=~".*" + receiver: outlook receivers: - - name: blackhole - # - name: "slack-monitoring" - # slack_configs: - # - channel: "#channel" - # send_resolved: true - # title: '{{ template "slack.monzo.title" . }}' - # icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}' - # color: '{{ template "slack.monzo.color" . }}' - # text: '{{ template "slack.monzo.text" . }}' - # actions: - # - type: button - # text: "Runbook :green_book:" - # url: "{{ (index .Alerts 0).Annotations.runbook_url }}" - # - type: button - # text: "Query :mag:" - # url: "{{ (index .Alerts 0).GeneratorURL }}" - # - type: button - # text: "Dashboard :grafana:" - # url: "{{ (index .Alerts 0).Annotations.dashboard }}" - # - type: button - # text: "Silence :no_bell:" - # url: '{{ template "__alert_silence_link" . }}' - # - type: button - # text: '{{ template "slack.monzo.link_button_text" . }}' - # url: "{{ .CommonAnnotations.link_url }}" - # - name: slack-code-owners - # slack_configs: - # - channel: "#{{ .CommonLabels.code_owner_channel }}" - # send_resolved: true - # title: '{{ template "slack.monzo.title" . }}' - # icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}' - # color: '{{ template "slack.monzo.color" . }}' - # text: '{{ template "slack.monzo.text" . }}' - # actions: - # - type: button - # text: "Runbook :green_book:" - # url: "{{ (index .Alerts 0).Annotations.runbook }}" - # - type: button - # text: "Query :mag:" - # url: "{{ (index .Alerts 0).GeneratorURL }}" - # - type: button - # text: "Dashboard :grafana:" - # url: "{{ (index .Alerts 0).Annotations.dashboard }}" - # - type: button - # text: "Silence :no_bell:" - # url: '{{ template "__alert_silence_link" . }}' - # - type: button - # text: '{{ template "slack.monzo.link_button_text" . }}' - # url: "{{ .CommonAnnotations.link_url }}" - # + - name: outlook + email_configs: + - smarthost: 'mail.mms-support.de:465' + auth_username: 'ipcei-cis-devfw@mms-support.de' + auth_password: + name: email-user-credentials + key: connection-string + from: '"IPCEI CIS DevFW" ' + to: 'f9f9953a.mg.telekom.de@de.teams.ms' + headers: + subject: 'Grafana Mail Alerts' + require_tls: false + # -- Better alert templates for [slack source](https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512) monzoTemplate: enabled: true diff --git a/otc/forgejo-test.t09.de/stacks/otc/ingress-nginx.yaml b/otc/forgejo-test.t09.de/stacks/otc/ingress-nginx.yaml index 8cb0c58..d30d858 100644 --- a/otc/forgejo-test.t09.de/stacks/otc/ingress-nginx.yaml +++ b/otc/forgejo-test.t09.de/stacks/otc/ingress-nginx.yaml @@ -18,9 +18,9 @@ spec: name: in-cluster namespace: ingress-nginx sources: - - repoURL: https://edp.buildth.ing/DevFW-CICD/ingress-nginx-helm.git + - repoURL: https://github.com/kubernetes/ingress-nginx.git path: charts/ingress-nginx - targetRevision: helm-chart-4.12.1-depends + targetRevision: helm-chart-4.12.1 helm: valueFiles: - $values/otc/forgejo-test.t09.de/stacks/otc/ingress-nginx/values.yaml