Compare commits
1 commit
865c44aee4
...
ff3db9fb60
Author | SHA1 | Date | |
---|---|---|---|
ff3db9fb60 |
25 changed files with 20 additions and 186 deletions
|
@ -90,7 +90,7 @@ tasks:
|
||||||
{
|
{
|
||||||
"name": "debug",
|
"name": "debug",
|
||||||
"image": "docker.io/library/alpine:3.19.1",
|
"image": "docker.io/library/alpine:3.19.1",
|
||||||
"command": ["/bin/ash"],
|
"command": ["/bin/bash"],
|
||||||
"stdin": true,
|
"stdin": true,
|
||||||
"stdinOnce": true,
|
"stdinOnce": true,
|
||||||
"tty": true,
|
"tty": true,
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
|
||||||
apiVersion: external-secrets.io/v1beta1
|
|
||||||
kind: ExternalSecret
|
|
||||||
metadata:
|
|
||||||
name: forgejo-runner-secret
|
|
||||||
spec:
|
|
||||||
secretStoreRef:
|
|
||||||
kind: ClusterSecretStore
|
|
||||||
name: onepassword-connect
|
|
||||||
target:
|
|
||||||
name: forgejo-runner-secret
|
|
||||||
template:
|
|
||||||
engineVersion: v2
|
|
||||||
data:
|
|
||||||
FORGEJO_INSTANCE_URL: "{{ .forgejo_instance_url }}"
|
|
||||||
RUNNER_NAME: "{{ .runner_name }}"
|
|
||||||
RUNNER_TOKEN: "{{ .runner_token }}"
|
|
||||||
|
|
||||||
dataFrom:
|
|
||||||
- extract:
|
|
||||||
key: forgejo-runner
|
|
|
@ -1,103 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: &app forgejo-runner
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: app-template
|
|
||||||
version: 3.1.0
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: bjw-s
|
|
||||||
namespace: flux-system
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
upgrade:
|
|
||||||
cleanupOnFail: true
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
strategy: rollback
|
|
||||||
values:
|
|
||||||
controllers:
|
|
||||||
forgejo-runner:
|
|
||||||
replicas: 2
|
|
||||||
initContainers:
|
|
||||||
runner-register:
|
|
||||||
image:
|
|
||||||
repository: code.forgejo.org/forgejo/runner
|
|
||||||
tag: 3.4.1
|
|
||||||
command:
|
|
||||||
- "forgejo-runner"
|
|
||||||
- "register"
|
|
||||||
- "--no-interactive"
|
|
||||||
- "--token"
|
|
||||||
- $(RUNNER_TOKEN)
|
|
||||||
- "--name"
|
|
||||||
- $(RUNNER_NAME)
|
|
||||||
- "--instance"
|
|
||||||
- $(FORGEJO_INSTANCE_URL)
|
|
||||||
env:
|
|
||||||
- name: RUNNER_NAME
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: runner-secret
|
|
||||||
key: RUNNER_NAME
|
|
||||||
- name: RUNNER_TOKEN
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: runner-secret
|
|
||||||
key: RUNNER_TOKEN
|
|
||||||
- name: FORGEJO_INSTANCE_URL
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: runner-secret
|
|
||||||
key: FORGEJO_INSTANCE_URL
|
|
||||||
containers:
|
|
||||||
daemon:
|
|
||||||
image:
|
|
||||||
repository: docker
|
|
||||||
tag: 23.0.6-dind
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
env:
|
|
||||||
- name: DOCKER_TLS_CERTDIR
|
|
||||||
value: /certs
|
|
||||||
app:
|
|
||||||
image:
|
|
||||||
repository: code.forgejo.org/forgejo/runner
|
|
||||||
tag: 3.4.1
|
|
||||||
command:
|
|
||||||
- "sh"
|
|
||||||
- "-c"
|
|
||||||
- "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon"
|
|
||||||
env:
|
|
||||||
- name: DOCKER_HOST
|
|
||||||
value: tcp://localhost:2376
|
|
||||||
- name: DOCKER_CERT_PATH
|
|
||||||
value: /certs/client
|
|
||||||
- name: DOCKER_TLS_VERIFY
|
|
||||||
value: "1"
|
|
||||||
annotations:
|
|
||||||
reloader.stakater.com/auto: "true"
|
|
||||||
service:
|
|
||||||
app:
|
|
||||||
controller: forgejo-runner
|
|
||||||
ports:
|
|
||||||
http:
|
|
||||||
port: 45315
|
|
||||||
persistence:
|
|
||||||
docker-certs:
|
|
||||||
name: docker-certs
|
|
||||||
advancedMounts:
|
|
||||||
forgejo-runner:
|
|
||||||
app:
|
|
||||||
- path: /certs
|
|
||||||
runner-data:
|
|
||||||
type: emptyDir
|
|
||||||
globalMounts:
|
|
||||||
- path: /data
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: ci-runners
|
|
||||||
resources:
|
|
||||||
- ./externalsecret.yaml
|
|
||||||
- ./helmrelease.yaml
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app forgejo
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
targetNamespace: ci-runners
|
|
||||||
commonMetadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: *app
|
|
||||||
interval: 10m
|
|
||||||
path: "./kubernetes/apps/ci-runners/forgejo/app"
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: homelab
|
|
||||||
wait: true
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
# Pre Flux-Kustomizations
|
|
||||||
- ./namespace.yaml
|
|
||||||
# Flux-Kustomizations
|
|
||||||
- ./forgejo/ks.yaml
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: ci-runners
|
|
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/prowlarr-develop
|
repository: ghcr.io/onedr0p/prowlarr-develop
|
||||||
tag: 1.17.2.4511@sha256:01dce2a9c0e29a2a5338a9457698ea3e027727bed6b9f0ab7ac4a259cafb991b
|
tag: 1.17.0.4448@sha256:66e786d023cf94a7005b9a9effde9e7e4557e799b3f00cfb7b084f81ba15082c
|
||||||
env:
|
env:
|
||||||
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
|
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
|
||||||
# Ref: https://github.com/dotnet/runtime/issues/9336
|
# Ref: https://github.com/dotnet/runtime/issues/9336
|
||||||
|
|
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/radarr
|
repository: ghcr.io/onedr0p/radarr
|
||||||
tag: 5.6.0.8846@sha256:3c75c2adc6ce547131a74b10fec4e0101658113810dba11b96878a0c3990c641
|
tag: 5.4.6.8723@sha256:3198f09197697a4d57f995650ebf34b57b2fdbb991dac1611ad8356d9e8bda8e
|
||||||
env:
|
env:
|
||||||
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
|
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
|
||||||
# Ref: https://github.com/dotnet/runtime/issues/9336
|
# Ref: https://github.com/dotnet/runtime/issues/9336
|
||||||
|
|
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/tautulli/tautulli
|
repository: ghcr.io/tautulli/tautulli
|
||||||
tag: v2.14.2@sha256:99eba3ba70f9e2531335279f472b3c8f120ebc0e938e42bd98037e35e11d130a
|
tag: v2.13.4@sha256:fb5e22c7a4d9e770703a30d145f355786fecb28dfca6df56c5073c457f3c8a8e
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
command: ["/usr/local/bin/python", "Tautulli.py"]
|
command: ["/usr/local/bin/python", "Tautulli.py"]
|
||||||
|
@ -67,7 +67,7 @@ spec:
|
||||||
jbops:
|
jbops:
|
||||||
image:
|
image:
|
||||||
repository: registry.k8s.io/git-sync/git-sync
|
repository: registry.k8s.io/git-sync/git-sync
|
||||||
tag: v4.2.3@sha256:19cc7c317d125c5737ecb9a9159d00b5d97f39c45225c6483de365d62fc09fa8
|
tag: v4.2.2@sha256:2dc189a0886c0df1b5b0cc816c60b5fe0799230a5bb7e123aa28ff4f74ac988a
|
||||||
env:
|
env:
|
||||||
GITSYNC_REPO: https://github.com/blacktwin/JBOPS
|
GITSYNC_REPO: https://github.com/blacktwin/JBOPS
|
||||||
GITSYNC_REF: master
|
GITSYNC_REF: master
|
||||||
|
|
|
@ -45,7 +45,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/home-assistant/home-assistant
|
repository: ghcr.io/home-assistant/home-assistant
|
||||||
tag: 2024.5.4
|
tag: 2024.5.1
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
HASS_HTTP_TRUSTED_PROXY_1: 10.244.0.0/16
|
HASS_HTTP_TRUSTED_PROXY_1: 10.244.0.0/16
|
||||||
|
|
|
@ -7,7 +7,7 @@ spec:
|
||||||
# nodeName: nenya
|
# nodeName: nenya
|
||||||
containers:
|
containers:
|
||||||
- name: fstrim
|
- name: fstrim
|
||||||
image: ghcr.io/onedr0p/kubanetics:2024.5.3
|
image: ghcr.io/onedr0p/kubanetics:2024.5.0
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
|
command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
|
||||||
|
|
|
@ -33,7 +33,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/kubanetics
|
repository: ghcr.io/onedr0p/kubanetics
|
||||||
tag: 2024.5.3@sha256:502b08ec384c255b4e7a4650397ee2565aedd93eac8095b8e751451b23b099d0
|
tag: 2024.5.0@sha256:2787387cfec563b12b18c2708ac638deaaaa0daa5119b731d8a036e23a9ef43a
|
||||||
env:
|
env:
|
||||||
SCRIPT_NAME: fstrim.sh
|
SCRIPT_NAME: fstrim.sh
|
||||||
probes:
|
probes:
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: kubelet-csr-approver
|
chart: kubelet-csr-approver
|
||||||
version: 1.2.0
|
version: 1.1.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: postfinance
|
name: postfinance
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: reloader
|
chart: reloader
|
||||||
version: 1.0.97
|
version: 1.0.93
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: stakater
|
name: stakater
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: kyverno
|
chart: kyverno
|
||||||
version: 3.2.2
|
version: 3.2.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: kyverno
|
name: kyverno
|
||||||
|
|
|
@ -35,7 +35,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/kubanetics
|
repository: ghcr.io/onedr0p/kubanetics
|
||||||
tag: 2024.5.3@sha256:502b08ec384c255b4e7a4650397ee2565aedd93eac8095b8e751451b23b099d0
|
tag: 2024.5.0@sha256:2787387cfec563b12b18c2708ac638deaaaa0daa5119b731d8a036e23a9ef43a
|
||||||
env:
|
env:
|
||||||
SCRIPT_NAME: alertmanager-silencer.sh
|
SCRIPT_NAME: alertmanager-silencer.sh
|
||||||
ALERTMANAGER_URL: http://alertmanager-operated.observability.svc.cluster.local:9093
|
ALERTMANAGER_URL: http://alertmanager-operated.observability.svc.cluster.local:9093
|
||||||
|
|
|
@ -31,7 +31,7 @@ spec:
|
||||||
init-config:
|
init-config:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/kiwigrid/k8s-sidecar
|
repository: ghcr.io/kiwigrid/k8s-sidecar
|
||||||
tag: 1.27.1@sha256:df71eab1466c67b84e46fa9cd2d84738372377971d44dbb8699ab4483278c839
|
tag: 1.26.1@sha256:b8d5067137fec093cf48670dc3a1dbb38f9e734f3a6683015c2e89a45db5fd16
|
||||||
env:
|
env:
|
||||||
FOLDER: /config
|
FOLDER: /config
|
||||||
LABEL: gatus.io/enabled
|
LABEL: gatus.io/enabled
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: kube-prometheus-stack
|
chart: kube-prometheus-stack
|
||||||
version: 58.6.0
|
version: 58.3.1
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: prometheus-community
|
name: prometheus-community
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: loki
|
chart: loki
|
||||||
version: 6.5.2
|
version: 6.4.2
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: grafana
|
name: grafana
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: thanos
|
chart: thanos
|
||||||
version: 1.17.1
|
version: 1.16.5
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: stevehipwell
|
name: stevehipwell
|
||||||
|
|
|
@ -37,7 +37,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: docker.io/timberio/vector
|
repository: docker.io/timberio/vector
|
||||||
tag: 0.38.0-alpine@sha256:3b95d814fe6eeb32e2864cbcdc541fde4c0368df0e096d201cdadec797550341
|
tag: 0.37.1-alpine@sha256:ced16088cdcfcadd2f471c5760ea3b08bec82b9be00a8b90173b9ade7d001607
|
||||||
env:
|
env:
|
||||||
PROCFS_ROOT: /host/proc
|
PROCFS_ROOT: /host/proc
|
||||||
SYSFS_ROOT: /host/sys
|
SYSFS_ROOT: /host/sys
|
||||||
|
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: docker.io/timberio/vector
|
repository: docker.io/timberio/vector
|
||||||
tag: 0.38.0-alpine@sha256:3b95d814fe6eeb32e2864cbcdc541fde4c0368df0e096d201cdadec797550341
|
tag: 0.37.1-alpine@sha256:ced16088cdcfcadd2f471c5760ea3b08bec82b9be00a8b90173b9ade7d001607
|
||||||
args: ["--config", "/etc/vector/vector.yaml"]
|
args: ["--config", "/etc/vector/vector.yaml"]
|
||||||
pod:
|
pod:
|
||||||
topologySpreadConstraints:
|
topologySpreadConstraints:
|
||||||
|
|
|
@ -68,7 +68,7 @@ spec:
|
||||||
gluetun:
|
gluetun:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/qdm12/gluetun
|
repository: ghcr.io/qdm12/gluetun
|
||||||
tag: latest@sha256:f501359827a9c8523d78add8ce68791a31634c146c8eef0fd8700a68b8160cfd
|
tag: latest@sha256:fab09c582118ab650e7a8b8371ca95ff604376ce0c8fdc346c5fef382afd85d1
|
||||||
env:
|
env:
|
||||||
VPN_SERVICE_PROVIDER: custom
|
VPN_SERVICE_PROVIDER: custom
|
||||||
VPN_TYPE: wireguard
|
VPN_TYPE: wireguard
|
||||||
|
|
|
@ -23,7 +23,7 @@ releases:
|
||||||
- name: kubelet-csr-approver
|
- name: kubelet-csr-approver
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
chart: postfinance/kubelet-csr-approver
|
chart: postfinance/kubelet-csr-approver
|
||||||
version: 1.2.0
|
version: 1.1.0
|
||||||
values: ["../../../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"]
|
values: ["../../../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"]
|
||||||
needs: ["cilium"]
|
needs: ["cilium"]
|
||||||
- name: spegel
|
- name: spegel
|
||||||
|
|
Loading…
Reference in a new issue