feat: migrate Forgejo to latest chart
Some checks failed
Renovate / renovate (push) Has been cancelled

This commit is contained in:
Peter 2023-12-14 21:51:44 +01:00
parent d8df88b471
commit bc602d34c2
Signed by: prskr
GPG key ID: F56BED6903BC5E37
13 changed files with 1847 additions and 7 deletions

View file

@ -0,0 +1,30 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: dragonfly-system
images:
- name: kube-rbac-proxy
newName: gcr.io/kubebuilder/kube-rbac-proxy
newTag: v0.13.1
- name: dragonfly-operator
newName: docker.dragonflydb.io/dragonflydb/operator
newTag: v1.0.0
resources:
- resources/crd/dragonfly.yaml
- resources/namespace.yaml
- resources/rbac/clusterrole.yaml
- resources/rbac/role.yaml
- resources/rbac/serviceaccount.yaml
- resources/rbac/clusterrolebinding.yaml
- resources/rbac/rolebinding.yaml
- resources/deployment.yaml
- resources/service.yaml
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/part-of: dragonfly-operator

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,102 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: manager
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: controller-manager
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: deployment
app.kubernetes.io/part-of: dragonfly-operator
control-plane: controller-manager
name: dragonfly-operator-controller-manager
namespace: dragonfly-operator-system
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- ppc64le
- s390x
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
image: kube-rbac-proxy
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
command:
- /manager
image: dragonfly-operator
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
securityContext:
runAsNonRoot: true
serviceAccountName: dragonfly-operator-controller-manager
terminationGracePeriodSeconds: 10

View file

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/component: manager
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: system
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: namespace
app.kubernetes.io/part-of: dragonfly-operator
control-plane: controller-manager
name: dragonfly-operator-system

View file

@ -0,0 +1,119 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: dragonfly-operator-manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- dragonflydb.io
resources:
- dragonflies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- dragonflydb.io
resources:
- dragonflies/finalizers
verbs:
- update
- apiGroups:
- dragonflydb.io
resources:
- dragonflies/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kube-rbac-proxy
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: metrics-reader
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrole
app.kubernetes.io/part-of: dragonfly-operator
name: dragonfly-operator-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: kube-rbac-proxy
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: proxy-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrole
app.kubernetes.io/part-of: dragonfly-operator
name: dragonfly-operator-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

View file

@ -0,0 +1,40 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: manager-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: dragonfly-operator
name: dragonfly-operator-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dragonfly-operator-manager-role
subjects:
- kind: ServiceAccount
name: dragonfly-operator-controller-manager
namespace: dragonfly-operator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: kube-rbac-proxy
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: proxy-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: dragonfly-operator
name: dragonfly-operator-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dragonfly-operator-proxy-role
subjects:
- kind: ServiceAccount
name: dragonfly-operator-controller-manager
namespace: dragonfly-operator-system

View file

@ -0,0 +1,45 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: dragonfly-operator
name: dragonfly-operator-leader-election-role
namespace: dragonfly-operator-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

View file

@ -0,0 +1,21 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: leader-election-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: dragonfly-operator
name: dragonfly-operator-leader-election-rolebinding
namespace: dragonfly-operator-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dragonfly-operator-leader-election-role
subjects:
- kind: ServiceAccount
name: dragonfly-operator-controller-manager
namespace: dragonfly-operator-system

View file

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: dragonfly-operator
name: dragonfly-operator-controller-manager
namespace: dragonfly-operator-system

View file

@ -0,0 +1,22 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: kube-rbac-proxy
app.kubernetes.io/created-by: dragonfly-operator
app.kubernetes.io/instance: controller-manager-metrics-service
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: service
app.kubernetes.io/part-of: dragonfly-operator
control-plane: controller-manager
name: dragonfly-operator-controller-manager-metrics-service
namespace: dragonfly-operator-system
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
control-plane: controller-manager

View file

@ -30,9 +30,9 @@ resources:
memory: 512Mi memory: 512Mi
persistence: persistence:
enabled: true mount: true
size: 10Gi create: false
storageClass: hcloud-volumes claimName: data-forgejo-0
gitea: gitea:
additionalConfigSources: additionalConfigSources:
@ -72,6 +72,9 @@ gitea:
DEFAULT_KEEP_EMAIL_PRIVATE: 'true' DEFAULT_KEEP_EMAIL_PRIVATE: 'true'
DEFAULT_ALLOW_CREATE_ORGANIZATION: 'false' DEFAULT_ALLOW_CREATE_ORGANIZATION: 'false'
DEFAULT_USER_IS_RESTRICTED: 'true' DEFAULT_USER_IS_RESTRICTED: 'true'
session:
PROVIDER: redis
PROVIDER_CONFIG: redis://forgejo-session.forgejo.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
storage: storage:
STORAGE_TYPE: minio STORAGE_TYPE: minio
MINIO_ENDPOINT: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com:443 MINIO_ENDPOINT: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com:443
@ -80,7 +83,7 @@ gitea:
MINIO_USE_SSL: 'true' MINIO_USE_SSL: 'true'
MINIO_CHECKSUM_ALGORITHM: md5 MINIO_CHECKSUM_ALGORITHM: md5
attachment: attachment:
ALLOWED_TYPES: .bz2,.gz,.md,.pdf,.tgz,.txt,.zip,.tar.gz,.txt,application/gzip,application/x-gzip,application/x-gtar,application/x-tgz,application/x-compressed-tar,text/plain ALLOWED_TYPES: .bz2,.gz,.md,.pdf,.tgz,.txt,.zip,.tar.gz,.txt,application/gzip,application/x-gzip,application/x-gtar,application/x-tgz,application/x-compressed-tar,text/plain,application/octet-stream
MAX_SIZE: 30 MAX_SIZE: 30
MAX_FILES: 15 MAX_FILES: 15
STORAGE_TYPE: minio STORAGE_TYPE: minio
@ -100,13 +103,26 @@ gitea:
USER: forgejo USER: forgejo
SSL_MODE: require SSL_MODE: require
log_sql: "false" log_sql: "false"
cache:
ENABLED: true
ADAPTER: redis
HOST: redis://forgejo-session.forgejo.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
queue:
TYPE: redis
CONN_STR: redis://forgejo-session.forgejo.svc.cluster.local:6379/0?pool_size=100&idle_timeout=180s&
metrics: metrics:
ENABLED: true ENABLED: true
redis-cluster:
enabled: false
postgresql: postgresql:
enabled: false enabled: false
postgresql-ha:
enabled: false
affinity: affinity:
nodeAffinity: nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:

View file

@ -3,8 +3,11 @@ kind: Kustomization
namespace: forgejo namespace: forgejo
commonLabels: labels:
- includeSelectors: true
pairs:
app.kubernetes.io/managed-by: kustomize app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/part-of: forgejo
images: images:
- name: act_runner - name: act_runner
@ -12,6 +15,7 @@ images:
newTag: "nightly" newTag: "nightly"
resources: resources:
- resources/dragonfly.yml
- resources/runners/act-runner-arm64.yaml - resources/runners/act-runner-arm64.yaml
- resources/runners/act-runner-amd64.yaml - resources/runners/act-runner-amd64.yaml
- resources/runners/cache-pvc.yaml - resources/runners/cache-pvc.yaml
@ -31,7 +35,7 @@ helmCharts:
repo: oci://codeberg.org/forgejo-contrib repo: oci://codeberg.org/forgejo-contrib
releaseName: forgejo releaseName: forgejo
namespace: forgejo namespace: forgejo
version: "0.15.0" version: "1.0.1"
valuesFile: config/values.forgejo.yaml valuesFile: config/values.forgejo.yaml
skipTests: true skipTests: true
apiVersions: apiVersions:

View file

@ -0,0 +1,18 @@
---
apiVersion: dragonflydb.io/v1alpha1
kind: Dragonfly
metadata:
name: forgejo-session
labels:
app.kubernetes.io/name: forgejo-session
app.kubernetes.io/instance: forgejo
app.kubernetes.io/part-of: forgejo
spec:
replicas: 2
resources:
requests:
cpu: 100m
memory: 350Mi
limits:
cpu: 100m
memory: 350Mi