DevFW-CICD/stacks-instances
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial upload

Browse source
This commit is contained in:
Automated pipeline 2025-06-27 12:14:12 +00:00 committed by Actions pipeline
parent 169d4fb43d
commit 1764a29a63
2128 changed files with 116 additions and 323442 deletions
Download patch file Download diff file Expand all files Collapse all files

3
otc/stacks/core/argocd.yaml
View file

@ -30,3 +30,6 @@ spec:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc//stacks/core/argocd/manifests"

6
otc/stacks/core/ingress-apps/argocd-server.yaml → otc/stacks/core/argocd/manifests/argocd-server-ingress.yaml
View file

@ -11,7 +11,7 @@ metadata:
spec:
ingressClassName: nginx
rules:
- host:
- host: argocd.
http:
paths:
- backend:
@ -19,9 +19,9 @@ spec:
name: argocd-server
port:
number: 80
path: /argocd
path: /
pathType: Prefix
tls:
- hosts:
-
- argocd.
secretName: argocd-net-tls

6
otc/stacks/core/argocd/values.yaml
View file

@ -1,11 +1,9 @@
global:
domain:
domain: argocd.
configs:
params:
server.insecure: true
server.basehref: /argocd
server.rootpath: /argocd
cm:
application.resourceTrackingMethod: annotation
timeout.reconciliation: 60s
@ -21,7 +19,7 @@ configs:
clusters:
- "*"
accounts.provider-argocd: apiKey
url: https:///argocd
url: https://argocd.
rbac:
policy.csv: 'g, provider-argocd, role:admin'

67
otc/stacks/core/forgejo/values.yaml
View file

@ -1,67 +0,0 @@
redis-cluster:
enabled: true
postgresql:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: true
size: 5Gi
test:
enabled: false
gitea:
admin:
existingSecret: gitea-credential
config:
service:
DISABLE_REGISTRATION: true
other:
SHOW_FOOTER_VERSION: false
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
database:
DB_TYPE: sqlite3
session:
PROVIDER: memory
cache:
ADAPTER: memory
queue:
TYPE: level
server:
DOMAIN: 'gitea.'
ROOT_URL: 'https://gitea.:443'
mailer:
ENABLED: true
FROM: forgejo@gitea.
PROTOCOL: smtp
SMTP_ADDR: mailhog.mailhog.svc.cluster.local
SMTP_PORT: 1025
service:
ssh:
type: NodePort
nodePort: 32222
externalTrafficPolicy: Local
image:
pullPolicy: "IfNotPresent"
# Overrides the image tag whose default is the chart appVersion.
#tag: "8.0.3"
# Adds -rootless suffix to image name
rootless: true
forgejo:
runner:
enabled: true
image:
tag: latest
# replicas: 3
config:
runner:
labels:
- docker:docker://node:16-bullseye
- self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04

24
otc/stacks/core/ingress-apps.yaml
View file

@ -1,24 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-apps
namespace: argocd
labels:
example: ref-implementation
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: "https://kubernetes.default.svc"
source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc//stacks/core/ingress-apps"
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1

31
otc/stacks/core/ingress-apps/argo-workflows-ingress.yaml
View file

@ -1,31 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: "true"
name: argo-workflows-ingress
namespace: argo
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- backend:
service:
name: argo-server
port:
name: web
path: /argo-workflows(/|$)(.*)
pathType: ImplementationSpecific
- host:
http:
paths:
- backend:
service:
name: argo-server
port:
name: web
path: /argo-workflows(/|$)(.*)
pathType: ImplementationSpecific

28
otc/stacks/core/ingress-apps/backstage.yaml
View file

@ -1,28 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: backstage
namespace: backstage
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- backend:
service:
name: backstage
port:
name: http
path: /
pathType: Prefix
- host:
http:
paths:
- backend:
service:
name: backstage
port:
name: http
path: /
pathType: Prefix

28
otc/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml
View file

@ -1,28 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-ingress-localhost
namespace: keycloak
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- backend:
service:
name: keycloak
port:
name: http
path: /keycloak
pathType: ImplementationSpecific
- host:
http:
paths:
- backend:
service:
name: keycloak
port:
name: http
path: /keycloak
pathType: ImplementationSpecific

18
otc/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml
View file

@ -1,18 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kube-prometheus-stack-grafana
namespace: monitoring
spec:
ingressClassName: nginx
rules:
- host:
http:
paths:
- backend:
service:
name: kube-prometheus-stack-grafana
port:
number: 80
path: /grafana
pathType: Prefix

18
otc/stacks/core/ingress-apps/mailhog.yaml
View file

@ -1,18 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mailhog
namespace: mailhog
spec:
ingressClassName: nginx
rules:
- host:
http:
paths:
- backend:
service:
name: mailhog
port:
number: 8025
path: /mailhog
pathType: Prefix

19
otc/stacks/core/ingress-apps/openbao.yaml
View file

@ -1,19 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: openbao
namespace: openbao
spec:
ingressClassName: nginx
rules:
- host: openbao.
http:
paths:
- backend:
service:
name: openbao
port:
number: 8200
path: /
pathType: Prefix

2
otc/stacks/core/forgejo-runner.yaml → otc/stacks/forgejo/forgejo-runner.yaml
View file

@ -21,4 +21,4 @@ spec:
source:
repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc//stacks/core/forgejo-runner"
path: "otc//stacks/forgejo/forgejo-runner"

2
otc/stacks/core/forgejo-runner/dind-docker.yaml → otc/stacks/forgejo/forgejo-runner/dind-docker.yaml
View file

@ -51,7 +51,7 @@ spec:
name: forgejo-runner-token
key: token
- name: FORGEJO_INSTANCE_URL
value: https://gitea.
value: https://
volumeMounts:
- name: runner-data
mountPath: /data

38
otc/stacks/forgejo/forgejo-server.yaml Normal file
View file

@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-server
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: -1
destination:
name: in-cluster
namespace: gitea
sources:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
path: .
# first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml
# (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file)
# then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0):
# https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0
# finally update the desired version here and include "-depends", it is created by the devops pipeline.
# why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies
targetRevision: v9.0.0-depends
helm:
valueFiles:
- $values/otc//stacks/forgejo/forgejo-server/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc//stacks/forgejo/forgejo-server/manifests"

8
otc/stacks/core/ingress-apps/forgejo.yaml → otc/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml
View file

@ -6,22 +6,22 @@ metadata:
nginx.ingress.kubernetes.io/proxy-body-size: 512m
cert-manager.io/cluster-issuer: main
name: forgejo
name: forgejo-server
namespace: gitea
spec:
ingressClassName: nginx
rules:
- host: gitea.
- host:
http:
paths:
- backend:
service:
name: forgejo-http
name: forgejo-server-http
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- gitea.
-
secretName: forgejo-net-tls

175
otc/stacks/forgejo/forgejo-server/values.yaml Normal file
View file

@ -0,0 +1,175 @@
# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.
strategy:
type: Recreate
redis-cluster:
enabled: false
redis:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false
persistence:
enabled: true
size: 200Gi
annotations:
everest.io/crypt-key-id:
test:
enabled: false
deployment:
env:
- name: SSL_CERT_DIR
value: /etc/ssl/forgejo
extraVolumeMounts:
- mountPath: /etc/ssl/forgejo
name: custom-database-certs-volume
readOnly: true
extraVolumes:
- name: custom-database-certs-volume
secret:
secretName: custom-database-certs
gitea:
additionalConfigFromEnvs:
- name: FORGEJO__storage__MINIO_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: access-key
- name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: forgejo-cloud-credentials
key: secret-key
- name: FORGEJO__queue__CONN_STR
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__session__PROVIDER_CONFIG
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__cache__HOST
valueFrom:
secretKeyRef:
name: redis-forgejo-cloud-credentials
key: connection-string
- name: FORGEJO__database__HOST
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: host_port
- name: FORGEJO__database__NAME
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: database
- name: FORGEJO__database__USER
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: username
- name: FORGEJO__database__PASSWD
valueFrom:
secretKeyRef:
name: postgres-forgejo-cloud-credentials
key: password
- name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR
valueFrom:
secretKeyRef:
name: elasticsearch-cloud-credentials
key: connection-string
- name: FORGEJO__mailer__PASSWD
valueFrom:
secretKeyRef:
name: email-user-credentials
key: connection-string
admin:
existingSecret: gitea-credential
config:
indexer:
ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: elasticsearch
# TODO next
REPO_INDEXER_ENABLED: false
# REPO_INDEXER_TYPE: meilisearch # not yet working
storage:
MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
STORAGE_TYPE: minio
MINIO_LOCATION: eu-de
MINIO_BUCKET: edp-forgejo-dns_zone
MINIO_USE_SSL: true
queue:
TYPE: redis
session:
PROVIDER: redis
cache:
ENABLED: true
ADAPTER: redis
service:
DISABLE_REGISTRATION: true
other:
SHOW_FOOTER_VERSION: false
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
database:
DB_TYPE: postgres
SSL_MODE: verify-ca
server:
DOMAIN: ''
ROOT_URL: 'https://:443'
mailer:
ENABLED: true
USER: ipcei-cis-devfw@mms-support.de
PROTOCOL: smtps
FROM: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'
SMTP_ADDR: mail.mms-support.de
SMTP_PORT: 465
service:
ssh:
type: NodePort
nodePort: 32222
externalTrafficPolicy: Local
image:
pullPolicy: "IfNotPresent"
# Overrides the image tag whose default is the chart appVersion.
#tag: "8.0.3"
# Adds -rootless suffix to image name
rootless: true
forgejo:
runner:
enabled: true
image:
tag: latest
# replicas: 3
config:
runner:
labels:
- docker:docker://node:16-bullseye
- self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
- ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04

12
otc/stacks/core/forgejo.yaml → otc/stacks/observability-client/metrics-server.yaml
View file

@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo
name: metrics-server
namespace: argocd
labels:
env: dev
@ -16,14 +16,14 @@ spec:
limit: -1
destination:
name: in-cluster
namespace: gitea
namespace: observability
sources:
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
path: .
targetRevision: v12.0.0-depends
- chart: metrics-server
repoURL: https://kubernetes-sigs.github.io/metrics-server/
targetRevision: 3.12.2
helm:
valueFiles:
- $values/otc//stacks/core/forgejo/values.yaml
- $values/otc//stacks/observability-client/metrics-server/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

4
otc/stacks/observability-client/metrics-server/values.yaml Normal file
View file

@ -0,0 +1,4 @@
metrics:
enabled: true
serviceMonitor:
enabled: true

4
otc/stacks/core/vector.yaml → otc/stacks/observability-client/vector.yaml
View file

@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
name: vector
namespace: argocd
labels:
env: dev
@ -23,7 +23,7 @@ spec:
targetRevision: 0.43.0
helm:
valueFiles:
- $values/otc//stacks/core/vector/values.yaml
- $values/otc//stacks/observability-client/vector/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values

34
otc/stacks/core/vector/values.yaml → otc/stacks/observability-client/vector/values.yaml
View file

@ -6,6 +6,17 @@ args:
- -w
- --config-dir
- /etc/vector/
env:
- name: VECTOR_USER
valueFrom:
secretKeyRef:
name: simple-user-secret
key: username
- name: VECTOR_PASSWORD
valueFrom:
secretKeyRef:
name: simple-user-secret
key: password
containerPorts:
- name: prom-exporter
containerPort: 9090
@ -28,18 +39,20 @@ customConfig:
type: remap
inputs: [k8s]
source: |
.log = parse_json(.message) ?? .message
._msg = parse_json(.message) ?? .message
del(.message)
# Add the cluster environment to the log event
.cluster_environment = "dns_zone"
sinks:
exporter:
type: prometheus_exporter
address: 0.0.0.0:9090
inputs: [internal_metrics]
vlogs:
type: elasticsearch
inputs: [parser]
endpoints:
- http://vlogs-victorialogs:9428/insert/elasticsearch/
- https://o12y.observability./insert/elasticsearch/
auth:
strategy: basic
user: ${VECTOR_USER}
password: ${VECTOR_PASSWORD}
mode: bulk
api_version: v8
compression: gzip
@ -47,8 +60,9 @@ customConfig:
enabled: false
request:
headers:
VL-Time-Field: timestamp
VL-Stream-Fields: stream,kubernetes.pod_name,kubernetes.container_name,kubernetes.pod_namespace
VL-Msg-Field: message,msg,_msg,log.msg,log.message,log
AccountID: "0"
ProjectID: "0"
ProjectID: "0"
query:
_msg_field: _msg
_time_field: _time
_stream_fields: cluster_environment,kubernetes.container_name,kubernetes.namespace

30
otc/stacks/observability-client/vm-client-stack.yaml Normal file
View file

@ -0,0 +1,30 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vm-client
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
name: in-cluster
namespace: observability
sources:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
helm:
valueFiles:
- $values/otc//stacks/observability-client/vm-client-stack/values.yaml
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
ref: values
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc//stacks/observability-client/vm-client-stack/manifests"

9
otc/stacks/observability-client/vm-client-stack/manifests/simple-user-secret.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: simple-user-secret
namespace: observability
type: Opaque
stringData:
username: simple-user
password: simple-password

1288
otc/stacks/observability-client/vm-client-stack/values.yaml Normal file
View file

File diff suppressed because it is too large Load diff

25
otc/stacks/observability/grafana-operator.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grafana-operator
namespace: argocd
labels:
env: dev
spec:
project: default
syncPolicy:
automated:
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
destination:
name: in-cluster
namespace: observability
sources:
- chart: grafana-operator
repoURL: ghcr.io/grafana/helm-charts
targetRevision: v5.18.0
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
targetRevision: HEAD
path: "otc//stacks/observability/grafana-operator/manifests"

9
otc/stacks/observability/grafana-operator/manifests/argocd.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: argocd
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json"

36
otc/stacks/observability/grafana-operator/manifests/grafana.yaml Normal file
View file

@ -0,0 +1,36 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: Grafana
metadata:
name: grafana
labels:
dashboards: "grafana"
spec:
persistentVolumeClaim:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
ingress:
metadata:
annotations:
cert-manager.io/cluster-issuer: main
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
rules:
- host: grafana.
http:
paths:
- backend:
service:
name: grafana-service
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- grafana.
secretName: grafana-net-tls

9
otc/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: ingress-nginx
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json"

9
otc/stacks/observability/grafana-operator/manifests/victoria-logs.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: victoria-logs
spec:
instanceSelector:
matchLabels:
dashboards: "grafana"
url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json"

4
otc/stacks/observability/victoria-k8s-stack.yaml
View file

@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: victoria-k8s-stack
name: o12y
namespace: argocd
labels:
env: dev
@ -12,6 +12,7 @@ spec:
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
destination:
name: in-cluster
namespace: observability
@ -19,7 +20,6 @@ spec:
- chart: victoria-metrics-k8s-stack
repoURL: https://victoriametrics.github.io/helm-charts/
targetRevision: 0.48.1
releaseName: victoria
helm:
valueFiles:
- $values/otc//stacks/observability/victoria-k8s-stack/values.yaml

3
otc/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
View file

@ -6,6 +6,9 @@ metadata:
spec:
retentionPeriod: "12"
removePvcAfterDelete: true
storageMetadata:
annotations:
everest.io/crypt-key-id:
storage:
accessModes:
- ReadWriteOnce

15
otc/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMUser
metadata:
name: simple-user
namespace: observability
spec:
username: simple-user
password: simple-password
targetRefs:
- static:
url: http://vmsingle-o12y:8429
paths: ["/api/v1/write"]
- static:
url: http://vlogs-victorialogs:9428
paths: ["/insert/elasticsearch/.*"]

84
otc/stacks/observability/victoria-k8s-stack/values.yaml
View file

@ -14,13 +14,13 @@ global:
# -- Override chart name
nameOverride: ""
# -- Resource full name override
fullnameOverride: ""
fullnameOverride: "o12y"
# -- Tenant to use for Grafana datasources and remote write
tenant: "0"
# -- If this chart is used in "Argocd" with "releaseName" field then
# VMServiceScrapes couldn't select the proper services.
# For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME'
argocdReleaseOverride: ""
argocdReleaseOverride: "o12y"
# -- VictoriaMetrics Operator dependency chart configuration. More values can be found [here](https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters). Also checkout [here](https://docs.victoriametrics.com/operator/vars) possible ENV variables to configure operator behaviour
victoria-metrics-operator:
@ -50,7 +50,7 @@ defaultDashboards:
annotations: {}
grafanaOperator:
# -- Create dashboards as CRDs (requires grafana-operator to be installed)
enabled: false
enabled: true
spec:
instanceSelector:
matchLabels:
@ -286,6 +286,9 @@ vmsingle:
retentionPeriod: "1"
replicaCount: 1
extraArgs: {}
storageMetadata:
annotations:
everest.io/crypt-key-id:
storage:
accessModes:
- ReadWriteOnce
@ -346,7 +349,7 @@ vmcluster:
spec:
resources:
requests:
storage: 10Gi
storage: 10Gi
resources:
{}
# limits:
@ -749,7 +752,7 @@ vmalert:
vmauth:
# -- Enable VMAuth CR
enabled: false
enabled: true
# -- VMAuth annotations
annotations: {}
# -- (object) Full spec for VMAuth CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmauthspec)
@ -758,23 +761,21 @@ vmauth:
# * `{{ .vm.write }}` - parsed vminsert, vmsingle or external.vm.write URL
spec:
port: "8427"
unauthorizedUserAccessSpec:
# -- Flag, that allows to disable default VMAuth unauthorized user access config
disabled: false
discover_backend_ips: true
url_map:
- src_paths:
- '{{ .vm.read.path }}/.*'
url_prefix:
- '{{ urlJoin (omit .vm.read "path") }}/'
- src_paths:
- '{{ .vm.write.path }}/.*'
url_prefix:
- '{{ urlJoin (omit .vm.write "path") }}/'
ingress:
class_name: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: main
host: o12y.observability.
tlsHosts:
- o12y.observability.
tlsSecretName: vmauth-tls-secret
unauthorizedUserAccessSpec: {}
selectAllByDefault: true
vmagent:
# -- Create VMAgent CR
enabled: true
enabled: false
# -- VMAgent annotations
annotations: {}
# -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec)
@ -828,9 +829,14 @@ vmagent:
defaultDatasources:
grafanaOperator:
# -- Create datasources as CRDs (requires grafana-operator to be installed)
enabled: false
enabled: true
annotations: {}
spec:
plugins:
- name: victoriametrics-metrics-datasource
version: 0.16.0
- name: victoriametrics-logs-datasource
version: 0.17.0
instanceSelector:
matchLabels:
dashboards: grafana
@ -863,16 +869,26 @@ defaultDatasources:
# -- Configure additional grafana datasources (passed through tpl).
# Check [here](http://docs.grafana.org/administration/provisioning/#datasources) for details
extra:
- name: victoria-logs
- name: VictoriaLogs
access: proxy
type: VictoriaLogs
type: victoriametrics-logs-datasource
url: http://vlogs-victorialogs:9428
version: 1
version: 0.18.0
# -- Grafana dependency chart configuration. For possible values refer [here](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration)
grafana:
enabled: true
enabled: false
# all values for grafana helm chart can be specified here
persistence:
enabled: true
type: pvc
storageClassName: "default"
grafana.ini:
# auth:
# login_maximum_inactive_lifetime_duration: 0
# login_maximum_lifetime_duration: 0
security:
disable_brute_force_login_protection: true
sidecar:
datasources:
enabled: true
@ -887,14 +903,26 @@ grafana:
enabled: true
multicluster: false
# dashboards:
# default:
# victoria-logs:
# url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json"
# victoria-logs-explorer:
# url: "https://grafana.com/api/dashboards/22759/revisions/6/download"
# ingress-nginx:
# url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json"
# argocd:
# url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json"
# -- Create datasource configmap even if grafana deployment has been disabled
forceDeployDatasource: false
forceDeployDatasource: true
# Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana:
# Note that Grafana will need internet access to install the datasource plugin.
#
# plugins:
# - victoriametrics-metrics-datasource
plugins:
- victoriametrics-metrics-datasource
- victoriametrics-logs-datasource
ingress:
enabled: false

1
otc/stacks/otc/cert-manger.yaml
View file

@ -21,7 +21,6 @@ spec:
- chart: cert-manager
repoURL: https://charts.jetstack.io
targetRevision: v1.17.2
releaseName: cert-manager
helm:
valueFiles:
- $values/otc//stacks/otc/cert-manager/values.yaml

2
otc/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml
View file

@ -20,7 +20,7 @@ metadata:
backstage.io/kubernetes-namespace: default
argocd/app-name: ${{values.name | dump}}
links:
- url: https://gitea.:443
- url: https://:443
title: Repo URL
icon: github
spec:

4
otc/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml
View file

@ -100,7 +100,7 @@ spec:
input:
description: This is an example app
# Hard coded value for this demo purposes only.
repoUrl: gitea.:443/?repo=${{parameters.name}}
repoUrl: :443/?repo=${{parameters.name}}
defaultBranch: main
- id: create-argocd-app
name: Create ArgoCD App
@ -111,7 +111,7 @@ spec:
argoInstance: in-cluster
projectName: default
# necessary until we generate our own cert
repoUrl: https://gitea.:443/giteaAdmin/${{parameters.name}}
repoUrl: https://:443/giteaAdmin/${{parameters.name}}
path: "kustomize/base"
- id: register
name: Register

2
otc/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml
View file

@ -14,7 +14,7 @@ metadata:
apache-spark.cnoe.io/label-selector: env=dev,entity-id=${{values.name}}
apache-spark.cnoe.io/cluster-name: local
links:
- url: https://gitea.:443
- url: https://:443
title: Repo URL
icon: github
spec:

4
otc/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml
View file

@ -35,7 +35,7 @@ spec:
input:
description: This is an example app
# Hard coded value for this demo purposes only.
repoUrl: gitea.:443/?repo=${{parameters.name}}
repoUrl: :443/?repo=${{parameters.name}}
defaultBranch: main
- id: create-argocd-app
name: Create ArgoCD App
@ -46,7 +46,7 @@ spec:
argoInstance: in-cluster
projectName: default
# necessary until we generate our own cert
repoUrl: https://gitea.:443/giteaAdmin/${{parameters.name}}
repoUrl: https://:443/giteaAdmin/${{parameters.name}}
path: "manifests"
- id: register
name: Register

2
otc/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml
View file

@ -10,7 +10,7 @@ metadata:
backstage.io/kubernetes-namespace: default
argocd/app-name: ${{values.name | dump}}
links:
- url: https://gitea.:443
- url: https://:443
title: Repo URL
icon: github
spec:

4
otc/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml
View file

@ -31,7 +31,7 @@ spec:
input:
description: This is an example app
# Hard coded value for this demo purposes only.
repoUrl: gitea.:443/?repo=${{parameters.name}}
repoUrl: :443/?repo=${{parameters.name}}
defaultBranch: main
- id: create-argocd-app
name: Create ArgoCD App
@ -42,7 +42,7 @@ spec:
argoInstance: in-cluster
projectName: default
# necessary until we generate our own cert
repoUrl: https://gitea.:443/giteaAdmin/${{parameters.name}}
repoUrl: https://:443/giteaAdmin/${{parameters.name}}
path: "manifests"
- id: register
name: Register

4
otc/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml
View file

@ -9,7 +9,7 @@ metadata:
backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}'
backstage.io/kubernetes-namespace: gitea
links:
- url: https://gitea.:443
- url: https://:443
title: Repo URL
icon: git
spec:
@ -26,7 +26,7 @@ metadata:
annotations:
backstage.io/techdocs-ref: dir:.
links:
- url: https://gitea.:443
- url: https://:443
title: Gitea Repo
icon: git
spec:

2
otc/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml
View file

@ -33,7 +33,7 @@ spec:
name: Publish to Gitea
action: publish:gitea
input:
repoUrl: gitea.:443/?repo=${{parameters.name}}
repoUrl: :443/?repo=${{parameters.name}}
description: This is the repository for ${{ parameters.name }}
sourcePath: ./skeleton
defaultBranch: main

2
otc/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml vendored
View file

@ -33,7 +33,7 @@ jobs:
#run: ./mvnw spring-boot:build-image # the original image build
run: |
export CONTAINER_REPO=$(echo {% raw %}${{ env.GITHUB_REPOSITORY }}{% endraw %} | tr '[:upper:]' '[:lower:]')
./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage=gitea./${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ secrets.PACKAGES_USER }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} -Djib.from.platforms=linux/arm64,linux/amd64
./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage=/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ secrets.PACKAGES_USER }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} -Djib.from.platforms=linux/arm64,linux/amd64
- name: Build image as tar
run: |
./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:buildTar -Djib.allowInsecureRegistries=true

4
otc/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml
View file

@ -9,7 +9,7 @@ metadata:
backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}'
backstage.io/kubernetes-namespace: gitea
links:
- url: https://gitea.:443
- url: https://:443
title: Repo URL
icon: git
spec:
@ -26,7 +26,7 @@ metadata:
annotations:
backstage.io/techdocs-ref: dir:.
links:
- url: https://gitea.:443
- url: https://:443
title: Gitea Repo
icon: git
spec:

2
otc/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml
View file

@ -58,7 +58,7 @@ spec:
spec:
containers:
- name: workload
image: gitea./giteaadmin/${{ values.name }}
image: /giteaadmin/${{ values.name }}
env:
- name: SPRING_PROFILES_ACTIVE
value: postgres

4
otc/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml
View file

@ -50,7 +50,7 @@ spec:
name: Publish to Gitea
action: publish:gitea
input:
repoUrl: gitea.:443/?repo=${{parameters.name}}
repoUrl: :443/?repo=${{parameters.name}}
description: This is the repository for ${{ parameters.name }}
sourcePath: ./
defaultBranch: main
@ -64,7 +64,7 @@ spec:
argoInstance: in-cluster
projectName: default
# necessary until we generate our own cert
repoUrl: https://gitea.:443/giteaAdmin/${{parameters.name}}
repoUrl: https://:443/giteaAdmin/${{parameters.name}}
path: "k8s"
- id: register

8
otc/stacks/ref-implementation/backstage/manifests/install.yaml
View file

@ -106,12 +106,12 @@ data:
integrations:
gitea:
- baseUrl: https://gitea.:443
host: gitea.:443
- baseUrl: https://:443
host: :443
username: ${GITEA_USERNAME}
password: ${GITEA_PASSWORD}
- baseUrl: https://gitea.
host: gitea.
- baseUrl: https://
host:
username: ${GITEA_USERNAME}
password: ${GITEA_PASSWORD}
- baseUrl: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live

2
otc/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
View file

@ -270,7 +270,7 @@ data:
"rootUrl": "",
"baseUrl": "",
"redirectUris": [
"https://gitea./*"
"https:///*"
],
"webOrigins": [
"/*"