Automated upload for observability.buildth.ing

2026-03-04 09:55:46 +00:00 · 2026-03-04 09:55:46 +00:00 · 464a9eb22e
commit 464a9eb22e
parent f15b30d02c
32 changed files with 890 additions and 118 deletions
--- a/otc/observability.buildth.ing/stacks/forgejo/forgejo-runner/dind-docker.yaml
+++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-runner/dind-docker.yaml
@ -28,7 +28,7 @@ spec:
      # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
      initContainers:
        - name: runner-register
-          image: code.forgejo.org/forgejo/runner:6.4.0
+          image: code.forgejo.org/forgejo/runner:12.6.4
          command:
          - "sh"
          - "-c"
@ -39,7 +39,7 @@ spec:
              --token ${RUNNER_SECRET} \
              --name ${RUNNER_NAME} \
              --instance ${FORGEJO_INSTANCE_URL} \
-              --labels docker:docker://node:20-bookworm,ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04,ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+              --labels docker:docker://node:24-bookworm,ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04,ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-24.04,ubuntu-24.04:docker://ghcr.io/catthehacker/ubuntu:act-24.04
          env:
            - name: RUNNER_NAME
              valueFrom:
@ -57,8 +57,8 @@ spec:
              mountPath: /data
      containers:
      - name: runner
-        image: code.forgejo.org/forgejo/runner:6.4.0
-        command: 
+        image: code.forgejo.org/forgejo/runner:12.6.4
+        command:
          - "sh"
          - "-c"
          - |
--- a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server.yaml
+++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server.yaml
@ -20,7 +20,7 @@ spec:
  sources:
    - repoURL: https://code.forgejo.org/forgejo-helm/forgejo-helm.git
      path: .
-      targetRevision: v12.0.0
+      targetRevision: v16.2.0
      helm:
        valueFiles:
          - $values/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml
--- a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
+++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
@ -5,50 +5,58 @@ metadata:
  namespace: gitea
 spec:
  schedule: "0 1 * * *"
+  concurrencyPolicy: "Forbid"
+  successfulJobsHistoryLimit: 5
+  failedJobsHistoryLimit: 5
+  startingDeadlineSeconds: 600 # 10 minutes
  jobTemplate:
    spec:
+      # 60 min until backup - 10 min start - (backoffLimit * activeDeadlineSeconds) - some time sync buffer
+      activeDeadlineSeconds: 1350
+      backoffLimit: 2
+      ttlSecondsAfterFinished: 259200 #
      template:
        spec:
          containers:
-          - name: rclone
-            image: rclone/rclone:1.70
-            imagePullPolicy: IfNotPresent
-            env:
-            - name: SOURCE_BUCKET
-              valueFrom:
-                secretKeyRef:
-                  name: forgejo-cloud-credentials
-                  key: bucket-name
-            - name: AWS_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: forgejo-cloud-credentials
-                  key: access-key
-            - name: AWS_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: forgejo-cloud-credentials
-                  key: secret-key
-            volumeMounts:
-            - name: rclone-config
-              mountPath: /config/rclone
-              readOnly: true
-            - name: backup-dir
-              mountPath: /backup
-              readOnly: false
-            command:
-            - /bin/sh
-            - -c
-            - |
-              rclone sync source:/${SOURCE_BUCKET} /backup -v --ignore-checksum
+            - name: rclone
+              image: rclone/rclone:1.70
+              imagePullPolicy: IfNotPresent
+              env:
+                - name: SOURCE_BUCKET
+                  valueFrom:
+                    secretKeyRef:
+                      name: forgejo-cloud-credentials
+                      key: bucket-name
+                - name: AWS_ACCESS_KEY_ID
+                  valueFrom:
+                    secretKeyRef:
+                      name: forgejo-cloud-credentials
+                      key: access-key
+                - name: AWS_SECRET_ACCESS_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      name: forgejo-cloud-credentials
+                      key: secret-key
+              volumeMounts:
+                - name: rclone-config
+                  mountPath: /config/rclone
+                  readOnly: true
+                - name: backup-dir
+                  mountPath: /backup
+                  readOnly: false
+              command:
+                - /bin/sh
+                - -c
+                - |
+                  rclone sync source:/${SOURCE_BUCKET} /backup -v --ignore-checksum
          restartPolicy: OnFailure
          volumes:
-          - name: rclone-config
-            secret:
-              secretName: forgejo-s3-backup
-          - name: backup-dir
-            persistentVolumeClaim:
-              claimName: s3-backup
+            - name: rclone-config
+              secret:
+                secretName: forgejo-s3-backup
+            - name: backup-dir
+              persistentVolumeClaim:
+                claimName: s3-backup
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@ -56,7 +64,7 @@ metadata:
  name: s3-backup
  namespace: gitea
  annotations:
-    everest.io/disk-volume-type: SATA
+    everest.io/disk-volume-type: GPSSD
    everest.io/crypt-key-id: c02a26f1-3c7e-486d-ba5a-266c321bb203
 spec:
  storageClassName: csi-disk
@ -64,7 +72,7 @@ spec:
    - ReadWriteOnce
  resources:
    requests:
-      storage: 50Gi
+      storage: 100Gi
 ---
 apiVersion: v1
 kind: Secret
--- a/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml
+++ b/otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml
@ -1,4 +1,4 @@
-# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. 
+# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant.
 strategy:
  type: Recreate

@ -166,7 +166,7 @@ service:
    nodePort: 32222
    externalTrafficPolicy: Cluster
    annotations:
-      kubernetes.io/elb.id: 3c90c465-804a-4682-ba55-111ce827e69c  
+      kubernetes.io/elb.id: 3c90c465-804a-4682-ba55-111ce827e69c

 image:
  pullPolicy: "IfNotPresent"
@ -177,15 +177,16 @@ image:
  fullOverride: edp.buildth.ing/devfw-cicd/edp-forgejo:v11.0.3-edp1

 forgejo:
-  runner:
-    enabled: true
-    image:
-      tag: latest
-    # replicas: 3
-    config:
-      runner:
-        labels:
-          - docker:docker://node:16-bullseye
-          - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
-          - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
-          - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+  # This appears to be governed by forgejo-runner, as intuition would suggest
+  # runner:
+  #   enabled: true
+  #   image:
+  #     tag: latest
+  #   # replicas: 3
+  #   config:
+  #     runner:
+  #       labels:
+  #         - docker:docker://node:16-bullseye
+  #         - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+  #         - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+  #         - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04