Initial upload

otc/observability.buildth.ing/stacks/forgejo/forgejo-server/manifests/forgejo-ingress.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: 512m
+    cert-manager.io/cluster-issuer: main
+
+  name: forgejo-server
+  namespace: gitea
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: observability.buildth.ing
+    http:
+      paths:
+      - backend:
+          service:
+            name: forgejo-server-http
+            port:
+              number: 3000
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - observability.buildth.ing
+    secretName: forgejo-net-tls

otc/observability.buildth.ing/stacks/forgejo/forgejo-server/values.yaml

@@ -0,0 +1,188 @@
+# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. 
+strategy:
+  type: Recreate
+
+redis-cluster:
+  enabled: false
+
+redis:
+  enabled: false
+
+postgresql:
+  enabled: false
+
+postgresql-ha:
+  enabled: false
+
+persistence:
+  enabled: true
+  size: 200Gi
+  annotations:
+    everest.io/crypt-key-id: c02a26f1-3c7e-486d-ba5a-266c321bb203
+
+test:
+  enabled: false
+
+deployment:
+  env:
+    - name: SSL_CERT_DIR
+      value: /etc/ssl/forgejo
+
+extraVolumeMounts:
+  - mountPath: /etc/ssl/forgejo
+    name: custom-database-certs-volume
+    readOnly: true
+
+extraVolumes:
+  - name: custom-database-certs-volume
+    secret:
+      secretName: custom-database-certs
+
+gitea:
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+  additionalConfigFromEnvs:
+    - name: FORGEJO__storage__MINIO_ACCESS_KEY_ID
+      valueFrom:
+        secretKeyRef:
+          name: forgejo-cloud-credentials
+          key: access-key
+    - name: FORGEJO__storage__MINIO_SECRET_ACCESS_KEY
+      valueFrom:
+        secretKeyRef:
+          name: forgejo-cloud-credentials
+          key: secret-key
+    - name: FORGEJO__queue__CONN_STR
+      valueFrom:
+        secretKeyRef:
+          name: redis-forgejo-cloud-credentials
+          key: connection-string
+    - name: FORGEJO__session__PROVIDER_CONFIG
+      valueFrom:
+        secretKeyRef:
+          name: redis-forgejo-cloud-credentials
+          key: connection-string
+    - name: FORGEJO__cache__HOST
+      valueFrom:
+        secretKeyRef:
+          name: redis-forgejo-cloud-credentials
+          key: connection-string
+    - name: FORGEJO__database__HOST
+      valueFrom:
+        secretKeyRef:
+          name: postgres-forgejo-cloud-credentials
+          key: host_port
+    - name: FORGEJO__database__NAME
+      valueFrom:
+        secretKeyRef:
+          name: postgres-forgejo-cloud-credentials
+          key: database
+    - name: FORGEJO__database__USER
+      valueFrom:
+        secretKeyRef:
+          name: postgres-forgejo-cloud-credentials
+          key: username
+    - name: FORGEJO__database__PASSWD
+      valueFrom:
+        secretKeyRef:
+          name: postgres-forgejo-cloud-credentials
+          key: password
+    # Either 'elasticsearch' or 'bleve' (go in memory search engine)
+    - name: FORGEJO__indexer__ISSUE_INDEXER_TYPE
+      valueFrom:
+        secretKeyRef:
+          name: elasticsearch-cloud-credentials
+          key: type
+    - name: FORGEJO__indexer__ISSUE_INDEXER_CONN_STR
+      valueFrom:
+        secretKeyRef:
+          name: elasticsearch-cloud-credentials
+          key: connection-string
+    - name: FORGEJO__indexer__ISSUE_INDEXER_ENABLED
+      valueFrom:
+        secretKeyRef:
+          name: elasticsearch-cloud-credentials
+          key: enabled
+    - name: FORGEJO__mailer__PASSWD
+      valueFrom:
+        secretKeyRef:
+          name: email-user-credentials
+          key: connection-string
+
+  admin:
+    existingSecret: gitea-credential
+
+  config:
+    APP_NAME: 'EDP'
+    APP_SLOGAN: 'Build your thing in minutes'
+    storage:
+      MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
+      STORAGE_TYPE: minio
+      MINIO_LOCATION: eu-de
+      MINIO_BUCKET: edp-forgejo-prod-observability
+      MINIO_USE_SSL: true
+
+    queue:
+      TYPE: redis
+
+    session:
+      PROVIDER: redis
+
+    cache:
+      ENABLED: true
+      ADAPTER: redis
+
+    service:
+      DISABLE_REGISTRATION: true
+
+    other:
+      SHOW_FOOTER_VERSION: false
+      SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
+
+    database:
+      DB_TYPE: postgres
+      SSL_MODE: verify-ca
+
+    server:
+      DOMAIN: 'observability.buildth.ing'
+      ROOT_URL: 'https://observability.buildth.ing:443'
+
+    mailer:
+      ENABLED: true
+      USER: ipcei-cis-devfw@mms-support.de
+      PROTOCOL: smtps
+      FROM: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'
+      SMTP_ADDR: mail.mms-support.de
+      SMTP_PORT: 465
+
+service:
+  ssh:
+    type: LoadBalancer
+    nodePort: 32222
+    externalTrafficPolicy: Cluster
+    annotations:
+      kubernetes.io/elb.id: 3c90c465-804a-4682-ba55-111ce827e69c  
+
+image:
+  pullPolicy: "IfNotPresent"
+  # Overrides the image tag whose default is the chart appVersion.
+  #tag: "8.0.3"
+  # Adds -rootless suffix to image name
+  # rootless: true
+  fullOverride: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/edp-forgejo:v1.1.0-edp-v11.0.3
+
+forgejo:
+  runner:
+    enabled: true
+    image:
+      tag: latest
+    # replicas: 3
+    config:
+      runner:
+        labels:
+          - docker:docker://node:16-bullseye
+          - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+          - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+          - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04