Automated upload for forgejo-test.t09.de

otc/forgejo-test.t09.de/stacks/core/argocd.yaml

@@ -18,12 +18,12 @@ spec:
     name: in-cluster
     namespace: argocd
   sources:
-    - repoURL: https://edp.buildth.ing/DevFW-CICD/argocd-helm.git
+    - repoURL: https://github.com/argoproj/argo-helm.git
       path: charts/argo-cd
       # TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged
       # As logout make problems, it is suggested to switch from path based routing to an own argocd domain,
       # similar to the CNOE amazon reference implementation and in our case, Forgejo
-      targetRevision: argo-cd-7.8.14-depends
+      targetRevision: argo-cd-7.8.28
       helm:
         valueFiles:
           - $values/otc/forgejo-test.t09.de/stacks/core/argocd/values.yaml

otc/forgejo-test.t09.de/stacks/forgejo/forgejo-runner/dind-docker.yaml

@@ -7,7 +7,7 @@ metadata:
   namespace: gitea
 spec:
   # Two replicas means that if one is busy, the other can pick up jobs.
-  replicas: 1
+  replicas: 3
   selector:
     matchLabels:
       app: forgejo-runner
@@ -28,7 +28,7 @@ spec:
       # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
       initContainers:
         - name: runner-register
-          image: code.forgejo.org/forgejo/runner:6.3.1
+          image: code.forgejo.org/forgejo/runner:6.4.0
           command:
           - "sh"
           - "-c"
@@ -57,7 +57,7 @@ spec:
               mountPath: /data
       containers:
       - name: runner
-        image: code.forgejo.org/forgejo/runner:6.3.1
+        image: code.forgejo.org/forgejo/runner:6.4.0
         command: 
           - "sh"
           - "-c"

otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server.yaml

@@ -18,15 +18,9 @@ spec:
     name: in-cluster
     namespace: gitea
   sources:
-    - repoURL: https://edp.buildth.ing/DevFW-CICD/forgejo-helm.git
+    - repoURL: https://code.forgejo.org/forgejo-helm/forgejo-helm.git
       path: .
-      # first check out the desired version (example v9.0.0): https://code.forgejo.org/forgejo-helm/forgejo-helm/src/tag/v9.0.0/Chart.yaml
+      targetRevision: v12.0.0
-      # (note that the chart version is not the same as the forgejo application version, which is specified in the above Chart.yaml file)
-      # then use the devops pipeline and select development, forgejo and the desired version (example v9.0.0):
-      # https://edp.buildth.ing/DevFW-CICD/devops-pipelines/actions?workflow=update-helm-depends.yaml&actor=0&status=0
-      # finally update the desired version here and include "-depends", it is created by the devops pipeline. 
-      # why do we have an added "-depends" tag? it resolves rate limitings when downloading helm OCI dependencies
-      targetRevision: v12.0.0-depends
       helm:
         valueFiles:
           - $values/otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/values.yaml

otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml

@@ -0,0 +1,79 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+spec:
+  schedule: "0 1 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: rclone
+            image: rclone/rclone:1.70
+            imagePullPolicy: IfNotPresent
+            env:
+            - name: SOURCE_BUCKET
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: bucket-name
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: access-key
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-cloud-credentials
+                  key: secret-key
+            volumeMounts:
+            - name: rclone-config
+              mountPath: /config/rclone
+              readOnly: true
+            - name: backup-dir
+              mountPath: /backup
+              readOnly: false
+            command:
+            - /bin/sh
+            - -c
+            - |
+              rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum
+          restartPolicy: OnFailure
+          volumes:
+          - name: rclone-config
+            secret:
+              secretName: forgejo-s3-backup
+          - name: backup-dir
+            persistentVolumeClaim:
+              claimName: s3-backup
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: s3-backup
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-s3-backup
+  namespace: gitea
+type: Opaque
+stringData:
+  rclone.conf: |
+    [source]
+    type = s3
+    provider = HuaweiOBS
+    env_auth = true
+    endpoint = obs.eu-de.otc.t-systems.com
+    region = eu-de
+    acl = private

otc/forgejo-test.t09.de/stacks/forgejo/forgejo-server/values.yaml

@@ -1,4 +1,4 @@
-# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. 
+# This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. 
 strategy:
   type: Recreate
 
@@ -17,8 +17,10 @@ postgresql-ha:
 persistence:
   enabled: true
   size: 200Gi
+  storageClass: csi-disk
   annotations:
     everest.io/crypt-key-id: b0e0a24d-d5a6-4a16-b745-8af2ed8bf46d
+    everest.io/disk-volume-type: GPSSD
 
 test:
   enabled: false
@@ -121,7 +123,7 @@ gitea:
       MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443
       STORAGE_TYPE: minio
       MINIO_LOCATION: eu-de
-      MINIO_BUCKET: edp-forgejo-forgejo-test
+      MINIO_BUCKET: "edp-forgejo-forgejo-test"
       MINIO_USE_SSL: true
 
     queue:
@@ -136,6 +138,7 @@ gitea:
 
     service:
       DISABLE_REGISTRATION: true
+      ENABLE_NOTIFY_MAIL: true
 
     other:
       SHOW_FOOTER_VERSION: false

otc/forgejo-test.t09.de/stacks/observability/victoria-k8s-stack/values.yaml

@@ -536,108 +536,29 @@ alertmanager:
   # If you're migrating existing config, please make sure that `.Values.alertmanager.config`:
   # - with `useManagedConfig: false` has structure described [here](https://prometheus.io/docs/alerting/latest/configuration/).
   # - with `useManagedConfig: true` has structure described [here](https://docs.victoriametrics.com/operator/api/#vmalertmanagerconfig).
-  useManagedConfig: false
+  useManagedConfig: true
   # -- (object) Alertmanager configuration
   config:
     route:
-      receiver: "blackhole"
+      receiver: "outlook"
-    #   group_by: ["alertgroup", "job"]
+      routes: 
-    #   group_wait: 30s
+        - matchers:
-    #   group_interval: 5m
+            - alertname=~".*"
-    #   repeat_interval: 12h
+          receiver: outlook
-    #   routes:
-    #
-    #     # Duplicate code_owner routes to teams
-    #     # These will send alerts to team channels but continue
-    #     # processing through the rest of the tree to handled by on-call
-    #     - matchers:
-    #         - code_owner_channel!=""
-    #         - severity=~"info|warning|critical"
-    #       group_by: ["code_owner_channel", "alertgroup", "job"]
-    #       receiver: slack-code-owners
-    #
-    #     # Standard on-call routes
-    #     - matchers:
-    #         - severity=~"info|warning|critical"
-    #       receiver: slack-monitoring
-    #       continue: true
-    #
-    # inhibit_rules:
-    #   - target_matchers:
-    #       - severity=~"warning|info"
-    #     source_matchers:
-    #       - severity=critical
-    #     equal:
-    #       - cluster
-    #       - namespace
-    #       - alertname
-    #   - target_matchers:
-    #       - severity=info
-    #     source_matchers:
-    #       - severity=warning
-    #     equal:
-    #       - cluster
-    #       - namespace
-    #       - alertname
-    #   - target_matchers:
-    #       - severity=info
-    #     source_matchers:
-    #       - alertname=InfoInhibitor
-    #     equal:
-    #       - cluster
-    #       - namespace
-
     receivers:
-      - name: blackhole
+      - name: outlook
-    # - name: "slack-monitoring"
+        email_configs:
-    #   slack_configs:
+          - smarthost: 'mail.mms-support.de:465'
-    #     - channel: "#channel"
+            auth_username: 'ipcei-cis-devfw@mms-support.de'
-    #       send_resolved: true
+            auth_password: 
-    #       title: '{{ template "slack.monzo.title" . }}'
+              name: email-user-credentials
-    #       icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}'
+              key: connection-string
-    #       color: '{{ template "slack.monzo.color" . }}'
+            from: '"IPCEI CIS DevFW" <ipcei-cis-devfw@mms-support.de>'
-    #       text: '{{ template "slack.monzo.text" . }}'
+            to: 'f9f9953a.mg.telekom.de@de.teams.ms'
-    #       actions:
+            headers:
-    #         - type: button
+              subject: 'Grafana Mail Alerts'
-    #           text: "Runbook :green_book:"
+            require_tls: false
-    #           url: "{{ (index .Alerts 0).Annotations.runbook_url }}"
+
-    #         - type: button
-    #           text: "Query :mag:"
-    #           url: "{{ (index .Alerts 0).GeneratorURL }}"
-    #         - type: button
-    #           text: "Dashboard :grafana:"
-    #           url: "{{ (index .Alerts 0).Annotations.dashboard }}"
-    #         - type: button
-    #           text: "Silence :no_bell:"
-    #           url: '{{ template "__alert_silence_link" . }}'
-    #         - type: button
-    #           text: '{{ template "slack.monzo.link_button_text" . }}'
-    #           url: "{{ .CommonAnnotations.link_url }}"
-    # - name: slack-code-owners
-    #   slack_configs:
-    #     - channel: "#{{ .CommonLabels.code_owner_channel }}"
-    #       send_resolved: true
-    #       title: '{{ template "slack.monzo.title" . }}'
-    #       icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}'
-    #       color: '{{ template "slack.monzo.color" . }}'
-    #       text: '{{ template "slack.monzo.text" . }}'
-    #       actions:
-    #         - type: button
-    #           text: "Runbook :green_book:"
-    #           url: "{{ (index .Alerts 0).Annotations.runbook }}"
-    #         - type: button
-    #           text: "Query :mag:"
-    #           url: "{{ (index .Alerts 0).GeneratorURL }}"
-    #         - type: button
-    #           text: "Dashboard :grafana:"
-    #           url: "{{ (index .Alerts 0).Annotations.dashboard }}"
-    #         - type: button
-    #           text: "Silence :no_bell:"
-    #           url: '{{ template "__alert_silence_link" . }}'
-    #         - type: button
-    #           text: '{{ template "slack.monzo.link_button_text" . }}'
-    #           url: "{{ .CommonAnnotations.link_url }}"
-    #
   # -- Better alert templates for [slack source](https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512)
   monzoTemplate:
     enabled: true

otc/forgejo-test.t09.de/stacks/otc/ingress-nginx.yaml

@@ -18,9 +18,9 @@ spec:
     name: in-cluster
     namespace: ingress-nginx
   sources:
-    - repoURL: https://edp.buildth.ing/DevFW-CICD/ingress-nginx-helm.git
+    - repoURL: https://github.com/kubernetes/ingress-nginx.git
       path: charts/ingress-nginx
-      targetRevision: helm-chart-4.12.1-depends
+      targetRevision: helm-chart-4.12.1
       helm:
         valueFiles:
           - $values/otc/forgejo-test.t09.de/stacks/otc/ingress-nginx/values.yaml