Automated upload for benchmark.t09.de

2026-05-18 10:02:58 +00:00 · 2026-05-18 10:02:58 +00:00 · f2747ece68
commit f2747ece68
parent 75e4a2384b
13 changed files with 246 additions and 11 deletions
--- a/otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook.yaml
+++ b/otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook.yaml
@ -0,0 +1,29 @@
+# Optional: GitLab CI integration
+# Only hydrate this app for clusters that run GitLab Runner.
+# For Forgejo/GitHub-only deployments, omit this app from stacks-instances.
+# See: ci-sizer/docs/deployment-modes.md
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitlab-sizer-webhook
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: -1
+  destination:
+    name: in-cluster
+    namespace: ci-sizer
+  source:
+    repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances
+    targetRevision: HEAD
+    path: "otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook"
--- a/otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook/certificates.yaml
+++ b/otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook/certificates.yaml
@ -0,0 +1,27 @@
+# Self-signed Issuer for webhook TLS.
+# For production, replace with a ClusterIssuer backed by a real CA.
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+# cert-manager Certificate for the webhook TLS.
+# The resulting Secret (gitlab-sizer-webhook-tls) is mounted into the webhook pod.
+# cert-manager also injects the CA into the MutatingWebhookConfiguration via the
+# cert-manager.io/inject-ca-from annotation.
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitlab-sizer-webhook-cert
+spec:
+  secretName: gitlab-sizer-webhook-tls
+  issuerRef:
+    name: selfsigned-issuer
+    kind: Issuer
+  dnsNames:
+    - gitlab-sizer-webhook.ci-sizer.svc
+    - gitlab-sizer-webhook.ci-sizer.svc.cluster.local
+  duration: 8760h
+  renewBefore: 720h
--- a/otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook/deployment.yaml
+++ b/otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook/deployment.yaml
@ -0,0 +1,141 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitlab-sizer-webhook
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gitlab-sizer-webhook
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitlab-sizer-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gitlab-sizer-webhook
+subjects:
+  - kind: ServiceAccount
+    name: gitlab-sizer-webhook
+    namespace: ci-sizer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitlab-sizer-webhook
+  labels:
+    app: gitlab-sizer-webhook
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: gitlab-sizer-webhook
+  template:
+    metadata:
+      labels:
+        app: gitlab-sizer-webhook
+    spec:
+      serviceAccountName: gitlab-sizer-webhook
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        runAsGroup: 65534
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: webhook
+          image: edp.buildth.ing/devfw-cicd/gitlab-webhook-edge-connect:latest
+          imagePullPolicy: Always
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+                - ALL
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+          args:
+            - --listen-addr=:8443
+            - --tls-cert-file=/etc/webhook/tls/tls.crt
+            - --tls-key-file=/etc/webhook/tls/tls.key
+            - --sizer-url=http://sizer-receiver.ci-sizer.svc:8080
+            - --sizer-sidecar-image=edp.buildth.ing/devfw-cicd/ci-sizer-collector:latest
+          env:
+            - name: WEBHOOK_SIZER_READ_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: gitlab-sizer-webhook-tokens
+                  key: sizer-read-token
+            - name: WEBHOOK_SIZER_PUSH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: gitlab-sizer-webhook-tokens
+                  key: sizer-push-token
+            - name: HTTP_PROXY
+              valueFrom:
+                configMapKeyRef:
+                  name: gitlab-sizer-webhook-config
+                  key: HTTP_PROXY
+                  optional: true
+            - name: HTTPS_PROXY
+              valueFrom:
+                configMapKeyRef:
+                  name: gitlab-sizer-webhook-config
+                  key: HTTPS_PROXY
+                  optional: true
+            - name: NO_PROXY
+              valueFrom:
+                configMapKeyRef:
+                  name: gitlab-sizer-webhook-config
+                  key: NO_PROXY
+                  optional: true
+          volumeMounts:
+            - name: webhook-tls
+              mountPath: /etc/webhook/tls
+              readOnly: true
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8443
+              scheme: HTTPS
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8443
+              scheme: HTTPS
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 200m
+              memory: 128Mi
+      volumes:
+        - name: webhook-tls
+          secret:
+            secretName: gitlab-sizer-webhook-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitlab-sizer-webhook
+  labels:
+    app: gitlab-sizer-webhook
+spec:
+  selector:
+    app: gitlab-sizer-webhook
+  ports:
+    - port: 443
+      targetPort: 8443
+      protocol: TCP
--- a/otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook/webhook-config.yaml
+++ b/otc/benchmark.t09.de/stacks/ci-sizer/gitlab-webhook/webhook-config.yaml
@ -0,0 +1,30 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: gitlab-sizer-webhook
+  annotations:
+    cert-manager.io/inject-ca-from: ci-sizer/gitlab-sizer-webhook-cert
+webhooks:
+  - name: gitlab-sizer-webhook.ci-sizer.svc
+    admissionReviewVersions: ["v1"]
+    sideEffects: NoneOnDryRun
+    failurePolicy: Ignore
+    timeoutSeconds: 5
+    reinvocationPolicy: Never
+    clientConfig:
+      service:
+        name: gitlab-sizer-webhook
+        namespace: ci-sizer
+        path: /mutate
+    rules:
+      - apiGroups: [""]
+        apiVersions: ["v1"]
+        operations: ["CREATE"]
+        resources: ["pods"]
+    namespaceSelector:
+      matchLabels:
+        ci-sizer.devfw.io/watch: "true"
+    objectSelector:
+      matchExpressions:
+        - key: job.runner.gitlab.com/pod
+          operator: Exists
--- a/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver.yaml
+++ b/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver.yaml
@ -1,3 +1,7 @@
+# Required: CI Sizer receiver
+# Always deploy this — it stores metrics and computes sizing recommendations.
+# Works standalone or with GARM (Forgejo/GitHub) and/or GitLab webhook.
+# See: ci-sizer/docs/deployment-modes.md
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
--- a/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver/deployment.yaml
+++ b/otc/benchmark.t09.de/stacks/ci-sizer/sizer-receiver/deployment.yaml
@ -40,7 +40,7 @@ spec:
                  name: sizer-tokens
                  key: hmac-key
            - name: GARM_URL
-              value: "http://garm.garm.svc.cluster.local:80"
+              value: "http://garm.garm.svc:80"
            - name: GARM_USER
              value: "admin"
            - name: GARM_PASSWORD
@ -62,7 +62,7 @@ spec:
            - name: RECEIVER_SESSION_TTL
              value: "12h"
            - name: RECEIVER_ALLOWED_ORG
-              value: "DevFW-CICD"
+              value: "giteaAdmin"
            - name: RECEIVER_CPU_SIZING_MODE
              value: "observe"
            - name: RECEIVER_MEMORY_QOS
--- a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
+++ b/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
@ -65,7 +65,7 @@ metadata:
  namespace: gitea
  annotations:
    everest.io/disk-volume-type: GPSSD
-    everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3
+    everest.io/crypt-key-id: fc9a8e53-1853-4903-b500-7a67dd1a8566
 spec:
  storageClassName: csi-disk
  accessModes:
--- a/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/values.yaml
+++ b/otc/benchmark.t09.de/stacks/forgejo/forgejo-server/values.yaml
@ -20,7 +20,7 @@ persistence:
  size: 200Gi
  storageClass: csi-disk
  annotations:
-    everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3
+    everest.io/crypt-key-id: fc9a8e53-1853-4903-b500-7a67dd1a8566
    everest.io/disk-volume-type: GPSSD

 test:
@ -170,7 +170,7 @@ service:
    nodePort: 32222
    externalTrafficPolicy: Cluster
    annotations:
-      kubernetes.io/elb.id: 5ee936a2-6308-4924-9fdf-0256cbdf3baa
+      kubernetes.io/elb.id: 1fb3ccb7-ae1c-4787-a743-6a620978ec8d

 image:
  pullPolicy: "IfNotPresent"
@ -178,6 +178,6 @@ image:
  #tag: "8.0.3"
  # Adds -rootless suffix to image name
  # rootless: true
-  fullOverride: edp.buildth.ing/devfw-cicd/edp-forgejo:14.0.2-edp1-rootless
+  fullOverride: edp.buildth.ing/devfw-cicd/edp-forgejo:workflow-webhook-20260305

 forgejo: {}
--- a/otc/benchmark.t09.de/stacks/garm/garm.yaml
+++ b/otc/benchmark.t09.de/stacks/garm/garm.yaml
@ -1,3 +1,7 @@
+# Default: Forgejo/GitHub Actions runner manager
+# Deploys GARM with the ci-sizer provider for automatic sizing + collector injection.
+# For GitLab-only deployments, omit this and use gitlab-webhook instead.
+# See: ci-sizer/docs/deployment-modes.md
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
--- a/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
+++ b/otc/benchmark.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
@ -9,7 +9,7 @@ spec:
    metadata:
      annotations:
        everest.io/disk-volume-type: GPSSD
-        everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3
+        everest.io/crypt-key-id: fc9a8e53-1853-4903-b500-7a67dd1a8566
    spec:
      storageClassName: csi-disk
      accessModes:
--- a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
+++ b/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
@ -8,7 +8,7 @@ spec:
  removePvcAfterDelete: true
  storageMetadata:
    annotations:
-      everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3
+      everest.io/crypt-key-id: fc9a8e53-1853-4903-b500-7a67dd1a8566
      everest.io/disk-volume-type: GPSSD
  storage:
    storageClassName: csi-disk
--- a/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/values.yaml
+++ b/otc/benchmark.t09.de/stacks/observability/victoria-k8s-stack/values.yaml
@ -288,7 +288,7 @@ vmsingle:
    extraArgs: {}
    storageMetadata:
      annotations:
-        everest.io/crypt-key-id: 71ebef9e-5575-4b05-a597-ee1f67c911e3
+        everest.io/crypt-key-id: fc9a8e53-1853-4903-b500-7a67dd1a8566
        everest.io/disk-volume-type: GPSSD
    storage:
      storageClassName: csi-disk
--- a/otc/benchmark.t09.de/stacks/otc/ingress-nginx/values.yaml
+++ b/otc/benchmark.t09.de/stacks/otc/ingress-nginx/values.yaml
@ -8,8 +8,8 @@ controller:
    annotations:
      kubernetes.io/elb.class: union
      kubernetes.io/elb.port: '80'
-      kubernetes.io/elb.id: 5ee936a2-6308-4924-9fdf-0256cbdf3baa
-      kubernetes.io/elb.ip: 80.158.90.69
+      kubernetes.io/elb.id: 1fb3ccb7-ae1c-4787-a743-6a620978ec8d
+      kubernetes.io/elb.ip: 164.30.4.5

  ingressClassResource:
    name: nginx