diff --git a/template/registry/ci-sizer.yaml b/template/registry/ci-sizer.yaml deleted file mode 100644 index ce415d6..0000000 --- a/template/registry/ci-sizer.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: ci-sizer-reg - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - name: in-cluster - namespace: argocd - source: - path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/ci-sizer" - repoURL: "https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}" - targetRevision: HEAD - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/template/stacks/ci-sizer/gitlab-webhook.yaml b/template/stacks/ci-sizer/gitlab-webhook.yaml deleted file mode 100644 index c92cae5..0000000 --- a/template/stacks/ci-sizer/gitlab-webhook.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Optional: GitLab CI integration -# Only hydrate this app for clusters that run GitLab Runner. -# For Forgejo/GitHub-only deployments, omit this app from stacks-instances. -# See: ci-sizer/docs/deployment-modes.md -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: gitlab-sizer-webhook - namespace: argocd - labels: - env: dev - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - syncPolicy: - automated: - selfHeal: true - syncOptions: - - CreateNamespace=true - retry: - limit: -1 - destination: - name: in-cluster - namespace: ci-sizer - source: - repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}} - targetRevision: HEAD - path: "{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/ci-sizer/gitlab-webhook" diff --git a/template/stacks/ci-sizer/gitlab-webhook/certificates.yaml b/template/stacks/ci-sizer/gitlab-webhook/certificates.yaml deleted file mode 100644 index ee1fece..0000000 --- a/template/stacks/ci-sizer/gitlab-webhook/certificates.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Self-signed Issuer for webhook TLS. -# For production, replace with a ClusterIssuer backed by a real CA. -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} ---- -# cert-manager Certificate for the webhook TLS. -# The resulting Secret (gitlab-sizer-webhook-tls) is mounted into the webhook pod. -# cert-manager also injects the CA into the MutatingWebhookConfiguration via the -# cert-manager.io/inject-ca-from annotation. -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: gitlab-sizer-webhook-cert -spec: - secretName: gitlab-sizer-webhook-tls - issuerRef: - name: selfsigned-issuer - kind: Issuer - dnsNames: - - gitlab-sizer-webhook.ci-sizer.svc - - gitlab-sizer-webhook.ci-sizer.svc.cluster.local - duration: 8760h - renewBefore: 720h diff --git a/template/stacks/ci-sizer/gitlab-webhook/deployment.yaml b/template/stacks/ci-sizer/gitlab-webhook/deployment.yaml deleted file mode 100644 index 0b99859..0000000 --- a/template/stacks/ci-sizer/gitlab-webhook/deployment.yaml +++ /dev/null @@ -1,141 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitlab-sizer-webhook ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: gitlab-sizer-webhook -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: gitlab-sizer-webhook -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gitlab-sizer-webhook -subjects: - - kind: ServiceAccount - name: gitlab-sizer-webhook - namespace: ci-sizer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitlab-sizer-webhook - labels: - app: gitlab-sizer-webhook -spec: - replicas: 2 - selector: - matchLabels: - app: gitlab-sizer-webhook - template: - metadata: - labels: - app: gitlab-sizer-webhook - spec: - serviceAccountName: gitlab-sizer-webhook - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - seccompProfile: - type: RuntimeDefault - containers: - - name: webhook - image: edp.buildth.ing/devfw-cicd/gitlab-webhook-edge-connect:latest - imagePullPolicy: Always - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - ports: - - containerPort: 8443 - protocol: TCP - args: - - --listen-addr=:8443 - - --tls-cert-file=/etc/webhook/tls/tls.crt - - --tls-key-file=/etc/webhook/tls/tls.key - - --sizer-url=http://sizer-receiver.ci-sizer.svc:8080 - - --sizer-sidecar-image=edp.buildth.ing/devfw-cicd/ci-sizer-collector:latest - env: - - name: WEBHOOK_SIZER_READ_TOKEN - valueFrom: - secretKeyRef: - name: gitlab-sizer-webhook-tokens - key: sizer-read-token - - name: WEBHOOK_SIZER_PUSH_TOKEN - valueFrom: - secretKeyRef: - name: gitlab-sizer-webhook-tokens - key: sizer-push-token - - name: HTTP_PROXY - valueFrom: - configMapKeyRef: - name: gitlab-sizer-webhook-config - key: HTTP_PROXY - optional: true - - name: HTTPS_PROXY - valueFrom: - configMapKeyRef: - name: gitlab-sizer-webhook-config - key: HTTPS_PROXY - optional: true - - name: NO_PROXY - valueFrom: - configMapKeyRef: - name: gitlab-sizer-webhook-config - key: NO_PROXY - optional: true - volumeMounts: - - name: webhook-tls - mountPath: /etc/webhook/tls - readOnly: true - livenessProbe: - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 200m - memory: 128Mi - volumes: - - name: webhook-tls - secret: - secretName: gitlab-sizer-webhook-tls ---- -apiVersion: v1 -kind: Service -metadata: - name: gitlab-sizer-webhook - labels: - app: gitlab-sizer-webhook -spec: - selector: - app: gitlab-sizer-webhook - ports: - - port: 443 - targetPort: 8443 - protocol: TCP diff --git a/template/stacks/ci-sizer/gitlab-webhook/webhook-config.yaml b/template/stacks/ci-sizer/gitlab-webhook/webhook-config.yaml deleted file mode 100644 index 72aea4a..0000000 --- a/template/stacks/ci-sizer/gitlab-webhook/webhook-config.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: gitlab-sizer-webhook - annotations: - cert-manager.io/inject-ca-from: ci-sizer/gitlab-sizer-webhook-cert -webhooks: - - name: gitlab-sizer-webhook.ci-sizer.svc - admissionReviewVersions: ["v1"] - sideEffects: NoneOnDryRun - failurePolicy: Ignore - timeoutSeconds: 5 - reinvocationPolicy: Never - clientConfig: - service: - name: gitlab-sizer-webhook - namespace: ci-sizer - path: /mutate - rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - namespaceSelector: - matchLabels: - ci-sizer.devfw.io/watch: "true" - objectSelector: - matchExpressions: - - key: job.runner.gitlab.com/pod - operator: Exists diff --git a/template/stacks/ci-sizer/sizer-receiver.yaml b/template/stacks/ci-sizer/sizer-receiver.yaml index 1fc7279..cd36a47 100644 --- a/template/stacks/ci-sizer/sizer-receiver.yaml +++ b/template/stacks/ci-sizer/sizer-receiver.yaml @@ -1,7 +1,3 @@ -# Required: CI Sizer receiver -# Always deploy this — it stores metrics and computes sizing recommendations. -# Works standalone or with GARM (Forgejo/GitHub) and/or GitLab webhook. -# See: ci-sizer/docs/deployment-modes.md apiVersion: argoproj.io/v1alpha1 kind: Application metadata: diff --git a/template/stacks/ci-sizer/sizer-receiver/deployment.yaml b/template/stacks/ci-sizer/sizer-receiver/deployment.yaml index 91d0bce..6e0e000 100644 --- a/template/stacks/ci-sizer/sizer-receiver/deployment.yaml +++ b/template/stacks/ci-sizer/sizer-receiver/deployment.yaml @@ -39,9 +39,8 @@ spec: secretKeyRef: name: sizer-tokens key: hmac-key -{{{- if index .Env "DOMAIN_GITEA" }}} - name: GARM_URL - value: "http://garm.garm.svc:80" + value: "http://garm.garm.svc.cluster.local:80" - name: GARM_USER value: "admin" - name: GARM_PASSWORD @@ -49,7 +48,6 @@ spec: secretKeyRef: name: garm-fixed-credentials key: admin_password - {{{- end }}} - name: RECEIVER_OIDC_ISSUER value: "https://dex.{{{ .Env.DOMAIN }}}" - name: RECEIVER_OIDC_CLIENT_ID @@ -64,7 +62,7 @@ spec: - name: RECEIVER_SESSION_TTL value: "12h" - name: RECEIVER_ALLOWED_ORG - value: "{{{ getenv "SIZER_ALLOWED_ORG" "DevFW-CICD" }}}" + value: "{{{ .Env.SIZER_ALLOWED_ORG }}}" - name: RECEIVER_CPU_SIZING_MODE value: "observe" - name: RECEIVER_MEMORY_QOS diff --git a/template/stacks/core/dex/values.yaml b/template/stacks/core/dex/values.yaml index 1802203..c6f8b1c 100644 --- a/template/stacks/core/dex/values.yaml +++ b/template/stacks/core/dex/values.yaml @@ -34,11 +34,6 @@ envVars: secretKeyRef: name: dex-argo-client key: clientSecret - - name: FORGEJO_RUNNER_SIZER_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: dex-sizer-client - key: clientSecret - name: LOG_LEVEL value: debug @@ -79,8 +74,3 @@ config: - "https://{{{ .Env.DOMAIN_GRAFANA }}}/login/generic_oauth" name: "Grafana" secretEnv: "OIDC_DEX_GRAFANA_CLIENT_SECRET" - - id: ci-sizer - name: "CI Sizer" - redirectURIs: - - "https://sizer.{{{ .Env.DOMAIN }}}/ui/callback" - secretEnv: "FORGEJO_RUNNER_SIZER_CLIENT_SECRET" diff --git a/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml b/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml index 5037aec..3d77021 100644 --- a/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml +++ b/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml @@ -72,7 +72,7 @@ spec: - ReadWriteOnce resources: requests: - storage: 500Gi + storage: 100Gi --- apiVersion: v1 kind: Secret diff --git a/template/stacks/garm/garm.yaml b/template/stacks/garm/garm.yaml index 695e1b4..b643346 100644 --- a/template/stacks/garm/garm.yaml +++ b/template/stacks/garm/garm.yaml @@ -1,7 +1,3 @@ -# Default: Forgejo/GitHub Actions runner manager -# Deploys GARM with the ci-sizer provider for automatic sizing + collector injection. -# For GitLab-only deployments, omit this and use gitlab-webhook instead. -# See: ci-sizer/docs/deployment-modes.md apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -24,7 +20,7 @@ spec: sources: - repoURL: https://edp.buildth.ing/DevFW-CICD/garm-helm path: charts/garm - targetRevision: v0.0.16 + targetRevision: v0.0.15 helm: valueFiles: - $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/garm/garm/values.yaml diff --git a/template/stacks/garm/garm/values.yaml b/template/stacks/garm/garm/values.yaml index 887519d..f25d10a 100644 --- a/template/stacks/garm/garm/values.yaml +++ b/template/stacks/garm/garm/values.yaml @@ -26,7 +26,7 @@ credentials: image: repository: {{{ .Env.CLIENT_REPO_DOMAIN }}}/devfw-cicd/garm-forgejo - tag: v0.1.7-forgejo-23 + tag: v0.1.7-forgejo-22 providerConfig: edgeConnect: