add agola
This commit is contained in:
parent
042a665401
commit
688d098c55
18
flake.lock
18
flake.lock
|
@ -167,11 +167,11 @@
|
|||
"utils": "utils_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1653182293,
|
||||
"narHash": "sha256-eLl3PHCzpX8eFES+S9WrC8jGhWjczbTvWAPMeuJOd4s=",
|
||||
"lastModified": 1653372067,
|
||||
"narHash": "sha256-1+fD3EHTbUSoKcabe9WadVe9fFnG5f2ODWC+WpR8exc=",
|
||||
"owner": "jyooru",
|
||||
"repo": "nix-minecraft-servers",
|
||||
"rev": "f09d761e4063e9158555817d03b0f2a7f2bff709",
|
||||
"rev": "6008e29999eb32bd7880ae53e13f83d9181f04bb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -218,11 +218,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1653052942,
|
||||
"narHash": "sha256-Dt0jodCSLHVqE7yVxIoX1q4jA5uAWbVJHnaDa8HkJ4A=",
|
||||
"lastModified": 1653427793,
|
||||
"narHash": "sha256-h6y/I5O/QTawjny6GfovRSUbaEAvswfRXFMuOhVYwBQ=",
|
||||
"owner": "NULLx76",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3c55de3b23f016898219cf6b02dd5ef365898023",
|
||||
"rev": "bef8053f86b8702d57601972f782186b7269db69",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -285,11 +285,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1653109065,
|
||||
"narHash": "sha256-E4kflprq80xWtt/ApTP0lAyi4oryFV/FI53S+VmiI0Q=",
|
||||
"lastModified": 1653404524,
|
||||
"narHash": "sha256-Mu3qgXABzAM9T+4dWmV3OOYFydxv28al7cTdiUK6h3s=",
|
||||
"owner": "serokell",
|
||||
"repo": "serokell.nix",
|
||||
"rev": "bbccb5df8013b1bd86b8445bd8e39c396a0521cc",
|
||||
"rev": "3b39a9000c7652cf7693b70c13c7e1564b0cf333",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
83
flux/cluster/apps/gitops/agola/configmap.yaml
Normal file
83
flux/cluster/apps/gitops/agola/configmap.yaml
Normal file
|
@ -0,0 +1,83 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: agola
|
||||
namespace: gitops
|
||||
data:
|
||||
config.yml: |
|
||||
gateway:
|
||||
# The api url that clients will call
|
||||
# Change this to the exposed "agola" service IP
|
||||
apiExposedURL: "https://agola.0x76.dev"
|
||||
# The web interface url that clients will use
|
||||
# Change this to the exposed "agola" service IP
|
||||
webExposedURL: "https://agola.0x76.dev"
|
||||
|
||||
runserviceURL: "http://agola-internal:4000"
|
||||
configstoreURL: "http://agola-internal:4002"
|
||||
gitserverURL: "http://agola-internal:4003"
|
||||
web:
|
||||
listenAddress: ":8000"
|
||||
tokenSigning:
|
||||
# hmac or rsa (it possible use rsa)
|
||||
method: hmac
|
||||
# key to use when signing with hmac
|
||||
key: $SIGNING_KEY
|
||||
adminToken: "$ADMIN_TOKEN"
|
||||
|
||||
scheduler:
|
||||
runserviceURL: "http://agola-internal:4000"
|
||||
|
||||
notification:
|
||||
webExposedURL: "https://agola.0x76.dev"
|
||||
runserviceURL: "http://agola-internal:4000"
|
||||
configstoreURL: "http://agola-internal:4002"
|
||||
db:
|
||||
type: postgres
|
||||
connString: "postgres://agola_notif@database/agola_notif?sslmode=disable"
|
||||
|
||||
configstore:
|
||||
dataDir: /mnt/agola/local/configstore
|
||||
db:
|
||||
type: postgres
|
||||
connString: "postgres://agola_config@database/agola_config?sslmode=disable"
|
||||
objectStorage:
|
||||
type: s3
|
||||
endpoint: "http://minio:9000"
|
||||
bucket: agola-configstore
|
||||
accessKey: $MINIO_ACCESS_KEY
|
||||
secretAccessKey: $MINIO_SECRET_ACCESS_KEY
|
||||
web:
|
||||
listenAddress: ":4002"
|
||||
|
||||
runservice:
|
||||
#debug: true
|
||||
dataDir: /mnt/agola/local/runservice
|
||||
db:
|
||||
type: postgres
|
||||
connString: "postgres://agola_runservice@database/agola_runservice?sslmode=disable"
|
||||
objectStorage:
|
||||
type: s3
|
||||
endpoint: "http://minio:9000"
|
||||
bucket: agola-runservice
|
||||
accessKey: $MINIO_ACCESS_KEY
|
||||
secretAccessKey: $MINIO_SECRET_ACCESS_KEY
|
||||
web:
|
||||
listenAddress: ":4000"
|
||||
|
||||
executor:
|
||||
dataDir: /mnt/agola/local/executor
|
||||
# The directory containing the toolbox compiled for the various supported architectures
|
||||
toolboxPath: ./bin
|
||||
runserviceURL: "http://agola-internal:4000"
|
||||
web:
|
||||
listenAddress: ":4001"
|
||||
activeTasksLimit: 2
|
||||
driver:
|
||||
type: kubernetes
|
||||
|
||||
gitserver:
|
||||
dataDir: /mnt/agola/local/gitserver
|
||||
gatewayURL: "http://agola-internal:8000"
|
||||
web:
|
||||
listenAddress: ":4003"
|
53
flux/cluster/apps/gitops/agola/deployment.yaml
Normal file
53
flux/cluster/apps/gitops/agola/deployment.yaml
Normal file
|
@ -0,0 +1,53 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: agola
|
||||
namespace: gitops
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: agola
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: agola
|
||||
spec:
|
||||
initContainers:
|
||||
- name: config
|
||||
image: 0x76/envsubst
|
||||
args: ["sh", "-c", "cat /mnt/agola/config/config.yml | envsubst > /mnt/agola/local/config.yml"]
|
||||
volumeMounts:
|
||||
- mountPath: /mnt/agola/local
|
||||
name: agola-localdata
|
||||
- mountPath: /mnt/agola/config
|
||||
name: config-volume
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: agola
|
||||
containers:
|
||||
- name: agola
|
||||
image: sorintlab/agola:v0.7.0
|
||||
command:
|
||||
- /bin/agola
|
||||
- serve
|
||||
- "--config"
|
||||
- /mnt/agola/local/config.yml
|
||||
- "--components"
|
||||
- all-base,executor
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
- containerPort: 4000
|
||||
- containerPort: 4002
|
||||
- containerPort: 4003
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /mnt/agola/config
|
||||
- name: agola-localdata
|
||||
mountPath: /mnt/agola/local
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: agola
|
||||
- name: agola-localdata
|
||||
emptyDir: {}
|
30
flux/cluster/apps/gitops/agola/external-secret.yaml
Normal file
30
flux/cluster/apps/gitops/agola/external-secret.yaml
Normal file
|
@ -0,0 +1,30 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: agola
|
||||
namespace: gitops
|
||||
spec:
|
||||
refreshInterval: "5m"
|
||||
secretStoreRef:
|
||||
name: vault
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: authentik
|
||||
data:
|
||||
- secretKey: ADMIN_TOKEN
|
||||
remoteRef:
|
||||
key: gitops/agola
|
||||
property: admin_token
|
||||
- secretKey: SIGNING_KEY
|
||||
remoteRef:
|
||||
key: gitops/agola
|
||||
property: signing_key
|
||||
- secretKey: MINIO_ACCESS_KEY
|
||||
remoteRef:
|
||||
key: gitops/agola
|
||||
property: minio_access_key
|
||||
- secretKey: MINIO_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
key: gitops/agola
|
||||
property: minio_secret_access_key
|
||||
|
18
flux/cluster/apps/gitops/agola/ingress.yaml
Normal file
18
flux/cluster/apps/gitops/agola/ingress.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: agola
|
||||
namespace: gitops
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
rules:
|
||||
- host: agola.0x76.dev
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: agola
|
||||
port:
|
||||
number: 8000
|
8
flux/cluster/apps/gitops/agola/kustomization.yaml
Normal file
8
flux/cluster/apps/gitops/agola/kustomization.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- configmap.yaml
|
||||
- deployment.yaml
|
||||
- external-secret.yaml
|
||||
- ingress.yaml
|
||||
- services.yaml
|
36
flux/cluster/apps/gitops/agola/services.yaml
Normal file
36
flux/cluster/apps/gitops/agola/services.yaml
Normal file
|
@ -0,0 +1,36 @@
|
|||
# The client service. It's a node port for easier testing on minikube. Change
|
||||
# it to become a LoadBalancer if needed.
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: agola
|
||||
namespace: gitops
|
||||
spec:
|
||||
ports:
|
||||
- port: 8000
|
||||
name: api
|
||||
selector:
|
||||
app: agola
|
||||
---
|
||||
# The service for internal components communication.
|
||||
# We are using an headless service since some k8s deployment doesn't have
|
||||
# hairpin mode enabled and pods cannot communicate with themself via a
|
||||
# service
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: agola-internal
|
||||
namespace: gitops
|
||||
spec:
|
||||
ports:
|
||||
- port: 8000
|
||||
name: api
|
||||
- port: 4000
|
||||
name: runservice
|
||||
- port: 4002
|
||||
name: configstore
|
||||
- port: 4003
|
||||
name: gitserver
|
||||
selector:
|
||||
app: agola
|
||||
clusterIP: None
|
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
resources:
|
||||
- renovate
|
||||
- agola
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
databases = [ "authentik" ];
|
||||
databases = [ "authentik" "agola_notif" "agola_config" "agola_runservice"];
|
||||
|
||||
in
|
||||
{
|
||||
|
|
|
@ -46,10 +46,10 @@ in
|
|||
# Kubernetes endpoints
|
||||
virtualHosts."0x76.dev" = k8s_proxy;
|
||||
virtualHosts."id.0x76.dev" = k8s_proxy;
|
||||
virtualHosts."agola.0x76.dev" = k8s_proxy;
|
||||
virtualHosts."zookeeper.0x76.dev" = k8s_proxy;
|
||||
virtualHosts."wooloofan.club" = k8s_proxy;
|
||||
virtualHosts."whoami.wooloofan.club" = k8s_proxy;
|
||||
|
||||
};
|
||||
|
||||
services.nginx.commonHttpConfig = ''
|
||||
|
|
Loading…
Reference in a new issue