v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

add agola

Browse source
This commit is contained in:
Vivian 2022-05-25 12:19:44 +02:00
parent 042a665401
commit 688d098c55
10 changed files with 240 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
flake.lock
View file

@ -167,11 +167,11 @@
"utils": "utils_2"
},
"locked": {
"lastModified": 1653182293,
"narHash": "sha256-eLl3PHCzpX8eFES+S9WrC8jGhWjczbTvWAPMeuJOd4s=",
"lastModified": 1653372067,
"narHash": "sha256-1+fD3EHTbUSoKcabe9WadVe9fFnG5f2ODWC+WpR8exc=",
"owner": "jyooru",
"repo": "nix-minecraft-servers",
"rev": "f09d761e4063e9158555817d03b0f2a7f2bff709",
"rev": "6008e29999eb32bd7880ae53e13f83d9181f04bb",
"type": "github"
},
"original": {
@ -218,11 +218,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1653052942,
"narHash": "sha256-Dt0jodCSLHVqE7yVxIoX1q4jA5uAWbVJHnaDa8HkJ4A=",
"lastModified": 1653427793,
"narHash": "sha256-h6y/I5O/QTawjny6GfovRSUbaEAvswfRXFMuOhVYwBQ=",
"owner": "NULLx76",
"repo": "nixpkgs",
"rev": "3c55de3b23f016898219cf6b02dd5ef365898023",
"rev": "bef8053f86b8702d57601972f782186b7269db69",
"type": "github"
},
"original": {
@ -285,11 +285,11 @@
]
},
"locked": {
"lastModified": 1653109065,
"narHash": "sha256-E4kflprq80xWtt/ApTP0lAyi4oryFV/FI53S+VmiI0Q=",
"lastModified": 1653404524,
"narHash": "sha256-Mu3qgXABzAM9T+4dWmV3OOYFydxv28al7cTdiUK6h3s=",
"owner": "serokell",
"repo": "serokell.nix",
"rev": "bbccb5df8013b1bd86b8445bd8e39c396a0521cc",
"rev": "3b39a9000c7652cf7693b70c13c7e1564b0cf333",
"type": "github"
},
"original": {

83
flux/cluster/apps/gitops/agola/configmap.yaml Normal file
View file

@ -0,0 +1,83 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: agola
namespace: gitops
data:
config.yml: |
gateway:
# The api url that clients will call
# Change this to the exposed "agola" service IP
apiExposedURL: "https://agola.0x76.dev"
# The web interface url that clients will use
# Change this to the exposed "agola" service IP
webExposedURL: "https://agola.0x76.dev"
runserviceURL: "http://agola-internal:4000"
configstoreURL: "http://agola-internal:4002"
gitserverURL: "http://agola-internal:4003"
web:
listenAddress: ":8000"
tokenSigning:
# hmac or rsa (it possible use rsa)
method: hmac
# key to use when signing with hmac
key: $SIGNING_KEY
adminToken: "$ADMIN_TOKEN"
scheduler:
runserviceURL: "http://agola-internal:4000"
notification:
webExposedURL: "https://agola.0x76.dev"
runserviceURL: "http://agola-internal:4000"
configstoreURL: "http://agola-internal:4002"
db:
type: postgres
connString: "postgres://agola_notif@database/agola_notif?sslmode=disable"
configstore:
dataDir: /mnt/agola/local/configstore
db:
type: postgres
connString: "postgres://agola_config@database/agola_config?sslmode=disable"
objectStorage:
type: s3
endpoint: "http://minio:9000"
bucket: agola-configstore
accessKey: $MINIO_ACCESS_KEY
secretAccessKey: $MINIO_SECRET_ACCESS_KEY
web:
listenAddress: ":4002"
runservice:
#debug: true
dataDir: /mnt/agola/local/runservice
db:
type: postgres
connString: "postgres://agola_runservice@database/agola_runservice?sslmode=disable"
objectStorage:
type: s3
endpoint: "http://minio:9000"
bucket: agola-runservice
accessKey: $MINIO_ACCESS_KEY
secretAccessKey: $MINIO_SECRET_ACCESS_KEY
web:
listenAddress: ":4000"
executor:
dataDir: /mnt/agola/local/executor
# The directory containing the toolbox compiled for the various supported architectures
toolboxPath: ./bin
runserviceURL: "http://agola-internal:4000"
web:
listenAddress: ":4001"
activeTasksLimit: 2
driver:
type: kubernetes
gitserver:
dataDir: /mnt/agola/local/gitserver
gatewayURL: "http://agola-internal:8000"
web:
listenAddress: ":4003"

53
flux/cluster/apps/gitops/agola/deployment.yaml Normal file
View file

@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: agola
namespace: gitops
spec:
replicas: 1
selector:
matchLabels:
app: agola
template:
metadata:
labels:
app: agola
spec:
initContainers:
- name: config
image: 0x76/envsubst
args: ["sh", "-c", "cat /mnt/agola/config/config.yml | envsubst > /mnt/agola/local/config.yml"]
volumeMounts:
- mountPath: /mnt/agola/local
name: agola-localdata
- mountPath: /mnt/agola/config
name: config-volume
envFrom:
- secretRef:
name: agola
containers:
- name: agola
image: sorintlab/agola:v0.7.0
command:
- /bin/agola
- serve
- "--config"
- /mnt/agola/local/config.yml
- "--components"
- all-base,executor
ports:
- containerPort: 8000
- containerPort: 4000
- containerPort: 4002
- containerPort: 4003
volumeMounts:
- name: config-volume
mountPath: /mnt/agola/config
- name: agola-localdata
mountPath: /mnt/agola/local
volumes:
- name: config-volume
configMap:
name: agola
- name: agola-localdata
emptyDir: {}

30
flux/cluster/apps/gitops/agola/external-secret.yaml Normal file
View file

@ -0,0 +1,30 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: agola
namespace: gitops
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: authentik
data:
- secretKey: ADMIN_TOKEN
remoteRef:
key: gitops/agola
property: admin_token
- secretKey: SIGNING_KEY
remoteRef:
key: gitops/agola
property: signing_key
- secretKey: MINIO_ACCESS_KEY
remoteRef:
key: gitops/agola
property: minio_access_key
- secretKey: MINIO_SECRET_ACCESS_KEY
remoteRef:
key: gitops/agola
property: minio_secret_access_key

18
flux/cluster/apps/gitops/agola/ingress.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: agola
namespace: gitops
spec:
ingressClassName: traefik
rules:
- host: agola.0x76.dev
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: agola
port:
number: 8000

8
flux/cluster/apps/gitops/agola/kustomization.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- configmap.yaml
- deployment.yaml
- external-secret.yaml
- ingress.yaml
- services.yaml

36
flux/cluster/apps/gitops/agola/services.yaml Normal file
View file

@ -0,0 +1,36 @@
# The client service. It's a node port for easier testing on minikube. Change
# it to become a LoadBalancer if needed.
apiVersion: v1
kind: Service
metadata:
name: agola
namespace: gitops
spec:
ports:
- port: 8000
name: api
selector:
app: agola
---
# The service for internal components communication.
# We are using an headless service since some k8s deployment doesn't have
# hairpin mode enabled and pods cannot communicate with themself via a
# service
apiVersion: v1
kind: Service
metadata:
name: agola-internal
namespace: gitops
spec:
ports:
- port: 8000
name: api
- port: 4000
name: runservice
- port: 4002
name: configstore
- port: 4003
name: gitserver
selector:
app: agola
clusterIP: None

1
flux/cluster/apps/gitops/kustomization.yaml
View file

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- renovate
- agola

2
nixos/hosts/database/configuration.nix
View file

@ -4,7 +4,7 @@
{ config, pkgs, ... }:
let
databases = [ "authentik" ];
databases = [ "authentik" "agola_notif" "agola_config" "agola_runservice"];
in
{

2
nixos/hosts/nginx/configuration.nix
View file

@ -46,10 +46,10 @@ in
# Kubernetes endpoints
virtualHosts."0x76.dev" = k8s_proxy;
virtualHosts."id.0x76.dev" = k8s_proxy;
virtualHosts."agola.0x76.dev" = k8s_proxy;
virtualHosts."zookeeper.0x76.dev" = k8s_proxy;
virtualHosts."wooloofan.club" = k8s_proxy;
virtualHosts."whoami.wooloofan.club" = k8s_proxy;
};
services.nginx.commonHttpConfig = ''