gwg313/homelab-gitops
1
0
Fork 0
mirror of https://github.com/gwg313/homelab-gitops.git synced 2026-06-06 01:01:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

update woodpecker namespace security

Browse source
This commit is contained in:
gwg313 2026-04-24 17:52:12 -04:00
parent cc5b0cf935
commit cebf8d3e22
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
4 changed files with 22 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apps/woodpecker.yaml
View file

@ -8,7 +8,7 @@ spec:
source:
repoURL: https://woodpecker-ci.org/
chart: woodpecker
targetRevision: 3.2.0
targetRevision: 3.5.1
helm:
releaseName: woodpecker
values: "server:\n env:\n WOODPECKER_HOST: \"https://ci.gwg313.xyz\"\n extraSecretNamesForEnvFrom:\n - woodpecker-server-secrets\n persistentVolume:\n enabled: true\n existingClaim: woodpecker-server-pvc5\n\nagent:\n enabled: true\n replicaCount: 1\n extraSecretNamesForEnvFrom:\n - woodpecker-agent-secrets\n env:\n WOODPECKER_SERVER: \"woodpecker-server:9000\"\n WOODPECKER_MAX_WORKFLOWS: \"5\"\n persistence:\n enabled: true\n existingClaim: woodpecker-agent-pvc5\n securityContext:\n privileged: true \n"

6
woodpecker/namespace.yaml
View file

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: woodpecker
labels:
pod-security.kubernetes.io/enforce: "baseline"

23
woodpecker/storage.yaml
View file

@ -7,7 +7,7 @@ spec:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: ""
storageClassName: "iscsi-manual"
persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem
iscsi:
@ -21,6 +21,9 @@ spec:
secretRef:
name: woodpecker-iscsi-auth
namespace: woodpecker
claimRef:
name: woodpecker-agent-pvc5
namespace: woodpecker
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -30,7 +33,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
storageClassName: "iscsi-manual"
volumeName: woodpecker-agent-pv5
resources:
requests:
@ -45,7 +48,7 @@ spec:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: ""
storageClassName: "iscsi-manual"
persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem
iscsi:
@ -59,6 +62,9 @@ spec:
secretRef:
name: woodpecker-iscsi-auth
namespace: woodpecker
claimRef:
name: woodpecker-server-pvc5
namespace: woodpecker
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -68,7 +74,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
storageClassName: "iscsi-manual"
volumeName: woodpecker-server-pv5
resources:
requests:
@ -84,7 +90,7 @@ spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
storageClassName: "iscsi-manual"
persistentVolumeReclaimPolicy: Retain
iscsi:
targetPortal: truenas.local.gwg313.xyz
@ -97,6 +103,9 @@ spec:
secretRef:
name: woodpecker-iscsi-auth
namespace: woodpecker
claimRef:
name: data-woodpecker-server-0
namespace: woodpecker
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -107,8 +116,8 @@ spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: "iscsi-manual"
volumeName: data-woodpecker-server-0
resources:
requests:
storage: 10Gi
volumeName: data-woodpecker-server-0
storageClassName: "" # must match PV

10
woodpecker/woodpecker-cache.yaml
View file

@ -4,14 +4,14 @@ metadata:
name: wp-cache-pv1
spec:
capacity:
storage: 1Gi
storage: 5Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: manual-nfs
nfs:
server: truenas.local.gwg313.xyz
path: /mnt/tank/k8s/democratic/woodpecker-cache
# storageClassName: manual-nfs
# nfs:
# server: truenas.local.gwg313.xyz
# path: /mnt/tank/k8s/democratic/woodpecker-cache
---
apiVersion: v1
kind: PersistentVolumeClaim