gwg313/homelab-gitops
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update woodpecker namespace security

Browse source
This commit is contained in:
gwg313 2026-04-24 17:52:12 -04:00
parent cc5b0cf935
commit cebf8d3e22
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
4 changed files with 22 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apps/woodpecker.yaml
View file

@ -8,7 +8,7 @@ spec:
source: source:
repoURL: https://woodpecker-ci.org/ repoURL: https://woodpecker-ci.org/
chart: woodpecker chart: woodpecker
targetRevision: 3.2.0 targetRevision: 3.5.1
helm: helm:
releaseName: woodpecker releaseName: woodpecker
values: "server:\n env:\n WOODPECKER_HOST: \"https://ci.gwg313.xyz\"\n extraSecretNamesForEnvFrom:\n - woodpecker-server-secrets\n persistentVolume:\n enabled: true\n existingClaim: woodpecker-server-pvc5\n\nagent:\n enabled: true\n replicaCount: 1\n extraSecretNamesForEnvFrom:\n - woodpecker-agent-secrets\n env:\n WOODPECKER_SERVER: \"woodpecker-server:9000\"\n WOODPECKER_MAX_WORKFLOWS: \"5\"\n persistence:\n enabled: true\n existingClaim: woodpecker-agent-pvc5\n securityContext:\n privileged: true \n" values: "server:\n env:\n WOODPECKER_HOST: \"https://ci.gwg313.xyz\"\n extraSecretNamesForEnvFrom:\n - woodpecker-server-secrets\n persistentVolume:\n enabled: true\n existingClaim: woodpecker-server-pvc5\n\nagent:\n enabled: true\n replicaCount: 1\n extraSecretNamesForEnvFrom:\n - woodpecker-agent-secrets\n env:\n WOODPECKER_SERVER: \"woodpecker-server:9000\"\n WOODPECKER_MAX_WORKFLOWS: \"5\"\n persistence:\n enabled: true\n existingClaim: woodpecker-agent-pvc5\n securityContext:\n privileged: true \n"

6
woodpecker/namespace.yaml
View file

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: woodpecker
labels:
pod-security.kubernetes.io/enforce: "baseline"

23
woodpecker/storage.yaml
View file

@ -7,7 +7,7 @@ spec:
storage: 10Gi storage: 10Gi
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: "" storageClassName: "iscsi-manual"
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem volumeMode: Filesystem
iscsi: iscsi:
@ -21,6 +21,9 @@ spec:
secretRef: secretRef:
name: woodpecker-iscsi-auth name: woodpecker-iscsi-auth
namespace: woodpecker namespace: woodpecker
claimRef:
name: woodpecker-agent-pvc5
namespace: woodpecker
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@ -30,7 +33,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: "" storageClassName: "iscsi-manual"
volumeName: woodpecker-agent-pv5 volumeName: woodpecker-agent-pv5
resources: resources:
requests: requests:
@ -45,7 +48,7 @@ spec:
storage: 10Gi storage: 10Gi
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: "" storageClassName: "iscsi-manual"
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem volumeMode: Filesystem
iscsi: iscsi:
@ -59,6 +62,9 @@ spec:
secretRef: secretRef:
name: woodpecker-iscsi-auth name: woodpecker-iscsi-auth
namespace: woodpecker namespace: woodpecker
claimRef:
name: woodpecker-server-pvc5
namespace: woodpecker
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@ -68,7 +74,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: "" storageClassName: "iscsi-manual"
volumeName: woodpecker-server-pv5 volumeName: woodpecker-server-pv5
resources: resources:
requests: requests:
@ -84,7 +90,7 @@ spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
volumeMode: Filesystem volumeMode: Filesystem
storageClassName: "" storageClassName: "iscsi-manual"
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
iscsi: iscsi:
targetPortal: truenas.local.gwg313.xyz targetPortal: truenas.local.gwg313.xyz
@ -97,6 +103,9 @@ spec:
secretRef: secretRef:
name: woodpecker-iscsi-auth name: woodpecker-iscsi-auth
namespace: woodpecker namespace: woodpecker
claimRef:
name: data-woodpecker-server-0
namespace: woodpecker
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@ -107,8 +116,8 @@ spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
volumeMode: Filesystem volumeMode: Filesystem
storageClassName: "iscsi-manual"
volumeName: data-woodpecker-server-0
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi
volumeName: data-woodpecker-server-0
storageClassName: "" # must match PV

10
woodpecker/woodpecker-cache.yaml
View file

@ -4,14 +4,14 @@ metadata:
name: wp-cache-pv1 name: wp-cache-pv1
spec: spec:
capacity: capacity:
storage: 1Gi storage: 5Gi
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: manual-nfs # storageClassName: manual-nfs
nfs: # nfs:
server: truenas.local.gwg313.xyz # server: truenas.local.gwg313.xyz
path: /mnt/tank/k8s/democratic/woodpecker-cache # path: /mnt/tank/k8s/democratic/woodpecker-cache
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim