diff --git a/clusters/cl01tl/platform/gitea/Chart.yaml b/clusters/cl01tl/platform/gitea/Chart.yaml index 0550d077d..22df38fc3 100644 --- a/clusters/cl01tl/platform/gitea/Chart.yaml +++ b/clusters/cl01tl/platform/gitea/Chart.yaml @@ -26,6 +26,10 @@ dependencies: - name: gitea version: 11.0.0 repository: https://dl.gitea.io/charts/ + - name: app-template + alias: renovate + repository: https://bjw-s.github.io/helm-charts/ + version: 3.7.2 - name: app-template alias: backup repository: https://bjw-s.github.io/helm-charts/ @@ -36,6 +40,10 @@ dependencies: - name: valkey version: 2.4.6 repository: https://charts.bitnami.com/bitnami + - name: valkey + alias: valkey-renovate + version: 2.4.6 + repository: https://charts.bitnami.com/bitnami - name: cloudflared alias: cloudflared repository: http://alexlebens.github.io/helm-charts diff --git a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml index 34307592a..3ecd0d0f1 100644 --- a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml @@ -61,6 +61,91 @@ spec: metadataPolicy: None property: client +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gitea-renovate-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-renovate-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: renovate + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: RENOVATE_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/renovate + metadataPolicy: None + property: RENOVATE_ENDPOINT + - secretKey: RENOVATE_GIT_AUTHOR + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/renovate + metadataPolicy: None + property: RENOVATE_GIT_AUTHOR + - secretKey: RENOVATE_TOKEN + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/renovate + metadataPolicy: None + property: RENOVATE_TOKEN + - secretKey: RENOVATE_GIT_PRIVATE_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/renovate + metadataPolicy: None + property: id_rsa + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gitea-renovate-ssh-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-renovate-ssh-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: renovate + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/renovate + metadataPolicy: None + property: ssh_config + - secretKey: id_rsa + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/renovate + metadataPolicy: None + property: id_rsa + - secretKey: id_rsa.pub + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/gitea/renovate + metadataPolicy: None + property: id_rsa.pub + --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret diff --git a/clusters/cl01tl/platform/gitea/values.yaml b/clusters/cl01tl/platform/gitea/values.yaml index ddc213bf7..f0e590803 100644 --- a/clusters/cl01tl/platform/gitea/values.yaml +++ b/clusters/cl01tl/platform/gitea/values.yaml @@ -132,6 +132,88 @@ gitea: enabled: false mariadb: enabled: false +renovate: + global: + fullnameOverride: gitea-renovate + controllers: + main: + type: cronjob + cronjob: + suspend: false + concurrencyPolicy: Forbid + timeZone: US/Central + schedule: 0 * * * * + startingDeadlineSeconds: 90 + successfulJobsHistory: 3 + failedJobsHistory: 3 + backoffLimit: 3 + parallelism: 1 + containers: + main: + image: + repository: renovate/renovate + tag: 39.200.2 + pullPolicy: IfNotPresent + env: + - name: RENOVATE_PLATFORM + value: gitea + - name: RENOVATE_AUTODISCOVER + value: 'true' + - name: RENOVATE_ONBOARDING + value: 'true' + - name: RENOVATE_BASE_DIR + value: /tmp/renovate/ + - name: RENOVATE_CONFIG_FILE + value: /opt/renovate/config.json + - name: RENOVATE_REDIS_URL + value: redis://gitea-renovate-valkey-primary.gitea:6379 + - name: LOG_LEVEL + value: debug + envFrom: + - secretRef: + name: gitea-renovate-secret + resources: + requests: + cpu: 100m + memory: 128Mi + configMaps: + renovate-config: + enabled: true + data: + config.json: | + { + "repositories": ["orgname/repo","username/repo"], + "dryRun" : "full" + } + persistence: + config: + enabled: true + type: configMap + name: gitea-renovate-config + advancedMounts: + main: + main: + - path: /opt/renovate/config.json + readOnly: true + mountPropagation: None + subPath: config.json + ssh: + enabled: true + type: secret + name: gitea-renovate-ssh-secret + advancedMounts: + main: + main: + - path: /home/ubuntu/.ssh + readOnly: true + mountPropagation: None + cache: + type: emptyDir + advancedMounts: + main: + main: + - path: /tmp/renovate/ + readOnly: false backup: global: fullnameOverride: gitea-backup @@ -271,6 +353,18 @@ valkey: persistence: enabled: true size: 5Gi +valkey-renovate: + nameOverride: renovate-valkey + architecture: standalone + auth: + enabled: disable + primary: + persistence: + enabled: true + size: 1Gi + replica: + persistence: + enabled: false cloudflared: existingSecretName: gitea-cloudflared-secret postgres-17-cluster: