kubernetes: added woodpecker-ci

- added woodpecker CI
- removed kubernetes infra terraform files.
- added demo woodpecker pipeline

kubernetes/woodpecker-ci/values.yaml

@@ -0,0 +1,361 @@
+# Default values for woodpecker.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# -- Overrides the name of the chart
+nameOverride: ""
+# -- Overrides the full name of the chart
+fullnameOverride: ""
+
+agent:
+  # -- Enable the agent component
+  enabled: true
+
+  # -- The number of replicas for the deployment
+  replicaCount: 2
+
+  image:
+    # -- The image registry
+    registry: docker.io
+    # -- The image repository
+    repository: woodpeckerci/woodpecker-agent
+    # -- The pull policy for the image
+    pullPolicy: IfNotPresent
+    # -- Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+
+  env:
+    # -- Add the environment variables for the agent component
+    WOODPECKER_SERVER: "woodpecker-server.woodpecker.svc.cluster.local:9000"
+    WOODPECKER_BACKEND: kubernetes
+    WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
+    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: ""
+    WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
+    WOODPECKER_BACKEND_K8S_STORAGE_RWX: true
+    WOODPECKER_BACKEND_K8S_POD_LABELS: ""
+    WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: ""
+    WOODPECKER_CONNECT_RETRY_COUNT: "3"
+
+  # -- Add extra secret that is contains environment variables
+  extraSecretNamesForEnvFrom: []
+
+  persistence:
+    # -- Enable the creation of the persistent volume
+    enabled: true
+    # -- Defines an existing claim to use
+    existingClaim:
+    # -- Defines the size of the persistent volume
+    size: 1Gi
+    # -- Defines the path where the volume should be mounted
+    mountPath: "/etc/woodpecker"
+    # -- Defines the storageClass of the persistent volume
+    storageClass: ""
+    # -- Defines the access mode of the persistent volume
+    accessModes:
+      - ReadWriteOnce
+
+  # -- Additional volumes that can be mounted in containers
+  extraVolumes:
+    []
+    # - name: docker-config
+    #   configMap:
+    #     name: docker-config
+    # - name: data-volume
+    #   persistentVolumeClaim:
+    #     claimName: example
+
+  # -- Additional volumes that will be attached to the agent container
+  extraVolumeMounts:
+    []
+    # - name: ca-certs
+    #   mountPath: /etc/ssl/certs/ca-certificates.crt
+
+  # -- The image pull secrets
+  imagePullSecrets: []
+  # -- Overrides the name of the chart of the agent component
+  nameOverride: ""
+  # -- Overrides the full name of the chart of the agent component
+  fullnameOverride: ""
+
+  serviceAccount:
+    # -- Specifies whether a service account should be created (also see RBAC subsection)
+    create: true
+    # -- Annotations to add to the service account
+    annotations: {}
+    # -- The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    rbac:
+      # -- If your cluster has RBAC enabled and you're using the Kubernetes agent-
+      # backend you'll need this. (this is true for almost all production clusters)
+      # only change this if you have a non CNCF compliant cluster, missing the RBAC endpoints
+      # the Role and RoleBinding are only created if serviceAccount.create is also true
+      create: true
+      # Additional annotations and labels in role and roleBinding are only needed, if you
+      # are using additional tooling to manage / verify roles or roleBindings (OPA, etc.)
+      role:
+        annotations: {}
+        labels: {}
+      roleBinding:
+        annotations: {}
+        labels: {}
+
+  # -- Add pod annotations for the agent component
+  podAnnotations: {}
+
+  # -- Add pod security context
+  podSecurityContext:
+    {}
+    # fsGroup: 2000
+
+  # -- Add security context
+  securityContext:
+    {}
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+
+  # -- Specifies the resources for the agent component
+  resources:
+    {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+
+  # -- Specifies the labels of the nodes that the agent component must be running
+  nodeSelector: {}
+
+  # -- Specifies the tolerations
+  tolerations: []
+
+  # -- Specifies the affinity
+  affinity: {}
+
+  # -- Overrides the default DNS configuration
+  dnsConfig: {}
+
+  # -- Using topology spread constraints, you can ensure that there is at least one agent
+  # pod for each topology zone, e.g. one per arch for multi-architecture clusters
+  # or one for each region for geographically distributed cloud-hosted clusters.
+  # Ref: <https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/>
+  topologySpreadConstraints: []
+  # - maxSkew: 1
+  #   topologyKey: "beta.kubernetes.io/arch"
+  #   whenUnsatisfiable: "DoNotSchedule"
+  #   labelSelector:
+  #     matchLabels:
+  #       "app.kubernetes.io/name": woodpecker-agent
+
+server:
+  # -- Enable the server component
+  enabled: true
+
+  statefulSet:
+    # -- Add annotations to the StatefulSet
+    annotations: {}
+    # -- Add labels to the StatefulSet
+    labels: {}
+    # -- Defines the number of replicas
+    replicaCount: 1
+    # -- The maximum number of revisions that will be maintained in the StatefulSet's revision history
+    # Default in 10.
+    revisionHistoryLimit: 5
+
+  updateStrategy:
+    # -- Defines the update strategy of the StatefulSet
+    type: RollingUpdate
+
+  image:
+    # -- The image registry
+    registry: docker.io
+    # -- The image repository
+    repository: woodpeckerci/woodpecker-server
+    # -- The image pull policy
+    pullPolicy: IfNotPresent
+    # -- Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+
+  # -- Add environment variables for the server component
+  env:
+    WOODPECKER_ADMIN: "taqi"
+    WOODPECKER_HOST: "placeholder.woodpecker.svc.cluster.local:9000"
+    WOODPECKER_GITEA: "true"
+    WOODPECKER_GITEA_URL: "${GITEA_HOST}"
+    WOODPECKER_GITEA_CLIENT: "${WOODPECKER_CLIENT_ID}"
+    WOODPECKER_GITEA_SECRET: "${WOODPECKER_CLIENT_SECRET}"
+
+    # WOODPECKER_GITHUB: "true"
+
+  # -- Add extra environment variables from the secrets list
+  extraSecretNamesForEnvFrom: []
+
+  # whether to create the default WOODPECKER_AGENT_SECRET in woodpecker-default-agent-secret
+  createAgentSecret: true
+  # -- Create a generic secret to store things in, e.g. env values
+  secrets: []
+  # - name: secret
+  #   data:
+  #     key: value
+
+  # -- Additional volumes that can be mounted in containers
+  extraVolumes:
+    []
+    # - name: docker-config
+    #   configMap:
+    #     name: docker-config
+    # - name: data-volume
+    #   persistentVolumeClaim:
+    #     claimName: example
+
+  # -- Additional volumes that will be attached to the agent container
+  extraVolumeMounts:
+    []
+    # - name: ca-certs
+    #   mountPath: /etc/ssl/certs/ca-certificates.crt
+
+  # -- Add additional init containers to the pod (evaluated as a template)
+  initContainers: []
+
+  persistentVolume:
+    # -- Enable the creation of the persistent volume
+    enabled: true
+    # -- Defines the size of the persistent volume
+    size: 10Gi
+    # -- Defines the path where the volume should be mounted
+    mountPath: "/var/lib/woodpecker"
+    # -- Defines the storageClass of the persistent volume
+    storageClass: ""
+
+  # -- The image pull secrets
+  imagePullSecrets: []
+  # -- Overrides the name of the helm chart of the server component
+  nameOverride: ""
+  # -- Overrides the full name of the helm chart of the server component
+  fullnameOverride: ""
+
+  serviceAccount:
+    # -- Specifies whether a service account should be created
+    create: false
+    # -- Annotations to add to the service account
+    annotations: {}
+    # -- The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+
+  # -- Add pod annotations
+  podAnnotations:
+    {}
+    # prometheus.io/scrape: "true"
+
+  # -- Add pod security context
+  podSecurityContext:
+    {}
+    # fsGroup: 2000
+
+  # -- Add security context
+  securityContext:
+    {}
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+
+  service:
+    # -- The type of the service
+    type: ClusterIP
+    # -- The port of the service
+    port: &servicePort 80
+    # -- The cluster IP of the service (optional)
+    clusterIP:
+    # -- The loadbalancer IP of the service (optional)
+    loadBalancerIP:
+
+  ingress:
+    # -- Enable the ingress for the server component
+    enabled: true
+    # -- Add annotations to the ingress
+    annotations:
+      cert-manager.io/cluster-issuer: "acme-issuer"
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # -- Defines which ingress controller will implement the resource
+    ingressClassName: "nginx"
+
+    hosts:
+      - host: example.com
+        paths:
+          - path: /
+            backend:
+              serviceName: chart-example.local
+              servicePort: *servicePort
+    tls:
+      - hosts:
+          - example.com
+        secretName: woodpecker-tls
+        # -- Defines the secret that contains the TLS certificate and key
+        # secretName: chart-example-tls
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+
+  # -- Specifies the ressources for the server component
+  resources:
+    {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+
+  # -- Defines the labels of the node where the server component must be running
+  nodeSelector: {}
+
+  # -- Add tolerations rules
+  tolerations: []
+
+  # -- Add affinity
+  affinity: {}
+
+  # -- Overrides the default DNS configuration
+  dnsConfig: {}
+
+  # -- Configure probe options for container health checking
+  probes:
+    # -- Configure liveness probe options
+    liveness:
+      # -- Number of seconds after which the probe times out (default: 10)
+      timeoutSeconds: 10
+      # -- How often (in seconds) to perform the probe (default: 10)
+      periodSeconds: 10
+      # -- Minimum consecutive successes for the probe to be considered successful after having failed (default: 1)
+      successThreshold: 1
+      # -- When a probe fails, Kubernetes will try failureThreshold times before giving up (default: 3)
+      failureThreshold: 3
+    # -- Configure readiness probe options
+    readiness:
+      # -- Number of seconds after which the probe times out (default: 10)
+      timeoutSeconds: 10
+      # -- How often (in seconds) to perform the probe (default: 10)
+      periodSeconds: 10
+      # -- Minimum consecutive successes for the probe to be considered successful after having failed (default: 1)
+      successThreshold: 1
+      # -- When a probe fails, Kubernetes will try failureThreshold times before giving up (default: 3)
+      failureThreshold: 3