# Helm values for Woodpecker CI # Chart: woodpecker/woodpecker # Namespace: woodpecker # --- Server --- server: enabled: true # No proxy CA injection — server talks to Gitea internally, proxy would intercept env: WOODPECKER_HOST: "https://stonks-ci.celestium.life" WOODPECKER_SERVER_ADDR: "0.0.0.0:8000" WOODPECKER_GRPC_ADDR: "0.0.0.0:9000" WOODPECKER_GITEA: "true" WOODPECKER_GITEA_URL: "http://gitea-service.git-server.svc.cluster.local:3000" WOODPECKER_GITEA_CLIENT: "a238718a-aefb-4a76-9a93-6e2be0b892a4" WOODPECKER_GITEA_SECRET: "gto_yf7cu2z5bgr6ins3hp6hbhgjjmj72zrmesf2g6e4zmpvko2wapzq" WOODPECKER_AGENT_SECRET: "01eede973f522dbea9c1f09afc020ed0934a6f946d5832be5fecacb0da04ce23" WOODPECKER_ADMIN: "admin" WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx" # Traefik ingress with TLS via cert-manager ingress: enabled: true ingressClassName: traefik hosts: - host: stonks-ci.celestium.life paths: - path: / backend: serviceName: woodpecker-server servicePort: 80 tls: - secretName: woodpecker-tls hosts: - stonks-ci.celestium.life annotations: cert-manager.io/cluster-issuer: celestium-le-production # Persistent volume for SQLite database and build data persistentVolume: enabled: true size: 5Gi storageClass: "" # --- Agent --- agent: enabled: true replicaCount: 2 # Agents must NOT have proxy/CA injection — they communicate with server via gRPC # and the proxy blocks port 9000. Builder pods get injection via Kyverno policy # matching WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS. podAnnotations: {} env: WOODPECKER_SERVER: "woodpecker-server:9000" WOODPECKER_AGENT_SECRET: "01eede973f522dbea9c1f09afc020ed0934a6f946d5832be5fecacb0da04ce23" WOODPECKER_BACKEND: kubernetes WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 5Gi WOODPECKER_BACKEND_K8S_STORAGE_RWX: "false" WOODPECKER_BACKEND_K8S_STORAGE_CLASS: local-path WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: '{"celestium.life/inject-ca":"true"}' WOODPECKER_MAX_WORKFLOWS: "16"