Celes Renata
65 lines
1.9 KiB
YAML
65 lines
1.9 KiB
YAML
# Helm values for Woodpecker CI
|
|
# Chart: woodpecker/woodpecker
|
|
# Namespace: woodpecker
|
|
|
|
# --- Server ---
|
|
server:
|
|
enabled: true
|
|
|
|
# No proxy CA injection — server talks to Gitea internally, proxy would intercept
|
|
|
|
env:
|
|
WOODPECKER_HOST: "https://stonks-ci.celestium.life"
|
|
WOODPECKER_SERVER_ADDR: "0.0.0.0:8000"
|
|
WOODPECKER_GRPC_ADDR: "0.0.0.0:9000"
|
|
WOODPECKER_GITEA: "true"
|
|
WOODPECKER_GITEA_URL: "http://gitea-service.git-server.svc.cluster.local:3000"
|
|
WOODPECKER_GITEA_CLIENT: "<GITEA_CLIENT_ID>"
|
|
WOODPECKER_GITEA_SECRET: "<GITEA_CLIENT_SECRET>"
|
|
WOODPECKER_ADMIN: "admin"
|
|
WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx"
|
|
|
|
# Traefik ingress with TLS via cert-manager
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
hosts:
|
|
- host: stonks-ci.celestium.life
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: woodpecker-server
|
|
servicePort: 80
|
|
tls:
|
|
- secretName: woodpecker-tls
|
|
hosts:
|
|
- stonks-ci.celestium.life
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: celestium-le-production
|
|
|
|
# Persistent volume for SQLite database and build data
|
|
persistentVolume:
|
|
enabled: true
|
|
size: 5Gi
|
|
storageClass: ""
|
|
|
|
# --- Agent ---
|
|
agent:
|
|
enabled: true
|
|
replicaCount: 2
|
|
|
|
# Agents must NOT have proxy/CA injection — they communicate with server via gRPC
|
|
# and the proxy blocks port 9000. Builder pods get injection via Kyverno policy
|
|
# matching WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS.
|
|
podAnnotations: {}
|
|
|
|
env:
|
|
WOODPECKER_SERVER: "woodpecker-server:9000"
|
|
WOODPECKER_BACKEND: kubernetes
|
|
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
|
|
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 5Gi
|
|
WOODPECKER_BACKEND_K8S_STORAGE_RWX: "false"
|
|
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: local-path
|
|
WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: "celestium.life/inject-ca:true"
|
|
WOODPECKER_MAX_WORKFLOWS: "16"
|