From 8f30a0cef07a5b6cd0ae747cc7c1040cb6522890 Mon Sep 17 00:00:00 2001 From: Louis Capitanchik <contact@louiscap.co> Date: Mon, 18 Apr 2022 19:13:20 +0100 Subject: [PATCH] [Woodpecker CI] Configure manifests to deploy server + agents --- charts/woodpecker-ci/Chart.yaml | 24 +-- charts/woodpecker-ci/templates/NOTES.txt | 14 +- charts/woodpecker-ci/templates/_helpers.tpl | 20 +++ .../templates/agent-deployment.yaml | 88 ++++++++++ charts/woodpecker-ci/templates/hpa.yaml | 28 ---- ...deployment.yaml => server-deployment.yaml} | 47 ++++-- .../{ingress.yaml => server-ingress.yaml} | 20 +-- .../{service.yaml => server-service.yaml} | 8 +- .../templates/tests/test-connection.yaml | 2 +- charts/woodpecker-ci/values.yaml | 154 +++++++++++------- 10 files changed, 266 insertions(+), 139 deletions(-) create mode 100644 charts/woodpecker-ci/templates/agent-deployment.yaml delete mode 100644 charts/woodpecker-ci/templates/hpa.yaml rename charts/woodpecker-ci/templates/{deployment.yaml => server-deployment.yaml} (52%) rename charts/woodpecker-ci/templates/{ingress.yaml => server-ingress.yaml} (67%) rename charts/woodpecker-ci/templates/{service.yaml => server-service.yaml} (64%) diff --git a/charts/woodpecker-ci/Chart.yaml b/charts/woodpecker-ci/Chart.yaml index 755520a..b08af12 100644 --- a/charts/woodpecker-ci/Chart.yaml +++ b/charts/woodpecker-ci/Chart.yaml @@ -1,24 +1,10 @@ apiVersion: v2 -name: woodpecker-ci -description: Woodpecker is a simple CI engine with great extensibility. - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +name: woodpecker-ci +description: Woodpecker is a simple CI engine with great extensibility. +icon: 'https://helm-forks.s3.eu-west-2.amazonaws.com/icons/woodpecker-ci.png' -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. +version: 0.2.0 appVersion: "0.15.1" + diff --git a/charts/woodpecker-ci/templates/NOTES.txt b/charts/woodpecker-ci/templates/NOTES.txt index cd5a0ef..5abfa6c 100644 --- a/charts/woodpecker-ci/templates/NOTES.txt +++ b/charts/woodpecker-ci/templates/NOTES.txt @@ -1,20 +1,20 @@ 1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} +{{- if .Values.server.ingress.enabled }} +{{- range $host := .Values.server.ingress.hosts }} {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + http{{ if $.Values.server.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} -{{- else if contains "NodePort" .Values.service.type }} +{{- else if contains "NodePort" .Values.server.service.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "woodpecker-ci.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if contains "LoadBalancer" .Values.server.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "woodpecker-ci.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "woodpecker-ci.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} + echo http://$SERVICE_IP:{{ .Values.server.service.port }} +{{- else if contains "ClusterIP" .Values.server.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "woodpecker-ci.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/woodpecker-ci/templates/_helpers.tpl b/charts/woodpecker-ci/templates/_helpers.tpl index f91ffac..3c168d5 100644 --- a/charts/woodpecker-ci/templates/_helpers.tpl +++ b/charts/woodpecker-ci/templates/_helpers.tpl @@ -23,6 +23,10 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{- define "woodpecker-ci.serverdns" -}} +{{ printf "%s.%s.%s:9000" (include "woodpecker-ci.fullname" .) .Release.Namespace .Values.clusterDns }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} @@ -60,3 +64,19 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* + Template values +*/}} + +{{- define "woodpecker-ci.serverProtocol" -}} +{{- if .Values.server.tls }} +{{- printf "https" }} +{{- else }} +{{- printf "http" }} +{{- end }} +{{- end }} + +{{- define "woodpecker-ci.serverHost" -}} +{{- printf "%s://%s" (include "woodpecker-ci.serverProtocol" .) .Values.server.host }} +{{- end }} \ No newline at end of file diff --git a/charts/woodpecker-ci/templates/agent-deployment.yaml b/charts/woodpecker-ci/templates/agent-deployment.yaml new file mode 100644 index 0000000..06066e0 --- /dev/null +++ b/charts/woodpecker-ci/templates/agent-deployment.yaml @@ -0,0 +1,88 @@ +{{- if .Values.server.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "woodpecker-ci.fullname" . }}-agent + labels: + woodpecker.component: "agent" + {{- include "woodpecker-ci.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.agent.replicas }} + selector: + matchLabels: + woodpecker.component: "agent" + {{- include "woodpecker-ci.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + woodpecker.component: "agent" + {{- include "woodpecker-ci.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "woodpecker-ci.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-agent + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.agent.image.pullPolicy }} + env: + - name: WOODPECKER_SERVER + value: {{ include "woodpecker-ci.serverdns" . | quote }} + {{- range $key, $value := .Values.common.environment.variables }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.common.secrets }} + envFrom: + {{- range .Values.common.secrets}} + - secretRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.agent.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: http + containerPort: 3000 + protocol: TCP + volumeMounts: + - name: sock-dir + mountPath: /var/run + - name: {{ .Chart.Name }}-dind + image: {{ .Values.agent.dind.image }} + securityContext: + privileged: true + env: + - name: DOCKER_DRIVER + value: overlay2 + volumeMounts: + - name: sock-dir + mountPath: /var/run + volumes: + - name: sock-dir + emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/woodpecker-ci/templates/hpa.yaml b/charts/woodpecker-ci/templates/hpa.yaml deleted file mode 100644 index cb36378..0000000 --- a/charts/woodpecker-ci/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "woodpecker-ci.fullname" . }} - labels: - {{- include "woodpecker-ci.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "woodpecker-ci.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/woodpecker-ci/templates/deployment.yaml b/charts/woodpecker-ci/templates/server-deployment.yaml similarity index 52% rename from charts/woodpecker-ci/templates/deployment.yaml rename to charts/woodpecker-ci/templates/server-deployment.yaml index 891f630..c89d17d 100644 --- a/charts/woodpecker-ci/templates/deployment.yaml +++ b/charts/woodpecker-ci/templates/server-deployment.yaml @@ -1,15 +1,16 @@ +{{- if .Values.server.enabled }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "woodpecker-ci.fullname" . }} + name: {{ include "woodpecker-ci.fullname" . }}-server labels: + woodpecker.component: "server" {{- include "woodpecker-ci.labels" . | nindent 4 }} spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} + replicas: 1 selector: matchLabels: + woodpecker.component: "server" {{- include "woodpecker-ci.selectorLabels" . | nindent 6 }} template: metadata: @@ -18,6 +19,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: + woodpecker.component: "server" {{- include "woodpecker-ci.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} @@ -31,22 +33,32 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.server.image.pullPolicy }} + env: + - name: WOODPECKER_HOST + value: {{ include "woodpecker-ci.serverHost" . | quote }} + - name: WOODPECKER_OPEN + value: {{ .Values.server.registration | quote }} + {{- range $key, $value := .Values.common.environment.variables }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.common.secrets }} + envFrom: + {{- range .Values.common.secrets}} + - secretRef: + name: {{ . }} + {{- end }} + {{- end }} ports: - name: http - containerPort: 80 + port: 80 + targetPort: 8000 + protocol: TCP + - name: grpc + containerPort: 9000 protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -59,3 +71,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/woodpecker-ci/templates/ingress.yaml b/charts/woodpecker-ci/templates/server-ingress.yaml similarity index 67% rename from charts/woodpecker-ci/templates/ingress.yaml rename to charts/woodpecker-ci/templates/server-ingress.yaml index a2b8df5..aae821f 100644 --- a/charts/woodpecker-ci/templates/ingress.yaml +++ b/charts/woodpecker-ci/templates/server-ingress.yaml @@ -1,9 +1,9 @@ -{{- if .Values.ingress.enabled -}} +{{- if .Values.server.ingress.enabled -}} {{- $fullName := include "woodpecker-ci.fullname" . -}} {{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} +{{- if and .Values.server.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.server.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.server.ingress.annotations "kubernetes.io/ingress.class" .Values.server.ingress.className}} {{- end }} {{- end }} {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} @@ -18,17 +18,17 @@ metadata: name: {{ $fullName }} labels: {{- include "woodpecker-ci.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + {{- with .Values.server.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} + {{- if and .Values.server.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.server.ingress.className }} {{- end }} - {{- if .Values.ingress.tls }} + {{- if .Values.server.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.server.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -37,7 +37,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.server.ingress.hosts }} - host: {{ .host | quote }} http: paths: diff --git a/charts/woodpecker-ci/templates/service.yaml b/charts/woodpecker-ci/templates/server-service.yaml similarity index 64% rename from charts/woodpecker-ci/templates/service.yaml rename to charts/woodpecker-ci/templates/server-service.yaml index fd6bcac..1fbba15 100644 --- a/charts/woodpecker-ci/templates/service.yaml +++ b/charts/woodpecker-ci/templates/server-service.yaml @@ -5,11 +5,15 @@ metadata: labels: {{- include "woodpecker-ci.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.server.service.type }} ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.server.service.port }} targetPort: http protocol: TCP name: http + - port: 9000 + targetPort: grpc + protocol: TCP + name: grpc selector: {{- include "woodpecker-ci.selectorLabels" . | nindent 4 }} diff --git a/charts/woodpecker-ci/templates/tests/test-connection.yaml b/charts/woodpecker-ci/templates/tests/test-connection.yaml index 9583afb..519b0d0 100644 --- a/charts/woodpecker-ci/templates/tests/test-connection.yaml +++ b/charts/woodpecker-ci/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "woodpecker-ci.fullname" . }}:{{ .Values.service.port }}'] + args: ['{{ include "woodpecker-ci.fullname" . }}:{{ .Values.server.service.port }}'] restartPolicy: Never diff --git a/charts/woodpecker-ci/values.yaml b/charts/woodpecker-ci/values.yaml index 33b4a1f..f88f0b6 100644 --- a/charts/woodpecker-ci/values.yaml +++ b/charts/woodpecker-ci/values.yaml @@ -1,26 +1,109 @@ -# Default values for woodpecker-ci. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: woodpeckerci/woodpecker-server - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +## clusterDns will be used by the agents to locate the server service +clusterDns: "svc.cluster.local" + +## Configuration values shared by the server and agent pods +common: + environment: + ## A list of secrets that will be used to pull in environment variables. + ## The secret should contain 1 or more key:value pairs, where the key + ## matches a Woodpecker environment variable and the value is the value of + ## that variable + secrets: [] + # - myExistingSecret + + ## Environment variables to add to the pods that do not contain sensitive data. + ## Any sensitive values should be provided through the above list of secrets + variables: {} + # WOODPECKER_ADMIN: user1,user2 + # OTHER_VAR: some_value + +## The server provides the UI and C&C capabilities of the woodpecker instance +server: + image: + repository: woodpeckerci/woodpecker-server + pullPolicy: IfNotPresent + ## Overrides the image tag whose default is the chart appVersion. + tag: "" + + ## Whether or not to enable the server component. If you have an existing woodpecker + ## instance and are simply deploying agents, this can be disabled + enabled: true + + ## Whether or not users can register to this instance of woodpecker. Orgs can be + ## whitelisted via the WOODPECKER_ORGS environment variable + registration: false + + ## Setting this to true will cause WOODPECKER_HOST to use https. If the ingress + ## is also enabled, it will set up the TLS configuration for that ingress. + ## The Ingress secret will be the chart deployment's full name suffixed with "-tls" + tls: false + + ## The host that woodpecker will use for it's interface. If the ingress is enabled, + ## this value will also be used to set up paths + host: chart-example.local + + service: + type: ClusterIP + port: 80 + + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + paths: + - path: / + pathType: ImplementationSpecific + +## Agents run the actual build pipelines, and communicate back to the server instance. +## The amount of build parallelism is equal to R x P, where R is the number of replicas +## (number of pods) and P is the parallelism of each pod (number of concurrent builds each +## pod is configured to handle) +agent: + image: + repository: woodpeckerci/woodpecker-agent + pullPolicy: IfNotPresent + ## Overrides the image tag whose default is the chart appVersion. + tag: "" + + ## The number of agent pods to run + replicas: 4 + ## The number of jobs each pod will run concurrently + parallelism: 4 + ## Properties related to the agent pod's docker-in-docker support + dind: + ## The image for the dind container + image: docker:19.03.5-dind + ## Resources for each agent's build runner + resources: + limits: + cpu: 1 + memory: 2Gi + +resources: {} + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + serviceAccount: - # Specifies whether a service account should be created + ## Specifies whether a service account should be created create: true - # Annotations to add to the service account + ## Annotations to add to the service account annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + ## The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} @@ -36,45 +119,6 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - nodeSelector: {} tolerations: [] -- GitLab