[Woodpecker CI] Configure manifests to deploy server + agents

charts/woodpecker-ci/Chart.yaml

 apiVersion: v2
-name: woodpecker-ci
-description: Woodpecker is a simple CI engine with great extensibility.
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+name: woodpecker-ci
+description: Woodpecker is a simple CI engine with great extensibility.
+icon: 'https://helm-forks.s3.eu-west-2.amazonaws.com/icons/woodpecker-ci.png'
 
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
+version: 0.2.0
 appVersion: "0.15.1"
+

charts/woodpecker-ci/templates/NOTES.txt

 1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
+{{- if .Values.server.ingress.enabled }}
+{{- range $host := .Values.server.ingress.hosts }}
   {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  http{{ if $.Values.server.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
   {{- end }}
 {{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
+{{- else if contains "NodePort" .Values.server.service.type }}
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "woodpecker-ci.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
+{{- else if contains "LoadBalancer" .Values.server.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
            You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "woodpecker-ci.fullname" . }}'
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "woodpecker-ci.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
+  echo http://$SERVICE_IP:{{ .Values.server.service.port }}
+{{- else if contains "ClusterIP" .Values.server.service.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "woodpecker-ci.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   echo "Visit http://127.0.0.1:8080 to use your application"

charts/woodpecker-ci/templates/_helpers.tpl

@@ -23,6 +23,10 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 
+{{- define "woodpecker-ci.serverdns" -}}
+{{ printf "%s.%s.%s:9000" (include "woodpecker-ci.fullname" .) .Release.Namespace .Values.clusterDns }}
+{{- end }}
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}
@@ -60,3 +64,19 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+    Template values 
+*/}}
+
+{{- define "woodpecker-ci.serverProtocol" -}}
+{{- if .Values.server.tls }}
+{{- printf "https" }}
+{{- else }}
+{{- printf "http" }}
+{{- end }}
+{{- end }}
+
+{{- define "woodpecker-ci.serverHost" -}}
+{{- printf "%s://%s" (include "woodpecker-ci.serverProtocol" .) .Values.server.host }}
+{{- end }}
\ No newline at end of file

charts/woodpecker-ci/templates/agent-deployment.yaml

+{{- if .Values.server.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "woodpecker-ci.fullname" . }}-agent
+  labels:
+    woodpecker.component: "agent"
+    {{- include "woodpecker-ci.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.agent.replicas }}
+  selector:
+    matchLabels:
+      woodpecker.component: "agent"
+      {{- include "woodpecker-ci.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        woodpecker.component: "agent"
+        {{- include "woodpecker-ci.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "woodpecker-ci.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}-agent
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.agent.image.pullPolicy }}
+          env:
+            - name: WOODPECKER_SERVER
+              value: {{ include "woodpecker-ci.serverdns" . | quote }}
+            {{- range $key, $value := .Values.common.environment.variables }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- if .Values.common.secrets }}
+          envFrom:
+          {{- range .Values.common.secrets}}
+            - secretRef:
+                name: {{ . }}
+          {{- end }}
+          {{- end }}
+          {{- with .Values.agent.resources }}
+          resources:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          volumeMounts:
+            - name: sock-dir
+              mountPath: /var/run
+        - name: {{ .Chart.Name }}-dind
+          image: {{ .Values.agent.dind.image }}
+          securityContext:
+            privileged: true
+          env:
+            - name: DOCKER_DRIVER
+              value: overlay2
+          volumeMounts:
+            - name: sock-dir
+              mountPath: /var/run
+      volumes:
+        - name: sock-dir
+          emptyDir: {}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
\ No newline at end of file

charts/woodpecker-ci/templates/hpa.yaml

-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "woodpecker-ci.fullname" . }}
-  labels:
-    {{- include "woodpecker-ci.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "woodpecker-ci.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}

charts/woodpecker-ci/templates/deployment.yaml → charts/woodpecker-ci/templates/server-deployment.yaml

+{{- if .Values.server.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "woodpecker-ci.fullname" . }}
+  name: {{ include "woodpecker-ci.fullname" . }}-server
   labels:
+    woodpecker.component: "server"
     {{- include "woodpecker-ci.labels" . | nindent 4 }}
 spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
+  replicas: 1
   selector:
     matchLabels:
+      woodpecker.component: "server"
       {{- include "woodpecker-ci.selectorLabels" . | nindent 6 }}
   template:
     metadata:
@@ -18,6 +19,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
+        woodpecker.component: "server"
         {{- include "woodpecker-ci.selectorLabels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
@@ -31,22 +33,32 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          env:
+            - name: WOODPECKER_HOST
+              value: {{ include "woodpecker-ci.serverHost" . | quote }}
+            - name: WOODPECKER_OPEN
+              value: {{ .Values.server.registration | quote }}
+            {{- range $key, $value := .Values.common.environment.variables }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- if .Values.common.secrets }}
+          envFrom:
+          {{- range .Values.common.secrets}}
+            - secretRef:
+                name: {{ . }}
+          {{- end }}
+          {{- end }}
           ports:
             - name: http
-              containerPort: 80
+              port: 80
+              targetPort: 8000
+              protocol: TCP
+            - name: grpc
+              containerPort: 9000
               protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -59,3 +71,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+{{- end }}
\ No newline at end of file

charts/woodpecker-ci/templates/ingress.yaml → charts/woodpecker-ci/templates/server-ingress.yaml

-{{- if .Values.ingress.enabled -}}
+{{- if .Values.server.ingress.enabled -}}
 {{- $fullName := include "woodpecker-ci.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+{{- if and .Values.server.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.server.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.server.ingress.annotations "kubernetes.io/ingress.class" .Values.server.ingress.className}}
   {{- end }}
 {{- end }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -18,17 +18,17 @@ metadata:
   name: {{ $fullName }}
   labels:
     {{- include "woodpecker-ci.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
+  {{- with .Values.server.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.className }}
+  {{- if and .Values.server.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.server.ingress.className }}
   {{- end }}
-  {{- if .Values.ingress.tls }}
+  {{- if .Values.server.ingress.tls }}
   tls:
-    {{- range .Values.ingress.tls }}
+    {{- range .Values.server.ingress.tls }}
     - hosts:
         {{- range .hosts }}
         - {{ . | quote }}
@@ -37,7 +37,7 @@ spec:
     {{- end }}
   {{- end }}
   rules:
-    {{- range .Values.ingress.hosts }}
+    {{- range .Values.server.ingress.hosts }}
     - host: {{ .host | quote }}
       http:
         paths:

charts/woodpecker-ci/templates/service.yaml → charts/woodpecker-ci/templates/server-service.yaml

@@ -5,11 +5,15 @@ metadata:
   labels:
     {{- include "woodpecker-ci.labels" . | nindent 4 }}
 spec:
-  type: {{ .Values.service.type }}
+  type: {{ .Values.server.service.type }}
   ports:
-    - port: {{ .Values.service.port }}
+    - port: {{ .Values.server.service.port }}
       targetPort: http
       protocol: TCP
       name: http
+    - port: 9000
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
   selector:
     {{- include "woodpecker-ci.selectorLabels" . | nindent 4 }}

charts/woodpecker-ci/templates/tests/test-connection.yaml

@@ -11,5 +11,5 @@ spec:
     - name: wget
       image: busybox
       command: ['wget']
-      args: ['{{ include "woodpecker-ci.fullname" . }}:{{ .Values.service.port }}']
+      args: ['{{ include "woodpecker-ci.fullname" . }}:{{ .Values.server.service.port }}']
   restartPolicy: Never

charts/woodpecker-ci/values.yaml

-# Default values for woodpecker-ci.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: woodpeckerci/woodpecker-server
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
+## clusterDns will be used by the agents to locate the server service
+clusterDns: "svc.cluster.local"
+
+## Configuration values shared by the server and agent pods
+common:
+  environment:
+    ## A list of secrets that will be used to pull in environment variables.
+    ## The secret should contain 1 or more key:value pairs, where the key
+    ## matches a Woodpecker environment variable and the value is the value of
+    ## that variable
+    secrets: []
+    # - myExistingSecret
+    
+    ## Environment variables to add to the pods that do not contain sensitive data.
+    ## Any sensitive values should be provided through the above list of secrets
+    variables: {}
+      # WOODPECKER_ADMIN: user1,user2
+      # OTHER_VAR: some_value
+
+## The server provides the UI and C&C capabilities of the woodpecker instance
+server:
+  image:
+    repository: woodpeckerci/woodpecker-server
+    pullPolicy: IfNotPresent
+    ## Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+  
+  ## Whether or not to enable the server component. If you have an existing woodpecker
+  ## instance and are simply deploying agents, this can be disabled
+  enabled: true
+
+  ## Whether or not users can register to this instance of woodpecker. Orgs can be
+  ## whitelisted via the WOODPECKER_ORGS environment variable
+  registration: false
+
+  ## Setting this to true will cause WOODPECKER_HOST to use https. If the ingress
+  ## is also enabled, it will set up the TLS configuration for that ingress.
+  ## The Ingress secret will be the chart deployment's full name suffixed with "-tls"
+  tls: false
+
+  ## The host that woodpecker will use for it's interface. If the ingress is enabled,
+  ## this value will also be used to set up paths
+  host: chart-example.local
+
+  service:
+    type: ClusterIP
+    port: 80
+
+  ingress:
+    enabled: false
+    className: ""
+    annotations: {}
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    paths:
+      - path: /
+        pathType: ImplementationSpecific
+
+## Agents run the actual build pipelines, and communicate back to the server instance.
+## The amount of build parallelism is equal to R x P, where R is the number of replicas 
+## (number of pods) and P is the parallelism of each pod (number of concurrent builds each
+## pod is configured to handle)
+agent:
+  image:
+    repository: woodpeckerci/woodpecker-agent
+    pullPolicy: IfNotPresent
+    ## Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+
+  ## The number of agent pods to run 
+  replicas: 4
+  ## The number of jobs each pod will run concurrently
+  parallelism: 4
+  ## Properties related to the agent pod's docker-in-docker support
+  dind:
+    ## The image for the dind container
+    image: docker:19.03.5-dind
+    ## Resources for each agent's build runner
+    resources:
+      limits:
+        cpu: 1
+        memory: 2Gi
+
+resources: {}
+  ## We usually recommend not to specify default resources and to leave this as a conscious
+  ## choice for the user. This also increases chances charts run on environments with little
+  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
 
 serviceAccount:
-  # Specifies whether a service account should be created
+  ## Specifies whether a service account should be created
   create: true
-  # Annotations to add to the service account
+  ## Annotations to add to the service account
   annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
+  ## The name of the service account to use.
+  ## If not set and create is true, a name is generated using the fullname template
   name: ""
 
 podAnnotations: {}
@@ -36,45 +119,6 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-service:
-  type: ClusterIP
-  port: 80
-
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
 nodeSelector: {}
 
 tolerations: []