Prepare roles
This commit is contained in:
parent
104f47eb26
commit
a1b5b510cc
@ -7,6 +7,7 @@ repos:
|
||||
rev: v0.13.0
|
||||
hooks:
|
||||
- id: yamlfmt
|
||||
exclude: ^charts/
|
||||
- repo: local
|
||||
hooks:
|
||||
- id: check-sops-secrets
|
||||
|
27
charts/roles/templates/rolebindings.yaml
Normal file
27
charts/roles/templates/rolebindings.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
{{- if .Values.bindings }}
|
||||
{{- range $bindings := .Values.bindings }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: {{ $bindings.kind }}
|
||||
metadata:
|
||||
name: {{ $bindings.name }}
|
||||
namespace: {{ $bindings.namespace }}
|
||||
labels:
|
||||
{{- include "roles.labels" $ | nindent 4 }}
|
||||
{{- with $bindings.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $bindings.annotations}}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
{{- with $bindings.subjects }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
{{- with $bindings.roleRef }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
20
charts/roles/templates/sa.yaml
Normal file
20
charts/roles/templates/sa.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
{{- if .Values.sa }}
|
||||
{{- range $sa := .Values.roles }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ $sa.name }}
|
||||
namespace: {{ $sa.namespace }}
|
||||
labels:
|
||||
{{- include "roles.labels" $ | nindent 4 }}
|
||||
{{- with $sa.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $sa.annotations}}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: true
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -17,6 +17,13 @@ releases:
|
||||
- template: ext-database
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: woodpecker-ci-kube
|
||||
chart: woodpecker/woodpecker
|
||||
namespace: pipelines
|
||||
version: 1.6.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- name: renovate-gitea
|
||||
chart: renovate/renovate
|
||||
namespace: pipelines
|
||||
|
23
values/badhouseplants/secrets.woodpecker-ci-kube.yaml
Normal file
23
values/badhouseplants/secrets.woodpecker-ci-kube.yaml
Normal file
@ -0,0 +1,23 @@
|
||||
agent:
|
||||
env:
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:w9ey2dRr2J5Wp0NzrhO4nxLcQ46RkZzXJaodUdCkwmX0cRQ5U26E7SVHiCIBbQw4b4PGVUz0sqkmQKfSilbG7A==,iv:UFW80TdFuASBwVwk91WehKSwga6UCvcC5F2jjgk6Gi8=,tag:QIVzA5kJAENCkMT9jsEgLA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvU1kySE5oTkVTKzRkSXNO
|
||||
cG83UFBoMVh2S2tjcG1KTUNYSVVEaWxDZ3pvCjluY0IrWWFmYkxzWXFITmFUZm00
|
||||
a2ZEUTU3T25QNDkySXJzOXpmVTV5dmMKLS0tIFZaeGVlM2tUeEUzdlVzR3c2cGNv
|
||||
YWUyaS90YVhwUHZwOFVXOEg5M3cwOWcKTZXRuLS3Ywd0BTN6emE7ngm5RWTWI1Ka
|
||||
IKJVfvBa9DtpD0diWbaQJq5Mabh6K+VXlnM8T9p6qtWimR/Jy0N+6g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-10T05:07:15Z"
|
||||
mac: ENC[AES256_GCM,data:8clnBEEKrGK2G/PWdjXNhiufmR4C52rVAeNR8mKz5R1bvxN3wyj/kz7I+pdS1EI+fE7ZVuB24e4cmYHTrY4vJJOc8yT8wHT7WfLqKsia8A9AZc+wKhlyRr5w0iyBs834bIe9IKJymvqxEm58vjujybdRcWkqBY7pySQGYQ4MTDw=,iv:vT59gP4SegYITLdIrcgVv/ocSCmv8lr+jyRZX7Io4Ro=,tag:SbMp5hljVbKbaevo8KRKig==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
@ -1,27 +1,27 @@
|
||||
server:
|
||||
env:
|
||||
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:YCK++7hNKOQ9cuXTdRsN/x6nt76PNqvM16XaLnw4O0Uh5LQGv8nZt+Oighd7KIXFhsUfgCfPUU0=,iv:WrTNlxO+6rMa1uxv58k74L1udl7r7XSw5yzOZHBJuAk=,tag:lsHvrNTsoq1aCl5Q/rzkdA==,type:str]
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:o3w9/9UJtKEHcsKz7lfTl/zboYAQjYZLQUpOs4i3UPxsSaOy1AvezQZauHwYJZoVsJwWFE0XtOLhnd8bx3UlHA==,iv:CD5lgqFY/cJFewbPJqo+lniMCQaZK8PY4CmL1IsC6IQ=,tag:R8GU3HgZXcSLqOedYuMeGg==,type:str]
|
||||
env:
|
||||
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:EWJ97zJee7yMCNBPmX3FnyH0vbtztVtMppGDQv2mfF/o+t2D8EquFtux5HUiutr8IrIM1BYXWeU=,iv:vcavAGo5YJ4jFFHgjI/iSOUkG9ujdPNXPx9We+RLXPk=,tag:nFpRLHMq65cFwdyavMD8VA==,type:str]
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:jLhHB3z2CnTgikMqtlZKBeP2VWqAf6fpMTdPDisr1cymb9SPWjMjvojNRhpUp0dBpkgVlb6i6hbg3FK+l8g23g==,iv:AldKY5wZqN3hCImoLc0ox5f4dx7htSFLXQK4PXvQH4c=,tag:sten4kMl+2Q6P9C1dxP46g==,type:str]
|
||||
agent:
|
||||
env:
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:aHTziUzut6goUZR2JtNaqRTC1mvdA1HS1OLJRHdXtI6coVGcLahxl14Kun4JqsKEXLHeAyU9WEijoRRgixOHsA==,iv:txYRgyO2XHbWnp81ow1EyT4VbzxW+Q3d/NzzclNGT6U=,tag:8nEPzQNPi2bXTDYa81M/aw==,type:str]
|
||||
env:
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:FDxYdYR6DDRA4vdlxzB8oNGM2GsDlKVjZGLz8E0eL5JxzMiSfZvpAixKRN95L+pdpJhZJKAxWUIg/21/3ZJgjg==,iv:yova3Ane8wHOKP1uPWF/j2vwfoUQ67siv62Z4iubMT0=,tag:WIvNbUGwm2NpYtHO+ZZcOQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqOXBuOG1WaFc2cGVPeEp2
|
||||
bkxTWWJYcFJMdjM4S01wTjRYY2RlZldSbTFRCks1TVlwS3BTTnUySDVjMGpobG43
|
||||
YWU3eHlLcGJMcEIvMUZiVmIyU1NnK28KLS0tIGlwZ3NLQndac0F0QTB1azJHQUlT
|
||||
TmNXN1BYQ1JDOFRJV1A3WWFYQkR5R0kK+dSdoRdeiJBrhU6YnWb9P489dpTvhjBW
|
||||
GFPuTrQxqy3C6frb5K0huI1anarmdirwglD+/3UvTSQ0CEbUk95EMQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-08T20:44:23Z"
|
||||
mac: ENC[AES256_GCM,data:dMXGJRe5/k5+XFuvORJHGCmcSL2fsP9Pim2w1k3sUdJZslqptdDm+lk01mjPBMrQkgMyX7GHIwaqMU2hK5i8nBKYz6SSq91MgD+vtVHQoum5DtmAFwBOdT+m3VVo395OnLvXT1SvskgMU6ddy7uDD7UBrkVe/DxQjX3s0/IntRY=,iv:6v6j8U7nRlQ+YEs9wiPRpnkoGjCMPbfMp/ecrNgksis=,tag:P0aGi7qBJdTz90CNGF10dA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNGN1V0hyS0owU3ZTMzhl
|
||||
cEVXd0NrYm1TajVtZHJRYXdQU3JCRm12UkJvCjA5UFZWZGJlcDNoUFJabDZEc1BE
|
||||
eHdrbWowdkdGdDJvKzZjOVVzcjlhQ28KLS0tIFE3UHhUdHVtUkgzSldHMENsK25Y
|
||||
N0NxK0Q3MVlIUGxRZ2JTMnZnVjRPcUEKIBWPco85fPWl0cv7G7Sl2NlHGFe4gQw4
|
||||
2CU1PhmQYmbkSL5mnz3f8vQ/72JA6p2PGGL+kDlpgL+37mYocNDHyA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-10T05:05:36Z"
|
||||
mac: ENC[AES256_GCM,data:k8T0g9VAVgeaaguE9+QIgSSgCoGAOkadwJn24XAVm8f2snlwb0qargepxLDmG5Lzs8XdoOr8xWHpEzNKibP8UPTVkf3xw8KnAiRI1SDK2biTzthzOqTB0A/FrGatakfPNDqeP87gteBe25HiMcrJnqXeYOWrGyHIZjCZVObM+p0=,iv:cKbVkzyVPkPlQXswtUf5wXyrg4duG5V3IokkhULc9o8=,tag:XTI1eQyZsbHjm7z/b9W+Lw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
@ -7,3 +7,17 @@ roles:
|
||||
resources: ["*"]
|
||||
verbs: ["*"]
|
||||
namespace: ["public-xray"]
|
||||
bindings:
|
||||
- name: woodpecker-ci
|
||||
namespace: pipelines
|
||||
kind: ClusterRoleBinding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pipelines
|
||||
namespace: woodpecker-ci
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
sa:
|
||||
- name: woodpecker-ci
|
||||
|
16
values/badhouseplants/values.woodpecker-ci-kube.yaml
Normal file
16
values/badhouseplants/values.woodpecker-ci-kube.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
server:
|
||||
enabled: false
|
||||
agent:
|
||||
enabled: true
|
||||
extraSecretNamesForEnvFrom: []
|
||||
env:
|
||||
WOODPECKER_SERVER: woodpecker-ci-server:9000
|
||||
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 2Gi
|
||||
WOODPECKER_BACKEND_K8S_NAMESPACE: pipelines
|
||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: openebs-hostpath
|
||||
WOODPECKER_FILTER_LABELS: purpose=kubernetes
|
||||
serviceAccount:
|
||||
create: true
|
||||
rbac:
|
||||
create: true
|
||||
replicaCount: 1
|
Loading…
Reference in New Issue
Block a user