K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add infra app renovate

Browse Source
This commit is contained in:
Edward Cheng
2024-07-20 14:01:52 +10:00
parent af9df6761d
commit 09cff5714a
9 changed files with 234 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/homer/base/deployment.yaml
View File

@@ -13,8 +13,6 @@ spec:
metadata: metadata:
labels: labels:
app.kubernetes.io/name: homer app.kubernetes.io/name: homer
rpi5.cluster.policy/egress-world: "true"
rpi5.cluster.policy/ingress-world: "true"
spec: spec:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000

13
infrastructures/renovate/base/configmap.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: renovate-config-js
namespace: renovate
labels:
app.kubernetes.io/name: renovate
data:
config.js: |
module.exports = {
// Enter self-hosted configuration options here.
// https://docs.renovatebot.com/self-hosted-configuration/
}

132
infrastructures/renovate/base/deployment.yaml Normal file
View File

@@ -0,0 +1,132 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: renovate
namespace: renovate
labels:
app.kubernetes.io/name: renovate
spec:
selector:
matchLabels:
app.kubernetes.io/name: renovate
template:
metadata:
labels:
app.kubernetes.io/name: renovate
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: renovate
image: ghcr.io/mend/renovate-ce:7.5.0-full
securityContext:
allowPrivilegeEscalation: false
env:
- name: MEND_RNV_ACCEPT_TOS
value: y
- name: MEND_RNV_LICENSE_KEY
valueFrom:
secretKeyRef:
name: renovate-secrets
key: renovate_license_key
- name: MEND_RNV_PLATFORM
value: github
- name: MEND_RNV_ENDPOINT
value: "https://api.github.com/"
- name: MEND_RNV_DATA_HANDLER_TYPE
value: "postgresql"
- name: PGDATABASE
valueFrom:
secretKeyRef:
name: renovate-secrets
key: db_pg_database
- name: PGUSER
valueFrom:
secretKeyRef:
name: renovate-secrets
key: db_pg_user
- name: PGPORT
value: "5432"
- name: PGHOST
valueFrom:
secretKeyRef:
name: renovate-secrets
key: db_pg_host
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: renovate-secrets
key: db_pg_password
- name: MEND_RNV_GITHUB_APP_ID
value: "938218"
- name: RNV_GITHUB_PEM_FILE_PATH
value: "/usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem"
- name: MEND_RNV_WEBHOOK_SECRET
valueFrom:
secretKeyRef:
name: renovate-secrets
key: github_app_webhook_secret
- name: MEND_RNV_ADMIN_API_ENABLED
value: "true"
- name: MEND_RNV_SERVER_API_SECRET
valueFrom:
secretKeyRef:
name: renovate-secrets
key: server_api_secret
- name: GITHUB_COM_TOKEN
valueFrom:
secretKeyRef:
name: renovate-secrets
key: github_pat
- name: MEND_RNV_AUTODISCOVER_FILTER
value: "3dwardch3ng/home-cluster-ops"
- name: MEND_RNV_ENQUEUE_JOBS_ON_STARTUP
value: "enabled"
- name: MEND_RNV_LOG_HISTORY_DIR
value: "/logs"
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
initialDelaySeconds: 2
httpGet:
path: /health
port: http
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
readinessProbe:
httpGet:
path: /health
port: http
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
volumeMounts:
- name: renovate-config-js-volume
mountPath: /usr/src/app/config.js
subPath: config.js
- name: renovate-cache-volume
mountPath: /tmp/renovate
- name: renovate-logs
mountPath: /logs
- name: renovate-gh-app-pem
mountPath: /usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem
volumes:
- name: renovate-config-js-volume
configMap:
name: renovate-config-js
- name: renovate-cache-volume
emptyDir: {}
- name: renovate-logs
hostPath:
path: /mnt/nfs/AppData/renovate/logs
type: Directory
- name: renovate-gh-app-pem
hostPath:
path: /mnt/nfs/AppData/renovate/key/rpi5-cluster-renovate.2024-07-05.private-key.pem
type: File

6
infrastructures/renovate/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- configmap.yaml
- deployment.yaml
- service.yaml

16
infrastructures/renovate/base/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: renovate
namespace: renovate
labels:
app.kubernetes.io/name: renovate
spec:
type: ClusterIP
ports:
- port: 8899
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: renovate

12
infrastructures/renovate/env/k3s-cluster/config.json vendored Normal file
View File

@@ -0,0 +1,12 @@
{
"appName": "renovate",
"userGivenName": "renovate",
"namespace": "renovate",
"destNamespace": "renovate",
"destServer": "https://kubernetes.default.svc",
"srcPath": "infrastructures/renovate/env/k3s-cluster",
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
"srcTargetRevision": "",
"labels": null,
"annotations": null
}

21
infrastructures/renovate/env/k3s-cluster/ingress.yaml vendored Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: renovate-ingress
namespace: renovate
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
ingressClassName: nginx
rules:
- host: "renovate.cluster.edward.sydney"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: renovate
port:
number: 8899

5
infrastructures/renovate/env/k3s-cluster/kustomization.yaml vendored Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
- ./ingress.yaml

29
resources/app-secrets/env/k3s-cluster/templates/renovate.yaml vendored Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
creationTimestamp: null
name: renovate-secrets
namespace: renovate
spec:
encryptedData:
db_pg_database: AgC9bsUKqidEBZsWZ+VzEegYKbSGmObOej5zUjbeNcPfm3QsfK1JvUII+CAibgDs91c4XYBZ2RYCle/dn/MxgeACNc0uj458cpCFexr/EowaTMi0PIMR9abb23nU4I4onq1QAwVbcakG/WeojdryDDt7azW3096c6yjdcIW28aiaVYnLhK9QljDiD3o2+EsN0XnhJDISDRLZA/LvJ6dBoWQUqErYtUElqm/ClXLvIEcfV13rGq4+mXnAxOSJLCiw8GDgbPhbFVWKngB3JrkerdpHB6UlQLm6lcMgFbTr7ubWTmd01yHcKE/ra0exjAqGP5nLoqFWmxThAueicmOwWeOVN3Gr0pZ+k1vlCHMGqZ2NzwOoQDnhAKb88sSJCR+hLnRgQ2rQ7CrCcJOMrrUojE7XBt3eMFfc57A/pnccgTEpkrrxXzWhOnvNMx2JBECnRFDAh74CHgBVWvXW32lqj2Dqy5bnQBua4yDsnDCKSdirZvb6v2BTYgQH6BDXh2UA6bG7XwSdAmP6tm6p4pxNlfrJdEkH1C7tOF0cYLZgeP+2xPbgdfAreH6+zFL35I991+7ypNG18ZXmn+hFsrOjYB6KO8SIRlptpwW0vxghFWrb5nAkh3oIliz6SMsV0UNWg21MQIiX29we6Np/suWjklgCdIXlsAlGobe1FCbXTMOntiIJFAmLuPbXpHJIXs/CCPXOHloBtmtEMg==
db_pg_host: AgDAfk296c+WQv7uo+EcCfMUjnK6xQMzy1ZLHdxgSVDvOXeDRgJXia5eF2vPJEcHFBO65XUnTiwd+K5b2SIr4iAaStHS/Uy3vTlMM8ospBjq3kgmtHps2xIBEgdJu3Xur/nU+G38uChEs1+asKKMob/J3hWNJ9d3gKMQ1cnL/H8PEiTUw6XXzusiZWqQtzau26xxuC7UIT9+dMiORSnL3TxrqO898lVMfvJPzL4ElTn0sbOrzgPJp1z1y9lx7+TJXl8RnIPL01Ja3geDvAas9zeN6CP+L6WhKEndOxdhi6KIAwRSpuuIAv5QJnS9nPAgFWKxEJn/50WmWCVebmhQujo+98nxQHqPu+/roGgckt06RFrUWurqtttkBza9nES3qhdH871bQYiacPclXc1fy2Jep/8SH1nx7cuB9xxelpNNLi5RhttEcBSTOQCU+WqW7GSp8NGZ5HCWmJJ+Hn1/fMMkUZE85mAADy+WttKaF+sfeXpuXcBBcAYrZXA9P9Qe4C5ObJyoTgwX67N+6+vW06Mr1Co/ldvp0uF+h0wLjby1l/SW6ldziLhJe9Ws1fc0YpUxc5FwwL6VSlJ0PHnPQ14TYLnREzm3fJsJ0JLIxWFgjVWYqlx3A04qg4U06wpq/t3OevNQJuAEZtir2wBJ+NVRBxAuNDQCE24/TsrsshSD/uuKTQY29kSSOF7OQ/54QGCWCEvmQiGAVSUjQFaqXLgoBENToWoU95frvuViKcMa48J81+lfvejq/NBh
db_pg_password: AgArAPYy0EDOnahIFpv8hSQQy4f+3lgfJIHGcdDjKbydYsHKRywJFrBmWjvJxYSCz9ggHQ/zxGCZuaCBSc27dG9id8rYV1g0DQcnJYlbTFLux8rlJrj/cgRggOmRGzTytBv1r8BScJ1I+wJRKiZ5kPLaLPPcn4UGue8QrNDgtohPF8n3AdxijkNaehJlcAc3hhyx/eJgRBf6nvYMfheAF2v3vnOt+GikWhscaYaDN0CS/leajnPFZTJgVufw45a6eKlI/+dVehCzn1O3UW5VK38cVfwuDbB1NfGzhCFKRf2+3Oz9rHAtEJS0U3SjDROlsZqpQcucpWtRrjsUqlyWs5phF2lXou23G+i/mHAUhtGGoNZcaH3/rHSgbcqHSWQye3wqmLhIYVoeq65suQbkXUjebBVcqPxoSqFWFB7UY/FiGCSaVpcQFdeqb5c3tGYxgbG3hBQS7ohmhY6pHJXEYWTIUE2PpRVoRLs27yPooDXjrYrbUfoXrH84HDY1E2P/z2RG3naeOWTt9h7XfsaJJ4tZ0PgwixrMf5eiF8z3gfTvBT1226pdTNtgJRRM74/gMYyRCFSqu8K5YEqCQ2f5w9WogxTVQtHxPVdbzqrPjc2KEw3g8efI26q5KxBY7C1gx1Qur9zexjhdqfzllJRMuouIBCMak9p0dTTq+V6TWeQuS7r70jJKWI6cWDg+fuugC2bbkHKZ/1JuSJHLq2lC+iohfHZZnP1v18U=
db_pg_user: AgDC+jHDrkGWmDggC1TSamAnm94sXqPRKJcuuV6hbfFzkxcqHiCbJ1qLCMpytpDZIg4/qmHHvwTPuThG73QlF/ExGOmdG9lQKEUnKmCgCUr5CSqzTPVlx9ZcmOnpoJ6XKoo5t3860JFHoFVdsnqQgBMN+5ttFxfrqAGToixLqaQeJMtt8kG0BdfefQukFmYr/fIU6OT7te9u09KRLt3g+65TULutS64zD5zAtFjH0It8N2K0TbrPece51oROyMa+FL1YNPVjkaMxb0VyyASH1s+hNfbm6LdLIOzc9zF8CGiiqZkclKi0vv6TwjwJIFx8mtfPz3wOuOzwvsVJxJAQwdpwSxfF6i+vcMJZxc+pFrmsG4YUicom/4JrFM8ZSEC01fbeEA+3XFyC18qkbU95QSxPxuolp5SgMqeY2viT52svyksRCYgHYNPnS1U9VMpEqWo6jR2m3Jv7kkGsdXB1kcBbY4CGa1LDEBL59Np9yyU5//0IhOMJGP72ekqB6PSJtcyTvdTOeRKnzzSf1kppws9xTTzym3td5uLEfmoJ5XmfDQp5oX4+m0Qqn+K0CfZWBWe4yv8EnHhbF3mJBkCDmgqRlCFnLxSn/tpTE1pyVZPc41wzVZnlB74E6C+SnEDP2Icw1vYyYk+XGeOItJgy7C5xDC/ly4NbxxXfK+ku0pQMM/Fi0Hx6S7yOKiWmeAZj9AhMLOPc3/uvGLDM9zri
github_app_webhook_secret: AgDfvVN7ZTppYl4a0eaIPV5VlXvHR+0foUjw7bdapmUAysBXOKOy13loWPgwmkJ7uJwU+gqKazA3NvhU243HMpZmqYl0GfrwsK2nRTLcncdOVgFlmvbqLI7f61jnKY5xlPazbGJRFMjkEwY4Q3GPszc73xmm6JyLtAT4eFSYmqnTXzGhmBo4awCpIcHDq3Vl7rtOEwmpJNs7/q2ADzjh5TSV1OSQkHl6HQuG4la7MiWaDuMS6aJAvmSRVPKSHhgaoT+gcCFBBP/aozojIon6/7+VxcHyaYxg6rOGyO+NRx2YvrPUnDMmjgES/3FPsmfYZICD6aqdsGRlBtqkqfkXxM9ckWez0Mc0xbOXNRWqrTXZjVXPQnbA3079orUpDUOEtkLZu5tlQJx08MIDKOD1n5wWZjv1uL4ENFI20T3iF3Z//k/4t6noil8ov7i4nVgkIWTp+quScQe+Mo2QHg78NIvQqHMNUmx5iIl6va5x1Tr1S8HHmhMT11mzkfttihB3GNFX2qQqhEB6KuR9veGIR+zp8TZkOt2E5JjwbwZVFto4JAR1y88etOjt8UxWJ3LMg7YutdrfzRKmv8kVrtlZPEV4MTVpKAIqivX0gEZZtYaoYDNMrTjsNN4M4di/aqMDIDvzLAIkpn2jdy46vi5FweLaEQnejvgKerOoFMkSHWFXHBpAMu38iIjdajQkjXHVzlvWuA5C956kjOp4+p0B2ANgFGbboQ54SAU=
github_pat: AgAxuzPdsIdAKTDXcUbAyWtMaNzQQH05VV2pPzNtZbDVbRJRxSmEjVVP+4wwPyJ9JUHr5MAAOdslN1H21DWod6F/kYlEtnYM7bxMfEnm6I6MeDbYj0x4P/nZZM9feFEep8ClGlGnovUBYGTQwFCef/aIPvtqXcFzGmsOypVbxpOfJLnRWuknSooM8J2WcJXheOUe1Pif7ykI14yxGR0vwj7HEdBKG3a2AtQDHMdCqQCdCzJPuMmxICaEALmk2zdkphwpzXr+h8+5p3jkH0pLN7b7B6+VXOz9b67EUKgK/s3vtuEAUkAJEfZxuDTcULIqekblst+cwDJP34ZK31nS/lZbZw7BEmlfvsbYEIJ0/H5qORGsfSGunUPdhY1tWZkeUw6AEtQm6zhtlVRXjQajXKB7QWABXG2f4HWzzji9pJTAdSHGsc7iBfA0rAhjkqemHH9vU0wWGJNOxGwYRsaltEYfv86+VMp9BqI4WBJ/8Q22tcfzDBm+NI1iFHNaQS/74uP/z6l3NDo48LAh0bS8oxuV7mK8hZLFofJRyoTlZIfhlIXwVzpJvhhVm/r/EwPUDzb4AAdUOvbCmct50fDx4rsEVmAsRchw/Li9AcXROMojqQJCXNnqGdNEtWRKEEC2e9DjcySl/aMv6ueOvTeSU8BysF+tm9kY4JZyGB455HsRC7JyVDsoRCIdbopHsy2L+wBUdfLjwwjRo0uLvODgHys5mq05b2qwdfBFOqwnS6R+oGaEFhgbWpv9
renovate_license_key: AgBaJ06JDSwHD28vj6Hg8SSGJQB9Y5hssSDRIKnvYxfmuDNSJhmMTtQunXHHfcJwAdQQ84zogeBhbX95KCIeZN2A7o5D/YoKSMdqbg3Wx/G54YKTIBjh/wgA06BNR36JNSLaMYU8iRF2COcSe6jCQqzQ+g7Anw4Iyjr900waMCAJHKRfwQV5RcMliI6sMcuKsDKkq6pmqg9wk452VBJTXTvXc2BlQdkcNIlv0n7EAv3y17Hc70zQX6pyVvnyaHRsBuc3auCWbgEfVc99b2Vlff2ru+lE4kxri7ToyxUzMbhwBzGsi93CIXLTinP8yJjSEXjgt+uss4ySzvDxLbbjkQqhdU1vfLxhdw2ZdSc6U8eVYKrYSctpQY1Bg31/hjny4LXH7pN9Z1GEf2hCU4cDPXXHpwD2di/czqu5APEia49ZmcGLmu/62zaMDnRfHuZ4hRlTEWjfyuu3kD3HBRXTjKLzlergdXxCaLt4tQh7FiaIscPQc3TPxxZrIwzV1bW73HiYoPNZxh0b7d2GqCTW/VQxYpOt1UozDDtgQ832dYh7YXJ0hSDzMy4PHPc6b3gz23V9t7L2xAGkBfJJb1QQdhNApydteXUX9xRFfIXyUKXpb7cbpk5Zw3nB1Fj8leGuPKvNp0nCo/0iMHIv7D4BlQeBsS0ADFT88nyNDdRXTbJZlmNYd+BXqKU9AzHkLPUgoAyBIqLg6dclE53ZRUNTJ5iIQ6dbmCxP462krP0qgu80XjuYiSmXqbF+5lRZ6esNOx7MIc6qj4WnoFlBb63OWg2goySSc0W14y8yf8wt5vrxHZ7Zt8qWE/ZJ1VddbOkEZWQITFYASkhqlYa3x6jRNXuciMRAaUHWRHLiRJv0RusbUxp7da/UR+HNHnu+jrE7QM31ISyyzMYSFgVA2Z/XDKyp+EljlNW98DncZEdMpKvpalT2o1/IlCfwyv9XaMYaQSGdCLDtuNkiJCVRIw6i3Gh9RZMxiXc=
server_api_secret: AgDlmhguOY0KH6IpnTCpzH/HP5ut8PE7cFLOr9iDtoe0fsHKAig0HaFCd3aZximwZnu2aSIL30lnIS/qM/qimADKeLkXX5zNgbyZSmV0RomjUochqQ6VxpUUwbsb6KBvPfuJJ27wnwHt8ZehC0ECXA1f/FIUW4PcKuwK7vdRmyfO2PmVThqFSsDscycnWGyaaObXNBM/uuXD+KziIUtlJbYx9oHot6ofkC10CEmQ9v2WdNDiZPjrnSx1OOkWG6uVw0HE6wOHpbWHw66ox1LDNNMmEGo1Enko/6IpL1gDC7tTBthhyrEvQUxiUSq7XqLO+LBxYAHe5WeEaLObOSgRubLPKIuEz4cPJ3/KbBGfbkq91kRGVYjzPbxugGNCECiaY8wsxReubzVXphnPUEqq758+D5otTy5GuxNxFDcJBzyYzrHLMLTI4kDyD2IMqh3VmL0NsqNCx/nVyLeAOgi2bFtBDtVYPWlmqTWVdBgrjQ5ddIAH9Nz9acB7iex1pn4U4zCoVMPkzD+7mw6sSokKZz7fyNLMpuSpe+LfFyZvdgiho13eaq5CVgjJZW7kX2ne0hnc20YRhnKnKrkRa2N98qCQiX3wiTidStLVXQ1+AIe5vV3mYIZsikZGhQ5cTVIeN1jfu/nLRfZkOaEYwekvbIB3IwvN6P2oj4iokdlQFkTobCg67OIxRTPbScDsPM6yzpySUzqBsERvm542VyYnzOZA1OFW9z92BxE=
template:
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
sealedsecrets.bitnami.com/cluster-wide: "true"
sealedsecrets.bitnami.com/managed: "true"
creationTimestamp: null
name: renovate-secrets
namespace: renovate
type: Opaque