From 8bd91062fbfd379dc45e24419177ad62eef925b7 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Sat, 6 Jul 2024 12:41:19 +1000 Subject: [PATCH] add app renovate --- .../namespaces/namespaces/renovate.yaml | 4 ++ .../ingress-nginx-svc-controller-patch.yaml | 2 +- .../exporters/renovate-exporter.yaml | 68 +++++++++++++++++++ .../renovate/app/deployment.yaml | 66 ++++++++++++++++++ .../infrastructure/renovate/app/ingress.yaml | 31 +++++++++ .../infrastructure/renovate/app/service.yaml | 18 +++++ .../infrastructure/renovate/renovate.yaml | 18 +++++ 7 files changed, 206 insertions(+), 1 deletion(-) create mode 100644 kubernetes/infrastructure/namespaces/namespaces/renovate.yaml create mode 100644 kubernetes/infrastructure/prometheus-exporters/exporters/renovate-exporter.yaml create mode 100644 kubernetes/infrastructure/renovate/app/deployment.yaml create mode 100644 kubernetes/infrastructure/renovate/app/ingress.yaml create mode 100644 kubernetes/infrastructure/renovate/app/service.yaml create mode 100644 kubernetes/infrastructure/renovate/renovate.yaml diff --git a/kubernetes/infrastructure/namespaces/namespaces/renovate.yaml b/kubernetes/infrastructure/namespaces/namespaces/renovate.yaml new file mode 100644 index 0000000..ec7c378 --- /dev/null +++ b/kubernetes/infrastructure/namespaces/namespaces/renovate.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: renovate diff --git a/kubernetes/infrastructure/postgresql/scripts/ingress-nginx-svc-controller-patch.yaml b/kubernetes/infrastructure/postgresql/scripts/ingress-nginx-svc-controller-patch.yaml index 6b57c10..5b20cdb 100644 --- a/kubernetes/infrastructure/postgresql/scripts/ingress-nginx-svc-controller-patch.yaml +++ b/kubernetes/infrastructure/postgresql/scripts/ingress-nginx-svc-controller-patch.yaml @@ -4,7 +4,7 @@ spec: port: 5432 targetPort: 5432 protocol: TCP - - name: postgresql-repl--tcp + - name: postgresql-repl-tcp port: 5433 targetPort: 5433 protocol: TCP \ No newline at end of file diff --git a/kubernetes/infrastructure/prometheus-exporters/exporters/renovate-exporter.yaml b/kubernetes/infrastructure/prometheus-exporters/exporters/renovate-exporter.yaml new file mode 100644 index 0000000..d4b1f03 --- /dev/null +++ b/kubernetes/infrastructure/prometheus-exporters/exporters/renovate-exporter.yaml @@ -0,0 +1,68 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: renovate-exporter + namespace: renovate +spec: + chart: + spec: + chart: prometheus-json-exporter + version: 0.11.0 + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + namespace: flux-system + name: prometheus-community + interval: 1h + driftDetection: + mode: enabled + values: + nameOverride: renovate-exporter + + configuration: + # language=yaml + config: | + modules: + renovate: + http_client_config: + authorization: + credentials_file: /credentials/renovate.txt + + metrics: + - name: renovate_organization_count + valuetype: gauge + path: "{ .app.organizationCount }" + help: The number of organizations known to renovate + + - name: renovate_repository_count + valuetype: gauge + path: "{ .app.repositoryCount }" + help: The number of repositories known to renovate + + - name: renovate_jobs_processed + valuetype: counter + path: "{ .jobs.history.processed }" + help: The number of jobs processed since the instance has started + + - name: renovate_queue_size + valuetype: gauge + path: "{ .jobs.queue.size }" + help: The number of jobs currently in the queue + + additionalVolumes: + - name: renovate-credentials + secret: + secretName: app-vars + additionalVolumeMounts: + - name: renovate-credentials + mountPath: /credentials/renovate.txt + subPath: api_secret + + serviceMonitor: + enabled: true + defaults: + interval: 1m + targets: + - name: renovate + url: http://renovate.renovate.svc.cluster.local:8080/api/status + module: renovate \ No newline at end of file diff --git a/kubernetes/infrastructure/renovate/app/deployment.yaml b/kubernetes/infrastructure/renovate/app/deployment.yaml new file mode 100644 index 0000000..9aca5e3 --- /dev/null +++ b/kubernetes/infrastructure/renovate/app/deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: renovate + namespace: renovate + labels: + app: renovate +spec: + selector: + matchLabels: + app: renovate + template: + metadata: + labels: + app: renovate + spec: + containers: + - name: renovate + image: ghcr.io/mend/renovate-ce:7.4.0-full + ports: + - containerPort: 8080 + env: + - name: MEND_RNV_ACCEPT_TOS + value: y + - name: MEND_RNV_LICENSE_KEY + value: ${renovate_license_key} + - name: MEND_RNV_PLATFORM + value: github + - name: MEND_RNV_GITHUB_APP_ID + value: ${github_app_id} + - name: RNV_GITHUB_PEM_FILE_PATH + value: "/usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem" + - name: MEND_RNV_WEBHOOK_SECRET + value: ${github_app_webhook_secret} + - name: MEND_RNV_ADMIN_API_ENABLED + value: "true" + - name: MEND_RNV_SERVER_API_SECRET + value: ${server_api_secret} + - name: GITHUB_COM_TOKEN + value: ${github_pat} + - name: MEND_RNV_AUTODISCOVER_FILTER + value: "3dwardch3ng/home-cluster-ops" + - name: MEND_RNV_ENQUEUE_JOBS_ON_STARTUP + value: "enabled" + - name: MEND_RNV_LOG_HISTORY_DIR + value: "/logs" + volumeMounts: + - name: renovate-db + mountPath: /db/ + - name: renovate-logs + mountPath: /logs/ + - name: renovate-gh-app-pem + mountPath: /usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem + volumes: + - name: renovate-db + hostPath: + path: /mnt/nfs/AppData/renovate/db + type: Directory + - name: renovate-logs + hostPath: + path: /mnt/nfs/AppData/renovate/logs + type: Directory + - name: renovate-gh-app-pem + hostPath: + path: /mnt/nfs/AppData/renovate/key/rpi5-cluster-renovate.2024-07-05.private-key.pem + type: File \ No newline at end of file diff --git a/kubernetes/infrastructure/renovate/app/ingress.yaml b/kubernetes/infrastructure/renovate/app/ingress.yaml new file mode 100644 index 0000000..fb4d8c6 --- /dev/null +++ b/kubernetes/infrastructure/renovate/app/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: renovate-ingress + namespace: renovate + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "renovate.cluster.local" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: renovate + port: + number: 8899 + - host: "renovate.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: renovate + port: + number: 8899 \ No newline at end of file diff --git a/kubernetes/infrastructure/renovate/app/service.yaml b/kubernetes/infrastructure/renovate/app/service.yaml new file mode 100644 index 0000000..a606603 --- /dev/null +++ b/kubernetes/infrastructure/renovate/app/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: renovate + namespace: renovate + labels: + app.kubernetes.io/name: renovate + app.kubernetes.io/instance: renovate +spec: + type: ClusterIP + ports: + - port: 8899 + targetPort: 8080 + protocol: TCP + name: http + selector: + app.kubernetes.io/name: renovate + app.kubernetes.io/instance: renovate \ No newline at end of file diff --git a/kubernetes/infrastructure/renovate/renovate.yaml b/kubernetes/infrastructure/renovate/renovate.yaml new file mode 100644 index 0000000..4cf2357 --- /dev/null +++ b/kubernetes/infrastructure/renovate/renovate.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: renovate + namespace: renovate +spec: + interval: 10m + timeout: 1m30s + retryInterval: 30s + path: ./kubernetes/infrastructure/renovate/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + dependsOn: + - name: namespaces + namespace: flux-system