Merge pull request #427 from 3dwardch3ng/infra/renovate

update renovate cc app
2024-07-11 01:59:41 +10:00
parent b6f7b1554f f4db35ba8f
commit c2f3ffdb46
5 changed files with 72 additions and 84 deletions
--- a/kubernetes/infrastructure/renovate/app/deployment.yaml
+++ b/kubernetes/infrastructure/renovate/app/deployment.yaml
@@ -1,66 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: renovate
-  namespace: renovate
-  labels:
-    app: renovate
-spec:
-  selector:
-    matchLabels:
-      app: renovate
-  template:
-    metadata:
-      labels:
-        app: renovate
-    spec:
-      containers:
-        - name: renovate
-          image: ghcr.io/mend/renovate-ce:7.4.0-full
-          ports:
-            - containerPort: 8080
-          env:
-            - name: MEND_RNV_ACCEPT_TOS
-              value: y
-            - name: MEND_RNV_LICENSE_KEY
-              value: ${renovate_license_key}
-            - name: MEND_RNV_PLATFORM
-              value: github
-            - name: MEND_RNV_GITHUB_APP_ID
-              value: "938218"
-            - name: RNV_GITHUB_PEM_FILE_PATH
-              value: "/usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem"
-            - name: MEND_RNV_WEBHOOK_SECRET
-              value: ${github_app_webhook_secret}
-            - name: MEND_RNV_ADMIN_API_ENABLED
-              value: "true"
-            - name: MEND_RNV_SERVER_API_SECRET
-              value: ${server_api_secret}
-            - name: GITHUB_COM_TOKEN
-              value: ${github_pat}
-            - name: MEND_RNV_AUTODISCOVER_FILTER
-              value: "3dwardch3ng/home-cluster-ops"
-            - name: MEND_RNV_ENQUEUE_JOBS_ON_STARTUP
-              value: "enabled"
-            - name: MEND_RNV_LOG_HISTORY_DIR
-              value: "/logs"
-          volumeMounts:
-            - name: renovate-db
-              mountPath: /db/
-            - name: renovate-logs
-              mountPath: /logs/
-            - name: renovate-gh-app-pem
-              mountPath: /usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem
-      volumes:
-        - name: renovate-db
-          hostPath:
-            path: /mnt/nfs/AppData/renovate/db
-            type: Directory
-        - name: renovate-logs
-          hostPath:
-            path: /mnt/nfs/AppData/renovate/logs
-            type: Directory
-        - name: renovate-gh-app-pem
-          hostPath:
-            path: /mnt/nfs/AppData/renovate/key/rpi5-cluster-renovate.2024-07-05.private-key.pem
-            type: File
--- a/kubernetes/infrastructure/renovate/app/release.yaml
+++ b/kubernetes/infrastructure/renovate/app/release.yaml
@@ -0,0 +1,62 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: renovate
+  namespace: renovate
+spec:
+  releaseName: renovate
+  chart:
+    spec:
+      chart: mend-renovate-ce
+      sourceRef:
+        kind: HelmRepository
+        name: mend-renovate-cc-ee
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    renovate:
+      mendRnvAcceptTos: y
+      mendRnvLicenseKey: ${renovate_license_key}
+      mendRnvPlatform: github
+      mendRnvEndpoint: "https://api.github.com/"
+      mendRnvGithubAppId: "938218"
+      mendRnvGithubAppKey: "/usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem"
+      mendRnvAdminApiEnabled: "true"
+      mendRnvServerApiSecret: ${server_api_secret}
+      mendRnvWebhookSecret: ${github_app_webhook_secret}
+      githubComToken: ${github_pat}
+      mendRnvAutoDiscoverFilter: "3dwardch3ng/home-cluster-ops"
+      mendRnvEnqueueJobsOnStartup: "enabled"
+      mendRnvLogHistoryDir: "/logs"
+    postgresql:
+      enabled: true
+      host: ${db_pg_host}
+      port: 5432
+      database: ${db_pg_database}
+      user: ${db_pg_user}
+      password: ${db_pg_password}
+    service:
+      type: ClusterIP
+      port: 8099
+    podSecurityContext:
+      fsGroup: 1000
+    containerSecurityContext:
+      runAsUser: 1000
+      runAsGroup: 1000
+    extraVolumes:
+      - name: renovate-logs
+        hostPath:
+          path: /mnt/nfs/AppData/renovate/logs
+          type: Directory
+      - name: renovate-gh-app-pem
+        hostPath:
+          path: /mnt/nfs/AppData/renovate/key/rpi5-cluster-renovate.2024-07-05.private-key.pem
+          type: File
+    extraVolumeMounts:
+      - name: renovate-logs
+        mountPath: /logs
+      - name: renovate-gh-app-pem
+        mountPath: /usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem
--- a/kubernetes/infrastructure/renovate/app/service.yaml
+++ b/kubernetes/infrastructure/renovate/app/service.yaml
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: renovate
-  namespace: renovate
-  labels:
-    app.kubernetes.io/name: renovate
-    app.kubernetes.io/instance: renovate
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8899
-      targetPort: 8080
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: renovate
-    app.kubernetes.io/instance: renovate
--- a/kubernetes/infrastructure/renovate/renovate.yaml
+++ b/kubernetes/infrastructure/renovate/renovate.yaml
@@ -40,6 +40,8 @@ spec:
  dependsOn:
    - name: namespaces
      namespace: flux-system
+    - name: repositories
+      namespace: flux-system
    - name: renovate-secrets
      namespace: flux-system
    - name: local-path-provisioner
--- a/kubernetes/infrastructure/repositories/repos/mend-renovate-cc-ee.yaml
+++ b/kubernetes/infrastructure/repositories/repos/mend-renovate-cc-ee.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: mend-renovate-cc-ee
+  namespace: flux-system
+spec:
+  interval: 6h
+  url: https://mend.github.io/renovate-ce-ee